diff --git a/app/inittest.go b/app/inittest.go index d38c845e..76f4b149 100644 --- a/app/inittest.go +++ b/app/inittest.go @@ -75,7 +75,6 @@ func (a *Application) initTestVpe() { a.gormDB.Create(&models.NetVpe{ ID: 9999, NodeId: 9999, - LdapId: 0, Name: "test vope", Identifier: "tradtest", Hostname: "", diff --git a/assets/createdb.sql b/assets/createdb.sql index 70a5ccee..c593581a 100644 --- a/assets/createdb.sql +++ b/assets/createdb.sql @@ -1,3 +1,3 @@ CREATE USER toughradius WITH PASSWORD 'toughradius'; CREATE DATABASE toughradius WITH OWNER toughradius; -GRANT ALL PRIVILEGES ON DATABASE toughradius TO toughradius; +GRANT ALL PRIVILEGES ON DATABASE toughradius_v8 TO toughradius; diff --git a/go.mod b/go.mod index a6c863c6..c9db20bc 100644 --- a/go.mod +++ b/go.mod @@ -35,9 +35,9 @@ require ( github.com/swaggo/swag v1.16.1 go.etcd.io/bbolt v1.3.7 go.uber.org/zap v1.24.0 - golang.org/x/crypto v0.14.0 - golang.org/x/sync v0.3.0 - golang.org/x/text v0.13.0 + golang.org/x/crypto v0.16.0 + golang.org/x/sync v0.5.0 + golang.org/x/text v0.14.0 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 @@ -53,8 +53,14 @@ require ( github.com/andybalholm/brotli v1.0.5 // indirect github.com/bytedance/sonic v1.9.1 // indirect github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect + github.com/cilium/ebpf v0.12.3 // indirect + github.com/cosiner/argv v0.1.0 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/derekparker/trie v0.0.0-20230829180723-39f4de51ef7d // indirect github.com/gabriel-vasile/mimetype v1.4.2 // indirect github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect + github.com/go-delve/delve v1.21.2 // indirect + github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -66,9 +72,12 @@ require ( github.com/goccy/go-json v0.10.2 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/golang-jwt/jwt/v5 v5.0.0 // indirect + github.com/google/go-dap v0.11.0 // indirect github.com/google/uuid v1.1.2 // indirect github.com/gorilla/context v1.1.1 // indirect github.com/gorilla/securecookie v1.1.1 // indirect + github.com/hashicorp/golang-lru v1.0.2 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect github.com/jackc/pgx/v5 v5.4.1 // indirect @@ -76,14 +85,22 @@ require ( github.com/jinzhu/now v1.1.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/klauspost/cpuid/v2 v2.2.5 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect github.com/kr/fs v0.1.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect + github.com/rivo/uniseg v0.4.4 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/spf13/cobra v1.8.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect github.com/swaggo/files/v2 v2.0.0 // indirect github.com/tklauser/go-sysconf v0.3.11 // indirect github.com/tklauser/numcpus v0.6.1 // indirect @@ -91,13 +108,15 @@ require ( github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/yusufpapurcu/wmi v1.2.3 // indirect + go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/arch v0.3.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.13.0 // indirect + golang.org/x/arch v0.6.0 // indirect + golang.org/x/exp v0.0.0-20231127185646-65229373498e // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/sys v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.10.0 // indirect + golang.org/x/tools v0.16.0 // indirect gonum.org/v1/gonum v0.13.0 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect diff --git a/go.sum b/go.sum index 260e2395..79fee166 100644 --- a/go.sum +++ b/go.sum @@ -28,19 +28,35 @@ github.com/c-robinson/iplib v1.0.6/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szN github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= +github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= +github.com/cosiner/argv v0.1.0 