From 98c3ed927a5df7b3f37173811f73db7eb0dd0ab6 Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Wed, 10 Feb 2021 10:51:44 -0500 Subject: [PATCH] Add hostapd.conf.5 man file, with content borrowed from NetBSD --- hostapd.conf.5 | 127 +++++++++++++++++++++++++++++++++++++++++++++++++ hostapd.spec | 18 ++++--- 2 files changed, 139 insertions(+), 6 deletions(-) create mode 100644 hostapd.conf.5 diff --git a/hostapd.conf.5 b/hostapd.conf.5 new file mode 100644 index 0000000..3e7e2af --- /dev/null +++ b/hostapd.conf.5 @@ -0,0 +1,127 @@ +.\" Manpage for hostapd.conf. +.\" Original scrape of https://www.daemon-systems.org/man/hostapd.conf.5.html +.\" Contact linville@redhat.com to correct errors or typos. +.TH hostapd.conf 5 "10 Feb 2021" "1.0" "hostapd.conf man page" +.SH NAME +hostapd.conf \- configuration file for hostapd(8) utility +.SH DESCRIPTION +The hostapd.conf utility is an authenticator for IEEE 802.11 networks. +It provides full support for WPA/IEEE 802.11i and can also act as an IEEE +802.1X Authenticator with a suitable backend Authentication Server +(typically FreeRADIUS). +The configuration file consists of global parameters and domain specific +configuration: +.P +\(bu IEEE 802.1X-2004 +.P +\(bu RADIUS client +.P +\(bu RADIUS authentication server +.P +\(bu WPA/IEEE 802.11i +.SH GLOBAL PARAMETERS +The following parameters are recognized: +.SS interface +Interface name. Should be set in "hostap" mode. +.SS debug +Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, +4 = excessive. +.SS dump_file +Dump file for state information (on SIGUSR1). +.SS ctrl_interface +The pathname of the directory in which hostapd(8) creates UNIX +domain socket files for communication with frontend programs such +as hostapd_cli(8). +.SS ctrl_interface_group +A group name or group ID to use in setting protection on the +control interface file. This can be set to allow non-root users +to access the control interface files. If no group is specified, +the group ID of the control interface is not modified and will, +typically, be the group ID of the directory in which the socket +is created. +.SH IEEE 802.1X-2004 PARAMETERS +The following parameters are recognized: +.SS ieee8021x +Require IEEE 802.1X authorization. +.SS eap_message +Optional displayable message sent with EAP Request-Identity. +.SS wep_key_len_broadcast +Key lengths for broadcast keys. +.SS wep_key_len_unicast +Key lengths for unicast keys. +.SS wep_rekey_period +Rekeying period in seconds. +.SS eapol_key_index_workaround +EAPOL-Key index workaround (set bit7) for WinXP Supplicant. +.SS eap_reauth_period +EAP reauthentication period in seconds. To disable +reauthentication, use "0". +.SH RADIUS CLIENT PARAMETERS +The following parameters are recognized: +.SS own_ip_addr +The own IP address of the access point (used as NAS-IP-Address). +.SS nas_identifier +Optional NAS-Identifier string for RADIUS messages. +.SS auth_server_addr, auth_server_port, auth_server_shared_secret +RADIUS authentication server parameters. Can be defined twice +for secondary servers to be used if primary one does not reply to +RADIUS packets. +.SS acct_server_addr, acct_server_port, acct_server_shared_secret +RADIUS accounting server parameters. Can be defined twice for +secondary servers to be used if primary one does not reply to +RADIUS packets. +.SS radius_retry_primary_interval +Retry interval for trying to return to the primary RADIUS server +(in seconds). +.SS radius_acct_interim_interval +Interim accounting update interval. If this is set (larger than +0) and acct_server is configured, hostapd(8) will send interim +accounting updates every N seconds. +.SH RADIUS AUTHENTICATION SERVER PARAMETERS +The following parameters are recognized: +.SS radius_server_clients +File name of the RADIUS clients configuration for the RADIUS +server. If this is commented out, RADIUS server is disabled. +.SS radius_server_auth_port +The UDP port