tacquito

package module
v0.0.0-...-f45b532 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2024 License: MIT Imports: 16 Imported by: 1

README

tacqutio build

Tacquito - An RFC8907 TACACS+ Implementation

Tacquito provides an rfc8907 implementation of TACACS+. This package is primarily a module that implements the TACACS+ protocol and can be used to build TACACS+ servers and clients. We provide a reference implementation of a client and a server but you are encouraged to experiment and replace core components of the system. The tacquito package is designed with dependency injection at its core. Many of the core types are interfaces and may be replaced with differing implementations as needed. We support middleware through the Handler interface, similar in nature to how the http package does with handlers.

Quick Start

Tacquito Mascot

You can easily start a server using the example yaml config by opening a shell in the server and client directories. E.g., you might have it in /home/$USER/go/src/github.com/facebookincubator/tacquito.

Server
cd cmds/server && go run .
Client
cd cmds/client && go run . -username cisco -password cisco

Running the above will show a simple authentication exchange.

Overview

The tacquito package is meant to be used as a module to build on. The only concrete implementations that are of interest are in server.go and the HandlerFunc/Handler types. These are used to construct external interaction from the specific client or server implementations. We offer an example server that could be used in production, with a few customizations for your environment. The reference client is just an example that we use to test the server or other devices. We patterned the handlers after common approaches seen in other services such as the http package, using a Handler interface or a HandlerFunc.

Tacquito is split up in the following way:

  • tacquito/ - the base package. Our example server, client, handlers, etc etc, all are built on this package. Consider this the core package. All other code can be injected, discarded and rewritten, etc. Changes to core code are typically breaking changes, whereas changes to handlers, etc are isolated to themselves and any downstream code that depends on it.
  • tacquito/cmds/client - a default client implementation.
  • tacquito/cmds/server/ - a default server implementation.
  • tacquito/cmds/server/config - config holds the config parsing code and the different handler types that implement the three "A"s, Authentication, Authorization and Accounting.
  • tacquito/cmds/server/config/authenticators/ - we provided a bcrypt authenticator handler as an example
  • tacquito/cmds/server/config/authorizers/ - we provided our default "stringy" authorization handler. It supports command and service based authorization.
  • tacquito/cmds/server/config/accounters/ - local and syslog accounter handlers
  • tacquito/cmds/server/config/secret/ - a dns and prefix (rfc compliant) secret providers.
  • tacquito/cmds/server/exporter/ - prometheus stat exporter
  • tacquito/cmds/server/handlers/ - the default handlers we use to process AAA packets. We support most of the flows for each packet type. The start and span handler live here.
  • tacquito/cmds/server/loader/ - this is where the different config loader implementations exist. We provided yaml, json, and an fsnotify wrapper to pickup local changes.
  • tacquito/cmds/server/test/ - tests specific to the reference server implementation. There are several other tests sprinkled around the codebase and relatively exhaustive tests for the base tacquito package as well. See tacquito/ for details.
  • tacquito/proxy/ - provides an implementation for haproxy PROXY ASCII. This is not provided in the server implementation in main.go, but could be injected if desired.
  • tacquito/**/ - other directories that you should explore. Most provide a dependency injection for some aspect of the server or config.

cmds/client

The client folder holds a reference example for a client. It is not an exhaustive implementation, simply illustrative.

cmds/server

The server folder holds several additional subpackages, but this is a design decision we made for ourselves that allows us to use the oss code and provide injected, private implementations specific to Meta. You are encouraged to make any implementation that suits your needs in the server itself or the config or secret packages. This is meant to serve as an example only.

cmds/server/config

The config package contains authenticators, authorizers, accounters, and secret provider subpackages. The config package also contains the user/group types that form our relationship with configuration consumption. See types.go in particular for unmarshalling details. We provide YAML and JSON as the default formats but the concrete types in types.go can be composed into any other config formats desired. We also encourage iteration on these formats and welcome PR requests to support additional, purposeful format additions.

cmds/server/loader

The loader package contains the implementation details for consuming and unmarshalling config files in JSON and YAML. Additionally, it includes an fsnotify wrapper to detect changes in the config file and automatically trigger a reload of the config. This means you do not need to restart your server if you change your config. Only valid configs will be applied. Invalid configs will end up being no-ops or get loaded to a best effort if they pass the unmarshalling code. Take care to not drop valid traffic from bad configurations, it's quite easy to do. Validation code around custom configs is strongly encouraged for this reason and we provide no examples, but these are easy to construct and could be provided in your own loader implementation.

server.go

The server.go file holds the state machine that processes the HandlerFunc/Handler types. Our code doc strings serve as our primary documentation source which you are strongly encouraged to read.

Configuration

Tacquito does not read or support config formats that you'd traditionally see in other tacacs+ implementations. We adhere in intent to these formats but represent the ideas in a different way. As such, the way we compose and evaluate the config is different as well. We have chosen this to allow for more flexibility when writing config and more deterministic behavior when we match on a config item. The composition of independent config items are explained in the following sections. All of these can be replaced via injection with your own implementations, even the format of the incoming config, if desired.

SecretProviders

An ordered list of SecretConfigs. Each SecretConfig is evaluated as first match, first win. SecretConfigs are a significant branch from the normal prefix matching process in other tacacs implementations where a client is matched against a key using their address. We allow for any implementation to exist here and provide a few examples of ip address matching and dns. It's possible to construct even more complicated lookups that reference external systems. Allowing this matching deviates from the RFC but the deviations are server side only and transparent to the client. The client is unaware entirely. You're welcome to stick with the RFC provider types (prefix) if you wish, but feel free to explore other forms. When doing so, be mindful that SecretProviders are in the hot code path for incoming client connections and utmost care should be given when implementing behaviors.

SecretConfigs

Defines how the server will group client devices or even a single device depending on how the SecretConfig is designed.

  • name - must be globally unique in config. this is the "scope" to which users are associated to.
  • secret - the secret keychain implementation to use. You have group and key in the example implementation but could be changed to anything required.
  • handler - this is the first handler accepted clients land on; typically START. SPAN is also available or you are welcome to create your own.
  • type - the type of secret provider to use. Examples include DNS or PREFIX.
  • options - a map[str,str] of free form options. Providers typically need extra hints about what to use or how to bootstrap themselves. Exmaple use is found in DNS and PREFIX.
Keychain

Defines what group and optionally what key to use when interacting with Keychain. Keychain defines what PSK to use within the tacas protocol. We only provide trivial implemenations for these and you should definitely consider how to securely store/retrieve your secrets in a provider that meets your needs.

Handler

Defines what handler the server will use to service the matching connection that the SecretConfig matched against. The handler is usually Start or Span, depending on your config. Take special care when reviewing the Span handler.

Key Takeaway

The ordered list of SecretConfigs which form our SecretProvider list define how we communicate with a device; the PSK to use, the potential clients accept provider (dns, prefix, etc), and the initial handler. The name of the provider is the "scope" used on the users. First match wins.

Users

Defines a username within a system. The user object defines the scope a user is a member of and optionally includes services, commands, authenticators and accounters. If any of these items are done at thet user level, they are explicit overrides from any inherited groups.

  • name - the username with the system. usernames need not be globally unique, but they must be unique per scope.
  • scope - the unique name of a SecretConfig to associate this user to.
  • groups - the groups that this user will inherit from.
  • services - services to allow. used only when you want to override values inherited from groups.
  • commands - commands to allow. used only when you want to override values inherited from groups.
  • authenticator - the authenticator provider type to use. used only when you want to override values inherited from groups.
  • accounter - the authenticator provider type to use. used only when you want to override values inherited from groups.
Key Takeaway

User config is core to tacquitos implementation. When config is loaded, we compose this down to individual user settings. Any directives associated to the user override any conflicting directives obtained from the groups. Usernames need only be unique within the scopes that they are used in. Said differently, all configuration is ultimately applied on the user either through inheritance from groups or via overrides on the user object. The config at this point should be considered user level only as it gets loaded into the associated SecretProvider. If other injected code then manipulates this user object within that scope, the changes are constrained there, allowing for extremely precise changes and preventing unintended propagation to different scopes.

Groups

Associate services, commands, authenticators, accounters for reuse. These are secondary to any competing concepts found on the user level.

Service

Defines an interaction attribute-value-pair for events that need service based authorization (aka session based in the rfc)

  • name - a globally unique name for a service
  • match - attribute-value-pairs provided from the client that will we match against. If we match all conditions completely, we will use the service for a given request.
  • set_values - defines the return attribute-value-pairs that we will send back to the client under a match condition.
Key Takeaway

Services are used for session-based authorization. It is essential to understand the rfc and the potential complexity of competing vendor requirements/expectations for service based flows.

Command

Defines an interaction attribute-value-pair for events from clients requesting command based authorization.

  • name - a globally unique name for a command
  • action - permit or deny
  • match - attribute-value-pairs provided by the client. We must fully match to qualify.
Key Takeaway

Command is the simplest form of authorization flows. The avps we match on are based on regex patterns. First match wins.

Authenticator

Simply, how we authenticate users. We provide a Bcrypt authenticator as an example.

Authorizer

Injectable only from main.go - no config knobs exist for this.

Accounter

Simply, how you log accounting data to your respective backend. This could be a log file, or something more complex.

Key Takeaway

All three A(s) are optional. There is no RFC requirement that authentication occurs on the same system that authorization, nor accounting does. Even enable requests do not demand a previous authentication or authorization. Assume nothing in terms of AAA state when running more than one instance of this service. Failing to provide an implementation for one of the A(s) will result in a default deny to the client.

