toughradius

package
v8.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2024 License: GPL-3.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	VendorMikrotik = "14988"
	VendorIkuai    = "10055"
	VendorHuawei   = "2011"
	VendorZte      = "3902"
	VendorH3c      = "25506"
	VendorRadback  = "2352"
	VendorCisco    = "9"

	RadiusRejectDelayTimes = 7
	RadiusAuthRateInterval = 1
)
View Source 
const (
	EapMd5Method      = "eap-md5"
	EapMschapv2Method = "eap-mschapv2"
	EapTlsMethod      = "eap-tls"
	EapPeapMethod     = "eap-peap"
	EapTtlsMethod     = "eap-ttls"
	EapGtcMethod      = "eap-gtc"
	EapSimMethod      = "eap-sim"
	EapAkaMethod      = "eap-aka"
	EapFastMethod     = "eap-fast"
	EapPaxMethod      = "eap-pax"
	EapPskMethod      = "eap-psk"
	EapSakeMethod     = "eap-sake"
	EapIkev2Method    = "eap-ikev2"
	EapTncMethod      = "eap-tnc"
)
View Source 
const (
	EAPCodeRequest      = 1  // EAP Request message
	EAPCodeResponse     = 2  // EAP Response message
	EAPCodeSuccess      = 3  // Indicates successful authentication
	EAPCodeFailure      = 4  // Indicates failed authentication
	EAPCodeNakNak       = 5  // Used by the peer to negotiate the authentication method (Response only)
	EAPCodeMD5Challenge = 6  // MD5-Challenge EAP method
	EAPCodeOTP          = 7  // One-Time Password (OTP) EAP method
	EAPCodeGTC          = 8  // Generic Token Card (GTC) EAP method
	EAPCodeTLSv1        = 13 // EAP-TLS method, using TLSv1
	EAPCodeMSCHAPv2     = 26 // EAP method for Microsoft Challenge Handshake Authentication Protocol version 2
	EAPCodeSIM          = 18 // EAP-SIM method for GSM networks
	EAPCodeAKA          = 23 // EAP-AKA method for UMTS authentication and key agreement
	EAPCodePEAP         = 25 // Protected EAP (PEAP), a method that creates an encrypted channel to protect transmitted information
	EAPCodeTTLS         = 21 // Tunneled Transport Layer Security (TTLS) EAP method
	EAPCodeFAST         = 43 // Flexible Authentication via Secure Tunneling (EAP-FAST) method
	EAPCodePAX          = 46 // Password Authenticated Exchange (EAP-PAX) method
	EAPCodePSK          = 47 // Pre-Shared Key (EAP-PSK) method
	EAPCodeSAKE         = 48 // SIM Authentication Key Exchange (EAP-SAKE) method
	EAPCodeIKEv2        = 49 // EAP method based on Internet Key Exchange version 2 (EAP-IKEv2)
)
View Source 
const (
	EAPTypeIdentity     = 1
	EAPTypeNotification = 2
	EAPTypeNak          = 3 // Response only
	EAPTypeMD5Challenge = 4
	EAPTypeOTP          = 5 // One-Time Password
	EAPTypeGTC          = 6 // Generic Token Card
	// EAPTypeTLS 7-9 Reserved
	EAPTypeTLS      = 13
	EAPTypeMSCHAPv2 = 26
)
View Source 
const (
	MSCHAPv2Challenge   = 1
	MSCHAPv2Response    = 2
	MSCHAPChallengeSize = 16
	MSCHAPv2Success     = 3
	MSCHAPv2Failure     = 4
)

Variables

View Source 
var EapMessageFormat = func(attr []byte) string {

	eap := &EAPMessage{
		EAPHeader: EAPHeader{
			Code:       attr[0],
			Identifier: attr[1],
			Length:     binary.BigEndian.Uint16(attr[2:4]),
		},
	}
	if len(attr) >= 5 {
		eap.Type = attr[4]
		eap.Data = attr[5:]
	}

