authenticate_filaire.py 2.78 KB
Newer Older
Gabriel Detraz's avatar
Gabriel Detraz committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
import os, sys

proj_path = "/var/www/re2o/"
# This is so Django knows where to find stuff.
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "re2o.settings")
sys.path.append(proj_path)

# This is so my local_settings.py gets loaded.
os.chdir(proj_path)

# This is so models get loaded.
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

import argparse

Gabriel Detraz's avatar
Gabriel Detraz committed
17 18
from django.db.models import Q
from machines.models import Interface, IpList, Domain
Gabriel Detraz's avatar
Gabriel Detraz committed
19 20 21 22 23 24 25 26
from topologie.models import Room, Port, Switch
from users.models import User

from re2o.settings import RADIUS_VLAN_DECISION

VLAN_NOK = RADIUS_VLAN_DECISION['VLAN_NOK']
VLAN_OK = RADIUS_VLAN_DECISION['VLAN_OK']

Gabriel Detraz's avatar
Gabriel Detraz committed
27
def decide_vlan(switch_id, port_number, mac_address):
28
    # Get port from switch and port number
Gabriel Detraz's avatar
Gabriel Detraz committed
29
    switch = Switch.objects.filter(switch_interface=Interface.objects.filter(Q(ipv4=IpList.objects.filter(ipv4=switch_id)) | Q(domain=Domain.objects.filter(name=switch_id))))
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
    if not switch:
        return ('?', 'Switch inconnu', VLAN_OK)

    sw_name = str(switch[0].switch_interface)

    port = Port.objects.filter(switch=switch[0], port=port_number)
    if not port:
        return (sw_name, 'Port inconnu', VLAN_OK)

    port = port[0]

    if port.radius == 'NO':
        return (sw_name, "Pas d'authentification sur ce port", VLAN_OK)

    if port.radius == 'BLOQ':
        return (sw_name, 'Port desactive', VLAN_NOK)

    if port.radius == 'STRICT':
        if not port.room:
            return (sw_name, 'Chambre inconnue', VLAN_NOK)

        room_user = User.objects.filter(room=Room.objects.filter(name=port.room))
        if not room_user:
            return (sw_name, 'Chambre non cotisante', VLAN_NOK)
        elif not room_user[0].has_access():
            return (sw_name, 'Chambre resident desactive', VLAN_NOK)
        # else: user OK, on passe à la verif MAC

    if port.radius == 'COMMON' or port.radius == 'STRICT':
        # Authentification par mac
        interface = Interface.objects.filter(mac_address=mac_address)
        if not interface:
            return (sw_name, 'Machine inconnue', VLAN_NOK)
        elif not interface[0].is_active():
            return (sw_name, 'Machine non active / adherent non cotisant', VLAN_NOK)
Gabriel Detraz's avatar
Gabriel Detraz committed
65
        else:
66 67 68 69 70
            return (sw_name, 'Machine OK', VLAN_OK)

    # On gere bien tous les autres états possibles, il ne reste que le VLAN en dur
    return (sw_name, 'VLAN impose', int(port.radius))

Gabriel Detraz's avatar
Gabriel Detraz committed
71 72 73

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Decide radius vlan attribution')
Gabriel Detraz's avatar
Gabriel Detraz committed
74
    parser.add_argument('switch_id', action="store")
Gabriel Detraz's avatar
Gabriel Detraz committed
75 76 77
    parser.add_argument('port_number', action="store", type=int)
    parser.add_argument('mac_address', action="store")
    args = parser.parse_args()
Gabriel Detraz's avatar
Gabriel Detraz committed
78
    print(decide_vlan(args.switch_id, args.port_number, args.mac_address))
Gabriel Detraz's avatar
Gabriel Detraz committed
79