Adds support for re-writing user names using regular expressions

src/Lithnet.Pan.RAProxy.Setup/Product.wxs

@@ -4,7 +4,7 @@
   <Product Id="*"
            Name="Lithnet RADIUS Accounting Proxy for Palo Alto Firewall"
            Language="1033"
-           Version="1.0.6171"
+           Version="!(bind.FileVersion.fil6ae07342fce0489b90e51d06cdc17684)"
            Manufacturer="Lithnet"
            UpgradeCode="62b975ca3c9f4a4299c34d96834fded9">
     <Package InstallerVersion="200" Compressed="yes" InstallScope="perMachine" Platform="x64" />

src/Lithnet.Pan.RAProxy/App.config

@@ -6,10 +6,16 @@
 
   <ra-proxy-config>
     <pan-api-endpoints batch-size="200" batch-wait="50">
-       <!-- Note: remove any trailing equals sign from the API key. As of July 2017, this causes a 502 error from the API endpoint -->
       <pan-api-endpoint url="https://test-fw/api/" api-key="LUFRPT1Oa1lhZVlvT2JTckhTY2pRcVpiOStnRkF3OE" />
     </pan-api-endpoints>
 
+    <!-- optionally re-write incoming user names to a standardized format based on a regular expression
+    <username-rewrites>
+      <username-rewrite match="^([^\.\@\\]+)$" replace="domain\$1"/>
+      <username-rewrite match="^(.+)@domain.local$" replace="domain\$1"/>
+    </username-rewrites>
+    -->
+
     <radius-servers>
       <radius-server host="127.0.0.1" secret="test"/>
       <radius-server host="myhost" secret="test"/>

src/Lithnet.Pan.RAProxy/ConfigSections/Config.cs

@@ -77,7 +77,7 @@ public static void Failover()
         public static int BatchSize => Config.section.PanApi.BatchSize;
 
         public static int BatchWait => Config.section.PanApi.BatchWait;
-        
+
         private static Regex UsernameFilterRegex
         {
             get
@@ -128,5 +128,20 @@ public static string GetSecretForIP(IPAddress address)
 
             return null;
         }
+
+        internal static string MatchReplace(string username)
+        {
+            string newUsername = username;
+
+            if (Config.section.UsernameRewrites != null)
+            {
+                foreach (UsernameRewriteSection rule in Config.section.UsernameRewrites)
+                {
+                    newUsername = rule.Rewrite(newUsername);
+                }
+            }
+
+            return newUsername;
+        }
     }
 }

src/Lithnet.Pan.RAProxy/ConfigSections/PanApiEndpoint.cs

@@ -32,5 +32,19 @@ public string ApiKey
                 this["api-key"] = value;
             }
         }
+
+        [ConfigurationProperty("url-encode-key", IsRequired = false, DefaultValue = false)]
+        public bool UrlEncodeKey
+        {
+            get
+            {
+                return (bool)this["url-encode-key"];
+            }
+
+            set
+            {
+                this["url-encode-key"] = value;
+            }
+        }
     }
 }

src/Lithnet.Pan.RAProxy/ConfigSections/RAProxyConfigurationSection.cs

@@ -38,6 +38,20 @@ public string UsernameFilter
             }
         }
 
+        [ConfigurationProperty("username-rewrites")]
+        public UsernameRewriteCollection UsernameRewrites
+        {
+            get
+            {
+                return (UsernameRewriteCollection)this["username-rewrites"];
+            }
+
+            set
+            {
+                this["username-rewrites"] = value;
+            }
+        }
+
 
         [ConfigurationProperty("radius-servers")]
         public RadiusServerCollection RadiusServers

src/Lithnet.Pan.RAProxy/ConfigSections/RadiusServerSection.cs

@@ -4,12 +4,11 @@
 using System.Text;
 using System.Threading.Tasks;
 using System.Configuration;
+using System.Net;
+using System.Net.Sockets;
 
 namespace Lithnet.Pan.RAProxy
 {
-    using System.Net;
-    using System.Net.Sockets;
-
     public class RadiusServerSection : ConfigurationElement
     {
         [ConfigurationProperty("host", IsRequired = true)]

