Radius logic does not check user subscription when connecting from Federez Wifi #1

New issue

Closed

opened 2024-03-03 19:14:42 +01:00 by chapeau · 5 comments

chapeau commented 2024-03-03 19:14:42 +01:00 (Migrated from gitlab2.federez.net)

Copy link

The auth.py script does not check user subscription when the request is proxified.
That means any request forward from another radius will be accepted.

As a result, someone can freely create an account on re2o without paying anything, and be granted access to the Federez Wifi from another network emitting it.

Examples:

• A Federez re2o account allows someone to freely connect to any Federez Wifi
• A RM -RF re2o account (whatever its state is) allows someone to freely connect to any Federez Wifi except the one hosted by RM -RF

The incriminated piece of code (auth.py):

# If proxified request
if not nas_type:
    logger.info("Proxified request, nas unknown")
    return radiusd.RLM_MODULE_OK

The auth.py script does not check user subscription when the request is proxified. That means any request forward from another radius will be accepted. As a result, someone can freely create an account on re2o without paying anything, and be granted access to the Federez Wifi from another network emitting it. Examples: - A Federez re2o account allows someone to freely connect to any Federez Wifi - A RM -RF re2o account (whatever its state is) allows someone to freely connect to any Federez Wifi except the one hosted by RM -RF The incriminated piece of code (auth.py): ```python # If proxified request if not nas_type: logger.info("Proxified request, nas unknown") return radiusd.RLM_MODULE_OK ```

chapeau commented 2024-03-03 19:15:16 +01:00 (Migrated from gitlab2.federez.net)

Copy link

changed title from Radius {-do-} not check user subscription when connecting from Federez Wifi to Radius {+logic does+} not check user subscription when connecting from Federez Wifi

By asyncnomi on 2024-03-03T18:15:16 (imported from GitLab)

changed title from **Radius {-do-} not check user subscription when connecting from Federez Wifi** to **Radius {+logic does+} not check user subscription when connecting from Federez Wifi** *By asyncnomi on 2024-03-03T18:15:16 (imported from GitLab)*

chapeau commented 2024-03-03 19:15:30 +01:00 (Migrated from gitlab2.federez.net)

Copy link

changed the description

By asyncnomi on 2024-03-03T18:15:30 (imported from GitLab)

changed the description *By asyncnomi on 2024-03-03T18:15:30 (imported from GitLab)*

chapeau commented 2024-03-03 19:15:59 +01:00 (Migrated from gitlab2.federez.net)

Copy link

changed the description

By asyncnomi on 2024-03-03T18:15:59 (imported from GitLab)

changed the description *By asyncnomi on 2024-03-03T18:15:59 (imported from GitLab)*

chapeau commented 2024-03-23 08:59:19 +01:00 (Migrated from gitlab2.federez.net)

Copy link

created branch check-federez to address this issue

By chapeau on 2024-03-23T07:59:19 (imported from GitLab)

created branch [`check-federez`](/re2o/re2o-radius/-/compare/master...check-federez) to address this issue *By chapeau on 2024-03-23T07:59:19 (imported from GitLab)*

chapeau commented 2024-03-23 08:59:34 +01:00 (Migrated from gitlab2.federez.net)

Copy link

mentioned in merge request !6

By chapeau on 2024-03-23T07:59:34 (imported from GitLab)

mentioned in merge request !6 *By chapeau on 2024-03-23T07:59:34 (imported from GitLab)*

chapeau (Migrated from gitlab2.federez.net) closed this issue 2024-03-23 16:19:33 +01:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: re2o/re2o-radius#1

No description provided.