Service Architecture Overview

Tacquito is designed with dependency injection at its heart. Whenever we had the option to allow for something to be injected, we did so. This created a service that was very flexible, but at the cost of increased complexity in terms of how it pulled everything together. Ultimately, this created an extremely flexible service that can easily pivot internal requirements to create a main binary that can run under any environment and not risk breaking any other dependencies should some be removed or replaced. Keep dependency injection in mind when considering the layout.

Service Overview

Configuration

Provides authentication, authorization and accounting injection points. YAML is recommended, but JSON and other formats would also work with a custom loader implementation (also injectable). All dependencies here must be injected in main via their respective registration functions. Missing dependencies will receive default implementations. Bad configuration will be verbosely logged and rejected but will not stop processing of the rest of the config. A sample YAML config can be found here.

Server Loop

The server loop is implemented in the main tacquito package. All connection management occurs in github.com/facebookincubator/tacquito/server.go. A private session manager implementation is enforced here and is one of the rare examples of something we did not expose to dependency injection. All handlers are called from this loop.

Handlers

Handlers are everywhere. They can be middleware and anything in between a client accept, response or disconnect. handlers may be implemented as higher order functions or implement the handler interface. All handlers are replaceable, wrapable or removable via dependency injection.

Interface:

Handle(response tq.Response, request tq.Request)

Higher Order Function:

tq.HandlerFunc(
    func(response tq.Response, request tq.Request)
)

Externals

Externals represent systems or files that the server depends on for config or decision making. You're limited only by your own implementations of these concepts.

Notes on testing

We have many tests, but not all are extensive enough to capture all scenarios. We believe we have tested the rfc related fields and flows quite well, but testing is one of those things that can always be improved on.

Contributing

See the CONTRIBUTING file for how to help out.

License

Tacquito is MIT licensed, as found in the LICENSE file.

Documentation

Index

Constants

View Source 
const (
	// MajorVersion is the major TACACS version number.
	MajorVersion = 0xc
	// MinorVersionDefault is TACACS
	MinorVersionDefault = 0x0
	// MinorVersionOne is TACACS+
	MinorVersionOne = 0x1

	// HeaderMaxSequence if reached, connection must terminate and start at 1 again
	HeaderMaxSequence = 255
)

constants related to Version

View Source 
const AcctReplyLen = 0x5

AcctReplyLen minumum length of this packet type

View Source 
const AcctRequestLen = 0x9

AcctRequestLen minumum length of this packet type

View Source 
const AuthenContinueLen = 0x05

AuthenContinueLen minumum length of this packet type

View Source 
const AuthenReplyLen = 0x05

AuthenReplyLen minumum length of this packet type

View Source 
const AuthenStartLen = 0x08

AuthenStartLen minumum length of this packet type

View Source 
const AuthorReplyLen = 0x6

AuthorReplyLen minumum length of this packet type

View Source 
const AuthorRequestLen = 0x8

AuthorRequestLen minumum length of this packet type

View Source 
const (
	// MaxBodyLength is the total length of the packet body (not including the header).
	// Implementations MUST allow control over maximum packet sizes
	// accepted by TACACS+ Servers.  The recommended maximum packet size
	// is 2^(16).
	MaxBodyLength uint32 = 65536
)
View Source 
const MaxHeaderLength = 0x0c

MaxHeaderLength defines a fixed size for a tacacs header

Variables

This section is empty.

Functions

func Unmarshal 

func Unmarshal(v []byte, t EncoderDecoder) error

Unmarshal will unmarshal tacacs bytes

Types

type AcctArg 

type AcctArg string

AcctArg is the arguments describe the specifics of the accounting that is being requested.

func (AcctArg) Validate 

func (t AcctArg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctBytes 

type AcctBytes int

AcctBytes The number of bytes transferred by this action.

func (AcctBytes) Len 

func (t AcctBytes) Len() int

Len returns the length of AcctBytes.

func (AcctBytes) String 

func (t AcctBytes) String() string

String returns AcctBytes as a string.

func (AcctBytes) Validate 

func (t AcctBytes) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctBytesIn 

type AcctBytesIn int

AcctBytesIn The number of bytes transferred by this action from the endstation to the client port.

func (AcctBytesIn) Len 

func (t AcctBytesIn) Len() int

Len returns the length of AcctBytesIn.

func (AcctBytesIn) String 

func (t AcctBytesIn) String() string

String returns AcctBytesIn as a string.

func (AcctBytesIn) Validate 

func (t AcctBytesIn) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctBytesOut 

type AcctBytesOut int

AcctBytesOut The number of bytes transferred by this action from the client to the endstation port.

func (AcctBytesOut) Len 

func (t AcctBytesOut) Len() int

Len returns the length of AcctBytesOut.

func (AcctBytesOut) String 

func (t AcctBytesOut) String() string

String returns AcctBytesOut as a string.

func (AcctBytesOut) Validate 

func (t AcctBytesOut) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctData 

type AcctData string

AcctData is a string that may be presented on an administrative display, console, or log. The decision to present this message is client specific. The data_len indicates the length of the data field, in bytes. For details of text encoding, see "Treatment of Text Strings"

func (AcctData) Len 

func (t AcctData) Len() int

Len returns the length of AcctData.

func (AcctData) String 

func (t AcctData) String() string

String returns AcctData as a string.

func (AcctData) Validate 

func (t AcctData) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctElapsedTime 

type AcctElapsedTime int

AcctElapsedTime The elapsed time in seconds for the action.

func (AcctElapsedTime) Len 

func (t AcctElapsedTime) Len() int

Len returns the length of AcctElapsedTime.

func (AcctElapsedTime) String 

func (t AcctElapsedTime) String() string

String returns AcctElapsedTime as a string.

func (AcctElapsedTime) Validate 

func (t AcctElapsedTime) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctErrMsg 

type AcctErrMsg string

AcctErrMsg A string describing the status of the action. For details of text encoding, see "Treatment of Text Strings" (https://datatracker.ietf.org/doc/html/rfc8907#section-3.7).

func (AcctErrMsg) Len 

func (t AcctErrMsg) Len() int

Len returns the length of AcctErrMsg.

func (AcctErrMsg) String 

func (t AcctErrMsg) String() string

String returns AcctErrMsg as a string.

func (AcctErrMsg) Validate 

func (t AcctErrMsg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctEvent 

type AcctEvent string

AcctEvent is Used only when "service=system". Current values are "net_acct", "cmd_acct", "conn_acct", "shell_acct", "sys_acct", and "clock_change". These indicate system-level changes. The flags field SHOULD indicate whether the service started or stopped.

func (AcctEvent) Len 

func (t AcctEvent) Len() int

Len returns the length of AcctEvent.

func (AcctEvent) String 

func (t AcctEvent) String() string

String returns AcctEvent as a string.

func (AcctEvent) Validate 

func (t AcctEvent) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctPaks 

type AcctPaks int

AcctPaks The number of packets transferred by this action.

func (AcctPaks) Len 

func (t AcctPaks) Len() int

Len returns the length of AcctPaks.

func (AcctPaks) String 

func (t AcctPaks) String() string

String returns AcctPaks as a string.

func (AcctPaks) Validate 

func (t AcctPaks) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctPaksIn 

type AcctPaksIn int

AcctPaksIn The number of input packets transferred by this action from the endstation to the client port.

func (AcctPaksIn) Len 

func (t AcctPaksIn) Len() int

Len returns the length of AcctPaksIn.

func (AcctPaksIn) String 

func (t AcctPaksIn) String() string

String returns AcctPaksIn as a string.

func (AcctPaksIn) Validate 

func (t AcctPaksIn) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctPaksOut 

type AcctPaksOut int

AcctPaksOut The number of output packets transferred by this action from the endstation to the client port.

func (AcctPaksOut) Len 

func (t AcctPaksOut) Len() int

Len returns the length of AcctPaksOut.

func (AcctPaksOut) String 

func (t AcctPaksOut) String() string

String returns AcctPaksOut as a string.

func (AcctPaksOut) Validate 

func (t AcctPaksOut) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctReason 

type AcctReason string

AcctReason Accompanies an event argument. It describes why the event occurred.

func (AcctReason) Len 

func (t AcctReason) Len() int

Len returns the length of AcctReason.

func (AcctReason) String 

func (t AcctReason) String() string

String returns AcctReason as a string.

func (AcctReason) Validate 

func (t AcctReason) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctReply 

type AcctReply struct {
	Status    AcctReplyStatus
	ServerMsg AcctServerMsg
	Data      AcctData
}

AcctReply https://datatracker.ietf.org/doc/html/rfc8907#section-7.2

func NewAccountingReplyFromBytes 

func NewAccountingReplyFromBytes(data []byte) (*AcctReply, error)

NewAccountingReplyFromBytes creates AcctReply from decrypted tacacs bytes

func NewAcctReply 

func NewAcctReply(opts ...AcctReplyOption) *AcctReply

NewAcctReply will create a new AcctReply based on the provided options

func (AcctReply) Fields 

func (a AcctReply) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AcctReply) Len 

func (a AcctReply) Len() int

Len will return the unmarshalled size of the component types

func (*AcctReply) MarshalBinary 

func (a *AcctReply) MarshalBinary() ([]byte, error)

MarshalBinary marshals AccountingReply to tacacs bytes

func (*AcctReply) UnmarshalBinary 

func (a *AcctReply) UnmarshalBinary(data []byte) error

UnmarshalBinary unmarshals decrypted tacacs bytes to AcctReply

func (*AcctReply) Validate 

func (a *AcctReply) Validate() error

Validate all fields on this type

type AcctReplyOption 

type AcctReplyOption func(*AcctReply)

AcctReplyOption is used to inject options when creating new AcctRequest types

func SetAcctReplyData 

func SetAcctReplyData(v AcctData) AcctReplyOption

SetAcctReplyData sets the AcctData.

