Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

vlan: Verify RADIUS returned VLAN-ID and dynamic_vlan=required

This extends dynamic_vlan=required checks to apply for WPA-PSK with
macaddr_acl=2 (RADIUS) case.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun 10 years ago
parent
2272f5aada
commit
068669fc92
1 changed files with 13 additions and 0 deletions
Split View Show Diff Stats
  1. 13 0
      src/ap/ieee802_11_auth.c

+ 13 - 0
src/ap/ieee802_11_auth.c
View File 

@@ -561,6 +561,19 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
 
 		if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED &&
 
 		    !cache->psk)
 
 			cache->accepted = HOSTAPD_ACL_REJECT;
 
+
 
+		if (cache->vlan_id &&
 
+		    !hostapd_vlan_id_valid(hapd->conf->vlan, cache->vlan_id)) {
 
+			hostapd_logger(hapd, query->addr,
 
+				       HOSTAPD_MODULE_RADIUS,
 
+				       HOSTAPD_LEVEL_INFO,
 
+				       "Invalid VLAN ID %d received from RADIUS server",
 
+				       cache->vlan_id);
 
+			cache->vlan_id = 0;
 
+		}
 
+		if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
 
+		    !cache->vlan_id)
 
+			cache->accepted = HOSTAPD_ACL_REJECT;
 
 	} else
 
 		cache->accepted = HOSTAPD_ACL_REJECT;
 
 	cache->next = hapd->acl_cache;