;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
config_add_string radius_client_addr
config_add_string iapp_interface
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+ config_add_boolean ca_cert_usesystem ca_cert2_usesystem
config_add_string subject_match subject_match2
config_add_array altsubject_match altsubject_match2
config_add_array domain_match domain_match2 domain_suffix_match domain_suffix_match2
config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
}
+hostapd_set_vlan_file() {
+ local ifname="$1"
+ local vlan="$2"
+ json_get_vars name vid
+ echo "${vid} ${ifname}-${name}" >> /var/run/hostapd-${ifname}.vlan
+ wireless_add_vlan "${vlan}" "${ifname}-${name}"
+}
+
+hostapd_set_vlan() {
+ local ifname="$1"
+
+ rm -f /var/run/hostapd-${ifname}.vlan
+ for_each_vlan hostapd_set_vlan_file ${ifname}
+}
+
+hostapd_set_psk_file() {
+ local ifname="$1"
+ local vlan="$2"
+ local vlan_id=""
+
+ json_get_vars mac vid key
+ set_default isolate "00:00:00:00:00:00"
+ [ -n "$vid" ] && vlan_id="vlanid=$vid "
+ echo "${vlan_id} ${mac} ${key}" >> /var/run/hostapd-${ifname}.psk
+}
+
+hostapd_set_psk() {
+ local ifname="$1"
+
+ rm -f /var/run/hostapd-${ifname}.psk
+ for_each_station hostapd_set_psk_file ${ifname}
+}
+
hostapd_set_bss_options() {
local var="$1"
local phy="$2"
else
append bss_conf "wpa_passphrase=$key" "$N"
fi
+ [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
[ -n "$wpa_psk_file" ] && {
[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
}
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
+ set_default dynamic_vlan 0
+ vlan_possible=1
wps_possible=1
;;
eap|eap192|eap-eap192)
[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file
set_default vlan_naming 1
+ [ -z "$vlan_file" ] && set_default vlan_file /var/run/hostapd-$ifname.vlan
append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
append bss_conf "vlan_naming=$vlan_naming" "$N"
[ -n "$vlan_bridge" ] && \
_w_mode="$mode"
- [[ "$mode" = adhoc ]] && {
+ [ "$mode" = adhoc ] && {
ap_scan="ap_scan=2"
}
case "$htmode" in
VHT80) append network_data "max_oper_chwidth=1" "$N$T";;
VHT160) append network_data "max_oper_chwidth=2" "$N$T";;
- *) append network_data "max_oper_chwidth=0" "$N$T";;
+ VHT20|VHT40) append network_data "max_oper_chwidth=0" "$N$T";;
+ *) append network_data "disable_vht=1" "$N$T";;
esac
}
local scan_ssid="scan_ssid=1"
local freq wpa_key_mgmt
- [[ "$_w_mode" = "adhoc" ]] && {
+ [ "$_w_mode" = "adhoc" ] && {
append network_data "mode=1" "$N$T"
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
[ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
[ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE"
}
- [[ "$_w_mode" = "mesh" ]] && {
+ [ "$_w_mode" = "mesh" ] && {
json_get_vars mesh_id mesh_fwding mesh_rssi_threshold
[ -n "$mesh_id" ] && ssid="${mesh_id}"
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
- json_get_vars eap_type identity anonymous_identity ca_cert
- [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ json_get_vars eap_type identity anonymous_identity ca_cert ca_cert_usesystem
+
+ if [ "$ca_cert_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ fi
[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T"
case "$eap_type" in
fi
;;
fast|peap|ttls)
- json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
+ json_get_vars auth password ca_cert2 ca_cert2_usesystem client_cert2 priv_key2 priv_key2_pwd
set_default auth MSCHAPV2
if [ "$auth" = "EAP-TLS" ]; then
- [ -n "$ca_cert2" ] &&
- append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ if [ "$ca_cert2_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert2=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert2" ] && append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ fi
append network_data "client_cert2=\"$client_cert2\"" "$N$T"
append network_data "private_key2=\"$priv_key2\"" "$N$T"
append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
_wpa_supplicant_common "$ifname"
- ubus wait_for wpa_supplicant.$phy
- ubus call wpa_supplicant.$phy config_add "{ \
+ ubus wait_for wpa_supplicant
+ ubus call wpa_supplicant config_add "{ \
\"driver\": \"${_w_driver:-wext}\", \"ctrl\": \"$_rpath\", \
\"iface\": \"$ifname\", \"config\": \"$_config\" \
${network_bridge:+, \"bridge\": \"$network_bridge\"} \
[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
- local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant-${phy}'].pid")
+ local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant'].pid")
wireless_add_process "$supplicant_pid" "/usr/sbin/wpa_supplicant" 1
return $ret