135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add support for custom radius VSAs (#1091)

Browse Source
This commit is contained in:
Matt Haught
2023-08-13 14:40:53 -04:00
committed by GitHub
parent 7eeda1e6bf
commit eb90458685
2 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/App/Netdisco/Configuration.pm
View File

@@ -211,18 +211,7 @@ else {
config->{'domain_suffix'} = qr//; config->{'domain_suffix'} = qr//;
} }
# convert radius and tacacs from single to lists # convert tacacs from single to lists
if (ref {} eq ref setting('radius')
and exists setting('radius')->{'secret'}) {
my $servers = (ref [] eq ref setting('radius')->{'server'}
? setting('radius')->{'server'} : [setting('radius')->{'server'}]);
config->{'radius'} = [
Secret => setting('radius')->{'secret'},
NodeList => $servers,
];
}
if (ref {} eq ref setting('tacacs') if (ref {} eq ref setting('tacacs')
and exists setting('tacacs')->{'key'}) { and exists setting('tacacs')->{'key'}) {

30
lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
View File

@@ -247,20 +247,40 @@ sub _ldap_search {
sub match_with_radius { sub match_with_radius {
my($self, $pass, $user) = @_; my($self, $pass, $user) = @_;
return unless setting('radius') and ref [] eq ref setting('radius'); return unless setting('radius') and ref {} eq ref setting('radius');
my $conf = setting('radius'); my $conf = setting('radius');
my $radius = Authen::Radius->new(@$conf); my $servers = (ref [] eq ref $conf->{'server'}
? $conf->{'server'} : [$conf->{'server'}]);
my $radius = Authen::Radius->new(
NodeList => $servers,
Secret => $conf->{'secret'},
TimeOut => $conf->{'timeout'} || 15,
);
my $dict_dir = Path::Class::Dir->new( dist_dir('App-Netdisco') ) my $dict_dir = Path::Class::Dir->new( dist_dir('App-Netdisco') )
->subdir('contrib')->subdir('raddb')->file('dictionary')->stringify; ->subdir('contrib')->subdir('raddb')->file('dictionary')->stringify;
Authen::Radius->load_dictionary($dict_dir); Authen::Radius->load_dictionary($dict_dir);
$radius->add_attributes( $radius->add_attributes(
{ Name => 'User-Name', Value => $user }, { Name => 'User-Name', Value => $user },
{ Name => 'User-Password', Value => $pass }, { Name => 'User-Password', Value => $pass }
{ Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
{ Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
); );
if ($conf->{'vsa'}) {
foreach my $vsa (@{$conf->{'vsa'}}) {
$radius->add_attributes(
{
Name => $vsa->{'name'},
Value => $vsa->{'value'},
Type => $vsa->{'type'},
Vendor => $vsa->{'vendor'},
Tag => $vsa->{'tag'}
},
);
}
}
$radius->send_packet(ACCESS_REQUEST); $radius->send_packet(ACCESS_REQUEST);
my $type = $radius->recv_packet(); my $type = $radius->recv_packet();