From patchwork Mon Mar  4 21:42:16 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Marangi <ansuelsmth@gmail.com>
X-Patchwork-Id: 1907897
X-Patchwork-Delegate: ansuelsmth@gmail.com
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=meh55y9O;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=LxnRVhKV;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpXKv4Mkhz23qq
	for <incoming@patchwork.ozlabs.org>; Tue,  5 Mar 2024 08:45:07 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=Tc72Z2TJooqYsn3Jl2EHd4OHlBFSB/HPd1ZmvtnJWpA=; b=meh55y9OJ7eDpN
	ePUZ31eGYxSVmZEwZa3ePb0x4sk+Mjjsb8wt6hMWXjv2p9U79lMPhuRAhfiLEK+3Lpu53dopJeRyn
	soNwKG9rKq/yck81nIxxlHEbYWZxbiI7yR9KaE58b0dF+d4Zf2oCoCL7ynMmaB1sb+LFqmf9zM+c3
	TLVehfLTYGWkLB8GE7vi/T+GPacfbpfQGQuVtcqf597jSa+30Q1K4ZcXx6DAi79EvFynjliVWnCFU
	4CX63GhXpPwH4Sb6NBLLnXcnF8HGdErPWQpArU6YDOIYwy0xQXfAO8hFcmTWEMoz2GSC3Zqdmz1pM
	rLJEyFJZOhQT2Yrb53dg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5Q-0000000AoYK-1v12;
	Mon, 04 Mar 2024 21:43:04 +0000
Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5K-0000000AoX0-1f4J
	for openwrt-devel@lists.openwrt.org;
	Mon, 04 Mar 2024 21:42:59 +0000
Received: by mail-wr1-x430.google.com with SMTP id
 ffacd0b85a97d-33d2b354c72so3761557f8f.1
        for <openwrt-devel@lists.openwrt.org>;
 Mon, 04 Mar 2024 13:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1709588576; x=1710193376;
 darn=lists.openwrt.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=;
        b=LxnRVhKVEKnQlyEf0J9jMRKFNBvPWjgcSbBPxM6yXL1PFSXUAOkQokllYdx3QOWdUw
         yC3G6Fx+CihABrCsUtfb+Sp6UO8BZAb/FdfrWf28lkzvUGrSdfwWNx7PgvivN4OWZE6/
         U0iDlc/rTiCVtXQZfi4Yj11DgWdEu/fLsMCbIagzBP4VkAeaJ39wYQvwc6AAFWfEyp6a
         HXDhhV39TWEVrANlB8jImSiz5O2gHECPhk6tBMgDZ7Jysp1AIXI2Oswl6Mph4MTvIwKh
         MmjU37nw8HngaAeOYigpV5r8fm4UVP1/X2J6rmze8H38KAXA5jPBuUSgFKYDH0JXqAxB
         09DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709588576; x=1710193376;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ixniMEOioMjZLZ3xAS2Q0tdJn2Aa+D6bfPTiPAI1KTU=;
        b=nvE8iU21B/Zh/eB5XzTkpoduVhKBHuz3mHyx+sKqM8lLCq4yEVLmC8ahEeuacNUYz1
         4dzBSvrB/19zXmS7wNns5tm7GyepHlsbu770Wpvxu3H3RcteBsS/FkybHlUClWqUIISF
         1T2m3KrFhU3HONAhE6AYJb1YviTPlYDj3Njzi13IOTAUfVhd+Eh6sKidYMrJJ9wSzJ5s
         sOr0QQoo6YlcMrwFLYsdFzaMZlHD7b+UYl3es0xbmdx12zQw6+yO3d930tmpeY2iKZ9E
         9klOogShY/ONFZ2j+qgszqr+GwUlasnNnJ2s2jjlsthAuddHTaCi6KfX6yrCiMXt02c5
         sB8w==
X-Gm-Message-State: AOJu0Yw8bYdVCUKjAYIB5mQ9qF+qXoFYerBqun8bSb+Lx5Gad0BKTxqM
	IUXzOBKv/HRABjegAFjQZGuM8zY0nqzOKgGsVT8kL1T97YjHUSseBqHCM6b8U7k=
X-Google-Smtp-Source: 
 AGHT+IEGEucUX46sW6WQnld0zPwz2pO5G7Io9uQ8x63N0Z56+hVmXqIhAvW3LG/Ajykpc1E9KhkuVg==
X-Received: by 2002:a5d:4211:0:b0:33d:f1d4:37e7 with SMTP id
 n17-20020a5d4211000000b0033df1d437e7mr6715716wrq.5.1709588576173;
        Mon, 04 Mar 2024 13:42:56 -0800 (PST)
Received: from localhost.localdomain (93-34-89-13.ip49.fastwebnet.it.
 [93.34.89.13])
        by smtp.googlemail.com with ESMTPSA id
 bo16-20020a056000069000b0033e422d0963sm2611565wrb.41.2024.03.04.13.42.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Mar 2024 13:42:55 -0800 (PST)
From: Christian Marangi <ansuelsmth@gmail.com>
To: OpenWrt Development List <openwrt-devel@lists.openwrt.org>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Subject: [PATCH 1/3] wifi-scripts: permit hostapd to access wpa_psk_file
Date: Mon,  4 Mar 2024 22:42:16 +0100
Message-ID: <20240304214243.3677-2-ansuelsmth@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240304214243.3677-1-ansuelsmth@gmail.com>
References: <20240304214243.3677-1-ansuelsmth@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240304_134258_469192_9769C7E7 
X-CRM114-Status: GOOD (  15.53  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hostapd require access to the wpa_psk_file to insert data
   in the context of WPS usage. From hostapd.conf documentation: Note: If
 wpa_psk_file
    is set, WPS is used to generate random,
 per-device PSKs that will be appended
    to the wpa_psk_file. If wpa_psk_file is not set,
 the default PSK (w [...]    
 Content analysis details:   (-0.2 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/, no
                             trust
                             [2a00:1450:4864:20:0:0:0:430 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider
                             [ansuelsmth(at)gmail.com]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Hostapd require access to the wpa_psk_file to insert data in the context
of WPS usage.

From hostapd.conf documentation:
  Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs
  that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the
  default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of
  per-device PSKs is recommended as the more secure option (i.e., make sure to
  set wpa_psk_file when using WPS with WPA-PSK).

Since we set the option by default, we involuntary enabled also this WPS
feature, that was broken all this time because we create the
wpa_psk_file as root and hostapd doesn't have access to it to write the
per-device psk.

Giving correct permission makes hostapd correctly write the entry and
permits devices connected with WPS Push-Button to re-authenticate on
next connection.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
 .../network/config/wifi-scripts/files/lib/netifd/hostapd.sh  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index 763702e76b..a357418fe1 100644
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -689,7 +689,10 @@ hostapd_set_bss_options() {
 			fi
 			[ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
 			[ -n "$wpa_psk_file" ] && {
-				[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
+				[ -e "$wpa_psk_file" ] || {
+					touch "$wpa_psk_file"
+					chown network:network "$wpa_psk_file"
+				}
 				append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
 			}
 			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"

From patchwork Mon Mar  4 21:42:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Marangi <ansuelsmth@gmail.com>
X-Patchwork-Id: 1907896
X-Patchwork-Delegate: ansuelsmth@gmail.com
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=a03VLv7o;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=evPheDh+;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpXKv4Jpvz23cm
	for <incoming@patchwork.ozlabs.org>; Tue,  5 Mar 2024 08:45:07 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=DKdbqxninMfXN/PueyFXidSI21VPJb1rzud/xmD88ic=; b=a03VLv7oDHknFq
	xd+G1g11wpE2iMKenjJF7rsEPu4a3LM2iqcK5RfWaU3DhJcX+ujPAvPvGUo3p8ZsGOujW/NpgRZpo
	yT4eeMiD+tUlOboo17sQt14AFwQXNM/TA8COCtZPvL19tp2H3ng9+Zd5Ojn7LlLf1pfUgaiVUDfBJ
	GUjweloT/XKfZXSjHj0MUAxATA8NySt4n1w4lMPHTxqiqgHtLOjIqObHxNpTowyYlFu9HDUHw5sKA
	VDWn7UhuuV1hB5PvbKJjYtmN1NBoDF2qw1lQoro96TsDgDZpaZ9b3DHhq8welSaWWgxo1J1uPP8rL
	SOxVN+7y039KPYEiR18Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5U-0000000AoZ5-2ib0;
	Mon, 04 Mar 2024 21:43:08 +0000
Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5L-0000000AoXS-3MEg
	for openwrt-devel@lists.openwrt.org;
	Mon, 04 Mar 2024 21:43:01 +0000
Received: by mail-wr1-x433.google.com with SMTP id
 ffacd0b85a97d-33e17fc5aceso2376207f8f.0
        for <openwrt-devel@lists.openwrt.org>;
 Mon, 04 Mar 2024 13:42:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1709588578; x=1710193378;
 darn=lists.openwrt.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=NW7WHaM7If0rWwFig3SKPPkTHVru3ztIJMsB8iYPsyM=;
        b=evPheDh+bXqs21JjJp1/6tq4csgdfr/k8w4C5YHvg8GAla3bknAlBZIsXzKKlGX9WD
