71 lines
2.8 KiB
JavaScript
Executable File
71 lines
2.8 KiB
JavaScript
Executable File
const radius = require ('radius');
|
|
const data = require ('./data.js');
|
|
|
|
module.exports = {
|
|
radius: {
|
|
authentication: (msg, info, callback) => {
|
|
try {
|
|
var decoded = radius.decode ({
|
|
packet: msg,
|
|
secret: config.client_secret
|
|
});
|
|
if (decoded.code == 'Access-Request') {
|
|
var username = decoded.attributes['User-Name'];
|
|
var password = decoded.attributes['User-Password'];
|
|
if (config.mac_auth_only) {
|
|
username = username.toLowerCase ().replace (/[:-]/g, '');
|
|
password = password.toLowerCase ().replace (/[:-]/g, '');
|
|
}
|
|
var user = data.authUser (username, password);
|
|
var vlan = false;
|
|
var code = 'Access-Reject';
|
|
if (user) {
|
|
log.write (username + " access granted to VLAN " + user.vlan);
|
|
code = 'Access-Accept';
|
|
vlan = user.vlan;
|
|
}
|
|
else {
|
|
if (config.default_vlan) {
|
|
// Permit into default vlan if enabled
|
|
log.write (username + " unknown. Placing into default VLAN.");
|
|
code = 'Access-Accept';
|
|
vlan = config.default_vlan;
|
|
}
|
|
else {
|
|
log.write (username + " access denied.");
|
|
code = 'Access-Reject';
|
|
}
|
|
}
|
|
var response = radius.encode_response ({
|
|
packet: decoded,
|
|
code: code,
|
|
secret: config.client_secret,
|
|
attributes: {
|
|
"Tunnel-Medium-Type": 6,
|
|
"Tunnel-Type": 13,
|
|
"Tunnel-Private-Group-Id": vlan,
|
|
"Session-Timeout": config.session_duration || 60,
|
|
"Termination-Action": 1
|
|
}
|
|
});
|
|
callback (response, null);
|
|
}
|
|
}
|
|
catch (error) {
|
|
log.write ('Cannot read RADIUS packet');
|
|
log.write (error);
|
|
callback (null, "Error. Cannot read RADIUS packet.");
|
|
}
|
|
},
|
|
accounting: (msg, info, callback) => {
|
|
log.write ('Unsupported RADIUS packet');
|
|
callback (null, "Error. Unsupported RADIUS packet.");
|
|
}
|
|
},
|
|
user: {
|
|
create: data.createUser,
|
|
getall: data.getUsers,
|
|
getone: data.getUser,
|
|
delete: data.deleteUser
|
|
}
|
|
} |