From 85b3bb6cc72d5cad708adfafba529630fc791cb8 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 9 Apr 2019 00:12:35 +0300 Subject: [PATCH] tests: ERP enabled on RADIUS server and peer and no wildcard user Signed-off-by: Jouni Malinen --- tests/hwsim/test_erp.py | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py index 74c12de20..2592ff8ae 100644 --- a/tests/hwsim/test_erp.py +++ b/tests/hwsim/test_erp.py @@ -107,12 +107,13 @@ def test_erp_server_no_match(dev, apdev): raise Exception("Unexpected use of ERP") dev[0].wait_connected(timeout=15, error="Reconnection timed out") -def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False): +def start_erp_as(apdev, erp_domain="example.com", msk_dump=None, tls13=False, + eap_user_file="auth_serv/eap_user.conf"): params = {"ssid": "as", "beacon_int": "2000", "radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_auth_port": '18128', "eap_server": "1", - "eap_user_file": "auth_serv/eap_user.conf", + "eap_user_file": eap_user_file, "ca_cert": "auth_serv/ca.pem", "server_cert": "auth_serv/server.pem", "private_key": "auth_serv/server.key", @@ -156,6 +157,37 @@ def test_erp_radius(dev, apdev): raise Exception("Did not use ERP") dev[0].wait_connected(timeout=15, error="Reconnection timed out") +def test_erp_radius_no_wildcard_user(dev, apdev, params): + """ERP enabled on RADIUS server and peer and no wildcard user""" + check_erp_capa(dev[0]) + user_file = os.path.join(params['logdir'], + 'erp_radius_no_wildcard_user.eap_users') + with open(user_file, 'w') as f: + f.write('"user@example.com" PSK 0123456789abcdef0123456789abcdef\n') + start_erp_as(apdev[1], eap_user_file=user_file) + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + params['auth_server_port'] = "18128" + params['erp_send_reauth_start'] = '1' + params['erp_domain'] = 'example.com' + params['disable_pmksa_caching'] = '1' + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].request("ERP_FLUSH") + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", + eap="PSK", identity="user@example.com", + password_hex="0123456789abcdef0123456789abcdef", + erp="1", scan_freq="2412") + for i in range(3): + dev[0].request("DISCONNECT") + dev[0].wait_disconnected(timeout=15) + dev[0].request("RECONNECT") + ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) + if ev is None: + raise Exception("EAP success timed out") + if "EAP re-authentication completed successfully" not in ev: + raise Exception("Did not use ERP") + dev[0].wait_connected(timeout=15, error="Reconnection timed out") + def test_erp_radius_ext(dev, apdev): """ERP enabled on a separate RADIUS server and peer""" as_hapd = hostapd.Hostapd("as")