Initial CoreID changes to allow code-based integration
This commit is contained in:
@@ -1,8 +1,11 @@
|
||||
import * as radius from 'radius';
|
||||
import { IAuthentication } from '../types/Authentication';
|
||||
import { IPacketHandlerResult, PacketResponseCode } from '../types/PacketHandler';
|
||||
import {IPacket, IPacketHandlerResult, PacketResponseCode} from '../types/PacketHandler';
|
||||
|
||||
import { PacketHandler } from './PacketHandler';
|
||||
import PackageInterface from '../interface';
|
||||
|
||||
const packageInterface = PackageInterface.get();
|
||||
|
||||
export class RadiusService {
|
||||
private packetHandler: PacketHandler;
|
||||
@@ -11,13 +14,29 @@ export class RadiusService {
|
||||
this.packetHandler = new PacketHandler(authentication);
|
||||
}
|
||||
|
||||
defaultDecoder(msg: Buffer): { packet?: radius.RadiusPacket & IPacket; secret: string } {
|
||||
const packet = radius.decode({ packet: msg, secret: this.secret });
|
||||
|
||||
return {
|
||||
packet,
|
||||
secret: this.secret,
|
||||
};
|
||||
}
|
||||
|
||||
async handleMessage(
|
||||
msg: Buffer
|
||||
): Promise<{ data: Buffer; expectAcknowledgment?: boolean } | undefined> {
|
||||
const packet = radius.decode({ packet: msg, secret: this.secret });
|
||||
const { packet, secret } = packageInterface.packetDecoder
|
||||
? packageInterface.packetDecoder(msg)
|
||||
: this.defaultDecoder(msg);
|
||||
|
||||
if (!packet) {
|
||||
packageInterface.log('Unable to parse packet from message.');
|
||||
return undefined;
|
||||
}
|
||||
|
||||
if (packet.code !== 'Access-Request') {
|
||||
console.error('unknown packet type: ', packet.code);
|
||||
packageInterface.log('unknown packet type: ', packet.code);
|
||||
return undefined;
|
||||
}
|
||||
|
||||
@@ -33,7 +52,7 @@ export class RadiusService {
|
||||
data: radius.encode_response({
|
||||
packet,
|
||||
code: response.code,
|
||||
secret: this.secret,
|
||||
secret,
|
||||
attributes: response.attributes,
|
||||
}),
|
||||
// if message is accept or reject, we conside this as final message
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
// https://tools.ietf.org/html/rfc3748#section-4.1
|
||||
|
||||
import * as NodeCache from 'node-cache';
|
||||
import debug from 'debug';
|
||||
import { makeid } from '../../helpers';
|
||||
import { IPacket, IPacketHandler, IPacketHandlerResult } from '../../types/PacketHandler';
|
||||
import { IEAPMethod } from '../../types/EAPMethod';
|
||||
import { buildEAPResponse, decodeEAPHeader } from './eap/EAPHelper';
|
||||
import PackageInterface from '../../interface';
|
||||
|
||||
const log = debug('radius:eap');
|
||||
const packageInterface = PackageInterface.get();
|
||||
const log = (...args) => packageInterface.log(...args);
|
||||
|
||||
export class EAPPacketHandler implements IPacketHandler {
|
||||
private identities = new NodeCache({ useClones: false, stdTTL: 60 }); // queue data maximum for 60 seconds
|
||||
@@ -66,15 +67,15 @@ export class EAPPacketHandler implements IPacketHandler {
|
||||
return buildEAPResponse(identifier, 3); // NAK
|
||||
case 2: // notification
|
||||
log('>>>>>>>>>>>> REQUEST FROM CLIENT: notification', {});
|
||||
console.info('notification');
|
||||
log('notification');
|
||||
break;
|
||||
case 4: // md5-challenge
|
||||
log('>>>>>>>>>>>> REQUEST FROM CLIENT: md5-challenge', {});
|
||||
|
||||
console.info('md5-challenge');
|
||||
log('md5-challenge');
|
||||
break;
|
||||
case 254: // expanded type
|
||||
console.error('not implemented type', type);
|
||||
log('not implemented type', type);
|
||||
break;
|
||||
case 3: // nak
|
||||
// console.log('got NAK', data);
|
||||
@@ -118,7 +119,7 @@ export class EAPPacketHandler implements IPacketHandler {
|
||||
method.getEAPType()
|
||||
);
|
||||
|
||||
console.error('unsupported type', type, `requesting: ${serverSupportedMethods}`);
|
||||
log('unsupported type', type, `requesting: ${serverSupportedMethods}`);
|
||||
|
||||
return buildEAPResponse(identifier, 3, Buffer.from(serverSupportedMethods));
|
||||
}
|
||||
@@ -135,7 +136,7 @@ export class EAPPacketHandler implements IPacketHandler {
|
||||
// silently ignore;
|
||||
return {};
|
||||
} catch (err) {
|
||||
console.error(
|
||||
log(
|
||||
'decoding of (generic) EAP package failed',
|
||||
msg,
|
||||
err,
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
import debug from 'debug';
|
||||
import { IAuthentication } from '../../types/Authentication';
|
||||
import {
|
||||
IPacket,
|
||||
@@ -6,8 +5,10 @@ import {
|
||||
IPacketHandlerResult,
|
||||
PacketResponseCode,
|
||||
} from '../../types/PacketHandler';
|
||||
import PackageInterface from '../../interface';
|
||||
|
||||
const log = debug('radius:user-pwd');
|
||||
const packageInterface = PackageInterface.get();
|
||||
const log = (...args) => packageInterface.log(...args);
|
||||
|
||||
export class UserPasswordPacketHandler implements IPacketHandler {
|
||||
