radius

package module
v0.0.0-...-a0e2738 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2020 License: MPL-2.0 Imports: 16 Imported by: 3

README

go-radius

GoDoc cover.run Go Report Card

It's quite heavily rewritten fork of another Go RADIUS library

Significant changes are:

  • Common

    • Encoding/Decoding of attribute 26 (Vendor-Specific)
    • RFC2866 & RFC2869 (Accounting)

  • New Common

    • Support Vendor Specific Dictionaries
    • VSA can integrates to any dictionary (support rfc and VSA dictionaries together)
    • Support Tagged attributes
    • Encodes and Decodes VSA and VSA Tagged attribute values
    • Transform attribute types from string values (include VSA) (usefull for db connections)
    • AttrFilter packet attribute names resolver See tests for more information

  • Server

    • Request throttling (maximum requests per second) support
    • Supports limiting the number of requests in processing queue
    • Multiple RADIUS Secrets based on packet's source IP with a fallback default
    • Request/Response packet replication (useful for logging, IDS etc)
    • Configurable UDP buffer size

  • Client

    • Lots of vendor-specific (Cisco, Juniper, Mikrotik) functions and constants
    • Support for generating CoA/Disconnect-Message packets

Installation

go get -u github.com/blind-oracle/go-radius

Server example

import (
    "github.com/blind-oracle/go-radius"
    "log"
)

func main() {
    handler := func (w radius.ResponseWriter, p *radius.Packet) {

        w.AccessAccept()
    }

    server := radius.Server{
        Addr:           "0.0.0.0:1812",
        Handler:        radius.HandlerFunc(handler),
        Secret:         []byte(o.RADIUSSecret),
        Dictionary:     radius.Builtin,
    }

    if err := server.ListenAndServe(); err != nil {
        log.Fatal(err)
    }
}

Client example

import (
    "github.com/blind-oracle/go-radius"
    "log"
)

func main() {
    client := radius.Client{}
    packet := radius.New(radius.CodeAccessRequest, []byte("VerySecret"))
    packet.Add("Calling-Station-Id", "NAS-Fake")

    reply, err := client.Exchange(packet, "1.2.3.4:1812")
    if err != nil {
        log.Fatalf(err)
    }

    switch reply.Code {
        case radius.CodeAccessAccept:
        log.Println("Accept")
        case radius.CodeAccessReject:
        log.Println("Reject")
    }
}

Authors

Documentation

Overview

Package radius provides a RADIUS client and server.

Attributes

The following tables list the attributes automatically registered in the Builtin dictionary. Each row contains the attributes' name, type (number), and Go data type.

The following attributes are defined by RFC 2865: 

User-Name                 1   string
User-Password             2   string
CHAP-Password             3   []byte
NAS-IP-Address            4   net.IP
NAS-Port                  5   uint32
Service-Type              6   uint32
Framed-Protocol           7   uint32
Framed-IP-Address         8   net.IP
Framed-IP-Netmask         9   net.IP
Framed-Routing            10  uint32
Filter-Id                 11  string
Framed-MTU                12  uint32
Framed-Compression        13  uint32
Login-IP-Host             14  net.IP
Login-Service             15  uint32
Login-TCP-Port            16  uint32
Reply-Message             18  string
Callback-Number           19  []byte
Callback-Id               20  []byte
Framed-Route              22  string
Framed-IPX-Network        23  net.IP
State                     24  []byte
Class                     25  []byte
Vendor-Specific           26  []byte
Session-Timeout           27  uint32
Idle-Timeout              28  uint32
Termination-Action        29  uint32
Called-Station-Id         30  []byte
Calling-Station-Id        31  []byte
NAS-Identifier            32  []byte
Proxy-State               33  []byte
Login-LAT-Service         34  []byte
Login-LAT-Node            35  []byte
Login-LAT-Group           36  []byte
Framed-AppleTalk-Link     37  uint32
Framed-AppleTalk-Network  38  uint32
Framed-AppleTalk-Zone     39  []byte
CHAP-Challenge            60  []byte
NAS-Port-Type             61  uint32
Port-Limit                62  uint32
Login-LAT-Port            63  []byte

