[RFC] ensure session timer is applied with wired driver
diff mbox series

Message ID 20190429090002.15456-1-zefir.kurtisi@neratec.com
State New
Headers show
Series
  • [RFC] ensure session timer is applied with wired driver
Related show

Commit Message

Zefir Kurtisi April 29, 2019, 9 a.m. UTC
We use the wired driver for wired port authentication with a slight extension
to add the port into a bridge upon successful authentication and to remove it
from the bridge when the session terminates.

Our expectation was that the Session-Timeout configuration at the RADIUS server
is respected, i.e. the session is terminated and would need re-authentication -
like it is working for WLAN sessions over the nl80211 driver. Alas it turned out
the session is not terminated with the wired driver.

Turned out when ap_handle_session_timer() is executed, the sta->flags of the
wired port has only the WLAN_STA_AUTHORIZED bit set. The WLAN_STA_AUTH bit,
which is used to check whether the STA needs to be de-authenticated, is missing.

Not sure if this is an issue with the wired driver (i.e. WLAN_STA_AUTHORIZED
can't exist without WLAN_STA_AUTH), or the Session-Timeout feature was not
considered for wired so far.

With extending the check for any of the WLAN_STA_(AUTH | ASSOC | AUTHORIZED)
bits our issue is resolved, but we are not aware whether this is a valid
workaround without potential side-effects.

---
When the wired driver is configured for RADIUS authentication,
upon successful connection establishment the sta->flags are
set to WLAN_STA_AUTHORIZED, i.e. without the WLAN_STA_AUTH or
WLAN_STA_ASSOC bits set.

As a result, when the RADIUS Session-Timeout expires and
ap_handle_session_timer() is executed, without the
WLAN_STA_AUTH bit being set, the STA is not being
deaunthenticated. As a result, the session stays alive.

This patch changes the sanity check so that STA is
deauthenticated when any of WLAN_STA_AUTH, WLAN_STA_ASSOC,
or WLAN_STA_AUTHORIZED bits are set.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
---
 src/ap/sta_info.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch
diff mbox series

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index 4f9eae847..fab8fb3e9 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -589,7 +589,7 @@  static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
 
 	wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
 		   hapd->conf->iface, MAC2STR(sta->addr));
-	if (!(sta->flags & WLAN_STA_AUTH)) {
+	if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED))) {
 		if (sta->flags & WLAN_STA_GAS) {
 			wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
 				   "entry " MACSTR, MAC2STR(sta->addr));