Add hostapd.conf.5 man file, with content borrowed from NetBSD

2021-02-10 10:51:44 -05:00 · 2021-02-10 10:51:44 -05:00 · 98c3ed927a
commit 98c3ed927a
parent d43dbfdc3d
2 changed files with 139 additions and 6 deletions
--- a/hostapd.conf.5
+++ b/hostapd.conf.5
@ -0,0 +1,127 @@
+.\" Manpage for hostapd.conf.
+.\" Original scrape of https://www.daemon-systems.org/man/hostapd.conf.5.html
+.\" Contact linville@redhat.com to correct errors or typos.
+.TH hostapd.conf 5 "10 Feb 2021" "1.0" "hostapd.conf man page"
+.SH NAME
+hostapd.conf \- configuration file for hostapd(8) utility
+.SH DESCRIPTION
+The hostapd.conf utility is an authenticator for IEEE 802.11 networks.
+It provides full support for WPA/IEEE 802.11i and can also act as an IEEE
+802.1X Authenticator with a suitable backend Authentication Server
+(typically FreeRADIUS).
+The configuration file consists of global parameters and domain specific
+configuration:
+.P
+\(bu IEEE 802.1X-2004
+.P
+\(bu RADIUS client
+.P
+\(bu RADIUS authentication server
+.P
+\(bu WPA/IEEE 802.11i
+.SH GLOBAL PARAMETERS
+The following parameters are recognized:
+.SS interface
+Interface name.  Should be set in "hostap" mode.
+.SS debug
+Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps,
+4 = excessive.
+.SS dump_file
+Dump file for state information (on SIGUSR1).
+.SS ctrl_interface
+The pathname of the directory in which hostapd(8) creates UNIX
+domain socket files for communication with frontend programs such
+as hostapd_cli(8).
+.SS ctrl_interface_group
+A group name or group ID to use in setting protection on the
+control interface file.  This can be set to allow non-root users
+to access the control interface files.  If no group is specified,
+the group ID of the control interface is not modified and will,
+typically, be the group ID of the directory in which the socket
+is created.
+.SH IEEE 802.1X-2004 PARAMETERS
+The following parameters are recognized:
+.SS ieee8021x
+Require IEEE 802.1X authorization.
+.SS eap_message
+Optional displayable message sent with EAP Request-Identity.
+.SS wep_key_len_broadcast
+Key lengths for broadcast keys.
+.SS wep_key_len_unicast
+Key lengths for unicast keys.
+.SS wep_rekey_period
+Rekeying period in seconds.
+.SS eapol_key_index_workaround
+EAPOL-Key index workaround (set bit7) for WinXP Supplicant.
+.SS eap_reauth_period
+EAP reauthentication period in seconds.  To disable
+reauthentication, use "0".
+.SH RADIUS CLIENT PARAMETERS
+The following parameters are recognized:
+.SS own_ip_addr
+The own IP address of the access point (used as NAS-IP-Address).
+.SS nas_identifier
+Optional NAS-Identifier string for RADIUS messages.
+.SS auth_server_addr, auth_server_port, auth_server_shared_secret
+RADIUS authentication server parameters.  Can be defined twice
+for secondary servers to be used if primary one does not reply to
+RADIUS packets.
+.SS acct_server_addr, acct_server_port, acct_server_shared_secret
+RADIUS accounting server parameters.  Can be defined twice for
+secondary servers to be used if primary one does not reply to
+RADIUS packets.
+.SS radius_retry_primary_interval
+Retry interval for trying to return to the primary RADIUS server
+(in seconds).
+.SS radius_acct_interim_interval
+Interim accounting update interval.  If this is set (larger than
+0) and acct_server is configured, hostapd(8) will send interim
+accounting updates every N seconds.
+.SH RADIUS AUTHENTICATION SERVER PARAMETERS
+The following parameters are recognized:
+.SS radius_server_clients
+File name of the RADIUS clients configuration for the RADIUS
+server.  If this is commented out, RADIUS server is disabled.
+.SS radius_server_auth_port
+The UDP port number for the RADIUS authentication server.
+.SS radius_server_ipv6
+Use IPv6 with RADIUS server.
+.SH WPA/IEEE 802.11i PARAMETERS
+The following parameters are recognized:
+.SS wpa
+Enable WPA.  Setting this variable configures the AP to require
+WPA (either WPA-PSK or WPA-RADIUS/EAP based on other
+configuration).
+.SS wpa_psk, wpa_passphrase
+WPA pre-shared keys for WPA-PSK.  This can be either entered as a
+256-bit secret in hex format (64 hex digits), wpa_psk, or as an
+ASCII passphrase (8..63 characters) that will be converted to
+PSK.  This conversion uses SSID so the PSK changes when ASCII
+passphrase is used and the SSID is changed.
+.SS wpa_psk_file
+Optionally, WPA PSKs can be read from a separate text file
+(containing a list of (PSK,MAC address) pairs.
+.SS wpa_key_mgmt
+Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or
+both).
+.SS wpa_pairwise
+Set of accepted cipher suites (encryption algorithms) for
+pairwise keys (unicast packets).  See the example file for more
+information.
+.SS wpa_group_rekey
+Time interval for rekeying GTK (broadcast/multicast encryption
+keys) in seconds.
+.SS wpa_strict_rekey
+Rekey GTK when any STA that possesses the current GTK is leaving
+the BSS.
+.SS wpa_gmk_rekey
+Time interval for rekeying GMK (master key used internally to
+generate GTKs (in seconds).
+.SH SEE ALSO
+hostapd(8), hostapd_cli(8), /usr/share/examples/hostapd/hostapd.conf
+.SH HISTORY
+The hostapd.conf manual page and hostapd(8) functionality first appeared
+in NetBSD 4.0.
+.SH AUTHORS
+This manual page is derived from the README and hostapd.conf files in the
+hostapd distribution provided by Jouni Malinen <jkmaline@cc.hut.fi>.
--- a/hostapd.spec
+++ b/hostapd.spec
@ -2,7 +2,7 @@

 Name:           hostapd
 Version:        2.9
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
 License:        BSD
 URL:            http://w1.fi/hostapd
@ -10,8 +10,9 @@ URL:            http://w1.fi/hostapd
 Source0:        http://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1:        %{name}.service
 Source2:        %{name}.conf
-Source3:        %{name}.sysconfig
-Source4:        %{name}.init
+Source3:        %{name}.conf.5
+Source4:        %{name}.sysconfig
+Source5:        %{name}.init

 # https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
 Patch1:         https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
@ -101,7 +102,7 @@ install -p -m 644 -D %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 %else

 # Initscripts
-install -p -m 755 -D %{SOURCE4} %{buildroot}%{_initrddir}/%{name}
+install -p -m 755 -D %{SOURCE5} %{buildroot}%{_initrddir}/%{name}

 %endif

@ -118,7 +119,7 @@ install -d %{buildroot}/%{_sysconfdir}/%{name}
 install -pm 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}

 install -d %{buildroot}/%{_sysconfdir}/sysconfig
-install -pm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
+install -pm 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}

 # binaries
 install -d %{buildroot}/%{_sbindir}
@ -126,8 +127,9 @@ install -pm 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name}
 install -pm 0755 %{name}/%{name}_cli %{buildroot}%{_sbindir}/%{name}_cli

 # man pages
-install -d %{buildroot}%{_mandir}/man{1,8}
+install -d %{buildroot}%{_mandir}/man{1,5,8}
 install -pm 0644 %{name}/%{name}_cli.1 %{buildroot}%{_mandir}/man1
+install -pm 0644 %{SOURCE3} %{buildroot}%{_mandir}/man5
 install -pm 0644 %{name}/%{name}.8 %{buildroot}%{_mandir}/man8

 # prepare docs
@ -179,6 +181,7 @@ fi
 %{_sbindir}/%{name}_cli
 %dir %{_sysconfdir}/%{name}
 %{_mandir}/man1/*
+%{_mandir}/man5/*
 %{_mandir}/man8/*
 %if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/%{name}.service
@ -192,6 +195,9 @@ fi
 %{_sysconfdir}/logwatch/scripts/services/%{name}

 %changelog
+* Wed Feb 10 2020 Johwn W. Linville <linville@redhat.com> - 2.9-8
+- Add hostapd.conf.5 man file, with content borrowed from NetBSD
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild