radius

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

The following attributes are defined by RFC 2865: 

User-Name                 1   string
User-Password             2   string
CHAP-Password             3   []byte
NAS-IP-Address            4   net.IP
NAS-Port                  5   uint32
Service-Type              6   uint32
Framed-Protocol           7   uint32
Framed-IP-Address         8   net.IP
Framed-IP-Netmask         9   net.IP
Framed-Routing            10  uint32
Filter-Id                 11  string
Framed-MTU                12  uint32
Framed-Compression        13  uint32
Login-IP-Host             14  net.IP
Login-Service             15  uint32
Login-TCP-Port            16  uint32
Reply-Message             18  string
Callback-Number           19  []byte
Callback-Id               20  []byte
Framed-Route              22  string
Framed-IPX-Network        23  net.IP
State                     24  []byte
Class                     25  []byte
Vendor-Specific           26  []byte
Session-Timeout           27  uint32
Idle-Timeout              28  uint32
Termination-Action        29  uint32
Called-Station-Id         30  []byte
Calling-Station-Id        31  []byte
NAS-Identifier            32  []byte
Proxy-State               33  []byte
Login-LAT-Service         34  []byte
Login-LAT-Node            35  []byte
Login-LAT-Group           36  []byte
Framed-AppleTalk-Link     37  uint32
Framed-AppleTalk-Network  38  uint32
Framed-AppleTalk-Zone     39  []byte
CHAP-Challenge            60  []byte
NAS-Port-Type             61  uint32
Port-Limit                62  uint32
Login-LAT-Port            63  []byte

The following attributes are defined by RFC 2866: 

Acct-Status-Type       40  uint32
Acct-Delay-Time        41  uint32
Acct-Input-Octets      42  uint32
Acct-Output-Octets     43  uint32
Acct-Session-Id        44  string
Acct-Authentic         45  uint32
Acct-Session-Time      46  uint32
Acct-Input-Packets     47  uint32
Acct-Output-Packets    48  uint32
Acct-Terminate-Cause   49  uint32
Acct-Multi-Session-Id  50  string
Acct-Link-Count        51  uint32

Index

Constants

This section is empty.

Variables

View Source 
var (
	VerdorID     uint32
	VerdorTag    uint8
	VerdorTypeID uint8
)

Functions

func DecodeAVPair 

func DecodeAVPair(vsa []byte) (vendorID uint32, typeID uint8, value string, err error)

DecodeAVPair decodes AVP (string)

func DecodeAVPairByte 

func DecodeAVPairByte(vsa []byte) (vendorID uint32, typeID uint8, value []byte, err error)

DecodeAVPairByte decodes AVP (byte)

func EncodeAVPair 

func EncodeAVPair(vendorID uint32, typeID uint8, value string) (vsa []byte)

EncodeAVPair encodes AVPair into Vendor-Specific attribute format (string)

func EncodeAVPairByte 

func EncodeAVPairByte(vendorID uint32, typeID uint8, value []byte) (vsa []byte)

EncodeAVPairByte encodes AVPair into Vendor-Specific attribute format (byte)

func EncodeAVPairByteTag 

func EncodeAVPairByteTag(vendorID uint32, typeID uint8, tag uint8, value []byte) (vsa []byte)

EncodeAVPairByteTag encodes AVPair into Vendor-Specific attribute format with tag (byte)

func EncodeAVpairTag 

func EncodeAVpairTag(vendorID uint32, typeID uint8, tag uint8, value string) (vsa []byte)

EncodeAVpairTag encodes AVPair into Vendor-Specific attribute format with tag (string)

func SetVendorSpecific 

func SetVendorSpecific(name string) error

Types

type Client 

type Client struct {
	// Network on which to make the connection. Defaults to "udp".
	Net string

	// Local address to use for outgoing connections (can be nil).
	LocalAddr net.Addr

	// Timeouts for various operations. Default values for each field is 10
	// seconds.
	DialTimeout  time.Duration
	ReadTimeout  time.Duration
	WriteTimeout time.Duration
}

Client is a RADIUS client that can send and receive packets to and from a RADIUS server.

