The commit
hostapd: Process MAC ACLs on a station association event (SME in driver)
added a MAC ACL check to hostapd_notif_assoc. This check disconnects the
client if the response is not ACCEPT, but the function can actually return
PENDING too, as in the case of 802.1x MAC-based auth. It feels like the
author probably meant to disconnect the client if the response is REJECT,
but not ACCEPT or PENDING instead.
Signed-off-by: Derrick Pallas <pallas@xxxxxxxxxx>
---
src/ap/drv_callbacks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 3552b3e..f065995 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -124,7 +124,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
* conflicting ACL rules.
*/
if (hapd->iface->drv_max_acl_mac_addrs == 0 &&
- hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) {
+ hostapd_check_acl(hapd, addr, NULL) == HOSTAPD_ACL_REJECT) {
wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect",
MAC2STR(addr));
reason = WLAN_REASON_UNSPECIFIED;
--
2.10.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
