From 4a812a294b72e2aec39d15371db06d8f51498484 Mon Sep 17 00:00:00 2001 From: arberkatellari Date: Thu, 5 Oct 2023 11:20:43 -0400 Subject: [PATCH] Correct addition of vendor at radReplyAppendAttributes & IT test for it --- agents/librad.go | 2 +- agents/radagent_it_test.go | 37 ++++++++- .../dispatchers/radagent/authchap.json | 21 ----- .../radagent/authvendorwblock.json | 81 +++++++++++++++++++ .../samples/radagent_internal/authchap.json | 21 ----- .../radagent_internal/authvendorwblock.json | 81 +++++++++++++++++++ .../radagent_internal_gob/authchap.json | 21 ----- .../authvendorwblock.json | 81 +++++++++++++++++++ .../conf/samples/radagent_mongo/authchap.json | 21 ----- .../radagent_mongo/authvendorwblock.json | 81 +++++++++++++++++++ .../samples/radagent_mongo_gob/authchap.json | 21 ----- .../radagent_mongo_gob/authvendorwblock.json | 81 +++++++++++++++++++ .../conf/samples/radagent_mysql/authchap.json | 21 ----- .../radagent_mysql/authvendorwblock.json | 81 +++++++++++++++++++ .../samples/radagent_mysql_gob/authchap.json | 21 ----- .../radagent_mysql_gob/authvendorwblock.json | 81 +++++++++++++++++++ 16 files changed, 602 insertions(+), 151 deletions(-) create mode 100644 data/conf/samples/dispatchers/radagent/authvendorwblock.json create mode 100644 data/conf/samples/radagent_internal/authvendorwblock.json create mode 100644 data/conf/samples/radagent_internal_gob/authvendorwblock.json create mode 100644 data/conf/samples/radagent_mongo/authvendorwblock.json create mode 100644 data/conf/samples/radagent_mongo_gob/authvendorwblock.json create mode 100644 data/conf/samples/radagent_mysql/authvendorwblock.json create mode 100644 data/conf/samples/radagent_mysql_gob/authvendorwblock.json diff --git a/agents/librad.go b/agents/librad.go index 90b04ab67..738f538fb 100644 --- a/agents/librad.go +++ b/agents/librad.go @@ -38,7 +38,7 @@ func radReplyAppendAttributes(reply *radigo.Packet, rplNM *utils.OrderedNavigabl continue } var attrName, vendorName string - if len(path) > 2 { + if len(path) > 1 { vendorName, attrName = path[0], path[1] } else { attrName = path[0] diff --git a/agents/radagent_it_test.go b/agents/radagent_it_test.go index 727ace527..aaadc1c6c 100644 --- a/agents/radagent_it_test.go +++ b/agents/radagent_it_test.go @@ -55,6 +55,7 @@ var ( testRAitAuthPAPSuccess, testRAitAuthPAPFail, testRAitMandatoryFail, + testRAitWithVendor, testRAitAuthCHAPSuccess, testRAitAuthCHAPFail, testRAitAuthMSCHAPV2Success, @@ -294,14 +295,13 @@ func testRAitMandatoryFail(t *testing.T) { if raAuthClnt, err = radigo.NewClient("udp", "127.0.0.1:1812", "CGRateS.org", dictRad, 1, nil); err != nil { t.Fatal(err) } - authReq := raAuthClnt.NewRequest(radigo.AccessRequest, 1) // emulates Kamailio packet out of radius_load_caller_avps() + authReq := raAuthClnt.NewRequest(radigo.AccessRequest, 1) if err := authReq.AddAVPWithName("User-Name", "10011", ""); err != nil { t.Error(err) } if err := authReq.AddAVPWithName("User-Password", "CGRateSPassword3", ""); err != nil { t.Error(err) } - // encode the password as required so we can decode it properly authReq.AVPs[1].RawValue = radigo.EncodeUserPassword([]byte("CGRateSPassword3"), []byte("CGRateS.org"), authReq.Authenticator[:]) reply, err := raAuthClnt.SendRequest(authReq) if err != nil { @@ -311,13 +311,44 @@ func testRAitMandatoryFail(t *testing.T) { t.Errorf("Received reply: %+v", reply) } exp := "ATTRIBUTES_ERROR:" + utils.MandatoryIEMissingCaps + ": [RadReplyMessage]" - if len(reply.AVPs) != 1 { // make sure max duration is received + if len(reply.AVPs) != 1 { t.Errorf("Received AVPs: %+v", reply.AVPs) } else if exp != string(reply.AVPs[0].RawValue) { t.Errorf("Expected <%+v>, Received: <%+v>", exp, string(reply.AVPs[0].RawValue)) } } +func testRAitWithVendor(t *testing.T) { + if raAuthClnt, err = radigo.NewClient("udp", "127.0.0.1:1812", "CGRateS.org", dictRad, 1, nil); err != nil { + t.Fatal(err) + } + authReq := raAuthClnt.NewRequest(radigo.AccessRequest, 1) + if err := authReq.AddAVPWithName("User-Name", "10012", ""); err != nil { + t.Error(err) + } + if err := authReq.AddAVPWithName("User-Password", "CGRateSPassword3", ""); err != nil { + t.Error(err) + } + authReq.AVPs[1].RawValue = radigo.EncodeUserPassword([]byte("CGRateSPassword3"), []byte("CGRateS.org"), authReq.Authenticator[:]) + reply, err := raAuthClnt.SendRequest(authReq) + if err != nil { + t.Fatal(err) + } + + if reply.Code != radigo.AccessAccept { + t.Errorf("Received reply: %+v", reply) + } + if len(reply.AVPs) != 3 { + t.Errorf("Received AVPs: %+v", reply.AVPs) + } else if string(reply.AVPs[0].RawValue) != "\x00\x00\x00\x00*\bClass1" { + t.Errorf("Expected <%+q>, Received: <%+q>", "\x00\x00\x00\x00*\bClass1", string(reply.AVPs[0].RawValue)) + } else if string(reply.AVPs[1].RawValue) != "\x00\x00\x00\x00*\bClass2" { + t.Errorf("Expected <%q>, Received: <%q>", "\x00\x00\x00\x00*\bClass2", string(reply.AVPs[1].RawValue)) + } else if string(reply.AVPs[2].RawValue) != "\x00\x00\x00\x00*\bClass3" { + t.Errorf("Expected <%q>, Received: <%q>", "\x00\x00\x00\x00*\bClass3", string(reply.AVPs[2].RawValue)) + } +} + func testRAitAuthCHAPSuccess(t *testing.T) { if raAuthClnt, err = radigo.NewClient("udp", "127.0.0.1:1812", "CGRateS.org", dictRad, 1, nil); err != nil { t.Fatal(err) diff --git a/data/conf/samples/dispatchers/radagent/authchap.json b/data/conf/samples/dispatchers/radagent/authchap.json index 4f0e338cf..39193305d 100644 --- a/data/conf/samples/dispatchers/radagent/authchap.json +++ b/data/conf/samples/dispatchers/radagent/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage", "mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/dispatchers/radagent/authvendorwblock.json b/data/conf/samples/dispatchers/radagent/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/dispatchers/radagent/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_internal/authchap.json b/data/conf/samples/radagent_internal/authchap.json index 4f0e338cf..39193305d 100644 --- a/data/conf/samples/radagent_internal/authchap.json +++ b/data/conf/samples/radagent_internal/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage", "mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/radagent_internal/authvendorwblock.json b/data/conf/samples/radagent_internal/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_internal/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_internal_gob/authchap.json b/data/conf/samples/radagent_internal_gob/authchap.json index 51a6e79ff..3a776d293 100644 --- a/data/conf/samples/radagent_internal_gob/authchap.json +++ b/data/conf/samples/radagent_internal_gob/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage","mandatory":true}, - ], - }, ], }, }, \ No newline at end of file diff --git a/data/conf/samples/radagent_internal_gob/authvendorwblock.json b/data/conf/samples/radagent_internal_gob/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_internal_gob/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_mongo/authchap.json b/data/conf/samples/radagent_mongo/authchap.json index 02bc00a4a..39193305d 100644 --- a/data/conf/samples/radagent_mongo/authchap.json +++ b/data/conf/samples/radagent_mongo/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage","mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/radagent_mongo/authvendorwblock.json b/data/conf/samples/radagent_mongo/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_mongo/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_mongo_gob/authchap.json b/data/conf/samples/radagent_mongo_gob/authchap.json index 02bc00a4a..39193305d 100644 --- a/data/conf/samples/radagent_mongo_gob/authchap.json +++ b/data/conf/samples/radagent_mongo_gob/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage","mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/radagent_mongo_gob/authvendorwblock.json