Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tests: Verify NAS identification attributes in Disconnect-Request

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 11 years ago
parent
cb10c7d12d
commit
41ff0fa64c
2 changed files with 43 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      tests/hwsim/dictionary.radius
  2. 42 0
      tests/hwsim/test_radius.py

+ 1 - 0
tests/hwsim/dictionary.radius
View File 

@@ -1,5 +1,6 @@
 
 ATTRIBUTE	User-Name		1	string
 
 ATTRIBUTE	User-Password		2	string
 
+ATTRIBUTE	NAS-IP-Address		4	ipaddr
 
 ATTRIBUTE	Calling-Station-Id	31	string
 
 ATTRIBUTE	NAS-Identifier		32	string
 
 ATTRIBUTE	Acct-Session-Id		44	string

+ 42 - 0
tests/hwsim/test_radius.py
View File 

@@ -108,6 +108,8 @@ def test_radius_das_disconnect(dev, apdev):
 
     params['radius_das_port'] = "3799"
 
     params['radius_das_client'] = "127.0.0.1 secret"
 
     params['radius_das_require_event_timestamp'] = "1"
 
+    params['own_ip_addr'] = "127.0.0.1"
 
+    params['nas_identifier'] = "nas.example.com"
 
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
 
     connect(dev[0], "radius-das")
 
     addr = dev[0].p2p_interface_addr()
 
@@ -235,8 +237,46 @@ def test_radius_das_disconnect(dev, apdev):
 
     if ev is not None:
 
         raise Exception("Unexpected disconnection")
 
 
+    logger.info("Disconnect-Request with mismatching NAS-IP-Address")
 
+    req = radius_das.DisconnectPacket(dict=dict, secret="secret",
 
+                                      NAS_IP_Address="192.168.3.4",
 
+                                      Acct_Session_Id=id,
 
+                                      Event_Timestamp=int(time.time()))
 
+    reply = srv.SendPacket(req)
 
+    logger.debug("RADIUS response from hostapd")
 
+    for i in reply.keys():
 
+        logger.debug("%s: %s" % (i, reply[i]))
 
+    if reply.code != pyrad.packet.DisconnectNAK:
 
+        raise Exception("Unexpected response code")
 
+    if 'Error-Cause' not in reply:
 
+        raise Exception("Missing Error-Cause")
 
+    if reply['Error-Cause'][0] != 403:
 
+        raise Exception("Unexpected Error-Cause: {}".format(reply['Error-Cause']))
 
+
 
+    logger.info("Disconnect-Request with mismatching NAS-Identifier")
 
+    req = radius_das.DisconnectPacket(dict=dict, secret="secret",
 
+                                      NAS_Identifier="unknown.example.com",
 
+                                      Acct_Session_Id=id,
 
+                                      Event_Timestamp=int(time.time()))
 
+    reply = srv.SendPacket(req)
 
+    logger.debug("RADIUS response from hostapd")
 
+    for i in reply.keys():
 
+        logger.debug("%s: %s" % (i, reply[i]))
 
+    if reply.code != pyrad.packet.DisconnectNAK:
 
+        raise Exception("Unexpected response code")
 
+    if 'Error-Cause' not in reply:
 
+        raise Exception("Missing Error-Cause")
 
+    if reply['Error-Cause'][0] != 403:
 
+        raise Exception("Unexpected Error-Cause: {}".format(reply['Error-Cause']))
 
+
 
+    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=1)
 
+    if ev is not None:
 
+        raise Exception("Unexpected disconnection")
 
+
 
     logger.info("Disconnect-Request with matching Acct-Session-Id")
 
     req = radius_das.DisconnectPacket(dict=dict, secret="secret",
 
+                                      NAS_IP_Address="127.0.0.1",
 
+                                      NAS_Identifier="nas.example.com",
 
                                       Acct_Session_Id=id,
 
                                       Event_Timestamp=int(time.time()))
 
     reply = srv.SendPacket(req)
 
@@ -255,6 +295,7 @@ def test_radius_das_disconnect(dev, apdev):
 
 
     logger.info("Disconnect-Request with matching User-Name")
 
     req = radius_das.DisconnectPacket(dict=dict, secret="secret",
 
+                                      NAS_Identifier="nas.example.com",
 
                                       User_Name="psk.user@example.com",
 
                                       Event_Timestamp=int(time.time()))
 
     reply = srv.SendPacket(req)
 
@@ -273,6 +314,7 @@ def test_radius_das_disconnect(dev, apdev):
 
 
     logger.info("Disconnect-Request with matching Calling-Station-Id")
 
     req = radius_das.DisconnectPacket(dict=dict, secret="secret",
 
+                                      NAS_IP_Address="127.0.0.1",
 
                                       Calling_Station_Id=addr,
 
                                       Event_Timestamp=int(time.time()))
 
     reply = srv.SendPacket(req)