def test_eap_output_packet_gets_packed_and_sent(self, ethernet_pack): #pylint: disable=invalid-name """test EAP packet creates a new state machine and is sent on""" self.chewie.eap_socket = Mock() ethernet_pack.return_value = "packed ethernet" self.chewie.eap_output_messages.put_nowait( EapQueueMessage("output eap message", "src mac", "port mac")) self.chewie.send_eap_messages() self.chewie.eap_socket.send.assert_called_with("packed ethernet")
def send_preemptive_identity_request(self, port_id): """ Message (EAP Identity Request) that notifies supplicant that port is using 802.1X Args: port_id (str): """ _id = get_random_id() data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "") self.port_to_eapol_id[port_id] = _id self.eap_output_messages.put_nowait( EapQueueMessage(data, self.PAE_GROUP_ADDRESS, MacAddress.from_string(port_id))) self.logger.info("sending premptive on port %s", port_id)
def _send_identity_request(self): """ Message (EAP Identity Request) that notifies supplicant that port is using 802.1X Args: port_id (str): """ _id = get_random_id() self.current_preemtive_eapol_id = _id data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "") self.supplicant_output_messages.put_nowait( EapQueueMessage(data, self.PAE_GROUP_ADDRESS, MacAddress.from_string(self.port_id))) return _id
def send_preemptive_identity_request(self, port_id, state_machine=None): """ Message (EAP Identity Request) that notifies supplicant that port is using 802.1X Args: port_id (str): """ _id = get_random_id() # ID of preemptive reauth attempt must be different to ID of initial authentication. if state_machine is not None and hasattr(state_machine, 'current_id'): while _id == state_machine.current_id: _id = get_random_id() data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "") self.port_to_eapol_id[port_id] = _id self.eap_output_messages.put_nowait( EapQueueMessage(data, self.PAE_GROUP_ADDRESS, MacAddress.from_string(port_id))) self.logger.info("sending premptive on port %s with ID %s", port_id, _id)
def event(self, event): """Processes an event. Output is via the eap/radius queue. and again will be of type ***Message. Args: event: should have message attribute which is of the ***Message types (e.g. SuccessMessage, IdentityMessage,...) """ self.lower_layer_reset() self.logger.info("full state machine received event: %s", event) # 'Lower Layer' shim if isinstance(event, EventMessageReceived): self.message_event_received(event) elif isinstance(event, EventTimerExpired): if self.timer_expired_event_received(event): return elif isinstance(event, EventPortStatusChange): self.port_status_event_received(event) elif isinstance(event, EventSessionTimeout): self.session_timeout_event_received() self.handle_message_received() self.logger.info('end state: %s', self.state) if self.eap_req: if (hasattr(self.eap_req_data, 'code') and self.eap_req_data.code == Eap.REQUEST) \ or isinstance(self.eap_req_data, (SuccessMessage, FailureMessage)): self.logger.info('outputting eap, %s %s %s', self.eap_req_data, self.src_mac, self.port_id_mac) self.eap_output_messages.put_nowait( EapQueueMessage(self.eap_req_data, self.src_mac, self.port_id_mac)) self.sent_count += 1 self.set_timer() # not tested else: self.logger.error('cant find code --- %s', self.eap_req_data) self.eap_req = False if self.aaa_eap_resp and self.aaa_eap_resp_data: if self.aaa_eap_resp_data.code == Eap.RESPONSE: self.logger.info('outputing radius') self.radius_output_messages.put_nowait( RadiusQueueMessage(self.aaa_eap_resp_data, self.src_mac, self.aaa_identity.identity, self.radius_state_attribute, self.port_id_mac)) self.sent_count += 1 self.set_timer() self.aaa_eap_resp = False # not tested elif self.aaa_eap_resp: self.logger.error("aaa_eap_resp is true. but data is false. This should never happen") if self.eap_success: self.handle_success() if self.eap_fail: self.logger.info('oh authentication not successful %s', self.src_mac) self.failure_handler(self.src_mac, str(self.port_id_mac)) if self.eap_logoff: self.handle_logoff()
def event(self, event): """Processes an event. Output is via the eap/radius queue. and again will be of type ***Message. Args: event: should have message attribute which is of the ***Message types (e.g. SuccessMessage, IdentityMessage,...) """ # TODO remove and refactor code - Just placing here to separate main pipeline for internals of SM if (isinstance(event, EventPreemptiveEAPResponseMessageReceived) and event.preemptive_eap_id != self.current_id): self.logger.info( "Resetting eap due to received response to preemtive request") self.eap_restart = True self.override_current_id = event.preemptive_eap_id if isinstance(event, EventRadiusMessageReceived) and isinstance( event.message, RadiusPacket): event = self.strip_eap_from_radius_packet(event.message) self.lower_layer_reset() self.logger.info("full state machine received event: %s", event) # 'Lower Layer' shim if isinstance(event, EventMessageReceived): self.message_event_received(event) elif isinstance(event, EventTimerExpired): if self.timer_expired_event_received(event): return elif isinstance(event, EventPortStatusChange): self.port_status_event_received(event) elif isinstance(event, EventSessionTimeout): self.session_timeout_event_received() self.handle_message_received() self.logger.info('end state: %s', self.state) if self.eap_req: if (hasattr(self.eap_req_data, 'code') and self.eap_req_data.code == Eap.REQUEST) \ or isinstance(self.eap_req_data, (SuccessMessage, FailureMessage)): self.logger.info( "outputting eap, '%s', src: '%s' port_id: '%s'", self.eap_req_data, self.src_mac, self.port_id_mac) self.eap_output_messages.put_nowait( EapQueueMessage(self.eap_req_data, self.src_mac, self.port_id_mac)) self.sent_count += 1 self.set_timer(self.retrans_while) # not tested else: self.logger.error('cant find code --- %s', self.eap_req_data) self.eap_req = False if self.aaa_eap_resp and self.aaa_eap_resp_data: if self.aaa_eap_resp_data.code == Eap.RESPONSE: self.logger.info('outputing radius') self.radius_output_messages.put_nowait( RadiusQueueMessage(self.aaa_eap_resp_data, self.src_mac, self.aaa_identity.identity, self.radius_state_attribute, self.port_id_mac)) self.sent_count += 1 self.set_timer(self.RADIUS_RETRANSMIT_TIMEOUT) self.aaa_eap_resp = False # not tested elif self.aaa_eap_resp: self.logger.error( "aaa_eap_resp is true. but data is false. This should never happen" ) if self.eap_success: self.handle_success() if self.eap_fail: self.logger.info('oh authentication not successful %s', self.src_mac) self.failure_handler(self.src_mac, str(self.port_id_mac)) if self.eap_logoff: self.handle_logoff()