README
¶
Radius
A golang radius library. This project forks from jeesta/radius
Documentation
Example
package main
import (
"fmt"
"github.com/bronze1man/radius"
)
type radiusService struct{}
func (p radiusService) RadiusHandle(request *radius.Packet) *radius.Packet {
// a pretty print of the request.
fmt.Printf("[Authenticate] %s\n", request.String())
npac := request.Reply()
switch request.Code {
case radius.AccessRequest:
// check username and password
if request.GetUsername() == "a" && request.GetPassword() == "a" {
npac.Code = radius.AccessAccept
// add Vendor-specific attribute - Vendor Cisco (code 9) Attribute h323-remote-address (code 23)
npac.AddVSA( radius.VSA{Vendor: 9, Type: 23, Value: []byte("10.20.30.40")} )
} else {
npac.Code = radius.AccessReject
npac.AddAVP( radius.AVP{Type: radius.ReplyMessage, Value: []byte("you dick!")} )
}
case radius.AccountingRequest:
// accounting start or end
npac.Code = radius.AccountingResponse
default:
npac.Code = radius.AccessAccept
}
return npac
}
func main() {
s := radius.NewServer(":1812", "secret", radiusService{})
// or you can convert it to a server that accept request
// from some host with different secret
// cls := radius.NewClientList([]radius.Client{
// radius.NewClient("127.0.0.1", "secret1"),
// radius.NewClient("10.10.10.10", "secret2"),
// })
// s.WithClientList(cls)
signalChan := make(chan os.Signal, 1)
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
errChan := make(chan error)
go func() {
fmt.Println("waiting for packets...")
err := s.ListenAndServe()
if err != nil {
errChan <- err
}
}()
select {
case <-signalChan:
log.Println("stopping server...")
s.Stop()
case err := <-errChan:
log.Println("[ERR] %v", err.Error())
}
}
Implemented
- A radius server can handle AccessRequest request from strongswan with ikev1-xauth-psk
- A radius server can handle AccountingRequest request from strongswan with ikev1-xauth-psk
Notice
- A radius client has not yet been implement.
- It works , but it is not stable.
Reference
- EAP MS-CHAPv2 packet format http://tools.ietf.org/id/draft-kamath-pppext-eap-mschapv2-01.txt
- EAP MS-CHAPv2 https://tools.ietf.org/html/rfc2759
- RADIUS Access-Request part https://tools.ietf.org/html/rfc2865
- RADIUS Accounting-Request part https://tools.ietf.org/html/rfc2866
- RADIUS Support For Extensible Authentication Protocol https://tools.ietf.org/html/rfc3579
- RADIUS Implementation Issues and Suggested Fixes https://tools.ietf.org/html/rfc5080
TODO
- avpEapMessaget.Value error handle.
- Implement eap-MSCHAPV2 server side.
- Implement radius client side.
Documentation
¶
Index ¶
- Constants
- Variables
- type AVP
- type AcctStatusTypeEnum
- type AcctTerminateCauseEnum
- type AttributeType
- type Client
- type ClientList
- type DefaultClient
- type EapCode
- type EapPacket
- type EapType
- type MsChapV2OpCode
- type MsChapV2Packet
- type NASPortTypeEnum
- type Packet
- func (p *Packet) AddAVP(avp AVP)
- func (p *Packet) AddVSA(vsa VSA)
- func (p *Packet) Copy() *Packet
- func (p *Packet) DeleteAVP(avp *AVP)
- func (p *Packet) DeleteOneType(attrType AttributeType)
- func (p *Packet) Encode() (b []byte, err error)
- func (p *Packet) GetAVP(attrType AttributeType) *AVP
- func (p *Packet) GetAcctSessionId() string
- func (p *Packet) GetAcctStatusType() AcctStatusTypeEnum
- func (p *Packet) GetAcctTotalInputOctets() uint64
- func (p *Packet) GetAcctTotalOutputOctets() uint64
- func (p *Packet) GetCalledStationId() string
- func (p *Packet) GetCallingStationId() string
- func (p *Packet) GetEAPMessage() *EapPacket
- func (p *Packet) GetFramedIPAddress() (ip net.IP)
- func (p *Packet) GetNASIdentifier() string
- func (p *Packet) GetNASPort() uint32
- func (p *Packet) GetNASPortId() string
- func (p *Packet) GetNasIpAddress() (ip net.IP)
- func (p *Packet) GetPassword() (password string)
- func (p *Packet) GetTerminateCause() string
- func (p *Packet) GetUsername() (username string)
- func (p *Packet) GetVSA(vendor uint32, attr uint8) *VSA
- func (p *Packet) HasAVP(attrType AttributeType) bool
- func (p *Packet) Reply() *Packet
- func (p *Packet) Send(c net.PacketConn, addr net.Addr) error
- func (p *Packet) SetAVP(avp AVP)
- func (p *Packet) String() string
- type PacketCode
- type PasswordService
- type Server
- type Service
- type ServiceTypeEnum
- type VSA
Constants ¶
View Source
const ACCOUNTING_PORT = 1813
View Source
const AUTH_PORT = 1812
Variables ¶
View Source
var ErrMessageAuthenticatorCheckFail = fmt.Errorf("RADIUS Response-Authenticator verification failed")
Functions ¶
This section is empty.
