hostapd: add code to prevent accidentally bridging non-wds sta mode interfaces
[openwrt/staging/yousong.git] / package / hostapd / files / wpa_supplicant.sh
1 wpa_supplicant_setup_vif() {
2 local vif="$1"
3 local driver="$2"
4 local key="$key"
5 local options="$3"
6
7 # wpa_supplicant should use wext for mac80211 cards
8 [ "$driver" = "mac80211" ] && driver='wext'
9
10 # make sure we have the encryption type and the psk
11 [ -n "$enc" ] || {
12 config_get enc "$vif" encryption
13 }
14 [ -n "$key" ] || {
15 config_get key "$vif" key
16 }
17
18 local net_cfg bridge
19 config_get bridge "$vif" bridge
20 [ -z "$bridge" ] && {
21 net_cfg="$(find_net_config "$vif")"
22 [ -z "$net_cfg" ] || bridge="$(bridge_interface "$net_cfg")"
23 config_set "$vif" bridge "$bridge"
24 }
25
26 local mode ifname wds
27 config_get mode "$vif" mode
28 config_get ifname "$vif" ifname
29 config_get_bool wds "$vif" wds 0
30 [ -z "$bridge" ] || [ "$mode" = ap ] || [ "$mode" = sta -a $wds -eq 1 ] || {
31 echo "wpa_supplicant_setup_vif($ifname): Refusing to bridge $mode mode interface"
32 return 1
33 }
34
35 case "$enc" in
36 *none*)
37 key_mgmt='NONE'
38 ;;
39 *wep*)
40 key_mgmt='NONE'
41 config_get key "$vif" key
42 key="${key:-1}"
43 case "$key" in
44 [1234])
45 for idx in 1 2 3 4; do
46 local zidx
47 zidx=$(($idx - 1))
48 config_get ckey "$vif" "key${idx}"
49 [ -n "$ckey" ] && \
50 append "wep_key${zidx}" "wep_key${zidx}=$(prepare_key_wep "$ckey")"
51 done
52 wep_tx_keyidx="wep_tx_keyidx=$((key - 1))"
53 ;;
54 *)
55 wep_key0="wep_key0=$(prepare_key_wep "$key")"
56 wep_tx_keyidx="wep_tx_keyidx=0"
57 ;;
58 esac
59 ;;
60 *psk*)
61 key_mgmt='WPA-PSK'
62 config_get_bool usepassphrase "$vif" passphrase 1
63 if [ "$usepassphrase" = "1" ]; then
64 passphrase="psk=\"${key}\""
65 else
66 passphrase="psk=${key}"
67 fi
68 case "$enc" in
69 *psk2*)
70 proto='proto=RSN'
71 config_get ieee80211w "$vif" ieee80211w
72 ;;
73 *psk*)
74 proto='proto=WPA'
75 ;;
76 esac
77 ;;
78 *wpa*|*8021x*)
79 proto='proto=WPA2'
80 key_mgmt='WPA-EAP'
81 config_get ieee80211w "$vif" ieee80211w
82 config_get ca_cert "$vif" ca_cert
83 config_get eap_type "$vif" eap_type
84 ca_cert=${ca_cert:+"ca_cert=\"$ca_cert\""}
85 case "$eap_type" in
86 tls)
87 pairwise='pairwise=CCMP'
88 group='group=CCMP'
89 config_get identity "$vif" identity
90 config_get priv_key "$vif" priv_key
91 config_get priv_key_pwd "$vif" priv_key_pwd
92 identity="identity=\"$identity\""
93 priv_key="private_key=\"$priv_key\""
94 priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
95 ;;
96 peap|ttls)
97 config_get auth "$vif" auth
98 config_get identity "$vif" identity
99 config_get password "$vif" password
100 phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
101 identity="identity=\"$identity\""
102 password="password=\"$password\""
103 ;;
104 esac
105 eap_type="eap=$(echo $eap_type | tr 'a-z' 'A-Z')"
106 ;;
107 esac
108
109 case "$ieee80211w" in
110 [012])
111 ieee80211w="ieee80211w=$ieee80211w"
112 ;;
113 esac
114
115 config_get ifname "$vif" ifname
116 config_get bridge "$vif" bridge
117 config_get ssid "$vif" ssid
118 config_get bssid "$vif" bssid
119 bssid=${bssid:+"bssid=$bssid"}
120 rm -rf /var/run/wpa_supplicant-$ifname
121 cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
122 ctrl_interface=/var/run/wpa_supplicant-$ifname
123 network={
124 scan_ssid=1
125 ssid="$ssid"
126 $bssid
127 key_mgmt=$key_mgmt
128 $proto
129 $ieee80211w
130 $passphrase
131 $pairwise
132 $group
133 $eap_type
134 $ca_cert
135 $priv_key
136 $priv_key_pwd
137 $phase2
138 $identity
139 $password
140 $wep_key0
141 $wep_key1
142 $wep_key2
143 $wep_key3
144 $wep_tx_keyidx
145 }
146 EOF
147 [ -z "$proto" -a "$key_mgmt" != "NONE" ] || \
148 wpa_supplicant ${bridge:+ -b $bridge} -B -P "/var/run/wifi-${ifname}.pid" -D ${driver:-wext} -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf $options
149 }