slightly better logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-16 15:18:39 +02:00
parent 91c87b7c3c
commit 2a024238fe
2 changed files with 17 additions and 25 deletions

View File

@ -82,12 +82,10 @@ func (p *Packet) GetChallengeForType(ctx *context, t protocol.Type) *Packet {
var payload any
switch t {
case tls.TypeTLS:
// TODO: rewrite this
if _, ok := p.Payload.(*tls.Payload); !ok {
p.Payload = &tls.Payload{}
p.Payload.Decode(p.rawPayload)
}
// this
payload = p.Payload.(*tls.Payload).Handle(ctx)
}
if payload != nil {
@ -97,18 +95,12 @@ func (p *Packet) GetChallengeForType(ctx *context, t protocol.Type) *Packet {
}
func (p *Packet) setMessageAuthenticator(rp *radius.Packet) {
err := rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
if err != nil {
panic(err)
}
_ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
hash := hmac.New(md5.New, rp.Secret)
encode, err := rp.MarshalBinary()
if err != nil {
panic(err)
}
hash.Write(encode)
err = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil))
if err != nil {
panic(err)
}
_ = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil))
}

View File

@ -67,7 +67,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
p.st = ctx.GetProtocolState(NewState).(*State)
defer ctx.SetProtocolState(p.st)
if !p.st.HasStarted {
log.Debug("TLS: handshake starting")
ctx.Log().Debug("TLS: handshake starting")
p.st.HasStarted = true
return &Payload{
Flags: FlagTLSStart,
@ -77,12 +77,12 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
if p.st.TLS == nil {
p.tlsInit(ctx)
} else if len(p.Data) > 0 {
log.Debug("TLS: Updating buffer with new TLS data from packet")
ctx.Log().Debug("TLS: Updating buffer with new TLS data from packet")
if p.Flags&FlagLengthIncluded != 0 && p.st.Conn.expectedWriterByteCount == 0 {
log.Debugf("TLS: Expecting %d total bytes, will buffer", p.Length)
ctx.Log().Debugf("TLS: Expecting %d total bytes, will buffer", p.Length)
p.st.Conn.expectedWriterByteCount = int(p.Length)
} else if p.Flags&FlagLengthIncluded != 0 {
log.Debug("TLS: No length included, not buffering")
ctx.Log().Debug("TLS: No length included, not buffering")
p.st.Conn.expectedWriterByteCount = 0
}
p.st.Conn.UpdateData(p.Data)
@ -115,12 +115,12 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
}
func (p *Payload) tlsInit(ctx protocol.Context) {
log.Debug("TLS: no TLS connection in state yet, starting connection")
ctx.Log().Debug("TLS: no TLS connection in state yet, starting connection")
p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
p.st.Conn = NewBuffConn(p.Data, p.st.Context)
cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
cfg.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
log.Debugf("TLS: ClientHello: %+v\n", chi)
ctx.Log().Debugf("TLS: ClientHello: %+v\n", chi)
p.st.ClientHello = chi
return nil, nil
}
@ -128,35 +128,35 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
go func() {
err := p.st.TLS.HandshakeContext(p.st.Context)
if err != nil {
log.WithError(err).Debug("TLS: Handshake error")
ctx.Log().WithError(err).Debug("TLS: Handshake error")
ctx.EndInnerProtocol(protocol.StatusError, func(p *radius.Packet) *radius.Packet {
return p
})
return
}
log.Debug("TLS: handshake done")
p.tlsHandshakeFinished()
ctx.Log().Debug("TLS: handshake done")
p.tlsHandshakeFinished(ctx)
}()
}
func (p *Payload) tlsHandshakeFinished() {
func (p *Payload) tlsHandshakeFinished(ctx protocol.Context) {
cs := p.st.TLS.ConnectionState()
label := "client EAP encryption"
var context []byte
switch cs.Version {
case tls.VersionTLS10:
log.Debugf("TLS: Version %d (1.0)", cs.Version)
ctx.Log().Debugf("TLS: Version %d (1.0)", cs.Version)
case tls.VersionTLS11:
log.Debugf("TLS: Version %d (1.1)", cs.Version)
ctx.Log().Debugf("TLS: Version %d (1.1)", cs.Version)
case tls.VersionTLS12:
log.Debugf("TLS: Version %d (1.2)", cs.Version)
ctx.Log().Debugf("TLS: Version %d (1.2)", cs.Version)
case tls.VersionTLS13:
log.Debugf("TLS: Version %d (1.3)", cs.Version)
ctx.Log().Debugf("TLS: Version %d (1.3)", cs.Version)
label = "EXPORTER_EAP_TLS_Key_Material"
context = []byte{byte(TypeTLS)}
}
ksm, err := cs.ExportKeyingMaterial(label, context, 64+64)
log.Debugf("TLS: ksm % x %v", ksm, err)
ctx.Log().Debugf("TLS: ksm % x %v", ksm, err)
p.st.MPPEKey = ksm
p.st.HandshakeDone = true
}