[PATCH 0/3] wifi-scripts: fix WPS usage
Christian Marangi
ansuelsmth at gmail.com
Mon Mar 4 13:42:15 PST 2024
This is a long lasting problem (like 4 years)...
It was something I notice a looong time ago but never had time to
actually bisect this, as I was convinced it was a problem with hostapd
due to the fact that it was an insecure option.
But then I notice that hostapd have hwsim testing for this feature hence
it seems unlikely they never notice the feature was broken all along...
That made me push to understand how this actually works and discover the
funny case.
With the VLAN support for per-device PSK we broke WPS feature.
The wpa_psk_file option enebales a side effect for WPS where they generate
per-device PSK and store them in the wpa_psk_file. (having this option
disabled, cause the real PSK getting enrolled to the final device)
A later change also switched the user of hostapd from root to network but
we never tweaked the wpa_psk_file on beeing owned by hostapd user.
Hostapd write the per-device entry in the wpa_psk_file to permit devices
to reconnect. As hostapd didn't had permission to access this file, this
step always failed making device connects only once and never again.
While this is easy to fix, handling the per-device persistent across
wpad restart is a bigger beast. My current solution is very easy, we
just move the file in /etc/hostapd but maybe a better solution would
be move these in uci config?
Problem is that I didn't find a clear example on how to do that in
a correct way. (Is my solution ok? Or should we have this with ubus?
For wpa_supplicant we used to emit and event and react on it but I
didn't find a good way to register persistent listner for it)
tl;dr WPS is broken, permission problem and psk are dropped on restart.
Christian Marangi (3):
wifi-scripts: permit hostapd to access wpa_psk_file
wifi-scripts: save wpa_psk_file on permanent storage by default
hostapd: restore /etc/hostapd directory on sysupgrade
package/network/config/wifi-scripts/Makefile | 2 +-
.../wifi-scripts/files/lib/netifd/hostapd.sh | 14 ++++++-
package/network/services/hostapd/Makefile | 40 +++++++++++++------
3 files changed, 41 insertions(+), 15 deletions(-)
--
2.43.0
More information about the openwrt-devel
mailing list