func SetAcctReplyServerMsg 

func SetAcctReplyServerMsg(v string) AcctReplyOption

SetAcctReplyServerMsg sets the AcctServerMsg.

func SetAcctReplyStatus 

func SetAcctReplyStatus(v AcctReplyStatus) AcctReplyOption

SetAcctReplyStatus sets the AcctReplyStatus.

type AcctReplyStatus 

type AcctReplyStatus uint8

AcctReplyStatus is the status of the accounting action. 

const (
	// AcctReplyStatusSuccess per rfc
	AcctReplyStatusSuccess AcctReplyStatus = 0x01
	// AcctReplyStatusError per rfc
	AcctReplyStatusError AcctReplyStatus = 0x02
)

func (AcctReplyStatus) Len 

func (t AcctReplyStatus) Len() int

Len returns the length of AcctReplyStatus.

func (AcctReplyStatus) String 

func (t AcctReplyStatus) String() string

String returns AcctReplyStatus as a string.

func (AcctReplyStatus) Validate 

func (t AcctReplyStatus) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctRequest 

type AcctRequest struct {
	Flags   AcctRequestFlag
	Method  AuthenMethod
	PrivLvl PrivLvl
	Type    AuthenType
	Service AuthenService
	User    AuthenUser
	Port    AuthenPort
	RemAddr AuthenRemAddr
	Args    Args
}

AcctRequest https://datatracker.ietf.org/doc/html/rfc8907#section-7.1

func NewAccountingRequestFromBytes 

func NewAccountingRequestFromBytes(data []byte) (*AcctRequest, error)

NewAccountingRequestFromBytes creates AcctRequest for tacacs decrypted bytes

func NewAcctRequest 

func NewAcctRequest(opts ...AcctRequestOption) *AcctRequest

NewAcctRequest will create a new AcctRequest based on the provided options

func (AcctRequest) Fields 

func (a AcctRequest) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AcctRequest) Len 

func (a AcctRequest) Len() int

Len will return the unmarshalled size of the component types

func (*AcctRequest) MarshalBinary 

func (a *AcctRequest) MarshalBinary() ([]byte, error)

MarshalBinary marshals AccountingRequest to tacacs bytes

func (*AcctRequest) UnmarshalBinary 

func (a *AcctRequest) UnmarshalBinary(data []byte) error

UnmarshalBinary unmarshals decrypted tacacs bytes to AccountingRequest

func (*AcctRequest) Validate 

func (a *AcctRequest) Validate() error

Validate all fields on this type

type AcctRequestFlag 

type AcctRequestFlag uint8

AcctRequestFlag bitmapped values 

const (
	// AcctFlagStart per rfc
	AcctFlagStart AcctRequestFlag = 0x02
	// AcctFlagStop per rfc
	AcctFlagStop AcctRequestFlag = 0x04
	// AcctFlagWatchdog per rfc
	AcctFlagWatchdog AcctRequestFlag = 0x08
	// AcctFlagWatchdogWithUpdate with update per rfc
	AcctFlagWatchdogWithUpdate AcctRequestFlag = 0x0A
)

func (*AcctRequestFlag) Clear 

func (b *AcctRequestFlag) Clear(f AcctRequestFlag)

Clear AcctRequestFlag's f bit.

func (*AcctRequestFlag) Has 

func (b *AcctRequestFlag) Has(f AcctRequestFlag) bool

Has returns true when b has the f bit set.

func (AcctRequestFlag) Len 

func (t AcctRequestFlag) Len() int

Len returns the length of AcctRequestFlag.

func (*AcctRequestFlag) Set 

func (b *AcctRequestFlag) Set(f AcctRequestFlag)

Set AcctRequestFlag's f bit.

func (AcctRequestFlag) String 

func (t AcctRequestFlag) String() string

String to satisfy Fields interface

func (*AcctRequestFlag) Toggle 

func (b *AcctRequestFlag) Toggle(f AcctRequestFlag)

Toggle AcctRequestFlag's f bit.

func (AcctRequestFlag) Validate 

func (t AcctRequestFlag) Validate(condition interface{}) error

Validate checks for the correct flags to be set

type AcctRequestOption 

type AcctRequestOption func(*AcctRequest)

AcctRequestOption is used to inject options when creating new AcctRequest types

func SetAcctRequestArgs 

func SetAcctRequestArgs(v Args) AcctRequestOption

SetAcctRequestArgs sets the Args.

func SetAcctRequestFlag 

func SetAcctRequestFlag(v AcctRequestFlag) AcctRequestOption

SetAcctRequestFlag sets the AcctRequestFlag.

func SetAcctRequestMethod 

func SetAcctRequestMethod(v AuthenMethod) AcctRequestOption

SetAcctRequestMethod sets the AuthenMethod.

func SetAcctRequestPort 

func SetAcctRequestPort(v AuthenPort) AcctRequestOption

SetAcctRequestPort sets the AuthenPort.

func SetAcctRequestPrivLvl 

func SetAcctRequestPrivLvl(v PrivLvl) AcctRequestOption

SetAcctRequestPrivLvl sets the PrivLvl.

func SetAcctRequestRemAddr 

func SetAcctRequestRemAddr(v AuthenRemAddr) AcctRequestOption

SetAcctRequestRemAddr sets the AuthenRemAddr.

func SetAcctRequestService 

func SetAcctRequestService(v AuthenService) AcctRequestOption

SetAcctRequestService sets the AuthenService.

func SetAcctRequestType 

func SetAcctRequestType(v AuthenType) AcctRequestOption

SetAcctRequestType sets the AuthenType.

func SetAcctRequestUser 

func SetAcctRequestUser(v AuthenUser) AcctRequestOption

SetAcctRequestUser sets the AuthenUser.

type AcctServerMsg 

type AcctServerMsg string

AcctServerMsg is a string that may be presented to the user. The server_msg_len indicates the length of the server_msg field, in bytes. For details of text encoding, see "Treatment of Text Strings"

func (AcctServerMsg) Len 

func (t AcctServerMsg) Len() int

Len returns the length of AcctServerMsg.

func (AcctServerMsg) String 

func (t AcctServerMsg) String() string

String returns AcctServerMsg as a string.

func (AcctServerMsg) Validate 

func (t AcctServerMsg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctStartTime 

type AcctStartTime int

AcctStartTime The time the action started (in seconds since the epoch).

func (AcctStartTime) Len 

func (t AcctStartTime) Len() int

Len returns the length of AcctStartTime.

func (AcctStartTime) String 

func (t AcctStartTime) String() string

String returns AcctStartTime as a string.

func (AcctStartTime) Validate 

func (t AcctStartTime) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctStopTime 

type AcctStopTime int

AcctStopTime The time the action stopped (in seconds since the epoch).

func (AcctStopTime) Len 

func (t AcctStopTime) Len() int

Len returns the length of AcctStopTime.

func (AcctStopTime) String 

func (t AcctStopTime) String() string

String returns AcctStopTime as a string.

func (AcctStopTime) Validate 

func (t AcctStopTime) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctTaskID 

type AcctTaskID string

AcctTaskID - Start and stop records for the same event MUST have matching task_id argument values. The client MUST ensure that active task_ids are not duplicated; a client MUST NOT reuse a task_id in a start record until it has sent a stop record for that task_id. Servers MUST NOT make assumptions about the format of a task_id.

func (AcctTaskID) Len 

func (t AcctTaskID) Len() int

Len returns the length of AcctTaskID.

func (AcctTaskID) String 

func (t AcctTaskID) String() string

String returns AcctTaskID as a string.

func (AcctTaskID) Validate 

func (t AcctTaskID) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AcctTimezone 

type AcctTimezone string

AcctTimezone The time zone abbreviation for all timestamps included in this packet

func (AcctTimezone) Len 

func (t AcctTimezone) Len() int

Len returns the length of AcctTimezone.

func (AcctTimezone) String 

func (t AcctTimezone) String() string

String returns AcctTimezone as a string.

func (AcctTimezone) Validate 

func (t AcctTimezone) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type Arg 

type Arg string

Arg per rfc, The arguments describe the specifics of the authorization that is being requested.

func (Arg) ASV 

func (t Arg) ASV() (string, string, string)

ASV splits an attribute value pair into attribute, separator, value

func (Arg) Len 

func (t Arg) Len() int

Len returns the length of Arg.

func (Arg) String 

func (t Arg) String() string

String returns Arg as a string, with all leading and trailing white space removed, as defined by Unicode.

func (Arg) Validate 

func (t Arg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type Args 

type Args []Arg

Args is a helper type used when dealing with string args that have been converted to Arg types

func (*Args) Append 

func (t *Args) Append(args ...string)

Append will append arg strings to t and convert them to Arg in the process

func (Args) Args 

func (t Args) Args() []string

Args splits the Args into cmd, cmd-arg and other=arg the key is the left side of the delimiter, etc

func (Args) Command 

func (t Args) Command() string

Command returns the cmd only if cmd=foo or cmd= or cmd*, etc is provided the delimiter is immaterial to this function returning a value the returned value will be a zero value if cmd is not present

func (Args) CommandArgs 

func (t Args) CommandArgs() string

CommandArgs joins all cmd-arg args into a single string.

func (Args) CommandArgsNoLE 

func (t Args) CommandArgsNoLE() string

CommandArgsNoLE joins all cmd-arg args into a single string and ignores line endings, specifically <cr>

func (Args) CommandSplit 

func (t Args) CommandSplit() (string, string, string)

CommandSplit returns the attribute, separator and value of cmd= or cmd* or cmd=show or cmd*show. Zero values are returned if not found

func (Args) Len 

func (t Args) Len() int

Len returns the length of Args.

func (Args) Service 

func (t Args) Service() string

Service joins all service args into a single string.