Types ¶
type AcctStatusTypeEnum ¶
type AcctStatusTypeEnum uint32
const ( AcctStatusTypeEnumStart AcctStatusTypeEnum = 1 AcctStatusTypeEnumStop AcctStatusTypeEnum = 2 AcctStatusTypeEnumInterimUpdate AcctStatusTypeEnum = 3 AcctStatusTypeEnumAccountingOn AcctStatusTypeEnum = 7 AcctStatusTypeEnumAccountingOff AcctStatusTypeEnum = 8 )
func (AcctStatusTypeEnum) String ¶
func (e AcctStatusTypeEnum) String() string
type AcctTerminateCauseEnum ¶
type AcctTerminateCauseEnum uint32
const ( AcctTerminateCauseEnumUserRequest AcctTerminateCauseEnum = 1 AcctTerminateCauseEnumLostCarrier AcctTerminateCauseEnum = 2 AcctTerminateCauseEnumLostService AcctTerminateCauseEnum = 3 AcctTerminateCauseEnumIdleTimeout AcctTerminateCauseEnum = 4 AcctTerminateCauseEnumSessionTimout AcctTerminateCauseEnum = 5 AcctTerminateCauseEnumAdminReset AcctTerminateCauseEnum = 6 AcctTerminateCauseEnumAdminReboot AcctTerminateCauseEnum = 7 AcctTerminateCauseEnumPortError AcctTerminateCauseEnum = 8 AcctTerminateCauseEnumNASError AcctTerminateCauseEnum = 9 AcctTerminateCauseEnumNASRequest AcctTerminateCauseEnum = 10 AcctTerminateCauseEnumNASReboot AcctTerminateCauseEnum = 11 AcctTerminateCauseEnumPortUnneeded AcctTerminateCauseEnum = 12 AcctTerminateCauseEnumPortPreempted AcctTerminateCauseEnum = 13 AcctTerminateCauseEnumPortSuspended AcctTerminateCauseEnum = 14 AcctTerminateCauseEnumCallbkack AcctTerminateCauseEnum = 16 AcctTerminateCauseEnumUserError AcctTerminateCauseEnum = 17 AcctTerminateCauseEnumHostRequest AcctTerminateCauseEnum = 18 )
func (AcctTerminateCauseEnum) String ¶
func (e AcctTerminateCauseEnum) String() string
type AttributeType ¶
type AttributeType uint8
const ( UserName AttributeType = iota //1 UserPassword AttributeType = iota //2 CHAPPassword AttributeType = iota //3 NASIPAddress AttributeType = iota //4 NASPort AttributeType = iota //5 ServiceType AttributeType = iota //6 FramedProtocol AttributeType = iota //7 FramedIPAddress AttributeType = iota //8 FramedIPNetmask AttributeType = iota //9 FramedRouting AttributeType = iota //10 FilterId AttributeType = iota //11 FramedMTU AttributeType = iota //12 FramedCompression AttributeType = iota //13 LoginIPHost AttributeType = iota //14 LoginService AttributeType = iota //15 LoginTCPPort AttributeType = iota //16 ReplyMessage AttributeType = iota //18 CallbackNumber AttributeType = iota //19 CallbackId AttributeType = iota //20 FramedRoute AttributeType = iota //22 FramedIPXNetwork AttributeType = iota //23 State AttributeType = iota //24 Class AttributeType = iota //25 VendorSpecific AttributeType = iota SessionTimeout AttributeType = iota IdleTimeout AttributeType = iota TerminationAction AttributeType = iota CalledStationId AttributeType = iota CallingStationId AttributeType = iota NASIdentifier AttributeType = iota ProxyState AttributeType = iota LoginLATService AttributeType = iota LoginLATNode AttributeType = iota LoginLATGroup AttributeType = iota FramedAppleTalkLink AttributeType = iota FramedAppleTalkNetwork AttributeType = iota FramedAppleTalkZone AttributeType = iota AcctStatusType AttributeType = iota AcctDelayTime AttributeType = iota AcctInputOctets AttributeType = iota AcctOutputOctets AttributeType = iota AcctSessionId AttributeType = iota AcctAuthentic AttributeType = iota AcctSessionTime AttributeType = iota AcctInputPackets AttributeType = iota AcctOutputPackets AttributeType = iota AcctTerminateCause AttributeType = iota AcctMultiSessionId AttributeType = iota AcctLinkCount AttributeType = iota AcctInputGigawords AttributeType = iota //52 AcctOutputGigawords AttributeType = iota Unassigned1 AttributeType = iota EventTimestamp AttributeType = iota EgressVLANID AttributeType = iota IngressFilters AttributeType = iota EgressVLANName AttributeType = iota UserPriorityTable AttributeType = iota //59 CHAPChallenge AttributeType = 60 NASPortType AttributeType = 61 PortLimit AttributeType = 62 LoginLATPort AttributeType = 63 //end rfc2865 rfc 2866 TunnelType AttributeType = iota TunnelMediumType AttributeType = iota TunnelClientEndpoint AttributeType = iota TunnelServerEndpoint AttributeType = iota AcctTunnelConnection AttributeType = iota TunnelPassword AttributeType = iota ARAPPassword AttributeType = iota ARAPFeatures AttributeType = iota ARAPZoneAccess AttributeType = iota ARAPSecurity AttributeType = iota ARAPSecurityData AttributeType = iota PasswordRetry AttributeType = iota Prompt AttributeType = iota ConnectInfo AttributeType = iota ConfigurationToken AttributeType = iota EAPMessage AttributeType = iota MessageAuthenticator AttributeType = iota TunnelPrivateGroupID AttributeType = iota TunnelAssignmentID AttributeType = iota TunnelPreference AttributeType = iota ARAPChallengeResponse AttributeType = iota AcctInterimInterval AttributeType = iota AcctTunnelPacketsLost AttributeType = iota NASPortId AttributeType = iota FramedPool AttributeType = iota CUI AttributeType = iota TunnelClientAuthID AttributeType = iota TunnelServerAuthID AttributeType = iota NASFilterRule AttributeType = iota Unassigned AttributeType = iota OriginatingLineInfo AttributeType = iota NASIPv6Address AttributeType = iota FramedInterfaceId AttributeType = iota FramedIPv6Prefix AttributeType = iota LoginIPv6Host AttributeType = iota FramedIPv6Route AttributeType = iota FramedIPv6Pool AttributeType = iota ErrorCause AttributeType = iota EAPKeyName AttributeType = iota DigestResponse AttributeType = iota DigestRealm AttributeType = iota DigestNonce AttributeType = iota DigestResponseAuth AttributeType = iota DigestNextnonce AttributeType = iota DigestMethod AttributeType = iota DigestURI AttributeType = iota DigestQop AttributeType = iota DigestAlgorithm AttributeType = iota DigestEntityBodyHash AttributeType = iota DigestCNonce AttributeType = iota DigestNonceCount AttributeType = iota DigestUsername AttributeType = iota DigestOpaque AttributeType = iota DigestAuthParam AttributeType = iota DigestAKAAuts AttributeType = iota DigestDomain AttributeType = iota DigestStale AttributeType = iota DigestHA1 AttributeType = iota SIPAOR AttributeType = iota DelegatedIPv6Prefix AttributeType = iota MIP6FeatureVector AttributeType = iota MIP6HomeLinkPrefix AttributeType = iota OperatorName AttributeType = iota LocationInformation AttributeType = iota LocationData AttributeType = iota BasicLocationPolicyRules AttributeType = iota ExtendedLocationPolicyRules AttributeType = iota LocationCapable AttributeType = iota RequestedLocationInfo AttributeType = iota FramedManagementProtocol AttributeType = iota ManagementTransportProtectio AttributeType = iota