From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 31 Mar 2019 11:10:30 +0000 (+0200)
Subject: hostapd: Require MFP for SAE when it is enabled
X-Git-Url: http://git.ipfire.org/?p=people%2Fms%2Fnetwork.git;a=commitdiff_plain;h=1ef692c599a77fcb0683e3196b8f4b56f52644da

hostapd: Require MFP for SAE when it is enabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
index 095beb8e..410e6e58 100644
--- a/src/functions/functions.hostapd
+++ b/src/functions/functions.hostapd
@@ -407,6 +407,7 @@ hostapd_config_write() {
 	local wpa_passphrase
 	local sae_password
 	local wpa_strict_rekey
+	local sae_require_mfp
 
 	# WPA3 Personal
 	if enabled WPA3_PERSONAL; then
@@ -416,6 +417,10 @@ hostapd_config_write() {
 		# Add WPA key management
 		list_append wpa_key_mgmt "SAE"
 		sae_password="${secret}"
+
+		if enabled MFP; then
+			sae_require_mfp="1"
+		fi
 	fi
 
 	# WPA2 Personal
@@ -441,7 +446,7 @@ hostapd_config_write() {
 
 	local var
 	for var in wpa wpa_key_mgmt wpa_passphrase sae_password \
-			rsn_pairwise group_cipher wpa_strict_rekey; do
+			rsn_pairwise group_cipher wpa_strict_rekeyi sae_require_mfp; do
 		if [ -n "${!var}" ]; then
 			print "${var}=${!var}"
 		fi