From 2a97fd006c3b09c1aeab30ac881c9ac902365d57 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 17 May 2021 11:20:09 +0200
Subject: device: add support for configuring devices with external auth
 handler

This can be used to support 802.1x on wired devices.
In order to use this, the device section for each port needing authentication
needs to contain the option auth 1
When set, this option prevents devices from being added to bridges or configured
with IP settings by default, until the set_state ubus call on network.device
sets "auth_status" to true for the device.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 ubus.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ubus.c')

diff --git a/ubus.c b/ubus.c
index 9098c66..be15062 100644
--- a/ubus.c
+++ b/ubus.c
@@ -298,12 +298,14 @@ error:
 enum {
 	DEV_STATE_NAME,
 	DEV_STATE_DEFER,
+	DEV_STATE_AUTH_STATUS,
 	__DEV_STATE_MAX,
 };
 
 static const struct blobmsg_policy dev_state_policy[__DEV_STATE_MAX] = {
 	[DEV_STATE_NAME] = { .name = "name", .type = BLOBMSG_TYPE_STRING },
 	[DEV_STATE_DEFER] = { .name = "defer", .type = BLOBMSG_TYPE_BOOL },
+	[DEV_STATE_AUTH_STATUS] = { .name = "auth_status", .type = BLOBMSG_TYPE_BOOL },
 };
 
 static int
@@ -329,6 +331,10 @@ netifd_handle_set_state(struct ubus_context *ctx, struct ubus_object *obj,
 	if (cur)
 		device_set_deferred(dev, !!blobmsg_get_u8(cur));
 
+	cur = tb[DEV_STATE_AUTH_STATUS];
+	if (cur)
+		device_set_auth_status(dev, !!blobmsg_get_u8(cur));
+
 	return 0;
 }
 
-- 
cgit v1.2.1