mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-14 08:03:06 -05:00
222ff97bc3
Since 3bdc651a624, start.sh creates the logs/current symlink even if LOGDIR was set in the environment, as is the case when using run-all.sh. However, run-all.sh and start.sh use a separate 'date' invocation so the resulting string may be different. Usually it is the same because the two invocations immediately follow each other, *except* if run-all.sh also does a build. In addition, if the user sets LOGDIR to something else, the symlink is completely bogus. Fix this by not relying on the 'date' invocation for creating the symlink. Instead, use the basename of LOGDIR. To keep things consistent with current behavior, only create the symlink if LOGDIR points to a subdirectory of DIR/logs. The following use cases now work reliably: * run-all.sh with or without the -B option; * manually calling start.sh followed by run-tests.py without setting LOGDIR. * manually calling start.sh with LOGDIR set to a subdirectory of logs and calling run-tests.py without --logdir option (which makes it default to logs/current). * run-all.sh with LOGDIR set to a subdirectory of logs. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
259 lines
7.4 KiB
Bash
Executable File
259 lines
7.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
DIR="$( cd "$( dirname "$0" )" && pwd )"
|
|
WPAS=$DIR/../../wpa_supplicant/wpa_supplicant
|
|
WPACLI=$DIR/../../wpa_supplicant/wpa_cli
|
|
HAPD=$DIR/../../hostapd/hostapd
|
|
HAPD_AS=$DIR/../../hostapd/hostapd
|
|
HAPDCLI=$DIR/../../hostapd/hostapd_cli
|
|
WLANTEST=$DIR/../../wlantest/wlantest
|
|
HLR_AUC_GW=$DIR/../../hostapd/hlr_auc_gw
|
|
|
|
if [ -z "$LOGDIR" ] ; then
|
|
DATE="$(date +%s)"
|
|
LOGDIR="$DIR/logs/$DATE"
|
|
mkdir -p $LOGDIR
|
|
else
|
|
if [ -e $LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant ]; then
|
|
WPAS=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_supplicant
|
|
WPACLI=$LOGDIR/alt-wpa_supplicant/wpa_supplicant/wpa_cli
|
|
# extra code coverage
|
|
$WPAS > /dev/null 2>&1
|
|
$WPAS -efoo -Ifoo -mfoo -ofoo -Ofoo -pfoo -Pfoo -h > /dev/null 2>&1
|
|
$WPAS -bfoo -B -Cfoo -q -W -N -L > /dev/null 2>&1
|
|
$WPAS -T -v > /dev/null 2>&1
|
|
$WPAS -u -z > /dev/null 2>&1
|
|
fi
|
|
if [ -e $LOGDIR/alt-hostapd/hostapd/hostapd ]; then
|
|
HAPD=$LOGDIR/alt-hostapd/hostapd/hostapd
|
|
HAPDCLI=$LOGDIR/alt-hostapd/hostapd/hostapd_cli
|
|
# extra code coverage
|
|
$HAPD > /dev/null 2>&1
|
|
$HAPD -v > /dev/null 2>&1
|
|
$HAPD -B -efoo -Pfoo -T -bfoo -h > /dev/null 2>&1
|
|
$HAPD -ufoo > /dev/null 2>&1
|
|
$HAPD -u00:11:22:33:44:55 > /dev/null 2>&1
|
|
$HAPD -gfoo > /dev/null 2>&1
|
|
$HAPD -Gfoo-not-exists > /dev/null 2>&1
|
|
$HAPD -z > /dev/null 2>&1
|
|
