From 13cbb92ad415680c9501b896cd858d3ec6de5074 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 20 Oct 2020 09:15:03 +0000 Subject: [PATCH] hostapd: Allow to make Management Frame Protection optional WPA3 mandates MFP, but many clients do not support it at all. Therefore this can now be set to optional and clients will fall back to WPA2. Signed-off-by: Michael Tremer --- doc/language_issues.de | 3 +++ doc/language_issues.en | 3 +++ doc/language_issues.es | 3 +++ doc/language_issues.fr | 3 +++ doc/language_issues.it | 3 +++ doc/language_issues.nl | 3 +++ doc/language_issues.pl | 3 +++ doc/language_issues.ru | 3 +++ doc/language_issues.tr | 3 +++ doc/language_missings | 24 ++++++++++++++++++++++++ html/cgi-bin/wlanap.cgi | 20 +++++++++++--------- langs/en/cgi-bin/en.pl | 3 +++ 12 files changed, 65 insertions(+), 9 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 6fcafc460a..f3246cd18d 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -888,3 +888,6 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index c0a618da6c..9efb56a39c 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2138,6 +2138,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap channel = Channel diff --git a/doc/language_issues.es b/doc/language_issues.es index 689eeca7cd..e01f5aa98b 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 632acf938c..1f56544561 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -925,3 +925,6 @@ WARNING: untranslated string: samba server role standalone = Standalone WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.it b/doc/language_issues.it index 99a7f3e8d7..2f41213a83 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1191,6 +1191,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2afa7b0f30..d486349bc1 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1231,6 +1231,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 689eeca7cd..e01f5aa98b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.ru b/doc/language_issues.ru index ac9715beb9..cc2fe74899 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1508,6 +1508,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 7613e2ff75..99ead4c4a1 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1055,6 +1055,9 @@ WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_missings b/doc/language_missings index a1fcdc334f..c519c5a6a0 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -61,6 +61,9 @@ < user management < vpn configuration main < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -869,6 +872,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -958,6 +964,9 @@ < upload fcdsl.o < user management < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1287,6 +1296,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -1710,6 +1722,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -2541,6 +2556,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3410,6 +3428,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3630,6 +3651,9 @@ < vulnerable < Weekly < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 29fdd1cd56..fd7e9a6798 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -258,9 +258,10 @@ $checked{'CLIENTISOLATION'}{'off'} = ''; $checked{'CLIENTISOLATION'}{'on'} = ''; $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'"; -$checked{'IEEE80211W'}{'off'} = ''; -$checked{'IEEE80211W'}{'on'} = ''; -$checked{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "checked='checked'"; +$selected{'IEEE80211W'}{'off'} = ''; +$selected{'IEEE80211W'}{'optional'} = ''; +$selected{'IEEE80211W'}{'on'} = ''; +$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected"; $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'"; $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'"; @@ -451,12 +452,11 @@ print< $Lang::tr{'wlanap management frame protection'}:  - | - +
@@ -686,6 +686,8 @@ END # Management Frame Protection (802.11w) if ($wlanapsettings{'IEEE80211W'} eq "on") { print CONFIGFILE "ieee80211w=2\n"; + } elsif ($wlanapsettings{'IEEE80211W'} eq "optional") { + print CONFIGFILE "ieee80211w=1\n"; } else { print CONFIGFILE "ieee80211w=0\n"; } diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0b4f098a7c..d00de3d037 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2962,6 +2962,9 @@ 'wlan client wpa mode tkip tkip' => 'TKIP-TKIP', 'wlan clients' => 'Wireless clients', 'wlanap' => 'Access Point', +'wlanap 802.11w disabled' => 'Disabled', +'wlanap 802.11w enforced' => 'Enforced', +'wlanap 802.11w optional' => 'Optional', 'wlanap auto' => 'Automatic Channel Selection', 'wlanap broadcast ssid' => 'Broadcast SSID', 'wlanap channel' => 'Channel', -- 2.39.2