start inner STM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/radius/eap/protocol/context.go

@@ -14,10 +14,6 @@ const (
 	StatusNextProtocol
 )
 
-type StateProtocol interface {
-	Payload
-}
-
 type Context interface {
 	Packet() *radius.Request
 	RootPayload() Payload
@@ -28,7 +24,7 @@ type Context interface {
 	SetProtocolState(p Type, s interface{})
 	IsProtocolStart(p Type) bool
 
-	HandleInnerEAP(Payload) Payload
+	HandleInnerEAP(Payload, StateManager) Payload
 	EndInnerProtocol(Status, func(p *radius.Packet) *radius.Packet)
 
 	Log() *log.Entry

internal/outpost/radius/eap/protocol/peap/payload.go

@@ -24,9 +24,10 @@ func Protocol() protocol.Payload {
 type Payload struct {
 	Inner protocol.Payload
 
-	eap *eap.Payload
-	st  *State
-	raw []byte
+	eap      *eap.Payload
+	st       *State
+	settings *Settings
+	raw      []byte
 }
 
 func (p *Payload) Type() protocol.Type {
@@ -73,6 +74,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 	defer func() {
 		ctx.SetProtocolState(TypePEAP, p.st)
 	}()
+	p.settings = ctx.ProtocolSettings().(*Settings)
 
 	rootEap := ctx.RootPayload().(*eap.Payload)
 
@@ -97,7 +99,19 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 		}
 	}
 
-	return ep
+	return ctx.HandleInnerEAP(ep, p)
+}
+
+func (p *Payload) GetEAPSettings() protocol.Settings {
+	return p.settings.InnerProtocols
+}
+
+func (p *Payload) GetEAPState(key string) *protocol.State {
+	return p.st.SubState[key]
+}
+
+func (p *Payload) SetEAPState(key string, st *protocol.State) {
+	p.st.SubState[key] = st
 }
 
 func (p *Payload) Offerable() bool {

internal/outpost/radius/eap/protocol/peap/settings.go

@@ -0,0 +1,16 @@
+package peap
+
+import (
+	"crypto/tls"
+
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
+)
+
+type Settings struct {
+	Config         *tls.Config
+	InnerProtocols protocol.Settings
+}
+
+func (s *Settings) TLSConfig() *tls.Config {
+	return s.Config
+}

internal/outpost/radius/eap/protocol/peap/state.go

@@ -1,4 +1,7 @@
 package peap
 
+import "goauthentik.io/internal/outpost/radius/eap/protocol"
+
 type State struct {
+	SubState map[string]*protocol.State
 }

internal/outpost/radius/eap/protocol/tls/payload.go

@@ -157,7 +157,7 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
 	ctx.Log().Debug("TLS: no TLS connection in state yet, starting connection")
 	p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
 	p.st.Conn = NewBuffConn(p.Data, p.st.Context)
-	cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
+	cfg := ctx.ProtocolSettings().(TLSConfig).TLSConfig().Clone()
 
 	if klp, ok := os.LookupEnv("SSLKEYLOGFILE"); ok {
 		kl, err := os.OpenFile(klp, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)

internal/outpost/radius/eap/protocol/tls/settings.go

@@ -7,7 +7,15 @@ import (
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 )
 
+type TLSConfig interface {
+	TLSConfig() *tls.Config
+}
+
 type Settings struct {
 	Config              *tls.Config
 	HandshakeSuccessful func(ctx protocol.Context, certs []*x509.Certificate) protocol.Status
 }
+
+func (s *Settings) TLSConfig() *tls.Config {
+	return s.Config
+}