radius

package module
v0.0.0-...-04c7e6b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2018 License: MPL-2.0 Imports: 12 Imported by: 0

README

radius GoDoc

a Go (golang) RADIUS client and server implementation

Installation

go get -u layeh.com/radius

Client example

package main

import (
	"context"
	"fmt"

	"layeh.com/radius"
	. "layeh.com/radius/rfc2865"
)

func main() {
	packet := radius.New(radius.CodeAccessRequest, []byte(`secret`))
	UserName_SetString(packet, "tim")
	UserPassword_SetString(packet, "12345")
	response, err := radius.Exchange(context.Background(), packet, "localhost:1812")
	if err != nil {
		panic(err)
	}

	if response.Code == radius.CodeAccessAccept {
		fmt.Println("Accepted")
	} else {
		fmt.Println("Denied")
	}
}

RADIUS Dictionaries

Included in this package is the command line program radius-dict-gen. It can be installed with:

go get -u layeh.com/radius/cmd/radius-dict-gen

Given a FreeRADIUS dictionary, the program will generate helper functions and types for reading and manipulating RADIUS attributes in a packet. It is recommended that generated code be used for any RADIUS dictionary you would like to consume.

Included in this repository are sub-packages of generated helpers for commonly used RADIUS attributes, including rfc2865 and rfc2866.

License

MPL 2.0

Documentation

Overview

Package radius provides a RADIUS client and server (RFC 2865, RFC 2866).

Example (Client) 
package main

import (
	"context"
	"fmt"

	"layeh.com/radius"
	. "layeh.com/radius/rfc2865"
)

var (
	Username = "tim"
	Password = "12345"
)

func main() {
	packet := radius.New(radius.CodeAccessRequest, []byte(`secret`))
	UserName_SetString(packet, Username)
	UserPassword_SetString(packet, Password)
	response, err := radius.Exchange(context.Background(), packet, "localhost:1812")
	if err != nil {
		panic(err)
	}

	if response.Code == radius.CodeAccessAccept {
		fmt.Println("Accepted")
	} else {
		fmt.Println("Denied")
	}
}

Output:

Index

Examples

Constants

View Source 
const MaxPacketLength = 4095

MaxPacketLength is the maximum possible wire length of a RADIUS packet.

Variables

View Source 
var DefaultClient = &Client{}

DefaultClient is the RADIUS client used by the Exchange function.

View Source 
var ErrNoAttribute = errors.New("radius: attribute not found")

ErrNoAttribute is returned when an attribute was not found when one was expected.

View Source 
var ErrServerShutdown = errors.New("radius: server is shutting down")

ErrServerShutdown is returned from server Serve methods when Shutdown has been called and handlers are still completing.

Functions

func Bytes 

func Bytes(a Attribute) []byte

Bytes returns the given Attribute as a byte slice.

func Date 

func Date(a Attribute) (time.Time, error)

Date returns the given Attribute as time.Time. An error is returned if the attribute is not 4 bytes long.

func IPAddr 

func IPAddr(a Attribute) (net.IP, error)

IPAddr returns the given Attribute as an IPv4 IP address. An error is returned if the attribute is not 4 bytes long.

func Integer 

func Integer(a Attribute) (uint32, error)

Integer returns the given attribute as an integer. An error is returned if the attribute is not 4 bytes long.

func IsAuthenticRequest 

func IsAuthenticRequest(request, secret []byte) bool

IsAuthenticRequest returns if the given RADIUS request is an authentic request using the given secret.

func IsAuthenticResponse 

func IsAuthenticResponse(response, request, secret []byte) bool

IsAuthenticResponse returns if the given RADIUS response is an authentic response to the given request.

func String 

func String(a Attribute) string

String returns the given attribute as a string.

func UserPassword 

func UserPassword(a Attribute, secret, requestAuthenticator []byte) ([]byte, error)

UserPassword decrypts the given "User-Password"-encrypted (as defined in RFC 2865) Attribute, and returns the plaintext. An error is returned if the attribute length is invalid, the secret is empty, or the requestAuthenticator length is invalid.

Types

type Attribute 

type Attribute []byte

Attribute is a wire encoded RADIUS attribute.

func NewBytes 

func NewBytes(b []byte) (Attribute, error)

NewBytes returns a new Attribute from the given byte slice. An error is returned if the slice is longer than 253.

func NewDate 

func NewDate(t time.Time) (Attribute, error)

NewDate returns a new Attribute from the given time.Time.

func NewIPAddr 

func NewIPAddr(a net.IP) (Attribute, error)

NewIPAddr returns a new Attribute from the given IP address. An error is returned if the given address is not an IPv4 address.

func NewInteger 

func NewInteger(i uint32) Attribute

NewInteger creates a new Attribute from the given integer value.

func NewString 

func NewString(s string) (Attribute, error)

NewString returns a new Attribute from the given string. An error is returned if the string length is greater than 253.

func NewUserPassword 

func NewUserPassword(plaintext, secret, requestAuthenticator []byte) (Attribute, error)

NewUserPassword returns a new "User-Password"-encrypted attribute from the given plaintext, secret, and requestAuthenticator. An error is returned if the plaintext is too long, the secret is empty, or the requestAuthenticator is an invalid length.

func NewVendorSpecific 

func NewVendorSpecific(vendorID uint32, value Attribute) (Attribute, error)

NewVendorSpecific returns a new vendor specific attribute with the given vendor ID and value.

func VendorSpecific 

func VendorSpecific(a Attribute) (vendorID uint32, value Attribute, err error)

VendorSpecific returns the vendor ID and value from the given attribute. An error is returned if the attribute is less than 5 bytes long.

type Attributes 

type Attributes map[Type][]Attribute

Attributes is a map of RADIUS attribute types to slice of Attributes.

func ParseAttributes 

func ParseAttributes(b []byte) (Attributes, error)

ParseAttributes parses the wire-encoded RADIUS attributes and returns a new Attributes value. An error is returned if the buffer is malformed.

func (Attributes) Add 

func (a Attributes) Add(key Type, value Attribute)

Add appends the given Attribute to the map entry of the given type.

func (Attributes) Del 

func (a Attributes) Del(key Type)

Del removes all Attributes of the given type from a.

func (Attributes) Get 

func (a Attributes) Get(key Type) Attribute

Get returns the first Attribute of Type key. nil is returned if no Attribute of Type key exists in a.

func (Attributes) Len 

func (a Attributes) Len() int

Len returns the total number of Attributes in a.

func (Attributes) Lookup 

func (a Attributes) Lookup(key Type) (Attribute, bool)

Lookup returns the first Attribute of Type key. nil and false is returned if no Attribute of Type key exists in a.

func (Attributes) Set 

func (a Attributes) Set(key Type, value Attribute)

Set removes all Attributes of Type key and appends value.

type Client 

type Client struct {
	// Network on which to make the connection. Defaults to "udp".
	Net string

	// Dialer to use when making the outgoing connections.
	Dialer net.Dialer

	// Interval on which to resend packet (zero or negative value means no
	// retry).
	Retry time.Duration

	// MaxPacketErrors controls how many packet parsing and validation errors
	// the client will ignore before returning the error from Exchange.
	//
	// If zero, Exchange will drop all packet parsing errors.
	MaxPacketErrors int

	// InsecureSkipVerify controls whether the client should skip verifying
	// response packets received.
	InsecureSkipVerify bool
}

Client is a RADIUS client that can exchange packets with a RADIUS server.

func (*Client) Exchange 

func (c *Client) Exchange(ctx context.Context, packet *Packet, addr string) (*Packet, error)

Exchange sends the packet to the given server and waits for a response. ctx must be non-nil.

type Code 

type Code int

Code defines the RADIUS packet type. 

const (
	CodeAccessRequest      Code = 1
	CodeAccessAccept       Code = 2
	CodeAccessReject       Code = 3
	CodeAccountingRequest  Code = 4
	CodeAccountingResponse Code = 5
	CodeAccessChallenge    Code = 11
	CodeStatusServer       Code = 12
	CodeStatusClient       Code = 13
	CodeDisconnectRequest  Code = 40
	CodeDisconnectACK      Code = 41
	CodeDisconnectNAK      Code = 42
	CodeCoARequest         Code = 43
	CodeCoAACK             Code = 44
	CodeCoANAK             Code = 45
	CodeReserved           Code = 255
)

Standard RADIUS packet codes.

func (Code) String 

func (c Code) String() string

String returns a string representation of the code.

type Handler 

type Handler interface {
	ServeRADIUS(w ResponseWriter, r *Request)
}

Handler provides a handler to RADIUS server requests. When a RADIUS request is received, ServeRADIUS is called.

type HandlerFunc 

type HandlerFunc func(w ResponseWriter, r *Request)

HandlerFunc allows a function to implement Handler.

