Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (2) converts the cases that use the add_ssdp_ap() helper
function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].
This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This allows the full apdev dict to be passed to the add_ap() function
instead of just ifname. This allows us to handle also remote hosts while
we can check apdev['hostname'], apdev['port']. The old style ifname
argument is still accepted to avoid having to convert all callers in a
single commit.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The test cases fst_ap_start_session_oom and fst_setup_mbie_diff did not
clean up FST sessions properly in case alloc_fail failed due to missing
support for it in the build. This could result in abandoning attached
hostapd global control interface monitors and test case failures due to
the global control interface socket running out of output buffer.
Fix this by going through the cleanup steps even if alloc_fail raises
HwsimSkip exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, this is not enforcing cfg80211 reassociation since the needed
changes do not yet exist in the upstream kernel. Once those changes are
accepted, the TODO note in the test case can be addressed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This needs to be allowed with OpenSSL 1.1.0 since the RC4-based cipher
has been disabled by default.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This class allows execution of commands on a remote hosts/machine. This
is based on ssh with authorized keys, so you should be able to execute
such commands without any password:
ssh <user>@<hostname> id
By default user is root.
Support for sync and async calls is included.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This is needed for ap_vlan_tagged_wpa2_radius_id_change to pass. The
ioctl-based vlan_add() function does not use the vlan_if_name parameter
at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
The no self.global_iface case was not returning the result from the
self.request() case. While this is not really a path that is supposed to
be used, make it return the response since it is at least theoretically
possible to get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow updated Interworking behavior that adds the
realm to the EAP-Response/Identity value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Test different delay intervals between the INTERFACE_DISABLED event
and the INTERFACE_ENABLED event for discovery_and_interface_disabled.
Previously, only a delay of 1 second was used, in which case the
scan results for the P2P_FIND operation were received after the
interface was enabled again, and the case the scan results were
received while the interface was disabled was not covered.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A malicious station could try to do FT-over-DS with a non WPA-enabled
BSS. When this BSS is located in the same hostapd instance, internal RRB
delivery will be used and thus the FT Action Frame will be processed by
a non-WPA enabled BSS. This processing used to crash hostapd as
hapd->wpa_auth is NULL.
This test implements such a malicious request for regression testing.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds new tests to verify pmksa_cache_preauth when
used with per_sta_vif and possibly vlans.
While at it it refactors the code such that the tests
pmksa_cache_preauth
pmksa_cache_preauth_vlan_enabled
pmksa_cache_preauth_vlan_used
pmksa_cache_preauth_per_sta_vif
pmksa_cache_preauth_vlan_enabled_per_sta_vif
pmksa_cache_preauth_vlan_used_per_sta_vif
share code where possible.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This adds a test case ap_vlan_reconnect. It connects, disconnects, and
reconnects a station in a VLAN. This tests for a regression with
wpa_group entering the FATAL_FAILURE state as the AP_VLAN interface is
removed before the group was stopped.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>