-
Notifications
You must be signed in to change notification settings - Fork 8
/
radius.go
65 lines (56 loc) · 1.7 KB
/
radius.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package main
import (
"context"
"errors"
"layeh.com/radius"
"log"
"net"
"time"
)
const (
typeNASPortType = 61
valueNASPortTypeVirtual = 5
typeNASIPAddress = 4
typeNASIdentifier = 32
typeServiceType = 6
valueServiceTypeFramed = 2
typeUserName = 1
typeUserPassword = 2
)
func newAuthRadiusPacket() (packet *radius.Packet) {
packet = radius.New(radius.CodeAccessRequest, []byte(conf.RadiusKey))
nasPortType := radius.NewInteger(valueNASPortTypeVirtual)
ipAddr, err := radius.NewIPAddr(net.ParseIP(conf.LocalIP))
if err != nil {
log.Panic(errors.New("can't use LocalIPv4IP for RADIUS"))
}
radID, err := radius.NewString("SOCKS5Engine")
if err != nil {
log.Panic(err)
}
serviceType := radius.NewInteger(valueServiceTypeFramed)
packet.Attributes.Add(typeNASPortType, nasPortType)
packet.Attributes.Add(typeNASIPAddress, ipAddr)
packet.Attributes.Add(typeNASIdentifier, radID)
packet.Attributes.Add(typeServiceType, serviceType)
return
}
func authRadius(packet *radius.Packet, username, password string) (ok bool) {
var u, p radius.Attribute
var err error
if u, err = radius.NewString(username); err != nil {
return
}
if p, err = radius.NewUserPassword([]byte(password), []byte(conf.RadiusKey), packet.Authenticator[:]); err != nil {
return
}
packet.Attributes.Set(typeUserName, u)
packet.Attributes.Set(typeUserPassword, p)
ctx, f := context.WithDeadline(context.Background(), time.Now().Add(time.Duration(conf.HandshakeStepTimeout)*time.Second))
defer f()
if response, err := radius.Exchange(ctx, packet, net.JoinHostPort(conf.RadiusIP, "1812")); err != nil {
return false
} else {
return response.Code == radius.CodeAccessAccept
}
}