habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix a bunch of stuff ig

Browse Source 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer
2025-05-23 21:24:26 +02:00
parent 4d944f7444
commit d8a625be03
2 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
internal/outpost/radius/eap/handler.go
View File

@ -119,7 +119,21 @@ func (p *Packet) handleEAP(pp protocol.Payload, stm protocol.StateManager) (*eap
} }
ctx.log.Debug("Root-EAP: Passing to protocol") ctx.log.Debug("Root-EAP: Passing to protocol")
res := p.GetChallengeForType(ctx, np, t) res := &eap.Payload{
Code: protocol.CodeRequest,
ID: p.eap.ID + 1,
MsgType: t,
}
var payload any
if ctx.IsProtocolStart(t) {
p.eap.Payload = np
p.eap.Payload.Decode(pp.(*eap.Payload).RawPayload)
}
payload = p.eap.Payload.Handle(ctx)
if payload != nil {
res.Payload = payload.(protocol.Payload)
}
stm.SetEAPState(p.state, st) stm.SetEAPState(p.state, st)
if ctx.endModifier != nil { if ctx.endModifier != nil {
@ -145,24 +159,6 @@ func (p *Packet) handleInner() (*eap.Payload, error) {
return p.handleEAP(p.eap, p.stm) return p.handleEAP(p.eap, p.stm)
} }
func (p *Packet) GetChallengeForType(ctx *context, np protocol.Payload, t protocol.Type) *eap.Payload {
res := &eap.Payload{
Code: protocol.CodeRequest,
ID: p.eap.ID + 1,
MsgType: t,
}
var payload any
if ctx.IsProtocolStart(t) {
p.eap.Payload = np
p.eap.Payload.Decode(p.eap.RawPayload)
}
payload = p.eap.Payload.Handle(ctx)
if payload != nil {
res.Payload = payload.(protocol.Payload)
}
return res
}
func (p *Packet) setMessageAuthenticator(rp *radius.Packet) error { func (p *Packet) setMessageAuthenticator(rp *radius.Packet) error {
_ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16)) _ = rfc2869.MessageAuthenticator_Set(rp, make([]byte, 16))
hash := hmac.New(md5.New, rp.Secret) hash := hmac.New(md5.New, rp.Secret)

10
internal/outpost/radius/eap/protocol/peap/payload.go
View File

@ -46,13 +46,16 @@ func (p *Payload) Decode(raw []byte) error {
} }
func (p *Payload) Encode() ([]byte, error) { func (p *Payload) Encode() ([]byte, error) {
log.Debug("PEAP: Encode")
return p.eap.Encode() return p.eap.Encode()
} }
// Inner EAP packets in PEAP may not include the header, hence we need a custom decoder // Inner EAP packets in PEAP may not include the header, hence we need a custom decoder
// https://datatracker.ietf.org/doc/html/draft-kamath-pppext-peapv0-00.txt#section-1.1 // https://datatracker.ietf.org/doc/html/draft-kamath-pppext-peapv0-00.txt#section-1.1
func (p *Payload) eapInnerDecode(ctx protocol.Context) (*eap.Payload, error) { func (p *Payload) eapInnerDecode(ctx protocol.Context) (*eap.Payload, error) {
ep := &eap.Payload{} ep := &eap.Payload{
Settings: p.GetEAPSettings(),
}
rootEap := ctx.RootPayload().(*eap.Payload) rootEap := ctx.RootPayload().(*eap.Payload)
fixedRaw := []byte{ fixedRaw := []byte{
byte(rootEap.Code), byte(rootEap.Code),
@ -71,6 +74,10 @@ func (p *Payload) eapInnerDecode(ctx protocol.Context) (*eap.Payload, error) {
return ep, nil return ep, nil
} }
func (p *Payload) eapEncodeInner(ctx protocol.Context) ([]byte, error) {
return []byte{}, nil
}
func (p *Payload) Handle(ctx protocol.Context) protocol.Payload { func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
defer func() { defer func() {
ctx.SetProtocolState(TypePEAP, p.st) ctx.SetProtocolState(TypePEAP, p.st)
@ -101,6 +108,7 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
ID: rootEap.ID + 1, ID: rootEap.ID + 1,
} }
} }
p.eap = ep
ctx.Log().Debugf("PEAP: Decoded inner EAP to %s", ep.String()) ctx.Log().Debugf("PEAP: Decoded inner EAP to %s", ep.String())
res, err := ctx.HandleInnerEAP(ep, p) res, err := ctx.HandleInnerEAP(ep, p)