h1:BVDiEL32lwHukgJKP87btEPenzrrHUjajs/8yzaqcXg= +github.com/cosiner/argv v0.1.0/go.mod h1:EusR6TucWKX+zFgtdUsKT2Cvg45K5rtpCcWz4hK06d8= +github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/derekparker/trie v0.0.0-20230829180723-39f4de51ef7d h1:hUWoLdw5kvo2xCsqlsIBMvWUc1QCSsCYD2J2+Fg6YoU= +github.com/derekparker/trie v0.0.0-20230829180723-39f4de51ef7d/go.mod h1:C7Es+DLenIpPc9J6IYw4jrK0h7S9bKj4DNl8+KxGEXU= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-gonic/gin v1.7.7 h1:3DoBmSbJbZAWqXJC3SLjAPfutPJJRN1U5pALB7EeTTs= github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-delve/delve v1.21.2 h1:eaS+ziJo+660mi3D2q/VP8RxW5GcF4Y1zyKSi82alsU= +github.com/go-delve/delve v1.21.2/go.mod h1:FgTAiRUe43RS5EexL06RPyMtP8AMZVL/t9Qqgy3qUe4= +github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d h1:pxjSLshkZJGLVm0wv20f/H0oTWiq/egkoJQ2ja6LEvo= +github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d/go.mod h1:biJCRbqp51wS+I92HMqn5H8/A0PAhxn2vyOT+JqhiGI= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -91,6 +107,8 @@ github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-dap v0.11.0 h1:SpAZJL41rOOvd85PuLCCLE1dteTQOyKNnn0H3DBHywo= +github.com/google/go-dap v0.11.0/go.mod h1:HAeyoSd2WIfTfg+0GRXcFrb+RnojAtGNh+k+XTIxJDE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -106,6 +124,10 @@ github.com/guonaihong/gout v0.3.7 h1:4UTlvelmdLUZjkIqyBDmXS8Fl90wZ6TNqRQRHIAgN7E github.com/guonaihong/gout v0.3.7/go.mod h1:wDXeuyeZR6MtaHbytO9RLcKW4iCDrWD6/KF1QwDtbRc= github.com/hallidave/mibtool v0.2.0 h1:YDjnM5PkYJTsetmXJA9E2id4Uhuv8FW0b7VniVLU54Q= github.com/hallidave/mibtool v0.2.0/go.mod h1:qk2k0nT5wxQPdHqIm2ErOg+h+P8gKpE+26nft0GHp68= +github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= +github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= @@ -125,6 +147,8 @@ github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -156,7 +180,12 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -183,15 +212,28 @@ github.com/pkg/sftp v1.13.5/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfx github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= github.com/scylladb/termtables v0.0.0-20191203121021-c4c0b6d42ff4/go.mod h1:C1a7PQSMz9NShzorzCiG2fk9+xuCgLkPeCvMHYR2OWg= github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI= github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= +github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -229,6 +271,8 @@ github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFi github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4= +go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= @@ -239,6 +283,8 @@ go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k= golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= +golang.org/x/arch v0.6.0 h1:S0JTfE48HbRj80+4tbvZDYsJ3tGv6BUU3XxyZ7CirAc= +golang.org/x/arch v0.6.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -247,12 +293,16 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= +golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No= +golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -277,11 +327,15 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -293,8 +347,10 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -303,11 +359,14 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -317,6 +376,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -328,8 +389,11 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= +golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/gonum v0.9.1/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= diff --git a/models/network.go b/models/network.go index 8818a08b..e8cdeea6 100644 --- a/models/network.go +++ b/models/network.go @@ -18,7 +18,6 @@ type NetNode struct { type NetVpe struct { ID int64 `json:"id,string" form:"id"` // 主键 ID NodeId int64 `json:"node_id,string" form:"node_id"` // 节点ID - LdapId int64 `json:"ldap_id,string" form:"ldap_id"` // LDAP ID Name string `json:"name" form:"name"` // 设备名称 Identifier string `json:"identifier" form:"identifier"` // 设备标识-RADIUS Hostname string `json:"hostname" form:"hostname"` // 设备主机地址 @@ -84,19 +83,3 @@ type NetCpeTaskQue struct { Sn string `json:"sn"` // 设备序列号 TaskId string `json:"task_id"` } - -type NetLdapServer struct { - Id int64 `json:"id,string" form:"id"` - Tags string `json:"tags" form:"tags"` - Name string `json:"name" form:"name"` - Address string `json:"address" form:"address"` - Password string `json:"password" form:"password"` - Searchdn string `json:"searchdn" form:"searchdn"` - Basedn string `json:"basedn" form:"basedn"` - UserFilter string `json:"user_filter" form:"user_filter"` - Istls string `json:"istls" form:"istls"` - Status string `json:"status" form:"status"` - Remark string `json:"remark" form:"remark"` - CreateTime time.Time `json:"create_time,string" ` - UpdateTime time.Time `json:"update_time,string" ` -} diff --git a/models/tables.go b/models/tables.go index 6b042826..2712a9d4 100644 --- a/models/tables.go +++ b/models/tables.go @@ -11,7 +11,6 @@ var Tables = []interface{}{ &NetCpe{}, &NetVpe{}, &NetCpeParam{}, - &NetLdapServer{}, // Radius &RadiusAccounting{}, &RadiusOnline{}, diff --git a/toughradius/auth_ldap_accept_config.go b/toughradius/auth_ldap_accept_config.go deleted file mode 100644 index cb5f1cf9..00000000 --- a/toughradius/auth_ldap_accept_config.go +++ /dev/null @@ -1,181 +0,0 @@ -package toughradius - -import ( - "fmt" - "math" - "net" - "time" - - "github.com/talkincode/toughradius/v8/app" - "github.com/talkincode/toughradius/v8/common" - "github.com/talkincode/toughradius/v8/toughradius/vendors/cisco" - "github.com/talkincode/toughradius/v8/toughradius/vendors/h3c" - "github.com/talkincode/toughradius/v8/toughradius/vendors/huawei" - "github.com/talkincode/toughradius/v8/toughradius/vendors/ikuai" - "github.com/talkincode/toughradius/v8/toughradius/vendors/mikrotik" - "github.com/talkincode/toughradius/v8/toughradius/vendors/radback" - "github.com/talkincode/toughradius/v8/toughradius/vendors/zte" - "layeh.com/radius" - "layeh.com/radius/rfc2865" - "layeh.com/radius/rfc2869" -) - -func (s *AuthService) LdapAcceptAcceptConfig(user *LdapRadisProfile, vendorCode string, radAccept *radius.Packet) { - ldapConfigDefaultAccept(s, user, radAccept) - switch vendorCode { - case VendorHuawei: - ldapConfigHuaweiAccept(user, radAccept) - case VendorH3c: - ldapConfigH3cAccept(user, radAccept) - case VendorRadback: - ldapConfigRadbackAccept(user, radAccept) - case VendorZte: - ldapConfigZteAccept(user, radAccept) - case VendorCisco: - ldapConfigCiscoAccept(user, radAccept) - case VendorMikrotik: - ldapConfigMikroTikAccept(user, radAccept) - case VendorIkuai: - ldapConfigIkuaiAccept(user, radAccept) - } -} - -// 设置标准 RADIUS 属性 -func ldapConfigDefaultAccept(s *AuthService, user *LdapRadisProfile, radAccept *radius.Packet) { - var timeout = int64(user.ExpireTime.Sub(time.Now()).Seconds()) - if timeout > math.MaxInt32 { - timeout = math.MaxInt32 - } - var interimTimes = s.GetIntConfig(app.ConfigRadiusAcctInterimInterval, 120) - rfc2865.SessionTimeout_Set(radAccept, rfc2865.SessionTimeout(timeout)) - rfc2869.AcctInterimInterval_Set(radAccept, rfc2869.AcctInterimInterval(interimTimes)) - - if common.IsNotEmptyAndNA(user.AddrPool) { - rfc2869.FramedPool_SetString(radAccept, user.AddrPool) - } - - if common.IsNotEmptyAndNA(user.IpAddr) { - rfc2865.FramedIPAddress_Set(radAccept, net.ParseIP(user.IpAddr)) - } -} - -func ldapConfigMikroTikAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - mikrotik.MikrotikRateLimit_SetString(radAccept, fmt.Sprintf("%dk/%dk", user.UpRate, user.DownRate)) -} - -func ldapConfigIkuaiAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - var up = int64(user.UpRate) * 1024 * 8 - var down = int64(user.DownRate) * 1024 * 8 - if up > math.MaxInt32 { - up = math.MaxInt32 - } - if down > math.MaxInt32 { - down = math.MaxInt32 - } - if up > 0 { - ikuai.RPUpstreamSpeedLimit_Set(radAccept, ikuai.RPUpstreamSpeedLimit(up)) - } - if down > 0 { - ikuai.RPDownstreamSpeedLimit_Set(radAccept, ikuai.RPDownstreamSpeedLimit(down)) - } -} - -func ldapConfigHuaweiAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - var up = int64(user.UpRate) * 1024 - var down = int64(user.DownRate) * 1024 - var upPeak = up * 4 - var downPeak = down * 4 - if up > math.MaxInt32 { - up = math.MaxInt32 - } - if upPeak > math.MaxInt32 { - upPeak = math.MaxInt32 - } - if down > math.MaxInt32 { - down = math.MaxInt32 - } - if downPeak > math.MaxInt32 { - downPeak = math.MaxInt32 - } - if up > 0 { - huawei.HuaweiInputAverageRate_Set(radAccept, huawei.HuaweiInputAverageRate(up)) - huawei.HuaweiInputPeakRate_Set(radAccept, huawei.HuaweiInputPeakRate(upPeak)) - } - - if down > 0 { - huawei.HuaweiOutputAverageRate_Set(radAccept, huawei.HuaweiOutputAverageRate(down)) - huawei.HuaweiOutputPeakRate_Set(radAccept, huawei.HuaweiOutputPeakRate(downPeak)) - } - - if common.IsNotEmptyAndNA(user.Domain) { - huawei.HuaweiDomainName_SetString(radAccept, user.Domain) - } -} - -func ldapConfigH3cAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - var up = int64(user.UpRate) * 1024 - var down = int64(user.DownRate) * 1024 - var upPeak = up * 4 - var downPeak = down * 4 - if up > math.MaxInt32 { - up = math.MaxInt32 - } - if upPeak > math.MaxInt32 { - upPeak = math.MaxInt32 - } - if down > math.MaxInt32 { - down = math.MaxInt32 - } - if downPeak > math.MaxInt32 { - downPeak = math.MaxInt32 - } - - if up > 0 { - h3c.H3CInputAverageRate_Set(radAccept, h3c.H3CInputAverageRate(up)) - h3c.H3CInputPeakRate_Set(radAccept, h3c.H3CInputPeakRate(upPeak)) - } - - if down > 0 { - h3c.H3COutputAverageRate_Set(radAccept, h3c.H3COutputAverageRate(down)) - h3c.H3COutputPeakRate_Set(radAccept, h3c.H3COutputPeakRate(downPeak)) - } - -} - -func ldapConfigRadbackAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - if common.IsNotEmptyAndNA(user.LimitPolicy) { - radback.SubscriberProfileName_SetString(radAccept, user.LimitPolicy) - } - if common.IsNotEmptyAndNA(user.Domain) { - radback.ContextName_SetString(radAccept, user.Domain) - } -} - -func ldapConfigZteAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - var up = int64(user.UpRate) * 1024 - var down = int64(user.DownRate) * 1024 - if up > math.MaxInt32 { - up = math.MaxInt32 - } - if down > math.MaxInt32 { - down = math.MaxInt32 - } - if up > 0 { - zte.ZTERateCtrlSCRUp_Set(radAccept, zte.ZTERateCtrlSCRUp(up)) - } - if down > 0 { - zte.ZTERateCtrlSCRDown_Set(radAccept, zte.ZTERateCtrlSCRDown(down)) - } - if common.IsNotEmptyAndNA(user.Domain) { - zte.ZTEContextName_SetString(radAccept, user.Domain) - } -} - -func ldapConfigCiscoAccept(user *LdapRadisProfile, radAccept *radius.Packet) { - if common.IsNotEmptyAndNA(user.UpLimitPolicy) { - cisco.CiscoAVPair_Add(radAccept, []byte(fmt.Sprintf("sub-qos-policy-in=%s", user.UpLimitPolicy))) - } - if common.IsNotEmptyAndNA(user.DownLimitPolicy) { - cisco.CiscoAVPair_Add(radAccept, []byte(fmt.Sprintf("sub-qos-policy-out=%s", user.DownLimitPolicy))) - } -} diff --git a/toughradius/packet_format.go b/toughradius/packet_format.go index 26fe1236..5fc50954 100644 --- a/toughradius/packet_format.go +++ b/toughradius/packet_format.go @@ -35,6 +35,21 @@ var Ipv4Format = func(src []byte) string { return net.IPv4(src[0], src[1], src[2], src[3]).String() } +var EapMessageFormat = func(attr []byte) string { + // 解析EAP消息 + eap := &EAPMessage{ + Code: attr[0], + Identifier: attr[1], + Length: binary.BigEndian.Uint16(attr[2:4]), + } + if len(attr) >= 5 { + eap.Type = attr[4] + eap.Data = attr[5:] + } + + return eap.String() +} + var RadiusTypeMap = map[radius.Type]string{ rfc2865.UserName_Type: "UserName", rfc2865.UserPassword_Type: "UserPassword", @@ -193,8 +208,8 @@ var RadiusTypeFmtMap = map[radius.Type]AttrFormatFunc{ rfc2869.Prompt_Type: HexFormat, rfc2869.ConnectInfo_Type: StringFormat, rfc2869.ConfigurationToken_Type: StringFormat, - rfc2869.EAPMessage_Type: StringFormat, - rfc2869.MessageAuthenticator_Type: StringFormat, + rfc2869.EAPMessage_Type: EapMessageFormat, + rfc2869.MessageAuthenticator_Type: HexFormat, rfc2869.ARAPChallengeResponse_Type: HexFormat, rfc2869.AcctInterimInterval_Type: UInt32Format, rfc2869.NASPortID_Type: StringFormat, @@ -294,7 +309,7 @@ func FmtPacket(p *radius.Packet) string { buff.WriteString("RADIUS Packet: \n") buff.WriteString(fmt.Sprintf("\tIdentifier: %v\n", p.Identifier)) buff.WriteString(fmt.Sprintf("\tCode: %v\n", p.Code)) - buff.WriteString(fmt.Sprintf("\tAuthenticator: %v\n", p.Authenticator)) + buff.WriteString(fmt.Sprintf("\tAuthenticator: %s\n", HexFormat(p.Authenticator[:]))) buff.WriteString("\tAttributes:\n") for _, attribute := range p.Attributes { if attribute.Type != rfc2865.VendorSpecific_Type { diff --git a/toughradius/radius.go b/toughradius/radius.go index 2a71e9dd..43caec5e 100644 --- a/toughradius/radius.go +++ b/toughradius/radius.go @@ -50,10 +50,17 @@ type AuthRateUser struct { Starttime time.Time } +type EapState struct { + Username string + Challenge []byte + StateID string +} + type RadiusService struct { App *app.Application RejectCache *RejectCache AuthRateCache map[string]AuthRateUser + EapStateCache map[string]EapState TaskPool *ants.Pool arclock sync.Mutex } @@ -67,6 +74,7 @@ func NewRadiusService() *RadiusService { common.Must(err) s := &RadiusService{ AuthRateCache: make(map[string]AuthRateUser), + EapStateCache: make(map[string]EapState), arclock: sync.Mutex{}, TaskPool: pool, RejectCache: &RejectCache{ @@ -125,20 +133,6 @@ func (s *RadiusService) GetValidUser(usernameOrMac string, macauth bool) (user * return user, nil } -// GetLdapServer 获取Ldap 服务节点新 -func (s *RadiusService) GetLdapServer(id interface{}) (item *models.NetLdapServer, err error) { - err = app.GDB().Where("id = ?", id).First(&item).Error - if err != nil { - if err == gorm.ErrRecordNotFound { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "ldap node not exists") - } - return nil, err - } - if item.Status == common.DISABLED { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "ldap status is disabled") - } - return item, nil -} // GetUserForAcct 获取用户, 不判断用户过期等状态 func (s *RadiusService) GetUserForAcct(username string) (user *models.RadiusUser, err error) { @@ -392,3 +386,26 @@ func (s *RadiusService) CheckRequestSecret(r *radius.Packet, secret []byte) { panic(secretError) } } + +// State add +func (s *RadiusService) AddEapState(stateid, username string, challenge []byte) { + s.EapStateCache[stateid] = EapState{ + Username: username, + StateID: stateid, + Challenge: challenge, + } +} + +// State get +func (s *RadiusService) GetEapState(stateid string) (state *EapState, err error) { + val, ok := s.EapStateCache[stateid] + if ok { + return &val, nil + } + return nil, errors.New("state not found") +} + +// State delete +func (s *RadiusService) DeleteEapState(stateid string) { + delete(s.EapStateCache, stateid) +} diff --git a/toughradius/radius_acct.go b/toughradius/radius_acct.go index 79400c9c..d5d7b0b7 100644 --- a/toughradius/radius_acct.go +++ b/toughradius/radius_acct.go @@ -73,18 +73,6 @@ func (s *AcctService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) { vendorReq := s.ParseVendor(r, vpe.VendorCode) - // Ldap