From patchwork Mon Mar 4 21:42:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Marangi X-Patchwork-Id: 1907897 X-Patchwork-Delegate: ansuelsmth@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=meh55y9O; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=LxnRVhKV; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpXKv4Mkhz23qq for ; Tue, 5 Mar 2024 08:45:07 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Tc72Z2TJooqYsn3Jl2EHd4OHlBFSB/HPd1ZmvtnJWpA=; b=meh55y9OJ7eDpN ePUZ31eGYxSVmZEwZa3ePb0x4sk+Mjjsb8wt6hMWXjv2p9U79lMPhuRAhfiLEK+3Lpu53dopJeRyn soNwKG9rKq/yck81nIxxlHEbYWZxbiI7yR9KaE58b0dF+d4Zf2oCoCL7ynMmaB1sb+LFqmf9zM+c3 TLVehfLTYGWkLB8GE7vi/T+GPacfbpfQGQuVtcqf597jSa+30Q1K4ZcXx6DAi79EvFynjliVWnCFU 4CX63GhXpPwH4Sb6NBLLnXcnF8HGdErPWQpArU6YDOIYwy0xQXfAO8hFcmTWEMoz2GSC3Zqdmz1pM rLJEyFJZOhQT2Yrb53dg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhG5Q-0000000AoYK-1v12; Mon, 04 Mar 2024 21:43:04 +0000 Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rhG5K-0000000AoX0-1f4J for openwrt-devel@lists.openwrt.org; Mon, 04 Mar 2024 21:42:59 +0000 Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-33d2b354c72so3761557f8f.1 for ; Mon, 04 Mar 2024 13:42:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709588576; x=1710193376; darn=lists.openwrt.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=; b=LxnRVhKVEKnQlyEf0J9jMRKFNBvPWjgcSbBPxM6yXL1PFSXUAOkQokllYdx3QOWdUw yC3G6Fx+CihABrCsUtfb+Sp6UO8BZAb/FdfrWf28lkzvUGrSdfwWNx7PgvivN4OWZE6/ U0iDlc/rTiCVtXQZfi4Yj11DgWdEu/fLsMCbIagzBP4VkAeaJ39wYQvwc6AAFWfEyp6a HXDhhV39TWEVrANlB8jImSiz5O2gHECPhk6tBMgDZ7Jysp1AIXI2Oswl6Mph4MTvIwKh MmjU37nw8HngaAeOYigpV5r8fm4UVP1/X2J6rmze8H38KAXA5jPBuUSgFKYDH0JXqAxB 09DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709588576; x=1710193376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=; b=nvE8iU21B/Zh/eB5XzTkpoduVhKBHuz3mHyx+sKqM8lLCq4yEVLmC8ahEeuacNUYz1 4dzBSvrB/19zXmS7wNns5tm7GyepHlsbu770Wpvxu3H3RcteBsS/FkybHlUClWqUIISF 1T2m3KrFhU3HONAhE6AYJb1YviTPlYDj3Njzi13IOTAUfVhd+Eh6sKidYMrJJ9wSzJ5s sOr0QQoo6YlcMrwFLYsdFzaMZlHD7b+UYl3es0xbmdx12zQw6+yO3d930tmpeY2iKZ9E 9klOogShY/ONFZ2j+qgszqr+GwUlasnNnJ2s2jjlsthAuddHTaCi6KfX6yrCiMXt02c5 sB8w== X-Gm-Message-State: AOJu0Yw8bYdVCUKjAYIB5mQ9qF+qXoFYerBqun8bSb+Lx5Gad0BKTxqM IUXzOBKv/HRABjegAFjQZGuM8zY0nqzOKgGsVT8kL1T97YjHUSseBqHCM6b8U7k= X-Google-Smtp-Source: AGHT+IEGEucUX46sW6WQnld0zPwz2pO5G7Io9uQ8x63N0Z56+hVmXqIhAvW3LG/Ajykpc1E9KhkuVg== X-Received: by 2002:a5d:4211:0:b0:33d:f1d4:37e7 with SMTP id n17-20020a5d4211000000b0033df1d437e7mr6715716wrq.5.1709588576173; Mon, 04 Mar 2024 13:42:56 -0800 (PST) Received: from localhost.localdomain (93-34-89-13.ip49.fastwebnet.it. [93.34.89.13]) by smtp.googlemail.com with ESMTPSA id bo16-20020a056000069000b0033e422d0963sm2611565wrb.41.2024.03.04.13.42.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Mar 2024 13:42:55 -0800 (PST) From: Christian Marangi To: OpenWrt Development List Cc: Christian Marangi Subject: [PATCH 1/3] wifi-scripts: permit hostapd to access wpa_psk_file Date: Mon, 4 Mar 2024 22:42:16 +0100 Message-ID: <20240304214243.3677-2-ansuelsmth@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240304214243.3677-1-ansuelsmth@gmail.com> References: <20240304214243.3677-1-ansuelsmth@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240304_134258_469192_9769C7E7 X-CRM114-Status: GOOD ( 15.53 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hostapd require access to the wpa_psk_file to insert data in the context of WPS usage. From hostapd.conf documentation: Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the default PSK (w [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:430 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [ansuelsmth(at)gmail.com] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Hostapd require access to the wpa_psk_file to insert data in the context of WPS usage. From hostapd.conf documentation: Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of per-device PSKs is recommended as the more secure option (i.e., make sure to set wpa_psk_file when using WPS with WPA-PSK). Since we set the option by default, we involuntary enabled also this WPS feature, that was broken all this time because we create the wpa_psk_file as root and hostapd doesn't have access to it to write the per-device psk. Giving correct permission makes hostapd correctly write the entry and permits devices connected with WPS Push-Button to re-authenticate on next connection. Signed-off-by: Christian Marangi --- .../network/config/wifi-scripts/files/lib/netifd/hostapd.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 763702e76b..a357418fe1 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -689,7 +689,10 @@ hostapd_set_bss_options() { fi [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk [ -n "$wpa_psk_file" ] && { - [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" + [ -e "$wpa_psk_file" ] || { + touch "$wpa_psk_file" + chown network:network "$wpa_psk_file" + } append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"