         bAusupidtmmvkZJjwCYsdc/j/uM/N8pzqFsQFQ3lupNsivWLjRBCb/3VIgRHGGgY1JlL
         dPgzqNo2xHno1n/kEkxU3lBmJ76VdT057pThO0A/DaZcZ5lE/9uPe+tS/mvGOyaZtaut
         P/e85XemqYr3AGfmBP4xDSWExse718dGtgqcmg0pbQLd/J2XZ59Omle3XRfKwOM3/lfP
         k62KslHORwlZ9Ld+xtLvrfXLSTP6TtQW/Na+9d2c3dMI/NApoaVWgdvgVLngo/WjjtFH
         szVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709588578; x=1710193378;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NW7WHaM7If0rWwFig3SKPPkTHVru3ztIJMsB8iYPsyM=;
        b=gF2H5uuX8umOqP/Ta0QfGMf5RDRu7BX4hdLy4CnPQlMuHcsuE6XdhZfbyka973777E
         mzbvS/fQZTjnXeq8frOtfvaHij6G0bmPy9ePWdxe34Q/E1AnRS5uBVJUsb/ZoueNnsFu
         AXbTrTztADfTNIx+DlS1IPeFLyEYWi7jW3ly8h4w7SuuA8cqvRFOjWfU67JZEl8O6/U+
         8HGATMEqNWFo7C9RPV+DiIEWPjeMkyL5qDnStTY5UCMwA48/ZBnzL7GrmVtyDHnT6keg
         QS5CT4sg79A3Y7d49NnRk17p61iIYXYvrxEL4GtV4i/CpXvyvQpWn0HNfkTjTDDmJHlA
         A/zg==
X-Gm-Message-State: AOJu0YzFoDsimDH1LtzeD2xSfVvpBhwtBWKlzrTSmKndyQjLqR25V5rg
	z7p3kqF/fXnvs1l1en6ywEDZGylpW4yjKSp0A1zYXfX241Ykt9w6zd2J/gRh+Lo=
X-Google-Smtp-Source: 
 AGHT+IE1v6MUPUMTETVewzQ5K+yIN7g4TYFg/Tes9PY1bPsBFhA7aNx8PqWC845wk9eIZThntHwEeQ==
X-Received: by 2002:adf:e3ca:0:b0:33e:48f9:16a3 with SMTP id
 k10-20020adfe3ca000000b0033e48f916a3mr124732wrm.1.1709588577195;
        Mon, 04 Mar 2024 13:42:57 -0800 (PST)
Received: from localhost.localdomain (93-34-89-13.ip49.fastwebnet.it.
 [93.34.89.13])
        by smtp.googlemail.com with ESMTPSA id
 bo16-20020a056000069000b0033e422d0963sm2611565wrb.41.2024.03.04.13.42.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Mar 2024 13:42:56 -0800 (PST)
From: Christian Marangi <ansuelsmth@gmail.com>
To: OpenWrt Development List <openwrt-devel@lists.openwrt.org>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Subject: [PATCH 2/3] wifi-scripts: save wpa_psk_file on permanent storage by
 default
Date: Mon,  4 Mar 2024 22:42:17 +0100
Message-ID: <20240304214243.3677-3-ansuelsmth@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240304214243.3677-1-ansuelsmth@gmail.com>
References: <20240304214243.3677-1-ansuelsmth@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240304_134300_048407_2CA4DA06 
X-CRM114-Status: GOOD (  16.39  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Save wpa_psk_file on permanent storage by default.
 Currently
    it's always created in /var/run with the hostapd files. Any user that
 would
    use this option would save this file on permanent storage to declare
 specific
    PSK per devices or for each VLAN.
 Content analysis details:   (-0.2 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/, no
                             trust
                             [2a00:1450:4864:20:0:0:0:433 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider
                             [ansuelsmth(at)gmail.com]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Save wpa_psk_file on permanent storage by default. Currently it's always
created in /var/run with the hostapd files.

