mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-29 09:32:34 +00:00
qca-wifi-7: hostapd.sh: add missed functionality from ipq807x_v5.4
The main reason was adding missed functionality for Radius configuration which caused rejecting WiFi clients on authentication level. Still some changes not included: * AFC, * hs20_release, * multiple_bssid, * he_co_locate Fixes: WIFI-14459 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
This commit is contained in:
Marek Kwaczynski
@@ -126,12 +126,15 @@ hostapd_common_add_device_config() {
|
||||
config_add_int maxassoc
|
||||
config_add_int reg_power_type
|
||||
config_add_boolean stationary_ap
|
||||
config_add_boolean maxassoc_ignore_probe
|
||||
|
||||
config_add_string acs_chan_bias
|
||||
config_add_boolean acs_exclude_dfs
|
||||
config_add_array hostapd_options
|
||||
|
||||
config_add_int airtime_mode
|
||||
config_add_int mbssid
|
||||
config_add_boolean rnr_beacon ema
|
||||
|
||||
hostapd_add_log_config
|
||||
}
|
||||
@@ -142,10 +145,11 @@ hostapd_prepare_device_config() {
|
||||
|
||||
local base_cfg=
|
||||
|
||||
json_get_vars country country3 country_ie beacon_int:100 doth require_mode legacy_rates \
|
||||
json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
|
||||
acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density \
|
||||
rts_threshold beacon_rate rssi_reject_assoc_rssi rssi_ignore_probe_request maxassoc \
|
||||
mbssid:0 band reg_power_type stationary_ap
|
||||
rnr_beacon mbssid:0 band reg_power_type stationary_ap acs_exclude_dfs\
|
||||
maxassoc_ignore_probe band
|
||||
|
||||
hostapd_set_log_options base_cfg
|
||||
|
||||
@@ -155,6 +159,9 @@ hostapd_prepare_device_config() {
|
||||
set_default legacy_rates 0
|
||||
set_default airtime_mode 0
|
||||
set_default cell_density 0
|
||||
set_default rnr_beacon 0
|
||||
set_default ema 0
|
||||
set_default acs_exclude_dfs 0
|
||||
|
||||
[ -n "$country" ] && {
|
||||
append base_cfg "country_code=$country" "$N"
|
||||
@@ -244,8 +251,14 @@ hostapd_prepare_device_config() {
|
||||
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
|
||||
append base_cfg "beacon_int=$beacon_int" "$N"
|
||||
[ -n "$rts_threshold" ] && append base_cfg "rts_threshold=$rts_threshold" "$N"
|
||||
append base_cfg "dtim_period=$dtim_period" "$N"
|
||||
[ "$airtime_mode" -gt 0 ] && append base_cfg "airtime_mode=$airtime_mode" "$N"
|
||||
[ -n "$maxassoc" ] && append base_cfg "iface_max_num_sta=$maxassoc" "$N"
|
||||
[ "$maxassoc_ignore_probe" -gt 0 ] && append base_cfg "no_probe_resp_if_max_sta=1" "$N"
|
||||
[ "$rnr_beacon" -gt 0 ] && append base_cfg "rnr_beacon=$rnr_beacon" "$N"
|
||||
[ "$ema" -gt 0 ] && append base_cfg "ema=$ema" "$N"
|
||||
[ "$acs_exclude_dfs" -gt 0 ] && append base_cfg "acs_exclude_dfs=$acs_exclude_dfs" "$N"
|
||||
|
||||
[ "$mbssid" -gt 0 ] && [ "$mbssid" -le 2 ] && append base_cfg "mbssid=$mbssid" "$N"
|
||||
|
||||
[ "$band" = "6g" ] && {
|
||||
@@ -287,15 +300,24 @@ hostapd_common_add_bss_config() {
|
||||
config_add_int ieee80211w
|
||||
config_add_int eapol_version
|
||||
|
||||
config_add_array auth_server acct_server
|
||||
config_add_string 'server:host'
|
||||
