improvements to radius patch

Build.PL

@@ -26,6 +26,7 @@ Module::Build->new(
     'App::cpanminus' => '1.6108',
     'App::local::lib::helper' => '0.07',
     'Archive::Extract' => '0',
+    'Authen::Radius' => '0',
     'CGI::Expand' => '2.05',
     'Data::Printer' => '0',
     'DBD::Pg' => '0',

lib/App/Netdisco/DB.pm

@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
 );
 
 our # try to hide from kwalitee
-  $VERSION = 58; # schema version used for upgrades, keep as integer
+  $VERSION = 59; # schema version used for upgrades, keep as integer
 
 use Path::Class;
 use File::ShareDir 'dist_dir';

lib/App/Netdisco/DB/Result/User.pm

@@ -29,6 +29,8 @@ __PACKAGE__->add_columns(
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "ldap",
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
+  "radius",
+  { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "admin",
   { data_type => "boolean", default_value => \"false", is_nullable => 1 },
   "fullname",

lib/App/Netdisco/DB/Result/Virtual/UserRole.pm

@@ -20,6 +20,9 @@ __PACKAGE__->result_source_instance->view_definition(<<ENDSQL
   SELECT username, 'ldap' AS role FROM users
     WHERE ldap
   UNION
+  SELECT username, 'radius' AS role FROM users
+    WHERE radius
+  UNION
   SELECT username, 'api' AS role FROM users
     WHERE token IS NOT NULL AND token_from IS NOT NULL
 ENDSQL

lib/App/Netdisco/Web/Auth/Provider/DBIC.pm

@@ -13,12 +13,9 @@ use Dancer::Plugin::DBIC;
 use Dancer::Plugin::Passphrase;
 use Digest::MD5;
 use Net::LDAP;
+use Authen::Radius;
 use Try::Tiny;
 
-if (setting('radius') and ref {} eq ref setting('radius')) {
-    use Authen::Radius;
-    }
-
 sub authenticate_user {
     my ($self, $username, $password) = @_;
     return unless defined $username;
@@ -107,21 +104,20 @@ sub match_password {
     my $settings = $self->realm_settings;
     my $username_column = $settings->{users_username_column} || 'username';
 
-#    return $user->ldap
-#      ? $self->match_with_ldap($password, $user->$username_column)
-#      : $self->match_with_local_pass($password, $user);
-    my $pwmatch_result=0;
+    my $pwmatch_result = 0;
     my $username = $user->$username_column;
 
     if ($user->ldap) {
-      $pwmatch_result = $self->match_with_ldap($password, $user->$username_column);
-    } else {
-      if ( setting('radius') and ref {} eq ref setting('radius') ) {
-        $pwmatch_result =       ( $self->match_with_radius($password, $username) || $self->match_with_local_pass($password, $user) );
-      } else {
+      $pwmatch_result = $self->match_with_ldap($password, $username);
+    }
+    elsif ($user->raidus) {
+      $pwmatch_result = $self->match_with_radius($password, $username);
+    }
+    else {
       $pwmatch_result = $self->match_with_local_pass($password, $user);
     }
-   }
+
+    return $pwmatch_result;
 }
 
 sub match_with_local_pass {
@@ -230,21 +226,27 @@ sub _ldap_search {
 
     return undef;
 }
+
 sub match_with_radius {
   my($self, $pass, $user) = @_;
   return unless setting('radius') and ref {} eq ref setting('radius');
+
   my $conf = setting('radius');
-   my $radius = new Authen::Radius(Host => $conf->{server}, Secret => $conf->{secret});
+  my $radius = Authen::Radius->new(Host => $conf->{server}, Secret => $conf->{secret});
   Authen::Radius->load_dictionary();
+
   $radius->add_attributes(
-      { Name=> 'User-Name', Value => $user },
-      { Name=> 'User-Password', Value => $pass },
+     { Name => 'User-Name',         Value => $user },
+     { Name => 'User-Password',     Value => $pass },
      { Name => 'h323-return-code',  Value => '0' }, # Cisco AV pair
      { Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
   );
   $radius->send_packet(ACCESS_REQUEST);
+
   my $type = $radius->recv_packet();
-    my $radius_return = ($type eq ACCESS_ACCEPT)?1:0;
+  my $radius_return = ($type eq ACCESS_ACCEPT) ? 1 : 0;
+
   return $radius_return;
 }
+
 1;

