DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id

Browse source 
Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to
give better global and temporal uniqueness. Previously, only 32-bits of
the Acct-Session-Id would contain random data, the other 32-bits would
be incremented. Previously, the Acct-Multi-Session-Id would not use
random data. Switch from two u32 variables to a single u64 for the
Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves
no legitimate purpose. Exclusively use os_get_random() to get quality
random numbers, do not use or mix in the time. Inherently take a
dependency on /dev/urandom working properly therefore. Remove the global
Acct-Session-Id and Acct-Multi-Session-Id values that serve no
legitimate purpose.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
This commit is contained in:
Nick Lowe 2016-01-24 11:37:46 +00:00 committed by Jouni Malinen
parent d689317ddb
commit d72a00539c
11 changed files with 62 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/ap/pmksa_cache_auth.c
View file

@ -148,8 +148,7 @@ static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry,
entry->eap_type_authsrv = eapol->eap_type_authsrv;
entry->vlan_id = ((struct sta_info *) eapol->sta)->vlan_id;
entry->acct_multi_session_id_hi = eapol->acct_multi_session_id_hi;
entry->acct_multi_session_id_lo = eapol->acct_multi_session_id_lo;
entry->acct_multi_session_id = eapol->acct_multi_session_id;
}
@ -188,8 +187,7 @@ void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
eapol->eap_type_authsrv = entry->eap_type_authsrv;
((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
eapol->acct_multi_session_id_hi = entry->acct_multi_session_id_hi;
eapol->acct_multi_session_id_lo = entry->acct_multi_session_id_lo;
eapol->acct_multi_session_id = entry->acct_multi_session_id;
}
@ -471,12 +469,11 @@ static int das_attr_match(struct rsn_pmksa_cache_entry *entry,
if (attr->acct_multi_session_id) {
char buf[20];
if (attr->acct_multi_session_id_len != 17)
if (attr->acct_multi_session_id_len != 16)
return 0;
os_snprintf(buf, sizeof(buf), "%08X+%08X",
entry->acct_multi_session_id_hi,
entry->acct_multi_session_id_lo);
if (os_memcmp(attr->acct_multi_session_id, buf, 17) != 0)
os_snprintf(buf, sizeof(buf), "%016lX",
(long unsigned int) entry->acct_multi_session_id);
if (os_memcmp(attr->acct_multi_session_id, buf, 16) != 0)
return 0;
match++;
}