wilson

package module

v0.0.0-...-0a061e7 Latest Latest Go to latest Published: Apr 20, 2022 License: MPL-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/autoalan/wilson

Links

Open Source Insights

README ¶

wilson

wilson A Go (golang) dot1x server that runs locally on network switches as a secondary authentication server. When a switch becomes stranded from its primary dot1x server, wilson will authenticate endpoints by OUI using a flexible policy. Wilson was developed to provide supplemental policy-map type control support for an Arista EOS campus healthcare environment with colorless ports and a high up-time requirement.

TODO

This is effectively a prototype. While it servers the intended purpose, it needs tests and perhaps some refactoring. The goal of wilson is to be easily readable and maintainable.

Installation & Compilation

go get -u github.com/autoalan/wilson

Wilson will run once compiled without modification on most platforms. Simply clone this repository and compile wilson.go in the apps folder. For Arista EOS switches, use the 386 architecture.

# GOARCH=386 go build app/wilson.go

Usage

When executed for the first time, wilson expects to load its configuration from URL. Subsequent executions will use a defined configuration file (.wilson by default) automatically created in the directory containing the directory if the the server is unreachable or if the URL flag is omitted.

./wilson -url https://my-lb-site.internal.org/wilson.json

For implementations on Arista EOS, consider using an event-handler or even perhaps rc.eos.

Wilson expects the configuration to conform to a known JSON schema. Below is an example of a configuration file.

   {
   	"configFile": ".wilson",
   	"configRefresh": 5,
   	"configURL": "https://my-lb-site.internal.org/wilson.json",
   	"serverBinding": "127.0.0.1:1812",
   	"serverSecret": "127001",
   	"policies": [{
   			"comment": "Issue an access-accept for trusted Roche analyzers",
   			"clientOui": "B8:78:79",
   			"clientVlan": 5,
   			"radiusCode": 2
   		},
   		{
   			"comment": "Issue an access-reject for unauthorized TP-Link endpoints",
   			"clientOui": "d8-07-b6",
   			"clientVlan": 0,
   			"radiusCode": 3
   		},
   		{
   			"comment": "Ignore all other requestst; the default policy is the last policy",
   			"clientOui": "0000.00",
   			"clientVlanvlan": 0,
   			"radiusCode": 0
   		}
   	]
   }

Parameter	Description
configFile	This is the path to the configuration that will be saved locally if the the server hosting the URL config is unavailable.
configRefresh	The interval in seconds to poll the server for configuration updates.
configURL	The URL to the initial configuration file.
serverBinding	The server binding used for requests. Typically this will be localhost for obvious reasons.
serverSecret	The RADIUS secret to authenticate the NAS client.
comment	Ignored by wilson. This is for humans.
clientOui	A 24-bit hexadecimal string representing the OUI of a MAC address. Delimiters (":", "-", ".") are ignored.
clientVlan	The VLAN to be assigned to the client on access-accept.
radiusCode	Standard RADIUS codes supported by the underlying radius library. A typical deployment would leverage 2 (Accept), 3 (Reject) and 0 (Ignore or discard the request).

License

MPL 2.0

Author

Alan Haynes (alan@nre.dev).

Huge thanks to Tim Cooper for the superb radius implementation.

Documentation ¶

Index ¶

Constants
func Policy(oui string, config Configuration) (int, int)
type Configuration
- func Config(url string) Configuration
- func RefreshConfig(seconds float64, url string) Configuration
type Pol

Constants ¶

View Source

const (
	ErrConfigNotFound        = "wilson: Error: The configuration could not be downloaded or read locally from disk."
	ErrConfigNotValid        = "wilson: Error: The configuration failed."
	ErrConfigDecodeFailed    = "wilson: Error: The configuration could not be decoded from JSON."
	ErrorStartup             = "wilson: Error: Wilson is adrift: "
	HelpURLFlag              = "The URL to a JSON configuration"
	NoticeStarted            = "wilson: Notice: Wilson is listening to you"
	NoticeConfigUpdated      = "wilson: Notice: The configuration was refreshed as requested"
	WarnConfigWriteFailed    = "wilson: Warning: Failed to write the configuration to disk."
	WarnPolicyBadMAC         = "wilson: Warning: Failed to extract a valid OUI from address "
	WarnPolicyDiscardRequest = "wilson: Warning: Discarding request for invalid OUI "
)

View Source

const Schema string = `` /* 1765-byte string literal not displayed */

Variables ¶

This section is empty.

Functions ¶

func Policy ¶

func Policy(oui string, config Configuration) (int, int)

Return the first matching policy code and VLAN

Types ¶

type Configuration ¶

type Configuration struct {
	ConfigFile    string  `json:"configFile"`
	ConfigRefresh float64 `json:"configRefresh"`
	ConfigUrl     string  `json:"configUrl"`
	ServerBinding string  `json:"serverBinding"`
	ServerSecret  string  `json:"serverSecret"`
	Policies      []Pol   `json:"policies"`
}

func Config ¶

func Config(url string) Configuration

A public function to perform most of the lifting

func RefreshConfig ¶

func RefreshConfig(seconds float64, url string) Configuration

Refresh the configuration on a given interval using a go routine

type Pol ¶

type Pol struct {
	ClientOui  string `json:"clientOui"`
	ClientVlan int    `json:"clientVlan"`
	RadiusCode int    `json:"radiusCode"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
app

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL