wifi-scripts: fix corner case in RSN override support

When used, all relevant parameters need to be set

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
index eccd5824cf8d318e26be79fd92ac807ea1609e56..add9ec137b48060c66a0b34d4e9e1d00b7c88daf 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -173,8 +173,7 @@ function iface_auth_type(config) {
                'eapol_version', 'dynamic_vlan', 'radius_request_cui', 'eap_reauth_period',
                'radius_das_client', 'radius_das_port', 'own_ip_addr', 'dynamic_own_ip_addr',
                'wpa_disable_eapol_key_retries', 'auth_algs', 'wpa', 'wpa_pairwise',
-               'erp_domain', 'fils_realm', 'erp_send_reauth_start', 'fils_cache_id',
-               'rsn_override_pairwise', 'rsn_override_mfp'
+               'erp_domain', 'fils_realm', 'erp_send_reauth_start', 'fils_cache_id'
        ]);
 }
 
@@ -479,9 +478,19 @@ export function generate(interface, data, config, vlans, stas, phy_features) {
        iface.wpa_key_mgmt(config);
        append_vars(config, [
                'wpa_key_mgmt',
-               'rsn_override_key_mgmt'
        ]);
 
+       if (config.rsn_override_key_mgmt || config.rsn_override_pairwise) {
+               config.rsn_override_mfp ??= config.ieee80211w;
+               config.rsn_override_key_mgmt ??= config.wpa_key_mgmt;
+               config.rsn_override_pairwise ??= config.wpa_pairwise;
+               append_vars(config, [
+                       'rsn_override_key_mgmt',
+                       'rsn_override_pairwise',
+                       'rsn_override_mfp'
+               ]);
+       }
+
        /* raw options */
        for (let raw in config.hostapd_options)
                append_raw(raw);

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index dd96505f09b09f39e1e002c346642c292ec7d12b..623e8ffdb2c88fe68303e113825417591b34a4d2 100644 (file)
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -862,7 +862,6 @@ hostapd_set_bss_options() {
        append bss_conf "auth_algs=${auth_algs:-1}" "$N"
        append bss_conf "wpa=$wpa" "$N"
        [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N"
-       [ -n "$rsn_override_pairwise" ] && append bss_conf "rsn_override_pairwise=$rsn_override_pairwise" "$N"
 
        set_default wps_pushbutton 0
        set_default wps_label 0
@@ -975,7 +974,11 @@ hostapd_set_bss_options() {
 
                hostapd_append_wpa_key_mgmt
                [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
-               [ -n "$rsn_override_key_mgmt" ] && append bss_conf "rsn_override_key_mgmt=$rsn_override_key_mgmt" "$N"
+               [ -n "$rsn_override_key_mgmt" -o -n "$rsn_override_pairwise" ] && {
+                       append bss_conf "rsn_override_key_mgmt=${rsn_override_key_mgmt:-$wpa_key_mgmt}" "$N"
+                       append bss_conf "rsn_override_pairwise=${rsn_override_pairwise:-$wpa_pairwise}" "$N"
+                       append bss_conf "rsn_override_mfp=$ieee80211w" "$N"
+               }
        fi
 
        if [ "$wpa" -ge "2" ]; then