config_add_string 'auth_server:host' 'server:host'
|
||||
config_add_string auth_secret key
|
||||
config_add_int 'auth_port:port' 'port:port'
|
||||
|
||||
config_add_string acct_server
|
||||
config_add_string acct_secret
|
||||
config_add_int acct_port
|
||||
|
||||
config_add_string acct_server_secondary
|
||||
config_add_string acct_secret_secondary
|
||||
config_add_int acct_port_secondary
|
||||
|
||||
config_add_int acct_interval
|
||||
|
||||
config_add_string auth_server_secondary
|
||||
config_add_string auth_secret_secondary
|
||||
config_add_int auth_port_secondary
|
||||
|
||||
config_add_int bss_load_update_period chan_util_avg_period
|
||||
|
||||
config_add_string dae_client
|
||||
@@ -339,8 +361,8 @@ hostapd_common_add_bss_config() {
|
||||
config_add_string lci civic
|
||||
|
||||
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
|
||||
config_add_int r0_key_lifetime reassociation_deadline
|
||||
config_add_string mobility_domain r1_key_holder
|
||||
config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh
|
||||
config_add_string mobility_domain r1_key_holder ft_key
|
||||
config_add_array r0kh r1kh
|
||||
|
||||
config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
|
||||
@@ -391,14 +413,18 @@ hostapd_common_add_bss_config() {
|
||||
config_add_array radius_auth_req_attr
|
||||
config_add_array radius_acct_req_attr
|
||||
|
||||
config_add_int eap_server radius_server_auth_port
|
||||
config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id radius_server_clients
|
||||
config_add_int eap_server
|
||||
config_add_string eap_user_file ca_cert server_cert private_key private_key_passwd server_id
|
||||
|
||||
config_add_boolean fils
|
||||
config_add_string fils_dhcp
|
||||
|
||||
config_add_boolean ratelimit
|
||||
config_add_int ocv
|
||||
|
||||
config_add_string uci_section
|
||||
config_add_boolean dynamic_probe_resp
|
||||
|
||||
config_add_boolean apup
|
||||
config_add_string apup_peer_ifname_prefix
|
||||
}
|
||||
@@ -433,6 +459,7 @@ hostapd_set_psk() {
|
||||
local ifname="$1"
|
||||
|
||||
rm -f /var/run/hostapd-${ifname}.psk
|
||||
touch /var/run/hostapd-${ifname}.psk
|
||||
for_each_station hostapd_set_psk_file ${ifname}
|
||||
}
|
||||
|
||||
@@ -549,18 +576,83 @@ append_airtime_sta_weight() {
|
||||
[ -n "$1" ] && append bss_conf "airtime_sta_weight=$1" "$N"
|
||||
}
|
||||
|
||||
append_auth_server() {
|
||||
[ -n "$1" ] || return
|
||||
append bss_conf "auth_server_addr=$1" "$N"
|
||||
append bss_conf "auth_server_port=$auth_port" "$N"
|
||||
[ -n "$auth_secret" ] && append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
|
||||
}
|
||||
append_radius_server() {
|
||||
|
||||
append_acct_server() {
|
||||
[ -n "$1" ] || return
|
||||
append bss_conf "acct_server_addr=$1" "$N"
|
||||
append bss_conf "acct_server_port=$acct_port" "$N"
|
||||
[ -n "$acct_secret" ] && append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
|
||||
json_get_vars \
|
||||
auth_server auth_secret auth_port \
|
||||
auth_server_secondary auth_secret_secondary auth_port_secondary \
|
||||
dae_client dae_secret dae_port \
|
||||
dynamic_ownip ownip radius_client_addr \
|
||||
eap_reauth_period request_cui \
