mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2026-03-20 03:39:54 +00:00
Compare commits
4 Commits
15318
...
staging-15
| Author | SHA1 | Date | |
|---|---|---|---|
|
162ece9d61 | ||
|
|
d7b578c58d | ||
|
|
bab5db5bf5 | ||
|
|
be9783e7db |
@@ -1,38 +0,0 @@
|
||||
From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Harding <somerandomstring@gmail.com>
|
||||
Date: Tue, 9 Apr 2024 15:06:38 -0700
|
||||
Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
|
||||
|
||||
When the RADIUS response included a Session-Timeout attribute, but is
|
||||
otherwise valid (an Access-Accept with a valid Tunnel-Password), the
|
||||
association still failed due to the strict comparison of the accepted
|
||||
value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
|
||||
previously tested.
|
||||
|
||||
Extend this to allow a packet containing a valid Session-Timeout
|
||||
attribute to be accepted by extending the "success" comparison to
|
||||
include HOSTAPD_ACL_ACCEPT_TIMEOUT.
|
||||
|
||||
Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
|
||||
Signed-off-by: Lee Harding <somerandomstring@gmail.com>
|
||||
---
|
||||
src/ap/ieee802_11_auth.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
|
||||
index e723ae74b..98a877dec 100644
|
||||
--- a/src/ap/ieee802_11_auth.c
|
||||
+++ b/src/ap/ieee802_11_auth.c
|
||||
@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
|
||||
|
||||
if (query->radius_psk) {
|
||||
struct sta_info *sta;
|
||||
- bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
|
||||
+ bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
|
||||
+ cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
|
||||
|
||||
sta = ap_get_sta(hapd, query->addr);
|
||||
if (!sta || !sta->wpa_sm) {
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Harding <somerandomstring@gmail.com>
|
||||
Date: Tue, 9 Apr 2024 15:06:38 -0700
|
||||
Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
|
||||
|
||||
When the RADIUS response included a Session-Timeout attribute, but is
|
||||
otherwise valid (an Access-Accept with a valid Tunnel-Password), the
|
||||
association still failed due to the strict comparison of the accepted
|
||||
value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
|
||||
previously tested.
|
||||
|
||||
Extend this to allow a packet containing a valid Session-Timeout
|
||||
attribute to be accepted by extending the "success" comparison to
|
||||
include HOSTAPD_ACL_ACCEPT_TIMEOUT.
|
||||
|
||||
Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
|
||||
Signed-off-by: Lee Harding <somerandomstring@gmail.com>
|
||||
---
|
||||
src/ap/ieee802_11_auth.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
|
||||
index e723ae74b..98a877dec 100644
|
||||
--- a/src/ap/ieee802_11_auth.c
|
||||
+++ b/src/ap/ieee802_11_auth.c
|
||||
@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
|
||||
|
||||
if (query->radius_psk) {
|
||||
struct sta_info *sta;
|
||||
- bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
|
||||
+ bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
|
||||
+ cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
|
||||
|
||||
sta = ap_get_sta(hapd, query->addr);
|
||||
if (!sta || !sta->wpa_sm) {
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Harding <somerandomstring@gmail.com>
|
||||
Date: Tue, 9 Apr 2024 15:06:38 -0700
|
||||
Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
|
||||
|
||||
When the RADIUS response included a Session-Timeout attribute, but is
|
||||
otherwise valid (an Access-Accept with a valid Tunnel-Password), the
|
||||
association still failed due to the strict comparison of the accepted
|
||||
value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
|
||||
previously tested.
|
||||
|
||||
Extend this to allow a packet containing a valid Session-Timeout
|
||||
attribute to be accepted by extending the "success" comparison to
|
||||
include HOSTAPD_ACL_ACCEPT_TIMEOUT.
|
||||
|
||||
Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
|
||||
Signed-off-by: Lee Harding <somerandomstring@gmail.com>
|
||||
---
|
||||
src/ap/ieee802_11_auth.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
|
||||
index e723ae74b..98a877dec 100644
|
||||
--- a/src/ap/ieee802_11_auth.c
|
||||
+++ b/src/ap/ieee802_11_auth.c
|
||||
@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
|
||||
|
||||
if (query->radius_psk) {
|
||||
struct sta_info *sta;
|
||||
- bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
|
||||
+ bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
|
||||
+ cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
|
||||
|
||||
sta = ap_get_sta(hapd, query->addr);
|
||||
if (!sta || !sta->wpa_sm) {
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@@ -400,7 +400,7 @@ function expiry_handler() {
|
||||
if (!stat)
|
||||
return;
|
||||
|
||||
let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
|
||||
let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /etc/ucentral/operational.pem`);
|
||||
if (!ret) {
|
||||
ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
|
||||
return;
|
||||
|
||||
@@ -29,6 +29,9 @@ Build/Compile = $(Build/Compile/Default)
|
||||
|
||||
define Package/ratelimit/install
|
||||
$(CP) ./files/* $(1)
|
||||
ifeq ($(CONFIG_TARGET_mediatek),y)
|
||||
$(SED) 's|qdisc replace dev $$$${iface} parent 1:$$$${id} handle $$$${id}: fq_codel flows 128 limit 800 quantum 300 noecn|qdisc add dev $$$${iface} parent 1:$$$${id} sfq perturb 10 limit 2000 quantum 1514|' $(1)/usr/bin/ratelimit
|
||||
endif
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,ratelimit))
|
||||
|
||||
@@ -7,7 +7,7 @@ PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
|
||||
PKG_MIRROR_HASH:=ac2a5b026cfc0cdc893cf2ed8dd5aff31c5c56feaffa6bf3489d5c260f2ed724
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_DATE:=2026-01-24
|
||||
PKG_SOURCE_VERSION:=8491119c93f7d94dc8940f1b76619a134f22c5a5
|
||||
PKG_SOURCE_VERSION:=9af6661616c5428509dac11357fbc54e9365db57
|
||||
PKG_MAINTAINER:=John Crispin <john@phrozen.org>
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
---
|
||||
profile: edgecore_eap111
|
||||
target: mediatek
|
||||
subtarget: mt7981
|
||||
subtarget: filogic
|
||||
description: Build image for the EdgeCore EAP111
|
||||
image: bin/targets/mediatek/mt7981/openwrt-mediatek-mt7981-edgecore_eap111-squashfs-sysupgrade.bin
|
||||
image: bin/targets/mediatek/filogic/openwrt-mediatek-filogic-edgecore_eap111-squashfs-sysupgrade.bin
|
||||
feeds:
|
||||
- name: mediatek
|
||||
path: ../../feeds/mediatek-sdk
|
||||
path: ../../feeds/mediatek
|
||||
packages:
|
||||
- mediatek
|
||||
include:
|
||||
|
||||
Reference in New Issue
Block a user