factored adradius

2020-03-02 21:23:51 +01:00 · 2020-03-02 21:23:51 +01:00 · 8bcdd4668d
commit 8bcdd4668d
parent 768c0a54a0
8 changed files with 158 additions and 30 deletions
--- a/BIN
+++ b/BIN
--- a/cmd/adradius/adradius.go
+++ b/cmd/adradius/adradius.go
@ -0,0 +1,18 @@
+package main
+
+import (
+	"log"
+
+	"git.paulbsd.com/paulbsd/adradius/src/adradius"
+	"git.paulbsd.com/paulbsd/adradius/src/config"
+)
+
+func main() {
+	var cfg config.Config
+	err := cfg.GetConfig()
+	if err != nil {
+		log.Fatal(err)
+	}
+	ldapcfg := adradius.SetADRadiusConfig(&cfg)
+	adradius.RunServer(&cfg, ldapcfg)
+}
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,11 @@
+module git.paulbsd.com/paulbsd/adradius
+
+go 1.13
+
+require (
+	github.com/korylprince/go-ad-auth v2.2.0+incompatible
+	golang.org/x/text v0.3.2 // indirect
+	gopkg.in/ini.v1 v1.52.0
+	gopkg.in/ldap.v3 v3.1.0 // indirect
+	layeh.com/radius v0.0.0-20190322222518-890bc1058917
+)
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,13 @@
+github.com/korylprince/go-ad-auth v2.2.0+incompatible h1:g/vTHSQfe2y0D9LATowYJwj735wLjD+pBS9fN7Ady70=
+github.com/korylprince/go-ad-auth v2.2.0+incompatible/go.mod h1:mMfgOVgAwVJiM4rureWH1QSktKw9tEe0dAbT7ObIzfM=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
+gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
+gopkg.in/ini.v1 v1.52.0 h1:j+Lt/M1oPPejkniCg1TkWE2J3Eh1oZTsHSXzMTzUXn4=
+gopkg.in/ini.v1 v1.52.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ldap.v3 v3.1.0 h1:DIDWEjI7vQWREh0S8X5/NFPCZ3MCVd55LmXKPW4XLGE=
+gopkg.in/ldap.v3 v3.1.0/go.mod h1:dQjCc0R0kfyFjIlWNMH1DORwUASZyDxo2Ry1B51dXaQ=
+layeh.com/radius v0.0.0-20190322222518-890bc1058917 h1:BDXFaFzUt5EIqe/4wrTc4AcYZWP6iC6Ult+jQWLh5eU=
+layeh.com/radius v0.0.0-20190322222518-890bc1058917/go.mod h1:fywZKyu//X7iRzaxLgPWsvc0L26IUpVvE/aeIL2JtIQ=
--- a/src/adradius/adradius.go
+++ b/src/adradius/adradius.go
@ -1,50 +1,38 @@
-package main
+package adradius

 import (
+	"fmt"
 	"log"

+	"git.paulbsd.com/paulbsd/adradius/src/config"
 	auth "github.com/korylprince/go-ad-auth"
 	"layeh.com/radius"
 	"layeh.com/radius/rfc2865"
 )

-func main() {
+// SetADRadiusConfig
+func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config) {
+	var security auth.SecurityType

-	config := &auth.Config{
-		Server: "ldap.example.com",
-		Port:   389,
-		BaseDN: "OU=Users,DC=example,DC=com",
-		//Security: auth.SecurityStartTLS,
+	if c.TLS {
+		security = auth.SecurityTLS
+	} else {
+		security = auth.SecurityNone
 	}

-	handler := func(w radius.ResponseWriter, r *radius.Request) {
-		username := rfc2865.UserName_GetString(r.Packet)
-		password := rfc2865.UserPassword_GetString(r.Packet)
-
-		var code radius.Code
-
-		status, _ := ADauth(config, username, password)
-
-		if status {
-			code = radius.CodeAccessAccept
-		} else {
-			code = radius.CodeAccessReject
-		}
-		log.Printf("Writing %v to %v", code, r.RemoteAddr)
-		w.Write(r.Response(code))
+	ldapconfig = &auth.Config{
+		Server:   c.Server,
+		Port:     c.Port,
+		BaseDN:   c.BaseDN,
+		Security: security,
 	}

-	server := radius.PacketServer{
-		Handler:      radius.HandlerFunc(handler),
-		SecretSource: radius.StaticSecretSource([]byte(`secret`)),
-	}
+	fmt.Println(ldapconfig)

-	log.Printf("Starting server on :1812")
-	if err := server.ListenAndServe(); err != nil {
-		log.Fatal(err)
-	}
+	return
 }

+// ADauth
 func ADauth(config *auth.Config, username string, password string) (status bool, err error) {
 	status, err = auth.Authenticate(config, username, password)
 	//if err != nil {
@ -57,3 +45,34 @@ func ADauth(config *auth.Config, username string, password string) (status bool,
 	//}
 	return
 }
+
+// RunServer
+func RunServer(config *config.Config, ldapconfig *auth.Config) {
+	handler := func(w radius.ResponseWriter, r *radius.Request) {
+		username := rfc2865.UserName_GetString(r.Packet)
+		password := rfc2865.UserPassword_GetString(r.Packet)
+
+		var code radius.Code
+
+		status, _ := ADauth(ldapconfig, username, password)
+
+		if status {
+			code = radius.CodeAccessAccept
+		} else {
+			code = radius.CodeAccessReject
+		}
+		log.Printf("Writing %v to %v", code, r.RemoteAddr)
+		w.Write(r.Response(code))
+	}
+
+	server := radius.PacketServer{
+		Addr:         config.Listen,
+		Handler:      radius.HandlerFunc(handler),
+		SecretSource: radius.StaticSecretSource([]byte(config.Secret)),
+	}
+
+	log.Printf("Starting server on %s", config.Listen)
+	if err := server.ListenAndServe(); err != nil {
+		log.Fatal(err)
+	}
+}
--- a/src/config/main.go
+++ b/src/config/main.go
@ -0,0 +1,48 @@
+package config
+
+import (
+	"flag"
+
+	"git.paulbsd.com/paulbsd/adradius/utils"
+	auth "github.com/korylprince/go-ad-auth"
+	"gopkg.in/ini.v1"
+)
+
+// GetConfig fetch config from ini file
+func (c *Config) GetConfig() (err error) {
+	flag.Usage = utils.Usage
+
+	flag.StringVar(&c.ConfigPath, "configfile", "common.ini", "config file to use with adradius section")
+	flag.Parse()
+
+	config, err := ini.Load(c.ConfigPath)
+	if err != nil {
+		return
+	}
+
+	adradiusSection := config.Section("adradius")
+	c.Server = adradiusSection.Key("server").MustString("localhost")
+	c.Port = adradiusSection.Key("port").MustInt(389)
+	c.BaseDN = adradiusSection.Key("basedn").MustString("dc=example,dc=com")
+	c.TLS = adradiusSection.Key("tls").MustBool()
+	c.Listen = adradiusSection.Key("listen").MustString(":1812")
+	c.Secret = adradiusSection.Key("secret").MustString("secret")
+
+	if err != nil {
+		return
+	}
+
+	return nil
+}
+
+// Config is the main configuration
+type Config struct {
+	ConfigPath string
+	Server     string
+	Port       int
+	BaseDN     string
+	TLS        bool
+	Listen     string
+	Secret     string
+	Security   auth.SecurityType
+}
--- a/test.ini
+++ b/test.ini
@ -0,0 +1,7 @@
+[adradius]
+server=localhost
+port=389
+basedn=dc=example,dc=com
+secret=secret
+tls=true
+listen=localhost:1812
--- a/utils/utils.go
+++ b/utils/utils.go
@ -0,0 +1,12 @@
+package utils
+
+import (
+	"flag"
+	"os"
+)
+
+// Usage displays possible arguments
+func Usage() {
+	flag.PrintDefaults()
+	os.Exit(1)
+}