PATCH: identity change while reauth
Gunter Burchardt
gbur
Thu Jul 29 00:52:37 PDT 2004
Hello,
I found a problem with reauthentication. While reauthentication a user
can answer to the identity request with an other identity as in first
request. hostapd saves the new identity and lost the old one. As a
result all accounting request will be send with the new identity. The
traffic statistic is commulated with the traffic of the first identity.
Ok, someone could say that a radius-server could reject the
access-request from the ap with an opened session with same NAS-PORT
but other identity, but this would be only a workaround. hostap should
close the old session and open a new one. In this way the old session
is closed in the right way (Accounting-Stop packet) and the user didnt
get a reject with a valid authentication.
Atached is the patch.
regards
gunter
-------------- next part --------------
diff -Nur hostap.old/hostapd/ieee802_1x.c hostap/hostapd/ieee802_1x.c
--- hostap.old/hostapd/ieee802_1x.c 2004-07-18 21:42:23.000000000 +0200
+++ hostap/hostapd/ieee802_1x.c 2004-07-29 09:22:46.000000000 +0200
@@ -23,6 +23,7 @@
#include "hostapd.h"
+#include "ieee802_11.h"
#include "ieee802_1x.h"
#include "accounting.h"
#include "radius.h"
@@ -631,6 +632,25 @@
free(buf);
}
+
+ /* check whether identity has changed */
+ if (sta->acct_session_started &&
+ ((sm->identity_len != len) ||
+ (memcmp(sm->identity,data,
+ (len<sm->identity_len?len:sm->identity_len)) != 0))) {
+ /* identity has changed -> close session */
+ ieee802_11_send_deauth(hapd, sta->addr,
+ WLAN_REASON_PREV_AUTH_NOT_VALID);
+ sta->flags &=
+ ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
+ sta->acct_terminate_cause =
+ RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+ eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+ eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
+ sta->timeout_next = STA_REMOVE;
+ return;
+ }
+
sm->auth_pae.rxInitialRsp = TRUE;
/* Save station identity for future RADIUS packets */
More information about the Hostap
mailing list