[PATCH 2/2] vlan: verify radius returned VLAN-ID if dynamic_vlan = required in macaddr_acl
Michael Braun
michael-dev
Tue Apr 14 07:56:38 PDT 2015
This fixes testcase test_ap_vlan_wpa2_psk_radius_required.
Signed-off-by: Michael Braun <michael-dev at fami-braun.de>
---
src/ap/ieee802_11_auth.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 56c3ce0..0238257 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -561,6 +561,19 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED &&
!cache->psk)
cache->accepted = HOSTAPD_ACL_REJECT;
+
+ if (cache->vlan_id &&
+ !hostapd_vlan_id_valid(hapd->conf->vlan, cache->vlan_id)) {
+ hostapd_logger(hapd, query->addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_INFO,
+ "Invalid VLAN ID %d received from RADIUS server",
+ cache->vlan_id);
+ cache->vlan_id = 0;
+ }
+ if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
+ !cache->vlan_id)
+ cache->accepted = HOSTAPD_ACL_REJECT;
} else
cache->accepted = HOSTAPD_ACL_REJECT;
cache->next = hapd->acl_cache;
--
1.9.1
More information about the Hostap
mailing list