RFE: Send real client remote address in TACACS+ authentication packet · ansible/awx#1797

(1 comment) (1 reaction) (0 assignees)Python (13,071 stars) (3,333 forks)batch import

Hacktoberfestcomponent:apicomponent:authenticationgood first issuehelp wantedtype:enhancement

説明

ISSUE TYPE

Feature Idea

COMPONENT NAME

SUMMARY

Currently the TACACS+ authentication backend

https://github.com/ansible/awx/blob/96370584062a15271abafab7fc557ac2879aa38c/awx/sso/backends.py#L225-L227

sends default value for client remote address

https://github.com/ansible/tacacs_plus/blob/526b5a29c5656bbd8644accca238d1e9303dc272/tacacs_plus/flags.py#L81

The function authenticate() in TACACSClient supports sending client remote address as parameter and should be used to correctly report client real address.

https://github.com/ansible/tacacs_plus/blob/9ba553f79efcc7b955001503d1953900ba6284a4/tacacs_plus/client.py#L158

ENVIRONMENT

AWX version: 1.0.5
AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
Ansible version: N/A
Operating System: Any
Web Browser: Any

EXPECTED RESULTS

TACACS+ authentication packet will contain clients real remote address.

ACTUAL RESULTS

Client remote address is always set to python_device.

コントリビューターガイド

技術スタック: python
領域: backendapiauthentication
Issue 種別: feature
難度: 3
推定時間: under 1 hour
活動状況: stale
明確さ: clear
前提条件: PythonTACACS+AWX backend
初心者向け度: 70
調査方針: Examine the TACACS+ authentication backend in awx/sso/backends.py around line 225-227, where the default client remote address is used. The `authenticate()` function in tacacs plus/client.py accepts a `client address` parameter that should be set to the real remote address. Modify the backend to extract the client's remote address from the request (e.g., via `request.META['REMOTE ADDR']`) and pass it to the `authenticate()` method. Ensure proper fallback to the default if the address is not available.