tests: ERP enabled on RADIUS server and peer and no wildcard user

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-04-09 00:12:35 +03:00 committed by Jouni Malinen
parent 3580ed8266
commit 85b3bb6cc7

View file

@ -107,12 +107,13 @@ def test_erp_server_no_match(dev, apdev):
raise Exception("Unexpected use of ERP") raise Exception("Unexpected use of ERP")
dev[0].wait_connected(timeout=15, error="Reconnection timed out") dev[0].wait_connected(timeout=15, error="Reconnection timed out")
def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False): def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False,
eap_user_file="auth_serv/eap_user.conf"):
params = {"ssid": "as", "beacon_int": "2000", params = {"ssid": "as", "beacon_int": "2000",
"radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_clients": "auth_serv/radius_clients.conf",
"radius_server_auth_port": '18128', "radius_server_auth_port": '18128',
"eap_server": "1", "eap_server": "1",
"eap_user_file": "auth_serv/eap_user.conf", "eap_user_file": eap_user_file,
"ca_cert": "auth_serv/ca.pem", "ca_cert": "auth_serv/ca.pem",
"server_cert": "auth_serv/server.pem", "server_cert": "auth_serv/server.pem",
"private_key": "auth_serv/server.key", "private_key": "auth_serv/server.key",
@ -156,6 +157,37 @@ def test_erp_radius(dev, apdev):
raise Exception("Did not use ERP") raise Exception("Did not use ERP")
dev[0].wait_connected(timeout=15, error="Reconnection timed out") dev[0].wait_connected(timeout=15, error="Reconnection timed out")
def test_erp_radius_no_wildcard_user(dev, apdev, params):
"""ERP enabled on RADIUS server and peer and no wildcard user"""
check_erp_capa(dev[0])
user_file = os.path.join(params['logdir'],
'erp_radius_no_wildcard_user.eap_users')
with open(user_file, 'w') as f:
f.write('"user@example.com" PSK 0123456789abcdef0123456789abcdef\n')
start_erp_as(apdev[1], eap_user_file=user_file)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['auth_server_port'] = "18128"
params['erp_send_reauth_start'] = '1'
params['erp_domain'] = 'example.com'
params['disable_pmksa_caching'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].request("ERP_FLUSH")
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
eap="PSK", identity="user@example.com",
password_hex="0123456789abcdef0123456789abcdef",
erp="1", scan_freq="2412")
for i in range(3):
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=15)
dev[0].request("RECONNECT")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP success timed out")
if "EAP re-authentication completed successfully" not in ev:
raise Exception("Did not use ERP")
dev[0].wait_connected(timeout=15, error="Reconnection timed out")
def test_erp_radius_ext(dev, apdev): def test_erp_radius_ext(dev, apdev):
"""ERP enabled on a separate RADIUS server and peer""" """ERP enabled on a separate RADIUS server and peer"""
as_hapd = hostapd.Hostapd("as") as_hapd = hostapd.Hostapd("as")