Documentation ¶
Index ¶
- Constants
- Variables
- func FmtPacket(p *radius.Packet) string
- func FmtRequest(p *radius.Request) string
- func FmtResponse(p *radius.Packet, RemoteAddr net.Addr) string
- func FormatType(t radius.Type, src radius.Attribute) string
- func GetNetRadiusOnlineFromRequest(r *radius.Request, vr *VendorRequest, vpe *models.NetVpe, nasrip string) models.RadiusOnline
- func Length(p *radius.Packet) int
- func ListenRadiusAcctServer(service *AcctService) error
- func ListenRadiusAuthServer(service *AuthService) error
- func ListenRadsecServer(service *RadsecService) error
- func ParseVlanIds(nasportid string) (int64, int64)
- func StringType(t radius.Type) string
- type AcctService
- func (s *AcctService) DoAcctDisconnect(r *radius.Request, vpe *models.NetVpe, username, nasrip string)
- func (s *AcctService) DoAcctNasOff(r *radius.Request)
- func (s *AcctService) DoAcctNasOn(r *radius.Request)
- func (s *AcctService) DoAcctStart(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, ...)
- func (s *AcctService) DoAcctStop(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, ...)
- func (s *AcctService) DoAcctUpdate(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, ...)
- func (s *AcctService) DoAcctUpdateBefore(r *radius.Request, vr *VendorRequest, user *models.RadiusUser, ...)
- func (s *AcctService) LdapUserAcct(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, ...)
- func (s *AcctService) SendResponse(w radius.ResponseWriter, r *radius.Request)
- func (s *AcctService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
- type AttrFormatFunc
- type AuthError
- type AuthRateUser
- type AuthService
- func (s *AuthService) AcceptAcceptConfig(user *models.RadiusUser, vendorCode string, radAccept *radius.Packet)
- func (s *AuthService) CheckMacBind(user *models.RadiusUser, vendorReq *VendorRequest) error
- func (s *AuthService) CheckMsChapPassword(username, password string, challenge, response []byte, ...) error
- func (s *AuthService) CheckMsChapV2Password(username, password string, challenge []byte, ident byte, ...) error
- func (s *AuthService) CheckOnlineCount(username string, activeNUm int) error
- func (s *AuthService) CheckPassword(r *radius.Request, username, localpassword string, radAccept *radius.Packet, ...) error
- func (s *AuthService) CheckVlanBind(user *models.RadiusUser, vendorReq *VendorRequest) error
- func (s *AuthService) GetLocalPassword(user *models.RadiusUser, isMacAuth bool) (string, error)
- func (s *AuthService) SendAccept(w radius.ResponseWriter, r *radius.Request, resp *radius.Packet)
- func (s *AuthService) SendEapFailureReject(w radius.ResponseWriter, r *radius.Request, secret string, err error)
- func (s *AuthService) SendReject(w radius.ResponseWriter, r *radius.Request, err error)
- func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
- func (s *AuthService) UpdateBind(user *models.RadiusUser, vendorReq *VendorRequest)
- type EAPHeader
- type EAPMSCHAPv2Challenge
- type EAPMSCHAPv2Response
- type EAPMSCHAPv2SuccessFailure
- type EAPMessage
- type EapState
- type RadiusService
- func (s *RadiusService) AddEapState(stateid, username string, challenge []byte, eapMethad string)
- func (s *RadiusService) AddRadiusAccounting(ol models.RadiusOnline, start bool) error
- func (s *RadiusService) AddRadiusOnline(ol models.RadiusOnline) error
- func (s *RadiusService) BatchClearRadiusOnline(ids string) error
- func (s *RadiusService) BatchClearRadiusOnlineByNas(nasip, nasid string)
- func (s *RadiusService) CheckAuthRateLimit(username string) error
- func (s *RadiusService) CheckRadAuthError(username, nasip string, err error)
- func (s *RadiusService) CheckRequestSecret(r *radius.Packet, secret []byte)