Any user that would use this option would save this file on permanent
storage to declare specific PSK per devices or for each VLAN.

The file is also used for WPS to store the per-device PSK and keeping it
on /var/run on normal installation (excluding installation with
permanent /var) would result in the wpa_psk_file getting wiped on
reboot, losing all the per-device PSK saved by hostapd.

To fix this, move the wpa_psk_file to /etc/hostapd and set the default
value for the wpa_psk_file option to point to this directory.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
 package/network/config/wifi-scripts/Makefile             | 2 +-
 .../config/wifi-scripts/files/lib/netifd/hostapd.sh      | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/package/network/config/wifi-scripts/Makefile b/package/network/config/wifi-scripts/Makefile
index 085860d7c6..539d9a03c3 100644
--- a/package/network/config/wifi-scripts/Makefile
+++ b/package/network/config/wifi-scripts/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifi-scripts
 PKG_VERSION:=1.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=GPL-2.0
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index a357418fe1..71be4db67d 100644
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -687,7 +687,14 @@ hostapd_set_bss_options() {
 				wireless_setup_vif_failed INVALID_WPA_PSK
 				return 1
 			fi
-			[ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
+			[ -z "$wpa_psk_file" ] && {
+				[ -d /etc/hostapd ] || {
+					mkdir /etc/hostapd
+					chown network:netwrok /etc/hostapd
+				}
+				set_default wpa_psk_file /etc/hostapd/hostapd-$ifname.psk
+				ln -s /etc/hostapd/hostapd-$ifname.psk /var/run/hostapd-$ifname.psk
+			}
 			[ -n "$wpa_psk_file" ] && {
 				[ -e "$wpa_psk_file" ] || {
 					touch "$wpa_psk_file"