ManagementPolicyId AttributeType = iota ManagementPrivilegeLevel AttributeType = iota PKMSSCert AttributeType = iota PKMCACert AttributeType = iota PKMConfigSettings AttributeType = iota PKMCryptosuiteList AttributeType = iota PKMSAID AttributeType = iota PKMSADescriptor AttributeType = iota PKMAuthKey AttributeType = iota DSLiteTunnelName AttributeType = iota MobileNodeIdentifier AttributeType = iota ServiceSelection AttributeType = iota PMIP6HomeLMAIPv6Address AttributeType = iota PMIP6VisitedLMAIPv6Address AttributeType = iota PMIP6HomeLMAIPv4Address AttributeType = iota PMIP6VisitedLMAIPv4Address AttributeType = iota PMIP6HomeHNPrefix AttributeType = iota PMIP6VisitedHNPrefix AttributeType = iota PMIP6HomeInterfaceID AttributeType = iota PMIP6VisitedInterfaceID AttributeType = iota PMIP6HomeIPv4HoA AttributeType = iota PMIP6VisitedIPv4HoA AttributeType = iota PMIP6HomeDHCP4ServerAddress AttributeType = iota PMIP6VisitedDHCP4ServerAddre AttributeType = iota PMIP6HomeDHCP6ServerAddress AttributeType = iota PMIP6VisitedDHCP6ServerAddre AttributeType = iota UnassignedStart AttributeType = 161 UnassignedEnd AttributeType = 191 ExperimentalStart AttributeType = 192 ExperimentalEnd AttributeType = 223 ImplementationSpecificStart AttributeType = 224 ImplementationSpecificEnd AttributeType = 240 ReservedStart AttributeType = 241 ReservedEnd AttributeType = 254 )
func (AttributeType) String ¶
func (a AttributeType) String() string
type Client ¶
type Client interface {
// GetHost get the client host
GetHost() string
// GetSecret get shared secret
GetSecret() string
}
Client represent a client to connect to radius server
type ClientList ¶
ClientList are list of client allowed to communicate with server
func NewClientList ¶
func NewClientList(cs []Client) *ClientList
func (*ClientList) AddOrUpdate ¶
func (cls *ClientList) AddOrUpdate(cl Client)
Add new client or reset existing client based on host
func (*ClientList) Get ¶
func (cls *ClientList) Get(host string) Client
Get client from list of clients based on host
func (*ClientList) GetHerd ¶
func (cls *ClientList) GetHerd() []Client
func (*ClientList) SetHerd ¶
func (cls *ClientList) SetHerd(herd []Client)
SetHerd reset/initialize the herd of clients
type DefaultClient ¶
DefaultClient is default client implementation
func (*DefaultClient) GetHost ¶
func (cl *DefaultClient) GetHost() string
GetHost get the client host
func (*DefaultClient) GetSecret ¶
func (cl *DefaultClient) GetSecret() string
GetSecret get shared secret
type EapPacket ¶
func (*EapPacket) ToEAPMessage ¶
type EapType ¶
type EapType uint8
const ( EapTypeIdentity EapType = 1 EapTypeNotification EapType = 2 EapTypeNak EapType = 3 //Response only EapTypeMd5Challenge EapType = 4 EapTypeOneTimePassword EapType = 5 //otp EapTypeGenericTokenCard EapType = 6 //gtc EapTypeMSCHAPV2 EapType = 26 EapTypeExpandedTypes EapType = 254 EapTypeExperimentalUse EapType = 255 )
type MsChapV2OpCode ¶
type MsChapV2OpCode uint8
const ( MsChapV2OpCodeChallenge MsChapV2OpCode = 1 MsChapV2OpCodeResponse MsChapV2OpCode = 2 MsChapV2OpCodeSuccess MsChapV2OpCode = 3 MsChapV2OpCodeFailure MsChapV2OpCode = 4 MsChapV2OpCodeChangePassword MsChapV2OpCode = 7 )
func (MsChapV2OpCode) String ¶
func (c MsChapV2OpCode) String() string
type MsChapV2Packet ¶