- func (s *RadiusService) DeleteEapState(stateid string)
- func (s *RadiusService) EndRadiusAccounting(online models.RadiusOnline) error
- func (s *RadiusService) ExistRadiusOnline(sessionId string) bool
- func (s *RadiusService) GetEapMethod() string
- func (s *RadiusService) GetEapState(stateid string) (state *EapState, err error)
- func (s *RadiusService) GetIntConfig(name string, defval int64) int64
- func (s *RadiusService) GetNas(ip, identifier string) (vpe *models.NetVpe, err error)
- func (s *RadiusService) GetRadiusOnlineCount(username string) int
- func (s *RadiusService) GetStringConfig(name string, defval string) string
- func (s *RadiusService) GetUserForAcct(username string) (user *models.RadiusUser, err error)
- func (s *RadiusService) GetValidUser(usernameOrMac string, macauth bool) (user *models.RadiusUser, err error)
- func (s *RadiusService) ParseVendor(r *radius.Request, vendorCode string) *VendorRequest
- func (s *RadiusService) RADIUSSecret(ctx context.Context, remoteAddr net.Addr) ([]byte, error)
- func (s *RadiusService) Release()
- func (s *RadiusService) ReleaseAuthRateLimit(username string)
- func (s *RadiusService) RemoveRadiusOnline(sessionId string) error
- func (s *RadiusService) UpdateRadiusOnlineData(data models.RadiusOnline) error
- func (s *RadiusService) UpdateUserLastOnline(username string)
- func (s *RadiusService) UpdateUserMac(username string, macaddr string)
- func (s *RadiusService) UpdateUserVlanid1(username string, vlanid1 int)
- func (s *RadiusService) UpdateUserVlanid2(username string, vlanid2 int)
- type RadsecHandler
- type RadsecPacketServer
- type RadsecService
- type RejectCache
- type RejectItem
- type VendorRequest
Constants ¶
const ( VendorMikrotik = "14988" VendorIkuai = "10055" VendorHuawei = "2011" VendorZte = "3902" VendorH3c = "25506" VendorRadback = "2352" VendorCisco = "9" RadiusRejectDelayTimes = 7 RadiusAuthRateInterval = 1 )
const ( EapMd5Method = "eap-md5" EapMschapv2Method = "eap-mschapv2" EapTlsMethod = "eap-tls" EapPeapMethod = "eap-peap" EapTtlsMethod = "eap-ttls" EapGtcMethod = "eap-gtc" EapSimMethod = "eap-sim" EapAkaMethod = "eap-aka" EapFastMethod = "eap-fast" EapPaxMethod = "eap-pax" EapPskMethod = "eap-psk" EapSakeMethod = "eap-sake" EapIkev2Method = "eap-ikev2" EapTncMethod = "eap-tnc" )
const ( EAPCodeRequest = 1 // EAP Request message EAPCodeResponse = 2 // EAP Response message EAPCodeSuccess = 3 // Indicates successful authentication EAPCodeFailure = 4 // Indicates failed authentication EAPCodeNakNak = 5 // Used by the peer to negotiate the authentication method (Response only) EAPCodeMD5Challenge = 6 // MD5-Challenge EAP method EAPCodeOTP = 7 // One-Time Password (OTP) EAP method EAPCodeGTC = 8 // Generic Token Card (GTC) EAP method EAPCodeTLSv1 = 13 // EAP-TLS method, using TLSv1 EAPCodeMSCHAPv2 = 26 // EAP method for Microsoft Challenge Handshake Authentication Protocol version 2 EAPCodeSIM = 18 // EAP-SIM method for GSM networks EAPCodeAKA = 23 // EAP-AKA method for UMTS authentication and key agreement EAPCodePEAP = 25 // Protected EAP (PEAP), a method that creates an encrypted channel to protect transmitted information EAPCodeTTLS = 21 // Tunneled Transport Layer Security (TTLS) EAP method EAPCodeFAST = 43 // Flexible Authentication via Secure Tunneling (EAP-FAST) method EAPCodePAX = 46 // Password Authenticated Exchange (EAP-PAX) method EAPCodePSK = 47 // Pre-Shared Key (EAP-PSK) method EAPCodeSAKE = 48 // SIM Authentication Key Exchange (EAP-SAKE) method EAPCodeIKEv2 = 49 // EAP method based on Internet Key Exchange version 2 (EAP-IKEv2) )
const ( EAPTypeIdentity = 1 EAPTypeNotification = 2 EAPTypeNak = 3 // Response only EAPTypeMD5Challenge = 4 EAPTypeOTP = 5 // One-Time Password EAPTypeGTC = 6 // Generic Token Card // EAPTypeTLS 7-9 Reserved EAPTypeTLS = 13 EAPTypeMSCHAPv2 = 26 )
