habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

slightly better decoding

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-23 20:29:33 +02:00
parent 10fc15ffe0
commit c49274042b
5 changed files with 34 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/outpost/radius/eap/handler.go
View File

@ -101,7 +101,7 @@ func (p *Packet) handleEAP(pp protocol.Payload, stm protocol.StateManager) (*eap
return next()
}
np, t, _ := emptyPayload(stm, nextChallengeToOffer)
np, t, _ := eap.EmptyPayload(stm.GetEAPSettings(), nextChallengeToOffer)
ctx := &context{
req: p.r,

33
internal/outpost/radius/eap/packet.go
View File

@ -1,8 +1,6 @@
package eap
import (
"fmt"
"goauthentik.io/internal/outpost/radius/eap/protocol"
"goauthentik.io/internal/outpost/radius/eap/protocol/eap"
"layeh.com/radius"
@ -16,45 +14,20 @@ type Packet struct {
endModifier func(p *radius.Packet) *radius.Packet
}
func emptyPayload(stm protocol.StateManager, t protocol.Type) (protocol.Payload, protocol.Type, error) {
for _, cons := range stm.GetEAPSettings().Protocols {
np := cons()
if np.Type() == t {
return np, np.Type(), nil
}
// If the protocol has an inner protocol, return the original type but the code for the inner protocol
if i, ok := np.(protocol.Inner); ok {
if ii := i.HasInner(); ii != nil {
return np, ii.Type(), nil
}
}
}
return nil, protocol.Type(0), fmt.Errorf("unsupported EAP type %d", t)
}
func Decode(stm protocol.StateManager, raw []byte) (*Packet, error) {
packet := &Packet{
eap: &eap.Payload{},
eap: &eap.Payload{
Settings: stm.GetEAPSettings(),
},
stm: stm,
endModifier: func(p *radius.Packet) *radius.Packet {
return p
},
}
// FIXME: We're decoding twice here, first to get the msg type, then come back to assign the payload type
// then re-parse to parse the payload correctly
err := packet.eap.Decode(raw)
if err != nil {
return nil, err
}
p, _, err := emptyPayload(stm, packet.eap.MsgType)
if err != nil {
return nil, err
}
packet.eap.Payload = p
err = packet.eap.Decode(raw)
if err != nil {
return nil, err
}
return packet, nil
}

23
internal/outpost/radius/eap/protocol/eap/decode.go Normal file
View File

@ -0,0 +1,23 @@
package eap
import (
"fmt"
"goauthentik.io/internal/outpost/radius/eap/protocol"
)
func EmptyPayload(settings protocol.Settings, t protocol.Type) (protocol.Payload, protocol.Type, error) {
for _, cons := range settings.Protocols {
np := cons()
if np.Type() == t {
return np, np.Type(), nil
}
// If the protocol has an inner protocol, return the original type but the code for the inner protocol
if i, ok := np.(protocol.Inner); ok {
if ii := i.HasInner(); ii != nil {
return np, ii.Type(), nil
}
}
}
return nil, protocol.Type(0), fmt.Errorf("unsupported EAP type %d", t)
}

10
internal/outpost/radius/eap/protocol/eap/payload.go
View File

@ -22,6 +22,8 @@ type Payload struct {
MsgType protocol.Type
Payload protocol.Payload
RawPayload []byte
Settings protocol.Settings
}
func (p *Payload) Type() protocol.Type {
@ -44,10 +46,12 @@ func (p *Payload) Decode(raw []byte) error {
}
log.WithField("raw", debug.FormatBytes(raw)).WithField("payload", fmt.Sprintf("%T", p.Payload)).Trace("EAP: decode raw")
p.RawPayload = raw[5:]
if p.Payload == nil {
return nil
pp, _, err := EmptyPayload(p.Settings, p.MsgType)
if err != nil {
return err
}
err := p.Payload.Decode(raw[5:])
p.Payload = pp
err = p.Payload.Decode(raw[5:])
if err != nil {
return err
}

14
internal/outpost/radius/eap/protocol/empty.go
View File

@ -1,14 +0,0 @@
package protocol
import "layeh.com/radius"
type EmptyPayload struct {
ModifyPacket func(p *radius.Packet) *radius.Packet
}
func (ep EmptyPayload) Decode(raw []byte) error {
return nil
}
func (ep EmptyPayload) Encode() ([]byte, error) {
return []byte{}, nil
}