Update config template and beautify the code

2026-02-11 18:16:24 +05:00 · 2020-03-23 15:50:14 +02:00
parent d218868777
commit 77f0e69ffe
14 changed files with 65 additions and 97 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,7 +8,6 @@ a.out
 *workspace
 docs/_*
 bin
-.idea
 dean*
 data/vagrant/.vagrant
 data/vagrant/vagrant_ansible_inventory_default
--- a/agents/librad.go
+++ b/agents/librad.go
@@ -19,7 +19,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>
 package agents

 import (
-	"crypto/md5"
 	"fmt"
 	"net"

@@ -120,10 +119,10 @@ func (pk *radiusDP) RemoteHost() net.Addr {
 	return utils.NewNetAddr(pk.req.RemoteAddr().Network(), pk.req.RemoteAddr().String())
 }

-//authReq is used to authorize a request
+//radauthReq is used to authorize a request
 //if User-Password avp is present use PAP auth
 //if CHAP-Password is presented use CHAP auth
-func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
+func radauthReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
 	// try to get UserPassword from Vars as slice of NMItems
 	nmItems, err := aReq.Vars.FieldAsInterface([]string{utils.UserPassword})
 	if err != nil {
@@ -139,35 +138,8 @@ func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
 			return false, nil
 		}
 	} else {
-		return checkAgainstCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)),
+		return radigo.AuthenticateCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)),
 			req.Authenticator[:], chapAVPs[0].RawValue), nil
 	}
 	return true, nil
 }
-
-//checkAgainstCHAP receive the password as plaintext and verify against the chap challenge
-func checkAgainstCHAP(password, authenticator, chapChallenge []byte) bool {
-	h := md5.New()
-	h.Write(chapChallenge[:1])
-	h.Write(password)
-	h.Write(authenticator)
-	answer := h.Sum(nil)
-	if len(answer) != len(chapChallenge[1:]) {
-		return false
-	}
-	for i := range answer {
-		if answer[i] != chapChallenge[i+1] {
-			return false
-		}
-	}
-	return true
-}
-
-//encodeChap is used in test to encode CHAP-Password raw value
-func encodeChap(password, authenticator, chapIdent []byte) []byte {
-	h := md5.New()
-	h.Write(chapIdent)
-	h.Write(password)
-	h.Write(authenticator)
-	return h.Sum(nil)
-}
--- a/agents/radagent.go
+++ b/agents/radagent.go
@@ -304,10 +304,10 @@ func (ra *RadiusAgent) processRequest(req *radigo.Packet, reqProcessor *config.R
 		}
 	case utils.MetaCDRs: // allow this method
 	case utils.MetaRadauth:
-		if ok, err := authReq(req, agReq); err != nil {
+		if ok, err := radauthReq(req, agReq); err != nil {
 			return false, err
 		} else if !ok {
-			agReq.CGRReply.Set([]string{utils.Error}, "Failed to authenticate request", false, false)
+			agReq.CGRReply.Set([]string{utils.Error}, utils.RadauthFailed, false, false)
 		}
 	}
 	// separate request so we can capture the Terminate/Event also here
--- a/agents/radagent_it_test.go
+++ b/agents/radagent_it_test.go
@@ -21,7 +21,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>
 package agents