$HAPD -i foo1,foo2,foo3 > /dev/null 2>&1
|
|
fi
|
|
if [ -e $LOGDIR/alt-hostapd-as/hostapd/hostapd ]; then
|
|
HAPD_AS=$LOGDIR/alt-hostapd-as/hostapd/hostapd
|
|
fi
|
|
if [ -e $LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw ]; then
|
|
HLR_AUC_GW=$LOGDIR/alt-hlr_auc_gw/hostapd/hlr_auc_gw
|
|
# extra code coverage
|
|
$HLR_AUC_GW > /dev/null 2>&1
|
|
$HLR_AUC_GW -Dfoo -i7 -sfoo -h > /dev/null 2>&1
|
|
$HLR_AUC_GW -i100 > /dev/null 2>&1
|
|
$HLR_AUC_GW -z > /dev/null 2>&1
|
|
fi
|
|
fi
|
|
|
|
LOGBASEDIR="$( cd "$(dirname "$LOGDIR")" && pwd )"
|
|
if test "$LOGBASEDIR" = "$DIR/logs" -a -w "$LOGBASEDIR" ; then
|
|
rm -rf "$LOGBASEDIR/current"
|
|
ln -sf "$(basename "$LOGDIR")" "$LOGBASEDIR/current"
|
|
fi
|
|
|
|
if groups | tr ' ' "\n" | grep -q ^admin$; then
|
|
GROUP=admin
|
|
elif groups | tr ' ' "\n" | grep -q ^wheel$; then
|
|
GROUP=wheel
|
|
else
|
|
GROUP=adm
|
|
fi
|
|
|
|
for i in 0 1 2; do
|
|
sed "s/ GROUP=.*$/ GROUP=$GROUP/" "$DIR/p2p$i.conf" > "$LOGDIR/p2p$i.conf"
|
|
done
|
|
|
|
sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as.conf" > "$LOGDIR/as.conf"
|
|
sed "s/group=admin/group=$GROUP/;s%LOGDIR%$LOGDIR%g" "$DIR/auth_serv/as2.conf" > "$LOGDIR/as2.conf"
|
|
|
|
unset VM
|
|
if [ "$1" = "VM" ]; then
|
|
VM="y"
|
|
shift
|
|
fi
|
|
|
|
if [ "$1" = "valgrind" ]; then
|
|
VALGRIND=y
|
|
VALGRIND_WPAS="valgrind --log-file=$LOGDIR/valgrind-wlan%d"
|
|
VALGRIND_HAPD="valgrind --log-file=$LOGDIR/valgrind-hostapd"
|
|
chmod -f a+rx $WPAS
|
|
chmod -f a+rx $HAPD
|
|
chmod -f a+rx $HAPD_AS
|
|
HAPD_AS="valgrind --log-file=$LOGDIR/valgrind-auth-serv $HAPD_AS"
|
|
shift
|
|
else
|
|
unset VALGRIND
|
|
VALGRIND_WPAS=
|
|
VALGRIND_HAPD=
|
|
fi
|
|
|
|
if [ "$1" = "trace" ]; then
|
|
TRACE="T"
|
|
shift
|
|
else
|
|
TRACE=""
|
|
fi
|
|
|
|
$DIR/stop.sh
|
|
|
|
TMP=$1
|
|
if [ x${TMP%=[0-9]*} = "xchannels" ]; then
|
|
NUM_CH=${TMP#channels=}
|
|
shift
|
|
else
|
|
NUM_CH=1
|
|
fi
|
|
|
|
test -f /proc/modules && sudo modprobe mac80211_hwsim radios=7 channels=$NUM_CH support_p2p_device=0 dyndbg=+p
|
|
|
|
sudo ifconfig hwsim0 up
|
|
sudo $WLANTEST -i hwsim0 -n $LOGDIR/hwsim0.pcapng -c -dtN -L $LOGDIR/hwsim0 &
|
|
for i in 0 1 2; do
|
|
DBUSARG=""
|
|
if [ $i = "0" ] && ([ -r /var/run/dbus/pid ] || [ -r /var/run/dbus/system_bus_socket ]); then
|
|
if $WPAS | grep -q -- -u; then
|
|
DBUSARG="-u"
|
|
fi
|
|
fi
|
|
sudo $(printf -- "$VALGRIND_WPAS" $i) $WPAS -g /tmp/wpas-wlan$i -G$GROUP -Dnl80211 -iwlan$i -c $LOGDIR/p2p$i.conf \
|
|
-ddKt$TRACE -f $LOGDIR/log$i $DBUSARG &
|
|
done
|
|
sudo $(printf -- "$VALGRIND_WPAS" 5) $WPAS -g /tmp/wpas-wlan5 -G$GROUP \
|
|
-ddKt$TRACE -f $LOGDIR/log5 &
|
|
sudo $VALGRIND_HAPD $HAPD -ddKt$TRACE -g /var/run/hostapd-global -G $GROUP -f $LOGDIR/hostapd &
|
|
HPID=$!