b/data/conf/samples/radagent_mongo_gob/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_mongo_gob/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_mysql/authchap.json b/data/conf/samples/radagent_mysql/authchap.json index 02bc00a4a..39193305d 100644 --- a/data/conf/samples/radagent_mysql/authchap.json +++ b/data/conf/samples/radagent_mysql/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage","mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/radagent_mysql/authvendorwblock.json b/data/conf/samples/radagent_mysql/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_mysql/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file diff --git a/data/conf/samples/radagent_mysql_gob/authchap.json b/data/conf/samples/radagent_mysql_gob/authchap.json index 02bc00a4a..39193305d 100644 --- a/data/conf/samples/radagent_mysql_gob/authchap.json +++ b/data/conf/samples/radagent_mysql_gob/authchap.json @@ -46,27 +46,6 @@ "type": "*variable", "value": "~*cgrep.Error"} ] }, - { - "id": "RadiusMandatoryFail", - "filters": ["*string:~*vars.*radReqType:*radAuth","*string:~*req.User-Name:10011"], - "flags": ["*log", "*authorize", "*attributes"], - "request_fields":[ - {"tag": "UserName", "path": "*cgreq.RadUserName", "type": "*variable", - "value": "~*req.User-Name"}, - {"tag": "Password", "path": "*cgreq.RadPassword", "type": "*variable", - "value": "~*req.User-Password"}, - {"tag": "ReplyMessage", "path": "*cgreq.RadReplyMessage", "type": "*constant", - "value": "*attributes"}, - ], - "reply_fields":[ - {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], - "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message","filters": ["*notempty:~*cgrep.Error:"], - "type": "*variable", "value": "~*cgrep.Error", "blocker":true}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", - "type": "*variable", "value": "~*cgrep.Attributes.RadReplyMessage","mandatory":true}, - ], - }, ], } } \ No newline at end of file diff --git a/data/conf/samples/radagent_mysql_gob/authvendorwblock.json b/data/conf/samples/radagent_mysql_gob/authvendorwblock.json new file mode 100644 index 000000000..9eeb3e7a2 --- /dev/null +++ b/data/conf/samples/radagent_mysql_gob/authvendorwblock.json @@ -0,0 +1,81 @@ +{ + + "radius_agent": { + "request_processors": [{ + "id": "RadiusMandatoryFail", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10011"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + }, + { + "tag": "ReplyMessage","path": "*cgreq.RadReplyMessage", + "type": "*constant","value": "*attributes" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "type": "*variable","value": "~*cgrep.Attributes.RadReplyMessage", + "mandatory": true + } + ] + }, + { + "id": "RadiusWithVendor", + "filters": ["*string:~*vars.*radReqType:*radAuth", "*string:~*req.User-Name:10012"], + "flags": ["*log", "*authorize", "*attributes"], + "request_fields": [ + { + "tag": "UserName","path": "*cgreq.RadUserName", + "type": "*variable","value": "~*req.User-Name" + }, + { + "tag": "Password","path": "*cgreq.RadPassword", + "type": "*variable","value": "~*req.User-Password" + } + ], + "reply_fields": [ + { + "tag": "Code","path": "*rep.*radReplyCode", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*constant", + "value": "AccessReject" + }, + { + "tag": "ReplyMessage","path": "*rep.Reply-Message", + "filters": ["*notempty:~*cgrep.Error:"],"type": "*variable", + "value": "~*cgrep.Error","blocker": true + }, + { + "tag": "MicrosoftB1","path": "*rep.Microsoft.MS-Service-Class", + "type": "*constant","value": "Class1" + }, + { + "tag": "MicrosoftB2","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class2","new_branch": true + }, + { + "tag": "MicrosoftB3","path": "*rep.Microsoft.MS-Service-Class", + "type": "*group","value": "Class3","new_branch": true + } + ] + } + ] + } +} \ No newline at end of file