|
||||
erp_domain mobility_domain \
|
||||
fils_realm fils_dhcp
|
||||
|
||||
set_default dynamic_ownip 1
|
||||
|
||||
# legacy compatibility
|
||||
[ -n "$auth_server" ] || json_get_var auth_server server
|
||||
[ -n "$auth_port" ] || json_get_var auth_port port
|
||||
[ -n "$auth_secret" ] || json_get_var auth_secret key
|
||||
|
||||
[ "$fils" -gt 0 ] && {
|
||||
set_default erp_domain "$mobility_domain"
|
||||
set_default erp_domain "$(echo "$ssid" | md5sum | head -c 8)"
|
||||
set_default fils_realm "$erp_domain"
|
||||
|
||||
append bss_conf "erp_send_reauth_start=1" "$N"
|
||||
append bss_conf "erp_domain=$erp_domain" "$N"
|
||||
append bss_conf "fils_realm=$fils_realm" "$N"
|
||||
append bss_conf "fils_cache_id=$(echo "$fils_realm" | md5sum | head -c 4)" "$N"
|
||||
|
||||
[ "$fils_dhcp" = "*" ] && {
|
||||
json_get_values network network
|
||||
fils_dhcp=
|
||||
for net in $network; do
|
||||
fils_dhcp="$(ifstatus "$net" | jsonfilter -e '@.data.dhcpserver')"
|
||||
[ -n "$fils_dhcp" ] && break
|
||||
done
|
||||
|
||||
[ -z "$fils_dhcp" -a -n "$network_bridge" -a -n "$network_ifname" ] && \
|
||||
fils_dhcp="$(udhcpc -B -n -q -s /lib/netifd/dhcp-get-server.sh -t 1 -i "$network_ifname" 2>/dev/null)"
|
||||
}
|
||||
[ -n "$fils_dhcp" ] && append bss_conf "dhcp_server=$fils_dhcp" "$N"
|
||||
}
|
||||
|
||||
set_default auth_port 1812
|
||||
set_default auth_port_secondary 1812
|
||||
set_default dae_port 3799
|
||||
set_default request_cui 0
|
||||
|
||||
[ "$eap_server" -eq 0 -a -n "$auth_server" ] && {
|
||||
append bss_conf "auth_server_addr=$auth_server" "$N"
|
||||
append bss_conf "auth_server_port=$auth_port" "$N"
|
||||
append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
|
||||
}
|
||||
|
||||
[ -n "$auth_server_secondary" ] && {
|
||||
append bss_conf "auth_server_addr=$auth_server_secondary" "$N"
|
||||
append bss_conf "auth_server_port=$auth_port_secondary" "$N"
|
||||
[ -n "$auth_secret_secondary" ] && \
|
||||
append bss_conf "auth_server_shared_secret=$auth_secret_secondary" "$N"
|
||||
}
|
||||
|
||||
[ "$request_cui" -gt 0 ] && append bss_conf "radius_request_cui=$request_cui" "$N"
|
||||
[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
|
||||
|
||||
[ -n "$dae_client" -a -n "$dae_secret" ] && {
|
||||
append bss_conf "radius_das_port=$dae_port" "$N"
|
||||
append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
|
||||
}
|
||||
json_for_each_item append_radius_auth_req_attr radius_auth_req_attr
|
||||
|
||||
if [ -n "$ownip" ]; then
|
||||
append bss_conf "own_ip_addr=$ownip" "$N"
|
||||
elif [ "$dynamic_ownip" -gt 0 ]; then
|
||||
append bss_conf "dynamic_own_ip_addr=$dynamic_ownip" "$N"
|
||||
fi
|
||||
|
||||
[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
|
||||
[ "$macfilter" = radius ] && append bss_conf "macaddr_acl=2" "$N"
|
||||
}
|
||||
|
||||
hostapd_set_bss_options() {
|
||||
@@ -570,7 +662,7 @@ hostapd_set_bss_options() {
|
||||
|
||||
wireless_vif_parse_encryption
|
||||
|
||||
local bss_conf bss_md5sum ft_key
|
||||
local bss_conf bss_md5sum
|
||||
local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
|
||||
|
||||
json_get_vars \
|
||||
