radius 添加 CallingStationID

server/dbdata/group.go

@@ -340,7 +340,8 @@ func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
 	if err != nil {
 		return err
 	}
-	err = auth.checkUser(name, pwd, g)
+	ext := map[string]interface{}{}
+	err = auth.checkUser(name, pwd, g, ext)
 	return err
 }
 

server/dbdata/user.go

@@ -68,7 +68,7 @@ func SetUser(v *User) error {
 }
 
 // 验证用户登录信息
-func CheckUser(name, pwd, group string) error {
+func CheckUser(name, pwd, group string, ext map[string]interface{}) error {
 	// 获取登入的group数据
 	groupData := &Group{}
 	err := One("Name", group, groupData)
@@ -82,19 +82,19 @@ func CheckUser(name, pwd, group string) error {
 	authType := groupData.Auth["type"].(string)
 	// 本地认证方式
 	if authType == "local" {
-		return checkLocalUser(name, pwd, group)
+		return checkLocalUser(name, pwd, group, ext)
 	}
 	// 其它认证方式, 支持自定义
 	_, ok := authRegistry[authType]
 	if !ok {
 		return fmt.Errorf("%s %s", "未知的认证方式: ", authType)
 	}
 	auth := makeInstance(authType).(IUserAuth)
-	return auth.checkUser(name, pwd, groupData)
+	return auth.checkUser(name, pwd, groupData, ext)
 }
 
 // 验证本地用户登录信息
-func checkLocalUser(name, pwd, group string) error {
+func checkLocalUser(name, pwd, group string, ext map[string]interface{}) error {
 	// TODO 严重问题
 	// return nil
 

server/dbdata/userauth.go

@@ -9,7 +9,7 @@ var authRegistry = make(map[string]reflect.Type)
 
 type IUserAuth interface {
 	checkData(authData map[string]interface{}) error
-	checkUser(name, pwd string, g *Group) error
+	checkUser(name, pwd string, g *Group, ext map[string]interface{}) error
 }
 
 func makeInstance(name string) interface{} {

server/dbdata/userauth_ldap.go

@@ -61,7 +61,7 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 	return nil
 }
 
-func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
+func (auth AuthLdap) checkUser(name, pwd string, g *Group, ext map[string]interface{}) error {
 	pl := len(pwd)
 	if name == "" || pl < 1 {
 		return fmt.Errorf("%s %s", name, "密码错误")

server/dbdata/userauth_radius.go

@@ -40,7 +40,7 @@ func (auth AuthRadius) checkData(authData map[string]interface{}) error {
 	return nil
 }
 
-func (auth AuthRadius) checkUser(name, pwd string, g *Group) error {
+func (auth AuthRadius) checkUser(name, pwd string, g *Group, ext map[string]interface{}) error {
 	pl := len(pwd)
 	if name == "" || pl < 1 {
 		return fmt.Errorf("%s %s", name, "密码错误")
@@ -74,15 +74,23 @@ func (auth AuthRadius) checkUser(name, pwd string, g *Group) error {
 			return fmt.Errorf("%s %s", name, "Radius set nasip 出现错误")
 		}
 	}
+	macAddr := ext["mac_addr"].(string)
+	if macAddr != "" {
+		err = rfc2865.CallingStationID_SetString(packet, macAddr)
+		if err != nil {
+			return fmt.Errorf("%s %s", name, "Radius set CallingStationID 出现错误")
+		}
+	}
 
 	ctx, done := context.WithTimeout(context.Background(), 3*time.Second)
 	defer done()
 	response, err := radius.Exchange(ctx, packet, auth.Addr)
 	if err != nil {
-		return fmt.Errorf("%s %s", name, "Radius服务器连接异常, 请检测服务器和端口")
+		return fmt.Errorf("%s %s %s", name, "Radius服务器连接异常, 请检测服务器和端口", err)
 	}
 	if response.Code != radius.CodeAccessAccept {
 		return fmt.Errorf("%s %s", name, "Radius：用户名或密码错误")
 	}
 	return nil
+
 }

server/handler/link_auth.go

@@ -99,7 +99,8 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		UserActLog:    ua,
 	}
 	// TODO 用户密码校验
-	err = dbdata.CheckUser(cr.Auth.Username, cr.Auth.Password, cr.GroupSelect)
+	err = dbdata.CheckUser(cr.Auth.Username, cr.Auth.Password, cr.GroupSelect,
+		map[string]interface{}{"mac_addr": cr.MacAddressList.MacAddress})
 	if err != nil {
 		// lockManager.LoginStatus.Store(loginStatusKey, false) // 记录登录失败状态
 		// hc := r.Context().Value(loginStatusKey).(*HttpContext)