The following attributes are defined by RFC 2866: 

Acct-Status-Type       40  uint32
Acct-Delay-Time        41  uint32
Acct-Input-Octets      42  uint32
Acct-Output-Octets     43  uint32
Acct-Session-Id        44  string
Acct-Authentic         45  uint32
Acct-Session-Time      46  uint32
Acct-Input-Packets     47  uint32
Acct-Output-Packets    48  uint32
Acct-Terminate-Cause   49  uint32
Acct-Multi-Session-Id  50  string
Acct-Link-Count        51  uint32

Index

Constants

View Source 
const (
	AttrFramedIPAddress  = 8
	AttrVendorSpecific   = 26
	AttrCallingStationID = 31
	AttrAcctSessionID    = 44
)

Some commonly used attribute IDs

View Source 
const (
	VendCisco     = 9
	VendHuawei    = 2011
	VendJuniper   = 4874
	VendMikrotik  = 14988
	VendAirespace = 14179
)

Vendor IDs

View Source 
const (
	AVPJunSvcAct     = 65
	AVPJunSvcDeact   = 66
	AVPJunSvcTimeout = 68
	AVPJunError      = 178
	AVPJunSvcUpdate  = 180
	AVPJunDHCPMac    = 56
	AVPJunDHCPRelay  = 57
	AVPMktAddrList   = 19
)

Some commond vendor TypeIDs

View Source 
const NotVSID = 0

NotVSID VSA ID for non-VSA (RFC) attributes

Variables

This section is empty.

Functions

func DecodeAVPair 

func DecodeAVPair(vsa []byte) (vendorID uint32, typeID uint8, value string, err error)

DecodeAVPair decodes AVP (string)

func DecodeAVPairByte 

func DecodeAVPairByte(vsa []byte) (vendorID uint32, typeID uint8, value []byte, err error)

DecodeAVPairByte decodes AVP (byte)

func EncodeAVPair 

func EncodeAVPair(vendorID uint32, typeID uint8, value string) (vsa []byte)

EncodeAVPair encodes AVPair into Vendor-Specific attribute format (string)

func EncodeAVPairByte 

func EncodeAVPairByte(vendorID uint32, typeID uint8, value []byte) (vsa []byte)

EncodeAVPairByte encodes AVPair into Vendor-Specific attribute format (byte)

func EncodeAVPairByteTag 

func EncodeAVPairByteTag(vendorID uint32, typeID uint8, tag uint8, value []byte) (vsa []byte)

EncodeAVPairByteTag encodes AVPair into Vendor-Specific attribute format with tag (byte)

func EncodeAVPairCisco 

func EncodeAVPairCisco(value string) (vsa []byte)

EncodeAVPairCisco Cisco

func EncodeAVPairInt 

func EncodeAVPairInt(vendorID uint32, typeID uint8, value int) (vsa []byte)

EncodeAVPairInt creates an AVP from int

func EncodeAVPairJuniperByte 

func EncodeAVPairJuniperByte(typeID uint8, value []byte) (vsa []byte)

EncodeAVPairJuniperByte Juniper

func EncodeAVPairJuniperByteTag 

func EncodeAVPairJuniperByteTag(typeID uint8, tag uint8, value []byte) (vsa []byte)

EncodeAVPairJuniperByteTag Juniper Tagged

func EncodeAVPairMikrotikByte 

func EncodeAVPairMikrotikByte(typeID uint8, value []byte) (vsa []byte)

EncodeAVPairMikrotikByte Mikrotik

func EncodeAVPairUint32 

func EncodeAVPairUint32(vendorID uint32, typeID uint8, value uint32) (vsa []byte)

EncodeAVPairUint32 creates an AVP from uint32

func EncodeAVpairTag 

func EncodeAVpairTag(vendorID uint32, typeID uint8, tag uint8, value string) (vsa []byte)

EncodeAVpairTag encodes AVPair into Vendor-Specific attribute format with tag (string)

func EncodeJuniperTimeoutTag 

func EncodeJuniperTimeoutTag(timeout uint32, tag uint8) []byte

EncodeJuniperTimeoutTag encodes Juniper timeout tag Format is Tag (1 byte) + 24bit Integer (3 bytes)

Types

type AVP 

type AVP struct {
	VendorID uint32
	TypeID   uint8
	Value    []byte
}

AVP is an Attribute-Value pair

func DecodeAVPairs 

func DecodeAVPairs(p *Packet) (avps []*AVP, err error)

DecodeAVPairs decodes VSA from the provided packet

func (*AVP) IsJuniperServiceActive 

func (a *AVP) IsJuniperServiceActive() bool

IsJuniperServiceActive returns true if the Juniper service is active

type AttrFilter 

type AttrFilter struct {
	// contains filtered or unexported fields
}

AttrFilter is used for smart decoding of attributes from a package.

func (*AttrFilter) Filter 

func (a *AttrFilter) Filter(p *Packet) map[string]*Attribute

Filter intersect packet attributes & filter, than run

func (*AttrFilter) FilterStrings 

func (a *AttrFilter) FilterStrings(p *Packet) (key string, strAttrs map[string]string)

FilterStrings returns transport key and attributes in map[string]string

func (*AttrFilter) Keygen 

func (a *AttrFilter) Keygen(attrMap map[string]*Attribute) string

Keygen generates unique requester identifier for pub/sub and smart cache Keys MUST be registered by SetKeys. attrMap is a output of Filter

func (*AttrFilter) SetKeys 

func (a *AttrFilter) SetKeys(keys []OneKey) (err error)

SetKeys sets keys into filter. Generated key used for querying sql backend and smart caching

type Attribute 

type Attribute struct {
	Type   byte
	Vendor uint32
	Tagged bool
	Tag    byte
	Value  interface{}
}

Attribute is a RADIUS attribute, which is part of a RADIUS packet.

type AttributeCodec 

type AttributeCodec interface {
	// Note: do not store wire; make a copy of it.
	Decode(packet *Packet, wire []byte) (interface{}, error)
	Encode(packet *Packet, value interface{}) ([]byte, error)
}

AttributeCodec defines how an Attribute is encoded and decoded to and from wire data. 

var (
	// string
	AttributeText AttributeCodec
	// []byte
	AttributeString AttributeCodec
	// net.IP
	AttributeAddress AttributeCodec
	// uint32
	AttributeInteger AttributeCodec
	// uint64
	AttributeInteger64 AttributeCodec
	// time.Time
	AttributeTime AttributeCodec
	// []byte
	AttributeUnknown AttributeCodec
)

The base attribute value formats that are defined in RFC 2865.

type AttributeStringer 

type AttributeStringer interface {
	String(value interface{}) string
}

AttributeStringer defines an extension of AttributeCodec. It provides a method for converting an attribute value to a string.

type AttributeTransformer 

type AttributeTransformer interface {
	Transform(value interface{}) (interface{}, error)
}

AttributeTransformer defines an extension of AttributeCodec. It provides a method for converting attribute values to ones permitted by the attribute.

type Client 

type Client struct {
	// Local address to use for outgoing connections (can be nil)
	LocalAddr *net.UDPAddr

	// Timeout and retry count
	Timeout time.Duration
	Retries int
}

Client that can exchange packets with a RADIUS-enabled host

func (*Client) CiscoDisconnect 

func (c *Client) CiscoDisconnect(Params *RequestParams, CallingStationID string) *RequestResult

CiscoDisconnect is a Cisco disconnect wrapper

func (*Client) CiscoReauthenticate 

func (c *Client) CiscoReauthenticate(Params *RequestParams, CallingStationID string) *RequestResult

CiscoReauthenticate is a Cisco reauthenticate wrapper

func (*Client) CiscoRequest 

func (c *Client) CiscoRequest(Params *RequestParams, RequestType Code, Attrs ...*Attribute) (Result *RequestResult)

