improvements to radius patch
This commit is contained in:
Oliver Gorwits
1
Build.PL
1
Build.PL
@@ -26,6 +26,7 @@ Module::Build->new(
|
||||
'App::cpanminus' => '1.6108',
|
||||
'App::local::lib::helper' => '0.07',
|
||||
'Archive::Extract' => '0',
|
||||
'Authen::Radius' => '0',
|
||||
'CGI::Expand' => '2.05',
|
||||
'Data::Printer' => '0',
|
||||
'DBD::Pg' => '0',
|
||||
|
||||
@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
|
||||
);
|
||||
|
||||
our # try to hide from kwalitee
|
||||
$VERSION = 58; # schema version used for upgrades, keep as integer
|
||||
$VERSION = 59; # schema version used for upgrades, keep as integer
|
||||
|
||||
use Path::Class;
|
||||
use File::ShareDir 'dist_dir';
|
||||
|
||||
@@ -29,6 +29,8 @@ __PACKAGE__->add_columns(
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"ldap",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"radius",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"admin",
|
||||
{ data_type => "boolean", default_value => \"false", is_nullable => 1 },
|
||||
"fullname",
|
||||
|
||||
@@ -20,6 +20,9 @@ __PACKAGE__->result_source_instance->view_definition(<<ENDSQL
|
||||
SELECT username, 'ldap' AS role FROM users
|
||||
WHERE ldap
|
||||
UNION
|
||||
SELECT username, 'radius' AS role FROM users
|
||||
WHERE radius
|
||||
UNION
|
||||
SELECT username, 'api' AS role FROM users
|
||||
WHERE token IS NOT NULL AND token_from IS NOT NULL
|
||||
ENDSQL
|
||||
|
||||
@@ -13,11 +13,8 @@ use Dancer::Plugin::DBIC;
|
||||
use Dancer::Plugin::Passphrase;
|
||||
use Digest::MD5;
|
||||
use Net::LDAP;
|
||||
use Try::Tiny;
|
||||
|
||||
if (setting('radius') and ref {} eq ref setting('radius')) {
|
||||
use Authen::Radius;
|
||||
}
|
||||
use Try::Tiny;
|
||||
|
||||
sub authenticate_user {
|
||||
my ($self, $username, $password) = @_;
|
||||
@@ -107,21 +104,20 @@ sub match_password {
|
||||
my $settings = $self->realm_settings;
|
||||
my $username_column = $settings->{users_username_column} || 'username';
|
||||
|
||||
# return $user->ldap
|
||||
# ? $self->match_with_ldap($password, $user->$username_column)
|
||||
# : $self->match_with_local_pass($password, $user);
|
||||
my $pwmatch_result = 0;
|
||||
my $username = $user->$username_column;
|
||||
|
||||
if ($user->ldap) {
|
||||
$pwmatch_result = $self->match_with_ldap($password, $user->$username_column);
|
||||
} else {
|
||||
if ( setting('radius') and ref {} eq ref setting('radius') ) {
|
||||
$pwmatch_result = ( $self->match_with_radius($password, $username) || $self->match_with_local_pass($password, $user) );
|
||||
} else {
|
||||
$pwmatch_result = $self->match_with_ldap($password, $username);
|
||||
}
|
||||
elsif ($user->raidus) {
|
||||
$pwmatch_result = $self->match_with_radius($password, $username);
|
||||
}
|
||||
else {
|
||||
$pwmatch_result = $self->match_with_local_pass($password, $user);
|
||||
}
|
||||
}
|
||||
|
||||
return $pwmatch_result;
|
||||
}
|
||||
|
||||
sub match_with_local_pass {
|
||||
@@ -230,12 +226,15 @@ sub _ldap_search {
|
||||
|
||||
return undef;
|
||||
}
|
||||
|
||||
sub match_with_radius {
|
||||
my($self, $pass, $user) = @_;
|
||||
return unless setting('radius') and ref {} eq ref setting('radius');
|
||||
|
||||
my $conf = setting('radius');
|
||||
my $radius = new Authen::Radius(Host => $conf->{server}, Secret => $conf->{secret});
|
||||
my $radius = Authen::Radius->new(Host => $conf->{server}, Secret => $conf->{secret});
|
||||
Authen::Radius->load_dictionary();
|
||||
|
||||
$radius->add_attributes(
|
||||
{ Name => 'User-Name', Value => $user },
|
||||
{ Name => 'User-Password', Value => $pass },
|
||||
@@ -243,8 +242,11 @@ sub match_with_radius {
|
||||
{ Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
|
||||
);
|
||||
$radius->send_packet(ACCESS_REQUEST);
|
||||
|
||||
my $type = $radius->recv_packet();
|
||||
my $radius_return = ($type eq ACCESS_ACCEPT) ? 1 : 0;
|
||||
|
||||
return $radius_return;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
@@ -41,6 +41,7 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
|
||||
password => _make_password(param('password')),
|
||||
fullname => param('fullname'),
|
||||
ldap => (param('ldap') ? \'true' : \'false'),
|
||||
radius => (param('radius') ? \'true' : \'false'),
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
@@ -71,6 +72,7 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
|
||||
: ()),
|
||||
fullname => param('fullname'),
|
||||
ldap => (param('ldap') ? \'true' : \'false'),
|
||||
radius => (param('radius') ? \'true' : \'false'),
|
||||
port_control => (param('port_control') ? \'true' : \'false'),
|
||||
admin => (param('admin') ? \'true' : \'false'),
|
||||
note => param('note'),
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
BEGIN;
|
||||
|
||||
ALTER TABLE users ADD radius boolean;
|
||||
|
||||
ALTER TABLE users ALTER radius SET DEFAULT false;
|
||||
|
||||
COMMIT;
|
||||
@@ -5,6 +5,7 @@
|
||||
<th class="nd_center-cell">Username</th>
|
||||
<th class="nd_center-cell">Password</th>
|
||||
<th class="nd_center-cell">LDAP Auth</th>
|
||||
<th class="nd_center-cell">RADIUS Auth</th>
|
||||
<th class="nd_center-cell">Port Control</th>
|
||||
<th class="nd_center-cell">Administrator</th>
|
||||
<th class="nd_center-cell">Created</th>
|
||||
@@ -19,6 +20,7 @@
|
||||
<td class="nd_center-cell"><input data-form="add" name="username" type="text"></td>
|
||||
<td class="nd_center-cell"><input data-form="add" name="password" type="password"></td>
|
||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="ldap"></td>
|
||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="radius"></td>
|
||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="port_control"></td>
|
||||
<td class="nd_center-cell"><input data-form="add" type="checkbox" name="admin"></td>
|
||||
<td class="nd_center-cell"></td>
|
||||
@@ -45,6 +47,9 @@
|
||||
<td class="nd_center-cell">
|
||||
<input data-form="update" name="ldap" type="checkbox" [% ' checked="checked"' IF row.ldap %]>
|
||||
</td>
|
||||
<td class="nd_center-cell">
|
||||
<input data-form="update" name="radius" type="checkbox" [% ' checked="checked"' IF row.radius %]>
|
||||
</td>
|
||||
<td class="nd_center-cell">
|
||||
<input data-form="update" name="port_control" type="checkbox" [% ' checked="checked"' IF row.port_control %]>
|
||||
</td>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[% USE CSV -%]
|
||||
[% CSV.dump([ 'Full Name' 'Username'
|
||||
'LDAP Auth' 'Port Control' 'Administrator' 'Created'
|
||||
'LDAP Auth' 'RADIUS Auth' 'Port Control' 'Administrator' 'Created'
|
||||
'Last Login' 'Note']) %]
|
||||
|
||||
[% FOREACH row IN results %]
|
||||
@@ -8,6 +8,7 @@
|
||||
[% mylist.push(row.fullname) %]
|
||||
[% mylist.push(row.username) %]
|
||||
[% mylist.push(row.ldap) %]
|
||||
[% mylist.push(row.radius) %]
|
||||
[% mylist.push(row.port_control) %]
|
||||
[% mylist.push(row.admin) %]
|
||||
[% mylist.push(row.created) %]
|
||||
|
||||
@@ -181,7 +181,7 @@
|
||||
[% session.logged_in_fullname || session.logged_in_user | html_entity %] <b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
[% IF NOT user_has_role('ldap') %]
|
||||
[% IF NOT ( user_has_role('ldap') OR user_has_role('radius') ) %]
|
||||
<li><a href="[% uri_for('/password') %]">Change Password</a></li>
|
||||
[% END %]
|
||||
[% IF NOT settings.no_auth %]
|
||||
|
||||
Reference in New Issue
Block a user