func (Args) String 

func (t Args) String() string

String returns Args as string

func (Args) Unique 

func (t Args) Unique() Args

Unique will filter out duplicate args, if any are found

func (Args) Validate 

func (t Args) Validate(condition interface{}) error

Validate is all ASCII

type AuthenAction 

type AuthenAction uint8

AuthenAction indicates the authentication Action. Legal values are listed below. 

const (
	// AuthenActionLogin per rfc
	AuthenActionLogin AuthenAction = 0x01
	// AuthenActionPass per rfc
	AuthenActionPass AuthenAction = 0x02
	// AuthenActionSendAuth per rfc
	AuthenActionSendAuth AuthenAction = 0x04
)

func (AuthenAction) Len 

func (t AuthenAction) Len() int

Len returns the length of AuthenAction.

func (AuthenAction) String 

func (t AuthenAction) String() string

String returns AuthenAction as a string.

func (AuthenAction) Validate 

func (t AuthenAction) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenContinue 

type AuthenContinue struct {
	Flags       AuthenContinueFlag
	UserMessage AuthenUserMessage
	Data        AuthenData
}

AuthenContinue see https://datatracker.ietf.org/doc/html/rfc8907#section-5.3

func NewAuthenContinue 

func NewAuthenContinue(opts ...AuthenContinueOption) *AuthenContinue

NewAuthenContinue will create a new AuthenContinue based on the provided options

func (AuthenContinue) Fields 

func (a AuthenContinue) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AuthenContinue) Len 

func (a AuthenContinue) Len() int

Len will return the unmarshalled size of the component types

func (*AuthenContinue) MarshalBinary 

func (a *AuthenContinue) MarshalBinary() ([]byte, error)

MarshalBinary encodes AuthenContinue to tacacs bytes

func (*AuthenContinue) UnmarshalBinary 

func (a *AuthenContinue) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes decrypted tacacs bytes to AuthenContinue

func (*AuthenContinue) Validate 

func (a *AuthenContinue) Validate() error

Validate all fields on this type

type AuthenContinueFlag 

type AuthenContinueFlag uint8

AuthenContinueFlag flags that modify the action to be taken. 

const (
	// AuthenContinueFlagAbort per rfc
	AuthenContinueFlagAbort AuthenContinueFlag = 0x01
)

func (*AuthenContinueFlag) Clear 

func (b *AuthenContinueFlag) Clear(f AuthenContinueFlag)

Clear AuthenContinueFlag's f bit.

func (*AuthenContinueFlag) Has 

func (b *AuthenContinueFlag) Has(f AuthenContinueFlag) bool

Has returns true when b has the f bit set.

func (*AuthenContinueFlag) Set 

func (b *AuthenContinueFlag) Set(f AuthenContinueFlag)

Set AuthenContinueFlag's f bit.

func (AuthenContinueFlag) String 

func (b AuthenContinueFlag) String() string

String to satisfy Fields interface

func (*AuthenContinueFlag) Toggle 

func (b *AuthenContinueFlag) Toggle(f AuthenContinueFlag)

Toggle AuthenContinueFlag's f bit.

type AuthenContinueOption 

type AuthenContinueOption func(*AuthenContinue)

AuthenContinueOption is used to inject options when creating new AuthenContinue types

func SetAuthenContinueData 

func SetAuthenContinueData(v AuthenData) AuthenContinueOption

SetAuthenContinueData sets AuthenData

func SetAuthenContinueFlag 

func SetAuthenContinueFlag(v AuthenContinueFlag) AuthenContinueOption

SetAuthenContinueFlag sets AuthenContinueFlag

func SetAuthenContinueUserMessage 

func SetAuthenContinueUserMessage(v AuthenUserMessage) AuthenContinueOption

SetAuthenContinueUserMessage sets AuthenUserMessage

type AuthenData 

type AuthenData string

AuthenData - This field carries information that is specific to the action and the authen_type for this session. Valid uses of this field are described below. The data_len indicates the length of the data field, in bytes.

func (AuthenData) Len 

func (t AuthenData) Len() int

Len returns the length of AuthenData.

func (AuthenData) String 

func (t AuthenData) String() string

String maps AuthenData to string.

func (AuthenData) Validate 

func (t AuthenData) Validate(condition interface{}) error

Validate length of value

type AuthenMethod 

type AuthenMethod uint8

AuthenMethod per rfc and terribly named. Should read AuthorMethod, but rfc defines it as authen_method. 

const (
	// AuthenMethodNotSet per rfc
	AuthenMethodNotSet AuthenMethod = 0x0
	// AuthenMethodNone per rfc
	AuthenMethodNone AuthenMethod = 0x01
	// AuthenMethodKrb5 per rfc
	AuthenMethodKrb5 AuthenMethod = 0x02
	// AuthenMethodLine per rfc
	AuthenMethodLine AuthenMethod = 0x03
	// AuthenMethodEnable per rfc
	AuthenMethodEnable AuthenMethod = 0x04
	// AuthenMethodLocal per rfc
	AuthenMethodLocal AuthenMethod = 0x05
	// AuthenMethodTacacsPlus per rfc
	AuthenMethodTacacsPlus AuthenMethod = 0x06
	// AuthenMethodGuest per rfc
	AuthenMethodGuest AuthenMethod = 0x08
	// AuthenMethodRadius per rfc
	AuthenMethodRadius AuthenMethod = 0x10
)

func (AuthenMethod) Len 

func (t AuthenMethod) Len() int

Len returns the length of AuthenMethod.

func (AuthenMethod) String 

func (t AuthenMethod) String() string

String returns AuthenMethod as a string.

func (AuthenMethod) Validate 

func (t AuthenMethod) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenPort 

type AuthenPort string

AuthenPort see packet type for use information.

func (AuthenPort) Len 

func (t AuthenPort) Len() int

Len returns the length of AuthenPort.

func (AuthenPort) String 

func (t AuthenPort) String() string

String returns AuthenPort as a string.

func (AuthenPort) Validate 

func (t AuthenPort) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenRemAddr 

type AuthenRemAddr string

AuthenRemAddr see packet type for use information.

func (AuthenRemAddr) Len 

func (t AuthenRemAddr) Len() int

Len returns the length of AuthenRemAddr.

func (AuthenRemAddr) String 

func (t AuthenRemAddr) String() string

String returns AuthenRemAddr as a string.

func (AuthenRemAddr) Validate 

func (t AuthenRemAddr) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenReply 

type AuthenReply struct {
	Status    AuthenStatus
	Flags     AuthenReplyFlag
	ServerMsg AuthenServerMsg
	Data      AuthenData
}

AuthenReply https://datatracker.ietf.org/doc/html/rfc8907#section-5.2

func NewAuthenReply 

func NewAuthenReply(opts ...AuthenReplyOption) *AuthenReply

NewAuthenReply will create a new AuthenReply based on the provided options

func (AuthenReply) Fields 

func (a AuthenReply) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AuthenReply) Len 

func (a AuthenReply) Len() int

Len will return the unmarshalled size of the component types

func (*AuthenReply) MarshalBinary 

func (a *AuthenReply) MarshalBinary() ([]byte, error)

MarshalBinary encodes AuthenReply to tacacs bytes

func (*AuthenReply) UnmarshalBinary 

func (a *AuthenReply) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes decrypted tacacs bytes to AuthenReply

func (*AuthenReply) Validate 

func (a *AuthenReply) Validate() error

Validate all fields on this type

type AuthenReplyFlag 

type AuthenReplyFlag uint8

AuthenReplyFlag flags that modify the action to be taken. 

const (
	// AuthenReplyFlagNoEcho per rfc
	AuthenReplyFlagNoEcho AuthenReplyFlag = 0x01
)

func (*AuthenReplyFlag) Clear 

func (b *AuthenReplyFlag) Clear(f AuthenReplyFlag)

Clear AuthenReplyFlag's f bit.

func (*AuthenReplyFlag) Has 

func (b *AuthenReplyFlag) Has(f AuthenReplyFlag) bool

Has returns true when b has the f bit set.

func (*AuthenReplyFlag) Set 

func (b *AuthenReplyFlag) Set(f AuthenReplyFlag)

Set AuthenReplyFlag's f bit.

func (AuthenReplyFlag) String 

func (b AuthenReplyFlag) String() string

String to satisfy Fields interface

func (*AuthenReplyFlag) Toggle 

func (b *AuthenReplyFlag) Toggle(f AuthenReplyFlag)

Toggle AuthenReplyFlag's f bit.

type AuthenReplyOption 

type AuthenReplyOption func(*AuthenReply)

AuthenReplyOption is used to inject options when creating new AuthenReply types

func SetAuthenReplyData 

func SetAuthenReplyData(v AuthenData) AuthenReplyOption

SetAuthenReplyData sets an AuthenData

func SetAuthenReplyFlag 

func SetAuthenReplyFlag(v AuthenReplyFlag) AuthenReplyOption

SetAuthenReplyFlag sets an AuthenReplyFlag

func SetAuthenReplyServerMsg 

func SetAuthenReplyServerMsg(v string) AuthenReplyOption

SetAuthenReplyServerMsg sets an AuthenServerMsg

func SetAuthenReplyStatus 

func SetAuthenReplyStatus(v AuthenStatus) AuthenReplyOption

SetAuthenReplyStatus sets an AuthenStatus

type AuthenServerMsg 

type AuthenServerMsg string

AuthenServerMsg see packet type for use information.

func (AuthenServerMsg) Len 

func (t AuthenServerMsg) Len() int

Len returns the length of AuthenServerMsg.

func (AuthenServerMsg) String 

func (t AuthenServerMsg) String() string

String returns AuthenServerMsg as a string.

func (AuthenServerMsg) Validate 

func (t AuthenServerMsg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenService 

type AuthenService uint8

AuthenService is the service that is requesting the authentication. 

