hostapd: mv netifd.sh hostapd.sh same name for the file on the host and target Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
hostapd: default to wps_independent 1 Signed-off-by: Steven Honson <steven@honson.id.au>
hostapd: expose wps_independent and ap_setup_locked as uci options ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other wps related uci options. Signed-off-by: Steven Honson <steven@honson.id.au>
hostapd: fix stray "out of range" shell errors in hostapd.sh The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized $ieee80211r and $ieee80211w variables in a numerical comparisation, leading to stray "netifd: radio0 (0000): sh: out of range" errors in logread when WPA-PSK security is enabled. Ensure that those variables are substituted with a default value in order to avoid emitting this (harmless) shell error. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
wpa_supplicant: Fix mesh encryption config wpa_supplicant allows only SAE as the key management type for mesh mode. The recent key_mgmt rework unconditionally added WPA-PSK - this breaks interface bringup and wpa_s throws this error message: Line 10: key_mgmt for mesh network should be open or SAE Line 10: failed to parse network block. Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf Fix this by making sure that only SAE is used for mesh. Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
hostapd: enable SHA256-based algorithms Enable support for stronger SHA256-based algorithms in hostapd and wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled. We cannot unconditionally enable it, as it requires hostapd to be compiled with 802.11w support, which is disabled in the -mini variants. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
hostapd: add function to handle wpa_key_mgmt Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are consistent, we can move parts of it to a dedicated function. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
wpa_supplicant: rework wpa_key_mgmt handling Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with how it is done for hostapd. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
hostapd support for VLANs through a file in addition to Radius. Signed-off-by: Petr Konecny <pekon@google.com>
hostapd: Allow RADIUS accounting without 802.1x RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
branding: add LEDE branding Signed-off-by: John Crispin <blogic@openwrt.org>
hostapd.sh: Add support for "anonymous_identity" config field The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
wpa_supplicant: add support for EAP-TLS phase2 Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48345
wpa_supplicant: improve generating phase2 config line for WPA-EAP WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48309
wpa_supplicant: set regulatory domain the same way as hostapd In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 48099
wpa-supplicant: Get 802.11s ssid information from option mesh_id The scripts for authsae and iw use the option mesh_id to get set the "meshid" during a mesh join. But the script for wpad-mesh ignores the option mesh_id and instead uses the option ssid. Unify the mesh configuration and let the wpa_supplicant script also use the mesh_id from the configuration. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47615
hostapd: Use network_get_device instead of uci_get_state This fixes the IAPP functionality. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> SVN-Revision: 47455
hostapd: add default value to eapol_version (#20641) r46861 introduced a new option eapol_version to hostapd, but did not provide a default value. When the option value is evaluated, the non-existing value causes errors to the systen log: "netifd: radio0: sh: out of range" Add a no-op default value 0 for eapol_version. Only values 1 or 2 are actually passed on, so 0 will not change the default action in hostapd. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 47361
hostapd: Add eapol_version config option Add eapol_version to the openwrt wireless config ssid section. Only eapol_version=1 and 2 will get passed to hostapd, the default in hostapd is 2. This is only useful for really old client devices that don't accept eapol_version=2. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 46861
hostapd: Add vlan_file option to netifd.sh Other VLAN related options are already being processed in netifd.sh but the vlan_file option is missing. This option allows the mapping of vlan IDs to network interfaces and will be used in dynamic VLAN feature for binding stations to interfaces based on VLAN assignments. The change is done similarly to the wpa_psk_file option. Signed-off-by: Gong Cheng <chengg11@yahoo.com> SVN-Revision: 46652