tacplus

package module
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2021 License: BSD-2-Clause Imports: 11 Imported by: 2

README

tacplus

GoDoc

A go TACACS+ library.

Go 1.7 minimum required.

Documentation

Overview

Package tacplus is a library for creating client and/or server TACACS+ applications.

Index

Constants

View Source 
const (
	AuthenMethodNotSet     = 0x00
	AuthenMethodNone       = 0x01
	AuthenMethodKRB5       = 0x02
	AuthenMethodLine       = 0x03
	AuthenMethodEnable     = 0x04
	AuthenMethodLocal      = 0x05
	AuthenMethodTACACSPlus = 0x06
	AuthenMethodGuest      = 0x08
	AuthenMethodRADIUS     = 0x10
	AuthenMethodKRB4       = 0x11
	AuthenMethodRCMD       = 0x20
)

AuthenMethod field values

View Source 
const (
	AuthenServiceNone    = 0x0
	AuthenServiceLogin   = 0x1
	AuthenServiceEnable  = 0x2
	AuthenServicePPP     = 0x3
	AuthenServiceARAP    = 0x4
	AuthenServicePT      = 0x5
	AuthenServiceRCMD    = 0x6
	AuthenServiceX25     = 0x7
	AuthenServiceNASI    = 0x8
	AuthenServiceFWProxy = 0x9
)

AuthenService field values

View Source 
const (
	AuthenTypeASCII  = 0x1
	AuthenTypePAP    = 0x2
	AuthenTypeCHAP   = 0x3
	AuthenTypeARAP   = 0x4
	AuthenTypeMSCHAP = 0x5
)

AuthenType field values

View Source 
const (
	AuthenActionLogin      = 0x1
	AuthenActionChangePass = 0x2
	AuthenActionSendPass   = 0x3
	AuthenActionSendAuth   = 0x4
)

AuthenStart Action field values

View Source 
const (
	AuthenStatusPass    = 0x1
	AuthenStatusFail    = 0x2
	AuthenStatusGetData = 0x3
	AuthenStatusGetUser = 0x4
	AuthenStatusGetPass = 0x5
	AuthenStatusRestart = 0x6
	AuthenStatusError   = 0x7
	AuthenStatusFollow  = 0x21
)

AuthenReply Status field values

View Source 
const (
	AuthorStatusPassAdd  = 0x1
	AuthorStatusPassRepl = 0x2
	AuthorStatusFail     = 0x10
	AuthorStatusError    = 0x11
	AuthorStatusFollow   = 0x21
)

AuthorResponse Status field values

View Source 
const (
	AcctFlagMore     = 0x1
	AcctFlagStart    = 0x2
	AcctFlagStop     = 0x4
	AcctFlagWatchdog = 0x8
)

AcctRequest Flags field values

View Source 
const (
	AcctStatusSuccess = 0x1
	AcctStatusError   = 0x2
	AcctStatusFollow  = 0x21
)

AcctReply Status field values

Variables

This section is empty.

Functions

This section is empty.

Types

type AcctReply 

type AcctReply struct {
	Status    uint8
	ServerMsg string
	Data      string
}

AcctReply is a TACACS+ accounting reply packet.

type AcctRequest 

type AcctRequest struct {
	Flags         uint8
	AuthenMethod  uint8
	PrivLvl       uint8
	AuthenType    uint8
	AuthenService uint8
	User          string
	Port          string
	RemAddr       string
	Arg           []string
}

AcctRequest is a TACACS+ accounting request packet.

type AuthenContinue 

type AuthenContinue struct {
	Abort   bool   // session aborted
	Message string // reply from user or abort reason if Abort set
}

AuthenContinue represents a TACACS+ authentication continue packet.

type AuthenReply 

type AuthenReply struct {
	Status    uint8
	NoEcho    bool
	ServerMsg string
	Data      []byte
}

AuthenReply is a TACACS+ authentication reply packet.

type AuthenStart 

type AuthenStart struct {
	Action        uint8
	PrivLvl       uint8
	AuthenType    uint8
	AuthenService uint8
	User          string
	Port          string
	RemAddr       string
	Data          []byte
}

AuthenStart is a TACACS+ authentication start packet.

type AuthorRequest 

type AuthorRequest struct {
	AuthenMethod  uint8
	PrivLvl       uint8
	AuthenType    uint8
	AuthenService uint8
	User          string
	Port          string
	RemAddr       string
	Arg           []string
}

AuthorRequest is a TACACS+ authorization request packet.

type AuthorResponse 

type AuthorResponse struct {
	Status    uint8
	Arg       []string
	ServerMsg string
	Data      string
}

AuthorResponse is a TACACS+ authorization response packet.

type Client 

type Client struct {
	Addr       string     // TCP address of tacacs server.
	ConnConfig ConnConfig // TACACS+ connection configuration.

	// Optional DialContext function used to create the network connection.
	DialContext func(ctx context.Context, net, addr string) (net.Conn, error)
	// contains filtered or unexported fields
}

Client is a TACACS+ client that connects to a single TACACS+ server.

