diff --git a/tests/hwsim/test_radius.py b/tests/hwsim/test_radius.py index 224bff177..20b28b84f 100644 --- a/tests/hwsim/test_radius.py +++ b/tests/hwsim/test_radius.py @@ -1,5 +1,5 @@ # RADIUS tests -# Copyright (c) 2013-2016, Jouni Malinen +# Copyright (c) 2013-2024, Jouni Malinen # # This software may be distributed under the terms of the BSD license. # See README for more details. @@ -12,6 +12,7 @@ import logging logger = logging.getLogger() import os import select +import signal import struct import subprocess import threading @@ -1791,3 +1792,64 @@ def test_radius_acct_failure_sta_data(dev, apdev): dev[0].request("DISCONNECT") dev[0].wait_disconnected() hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=1) + +def test_radius_tls_freeradius(dev, apdev, test_params): + """RADIUS/TLS with FreeRADIUS""" + if not os.path.exists("FreeRADIUS"): + raise HwsimSkip("FreeRADIUS not available") + + confdir = "FreeRADIUS/etc/raddb" + certdir = confdir + "/certs" + pidfile = "/tmp/radiusd.pid" + + subprocess.call(['FreeRADIUS/sbin/radiusd', + '-d', confdir, + '-xx', + '-l', test_params['prefix'] + ".freeradius"]) + time.sleep(1) + if not os.path.exists(pidfile): + raise Exception("Could not start FreeRADIUS") + + params = hostapd.wpa2_eap_params(ssid="radius-tls") + for s in ["auth", "acct"]: + params[s + '_server_addr'] = "127.0.0.1" + params[s + '_server_port'] = "2083" + params[s + '_server_type'] = "TLS" + params[s + '_server_shared_secret'] = "radsec" + params[s + '_server_ca_cert'] = certdir + "/ca.pem" + params[s + '_server_client_cert'] = certdir + "/client.pem" + params[s + '_server_private_key'] = certdir + "/client.key" + params[s + '_server_private_key_passwd'] = "whatever" + + try: + hapd = hostapd.add_ap(apdev[0], params) + time.sleep(1) + dev[0].connect("radius-tls", key_mgmt="WPA-EAP", scan_freq="2412", + eap="PEAP", identity="bob", password="hello") + time.sleep(1) + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + time.sleep(1) + finally: + with open(pidfile, "r") as f: + pid = int(f.read()) + if pid > 0: + os.kill(pid, signal.SIGTERM) + +def foo(): + params['auth_server_addr'] = "127.0.0.1" + params['auth_server_port'] = "2083" + params['auth_server_type'] = "TLS" + params['auth_server_shared_secret'] = "radsec" + params['auth_server_ca_cert'] = certdir + "/ca.pem" + params['auth_server_client_cert'] = certdir + "/client.pem" + params['auth_server_private_key'] = certdir + "/client.key" + params['auth_server_private_key_passwd'] = "whatever" + params['acct_server_addr'] = "127.0.0.1" + params['acct_server_port'] = "2083" + params['acct_server_type'] = "TLS" + params['acct_server_shared_secret'] = "radsec" + params['acct_server_ca_cert'] = certdir + "/ca.pem" + params['acct_server_client_cert'] = certdir + "/client.pem" + params['acct_server_private_key'] = certdir + "/client.key" + params['acct_server_private_key_passwd'] = "whatever"