diff --git a/chewie/chewie.py b/chewie/chewie.py index 92210560..28edca8e 100644 --- a/chewie/chewie.py +++ b/chewie/chewie.py @@ -110,14 +110,14 @@ def start_threads_and_wait(self): self.pool.waitall() - def auth_success(self, src_mac, port_id, period, vlan_name): + def auth_success(self, src_mac, port_id, period, vlan_name, filter_id): """authentication shim between faucet and chewie Args: src_mac (MacAddress): the mac of the successful supplicant port_id (MacAddress): the 'mac' identifier of what switch port the success is on period (int): time (seconds) until the session times out.""" if self.auth_handler: - self.auth_handler(src_mac, port_id, vlan_name) + self.auth_handler(src_mac, port_id, vlan_name, filter_id) self.port_to_identity_job[port_id] = self.timer_scheduler.call_later( period, diff --git a/chewie/eap_state_machine.py b/chewie/eap_state_machine.py index d05d5be7..a243ecb1 100644 --- a/chewie/eap_state_machine.py +++ b/chewie/eap_state_machine.py @@ -8,7 +8,7 @@ EventPortStatusChange, EventSessionTimeout from chewie.message_parser import SuccessMessage, FailureMessage, EapolStartMessage, \ IdentityMessage, EapolLogoffMessage, EapMessage -from chewie.radius_attributes import SessionTimeout, TunnelPrivateGroupID +from chewie.radius_attributes import FilterId, SessionTimeout, TunnelPrivateGroupID from chewie.utils import get_logger, log_method, RadiusQueueMessage, EapQueueMessage @@ -116,6 +116,7 @@ class FullEAPStateMachine: session_timeout = DEFAULT_SESSION_TIMEOUT radius_tunnel_private_group_id = None + filter_id = None machine = None @@ -787,7 +788,7 @@ def handle_success(self): self.logger.info('Yay authentication successful %s %s', self.src_mac, self.aaa_identity.identity) self.auth_handler(self.src_mac, str(self.port_id_mac), - self.session_timeout, self.radius_tunnel_private_group_id) + self.session_timeout, self.radius_tunnel_private_group_id, self.filter_id) self.aaa_eap_resp_data = None # new authentication so cancel the old session timeout event @@ -885,12 +886,15 @@ def set_vars_from_radius(self, attributes): """ self.session_timeout = self.DEFAULT_SESSION_TIMEOUT self.radius_tunnel_private_group_id = None + self.filter_id = None if attributes: self.session_timeout = attributes.get(SessionTimeout.DESCRIPTION, self.DEFAULT_SESSION_TIMEOUT) self.radius_tunnel_private_group_id = attributes.get(TunnelPrivateGroupID.DESCRIPTION, None) + self.filter_id = attributes.get(FilterId.DESCRIPTION, + None) if self.radius_tunnel_private_group_id: self.radius_tunnel_private_group_id = self.radius_tunnel_private_group_id.decode('utf-8') # TODO could also set filter-id/vlans/acls here. diff --git a/test/test_full_state_machine.py b/test/test_full_state_machine.py index e2a722b8..bf521269 100644 --- a/test/test_full_state_machine.py +++ b/test/test_full_state_machine.py @@ -82,7 +82,7 @@ def tearDown(self): self.assertNotIn('aaaEapResp is true. but data is false. This should never happen', log.read()) - def auth_handler(self, client_mac, port_id_mac, timer, vlan_name): # pylint: disable=unused-argument + def auth_handler(self, client_mac, port_id_mac, timer, vlan_name, filter_id): # pylint: disable=unused-argument self.auth_counter += 1 print('Successful auth from MAC %s' % str(client_mac))