Commit graph

88 commits

Author SHA1 Message Date
Jouni Malinen
566dc139a0 tests: Include Message-Authenticator attribute in RADIUS tests
This is in preparation for hostapd requiring this attribute for all
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-07-09 14:58:39 +03:00
Jouni Malinen
8f83b7d7d1 tests: WPA2-PSK from RADIUS during 4-way handshake with Session-Timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-04-21 11:55:53 +03:00
Jouni Malinen
07c9f183ea tests: Avoid control interface throttling in various test cases
These can cause unexpected test failures, so dump the pending monitor
socket events more frequently in some cases where event throttling is
seen.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-27 23:48:39 +02:00
Jouni Malinen
8aff823649 tests: RADIUS/TLS with FreeRADIUS
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-25 20:54:14 +02:00
Benjamin Berg
7a47756373 tests: Explicitly set address to bind to
pyrad internally uses socket.getaddrinfo. While it is documented that
one can pass an empty string to bind to all interfaces. The underlying
function expects None instead though, breaking the call.

Either way, it does not hurt to set the bind address to 127.0.0.1
explicitly, so do so to avoid issues.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-01-13 19:48:09 +02:00
Jouni Malinen
9579d4eff9 tests: Wait for AP/GO event in addition to STA
Wait for AP/GO to complete processing before taking the next step in a
test instead of waiting just for STA. This avoids race conditions with
UML time-travel.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-10 19:40:49 +02:00
Jouni Malinen
825a545279 tests: Clear sae_groups in radius_sae_password
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-31 12:00:18 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
1a630283db tests: wpa_psk_radius=3
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
c34b35b54e tests: WPA3 with SAE password from RADIUS
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-04 12:25:47 +02:00
Jouni Malinen
7d251654db tests: RADIUS Accounting and interim updates failing
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 17:59:52 +02:00
Jouni Malinen
90d3ee383f tests: RADIUS client device specified
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-27 10:51:15 +02:00
Jouni Malinen
674758ed59 tests: Provide digestmod to hmac.new() for Python 3.8
Python 3.8 removed the previously used default of MD5 algorithm, so
provide the explicit digestmod=hashlib.md5 parameter to the couple of
places that were missing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 11:58:54 +03:00
Jouni Malinen
40341e16a5 tests: Move check_wep_capa() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
7fb365893a tests: Wait longer for connection in radius_macacl_unreachable
It looks ike the authentication timeouts may continue a bit longer after
some kernel changes and that could result in temporarily disabling the
network profile. Give this test case more time to complete the
connection to avoid reporting failures unnecessarily.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-21 23:56:19 +02:00
Jouni Malinen
200c7693c9 Make WEP functionality an optional build parameter
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-29 17:45:25 +02:00
Jouni Malinen
54c154d2c9 tests: radius_acct_unreachable2 to detect retransmissions earlier
It looks like this test case can start showing failures with a change in
the retransmission limit behavior for a server change. Check for
retransmissions every second instead of only at the end of the four
second wait to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-30 19:13:51 +02:00
Jouni Malinen
752e7a33e8 tests: Close pyrad server sockets explicitly
This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
96e60047c9 tests: RADIUS request attributes
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-30 19:58:43 +03:00
Jouni Malinen
fab49f6145 tests: Python coding style cleanup (pylint3 bad-whitespace)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-16 18:52:09 +02:00
Jouni Malinen
200ac5daf6 tests: Encode Disconnect-Request attributes in sorted order for python3
This is needed to fix issues with dict iteration resulting in different
order of attributes when trying to calculate Message-Authenticator
externally to pyrad.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 20:03:29 +02:00
Jouni Malinen
55845e190b tests: Clean up pyrad test cases for python3 compatibility
All other test cases seem to work, but radius_das_disconnect_time_window
is still failing due to incorrect authenticator or Message-Authenticator
in Disconnect-Request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 20:03:29 +02:00
Masashi Honma
7ab74770e7 tests: Convert binascii.hexlify() output to a string object for python3
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
35d8c2545e tests: Use python3 compatible dict operation
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f dict -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:53:05 +02:00
Jouni Malinen
08e6721e87 tests: Remove MIB counter check from radius_auth_unreachable2
This is in preparation for an implementation change that results in this
unreachable server case not incrementing radiusAuthClientAccessRequests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-07 23:38:18 +02:00
Andrei Otcheretianski
ae503866b9 tests: Fix radius_acct_failure_sta_data test
The STA can get disconnected event before the AP processed the
deauthentication frame, resulting in GET_FAIL command being sent too
early. Fix this by waiting for AP-STA-DISCONNECTED on AP side, too.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-09-10 22:05:33 +03:00
Jouni Malinen
f7c25d1a50 tests: Additional RADIUS accounting failure cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-10 12:23:25 +02:00
Jouni Malinen
360440db2d tests: More WPA2 PSK from RADIUS Tunnel-Password coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:20 +02:00
Jouni Malinen
77376f3057 tests: RADIUS MAC ACL and server unreachable
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:20 +02:00
Jouni Malinen
b3f32a24d4 tests: RADIUS MAC ACL and OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
Jouni Malinen
7745728ee8 tests: RADIUS Accounting in RSN and failure to add attributes due to OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
Jouni Malinen
b8564c9db0 tests: Make radius_acct_interim more robust
Wait one more second to make the test case less likely to fail while
still being able to verify that interim updates are performed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 23:58:55 +02:00
Jouni Malinen
eb04c3bf8a tests: RADIUS Accounting local failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 17:19:44 +02:00
Jouni Malinen
ef40b1b95e tests: RADIUS Dynamic Authorization Extensions - Disconnect - time window
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-29 01:06:11 +02:00
Jouni Malinen
fd7f3440eb tests: Additional radius_auth/acct_req_attr coverage
The third attribute is needed in the list to cover full parsing code
coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 20:10:18 +02:00
Jouni Malinen
49897fb065 tests: Invalid VLAN ID from RADIUS server for ACL
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-26 18:39:49 +02:00
Jonathan Afek
9fd6804d61 tests: Mark 525 tests as remote compatible
After successfully passing the 525 tests on a remote setup mark the
tests as remote compatible.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-27 21:47:37 +03:00
Janusz Dziedzic
6f334bf7a0 tests: Use hapd from hostapd.add_ap()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Jouni Malinen
39881726d5 tests: RADIUS failure when adding MPPE keys
This is a regression test case for a radius_msg_add_mppe_keys() memory
leak on an error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-08 11:41:08 +03:00
Jouni Malinen
675c036fff tests: WPA2 with invalid PSK from RADIUS
This is a regression test case for a memory leak on a
decode_tunnel_passwords() error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-08 11:28:45 +03:00
Jouni Malinen
0307eebdb9 tests: Fix pyrad exception name in RADIUS test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-08 11:28:19 +03:00
Janusz Dziedzic
8b8a1864ff tests: Pass full apdev to add_ap() function (1)
Pass the full apdev to the add_ap() function instead of just ifname.
This allows us to handle also remote hosts while we can check
apdev['hostname'], apdev['port'].

