Jens Langhammer
@ -1,6 +1,8 @@
|
|||||||
package debug
|
package debug
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"github.com/google/gopacket"
|
"github.com/google/gopacket"
|
||||||
"github.com/google/gopacket/layers"
|
"github.com/google/gopacket/layers"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
@ -19,3 +21,7 @@ func DebugPacket(p *radius.Packet) {
|
|||||||
}
|
}
|
||||||
log.Debug(layer.(*layers.RADIUS))
|
log.Debug(layer.(*layers.RADIUS))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func FormatBytes(d []byte) string {
|
||||||
|
return fmt.Sprintf("% x", d)
|
||||||
|
}
|
||||||
|
|||||||
@ -3,8 +3,9 @@ package eap
|
|||||||
import (
|
import (
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/outpost/radius/eap/debug"
|
||||||
"goauthentik.io/internal/outpost/radius/eap/tls"
|
"goauthentik.io/internal/outpost/radius/eap/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -62,7 +63,7 @@ func Decode(raw []byte) (*Packet, error) {
|
|||||||
}
|
}
|
||||||
packet.Payload = emptyPayload(packet.msgType)
|
packet.Payload = emptyPayload(packet.msgType)
|
||||||
packet.rawPayload = raw[5:]
|
packet.rawPayload = raw[5:]
|
||||||
fmt.Printf("decode raw '% x\n", raw[5:])
|
logrus.WithField("raw", debug.FormatBytes(raw[5:])).Debug("EAP decode raw")
|
||||||
err := packet.Payload.Decode(raw[5:])
|
err := packet.Payload.Decode(raw[5:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@ -16,21 +16,12 @@ func NewTLSConnection(initialData []byte) TLSConnection {
|
|||||||
reader: bytes.NewBuffer(initialData),
|
reader: bytes.NewBuffer(initialData),
|
||||||
writer: bytes.NewBuffer([]byte{}),
|
writer: bytes.NewBuffer([]byte{}),
|
||||||
}
|
}
|
||||||
// e.Request.Log().WithField("tls", len(c.reader.Bytes())).Debug("TLS Early")
|
|
||||||
return c
|
return c
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (conn *TLSConnection) SetCode(code radius.Code) {
|
|
||||||
// conn.code = code
|
|
||||||
// }
|
|
||||||
func (conn TLSConnection) Read(p []byte) (int, error) { return conn.reader.Read(p) }
|
func (conn TLSConnection) Read(p []byte) (int, error) { return conn.reader.Read(p) }
|
||||||
func (conn TLSConnection) Write(p []byte) (int, error) {
|
func (conn TLSConnection) Write(p []byte) (int, error) {
|
||||||
// final := make([]byte, 1)
|
|
||||||
// final[0] = 128 // TLS Flags
|
|
||||||
// final = append(final, p...)
|
|
||||||
return conn.writer.Write(p)
|
return conn.writer.Write(p)
|
||||||
// return 0, nil
|
|
||||||
// return conn.EAPConnection.Write(conn.code, final)
|
|
||||||
}
|
}
|
||||||
func (conn TLSConnection) Close() error { return nil }
|
func (conn TLSConnection) Close() error { return nil }
|
||||||
func (conn TLSConnection) LocalAddr() net.Addr { return nil }
|
func (conn TLSConnection) LocalAddr() net.Addr { return nil }
|
||||||
@ -42,7 +33,3 @@ func (conn TLSConnection) SetWriteDeadline(t time.Time) error { return nil }
|
|||||||
func (conn TLSConnection) TLSData() []byte {
|
func (conn TLSConnection) TLSData() []byte {
|
||||||
return conn.writer.Bytes()
|
return conn.writer.Bytes()
|
||||||
}
|
}
|
||||||
|
|
||||||
// func (conn TLSConnection) ContentType() layers.TLSType {
|
|
||||||
// return layers.TLSType(conn.TypeData[1])
|
|
||||||
// }
|
|
||||||
|
|||||||
@ -4,8 +4,10 @@ import (
|
|||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"slices"
|
"slices"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"goauthentik.io/internal/outpost/radius/eap/debug"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Payload struct {
|
type Payload struct {
|
||||||
@ -64,7 +66,7 @@ func (p *Payload) Handle(stt any) (*Payload, State) {
|
|||||||
