refactor more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-14 15:18:40 +02:00
parent d7cb0b3ea1
commit a71532b3e3
5 changed files with 46 additions and 15 deletions
--- a/internal/outpost/radius/eap/handler.go
+++ b/internal/outpost/radius/eap/handler.go
@ -29,13 +29,13 @@ func (p *Packet) Handle(stm StateManager, w radius.ResponseWriter, r *radius.Pac
 	res, newState := p.GetChallengeForType(st, nextChallengeToOffer)
 	stm.SetEAPState(rst, newState)

-	log.Debug("EAP: encapsulating challenge")
 	rres := r.Response(radius.CodeAccessChallenge)
 	rfc2865.State_SetString(rres, rst)
 	eapEncoded, err := res.Encode()
 	if err != nil {
 		panic(err)
 	}
+	log.WithField("length", len(eapEncoded)).Debug("EAP: encapsulating challenge")
 	rfc2869.EAPMessage_Set(rres, eapEncoded)
 	p.setMessageAuthenticator(rres)
 	err = w.Write(rres)
@ -54,9 +54,11 @@ func (p *Packet) GetChallengeForType(st *State, t Type) (*Packet, *State) {
 	var tst any
 	switch t {
 	case TypeTLS:
-		cp := tls.Payload{}
-		cp.Decode(p.rawPayload)
-		payload, tst = cp.Handle(st.TypeState[t])
+		if _, ok := p.Payload.(*tls.Payload); !ok {
+			p.Payload = &tls.Payload{}
+			p.Payload.Decode(p.rawPayload)
+		}
+		payload, tst = p.Payload.(*tls.Payload).Handle(st.TypeState[t])
 	}
 	st.TypeState[t] = tst
 	res.Payload = payload.(Payload)
--- a/internal/outpost/radius/eap/tls/conn.go
+++ b/internal/outpost/radius/eap/tls/conn.go
@ -21,8 +21,16 @@ func NewTLSConnection(initialData []byte) TLSConnection {
 	return c
 }

-func (conn TLSConnection) TLSData() []byte {
-	return conn.writer.Bytes()
+func (conn TLSConnection) GetData() []byte {
+	for {
+		b := conn.writer.Bytes()
+		if len(b) < 1 {
+			log.Debug("TLS(buffer): Attempted retrieve from empty buffer, stalling...")
+			time.Sleep(1 * time.Second)
+			continue
+		}
+		return b
+	}
 }

 func (conn TLSConnection) UpdateData(data []byte) {
--- a/internal/outpost/radius/eap/tls/payload.go
+++ b/internal/outpost/radius/eap/tls/payload.go
@ -103,7 +103,7 @@ func (p *Payload) Handle(stt any) (*Payload, State) {
 	if st.HasMore() {
 		return p.sendNextChunk(st)
 	}
-	return p.startChunkedTransfer(st.Conn.TLSData(), st)
+	return p.startChunkedTransfer(st.Conn.GetData(), st)
 }

 const maxChunkSize = 1000
@ -114,10 +114,10 @@ func (p *Payload) startChunkedTransfer(data []byte, st State) (*Payload, State)
 	if len(data) > maxChunkSize {
 		log.WithField("length", len(data)).Debug("TLS: Data needs to be chunked")
 		flags += FlagMoreFragments
-		dataToSend = data[:maxChunkSize]
-		remainingData := data[maxChunkSize:]
-		// Chunk remaining data into correct chunks and add them to the list
-		st.RemainingChunks = append(st.RemainingChunks, slices.Collect(slices.Chunk(remainingData, maxChunkSize))...)
+		// Chunk data into correct chunks and add them to the list
+		st.RemainingChunks = append(st.RemainingChunks, slices.Collect(slices.Chunk(data, maxChunkSize))...)
+		dataToSend = st.RemainingChunks[0]
+		st.RemainingChunks = st.RemainingChunks[1:]
 		st.TotalPayloadSize = len(data)
 	} else {
 		dataToSend = data