Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
a01126c6
Commit
a01126c6
authored
Nov 11, 2019
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Update] 修改radius MFA
parent
f53cf8d5
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
1 deletion
+33
-1
radius.py
apps/authentication/backends/radius.py
+19
-0
conf.py
apps/jumpserver/conf.py
+2
-0
user.py
apps/users/models/user.py
+12
-1
No files found.
apps/authentication/backends/radius.py
View file @
a01126c6
...
...
@@ -5,6 +5,8 @@ from django.contrib.auth import get_user_model
from
radiusauth.backends
import
RADIUSBackend
,
RADIUSRealmBackend
from
django.conf
import
settings
from
pyrad.packet
import
AccessRequest
User
=
get_user_model
()
...
...
@@ -25,6 +27,23 @@ class CreateUserMixin:
user
.
save
()
return
user
def
_get_auth_packet
(
self
,
username
,
password
,
client
):
"""
Get the pyrad authentication packet for the username/password and the
given pyrad client.
"""
pkt
=
client
.
CreateAuthPacket
(
code
=
AccessRequest
,
User_Name
=
username
)
if
settings
.
CONFIG
.
RADIUS_ENCRYPT_PASSWORD
:
password
=
pkt
.
PwCrypt
(
password
)
else
:
password
=
password
pkt
[
"User-Password"
]
=
password
pkt
[
"NAS-Identifier"
]
=
'django-radius'
for
key
,
val
in
list
(
getattr
(
settings
,
'RADIUS_ATTRIBUTES'
,
{})
.
items
()):
pkt
[
key
]
=
val
return
pkt
class
RadiusBackend
(
CreateUserMixin
,
RADIUSBackend
):
pass
...
...
apps/jumpserver/conf.py
View file @
a01126c6
...
...
@@ -375,6 +375,7 @@ defaults = {
'RADIUS_SERVER'
:
'localhost'
,
'RADIUS_PORT'
:
1812
,
'RADIUS_SECRET'
:
''
,
'RADIUS_ENCRYPT_PASSWORD'
:
True
,
'AUTH_LDAP_SEARCH_PAGED_SIZE'
:
1000
,
'AUTH_LDAP_SYNC_IS_PERIODIC'
:
False
,
'AUTH_LDAP_SYNC_INTERVAL'
:
None
,
...
...
@@ -398,6 +399,7 @@ defaults = {
'FORCE_SCRIPT_NAME'
:
''
,
'LOGIN_CONFIRM_ENABLE'
:
False
,
'WINDOWS_SKIP_ALL_MANUAL_PASSWORD'
:
False
,
'OTP_IN_RADIUS'
:
False
,
}
...
...
apps/users/models/user.py
View file @
a01126c6
...
...
@@ -375,9 +375,20 @@ class MFAMixin:
self
.
otp_level
=
0
self
.
otp_secret_key
=
None
def
check_otp_on_radius
(
self
,
code
):
from
authentication.backends.radius
import
RadiusBackend
backend
=
RadiusBackend
()
user
=
backend
.
authenticate
(
None
,
username
=
self
.
username
,
password
=
code
)
if
user
:
return
True
return
False
def
check_otp
(
self
,
code
):
from
..utils
import
check_otp_code
return
check_otp_code
(
self
.
otp_secret_key
,
code
)
if
settings
.
CONFIG
.
OTP_IN_RADIUS
:
return
self
.
check_otp_on_radius
(
code
)
else
:
return
check_otp_code
(
self
.
otp_secret_key
,
code
)
class
User
(
AuthMixin
,
TokenMixin
,
RoleMixin
,
MFAMixin
,
AbstractUser
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment