try to make the finish work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-15 02:13:33 +02:00
parent 8a80f07db2
commit 3c228bf5c3
4 changed files with 21 additions and 12 deletions
--- a/internal/outpost/radius/eap/handler.go
+++ b/internal/outpost/radius/eap/handler.go
@ -31,6 +31,9 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Pac
 	stm.SetEAPState(rst, newState)

 	rres := r.Response(radius.CodeAccessChallenge)
+	if res.code == CodeSuccess {
+		rres.Code = radius.CodeAccessAccept
+	}
 	rfc2865.State_SetString(rres, rst)
 	eapEncoded, err := res.Encode()
 	if err != nil {
--- a/internal/outpost/radius/eap/packet.go
+++ b/internal/outpost/radius/eap/packet.go
@ -14,6 +14,7 @@ type Code uint8
 const (
 	CodeRequest  Code = 1
 	CodeResponse Code = 2
+	CodeSuccess  Code = 3
 )

 type Type uint8
@ -76,15 +77,17 @@ func (p *Packet) Encode() ([]byte, error) {
 	buff[0] = uint8(p.code)
 	buff[1] = uint8(p.id)

+	log.Debugf("%+v", p.code)
+	if p.code != CodeSuccess {
 		payloadBuffer, err := p.Payload.Encode()
 		if err != nil {
 			return buff, err
 		}
 		binary.BigEndian.PutUint16(buff[2:], uint16(len(payloadBuffer)+5))
-
 		if p.code == CodeRequest || p.code == CodeResponse {
 			buff[4] = uint8(p.msgType)
 		}
 		buff = append(buff, payloadBuffer...)
+	}
 	return buff, nil
 }
--- a/internal/outpost/radius/eap/tls/payload.go
+++ b/internal/outpost/radius/eap/tls/payload.go
@ -87,8 +87,9 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
 		log.Debug("TLS: no TLS connection in state yet, starting connection")
 		st.Conn = NewTLSConnection(p.Data)
 		st.TLS = tls.Server(st.Conn, &tls.Config{
-			GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) {
-				log.Debugf("TLS: ClientHello: %+v\n", argHello)
+			GetConfigForClient: func(ch *tls.ClientHelloInfo) (*tls.Config, error) {
+				log.Debugf("TLS: ClientHello: %+v\n", ch)
+				st.ClientHello = ch
 				return nil, nil
 			},
 			ClientAuth:   tls.RequireAnyClientCert,
@ -103,6 +104,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
 				log.WithError(err).Debug("TLS: Handshake error")
 				return
 			}
+			log.Debug("TLS: handshake done")
 			st.HandshakeDone = true
 		}()
 	} else if len(p.Data) > 0 {
@ -132,7 +134,7 @@ func (p *Payload) Handle(stt any) (*Payload, *State) {
 		return p.sendNextChunk(st)
 	}
 	if st.HandshakeDone {
-		// return
+		return nil, st
 	}
 	if len(st.Conn.OutboundData()) > 0 {
 		return p.startChunkedTransfer(st.Conn.OutboundData(), st)
--- a/internal/outpost/radius/eap/tls/state.go
+++ b/internal/outpost/radius/eap/tls/state.go
@ -9,6 +9,7 @@ type State struct {
 	HasStarted       bool
 	RemainingChunks  [][]byte
 	HandshakeDone    bool
+	ClientHello      *tls.ClientHelloInfo
 	TotalPayloadSize int
 	TLS              *tls.Conn
 	Conn             *TLSConnection