uppal/cgrates-radius
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bypass auth with *none flag - workaround for PAP null-padding bug

Browse Source 
CGRateS has a bug where PAP passwords are compared with null padding
intact ("test\0\0\0..." != "test"). Using *none flag to accept all
auth requests while returning Session-Timeout.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Junaid Saeed Uppal
2025-12-23 23:24:01 +05:00
parent 11ee815a44
commit dd335be7f5
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cgrates.json
View File

@@ -82,16 +82,12 @@
}, },
"request_processors": [ "request_processors": [
{ {
"id": "AuthPAP", "id": "Auth",
"filters": ["*string:~*vars.*radReqType:*radAuth"], "filters": ["*string:~*vars.*radReqType:*radAuth"],
"flags": ["*radauth", "*pap", "*log"], "flags": ["*none", "*log"],
"request_fields": [ "request_fields": [],
{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*constant", "value": "test"}
],
"reply_fields": [ "reply_fields": [
{"tag": "SessionTimeout", "path": "*rep.Session-Timeout", "type": "*constant", "value": "3600"}, {"tag": "SessionTimeout", "path": "*rep.Session-Timeout", "type": "*constant", "value": "3600"}
{"tag": "ReplyOnError", "filters": ["*notempty:~*cgrep.Error:"], "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
{"tag": "ReplyMessage", "filters": ["*notempty:~*cgrep.Error:"], "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
] ]
} }
] ]