[isf-wifidog] token that wasn't TOKEN_UNUSED
Steven Kurylo
steven.kurylo+wifidog at aviawest.com
Mer 28 Avr 11:18:28 EDT 2010
Genevieve Bastien wrote, On 4/28/10 9:51 AM:
> Hi Steven,
>
> What are exactly the steps to reproduce this bug? We used to have
> something similar when a user clicked twice on the login button, and
> corrected it with the check around line 105 (although you're right it
> does seem like gw_id is not in the $info array, I wonder why I missed
> this...)
>
>
Here is what I'm doing to reproduce it:
1. Boot Knoppix
2. Associate to wifi and receive DHCP lease
3. Open firefox with a saved session which has two tabs from google.com
4. Both tabs get redirected to login page
5. Log in with the first tab - can browse the web, open new tabs which
can browse the web, etc. iptables -t mangle -nL shows two rules as
expected.
6. Log in with the second tab - denied message because gw_id isn't set,
so the check on line 105 fails.
So if I remove the gw_id check, step 6 succeeds. However iptables now
shows the rules have been duplicated:
# iptables -t mangle -nL|grep 121
ACCEPT all -- 0.0.0.0/0 192.168.0.121
ACCEPT all -- 0.0.0.0/0 192.168.0.121
MARK all -- 192.168.0.121 0.0.0.0/0 MAC
00:0C:29:09:8D:B1 MARK set 0x2
MARK all -- 192.168.0.121 0.0.0.0/0 MAC
00:0C:29:09:8D:B1 MARK set 0x2
Which now means I'll eventually hit the "Preventively deleting firewall
rules for..."
Here are the allowed lines:
/var/log/syslog:Apr 28 08:06:00 prk-wifidog wifidog[26872]: Got ALLOWED
from central server authenticating token
f3a211120263bb63794f4db2165f736a from 192.168.0.121 at 00:0C:29:09:8D:B1
- adding to firewall and redirecting them to portal
/var/log/syslog:Apr 28 08:06:45 prk-wifidog wifidog[26872]: Got ALLOWED
from central server authenticating token
f3a211120263bb63794f4db2165f736a from 192.168.0.121 at 00:0C:29:09:8D:B1
- adding to firewall and redirecting them to portal
More information about the WiFiDog
mailing list