From patchwork Mon Mar  4 21:42:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Marangi <ansuelsmth@gmail.com>
X-Patchwork-Id: 1907894
X-Patchwork-Delegate: ansuelsmth@gmail.com
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=3cs/wRoj;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=Xbo6cV+t;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4TpXKs06DRz1yX3
	for <incoming@patchwork.ozlabs.org>; Tue,  5 Mar 2024 08:45:04 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=4IltHmfTtOYfyMQiSc5ZFY9AB6BDE3+wY0g4vqb1c8M=; b=3cs/wRoj2Jukkb
	lyRXxyua+kPavAif5Fb49+A+dNKs4DU1mZiJg8K1FvO0So4GgFhwaGbVh53kmdO6mxNBsX9Uqc4wS
	yUC95sxnWPUKfB4KwXovImfiI1vk092MqnTXv3ltUAX9EAcYph8Hm+F/CTx/1pI4t5wK5ouIo07q/
	4Bc+FxE/hwomfefPVCmuyh/cCS+SfYDynPhLYH4oinDKCSvg16GerOIQeL+TYmBbvc0Qxpsr5SGz2
	7tiLkx/PRcwAADKNtPXXK4jDy47iWNLwsyBpRv2tYdXP64MLhpEW0ZC5bAUmtZsVTcqfV4gscFB0A
	kpbfalgd+KtbWsRU5pUQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5W-0000000AoZi-0O1z;
	Mon, 04 Mar 2024 21:43:10 +0000
Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rhG5M-0000000AoXU-0Pu6
	for openwrt-devel@lists.openwrt.org;
	Mon, 04 Mar 2024 21:43:02 +0000
Received: by mail-wr1-x435.google.com with SMTP id
 ffacd0b85a97d-33e17fc5aceso2376212f8f.0
        for <openwrt-devel@lists.openwrt.org>;
 Mon, 04 Mar 2024 13:42:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1709588578; x=1710193378;
 darn=lists.openwrt.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/2C2W0YjM4exuK0GeyoBLoB5K5WmE+4RhMG9E8ul3N8=;
        b=Xbo6cV+tOXbLm6W4+nFEdURCzK0hGnC/4SYBLQn0O4PvivI9spIinZKuFLkwJnCRgw
         kVwCZD6jClBUIVI5aCEMzYN0EWirY495+Tkil+ko0Wp5+xIXeRtc6mjXGGF0NjJ6fH25
         I6tmPrjC6DzvCZA4DKigG5p+Thm7pt6XUzwebLJMT9bXuKSHOODeSWG2ItBo4Yd1W8x6
         yEK1bqQCxleJVNVbK3f4muuviMDl1a3DNYiw8l4WchCqyJONsUrdz6XBYgaQ7bKYB69F
         QazzsRj4Uikn4WU+ZaNycHgQnudNerKuxcd3/OAUf8pjwUFtIKUOVgYk5nkyRPF6Sf+W
         B85Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709588578; x=1710193378;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/2C2W0YjM4exuK0GeyoBLoB5K5WmE+4RhMG9E8ul3N8=;
        b=cY/GSQz570cXgSuZ3RfuFIvcVQToYKS68DtEjVC2NBZDnrxa/YUBphCZ3Ccmbu0S04
         qlUjbnt4n18md/tfN9/L++sjtmx5fPPlHumBz1tWi2FEyOTEDjyAUCbB8TaY5kAVi+gK
         B0OKYpht4/15Qo+YuHbStg4YqI6yHrnjArYsYOcBm/uF9feo5w0uXFlA4jxgSP+x1b4z
         Tf1yYBztqYRUhUKcHdkUiS0OywTC3O3w/zozPrUipbl56a2SA3sUjR/o+enzXrx/5tZ7
         3EIQ+ALW2Mf8geoNrpbwGlNkPxD8UU3fJyGaOEqCILvUMZXgF4f3KQ4KYwj9zaC1NIyT
         FFQw==
X-Gm-Message-State: AOJu0Yy4Q7it19VjxlULSgsfzO5hdHXNqZnXp0Xm0jLZwtpkimcK2I0V
	xviuR46zwn3ES7/Sj7TKVzxO2Mz8yfI9pbnEvEbORT+oDnthaTrz4jzh/UK7J7k=
X-Google-Smtp-Source: 
 AGHT+IE7iUCs/fjz6RkLlgIJkzsek1fHpxMmU6r1j8Xl0pqnecFdkHl4n/H0C4uhkVQzVoQHas0gsQ==
X-Received: by 2002:adf:8902:0:b0:33d:69c1:e7af with SMTP id
 s2-20020adf8902000000b0033d69c1e7afmr517459wrs.9.1709588577811;
        Mon, 04 Mar 2024 13:42:57 -0800 (PST)
Received: from localhost.localdomain (93-34-89-13.ip49.fastwebnet.it.
 [93.34.89.13])
        by smtp.googlemail.com with ESMTPSA id
 bo16-20020a056000069000b0033e422d0963sm2611565wrb.41.2024.03.04.13.42.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Mar 2024 13:42:57 -0800 (PST)
From: Christian Marangi <ansuelsmth@gmail.com>
To: OpenWrt Development List <openwrt-devel@lists.openwrt.org>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Subject: [PATCH 3/3] hostapd: restore /etc/hostapd directory on sysupgrade
Date: Mon,  4 Mar 2024 22:42:18 +0100
Message-ID: <20240304214243.3677-4-ansuelsmth@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240304214243.3677-1-ansuelsmth@gmail.com>
References: <20240304214243.3677-1-ansuelsmth@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240304_134300_839719_43FF2402 
X-CRM114-Status: UNSURE (   9.58  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Restore /etc/hostapd directory on sysupgrade since it does
    contain per-device PSK handled by hostapd for WPS usage. Signed-off-by:
 Christian
    Marangi --- package/network/services/hostapd/Makefile | 40
 ++++++++++++++++-------
    1 file changed, 28 insertions(+), 12 deletions(-)
 Content analysis details:   (-0.2 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/, no
                             trust
                             [2a00:1450:4864:20:0:0:0:435 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider
                             [ansuelsmth(at)gmail.com]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Restore /etc/hostapd directory on sysupgrade since it does contain
per-device PSK handled by hostapd for WPS usage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
 package/network/services/hostapd/Makefile | 40 ++++++++++++++++-------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index c8f476f7b8..a1cd2416fb 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
@@ -679,23 +679,39 @@ define Install/hostapd/full
 	$(INSTALL_DATA) ./files/radius.users $(1)/etc/radius/users
 endef
 
