vlan: Verify RADIUS returned VLAN-ID and dynamic_vlan=required

This extends dynamic_vlan=required checks to apply for WPA-PSK with
macaddr_acl=2 (RADIUS) case.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 56c3ce0313d436802c470f1bf9a99742285c1ad4..0238257ddc82da95578f8df0d89574f8e72c0544 100644 (file)
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -561,6 +561,19 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
                if (hapd->conf->wpa_psk_radius == PSK_RADIUS_REQUIRED &&
                    !cache->psk)
                        cache->accepted = HOSTAPD_ACL_REJECT;
+
+               if (cache->vlan_id &&
+                   !hostapd_vlan_id_valid(hapd->conf->vlan, cache->vlan_id)) {
+                       hostapd_logger(hapd, query->addr,
+                                      HOSTAPD_MODULE_RADIUS,
+                                      HOSTAPD_LEVEL_INFO,
+                                      "Invalid VLAN ID %d received from RADIUS server",
+                                      cache->vlan_id);
+                       cache->vlan_id = 0;
+               }
+               if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_REQUIRED &&
+                   !cache->vlan_id)
+                       cache->accepted = HOSTAPD_ACL_REJECT;
        } else
                cache->accepted = HOSTAPD_ACL_REJECT;
        cache->next = hapd->acl_cache;