Update config template and beautify the code

agents/librad.go

@@ -19,7 +19,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>
 package agents
 
 import (
-	"crypto/md5"
 	"fmt"
 	"net"
 
@@ -120,10 +119,10 @@ func (pk *radiusDP) RemoteHost() net.Addr {
 	return utils.NewNetAddr(pk.req.RemoteAddr().Network(), pk.req.RemoteAddr().String())
 }
 
-//authReq is used to authorize a request
+//radauthReq is used to authorize a request
 //if User-Password avp is present use PAP auth
 //if CHAP-Password is presented use CHAP auth
-func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
+func radauthReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
 	// try to get UserPassword from Vars as slice of NMItems
 	nmItems, err := aReq.Vars.FieldAsInterface([]string{utils.UserPassword})
 	if err != nil {
@@ -139,35 +138,8 @@ func authReq(req *radigo.Packet, aReq *AgentRequest) (bool, error) {
 			return false, nil
 		}
 	} else {
-		return checkAgainstCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)),
+		return radigo.AuthenticateCHAP([]byte(utils.IfaceAsString(nmItems.([]*config.NMItem)[0].Data)),
 			req.Authenticator[:], chapAVPs[0].RawValue), nil
 	}
 	return true, nil
 }
-
-//checkAgainstCHAP receive the password as plaintext and verify against the chap challenge
-func checkAgainstCHAP(password, authenticator, chapChallenge []byte) bool {
-	h := md5.New()
-	h.Write(chapChallenge[:1])
-	h.Write(password)
-	h.Write(authenticator)
-	answer := h.Sum(nil)
-	if len(answer) != len(chapChallenge[1:]) {
-		return false
-	}
-	for i := range answer {
-		if answer[i] != chapChallenge[i+1] {
-			return false
-		}
-	}
-	return true
-}
-
-//encodeChap is used in test to encode CHAP-Password raw value
-func encodeChap(password, authenticator, chapIdent []byte) []byte {
-	h := md5.New()
-	h.Write(chapIdent)
-	h.Write(password)
-	h.Write(authenticator)
-	return h.Sum(nil)
-}

agents/radagent.go

@@ -304,10 +304,10 @@ func (ra *RadiusAgent) processRequest(req *radigo.Packet, reqProcessor *config.R
 		}
 	case utils.MetaCDRs: // allow this method
 	case utils.MetaRadauth:
-		if ok, err := authReq(req, agReq); err != nil {
+		if ok, err := radauthReq(req, agReq); err != nil {
 			return false, err
 		} else if !ok {
-			agReq.CGRReply.Set([]string{utils.Error}, "Failed to authenticate request", false, false)
+			agReq.CGRReply.Set([]string{utils.Error}, utils.RadauthFailed, false, false)
 		}
 	}
 	// separate request so we can capture the Terminate/Event also here

agents/radagent_it_test.go

@@ -21,7 +21,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>
 package agents
 
 import (
-	"crypto/rand"
 	"fmt"
 	"net/rpc"
 	"os/exec"
@@ -207,7 +206,7 @@ func testRAitAuthPAPSuccess(t *testing.T) {
 		t.Error(err)
 	}
 	// encode the password as required so we can decode it properly
-	authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:])
+	authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword1"), []byte("CGRateS.org"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -252,7 +251,7 @@ func testRAitAuthPAPFail(t *testing.T) {
 		t.Error(err)
 	}
 	// encode the password as required so we can decode it properly
-	authReq.AVPs[1].RawValue = radigo.EncodePass([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:])
+	authReq.AVPs[1].RawValue = radigo.EncodeUserPassWord([]byte("CGRateSPassword2"), []byte("CGRateS.org"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -280,7 +279,7 @@ func testRAitAuthPAPFail(t *testing.T) {
 	}
 	if len(reply.AVPs) != 1 { // make sure max duration is received
 		t.Errorf("Received AVPs: %+v", reply.AVPs)
-	} else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) {
+	} else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) {
 		t.Errorf("Received: %s", string(reply.AVPs[0].RawValue))
 	}
 }
@@ -296,14 +295,7 @@ func testRAitAuthCHAPSuccess(t *testing.T) {
 	if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword1", ""); err != nil {
 		t.Error(err)
 	}
-	// simulate encoding for CHAP-Password
-	chapIdent := make([]byte, 1)
-	rand.Read(chapIdent)
-	chapChallange := encodeChap([]byte("CGRateSPassword1"), authReq.Authenticator[:], chapIdent)
-	chapRawVal := make([]byte, 17)
-	copy(chapRawVal[:1], chapIdent)     // copy the Ident
-	copy(chapRawVal[1:], chapChallange) // copy the challange that needs to be verify
-	authReq.AVPs[1].RawValue = chapRawVal
+	authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword1"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -347,13 +339,8 @@ func testRAitAuthCHAPFail(t *testing.T) {
 	if err := authReq.AddAVPWithName("CHAP-Password", "CGRateSPassword2", ""); err != nil {
 		t.Error(err)
 	}
-	chapIdent := make([]byte, 1)
-	rand.Read(chapIdent)
-	chapChallange := encodeChap([]byte("CGRateSPassword2"), authReq.Authenticator[:], chapIdent)
-	chapRawVal := make([]byte, 17)
-	copy(chapRawVal[:1], chapIdent)
-	copy(chapRawVal[1:], chapChallange)
-	authReq.AVPs[1].RawValue = chapRawVal
+
+	authReq.AVPs[1].RawValue = radigo.EncodeCHAPPassword([]byte("CGRateSPassword2"), authReq.Authenticator[:])
 	if err := authReq.AddAVPWithName("Service-Type", "SIP-Caller-AVPs", ""); err != nil {
 		t.Error(err)
 	}
@@ -381,7 +368,7 @@ func testRAitAuthCHAPFail(t *testing.T) {
 	}
 	if len(reply.AVPs) != 1 { // make sure max duration is received
 		t.Errorf("Received AVPs: %+v", reply.AVPs)
-	} else if !reflect.DeepEqual("Failed to authenticate request", string(reply.AVPs[0].RawValue)) {
+	} else if !reflect.DeepEqual(utils.RadauthFailed, string(reply.AVPs[0].RawValue)) {
 		t.Errorf("Received: %s", string(reply.AVPs[0].RawValue))
 	}
 }