CiscoRequest is a Cisco request wrapper

func (*Client) Exchange 

func (c *Client) Exchange(packet *Packet, dst *net.UDPAddr, src *net.UDPAddr) (reply *Packet, err error)

Exchange sends the packet to the given server address and waits for a response.

func (*Client) JuniperActivateService 

func (c *Client) JuniperActivateService(Params *RequestParams, AcctSessionID, Service string, Timeout uint32) *RequestResult

JuniperActivateService activates a Juniper service

func (*Client) JuniperDeactivateService 

func (c *Client) JuniperDeactivateService(Params *RequestParams, AcctSessionID, Service string) *RequestResult

JuniperDeactivateService deactivates a Juniper service

func (*Client) JuniperDisconnect 

func (c *Client) JuniperDisconnect(Params *RequestParams, AcctSessionID string) *RequestResult

JuniperDisconnect disconnects a Juniper session

func (*Client) JuniperRequest 

func (c *Client) JuniperRequest(Params *RequestParams, RequestType Code, Attrs ...*Attribute) (Result *RequestResult)

JuniperRequest is a Juniper request wrapper

func (*Client) JuniperUpdateService 

func (c *Client) JuniperUpdateService(Params *RequestParams, AcctSessionID, Service string, Timeout uint32) *RequestResult

JuniperUpdateService Updates a Juniper service

func (*Client) MikrotikDisconnect 

func (c *Client) MikrotikDisconnect(Params *RequestParams, ClientIP net.IP) *RequestResult

MikrotikDisconnect is a Mikrotik disconnect wrapper

func (*Client) MikrotikRequest 

func (c *Client) MikrotikRequest(Params *RequestParams, RequestType Code, Attrs ...*Attribute) (Result *RequestResult)

MikrotikRequest is a Mikrotik request wrapper

func (*Client) Request 

func (c *Client) Request(params *RequestParams, requestType Code, attrs ...*Attribute) (result *RequestResult)

Request send a RADIUS request

type Code 

type Code byte

Code specifies the kind of RADIUS packet 

const (
	CodeAccessRequest Code = 1
	CodeAccessAccept  Code = 2
	CodeAccessReject  Code = 3

	CodeAccountingRequest  Code = 4
	CodeAccountingResponse Code = 5

	CodeAccessChallenge Code = 11

	CodeStatusServer Code = 12
	CodeStatusClient Code = 13

	CodeDisconnectRequest Code = 40
	CodeDisconnectACK     Code = 41
	CodeDisconnectNAK     Code = 42

	CodeCoARequest Code = 43
	CodeCoAACK     Code = 44
	CodeCoANAK     Code = 45

	CodeReserved Code = 255
)

Codes which are defined in RFC 2865

type Dictionary 

type Dictionary struct {
	// contains filtered or unexported fields
}

Dictionary stores mappings between attribute names and types and AttributeCodecs. 

var Builtin *Dictionary

Builtin is the built-in dictionary. It is initially loaded with the attributes defined in RFC 2865 and RFC 2866.

func (*Dictionary) Attr 

func (d *Dictionary) Attr(name string, value interface{}) (*Attribute, error)

Attr returns a new *Attribute whose type is registered under the given name. For tagged attributes use ValueTagged type w/same value types as untagged

If name is not registered, nil and an error is returned.

If the attribute's codec implements AttributeTransformer, the value is first transformed before being stored in *Attribute. If the transform function returns an error, nil and the error is returned.

func (*Dictionary) AttrTagged 

func (d *Dictionary) AttrTagged(name string, tag byte, value interface{}) (*Attribute, error)

AttrTagged returns a new *Attribute whose type is registered under the given name.

If name is not registered, nil and an error is returned.

