Development
This commit is contained in:
parent
1a473296b7
commit
43c4cf380d
5 changed files with 71 additions and 62 deletions
|
|
@ -52,7 +52,7 @@ def _load_supplicant_credentials():
|
|||
conn = sqlite3.connect(str(CREDENTIALS_DB_FILE))
|
||||
conn.row_factory = sqlite3.Row
|
||||
rows = conn.execute(
|
||||
"SELECT username, password, digest_type, vlan FROM credentials"
|
||||
"SELECT username, password, digest_type, vlan, session_seconds, expires_seconds FROM credentials"
|
||||
" WHERE user_type=? AND enabled=1",
|
||||
(USER_TYPE_SUPPLICANT,)
|
||||
).fetchall()
|
||||
|
|
@ -132,6 +132,24 @@ def build_radius_clients_conf(data, secret):
|
|||
return "\n".join(lines)
|
||||
|
||||
|
||||
def _supplicant_reply_attrs(cred, default_session_seconds, vlan_id, vlan):
|
||||
"""Return reply attribute lines for a supplicant entry (no trailing blank line)."""
|
||||
import datetime
|
||||
attrs = [
|
||||
f" Tunnel-Type = VLAN,",
|
||||
f" Tunnel-Medium-Type = IEEE-802,",
|
||||
f" Tunnel-Private-Group-Id = \"{vlan_id}\"",
|
||||
]
|
||||
session = cred.get('session_seconds') or default_session_seconds
|
||||
if session:
|
||||
attrs.append(f" Session-Timeout = {session}")
|
||||
expires = cred.get('expires_seconds') or 0
|
||||
if expires:
|
||||
dt = datetime.datetime.fromtimestamp(expires)
|
||||
attrs.append(f" Expiration := \"{dt.strftime('%b %d %Y %H:%M:%S')}\"")
|
||||
return attrs
|
||||
|
||||
|
||||
def fmt_mac(raw, fmt):
|
||||
c = raw.replace(':', '').replace('-', '').lower()
|
||||
pairs = [c[i:i+2] for i in range(0, 12, 2)]
|
||||
|
|
@ -160,12 +178,13 @@ def build_radius_users(data):
|
|||
if default_vlan is None:
|
||||
return None
|
||||
|
||||
fr_opts = data.get('radius', {}).get('options', {})
|
||||
mac_fmt = fr_opts.get('mac_format', 'aabbccddeeff')
|
||||
apply_to = fr_opts.get('apply_to', 'all')
|
||||
auth_mode = fr_opts.get('auth_mode', 'mab')
|
||||
mab_first = fr_opts.get('mab_first', True)
|
||||
emit_mac_entries = (auth_mode == 'mab') or mab_first
|
||||
fr_opts = data.get('radius', {}).get('options', {})
|
||||
mac_fmt = fr_opts.get('mac_format', 'aabbccddeeff')
|
||||
apply_to = fr_opts.get('apply_to', 'all')
|
||||
auth_mode = fr_opts.get('auth_mode', 'mab')
|
||||
mab_first = fr_opts.get('mab_first', True)
|
||||
default_session_seconds = fr_opts.get('default_session_seconds', 0) or 0
|
||||
emit_mac_entries = (auth_mode == 'mab') or mab_first
|
||||
|
||||
lines = [
|
||||
"# Generated by core.py -- do not edit manually.",
|
||||
|
|
@ -216,23 +235,13 @@ def build_radius_users(data):
|
|||
except Exception:
|
||||
print(f"WARNING: Skipping '{username}' - decryption failed")
|
||||
continue
|
||||
lines += [
|
||||
f"# {username} -> VLAN {vlan_id} ({vlan['name']})",
|
||||
f"{username} Cleartext-Password := \"{plaintext}\"",
|
||||
f" Tunnel-Type = VLAN,",
|
||||
f" Tunnel-Medium-Type = IEEE-802,",
|
||||
f" Tunnel-Private-Group-Id = \"{vlan_id}\"",
|
||||
"",
|
||||
]
|
||||
check_line = f"{username} Cleartext-Password := \"{plaintext}\""
|
||||
reply = _supplicant_reply_attrs(cred, default_session_seconds, vlan_id, vlan)
|
||||
lines += [f"# {username} -> VLAN {vlan_id} ({vlan['name']})", check_line] + reply + [""]
|
||||
else: # eap_certificate - cert verified by TLS stack, entry provides VLAN reply attrs
|
||||
lines += [
|
||||
f"# {username} -> VLAN {vlan_id} ({vlan['name']})",
|
||||
f"{username} Auth-Type := EAP",
|
||||
f" Tunnel-Type = VLAN,",
|
||||
f" Tunnel-Medium-Type = IEEE-802,",
|
||||
f" Tunnel-Private-Group-Id = \"{vlan_id}\"",
|
||||
"",
|
||||
]
|
||||
check_line = f"{username} Auth-Type := EAP"
|
||||
reply = _supplicant_reply_attrs(cred, 0, vlan_id, vlan)
|
||||
lines += [f"# {username} -> VLAN {vlan_id} ({vlan['name']})", check_line] + reply + [""]
|
||||
|
||||
default_id = default_vlan.get('vlan_id')
|
||||
ap_ips = fr_opts.get('ap_ips', [])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue