def test_eapol_in(self):
self.setup_all_flows()
kw = dict(src='00:00:00:11:11:11', dst='00:00:00:22:22:22')
in_frame = Ether(**kw) / EAPOL(type=1)
out_frame1 = Ether(**kw) / Dot1Q(vlan=4000) / Dot1Q(vlan=128) / EAPOL(
type=1)
out_frame2 = Ether(**kw) / Dot1Q(vlan=4000) / Dot1Q(vlan=129) / EAPOL(
type=1)
self.ingress_frame(in_frame)
self.assertEqual(self.output, [(0, out_frame1), (0, out_frame2)])
def handleLEAP(self, sockObj, identity):
self.networkDescriptor.addEapType(17)
tries = self.max_tries
while tries:
tries -= 1
sockObj.send('\x00\x00' / LLC(dsap=0xaa, ssap=0xaa, ctrl=3) /
SNAP(code=0x888e) / EAPOL(version=2, type=0) /
EAP(code=1, type=17, id=2) /
LEAP(data=self.mschap_challenge),
FCfield=2,
raw=True)
data = sockObj.recv()
if data is None:
continue
if not data.haslayer(EAP):
continue
if not data.haslayer(LEAP):
eap = data.getlayer(EAP)
if eap.type == 3:
return 1, tuple(eap.eap_types)
continue
leap = data.getlayer(LEAP)
sockObj.clientDescriptor.addIdentity(17, identity)
sockObj.clientDescriptor.addEapType(17)
sockObj.clientDescriptor.addMSChapInfo(17, self.mschap_challenge,
leap.data, identity)
return 0, None
if tries != self.max_tries:
return 2, None
def test_eapol_in(self, request, device_id):
"""Simulate a packet in message posted upstream"""
log.info('test_eapol_in', request=request, device_id=device_id)
eapol_start = str(
Ether(src='00:11:22:33:44:55') / EAPOL(type=1, len=0) /
Padding(load=42 * '\x00'))
device = self.adapter_agent.get_device(device_id)
self.adapter_agent.send_packet_in(logical_device_id=device.parent_id,
logical_port_no=1,
packet=eapol_start)
return '{"status": "sent"}'
def accept(self):
"""
This extends the WirelessStateMachineSoftAP accept() method but
adds in the exchange of EAP identities.
"""
while not self.__shutdown__:
(sockObj, clientMAC) = WirelessStateMachineSoftAP.accept(self)
tries = self.max_tries
while tries:
tries -= 1
data = sockObj.recv()
if not data:
continue
if data.haslayer(EAPOL):
tries = self.max_tries
break
elif data.haslayer('Dot11AssoReq'):
sockObj.send(self.asso_resp_data, 0, 1, 0x10, True)
if tries != self.max_tries:
continue # shit failed in that loop up there
sockObj.sequence = 1
while tries:
tries -= 1
sockObj.send('\x00\x00' / LLC(dsap=0xaa, ssap=0xaa, ctrl=3) /
SNAP(code=0x888e) / EAPOL(version=2, type=0) /
EAP(code=1,
type=1,
id=0,
identity='\x00networkid=' + self.essid +
',nasid=AP,portid=0'),
FCfield=2,
raw=True)
data = sockObj.recv()
if data is None:
continue
if not data.haslayer(EAP):
continue
data = data.getlayer(EAP)
if not 'identity' in data.fields:
continue
tries = self.max_tries
break
if tries != self.max_tries:
continue
eaptype = self.eap_priorities[0]
self.eap_handlers[eaptype](sockObj, data.identity)
self.networkDescriptor.addClient(sockObj.clientDescriptor)
return sockObj, clientMAC
def handlePEAP(self, sockObj, identity):
"""
This is not yet supported. Don't even bother trying.
"""
self.networkDescriptor.addEapType(25)
tries = self.max_tries
while tries:
tries -= 1
sockObj.send('\x00\x00' / LLC(dsap=0xaa, ssap=0xaa, ctrl=3) /
SNAP(code=0x888e) / EAPOL(version=2, type=0) /
EAP(code=1, type=25, id=2) /
PEAP(version=1, flags='start'),
FCfield=2,
raw=True)
return 0, None
if tries != self.max_tries:
return 2, None
def check_eap_type(self,
essid,
eaptype,
outer_identity='user',
eapol_start=False,
rsnInfo=''):
"""
Check that an eaptype is supported.
errDict = {
0:"supported",
1:"not supported",
2:"could not determine",
3:"identity rejected"
}
"""
eapid = randint(1, 254)
if eapol_start:
eapol_start_request = (RadioTap() / Dot11(FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__fixSC__(),
type=2,
subtype=8) / Dot11QoS() /
LLC(dsap=170, ssap=170, ctrl=3) /
SNAP(code=0x888e) /
EAPOL(version=1, type=1))
self.sequence += 1
i = 0
for i in range(0, EAP_MAX_TRIES):
self.__thread_sendp__(eapol_start_request)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer('EAP').fields
if 'type' in fields and fields['type'] == 1 and fields[
'code'] == 1:
i = 0
eapid = fields['id']
break
if i == 2:
return 2
eap_identity_response = (
RadioTap() / Dot11(FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__fixSC__(),
type=2,
subtype=8) / Dot11QoS() /
LLC(dsap=170, ssap=170, ctrl=3) / SNAP(code=0x888e) /
EAPOL(version=1, type=0) /
EAP(code=2, type=1, id=eapid, identity=outer_identity))
eap_legacy_nak = (
RadioTap() / Dot11(FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__fixSC__(),
type=2,
subtype=8) / Dot11QoS() /
LLC(dsap=170, ssap=170, ctrl=3) / SNAP(code=0x888e) /
EAPOL(version=1, type=0, len=6) /
EAP(code=2, type=3, id=eapid + 1, eap_types=[eaptype]))
self.sequence += 1
for i in range(0, EAP_MAX_TRIES):
self.__thread_sendp__(eap_identity_response)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer('EAP').fields
if fields['code'] == 4: # 4 is a failure
return 3
if 'type' in fields and fields['type'] == eaptype:
return 0
i = 0
break
if i == 2:
return 2
for i in range(0, EAP_MAX_TRIES):
self.__thread_sendp__(eap_legacy_nak)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer('EAP').fields
if 'type' in fields and fields['type'] == eaptype:
return 0
else:
return 1
return 2
def check_eap_type(self,
eaptype,
outer_identity='user',
eapol_start=False):
"""
Check that an eaptype is supported.
errDict = {
0:"supported",
1:"not supported",
2:"could not determine",
3:"identity rejected"
}
"""
eapid = randint(1, 254)
if eapol_start:
eapol_start_request = RadioTap() / Dot11(
FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__unfuckupSC__(),
type=2,
subtype=8) / Dot11QoS() / LLC(
dsap=170, ssap=170, ctrl=3) / SNAP(code=0x888e) / EAPOL(
version=1, type=1)
self.sequence += 1
i = 0
while i < 3:
sendp(eapol_start_request, iface=self.interface, verbose=False)
sniff(iface=self.interface,
store=0,
timeout=RESPONSE_TIMEOUT,
stop_filter=self.__stopfilter__)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer(EAP).fields
if 'type' in fields and fields['type'] == 1 and fields[
'code'] == 1:
i = 0
eapid = fields['id']
break
i += 1
if i == 2:
return 2
eap_identity_response = RadioTap() / Dot11(
FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__unfuckupSC__(),
type=2,
subtype=8) / Dot11QoS() / LLC(dsap=170, ssap=170, ctrl=3) / SNAP(
code=0x888e) / EAPOL(version=1, type=0) / EAP(
code=2, type=1, id=eapid, identity=outer_identity)
self.sequence += 1
eap_legacy_nak = RadioTap() / Dot11(
FCfield=0x01,
addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__unfuckupSC__(),
type=2,
subtype=8) / Dot11QoS() / LLC(dsap=170, ssap=170, ctrl=3) / SNAP(
code=0x888e) / EAPOL(version=1, type=0, len=6) / EAP(
code=2, type=3, id=eapid + 1, eap_types=[eaptype])
self.sequence += 1
for i in range(0, 3):
sendp(eap_identity_response, iface=self.interface, verbose=False)
sniff(iface=self.interface,
store=0,
timeout=RESPONSE_TIMEOUT,
stop_filter=self.__stopfilter__)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer(EAP).fields
if fields['code'] == 4: # 4 is a failure
return 3
if 'type' in fields and fields['type'] == eaptype:
return 0
i = 0
break
if i == 2:
return 2
for i in range(0, 3):
sendp(eap_legacy_nak, iface=self.interface, verbose=False)
sniff(iface=self.interface,
store=0,
timeout=RESPONSE_TIMEOUT,
stop_filter=self.__stopfilter__)
if not self.lastpacket is None:
if self.lastpacket.haslayer('EAP'):
fields = self.lastpacket.getlayer(EAP).fields
if 'type' in fields and fields['type'] == eaptype:
return 0
else:
return 1
return 2