If the attribute's codec implements AttributeTransformer, the value is first transformed before being stored in *Attribute. If the transform function returns an error, nil and the error is returned.

func (*Dictionary) Codec 

func (d *Dictionary) Codec(t byte) AttributeCodec

Codec returns the AttributeCodec for the given registered type. nil is returned if the given type is not registered.

func (*Dictionary) CodecVID 

func (d *Dictionary) CodecVID(vendorID uint32, t byte) AttributeCodec

CodecVID returns the AttributeCodec for the given registered type. nil is returned if the given type is not registered.

func (*Dictionary) MustAttr 

func (d *Dictionary) MustAttr(name string, value interface{}) *Attribute

MustAttr is a helper for Attr that panics if Attr were to return an error.

func (*Dictionary) MustRegister 

func (d *Dictionary) MustRegister(name string, t byte, codec AttributeCodec)

MustRegister is a helper for Register that panics if it returns an error.

func (*Dictionary) MustRegisterDC 

func (d *Dictionary) MustRegisterDC(dict DictionaryContainer)

MustRegisterDC is a helper for RegisterDC that panics if it returns an error.

func (*Dictionary) Name 

func (d *Dictionary) Name(t byte) (name string, ok bool)

Name returns the registered name for the given attribute type. ok is false if the given type is not registered.

func (*Dictionary) NameVID 

func (d *Dictionary) NameVID(vendorID uint32, t byte) (name string, ok bool)

NameVID returns the registered name for the given attribute VID and type. ok is false if the given type is not registered.

func (*Dictionary) NewAttrFilter 

func (d *Dictionary) NewAttrFilter(names []string) (*AttrFilter, error)

NewAttrFilter compiles attribute names into AttrFilter

func (*Dictionary) Register 

func (d *Dictionary) Register(name string, t byte, codec AttributeCodec) error

Register registers the AttributeCodec for the given attribute name and type.

func (*Dictionary) RegisterDC 

func (d *Dictionary) RegisterDC(dict DictionaryContainer) error

RegisterDC register attributes from DictionaryContainer

func (*Dictionary) StrsToAttrs 

func (d *Dictionary) StrsToAttrs(m map[string]string) (attrs []*Attribute, err error)

StrsToAttrs makes []*Attribute from map[string]string this suitable for reply from sql backend etc... returns last error

func (*Dictionary) Type 

func (d *Dictionary) Type(name string) (t byte, ok bool)

Type returns the registered type for the given attribute name. ok is false if the given name is not registered.

func (*Dictionary) VsaMustRegister 

func (d *Dictionary) VsaMustRegister(vendorID uint32, name string, t byte, codec AttributeCodec)

VsaMustRegister is a helper for Register that panics if it returns an error.

func (*Dictionary) VsaMustRegisterTag 

func (d *Dictionary) VsaMustRegisterTag(vendorID uint32, name string, t byte, codec AttributeCodec)

VsaMustRegisterTag is a helper for Register that panics if it returns an error.

func (*Dictionary) VsaRegister 

func (d *Dictionary) VsaRegister(vendorID uint32, name string, t byte, codec AttributeCodec) error

VsaRegister registers the AttributeCodec for the given attribute name and type, without tag attr.

func (*Dictionary) VsaRegisterTag 

func (d *Dictionary) VsaRegisterTag(vendorID uint32, name string, t byte, codec AttributeCodec) error

VsaRegisterTag registers the AttributeCodec for the given attribute name and type, without tag attr.

func (*Dictionary) VsaRegisterTagFlag 

func (d *Dictionary) VsaRegisterTagFlag(vendorID uint32, name string, t byte, hasTag bool, codec AttributeCodec) error

VsaRegisterTagFlag registers the AttributeCodec for the given attribute name and type, value with or without tag attr.

type DictionaryAttr 

type DictionaryAttr struct {
	Type   byte
	Name   string
	Tagged bool
	Codec  AttributeCodec
}

DictionaryAttr structure for mass Attribute import

type DictionaryContainer 

type DictionaryContainer interface {
	Dict() (vendorID uint32, attrs []DictionaryAttr)
}

