From 8cf8f1e199bd9823b915abd2fc556e9a6589c68a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 16 May 2025 22:59:16 +0200 Subject: [PATCH] keep eap state when refreshing Signed-off-by: Jens Langhammer --- authentik/providers/radius/models.py | 8 +++----- internal/outpost/radius/api.go | 18 +++++++++--------- internal/outpost/radius/radius.go | 7 ++++--- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/authentik/providers/radius/models.py b/authentik/providers/radius/models.py index ddeadd526a..29e2e31839 100644 --- a/authentik/providers/radius/models.py +++ b/authentik/providers/radius/models.py @@ -1,6 +1,7 @@ """Radius Provider""" from collections.abc import Iterable + from django.db import models from django.templatetags.static import static from django.utils.translation import gettext_lazy as _ @@ -41,10 +42,7 @@ class RadiusProvider(OutpostModel, Provider): ) certificate = models.ForeignKey( - CertificateKeyPair, - on_delete=models.CASCADE, - default=None, - null=True + CertificateKeyPair, on_delete=models.CASCADE, default=None, null=True ) @property @@ -67,7 +65,7 @@ class RadiusProvider(OutpostModel, Provider): return RadiusProviderSerializer def get_required_objects(self) -> Iterable[models.Model | str]: - required_models = [self] + required_models = [self, "authentik_stages_mtls.pass_outpost_certificate"] if self.certificate is not None: required_models.append(self.certificate) return required_models diff --git a/internal/outpost/radius/api.go b/internal/outpost/radius/api.go index c00ac4c3a3..92fcdf40e2 100644 --- a/internal/outpost/radius/api.go +++ b/internal/outpost/radius/api.go @@ -42,10 +42,15 @@ func (rs *RadiusServer) Refresh() error { if len(apiProviders) < 1 { return errors.New("no radius provider defined") } - providers := make([]*ProviderInstance, len(apiProviders)) - for idx, provider := range apiProviders { + providers := make(map[int32]*ProviderInstance) + for _, provider := range apiProviders { + existing, ok := rs.providers[provider.Pk] + state := map[string]*eap.State{} + if ok { + state = existing.eapState + } logger := log.WithField("logger", "authentik.outpost.radius").WithField("provider", provider.Name) - providers[idx] = &ProviderInstance{ + providers[provider.Pk] = &ProviderInstance{ SharedSecret: []byte(provider.GetSharedSecret()), ClientNetworks: parseCIDRs(provider.GetClientNetworks()), MFASupport: provider.GetMfaSupport(), @@ -55,15 +60,10 @@ func (rs *RadiusServer) Refresh() error { providerId: provider.Pk, s: rs, log: logger, - eapState: map[string]*eap.State{}, + eapState: state, } } rs.providers = providers rs.log.Info("Update providers") return nil } - -func (rs *RadiusServer) StartRadiusServer() error { - rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server") - return rs.s.ListenAndServe() -} diff --git a/internal/outpost/radius/radius.go b/internal/outpost/radius/radius.go index 9eef5696d5..2a68d96bba 100644 --- a/internal/outpost/radius/radius.go +++ b/internal/outpost/radius/radius.go @@ -35,14 +35,14 @@ type RadiusServer struct { ac *ak.APIController cryptoStore *ak.CryptoStore - providers []*ProviderInstance + providers map[int32]*ProviderInstance } func NewServer(ac *ak.APIController) ak.Outpost { rs := &RadiusServer{ log: log.WithField("logger", "authentik.outpost.radius"), ac: ac, - providers: []*ProviderInstance{}, + providers: map[int32]*ProviderInstance{}, cryptoStore: ak.NewCryptoStore(ac.Client.CryptoApi), } rs.s = radius.PacketServer{ @@ -103,7 +103,8 @@ func (rs *RadiusServer) Start() error { }() go func() { defer wg.Done() - err := rs.StartRadiusServer() + rs.log.WithField("listen", rs.s.Addr).Info("Starting radius server") + err := rs.s.ListenAndServe() if err != nil { panic(err) }