	return eap.String()
}
View Source 
var HexFormat = func(src []byte) string {
	return fmt.Sprintf("%x", src)
}
View Source 
var Ipv4Format = func(src []byte) string {
	return net.IPv4(src[0], src[1], src[2], src[3]).String()
}
View Source 
var RadiusTypeFmtMap = map[radius.Type]AttrFormatFunc{
	rfc2865.UserName_Type:               StringFormat,
	rfc2865.UserPassword_Type:           HexFormat,
	rfc2865.CHAPPassword_Type:           HexFormat,
	rfc2865.NASIPAddress_Type:           Ipv4Format,
	rfc2865.NASPort_Type:                UInt32Format,
	rfc2865.ServiceType_Type:            UInt32Format,
	rfc2865.FramedProtocol_Type:         UInt32Format,
	rfc2865.FramedIPAddress_Type:        Ipv4Format,
	rfc2865.FramedIPNetmask_Type:        Ipv4Format,
	rfc2865.FramedRouting_Type:          UInt32Format,
	rfc2865.FilterID_Type:               StringFormat,
	rfc2865.FramedMTU_Type:              UInt32Format,
	rfc2865.FramedCompression_Type:      UInt32Format,
	rfc2865.LoginIPHost_Type:            Ipv4Format,
	rfc2865.LoginService_Type:           UInt32Format,
	rfc2865.LoginTCPPort_Type:           UInt32Format,
	rfc2865.ReplyMessage_Type:           StringFormat,
	rfc2865.CallbackNumber_Type:         StringFormat,
	rfc2865.CallbackID_Type:             StringFormat,
	rfc2865.FramedRoute_Type:            StringFormat,
	rfc2865.FramedIPXNetwork_Type:       Ipv4Format,
	rfc2865.State_Type:                  StringFormat,
	rfc2865.Class_Type:                  StringFormat,
	rfc2865.VendorSpecific_Type:         HexFormat,
	rfc2865.SessionTimeout_Type:         UInt32Format,
	rfc2865.IdleTimeout_Type:            UInt32Format,
	rfc2865.TerminationAction_Type:      UInt32Format,
	rfc2865.CalledStationID_Type:        StringFormat,
	rfc2865.CallingStationID_Type:       StringFormat,
	rfc2865.NASIdentifier_Type:          StringFormat,
	rfc2865.ProxyState_Type:             StringFormat,
	rfc2865.LoginLATService_Type:        HexFormat,
	rfc2865.LoginLATNode_Type:           HexFormat,
	rfc2865.LoginLATGroup_Type:          HexFormat,
	rfc2865.FramedAppleTalkLink_Type:    HexFormat,
	rfc2865.FramedAppleTalkNetwork_Type: HexFormat,
	rfc2865.FramedAppleTalkZone_Type:    HexFormat,
	rfc2865.CHAPChallenge_Type:          HexFormat,
	rfc2865.NASPortType_Type:            UInt32Format,
	rfc2865.PortLimit_Type:              HexFormat,
	rfc2865.LoginLATPort_Type:           HexFormat,
	rfc2866.AcctStatusType_Type:         UInt32Format,
	rfc2866.AcctDelayTime_Type:          UInt32Format,
	rfc2866.AcctInputOctets_Type:        UInt32Format,
	rfc2866.AcctOutputOctets_Type:       UInt32Format,
	rfc2866.AcctSessionID_Type:          StringFormat,
	rfc2866.AcctAuthentic_Type:          UInt32Format,
	rfc2866.AcctSessionTime_Type:        UInt32Format,
	rfc2866.AcctInputPackets_Type:       UInt32Format,
	rfc2866.AcctOutputPackets_Type:      UInt32Format,
	rfc2866.AcctTerminateCause_Type:     UInt32Format,
	rfc2866.AcctMultiSessionID_Type:     StringFormat,
	rfc2866.AcctLinkCount_Type:          UInt32Format,
	rfc2869.AcctInputGigawords_Type:     UInt32Format,
	rfc2869.AcctOutputGigawords_Type:    UInt32Format,
	rfc2869.EventTimestamp_Type:         UInt32Format,
	rfc2869.ARAPPassword_Type:           HexFormat,
	rfc2869.ARAPFeatures_Type:           HexFormat,
	rfc2869.ARAPZoneAccess_Type:         HexFormat,
	rfc2869.ARAPSecurity_Type:           HexFormat,
