habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove panic

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-16 22:54:56 +02:00
parent 51f4a8d83d
commit 50c50c4109
2 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
internal/outpost/radius/eap/handler.go
View File

@ -14,6 +14,14 @@ import (
"layeh.com/radius/rfc2869" "layeh.com/radius/rfc2869"
) )
func sendErrorResponse(w radius.ResponseWriter, r *radius.Request) {
rres := r.Response(radius.CodeAccessReject)
err := w.Write(rres)
if err != nil {
log.WithError(err).Warning("failed to send response")
}
}
func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Request) { func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Request) {
rst := rfc2865.State_GetString(r.Packet) rst := rfc2865.State_GetString(r.Packet)
if rst == "" { if rst == "" {
@ -25,7 +33,9 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Req
st = BlankState(stm.GetEAPSettings()) st = BlankState(stm.GetEAPSettings())
} }
if len(st.ChallengesToOffer) < 1 { if len(st.ChallengesToOffer) < 1 {
panic("No more challenges") log.Error("No more challenges to offer")
sendErrorResponse(w, r)
return
} }
nextChallengeToOffer := st.ChallengesToOffer[0] nextChallengeToOffer := st.ChallengesToOffer[0]
@ -63,14 +73,19 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Req
rfc2865.State_SetString(rres, rst) rfc2865.State_SetString(rres, rst)
eapEncoded, err := res.Encode() eapEncoded, err := res.Encode()
if err != nil { if err != nil {
panic(err) log.WithError(err).Warning("failed to encode response")
sendErrorResponse(w, r)
} }
log.WithField("length", len(eapEncoded)).Debug("EAP: encapsulating challenge") log.WithField("length", len(eapEncoded)).Debug("EAP: encapsulated challenge")
rfc2869.EAPMessage_Set(rres, eapEncoded) rfc2869.EAPMessage_Set(rres, eapEncoded)
p.setMessageAuthenticator(rres) err = p.setMessageAuthenticator(rres)
if err != nil {
log.WithError(err).Warning("failed to send message authenticator")
sendErrorResponse(w, r)
}
err = w.Write(rres) err = w.Write(rres)
if err != nil { if err != nil {
panic(err) log.WithError(err).Warning("failed to send response")
} }
} }
@ -95,13 +110,14 @@ func (p *Packet) GetChallengeForType(ctx *context, t protocol.Type) *Packet {
return res return res
} }
func (p *Packet) setMessageAuthenticator(rp *radius.Packet) { func (p *Packet) setMessageAuthenticator(rp *radius.Packet) error {
_ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16)) _ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
hash := hmac.New(md5.New, rp.Secret) hash := hmac.New(md5.New, rp.Secret)
encode, err := rp.MarshalBinary() encode, err := rp.MarshalBinary()
if err != nil { if err != nil {
panic(err) return err
} }
hash.Write(encode) hash.Write(encode)
_ = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil)) _ = rfc2869.MessageAuthenticator_Set(rp, hash.Sum(nil))
return nil
} }

2
internal/outpost/radius/eap/payload_identity.go
View File

@ -10,5 +10,5 @@ func (ip *IdentityPayload) Decode(raw []byte) error {
} }
func (ip *IdentityPayload) Encode() ([]byte, error) { func (ip *IdentityPayload) Encode() ([]byte, error) {
panic("Identity encode") return []byte{}, nil
} }