habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

peap: fix encode

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-23 23:12:40 +02:00
parent e36373ceab
commit 2a567ccc85
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/outpost/radius/eap/handler.go
View File

@ -34,7 +34,7 @@ func (p *Packet) HandleRadiusPacket(w radius.ResponseWriter, r *radius.Request)
p.state = rst p.state = rst
rp := &Packet{r: r} rp := &Packet{r: r}
rep, err := p.handleInner() rep, err := p.handleEAP(p.eap, p.stm)
rp.eap = rep rp.eap = rep
rres := r.Response(radius.CodeAccessReject) rres := r.Response(radius.CodeAccessReject)
@ -155,10 +155,6 @@ func (p *Packet) handleEAP(pp protocol.Payload, stm protocol.StateManager) (*eap
return res, nil return res, nil
} }
func (p *Packet) handleInner() (*eap.Payload, error) {
return p.handleEAP(p.eap, p.stm)
}
func (p *Packet) setMessageAuthenticator(rp *radius.Packet) error { func (p *Packet) setMessageAuthenticator(rp *radius.Packet) error {
_ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16)) _ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
hash := hmac.New(md5.New, rp.Secret) hash := hmac.New(md5.New, rp.Secret)

23
internal/outpost/radius/eap/protocol/peap/payload.go
View File

@ -2,6 +2,7 @@ package peap
import ( import (
"encoding/binary" "encoding/binary"
"errors"
"fmt" "fmt"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
@ -45,9 +46,21 @@ func (p *Payload) Decode(raw []byte) error {
return nil return nil
} }
// Inner EAP packets in PEAP may not include the header, hence we need a custom decoder
// https://datatracker.ietf.org/doc/html/draft-kamath-pppext-peapv0-00.txt#section-1.1
func (p *Payload) Encode() ([]byte, error) { func (p *Payload) Encode() ([]byte, error) {
log.Debug("PEAP: Encode") log.Debug("PEAP: Encoding inner EAP")
return p.eap.Encode() if p.eap.Payload == nil {
return []byte{}, errors.New("peap: no payload in response eap packet")
}
payload, err := p.eap.Payload.Encode()
if err != nil {
return []byte{}, err
}
encoded := []byte{
byte(p.eap.MsgType),
}
return append(encoded, payload...), nil
} }
// Inner EAP packets in PEAP may not include the header, hence we need a custom decoder // Inner EAP packets in PEAP may not include the header, hence we need a custom decoder
@ -74,10 +87,6 @@ func (p *Payload) eapInnerDecode(ctx protocol.Context) (*eap.Payload, error) {
return ep, nil return ep, nil
} }
func (p *Payload) eapEncodeInner(ctx protocol.Context) ([]byte, error) {
return []byte{}, nil
}
func (p *Payload) Handle(ctx protocol.Context) protocol.Payload { func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
defer func() { defer func() {
ctx.SetProtocolState(TypePEAP, p.st) ctx.SetProtocolState(TypePEAP, p.st)
@ -115,7 +124,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
if err != nil { if err != nil {
ctx.Log().WithError(err).Warning("PEAP: failed to handle inner EAP") ctx.Log().WithError(err).Warning("PEAP: failed to handle inner EAP")
} }
return res return &Payload{eap: res.(*eap.Payload)}
} }
func (p *Payload) GetEAPSettings() protocol.Settings { func (p *Payload) GetEAPSettings() protocol.Settings {