const (
	// AuthenServiceNone is intended for the authorization application of this field
	// that indicates that no authentication was performed by the device.
	AuthenServiceNone AuthenService = 0x00
	// AuthenServiceLogin indicates regular login (as opposed to ENABLE) to a client device.
	AuthenServiceLogin AuthenService = 0x01
	// AuthenServiceEnable identifies the ENABLE AuthenService, which refers to a service
	// requesting authentication in order to grant the User different privileges. This
	// is comparable to the Unix "su(1)" command, which substitutes the current User's
	// identity with another. An AuthenService value of AuthenServiceNone is only to be
	// used when none of the other AuthenService values are appropriate.
	AuthenServiceEnable AuthenService = 0x02
	// AuthenServicePPP per rfc
	AuthenServicePPP AuthenService = 0x03
	// AuthenServiceARAP per rfc
	AuthenServiceARAP AuthenService = 0x04
	// AuthenServicePT per rfc
	AuthenServicePT AuthenService = 0x05
	// AuthenServiceRCMD per rfc
	AuthenServiceRCMD AuthenService = 0x06
	// AuthenServiceX25 per rfc
	AuthenServiceX25 AuthenService = 0x07
	// AuthenServiceNASI per rfc
	AuthenServiceNASI AuthenService = 0x08
	// AuthenServiceFwProxy per rfc
	AuthenServiceFwProxy AuthenService = 0x09
)

func (AuthenService) Len 

func (t AuthenService) Len() int

Len returns the length of AuthenService.

func (AuthenService) String 

func (t AuthenService) String() string

String returns AuthenService as a string.

func (AuthenService) Validate 

func (t AuthenService) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenStart 

type AuthenStart struct {
	Action  AuthenAction
	PrivLvl PrivLvl
	Type    AuthenType
	Service AuthenService
	User    AuthenUser
	Port    AuthenPort
	RemAddr AuthenRemAddr
	Data    AuthenData
}

AuthenStart https://datatracker.ietf.org/doc/html/rfc8907#section-5.1

func NewAuthenStart 

func NewAuthenStart(opts ...AuthenStartOption) *AuthenStart

NewAuthenStart will create a new AuthenStart based on the provided options

func (AuthenStart) Fields 

func (a AuthenStart) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AuthenStart) Len 

func (a AuthenStart) Len() int

Len will return the unmarshalled size of the component types

func (*AuthenStart) MarshalBinary 

func (a *AuthenStart) MarshalBinary() ([]byte, error)

MarshalBinary encodes AuthenStart to tacacs bytes

func (*AuthenStart) UnmarshalBinary 

func (a *AuthenStart) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes decrypted tacacs bytes to AuthenStart

func (*AuthenStart) Validate 

func (a *AuthenStart) Validate() error

Validate all fields on this type

type AuthenStartOption 

type AuthenStartOption func(*AuthenStart)

AuthenStartOption is used to inject options when creating new AuthenStart types

func SetAuthenStartAction 

func SetAuthenStartAction(v AuthenAction) AuthenStartOption

SetAuthenStartAction sets indicated authentication action

func SetAuthenStartData 

func SetAuthenStartData(v AuthenData) AuthenStartOption

SetAuthenStartData sets the authentication data

func SetAuthenStartPort 

func SetAuthenStartPort(v AuthenPort) AuthenStartOption

SetAuthenStartPort sets the calling port

func SetAuthenStartPrivLvl 

func SetAuthenStartPrivLvl(v PrivLvl) AuthenStartOption

SetAuthenStartPrivLvl sets the indicated authentication priv level

func SetAuthenStartRemAddr 

func SetAuthenStartRemAddr(v AuthenRemAddr) AuthenStartOption

SetAuthenStartRemAddr sets the remote address

func SetAuthenStartService 

func SetAuthenStartService(v AuthenService) AuthenStartOption

SetAuthenStartService sets the indicated authentication service

func SetAuthenStartType 

func SetAuthenStartType(v AuthenType) AuthenStartOption

SetAuthenStartType sets the indicated authentication type

func SetAuthenStartUser 

func SetAuthenStartUser(v AuthenUser) AuthenStartOption

SetAuthenStartUser sets the indicated user

type AuthenStatus 

type AuthenStatus uint8

AuthenStatus is the current status of the authentication. 

const (
	// AuthenStatusPass per rfc
	AuthenStatusPass AuthenStatus = 0x01
	// AuthenStatusFail per rfc
	AuthenStatusFail AuthenStatus = 0x02
	// AuthenStatusGetData per rfc
	AuthenStatusGetData AuthenStatus = 0x03
	// AuthenStatusGetUser per rfc
	AuthenStatusGetUser AuthenStatus = 0x04
	// AuthenStatusGetPass per rfc
	AuthenStatusGetPass AuthenStatus = 0x05
	// AuthenStatusRestart per rfc
	AuthenStatusRestart AuthenStatus = 0x06
	// AuthenStatusError per rfc
	AuthenStatusError AuthenStatus = 0x07
)

func (AuthenStatus) Len 

func (t AuthenStatus) Len() int

Len returns the length of AuthenStatus.

func (AuthenStatus) String 

func (t AuthenStatus) String() string

String returns AuthenStatus as a string.

func (AuthenStatus) Validate 

func (t AuthenStatus) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenType 

type AuthenType uint8

AuthenType is the type of authentication. 

const (
	// AuthenTypeNotSet only valid for Authorization/Accounting Requests (https://datatracker.ietf.org/doc/html/rfc8907#section-6.1)
	AuthenTypeNotSet AuthenType = 0x00
	// AuthenTypeASCII per rfc
	AuthenTypeASCII AuthenType = 0x01
	// AuthenTypePAP per rfc
	AuthenTypePAP AuthenType = 0x02
	// AuthenTypeCHAP per rfc
	AuthenTypeCHAP AuthenType = 0x03
	// AuthenTypeARAP per rfc
	AuthenTypeARAP AuthenType = 0x04
	// AuthenTypeMSCHAP per rfc
	AuthenTypeMSCHAP AuthenType = 0x05
	// AuthenTypeMSCHAPV2 per rfc
	AuthenTypeMSCHAPV2 AuthenType = 0x06
)

func (AuthenType) Len 

func (t AuthenType) Len() int

Len returns the length of AuthenType.

func (AuthenType) String 

func (t AuthenType) String() string

String returns AuthenType as a string.

func (AuthenType) Validate 

func (t AuthenType) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage. Validate characterics of type based on rfc and usage.

type AuthenUser 

type AuthenUser string

AuthenUser see packet type for use information.

func (AuthenUser) Len 

func (t AuthenUser) Len() int

Len returns the length of AuthenUser.

func (AuthenUser) String 

func (t AuthenUser) String() string

String returns AuthenUser as a string.

func (AuthenUser) Validate 

func (t AuthenUser) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthenUserMessage 

type AuthenUserMessage string

AuthenUserMessage - this field is the string that the user entered, or the client provided on behalf of the user, in response to the server_msg from a REPLY packet. The user_len indicates the length of the user field, in bytes.

func (AuthenUserMessage) Len 

func (t AuthenUserMessage) Len() int

Len returns the length of AuthenUserMessage.

func (AuthenUserMessage) String 

func (t AuthenUserMessage) String() string

String maps AuthenUserMessage to string.

func (AuthenUserMessage) Validate 

func (t AuthenUserMessage) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorACL 

type AuthorACL int

AuthorACL A number representing a connection access list. Applicable only to session-based shell authorization. For details of text encoding, see "Treatment of Text Strings" (Section 3.7). https://datatracker.ietf.org/doc/html/rfc8907#section-8.2 https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorACL) Len 

func (t AuthorACL) Len() int

Len returns the length of AuthorACL.

func (AuthorACL) String 

func (t AuthorACL) String() string

String returns AuthorACL as a string.

func (AuthorACL) Validate 

func (t AuthorACL) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorAddr 

type AuthorAddr net.IP

AuthorAddr A network address. https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorAddr) Len 

func (t AuthorAddr) Len() int

Len returns the length of AuthorAddr.

func (AuthorAddr) String 

func (t AuthorAddr) String() string

String returns AuthorAddr as a string.

func (AuthorAddr) Validate 

func (t AuthorAddr) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorAddrPool 

type AuthorAddrPool string

AuthorAddrPool The identifier of an address pool from which the client can assign an address. https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorAddrPool) Len 

func (t AuthorAddrPool) Len() int

Len returns the length of AuthorAddrPool.

func (AuthorAddrPool) String 

func (t AuthorAddrPool) String() string

String returns AuthorAddrPool as a string.

func (AuthorAddrPool) Validate 

func (t AuthorAddrPool) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorAutoCmd 

type AuthorAutoCmd string

AuthorAutoCmd An auto-command to run. Applicable only to session-based shell authorization. https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorAutoCmd) Len 

func (t AuthorAutoCmd) Len() int

Len returns the length of AuthorAutoCmd.

func (AuthorAutoCmd) String 

func (t AuthorAutoCmd) String() string

String returns AuthorAutoCmd as a string.

func (AuthorAutoCmd) Validate 

func (t AuthorAutoCmd) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorCmd 

type AuthorCmd string

AuthorCmd A shell (exec) command. This indicates the command name of the command that is to be run. The "cmd" argument MUST be specified if service equals "shell".

Authorization of shell commands is a common use case for the TACACS+ protocol. Command Authorization generally takes one of two forms: session based or command based.

For session-based shell authorization, the "cmd" argument will have an empty value. The client determines which commands are allowed in a session according to the arguments present in the authorization.