	rfc2869.ARAPSecurityData_Type:       HexFormat,
	rfc2869.PasswordRetry_Type:          HexFormat,
	rfc2869.Prompt_Type:                 HexFormat,
	rfc2869.ConnectInfo_Type:            StringFormat,
	rfc2869.ConfigurationToken_Type:     StringFormat,
	rfc2869.EAPMessage_Type:             EapMessageFormat,
	rfc2869.MessageAuthenticator_Type:   HexFormat,
	rfc2869.ARAPChallengeResponse_Type:  HexFormat,
	rfc2869.AcctInterimInterval_Type:    UInt32Format,
	rfc2869.NASPortID_Type:              StringFormat,
	rfc2869.FramedPool_Type:             StringFormat,
	rfc3162.NASIPv6Address_Type:         HexFormat,
	rfc3162.FramedInterfaceID_Type:      HexFormat,
	rfc3162.FramedIPv6Prefix_Type:       HexFormat,
	rfc3162.LoginIPv6Host_Type:          HexFormat,
	rfc3162.FramedIPv6Route_Type:        HexFormat,
	rfc3162.FramedIPv6Pool_Type:         HexFormat,
	rfc3576.ErrorCause_Type:             UInt32Format,
	rfc4849.NASFilterRule_Type:          StringFormat,
	rfc2868.TunnelType_Type:             UInt32Format,
	rfc2868.TunnelMediumType_Type:       UInt32Format,
	rfc2868.TunnelClientEndpoint_Type:   StringFormat,
	rfc2868.TunnelServerEndpoint_Type:   StringFormat,
	rfc2868.TunnelPassword_Type:         StringFormat,
	rfc2868.TunnelPrivateGroupID_Type:   StringFormat,
	rfc2868.TunnelAssignmentID_Type:     HexFormat,
	rfc2868.TunnelPreference_Type:       HexFormat,
	rfc2868.TunnelClientAuthID_Type:     HexFormat,
	rfc2868.TunnelServerAuthID_Type:     HexFormat,
}
View Source 
var RadiusTypeMap = map[radius.Type]string{
	rfc2865.UserName_Type:               "UserName",
	rfc2865.UserPassword_Type:           "UserPassword",
	rfc2865.CHAPPassword_Type:           "CHAPPassword",
	rfc2865.NASIPAddress_Type:           "NASIPAddress",
	rfc2865.NASPort_Type:                "NASPort",
	rfc2865.ServiceType_Type:            "ServiceType",
	rfc2865.FramedProtocol_Type:         "FramedProtocol",
	rfc2865.FramedIPAddress_Type:        "FramedIPAddress",
	rfc2865.FramedIPNetmask_Type:        "FramedIPNetmask",
	rfc2865.FramedRouting_Type:          "FramedRouting",
	rfc2865.FilterID_Type:               "FilterID",
	rfc2865.FramedMTU_Type:              "FramedMTU",
	rfc2865.FramedCompression_Type:      "FramedCompression",
	rfc2865.LoginIPHost_Type:            "LoginIPHost",
	rfc2865.LoginService_Type:           "LoginService",
	rfc2865.LoginTCPPort_Type:           "LoginTCPPort",
	rfc2865.ReplyMessage_Type:           "ReplyMessage",
	rfc2865.CallbackNumber_Type:         "CallbackNumber",
	rfc2865.CallbackID_Type:             "CallbackID",
	rfc2865.FramedRoute_Type:            "FramedRoute",
	rfc2865.FramedIPXNetwork_Type:       "FramedIPXNetwork",
	rfc2865.State_Type:                  "State",
	rfc2865.Class_Type:                  "Class",
	rfc2865.VendorSpecific_Type:         "VendorSpecific",
	rfc2865.SessionTimeout_Type:         "SessionTimeout",
	rfc2865.IdleTimeout_Type:            "IdleTimeout",
	rfc2865.TerminationAction_Type:      "TerminationAction",
	rfc2865.CalledStationID_Type:        "CalledStationID",
	rfc2865.CallingStationID_Type:       "CallingStationID",
	rfc2865.NASIdentifier_Type:          "NASIdentifier",
	rfc2865.ProxyState_Type:             "ProxyState",
	rfc2865.LoginLATService_Type:        "LoginLATService",
	rfc2865.LoginLATNode_Type:           "LoginLATNode",
	rfc2865.LoginLATGroup_Type:          "LoginLATGroup",
