127 lines
2.8 KiB
Go
127 lines
2.8 KiB
Go
package radius // import "layeh.com/radius"
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/md5"
|
|
"encoding/binary"
|
|
"errors"
|
|
"math"
|
|
)
|
|
|
|
type rfc2865UserPassword struct{}
|
|
|
|
func (rfc2865UserPassword) Decode(p *Packet, value []byte) (interface{}, error) {
|
|
if p.Secret == nil {
|
|
return nil, errors.New("radius: User-Password attribute requires Packet.Secret")
|
|
}
|
|
if len(value) < 16 || len(value) > 128 {
|
|
return nil, errors.New("radius: invalid User-Password attribute length")
|
|
}
|
|
|
|
dec := make([]byte, 0, len(value))
|
|
|
|
hash := md5.New()
|
|
hash.Write(p.Secret)
|
|
hash.Write(p.Authenticator[:])
|
|
dec = hash.Sum(dec)
|
|
|
|
for i, b := range value[:16] {
|
|
dec[i] ^= b
|
|
}
|
|
|
|
for i := 16; i < len(value); i += 16 {
|
|
hash.Reset()
|
|
hash.Write(p.Secret)
|
|
hash.Write(value[i-16 : i])
|
|
dec = hash.Sum(dec)
|
|
|
|
for j, b := range value[i : i+16] {
|
|
dec[i+j] ^= b
|
|
}
|
|
}
|
|
|
|
if i := bytes.IndexByte(dec, 0); i > -1 {
|
|
return string(dec[:i]), nil
|
|
}
|
|
return string(dec), nil
|
|
}
|
|
|
|
func (rfc2865UserPassword) Encode(p *Packet, value interface{}) ([]byte, error) {
|
|
if p.Secret == nil {
|
|
return nil, errors.New("radius: User-Password attribute requires Packet.Secret")
|
|
}
|
|
var password []byte
|
|
if bytePassword, ok := value.([]byte); !ok {
|
|
strPassword, ok := value.(string)
|
|
if !ok {
|
|
return nil, errors.New("radius: User-Password attribute must be string or []byte")
|
|
}
|
|
password = []byte(strPassword)
|
|
} else {
|
|
password = bytePassword
|
|
}
|
|
|
|
if len(password) > 128 {
|
|
return nil, errors.New("radius: User-Password longer than 128 characters")
|
|
}
|
|
|
|
chunks := int(math.Ceil(float64(len(password)) / 16.))
|
|
if chunks == 0 {
|
|
chunks = 1
|
|
}
|
|
|
|
enc := make([]byte, 0, chunks*16)
|
|
|
|
hash := md5.New()
|
|
hash.Write(p.Secret)
|
|
hash.Write(p.Authenticator[:])
|
|
enc = hash.Sum(enc)
|
|
|
|
for i, b := range password[:16] {
|
|
enc[i] ^= b
|
|
}
|
|
|
|
for i := 16; i < len(password); i += 16 {
|
|
hash.Reset()
|
|
hash.Write(p.Secret)
|
|
hash.Write(enc[i-16 : i])
|
|
enc = hash.Sum(enc)
|
|
|
|
for j, b := range password[i : i+16] {
|
|
enc[i+j] ^= b
|
|
}
|
|
}
|
|
|
|
return enc, nil
|
|
}
|
|
|
|
// VendorSpecific defines RFC 2865's Vendor-Specific attribute.
|
|
type VendorSpecific struct {
|
|
VendorID uint32
|
|
Data []byte
|
|
}
|
|
|
|
type rfc2865VendorSpecific struct{}
|
|
|
|
func (rfc2865VendorSpecific) Decode(p *Packet, value []byte) (interface{}, error) {
|
|
if len(value) < 5 {
|
|
return nil, errors.New("radius: Vendor-Specific attribute too small")
|
|
}
|
|
var attr VendorSpecific
|
|
attr.VendorID = binary.BigEndian.Uint32(value[:4])
|
|
attr.Data = make([]byte, len(value)-4)
|
|
copy(attr.Data, value[4:])
|
|
return attr, nil
|
|
}
|
|
|
|
func (rfc2865VendorSpecific) Encode(p *Packet, value interface{}) ([]byte, error) {
|
|
attr, ok := value.(VendorSpecific)
|
|
if !ok {
|
|
return nil, errors.New("radius: Vendor-Specific attribute is not type VendorSpecific")
|
|
}
|
|
b := make([]byte, 4+len(attr.Data))
|
|
binary.BigEndian.PutUint32(b[:4], attr.VendorID)
|
|
copy(b[4:], attr.Data)
|
|
return b, nil
|
|
}
|