type MsChapV2Packet struct {
Eap *EapPacket //解密的时候的eap信息,不使用里面的data
OpCode MsChapV2OpCode
Data []byte
}
func MsChapV2PacketFromEap ¶
func MsChapV2PacketFromEap(eap *EapPacket) (p *MsChapV2Packet, err error)
func (*MsChapV2Packet) ToEap ¶
func (p *MsChapV2Packet) ToEap() *EapPacket
type NASPortTypeEnum ¶
type NASPortTypeEnum uint32
const ( NASPortTypeEnumAsync NASPortTypeEnum = 0 NASPortTypeEnumSync NASPortTypeEnum = 1 NASPortTypeEnumISDNSync NASPortTypeEnum = 2 NASPortTypeEnumISDNSyncV120 NASPortTypeEnum = 3 NASPortTypeEnumISDNSyncV110 NASPortTypeEnum = 4 NASPortTypeEnumVirtual NASPortTypeEnum = 5 NASPortTypeEnumPIAFS NASPortTypeEnum = 6 NASPortTypeEnumHDLCClearChannel NASPortTypeEnum = 7 NASPortTypeEnumEthernet NASPortTypeEnum = 15 NASPortTypeEnumCable NASPortTypeEnum = 17 )
TODO finish it
func (NASPortTypeEnum) String ¶
func (e NASPortTypeEnum) String() string
type Packet ¶
type Packet struct {
Secret string
Code PacketCode
Identifier uint8
Authenticator [16]byte
AVPs []AVP
ClientAddr string
}
func (*Packet) DeleteOneType ¶
func (p *Packet) DeleteOneType(attrType AttributeType)
delete all avps with this type
func (*Packet) Encode ¶
此方法保证不修改包的内容 This method does not modify the contents of the package to ensure
func (*Packet) GetAcctSessionId ¶
func (*Packet) GetAcctStatusType ¶
func (p *Packet) GetAcctStatusType() AcctStatusTypeEnum
func (*Packet) GetAcctTotalInputOctets ¶
func (*Packet) GetAcctTotalOutputOctets ¶
func (*Packet) GetCalledStationId ¶
func (*Packet) GetCallingStationId ¶
func (*Packet) GetEAPMessage ¶
func (*Packet) GetFramedIPAddress ¶
func (*Packet) GetNASIdentifier ¶
func (*Packet) GetNASPortId ¶
func (*Packet) GetNasIpAddress ¶
func (*Packet) GetPassword ¶
func (*Packet) GetTerminateCause ¶
func (*Packet) GetUsername ¶
func (*Packet) HasAVP ¶
func (p *Packet) HasAVP(attrType AttributeType) bool
type PacketCode ¶
type PacketCode uint8
const ( AccessRequest PacketCode = 1 AccessAccept PacketCode = 2 AccessReject PacketCode = 3 AccountingRequest PacketCode = 4 AccountingResponse PacketCode = 5 AccessChallenge PacketCode = 11 StatusServer PacketCode = 12 //(experimental) StatusClient PacketCode = 13 //(experimental) DisconnectRequest PacketCode = 40 DisconnectAccept PacketCode = 41 DisconnectReject PacketCode = 42 CoARequest PacketCode = 43 CoAAccept PacketCode = 44 CoaReject PacketCode = 45 Reserved PacketCode = 255 )
func (PacketCode) String ¶
func (p PacketCode) String() string
type PasswordService ¶
type PasswordService struct{}
func (*PasswordService) Authenticate ¶
func (p *PasswordService) Authenticate(request *Packet) (*Packet, error)
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func (*Server) ListenAndServe ¶
ListenAndServe listen on the UDP network address
func (*Server) WithClientList ¶
func (s *Server) WithClientList(cl *ClientList)
WithClientList set a list of clients that have it's own secret
type ServiceTypeEnum ¶
type ServiceTypeEnum uint32
const ( ServiceTypeEnumLogin ServiceTypeEnum = 1 ServiceTypeEnumFramed ServiceTypeEnum = 2 ServiceTypeEnumCallbackLogin ServiceTypeEnum = 3 ServiceTypeEnumCallbackFramed ServiceTypeEnum = 4 ServiceTypeEnumOutbound ServiceTypeEnum = 5 )
TODO finish it
func (ServiceTypeEnum) String ¶
func (e ServiceTypeEnum) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.