Ensure authenticator session timer is applied with wired driver

We use the wired driver for wired port authentication with a slight
extension to add the port into a bridge upon successful authentication
and to remove it from the bridge when the session terminates.

Our expectation was that the Session-Timeout configuration at the RADIUS
server is respected, i.e. the session is terminated and would need
re-authentication - like it is working for WLAN sessions over the
nl80211 driver. Alas, it turned out the session is not terminated with
the wired driver.

It turned out that when ap_handle_session_timer() is executed, the
sta->flags of the wired port has only the WLAN_STA_AUTHORIZED bit set.
The WLAN_STA_AUTH bit, which is used to check whether the STA needs to
be de-authenticated, is missing.

Extend the check for any of the WLAN_STA_(AUTH | ASSOC | AUTHORIZED)
bits to solve this issue with the wired driver. That should not have any
side-effect for the WLAN cases since WLAN_STA_AUTH is expected to always
be set for those when there is an ongoing session and separate checks
for ASSOC and AUTHORIZED don't change this.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
This commit is contained in:
Zefir Kurtisi 2019-04-29 11:00:02 +02:00 committed by Jouni Malinen
parent 44adf014ff
commit ef48f1bfb3

View file

@ -586,7 +586,8 @@ static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
if (!(sta->flags & WLAN_STA_AUTH)) {
if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
WLAN_STA_AUTHORIZED))) {
if (sta->flags & WLAN_STA_GAS) {
wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
"entry " MACSTR, MAC2STR(sta->addr));