wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz
This allows sharing a wifi-iface section across bands while enforcing the no-PSK rule for 6 GHz Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
parent
91a50b27bc
commit
a17c3be409
3 changed files with 18 additions and 10 deletions
|
@ -76,8 +76,6 @@ function iface_accounting_server(config) {
|
|||
}
|
||||
|
||||
function iface_auth_type(config) {
|
||||
iface.parse_encryption(config);
|
||||
|
||||
if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) {
|
||||
config.ieee80211w = 2;
|
||||
config.sae_require_mfp = 1;
|
||||
|
@ -432,13 +430,21 @@ function iface_interworking(config) {
|
|||
]);
|
||||
}
|
||||
|
||||
export function generate(interface, config, vlans, stas, phy_features) {
|
||||
export function generate(interface, data, config, vlans, stas, phy_features) {
|
||||
config.ctrl_interface = '/var/run/hostapd';
|
||||
|
||||
iface_stations(config, stas);
|
||||
|
||||
iface_setup(config);
|
||||
|
||||
iface.parse_encryption(config);
|
||||
if (data.config.band == '6g') {
|
||||
if (config.auth_type == 'psk-sae')
|
||||
config.auth_type = 'sae';
|
||||
if (config.auth_type == 'eap-eap2')
|
||||
config.auth_type = 'eap2';
|
||||
}
|
||||
|
||||
iface_auth_type(config);
|
||||
|
||||
iface_accounting_server(config);
|
||||
|
|
|
@ -523,11 +523,11 @@ function generate(config) {
|
|||
}
|
||||
|
||||
let iface_idx = 0;
|
||||
function setup_interface(interface, config, vlans, stas, phy_features, fixup) {
|
||||
function setup_interface(interface, data, config, vlans, stas, phy_features, fixup) {
|
||||
config = { ...config, fixup };
|
||||
|
||||
config.idx = iface_idx++;
|
||||
ap.generate(interface, config, vlans, stas, phy_features);
|
||||
ap.generate(interface, data, config, vlans, stas, phy_features);
|
||||
}
|
||||
|
||||
export function setup(data) {
|
||||
|
@ -556,9 +556,9 @@ export function setup(data) {
|
|||
|
||||
let owe = interface.config.encryption == 'owe' && interface.config.owe_transition;
|
||||
|
||||
setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
|
||||
setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
|
||||
if (owe)
|
||||
setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
|
||||
setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
|
||||
}
|
||||
|
||||
let config = dump_config(file_name);
|
||||
|
|
|
@ -64,9 +64,11 @@ hostapd_append_wpa_key_mgmt() {
|
|||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
|
||||
;;
|
||||
psk-sae)
|
||||
append wpa_key_mgmt "WPA-PSK"
|
||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
|
||||
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
|
||||
[ "$band" = "6g" ] || {
|
||||
append wpa_key_mgmt "WPA-PSK"
|
||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
|
||||
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
|
||||
}
|
||||
append wpa_key_mgmt "SAE"
|
||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
|
||||
;;
|
||||
|
|
Loading…
Reference in a new issue