This step (1) converts the cases where apdev[#]['ifname'] was used as
the argument to hostapd.add_ap().

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-03 22:45:57 +03:00
Jouni Malinen
03aac597a0 tests: RADIUS accounting with various security cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-27 21:26:19 +03:00
Jouni Malinen
9961c70a85 tests: RADIUS Accounting interim update retry
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-29 17:43:13 +02:00
Jouni Malinen
44f4394296 tests: RADIUS Accounting and non-ASCII SSID
This shows an example of Called-Station-Id in Access-Request and
Accounting-Request with non-ASCII characters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-24 12:19:41 +02:00
Jouni Malinen
e1195efd1e tests: Skip radius_acct_ipaddr if kernel does not support ProxyARP
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-26 00:47:47 +02:00
Jouni Malinen
2ab957afc5 tests: RADIUS Accounting and Framed-IP-Address
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 19:55:12 +03:00
Jouni Malinen
0b5740fdef tests: More RADIUS testing coverage with CUI/User-Name in ACL response
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 00:23:49 +03:00
Michael Braun
bfcc073caf tests: Verify dynamic_vlan=required is honored with macaddr_acl=2
dynamic_vlan=required also applies to macaddr_acl=2 (RADIUS), especially
when used with WPA-PSK.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-25 10:28:19 +03:00
Jouni Malinen
96cbb7b561 tests: Skip radius_acct_unreachable3 when not running under VM
It looks like the IP routing table changes used here to trigger
unreachability and following reachability of the server do not work very
well with full IP routing configuration, so run this test case only when
executed under vm-run.sh.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-02 16:30:13 +02:00