DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Copy WLAN-Reason-Code value from Access-Reject to Deauthentication

Browse source 
This makes hostapd use the WLAN-Reason-Code value from Access-Reject
when disconnecting a station due to IEEE 802.1X authentication failure.
If the RADIUS server does not include this attribute, the default value
23 (IEEE 802.1X authentication failed) is used. That value was the
previously hardcoded reason code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-01-12 20:55:33 +02:00
parent f75ed556c8
commit 5d5ee699a5
3 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/ap/ieee802_1x.c
View file

@ -1691,6 +1691,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
struct sta_info *sta; struct sta_info *sta;
u32 session_timeout = 0, termination_action, acct_interim_interval; u32 session_timeout = 0, termination_action, acct_interim_interval;
int session_timeout_set; int session_timeout_set;
u32 reason_code;
struct eapol_state_machine *sm; struct eapol_state_machine *sm;
int override_eapReq = 0; int override_eapReq = 0;
struct radius_hdr *hdr = radius_msg_get_hdr(msg); struct radius_hdr *hdr = radius_msg_get_hdr(msg);
@ -1839,6 +1840,13 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
case RADIUS_CODE_ACCESS_REJECT: case RADIUS_CODE_ACCESS_REJECT:
sm->eap_if->aaaFail = TRUE; sm->eap_if->aaaFail = TRUE;
override_eapReq = 1; override_eapReq = 1;
if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_WLAN_REASON_CODE,
&reason_code) == 0) {
wpa_printf(MSG_DEBUG,
"RADIUS server indicated WLAN-Reason-Code %u in Access-Reject for "
MACSTR, reason_code, MAC2STR(sta->addr));
sta->disconnect_reason_code = reason_code;
}
break; break;
case RADIUS_CODE_ACCESS_CHALLENGE: case RADIUS_CODE_ACCESS_CHALLENGE:
sm->eap_if->aaaEapReq = TRUE; sm->eap_if->aaaEapReq = TRUE;

7
src/ap/sta_info.c
View file

@ -1379,13 +1379,16 @@ static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
{ {
struct hostapd_data *hapd = eloop_ctx; struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx; struct sta_info *sta = timeout_ctx;
u16 reason;
wpa_dbg(hapd->msg_ctx, MSG_DEBUG, wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
"IEEE 802.1X: Scheduled disconnection of " MACSTR "IEEE 802.1X: Scheduled disconnection of " MACSTR
" after EAP-Failure", MAC2STR(sta->addr)); " after EAP-Failure", MAC2STR(sta->addr));
ap_sta_disconnect(hapd, sta, sta->addr, reason = sta->disconnect_reason_code;
WLAN_REASON_IEEE_802_1X_AUTH_FAILED); if (!reason)
reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
ap_sta_disconnect(hapd, sta, sta->addr, reason);
if (sta->flags & WLAN_STA_WPS) if (sta->flags & WLAN_STA_WPS)
hostapd_wps_eap_completed(hapd); hostapd_wps_eap_completed(hapd);
} }

1
src/ap/sta_info.h
View file

@ -67,6 +67,7 @@ struct sta_info {
be32 ipaddr; be32 ipaddr;
struct dl_list ip6addr; /* list head for struct ip6addr */ struct dl_list ip6addr; /* list head for struct ip6addr */
u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */ u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
u16 disconnect_reason_code; /* RADIUS server override */
u32 flags; /* Bitfield of WLAN_STA_* */ u32 flags; /* Bitfield of WLAN_STA_* */
u16 capability; u16 capability;
u16 listen_interval; /* or beacon_int for APs */ u16 listen_interval; /* or beacon_int for APs */