habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try to make the finish work

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-15 02:13:33 +02:00
parent 8a80f07db2
commit 3c228bf5c3
4 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/outpost/radius/eap/handler.go
View File

@ -31,6 +31,9 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Pac
stm.SetEAPState(rst, newState) stm.SetEAPState(rst, newState)
rres := r.Response(radius.CodeAccessChallenge) rres := r.Response(radius.CodeAccessChallenge)
if res.code == CodeSuccess {
rres.Code = radius.CodeAccessAccept
}
rfc2865.State_SetString(rres, rst) rfc2865.State_SetString(rres, rst)
eapEncoded, err := res.Encode() eapEncoded, err := res.Encode()
if err != nil { if err != nil {

5
internal/outpost/radius/eap/packet.go
View File

@ -14,6 +14,7 @@ type Code uint8
const ( const (
CodeRequest Code = 1 CodeRequest Code = 1
CodeResponse Code = 2 CodeResponse Code = 2
CodeSuccess Code = 3
) )
type Type uint8 type Type uint8
@ -76,15 +77,17 @@ func (p *Packet) Encode() ([]byte, error) {
buff[0] = uint8(p.code) buff[0] = uint8(p.code)
buff[1] = uint8(p.id) buff[1] = uint8(p.id)
log.Debugf("%+v", p.code)
if p.code != CodeSuccess {
payloadBuffer, err := p.Payload.Encode() payloadBuffer, err := p.Payload.Encode()
if err != nil { if err != nil {
return buff, err return buff, err
} }
binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5)) binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5))
if p.code == CodeRequest || p.code == CodeResponse { if p.code == CodeRequest || p.code == CodeResponse {
buff[4] = uint8(p.msgType) buff[4] = uint8(p.msgType)
} }
buff = append(buff, payloadBuffer...) buff = append(buff, payloadBuffer...)
}
return buff, nil return buff, nil
} }

8
internal/outpost/radius/eap/tls/payload.go
View File

@ -87,8 +87,9 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
log.Debug("TLS: no TLS connection in state yet, starting connection") log.Debug("TLS: no TLS connection in state yet, starting connection")
st.Conn = NewTLSConnection(p.Data) st.Conn = NewTLSConnection(p.Data)
st.TLS = tls.Server(st.Conn, &tls.Config{ st.TLS = tls.Server(st.Conn, &tls.Config{
GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) { GetConfigForClient: func(ch *tls.ClientHelloInfo) (*tls.Config, error) {
log.Debugf("TLS: ClientHello: %+v\n", argHello) log.Debugf("TLS: ClientHello: %+v\n", ch)
st.ClientHello = ch
return nil, nil return nil, nil
}, },
ClientAuth: tls.RequireAnyClientCert, ClientAuth: tls.RequireAnyClientCert,
@ -103,6 +104,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
log.WithError(err).Debug("TLS: Handshake error") log.WithError(err).Debug("TLS: Handshake error")
return return
} }
log.Debug("TLS: handshake done")
st.HandshakeDone = true st.HandshakeDone = true
}() }()
} else if len(p.Data) > 0 { } else if len(p.Data) > 0 {
@ -132,7 +134,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
return p.sendNextChunk(st) return p.sendNextChunk(st)
} }
if st.HandshakeDone { if st.HandshakeDone {
// return return nil, st
} }
if len(st.Conn.OutboundData()) > 0 { if len(st.Conn.OutboundData()) > 0 {
return p.startChunkedTransfer(st.Conn.OutboundData(), st) return p.startChunkedTransfer(st.Conn.OutboundData(), st)

1
internal/outpost/radius/eap/tls/state.go
View File

@ -9,6 +9,7 @@ type State struct {
HasStarted bool HasStarted bool
RemainingChunks [][]byte RemainingChunks [][]byte
HandshakeDone bool HandshakeDone bool
ClientHello *tls.ClientHelloInfo
TotalPayloadSize int TotalPayloadSize int
TLS *tls.Conn TLS *tls.Conn
Conn *TLSConnection Conn *TLSConnection