const ( MSCHAPv2Challenge = 1 MSCHAPv2Response = 2 MSCHAPChallengeSize = 16 MSCHAPv2Success = 3 MSCHAPv2Failure = 4 )
Variables ¶
var EapMessageFormat = func(attr []byte) string { eap := &EAPMessage{ EAPHeader: EAPHeader{ Code: attr[0], Identifier: attr[1], Length: binary.BigEndian.Uint16(attr[2:4]), }, } if len(attr) >= 5 { eap.Type = attr[4] eap.Data = attr[5:] } return eap.String() }
var HexFormat = func(src []byte) string { return fmt.Sprintf("%x", src) }
var Ipv4Format = func(src []byte) string { return net.IPv4(src[0], src[1], src[2], src[3]).String() }
var RadiusTypeFmtMap = map[radius.Type]AttrFormatFunc{ rfc2865.UserName_Type: StringFormat, rfc2865.UserPassword_Type: HexFormat, rfc2865.CHAPPassword_Type: HexFormat, rfc2865.NASIPAddress_Type: Ipv4Format, rfc2865.NASPort_Type: UInt32Format, rfc2865.ServiceType_Type: UInt32Format, rfc2865.FramedProtocol_Type: UInt32Format, rfc2865.FramedIPAddress_Type: Ipv4Format, rfc2865.FramedIPNetmask_Type: Ipv4Format, rfc2865.FramedRouting_Type: UInt32Format, rfc2865.FilterID_Type: StringFormat, rfc2865.FramedMTU_Type: UInt32Format, rfc2865.FramedCompression_Type: UInt32Format, rfc2865.LoginIPHost_Type: Ipv4Format, rfc2865.LoginService_Type: UInt32Format, rfc2865.LoginTCPPort_Type: UInt32Format, rfc2865.ReplyMessage_Type: StringFormat, rfc2865.CallbackNumber_Type: StringFormat, rfc2865.CallbackID_Type: StringFormat, rfc2865.FramedRoute_Type: StringFormat, rfc2865.FramedIPXNetwork_Type: Ipv4Format, rfc2865.State_Type: StringFormat, rfc2865.Class_Type: StringFormat, rfc2865.VendorSpecific_Type: HexFormat, rfc2865.SessionTimeout_Type: UInt32Format, rfc2865.IdleTimeout_Type: UInt32Format, rfc2865.TerminationAction_Type: UInt32Format, rfc2865.CalledStationID_Type: StringFormat, rfc2865.CallingStationID_Type: StringFormat, rfc2865.NASIdentifier_Type: StringFormat, rfc2865.ProxyState_Type: StringFormat, rfc2865.LoginLATService_Type: HexFormat, rfc2865.LoginLATNode_Type: HexFormat, rfc2865.LoginLATGroup_Type: HexFormat, rfc2865.FramedAppleTalkLink_Type: HexFormat, rfc2865.FramedAppleTalkNetwork_Type: HexFormat, rfc2865.FramedAppleTalkZone_Type: HexFormat, rfc2865.CHAPChallenge_Type: HexFormat, rfc2865.NASPortType_Type: UInt32Format, rfc2865.PortLimit_Type: HexFormat, rfc2865.LoginLATPort_Type: HexFormat, rfc2866.AcctStatusType_Type: UInt32Format, rfc2866.AcctDelayTime_Type: UInt32Format, rfc2866.AcctInputOctets_Type: UInt32Format, rfc2866.AcctOutputOctets_Type: UInt32Format, rfc2866.AcctSessionID_Type: StringFormat, rfc2866.AcctAuthentic_Type: UInt32Format, rfc2866.AcctSessionTime_Type: UInt32Format, rfc2866.AcctInputPackets_Type: UInt32Format, rfc2866.AcctOutputPackets_Type: UInt32Format, rfc2866.AcctTerminateCause_Type: UInt32Format, rfc2866.AcctMultiSessionID_Type: StringFormat, rfc2866.AcctLinkCount_Type: UInt32Format, rfc2869.AcctInputGigawords_Type: UInt32Format, rfc2869.AcctOutputGigawords_Type: UInt32Format, rfc2869.EventTimestamp_Type: UInt32Format, rfc2869.ARAPPassword_Type: HexFormat, rfc2869.ARAPFeatures_Type: HexFormat, rfc2869.ARAPZoneAccess_Type: HexFormat, rfc2869.ARAPSecurity_Type: HexFormat, rfc2869.ARAPSecurityData_Type: HexFormat, rfc2869.PasswordRetry_Type: HexFormat, rfc2869.Prompt_Type: HexFormat, rfc2869.ConnectInfo_Type: StringFormat, rfc2869.ConfigurationToken_Type: StringFormat, rfc2869.EAPMessage_Type: EapMessageFormat, rfc2869.MessageAuthenticator_Type: HexFormat, rfc2869.ARAPChallengeResponse_Type: HexFormat, rfc2869.AcctInterimInterval_Type: UInt32Format, rfc2869.NASPortID_Type: StringFormat, rfc2869.FramedPool_Type: StringFormat, rfc3162.NASIPv6Address_Type: HexFormat, rfc3162.FramedInterfaceID_Type: HexFormat, rfc3162.FramedIPv6Prefix_Type: HexFormat, rfc3162.LoginIPv6Host_Type: HexFormat, rfc3162.FramedIPv6Route_Type: HexFormat, rfc3162.FramedIPv6Pool_Type: HexFormat, rfc3576.ErrorCause_Type: UInt32Format, rfc4849.NASFilterRule_Type: StringFormat, rfc2868.TunnelType_Type: UInt32Format, rfc2868.TunnelMediumType_Type: UInt32Format, rfc2868.TunnelClientEndpoint_Type: StringFormat, rfc2868.TunnelServerEndpoint_Type: StringFormat, rfc2868.TunnelPassword_Type: StringFormat, rfc2868.TunnelPrivateGroupID_Type: StringFormat, rfc2868.TunnelAssignmentID_Type: HexFormat, rfc2868.TunnelPreference_Type: HexFormat, rfc2868.TunnelClientAuthID_Type: HexFormat, rfc2868.TunnelServerAuthID_Type: HexFormat, }
var RadiusTypeMap = map[radius.Type]string{ rfc2865.UserName_Type: "UserName", rfc2865.UserPassword_Type: "UserPassword", rfc2865.CHAPPassword_Type: "CHAPPassword", rfc2865.NASIPAddress_Type: "NASIPAddress", rfc2865.NASPort_Type: "NASPort", rfc2865.ServiceType_Type: "ServiceType", rfc2865.FramedProtocol_Type: "FramedProtocol", rfc2865.FramedIPAddress_Type: "FramedIPAddress", rfc2865.FramedIPNetmask_Type: "FramedIPNetmask", rfc2865.FramedRouting_Type: "FramedRouting", rfc2865.FilterID_Type: "FilterID", rfc2865.FramedMTU_Type: "FramedMTU", rfc2865.FramedCompression_Type: "FramedCompression", rfc2865.LoginIPHost_Type: "LoginIPHost", rfc2865.LoginService_Type: "LoginService", rfc2865.LoginTCPPort_Type: "LoginTCPPort", rfc2865.ReplyMessage_Type: "ReplyMessage", rfc2865.CallbackNumber_Type: "CallbackNumber", rfc2865.CallbackID_Type: "CallbackID", rfc2865.FramedRoute_Type: "FramedRoute", rfc2865.FramedIPXNetwork_Type: "FramedIPXNetwork", rfc2865.State_Type: "State", rfc2865.Class_Type: "Class", rfc2865.VendorSpecific_Type: "VendorSpecific", rfc2865.SessionTimeout_Type: "SessionTimeout", rfc2865.IdleTimeout_Type: "IdleTimeout", rfc2865.TerminationAction_Type: "TerminationAction", rfc2865.CalledStationID_Type: "CalledStationID", rfc2865.CallingStationID_Type: "CallingStationID", rfc2865.NASIdentifier_Type: "NASIdentifier", rfc2865.ProxyState_Type: "ProxyState", rfc2865.LoginLATService_Type: "LoginLATService", rfc2865.LoginLATNode_Type: "LoginLATNode", rfc2865.LoginLATGroup_Type: "LoginLATGroup", rfc2865.FramedAppleTalkLink_Type: "FramedAppleTalkLink", rfc2865.FramedAppleTalkNetwork_Type: "FramedAppleTalkNetwork", rfc2865.FramedAppleTalkZone_Type: "FramedAppleTalkZone", rfc2865.CHAPChallenge_Type: "CHAPChallenge", rfc2865.NASPortType_Type: "NASPortType", rfc2865.PortLimit_Type: "PortLimit", rfc2865.LoginLATPort_Type: "LoginLATPort", rfc2866.AcctStatusType_Type: "AcctStatusType", rfc2866.AcctDelayTime_Type: "AcctDelayTime", rfc2866.AcctInputOctets_Type: "AcctInputOctets", rfc2866.AcctOutputOctets_Type: "AcctOutputOctets", rfc2866.AcctSessionID_Type: "AcctSessionID", rfc2866.AcctAuthentic_Type: "AcctAuthentic", rfc2866.AcctSessionTime_Type: "AcctSessionTime", rfc2866.AcctInputPackets_Type: "AcctInputPackets", rfc2866.AcctOutputPackets_Type: "AcctOutputPackets", rfc2866.AcctTerminateCause_Type: "AcctTerminateCause", rfc2866.AcctMultiSessionID_Type: "AcctMultiSessionID", rfc2866.AcctLinkCount_Type: "AcctLinkCount", rfc2869.AcctInputGigawords_Type: "AcctInputGigawords", rfc2869.AcctOutputGigawords_Type: "AcctOutputGigawords", rfc2869.EventTimestamp_Type: "EventTimestamp", rfc2869.ARAPPassword_Type: "ARAPPassword", rfc2869.ARAPFeatures_Type: "ARAPFeatures", rfc2869.ARAPZoneAccess_Type: "ARAPZoneAccess", rfc2869.ARAPSecurity_Type: "ARAPSecurity", rfc2869.ARAPSecurityData_Type: "ARAPSecurityData", rfc2869.PasswordRetry_Type: "PasswordRetry", rfc2869.Prompt_Type: "Prompt", rfc2869.ConnectInfo_Type: "ConnectInfo", rfc2869.ConfigurationToken_Type: "ConfigurationToken", rfc2869.EAPMessage_Type: "EAPMessage", rfc2869.MessageAuthenticator_Type: "MessageAuthenticator", rfc2869.ARAPChallengeResponse_Type: "ARAPChallengeResponse", rfc2869.AcctInterimInterval_Type: "AcctInterimInterval", rfc2869.NASPortID_Type: "NASPortID", rfc2869.FramedPool_Type: "FramedPool", rfc3162.NASIPv6Address_Type: "NASIPv6Address", rfc3162.FramedInterfaceID_Type: "FramedInterfaceID", rfc3162.FramedIPv6Prefix_Type: "FramedIPv6Prefix", rfc3162.LoginIPv6Host_Type: "LoginIPv6Host", rfc3162.FramedIPv6Route_Type: "FramedIPv6Route", rfc3162.FramedIPv6Pool_Type: "FramedIPv6Pool", rfc3576.ErrorCause_Type: "ErrorCause", rfc4849.NASFilterRule_Type: "NASFilterRule", rfc2868.TunnelType_Type: "TunnelType", rfc2868.TunnelMediumType_Type: "TunnelMediumType", rfc2868.TunnelClientEndpoint_Type: "TunnelClientEndpoint", rfc2868.TunnelServerEndpoint_Type: "TunnelServerEndpoint", rfc2868.TunnelPassword_Type: "TunnelPassword", rfc2868.TunnelPrivateGroupID_Type: "TunnelPrivateGroupID", rfc2868.TunnelAssignmentID_Type: "TunnelAssignmentID", rfc2868.TunnelPreference_Type: "TunnelPreference", rfc2868.TunnelClientAuthID_Type: "TunnelClientAuthID", rfc2868.TunnelServerAuthID_Type: "TunnelServerAuthID", }
var StringFormat = func(src []byte) string { return string(src) }
Functions ¶
func FmtRequest ¶
func GetNetRadiusOnlineFromRequest ¶
func GetNetRadiusOnlineFromRequest(r *radius.Request, vr *VendorRequest, vpe *models.NetVpe, nasrip string) models.RadiusOnline
func ListenRadiusAcctServer ¶
func ListenRadiusAcctServer(service *AcctService) error
func ListenRadiusAuthServer ¶
func ListenRadiusAuthServer(service *AuthService) error
func ListenRadsecServer ¶
func ListenRadsecServer(service *RadsecService) error
func StringType ¶
Types ¶
type AcctService ¶
type AcctService struct {
*RadiusService
}
记账服务
func NewAcctService ¶
func NewAcctService(radiusService *RadiusService) *AcctService
func (*AcctService) DoAcctDisconnect ¶
func (*AcctService) DoAcctNasOff ¶
func (s *AcctService) DoAcctNasOff(r *radius.Request)
func (*AcctService) DoAcctNasOn ¶
func (s *AcctService) DoAcctNasOn(r *radius.Request)
func (*AcctService) DoAcctStart ¶
func (s *AcctService) DoAcctStart(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)
func (*AcctService) DoAcctStop ¶
func (s *AcctService) DoAcctStop(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)
func (*AcctService) DoAcctUpdate ¶
func (s *AcctService) DoAcctUpdate(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)
func (*AcctService) DoAcctUpdateBefore ¶
func (s *AcctService) DoAcctUpdateBefore(r *radius.Request, vr *VendorRequest, user *models.RadiusUser, vpe *models.NetVpe, nasrip string)
func (*AcctService) LdapUserAcct ¶
func (s *AcctService) LdapUserAcct(r *radius.Request, vr *VendorRequest, username string, vpe *models.NetVpe, nasrip string)
func (*AcctService) SendResponse ¶
func (s *AcctService) SendResponse(w radius.ResponseWriter, r *radius.Request)
func (*AcctService) ServeRADIUS ¶
func (s *AcctService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
type AttrFormatFunc ¶
type AuthError ¶
func NewAuthError ¶
type AuthRateUser ¶
type AuthService ¶
type AuthService struct {
*RadiusService
}
func NewAuthService ¶
func NewAuthService(radiusService *RadiusService) *AuthService
func (*AuthService) AcceptAcceptConfig ¶
func (s *AuthService) AcceptAcceptConfig(user *models.RadiusUser, vendorCode string, radAccept *radius.Packet)
AcceptAcceptConfig 用户属性策略下发配置
func (*AuthService) CheckMacBind ¶
func (s *AuthService) CheckMacBind(user *models.RadiusUser, vendorReq *VendorRequest) error
CheckMacBind mac binding detection Detected only if both user mac and request mac are valid. If user mac is empty, update user mac directly.