DictionaryContainer additional dictionaries

type ErrorCause 

type ErrorCause uint32

ErrorCause represents an Error-Cause attribute 

const (
	ErrorCauseSessionContextNotFound ErrorCause = 503
	ErrorCauseUnsupportedExtension   ErrorCause = 406
)

Some common error causes

func (ErrorCause) String 

func (v ErrorCause) String() string

type Handler 

type Handler interface {
	ServeRadius(w ResponseWriter, p *Packet)
}

Handler is a value that can handle a server's RADIUS packet event.

type HandlerFunc 

type HandlerFunc func(w ResponseWriter, p *Packet)

HandlerFunc is a wrapper that allows ordinary functions to be used as a handler.

func (HandlerFunc) ServeRadius 

func (h HandlerFunc) ServeRadius(w ResponseWriter, p *Packet)

ServeRadius calls h(w, p).

type OneKey 

type OneKey struct {
	Name   string
	Regexp string
	Fields []int
}

OneKey expands one part of the key attribute

type Packet 

type Packet struct {
	Code          Code
	Identifier    byte
	Authenticator [16]byte
	Secret        []byte

	Raw        *[]byte
	Dictionary *Dictionary
	Attributes []*Attribute
}

Packet defines a RADIUS packet.

func New 

func New(code Code, secret []byte) *Packet

New returns a new packet with the given code and secret. The identifier and authenticator are filled with random data, and the dictionary is set to Builtin. nil is returned if not enough random data could be generated.

func Parse 

func Parse(data, secret []byte, dictionary *Dictionary) (*Packet, error)

Parse parses a RADIUS packet from wire data, using the given shared secret and dictionary. nil and an error is returned if there is a problem parsing the packet.

Note: this function does not validate the authenticity of a packet. Ensuring a packet's authenticity should be done using the IsAuthentic method.

func (*Packet) Add 

func (p *Packet) Add(name string, value interface{}) error

Add adds an attribute whose dictionary name matches the given name.

func (*Packet) AddAttr 

func (p *Packet) AddAttr(attribute *Attribute)

AddAttr adds the given attribute to the packet.

func (*Packet) AddAttrs 

func (p *Packet) AddAttrs(attributes []*Attribute)

AddAttrs adds several attributes to th epacket.

func (*Packet) Attr 

func (p *Packet) Attr(name string) *Attribute

Attr returns the first attribute whose dictionary name matches the given name. nil is returned if no such attribute exists.

func (*Packet) ClearAttributes 

func (p *Packet) ClearAttributes()

ClearAttributes removes all of the packet's attributes.

func (*Packet) Encode 

func (p *Packet) Encode() ([]byte, error)

Encode encodes the packet to wire format. If there is an error encoding the packet, nil and an error is returned.

func (*Packet) IsAuthentic 

func (p *Packet) IsAuthentic(request *Packet) bool

IsAuthentic returns if the packet is an authenticate response to the given request packet. Calling this function is only valid if both:

  • p.code is one of: CodeAccessAccept CodeAccessReject CodeAccountingRequest CodeAccountingResponse CodeAccessChallenge CodeCoAACK, CodeCOANAK CodeDisconnectACK, CodeDisconnectNAK
  • p.Authenticator contains the calculated authenticator

func (*Packet) PAP 

func (p *Packet) PAP() (username, password string, ok bool)

PAP returns the User-Name and User-Password attributes of an Access-Request packet.

If packet's code is Access-Request, and the packet has a User-Name and User-Password attribute, ok is true. Otherwise, it is false.

func (*Packet) ResponseAuthenticator 

func (p *Packet) ResponseAuthenticator() (sum []byte, err error)

ResponseAuthenticator calculates the response authenticator field

func (*Packet) Set 

func (p *Packet) Set(name string, value interface{}) error

Set sets the value of the first attribute whose dictionary name matches the given name. If no such attribute exists, a new attribute is added

func (*Packet) String 

func (p *Packet) String(name string) string

String returns the string representation of the value of the first attribute whose dictionary name matches the given name. The following rules are used for converting the attribute value to a string:

