[isf-wifidog] Authentication denied

Max Horváth max.horvath at maxspot.de
Dim 7 Mai 06:54:27 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On May 6, 2006 03:53 pm, Max Horváth wrote:
>> - gpg control packet
>> Yeah well,
>>
>> problem can be reproduced very easily:
>>
>> login at a hotspot ... close your browser ...
>>
>> open up another browser and got to the auth servers login page ...
>
> That shouldn't be possible, either your session has timed out on  
> the gateway,
> in which case you should get a new token, or it hasn't, in which  
> case you
> shouldn't get a login page at all.

Hm, it's hard to reproduce ... but it happends :( ...

>> login again ...
>>
>> access denied ...
>>
>> now you won't be able to surf the web at all ...
>>
>> message of the gateway:
>>
>> Auth: 0
>> Messages: | Tried to login with a token that wasn't TOKEN_UNUSED.
>> ]
>> [6][Sat May  6 21:43:02 2006][21647](centralserver.c:149) Auth server
>> returned authentication code 0
>> [7][Sat May  6 21:43:02 2006][21647](auth.c:123) Locking client list
>> [7][Sat May  6 21:43:02 2006][21647](auth.c:123) Client list locked
>> [6][Sat May  6 21:43:02 2006][21647](auth.c:163) Got DENIED from
>> central server authenticating token e60af0c61b0718c296d419b70d1cc5b9
>> from 10.22.11.176 at 00:11:24:C2:92:76 - redirecting them to denied
>> message
>> [7][Sat May  6 21:43:03 2006][21647](auth.c:265) Unlocking client  
>> list
>> [7][Sat May  6 21:43:03 2006][21647](auth.c:265) Client list unlocked
>> [7][Sat May  6 21:43:03 2006][21647](httpd_thread.c:68) Returned from
>> httpdProcessRequest() for 10.22.11.176
>> [7][Sat May  6 21:43:03 2006][21647](httpd_thread.c:73) Closing
>> connection with 10.22.11.176
>>
>> Solution should be:
>>
>> If a user with a token in use tries to login again and the MAC
>> matches with the one of the token in use the auth server shouldn't
>> send a denied message because this will cause the gateway to block
>> the access to the internet ... resulting in the user gotta wait for
>> minutes to be able to login again ...
>
> No, it already does that.  The message is caused by failing that  
> exact check
> on  auth/index.php on line 99. You'll have to output those  
> variables as part
> of the else message and figure out what is causing the problem.
>
> I checked on the wifidog production server (where I most definitely  
> can't
> reproduce the problem), and the only change to that check was in  
> revision
> [1018].  You may want to try reverting >only that file< to revision  
> [914] and
> tell us if it helps, but I doubt it will (the change does seem  
> harmless).

I'm still at 914 ...

This is the output with all the variables being checked:

[7][Sun May  7 12:32:52 2006][4686](centralserver.c:95) Sending HTTP  
request to auth server: [GET /auth/? 
stage=login&ip=10.22.11.176&mac=00:11:24:C2:92:76&token=8f6c2cb845e7a717 
5a5f81ca9a45fef6&incoming=0&outgoing=0 HTTP/1.0
User-Agent: WiFiDog 1.1.3_beta4
Host: login.maxspot.de

]

[7][Sun May  7 12:32:52 2006][4686](centralserver.c:98) Reading response
[7][Sun May  7 12:32:52 2006][4686](centralserver.c:125) Read 483  
bytes, total now 483
[7][Sun May  7 12:32:52 2006][4686](centralserver.c:145) HTTP  
Response from Server: [HTTP/1.1 200 OK
Date: Sun, 07 May 2006 10:32:52 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/ 
0.9.7e PHP/5.1.4 mod_perl/1.999.21 Perl/v5.8.4
X-Powered-By: PHP/5.1.4
Content-Length: 199
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

Auth: 0
Messages: | Tried to login with a token that wasn't TOKEN_UNUSED. |  
DEBUG: token_status: USED gw_id:  requested_gw_id:  MAC:   
requested_MAC: 00:11:24:C2:92:76 IP:  requested_IP: 10.22.11.176
]
[6][Sun May  7 12:32:52 2006][4686](centralserver.c:149) Auth server  
returned authentication code 0
[7][Sun May  7 12:32:52 2006][4686](auth.c:123) Locking client list
[7][Sun May  7 12:32:52 2006][4686](auth.c:123) Client list locked
[6][Sun May  7 12:32:52 2006][4686](auth.c:163) Got DENIED from  
central server authenticating token 8f6c2cb845e7a7175a5f81ca9a45fef6  
from 10.22.11.176 at 00:11:24:C2:92:76 - redirecting them to denied  
message
[7][Sun May  7 12:32:52 2006][4686](auth.c:265) Unlocking client list
[7][Sun May  7 12:32:52 2006][4686](auth.c:265) Client list unlocked
[7][Sun May  7 12:32:52 2006][4686](httpd_thread.c:68) Returned from  
httpdProcessRequest() for 10.22.11.176
[7][Sun May  7 12:32:52 2006][4686](httpd_thread.c:73) Closing  
connection with 10.22.11.176

As you can see $info['gw_id'], $_REQUEST['gw_id'], $info['mac'] and  
$info['ip'] are nulled ... what could be the cause?

Cheers, Max!

> -- 
> Benoit Grégoire, http://benoitg.coeus.ca/
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEXdHj+BKgC+eQ3ooRAnXyAJwLRL4L+o3QUKcDtwTbo23cET44rQCfSR9e
/XM9IvXNlDqjTOAZEEi0MB0=
=OzO4
-----END PGP SIGNATURE-----

More information about the WiFiDog mailing list