number for the RADIUS authentication server. +.SS radius_server_ipv6 +Use IPv6 with RADIUS server. +.SH WPA/IEEE 802.11i PARAMETERS +The following parameters are recognized: +.SS wpa +Enable WPA. Setting this variable configures the AP to require +WPA (either WPA-PSK or WPA-RADIUS/EAP based on other +configuration). +.SS wpa_psk, wpa_passphrase +WPA pre-shared keys for WPA-PSK. This can be either entered as a +256-bit secret in hex format (64 hex digits), wpa_psk, or as an +ASCII passphrase (8..63 characters) that will be converted to +PSK. This conversion uses SSID so the PSK changes when ASCII +passphrase is used and the SSID is changed. +.SS wpa_psk_file +Optionally, WPA PSKs can be read from a separate text file +(containing a list of (PSK,MAC address) pairs. +.SS wpa_key_mgmt +Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or +both). +.SS wpa_pairwise +Set of accepted cipher suites (encryption algorithms) for +pairwise keys (unicast packets). See the example file for more +information. +.SS wpa_group_rekey +Time interval for rekeying GTK (broadcast/multicast encryption +keys) in seconds. +.SS wpa_strict_rekey +Rekey GTK when any STA that possesses the current GTK is leaving +the BSS. +.SS wpa_gmk_rekey +Time interval for rekeying GMK (master key used internally to +generate GTKs (in seconds). +.SH SEE ALSO +hostapd(8), hostapd_cli(8), /usr/share/examples/hostapd/hostapd.conf +.SH HISTORY +The hostapd.conf manual page and hostapd(8) functionality first appeared +in NetBSD 4.0. +.SH AUTHORS +This manual page is derived from the README and hostapd.conf files in the +hostapd distribution provided by Jouni Malinen . diff --git a/hostapd.spec b/hostapd.spec index d7120d8..2c283ad 100644 --- a/hostapd.spec +++ b/hostapd.spec @@ -2,7 +2,7 @@ Name: hostapd Version: 2.9 -Release: 7%{?dist} +Release: 8%{?dist} Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator License: BSD URL: http://w1.fi/hostapd @@ -10,8 +10,9 @@ URL: http://w1.fi/hostapd Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz Source1: %{name}.service Source2: %{name}.conf -Source3: %{name}.sysconfig -Source4: %{name}.init +Source3: %{name}.conf.5 +Source4: %{name}.sysconfig +Source5: %{name}.init # https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Patch1: https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -101,7 +102,7 @@ install -p -m 644 -D %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service %else # Initscripts -install -p -m 755 -D %{SOURCE4} %{buildroot}%{_initrddir}/%{name} +install -p -m 755 -D %{SOURCE5} %{buildroot}%{_initrddir}/%{name} %endif @@ -118,7 +119,7 @@ install -d %{buildroot}/%{_sysconfdir}/%{name} install -pm 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name} install -d %{buildroot}/%{_sysconfdir}/sysconfig -install -pm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} +install -pm 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} # binaries install -d %{buildroot}/%{_sbindir} @@ -126,8 +127,9 @@ install -pm 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name} install -pm 0755 %{name}/%{name}_cli %{buildroot}%{_sbindir}/%{name}_cli # man pages -install -d %{buildroot}%{_mandir}/man{1,8} +install -d %{buildroot}%{_mandir}/man{1,5,8} install -pm 0644 %{name}/%{name}_cli.1 %{buildroot}%{_mandir}/man1 +install -pm 0644 %{SOURCE3} %{buildroot}%{_mandir}/man5 install -pm 0644 %{name}/%{name}.8 %{buildroot}%{_mandir}/man8 # prepare docs @@ -179,6 +181,7 @@ fi %{_sbindir}/%{name}_cli %dir %{_sysconfdir}/%{name} %{_mandir}/man1/* +%{_mandir}/man5/* %{_mandir}/man8/* %if 0%{?fedora} || 0%{?rhel} >= 7 %{_unitdir}/%{name}.service @@ -192,6 +195,9 @@ fi %{_sysconfdir}/logwatch/scripts/services/%{name} %changelog +* Wed Feb 10 2020 Johwn W. Linville - 2.9-8 +- Add hostapd.conf.5 man file, with content borrowed from NetBSD + * Tue Jan 26 2021 Fedora Release Engineering - 2.9-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild