diff --git a/Dockerfile b/Dockerfile
index a520a4ba4..7d40f06aa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ RUN yum -y install epel-release && cd /tmp/requirements && \
RUN cd /tmp/requirements && pip install -r requirements.txt
COPY . /opt/jumpserver
-COPY config_docker.py /opt/jumpserver/config.py
+COPY config_example.yml /opt/jumpserver/config.yml
VOLUME /opt/jumpserver/data
VOLUME /opt/jumpserver/logs
diff --git a/apps/authentication/radius/__init__.py b/apps/authentication/radius/__init__.py
new file mode 100644
index 000000000..ec51c5a2b
--- /dev/null
+++ b/apps/authentication/radius/__init__.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+#
diff --git a/apps/authentication/radius/backends.py b/apps/authentication/radius/backends.py
new file mode 100644
index 000000000..6c95bf108
--- /dev/null
+++ b/apps/authentication/radius/backends.py
@@ -0,0 +1,34 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.contrib.auth import get_user_model
+from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
+from django.conf import settings
+
+User = get_user_model()
+
+
+class CreateUserMixin:
+ def get_django_user(self, username, password=None):
+ if isinstance(username, bytes):
+ username = username.decode()
+ try:
+ user = User.objects.get(username=username)
+ except User.DoesNotExist:
+ if '@' in username:
+ email = username
+ else:
+ email_suffix = settings.EMAIL_SUFFIX
+ email = '{}@{}'.format(username, email_suffix)
+ user = User(username=username, name=username, email=email)
+ user.source = user.SOURCE_RADIUS
+ user.save()
+ return user
+
+
+class RadiusBackend(CreateUserMixin, RADIUSBackend):
+ pass
+
+
+class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):
+ pass
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 49b74d961..7e96ff91b 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -331,6 +331,10 @@ defaults = {
'SECURITY_PASSWORD_LOWER_CASE': False,
'SECURITY_PASSWORD_NUMBER': False,
'SECURITY_PASSWORD_SPECIAL_CHAR': False,
+ 'AUTH_RADIUS': False,
+ 'RADIUS_SERVER': 'localhost',
+ 'RADIUS_PORT': 1812,
+ 'RADIUS_SECRET': '',
'HTTP_BIND_HOST': '0.0.0.0',
'HTTP_LISTEN_PORT': 8080,
}
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index ca3d5afa3..2a0f44f96 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -400,6 +400,16 @@ if AUTH_OPENID:
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[0])
AUTHENTICATION_BACKENDS.insert(0, AUTH_OPENID_BACKENDS[1])
+# Radius Auth
+AUTH_RADIUS = CONFIG.AUTH_RADIUS
+AUTH_RADIUS_BACKEND = 'authentication.radius.backends.RadiusBackend'
+RADIUS_SERVER = CONFIG.RADIUS_SERVER
+RADIUS_PORT = CONFIG.RADIUS_PORT
+RADIUS_SECRET = CONFIG.RADIUS_SECRET
+
+if AUTH_RADIUS:
+ AUTHENTICATION_BACKENDS.insert(0, AUTH_RADIUS_BACKEND)
+
# Celery using redis as broker
CELERY_BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/%(db)s' % {
'password': CONFIG.REDIS_PASSWORD,
diff --git a/apps/templates/_copyright.html b/apps/templates/_copyright.html
index b98dacb03..327e67bd3 100644
--- a/apps/templates/_copyright.html
+++ b/apps/templates/_copyright.html
@@ -1,2 +1,2 @@
{% load i18n %}
-Copyright {% trans ' Beijing Duizhan Tech, Inc. ' %} © 2014-2018
\ No newline at end of file
+Copyright {% trans ' Beijing Duizhan Tech, Inc. ' %} © 2014-2019
\ No newline at end of file
diff --git a/apps/templates/_footer.html b/apps/templates/_footer.html
index 449ba9e8c..9cf09b532 100644
--- a/apps/templates/_footer.html
+++ b/apps/templates/_footer.html
@@ -5,6 +5,6 @@
- Copyright {% trans ' Beijing Duizhan Tech, Inc. ' %}© 2014-2018
+ Copyright {% trans ' Beijing Duizhan Tech, Inc. ' %}© 2014-2019
diff --git a/apps/templates/flash_message_standalone.html b/apps/templates/flash_message_standalone.html