func (HandlerFunc) ServeRADIUS 

func (h HandlerFunc) ServeRADIUS(w ResponseWriter, r *Request)

ServeRADIUS calls h(w, p).

type NonAuthenticResponseError 

type NonAuthenticResponseError struct {
}

NonAuthenticResponseError is returned when a client was expecting a valid response but did not receive one.

func (*NonAuthenticResponseError) Error 

func (e *NonAuthenticResponseError) Error() string

type Packet 

type Packet struct {
	Code          Code
	Identifier    byte
	Authenticator [16]byte
	Secret        []byte
	Attributes
}

Packet is a RADIUS packet.

func Exchange 

func Exchange(ctx context.Context, packet *Packet, addr string) (*Packet, error)

Exchange uses DefaultClient to send the given RADIUS packet to the server at address addr and waits for a response.

func New 

func New(code Code, secret []byte) *Packet

New creates a new packet with the Code, Secret fields set to the given values. The returned packet's Identifier and Authenticator fields are filled with random values.

The function panics if not enough random data could be generated.

func Parse 

func Parse(b, secret []byte) (*Packet, error)

Parse parses an encoded RADIUS packet b. An error is returned if the packet is malformed.

func (*Packet) Encode 

func (p *Packet) Encode() ([]byte, error)

Encode encodes the RADIUS packet to wire format. An error is returned if the encoded packet is too long (due to its Attributes), or if the packet has an unknown Code.

func (*Packet) Response 

func (p *Packet) Response(code Code) *Packet

Response returns a new packet that has the same identifier, secret, and authenticator as the current packet.

type PacketServer 

type PacketServer struct {
	// The address on which the server listens. Defaults to :1812.
	Addr string
	// The network on which the server listens. Defaults to udp.
	Network      string
	SecretSource SecretSource
	Handler      Handler

	// Skip incoming packet authenticity validation.
	// This should only be set to true for debugging purposes.
	InsecureSkipVerify bool
	// contains filtered or unexported fields
}

PacketServer listens for RADIUS requests on a packet-based protocols (e.g. UDP).

func (*PacketServer) ListenAndServe 

func (s *PacketServer) ListenAndServe() error

ListenAndServe starts a RADIUS server on the address given in s.

func (*PacketServer) Serve 

func (s *PacketServer) Serve(conn net.PacketConn) error

Serve accepts incoming connections on conn.

func (*PacketServer) Shutdown 

func (s *PacketServer) Shutdown(ctx context.Context) error

Shutdown gracefully stops the server. It first closes all listeners (which stops accepting new packets) and then waits for running handlers to complete.

Shutdown returns after all handlers have completed, or when ctx is canceled. The PacketServer is ready for re-use once the function returns nil.

type Request 

type Request struct {
	// LocalAddr is the local address on which the incoming RADIUS request
	// was received.
	LocalAddr net.Addr
	// RemoteAddr is the address from which the incoming RADIUS request
	// was sent.
	RemoteAddr net.Addr

	// Packet is the RADIUS packet sent in the request.
	*Packet
	// contains filtered or unexported fields
}

Request is an incoming RADIUS request that is being handled by the server.

func (*Request) Context 

func (r *Request) Context() context.Context

Context returns the context of the request. If a context has not been set using WithContext, the Background context is returned.

func (*Request) WithContext 

func (r *Request) WithContext(ctx context.Context) *Request

WithContext returns a shallow copy of the request with the new request's context set to the given context.

type ResponseWriter 

type ResponseWriter interface {
	Write(packet *Packet) error
}

ResponseWriter is used by RADIUS servers when replying to a RADIUS request.

type SecretSource 

type SecretSource interface {
	RADIUSSecret(ctx context.Context, remoteAddr net.Addr) ([]byte, error)
}

SecretSource supplies RADIUS servers with the secret that should be used for authorizing and decrypting packets.

ctx is canceled if the server's Shutdown method is called.

func StaticSecretSource 

func StaticSecretSource(secret []byte) SecretSource

StaticSecretSource returns a SecretSource that uses secret for all requests.

type Type 

type Type int

Type is the RADIUS attribute type. 

const TypeInvalid Type = -1

TypeInvalid is a Type that can be used to represent an invalid RADIUS attribute type.

Source Files

View all Source files

Directories

Path Synopsis
cmd
radius-dict-gen
radserver
radtest
Package dictionary parses FreeRADIUS dictionary files.
 Package dictionary parses FreeRADIUS dictionary files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.