Oliver Gorwits
GitHub
@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
|
||||
);
|
||||
|
||||
our # try to hide from kwalitee
|
||||
$VERSION = 60; # schema version used for upgrades, keep as integer
|
||||
$VERSION = 61; # schema version used for upgrades, keep as integer
|
||||
|
||||
use Path::Class;
|
||||
use File::ShareDir 'dist_dir';
|
||||
|
||||
@@ -31,6 +31,8 @@ __PACKAGE__->add_columns(
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"radius",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"tacacs",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"admin",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"fullname",
|
||||
|
||||
@@ -23,6 +23,9 @@ __PACKAGE__->result_source_instance->view_definition(<<ENDSQL
|
||||
SELECT username, 'radius' AS role FROM users
|
||||
WHERE radius
|
||||
UNION
|
||||
SELECT username, 'tacacs' AS role FROM users
|
||||
WHERE tacacs
|
||||
UNION
|
||||
SELECT username, 'api' AS role FROM users
|
||||
WHERE token IS NOT NULL AND token_from IS NOT NULL
|
||||
ENDSQL
|
||||
|
||||
@@ -14,6 +14,7 @@ use Dancer::Plugin::Passphrase;
|
||||
use Digest::MD5;
|
||||
use Net::LDAP;
|
||||
use Authen::Radius;
|
||||
use Authen::TacacsPlus;
|
||||
use Try::Tiny;
|
||||
|
||||
sub authenticate_user {
|
||||
@@ -113,6 +114,9 @@ sub match_password {
|
||||
elsif ($user->radius) {
|
||||
$pwmatch_result = $self->match_with_radius($password, $username);
|
||||
}
|
||||
elsif ($user->tacacs) {
|
||||
$pwmatch_result = $self->match_with_tacacs($password, $username);
|
||||
}
|
||||
else {
|
||||
$pwmatch_result = $self->match_with_local_pass($password, $user);
|
||||
}
|
||||
@@ -251,4 +255,24 @@ sub match_with_radius {
|
||||
return $radius_return;
|
||||
}
|
||||
|
||||
sub match_with_tacacs {
|
||||
my($self, $pass, $user) = @_;
|
||||
return unless setting('tacacs') and ref {} eq ref setting('tacacs');
|
||||
|
||||
my $conf = setting('tacacs');
|
||||
my $tacacs = new Authen::TacacsPlus(Host => $conf->{server}, Key => $conf->{key});
|
||||
if (not $tacacs) {
|
||||
debug sprintf('auth error: Authen::TacacsPlus: %s', Authen::TacacsPlus::errmsg());
|
||||
return undef;
|
||||
}
|
||||
|
||||
my $tacacs_return = $tacacs->authen($user,$pass);
|
||||
if (not $tacacs_return) {
|
||||
debug sprintf('error: Authen::TacacsPlus: %s', Authen::TacacsPlus::errmsg());
|
||||
}
|
||||
$tacacs->close();
|
||||
|
||||
return $tacacs_return;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
@@ -42,6 +42,7 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
|
||||
fullname => param('fullname'),
|
||||
ldap => (param('ldap') ? \'true' : \'false'),
|
||||
radius => (param('radius') ? \'true' : \'false'),
|
||||
tacacs => (param('tacacs') ? \'true' : \'false'),
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
@@ -73,6 +74,7 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
|
||||
fullname => param('fullname'),
|
||||
ldap => (param('ldap') ? \'true' : \'false'),
|
||||
radius => (param('radius') ? \'true' : \'false'),
|
||||
tacacs => (param('tacacs') ? \'true' : \'false'),
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
|
||||
Reference in New Issue
Block a user