|
|
|
|
if [ -z "$VM" ]; then
|
|
# Sleep a bit, otherwise pgrep may run before the child is forked
|
|
sleep 0.1
|
|
pgrep -P $HPID > $LOGDIR/hostapd-test.pid
|
|
else
|
|
echo $HPID > $LOGDIR/hostapd-test.pid
|
|
fi
|
|
|
|
if [ -x $HLR_AUC_GW ]; then
|
|
cp $DIR/auth_serv/hlr_auc_gw.milenage_db $LOGDIR/hlr_auc_gw.milenage_db
|
|
sudo $HLR_AUC_GW -u -m $LOGDIR/hlr_auc_gw.milenage_db -g $DIR/auth_serv/hlr_auc_gw.gsm > $LOGDIR/hlr_auc_gw &
|
|
fi
|
|
|
|
openssl ocsp -index $DIR/auth_serv/index.txt \
|
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
|
-rkey $DIR/auth_serv/ocsp-responder.key \
|
|
-CA $DIR/auth_serv/ca.pem \
|
|
-issuer $DIR/auth_serv/ca.pem \
|
|
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
|
-ndays 7 \
|
|
-reqin $DIR/auth_serv/ocsp-req.der \
|
|
-respout $LOGDIR/ocsp-server-cache.der > $LOGDIR/ocsp.log 2>&1
|
|
if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
|
|
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
|
fi
|
|
|
|
cp $DIR/auth_serv/ocsp-multi-server-cache.der $LOGDIR/ocsp-multi-server-cache.der
|
|
|
|
openssl ocsp -index $DIR/auth_serv/index.txt \
|
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
|
-rkey $DIR/auth_serv/ocsp-responder.key \
|
|
-resp_key_id \
|
|
-CA $DIR/auth_serv/ca.pem \
|
|
-issuer $DIR/auth_serv/ca.pem \
|
|
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
|
-ndays 7 \
|
|
-reqin $DIR/auth_serv/ocsp-req.der \
|
|
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
|
|
|
|
for i in unknown revoked; do
|
|
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
|
-rkey $DIR/auth_serv/ocsp-responder.key \
|
|
-CA $DIR/auth_serv/ca.pem \
|
|
-issuer $DIR/auth_serv/ca.pem \
|
|
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
|
-ndays 7 \
|
|
-reqin $DIR/auth_serv/ocsp-req.der \
|
|
-respout $LOGDIR/ocsp-server-cache-$i.der >> $LOGDIR/ocsp.log 2>&1
|
|
done
|
|
|
|
openssl ocsp -reqout $LOGDIR/ocsp-req.der -issuer $DIR/auth_serv/ca.pem \
|
|
-sha256 -serial 0xD8D3E3A6CBE3CD17 -no_nonce >> $LOGDIR/ocsp.log 2>&1
|
|
for i in "" "-unknown" "-revoked"; do
|
|
openssl ocsp -index $DIR/auth_serv/index$i.txt \
|
|
-rsigner $DIR/auth_serv/ca.pem \
|
|
-rkey $DIR/auth_serv/ca-key.pem \
|
|
-CA $DIR/auth_serv/ca.pem \
|
|
-ndays 7 \
|
|
-reqin $LOGDIR/ocsp-req.der \
|
|
-resp_no_certs \
|
|
-respout $LOGDIR/ocsp-resp-ca-signed$i.der >> $LOGDIR/ocsp.log 2>&1
|
|
done
|
|
openssl ocsp -index $DIR/auth_serv/index.txt \
|
|
-rsigner $DIR/auth_serv/server.pem \
|
|
-rkey $DIR/auth_serv/server.key \
|
|
-CA $DIR/auth_serv/ca.pem \
|
|
-ndays 7 \
|
|
-reqin $LOGDIR/ocsp-req.der \
|
|
-respout $LOGDIR/ocsp-resp-server-signed.der >> $LOGDIR/ocsp.log 2>&1
|
|
|
|
touch $LOGDIR/hostapd.db
|
|
sudo $HAPD_AS -ddKt $LOGDIR/as.conf $LOGDIR/as2.conf > $LOGDIR/auth_serv &
|
|
|
|
# wait for programs to be fully initialized
|
|
for i in 0 1 2 3 4 5 6 7 8 9; do
|
|
if [ -e /tmp/wpas-wlan0 ]; then
|
|
break
|
|
fi
|
|
sleep 0.05
|
|
done
|
|
for i in 0 1 2; do
|
|
for j in `seq 1 10`; do
|
|
if $WPACLI -g /tmp/wpas-wlan$i ping | grep -q PONG; then
|
|
break
|
|
fi
|
|
if [ $j = "10" ]; then
|
|
echo "Could not connect to /tmp/wpas-wlan$i"
|
|
exit 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
done
|
|
|
|
for j in `seq 1 10`; do
|
|
if $WPACLI -g /var/run/hostapd-global ping | grep -q PONG; then
|
|
break
|
|
fi
|
|
if [ $j = "10" ]; then
|
|
echo "Could not connect to /var/run/hostapd-global"
|
|
exit 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
for j in `seq 1 10`; do
|
|
if $HAPDCLI -i as ping | grep -q PONG; then
|
|
break
|
|
fi
|
|
if [ $j = "10" ]; then
|
|
echo "Could not connect to hostapd-as-RADIUS-server"
|
|
exit 1
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
if [ $USER = "0" -o $USER = "root" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
sleep 0.75
|
|
sudo chown -f $USER $LOGDIR/hwsim0.pcapng $LOGDIR/hwsim0 $LOGDIR/log* $LOGDIR/hostapd
|
|
if [ "x$VALGRIND" = "xy" ]; then
|
|
sudo chown -f $USER $LOGDIR/*valgrind*
|
|
fi
|
|
|
|
exit 0
|