From a0424f9c6a4cf813934d5a3bc877fddae6eb99de Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 Mar 2020 16:31:43 +0100 Subject: wireless: T2105: properly support disabled WIFI interfaces It is not sufficient to only place a wifi interface in adminsitrative down state as hostapd could change the interface state again. If the wifi interface is administratively disabled, hostapd or wpa_supplicant should not be started at all to prevent anyone from messing arround with the admin state. --- python/vyos/ifconfig/wireless.py | 3 ++ src/conf_mode/interfaces-wireless.py | 69 ++++++++++++++++++------------------ 2 files changed, 37 insertions(+), 35 deletions(-) diff --git a/python/vyos/ifconfig/wireless.py b/python/vyos/ifconfig/wireless.py index a1f50b71d..932d07d01 100644 --- a/python/vyos/ifconfig/wireless.py +++ b/python/vyos/ifconfig/wireless.py @@ -46,6 +46,9 @@ class WiFiIf(Interface): .format(**self.config) self._cmd(cmd) + # wireless interface is administratively down by default + self.set_state('down') + def _delete(self): cmd = 'iw dev {ifname} del' \ .format(**self.config) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 43455196c..2d05e722d 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -1520,41 +1520,40 @@ def apply(wifi): if not wifi['disable']: w.set_state('up') - - # Physical interface is now configured. Proceed by starting hostapd or - # wpa_supplicant daemon. When type is monitor we can just skip this. - if wifi['op_mode'] == 'ap': - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) - cmd += ' --exec /usr/sbin/hostapd' - # now pass arguments to hostapd binary - cmd += ' -- ' - cmd += ' -B' - cmd += ' -P ' + get_pid('hostapd', wifi['intf']) - cmd += ' ' + get_conf_file('hostapd', wifi['intf']) - - # execute assembled command - subprocess_cmd(cmd) - - elif wifi['op_mode'] == 'station': - cmd = 'start-stop-daemon' - cmd += ' --start ' - cmd += ' --quiet' - cmd += ' --oknodo' - cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) - cmd += ' --exec /sbin/wpa_supplicant' - # now pass arguments to hostapd binary - cmd += ' -- ' - cmd += ' -s -B -D nl80211' - cmd += ' -P ' + get_pid('wpa_supplicant', wifi['intf']) - cmd += ' -i ' + wifi['intf'] - cmd += ' -c ' + get_conf_file('wpa_supplicant', wifi['intf']) - - # execute assembled command - subprocess_cmd(cmd) + # Physical interface is now configured. Proceed by starting hostapd or + # wpa_supplicant daemon. When type is monitor we can just skip this. + if wifi['op_mode'] == 'ap': + cmd = 'start-stop-daemon' + cmd += ' --start ' + cmd += ' --quiet' + cmd += ' --oknodo' + cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) + cmd += ' --exec /usr/sbin/hostapd' + # now pass arguments to hostapd binary + cmd += ' -- ' + cmd += ' -B' + cmd += ' -P ' + get_pid('hostapd', wifi['intf']) + cmd += ' ' + get_conf_file('hostapd', wifi['intf']) + + # execute assembled command + subprocess_cmd(cmd) + + elif wifi['op_mode'] == 'station': + cmd = 'start-stop-daemon' + cmd += ' --start ' + cmd += ' --quiet' + cmd += ' --oknodo' + cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf']) + cmd += ' --exec /sbin/wpa_supplicant' + # now pass arguments to hostapd binary + cmd += ' -- ' + cmd += ' -s -B -D nl80211' + cmd += ' -P ' + get_pid('wpa_supplicant', wifi['intf']) + cmd += ' -i ' + wifi['intf'] + cmd += ' -c ' + get_conf_file('wpa_supplicant', wifi['intf']) + + # execute assembled command + subprocess_cmd(cmd) return None -- cgit v1.2.3