summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-27 16:31:43 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-27 16:33:52 +0100
commita0424f9c6a4cf813934d5a3bc877fddae6eb99de (patch)
tree99c697f78884af8035821ed664168a4c5c8c5c00
parent551eb5d596266c3bb6891d4ccc9b55c1b1ec02ff (diff)
downloadvyos-1x-a0424f9c6a4cf813934d5a3bc877fddae6eb99de.tar.gz
vyos-1x-a0424f9c6a4cf813934d5a3bc877fddae6eb99de.zip
wireless: T2105: properly support disabled WIFI interfaces
It is not sufficient to only place a wifi interface in adminsitrative down state as hostapd could change the interface state again. If the wifi interface is administratively disabled, hostapd or wpa_supplicant should not be started at all to prevent anyone from messing arround with the admin state.
-rw-r--r--python/vyos/ifconfig/wireless.py3
-rwxr-xr-xsrc/conf_mode/interfaces-wireless.py69
2 files changed, 37 insertions, 35 deletions
diff --git a/python/vyos/ifconfig/wireless.py b/python/vyos/ifconfig/wireless.py
index a1f50b71d..932d07d01 100644
--- a/python/vyos/ifconfig/wireless.py
+++ b/python/vyos/ifconfig/wireless.py
@@ -46,6 +46,9 @@ class WiFiIf(Interface):
.format(**self.config)
self._cmd(cmd)
+ # wireless interface is administratively down by default
+ self.set_state('down')
+
def _delete(self):
cmd = 'iw dev {ifname} del' \
.format(**self.config)
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 43455196c..2d05e722d 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -1520,41 +1520,40 @@ def apply(wifi):
if not wifi['disable']:
w.set_state('up')
-
- # Physical interface is now configured. Proceed by starting hostapd or
- # wpa_supplicant daemon. When type is monitor we can just skip this.
- if wifi['op_mode'] == 'ap':
- cmd = 'start-stop-daemon'
- cmd += ' --start '
- cmd += ' --quiet'
- cmd += ' --oknodo'
- cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf'])
- cmd += ' --exec /usr/sbin/hostapd'
- # now pass arguments to hostapd binary
- cmd += ' -- '
- cmd += ' -B'
- cmd += ' -P ' + get_pid('hostapd', wifi['intf'])
- cmd += ' ' + get_conf_file('hostapd', wifi['intf'])
-
- # execute assembled command
- subprocess_cmd(cmd)
-
- elif wifi['op_mode'] == 'station':
- cmd = 'start-stop-daemon'
- cmd += ' --start '
- cmd += ' --quiet'
- cmd += ' --oknodo'
- cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf'])
- cmd += ' --exec /sbin/wpa_supplicant'
- # now pass arguments to hostapd binary
- cmd += ' -- '
- cmd += ' -s -B -D nl80211'
- cmd += ' -P ' + get_pid('wpa_supplicant', wifi['intf'])
- cmd += ' -i ' + wifi['intf']
- cmd += ' -c ' + get_conf_file('wpa_supplicant', wifi['intf'])
-
- # execute assembled command
- subprocess_cmd(cmd)
+ # Physical interface is now configured. Proceed by starting hostapd or
+ # wpa_supplicant daemon. When type is monitor we can just skip this.
+ if wifi['op_mode'] == 'ap':
+ cmd = 'start-stop-daemon'
+ cmd += ' --start '
+ cmd += ' --quiet'
+ cmd += ' --oknodo'
+ cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf'])
+ cmd += ' --exec /usr/sbin/hostapd'
+ # now pass arguments to hostapd binary
+ cmd += ' -- '
+ cmd += ' -B'
+ cmd += ' -P ' + get_pid('hostapd', wifi['intf'])
+ cmd += ' ' + get_conf_file('hostapd', wifi['intf'])
+
+ # execute assembled command
+ subprocess_cmd(cmd)
+
+ elif wifi['op_mode'] == 'station':
+ cmd = 'start-stop-daemon'
+ cmd += ' --start '
+ cmd += ' --quiet'
+ cmd += ' --oknodo'
+ cmd += ' --pidfile ' + get_pid('hostapd', wifi['intf'])
+ cmd += ' --exec /sbin/wpa_supplicant'
+ # now pass arguments to hostapd binary
+ cmd += ' -- '
+ cmd += ' -s -B -D nl80211'
+ cmd += ' -P ' + get_pid('wpa_supplicant', wifi['intf'])
+ cmd += ' -i ' + wifi['intf']
+ cmd += ' -c ' + get_conf_file('wpa_supplicant', wifi['intf'])
+
+ # execute assembled command
+ subprocess_cmd(cmd)
return None