lib/App/Netdisco/Web/Plugin/AdminTask/Users.pm

@@ -41,6 +41,7 @@ ajax '/ajax/control/admin/users/add' => require_role setting('defanged_admin') =
           password => _make_password(param('password')),
           fullname => param('fullname'),
           ldap => (param('ldap') ? \'true' : \'false'),
+          radius => (param('radius') ? \'true' : \'false'),
           port_control => (param('port_control') ? \'true' : \'false'),
           admin => (param('admin') ? \'true' : \'false'),
           note => param('note'),
@@ -71,6 +72,7 @@ ajax '/ajax/control/admin/users/update' => require_role setting('defanged_admin'
           : ()),
         fullname => param('fullname'),
         ldap => (param('ldap') ? \'true' : \'false'),
+        radius => (param('radius') ? \'true' : \'false'),
         port_control => (param('port_control') ? \'true' : \'false'),
         admin => (param('admin') ? \'true' : \'false'),
         note => param('note'),

share/schema_versions/App-Netdisco-DB-58-59-PostgreSQL.sql

@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE users ADD radius boolean;
+
+ALTER TABLE users ALTER radius SET DEFAULT false;
+
+COMMIT;

share/views/ajax/admintask/users.tt

@@ -5,6 +5,7 @@
       <th class="nd_center-cell">Username</th>
       <th class="nd_center-cell">Password</th>
       <th class="nd_center-cell">LDAP Auth</th>
+      <th class="nd_center-cell">RADIUS Auth</th>
       <th class="nd_center-cell">Port Control</th>
       <th class="nd_center-cell">Administrator</th>
       <th class="nd_center-cell">Created</th>
@@ -19,6 +20,7 @@
       <td class="nd_center-cell"><input data-form="add" name="username" type="text"></td>
       <td class="nd_center-cell"><input data-form="add" name="password" type="password"></td>
       <td class="nd_center-cell"><input data-form="add" type="checkbox" name="ldap"></td>
+      <td class="nd_center-cell"><input data-form="add" type="checkbox" name="radius"></td>
       <td class="nd_center-cell"><input data-form="add" type="checkbox" name="port_control"></td>
       <td class="nd_center-cell"><input data-form="add" type="checkbox" name="admin"></td>
       <td class="nd_center-cell"></td>
@@ -45,6 +47,9 @@
       <td class="nd_center-cell">
         <input data-form="update" name="ldap" type="checkbox" [% ' checked="checked"' IF row.ldap %]>
       </td>
+      <td class="nd_center-cell">
+        <input data-form="update" name="radius" type="checkbox" [% ' checked="checked"' IF row.radius %]>
+      </td>
       <td class="nd_center-cell">
         <input data-form="update" name="port_control" type="checkbox" [% ' checked="checked"' IF row.port_control %]>
       </td>

share/views/ajax/admintask/users_csv.tt

@@ -1,6 +1,6 @@
 [% USE CSV -%]
 [% CSV.dump([ 'Full Name' 'Username'
-              'LDAP Auth' 'Port Control' 'Administrator' 'Created'
+              'LDAP Auth' 'RADIUS Auth' 'Port Control' 'Administrator' 'Created'
               'Last Login' 'Note']) %]
 
 [% FOREACH row IN results %]
@@ -8,6 +8,7 @@
   [% mylist.push(row.fullname) %]
   [% mylist.push(row.username) %]
   [% mylist.push(row.ldap) %]
+  [% mylist.push(row.radius) %]
   [% mylist.push(row.port_control) %]
   [% mylist.push(row.admin) %]
   [% mylist.push(row.created) %]

share/views/layouts/main.tt

@@ -181,7 +181,7 @@
             [% session.logged_in_fullname || session.logged_in_user | html_entity %] <b class="caret"></b>
           </a>
           <ul class="dropdown-menu">
-          [% IF NOT user_has_role('ldap') %]
+          [% IF NOT ( user_has_role('ldap') OR user_has_role('radius') ) %]
             <li><a href="[% uri_for('/password') %]">Change Password</a></li>
           [% END %]
           [% IF NOT settings.no_auth %]