paulbsd/adradius
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

factored adradius

Browse Source
This commit is contained in:
Paul 2020-03-02 21:23:51 +01:00
parent 768c0a54a0
commit 8bcdd4668d
8 changed files with 158 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
adradius Executable file
View File

Binary file not shown.

18
cmd/adradius/adradius.go Normal file
View File

@ -0,0 +1,18 @@
package main
import (
"log"
"git.paulbsd.com/paulbsd/adradius/src/adradius"
"git.paulbsd.com/paulbsd/adradius/src/config"
)
func main() {
var cfg config.Config
err := cfg.GetConfig()
if err != nil {
log.Fatal(err)
}
ldapcfg := adradius.SetADRadiusConfig(&cfg)
adradius.RunServer(&cfg, ldapcfg)
}

11
go.mod Normal file
View File

@ -0,0 +1,11 @@
module git.paulbsd.com/paulbsd/adradius
go 1.13
require (
github.com/korylprince/go-ad-auth v2.2.0+incompatible
golang.org/x/text v0.3.2 // indirect
gopkg.in/ini.v1 v1.52.0
gopkg.in/ldap.v3 v3.1.0 // indirect
layeh.com/radius v0.0.0-20190322222518-890bc1058917
)

13
go.sum Normal file
View File

@ -0,0 +1,13 @@
github.com/korylprince/go-ad-auth v2.2.0+incompatible h1:g/vTHSQfe2y0D9LATowYJwj735wLjD+pBS9fN7Ady70=
github.com/korylprince/go-ad-auth v2.2.0+incompatible/go.mod h1:mMfgOVgAwVJiM4rureWH1QSktKw9tEe0dAbT7ObIzfM=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/ini.v1 v1.52.0 h1:j+Lt/M1oPPejkniCg1TkWE2J3Eh1oZTsHSXzMTzUXn4=
gopkg.in/ini.v1 v1.52.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ldap.v3 v3.1.0 h1:DIDWEjI7vQWREh0S8X5/NFPCZ3MCVd55LmXKPW4XLGE=
gopkg.in/ldap.v3 v3.1.0/go.mod h1:dQjCc0R0kfyFjIlWNMH1DORwUASZyDxo2Ry1B51dXaQ=
layeh.com/radius v0.0.0-20190322222518-890bc1058917 h1:BDXFaFzUt5EIqe/4wrTc4AcYZWP6iC6Ult+jQWLh5eU=
layeh.com/radius v0.0.0-20190322222518-890bc1058917/go.mod h1:fywZKyu//X7iRzaxLgPWsvc0L26IUpVvE/aeIL2JtIQ=

79
cmd/adradius/main.go → src/adradius/adradius.go
View File

@ -1,50 +1,38 @@
package main package adradius
import ( import (
"fmt"
"log" "log"
"git.paulbsd.com/paulbsd/adradius/src/config"
auth "github.com/korylprince/go-ad-auth" auth "github.com/korylprince/go-ad-auth"
"layeh.com/radius" "layeh.com/radius"
"layeh.com/radius/rfc2865" "layeh.com/radius/rfc2865"
) )
func main() { // SetADRadiusConfig
func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config) {
var security auth.SecurityType
config := &auth.Config{ if c.TLS {
Server: "ldap.example.com", security = auth.SecurityTLS
Port: 389, } else {
BaseDN: "OU=Users,DC=example,DC=com", security = auth.SecurityNone
//Security: auth.SecurityStartTLS,
} }
handler := func(w radius.ResponseWriter, r *radius.Request) { ldapconfig = &auth.Config{
username := rfc2865.UserName_GetString(r.Packet) Server: c.Server,
password := rfc2865.UserPassword_GetString(r.Packet) Port: c.Port,
BaseDN: c.BaseDN,
var code radius.Code Security: security,
status, _ := ADauth(config, username, password)
if status {
code = radius.CodeAccessAccept
} else {
code = radius.CodeAccessReject
}
log.Printf("Writing %v to %v", code, r.RemoteAddr)
w.Write(r.Response(code))
} }
server := radius.PacketServer{ fmt.Println(ldapconfig)
Handler: radius.HandlerFunc(handler),
SecretSource: radius.StaticSecretSource([]byte(`secret`)),
}
log.Printf("Starting server on :1812") return
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
} }
// ADauth
func ADauth(config *auth.Config, username string, password string) (status bool, err error) { func ADauth(config *auth.Config, username string, password string) (status bool, err error) {
status, err = auth.Authenticate(config, username, password) status, err = auth.Authenticate(config, username, password)
//if err != nil { //if err != nil {
@ -57,3 +45,34 @@ func ADauth(config *auth.Config, username string, password string) (status bool,
//} //}
return return
} }
// RunServer
func RunServer(config *config.Config, ldapconfig *auth.Config) {
handler := func(w radius.ResponseWriter, r *radius.Request) {
username := rfc2865.UserName_GetString(r.Packet)
password := rfc2865.UserPassword_GetString(r.Packet)
var code radius.Code
status, _ := ADauth(ldapconfig, username, password)
if status {
code = radius.CodeAccessAccept
} else {
code = radius.CodeAccessReject
}
log.Printf("Writing %v to %v", code, r.RemoteAddr)
w.Write(r.Response(code))
}
server := radius.PacketServer{
Addr: config.Listen,
Handler: radius.HandlerFunc(handler),
SecretSource: radius.StaticSecretSource([]byte(config.Secret)),
}
log.Printf("Starting server on %s", config.Listen)
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
}

48
src/config/main.go Normal file
View File

@ -0,0 +1,48 @@
package config
import (
"flag"
"git.paulbsd.com/paulbsd/adradius/utils"
auth "github.com/korylprince/go-ad-auth"
"gopkg.in/ini.v1"
)
// GetConfig fetch config from ini file
func (c *Config) GetConfig() (err error) {
flag.Usage = utils.Usage
flag.StringVar(&c.ConfigPath, "configfile", "common.ini", "config file to use with adradius section")
flag.Parse()
config, err := ini.Load(c.ConfigPath)
if err != nil {
return
}
adradiusSection := config.Section("adradius")
c.Server = adradiusSection.Key("server").MustString("localhost")
c.Port = adradiusSection.Key("port").MustInt(389)
c.BaseDN = adradiusSection.Key("basedn").MustString("dc=example,dc=com")
c.TLS = adradiusSection.Key("tls").MustBool()
c.Listen = adradiusSection.Key("listen").MustString(":1812")
c.Secret = adradiusSection.Key("secret").MustString("secret")
if err != nil {
return
}
return nil
}
// Config is the main configuration
type Config struct {
ConfigPath string
Server string
Port int
BaseDN string
TLS bool
Listen string
Secret string
Security auth.SecurityType
}

7
test.ini Normal file
View File

@ -0,0 +1,7 @@
[adradius]
server=localhost
port=389
basedn=dc=example,dc=com
secret=secret
tls=true
listen=localhost:1812

12
utils/utils.go Normal file
View File

@ -0,0 +1,12 @@
package utils
import (
"flag"
"os"
)
// Usage displays possible arguments
func Usage() {
flag.PrintDefaults()
os.Exit(1)
}