/8021x_inspect.py
Last active May 2, 2019
802.1x configuration / data collection on OS X using python and the PrivateFramework "EAP8021X.framework"
| # This was all run from user space | |
| # I haven't tested it with root | |
| # ... but it didn't prompt for any permissions under userspace ^_^ | |
| # Tested on 10.11.5 | |
| import objc | |
| from Foundation import NSBundle | |
| EAP8021X_bundle = NSBundle.bundleWithPath_('/System/Library/PrivateFrameworks/EAP8021X.framework') | |
| Security_bundle = NSBundle.bundleWithIdentifier_('com.apple.security') | |
| kEAPOLClientDomainUser = 1 | |
| kEAPOLClientDomainSystem = 3 | |
| E_functions = [ | |
| ('EAPOLClientConfigurationCopyProfiles', '@@'), | |
| ('EAPOLClientConfigurationCopyAllLoginWindowProfiles', '@@'), | |
| ('EAPOLClientConfigurationCopyAllSystemProfiles', '@@'), | |
| ('EAPOLClientConfigurationCreate', '@^@'), | |
| ('EAPOLClientConfigurationGetProfileWithID', '@@@'), | |
| ('EAPOLClientItemIDCopyIdentity', '@@i'), | |
| ('EAPOLClientItemIDCreateWithProfile', '@@'), | |
| ('EAPOLClientProfileGetAuthenticationProperties', '@@'), | |
| ('EAPOLClientProfileGetUserDefinedName', '@@'), | |
| ('EAPOLClientProfileGetWLANSSIDAndSecurityType', '@@o^@'), | |
| ('EAPOLClientProfileGetID', '@@'), | |
| ('EAPOLControlCopyStateAndStatus', 'i*o^io^@'), | |
| ('EAPSecCertificateCopyAttributesDictionary', '@@'), | |
| ('EAPSecCertificateCopyUserNameString', '@@'), | |
| ] | |
| S_functions = [ | |
| ('SecIdentityCopyCertificate', 'i@o^@'), | |
| ('SecCertificateCopyValues', '@@^@o^@'), | |
| ('SecCertificateCopyData', '@@'), | |
| ] | |
| objc.loadBundleFunctions(EAP8021X_bundle, globals(), E_functions) | |
| objc.loadBundleFunctions(Security_bundle, globals(), S_functions) | |
| # eap_config contains details about the current EAP session | |
| result, status, eap_config = EAPOLControlCopyStateAndStatus('en0', None, None) | |
| cfg = EAPOLClientConfigurationCreate(None) | |
| # The UniqueIdentifier can be used to look up the 802.1x configuration in use | |
| client_profile = EAPOLClientConfigurationGetProfileWithID(cfg, eap_config['UniqueIdentifier']) | |
| # auth_dict contains the certs and security configuration | |
| auth_dict = EAPOLClientProfileGetAuthenticationProperties(client_profile) | |
| # display_name is the informal name for the config | |
| display_name = EAPOLClientProfileGetUserDefinedName(client_profile) | |
| # ssid and security_type for the config | |
| ssid_cfdata, security_type = EAPOLClientProfileGetWLANSSIDAndSecurityType(client_profile, None) | |
| ssid = str(ssid_cfdata) | |
| # Find out the associated identity | |
| client_id = EAPOLClientItemIDCreateWithProfile(client_profile) | |
| identity = EAPOLClientItemIDCopyIdentity(client_id, kEAPOLClientDomainSystem) | |
| result, cert = SecIdentityCopyCertificate(identity, None) | |
| # This dict contains very basic information like CommonName for the identity's cert | |
| id_dict = EAPSecCertificateCopyAttributesDictionary(cert) | |
| # username = EAPSecCertificateCopyUserNameString(cert) | |
| # !!! all OID / x509v3 details about the user cert in a dict | |
| cert_details, errors = SecCertificateCopyValues(cert, None, None) | |
| # Public cert used by identity | |
| cert_bytes = SecCertificateCopyData(cert) | |
| # You can write str(cert_bytes) back out to a file and it'll be the | |
| # DER .cer certificate of the public cert of the 802.1x identity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment