55 lines
1.4 KiB
Go
55 lines
1.4 KiB
Go
package radius
|
|
|
|
import (
|
|
log "github.com/sirupsen/logrus"
|
|
"goauthentik.io/internal/outpost/flow"
|
|
"goauthentik.io/internal/outpost/ldap/flags"
|
|
"layeh.com/radius"
|
|
"layeh.com/radius/rfc2866"
|
|
)
|
|
|
|
func (rs *RadiusServer) Handle_DisconnectRequest(w radius.ResponseWriter, r *RadiusRequest) {
|
|
session := rfc2866.AcctSessionID_GetString(r.Packet)
|
|
|
|
sendFailResponse := func() {
|
|
failResponse := r.Response(radius.CodeDisconnectACK)
|
|
err := w.Write(failResponse)
|
|
if err != nil {
|
|
r.Log().WithError(err).Warning("failed to write response")
|
|
}
|
|
}
|
|
|
|
r.pi.boundUsersMutex.Lock()
|
|
var f *flags.UserFlags
|
|
if ff, ok := r.pi.boundUsers[session]; !ok {
|
|
r.pi.boundUsersMutex.Unlock()
|
|
sendFailResponse()
|
|
return
|
|
} else {
|
|
f = ff
|
|
}
|
|
r.pi.boundUsersMutex.Unlock()
|
|
|
|
fe := flow.NewFlowExecutor(r.Context(), r.pi.invalidationFlowSlug, rs.ac.Client.GetConfig(), log.Fields{
|
|
"client": r.RemoteAddr(),
|
|
"requestId": r.ID(),
|
|
})
|
|
fe.SetSession(f.Session)
|
|
fe.DelegateClientIP(r.RemoteAddr())
|
|
fe.Params.Add("goauthentik.io/outpost/radius", "true")
|
|
_, err := fe.Execute()
|
|
if err != nil {
|
|
r.log.WithError(err).Warning("failed to logout user")
|
|
sendFailResponse()
|
|
return
|
|
}
|
|
r.pi.boundUsersMutex.Lock()
|
|
delete(r.pi.boundUsers, session)
|
|
r.pi.boundUsersMutex.Unlock()
|
|
response := r.Response(radius.CodeDisconnectACK)
|
|
err = w.Write(response)
|
|
if err != nil {
|
|
r.Log().WithError(err).Warning("failed to write response")
|
|
}
|
|
}
|