@@ -581,13 +673,14 @@ hostapd_set_bss_options() {
|
||||
wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \
|
||||
macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \
|
||||
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
|
||||
acct_secret acct_port acct_interval \
|
||||
acct_server acct_secret acct_port acct_interval \
|
||||
acct_server_secondary acct_secret_secondary acct_port_secondary \
|
||||
bss_load_update_period chan_util_avg_period sae_require_mfp sae_pwe \
|
||||
multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key skip_inactivity_poll \
|
||||
ppsk airtime_bss_weight airtime_bss_limit airtime_sta_weight \
|
||||
multicast_to_unicast_all proxy_arp per_sta_vif \
|
||||
eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id radius_server_clients radius_server_auth_port \
|
||||
vendor_elements fils ocv apup multi_psk
|
||||
vendor_elements fils ocv apup uci_section dynamic_probe_resp multi_psk
|
||||
|
||||
set_default fils 0
|
||||
set_default isolate 0
|
||||
@@ -604,6 +697,7 @@ hostapd_set_bss_options() {
|
||||
set_default tdls_prohibit 0
|
||||
set_default eapol_version $((wpa & 1))
|
||||
set_default acct_port 1813
|
||||
set_default acct_port_secondary 1813
|
||||
set_default bss_load_update_period 60
|
||||
set_default chan_util_avg_period 600
|
||||
set_default utf8_ssid 1
|
||||
@@ -612,6 +706,7 @@ hostapd_set_bss_options() {
|
||||
set_default airtime_bss_weight 0
|
||||
set_default airtime_bss_limit 0
|
||||
set_default eap_server 0
|
||||
set_default dynamic_probe_resp 0
|
||||
set_default apup 0
|
||||
|
||||
/usr/sbin/hostapd -vfils || fils=0
|
||||
@@ -638,6 +733,7 @@ hostapd_set_bss_options() {
|
||||
append bss_conf "preamble=$short_preamble" "$N"
|
||||
append bss_conf "wmm_enabled=$wmm" "$N"
|
||||
append bss_conf "ignore_broadcast_ssid=$hidden" "$N"
|
||||
append bss_conf "dynamic_probe_resp=$dynamic_probe_resp" "$N"
|
||||
append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N"
|
||||
append bss_conf "utf8_ssid=$utf8_ssid" "$N"
|
||||
append bss_conf "multi_ap=$multi_ap" "$N"
|
||||
@@ -654,10 +750,22 @@ hostapd_set_bss_options() {
|
||||
|
||||
[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
|
||||
|
||||
[ -n "$acct_interval" ] && \
|
||||
append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
|
||||
json_for_each_item append_acct_server acct_server
|
||||
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
|
||||
[ -n "$acct_server" ] && {
|
||||
append bss_conf "acct_server_addr=$acct_server" "$N"
|
||||
append bss_conf "acct_server_port=$acct_port" "$N"
|
||||
[ -n "$acct_secret" ] && \
|
||||
append bss_conf "acct_server_shared_secret=$acct_secret" "$N"
|
||||
[ -n "$acct_interval" ] && \
|
||||
append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
|
||||
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
|
||||
}
|
||||
|
||||
[ -n "$acct_server_secondary" ] && {
|
||||
append bss_conf "acct_server_addr=$acct_server_secondary" "$N"
|
||||
append bss_conf "acct_server_port=$acct_port_secondary" "$N"
|
||||
[ -n "$acct_secret_secondary" ] && \
|
||||
append bss_conf "acct_server_shared_secret=$acct_secret_secondary" "$N"