stt = NewState()
|
stt = NewState()
|
||||||
}
|
}
|
||||||
st := stt.(State)
|
st := stt.(State)
|
||||||
fmt.Printf("Got TLS packet % x\n", p.Flags)
|
log.WithField("flags", p.Flags).Debug("Got TLS Packet")
|
||||||
if !st.HasStarted {
|
if !st.HasStarted {
|
||||||
st.HasStarted = true
|
st.HasStarted = true
|
||||||
return &Payload{
|
return &Payload{
|
||||||
@ -75,20 +77,21 @@ func (p *Payload) Handle(stt any) (*Payload, State) {
|
|||||||
return p.sendNextChunk(st)
|
return p.sendNextChunk(st)
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Printf("decode tls raw '% x\n", p.Data)
|
log.WithField("raw", debug.FormatBytes(p.Data)).Debug("TLS: Decode raw")
|
||||||
|
|
||||||
tc := NewTLSConnection(p.Data)
|
tc := NewTLSConnection(p.Data)
|
||||||
if st.TLS == nil {
|
if st.TLS == nil {
|
||||||
fmt.Printf("no TLS connection in state yet, starting connection")
|
log.Debug("no TLS connection in state yet, starting connection")
|
||||||
st.TLS = tls.Server(tc, &tls.Config{
|
st.TLS = tls.Server(tc, &tls.Config{
|
||||||
GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) {
|
GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) {
|
||||||
fmt.Printf("%+v\n", argHello)
|
log.Debugf("%+v\n", argHello)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
},
|
},
|
||||||
ClientAuth: tls.RequireAnyClientCert,
|
ClientAuth: tls.RequireAnyClientCert,
|
||||||
Certificates: certs,
|
Certificates: certs,
|
||||||
})
|
})
|
||||||
st.TLS.Handshake()
|
err := st.TLS.Handshake()
|
||||||
|
log.WithError(err).Debug("TLS: Handshake error")
|
||||||
}
|
}
|
||||||
return p.sendDataChunked(tc.TLSData(), st)
|
return p.sendDataChunked(tc.TLSData(), st)
|
||||||
}
|
}
|
||||||
@ -99,7 +102,7 @@ func (p *Payload) sendDataChunked(data []byte, st State) (*Payload, State) {
|
|||||||
flags := FlagLengthIncluded
|
flags := FlagLengthIncluded
|
||||||
var dataToSend []byte
|
var dataToSend []byte
|
||||||
if len(data) > maxChunkSize {
|
if len(data) > maxChunkSize {
|
||||||
fmt.Printf("Data needs to be chunked: %d\n", len(data))
|
log.WithField("length", len(data)).Debug("Data needs to be chunked")
|
||||||
flags += FlagMoreFragments
|
flags += FlagMoreFragments
|
||||||
dataToSend = data[:maxChunkSize]
|
dataToSend = data[:maxChunkSize]
|
||||||
remainingData := data[maxChunkSize:]
|
remainingData := data[maxChunkSize:]
|
||||||
@ -116,15 +119,15 @@ func (p *Payload) sendDataChunked(data []byte, st State) (*Payload, State) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *Payload) sendNextChunk(st State) (*Payload, State) {
|
func (p *Payload) sendNextChunk(st State) (*Payload, State) {
|
||||||
fmt.Printf("Sending next chunk\n")
|
log.Debug("Sending next chunk")
|
||||||
nextChunk := st.RemainingChunks[0]
|
nextChunk := st.RemainingChunks[0]
|
||||||
st.RemainingChunks = st.RemainingChunks[1:]
|
st.RemainingChunks = st.RemainingChunks[1:]
|
||||||
flags := FlagLengthIncluded
|
flags := FlagLengthIncluded
|
||||||
if st.HasMore() {
|
if st.HasMore() {
|
||||||
fmt.Printf("More chunks left: %d\n", len(st.RemainingChunks))
|
log.WithField("chunks", len(st.RemainingChunks)).Debug("More chunks left")
|
||||||
flags += FlagMoreFragments
|
flags += FlagMoreFragments
|
||||||
}
|
}
|
||||||
fmt.Printf("Reporting size: %d\n", uint32((len(st.RemainingChunks)*maxChunkSize)+5))
|
log.WithField("length", st.TotalPayloadSize).Debug("Total payload size")
|
||||||
return &Payload{
|
return &Payload{
|
||||||
Flags: flags,
|
Flags: flags,
|
||||||
Length: uint32((len(st.RemainingChunks) * maxChunkSize) + 5),
|
Length: uint32((len(st.RemainingChunks) * maxChunkSize) + 5),
|
||||||
|
|||||||
Reference in New Issue
Block a user