providers/radius: simple radius outpost (#1796)

* initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-20 16:54:35 +01:00
parent 84c2da8a6e
commit 3f5effb1bc
54 changed files with 5433 additions and 677 deletions
--- a/internal/outpost/radius/api.go
+++ b/internal/outpost/radius/api.go
@ -0,0 +1,62 @@
+package radius
+
+import (
+	"context"
+	"errors"
+	"net"
+	"sort"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+func parseCIDRs(raw string) []*net.IPNet {
+	parts := strings.Split(raw, ",")
+	cidrs := make([]*net.IPNet, len(parts))
+	for i, p := range parts {
+		_, ipnet, err := net.ParseCIDR(strings.TrimSpace(p))
+		if err != nil {
+			log.WithError(err).WithField("cidr", p).Error("Failed to parse CIDR")
+			continue
+		}
+		cidrs[i] = ipnet
+	}
+	sort.Slice(cidrs, func(i, j int) bool {
+		_, bi := cidrs[i].Mask.Size()
+		_, bj := cidrs[j].Mask.Size()
+		return bi < bj
+	})
+	return cidrs
+}
+
+func (rs *RadiusServer) Refresh() error {
+	outposts, _, err := rs.ac.Client.OutpostsApi.OutpostsRadiusList(context.Background()).Execute()
+	if err != nil {
+		return err
+	}
+	if len(outposts.Results) < 1 {
+		return errors.New("no radius provider defined")
+	}
+	providers := make([]*ProviderInstance, len(outposts.Results))
+	for idx, provider := range outposts.Results {
+		logger := log.WithField("logger", "authentik.outpost.radius").WithField("provider", provider.Name)
+		s := *provider.SharedSecret
+		c := *provider.ClientNetworks
+		providers[idx] = &ProviderInstance{
+			SharedSecret:   []byte(s),
+			ClientNetworks: parseCIDRs(c),
+			appSlug:        provider.ApplicationSlug,
+			flowSlug:       provider.AuthFlowSlug,
+			s:              rs,
+			log:            logger,
+		}
+	}
+	rs.providers = providers
+	rs.log.Info("Update providers")
+	return nil
+}
+
+func (rs *RadiusServer) StartRadiusServer() error {
+	rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server")
+	return rs.s.ListenAndServe()
+}