mirror of
https://github.com/openNDS/openNDS.git
synced 2026-05-04 03:01:32 -04:00
0e61687b20
When a client was deauthed, it was not removed from the client list, instead its firewall state was changed from authenticated to preauthenticated. With the introduction of preemptive authentication, this is no longer sufficient. If a client had been deauthed for any reason, then was pre-emptively re-authed (within the configured preauthidletimeout period), it would inherit its previous details including its previous ip address as far as openNDS is concerned. If the dhcp allocated ip address was the same as before then there was no problem. But if that previous ip address had been leased to some other client then the preemptive authentication would fail and the other client would be locked out. This fix deletes the client from the client list and does more in depth checking for the presence of the client before preemtive auth is allowed. Signed-off-by: Rob White <rob@blue-wave.net>
Forwarding Authentication Service (FAS) Author: Rob White @bluewavenet - BlueWave Projects and Services Copyright (C) 2015-2021 BlueWave Projects and Services. This software is released under the GNU GPL license. openNDS (NDS) supports external (to NDS) authentication with with simple config options. In addition, Binauth can be configured to be operational at the same time as FAS to provide post authentication processing.