diff options
author | John Crispin <john@phrozen.org> | 2021-04-06 14:59:41 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2021-11-23 18:30:05 +0100 |
commit | 28b30ae10bc574a2d5f568cbdd36d5b8bba8e760 (patch) | |
tree | ee6a168f1d1b203bae1ec37d476fcb775aeafd90 /package/network | |
parent | 21eb0a5aa37f6711f3d0440be660f459d5a7fde6 (diff) | |
download | upstream-28b30ae10bc574a2d5f568cbdd36d5b8bba8e760.tar.gz upstream-28b30ae10bc574a2d5f568cbdd36d5b8bba8e760.tar.bz2 upstream-28b30ae10bc574a2d5f568cbdd36d5b8bba8e760.zip |
hostapd: add eap_server support
This makes it possible to avoid using a RADIUS server for WPA enterprise authentication
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from 98621c97822eb20a80ab2248a253972051ea6f08)
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/services/hostapd/files/hostapd.sh | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 24fc7c3cca..c61654e6e8 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -347,6 +347,9 @@ hostapd_common_add_bss_config() { config_add_boolean request_cui config_add_array radius_auth_req_attr config_add_array radius_acct_req_attr + + config_add_int eap_server + config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id } hostapd_set_vlan_file() { @@ -517,7 +520,8 @@ hostapd_set_bss_options() { bss_load_update_period chan_util_avg_period sae_require_mfp \ multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key skip_inactivity_poll \ airtime_bss_weight airtime_bss_limit airtime_sta_weight \ - multicast_to_unicast per_sta_vif + multicast_to_unicast per_sta_vif \ + eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id set_default isolate 0 set_default maxassoc 0 @@ -538,6 +542,7 @@ hostapd_set_bss_options() { set_default multi_ap 0 set_default airtime_bss_weight 0 set_default airtime_bss_limit 0 + set_default eap_server 0 append bss_conf "ctrl_interface=/var/run/hostapd" if [ "$isolate" -gt 0 ]; then @@ -651,9 +656,11 @@ hostapd_set_bss_options() { set_default dae_port 3799 set_default request_cui 0 - append bss_conf "auth_server_addr=$auth_server" "$N" - append bss_conf "auth_server_port=$auth_port" "$N" - append bss_conf "auth_server_shared_secret=$auth_secret" "$N" + [ "$eap_server" -eq 0 ] && { + append bss_conf "auth_server_addr=$auth_server" "$N" + append bss_conf "auth_server_port=$auth_port" "$N" + append bss_conf "auth_server_shared_secret=$auth_secret" "$N" + } [ "$request_cui" -gt 0 ] && append bss_conf "radius_request_cui=$request_cui" "$N" [ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N" @@ -1010,6 +1017,16 @@ hostapd_set_bss_options() { json_for_each_item append_operator_icon operator_icon fi + if [ "$eap_server" = "1" ]; then + append bss_conf "eap_server=1" "$N" + [ -n "$eap_user_file" ] && append bss_conf "eap_user_file=$eap_user_file" "$N" + [ -n "$ca_cert" ] && append bss_conf "ca_cert=$ca_cert" "$N" + [ -n "$server_cert" ] && append bss_conf "server_cert=$server_cert" "$N" + [ -n "$private_key" ] && append bss_conf "private_key=$private_key" "$N" + [ -n "$private_key_passwd" ] && append bss_conf "private_key_passwd=$private_key_passwd" "$N" + [ -n "$server_id" ] && append bss_conf "server_id=$server_id" "$N" + fi + set_default multicast_to_unicast 0 if [ "$multicast_to_unicast" -gt 0 ]; then append bss_conf "multicast_to_unicast=$multicast_to_unicast" "$N" |