PATCH: identity change while reauth

Gunter Burchardt gbur
Thu Jul 29 00:52:37 PDT 2004


Hello,

I found a problem with reauthentication. While reauthentication a user
can answer to the identity request with an other identity as in first
request. hostapd saves the new identity and lost the old one. As a
result all accounting request will be send with the new identity. The
traffic statistic is commulated with the traffic of the first identity.

Ok, someone could say that a radius-server could reject the
access-request from the ap with an opened session with same NAS-PORT
but other identity, but this would be only a workaround. hostap should
close the old session and open a new one. In this way the old session
is closed in the right way (Accounting-Stop packet) and the user didnt
get a reject with a valid authentication.

Atached is the patch.

regards
gunter
-------------- next part --------------
diff -Nur hostap.old/hostapd/ieee802_1x.c hostap/hostapd/ieee802_1x.c
--- hostap.old/hostapd/ieee802_1x.c	2004-07-18 21:42:23.000000000 +0200
+++ hostap/hostapd/ieee802_1x.c	2004-07-29 09:22:46.000000000 +0200
@@ -23,6 +23,7 @@
 
 
 #include "hostapd.h"
+#include "ieee802_11.h"
 #include "ieee802_1x.h"
 #include "accounting.h"
 #include "radius.h"
@@ -631,6 +632,25 @@
 			free(buf);
 		}
 
+		
+		/* check whether identity has changed */
+		if (sta->acct_session_started &&
+			((sm->identity_len != len) || 
+			 (memcmp(sm->identity,data,
+				(len<sm->identity_len?len:sm->identity_len)) != 0))) {
+			/* identity has changed -> close session */
+		    ieee802_11_send_deauth(hapd, sta->addr,
+					       WLAN_REASON_PREV_AUTH_NOT_VALID);
+			sta->flags &=
+				~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED);
+    		sta->acct_terminate_cause =
+				RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
+		    eloop_cancel_timeout(ap_handle_timer, hapd, sta);
+		    eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta);
+		    sta->timeout_next = STA_REMOVE;
+			return;
+		}
+
 		sm->auth_pae.rxInitialRsp = TRUE;
 
 		/* Save station identity for future RADIUS packets */



More information about the Hostap mailing list