 import (
-	"crypto/rand"
 	"fmt"
 	"net/rpc"
 	"os/exec"
@@ -207,7 +206,7 @@ func testRAitAuthPAPSuccess(t *testing.T) {
 		t.Error(err)
 	}
 	// encode the password as required so we can decode it properly
-	authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:])
+	authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -252,7 +251,7 @@ func testRAitAuthPAPFail(t *testing.T) {
 		t.Error(err)
 	}
 	// encode the password as required so we can decode it properly
-	authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:])
+	authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -280,7 +279,7 @@ func testRAitAuthPAPFail(t *testing.T) {
 	}
 	if len(reply.AVPs) != 1 { // make sure max duration is received
 		t.Errorf("Received AVPs: %+v", reply.AVPs)
-	} else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) {
+	} else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) {
 		t.Errorf("Received: %s", string(reply.AVPs[0].RawValue))
 	}
 }
@@ -296,14 +295,7 @@ func testRAitAuthCHAPSuccess(t *testing.T) {
 	if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword1", ""); err != nil {
 		t.Error(err)
 	}
-	// simulate encoding for CHAP-Password
-	chapIdent := make([]byte, 1)
-	rand.Read(chapIdent)
-	chapChallange := encodeChap([]byte("CGRateSPassword1"), authReq.Authenticator[:], chapIdent)
-	chapRawVal := make([]byte, 17)
-	copy(chapRawVal[:1], chapIdent)     // copy the Ident
-	copy(chapRawVal[1:], chapChallange) // copy the challange that needs to be verify
-	authReq.AVPs[1].RawValue = chapRawVal
+	authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword1"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -347,13 +339,8 @@ func testRAitAuthCHAPFail(t *testing.T) {
 	if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword2", ""); err != nil {
 		t.Error(err)
 	}
-	chapIdent := make([]byte, 1)
-	rand.Read(chapIdent)
-	chapChallange := encodeChap([]byte("CGRateSPassword2"), authReq.Authenticator[:], chapIdent)
-	chapRawVal := make([]byte, 17)
-	copy(chapRawVal[:1], chapIdent)
-	copy(chapRawVal[1:], chapChallange)
-	authReq.AVPs[1].RawValue = chapRawVal
+
+	authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword2"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -381,7 +368,7 @@ func testRAitAuthCHAPFail(t *testing.T) {
 	}
 	if len(reply.AVPs) != 1 { // make sure max duration is received
 		t.Errorf("Received AVPs: %+v", reply.AVPs)
-	} else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) {
+	} else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) {
 		t.Errorf("Received: %s", string(reply.AVPs[0].RawValue))
 	}
 }
--- a/data/conf/samples/dispatchers/radagent/cgrates.json
+++ b/data/conf/samples/dispatchers/radagent/cgrates.json
@@ -84,18 +84,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_internal/cgrates.json
+++ b/data/conf/samples/radagent_internal/cgrates.json
@@ -96,18 +96,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_internal_gob/cgrates.json
+++ b/data/conf/samples/radagent_internal_gob/cgrates.json
@@ -104,18 +104,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_mongo/cgrates.json
+++ b/data/conf/samples/radagent_mongo/cgrates.json
@@ -99,18 +99,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_mongo_gob/cgrates.json
+++ b/data/conf/samples/radagent_mongo_gob/cgrates.json
@@ -107,18 +107,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_mysql/cgrates.json
+++ b/data/conf/samples/radagent_mysql/cgrates.json
@@ -95,18 +95,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/data/conf/samples/radagent_mysql_gob/cgrates.json
+++ b/data/conf/samples/radagent_mysql_gob/cgrates.json
@@ -102,18 +102,19 @@
 			],
 		},
 		{
-			"id": "RadiusPAPAuth",
-			"filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"],
+			"id": "RadiusAuthProcessor",
+			"filters": ["*string:~*vars.*radReqType:*radAuth"],
 			"flags": ["*radauth", "*log"],
 			"request_fields":[
 				{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable",
 					"value": "~*cgrep.Attributes.PasswordFromAttributes"},
 			],
 			"reply_fields":[
-				{"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true},
-				{"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
-				{"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"},
-				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"}
+				{"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
+				{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*constant", "value": "AccessReject"},
+				{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"],
+					"type": "*variable", "value": "~*cgrep.Error"}
 			]
 		},
 		{
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/cgrates/fsock v0.0.0-20190623100231-317895b42f1a
 	github.com/cgrates/kamevapi v0.0.0-20191001125829-7dbc3ad58817
 	github.com/cgrates/ltcache v0.0.0-20181016092649-92fb7fa77cca
-	github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6
+	github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479
 	github.com/cgrates/rpcclient v0.0.0-20200107134035-188454eb71b3
 	github.com/creack/pty v1.1.7
 	github.com/fiorix/go-diameter v3.0.3-0.20190716165154-f4823472d0e0+incompatible
--- a/go.sum
+++ b/go.sum
@@ -75,6 +75,8 @@ github.com/cgrates/radigo v0.0.0-20200309151443-bb470a5a5c8d h1:4dDI8QG+rkQTNWws
 github.com/cgrates/radigo v0.0.0-20200309151443-bb470a5a5c8d/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8=
 github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6 h1:NLRfnSh1TGtCrgxVnpaSOEiwprmf/sQ+aOTM1kiEvaE=
 github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8=
+github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479 h1:UNareDs0BcycjiSy2ltRlsiaeoohDdt9OQOg55ak5Jc=
+github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8=
 github.com/cgrates/rpcclient v0.0.0-20190505150825-8fcc68b2c38b h1:GC+/hEDN/2Frh8Tjkf7u1XFxj0Z2XtwjBxj0OH6Mzhw=
 github.com/cgrates/rpcclient v0.0.0-20190505150825-8fcc68b2c38b/go.mod h1:Jy5Lv0y57OlxlNATKrkyAxgftYLHqXuxONgd4qsAC1U=
 github.com/cgrates/rpcclient v0.0.0-20191115092211-732f09b356e3 h1:Hr038ZfPZz87OKLV4pRSzf3U06lZ8zjl/cXpwrv7hCM=
--- a/utils/consts.go
+++ b/utils/consts.go
@@ -709,6 +709,7 @@ const (
 	FileName                  = "FileName"
 	MetaRadauth               = "*radauth"
 	UserPassword              = "UserPassword"
+	RadauthFailed             = "RADAUTH_FAILED"
 )

 // Migrator Action