src/Lithnet.Pan.RAProxy/ConfigSections/UsernameRewriteCollection.cs

@@ -0,0 +1,77 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Configuration;
+
+namespace Lithnet.Pan.RAProxy
+{
+    public class UsernameRewriteCollection : ConfigurationElementCollection
+    {
+        public override ConfigurationElementCollectionType CollectionType => ConfigurationElementCollectionType.BasicMap;
+
+        protected override ConfigurationElement CreateNewElement()
+        {
+            return new UsernameRewriteSection();
+        }
+
+        protected override object GetElementKey(ConfigurationElement element)
+        {
+            return ((UsernameRewriteSection)element).Key;
+        }
+
+        public UsernameRewriteSection this[int index]
+        {
+            get { return (UsernameRewriteSection)this.BaseGet(index); }
+            set
+            {
+                if (this.BaseGet(index) != null)
+                {
+                    this.BaseRemoveAt(index);
+                }
+                this.BaseAdd(index, value);
+            }
+        }
+
+        public new UsernameRewriteSection this[string name] => (UsernameRewriteSection)this.BaseGet(name);
+
+        public int IndexOf(UsernameRewriteSection details)
+        {
+            return this.BaseIndexOf(details);
+        }
+
+        public void Add(UsernameRewriteSection details)
+        {
+            this.BaseAdd(details);
+        }
+
+        protected override void BaseAdd(ConfigurationElement element)
+        {
+            this.BaseAdd(element, false);
+        }
+
+        public void Remove(UsernameRewriteSection details)
+        {
+            if (this.BaseIndexOf(details) >= 0)
+                this.BaseRemove(details.Key);
+        }
+
+        public void RemoveAt(int index)
+        {
+            this.BaseRemoveAt(index);
+        }
+
+        public void Remove(string name)
+        {
+            this.BaseRemove(name);
+        }
+
+        public void Clear()
+        {
+            this.BaseClear();
+        }
+
+        protected override string ElementName => "username-rewrite";
+    }
+}

src/Lithnet.Pan.RAProxy/ConfigSections/UsernameRewriteSection.cs

@@ -0,0 +1,73 @@
+using System;
+using System.Collections.Generic;
+using System.Configuration;
+using System.Net;
+using System.Net.Sockets;
+using System.Text.RegularExpressions;
+
+namespace Lithnet.Pan.RAProxy
+{
+    public class UsernameRewriteSection : ConfigurationElement
+    {
+        private Regex match;
+
+        private string key;
+
+        internal string Key
+        {
+            get
+            {
+                if (this.key == null)
+                {
+                    this.key = Guid.NewGuid().ToString();
+                }
+
+                return this.key;
+            }
+        }
+
+        [ConfigurationProperty("match", IsRequired = true)]
+        public string Match
+        {
+            get
+            {
+                return (string)this["match"];
+            }
+            set
+            {
+                this["match"] = value;
+            }
+        }
+
+        [ConfigurationProperty("replace", IsRequired = true)]
+        public string Replace
+        {
+            get
+            {
+                return (string)this["replace"];
+            }
+            set
+            {
+                this["replace"] = value;
+            }
+        }
+
+        internal Regex MatchRegex
+        {
+            get
+            {
+                if (this.match == null)
+                {
+                    this.match = new Regex(this.Match, RegexOptions.Compiled | RegexOptions.IgnoreCase);
+                }
+
+                return this.match;
+            }
+        }
+
+        internal string Rewrite(string username)
+        {
+            return this.MatchRegex.Replace(username, this.Replace);
+        }
+    }
+}

src/Lithnet.Pan.RAProxy/Lithnet.Pan.RAProxy.csproj

@@ -48,8 +48,10 @@
   <ItemGroup>
     <Compile Include="ConfigSections\PanApiEndpoint.cs" />
     <Compile Include="ConfigSections\PanApiCollection.cs" />
+    <Compile Include="ConfigSections\UsernameRewriteCollection.cs" />
     <Compile Include="ConfigSections\RadiusServerCollection.cs" />
     <Compile Include="ConfigSections\RadiusClientSection.cs" />
+    <Compile Include="ConfigSections\UsernameRewriteSection.cs" />
     <Compile Include="ConfigSections\RadiusServerSection.cs" />
     <Compile Include="Exceptions\MissingValueException.cs" />
     <Compile Include="Exceptions\InvalidRadiusAttributeException.cs" />

src/Lithnet.Pan.RAProxy/PanApi/Message.cs

@@ -6,7 +6,6 @@
 using System.Collections.Specialized;
 using System.Web;
 using System.Diagnostics;
-using System.Net.Sockets;
 using System.Xml;
 
 namespace Lithnet.Pan.RAProxy
@@ -179,7 +178,7 @@ private string Submit()
                     throw;
                 }
 
-                Logging.WriteEntry($"The attempt to send the update to endpoint {ep.ApiUri} failed with a communciations error\n{ex.Message}\n{ex.Source}\nThe service will attempt to fail over to the next endpoint", EventLogEntryType.Warning, Logging.EventIDApiEndpointExceptionWillFailover);
+                Logging.WriteEntry($"The attempt to send the update to endpoint {ep.ApiUri} failed with a communications error\n{ex}\nThe service will attempt to fail over to the next endpoint", EventLogEntryType.Warning, Logging.EventIDApiEndpointExceptionWillFailover);
                 Config.Failover();
                 return this.Submit();
             }
@@ -193,7 +192,15 @@ private string Submit(PanApiEndpoint ep)
 
             NameValueCollection queryString = HttpUtility.ParseQueryString(string.Empty);
 
-            queryString["key"] = HttpUtility.UrlEncode(ep.ApiKey);
+            if (Config.ActiveEndPoint.UrlEncodeKey)
+            {
+                queryString["key"] = HttpUtility.UrlEncode(ep.ApiKey);
+            }
+            else
+            {
+                queryString["key"] = ep.ApiKey;
+            }
+
             queryString["type"] = this.ApiType;
 
             builder.Query = queryString.ToString();