In command-based authorization, the client requests that the server determine whether a command is allowed by making an authorization request for each command. The "cmd" argument will have the command name as its value. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorCmd) Len 

func (t AuthorCmd) Len() int

Len returns the length of AuthorCmd.

func (AuthorCmd) String 

func (t AuthorCmd) String() string

String returns AuthorCmd as a string.

func (AuthorCmd) Validate 

func (t AuthorCmd) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorCmdArg 

type AuthorCmdArg string

AuthorCmdArg An argument to a shell (exec) command. This indicates an argument for the shell command that is to be run. Multiple cmd-arg arguments may be specified, and they are order dependent. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorCmdArg) Len 

func (t AuthorCmdArg) Len() int

Len returns the length of AuthorCmdArg.

func (AuthorCmdArg) String 

func (t AuthorCmdArg) String() string

String returns AuthorCmdArg as a string.

func (AuthorCmdArg) Validate 

func (t AuthorCmdArg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorData 

type AuthorData string

AuthorData is a printable US-ASCII string that may be presented on an administrative display, console or log. The decision to present this message is client specific.

func (AuthorData) Len 

func (t AuthorData) Len() int

Len returns the length of AuthorData.

func (AuthorData) String 

func (t AuthorData) String() string

String returns AuthorData as a string.

func (AuthorData) Validate 

func (t AuthorData) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorIdleTime 

type AuthorIdleTime int

AuthorIdleTime An idle-timeout for the connection (in minutes). A value of zero indicates no timeout. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorIdleTime) Len 

func (t AuthorIdleTime) Len() int

Len returns the length of AuthorIdleTime.

func (AuthorIdleTime) String 

func (t AuthorIdleTime) String() string

String returns AuthorIdleTime as a string.

func (AuthorIdleTime) Validate 

func (t AuthorIdleTime) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorInACL 

type AuthorInACL string

AuthorInACL The identifier (name) of an interface input access list. For details of text encoding, see "Treatment of Text Strings" (Section 3.7). https://datatracker.ietf.org/doc/html/rfc8907#section-8.2 https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorInACL) Len 

func (t AuthorInACL) Len() int

Len returns the length of AuthorInACL.

func (AuthorInACL) String 

func (t AuthorInACL) String() string

String returns AuthorInACL as a string.

func (AuthorInACL) Validate 

func (t AuthorInACL) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorNoEscape 

type AuthorNoEscape bool

AuthorNoEscape Prevents the user from using an escape character. Applicable only to session-based shell authorization. https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorNoEscape) Len 

func (t AuthorNoEscape) Len() int

Len returns the length of AuthorNoEscape.

func (AuthorNoEscape) String 

func (t AuthorNoEscape) String() string

String returns AuthorNoEscape as a string.

func (AuthorNoEscape) Validate 

func (t AuthorNoEscape) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorNoHangup 

type AuthorNoHangup bool

AuthorNoHangup Do not disconnect after an automatic command. Applicable only to session-based shell authorization. https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorNoHangup) Len 

func (t AuthorNoHangup) Len() int

Len returns the length of AuthorNoHangup.

func (AuthorNoHangup) String 

func (t AuthorNoHangup) String() string

String returns AuthorNoHangup as a string.

func (AuthorNoHangup) Validate 

func (t AuthorNoHangup) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorOutACL 

type AuthorOutACL string

AuthorOutACL The identifier (name) of an interface output access list. For details of text encoding, see "Treatment of Text Strings" (Section 3.7). https://datatracker.ietf.org/doc/html/rfc8907#section-8.2 https://datatracker.ietf.org/doc/html/rfc8907#section-3.7

func (AuthorOutACL) Len 

func (t AuthorOutACL) Len() int

Len returns the length of AuthorOutACL.

func (AuthorOutACL) String 

func (t AuthorOutACL) String() string

String returns AuthorOutACL as a string.

func (AuthorOutACL) Validate 

func (t AuthorOutACL) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorProtocol 

type AuthorProtocol string

AuthorProtocol A field that may be used to indicate a subset of a service. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorProtocol) Len 

func (t AuthorProtocol) Len() int

Len returns the length of AuthorProtocol.

func (AuthorProtocol) String 

func (t AuthorProtocol) String() string

String returns AuthorProtocol as a string.

func (AuthorProtocol) Validate 

func (t AuthorProtocol) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorReply 

type AuthorReply struct {
	Status    AuthorStatus
	Args      Args
	ServerMsg AuthorServerMsg
	Data      AuthorData
}

AuthorReply https://datatracker.ietf.org/doc/html/rfc8907#section-6.2

func NewAuthorReply 

func NewAuthorReply(opts ...AuthorReplyOption) *AuthorReply

NewAuthorReply will create a new AuthorReply based on the provided options

func NewAuthorReplyFromBytes 

func NewAuthorReplyFromBytes(data []byte) (*AuthorReply, error)

NewAuthorReplyFromBytes decodes decrypted tacacs bytes into AuthorReply

func (AuthorReply) Fields 

func (a AuthorReply) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AuthorReply) Len 

func (a AuthorReply) Len() int

Len will return the unmarshalled size of the component types

func (*AuthorReply) MarshalBinary 

func (a *AuthorReply) MarshalBinary() ([]byte, error)

MarshalBinary encodes AuthorReply into tacacs bytes

func (*AuthorReply) UnmarshalBinary 

func (a *AuthorReply) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes decrypted tacacs bytes into AuthorReply

func (*AuthorReply) Validate 

func (a *AuthorReply) Validate() error

Validate all fields on this type

type AuthorReplyOption 

type AuthorReplyOption func(*AuthorReply)

AuthorReplyOption is used to inject options when creating new AuthorRequest types

func SetAuthorReplyArgs 

func SetAuthorReplyArgs(args ...string) AuthorReplyOption

SetAuthorReplyArgs sets the Args.

func SetAuthorReplyData 

func SetAuthorReplyData(v AuthorData) AuthorReplyOption

SetAuthorReplyData sets the AuthorData.

func SetAuthorReplyServerMsg 

func SetAuthorReplyServerMsg(v string) AuthorReplyOption

SetAuthorReplyServerMsg sets the AuthorServerMsg.

func SetAuthorReplyStatus 

func SetAuthorReplyStatus(v AuthorStatus) AuthorReplyOption

SetAuthorReplyStatus sets the AuthorStatus.

type AuthorRequest 

type AuthorRequest struct {
	Method  AuthenMethod
	PrivLvl PrivLvl
	Type    AuthenType
	Service AuthenService
	User    AuthenUser
	Port    AuthenPort
	RemAddr AuthenRemAddr
	Args    Args
}

AuthorRequest https://datatracker.ietf.org/doc/html/rfc8907#section-6.1

func NewAuthorRequest 

func NewAuthorRequest(opts ...AuthorRequestOption) *AuthorRequest

NewAuthorRequest will create a new AuthorRequest based on the provided options

func (AuthorRequest) Fields 

func (a AuthorRequest) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (AuthorRequest) Len 

func (a AuthorRequest) Len() int

Len will return the unmarshalled size of the component types

func (*AuthorRequest) MarshalBinary 

func (a *AuthorRequest) MarshalBinary() ([]byte, error)

MarshalBinary encodes AuthroRequest into tacacs bytes

func (*AuthorRequest) UnmarshalBinary 

func (a *AuthorRequest) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes decrypted tacacs bytes into AuthorRequest

func (*AuthorRequest) Validate 

func (a *AuthorRequest) Validate() error

Validate all fields on this type

type AuthorRequestOption 

type AuthorRequestOption func(*AuthorRequest)

AuthorRequestOption is used to inject options when creating new AuthorRequest types

func SetAuthorRequestArgs 

func SetAuthorRequestArgs(v Args) AuthorRequestOption

SetAuthorRequestArgs sets the Args.

func SetAuthorRequestMethod 

func SetAuthorRequestMethod(v AuthenMethod) AuthorRequestOption

SetAuthorRequestMethod sets the AuthenMethod.

func SetAuthorRequestPort 

func SetAuthorRequestPort(v AuthenPort) AuthorRequestOption

SetAuthorRequestPort sets the AuthenPort.

func SetAuthorRequestPrivLvl 

func SetAuthorRequestPrivLvl(v PrivLvl) AuthorRequestOption

SetAuthorRequestPrivLvl sets the PrivLvl

func SetAuthorRequestRemAddr 

func SetAuthorRequestRemAddr(v AuthenRemAddr) AuthorRequestOption

SetAuthorRequestRemAddr sets the AuthenRemAddr.

func SetAuthorRequestService 

func SetAuthorRequestService(v AuthenService) AuthorRequestOption

SetAuthorRequestService sets the AuthenService.

func SetAuthorRequestType 

func SetAuthorRequestType(v AuthenType) AuthorRequestOption

SetAuthorRequestType sets the AuthenType.

func SetAuthorRequestUser 

func SetAuthorRequestUser(v AuthenUser) AuthorRequestOption

SetAuthorRequestUser sets the AuthenUser.

type AuthorServerMsg 

type AuthorServerMsg string

AuthorServerMsg a printable US-ASCII string that may be presented to theuser.

func (AuthorServerMsg) Len 

func (t AuthorServerMsg) Len() int

Len returns the length of AuthorServerMsg.

func (AuthorServerMsg) String 

func (t AuthorServerMsg) String() string

String returns AuthorServerMsg as a string.

func (AuthorServerMsg) Validate 

func (t AuthorServerMsg) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorService 

type AuthorService string

AuthorService the primary service. Specifying a service argument indicates that this is a request for authorization or accounting of that service. For example: "shell", "tty-server", "connection", "system" and "firewall"; others may be chosen for the required application. This argument MUST always be included. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorService) Len 

func (t AuthorService) Len() int

Len returns the length of AuthorService.

func (AuthorService) String 

func (t AuthorService) String() string

String returns AuthorService as a string.

