hostapd: Allow rsn_preauth configuration

Hostapd can allow preauthentication for WPA2-EAP networks when the interfaces through which preauthentication is allowed are configured. Add a new param "rsn_preauth=0/1" to the configuration that enables or disables preauthentication on the according bridge interface. Preauthentication for unbridged networks is not considered in this patch. Cc: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 24721
14 years ago · d08bc913a8
parent ba45b5a907
commit d08bc913a8
1 changed files with 26 additions and 14 deletions
--- a/package/hostapd/files/hostapd.sh
+++ b/package/hostapd/files/hostapd.sh
@ -139,20 +139,32 @@ hostapd_set_bss_options() {
 	[ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N"
 	[ -n "$iapp_interface" ] && append "$var" $(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N"

-	[ "$wpa" -ge "2" ] && config_get ieee80211w "$vif" ieee80211w
-	case "$ieee80211w" in
-		[012])
-			append "$var" "ieee80211w=$ieee80211w" "$N"
-			[ "$ieee80211w" -gt "0" ] && {
-				config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout
-				config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout
-				[ -n "$ieee80211w_max_timeout" ] && \
-					append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
-				[ -n "$ieee80211w_retry_timeout" ] && \
-					append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
-			}
-		;;
-	esac
+	if [ "$wpa" -ge "2" ]
+	then
+		# RSN -> allow preauthentication
+		config_get rsn_preauth "$vif" rsn_preauth
+		if [ -n "$bridge" -a "$rsn_preauth" = 1 ]
+		then
+			append "$var" "rsn_preauth=1" "$N"
+			append "$var" "rsn_preauth_interfaces=$bridge" "$N"
+		fi
+
+		# RSN -> allow management frame protection
+		config_get ieee80211w "$vif" ieee80211w
+		case "$ieee80211w" in
+			[012])
+				append "$var" "ieee80211w=$ieee80211w" "$N"
+				[ "$ieee80211w" -gt "0" ] && {
+					config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout
+					config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout
+					[ -n "$ieee80211w_max_timeout" ] && \
+						append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
+					[ -n "$ieee80211w_retry_timeout" ] && \
+						append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N"
+				}
+			;;
+		esac
+	fi
 }

 hostapd_setup_vif() {