Starship/node-radius-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add debug pkg to reduce output

Browse Source
This commit is contained in:
simon
2020-02-23 00:49:17 +01:00
parent 42a05b069f
commit 9fe25a8b49
9 changed files with 67 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/radius/RadiusService.ts
View File

@@ -18,47 +18,9 @@ export class RadiusService {
const packet = radius.decode({ packet: msg, secret: this.secret });
if (packet.code !== 'Access-Request') {
console.log('unknown packet type: ', packet.code);
console.error('unknown packet type: ', packet.code);
return undefined;
}
// console.log('packet.attributes', packet.attributes);
// console.log('rinfo', rinfo);
/*
const checkAuth = async (
username: string,
password: string,
additionalAuthHandler?: AdditionalAuthHandler
) => {
console.log(`Access-Request for ${username}`);
let success = false;
try {
await this.authentication.authenticate(username, password);
success = true;
} catch (err) {
console.error(err);
}
const attributes: any[] = [];
if (additionalAuthHandler) {
await additionalAuthHandler(success, { packet, attributes, secret: this.secret });
}
const response = radius.encode_response({
packet,
code: success ? 'Access-Accept' : 'Access-Reject',
secret: this.secret,
attributes
});
console.log(`Sending ${success ? 'accept' : 'reject'} for user ${username}`);
this.server.sendToClient(response, rinfo.port, rinfo.address, function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
});
}; */
let response: IPacketHandlerResult;
@@ -67,7 +29,7 @@ export class RadiusService {
throw new Error('no packet handlers registered');
}
// process packet handlers until we get a response
// process packet handlers until we get a response from one
do {
/* response is of type IPacketHandlerResult */
response = await this.radiusPacketHandlers[i].handlePacket(packet.attributes, packet);

15
src/radius/handler/EAPPacketHandler.ts
View File

@@ -2,6 +2,7 @@
import * as NodeCache from 'node-cache';
import { RadiusPacket } from 'radius';
import debug from 'debug';
import { EAPTTLS } from './eapMethods/EAPTTLS';
import { makeid } from '../../helpers';
import {
@@ -12,6 +13,8 @@ import {
import { IAuthentication } from '../../types/Authentication';
import { IEAPMethod } from '../../types/EAPMethod';
const log = debug('radius:eap');
export class EAPPacketHandler implements IPacketHandler {
private eapMethods: IEAPMethod[] = [];
@@ -124,7 +127,7 @@ export class EAPPacketHandler implements IPacketHandler {
case 2: // for response
switch (type) {
case 1: // identifiy
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: IDENTIFY', {});
log('>>>>>>>>>>>> REQUEST FROM CLIENT: IDENTIFY', {});
// start identify
if (currentState.validMethods.length > 0) {
return currentState.validMethods[0].identify(identifier, stateID);
@@ -132,11 +135,11 @@ export class EAPPacketHandler implements IPacketHandler {
return this.buildEAPResponse(identifier, 3);
case 2: // notification
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: notification', {});
log('>>>>>>>>>>>> REQUEST FROM CLIENT: notification', {});
console.info('notification');
break;
case 4: // md5-challenge
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: md5-challenge', {});
log('>>>>>>>>>>>> REQUEST FROM CLIENT: md5-challenge', {});
console.info('md5-challenge');
break;
@@ -145,6 +148,8 @@ export class EAPPacketHandler implements IPacketHandler {
break;
case 3: // nak
if (data) {
// if there is data, each data octect reprsents a eap method the clients supports,
// kick out all unsupported ones
const supportedEAPMethods: number[] = [];
for (const supportedMethod of data) {
supportedEAPMethods.push(supportedMethod);
@@ -180,10 +185,10 @@ export class EAPPacketHandler implements IPacketHandler {
}
break;
case 3:
console.log('Client Auth Success');
log('Client Auth Success');
break;
case 4:
console.log('Client Auth FAILURE');
log('Client Auth FAILURE');
break;
default:
}

