Merge pull request #137 from MichaelWasher/change_chewie_interface

gizmoguy · web-flow · commit b49b7485f18a · 2019-06-24T15:45:04.000+12:00
Add __main__ and Update API with kwargs
diff --git a/chewie/__main__.py b/chewie/__main__.py
@@ -0,0 +1,59 @@
+import logging
+import sys
+import argparse
+
+from chewie.chewie import Chewie
+
+
+def get_logger(name, log_level=logging.DEBUG):
+    logger = logging.getLogger(name)
+    if not logger.handlers:
+        logger.setLevel(log_level)
+        ch = logging.StreamHandler(sys.stdout)
+        ch.setLevel(log_level)
+        formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+        ch.setFormatter(formatter)
+        logger.addHandler(ch)
+    return logger
+
+
+def auth_handler(address, group_address, *args, **kwargs):
+    logger = get_logger("CHEWIE")
+    logger.info("Authentication successful for address {} on port {}".format(str(address), str(group_address)))
+    logger.info("Arguments passed from Chewie to Faucet: \n*args:{}\n**kwargs{}".format(str(
+        args), str(kwargs)))
+
+
+def failure_handler(address, group_address):
+    print("failure of address %s on port %s" % (str(address), str(group_address)))
+
+
+def logoff_handler(address, group_address):
+    print("logoff of address %s on port %s" % (str(address), str(group_address)))
+
+
+def main():
+    parser = argparse.ArgumentParser(description='Run Chewie 802.1x Authenticator independently of '
+                                                 'Faucet SDN Controller')
+
+    parser.add_argument('-i', '--interface', dest='interface',
+                        help='Set the interface for Chewie to listen on - Default: eth0',
+                        default="eth0")
+    parser.add_argument('-ri', '--radius_ip', dest='radius_ip',
+                        help='Set the IP Address for the RADIUS Server that Chewie will forward requests to '
+                             '- DEFAULT: 127.0.0.1', default='127.0.0.1')
+    parser.add_argument('-rs', '--radius_secret', dest='radius_secret',
+                        help='Set the Secret used for connecting to the RADIUS Server - Default: SECRET',
+                        default='SECRET')
+    args = parser.parse_args()
+
+    logger = get_logger("CHEWIE")
+    logger.info('Starting Chewie...')
+
+    chewie = Chewie(args.interface, logger, auth_handler, failure_handler, logoff_handler,
+                    radius_server_ip=args.radius_ip, radius_server_secret=args.radius_secret)
+    chewie.run()
+
+
+if __name__ == '__main__':
+    main()
diff --git a/chewie/chewie.py b/chewie/chewie.py
@@ -44,7 +44,10 @@ def __init__(self, interface_name, logger=None,
                  radius_server_ip=None, radius_server_port=None, radius_server_secret=None,
                  chewie_id=None):
         self.interface_name = interface_name
-        self.log_name = logger.name + "." + Chewie.__name__
+        self.log_name = Chewie.__name__
+        if logger:
+            self.log_name = logger.name + "." + Chewie.__name__
+
         self.logger = get_logger(self.log_name)
         self.auth_handler = auth_handler
         self.failure_handler = failure_handler
@@ -117,15 +120,17 @@ def start_threads_and_wait(self):
 
         self.pool.waitall()
 
-    def auth_success(self, src_mac, port_id, period, vlan_name, filter_id):
+    def auth_success(self, src_mac, port_id, period,
+                     *args, **kwargs):  # pylint: disable=unused-variable
         """authentication shim between faucet and chewie
         Args:
             src_mac (MacAddress): the mac of the successful supplicant
             port_id (MacAddress): the 'mac' identifier of what switch port the success is on
             period (int): time (seconds) until the session times out.
             """
+
         if self.auth_handler:
-            self.auth_handler(src_mac, port_id, vlan_name, filter_id)
+            self.auth_handler(src_mac, port_id, *args, **kwargs)
 
         self.port_to_identity_job[port_id] = self.timer_scheduler.call_later(
             period,
diff --git a/chewie/state_machines/eap_state_machine.py b/chewie/state_machines/eap_state_machine.py
@@ -815,8 +815,18 @@ def handle_success(self):
         """Notify the success callback and sets a timer event to expire this session"""
         self.logger.info('Yay authentication successful %s %s',
                          self.src_mac, self.aaa_identity.identity)
+
+        kwargs = {}
+        if self.radius_tunnel_private_group_id:
+            kwargs['vlan_name'] = self.radius_tunnel_private_group_id
+
+        if self.filter_id:
+            kwargs['filter_id'] = self.filter_id
+
         self.auth_handler(self.src_mac, str(self.port_id_mac),
-                          self.session_timeout, self.radius_tunnel_private_group_id, self.filter_id)
+                          self.session_timeout,
+                          **kwargs)
+
         self.aaa_eap_resp_data = None
 
         # new authentication so cancel the old session timeout event
diff --git a/chewie/state_machines/mab_state_machine.py b/chewie/state_machines/mab_state_machine.py
@@ -6,6 +6,7 @@
 from chewie.event import EventMessageReceived, EventRadiusMessageReceived
 from chewie.radius import RadiusAccessAccept, RadiusAccessReject
 from chewie.utils import get_logger, log_method, RadiusQueueMessage
+import chewie.radius_attributes as radius_attributes
 
 
 class MacAuthenticationBypassStateMachine:
@@ -74,6 +75,7 @@ class MacAuthenticationBypassStateMachine:
     eth_message_data = None
 
     radius_state_attribute = None
+    # NOTE: This is not dynamic at this stage. Session timeout Attributes from radius are ignored
     session_timeout = DEFAULT_SESSION_TIMEOUT
     port_id_mac = None
 
@@ -184,7 +186,6 @@ def reset_variables(self):
         self.eth_received = False
         self.eth_message_data = None
         self.aaa_response_attributes = None
-        self.port_id_mac = None
 
     def event(self, event):
         """Processes an event for the state machine"""
@@ -205,7 +206,8 @@ def event(self, event):
     def handle_success(self):
         """Handle a AAA_Success event"""
         self.logger.info("Successful MAB Authentication. Running Auth Handler")
-        self.auth_handler(self.src_mac, str(self.port_id_mac), self.session_timeout, None, None)
+        self.auth_handler(self.src_mac, str(self.port_id_mac), self.session_timeout,
+                          self.aaa_response_attributes)
 
     def handle_failure(self):
         """Handle a AAA_Failure event"""
diff --git a/run.py b/run.py
diff --git a/test/test_full_state_machine.py b/test/test_full_state_machine.py
@@ -84,8 +84,8 @@ def tearDown(self):
             self.assertNotIn('aaaEapResp is true. but data is false. This should never happen',
                              log.read())
 
-    def auth_handler(self, client_mac, port_id_mac, timer, vlan_name,
-                     filter_id):  # pylint: disable=unused-argument
+    def auth_handler(self, client_mac,
+                     port_id_mac, *args, **kwargs):  # pylint: disable=unused-argument
         self.auth_counter += 1
         print('Successful auth from MAC %s' % str(client_mac))
 
