[isf-wifidog] Authentication denied

Benoit Grégoire bock at step.polymtl.ca
Dim 7 Mai 01:01:47 EDT 2006


On May 6, 2006 03:53 pm, Max Horváth wrote:
> - gpg control packet
> Yeah well,
>
> problem can be reproduced very easily:
>
> login at a hotspot ... close your browser ...
>
> open up another browser and got to the auth servers login page ...

That shouldn't be possible, either your session has timed out on the gateway, 
in which case you should get a new token, or it hasn't, in which case you 
shouldn't get a login page at all.

> login again ...
>
> access denied ...
>
> now you won't be able to surf the web at all ...
>
> message of the gateway:
>
> Auth: 0
> Messages: | Tried to login with a token that wasn't TOKEN_UNUSED.
> ]
> [6][Sat May  6 21:43:02 2006][21647](centralserver.c:149) Auth server
> returned authentication code 0
> [7][Sat May  6 21:43:02 2006][21647](auth.c:123) Locking client list
> [7][Sat May  6 21:43:02 2006][21647](auth.c:123) Client list locked
> [6][Sat May  6 21:43:02 2006][21647](auth.c:163) Got DENIED from
> central server authenticating token e60af0c61b0718c296d419b70d1cc5b9
> from 10.22.11.176 at 00:11:24:C2:92:76 - redirecting them to denied
> message
> [7][Sat May  6 21:43:03 2006][21647](auth.c:265) Unlocking client list
> [7][Sat May  6 21:43:03 2006][21647](auth.c:265) Client list unlocked
> [7][Sat May  6 21:43:03 2006][21647](httpd_thread.c:68) Returned from
> httpdProcessRequest() for 10.22.11.176
> [7][Sat May  6 21:43:03 2006][21647](httpd_thread.c:73) Closing
> connection with 10.22.11.176
>
> Solution should be:
>
> If a user with a token in use tries to login again and the MAC
> matches with the one of the token in use the auth server shouldn't
> send a denied message because this will cause the gateway to block
> the access to the internet ... resulting in the user gotta wait for
> minutes to be able to login again ...

No, it already does that.  The message is caused by failing that exact check 
on  auth/index.php on line 99. You'll have to output those variables as part 
of the else message and figure out what is causing the problem.

I checked on the wifidog production server (where I most definitely can't 
reproduce the problem), and the only change to that check was in revision 
[1018].  You may want to try reverting >only that file< to revision [914] and 
tell us if it helps, but I doubt it will (the change does seem harmless).

-- 
Benoit Grégoire, http://benoitg.coeus.ca/
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 191 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060507/173fa125/attachment.pgp


More information about the WiFiDog mailing list