From 77f0e69ffeee5478fb8dde06fb57497145e91c18 Mon Sep 17 00:00:00 2001 From: TeoV Date: Mon, 23 Mar 2020 15:50:14 +0200 Subject: [PATCH] Update config template and beautify the code --- .gitignore | 1 - agents/librad.go | 34 ++----------------- agents/radagent.go | 4 +-- agents/radagent_it_test.go | 27 ++++----------- .../samples/dispatchers/radagent/cgrates.json | 13 +++---- .../samples/radagent_internal/cgrates.json | 13 +++---- .../radagent_internal_gob/cgrates.json | 13 +++---- data/conf/samples/radagent_mongo/cgrates.json | 13 +++---- .../samples/radagent_mongo_gob/cgrates.json | 13 +++---- data/conf/samples/radagent_mysql/cgrates.json | 13 +++---- .../samples/radagent_mysql_gob/cgrates.json | 13 +++---- go.mod | 2 +- go.sum | 2 ++ utils/consts.go | 1 + 14 files changed, 65 insertions(+), 97 deletions(-) diff --git a/.gitignore b/.gitignore index 3283dcc7a..b4b627791 100644 --- a/.gitignore +++ b/.gitignore @@ -8,7 +8,6 @@ a.out *workspace docs/_* bin -.idea dean* data/vagrant/.vagrant data/vagrant/vagrant_ansible_inventory_default diff --git a/agents/librad.go b/agents/librad.go index e1ecf36fc..14a30110a 100644 --- a/agents/librad.go +++ b/agents/librad.go @@ -19,7 +19,6 @@ along with this program. If not, see package agents import ( - "crypto/md5" "fmt" "net" @@ -120,10 +119,10 @@ func (pk *radiusDP) RemoteHost() net.Addr { return utils.NewNetAddr(pk.req.RemoteAddr().Network(), pk.req.RemoteAddr().String()) } -//authReq is used to authorize a request +//radauthReq is used to authorize a request //if User-Password avp is present use PAP auth //if CHAP-Password is presented use CHAP auth -func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) { +func radauthReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) { // try to get UserPassword from Vars as slice of NMItems nmItems, err := aReq.Vars.FieldAsInterface([]string{utils.UserPassword}) if err != nil { @@ -139,35 +138,8 @@ func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) { return false, nil } } else { - return checkAgainstCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)), + return radigo.AuthenticateCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)), req.Authenticator[:], chapAVPs[0].RawValue), nil } return true, nil } - -//checkAgainstCHAP receive the password as plaintext and verify against the chap challenge -func checkAgainstCHAP(password, authenticator, chapChallenge []byte) bool { - h := md5.New() - h.Write(chapChallenge[:1]) - h.Write(password) - h.Write(authenticator) - answer := h.Sum(nil) - if len(answer) != len(chapChallenge[1:]) { - return false - } - for i := range answer { - if answer[i] != chapChallenge[i+1] { - return false - } - } - return true -} - -//encodeChap is used in test to encode CHAP-Password raw value -func encodeChap(password, authenticator, chapIdent []byte) []byte { - h := md5.New() - h.Write(chapIdent) - h.Write(password) - h.Write(authenticator) - return h.Sum(nil) -} diff --git a/agents/radagent.go b/agents/radagent.go index c7f039f64..ff8710289 100644 --- a/agents/radagent.go +++ b/agents/radagent.go @@ -304,10 +304,10 @@ func (ra *RadiusAgent) processRequest(req *radigo.Packet, reqProcessor *config.R } case utils.MetaCDRs: // allow this method case utils.MetaRadauth: - if ok, err := authReq(req, agReq); err != nil { + if ok, err := radauthReq(req, agReq); err != nil { return false, err } else if !ok { - agReq.CGRReply.Set([]string{utils.Error}, "Failed to authenticate request", false, false) + agReq.CGRReply.Set([]string{utils.Error}, utils.RadauthFailed, false, false) } } // separate request so we can capture the Terminate/Event also here diff --git a/agents/radagent_it_test.go b/agents/radagent_it_test.go index 7073ac030..a7ea35d50 100644 --- a/agents/radagent_it_test.go +++ b/agents/radagent_it_test.go @@ -21,7 +21,6 @@ along with this program. If not, see package agents import ( - "crypto/rand" "fmt" "net/rpc" "os/exec" @@ -207,7 +206,7 @@ func testRAitAuthPAPSuccess(t *testing.T) { t.Error(err) } // encode the password as required so we can decode it properly - authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:]) + authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:]) if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil { t.Error(err) } @@ -252,7 +251,7 @@ func testRAitAuthPAPFail(t *testing.T) { t.Error(err) } // encode the password as required so we can decode it properly - authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:]) + authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:]) if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil { t.Error(err) } @@ -280,7 +279,7 @@ func testRAitAuthPAPFail(t *testing.T) { } if len(reply.AVPs) != 1 { // make sure max duration is received t.Errorf("Received AVPs: %+v", reply.AVPs) - } else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) { + } else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) { t.Errorf("Received: %s", string(reply.AVPs[0].RawValue)) } } @@ -296,14 +295,7 @@ func testRAitAuthCHAPSuccess(t *testing.T) { if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword1", ""); err != nil { t.Error(err) } - // simulate encoding for CHAP-Password - chapIdent := make([]byte, 1) - rand.Read(chapIdent) - chapChallange := encodeChap([]byte("CGRateSPassword1"), authReq.Authenticator[:], chapIdent) - chapRawVal := make([]byte, 17) - copy(chapRawVal[:1], chapIdent) // copy the Ident - copy(chapRawVal[1:], chapChallange) // copy the challange that needs to be verify - authReq.AVPs[1].RawValue = chapRawVal + authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword1"), authReq.Authenticator[:]) if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil { t.Error(err) } @@ -347,13 +339,8 @@ func testRAitAuthCHAPFail(t *testing.T) { if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword2", ""); err != nil { t.Error(err) } - chapIdent := make([]byte, 1) - rand.Read(chapIdent) - chapChallange := encodeChap([]byte("CGRateSPassword2"), authReq.Authenticator[:], chapIdent) - chapRawVal := make([]byte, 17) - copy(chapRawVal[:1], chapIdent) - copy(chapRawVal[1:], chapChallange) - authReq.AVPs[1].RawValue = chapRawVal + + authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword2"), authReq.Authenticator[:]) if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil { t.Error(err) } @@ -381,7 +368,7 @@ func testRAitAuthCHAPFail(t *testing.T) { } if len(reply.AVPs) != 1 { // make sure max duration is received t.Errorf("Received AVPs: %+v", reply.AVPs) - } else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) { + } else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) { t.Errorf("Received: %s", string(reply.AVPs[0].RawValue)) } } diff --git a/data/conf/samples/dispatchers/radagent/cgrates.json b/data/conf/samples/dispatchers/radagent/cgrates.json index 3978d4eff..1937f240f 100644 --- a/data/conf/samples/dispatchers/radagent/cgrates.json +++ b/data/conf/samples/dispatchers/radagent/cgrates.json @@ -84,18 +84,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_internal/cgrates.json b/data/conf/samples/radagent_internal/cgrates.json index bbb61f80a..87bf5dd09 100644 --- a/data/conf/samples/radagent_internal/cgrates.json +++ b/data/conf/samples/radagent_internal/cgrates.json @@ -96,18 +96,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_internal_gob/cgrates.json b/data/conf/samples/radagent_internal_gob/cgrates.json index e9866eda0..de820ee01 100644 --- a/data/conf/samples/radagent_internal_gob/cgrates.json +++ b/data/conf/samples/radagent_internal_gob/cgrates.json @@ -104,18 +104,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_mongo/cgrates.json b/data/conf/samples/radagent_mongo/cgrates.json index 48d27c728..8fc2c92dc 100644 --- a/data/conf/samples/radagent_mongo/cgrates.json +++ b/data/conf/samples/radagent_mongo/cgrates.json @@ -99,18 +99,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_mongo_gob/cgrates.json b/data/conf/samples/radagent_mongo_gob/cgrates.json index c1a103a66..7decb638b 100644 --- a/data/conf/samples/radagent_mongo_gob/cgrates.json +++ b/data/conf/samples/radagent_mongo_gob/cgrates.json @@ -107,18 +107,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_mysql/cgrates.json b/data/conf/samples/radagent_mysql/cgrates.json index 513354430..979f99e30 100644 --- a/data/conf/samples/radagent_mysql/cgrates.json +++ b/data/conf/samples/radagent_mysql/cgrates.json @@ -95,18 +95,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/data/conf/samples/radagent_mysql_gob/cgrates.json b/data/conf/samples/radagent_mysql_gob/cgrates.json index 8cef9f440..13301dd77 100644 --- a/data/conf/samples/radagent_mysql_gob/cgrates.json +++ b/data/conf/samples/radagent_mysql_gob/cgrates.json @@ -102,18 +102,19 @@ ], }, { - "id": "RadiusPAPAuth", - "filters": ["*string:~*vars.*radReqType:*radAuth","*exists:~*req.User-Password:"], + "id": "RadiusAuthProcessor", + "filters": ["*string:~*vars.*radReqType:*radAuth"], "flags": ["*radauth", "*log"], "request_fields":[ {"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.PasswordFromAttributes"}, ], "reply_fields":[ - {"filters": ["*empty:~*cgrep.Error:"], "type": "*none", "blocker": true}, - {"filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, - {"tag": "Code", "path": "*rep.*radReplyCode", "type": "*constant", "value": "AccessReject"}, - {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "type": "*variable", "value": "~*cgrep.Error"} + {"tag":"RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"}, + {"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*constant", "value": "AccessReject"}, + {"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], + "type": "*variable", "value": "~*cgrep.Error"} ] }, { diff --git a/go.mod b/go.mod index 81a97c5ae..4d5a98818 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/cgrates/fsock v0.0.0-20190623100231-317895b42f1a github.com/cgrates/kamevapi v0.0.0-20191001125829-7dbc3ad58817 github.com/cgrates/ltcache v0.0.0-20181016092649-92fb7fa77cca - github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6 + github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479 github.com/cgrates/rpcclient v0.0.0-20200107134035-188454eb71b3 github.com/creack/pty v1.1.7 github.com/fiorix/go-diameter v3.0.3-0.20190716165154-f4823472d0e0+incompatible diff --git a/go.sum b/go.sum index 048c2727b..4349bc91c 100644 --- a/go.sum +++ b/go.sum @@ -75,6 +75,8 @@ github.com/cgrates/radigo v0.0.0-20200309151443-bb470a5a5c8d h1:4dDI8QG+rkQTNWws github.com/cgrates/radigo v0.0.0-20200309151443-bb470a5a5c8d/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8= github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6 h1:NLRfnSh1TGtCrgxVnpaSOEiwprmf/sQ+aOTM1kiEvaE= github.com/cgrates/radigo v0.0.0-20200318092814-07da25249ae6/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8= +github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479 h1:UNareDs0BcycjiSy2ltRlsiaeoohDdt9OQOg55ak5Jc= +github.com/cgrates/radigo v0.0.0-20200321121249-9e416fdf1479/go.mod h1:mTCzHAYfgZlRe0HorDz+jy2JTrNvNuKkHBAUjDZBWq8= github.com/cgrates/rpcclient v0.0.0-20190505150825-8fcc68b2c38b h1:GC+/hEDN/2Frh8Tjkf7u1XFxj0Z2XtwjBxj0OH6Mzhw= github.com/cgrates/rpcclient v0.0.0-20190505150825-8fcc68b2c38b/go.mod h1:Jy5Lv0y57OlxlNATKrkyAxgftYLHqXuxONgd4qsAC1U= github.com/cgrates/rpcclient v0.0.0-20191115092211-732f09b356e3 h1:Hr038ZfPZz87OKLV4pRSzf3U06lZ8zjl/cXpwrv7hCM= diff --git a/utils/consts.go b/utils/consts.go index fcfff939a..7ebaf2258 100755 --- a/utils/consts.go +++ b/utils/consts.go @@ -709,6 +709,7 @@ const ( FileName = "FileName" MetaRadauth = "*radauth" UserPassword = "UserPassword" + RadauthFailed = "RADAUTH_FAILED" ) // Migrator Action