summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-12-19 11:48:31 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-12-19 11:48:31 +0000
commit76e5e7f14fcfbb9f9e481ec0d9a31d3c5c7f1869 (patch)
tree95f69486d5b0bfda9ba943c392887a2b260271c8
parent170a1a2bd41982212636a2a1a196872a34766982 (diff)
hostapd: Allow rsn_preauth configuration
Hostapd can allow preauthentication for WPA2-EAP networks when the interfaces through which preauthentication is allowed are configured. Add a new param "rsn_preauth=0/1" to the configuration that enables or disables preauthentication on the according bridge interface. Preauthentication for unbridged networks is not considered in this patch. Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24721 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/hostapd/files/hostapd.sh40
1 files changed, 26 insertions, 14 deletions
diff --git a/package/hostapd/files/hostapd.sh b/package/hostapd/files/hostapd.sh
index db08e7bce2..39f98f2c43 100644
--- a/package/hostapd/files/hostapd.sh
+++ b/package/hostapd/files/hostapd.sh
@@ -139,20 +139,32 @@ hostapd_set_bss_options() {
[ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N"
[ -n "$iapp_interface" ] && append "$var" $(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N"
- [ "$wpa" -ge "2" ] && config_get ieee80211w "$vif" ieee80211w
- case "$ieee80211w" in
- [012])
- append "$var" "ieee80211w=$ieee80211w" "$N"
- [ "$ieee80211w" -gt "0" ] && {
- config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout
- config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout
- [ -n "$ieee80211w_max_timeout" ] && \
- append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
- [ -n "$ieee80211w_retry_timeout" ] && \
- append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
- }
- ;;
- esac
+ if [ "$wpa" -ge "2" ]
+ then
+ # RSN -> allow preauthentication
+ config_get rsn_preauth "$vif" rsn_preauth
+ if [ -n "$bridge" -a "$rsn_preauth" = 1 ]
+ then
+ append "$var" "rsn_preauth=1" "$N"
+ append "$var" "rsn_preauth_interfaces=$bridge" "$N"
+ fi
+
+ # RSN -> allow management frame protection
+ config_get ieee80211w "$vif" ieee80211w
+ case "$ieee80211w" in
+ [012])
+ append "$var" "ieee80211w=$ieee80211w" "$N"
+ [ "$ieee80211w" -gt "0" ] && {
+ config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout
+ config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout
+ [ -n "$ieee80211w_max_timeout" ] && \
+ append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
+ [ -n "$ieee80211w_retry_timeout" ] && \
+ append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
+ }
+ ;;
+ esac
+ fi
}
hostapd_setup_vif() {