From 37a83c83cdff0fc652189792d73ee12dad10edcd Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 24 Apr 2019 10:39:25 +0100
Subject: [PATCH] hostap: Enable option to force clients to use 802.11w

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.en  |  1 +
 doc/language_issues.es  |  1 +
 doc/language_issues.fr  |  1 +
 doc/language_issues.it  |  1 +
 doc/language_issues.nl  |  1 +
 doc/language_issues.pl  |  1 +
 doc/language_issues.ru  |  1 +
 doc/language_issues.tr  |  1 +
 doc/language_missings   |  7 +++++++
 html/cgi-bin/wlanap.cgi | 23 +++++++++++++++++++++++
 langs/de/cgi-bin/de.pl  |  1 +
 langs/en/cgi-bin/en.pl  |  1 +
 lfs/hostapd             |  2 +-
 13 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/doc/language_issues.en b/doc/language_issues.en
index a3aeded57e..60df810d7a 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -2176,6 +2176,7 @@ WARNING: untranslated string: wlanap interface = Select interface
 WARNING: untranslated string: wlanap invalid wpa = Invalid length in WPA Passphrase. Must be between 8 and 63 characters.
 WARNING: untranslated string: wlanap link dhcp = Wireless lan DHCP configuration
 WARNING: untranslated string: wlanap link wireless = Activate wireless lan clients
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
 WARNING: untranslated string: wlanap no interface = Selected interface is not a wirless lan card!
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 164e36dbb0..439b1f546c 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1365,5 +1365,6 @@ WARNING: untranslated string: wlanap = Access Point
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap configuration = Access Point Configuration
 WARNING: untranslated string: wlanap country = Country Code
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index df4f19eff7..97cb271474 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -881,3 +881,4 @@ WARNING: untranslated string: transport mode does not support vti = VTI is not s
 WARNING: untranslated string: update ruleset = Update ruleset
 WARNING: untranslated string: vpn statistics n2n = unknown string
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
diff --git a/doc/language_issues.it b/doc/language_issues.it
index b2df1499ea..a5923b3ddb 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1032,5 +1032,6 @@ WARNING: untranslated string: wlan client tls version = TLS Version
 WARNING: untranslated string: wlanap = Access Point
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap configuration = Access Point Configuration
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index fa2cea18ed..a180b675d9 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1078,5 +1078,6 @@ WARNING: untranslated string: wlan client tls version = TLS Version
 WARNING: untranslated string: wlanap = Access Point
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap configuration = Access Point Configuration
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 164e36dbb0..439b1f546c 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1365,5 +1365,6 @@ WARNING: untranslated string: wlanap = Access Point
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap configuration = Access Point Configuration
 WARNING: untranslated string: wlanap country = Country Code
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index da6fecb073..d832d55601 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1360,5 +1360,6 @@ WARNING: untranslated string: wlanap = Access Point
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap configuration = Access Point Configuration
 WARNING: untranslated string: wlanap country = Country Code
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index d18b14f01a..1419af4b9d 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -895,5 +895,6 @@ WARNING: untranslated string: vpn start action add = Wait for connection initiat
 WARNING: untranslated string: vpn statistics n2n = unknown string
 WARNING: untranslated string: vpn wait = WAITING
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
+WARNING: untranslated string: wlanap management frame protection = Management Frame Protection (802.11w)
 WARNING: untranslated string: wlanap neighbor scan = Neighborhood scan
 WARNING: untranslated string: wlanap neighbor scan warning = Warning! Disabling may violate regulatory rules!
diff --git a/doc/language_missings b/doc/language_missings
index 7e7ccfdde5..e41d14fb2a 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -795,6 +795,7 @@
 < wlanap auto
 < wlanap configuration
 < wlanap country
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlan client
@@ -904,6 +905,7 @@
 < update ruleset
 < Weekly
 < wlanap auto
+< wlanap management frame protection
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1161,6 +1163,7 @@
 < wlanap
 < wlanap auto
 < wlanap configuration
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlan client anonymous identity
@@ -1492,6 +1495,7 @@
 < wlanap
 < wlanap auto
 < wlanap configuration
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlan client anonymous identity
@@ -2232,6 +2236,7 @@
 < wlanap auto
 < wlanap configuration
 < wlanap country
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlan client
@@ -3009,6 +3014,7 @@
 < wlanap auto
 < wlanap configuration
 < wlanap country
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlan client
@@ -3133,5 +3139,6 @@
 < vpn wait
 < Weekly
 < wlanap auto
+< wlanap management frame protection
 < wlanap neighbor scan
 < wlanap neighbor scan warning
diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
index 5120e2eae7..dd30e442b5 100644
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -76,6 +76,7 @@ $wlanapsettings{'HTCAPS'} = '';
 $wlanapsettings{'VHTCAPS'} = '';
 $wlanapsettings{'NOSCAN'} = 'off';
 $wlanapsettings{'CLIENTISOLATION'} = 'off';
+$wlanapsettings{'IEEE80211W'} = 'off';
 
 &General::readhash("/var/ipfire/wlanap/settings", \%wlanapsettings);
 &Header::getcgihash(\%wlanapsettings);
@@ -257,6 +258,10 @@ $checked{'CLIENTISOLATION'}{'off'} = '';
 $checked{'CLIENTISOLATION'}{'on'} = '';
 $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'";
 
+$checked{'IEEE80211W'}{'off'} = '';
+$checked{'IEEE80211W'}{'on'} = '';
+$checked{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "checked='checked'";
+
 $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'";
 $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'";
 $selected{'COUNTRY'}{$wlanapsettings{'COUNTRY'}} = "selected='selected'";
@@ -443,6 +448,17 @@ print<<END
 	</select>
 </td></tr>
 <tr><td width='25%' class='base'>Passphrase:&nbsp;</td><td class='base' colspan='3'><input type='text' name='PWD' size='30' value='$wlanapsettings{'PWD'}' /></td></tr>
+<tr>
+	<td width='25%' class='base'>$Lang::tr{'wlanap management frame protection'}:&nbsp;</td>
+	<td class='base' colspan="3">
+		<label>
+			$Lang::tr{'on'} <input type='radio' name='IEEE80211W' value='on' $checked{'IEEE80211W'}{'on'} />
+		</label> |
+		<label>
+			<input type='radio' name='IEEE80211W' value='off' $checked{'IEEE80211W'}{'off'} /> $Lang::tr{'off'}
+		</label>
+	</td>
+</tr>
 <tr><td colspan='4'><br></td></tr>
 END
 ;
@@ -667,6 +683,13 @@ END
 
  }
 
+ # Management Frame Protection (802.11w)
+ if ($wlanapsettings{'IEEE80211W'} eq "on") {
+	print CONFIGFILE "ieee80211w=2\n";
+ } else {
+	print CONFIGFILE "ieee80211w=0\n";
+ }
+
  if ( $wlanapsettings{'ENC'} eq 'wpa1'){
 	print CONFIGFILE <<END
 ######################### wpa hostapd configuration ############################
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 4c61150cac..8b5723a126 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2851,6 +2851,7 @@
 'wlanap invalid wpa' => 'UngÃ¼ltige LÃ¤nge in WPA-Passphrase. Muss zwischen 8 und 63 Zeichen lang sein.',
 'wlanap link dhcp' => 'Wireless Lan DHCP-Einstellungen',
 'wlanap link wireless' => 'Wireless Lan Clients freischalten',
+'wlanap management frame protection' => 'Management Frame Protection (802.11w)',
 'wlanap neighbor scan' => 'Nachbarschaftsscan',
 'wlanap neighbor scan warning' => 'Warnung! Deaktivierung kann gegen Funkregeln verstoÃen.',
 'wlanap no interface' => 'AusgewÃ¤hltes Interface ist keine WLAN-Karte!',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8e8fea0598..8ae154247c 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2900,6 +2900,7 @@
 'wlanap invalid wpa' => 'Invalid length in WPA Passphrase. Must be between 8 and 63 characters.',
 'wlanap link dhcp' => 'Wireless lan DHCP configuration',
 'wlanap link wireless' => 'Activate wireless lan clients',
+'wlanap management frame protection' => 'Management Frame Protection (802.11w)',
 'wlanap neighbor scan' => 'Neighborhood scan',
 'wlanap neighbor scan warning' => 'Warning! Disabling may violate regulatory rules!',
 'wlanap no interface' => 'Selected interface is not a wirless lan card!',
diff --git a/lfs/hostapd b/lfs/hostapd
index c2830b88a4..ce399df754 100644
--- a/lfs/hostapd
+++ b/lfs/hostapd
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = hostapd
-PAK_VER    = 46
+PAK_VER    = 47
 
 DEPS       = ""
 
-- 
2.39.2