	rfc2865.FramedAppleTalkLink_Type:    "FramedAppleTalkLink",
	rfc2865.FramedAppleTalkNetwork_Type: "FramedAppleTalkNetwork",
	rfc2865.FramedAppleTalkZone_Type:    "FramedAppleTalkZone",
	rfc2865.CHAPChallenge_Type:          "CHAPChallenge",
	rfc2865.NASPortType_Type:            "NASPortType",
	rfc2865.PortLimit_Type:              "PortLimit",
	rfc2865.LoginLATPort_Type:           "LoginLATPort",
	rfc2866.AcctStatusType_Type:         "AcctStatusType",
	rfc2866.AcctDelayTime_Type:          "AcctDelayTime",
	rfc2866.AcctInputOctets_Type:        "AcctInputOctets",
	rfc2866.AcctOutputOctets_Type:       "AcctOutputOctets",
	rfc2866.AcctSessionID_Type:          "AcctSessionID",
	rfc2866.AcctAuthentic_Type:          "AcctAuthentic",
	rfc2866.AcctSessionTime_Type:        "AcctSessionTime",
	rfc2866.AcctInputPackets_Type:       "AcctInputPackets",
	rfc2866.AcctOutputPackets_Type:      "AcctOutputPackets",
	rfc2866.AcctTerminateCause_Type:     "AcctTerminateCause",
	rfc2866.AcctMultiSessionID_Type:     "AcctMultiSessionID",
	rfc2866.AcctLinkCount_Type:          "AcctLinkCount",
	rfc2869.AcctInputGigawords_Type:     "AcctInputGigawords",
	rfc2869.AcctOutputGigawords_Type:    "AcctOutputGigawords",
	rfc2869.EventTimestamp_Type:         "EventTimestamp",
	rfc2869.ARAPPassword_Type:           "ARAPPassword",
	rfc2869.ARAPFeatures_Type:           "ARAPFeatures",
	rfc2869.ARAPZoneAccess_Type:         "ARAPZoneAccess",
	rfc2869.ARAPSecurity_Type:           "ARAPSecurity",
	rfc2869.ARAPSecurityData_Type:       "ARAPSecurityData",
	rfc2869.PasswordRetry_Type:          "PasswordRetry",
	rfc2869.Prompt_Type:                 "Prompt",
	rfc2869.ConnectInfo_Type:            "ConnectInfo",
	rfc2869.ConfigurationToken_Type:     "ConfigurationToken",
	rfc2869.EAPMessage_Type:             "EAPMessage",
	rfc2869.MessageAuthenticator_Type:   "MessageAuthenticator",
	rfc2869.ARAPChallengeResponse_Type:  "ARAPChallengeResponse",
	rfc2869.AcctInterimInterval_Type:    "AcctInterimInterval",
	rfc2869.NASPortID_Type:              "NASPortID",
	rfc2869.FramedPool_Type:             "FramedPool",
	rfc3162.NASIPv6Address_Type:         "NASIPv6Address",
	rfc3162.FramedInterfaceID_Type:      "FramedInterfaceID",
	rfc3162.FramedIPv6Prefix_Type:       "FramedIPv6Prefix",
	rfc3162.LoginIPv6Host_Type:          "LoginIPv6Host",
	rfc3162.FramedIPv6Route_Type:        "FramedIPv6Route",
	rfc3162.FramedIPv6Pool_Type:         "FramedIPv6Pool",
	rfc3576.ErrorCause_Type:             "ErrorCause",
	rfc4849.NASFilterRule_Type:          "NASFilterRule",
	rfc2868.TunnelType_Type:             "TunnelType",
	rfc2868.TunnelMediumType_Type:       "TunnelMediumType",
	rfc2868.TunnelClientEndpoint_Type:   "TunnelClientEndpoint",
	rfc2868.TunnelServerEndpoint_Type:   "TunnelServerEndpoint",
	rfc2868.TunnelPassword_Type:         "TunnelPassword",
	rfc2868.TunnelPrivateGroupID_Type:   "TunnelPrivateGroupID",
	rfc2868.TunnelAssignmentID_Type:     "TunnelAssignmentID",
	rfc2868.TunnelPreference_Type:       "TunnelPreference",
	rfc2868.TunnelClientAuthID_Type:     "TunnelClientAuthID",
	rfc2868.TunnelServerAuthID_Type:     "TunnelServerAuthID",
}
View Source 
var StringFormat = func(src []byte) string {
	return string(src)
}
View Source 
var UInt32Format = func(src []byte) string {
	return strconv.Itoa(int(binary.BigEndian.Uint32(src)))
}

