def test_eap_output_packet_gets_packed_and_sent(self, ethernet_pack): #pylint: disable=invalid-name
"""test EAP packet creates a new state machine and is sent on"""
self.chewie.eap_socket = Mock()
ethernet_pack.return_value = "packed ethernet"
self.chewie.eap_output_messages.put_nowait(
EapQueueMessage("output eap message", "src mac", "port mac"))
self.chewie.send_eap_messages()
self.chewie.eap_socket.send.assert_called_with("packed ethernet")
def send_preemptive_identity_request(self, port_id):
"""
Message (EAP Identity Request) that notifies supplicant that port is using 802.1X
Args:
port_id (str):
"""
_id = get_random_id()
data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "")
self.port_to_eapol_id[port_id] = _id
self.eap_output_messages.put_nowait(
EapQueueMessage(data, self.PAE_GROUP_ADDRESS,
MacAddress.from_string(port_id)))
self.logger.info("sending premptive on port %s", port_id)
def _send_identity_request(self):
"""
Message (EAP Identity Request) that notifies supplicant that port is using 802.1X
Args:
port_id (str):
"""
_id = get_random_id()
self.current_preemtive_eapol_id = _id
data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "")
self.supplicant_output_messages.put_nowait(
EapQueueMessage(data, self.PAE_GROUP_ADDRESS,
MacAddress.from_string(self.port_id)))
return _id
def send_preemptive_identity_request(self, port_id, state_machine=None):
"""
Message (EAP Identity Request) that notifies supplicant that port is using 802.1X
Args:
port_id (str):
"""
_id = get_random_id()
# ID of preemptive reauth attempt must be different to ID of initial authentication.
if state_machine is not None and hasattr(state_machine, 'current_id'):
while _id == state_machine.current_id:
_id = get_random_id()
data = IdentityMessage(self.PAE_GROUP_ADDRESS, _id, Eap.REQUEST, "")
self.port_to_eapol_id[port_id] = _id
self.eap_output_messages.put_nowait(
EapQueueMessage(data, self.PAE_GROUP_ADDRESS,
MacAddress.from_string(port_id)))
self.logger.info("sending premptive on port %s with ID %s", port_id,
_id)
def event(self, event):
"""Processes an event.
Output is via the eap/radius queue. and again will be of type ***Message.
Args:
event: should have message attribute which is of the ***Message types
(e.g. SuccessMessage, IdentityMessage,...)
"""
self.lower_layer_reset()
self.logger.info("full state machine received event: %s", event)
# 'Lower Layer' shim
if isinstance(event, EventMessageReceived):
self.message_event_received(event)
elif isinstance(event, EventTimerExpired):
if self.timer_expired_event_received(event):
return
elif isinstance(event, EventPortStatusChange):
self.port_status_event_received(event)
elif isinstance(event, EventSessionTimeout):
self.session_timeout_event_received()
self.handle_message_received()
self.logger.info('end state: %s', self.state)
if self.eap_req:
if (hasattr(self.eap_req_data, 'code') and self.eap_req_data.code == Eap.REQUEST) \
or isinstance(self.eap_req_data, (SuccessMessage, FailureMessage)):
self.logger.info('outputting eap, %s %s %s',
self.eap_req_data, self.src_mac, self.port_id_mac)
self.eap_output_messages.put_nowait(
EapQueueMessage(self.eap_req_data, self.src_mac, self.port_id_mac))
self.sent_count += 1
self.set_timer()
# not tested
else:
self.logger.error('cant find code --- %s', self.eap_req_data)
self.eap_req = False
if self.aaa_eap_resp and self.aaa_eap_resp_data:
if self.aaa_eap_resp_data.code == Eap.RESPONSE:
self.logger.info('outputing radius')
self.radius_output_messages.put_nowait(
RadiusQueueMessage(self.aaa_eap_resp_data, self.src_mac,
self.aaa_identity.identity,
self.radius_state_attribute, self.port_id_mac))
self.sent_count += 1
self.set_timer()
self.aaa_eap_resp = False
# not tested
elif self.aaa_eap_resp:
self.logger.error("aaa_eap_resp is true. but data is false. This should never happen")
if self.eap_success:
self.handle_success()
if self.eap_fail:
self.logger.info('oh authentication not successful %s', self.src_mac)
self.failure_handler(self.src_mac, str(self.port_id_mac))
if self.eap_logoff:
self.handle_logoff()
def event(self, event):
"""Processes an event.
Output is via the eap/radius queue. and again will be of type ***Message.
Args:
event: should have message attribute which is of the ***Message types
(e.g. SuccessMessage, IdentityMessage,...)
"""
# TODO remove and refactor code - Just placing here to separate main pipeline for internals of SM
if (isinstance(event, EventPreemptiveEAPResponseMessageReceived)
and event.preemptive_eap_id != self.current_id):
self.logger.info(
"Resetting eap due to received response to preemtive request")
self.eap_restart = True
self.override_current_id = event.preemptive_eap_id
if isinstance(event, EventRadiusMessageReceived) and isinstance(
event.message, RadiusPacket):
event = self.strip_eap_from_radius_packet(event.message)
self.lower_layer_reset()
self.logger.info("full state machine received event: %s", event)
# 'Lower Layer' shim
if isinstance(event, EventMessageReceived):
self.message_event_received(event)
elif isinstance(event, EventTimerExpired):
if self.timer_expired_event_received(event):
return
elif isinstance(event, EventPortStatusChange):
self.port_status_event_received(event)
elif isinstance(event, EventSessionTimeout):
self.session_timeout_event_received()
self.handle_message_received()
self.logger.info('end state: %s', self.state)
if self.eap_req:
if (hasattr(self.eap_req_data, 'code') and self.eap_req_data.code == Eap.REQUEST) \
or isinstance(self.eap_req_data, (SuccessMessage, FailureMessage)):
self.logger.info(
"outputting eap, '%s', src: '%s' port_id: '%s'",
self.eap_req_data, self.src_mac, self.port_id_mac)
self.eap_output_messages.put_nowait(
EapQueueMessage(self.eap_req_data, self.src_mac,
self.port_id_mac))
self.sent_count += 1
self.set_timer(self.retrans_while)
# not tested
else:
self.logger.error('cant find code --- %s', self.eap_req_data)
self.eap_req = False
if self.aaa_eap_resp and self.aaa_eap_resp_data:
if self.aaa_eap_resp_data.code == Eap.RESPONSE:
self.logger.info('outputing radius')
self.radius_output_messages.put_nowait(
RadiusQueueMessage(self.aaa_eap_resp_data, self.src_mac,
self.aaa_identity.identity,
self.radius_state_attribute,
self.port_id_mac))
self.sent_count += 1
self.set_timer(self.RADIUS_RETRANSMIT_TIMEOUT)
self.aaa_eap_resp = False
# not tested
elif self.aaa_eap_resp:
self.logger.error(
"aaa_eap_resp is true. but data is false. This should never happen"
)
if self.eap_success:
self.handle_success()
if self.eap_fail:
self.logger.info('oh authentication not successful %s',
self.src_mac)
self.failure_handler(self.src_mac, str(self.port_id_mac))
if self.eap_logoff:
self.handle_logoff()