start inner STM

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/radius/eap/context.go

@@ -23,7 +23,7 @@ func (ctx *context) GetProtocolState(p protocol.Type) any     { return ctx.typeS
 func (ctx *context) SetProtocolState(p protocol.Type, st any) { ctx.typeState[p] = st }
 func (ctx *context) IsProtocolStart(p protocol.Type) bool     { return ctx.typeState[p] == nil }
 func (ctx *context) Log() *log.Entry                          { return ctx.log }
-func (ctx *context) HandleInnerEAP(protocol.Payload) protocol.Payload {
+func (ctx *context) HandleInnerEAP(protocol.Payload, protocol.StateManager) protocol.Payload {
 	return nil
 }
 

internal/outpost/radius/eap/protocol/context.go

@@ -14,10 +14,6 @@ const (
 	StatusNextProtocol
 )
 
-type StateProtocol interface {
-	Payload
-}
-
 type Context interface {
 	Packet() *radius.Request
 	RootPayload() Payload
@@ -28,7 +24,7 @@ type Context interface {
 	SetProtocolState(p Type, s interface{})
 	IsProtocolStart(p Type) bool
 
-	HandleInnerEAP(Payload) Payload
+	HandleInnerEAP(Payload, StateManager) Payload
 	EndInnerProtocol(Status, func(p *radius.Packet) *radius.Packet)
 
 	Log() *log.Entry

internal/outpost/radius/eap/protocol/peap/payload.go

@@ -24,9 +24,10 @@ func Protocol() protocol.Payload {
 type Payload struct {
 	Inner protocol.Payload
 
-	eap *eap.Payload
-	st  *State
-	raw []byte
+	eap      *eap.Payload
+	st       *State
+	settings *Settings
+	raw      []byte
 }
 
 func (p *Payload) Type() protocol.Type {
@@ -73,6 +74,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 	defer func() {
 		ctx.SetProtocolState(TypePEAP, p.st)
 	}()
+	p.settings = ctx.ProtocolSettings().(*Settings)
 
 	rootEap := ctx.RootPayload().(*eap.Payload)
 
@@ -97,7 +99,19 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 		}
 	}
 
-	return ep
+	return ctx.HandleInnerEAP(ep, p)
+}
+
+func (p *Payload) GetEAPSettings() protocol.Settings {
+	return p.settings.InnerProtocols
+}
+
+func (p *Payload) GetEAPState(key string) *protocol.State {
+	return p.st.SubState[key]
+}
+
+func (p *Payload) SetEAPState(key string, st *protocol.State) {
+	p.st.SubState[key] = st
 }
 
 func (p *Payload) Offerable() bool {

internal/outpost/radius/eap/protocol/peap/settings.go

@@ -0,0 +1,16 @@
+package peap
+
+import (
+	"crypto/tls"
+
+	"goauthentik.io/internal/outpost/radius/eap/protocol"
+)
+
+type Settings struct {
+	Config         *tls.Config
+	InnerProtocols protocol.Settings
+}
+
+func (s *Settings) TLSConfig() *tls.Config {
+	return s.Config
+}

internal/outpost/radius/eap/protocol/peap/state.go

@@ -1,4 +1,7 @@
 package peap
 
+import "goauthentik.io/internal/outpost/radius/eap/protocol"
+
 type State struct {
+	SubState map[string]*protocol.State
 }

internal/outpost/radius/eap/protocol/tls/payload.go

@@ -157,7 +157,7 @@ func (p *Payload) tlsInit(ctx protocol.Context) {
 	ctx.Log().Debug("TLS: no TLS connection in state yet, starting connection")
 	p.st.Context, p.st.ContextCancel = context.WithTimeout(context.Background(), staleConnectionTimeout*time.Second)
 	p.st.Conn = NewBuffConn(p.Data, p.st.Context)
-	cfg := ctx.ProtocolSettings().(Settings).Config.Clone()
+	cfg := ctx.ProtocolSettings().(TLSConfig).TLSConfig().Clone()
 
 	if klp, ok := os.LookupEnv("SSLKEYLOGFILE"); ok {
 		kl, err := os.OpenFile(klp, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600)

internal/outpost/radius/eap/protocol/tls/settings.go

@@ -7,7 +7,15 @@ import (
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 )
 
+type TLSConfig interface {
+	TLSConfig() *tls.Config
+}
+
 type Settings struct {
 	Config              *tls.Config
 	HandshakeSuccessful func(ctx protocol.Context, certs []*x509.Certificate) protocol.Status
 }
+
+func (s *Settings) TLSConfig() *tls.Config {
+	return s.Config
+}

internal/outpost/radius/handle_access_request.go

@@ -189,10 +189,11 @@ func (pi *ProviderInstance) GetEAPSettings() protocol.Settings {
 					}
 				},
 			},
-			peap.TypePEAP: tls.Settings{
+			peap.TypePEAP: peap.Settings{
 				Config: &ttls.Config{
 					Certificates: []ttls.Certificate{*cert},
 				},
+				InnerProtocols: protocol.Settings{},
 			},
 		},
 	}