Functions

func FmtPacket 

func FmtPacket(p *radius.Packet) string

func FmtRequest 

func FmtRequest(p *radius.Request) string

func FmtResponse 

func FmtResponse(p *radius.Packet, RemoteAddr net.Addr) string

func FormatType 

func FormatType(t radius.Type, src radius.Attribute) string

func GetNetRadiusOnlineFromRequest 

func GetNetRadiusOnlineFromRequest(r *radius.Request, vr *VendorRequest, vpe *models.NetVpe, nasrip string) models.RadiusOnline

func Length 

func Length(p *radius.Packet) int

func ListenRadiusAcctServer 

func ListenRadiusAcctServer(service *AcctService) error

func ListenRadiusAuthServer 

func ListenRadiusAuthServer(service *AuthService) error

func ListenRadsecServer 

func ListenRadsecServer(service *RadsecService) error

func ParseVlanIds 

func ParseVlanIds(nasportid string) (int64, int64)

ParseVlanIds 解析标准 VLANID 值

func StringType 

func StringType(t radius.Type) string

Types

type AcctService 

type AcctService struct {
	*RadiusService
}

记账服务

func NewAcctService 

func NewAcctService(radiusService *RadiusService) *AcctService

func (*AcctService) DoAcctDisconnect 

func (s *AcctService) DoAcctDisconnect(r *radius.Request, vpe *models.NetVpe, username, nasrip string)

func (*AcctService) DoAcctNasOff 

func (s *AcctService) DoAcctNasOff(r *radius.Request)

func (*AcctService) DoAcctNasOn 

func (s *AcctService) DoAcctNasOn(r *radius.Request)

func (*AcctService) DoAcctStart 

func (s *AcctService) DoAcctStart(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)

func (*AcctService) DoAcctStop 

func (s *AcctService) DoAcctStop(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)

func (*AcctService) DoAcctUpdate 

func (s *AcctService) DoAcctUpdate(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)

func (*AcctService) DoAcctUpdateBefore 

func (s *AcctService) DoAcctUpdateBefore(r *radius.Request, vr *VendorRequest, user *models.RadiusUser, vpe *models.NetVpe, nasrip string)

func (*AcctService) LdapUserAcct 

func (s *AcctService) LdapUserAcct(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)

func (*AcctService) SendResponse 

func (s *AcctService) SendResponse(w radius.ResponseWriter, r *radius.Request)

func (*AcctService) ServeRADIUS 

func (s *AcctService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)

type AttrFormatFunc 

type AttrFormatFunc = func(s []byte) string

type AuthError 

type AuthError struct {
	Type string
	Err  error
}

func NewAuthError 

func NewAuthError(errType string, err string) *AuthError

func (*AuthError) Error 

func (e *AuthError) Error() string

type AuthRateUser 

type AuthRateUser struct {
	Username  string
	Starttime time.Time
}

type AuthService 

type AuthService struct {
	*RadiusService
}

func NewAuthService 

func NewAuthService(radiusService *RadiusService) *AuthService

func (*AuthService) AcceptAcceptConfig 

func (s *AuthService) AcceptAcceptConfig(user *models.RadiusUser, vendorCode string, radAccept *radius.Packet)

AcceptAcceptConfig 用户属性策略下发配置

func (*AuthService) CheckMacBind 

func (s *AuthService) CheckMacBind(user *models.RadiusUser, vendorReq *VendorRequest) error

CheckMacBind mac binding detection Detected only if both user mac and request mac are valid. If user mac is empty, update user mac directly.

func (*AuthService) CheckMsChapPassword 

func (s *AuthService) CheckMsChapPassword(
	username, password string,
	challenge, response []byte,
	radAccept *radius.Packet,
) error

CheckMsChapPassword 非 EAP 模式的验证

func (*AuthService) CheckMsChapV2Password added in v8.0.5 

func (s *AuthService) CheckMsChapV2Password(
	username,
	password string,
	challenge []byte,
	ident byte,
	peerChallenge,
	peerResponse []byte,
	radAccept *radius.Packet,
) error

CheckMsChapV2Password EAP 模式的验证

func (*AuthService) CheckOnlineCount 

func (s *AuthService) CheckOnlineCount(username string, activeNUm int) error

func (*AuthService) CheckPassword 

func (s *AuthService) CheckPassword(r *radius.Request, username, localpassword string, radAccept *radius.Packet, isMacAuth bool) error