137
src/radius/handler/eapMethods/EAPTTLS.ts
View File

@@ -2,6 +2,7 @@
import * as tls from 'tls';
import * as NodeCache from 'node-cache';
import { RadiusPacket } from 'radius';
import debug from 'debug';
import { encodeTunnelPW, ITLSServer, startTLSServer } from '../../../tls/crypt';
import { ResponseAuthHandler } from '../../../types/Handler';
import { PAPChallenge } from './challenges/PAPChallenge';
@@ -11,94 +12,15 @@ import { IEAPMethod } from '../../../types/EAPMethod';
import { IAuthentication } from '../../../types/Authentication';
import { secret } from '../../../../config';
const log = debug('radius:eap:ttls');
interface IEAPResponseHandlers {
response: (respData?: Buffer, msgType?: number) => void;
checkAuth: ResponseAuthHandler;
}
/* const handlers = {
response: (EAPMessage: Buffer) => {
const attributes: any = [['State', Buffer.from(state)]];
let sentDataSize = 0;
do {
if (EAPMessage.length > 0) {
attributes.push([
'EAP-Message',
EAPMessage.slice(sentDataSize, sentDataSize + MAX_RADIUS_ATTRIBUTE_SIZE)
]);
sentDataSize += MAX_RADIUS_ATTRIBUTE_SIZE;
}
} while (sentDataSize < EAPMessage.length);
const response = radius.encode_response({
packet,
code: 'Access-Challenge',
secret: this.secret,
attributes
});
waitForNextMsg[state] = newDeferredPromise();
server.sendToClient(
response,
rinfo.port,
rinfo.address,
function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
},
state
);
return waitForNextMsg[state].promise;
},
checkAuth
};
const attributes: any = [['State', Buffer.from(stateID)]];
let sentDataSize = 0;
do {
if (EAPMessage.length > 0) {
attributes.push([
'EAP-Message',
EAPMessage.slice(sentDataSize, sentDataSize + MAX_RADIUS_ATTRIBUTE_SIZE)
]);
sentDataSize += MAX_RADIUS_ATTRIBUTE_SIZE;
}
} while (sentDataSize < EAPMessage.length);
const response = radius.encode_response({
packet,
code: 'Access-Challenge',
secret: this.secret,
attributes
});
waitForNextMsg[stateID] = newDeferredPromise();
server.sendToClient(
response,
rinfo.port,
rinfo.address,
function(err, _bytes) {
if (err) {
console.log('Error sending response to ', rinfo);
}
},
stateID
);
return waitForNextMsg[stateID].promise;
*/
/* if (waitForNextMsg[state]) {
const identifier = attributes['EAP-Message'].slice(1, 2).readUInt8(0); // .toString('hex');
waitForNextMsg[state].resolve({ response: handlers.response, identifier });
} */
function tlsHasExportKeyingMaterial(
tlsSocket: any
tlsSocket
): tlsSocket is {
exportKeyingMaterial: (length: number, label: string, context?: Buffer) => Buffer;
} {
@@ -132,7 +54,7 @@ export class EAPTTLS implements IEAPMethod {
newResponse = true
): IPacketHandlerResult {
const maxSize = (MAX_RADIUS_ATTRIBUTE_SIZE - 5) * 4;
console.log('maxSize', maxSize);
log('maxSize', maxSize);
/* it's the first one and we have more, therefore include length */
const includeLength = data && newResponse && data.length > maxSize;
@@ -187,7 +109,7 @@ export class EAPTTLS implements IEAPMethod {
// set EAP length header
resBuffer.writeUInt16BE(resBuffer.byteLength, 2);
console.log('<<<<<<<<<<<< EAP RESPONSE TO CLIENT', {
log('<<<<<<<<<<<< EAP RESPONSE TO CLIENT', {
code: 1,
identifier: identifier + 1,
includeLength,
@@ -298,50 +220,19 @@ export class EAPTTLS implements IEAPMethod {
attributes.push(['User-Name', packet.attributes['User-Name']]);
}
/*
if (sess->eap_if->eapKeyDataLen > 64) {
len = 32;
} else {
len = sess->eap_if->eapKeyDataLen / 2;
}
*/
if (tlsHasExportKeyingMaterial(socket)) {
const keyingMaterial = (socket as any).exportKeyingMaterial(128, 'ttls keying material');
// console.log('keyingMaterial', keyingMaterial);
// eapKeyData + len
attributes.push([
'Vendor-Specific',
311,
[
[
16,
encodeTunnelPW(
keyingMaterial.slice(64),
(packet as any).authenticator,
// params.packet.attributes['Message-Authenticator'],
secret
)
]
]
[[16, encodeTunnelPW(keyingMaterial.slice(64), (packet as any).authenticator, secret)]]
]); // MS-MPPE-Send-Key
// eapKeyData
attributes.push([
'Vendor-Specific',
311,
[
[
17,
encodeTunnelPW(
keyingMaterial.slice(0, 64),
(packet as any).authenticator,
// params.packet.attributes['Message-Authenticator'],
secret
)
]
]
[[17, encodeTunnelPW(keyingMaterial.slice(0, 64), (packet as any).authenticator, secret)]]
]); // MS-MPPE-Recv-Key
} else {
console.error(
@@ -365,7 +256,7 @@ export class EAPTTLS implements IEAPMethod {
// check if no data package is there and we have something in the queue, if so.. empty the queue first
if (!data || data.length === 0) {
console.warn(
log(
`>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS, ACK / NACK (no data, just a confirmation, ID: ${identifier})`
);
const queuedData = this.queueData.get(stateID);
@@ -376,7 +267,7 @@ export class EAPTTLS implements IEAPMethod {
return {};
}
console.log('>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS', {
log('>>>>>>>>>>>> REQUEST FROM CLIENT: EAP TTLS', {
// flags: `00000000${flags.toString(2)}`.substr(-8),
decodedFlags,
identifier,
@@ -393,7 +284,7 @@ export class EAPTTLS implements IEAPMethod {
connection.events.on('end', () => {
// cleanup socket
console.log('ENDING SOCKET');
log('ENDING SOCKET');
this.openTLSSockets.del(stateID);
});
}
@@ -422,12 +313,12 @@ export class EAPTTLS implements IEAPMethod {
}
break;
default:
console.log('data', incomingData);
console.log('data str', incomingData.toString());
log('data', incomingData);
log('data str', incomingData.toString());
// currentConnection!.events.emit('end');
console.log('UNSUPPORTED AUTH TYPE, requesting PAP');
log('UNSUPPORTED AUTH TYPE, requesting PAP');
// throw new Error(`unsupported auth type${type}`);
sendResponsePromise.resolve(
this.buildEAPTTLSResponse(identifier, 3, 0, stateID, Buffer.from([1]))