func (AuthorService) Validate 

func (t AuthorService) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorStatus 

type AuthorStatus uint8

AuthorStatus indicates the authorization status https://datatracker.ietf.org/doc/html/rfc8907#section-6.2 

const (
	// AuthorStatusPassAdd per rfc
	AuthorStatusPassAdd AuthorStatus = 0x01
	// AuthorStatusPassRepl per rfc
	AuthorStatusPassRepl AuthorStatus = 0x02
	// AuthorStatusFail per rfc
	AuthorStatusFail AuthorStatus = 0x10
	// AuthorStatusError per rfc
	AuthorStatusError AuthorStatus = 0x11
)

func (AuthorStatus) Len 

func (t AuthorStatus) Len() int

Len returns the length of AuthorStatus.

func (AuthorStatus) String 

func (t AuthorStatus) String() string

String returns AuthorStatus as a string.

func (AuthorStatus) Validate 

func (t AuthorStatus) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type AuthorTimeout 

type AuthorTimeout int

AuthorTimeout An absolute timer for the connection (in minutes). A value of zero indicates no timeout. https://datatracker.ietf.org/doc/html/rfc8907#section-8.2

func (AuthorTimeout) Len 

func (t AuthorTimeout) Len() int

Len returns the length of AuthorTimeout.

func (AuthorTimeout) String 

func (t AuthorTimeout) String() string

String returns AuthorTimeout as a string.

func (AuthorTimeout) Validate 

func (t AuthorTimeout) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type BadSecretErr 

type BadSecretErr struct {
	// contains filtered or unexported fields
}

BadSecretErr ...

func NewBadSecretErr 

func NewBadSecretErr(msg string) *BadSecretErr

NewBadSecretErr ...

func (BadSecretErr) Error 

func (b BadSecretErr) Error() string

Error ...

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client base client implementation for server/client communication

func NewClient 

func NewClient(opts ...ClientOption) (*Client, error)

NewClient creates a new client

func (*Client) Close 

func (c *Client) Close() error

Close ...

func (*Client) Send 

func (c *Client) Send(p *Packet) (*Packet, error)

Send sends a packet to the server and decodes the response. If multiple packet exchanges are necessary, the caller will need to call this method repeatedly to achieve the desired result.

func (*Client) SendOnly 

func (c *Client) SendOnly(p *Packet) error

SendOnly sends a packet to the server. It does not decode the response.

type ClientOption 

type ClientOption func(c *Client) error

ClientOption is a setter type for Client

func SetClientDialer 

func SetClientDialer(network, address string, secret []byte) ClientOption

SetClientDialer see net.ResolveTCPAddr for details, this follows the same input requirements for network and address. It will then use net.DialTCP with a nil source addr and a constructed TCPAddr from the provided network and address. A secret for the connection must also be provided.

func SetClientDialerWithLocalAddr 

func SetClientDialerWithLocalAddr(network, raddr, laddr string, secret []byte) ClientOption

SetClientDialerWithLocalAddr see net.ResolveTCPAddr for details, this follows the same input requirements for network and address. raddr is the destination tcp address to dial to, and laddr is the client address to dial from, if set to an empty string, then the function will fall back to DialTCP's default selection of a local interface with a nil source addr and a constructed TCPAddr from the provided network and address. A secret for the connection must also be provided.

type ClientSequenceNumber 

type ClientSequenceNumber uint8

ClientSequenceNumber is used when we want to consider sequences that the client sends and validate that they are allowed

func (ClientSequenceNumber) Validate 

func (t ClientSequenceNumber) Validate(condition interface{}) error

Validate ensures we don't have even sequence numbers from clients

type ContextKey 

type ContextKey string

ContextKey is used in Request contexts 

const ContextAcctType ContextKey = "type"

ContextAcctType ... 

const ContextConnLocalAddr ContextKey = "conn-local-addr"

ContextConnLocalAddr is the tacquito server address 

const ContextConnRemoteAddr ContextKey = "conn-remote-addr"

ContextConnRemoteAddr is used to store the net.conn remoteAddr within a session. This value would be present in any sub contexts that share the underlying net.conn 

const ContextFlags ContextKey = "flags"

ContextFlags logs the flags attribute of Accounting requests 

const ContextLoaderDuration ContextKey = "loader_duration_ms"

ContextLoaderDuration is total processing time taken by loader i.e how long it takes for the loader to map an IP to a scope 

const ContextPort ContextKey = "port"

ContextPort ... 

const ContextPrivLvl ContextKey = "priv-lvl"

ContextPrivLvl ... 

const ContextRemoteAddr ContextKey = "rem-addr"

ContextRemoteAddr ... 

const ContextReqArgs ContextKey = "req-args"

ContextReqArgs for logging context arguments with replies 

const ContextReqID ContextKey = "reqID"

ContextReqID ... 

const ContextSessionID ContextKey = "session-id"

ContextSessionID is used to store the context for a session in Request as a wrapped context 

const ContextUser ContextKey = "user"

ContextUser is used to store the username within a session. 

const ContextUserMsg ContextKey = "user-msg"

ContextUserMsg ...

type DeadlineListener 

type DeadlineListener interface {
	net.Listener
	SetDeadline(t time.Time) error
}

DeadlineListener is a net.Listener that supports Deadlines

type EncoderDecoder 

type EncoderDecoder interface {
	MarshalBinary() ([]byte, error)
	UnmarshalBinary(data []byte) error
	Fields() map[string]string
}

EncoderDecoder will encode or decode from wire format, any of the tacacs packet types

type Field 

type Field interface {
	// Validate is executed on all MarshalBinary and UnmarshalBinary operations on
	// Authenticate, Authorize and Accounting Packet types
	Validate(condition interface{}) error

	// Len of Field value
	Len() int

	// String representation for printing. Obscure operations also happen here
	String() string
}

Field is a tacacs field interface used across all three AAA types.

type Handler 

type Handler interface {
	Handle(response Response, request Request)
}

Handler form the basis for the state machine during client server exchanges.

type HandlerFunc 

type HandlerFunc func(response Response, request Request)

HandlerFunc is an adapter that allows higher order functions to be used as Handler interfaces

func (HandlerFunc) Handle 

func (h HandlerFunc) Handle(response Response, request Request)

Handle satisfies the Handler interface 

type Header struct {
	Version   Version
	Type      HeaderType
	SeqNo     SequenceNumber
	SessionID SessionID
	Flags     HeaderFlag
	Length    uint32
}

Header holds the tacacs header fields found in all tacacs packet types.

func NewHeader 

func NewHeader(opts ...HeaderOption) *Header

NewHeader will create a new Header based on the provided options, starting with common defaults. the defaults will be overwritten, if provided in the options

func (Header) Fields 

func (h Header) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (*Header) MarshalBinary 

func (h *Header) MarshalBinary() ([]byte, error)

MarshalBinary encodes Header into tacacs bytes

func (*Header) UnmarshalBinary 

func (h *Header) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes tacacs bytes into Header

func (*Header) Validate 

func (h *Header) Validate() error

Validate all fields on this type

type HeaderFlag 

type HeaderFlag uint8

HeaderFlag set obfuscation and connect options. 

const (
	// UnencryptedFlag indicates that the sender did not obfuscate the body of the packet.
	// Normal tacacs pacekts have this set to 0x0.
	UnencryptedFlag HeaderFlag = 0x01
	// SingleConnect is used to allow a client and server to negotiate single connection mode
	SingleConnect HeaderFlag = 0x04
)

func (*HeaderFlag) Clear 

func (b *HeaderFlag) Clear(f HeaderFlag)

Clear HeaderFlag's f bit.

func (*HeaderFlag) Has 

func (b *HeaderFlag) Has(f HeaderFlag) bool

Has returns true when b has the f bit set.

func (*HeaderFlag) Set 

func (b *HeaderFlag) Set(f HeaderFlag)

Set HeaderFlag's f bit.

func (HeaderFlag) String 

func (b HeaderFlag) String() string

String to satisfy Fields interface

func (*HeaderFlag) Toggle 

func (b *HeaderFlag) Toggle(f HeaderFlag)

Toggle HeaderFlag's f bit.

type HeaderOption 

type HeaderOption func(*Header)

HeaderOption used to modify existing headers that were decoded and reuse them in a response, or to create a new Header with options

func SetHeaderFlag 

func SetHeaderFlag(v HeaderFlag) HeaderOption

SetHeaderFlag sets HeaderFlag to a specific value This field contains various bitmapped flags.

func SetHeaderLen 

func SetHeaderLen(v int) HeaderOption

SetHeaderLen sets the length of the header. This is automatically done for you but if you wish to set a length explictly for tests...

func SetHeaderRandomSessionID 

func SetHeaderRandomSessionID() HeaderOption

SetHeaderRandomSessionID sets a weaker math/rand session id. To meet the requirements of the rfc, you should use SetHeaderSessionID with a cryptographically strong random number. this setter should only be used in examples and tests

func SetHeaderSeqNo 

func SetHeaderSeqNo(v int) HeaderOption

SetHeaderSeqNo sets SequenceNumber to a specific value

func SetHeaderSessionID 

func SetHeaderSessionID(v SessionID) HeaderOption

SetHeaderSessionID sets SessionID to a specific value. This number MUST be generated by a cryptographically strong random number generation method.

func SetHeaderType 

func SetHeaderType(v HeaderType) HeaderOption

SetHeaderType sets packet type

func SetHeaderVersion 

func SetHeaderVersion(v Version) HeaderOption

SetHeaderVersion sets Version

type HeaderType 

type HeaderType uint8

HeaderType indicates the type of tacacs packet contained in the bytes that follow. 

const (
	// Authenticate per rfc
	Authenticate HeaderType = 0x01
	// Authorize per rfc
	Authorize HeaderType = 0x02
	// Accounting per rfc
	Accounting HeaderType = 0x03
)

func (HeaderType) Len 

func (t HeaderType) Len() int

Len returns the length of HeaderType.

