more debug tools

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-23 20:13:51 +02:00
parent 7c996d9d9d
commit 10fc15ffe0
8 changed files with 105 additions and 5 deletions
--- a/internal/outpost/radius/eap/protocol/eap/payload.go
+++ b/internal/outpost/radius/eap/protocol/eap/payload.go
@ -73,7 +73,18 @@ func (p *Payload) Encode() ([]byte, error) {
 	return buff, nil
 }

-func (ip *Payload) Handle(ctx protocol.Context) protocol.Payload {
+func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 	ctx.Log().Debug("EAP: Handle")
 	return nil
 }
+
+func (p *Payload) String() string {
+	return fmt.Sprintf(
+		"<EAP Packet Code=%d, ID=%d, Type=%d, Length=%d, Payload=%T>",
+		p.Code,
+		p.ID,
+		p.MsgType,
+		p.Length,
+		p.Payload,
+	)
+}
--- a/internal/outpost/radius/eap/protocol/identity/payload.go
+++ b/internal/outpost/radius/eap/protocol/identity/payload.go
@ -1,6 +1,10 @@
 package identity

-import "goauthentik.io/internal/outpost/radius/eap/protocol"
+import (
+	"fmt"
+
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
+)

 const TypeIdentity protocol.Type = 1

@ -35,3 +39,10 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 func (p *Payload) Offerable() bool {
 	return false
 }
+
+func (p *Payload) String() string {
+	return fmt.Sprintf(
+		"<Identity Packet Identity=%s>",
+		p.Identity,
+	)
+}
--- a/internal/outpost/radius/eap/protocol/legacy_nak/payload.go
+++ b/internal/outpost/radius/eap/protocol/legacy_nak/payload.go
@ -1,6 +1,10 @@
 package legacy_nak

-import "goauthentik.io/internal/outpost/radius/eap/protocol"
+import (
+	"fmt"
+
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
+)

 const TypeLegacyNAK protocol.Type = 3

@ -35,3 +39,10 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 func (p *Payload) Offerable() bool {
 	return false
 }
+
+func (p *Payload) String() string {
+	return fmt.Sprintf(
+		"<Legacy NAK Packet DesiredType=%d>",
+		p.DesiredType,
+	)
+}
--- a/internal/outpost/radius/eap/protocol/mschapv2/payload.go
+++ b/internal/outpost/radius/eap/protocol/mschapv2/payload.go
@ -0,0 +1,41 @@
+package mschapv2
+
+import (
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
+)
+
+const TypeMSCHAPv2 protocol.Type = 26
+
+func Protocol() protocol.Payload {
+	return &Payload{}
+}
+
+type Payload struct {
+}
+
+func (p *Payload) Type() protocol.Type {
+	return TypeMSCHAPv2
+}
+
+func (p *Payload) Decode(raw []byte) error {
+	return nil
+}
+
+func (p *Payload) Encode() ([]byte, error) {
+	return []byte{}, nil
+}
+
+func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
+	if ctx.IsProtocolStart(TypeMSCHAPv2) {
+		ctx.EndInnerProtocol(protocol.StatusError, nil)
+	}
+	return nil
+}
+
+func (p *Payload) Offerable() bool {
+	return true
+}
+
+func (p *Payload) String() string {
+	return "<MSCHAPv2 Packet >"
+}
--- a/internal/outpost/radius/eap/protocol/packet.go
+++ b/internal/outpost/radius/eap/protocol/packet.go
@ -6,6 +6,7 @@ type Payload interface {
 	Handle(ctx Context) Payload
 	Type() Type
 	Offerable() bool
+	String() string
 }

 type Inner interface {
--- a/internal/outpost/radius/eap/protocol/peap/payload.go
+++ b/internal/outpost/radius/eap/protocol/peap/payload.go
@ -2,6 +2,7 @@ package peap

 import (
 	"encoding/binary"
+	"fmt"

 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/outpost/radius/eap/debug"
@ -80,7 +81,9 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {

 	if ctx.IsProtocolStart(TypePEAP) {
 		ctx.Log().Debug("PEAP: Protocol start")
-		p.st = &State{}
+		p.st = &State{
+			SubState: make(map[string]*protocol.State),
+		}
 		return &eap.Payload{
 			Code:    protocol.CodeRequest,
 			ID:      rootEap.ID + 1,
@ -98,6 +101,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 			ID:   rootEap.ID + 1,
 		}
 	}
+	ctx.Log().Debugf("PEAP: Decoded inner EAP to %s", ep.String())

 	res, err := ctx.HandleInnerEAP(ep, p)
 	if err != nil {
@ -121,3 +125,10 @@ func (p *Payload) SetEAPState(key string, st *protocol.State) {
 func (p *Payload) Offerable() bool {
 	return true
 }
+
+func (p *Payload) String() string {
+	return fmt.Sprintf(
+		"<PEAP Packet Wrapping=%s>",
+		p.eap.String(),
+	)
+}
--- a/internal/outpost/radius/eap/protocol/tls/payload.go
+++ b/internal/outpost/radius/eap/protocol/tls/payload.go
@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"os"
 	"slices"
 	"time"
@ -253,3 +254,12 @@ func (p *Payload) sendNextChunk() *Payload {
 		Data:   nextChunk,
 	}
 }
+
+func (p *Payload) String() string {
+	return fmt.Sprintf(
+		"<TLS Packet HandshakeDone=%t, FinalStatus=%d, ClientHello=%v>",
+		p.st.HandshakeDone,
+		p.st.FinalStatus,
+		p.st.ClientHello,
+	)
+}
--- a/internal/outpost/radius/handle_access_request.go
+++ b/internal/outpost/radius/handle_access_request.go
@ -15,6 +15,7 @@ import (
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 	"goauthentik.io/internal/outpost/radius/eap/protocol/identity"
 	"goauthentik.io/internal/outpost/radius/eap/protocol/legacy_nak"
+	"goauthentik.io/internal/outpost/radius/eap/protocol/mschapv2"
 	"goauthentik.io/internal/outpost/radius/eap/protocol/peap"
 	"goauthentik.io/internal/outpost/radius/eap/protocol/tls"
 	"goauthentik.io/internal/outpost/radius/metrics"
@ -193,7 +194,10 @@ func (pi *ProviderInstance) GetEAPSettings() protocol.Settings {
 				Config: &ttls.Config{
 					Certificates: []ttls.Certificate{*cert},
 				},
-				InnerProtocols: protocol.Settings{},
+				InnerProtocols: protocol.Settings{
+					Protocols:        append(protocols, mschapv2.Protocol),
+					ProtocolPriority: []protocol.Type{mschapv2.TypeMSCHAPv2},
+				},
 			},
 		},
 	}