This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/radius/api.go
Jens L 3f5effb1bc
providers/radius: simple radius outpost ()
* initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* minor fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use search-select

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ip with port being sent to delegated ip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add radius tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00

63 lines
1.5 KiB
Go

package radius
import (
"context"
"errors"
"net"
"sort"
"strings"
log "github.com/sirupsen/logrus"
)
func parseCIDRs(raw string) []*net.IPNet {
parts := strings.Split(raw, ",")
cidrs := make([]*net.IPNet, len(parts))
for i, p := range parts {
_, ipnet, err := net.ParseCIDR(strings.TrimSpace(p))
if err != nil {
log.WithError(err).WithField("cidr", p).Error("Failed to parse CIDR")
continue
}
cidrs[i] = ipnet
}
sort.Slice(cidrs, func(i, j int) bool {
_, bi := cidrs[i].Mask.Size()
_, bj := cidrs[j].Mask.Size()
return bi < bj
})
return cidrs
}
func (rs *RadiusServer) Refresh() error {
outposts, _, err := rs.ac.Client.OutpostsApi.OutpostsRadiusList(context.Background()).Execute()
if err != nil {
return err
}
if len(outposts.Results) < 1 {
return errors.New("no radius provider defined")
}
providers := make([]*ProviderInstance, len(outposts.Results))
for idx, provider := range outposts.Results {
logger := log.WithField("logger", "authentik.outpost.radius").WithField("provider", provider.Name)
s := *provider.SharedSecret
c := *provider.ClientNetworks
providers[idx] = &ProviderInstance{
SharedSecret: []byte(s),
ClientNetworks: parseCIDRs(c),
appSlug: provider.ApplicationSlug,
flowSlug: provider.AuthFlowSlug,
s: rs,
log: logger,
}
}
rs.providers = providers
rs.log.Info("Update providers")
return nil
}
func (rs *RadiusServer) StartRadiusServer() error {
rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server")
return rs.s.ListenAndServe()
}