11
src/radius/handler/eapMethods/challenges/PAPChallenge.ts
View File

@@ -1,5 +1,8 @@
import debug from 'debug';
import { IEAPChallenge } from '../../../../types/EAPChallenge';
const log = debug('radius:eap:papchallenge');
export class PAPChallenge implements IEAPChallenge {
// i couldn't find any documentation about it, therefore best guess how this is processed...
// http://www.networksorcery.com/enp/rfc/rfc1334.txt ?
@@ -7,7 +10,7 @@ export class PAPChallenge implements IEAPChallenge {
decode(data: Buffer) {
const usrNameLength = data.slice(7, 8).readUInt8(0);
const user = data.slice(8, usrNameLength);
console.log('user', user, user.toString().trim());
log('user', user, user.toString().trim());
let pwdStart = usrNameLength; // data.slice(usrNameLength);
const passwordDelimeter = Buffer.from([0x02, 0x40, 0x00, 0x00]);
@@ -27,14 +30,14 @@ export class PAPChallenge implements IEAPChallenge {
if (!found) {
throw new Error("couldn't extract password");
}
// console.log('pwdStart+passwordDelimeter.length', pwdStart+passwordDelimeter.length);
// console.log('length', pwdStart + data.readUInt8(pwdStart+passwordDelimeter.length));
// log('pwdStart+passwordDelimeter.length', pwdStart+passwordDelimeter.length);
// log('length', pwdStart + data.readUInt8(pwdStart+passwordDelimeter.length));
// first byte is a length property.. we ignore for now
pwd = data.slice(pwdStart + passwordDelimeter.length + 1); // , pwdStart+ data.readUInt8(pwdStart+passwordDelimeter.length));
// trim pwd
pwd = pwd.slice(0, pwd.indexOf(0x00));
console.log('pwd', pwd, pwd.toString().trim().length, pwd.toString());
log('pwd', pwd, pwd.toString().trim().length, pwd.toString());
return {
username: user.toString(),