func (HeaderType) String 

func (t HeaderType) String() string

String returns HeaderType as a string.

func (HeaderType) Validate 

func (t HeaderType) Validate(condition interface{}) error

Validate characterics of type based on rfc and usage.

type LastSequence 

type LastSequence uint8

LastSequence is used to compare the previous sequence nubmber with the current sequence number and validate it

func (LastSequence) Validate 

func (t LastSequence) Validate(condition interface{}) error

Validate ensures we have a sane progression of sequence numbers in a packet exchange

type Option 

type Option func(s *Server)

Option is used to set optional behaviors on the server. Required behaviors are set in NewServer. Omitting options will not adversely affect the service

func SetUseProxy 

func SetUseProxy(v bool) Option

SetUseProxy will enable ASCII based proxy support defined by http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

type Packet 

type Packet struct {
	// Header is a well known structure, so it's always populated.  it's also the only
	// part of a tacacs message that isn't crypted, so it can be freely read.
	Header *Header
	// Body may be crypted or uncrypted bytes of the body, length indicated in the header.Length
	Body []byte
}

Packet is used as a request and response packet. Header is the decoded header fields from the tacacs packet RawBody may be obfuscated or deobfuscated, depending on where the packet is in the req/resp flow Body will always be a decoded type, eg AuthenStart, AuthenReply, AcctRequest, etc.

func NewPacket 

func NewPacket(opts ...PacketOption) *Packet

NewPacket will create a new Packet based on the provided options.

func (*Packet) Fields 

func (p *Packet) Fields() map[string]string

Fields returns fields from this packet compatible with a structured logger

func (*Packet) MarshalBinary 

func (p *Packet) MarshalBinary() ([]byte, error)

MarshalBinary encodes Packet into tacacs bytes. It is unaware of crypt. RawBody must have valid values

func (*Packet) UnmarshalBinary 

func (p *Packet) UnmarshalBinary(v []byte) error

UnmarshalBinary decodes Packet into tacacs bytes. It is unaware of crypt.

type PacketOption 

type PacketOption func(*Packet)

PacketOption is used to inject options when creating new Packet types

func SetPacketBody 

func SetPacketBody(v []byte) PacketOption

SetPacketBody sets the body of packet

func SetPacketBodyUnsafe 

func SetPacketBodyUnsafe(v EncoderDecoder) PacketOption

SetPacketBodyUnsafe sets the body of packet by calling MarshalBinary on v. errors trigger a panic. this setter is ONLY meant for testing scenarios if you use this in production handler code you're asking for panics to kill your service.

func SetPacketHeader 

func SetPacketHeader(v *Header) PacketOption

SetPacketHeader sets the header

type PrivLvl 

type PrivLvl uint8

PrivLvl indicates the privilege level that the User is authenticating as. Please refer to https://datatracker.ietf.org/doc/html/rfc8907#section-9 

const (
	// PrivLvlMin per rfc
	PrivLvlMin PrivLvl = 0x0
	// PrivLvlUser per rfc
	PrivLvlUser PrivLvl = 0x01
	// PrivLvlRoot per rfc
	PrivLvlRoot PrivLvl = 0x0f
	// PrivLvlMax per rfc
	PrivLvlMax PrivLvl = 0x0f
)

func (PrivLvl) Len 

func (t PrivLvl) Len() int

Len returns the length of PrivLvl.

func (PrivLvl) String 

func (t PrivLvl) String() string

String returns PrivLvl as string.

func (PrivLvl) Validate 

func (t PrivLvl) Validate(condition interface{}) error

Validate has a valid range of 0-15

type Request 

type Request struct {
	Header  Header
	Body    []byte
	Context context.Context
}

Request provides access to the config for this net.Conn and also the packet itself

func (Request) Fields 

func (r Request) Fields(keys ...ContextKey) map[string]string

Fields will extract all fields from any packet type and attempt to include any optional ContextKey values

type Response 

type Response interface {
	Reply(v EncoderDecoder) (int, error)
	ReplyWithContext(ctx context.Context, v EncoderDecoder, writers ...Writer) (int, error)
	Write(p *Packet) (int, error)
	Next(next Handler)
	RegisterWriter(Writer)
	// Context sets context of response to ctx
	Context(ctx context.Context)
}

Response controls what we send back to the client. Calls to Write should be considered final on the packet back to the client. You may not call Exchange after Write.

type SecretProvider 

type SecretProvider interface {
	Get(ctx context.Context, remote net.Addr) ([]byte, Handler, error)
}

SecretProvider is responsible for secret selection for incoming client connections It provides configuration items for the server to process any connections that originate on a given net.Conn. Only the RemoteAddr is provided to make this determination.

type SequenceNumber 

type SequenceNumber uint16

SequenceNumber is the sequence number of the current packet. The first packet in a session MUST have the sequence number 1 and each subsequent packet will increment the sequence number by one. Thus clients only send packets containing odd sequence numbers, and TACACS+ servers only send packets containing even sequence numbers.

The sequence number must never wrap i.e. if the sequence number 2^8-1 is ever reached, that session must terminate and be restarted with a sequence number of 1.

func (SequenceNumber) Inc 

func (t SequenceNumber) Inc() int

Inc will return the next seqno as an int

func (SequenceNumber) Len 

func (t SequenceNumber) Len() int

Len returns the length of SequenceNumber.

func (SequenceNumber) String 

func (t SequenceNumber) String() string

String returns SequenceNumber as a string.

func (SequenceNumber) Validate 

func (t SequenceNumber) Validate(condition interface{}) error

Validate Sequence Number.

type Server 

type Server struct {
	SecretProvider
	// contains filtered or unexported fields
}

Server ...

func NewServer 

func NewServer(l loggerProvider, sp SecretProvider, opts ...Option) *Server

NewServer returns a new server. loggerProvider - the logging backend to use listener - net.Listener sp SecretProvider - enables server to translate net.conn.remaddr into associated config for that device

func (*Server) Add 

func (w *Server) Add(delta int)

Add adds to WaitGroup and increments the count

func (*Server) Done 

func (w *Server) Done()

Done decrements WaitGroup and the counter

func (*Server) Serve 

func (s *Server) Serve(ctx context.Context, listener DeadlineListener) error

Serve is a blocking method that serves clients

type SessionID 

type SessionID uint32

SessionID is the Id for a TACACS+ session. This field does not change for the duration of the TACACS+ session. This number MUST be generated by a cryptographically strong random number generation method.

func (*SessionID) MarshalBinary 

func (s *SessionID) MarshalBinary() ([]byte, error)

MarshalBinary just returns a uint32 in bytes, BigEndian byte order

func (SessionID) String 

func (s SessionID) String() string

String converts SessionID to a string

func (*SessionID) UnmarshalBinary 

func (s *SessionID) UnmarshalBinary(data []byte) error

UnmarshalBinary populates data parameter with Uint32 in BigEndian byte order

type Version 

type Version struct {
	MajorVersion uint8
	MinorVersion uint8
}

Version stores MajorVersion and MinorVersion in a single uint8. The upper 4 bits hold major, and the lower 4 bits hold minor. a uint8 is used to represent both at the struct level, but are bitshifted into a single uint8 during MarshalBinary and unshifted at UnmarshalBinary

func (Version) Len 

func (v Version) Len() int

Len of Version value.

func (*Version) MarshalBinary 

func (v *Version) MarshalBinary() ([]byte, error)

MarshalBinary encodes T into a wire format

func (Version) String 

func (v Version) String() string

String maps Version to string representation.

func (*Version) UnmarshalBinary 

func (v *Version) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes T from a wire format into struct values

func (Version) Validate 

func (v Version) Validate(condition interface{}) error

Validate known constants

type Writer 

type Writer interface {
	Write(ctx context.Context, p []byte) (int, error)
}

Writer is an abstraction used for adding Writers to the response object

Source Files

View all Source files

Directories

Path Synopsis
cmds
client
Package main provides a basic tacacs test client for use with tacacs servers and tacquito
 Package main provides a basic tacacs test client for use with tacacs servers and tacquito
server
server/config
Package config provides an example implementation of the tacquito.ConfigProvider interface.
 Package config provides an example implementation of the tacquito.ConfigProvider interface.
server/config/accounters/local
Package local supports writing Accounting logs to the local system via a log.Logger
 Package local supports writing Accounting logs to the local system via a log.Logger
server/config/accounters/syslog
Package syslog supports ending Accounting data in JSON format to syslog Windows is unsupported
 Package syslog supports ending Accounting data in JSON format to syslog Windows is unsupported
server/config/authenticators
Package authenticators provides reusable functions for types interested in implementing custom authenticators
 Package authenticators provides reusable functions for types interested in implementing custom authenticators
server/config/authenticators/bcrypt
Package bcrypt implements a tqcquito Config interface.
 Package bcrypt implements a tqcquito Config interface.
server/config/authenticators/bcrypt/generator
Package main provides a utility to create or verify bcrypt strings used by the bcrypt authenticator
 Package main provides a utility to create or verify bcrypt strings used by the bcrypt authenticator
server/config/authorizers/stringy
Package stringy implements the only authorizer package available in tacquito.
 Package stringy implements the only authorizer package available in tacquito.
server/config/authorizers/stringy/test
server/config/secret
server/config/secret/dns
server/config/secret/prefix
server/exporter
server/handlers
server/loader
Package loader provides an injectable config loading mechanism.
 Package loader provides an injectable config loading mechanism.
server/loader/fsnotify
server/loader/json
server/loader/yaml
server/log
server/test
Package proxy provides a reader writer that can add PROXY ASCII strings to bytes or strip the PROXY ASCII strings from bytes.
 Package proxy provides a reader writer that can add PROXY ASCII strings to bytes or strip the PROXY ASCII strings from bytes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.