135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#734 Multiple TACACS+/RADIUS servers now supported

Browse Source
This commit is contained in:
Oliver Gorwits
2020-07-10 22:18:29 +01:00
parent b6465abe66
commit 31fc6e1ee5
4 changed files with 49 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Changes
View File

@@ -1,3 +1,9 @@
2.046001 - 2020-07-10
[ENHANCEMENTS]
* #734 Multiple TACACS+/RADIUS servers now supported
2.046000 - 2020-07-08 2.046000 - 2020-07-08
[ENHANCEMENTS] [ENHANCEMENTS]

36
lib/App/Netdisco/Configuration.pm
View File

@@ -151,6 +151,42 @@ else {
config->{'domain_suffix'} = qr//; config->{'domain_suffix'} = qr//;
} }
# convert radius and tacacs from single to lists
if (ref {} eq ref setting('radius')
and exists setting('radius')->{'secret'}) {
my $servers = (ref [] eq ref setting('radius')->{'server'}
? setting('radius')->{'server'} : [setting('radius')->{'server'}]);
config->{'radius'} = [
Secret => setting('radius')->{'secret'},
NodeList => $servers,
];
}
if (ref {} eq ref setting('tacacs')
and exists setting('tacacs')->{'key'}) {
config->{'tacacs'} = [
Host => setting('tacacs')->{'server'},
Key => setting('tacacs')->{'key'} || setting('tacacs')->{'secret'},
Port => (setting('tacacs')->{'port'} || 'tacacs'),
Timeout => (setting('tacacs')->{'timeout'} || 15),
];
}
elsif (ref [] eq ref setting('tacacs')) {
my @newservers = ();
foreach my $server (@{ setting('tacacs') }) {
push @newservers, [
Host => $server->{'server'},
Key => $server->{'key'} || $server->{'secret'},
Port => ($server->{'port'} || 'tacacs'),
Timeout => ($server->{'timeout'} || 15),
];
}
config->{'tacacs'} = [ @newservers ];
}
# support unordered dictionary as if it were a single item list # support unordered dictionary as if it were a single item list
if (ref {} eq ref setting('device_identity')) { if (ref {} eq ref setting('device_identity')) {
config->{'device_identity'} = [ setting('device_identity') ]; config->{'device_identity'} = [ setting('device_identity') ];

8
lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
View File

@@ -234,10 +234,10 @@ sub _ldap_search {
sub match_with_radius { sub match_with_radius {
my($self, $pass, $user) = @_; my($self, $pass, $user) = @_;
return unless setting('radius') and ref {} eq ref setting('radius'); return unless setting('radius') and ref [] eq ref setting('radius');
my $conf = setting('radius'); my $conf = setting('radius');
my $radius = Authen::Radius->new(Host => $conf->{server}, Secret => $conf->{secret}); my $radius = Authen::Radius->new(@$conf);
# my $dict_dir = Path::Class::Dir->new( dist_dir('App-Netdisco') ) # my $dict_dir = Path::Class::Dir->new( dist_dir('App-Netdisco') )
#  ->subdir('radius_dictionaries')->stringify; #  ->subdir('radius_dictionaries')->stringify;
Authen::Radius->load_dictionary(); # put $dict_dir in here once it's useful Authen::Radius->load_dictionary(); # put $dict_dir in here once it's useful
@@ -258,10 +258,10 @@ sub match_with_radius {
sub match_with_tacacs { sub match_with_tacacs {
my($self, $pass, $user) = @_; my($self, $pass, $user) = @_;
return unless setting('tacacs') and ref {} eq ref setting('tacacs'); return unless setting('tacacs') and ref [] eq ref setting('tacacs');
my $conf = setting('tacacs'); my $conf = setting('tacacs');
my $tacacs = new Authen::TacacsPlus(Host => $conf->{server}, Key => $conf->{key}); my $tacacs = new Authen::TacacsPlus(@$conf);
if (not $tacacs) { if (not $tacacs) {
debug sprintf('auth error: Authen::TacacsPlus: %s', Authen::TacacsPlus::errmsg()); debug sprintf('auth error: Authen::TacacsPlus: %s', Authen::TacacsPlus::errmsg());
return undef; return undef;

4
share/config.yml
View File

@@ -29,7 +29,9 @@ navbar_autocomplete: true
trust_remote_user: false trust_remote_user: false
trust_x_remote_user: false trust_x_remote_user: false
api_token_lifetime: 3600 api_token_lifetime: 3600
#ldap: tacacs: {}
radius: {}
ldap: {}
# servers: [] # servers: []
# user_string: 'MYDOMAIN\%USER%' # user_string: 'MYDOMAIN\%USER%'
# base: "" # base: ""