tests: RADIUS/TLS with FreeRADIUS

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-02-25 20:45:54 +02:00
parent 95a825bc43
commit 8aff823649

View file

@ -1,5 +1,5 @@
# RADIUS tests
# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
# Copyright (c) 2013-2024, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.
@ -12,6 +12,7 @@ import logging
logger = logging.getLogger()
import os
import select
import signal
import struct
import subprocess
import threading
@ -1791,3 +1792,64 @@ def test_radius_acct_failure_sta_data(dev, apdev):
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=1)
def test_radius_tls_freeradius(dev, apdev, test_params):
"""RADIUS/TLS with FreeRADIUS"""
if not os.path.exists("FreeRADIUS"):
raise HwsimSkip("FreeRADIUS not available")
confdir = "FreeRADIUS/etc/raddb"
certdir = confdir + "/certs"
pidfile = "/tmp/radiusd.pid"
subprocess.call(['FreeRADIUS/sbin/radiusd',
'-d', confdir,
'-xx',
'-l', test_params['prefix'] + ".freeradius"])
time.sleep(1)
if not os.path.exists(pidfile):
raise Exception("Could not start FreeRADIUS")
params = hostapd.wpa2_eap_params(ssid="radius-tls")
for s in ["auth", "acct"]:
params[s + '_server_addr'] = "127.0.0.1"
params[s + '_server_port'] = "2083"
params[s + '_server_type'] = "TLS"
params[s + '_server_shared_secret'] = "radsec"
params[s + '_server_ca_cert'] = certdir + "/ca.pem"
params[s + '_server_client_cert'] = certdir + "/client.pem"
params[s + '_server_private_key'] = certdir + "/client.key"
params[s + '_server_private_key_passwd'] = "whatever"
try:
hapd = hostapd.add_ap(apdev[0], params)
time.sleep(1)
dev[0].connect("radius-tls", key_mgmt="WPA-EAP", scan_freq="2412",
eap="PEAP", identity="bob", password="hello")
time.sleep(1)
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
time.sleep(1)
finally:
with open(pidfile, "r") as f:
pid = int(f.read())
if pid > 0:
os.kill(pid, signal.SIGTERM)
def foo():
params['auth_server_addr'] = "127.0.0.1"
params['auth_server_port'] = "2083"
params['auth_server_type'] = "TLS"
params['auth_server_shared_secret'] = "radsec"
params['auth_server_ca_cert'] = certdir + "/ca.pem"
params['auth_server_client_cert'] = certdir + "/client.pem"
params['auth_server_private_key'] = certdir + "/client.key"
params['auth_server_private_key_passwd'] = "whatever"
params['acct_server_addr'] = "127.0.0.1"
params['acct_server_port'] = "2083"
params['acct_server_type'] = "TLS"
params['acct_server_shared_secret'] = "radsec"
params['acct_server_ca_cert'] = certdir + "/ca.pem"
params['acct_server_client_cert'] = certdir + "/client.pem"
params['acct_server_private_key'] = certdir + "/client.key"
params['acct_server_private_key_passwd'] = "whatever"