RADIUS DAS: Check Disconnect-Request attributes

Reject Disconnect-Request if it includes unsupported attributes.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/radius/radius.c b/src/radius/radius.c
index ed0a9de7d25446d9386184a714e477a9d4d26dd1..66e053a144be8f4fb3400de55492a47d60ba658a 100644 (file)
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1552,3 +1552,24 @@ int radius_copy_class(struct radius_class_data *dst,
 
        return 0;
 }
+
+
+u8 radius_msg_find_unlisted_attr(struct radius_msg *msg, u8 *attrs)
+{
+       size_t i, j;
+       struct radius_attr_hdr *attr;
+
+       for (i = 0; i < msg->attr_used; i++) {
+               attr = radius_get_attr_hdr(msg, i);
+
+               for (j = 0; attrs[j]; j++) {
+                       if (attr->type == attrs[j])
+                               break;
+               }
+
+               if (attrs[j] == 0)
+                       return attr->type; /* unlisted attr */
+       }
+
+       return 0;
+}

diff --git a/src/radius/radius.h b/src/radius/radius.h
index 8cc611319d4e7e7baeec906203b23f275222425d..2d059df158d6d9757f258ce323adb2933a4d8959 100644 (file)
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -282,4 +282,6 @@ void radius_free_class(struct radius_class_data *c);
 int radius_copy_class(struct radius_class_data *dst,
                      const struct radius_class_data *src);
 
+u8 radius_msg_find_unlisted_attr(struct radius_msg *msg, u8 *attrs);
+
 #endif /* RADIUS_H */

diff --git a/src/radius/radius_das.c b/src/radius/radius_das.c
index 20c2fc9697c6d435ef81ea25f3de8afb57e90b7d..d3c144a825c76029d8b7d2aee52418ad282a0aab 100644 (file)
--- a/src/radius/radius_das.c
+++ b/src/radius/radius_das.c
@@ -29,6 +29,50 @@ struct radius_das_data {
 };
 
 
+static struct radius_msg * radius_das_disconnect(struct radius_das_data *das,
+                                                struct radius_msg *msg,
+                                                const char *abuf,
+                                                int from_port)
+{
+       struct radius_hdr *hdr;
+       struct radius_msg *reply;
+       u8 allowed[] = {
+               RADIUS_ATTR_USER_NAME,
+               RADIUS_ATTR_CALLING_STATION_ID,
+               RADIUS_ATTR_ACCT_SESSION_ID,
+               RADIUS_ATTR_EVENT_TIMESTAMP,
+               RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
+               RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
+               0
+       };
+       int error = 405;
+       u8 attr;
+
+       hdr = radius_msg_get_hdr(msg);
+
+       attr = radius_msg_find_unlisted_attr(msg, allowed);
+       if (attr) {
+               wpa_printf(MSG_INFO, "DAS: Unsupported attribute %u in "
+                          "Disconnect-Request from %s:%d", attr,
+                          abuf, from_port);
+               error = 401;
+               goto fail;
+       }
+
+       /* TODO */
+
+       goto fail;
+
+fail:
+       reply = radius_msg_new(RADIUS_CODE_DISCONNECT_NAK, hdr->identifier);
+       if (reply == NULL)
+               return NULL;
+
+       radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE, error);
+       return reply;
+}
+
+
 static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
 {
        struct radius_das_data *das = eloop_ctx;
@@ -110,13 +154,7 @@ static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
 
        switch (hdr->code) {
        case RADIUS_CODE_DISCONNECT_REQUEST:
-               /* TODO */
-               reply = radius_msg_new(RADIUS_CODE_DISCONNECT_NAK,
-                                      hdr->identifier);
-               if (reply == NULL)
-                       break;
-
-               radius_msg_add_attr_int32(reply, RADIUS_ATTR_ERROR_CAUSE, 405);
+               reply = radius_das_disconnect(das, msg, abuf, from_port);
                break;
        case RADIUS_CODE_COA_REQUEST:
                /* TODO */