hostapd: make "key" option optional if "wpa_psk_file" is provided

If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.

While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.

Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 268a41a82bdf46d2c9b9f045ab5ba708e530cd26..5cab11022fbcbed834f9831e7e203e42c75f7ad2 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -402,13 +402,13 @@ hostapd_set_bss_options() {
                ;;
                psk|sae|psk-sae)
                        json_get_vars key wpa_psk_file
-                       if [ ${#key} -lt 8 ]; then
-                               wireless_setup_vif_failed INVALID_WPA_PSK
-                               return 1
-                       elif [ ${#key} -eq 64 ]; then
+                       if [ ${#key} -eq 64 ]; then
                                append bss_conf "wpa_psk=$key" "$N"
-                       else
+                       elif [ ${#key} -ge 8 ] && [ ${#key} -le 63 ]; then
                                append bss_conf "wpa_passphrase=$key" "$N"
+                       elif [ -n "$key" ] || [ -z "$wpa_psk_file" ]; then
+                               wireless_setup_vif_failed INVALID_WPA_PSK
+                               return 1
                        fi
                        [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
                        [ -n "$wpa_psk_file" ] && {