improvements to radius patch
This commit is contained in:
Oliver Gorwits
1
Build.PL
1
Build.PL
@@ -26,6 +26,7 @@ Module::Build->new(
|
|||||||
'App::cpanminus' => '1.6108',
|
'App::cpanminus' => '1.6108',
|
||||||
'App::local::lib::helper' => '0.07',
|
'App::local::lib::helper' => '0.07',
|
||||||
'Archive::Extract' => '0',
|
'Archive::Extract' => '0',
|
||||||
|
'Authen::Radius' => '0',
|
||||||
'CGI::Expand' => '2.05',
|
'CGI::Expand' => '2.05',
|
||||||
'Data::Printer' => '0',
|
'Data::Printer' => '0',
|
||||||
'DBD::Pg' => '0',
|
'DBD::Pg' => '0',
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
|
|||||||
);
|
);
|
||||||
|
|
||||||
our # try to hide from kwalitee
|
our # try to hide from kwalitee
|
||||||
$VERSION = 58; # schema version used for upgrades, keep as integer
|
$VERSION = 59; # schema version used for upgrades, keep as integer
|
||||||
|
|
||||||
use Path::Class;
|
use Path::Class;
|
||||||
use File::ShareDir 'dist_dir';
|
use File::ShareDir 'dist_dir';
|
||||||
|
|||||||
@@ -29,6 +29,8 @@ __PACKAGE__->add_columns(
|
|||||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||||
"ldap",
|
"ldap",
|
||||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||||
|
"radius",
|
||||||
|
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||||
"admin",
|
"admin",
|
||||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||||
"fullname",
|
"fullname",
|
||||||
|
|||||||
@@ -20,6 +20,9 @@ __PACKAGE__->result_source_instance->view_definition(<<ENDSQL
|
|||||||
SELECT username, 'ldap' AS role FROM users
|
SELECT username, 'ldap' AS role FROM users
|
||||||
WHERE ldap
|
WHERE ldap
|
||||||
UNION
|
UNION
|
||||||
|
SELECT username, 'radius' AS role FROM users
|
||||||
|
WHERE radius
|
||||||
|
UNION
|
||||||
SELECT username, 'api' AS role FROM users
|
SELECT username, 'api' AS role FROM users
|
||||||
WHERE token IS NOT NULL AND token_from IS NOT NULL
|
WHERE token IS NOT NULL AND token_from IS NOT NULL
|
||||||
ENDSQL
|
ENDSQL
|
||||||
|
|||||||
@@ -13,12 +13,9 @@ use Dancer::Plugin::DBIC;
|
|||||||
use Dancer::Plugin::Passphrase;
|
use Dancer::Plugin::Passphrase;
|
||||||
use Digest::MD5;
|
use Digest::MD5;
|
||||||
use Net::LDAP;
|
use Net::LDAP;
|
||||||
|
use Authen::Radius;
|
||||||
use Try::Tiny;
|
use Try::Tiny;
|
||||||
|
|
||||||
if (setting('radius') and ref {} eq ref setting('radius')) {
|
|
||||||
use Authen::Radius;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub authenticate_user {
|
sub authenticate_user {
|
||||||
my ($self, $username, $password) = @_;
|
my ($self, $username, $password) = @_;
|
||||||
return unless defined $username;
|
return unless defined $username;
|
||||||
@@ -107,21 +104,20 @@ sub match_password {
|
|||||||
my $settings = $self->realm_settings;
|
my $settings = $self->realm_settings;
|
||||||
my $username_column = $settings->{users_username_column} || 'username';
|
my $username_column = $settings->{users_username_column} || 'username';
|
||||||
|
|
||||||
# return $user->ldap
|
my $pwmatch_result = 0;
|
||||||
# ? $self->match_with_ldap($password, $user->$username_column)
|
|
||||||
# : $self->match_with_local_pass($password, $user);
|
|
||||||
my $pwmatch_result=0;
|
|
||||||
my $username = $user->$username_column;
|
my $username = $user->$username_column;
|
||||||
|
|
||||||
if ($user->ldap) {
|
if ($user->ldap) {
|
||||||
$pwmatch_result = $self->match_with_ldap($password, $user->$username_column);
|
$pwmatch_result = $self->match_with_ldap($password, $username);
|
||||||
} else {
|
}
|
||||||
if ( setting('radius') and ref {} eq ref setting('radius') ) {
|
elsif ($user->raidus) {
|
||||||
$pwmatch_result = ( $self->match_with_radius($password, $username) || $self->match_with_local_pass($password, $user) );
|
$pwmatch_result = $self->match_with_radius($password, $username);
|
||||||
} else {
|
}
