diff options
author | Felix Fietkau <nbd@openwrt.org> | 2010-12-19 11:48:31 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2010-12-19 11:48:31 +0000 |
commit | 21adab3df580bafb01aea20b1a75e220ffea18a7 (patch) | |
tree | 95f69486d5b0bfda9ba943c392887a2b260271c8 | |
parent | a22fbebb0530c49a284b5b6b8bdf399b28147737 (diff) | |
download | upstream-21adab3df580bafb01aea20b1a75e220ffea18a7.tar.gz upstream-21adab3df580bafb01aea20b1a75e220ffea18a7.tar.bz2 upstream-21adab3df580bafb01aea20b1a75e220ffea18a7.zip |
hostapd: Allow rsn_preauth configuration
Hostapd can allow preauthentication for WPA2-EAP networks when
the interfaces through which preauthentication is allowed are
configured.
Add a new param "rsn_preauth=0/1" to the configuration that enables
or disables preauthentication on the according bridge interface.
Preauthentication for unbridged networks is not considered in this
patch.
Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24721 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/hostapd/files/hostapd.sh | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/package/hostapd/files/hostapd.sh b/package/hostapd/files/hostapd.sh index db08e7bce2..39f98f2c43 100644 --- a/package/hostapd/files/hostapd.sh +++ b/package/hostapd/files/hostapd.sh @@ -139,20 +139,32 @@ hostapd_set_bss_options() { [ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N" [ -n "$iapp_interface" ] && append "$var" $(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N" - [ "$wpa" -ge "2" ] && config_get ieee80211w "$vif" ieee80211w - case "$ieee80211w" in - [012]) - append "$var" "ieee80211w=$ieee80211w" "$N" - [ "$ieee80211w" -gt "0" ] && { - config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout - config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout - [ -n "$ieee80211w_max_timeout" ] && \ - append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" - [ -n "$ieee80211w_retry_timeout" ] && \ - append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" - } - ;; - esac + if [ "$wpa" -ge "2" ] + then + # RSN -> allow preauthentication + config_get rsn_preauth "$vif" rsn_preauth + if [ -n "$bridge" -a "$rsn_preauth" = 1 ] + then + append "$var" "rsn_preauth=1" "$N" + append "$var" "rsn_preauth_interfaces=$bridge" "$N" + fi + + # RSN -> allow management frame protection + config_get ieee80211w "$vif" ieee80211w + case "$ieee80211w" in + [012]) + append "$var" "ieee80211w=$ieee80211w" "$N" + [ "$ieee80211w" -gt "0" ] && { + config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout + config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout + [ -n "$ieee80211w_max_timeout" ] && \ + append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" + [ -n "$ieee80211w_retry_timeout" ] && \ + append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" + } + ;; + esac + fi } hostapd_setup_vif() { |