it's almost working

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/radius/eap/handler.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/gorilla/securecookie"
 	log "github.com/sirupsen/logrus"
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
 	"goauthentik.io/internal/outpost/radius/eap/tls"
 	"layeh.com/radius"
 	"layeh.com/radius/rfc2865"
@@ -31,8 +32,12 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Pac
 	stm.SetEAPState(rst, newState)
 
 	rres := r.Response(radius.CodeAccessChallenge)
-	if res.code == CodeSuccess {
+	if _, ok := res.Payload.(protocol.EmptyPayload); ok {
+		res.code = CodeSuccess
 		rres.Code = radius.CodeAccessAccept
+		res.id -= 1
+		rfc2865.UserName_SetString(rres, "foo")
+		rfc2865.FramedMTU_Set(rres, rfc2865.FramedMTU(1400))
 	}
 	rfc2865.State_SetString(rres, rst)
 	eapEncoded, err := res.Encode()
@@ -65,7 +70,7 @@ func (p *Packet) GetChallengeForType(st *State, t Type) (*Packet, *State) {
 		payload, tst = p.Payload.(*tls.Payload).Handle(st.TypeState[t])
 	}
 	st.TypeState[t] = tst
-	res.Payload = payload.(Payload)
+	res.Payload = payload.(protocol.Payload)
 	return res, st
 }
 

internal/outpost/radius/eap/packet.go

@@ -6,6 +6,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/outpost/radius/eap/debug"
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
 	"goauthentik.io/internal/outpost/radius/eap/tls"
 )
 
@@ -31,17 +32,12 @@ type Packet struct {
 	length     uint16
 	msgType    Type
 	rawPayload []byte
-	Payload    Payload
+	Payload    protocol.Payload
-}
-
-type Payload interface {
-	Decode(raw []byte) error
-	Encode() ([]byte, error)
 }
 
 type PayloadWriter struct{}
 
-func emptyPayload(t Type) Payload {
+func emptyPayload(t Type) protocol.Payload {
 	switch t {
 	case TypeIdentity:
 		return &IdentityPayload{}
@@ -77,17 +73,14 @@ func (p *Packet) Encode() ([]byte, error) {
 	buff[0] = uint8(p.code)
 	buff[1] = uint8(p.id)
 
-	log.Debugf("%+v", p.code)
+	payloadBuffer, err := p.Payload.Encode()
-	if p.code != CodeSuccess {
+	if err != nil {
-		payloadBuffer, err := p.Payload.Encode()
+		return buff, err
-		if err != nil {
-			return buff, err
-		}
-		binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5))
-		if p.code == CodeRequest || p.code == CodeResponse {
-			buff[4] = uint8(p.msgType)
-		}
-		buff = append(buff, payloadBuffer...)
 	}
+	binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5))
+	if p.code == CodeRequest || p.code == CodeResponse {
+		buff[4] = uint8(p.msgType)
+	}
+	buff = append(buff, payloadBuffer...)
 	return buff, nil
 }

internal/outpost/radius/eap/protocol/empty.go

@@ -0,0 +1,11 @@
+package protocol
+
+type EmptyPayload struct {
+}
+
+func (ep EmptyPayload) Decode(raw []byte) error {
+	return nil
+}
+func (ep EmptyPayload) Encode() ([]byte, error) {
+	return []byte{}, nil
+}

internal/outpost/radius/eap/protocol/packet.go

@@ -0,0 +1,6 @@
+package protocol
+
+type Payload interface {
+	Decode(raw []byte) error
+	Encode() ([]byte, error)
+}

internal/outpost/radius/eap/tls/payload.go

@@ -10,6 +10,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/outpost/radius/eap/debug"
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
 )
 
 const maxChunkSize = 1000
@@ -69,7 +70,7 @@ func init() {
 	certs = append(certs, cert)
 }
 
-func (p *Payload) Handle(stt any) (*Payload, *State) {
+func (p *Payload) Handle(stt any) (protocol.Payload, *State) {
 	if stt == nil {
 		log.Debug("TLS: new state")
 		stt = NewState()
@@ -134,7 +135,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
 		return p.sendNextChunk(st)
 	}
 	if st.HandshakeDone {
-		return nil, st
+		return protocol.EmptyPayload{}, st
 	}
 	if len(st.Conn.OutboundData()) > 0 {
 		return p.startChunkedTransfer(st.Conn.OutboundData(), st)