hostapd: add support for WPS pushbutton station

similar to hostapd, also add a ubus interface for wpa_supplicant
which will allow handling WPS push-button just as it works for hostapd.
In order to have wpa_supplicant running without any network
configuration (so you can use it to retrieve credentials via WPS),
configure wifi-iface in /etc/config/wireless:

  config wifi-iface 'default_radio0'
      option device 'radio0'
      option network 'wwan'
      option mode 'sta'
      option encryption 'wps'

This section will automatically be edited if credentials have
successfully been acquired via WPS.

Size difference (mips_24kc): roughly +4kb for the 'full' variants of
wpa_supplicant and wpad which do support WPS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

6 files changed, 77 insertions, 5 deletions

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 7f3157cd27..7335e75fd5 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -762,6 +762,9 @@ wpa_supplicant_add_network() {
 			hostapd_append_wep_key network_data
 			append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
 		;;
+		wps)
+			key_mgmt='WPS'
+		;;
 		psk|sae|psk-sae)
 			local passphrase
 
@@ -869,7 +872,10 @@ wpa_supplicant_add_network() {
 		append network_data "mcast_rate=$mc_rate" "$N$T"
 	}
 
-	cat >> "$_config" <<EOF
+	if [ "$key_mgnt" = "WPS" ]; then
+		echo "wps_cred_processing=1" >> "$_config"
+	else
+		cat >> "$_config" <<EOF
 network={
 	$scan_ssid
 	ssid="$ssid"
@@ -877,6 +883,7 @@ network={
 	$network_data
 }
 EOF
+	fi
 	return 0
 }
 
diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config
index 7c33996691..01ef7b6e3f 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-basic.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config
@@ -591,3 +591,8 @@ CONFIG_NO_RANDOM_POOL=y
 # Opportunistic Wireless Encryption (OWE)
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index 55b31a345b..0ec846943f 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -593,3 +593,8 @@ CONFIG_IBSS_RSN=y
 # Opportunistic Wireless Encryption (OWE)
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config
index 67c0b323af..2adb94802c 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-mini.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config
@@ -593,3 +593,8 @@ CONFIG_NO_RANDOM_POOL=y
 # Opportunistic Wireless Encryption (OWE)
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
index c1e85f0163..435f45a944 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config
@@ -593,3 +593,8 @@ CONFIG_IBSS_RSN=y
 # Opportunistic Wireless Encryption (OWE)
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
+
+# uBus IPC/RPC System
+# Services can connect to the bus and provide methods
+# that can be called by other services or clients.
+CONFIG_UBUS=y
diff --git a/package/network/services/hostapd/files/wps-hotplug.sh b/package/network/services/hostapd/files/wps-hotplug.sh
index 24af80e55b..ddfd021195 100644
--- a/package/network/services/hostapd/files/wps-hotplug.sh
+++ b/package/network/services/hostapd/files/wps-hotplug.sh
@@ -1,11 +1,56 @@
 #!/bin/sh
 
+wps_catch_credentials() {
+	local iface ifaces ifc ifname ssid encryption key radio radios
+	local found=0
+
+	. /usr/share/libubox/jshn.sh
+	ubus -S -t 30 listen wps_credentials | while read creds; do
+		json_init
+		json_load "$creds"
+		json_select wps_credentials || continue
+		json_get_vars ifname ssid key encryption
+		local ifcname="$ifname"
+		json_init
+		json_load "$(ubus -S call network.wireless status)"
+		json_get_keys radios
+		for radio in $radios; do
+			json_select $radio
+			json_select interfaces
+			json_get_keys ifaces
+			for ifc in $ifaces; do
+				json_select $ifc
+				json_get_vars ifname
+				[ "$ifname" = "$ifcname" ] && {
+					ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\",		\
+								\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" },	\
+								\"values\": { \"encryption\": \"$encryption\", 			\
+										\"ssid\": \"$ssid\", 				\
+										\"key\": \"$key\" } }"
+					ubus -S call uci commit '{"config": "wireless"}'
+					ubus -S call uci apply
+				}
+				json_select ..
+			done
+			json_select ..
+			json_select ..
+		done
+	done
+}
+
 if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
-	cd /var/run/hostapd
-	for socket in *; do
-		[ -S "$socket" ] || continue
-		hostapd_cli -i "$socket" wps_pbc
+	wps_done=0
+	ubusobjs="$( ubus -S list hostapd.* )"
+	for ubusobj in $ubusobjs; do
+		ubus -S call $ubusobj wps_start && wps_done=1
+	done
+	[ $wps_done = 0 ] || return 0
+	wps_done=0
+	ubusobjs="$( ubus -S list wpa_supplicant.* )"
+	for ubusobj in $ubusobjs; do
+		ubus -S call $ubusobj wps_start && wps_done=1
 	done
+	[ $wps_done = 0 ] || wps_catch_credentials &
 fi
 
 return 0