def test_sudo_cmd_call(self, mock_subproc_run):
AuthUtils.sudo_cmd('test')
mock_subproc_run.assert_called_once_with(['sudo', 'test'],
check=True,
timeout=ANY)
mock_subproc_run.reset_mock()
AuthUtils.sudo_cmd('test', ['my', 'args'])
mock_subproc_run.assert_called_once_with(
['sudo', 'test', 'my', 'args'], check=True, timeout=ANY)
def handle_user_state(self, user, state, acct_session):
# remember attributes to match with post_auth call
self._user = user
self._state = state
self._session = acct_session
return AuthUtils.reject_only_when_blocked(user, state)
def _run_disassoc(self, mock_subproc_run):
result = AuthUtils.disassociate_user('AA-BB-CC')
mock_subproc_run.assert_called_once_with(
['sudo', 'hostapd_cli', 'disassociate', 'aa:bb:cc'],
check=True,
timeout=ANY)
self.assertIsInstance(result, str)
def test_reject_only_when_blocked(self):
user = UserIdentifier('user', '')
user.password = '******'
expected_reject = (auth.REJECT, None)
expected_accept = (auth.ALLOW, {'control:Cleartext-Password': '******'})
result_block = AuthUtils.reject_only_when_blocked(
user, UserData.JOIN_STATE_BLOCKED)
result_waiting = AuthUtils.reject_only_when_blocked(
user, UserData.JOIN_STATE_WAITING)
result_ok = AuthUtils.reject_only_when_blocked(
user, UserData.JOIN_STATE_ALLOWED)
self.assertEqual(expected_reject, result_block)
self.assertEqual(expected_accept, result_waiting)
self.assertEqual(expected_accept, result_ok)
def _run_cmd(self, cmd, device_id=None):
full_cmd = '/etc/radguestauth/fw_%s.sh' % cmd
args = None
if device_id:
args = [UserIdentifier.format_mac(device_id)]
return AuthUtils.sudo_cmd(full_cmd,
additional_args=args,
error_return='Command failed: %s' % cmd)
def handle_user_state(self, user, state, acct_session):
if state == UserData.JOIN_STATE_WAITING:
# ensure that the user is not in the whitelist.
# This occurs when the user was previously allowed and the
# timeout/join numbers expire.
self._run_cmd('user_drop', user.device_id)
self._last_session_waiting = acct_session
else:
self._last_session_waiting = None
return AuthUtils.reject_only_when_blocked(user, state)
def on_host_deny(self, user):
res_msg = self._run_cmd('user_drop', user.device_id)
# force re-connect in case of blocking.
if (user.user_data
and user.user_data.join_state == UserData.JOIN_STATE_BLOCKED):
if res_msg:
res_msg += '\n'
else:
# could be None, so set to empty str
res_msg = ''
res_msg += AuthUtils.disassociate_user(user.device_id)
return res_msg
def _reconnect_user(self, device_id):
return ('Trying to re-connect user to update VLAN...\n%s' %
AuthUtils.disassociate_user(device_id))
def _run_assert(expected_msg):
result = AuthUtils.sudo_cmd('test',
success_return='mymessage',
error_return='myerror')
mock_subproc_run.assert_called_once()
self.assertEqual(result, expected_msg)