|
||||||
$pwmatch_result = $self->match_with_local_pass($password, $user);
|
else {
|
||||||
}
|
$pwmatch_result = $self->match_with_local_pass($password, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $pwmatch_result;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub match_with_local_pass {
|
sub match_with_local_pass {
|
||||||
@@ -230,21 +226,27 @@ sub _ldap_search {
|
|||||||
|
|
||||||
return undef;
|
return undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub match_with_radius {
|
sub match_with_radius {
|
||||||
my($self, $pass, $user) = @_;
|
my($self, $pass, $user) = @_;
|
||||||
return unless setting('radius') and ref {} eq ref setting('radius');
|
return unless setting('radius') and ref {} eq ref setting('radius');
|
||||||
my $conf = setting('radius');
|
|
||||||
my $radius = new Authen::Radius(Host => $conf->{server}, Secret => $conf->{secret});
|
my $conf = setting('radius');
|
||||||
Authen::Radius->load_dictionary();
|
my $radius = Authen::Radius->new(Host => $conf->{server}, Secret => $conf->{secret});
|
||||||
$radius->add_attributes(
|
Authen::Radius->load_dictionary();
|
||||||
{ Name=> 'User-Name', Value => $user },
|
|
||||||
{ Name=> 'User-Password', Value => $pass },
|
$radius->add_attributes(
|
||||||
{ Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
|
{ Name => 'User-Name', Value => $user },
|
||||||
{ Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
|
{ Name => 'User-Password', Value => $pass },
|
||||||
);
|
{ Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
|
||||||
$radius->send_packet(ACCESS_REQUEST);
|
{ Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
|
||||||
my $type = $radius->recv_packet();
|
);
|
||||||
my $radius_return = ($type eq ACCESS_ACCEPT)?1:0;
|
$radius->send_packet(ACCESS_REQUEST);
|
||||||
return $radius_return;
|
|
||||||
|
my $type = $radius->recv_packet();
|
||||||
|
my $radius_return = ($type eq ACCESS_ACCEPT) ? 1 : 0;
|
||||||
|
|
||||||
|
return $radius_return;
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
|
|||||||
password => _make_password(param('password')),
|
password => _make_password(param('password')),
|
||||||
fullname => param('fullname'),
|
fullname => param('fullname'),
|
||||||
ldap => (param('ldap') ? \'true' : \'false'),
|
ldap => (param('ldap') ? \'true' : \'false'),
|
||||||
|
radius => (param('radius') ? \'true' : \'false'),
|
||||||
port_control => (param('port_control') ? \'true' : \'false'),
|
port_control => (param('port_control') ? \'true' : \'false'),
|
||||||
admin => (param('admin') ? \'true' : \'false'),
|
admin => (param('admin') ? \'true' : \'false'),
|
||||||
note => param('note'),
|
note => param('note'),
|
||||||
@@ -71,6 +72,7 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
|
|||||||
: ()),
|
: ()),
|
||||||
fullname => param('fullname'),
|
fullname => param('fullname'),
|
||||||
ldap => (param('ldap') ? \'true' : \'false'),
|
ldap => (param('ldap') ? \'true' : \'false'),
|
||||||
|
radius => (param('radius') ? \'true' : \'false'),
|
||||||
port_control => (param('port_control') ? \'true' : \'false'),
|
port_control => (param('port_control') ? \'true' : \'false'),
|
||||||
admin => (param('admin') ? \'true' : \'false'),
|
admin => (param('admin') ? \'true' : \'false'),
|
||||||
note => param('note'),
|
note => param('note'),
|
||||||
|
|||||||
@@ -0,0 +1,7 @@
|
|||||||
|
BEGIN;
|
||||||
|
|
||||||
|
ALTER TABLE users ADD radius boolean;
|
||||||
|
|
||||||
|
ALTER TABLE users ALTER radius SET DEFAULT false;
|
||||||
|
|
||||||
|
COMMIT;
|
||||||
@@ -5,6 +5,7 @@
|
|||||||
<th class="nd_center-cell">Username</th>
|
<th class="nd_center-cell">Username</th>
|
||||||
<th class="nd_center-cell">Password</th>
|
<th class="nd_center-cell">Password</th>
|
||||||
<th class="nd_center-cell">LDAP Auth</th>
|
<th class="nd_center-cell">LDAP Auth</th>