acct - if vpe.LdapId != 0 { - _, err := s.GetLdapServer(vpe.LdapId) - common.Must(err) - s.SendResponse(w, r) - // check ldap auth - common.Must(s.TaskPool.Submit(func() { - s.LdapUserAcct(r, vendorReq, username, vpe, nasrip) - })) - - return - } s.SendResponse(w, r) diff --git a/toughradius/radius_auth.go b/toughradius/radius_auth.go index 50c59c15..cbd7c2c2 100644 --- a/toughradius/radius_auth.go +++ b/toughradius/radius_auth.go @@ -1,15 +1,16 @@ package toughradius import ( + "fmt" "strings" "github.com/talkincode/toughradius/v8/app" "github.com/talkincode/toughradius/v8/common" "github.com/talkincode/toughradius/v8/common/zaplog/log" - "github.com/talkincode/toughradius/v8/models" "go.uber.org/zap" "layeh.com/radius" "layeh.com/radius/rfc2865" + "layeh.com/radius/rfc2869" ) type AuthService struct { @@ -64,8 +65,6 @@ func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) { s.CheckRadAuthError(callingStationID, ip, NewAuthError(app.MetricsRadiusRejectNotExists, "username is empty of client mac")) } - s.CheckRadAuthError(username, ip, s.CheckAuthRateLimit(username)) - vpe, err := s.GetNas(ip, identifier) s.CheckRadAuthError(username, ip, err) @@ -73,40 +72,52 @@ func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) { r.Secret = []byte(vpe.Secret) r.Packet.Secret = []byte(vpe.Secret) - // s.CheckRequestSecret(r.Packet, []byte(vpe.Secret)) - - response := r.Response(radius.CodeAccessAccept) - vendorReq := s.ParseVendor(r, vpe.VendorCode) - - // ---------------------------------------------------------------------------------------------------- - // Ldap auth - if vpe.LdapId != 0 { - var lnode *models.NetLdapServer - lnode, err = s.GetLdapServer(vpe.LdapId) - s.CheckRadAuthError(username, ip, err) - var userProfile *LdapRadisProfile - userProfile, err = s.LdapUserAuth(w, r, username, lnode, response, vendorReq) - s.CheckRadAuthError(username, ip, err) - s.LdapAcceptAcceptConfig(userProfile, vpe.VendorCode, response) - s.SendAccept(w, r, response) + var isEap = false + eapmsg, err := parseEAPMessage(r) + if err == nil { + isEap = true + } - log.Info2("radius ldap auth sucess", - zap.String("namespace", "radius"), - zap.String("username", username), - zap.String("nasip", ip), - zap.String("result", "success"), - zap.String("metrics", app.MetricsRadiusAccept), - ) + if !isEap { + s.CheckRadAuthError(username, ip, s.CheckAuthRateLimit(username)) + } + if isEap && eapmsg.Code == EAPCodeResponse && eapmsg.Type == EAPTypeIdentity { + // 发送EAP-Request/MD5-Challenge消息 + err = s.sendEAPRequest(w, r, vpe.Secret) + if err != nil { + s.CheckRadAuthError(username, ip, fmt.Errorf("eap: send eap request error: %s", err)) + } return } + response := r.Response(radius.CodeAccessAccept) + vendorReq := s.ParseVendor(r, vpe.VendorCode) + // ---------------------------------------------------------------------------------------------------- // Fetch validate user isMacAuth := vendorReq.MacAddr == username user, err := s.GetValidUser(username, isMacAuth) s.CheckRadAuthError(username, ip, err) + if isEap && eapmsg.Code == EAPCodeResponse && eapmsg.Type == EAPTypeMD5Challenge { + stateid := rfc2865.State_GetString(r.Packet) + eapState, err := s.GetEapState(stateid) + if err != nil { + s.CheckRadAuthError(username, ip, fmt.Errorf("eap: get eap state error")) + } + localpwd, err := s.GetLocalPassword(user, isMacAuth) + if err != nil { + s.CheckRadAuthError(username, ip, fmt.Errorf("eap: get local password error: %s", err)) + } + if !s.verifyMD5Response(eapmsg.Identifier, localpwd, eapState.Challenge, eapmsg.Data) { + s.CheckRadAuthError(username, ip, fmt.Errorf("eap: verify md5 response error")) + } + } + + // s.CheckRequestSecret(r.Packet, []byte(vpe.Secret)) + + if !isMacAuth { // check subscribe active