If the Client's ConnConfig enables session multiplexing, the client will cache a single open connection for this purpose.

func (*Client) Close 

func (c *Client) Close()

Close closes the cached connection.

func (*Client) SendAcctRequest 

func (c *Client) SendAcctRequest(ctx context.Context, req *AcctRequest) (*AcctReply, error)

SendAcctRequest sends an AcctRequest to the server returning an AcctReply or error.

func (*Client) SendAuthenStart 

func (c *Client) SendAuthenStart(ctx context.Context, as *AuthenStart) (*AuthenReply, *ClientSession, error)

SendAuthenStart sends an AuthenStart to the server returning an AuthenReply and optional ClientSession or an error. If ClientSession is set it should be used to complete the current interactive authentication session.

func (*Client) SendAuthorRequest 

func (c *Client) SendAuthorRequest(ctx context.Context, req *AuthorRequest) (*AuthorResponse, error)

SendAuthorRequest sends an AuthorRequest to the server returning an AuthorResponse or error.

type ClientSession 

type ClientSession struct {
	// contains filtered or unexported fields
}

ClientSession is a TACACS+ client session.

func (*ClientSession) Abort 

func (c *ClientSession) Abort(ctx context.Context, reason string) error

Abort sends a message back to the server aborting the session with the supplied reason.

func (*ClientSession) Close 

func (c *ClientSession) Close()

Close closes the client session.

func (*ClientSession) Continue 

func (c *ClientSession) Continue(ctx context.Context, msg string) (*AuthenReply, error)

Continue is used to send msg in response to a previous AuthenReply. A new AuthenReply or error is returned.

type ConnConfig 

type ConnConfig struct {
	Mux          bool          // Allow sessions to be multiplexed over a single connection
	LegacyMux    bool          // Allow session multiplexing without setting the single-connection header flag
	Secret       []byte        // Shared secret key
	IdleTimeout  time.Duration // Time before closing an idle multiplexed connection with no sessions
	ReadTimeout  time.Duration // Maximum time to read a packet (not including waiting for first byte)
	WriteTimeout time.Duration // Maximum time to write a packet

	// Optional function to log errors. If not defined log.Print will be used.
	Log func(v ...interface{})
}

ConnConfig specifies configuration parameters for a TACACS+ connection.

Setting Mux or LegacyMux allows multiplexing multiple sessions over a single network connection.

Mux allows mutliplexing only if the client and server set the single-connection header flag, as described in https://tools.ietf.org/html/draft-grant-tacacs-02.

LegacyMux assumes both ends allow multiplexing and doesn't set the single-connection header flag. LegacyMux overrides Mux if both are set.

A mismatch between the client and server on the multiplex type can cause problems. This software tries to deal gracefully with some of these situations. A server connection will accept multiplexed sessions even if multiplexing was not set or negotiated, but will close the connection immediately when there are no more sessions. A LegacyMux server connection will set the single-connection header flag if the client does, allowing a Mux client to multiplex to a LegacyMux server.

Timeout's are ignored if zero.

type RequestHandler 

type RequestHandler interface {
	HandleAuthenStart(ctx context.Context, a *AuthenStart, s *ServerSession) *AuthenReply
	HandleAuthorRequest(ctx context.Context, a *AuthorRequest, s *ServerSession) *AuthorResponse
	HandleAcctRequest(ctx context.Context, a *AcctRequest, s *ServerSession) *AcctReply
}

A RequestHandler is used for processing the three different types of TACACS+ requests.

Each handle function takes a context and a request/start packet and returns a reply/response packet to be sent back to the client. A nil reply will close the session with no reply packet being sent. The supplied context is canceled if the underlying TACACS+ session or connection is closed.

HandleAuthenStart processes an authentication start, returning an optional reply. The ServerSession can be used by interactive sessions to prompt the user for more information before the final reply is returned.

HandleAuthorRequest processes an authorization request, returning an optional response.

HandleAcctRequest processes an accounting request, returning an optional reply.

type Server 

type Server struct {
	// ServeConn is run on incoming network connections. It must close the
	// supplied net.Conn when finsihed with it.
	ServeConn func(net.Conn)

	// Optional function to log errors. If not defined log.Print will be used.
	Log func(...interface{})
}

Server is a generic network server.

func (*Server) Serve 

func (srv *Server) Serve(l net.Listener) error

Serve accepts incoming connections on the net.Listener l, creating a new goroutine running ServeConn on the connection.

type ServerConnHandler 

type ServerConnHandler struct {
	Handler    RequestHandler // TACACS+ request handler
	ConnConfig ConnConfig     // TACACS+ connection config
}

A ServerConnHandler serves TACACS+ requests on a network connection.

func (*ServerConnHandler) Serve 

func (h *ServerConnHandler) Serve(nc net.Conn)

Serve processes incoming TACACS+ requests on the network connection nc. A nil ServerConnHandler will close the connection without any processing.

type ServerSession 

type ServerSession struct {
	// contains filtered or unexported fields
}

ServerSession is a TACACS+ Server Session.

func (*ServerSession) GetData 

func (s *ServerSession) GetData(ctx context.Context, message string, noEcho bool) (*AuthenContinue, error)

GetData requests the TACACS+ client prompt the user for data with the given message. If noEcho is set the client will not echo the users response as it is entered.

func (*ServerSession) GetPass 

func (s *ServerSession) GetPass(ctx context.Context, message string) (*AuthenContinue, error)

GetPass requests the TACACS+ client prompt the user for a password with the given message.

func (*ServerSession) GetUser 

func (s *ServerSession) GetUser(ctx context.Context, message string) (*AuthenContinue, error)

GetUser requests the TACACS+ client prompt the user for a username with the given message.

func (*ServerSession) LocalAddr added in v0.0.2 

func (s *ServerSession) LocalAddr() net.Addr

LocalAddr returns the local network address for the session.

func (*ServerSession) Log 

func (s *ServerSession) Log(v ...interface{})

Log output using the connections ConnConfig Log function.

func (*ServerSession) RemoteAddr added in v0.0.2 

func (s *ServerSession) RemoteAddr() net.Addr

RemoteAddr returns the remote network address (NAS IP Address) for the session.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.