diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-09-19 16:29:49 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-19 16:29:49 +0100 |
commit | 1909f2df8017b084dd28e8e05cc266076b2a9980 (patch) | |
tree | 4cc2a37f8a4d390ff5b8095cf289169a9182e599 | |
parent | 0444795e3798f2ec51e40bef67a0920f892769b8 (diff) | |
parent | b76a5c94cfeb1a7bad8ac5c818ed3065a4d32210 (diff) | |
download | vyos-1x-1909f2df8017b084dd28e8e05cc266076b2a9980.tar.gz vyos-1x-1909f2df8017b084dd28e8e05cc266076b2a9980.zip |
Merge pull request #4085 from vyos/mergify/bp/circinus/pr-3711
T6496: Added support for WPA-Enterprise client-mode (backport #3711)
-rw-r--r-- | data/templates/wifi/wpa_supplicant.conf.j2 | 14 | ||||
-rw-r--r-- | interface-definitions/interfaces_wireless.xml.in | 20 | ||||
-rwxr-xr-x | src/conf_mode/interfaces_wireless.py | 9 |
3 files changed, 38 insertions, 5 deletions
diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2 index ac857a04a..04088e1ad 100644 --- a/data/templates/wifi/wpa_supplicant.conf.j2 +++ b/data/templates/wifi/wpa_supplicant.conf.j2 @@ -61,6 +61,8 @@ network={ # If not set, this defaults to: WPA-PSK WPA-EAP {% if security.wpa.mode is vyos_defined('wpa3') %} key_mgmt=SAE +{% elif security.wpa.username is vyos_defined %} + key_mgmt=WPA-EAP WPA-EAP-SHA256 {% else %} key_mgmt=WPA-PSK WPA-PSK-SHA256 {% endif %} @@ -76,8 +78,18 @@ network={ # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant # startup and reconfiguration time can be optimized by generating the PSK only # only when the passphrase or SSID has actually changed. +{% if security.wpa.username is vyos_defined %} + identity="{{ security.wpa.username }}" + password="{{ security.wpa.passphrase }}" + phase2="auth=MSCHAPV2" + eap=PEAP +{% elif security.wpa.username is not vyos_defined %} psk="{{ security.wpa.passphrase }}" -{% else %} +{% else %} key_mgmt=NONE +{% endif %} +{% endif %} +{% if bssid is vyos_defined %} + bssid={{ bssid }} {% endif %} } diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 4de90591b..474953500 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -935,15 +935,16 @@ </properties> <defaultValue>wpa+wpa2</defaultValue> </leafNode> + #include <include/generic-username.xml.i> <leafNode name="passphrase"> <properties> - <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> + <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> <valueHelp> <format>txt</format> - <description>Passphrase of at least 8 but not more than 63 printable characters</description> + <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description> </valueHelp> <constraint> - <regex>.{8,63}</regex> + <regex>[[:ascii:]]{1,256}</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> @@ -976,6 +977,19 @@ <constraintErrorMessage>Invalid SSID</constraintErrorMessage> </properties> </leafNode> + <leafNode name="bssid"> + <properties> + <help>Basic Service Set Identifier (BSSID) - currently station mode only</help> + <valueHelp> + <format>macaddr</format> + <description>BSSID (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <constraintErrorMessage>Invalid BSSID</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="type"> <properties> <help>Wireless device type for this interface</help> diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py index aa65adc10..d24675ee6 100755 --- a/src/conf_mode/interfaces_wireless.py +++ b/src/conf_mode/interfaces_wireless.py @@ -193,11 +193,18 @@ def verify(wifi): if not any(i in ['passphrase', 'radius'] for i in wpa): raise ConfigError('Misssing WPA key or RADIUS server') + if 'username' in wpa: + if 'passphrase' not in wpa: + raise ConfigError('WPA-Enterprise configured - missing passphrase!') + elif 'passphrase' in wpa: + # check if passphrase meets the regex .{8,63} + if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63: + raise ConfigError('WPA passphrase must be between 8 and 63 characters long') if 'radius' in wpa: if 'server' in wpa['radius']: for server in wpa['radius']['server']: if 'key' not in wpa['radius']['server'][server]: - raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}') + raise ConfigError(f'Missing RADIUS shared secret key for server: {server}') if 'capabilities' in wifi: capabilities = wifi['capabilities'] |