constructor(private authentication: IAuthentication) {}
|
||||
@@ -29,10 +30,11 @@ export class UserPasswordPacketHandler implements IPacketHandler {
|
||||
log('username', username, username.toString());
|
||||
log('token', password, password.toString());
|
||||
|
||||
const authenticated = await this.authentication.authenticate(
|
||||
username.toString(),
|
||||
password.toString()
|
||||
);
|
||||
const [strUsername, strPassword] = packet.credentialMiddleware
|
||||
? packet.credentialMiddleware(username.toString(), password.toString())
|
||||
: [username.toString(), password.toString()];
|
||||
|
||||
const authenticated = await this.authentication.authenticate(strUsername, strPassword);
|
||||
if (authenticated) {
|
||||
// success
|
||||
return {
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
// https://tools.ietf.org/html/rfc5281 TTLS v0
|
||||
// https://tools.ietf.org/html/draft-funk-eap-ttls-v1-00 TTLS v1 (not implemented)
|
||||
/* eslint-disable no-bitwise */
|
||||
import debug from 'debug';
|
||||
import { IPacketHandlerResult, PacketResponseCode } from '../../../../types/PacketHandler';
|
||||
import { IEAPMethod } from '../../../../types/EAPMethod';
|
||||
import { IAuthentication } from '../../../../types/Authentication';
|
||||
import { buildEAPResponse, decodeEAPHeader } from '../EAPHelper';
|
||||
import PackageInterface from '../../../../interface';
|
||||
|
||||
const log = debug('radius:eap:gtc');
|
||||
const packageInterface = PackageInterface.get();
|
||||
const log = (...args) => packageInterface.log(...args);
|
||||
|
||||
export class EAPGTC implements IEAPMethod {
|
||||
getEAPType(): number {
|
||||
@@ -56,7 +57,7 @@ export class EAPGTC implements IEAPMethod {
|
||||
attributes: (success && [['User-Name', username]]) || undefined,
|
||||
};
|
||||
} catch (err) {
|
||||
console.error('decoding of EAP-GTC package failed', msg, err);
|
||||
log('decoding of EAP-GTC package failed', msg, err);
|
||||
return {
|
||||
code: PacketResponseCode.AccessReject,
|
||||
};
|
||||
|
||||
@@ -2,10 +2,12 @@
|
||||
// https://tools.ietf.org/html/draft-funk-eap-ttls-v1-00 TTLS v1 (not implemented)
|
||||
/* eslint-disable no-bitwise */
|
||||
import { RadiusPacket } from 'radius';
|
||||
import debug from 'debug';
|
||||
import { IPacketHandlerResult } from '../../../../types/PacketHandler';
|
||||
import { IEAPMethod } from '../../../../types/EAPMethod';
|
||||
import { IAuthentication } from '../../../../types/Authentication';
|
||||
import PackageInterface from '../../../../interface';
|
||||
|
||||
const packageInterface = PackageInterface.get();
|
||||
|
||||
export class EAPMD5 implements IEAPMethod {
|
||||
getEAPType(): number {
|
||||
@@ -27,7 +29,7 @@ export class EAPMD5 implements IEAPMethod {
|
||||
): Promise<IPacketHandlerResult> {
|
||||
// not implemented
|
||||
|
||||
debug('eap md5 not implemented...');
|
||||
packageInterface.log('eap md5 not implemented...');
|
||||
|
||||
return {};
|
||||
}
|
||||
|
||||
@@ -6,8 +6,6 @@ import * as NodeCache from 'node-cache';
|
||||
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
||||
// @ts-ignore
|
||||
import { attr_id_to_name, attr_name_to_id } from 'radius';
|
||||
import debug from 'debug';
|
||||
|
||||
import { encodeTunnelPW, ITLSServer, startTLSServer } from '../../../../tls/crypt';
|
||||
import {
|
||||
IPacket,
|
||||
@@ -20,8 +18,10 @@ import { MAX_RADIUS_ATTRIBUTE_SIZE, newDeferredPromise } from '../../../../helpe
|
||||
import { IEAPMethod } from '../../../../types/EAPMethod';
|
||||
import { IAuthentication } from '../../../../types/Authentication';
|
||||
import { secret } from '../../../../../config';
|
||||
import PackageInterface from '../../../../interface';
|
||||
|
||||
const log = debug('radius:eap:ttls');
|
||||
const packageInterface = PackageInterface.get();
|
||||
const log = (...args) => packageInterface.log(...args);
|
||||
|
||||
function tlsHasExportKeyingMaterial(tlsSocket): tlsSocket is {
|
||||
exportKeyingMaterial: (length: number, label: string, context?: Buffer) => Buffer;
|
||||
@@ -276,7 +276,7 @@ export class EAPTTLS implements IEAPMethod {
|
||||
[[17, encodeTunnelPW(keyingMaterial.slice(0, 64), packet.authenticator, secret)]],
|
||||
]); // MS-MPPE-Recv-Key
|
||||
} else {
|
||||
console.error(
|
||||
log(
|
||||
'FATAL: no exportKeyingMaterial method available!!!, you need latest NODE JS, see https://github.com/nodejs/node/pull/31814'
|
||||
);
|
||||
}
|
||||
@@ -420,7 +420,7 @@ export class EAPTTLS implements IEAPMethod {
|
||||
// send response
|
||||
return responseData; // this.buildEAPTTLSResponse(identifier, 21, 0x00, stateID, encryptedResponseData);
|
||||
} catch (err) {
|
||||
console.error('decoding of EAP-TTLS package failed', msg, err);
|
||||
log('decoding of EAP-TTLS package failed', msg, err);
|
||||
return {
|
||||
code: PacketResponseCode.AccessReject,
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user