openwrt/package/network/services/hostapd/files
Felix Fietkau e4cf25cfab wpa_supplicant: improve generating phase2 config line for WPA-EAP
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...

The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.

Examples:
  eap_type   auth
  'ttls'     'EAP-MSCHAPV2'     -> phase2="autheap=MSCHAPV2"
  'ttls'     'MSCHAPV2'         -> phase2="auth=MSCHAPV2"
  'peap'     'EAP-GTC'          -> phase2="auth=GTC"

Deprecated syntax supported for compatibility:
  'ttls'     'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"

I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 48309
2016-01-18 11:40:44 +00:00
..
hostapd-full.config hostapd: fix compile errors with nl80211 disabled (#19325) 2015-03-27 14:55:01 +00:00
hostapd-mini.config hostapd: fix compile errors with nl80211 disabled (#19325) 2015-03-27 14:55:01 +00:00
hostapd.sh hostapd: Use network_get_device instead of uci_get_state 2015-11-11 08:34:59 +00:00
multicall.c packages: sort network related packages into package/network/ 2012-10-10 12:32:29 +00:00
netifd.sh wpa_supplicant: improve generating phase2 config line for WPA-EAP 2016-01-18 11:40:44 +00:00
wpa_supplicant-full.config wpa-supplicant: add 802.11r client support 2015-07-15 08:16:22 +00:00
wpa_supplicant-mesh.config hostapd: package wpad-mesh and wpa_supplicant-mesh variants 2015-03-26 23:33:56 +00:00
wpa_supplicant-mini.config hostapd: update hostapd to 2015-03-25 2015-03-26 23:33:47 +00:00
wpa_supplicant-p2p.config hostapd: update hostapd to 2015-03-25 2015-03-26 23:33:47 +00:00
wpa_supplicant.sh scripts: fix wrong usage of '==' operator 2014-10-14 12:21:11 +00:00
wps-hotplug.sh buttons: make all button handler scripts return 0 2015-07-24 09:11:35 +00:00