func (*AuthService) CheckMsChapPassword ¶
func (s *AuthService) CheckMsChapPassword( username, password string, challenge, response []byte, radAccept *radius.Packet, ) error
CheckMsChapPassword 非 EAP 模式的验证
func (*AuthService) CheckMsChapV2Password ¶ added in v8.0.5
func (s *AuthService) CheckMsChapV2Password( username, password string, challenge []byte, ident byte, peerChallenge, peerResponse []byte, radAccept *radius.Packet, ) error
CheckMsChapV2Password EAP 模式的验证
func (*AuthService) CheckOnlineCount ¶
func (s *AuthService) CheckOnlineCount(username string, activeNUm int) error
func (*AuthService) CheckPassword ¶
func (s *AuthService) CheckPassword(r *radius.Request, username, localpassword string, radAccept *radius.Packet, isMacAuth bool) error
CheckPassword passward 不为空为 PAP 认证 chapPassword 不为空为 Chap 认证
func (*AuthService) CheckVlanBind ¶
func (s *AuthService) CheckVlanBind(user *models.RadiusUser, vendorReq *VendorRequest) error
CheckVlanBind vlanid binding detection Only if both user vlanid and request vlanid are valid. If user vlanid is empty, update user vlanid directly.
func (*AuthService) GetLocalPassword ¶
func (s *AuthService) GetLocalPassword(user *models.RadiusUser, isMacAuth bool) (string, error)
func (*AuthService) SendAccept ¶
func (s *AuthService) SendAccept(w radius.ResponseWriter, r *radius.Request, resp *radius.Packet)
func (*AuthService) SendEapFailureReject ¶ added in v8.0.5
func (s *AuthService) SendEapFailureReject(w radius.ResponseWriter, r *radius.Request, secret string, err error)
func (*AuthService) SendReject ¶
func (s *AuthService) SendReject(w radius.ResponseWriter, r *radius.Request, err error)
func (*AuthService) ServeRADIUS ¶
func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
func (*AuthService) UpdateBind ¶
func (s *AuthService) UpdateBind(user *models.RadiusUser, vendorReq *VendorRequest)
UpdateBind update mac or vlan
type EAPHeader ¶ added in v8.0.5
func NewEAPFailure ¶ added in v8.0.5
NewEAPFailure creates a new EAP-Failure packet.
func NewEAPSuccess ¶ added in v8.0.5
NewEAPSuccess creates a new EAP-Success packet.
type EAPMSCHAPv2Challenge ¶ added in v8.0.5
type EAPMSCHAPv2Challenge struct { EAPHeader Type uint8 OpCode uint8 MsIdentifier uint8 MsChapV2Length uint16 ValueSize uint8 Challenge [MSCHAPChallengeSize]byte Name []byte }
EAPMSCHAPv2Challenge represents an EAP-MSCHAPv2 Challenge message.
func NewEAPMSCHAPv2Challenge ¶ added in v8.0.5
func NewEAPMSCHAPv2Challenge(identifier uint8, name string) *EAPMSCHAPv2Challenge
NewEAPMSCHAPv2Challenge creates a new EAP-MSCHAPv2 Challenge packet with a random challenge.
func (*EAPMSCHAPv2Challenge) Serialize ¶ added in v8.0.5
func (eap *EAPMSCHAPv2Challenge) Serialize() []byte
Serialize serializes the EAP-MSCHAPv2 Challenge packet to bytes.
type EAPMSCHAPv2Response ¶ added in v8.0.5
type EAPMSCHAPv2Response struct { EAPHeader Type uint8 OpCode uint8 MsIdentifier uint8 MsChapV2Length uint16 ValueSize uint8 PeerChallenge [16]byte Reserved [8]byte Response [24]byte Flags uint8 Name []byte }
EAPMSCHAPv2Response represents an EAP-MSCHAPv2 Response message.
