forked from go-routeros/routeros
-
Notifications
You must be signed in to change notification settings - Fork 0
/
client.go
128 lines (112 loc) · 2.8 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/*
Package routeros is a pure Go client library for accessing Mikrotik devices using the RouterOS API.
*/
package routeros
import (
"crypto/md5"
"crypto/tls"
"encoding/hex"
"errors"
"fmt"
"io"
"net"
"sync"
"time"
"github.com/go-routeros/routeros/proto"
)
// Client is a RouterOS API client.
type Client struct {
Queue int
rwc io.ReadWriteCloser
r proto.Reader
w proto.Writer
closing bool
async bool
nextTag int64
tags map[string]sentenceProcessor
mu sync.Mutex
}
// NewClient returns a new Client over rwc. Login must be called.
func NewClient(rwc io.ReadWriteCloser) (*Client, error) {
return &Client{
rwc: rwc,
r: proto.NewReader(rwc),
w: proto.NewWriter(rwc),
}, nil
}
// Dial connects and logs in to a RouterOS device.
func Dial(address, username, password string) (*Client, error) {
conn, err := net.Dial("tcp", address)
if err != nil {
return nil, err
}
return newClientAndLogin(conn, username, password)
}
// DialTLS connects and logs in to a RouterOS device using TLS.
func DialTLS(address, username, password string, tlsConfig *tls.Config, timeout time.Duration) (*Client, error) {
conn, err := net.DialTimeout("tcp", address, timeout)
if err != nil {
return nil, err
}
tlsConn := tls.Client(conn, tlsConfig)
if err := tlsConn.Handshake(); err != nil {
return nil, err
}
return newClientAndLogin(tlsConn, username, password)
}
func newClientAndLogin(rwc io.ReadWriteCloser, username, password string) (*Client, error) {
c, err := NewClient(rwc)
if err != nil {
rwc.Close()
return nil, err
}
err = c.Login(username, password)
if err != nil {
c.Close()
return nil, err
}
return c, nil
}
// Close closes the connection to the RouterOS device.
func (c *Client) Close() {
c.mu.Lock()
if c.closing {
c.mu.Unlock()
return
}
c.closing = true
c.mu.Unlock()
c.rwc.Close()
}
// Login runs the /login command. Dial and DialTLS call this automatically.
func (c *Client) Login(username, password string) error {
r, err := c.Run("/login", "=name="+username, "=password="+password)
if err != nil {
return err
}
ret, ok := r.Done.Map["ret"]
if !ok {
// Login method post-6.43 one stage, cleartext and no challenge
if r.Done != nil {
return nil
}
return errors.New("RouterOS: /login: no ret (challenge) received")
}
// Login method pre-6.43 two stages, challenge
b, err := hex.DecodeString(ret)
if err != nil {
return fmt.Errorf("RouterOS: /login: invalid ret (challenge) hex string received: %s", err)
}
r, err = c.Run("/login", "=name="+username, "=response="+c.challengeResponse(b, password))
if err != nil {
return err
}
return nil
}
func (c *Client) challengeResponse(cha []byte, password string) string {
h := md5.New()
h.Write([]byte{0})
io.WriteString(h, password)
h.Write(cha)
return fmt.Sprintf("00%x", h.Sum(nil))
}