For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This extends the P2P Device testing coverage to include the newly
enabled option of using the primary interface (e.g., wlan0) for P2P
group operation instead of always forcing a separate group interface to
be created dynamically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This tests BSS Transition Management Query frame generation with
candidate list and transmission of the following request and response
frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a test that verifies that no Association Request frame is sent to
APs that include the MBO IE with association disallowed attribute in
Beacon and Probe Response frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add tests to verify that MBO IE in BSS Transition Management Request
frame is parsed correctly:
1. The MBO transition reason code is received by the MBO station.
2. The MBO cellular data connection preference is received by the
MBO station.
3. The MBO station does not try to connect to the AP until the retry
delay is over.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>