From 06e76a5b37262dd7a8631e9707b6cc2ef20b9129 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 15 May 2025 02:27:32 +0200 Subject: [PATCH] it's almost working Signed-off-by: Jens Langhammer --- internal/outpost/radius/eap/handler.go | 9 ++++-- internal/outpost/radius/eap/packet.go | 29 +++++++------------ internal/outpost/radius/eap/protocol/empty.go | 11 +++++++ .../outpost/radius/eap/protocol/packet.go | 6 ++++ internal/outpost/radius/eap/tls/payload.go | 5 ++-- 5 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 internal/outpost/radius/eap/protocol/empty.go create mode 100644 internal/outpost/radius/eap/protocol/packet.go diff --git a/internal/outpost/radius/eap/handler.go b/internal/outpost/radius/eap/handler.go index 151f0320fa..0e2558ae42 100644 --- a/internal/outpost/radius/eap/handler.go +++ b/internal/outpost/radius/eap/handler.go @@ -7,6 +7,7 @@ import ( "github.com/gorilla/securecookie" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/outpost/radius/eap/protocol" "goauthentik.io/internal/outpost/radius/eap/tls" "layeh.com/radius" "layeh.com/radius/rfc2865" @@ -31,8 +32,12 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Pac stm.SetEAPState(rst, newState) rres := r.Response(radius.CodeAccessChallenge) - if res.code == CodeSuccess { + if _, ok := res.Payload.(protocol.EmptyPayload); ok { + res.code = CodeSuccess rres.Code = radius.CodeAccessAccept + res.id -= 1 + rfc2865.UserName_SetString(rres, "foo") + rfc2865.FramedMTU_Set(rres, rfc2865.FramedMTU(1400)) } rfc2865.State_SetString(rres, rst) eapEncoded, err := res.Encode() @@ -65,7 +70,7 @@ func (p *Packet) GetChallengeForType(st *State, t Type) (*Packet, *State) { payload, tst = p.Payload.(*tls.Payload).Handle(st.TypeState[t]) } st.TypeState[t] = tst - res.Payload = payload.(Payload) + res.Payload = payload.(protocol.Payload) return res, st } diff --git a/internal/outpost/radius/eap/packet.go b/internal/outpost/radius/eap/packet.go index 5b0bf9df4c..0ebdaec56e 100644 --- a/internal/outpost/radius/eap/packet.go +++ b/internal/outpost/radius/eap/packet.go @@ -6,6 +6,7 @@ import ( log "github.com/sirupsen/logrus" "goauthentik.io/internal/outpost/radius/eap/debug" + "goauthentik.io/internal/outpost/radius/eap/protocol" "goauthentik.io/internal/outpost/radius/eap/tls" ) @@ -31,17 +32,12 @@ type Packet struct { length uint16 msgType Type rawPayload []byte - Payload Payload -} - -type Payload interface { - Decode(raw []byte) error - Encode() ([]byte, error) + Payload protocol.Payload } type PayloadWriter struct{} -func emptyPayload(t Type) Payload { +func emptyPayload(t Type) protocol.Payload { switch t { case TypeIdentity: return &IdentityPayload{} @@ -77,17 +73,14 @@ func (p *Packet) Encode() ([]byte, error) { buff[0] = uint8(p.code) buff[1] = uint8(p.id) - log.Debugf("%+v", p.code) - if p.code != CodeSuccess { - payloadBuffer, err := p.Payload.Encode() - if err != nil { - return buff, err - } - binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5)) - if p.code == CodeRequest || p.code == CodeResponse { - buff[4] = uint8(p.msgType) - } - buff = append(buff, payloadBuffer...) + payloadBuffer, err := p.Payload.Encode() + if err != nil { + return buff, err } + binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5)) + if p.code == CodeRequest || p.code == CodeResponse { + buff[4] = uint8(p.msgType) + } + buff = append(buff, payloadBuffer...) return buff, nil } diff --git a/internal/outpost/radius/eap/protocol/empty.go b/internal/outpost/radius/eap/protocol/empty.go new file mode 100644 index 0000000000..e92e8a6b01 --- /dev/null +++ b/internal/outpost/radius/eap/protocol/empty.go @@ -0,0 +1,11 @@ +package protocol + +type EmptyPayload struct { +} + +func (ep EmptyPayload) Decode(raw []byte) error { + return nil +} +func (ep EmptyPayload) Encode() ([]byte, error) { + return []byte{}, nil +} diff --git a/internal/outpost/radius/eap/protocol/packet.go b/internal/outpost/radius/eap/protocol/packet.go new file mode 100644 index 0000000000..9ff5e955a2 --- /dev/null +++ b/internal/outpost/radius/eap/protocol/packet.go @@ -0,0 +1,6 @@ +package protocol + +type Payload interface { + Decode(raw []byte) error + Encode() ([]byte, error) +} diff --git a/internal/outpost/radius/eap/tls/payload.go b/internal/outpost/radius/eap/tls/payload.go index 2597a4c579..2fd9a17e45 100644 --- a/internal/outpost/radius/eap/tls/payload.go +++ b/internal/outpost/radius/eap/tls/payload.go @@ -10,6 +10,7 @@ import ( log "github.com/sirupsen/logrus" "goauthentik.io/internal/outpost/radius/eap/debug" + "goauthentik.io/internal/outpost/radius/eap/protocol" ) const maxChunkSize = 1000 @@ -69,7 +70,7 @@ func init() { certs = append(certs, cert) } -func (p *Payload) Handle(stt any) (*Payload, *State) { +func (p *Payload) Handle(stt any) (protocol.Payload, *State) { if stt == nil { log.Debug("TLS: new state") stt = NewState() @@ -134,7 +135,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) { return p.sendNextChunk(st) } if st.HandshakeDone { - return nil, st + return protocol.EmptyPayload{}, st } if len(st.Conn.OutboundData()) > 0 { return p.startChunkedTransfer(st.Conn.OutboundData(), st)