index 13794eea7..91989afe7 100644
--- a/apps/templates/flash_message_standalone.html
+++ b/apps/templates/flash_message_standalone.html
@@ -54,7 +54,7 @@
{% include '_copyright.html' %}
- 2014-2018
+ 2014-2019
diff --git a/apps/users/migrations/0018_auto_20190107_1912.py b/apps/users/migrations/0018_auto_20190107_1912.py
new file mode 100644
index 000000000..244de970d
--- /dev/null
+++ b/apps/users/migrations/0018_auto_20190107_1912.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.4 on 2019-01-07 11:12
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('users', '0017_auto_20181123_1113'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='user',
+ name='source',
+ field=models.CharField(choices=[('local', 'Local'), ('ldap', 'LDAP/AD'), ('openid', 'OpenID'), ('radius', 'Radius')], default='local', max_length=30, verbose_name='Source'),
+ ),
+ ]
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 851ea2ccc..5daa7b510 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -41,10 +41,12 @@ class User(AbstractUser):
SOURCE_LOCAL = 'local'
SOURCE_LDAP = 'ldap'
SOURCE_OPENID = 'openid'
+ SOURCE_RADIUS = 'radius'
SOURCE_CHOICES = (
(SOURCE_LOCAL, 'Local'),
(SOURCE_LDAP, 'LDAP/AD'),
(SOURCE_OPENID, 'OpenID'),
+ (SOURCE_RADIUS, 'Radius'),
)
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
username = models.CharField(
diff --git a/config_docker.yml b/config_docker.yml
deleted file mode 100644
index 29c0acb58..000000000
--- a/config_docker.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-# SECURITY WARNING: keep the secret key used in production secret!
-# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄
-SECRET_KEY:
-
-# SECURITY WARNING: keep the bootstrap token used in production secret!
-# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
-BOOTSTRAP_TOKEN:
-
-# Development env open this, when error occur display the full process track, Production disable it
-# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-# DEBUG: true
-
-# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
-# 日志级别
-# LOG_LEVEL: DEBUG
-# LOG_DIR:
-
-# Session expiration setting, Default 24 hour, Also set expired on on browser close
-# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
-# SESSION_COOKIE_AGE: 3600 * 24
-# SESSION_EXPIRE_AT_BROWSER_CLOSE: False
-
-# Database setting, Support sqlite3, mysql, postgres ....
-# 数据库设置
-# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-# SQLite setting:
-# 使用单文件sqlite数据库
-# DB_ENGINE: sqlite3
-# DB_NAME:
-
-# MySQL or postgres setting like:
-# 使用Mysql作为数据库
-DB_ENGINE: mysql
-DB_HOST: 127.0.0.1
-DB_PORT: 3306
-DB_USER: jumpserver
-DB_PASSWORD:
-DB_NAME: jumpserver
-
-# When Django start it will bind this host and port
-# ./manage.py runserver 127.0.0.1:8080
-# 运行时绑定端口
-HTTP_BIND_HOST: 0.0.0.0
-HTTP_LISTEN_PORT: 8080
-
-# Use Redis as broker for celery and web socket
-# Redis配置
-REDIS_HOST: 127.0.0.1
-REDIS_PORT: 6379
-# REDIS_PASSWORD:
-# REDIS_DB_CELERY: 3
-# REDIS_DB_CACHE: 4
-
-# Use OpenID authorization
-# 使用OpenID 来进行认证设置
-# BASE_SITE_URL: http://localhost:8080
-# AUTH_OPENID: false # True or False
-# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
-# AUTH_OPENID_REALM_NAME: realm-name
-# AUTH_OPENID_CLIENT_ID: client-id
-# AUTH_OPENID_CLIENT_SECRET: client-secret
-
-# OTP校验窗口大小,可以避免服务器时间稍有差异引起OTP校验失败
-# OTP_VALID_WINDOW: 0
\ No newline at end of file
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 8c6a5087b..c956bc9d4 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -78,3 +78,4 @@ python-keycloak-client==0.1.3
rest_condition==1.0.3
python-ldap==3.1.0
tencentcloud-sdk-python==3.0.40
+django-radius==1.3.3