diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 817ead71afd..0b2241ea60e 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -428,9 +428,36 @@ hostapd_set_psk() { local ifname="$1" rm -f /var/run/hostapd-${ifname}.psk + case "$auth_type" in + psk|psk-sae) ;; + *) return ;; + esac for_each_station hostapd_set_psk_file ${ifname} } +hostapd_set_sae_file() { + local ifname="$1" + local vlan="$2" + local vlan_id="" + + json_get_vars mac vid key + set_default mac "ff:ff:ff:ff:ff:ff" + [ -n "$mac" ] && mac="|mac=$mac" + [ -n "$vid" ] && vlan_id="|vlanid=$vid" + printf '%s%s%s\n' "${key}" "${mac}" "${vlan_id}" >> /var/run/hostapd-${ifname}.sae +} + +hostapd_set_sae() { + local ifname="$1" + + rm -f /var/run/hostapd-${ifname}.sae + case "$auth_type" in + sae|psk-sae) ;; + *) return ;; + esac + for_each_station hostapd_set_sae_file ${ifname} +} + append_iw_roaming_consortium() { [ -n "$1" ] && append bss_conf "roaming_consortium=$1" "$N" } @@ -686,7 +713,7 @@ hostapd_set_bss_options() { wps_not_configured=1 ;; psk|sae|psk-sae) - json_get_vars key wpa_psk_file + json_get_vars key wpa_psk_file sae_password_file if [ "$ppsk" -ne 0 ]; then json_get_vars auth_secret auth_port set_default auth_port 1812 @@ -697,15 +724,20 @@ hostapd_set_bss_options() { append bss_conf "wpa_psk=$key" "$N" elif [ ${#key} -ge 8 ] && [ ${#key} -le 63 ]; then append bss_conf "wpa_passphrase=$key" "$N" - elif [ -n "$key" ] || [ -z "$wpa_psk_file" ]; then + elif [ -n "$key" ] || [ -z "$wpa_psk_file" ] || [ -z "$sae_password_file" ]; then wireless_setup_vif_failed INVALID_WPA_PSK return 1 fi [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk - [ -n "$wpa_psk_file" ] && { + [ -n "$wpa_psk_file" ] && [ "$auth_type" = "psk" -o "$auth_type" = "psk-sae" ] && { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } + [ -z "$sae_password_file" ] && set_default sae_password_file /var/run/hostapd-$ifname.sae + [ -n "$sae_password_file" ] && [ "$auth_type" = "sae" -o "$auth_type" = "psk-sae" ] && { + [ -e "$sae_password_file" ] || touch "$sae_password_file" + append bss_conf "sae_password_file=$sae_password_file" "$N" + } [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" set_default dynamic_vlan 0 diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh index f65128783fa..c835b46e759 100755 --- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh @@ -669,7 +669,7 @@ mac80211_set_ifname() { mac80211_prepare_vif() { json_select config - json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file vlan_file + json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file sae_password_file vlan_file [ -n "$ifname" ] || { local prefix; @@ -702,7 +702,12 @@ mac80211_prepare_vif() { [ "$mode" == "ap" ] && { + json_select config + wireless_vif_parse_encryption + json_select .. + [ -z "$wpa_psk_file" ] && hostapd_set_psk "$ifname" + [ -z "$sae_password_file" ] && hostapd_set_sae "$ifname" [ -z "$vlan_file" ] && hostapd_set_vlan "$ifname" } diff --git a/package/network/services/hostapd/files/hostapd.uc b/package/network/services/hostapd/files/hostapd.uc index 76a3d706f7f..1593feef6bc 100644 --- a/package/network/services/hostapd/files/hostapd.uc +++ b/package/network/services/hostapd/files/hostapd.uc @@ -10,6 +10,7 @@ hostapd.data.pending_config = {}; hostapd.data.file_fields = { vlan_file: true, wpa_psk_file: true, + sae_password_file: true, accept_mac_file: true, deny_mac_file: true, eap_user_file: true, @@ -365,6 +366,7 @@ function bss_remove_file_fields(config) for (let key in config.hash) new_cfg.hash[key] = config.hash[key]; delete new_cfg.hash.wpa_psk_file; + delete new_cfg.hash.sae_password_file; delete new_cfg.hash.vlan_file; return new_cfg;