habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mschapv2 working

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-24 15:21:45 +02:00
parent 67f627a925
commit 3027cdcc4b
4 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/outpost/radius/eap/context.go
View File

@ -30,7 +30,10 @@ func (ctx *context) Log() *log.Entry { return ctx.log }
func (ctx *context) HandleInnerEAP(p protocol.Payload, st protocol.StateManager) (protocol.Payload, error) {
return ctx.handleInner(p, st)
}
func (ctx *context) Inner(p protocol.Payload, t protocol.Type) protocol.Context {
func (ctx *context) Inner(p protocol.Payload, t protocol.Type, pmf func(p *radius.Packet) *radius.Packet) protocol.Context {
if ctx.endModifier == nil {
ctx.endModifier = pmf
}
return &context{
req: ctx.req,
rootPayload: ctx.rootPayload,
@ -51,12 +54,9 @@ func (ctx *context) EndInnerProtocol(st protocol.Status, mf func(p *radius.Packe
return
}
ctx.endStatus = st
if mf == nil {
mf = func(p *radius.Packet) *radius.Packet {
return p
}
if mf != nil {
ctx.endModifier = mf
}
ctx.endModifier = mf
}
func (ctx *context) callEndModifier(p *radius.Packet) *radius.Packet {
@ -64,6 +64,7 @@ func (ctx *context) callEndModifier(p *radius.Packet) *radius.Packet {
p = ctx.parent.callEndModifier(p)
}
if ctx.endModifier != nil {
ctx.log.Debug("Running end modifier")
p = ctx.endModifier(p)
}
return p

4
internal/outpost/radius/eap/handler.go
View File

@ -106,7 +106,7 @@ func (p *Packet) handleEAP(pp protocol.Payload, stm protocol.StateManager, paren
var ctx *context
if parentContext != nil {
ctx = parentContext.Inner(np, t).(*context)
ctx = parentContext.Inner(np, t, nil).(*context)
} else {
ctx = &context{
req: p.r,
@ -116,7 +116,7 @@ func (p *Packet) handleEAP(pp protocol.Payload, stm protocol.StateManager, paren
settings: stm.GetEAPSettings().ProtocolSettings[t],
}
ctx.handleInner = func(pp protocol.Payload, sm protocol.StateManager) (protocol.Payload, error) {
return p.handleEAP(pp, sm, ctx.Inner(pp, pp.Type()).(*context))
return p.handleEAP(pp, sm, ctx.Inner(pp, pp.Type(), nil).(*context))
}
}
if !np.Offerable() {

2
internal/outpost/radius/eap/protocol/context.go
View File

@ -25,7 +25,7 @@ type Context interface {
IsProtocolStart(p Type) bool
HandleInnerEAP(Payload, StateManager) (Payload, error)
Inner(Payload, Type) Context
Inner(Payload, Type, func(p *radius.Packet) *radius.Packet) Context
EndInnerProtocol(Status, func(p *radius.Packet) *radius.Packet)
Log() *log.Entry

9
internal/outpost/radius/eap/protocol/tls/inner.go
View File

@ -2,6 +2,8 @@ package tls
import (
"goauthentik.io/internal/outpost/radius/eap/protocol"
"layeh.com/radius"
"layeh.com/radius/vendors/microsoft"
)
func (p *Payload) innerHandler(ctx protocol.Context) {
@ -23,7 +25,12 @@ func (p *Payload) innerHandler(ctx protocol.Context) {
ctx.EndInnerProtocol(protocol.StatusError, nil)
return
}
pl := p.Inner.Handle(ctx.Inner(p.Inner, p.Inner.Type()))
pl := p.Inner.Handle(ctx.Inner(p.Inner, p.Inner.Type(), func(r *radius.Packet) *radius.Packet {
ctx.Log().Debug("TLS: Adding MPPE Keys")
microsoft.MSMPPERecvKey_Set(r, p.st.MPPEKey[:32])
microsoft.MSMPPESendKey_Set(r, p.st.MPPEKey[64:64+32])
return r
}))
enc, err := pl.Encode()
if err != nil {
ctx.Log().WithError(err).Warning("TLS: failed to encode inner protocol")