DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Allow Session-Timeout with PSK RADIUS during 4-way handshake

Browse source 
When the RADIUS response included a Session-Timeout attribute, but is
otherwise valid (an Access-Accept with a valid Tunnel-Password), the
association still failed due to the strict comparison of the accepted
value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
previously tested.

Extend this to allow a packet containing a valid Session-Timeout
attribute to be accepted by extending the "success" comparison to
include HOSTAPD_ACL_ACCEPT_TIMEOUT.

Fixes: 1c3438fec4 ("RADIUS ACL/PSK check during 4-way handshake")
Signed-off-by: Lee Harding <somerandomstring@gmail.com>
This commit is contained in:
Lee Harding 2024-04-09 15:06:38 -07:00 committed by Jouni Malinen
parent f44a07d5c4
commit e6ec62aa2d
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ap/ieee802_11_auth.c
View file

@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
if (query->radius_psk) {
struct sta_info *sta;
bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
sta = ap_get_sta(hapd, query->addr);
if (!sta || !sta->wpa_sm) {