wireless-ap: Check that secret has the correct length and no invalid characters

[people/ms/network.git] / src / hooks / ports / wireless-ap

diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
index 7176ee58dfe54768e151a30ed7697c24568d1f24..26e14d63f53ef32430da9af9e343dd3c4b949c95 100644 (file)
--- a/src/hooks/ports/wireless-ap
+++ b/src/hooks/ports/wireless-ap
@@ -50,8 +50,7 @@ DEFAULT_BROADCAST_SSID="on"
 DEFAULT_DFS="on"
 
 # 802.11w - Management Frame Protection
-# Disable by default because many clients cannot connect when enabled
-DEFAULT_MFP="off"
+DEFAULT_MFP="on"
 
 DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
 
@@ -85,16 +84,7 @@ hook_parse_cmdline() {
                                CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
                                ;;
                        --dfs=*)
-                               DFS="$(cli_get_val "${1}")"
-
-                               if enabled DFS; then
-                                       DFS="on"
-                               elif disabled DFS; then
-                                       DFS="off"
-                               else
-                                       error "Invalid value for DFS: ${DFS}"
-                                       return ${EXIT_ERROR}
-                               fi
+                               DFS="$(cli_get_bool "${1}")"
                                ;;
                        --environment=*)
                                ENVIRONMENT="$(cli_get_val "${1}")"
@@ -108,16 +98,7 @@ hook_parse_cmdline() {
                                ADDRESS=$(cli_get_val "${1}")
                                ;;
                        --mfp=*)
-                               MFP="$(cli_get_val "${1}")"
-
-                               if enabled MFP; then
-                                       MFP="on"
-                               elif disabled MFP; then
-                                       MFP="off"
-                               else
-                                       error "Invalid value for --mfp: ${MFP}"
-                                       return ${EXIT_ERROR}
-                               fi
+                               MFP="$(cli_get_bool "${1}")"
                                ;;
                        --mode=*)
                                MODE=$(cli_get_val "${1}")
@@ -175,9 +156,17 @@ hook_parse_cmdline() {
        fi
 
        # Check if SECRET is set when WPA* is enabled
-       if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
-               error "Secret is not set when PSK authentication is enabled"
-               return ${EXIT_ERROR}
+       if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then
+               if ! isset SECRET; then
+                       error "Secret is not set when PSK authentication is enabled"
+                       return ${EXIT_ERROR}
+               fi
+
+               # Check if SECRET is valid
+               if ! wireless_pre_shared_key_is_valid "${SECRET}"; then
+                       error "The secret is in an invalid format"
+                       return ${EXIT_ERROR}
+               fi
        fi
 
        # Save address of phy do identify it again