CheckPassword passward 不为空为 PAP 认证 chapPassword 不为空为 Chap 认证

func (*AuthService) CheckVlanBind 

func (s *AuthService) CheckVlanBind(user *models.RadiusUser, vendorReq *VendorRequest) error

CheckVlanBind vlanid binding detection Only if both user vlanid and request vlanid are valid. If user vlanid is empty, update user vlanid directly.

func (*AuthService) GetLocalPassword 

func (s *AuthService) GetLocalPassword(user *models.RadiusUser, isMacAuth bool) (string, error)

func (*AuthService) SendAccept 

func (s *AuthService) SendAccept(w radius.ResponseWriter, r *radius.Request, resp *radius.Packet)

func (*AuthService) SendEapFailureReject added in v8.0.5 

func (s *AuthService) SendEapFailureReject(w radius.ResponseWriter, r *radius.Request, secret string, err error)

func (*AuthService) SendReject 

func (s *AuthService) SendReject(w radius.ResponseWriter, r *radius.Request, err error)

func (*AuthService) ServeRADIUS 

func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)

func (*AuthService) UpdateBind 

func (s *AuthService) UpdateBind(user *models.RadiusUser, vendorReq *VendorRequest)

UpdateBind update mac or vlan

type EAPHeader added in v8.0.5 

type EAPHeader struct {
	Code       uint8
	Identifier uint8
	Length     uint16
}

func NewEAPFailure added in v8.0.5 

func NewEAPFailure(identifier uint8) *EAPHeader

NewEAPFailure creates a new EAP-Failure packet.

func NewEAPSuccess added in v8.0.5 

func NewEAPSuccess(identifier uint8) *EAPHeader

NewEAPSuccess creates a new EAP-Success packet.

func (*EAPHeader) Serialize added in v8.0.5 

func (eap *EAPHeader) Serialize() []byte

Serialize serializes the EAP-Success or EAP-Failure packet to bytes.

type EAPMSCHAPv2Challenge added in v8.0.5 

type EAPMSCHAPv2Challenge struct {
	EAPHeader
	Type           uint8
	OpCode         uint8
	MsIdentifier   uint8
	MsChapV2Length uint16
	ValueSize      uint8
	Challenge      [MSCHAPChallengeSize]byte
	Name           []byte
}

EAPMSCHAPv2Challenge represents an EAP-MSCHAPv2 Challenge message.

func NewEAPMSCHAPv2Challenge added in v8.0.5 

func NewEAPMSCHAPv2Challenge(identifier uint8, name string) *EAPMSCHAPv2Challenge

NewEAPMSCHAPv2Challenge creates a new EAP-MSCHAPv2 Challenge packet with a random challenge.

func (*EAPMSCHAPv2Challenge) Serialize added in v8.0.5 

func (eap *EAPMSCHAPv2Challenge) Serialize() []byte

Serialize serializes the EAP-MSCHAPv2 Challenge packet to bytes.

type EAPMSCHAPv2Response added in v8.0.5 

type EAPMSCHAPv2Response struct {
	EAPHeader
	Type           uint8
	OpCode         uint8
	MsIdentifier   uint8
	MsChapV2Length uint16
	ValueSize      uint8
	PeerChallenge  [16]byte
	Reserved       [8]byte
	Response       [24]byte
	Flags          uint8
	Name           []byte
}

EAPMSCHAPv2Response represents an EAP-MSCHAPv2 Response message.

func NewEAPMSCHAPv2Response added in v8.0.5 

func NewEAPMSCHAPv2Response(identifier uint8, peerChallenge, response []byte, name string) *EAPMSCHAPv2Response

NewEAPMSCHAPv2Response creates a new EAP-MSCHAPv2 Response packet.

func ParseEAPMSCHAPv2Response added in v8.0.5 

func ParseEAPMSCHAPv2Response(packet *radius.Packet) (*EAPMSCHAPv2Response, error)

func (*EAPMSCHAPv2Response) Serialize added in v8.0.5 

func (eap *EAPMSCHAPv2Response) Serialize() []byte

Serialize serializes the EAP-MSCHAPv2 Response packet to bytes.

type EAPMSCHAPv2SuccessFailure added in v8.0.5 

type EAPMSCHAPv2SuccessFailure struct {
	EAPHeader
	Type    uint8
	OpCode  uint8
	Message string
}

EAPMSCHAPv2SuccessFailure represents an EAP-MSCHAPv2 Success or Failure message.

