slightly better logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
@ -82,12 +82,10 @@ func (p *Packet) GetChallengeForType(ctx *context, t protocol.Type) *Packet {
|
||||
var payload any
|
||||
switch t {
|
||||
case tls.TypeTLS:
|
||||
// TODO: rewrite this
|
||||
if _, ok := p.Payload.(*tls.Payload); !ok {
|
||||
p.Payload = &tls.Payload{}
|
||||
p.Payload.Decode(p.rawPayload)
|
||||
}
|
||||
// this
|
||||
payload = p.Payload.(*tls.Payload).Handle(ctx)
|
||||
}
|
||||
if payload != nil {
|
||||
@ -97,18 +95,12 @@ func (p *Packet) GetChallengeForType(ctx *context, t protocol.Type) *Packet {
|
||||
}
|
||||
|
||||
func (p *Packet) setMessageAuthenticator(rp *radius.Packet) {
|
||||
err := rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
|
||||
hash := hmac.New(md5.New, rp.Secret)
|
||||
encode, err := rp.MarshalBinary()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
hash.Write(encode)
|
||||
err = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil))
|
||||
}
|
||||
|
||||
@ -67,7 +67,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
|
||||
p.st = ctx.GetProtocolState(NewState).(*State)
|
||||
defer ctx.SetProtocolState(p.st)
|
||||
if !p.st.HasStarted {
|
||||
log.Debug("TLS: handshake starting")
|
||||
ctx.Log().Debug("TLS: handshake starting")
|
||||
p.st.HasStarted = true
|
||||
return &Payload{
|
||||
Flags: FlagTLSStart,
|
||||
@ -77,12 +77,12 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
|
||||
if p.st.TLS == nil {
|
||||
p.tlsInit(ctx)
|
||||
} else if len(p.Data) > 0 {
|
||||
log.Debug("TLS: Updating buffer with new TLS data from packet")
|
||||
ctx.Log().Debug("TLS: Updating buffer with new TLS data from packet")
|
||||
if p.Flags&FlagLengthIncluded != 0 && p.st.Conn.expectedWriterByteCount == 0 {
|
||||
log.Debugf("TLS: Expecting %d total bytes, will buffer", p.Length)
|
||||
ctx.Log().Debugf("TLS: Expecting %d total bytes, will buffer", p.Length)
|
||||
p.st.Conn.expectedWriterByteCount = int(p.Length)
|
||||
} else if p.Flags&FlagLengthIncluded != 0 {
|
||||
log.Debug("TLS: No length included, not buffering")
|
||||
ctx.Log().Debug("TLS: No length included, not buffering")
|
||||
p.st.Conn.expectedWriterByteCount = 0
|
||||
}
|
||||
p.st.Conn.UpdateData(p.Data)
|
||||
@ -115,12 +115,12 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
|
||||
}
|
||||
|
||||
func (p *Payload) tlsInit(ctx protocol.Context) {
|
||||
log.Debug("TLS: no TLS connection in state yet, starting connection")
|
||||
ctx.Log().Debug("TLS: no TLS connection in state yet, starting connection")
|
||||
p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
|
||||
p.st.Conn = NewBuffConn(p.Data, p.st.Context)
|
||||
cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
|
||||
cfg.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
|
||||
log.Debugf("TLS: ClientHello: %+v\n", chi)
|
||||
ctx.Log().Debugf("TLS: ClientHello: %+v\n", chi)
|
||||
p.st.ClientHello = chi
|
||||
return nil, nil
|
||||
}
|
||||
@ -128,35 +128,35 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
|
||||
go func() {
|
||||
err := p.st.TLS.HandshakeContext(p.st.Context)
|
||||
if err != nil {
|
||||
log.WithError(err).Debug("TLS: Handshake error")
|
||||
ctx.Log().WithError(err).Debug("TLS: Handshake error")
|
||||
ctx.EndInnerProtocol(protocol.StatusError, func(p *radius.Packet) *radius.Packet {
|
||||
return p
|
||||
})
|
||||
return
|
||||
}
|
||||
log.Debug("TLS: handshake done")
|
||||
p.tlsHandshakeFinished()
|
||||
ctx.Log().Debug("TLS: handshake done")
|
||||
p.tlsHandshakeFinished(ctx)
|
||||
}()
|
||||
}
|
||||
|
||||
func (p *Payload) tlsHandshakeFinished() {
|
||||
func (p *Payload) tlsHandshakeFinished(ctx protocol.Context) {
|
||||
cs := p.st.TLS.ConnectionState()
|
||||
label := "client EAP encryption"
|
||||
var context []byte
|
||||
switch cs.Version {
|
||||
case tls.VersionTLS10:
|
||||
log.Debugf("TLS: Version %d (1.0)", cs.Version)
|
||||
ctx.Log().Debugf("TLS: Version %d (1.0)", cs.Version)
|
||||
case tls.VersionTLS11:
|
||||
log.Debugf("TLS: Version %d (1.1)", cs.Version)
|
||||
ctx.Log().Debugf("TLS: Version %d (1.1)", cs.Version)
|
||||
case tls.VersionTLS12:
|
||||
log.Debugf("TLS: Version %d (1.2)", cs.Version)
|
||||
ctx.Log().Debugf("TLS: Version %d (1.2)", cs.Version)
|
||||
case tls.VersionTLS13:
|
||||
log.Debugf("TLS: Version %d (1.3)", cs.Version)
|
||||
ctx.Log().Debugf("TLS: Version %d (1.3)", cs.Version)
|
||||
label = "EXPORTER_EAP_TLS_Key_Material"
|
||||
context = []byte{byte(TypeTLS)}
|
||||
}
|
||||
ksm, err := cs.ExportKeyingMaterial(label, context, 64+64)
|
||||
log.Debugf("TLS: ksm % x %v", ksm, err)
|
||||
ctx.Log().Debugf("TLS: ksm % x %v", ksm, err)
|
||||
p.st.MPPEKey = ksm
|
||||
p.st.HandshakeDone = true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user