예제 #1
0
파일: radius.py 프로젝트: yvyshneva/scapy 
 def m2i(self, pkt, m):
     ret = None
     eap_packet_len = struct.unpack("!H", m[2:4])[0]
     if eap_packet_len < 254:
         # If the EAP packet has not been fragmented, build a Scapy EAP
         # packet from the data.
         ret = EAP(m)
     else:
         ret = conf.raw_layer(m)
     return ret
예제 #2
0
def _build_legacy_nak(request_id, desired_auth_type):
    """
    Build a Legacy Nak packet, in order to ask for a specific authentication
    method.
    """

    eap_response = EAP(code=EAP.RESPONSE,
                       id=request_id,
                       type=3,
                       desired_auth_types=[desired_auth_type])

    return eap_response
예제 #3
0
    def _process_eap_request(self, eap_request):
        """
        Process incoming EAP requests.
        """

        eap_response = None
        test_response = False

        # Request-Identity
        if eap_request.type == 1:
            eap_response = EAP(code=EAP.RESPONSE,
                               id=eap_request.id,
                               type=1,
                               identity=self._identity)

        elif eap_request.type > 3:
            # At this point, a new authentication process has started
            self._auth_process_in_progress = True

            # Process phase 1 tests
            if not self._tls_scan:
                eap_response, test_response =\
                    self._process_request(eap_request)

            # Process TLS based method
            elif eap_request.type in TLS_BASED_METHODS:
                # We're expecting a Request with a type matching a TLS-based
                # authentication method. If the authentication method is not
                # the expected one, send a Legacy Nak asking for EAP-TLS (or
                # the specified EAP method).
                if eap_request.type != self._current_auth_method:
                    desired_auth_type_ = self._current_auth_method or 13
                    eap_response = _build_legacy_nak(eap_request.id,
                                                     desired_auth_type_)
                else:
                    eap_response, test_response =\
                        self._process_tls_request(eap_request)

            else:
                # If the authentication method is not the expected one,
                # send a Legacy Nak asking for EAP-TLS (or the specified
                # EAP method).
                if eap_request.type != self._current_auth_method:
                    desired_auth_type_ = self._current_auth_method or 13
                    eap_response = _build_legacy_nak(eap_request.id,
                                                     desired_auth_type_)

        return eap_response, test_response
예제 #4
0
 def post_dissect(self, s):
     if not conf.contribs.get("radius", {}).get("auto-defrag", True):
         return s
     if isinstance(self.value, conf.raw_layer):
         # Defragment
         x = s
         buf = self.value.load
         while x and struct.unpack("!B", x[:1])[0] == 79:
             # Let's carefully avoid the infinite loop
             length = struct.unpack("!B", x[1:2])[0]
             if not length:
                 return s
             buf, x = buf + x[2:length], x[length:]
             if length < 254:
                 self.value = EAP(buf)
                 return x
     return s