func NewEAPMSCHAPv2Response ¶ added in v8.0.5
func NewEAPMSCHAPv2Response(identifier uint8, peerChallenge, response []byte, name string) *EAPMSCHAPv2Response
NewEAPMSCHAPv2Response creates a new EAP-MSCHAPv2 Response packet.
func ParseEAPMSCHAPv2Response ¶ added in v8.0.5
func ParseEAPMSCHAPv2Response(packet *radius.Packet) (*EAPMSCHAPv2Response, error)
func (*EAPMSCHAPv2Response) Serialize ¶ added in v8.0.5
func (eap *EAPMSCHAPv2Response) Serialize() []byte
Serialize serializes the EAP-MSCHAPv2 Response packet to bytes.
type EAPMSCHAPv2SuccessFailure ¶ added in v8.0.5
EAPMSCHAPv2SuccessFailure represents an EAP-MSCHAPv2 Success or Failure message.
func NewEAPMSCHAPv2SuccessFailure ¶ added in v8.0.5
func NewEAPMSCHAPv2SuccessFailure(code uint8, identifier uint8, opCode uint8, message string) *EAPMSCHAPv2SuccessFailure
NewEAPMSCHAPv2SuccessFailure creates a new EAP-MSCHAPv2 Success or Failure packet.
func (*EAPMSCHAPv2SuccessFailure) Serialize ¶ added in v8.0.5
func (eap *EAPMSCHAPv2SuccessFailure) Serialize() []byte
Serialize serializes the EAP-MSCHAPv2 Success or Failure packet to bytes.
type EAPMessage ¶ added in v8.0.4
func (*EAPMessage) Encode ¶ added in v8.0.4
func (msg *EAPMessage) Encode() []byte
Encode 编码 EAP 消息为字节切片
func (*EAPMessage) String ¶ added in v8.0.4
func (msg *EAPMessage) String() string
String() Returns a string representation of the EAP message.
type RadiusService ¶
type RadiusService struct { App *app.Application RejectCache *RejectCache AuthRateCache map[string]AuthRateUser EapStateCache map[string]EapState TaskPool *ants.Pool // contains filtered or unexported fields }
func NewRadiusService ¶
func NewRadiusService() *RadiusService
func (*RadiusService) AddEapState ¶ added in v8.0.4
func (s *RadiusService) AddEapState(stateid, username string, challenge []byte, eapMethad string)
State add
func (*RadiusService) AddRadiusAccounting ¶
func (s *RadiusService) AddRadiusAccounting(ol models.RadiusOnline, start bool) error
func (*RadiusService) AddRadiusOnline ¶
func (s *RadiusService) AddRadiusOnline(ol models.RadiusOnline) error
func (*RadiusService) BatchClearRadiusOnline ¶
func (s *RadiusService) BatchClearRadiusOnline(ids string) error
func (*RadiusService) BatchClearRadiusOnlineByNas ¶
func (s *RadiusService) BatchClearRadiusOnlineByNas(nasip, nasid string)
func (*RadiusService) CheckAuthRateLimit ¶
func (s *RadiusService) CheckAuthRateLimit(username string) error
CheckAuthRateLimit Authentication frequency detection, each user can only authenticate once every few seconds
func (*RadiusService) CheckRadAuthError ¶
func (s *RadiusService) CheckRadAuthError(username, nasip string, err error)
func (*RadiusService) CheckRequestSecret ¶
func (s *RadiusService) CheckRequestSecret(r *radius.Packet, secret []byte)
func (*RadiusService) DeleteEapState ¶ added in v8.0.4
func (s *RadiusService) DeleteEapState(stateid string)
State delete
func (*RadiusService) EndRadiusAccounting ¶
func (s *RadiusService) EndRadiusAccounting(online models.RadiusOnline) error
func (*RadiusService) ExistRadiusOnline ¶
func (s *RadiusService) ExistRadiusOnline(sessionId string) bool
func (*RadiusService) GetEapMethod ¶ added in v8.0.5
func (s *RadiusService) GetEapMethod() string
func (*RadiusService) GetEapState ¶ added in v8.0.4
func (s *RadiusService) GetEapState(stateid string) (state *EapState, err error)
State get
func (*RadiusService) GetIntConfig ¶
func (s *RadiusService) GetIntConfig(name string, defval int64) int64
func (*RadiusService) GetNas ¶
func (s *RadiusService) GetNas(ip, identifier string) (vpe *models.NetVpe, err error)
GetNas 查询 NAS 设备, 优先查询IP, 然后ID
func (*RadiusService) GetRadiusOnlineCount ¶
func (s *RadiusService) GetRadiusOnlineCount(username string) int
func (*RadiusService) GetStringConfig ¶
func (s *RadiusService) GetStringConfig(name string, defval string) string
func (*RadiusService) GetUserForAcct ¶
func (s *RadiusService) GetUserForAcct(username string) (user *models.RadiusUser, err error)
