diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..48b9e58 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.ini +/adradius diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3aa5f3e --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +# adradius Makefile + +GOCMD=go +GOBUILDCMD=${GOCMD} build +GOOPTIONS=-mod=vendor -ldflags="-s -w" + +RMCMD=rm +BINNAME=adradius + +SRCFILES=cmd/adradius/*.go + +all: build + +build: + ${GOBUILDCMD} ${GOOPTIONS} ${SRCFILES} + +clean: + ${RMCMD} -f ${BINNAME} diff --git a/README.md b/README.md new file mode 100644 index 0000000..159791c --- /dev/null +++ b/README.md @@ -0,0 +1,71 @@ +# adradius + +## Summary + +adradius is a radius server gateway authenticating against Active Directory plateform via LDAP. Written in golang with love + +Used libraries are : +* github.com/korylprince/go-ad-auth +* github.com/layeh/radius + +## Howto + +### Build + +```shell +make +``` + +## Sample config in adradius.ini + +```ini +[adradius] +server=localhost +port=389 +basedn=dc=example,dc=com +secret=secret +tls=true +listen=localhost:1812 +``` + +### Run + +```shell +./adradius -configfile adradius.ini +``` + +## Todo + +- Add tests +- Code cleaning +- Daemonize with process fork + +## License +```text +Copyright (c) 2020, PaulBSD +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +The views and conclusions contained in the software and documentation are those +of the authors and should not be interpreted as representing official policies, +either expressed or implied, of the adradius project. +``` diff --git a/adradius b/adradius index c607e56..c965a88 100755 Binary files a/adradius and b/adradius differ diff --git a/cmd/adradius/adradius.go b/cmd/adradius/adradius.go index 0ec4477..47cf733 100644 --- a/cmd/adradius/adradius.go +++ b/cmd/adradius/adradius.go @@ -9,10 +9,19 @@ import ( func main() { var cfg config.Config + err := cfg.GetConfig() if err != nil { log.Fatal(err) } - ldapcfg := adradius.SetADRadiusConfig(&cfg) + + ldapcfg, err := adradius.SetADRadiusConfig(&cfg) + if err != nil { + log.Fatal(err) + } + adradius.RunServer(&cfg, ldapcfg) + if err != nil { + log.Fatal(err) + } } diff --git a/src/adradius/adradius.go b/src/adradius/adradius.go index 1e0881b..3da7e1b 100644 --- a/src/adradius/adradius.go +++ b/src/adradius/adradius.go @@ -1,7 +1,6 @@ package adradius import ( - "fmt" "log" "git.paulbsd.com/paulbsd/adradius/src/config" @@ -10,8 +9,8 @@ import ( "layeh.com/radius/rfc2865" ) -// SetADRadiusConfig -func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config) { +// SetADRadiusConfig sets config of adradius +func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config, err error) { var security auth.SecurityType if c.TLS { @@ -27,26 +26,22 @@ func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config) { Security: security, } - fmt.Println(ldapconfig) - return } -// ADauth +// ADauth process authentication to Active Directory func ADauth(config *auth.Config, username string, password string) (status bool, err error) { status, err = auth.Authenticate(config, username, password) - //if err != nil { - // //handle err - // return - //} - //if !status { - // //handle failed authentication - // return - //} + if err != nil { + return + } + if !status { + return + } return } -// RunServer +// RunServer runs a new raduis server instance func RunServer(config *config.Config, ldapconfig *auth.Config) { handler := func(w radius.ResponseWriter, r *radius.Request) { username := rfc2865.UserName_GetString(r.Packet) diff --git a/test.ini b/test.ini deleted file mode 100644 index 6e3df4d..0000000 --- a/test.ini +++ /dev/null @@ -1,7 +0,0 @@ -[adradius] -server=localhost -port=389 -basedn=dc=example,dc=com -secret=secret -tls=true -listen=localhost:1812