+define Package/hostapd/conffiles
+/etc/hostapd
+endef
+
+Package/wpad-mesh-openssl/conffiles = $(Package/hostapd/conffiles)
+Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd/conffiles)
+Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd/conffiles)
+Package/wpad/conffiles = $(Package/hostapd/conffiles)
+Package/wpad-openssl/conffiles = $(Package/hostapd/conffiles)
+Package/wpad-wolfssl/conffiles = $(Package/hostapd/conffiles)
+Package/wpad-mbedtls/conffiles = $(Package/hostapd/conffiles)
+Package/hostapd-openssl/conffiles = $(Package/hostapd/conffiles)
+Package/hostapd-wolfssl/conffiles = $(Package/hostapd/conffiles)
+Package/hostapd-mbedtls/conffiles = $(Package/hostapd/conffiles)
+
 define Package/hostapd-full/conffiles
+$(Package/hostapd/conffiles)
 /etc/config/radius
 /etc/radius
 endef
 
 ifeq ($(CONFIG_VARIANT),full)
-Package/wpad-mesh-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/wpad-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-openssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
-Package/hostapd-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-openssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-wolfssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad-mesh-mbedtls/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad-openssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad-wolfssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/wpad-mbedtls/conffiles += $(Package/hostapd-full/conffiles)
+Package/hostapd/conffiles += $(Package/hostapd-full/conffiles)
+Package/hostapd-openssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/hostapd-wolfssl/conffiles += $(Package/hostapd-full/conffiles)
+Package/hostapd-mbedtls/conffiles += $(Package/hostapd-full/conffiles)
 endif
 
 define Install/hostapd