DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

RADIUS DAS: Check for single session match for Disconnect-Request

Browse source 
Previously, the first matching STA was picked. That is not really the
design in RFC 5176, so extend this matching code to go through all
specified session identification attributes and verify that all of them
match. In addition, check for a possible case of multiple sessions
matching. If such a case is detected, return with Disconnect-NAK and
Error-Code 508 (multiple session selection not supported).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-01-16 12:10:52 +02:00 committed by Jouni Malinen
parent 201c9ad77f
commit 861beb7269
4 changed files with 132 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/radius/radius_das.c
View file

@ -147,6 +147,12 @@ static struct radius_msg * radius_das_disconnect(struct radius_das_data *das,
"%s:%d", abuf, from_port);
error = 503;
break;
case RADIUS_DAS_MULTI_SESSION_MATCH:
wpa_printf(MSG_INFO,
"DAS: Multiple sessions match for request from %s:%d",
abuf, from_port);
error = 508;
break;
case RADIUS_DAS_SUCCESS:
error = 0;
break;