|
||||
}
|
||||
|
||||
[ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
|
||||
|
||||
@@ -690,6 +798,8 @@ hostapd_set_bss_options() {
|
||||
# Here we make the assumption that if we're in open mode
|
||||
# with WPS enabled, we got to be in unconfigured state.
|
||||
wps_not_configured=1
|
||||
vlan_possible=1
|
||||
append_radius_server
|
||||
;;
|
||||
psk|sae|psk-sae)
|
||||
json_get_vars key wpa_psk_file
|
||||
@@ -714,74 +824,15 @@ hostapd_set_bss_options() {
|
||||
}
|
||||
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
|
||||
|
||||
append_radius_server
|
||||
set_default dynamic_vlan 0
|
||||
vlan_possible=1
|
||||
wps_possible=1
|
||||
;;
|
||||
eap|eap2|eap-eap2|eap192)
|
||||
json_get_vars \
|
||||
auth_server auth_secret auth_port \
|
||||
dae_client dae_secret dae_port \
|
||||
dynamic_ownip ownip radius_client_addr \
|
||||
eap_reauth_period request_cui \
|
||||
erp_domain mobility_domain \
|
||||
fils_realm fils_dhcp
|
||||
|
||||
eap|eap192|eap-eap2|eap2)
|
||||
append_radius_server
|
||||
# radius can provide VLAN ID for clients
|
||||
vlan_possible=1
|
||||
|
||||
set_default dynamic_ownip 1
|
||||
|
||||
# legacy compatibility
|
||||
[ -n "$auth_server" ] || json_get_var auth_server server
|
||||
[ -n "$auth_port" ] || json_get_var auth_port port
|
||||
[ -n "$auth_secret" ] || json_get_var auth_secret key
|
||||
|
||||
[ "$fils" -gt 0 ] && {
|
||||
set_default erp_domain "$mobility_domain"
|
||||
set_default erp_domain "$(echo "$ssid" | md5sum | head -c 8)"
|
||||
set_default fils_realm "$erp_domain"
|
||||
|
||||
append bss_conf "erp_send_reauth_start=1" "$N"
|
||||
append bss_conf "erp_domain=$erp_domain" "$N"
|
||||
append bss_conf "fils_realm=$fils_realm" "$N"
|
||||
append bss_conf "fils_cache_id=$(echo "$fils_realm" | md5sum | head -c 4)" "$N"
|
||||
|
||||
[ "$fils_dhcp" = "*" ] && {
|
||||
json_get_values network network
|
||||
fils_dhcp=
|
||||
for net in $network; do
|
||||
fils_dhcp="$(ifstatus "$net" | jsonfilter -e '@.data.dhcpserver')"
|
||||
[ -n "$fils_dhcp" ] && break
|
||||
done
|
||||
|
||||
[ -z "$fils_dhcp" -a -n "$network_bridge" -a -n "$network_ifname" ] && \
|
||||
fils_dhcp="$(udhcpc -B -n -q -s /lib/netifd/dhcp-get-server.sh -t 1 -i "$network_ifname" 2>/dev/null)"
|
||||
}
|
||||
[ -n "$fils_dhcp" ] && append bss_conf "dhcp_server=$fils_dhcp" "$N"
|
||||
}
|
||||
|
||||
set_default auth_port 1812
|
||||
set_default dae_port 3799
|
||||
set_default request_cui 0
|
||||
|
||||
[ "$eap_server" -eq 0 ] && json_for_each_item append_auth_server auth_server
|
||||
[ "$request_cui" -gt 0 ] && append bss_conf "radius_request_cui=$request_cui" "$N"
|
||||
[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N"
|
||||
|
||||
[ -n "$dae_client" -a -n "$dae_secret" ] && {
|
||||
append bss_conf "radius_das_port=$dae_port" "$N"
|
||||
append bss_conf "radius_das_client=$dae_client $dae_secret" "$N"
|
||||
}
|
||||
json_for_each_item append_radius_auth_req_attr radius_auth_req_attr
|
||||
|
||||
if [ -n "$ownip" ]; then
|
||||
append bss_conf "own_ip_addr=$ownip" "$N"
|
||||
elif [ "$dynamic_ownip" -gt 0 ]; then
|
||||
append bss_conf "dynamic_own_ip_addr=$dynamic_ownip" "$N"
|
||||
fi
|
||||
|
||||
[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N"
|
||||
append bss_conf "eapol_key_index_workaround=1" "$N"
|
||||
append bss_conf "ieee8021x=1" "$N"
|
||||
|
||||
@@ -798,6 +849,7 @@ hostapd_set_bss_options() {
|
||||
append bss_conf "wpa_psk_radius=3" "$N"
|
||||
append_radius_server
|
||||
vlan_possible=1
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$auth_type" in
|
||||
@@ -921,45 +973,42 @@ hostapd_set_bss_options() {
|
||||
}
|
||||
fi
|
||||
|
||||
json_get_vars ieee80211r
|
||||