func (*Client) SendPacket 

func (c *Client) SendPacket(packet *TDataPacket, addr string) (*TDataPacket, error)

Exchange sends the packet to the given server address and waits for a response. nil and an error is returned upon failure.

type Code 

type Code byte

Code specifies the kind of RADIUS packet. 

const (
	CodeAccessRequest      Code = 1
	CodeAccessAccept       Code = 2
	CodeAccessReject       Code = 3
	CodeAccountingRequest  Code = 4
	CodeAccountingResponse Code = 5
	CodeAccessChallenge    Code = 11
	CodeStatusServer       Code = 12
	CodeStatusClient       Code = 13
	CodeReserved           Code = 255
)

Codes which are defined in RFC 2865.

type Handler 

type Handler interface {
	ServeRadius(w ResponseWriter, p *TDataPacket)
}

type HandlerFunc 

type HandlerFunc func(w ResponseWriter, p *TDataPacket)

func (HandlerFunc) ServeRadius 

func (h HandlerFunc) ServeRadius(w ResponseWriter, p *TDataPacket)

type IAttributeCodec 

type IAttributeCodec interface {
	Decode(packet *TDataPacket, wire []byte) (interface{}, error)
	Encode(packet *TDataPacket, value interface{}) ([]byte, error)
	GetCodeName() string
}

AttributeCodec定义了如何对属性进行编码和解码数据。 注意:不要存储数据; 复制一份。 

var (
	AttributeText    IAttributeCodec // string
	AttributeString  IAttributeCodec // []byte
	AttributeAddress IAttributeCodec // net.IP
	AttributeInteger IAttributeCodec // uint32
	AttributeTime    IAttributeCodec // time.Time
	AttributeUnknown IAttributeCodec // []byte
	AttributeVendor  IAttributeCodec // Vendor-Specific
)

RFC 2865中定义的基本属性值格式。

type IAttributeStringer 

type IAttributeStringer interface {
	String(value interface{}) string
}

AttributeStringer定义属性编解码器的扩展。 它提供了一个将属性值转换为字符串的方法。

type IAttributeTransformer 

type IAttributeTransformer interface {
	Transform(value interface{}) (interface{}, error)
}

AttributeTransformer定义了属性编解码器的扩展。 它提供了一种将属性值转换为属性允许的值的方法。

type ResponseWriter 

type ResponseWriter interface {
	LocalAddr() net.Addr
	RemoteAddr() net.Addr
	Write(packet *TDataPacket) error
	AccessAccept(attributes ...*TAttribute) error
	AccessReject(attributes ...*TAttribute) error
	AccessChallenge(attributes ...*TAttribute) error
	AccountingResponse(attributes ...*TAttribute) error
}

type Server 

type Server struct {
	Addr          string
	Port          int
	Network       string
	Secret        []byte
	ClientsMap    map[string]string // Client->Secret mapping
	ClientNets    []net.IPNet
	ClientSecrets [][]byte
	Dictionary    *TDictionary // Dictionary used when decoding incoming packets.
	Handler       Handler      // The packet handler that handles incoming, valid packets.
	// contains filtered or unexported fields
}

Server is a server that listens for and handles RADIUS packets.

func (*Server) AddClientsMap 

func (s *Server) AddClientsMap(m map[string]string)

func (*Server) Close 

func (s *Server) Close() error

func (*Server) GetSecretByIP 

func (s *Server) GetSecretByIP(ip net.IP) []byte

func (*Server) GetSecretByIPString 

func (s *Server) GetSecretByIPString(ipaddress string) []byte

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe() error

func (*Server) ResetClientNets 

func (s *Server) ResetClientNets() error

type TAttribute 

type TAttribute struct {
	AttrId    byte
	AttrValue interface{}
}

属性是RADIUS属性,它是RADIUS数据包的一部分。

type TDataPacket 

type TDataPacket struct {
	Code          Code
	Identifier    byte
	Authenticator [16]byte
	Secret        []byte
	Dictionary    *TDictionary
	AttrItems     []*TAttribute
}

Packet defines a RADIUS packet.

func NewPacket 

func NewPacket(code Code, secret []byte) *TDataPacket

New returns a new packet with the given code and secret. The identifier and authenticator are filled with random data, and the dictionary is set to Builtin. nil is returned if not enough random data could be generated.

func ParsePacket 

func ParsePacket(data, secret []byte, dictionary *TDictionary) (*TDataPacket, error)

Parse parses a RADIUS packet from wire data, using the given shared secret and dictionary. nil and an error is returned if there is a problem parsing the packet.

Note: this function does not validate the authenticity of a packet. Ensuring a packet's authenticity should be done using the IsAuthentic method.

func (*TDataPacket) AddAttr 

func (p *TDataPacket) AddAttr(name string, value interface{}) error

Add adds an attribute whose dictionary name matches the given name.

func (*TDataPacket) ClearAttr 

func (p *TDataPacket) ClearAttr()

ClearAttributes removes all of the packet's attributes.

func (*TDataPacket) Encode 

func (p *TDataPacket) Encode() ([]byte, error)

Encode encodes the packet to wire format. If there is an error encoding the packet, nil and an error is returned.

func (*TDataPacket) FindAttr 

func (p *TDataPacket) FindAttr(name string) *TAttribute

func (*TDataPacket) GetString 

func (p *TDataPacket) GetString(name string) string

String returns the string representation of the value of the first attribute whose dictionary name matches the given name. The following rules are used for converting the attribute value to a string:

  • If no such attribute exists with the given dictionary name, "" is returned
  • If the attribute's Codec implements AttributeStringer, AttributeStringer.String(value) is returned
  • If the value implements fmt.Stringer, value.String() is returned
  • If the value is string, itself is returned
  • If the value is []byte, string(value) is returned
  • Otherwise, "" is returned

func (*TDataPacket) GetValue 

func (p *TDataPacket) GetValue(name string) interface{}

Value returns the value of the first attribute whose dictionary name matches the given name. nil is returned if no such attribute exists. Value返回根据输入的名字找到字典里值。 如果没有这样的属性,则返回nil。

func (*TDataPacket) IsAuthentic 

func (p *TDataPacket) IsAuthentic(request *TDataPacket) bool

IsAuthentic returns if the packet is an authenticate response to the given request packet. Calling this function is only valid if both:

  • p.code is one of: CodeAccessAccept CodeAccessReject CodeAccountingRequest CodeAccountingResponse CodeAccessChallenge
  • p.Authenticator contains the calculated authenticator

func (*TDataPacket) PAP 

func (p *TDataPacket) PAP() (username, password string, err error)

PAP returns the User-Name and User-Password attributes of an Access-Request packet.

If packet's code is Access-Request, and the packet has a User-Name and User-Password attribute, ok is true. Otherwise, it is false.

func (*TDataPacket) Set 

func (p *TDataPacket) Set(name string, value interface{}) error

Set sets the value of the first attribute whose dictionary name matches the given name. If no such attribute exists, a new attribute is added

func (*TDataPacket) String 

func (p *TDataPacket) String() string

type TDictEntry 

type TDictEntry struct {
	Id   byte
	Name string
	Func IAttributeCodec
}

字典编码

type TDictionary 

type TDictionary struct {
	IdItems   [1069]*TDictEntry
	NameItems map[string]*TDictEntry
}
var Builtin *TDictionary

Builtin is the built-in dictionary. It is initially loaded with the attributes defined in RFC 2865 and RFC 2866.

func (*TDictionary) GetFunc 

func (d *TDictionary) GetFunc(t byte) IAttributeCodec

func (*TDictionary) GetIndex 

func (d *TDictionary) GetIndex(name string) (byte, bool)

func (*TDictionary) GetName 

func (d *TDictionary) GetName(t byte) (string, bool)

func (*TDictionary) MustRegister 

func (d *TDictionary) MustRegister(name string, t byte, codec IAttributeCodec)

注册属性

func (*TDictionary) NewAttr 

func (d *TDictionary) NewAttr(name string, value interface{}) (*TAttribute, error)

func (*TDictionary) String 

func (d *TDictionary) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.