jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: RADIUS server failure cases

Browse source 
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-03-01 19:54:17 +02:00
parent 5d695df5d1
commit 58980654af
2 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
tests/hwsim/dictionary.radius
View file

@ -1,6 +1,7 @@
ATTRIBUTE User-Name 1 string ATTRIBUTE User-Name 1 string
ATTRIBUTE User-Password 2 string ATTRIBUTE User-Password 2 string
ATTRIBUTE NAS-IP-Address 4 ipaddr ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE State 24 octets
ATTRIBUTE Calling-Station-Id 31 string ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE NAS-Identifier 32 string ATTRIBUTE NAS-Identifier 32 string
ATTRIBUTE Acct-Session-Id 44 string ATTRIBUTE Acct-Session-Id 44 string

53
tests/hwsim/test_radius.py
View file

@ -956,3 +956,56 @@ def test_radius_auth_force_invalid_client_addr(dev, apdev):
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None: if ev is not None:
raise Exception("Unexpected connection") raise Exception("Unexpected connection")
def add_message_auth(req):
req.authenticator = req.CreateAuthenticator()
hmac_obj = hmac.new(req.secret)
hmac_obj.update(struct.pack("B", req.code))
hmac_obj.update(struct.pack("B", req.id))
# request attributes
req.AddAttribute("Message-Authenticator",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
attrs = req._PktEncodeAttributes()
# Length
flen = 4 + 16 + len(attrs)
hmac_obj.update(struct.pack(">H", flen))
hmac_obj.update(req.authenticator)
hmac_obj.update(attrs)
del req[80]
req.AddAttribute("Message-Authenticator", hmac_obj.digest())
def test_radius_server_failures(dev, apdev):
"""RADIUS server failure cases"""
try:
import pyrad.client
import pyrad.packet
import pyrad.dictionary
except ImportError:
raise HwsimSkip("No pyrad modules available")
dict = pyrad.dictionary.Dictionary("dictionary.radius")
client = pyrad.client.Client(server="127.0.0.1", authport=1812,
secret="radius", dict=dict)
client.retries = 1
client.timeout = 1
# unexpected State
req = client.CreateAuthPacket(code=pyrad.packet.AccessRequest,
User_Name="foo")
req['State'] = 'foo-state'
add_message_auth(req)
reply = client.SendPacket(req)
if reply.code != pyrad.packet.AccessReject:
raise Exception("Unexpected RADIUS response code " + str(reply.code))
# no EAP-Message
req = client.CreateAuthPacket(code=pyrad.packet.AccessRequest,
User_Name="foo")
add_message_auth(req)
try:
reply = client.SendPacket(req)
raise Exception("Unexpected response")
except pyrad.client.Timeout:
pass