1 files changed, 20 insertions, 37 deletions

diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 42326bea0..02b4a2500 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -25,8 +25,6 @@ from vyos.configdict import get_interface_dict
 from vyos.configdict import dict_merge
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
-from vyos.configverify import verify_dhcpv6
-from vyos.configverify import verify_source_interface
 from vyos.configverify import verify_mirror_redirect
 from vyos.configverify import verify_vlan_config
 from vyos.configverify import verify_vrf
@@ -42,6 +40,8 @@ airbag.enable()
 # XXX: wpa_supplicant works on the source interface
 wpa_suppl_conf = '/run/wpa_supplicant/{ifname}.conf'
 hostapd_conf = '/run/hostapd/{ifname}.conf'
+hostapd_accept_station_conf = '/run/hostapd/{ifname}_station_accept.conf'
+hostapd_deny_station_conf = '/run/hostapd/{ifname}_station_deny.conf'
 
 def find_other_stations(conf, base, ifname):
     """
@@ -79,30 +79,14 @@ def get_config(config=None):
 
     ifname, wifi = get_interface_dict(conf, base)
 
-    # Cleanup "delete" default values when required user selectable values are
-    # not defined at all
-    tmp = conf.get_config_dict(base + [ifname], key_mangling=('-', '_'),
-                               get_first_key=True)
-    if not (dict_search('security.wpa.passphrase', tmp) or
-            dict_search('security.wpa.radius', tmp)):
-        if 'deleted' not in wifi:
+    if 'deleted' not in wifi:
+        # then get_interface_dict provides default keys
+        if wifi.from_defaults(['security', 'wep']): # if not set by user
+            del wifi['security']['wep']
+        if wifi.from_defaults(['security', 'wpa']): # if not set by user
             del wifi['security']['wpa']
-            # if 'security' key is empty, drop it too
-            if len(wifi['security']) == 0:
-                del wifi['security']
-
-    # defaults include RADIUS server specifics per TAG node which need to be
-    # added to individual RADIUS servers instead - so we can simply delete them
-    if dict_search('security.wpa.radius.server.port', wifi) != None:
-        del wifi['security']['wpa']['radius']['server']['port']
-        if not len(wifi['security']['wpa']['radius']['server']):
-            del wifi['security']['wpa']['radius']
-        if not len(wifi['security']['wpa']):
-            del wifi['security']['wpa']
-        if not len(wifi['security']):
-            del wifi['security']
 
-    if 'security' in wifi and 'wpa' in wifi['security']:
+    if dict_search('security.wpa', wifi) != None:
         wpa_cipher = wifi['security']['wpa'].get('cipher')
         wpa_mode = wifi['security']['wpa'].get('mode')
         if not wpa_cipher:
@@ -120,13 +104,9 @@ def get_config(config=None):
     tmp = find_other_stations(conf, base, wifi['ifname'])
     if tmp: wifi['station_interfaces'] = tmp
 
-    # Add individual RADIUS server default values
-    if dict_search('security.wpa.radius.server', wifi):
-        default_values = defaults(base + ['security', 'wpa', 'radius', 'server'])
-
-        for server in dict_search('security.wpa.radius.server', wifi):
-            wifi['security']['wpa']['radius']['server'][server] = dict_merge(
-                default_values, wifi['security']['wpa']['radius']['server'][server])
+    # used in hostapt.conf.j2
+    wifi['hostapd_accept_station_conf'] = hostapd_accept_station_conf.format(**wifi)
+    wifi['hostapd_deny_station_conf'] = hostapd_deny_station_conf.format(**wifi)
 
     return wifi
 
@@ -142,7 +122,7 @@ def verify(wifi):
         raise ConfigError('You must specify a WiFi mode')
 
     if 'ssid' not in wifi and wifi['type'] != 'monitor':
-        raise ConfigError('SSID must be configured')
+        raise ConfigError('SSID must be configured unless type is set to "monitor"!')
 
     if wifi['type'] == 'access-point':
         if 'country_code' not in wifi:
@@ -215,7 +195,10 @@ def generate(wifi):
     if 'deleted' in wifi:
         if os.path.isfile(hostapd_conf.format(**wifi)):
             os.unlink(hostapd_conf.format(**wifi))
-
+        if os.path.isfile(hostapd_accept_station_conf.format(**wifi)):
+            os.unlink(hostapd_accept_station_conf.format(**wifi))
+        if os.path.isfile(hostapd_deny_station_conf.format(**wifi)):
+            os.unlink(hostapd_deny_station_conf.format(**wifi))
         if os.path.isfile(wpa_suppl_conf.format(**wifi)):
             os.unlink(wpa_suppl_conf.format(**wifi))
 
@@ -250,12 +233,12 @@ def generate(wifi):
 
     # render appropriate new config files depending on access-point or station mode
     if wifi['type'] == 'access-point':
-        render(hostapd_conf.format(**wifi), 'wifi/hostapd.conf.j2',
-               wifi)
+        render(hostapd_conf.format(**wifi), 'wifi/hostapd.conf.j2', wifi)
+        render(hostapd_accept_station_conf.format(**wifi), 'wifi/hostapd_accept_station.conf.j2', wifi)
+        render(hostapd_deny_station_conf.format(**wifi), 'wifi/hostapd_deny_station.conf.j2', wifi)
 
     elif wifi['type'] == 'station':
-        render(wpa_suppl_conf.format(**wifi), 'wifi/wpa_supplicant.conf.j2',
-               wifi)
+        render(wpa_suppl_conf.format(**wifi), 'wifi/wpa_supplicant.conf.j2', wifi)
 
     return None