num s.CheckRadAuthError(username, ip, s.CheckOnlineCount(username, user.ActiveNum)) @@ -118,15 +129,29 @@ func (s *AuthService) ServeRADIUS(w radius.ResponseWriter, r *radius.Request) { s.CheckRadAuthError(username, ip, s.CheckVlanBind(user, vendorReq)) } + // if not eap // Password check // if mschapv2 auth, will set accept attribute - localpwd, err := s.GetLocalPassword(user, isMacAuth) - s.CheckRadAuthError(username, ip, err) - s.CheckRadAuthError(username, ip, s.CheckPassword(r, user.Username, localpwd, response, isMacAuth)) - + if !isEap { + localpwd, err := s.GetLocalPassword(user, isMacAuth) + s.CheckRadAuthError(username, ip, err) + s.CheckRadAuthError(username, ip, s.CheckPassword(r, user.Username, localpwd, response, isMacAuth)) + } // setup accept s.AcceptAcceptConfig(user, vpe.VendorCode, response) + // Eap-Message + if isEap && eapmsg.Type == EAPTypeMD5Challenge { + // 创建EAP-Request/Success消息 + eapMessage := []byte{0x03, r.Identifier, 0x00, 0x04} + // 设置EAP-Message属性 + rfc2869.EAPMessage_Set(response, eapMessage) + rfc2869.MessageAuthenticator_Set(response, make([]byte, 16)) + authenticator := genMessageAuthenticator(response, vpe.Secret) + // 设置Message-Authenticator属性 + rfc2869.MessageAuthenticator_Set(response, authenticator) + } + // send accept s.SendAccept(w, r, response) @@ -155,8 +180,14 @@ func (s *AuthService) SendAccept(w radius.ResponseWriter, r *radius.Request, res } } }() + common.Must(w.Write(resp)) + state := rfc2865.State_GetString(r.Packet) + if state != "" { + s.DeleteEapState(state) + } + if app.GConfig().Radiusd.Debug { log.Debug(FmtResponse(resp, r.RemoteAddr)) } @@ -189,6 +220,11 @@ func (s *AuthService) SendReject(w radius.ResponseWriter, r *radius.Request, err common.Must(w.Write(resp)) + state := rfc2865.State_GetString(r.Packet) + if state != "" { + s.DeleteEapState(state) + } + // debug message if app.GConfig().Radiusd.Debug { log.Info(FmtResponse(resp, r.RemoteAddr)) diff --git a/toughradius/radius_ldap_auth.go b/toughradius/radius_ldap_auth.go deleted file mode 100644 index 4b9ac2ad..00000000 --- a/toughradius/radius_ldap_auth.go +++ /dev/null @@ -1,190 +0,0 @@ -package toughradius - -import ( - "crypto/tls" - "fmt" - "strconv" - "strings" - "time" - - "github.com/go-ldap/ldap/v3" - "github.com/talkincode/toughradius/v8/app" - "github.com/talkincode/toughradius/v8/common" - "github.com/talkincode/toughradius/v8/common/timeutil" - "github.com/talkincode/toughradius/v8/models" - "github.com/talkincode/toughradius/v8/toughradius/vendors/microsoft" - "layeh.com/radius" - "layeh.com/radius/rfc2865" -) - -type LdapRadisProfile struct { - Status string - MfaSecret string - MfaStatus string - Domain string - AddrPool string - MacAddr string - IpAddr string - ActiveNum int - LimitPolicy string - UpLimitPolicy string - DownLimitPolicy string - UpRate int - DownRate int - ExpireTime time.Time -} - -func (s *AuthService) LdapUserAuth(rw radius.ResponseWriter, r *radius.Request, - username string, ldapNode *models.NetLdapServer, radAccept *radius.Packet, vreq *VendorRequest) (*LdapRadisProfile, error) { - ignoreChk := s.GetStringConfig(app.ConfigRadiusIgnorePwd, common.DISABLED) == common.DISABLED - - var checkType = "pap" - // mschapv2 - challenge := microsoft.MSCHAPChallenge_Get(r.Packet) - if challenge != nil { - checkType = "mschapv2" - } - - // chap - chapPassword := rfc2865.CHAPPassword_Get(r.Packet) - if chapPassword != nil { - checkType = "chap" - } - - // connect ldap - ld, err := ldap.Dial("tcp", ldapNode.Address) - if err != nil { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "username ldap auth error, ldap connect error "+err.Error()) - } - defer ld.Close() - - // start tls - if ldapNode.Istls == common.ENABLED { - err = ld.StartTLS(&tls.Config{InsecureSkipVerify: true}) - if err != nil { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "username ldap auth error, ldap tls error "+err.Error()) - } - } - - // ldapPwd, err := aes.DecryptFromB64(ldapNode.Password, constant.AesKey()) - // if err != nil { - // return nil, fmt.Errorf("username:%s ldap auth error, ldap:%s password format error", username, ldapNode.Name) - // } - - err = ld.Bind(ldapNode.Basedn, ldapNode.Password) - if err != nil { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "username ldap auth error, ldap bind auth error "+err.Error()) - } - - searchRequest := ldap.NewSearchRequest( - ldapNode.Searchdn, - ldap.ScopeWholeSubtree, - ldap.NeverDerefAliases, 0, 0, false, - fmt.Sprintf(ldapNode.UserFilter, username), - []string{"dn", "radiusReplyItem", "radiusCallingStationId"}, - nil, - ) - - sr, err := ld.Search(searchRequest) - if err != nil { - return nil, NewAuthError(app.MetricsRadiusRejectLdapError, "username ldap auth error, ldap search error "+err.Error()) - } - - if len(sr.Entries) == 0 && !ignoreChk { - return nil, NewAuthError(app.MetricsRadiusRejectNotExists, "username ldap auth error, user not exists") - } - - // parse ldap radius attr - var userProfile = new(LdapRadisProfile) - userProfile.ExpireTime = time.Now().Add(time.Hour * 24) - userProfile.parseLdapRadiusAttrs(sr.Entries[0].GetAttributeValues("radiusReplyItem")) - userProfile.MacAddr = sr.Entries[0].GetAttributeValue("radiusCallingStationId") - - // check status - if userProfile.Status == common.DISABLED { - return nil, NewAuthError(app.MetricsRadiusRejectDisable, "ldap user is disabled") - } - - // check expire - if userProfile.ExpireTime.Before(time.Now()) { - return nil, NewAuthError(app.MetricsRadiusRejectExpire, "user Ldap is expire") - } - - // mac auth check - if vreq.MacAddr == username { - return userProfile, nil - } - - // 如果是 PAP 验证, 直接校验 Ldap 密码 - if !ignoreChk && checkType == "pap" { - password := rfc2865.UserPassword_GetString(r.Packet) - userdn := sr.Entries[0].DN - err = ld.Bind(userdn, password) - if err != nil { - return nil, NewAuthError(app.MetricsRadiusRejectPasswdError, "username ldap auth error, user password check error") - } - } - - if !ignoreChk && checkType == "chap" { - return nil, NewAuthError(app.MetricsRadiusRejectPasswdError, "user Ldap chap password is not support") - } - - // check online - err = s.CheckOnlineCount(username, userProfile.ActiveNum) - if err != nil { - return nil, err - } - - return userProfile, nil -} - -func (p *LdapRadisProfile) parseLdapRadiusAttrs(values []string) { - for _, value := range values { - kv := strings.Split(value, "=") - if len(kv) != 2 { - continue - } - switch strings.TrimSpace(kv[0]) { - case "Status": - p.Status = strings.TrimSpace(kv[1]) - case "MfaSecret": - p.MfaSecret = strings.TrimSpace(kv[1]) - case "MfaStatus": - p.MfaStatus = strings.TrimSpace(kv[1]) - case "Domain": - p.Domain = strings.TrimSpace(kv[1]) - case "AddrPool": - p.AddrPool = strings.TrimSpace(kv[1]) - case "IpAddr": - p.IpAddr = strings.TrimSpace(kv[1]) - case "LimitPolicy": - p.LimitPolicy = strings.TrimSpace(kv[1]) - case "UpLimitPolicy": - p.UpLimitPolicy = strings.TrimSpace(kv[1]) - case "DownLimitPolicy": - p.DownLimitPolicy = strings.TrimSpace(kv[1]) - case "ActiveNum": - _ActiveNum, err := strconv.ParseInt(kv[1], 10, 64) - if err == nil { - p.ActiveNum = int(_ActiveNum) - } - case "UpRate": - _UpRate, err := strconv.ParseInt(kv[1], 10, 64) - if err == nil { - p.UpRate = int(_UpRate) - } - case "DownRate": - _DownRate, err := strconv.ParseInt(kv[1], 10, 64) - if err == nil { - p.DownRate = int(_DownRate) - } - case "ExpireTime": - if kv[1] != "" { - _ExpireTime, err := time.Parse(timeutil.YYYYMMDD_LAYOUT, kv[1]) - if err == nil { - p.ExpireTime = _ExpireTime - } - } - } - } -}