diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2016-01-18 11:40:44 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2016-01-18 11:40:44 +0000 |
| commit | 0303d7b38a9a0d260cff2358602e76bbcaad33ab (patch) | |
| tree | ad9f1dab80427fb8cf092c151a516b70a302bb2a /package/network/services | |
| parent | 7f2651b2cdf1dbf12d029e099d40100ee77021b4 (diff) | |
| download | master-187ad058-0303d7b38a9a0d260cff2358602e76bbcaad33ab.tar.gz master-187ad058-0303d7b38a9a0d260cff2358602e76bbcaad33ab.tar.bz2 master-187ad058-0303d7b38a9a0d260cff2358602e76bbcaad33ab.zip | |
wpa_supplicant: improve generating phase2 config line for WPA-EAP
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...
The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.
Examples:
eap_type auth
'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2"
'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2"
'peap' 'EAP-GTC' -> phase2="auth=GTC"
Deprecated syntax supported for compatibility:
'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"
I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48309 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/services')
| -rw-r--r-- | package/network/services/hostapd/files/netifd.sh | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index 80560802d2..cedf5d5589 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -633,10 +633,21 @@ wpa_supplicant_add_network() { append network_data "private_key=\"$priv_key\"" "$N$T" append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" ;; - peap|ttls) + fast|peap|ttls) json_get_vars auth password set_default auth MSCHAPV2 - append network_data "phase2=\"$auth\"" "$N$T" + phase2proto="auth=" + case "$auth" in + "auth"*) + phase2proto="" + ;; + "EAP-"*) + auth="$(echo $auth | cut -b 5- )" + [ "$eap_type" = "ttls" ] && + phase2proto="autheap=" + ;; + esac + append network_data "phase2=\"$phase2proto$auth\"" "$N$T" append network_data "password=\"$password\"" "$N$T" ;; esac |