GetUserForAcct 获取用户, 不判断用户过期等状态
func (*RadiusService) GetValidUser ¶
func (s *RadiusService) GetValidUser(usernameOrMac string, macauth bool) (user *models.RadiusUser, err error)
GetValidUser 获取有效用户, 初步判断用户有效性
func (*RadiusService) ParseVendor ¶
func (s *RadiusService) ParseVendor(r *radius.Request, vendorCode string) *VendorRequest
ParseVendor 解析厂商私有属性
func (*RadiusService) RADIUSSecret ¶
func (*RadiusService) Release ¶
func (s *RadiusService) Release()
func (*RadiusService) ReleaseAuthRateLimit ¶
func (s *RadiusService) ReleaseAuthRateLimit(username string)
func (*RadiusService) RemoveRadiusOnline ¶
func (s *RadiusService) RemoveRadiusOnline(sessionId string) error
func (*RadiusService) UpdateRadiusOnlineData ¶
func (s *RadiusService) UpdateRadiusOnlineData(data models.RadiusOnline) error
func (*RadiusService) UpdateUserLastOnline ¶ added in v8.0.7
func (s *RadiusService) UpdateUserLastOnline(username string)
func (*RadiusService) UpdateUserMac ¶
func (s *RadiusService) UpdateUserMac(username string, macaddr string)
func (*RadiusService) UpdateUserVlanid1 ¶
func (s *RadiusService) UpdateUserVlanid1(username string, vlanid1 int)
func (*RadiusService) UpdateUserVlanid2 ¶
func (s *RadiusService) UpdateUserVlanid2(username string, vlanid2 int)
type RadsecHandler ¶
type RadsecHandler interface {
ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
}
type RadsecPacketServer ¶
type RadsecPacketServer struct { // The address on which the server listens. Defaults to :1812. Addr string // The network on which the server listens. Defaults to udp. Network string // The source from which the secret is obtained for parsing and validating // the request. SecretSource radius.SecretSource // Handler which is called to process the request. Handler RadsecHandler // Skip incoming packet authenticity validation. // This should only be set to true for debugging purposes. InsecureSkipVerify bool // contains filtered or unexported fields }
RadsecPacketServer listens for RADIUS requests on a packet-based protocols (e.g. UDP).
func (*RadsecPacketServer) ListenAndServe ¶
func (s *RadsecPacketServer) ListenAndServe(capath, crtfile, keyfile string) error
ListenAndServe starts a RADIUS server on the address given in s.
func (*RadsecPacketServer) Serve ¶
func (s *RadsecPacketServer) Serve(conn net.Conn) error
Serve accepts incoming connections on conn.
func (*RadsecPacketServer) Shutdown ¶
func (s *RadsecPacketServer) Shutdown(ctx context.Context) error
Shutdown gracefully stops the server. It first closes all listeners and then waits for any running handlers to complete.
Shutdown returns after nil all handlers have completed. ctx.Err() is returned if ctx is canceled.
Any Serve methods return ErrShutdown after Shutdown is called.
type RadsecService ¶
type RadsecService struct { AuthService *AuthService AcctService *AcctService }
func NewRadsecService ¶
func NewRadsecService(authService *AuthService, acctService *AcctService) *RadsecService
func (*RadsecService) RADIUSSecret ¶
func (*RadsecService) ServeRADIUS ¶
func (s *RadsecService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
type RejectCache ¶
type RejectCache struct { Items map[string]*RejectItem Lock sync.Mutex }
func (*RejectCache) GetItem ¶
func (rc *RejectCache) GetItem(username string) *RejectItem
func (*RejectCache) SetItem ¶
func (rc *RejectCache) SetItem(username string)
type RejectItem ¶
func (*RejectItem) Incr ¶
func (ri *RejectItem) Incr()
func (*RejectItem) IsOver ¶
func (ri *RejectItem) IsOver(max int64) bool
type VendorRequest ¶
Source Files ¶
- acct_ops.go
- acct_start.go
- acct_stop.go
- acct_update.go
- auth_accept_config.go
- auth_bind_check.go
- auth_check_online.go
- auth_passwd_check.go
- errors.go
- packet_format.go
- radius.go
- radius_acct.go
- radius_auth.go
- radius_eap.go
- radius_eap_mschapv2.go
- radius_ldap_acct.go
- radius_reject_delay.go
- radsec_server.go
- radsec_service.go
- server.go
- vendor_parse.go