encode extension AVPs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-24 01:46:33 +02:00
parent fad18db70b
commit fb01a117ad
5 changed files with 25 additions and 6 deletions
--- a/internal/outpost/radius/eap/protocol/peap/extension.go
+++ b/internal/outpost/radius/eap/protocol/peap/extension.go
@ -3,6 +3,7 @@ package peap
 import (
 	"errors"

+	log "github.com/sirupsen/logrus"
 	"goauthentik.io/internal/outpost/radius/eap/protocol"
 )

@ -17,7 +18,12 @@ func (ep *ExtensionPayload) Decode(raw []byte) error {
 }

 func (ep *ExtensionPayload) Encode() ([]byte, error) {
-	return []byte{}, nil
+	log.Debug("PEAP: Extension encode")
+	buff := []byte{}
+	for _, avp := range ep.AVPs {
+		buff = append(buff, avp.Encode()...)
+	}
+	return buff, nil
 }

 func (ep *ExtensionPayload) Handle(protocol.Context) protocol.Payload {
--- a/internal/outpost/radius/eap/protocol/peap/extension_avp.go
+++ b/internal/outpost/radius/eap/protocol/peap/extension_avp.go
@ -1,6 +1,8 @@
 package peap

-import "encoding/binary"
+import (
+	"encoding/binary"
+)

 type AVPType uint16

@ -29,7 +31,7 @@ func (eavp ExtensionAVP) Encode() []byte {
 	}
 	// The next bit is reserved and should always be set to 0
 	t = t & 0b1011111111111111
-	binary.BigEndian.AppendUint16(buff, t)
-	binary.BigEndian.AppendUint16(buff[2:], uint16(len(eavp.Value)))
+	binary.BigEndian.PutUint16(buff[0:], t)
+	binary.BigEndian.PutUint16(buff[2:], uint16(len(eavp.Value)))
 	return append(buff, eavp.Value...)
 }
--- a/internal/outpost/radius/eap/protocol/peap/payload.go
+++ b/internal/outpost/radius/eap/protocol/peap/payload.go
@ -124,7 +124,16 @@ func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
 	if err != nil {
 		ctx.Log().WithError(err).Warning("PEAP: failed to handle inner EAP")
 	}
-	return &Payload{eap: res.(*eap.Payload)}
+	// Normal payloads need to be wrapped in PEAP to use the correct encoding (see Encode() above)
+	// Extension payloads handle encoding differently
+	pres := res.(*eap.Payload)
+	if _, ok := pres.Payload.(*ExtensionPayload); ok {
+		// HandleInnerEAP will set the MsgType to the PEAP type, however we need to override that
+		pres.MsgType = TypePEAPExtension
+		ctx.Log().Debug("PEAP: Encoding response as extension")
+		return res
+	}
+	return &Payload{eap: pres}
 }

 func (p *Payload) GetEAPSettings() protocol.Settings {