X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fhooks%2Fports%2Fwireless-ap;h=26e14d63f53ef32430da9af9e343dd3c4b949c95;hb=d695b280e9972311ae8c4bc688c0898ade1281e6;hp=2bb4977f17f7a6067e71bf06e3e1565d92fcdcdf;hpb=4637109c42417e34c02631cd8391bccc7f2733cb;p=people%2Fms%2Fnetwork.git

diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
index 2bb4977f..26e14d63 100644
--- a/src/hooks/ports/wireless-ap
+++ b/src/hooks/ports/wireless-ap
@@ -23,9 +23,25 @@
 
 HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
 
-HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
-HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
+HOOK_SETTINGS=(
+	"ADDRESS"
+	"BROADCAST_SSID"
+	"CHANNEL"
+	"CHANNEL_BANDWIDTH"
+	"DFS"
+	"ENVIRONMENT"
+	"MFP"
+	"MODE"
+	"PHY"
+	"SECRET"
+	"SSID"
+	"WPA3_PERSONAL"
+	"WPA2_PERSONAL"
+)
+
+# Disable WPA3+2 by default
+DEFAULT_WPA3_PERSONAL="off"
+DEFAULT_WPA2_PERSONAL="off"
 
 # Broadcast SSID by default
 DEFAULT_BROADCAST_SSID="on"
@@ -34,8 +50,7 @@ DEFAULT_BROADCAST_SSID="on"
 DEFAULT_DFS="on"
 
 # 802.11w - Management Frame Protection
-# Disable by default because many clients cannot connect when enabled
-DEFAULT_MFP="off"
+DEFAULT_MFP="on"
 
 DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
 
@@ -53,14 +68,6 @@ hook_check_settings() {
 	assert ismac PHY
 	assert isset SSID
 
-	if isset ENCRYPTION; then
-		assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2
-
-		assert isset KEY
-		assert [ ${#KEY} -ge 8 ]
-		assert [ ${#KEY} -le 63 ]
-	fi
-
 	assert wireless_environment_is_valid "${ENVIRONMENT}"
 }
 
@@ -77,19 +84,7 @@ hook_parse_cmdline() {
 				CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
 				;;
 			--dfs=*)
-				DFS="$(cli_get_val "${1}")"
-
-				if enabled DFS; then
-					DFS="on"
-				elif disabled DFS; then
-					DFS="off"
-				else
-					error "Invalid value for DFS: ${DFS}"
-					return ${EXIT_ERROR}
-				fi
-				;;
-			--encryption=*)
-				ENCRYPTION=$(cli_get_val "${1}")
+				DFS="$(cli_get_bool "${1}")"
 				;;
 			--environment=*)
 				ENVIRONMENT="$(cli_get_val "${1}")"
@@ -99,23 +94,11 @@ hook_parse_cmdline() {
 					return ${EXIT_ERROR}
 				fi
 				;;
-			--key=*)
-				KEY=$(cli_get_val "${1}")
-				;;
 			--mac=*)
 				ADDRESS=$(cli_get_val "${1}")
 				;;
 			--mfp=*)
-				MFP="$(cli_get_val "${1}")"
-
-				if enabled MFP; then
-					MFP="on"
-				elif disabled MFP; then
-					MFP="off"
-				else
-					error "Invalid value for --mfp: ${MFP}"
-					return ${EXIT_ERROR}
-				fi
+				MFP="$(cli_get_bool "${1}")"
 				;;
 			--mode=*)
 				MODE=$(cli_get_val "${1}")
@@ -129,9 +112,18 @@ hook_parse_cmdline() {
 			--phy=*)
 				PHY=$(cli_get_val "${1}")
 				;;
+			--secret=*)
+				SECRET="$(cli_get_val "${1}")"
+				;;
 			--ssid=*)
 				SSID=$(cli_get_val "${1}")
 				;;
+			--wpa2-personal=*)
+				WPA2_PERSONAL="$(cli_get_bool "${1}")"
+				;;
+			--wpa3-personal=*)
+				WPA3_PERSONAL="$(cli_get_bool "${1}")"
+				;;
 			*)
 				warning "Ignoring unknown argument '${1}'"
 				;;
@@ -163,6 +155,20 @@ hook_parse_cmdline() {
 		return ${EXIT_ERROR}
 	fi
 
+	# Check if SECRET is set when WPA* is enabled
+	if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then
+		if ! isset SECRET; then
+			error "Secret is not set when PSK authentication is enabled"
+			return ${EXIT_ERROR}
+		fi
+
+		# Check if SECRET is valid
+		if ! wireless_pre_shared_key_is_valid "${SECRET}"; then
+			error "The secret is in an invalid format"
+			return ${EXIT_ERROR}
+		fi
+	fi
+
 	# Save address of phy do identify it again
 	PHY=$(phy_get ${PHY})
 	PHY=$(phy_get_address ${PHY})
@@ -186,7 +192,7 @@ hook_create() {
 
 	device_exists "${port}" && exit ${EXIT_OK}
 
-	port_settings_read "${port}" ${HOOK_SETTINGS}
+	port_settings_read "${port}"
 
 	# Check if the PHY is present.
 	local phy=$(phy_get ${PHY})