  • If no such attribute exists with the given dictionary name, "" is returned
  • If the attribute's Codec implements AttributeStringer, AttributeStringer.String(value) is returned
  • If the value implements fmt.Stringer, value.String() is returned
  • If the value is string, itself is returned
  • If the value is []byte, string(value) is returned
  • Otherwise, "" is returned

func (*Packet) Value 

func (p *Packet) Value(name string) interface{}

Value returns the value of the first attribute whose dictionary name matches the given name. nil is returned if no such attribute exists.

func (*Packet) Values 

func (p *Packet) Values(name string) (values []interface{})

Values returns a slice of all attributes' values with given name

type RadClient 

type RadClient struct {
	Net    uint32
	Mask   uint32
	Secret []byte
}

RadClient is a RADIUS client

type RequestParams 

type RequestParams struct {
	Secret         []byte
	SrcAddress     *net.UDPAddr
	DstAddressPort *net.UDPAddr
}

RequestParams are parameters specific to an outgoing RADIUS request

type RequestResult 

type RequestResult struct {
	Success      bool
	Duration     time.Duration
	ErrorCause   ErrorCause
	Error        error
	ErrorString  string
	ResultString string
	Timestamp    time.Time
	AVPairs      []*AVP
}

RequestResult is a RADIUS request result

type ResponseWriter 

type ResponseWriter interface {
	// LocalAddr returns the address of the local server that accepted the
	// packet.
	LocalAddr() net.Addr

	// RemoteAddr returns the address of the remote client that sent to packet.
	RemoteAddr() net.Addr

	// Write sends a packet to the sender.
	Write(packet *Packet) error

	// AccountingACK sends an Accounting-Response packet to the sender that includes
	// the given attributes.
	AccountingACK(attributes ...*Attribute) error

	// AccessAccept sends an Access-Accept packet to the sender that includes
	// the given attributes.
	AccessAccept(attributes ...*Attribute) error

	// AccessAccept sends an Access-Reject packet to the sender that includes
	// the given attributes.
	AccessReject(attributes ...*Attribute) error

	// AccessAccept sends an Access-Challenge packet to the sender that includes
	// the given attributes.
	AccessChallenge(attributes ...*Attribute) error

	SetReplicationDestinations([]*net.UDPAddr)
	SetReplyReplication(bool)
}

ResponseWriter is used by Handler when replying to a RADIUS packet.

type Server 

type Server struct {
	// Address to bind the server on. If empty, the address defaults to ":1812".
	Addr string

	// Network of the server. Valid values are "udp", "udp4", "udp6". If empty,
	// the network defaults to "udp".
	Network string

	// The shared secret between the client and server.
	Secret []byte

	// Slice of addresses where to replicate requests
	ReplicateTo      []string
	ReplicateReplies bool

	// Client->Secret mapping
	ClientsSecrets map[string]string

	// Ratelimit
	RateLimiter         *rate.Limiter
	RateLimiterCtx      context.Context
	MaxPendingRequests  uint32
	PendingRequests     uint32
	PendingRequestsMtx  sync.Mutex
	PendingRequestsCond *sync.Cond

	// Buffer
	BufferSize int

	// Dictionary used when decoding incoming packets.
	Dictionary *Dictionary

	// The packet handler that handles incoming, valid packets.
	Handler Handler
	// contains filtered or unexported fields
}

Server is a server that listens for and handles RADIUS packets.

func (*Server) Close 

func (s *Server) Close() error

Close stops listening for packets. Any packet that is currently being handled will not be able to respond to the sender.

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe() (err error)

ListenAndServe starts a RADIUS server on the address given in s.

type ValueTagged 

type ValueTagged struct {
	Tag   byte
	Value interface{}
}

ValueTagged struct for tagged attributes

type VendorDict 

type VendorDict struct {
	VendorName string
	VendorID   uint32
	Attrs      []struct {
		Name    string
		Type    byte
		Tagged  bool
		RadType string
		Aliases []string
	}
}

VendorDict Vendor dictionary for configs

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.