func NewEAPMSCHAPv2SuccessFailure added in v8.0.5 

func NewEAPMSCHAPv2SuccessFailure(code uint8, identifier uint8, opCode uint8, message string) *EAPMSCHAPv2SuccessFailure

NewEAPMSCHAPv2SuccessFailure creates a new EAP-MSCHAPv2 Success or Failure packet.

func (*EAPMSCHAPv2SuccessFailure) Serialize added in v8.0.5 

func (eap *EAPMSCHAPv2SuccessFailure) Serialize() []byte

Serialize serializes the EAP-MSCHAPv2 Success or Failure packet to bytes.

type EAPMessage added in v8.0.4 

type EAPMessage struct {
	EAPHeader
	Type uint8
	Data []byte
}

func (*EAPMessage) Encode added in v8.0.4 

func (msg *EAPMessage) Encode() []byte

Encode 编码 EAP 消息为字节切片

func (*EAPMessage) String added in v8.0.4 

func (msg *EAPMessage) String() string

String() Returns a string representation of the EAP message.

type EapState added in v8.0.4 

type EapState struct {
	Username  string
	Challenge []byte
	StateID   string
	EapMethad string
	Success   bool
}

type RadiusService 

type RadiusService struct {
	App           *app.Application
	RejectCache   *RejectCache
	AuthRateCache map[string]AuthRateUser
	EapStateCache map[string]EapState
	TaskPool      *ants.Pool
	// contains filtered or unexported fields
}

func NewRadiusService 

func NewRadiusService() *RadiusService

func (*RadiusService) AddEapState added in v8.0.4 

func (s *RadiusService) AddEapState(stateid, username string, challenge []byte, eapMethad string)

State add

func (*RadiusService) AddRadiusAccounting 

func (s *RadiusService) AddRadiusAccounting(ol models.RadiusOnline, start bool) error

func (*RadiusService) AddRadiusOnline 

func (s *RadiusService) AddRadiusOnline(ol models.RadiusOnline) error

func (*RadiusService) BatchClearRadiusOnline 

func (s *RadiusService) BatchClearRadiusOnline(ids string) error

func (*RadiusService) BatchClearRadiusOnlineByNas 

func (s *RadiusService) BatchClearRadiusOnlineByNas(nasip, nasid string)

func (*RadiusService) CheckAuthRateLimit 

func (s *RadiusService) CheckAuthRateLimit(username string) error

CheckAuthRateLimit Authentication frequency detection, each user can only authenticate once every few seconds

func (*RadiusService) CheckRadAuthError 

func (s *RadiusService) CheckRadAuthError(username, nasip string, err error)

func (*RadiusService) CheckRequestSecret 

func (s *RadiusService) CheckRequestSecret(r *radius.Packet, secret []byte)

func (*RadiusService) DeleteEapState added in v8.0.4 

func (s *RadiusService) DeleteEapState(stateid string)

State delete

func (*RadiusService) EndRadiusAccounting 

func (s *RadiusService) EndRadiusAccounting(online models.RadiusOnline) error

func (*RadiusService) ExistRadiusOnline 

func (s *RadiusService) ExistRadiusOnline(sessionId string) bool

func (*RadiusService) GetEapMethod added in v8.0.5 

func (s *RadiusService) GetEapMethod() string

func (*RadiusService) GetEapState added in v8.0.4 

func (s *RadiusService) GetEapState(stateid string) (state *EapState, err error)

State get

func (*RadiusService) GetIntConfig 

func (s *RadiusService) GetIntConfig(name string, defval int64) int64

func (*RadiusService) GetNas 

func (s *RadiusService) GetNas(ip, identifier string) (vpe *models.NetVpe, err error)

GetNas 查询 NAS 设备, 优先查询IP, 然后ID

func (*RadiusService) GetRadiusOnlineCount 

func (s *RadiusService) GetRadiusOnlineCount(username string) int

func (*RadiusService) GetStringConfig 

func (s *RadiusService) GetStringConfig(name string, defval string) string

func (*RadiusService) GetUserForAcct 

func (s *RadiusService) GetUserForAcct(username string) (user *models.RadiusUser, err error)

GetUserForAcct 获取用户, 不判断用户过期等状态

func (*RadiusService) GetValidUser 

func (s *RadiusService) GetValidUser(usernameOrMac string, macauth bool) (user *models.RadiusUser, err error)