set_default ieee80211r 0
|
||||
if [ "$wpa" -ge "1" ]; then
|
||||
if [ "$fils" -gt 0 ]; then
|
||||
json_get_vars fils_realm
|
||||
set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
|
||||
fi
|
||||
json_get_vars ieee80211r
|
||||
set_default ieee80211r 0
|
||||
|
||||
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
|
||||
|
||||
hostapd_append_wpa_key_mgmt
|
||||
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
|
||||
fi
|
||||
|
||||
if [ "$wpa" -ge "2" ]; then
|
||||
if [ "$ieee80211r" -gt "0" ]; then
|
||||
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
|
||||
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline ft_l2_refresh
|
||||
|
||||
set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
|
||||
set_default ft_over_ds 0
|
||||
set_default ft_over_ds 1
|
||||
set_default ft_l2_refresh 30
|
||||
set_default reassociation_deadline 1000
|
||||
skip_kh_setup=0
|
||||
|
||||
case "$auth_type" in
|
||||
psk)
|
||||
psk|psk-sae)
|
||||
set_default ft_psk_generate_local 1
|
||||
skip_kh_setup="$ft_psk_generate_local"
|
||||
;;
|
||||
*)
|
||||
set_default ft_psk_generate_local 0
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$auth_type" in
|
||||
*sae*) skip_kh_setup=0;;
|
||||
esac
|
||||
|
||||
[ -n "$network_ifname" ] && append bss_conf "ft_iface=$network_ifname" "$N"
|
||||
append bss_conf "mobility_domain=$mobility_domain" "$N"
|
||||
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
|
||||
append bss_conf "ft_over_ds=$ft_over_ds" "$N"
|
||||
append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
|
||||
[ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N"
|
||||
|
||||
if [ "$ft_psk_generate_local" -eq "0" ]; then
|
||||
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
|
||||
if [ "$skip_kh_setup" -eq "0" ]; then
|
||||
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push ft_key
|
||||
json_get_values r0kh r0kh
|
||||
json_get_values r1kh r1kh
|
||||
|
||||
@@ -971,12 +1020,15 @@ hostapd_set_bss_options() {
|
||||
wireless_setup_vif_failed FT_KEY_CANT_BE_DERIVED
|
||||
return 1
|
||||
fi
|
||||
ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
|
||||
[ -z "$ft_key" ] && {
|
||||
key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
|
||||
|
||||
set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
|
||||
set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$ft_key"
|
||||
set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
|
||||
set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
|
||||
}
|
||||
}
|
||||
|
||||
[ -n "$ft_key" ] && append bss_conf "ft_key=$ft_key" "$N"
|
||||
[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
|
||||
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
|
||||
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
|
||||
@@ -989,7 +1041,18 @@ hostapd_set_bss_options() {
|
||||
done
|
||||
fi
|
||||
fi
|
||||
if [ "$fils" -gt 0 ]; then
|
||||
json_get_vars fils_realm
|
||||
set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
|
||||
fi
|
||||
|
||||
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
|
||||
|
||||
hostapd_append_wpa_key_mgmt
|
||||
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
|
||||
fi
|
||||
|
||||
if [ "$wpa" -ge "2" ]; then
|
||||
if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
|
||||
set_default auth_cache 1
|
||||
append bss_conf "rsn_preauth=1" "$N"
|
||||
@@ -1189,6 +1252,8 @@ hostapd_set_bss_options() {
|
||||
append bss_conf "per_sta_vif=$per_sta_vif" "$N"
|
||||
fi
|
||||
|
||||
[ -n "$uci_section" ] && append bss_conf "uci_section=$uci_section" "$N"
|
||||
|
||||
if [ "$apup" -gt 0 ]; then
|
||||
append bss_conf "apup=$apup" "$N"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user