| Message ID | 20240304214243.3677-2-ansuelsmth@gmail.com |
|---|---|
| State | Under Review |
| Delegated to: | Ansuel Smith |
| Headers | show
Return-Path:
<openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=meh55y9O;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=LxnRVhKV;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpXKv4Mkhz23qq
for <incoming@patchwork.ozlabs.org>; Tue, 5 Mar 2024 08:45:07 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
List-Owner; bh=Tc72Z2TJooqYsn3Jl2EHd4OHlBFSB/HPd1ZmvtnJWpA=; b=meh55y9OJ7eDpN
ePUZ31eGYxSVmZEwZa3ePb0x4sk+Mjjsb8wt6hMWXjv2p9U79lMPhuRAhfiLEK+3Lpu53dopJeRyn
soNwKG9rKq/yck81nIxxlHEbYWZxbiI7yR9KaE58b0dF+d4Zf2oCoCL7ynMmaB1sb+LFqmf9zM+c3
TLVehfLTYGWkLB8GE7vi/T+GPacfbpfQGQuVtcqf597jSa+30Q1K4ZcXx6DAi79EvFynjliVWnCFU
4CX63GhXpPwH4Sb6NBLLnXcnF8HGdErPWQpArU6YDOIYwy0xQXfAO8hFcmTWEMoz2GSC3Zqdmz1pM
rLJEyFJZOhQT2Yrb53dg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
id 1rhG5Q-0000000AoYK-1v12;
Mon, 04 Mar 2024 21:43:04 +0000
Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430])
by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
id 1rhG5K-0000000AoX0-1f4J
for openwrt-devel@lists.openwrt.org;
Mon, 04 Mar 2024 21:42:59 +0000
Received: by mail-wr1-x430.google.com with SMTP id
ffacd0b85a97d-33d2b354c72so3761557f8f.1
for <openwrt-devel@lists.openwrt.org>;
Mon, 04 Mar 2024 13:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1709588576; x=1710193376;
darn=lists.openwrt.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=;
b=LxnRVhKVEKnQlyEf0J9jMRKFNBvPWjgcSbBPxM6yXL1PFSXUAOkQokllYdx3QOWdUw
yC3G6Fx+CihABrCsUtfb+Sp6UO8BZAb/FdfrWf28lkzvUGrSdfwWNx7PgvivN4OWZE6/
U0iDlc/rTiCVtXQZfi4Yj11DgWdEu/fLsMCbIagzBP4VkAeaJ39wYQvwc6AAFWfEyp6a
HXDhhV39TWEVrANlB8jImSiz5O2gHECPhk6tBMgDZ7Jysp1AIXI2Oswl6Mph4MTvIwKh
MmjU37nw8HngaAeOYigpV5r8fm4UVP1/X2J6rmze8H38KAXA5jPBuUSgFKYDH0JXqAxB
09DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709588576; x=1710193376;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=;
b=nvE8iU21B/Zh/eB5XzTkpoduVhKBHuz3mHyx+sKqM8lLCq4yEVLmC8ahEeuacNUYz1
4dzBSvrB/19zXmS7wNns5tm7GyepHlsbu770Wpvxu3H3RcteBsS/FkybHlUClWqUIISF
1T2m3KrFhU3HONAhE6AYJb1YviTPlYDj3Njzi13IOTAUfVhd+Eh6sKidYMrJJ9wSzJ5s
sOr0QQoo6YlcMrwFLYsdFzaMZlHD7b+UYl3es0xbmdx12zQw6+yO3d930tmpeY2iKZ9E
9klOogShY/ONFZ2j+qgszqr+GwUlasnNnJ2s2jjlsthAuddHTaCi6KfX6yrCiMXt02c5
sB8w==
X-Gm-Message-State: AOJu0Yw8bYdVCUKjAYIB5mQ9qF+qXoFYerBqun8bSb+Lx5Gad0BKTxqM
IUXzOBKv/HRABjegAFjQZGuM8zY0nqzOKgGsVT8kL1T97YjHUSseBqHCM6b8U7k=
X-Google-Smtp-Source:
AGHT+IEGEucUX46sW6WQnld0zPwz2pO5G7Io9uQ8x63N0Z56+hVmXqIhAvW3LG/Ajykpc1E9KhkuVg==
X-Received: by 2002:a5d:4211:0:b0:33d:f1d4:37e7 with SMTP id
n17-20020a5d4211000000b0033df1d437e7mr6715716wrq.5.1709588576173;
Mon, 04 Mar 2024 13:42:56 -0800 (PST)
Received: from localhost.localdomain (93-34-89-13.ip49.fastwebnet.it.
[93.34.89.13])
by smtp.googlemail.com with ESMTPSA id
bo16-20020a056000069000b0033e422d0963sm2611565wrb.41.2024.03.04.13.42.55
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 04 Mar 2024 13:42:55 -0800 (PST)
From: Christian Marangi <ansuelsmth@gmail.com>
To: OpenWrt Development List <openwrt-devel@lists.openwrt.org>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Subject: [PATCH 1/3] wifi-scripts: permit hostapd to access wpa_psk_file
Date: Mon, 4 Mar 2024 22:42:16 +0100
Message-ID: <20240304214243.3677-2-ansuelsmth@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240304214243.3677-1-ansuelsmth@gmail.com>
References: <20240304214243.3677-1-ansuelsmth@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20240304_134258_469192_9769C7E7
X-CRM114-Status: GOOD ( 15.53 )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hostapd require access to the wpa_psk_file to insert data
in the context of WPS usage. From hostapd.conf documentation: Note: If
wpa_psk_file
is set, WPS is used to generate random,
per-device PSKs that will be appended
to the wpa_psk_file. If wpa_psk_file is not set, the default PSK (w [...]
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2a00:1450:4864:20:0:0:0:430 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's
domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[ansuelsmth(at)gmail.com]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To:
openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org
|
| Series |
wifi-scripts: fix WPS usage
|
expand
|
diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 763702e76b..a357418fe1 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -689,7 +689,10 @@ hostapd_set_bss_options() { fi [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk [ -n "$wpa_psk_file" ] && { - [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" + [ -e "$wpa_psk_file" ] || { + touch "$wpa_psk_file" + chown network:network "$wpa_psk_file" + } append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
Hostapd require access to the wpa_psk_file to insert data in the context of WPS usage. From hostapd.conf documentation: Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of per-device PSKs is recommended as the more secure option (i.e., make sure to set wpa_psk_file when using WPS with WPA-PSK). Since we set the option by default, we involuntary enabled also this WPS feature, that was broken all this time because we create the wpa_psk_file as root and hostapd doesn't have access to it to write the per-device psk. Giving correct permission makes hostapd correctly write the entry and permits devices connected with WPS Push-Button to re-authenticate on next connection. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> --- .../network/config/wifi-scripts/files/lib/netifd/hostapd.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)