GetValidUser 获取有效用户, 初步判断用户有效性

func (*RadiusService) ParseVendor 

func (s *RadiusService) ParseVendor(r *radius.Request, vendorCode string) *VendorRequest

ParseVendor 解析厂商私有属性

func (*RadiusService) RADIUSSecret 

func (s *RadiusService) RADIUSSecret(ctx context.Context, remoteAddr net.Addr) ([]byte, error)

func (*RadiusService) Release 

func (s *RadiusService) Release()

func (*RadiusService) ReleaseAuthRateLimit 

func (s *RadiusService) ReleaseAuthRateLimit(username string)

func (*RadiusService) RemoveRadiusOnline 

func (s *RadiusService) RemoveRadiusOnline(sessionId string) error

func (*RadiusService) UpdateRadiusOnlineData 

func (s *RadiusService) UpdateRadiusOnlineData(data models.RadiusOnline) error

func (*RadiusService) UpdateUserLastOnline added in v8.0.7 

func (s *RadiusService) UpdateUserLastOnline(username string)

func (*RadiusService) UpdateUserMac 

func (s *RadiusService) UpdateUserMac(username string, macaddr string)

func (*RadiusService) UpdateUserVlanid1 

func (s *RadiusService) UpdateUserVlanid1(username string, vlanid1 int)

func (*RadiusService) UpdateUserVlanid2 

func (s *RadiusService) UpdateUserVlanid2(username string, vlanid2 int)

type RadsecHandler 

type RadsecHandler interface {
	ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
}

type RadsecPacketServer 

type RadsecPacketServer struct {
	// The address on which the server listens. Defaults to :1812.
	Addr string

	// The network on which the server listens. Defaults to udp.
	Network string

	// The source from which the secret is obtained for parsing and validating
	// the request.
	SecretSource radius.SecretSource

	// Handler which is called to process the request.
	Handler RadsecHandler

	// Skip incoming packet authenticity validation.
	// This should only be set to true for debugging purposes.
	InsecureSkipVerify bool
	// contains filtered or unexported fields
}

RadsecPacketServer listens for RADIUS requests on a packet-based protocols (e.g. UDP).

func (*RadsecPacketServer) ListenAndServe 

func (s *RadsecPacketServer) ListenAndServe(capath, crtfile, keyfile string) error

ListenAndServe starts a RADIUS server on the address given in s.

func (*RadsecPacketServer) Serve 

func (s *RadsecPacketServer) Serve(conn net.Conn) error

Serve accepts incoming connections on conn.

func (*RadsecPacketServer) Shutdown 

func (s *RadsecPacketServer) Shutdown(ctx context.Context) error

Shutdown gracefully stops the server. It first closes all listeners and then waits for any running handlers to complete.

Shutdown returns after nil all handlers have completed. ctx.Err() is returned if ctx is canceled.

Any Serve methods return ErrShutdown after Shutdown is called.

type RadsecService 

type RadsecService struct {
	AuthService *AuthService
	AcctService *AcctService
}

func NewRadsecService 

func NewRadsecService(authService *AuthService, acctService *AcctService) *RadsecService

func (*RadsecService) RADIUSSecret 

func (s *RadsecService) RADIUSSecret(ctx context.Context, remoteAddr net.Addr) ([]byte, error)

func (*RadsecService) ServeRADIUS 

func (s *RadsecService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)

type RejectCache 

type RejectCache struct {
	Items map[string]*RejectItem
	Lock  sync.Mutex
}

func (*RejectCache) GetItem 

func (rc *RejectCache) GetItem(username string) *RejectItem

func (*RejectCache) SetItem 

func (rc *RejectCache) SetItem(username string)

type RejectItem 

type RejectItem struct {
	Rejects    int64
	LastReject time.Time
	Lock       sync.RWMutex
}

func (*RejectItem) Incr 

func (ri *RejectItem) Incr()

func (*RejectItem) IsOver 

func (ri *RejectItem) IsOver(max int64) bool

type VendorRequest 

type VendorRequest struct {
	MacAddr string
	Vlanid1 int64
	Vlanid2 int64
}

Source Files

View all Source files

Directories

Path Synopsis
vendors
alcatel
aruba
cisco
f5
h3c
hillstone
huawei
ikuai
juniper
microsoft
mikrotik
pfSense
radback
unix
zte

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.