|
||||||
|
<th class="nd_center-cell">RADIUS Auth</th>
|
||||||
<th class="nd_center-cell">Port Control</th>
|
<th class="nd_center-cell">Port Control</th>
|
||||||
<th class="nd_center-cell">Administrator</th>
|
<th class="nd_center-cell">Administrator</th>
|
||||||
<th class="nd_center-cell">Created</th>
|
<th class="nd_center-cell">Created</th>
|
||||||
@@ -19,6 +20,7 @@
|
|||||||
<td class="nd_center-cell"><input data-form="add" name="username" type="text"></td>
|
<td class="nd_center-cell"><input data-form="add" name="username" type="text"></td>
|
||||||
<td class="nd_center-cell"><input data-form="add" name="password" type="password"></td>
|
<td class="nd_center-cell"><input data-form="add" name="password" type="password"></td>
|
||||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="ldap"></td>
|
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="ldap"></td>
|
||||||
|
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="radius"></td>
|
||||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="port_control"></td>
|
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="port_control"></td>
|
||||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="admin"></td>
|
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="admin"></td>
|
||||||
<td class="nd_center-cell"></td>
|
<td class="nd_center-cell"></td>
|
||||||
@@ -45,6 +47,9 @@
|
|||||||
<td class="nd_center-cell">
|
<td class="nd_center-cell">
|
||||||
<input data-form="update" name="ldap" type="checkbox" [% ' checked="checked"' IF row.ldap %]>
|
<input data-form="update" name="ldap" type="checkbox" [% ' checked="checked"' IF row.ldap %]>
|
||||||
</td>
|
</td>
|
||||||
|
<td class="nd_center-cell">
|
||||||
|
<input data-form="update" name="radius" type="checkbox" [% ' checked="checked"' IF row.radius %]>
|
||||||
|
</td>
|
||||||
<td class="nd_center-cell">
|
<td class="nd_center-cell">
|
||||||
<input data-form="update" name="port_control" type="checkbox" [% ' checked="checked"' IF row.port_control %]>
|
<input data-form="update" name="port_control" type="checkbox" [% ' checked="checked"' IF row.port_control %]>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[% USE CSV -%]
|
[% USE CSV -%]
|
||||||
[% CSV.dump([ 'Full Name' 'Username'
|
[% CSV.dump([ 'Full Name' 'Username'
|
||||||
'LDAP Auth' 'Port Control' 'Administrator' 'Created'
|
'LDAP Auth' 'RADIUS Auth' 'Port Control' 'Administrator' 'Created'
|
||||||
'Last Login' 'Note']) %]
|
'Last Login' 'Note']) %]
|
||||||
|
|
||||||
[% FOREACH row IN results %]
|
[% FOREACH row IN results %]
|
||||||
@@ -8,6 +8,7 @@
|
|||||||
[% mylist.push(row.fullname) %]
|
[% mylist.push(row.fullname) %]
|
||||||
[% mylist.push(row.username) %]
|
[% mylist.push(row.username) %]
|
||||||
[% mylist.push(row.ldap) %]
|
[% mylist.push(row.ldap) %]
|
||||||
|
[% mylist.push(row.radius) %]
|
||||||
[% mylist.push(row.port_control) %]
|
[% mylist.push(row.port_control) %]
|
||||||
[% mylist.push(row.admin) %]
|
[% mylist.push(row.admin) %]
|
||||||
[% mylist.push(row.created) %]
|
[% mylist.push(row.created) %]
|
||||||
|
|||||||
@@ -181,7 +181,7 @@
|
|||||||
[% session.logged_in_fullname || session.logged_in_user | html_entity %] <b class="caret"></b>
|
[% session.logged_in_fullname || session.logged_in_user | html_entity %] <b class="caret"></b>
|
||||||
</a>
|
</a>
|
||||||
<ul class="dropdown-menu">
|
<ul class="dropdown-menu">
|
||||||
[% IF NOT user_has_role('ldap') %]
|
[% IF NOT ( user_has_role('ldap') OR user_has_role('radius') ) %]
|
||||||
<li><a href="[% uri_for('/password') %]">Change Password</a></li>
|
<li><a href="[% uri_for('/password') %]">Change Password</a></li>
|
||||||
[% END %]
|
[% END %]
|
||||||
[% IF NOT settings.no_auth %]
|
[% IF NOT settings.no_auth %]
|
||||||
|
|||||||
Reference in New Issue
Block a user