summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher <root@teritum.dev>2024-06-10 19:52:48 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-09-19 07:00:30 +0000
commitd50526477ed510a011935747f18bd6b4ec3ec2f1 (patch)
tree29b2eabebd912ec2499ab8f84cf055c88381f5e5
parent0444795e3798f2ec51e40bef67a0920f892769b8 (diff)
downloadvyos-1x-d50526477ed510a011935747f18bd6b4ec3ec2f1.tar.gz
vyos-1x-d50526477ed510a011935747f18bd6b4ec3ec2f1.zip
wireless: T6496: support for EAP-MSCHAPv2 client over wifi
fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: incorrect bssid mapping fix: use the correct jinja templating (I think) fix: “remote blank space fix: attempt to fix the formatting in j2 fix: attempt to fix the formatting in j2 feat: rename enterprise username and password + add checks in conf mode. fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part fix: fix indentation on `wpa_supplicant.conf.j2` (cherry picked from commit fc4263021acb72d2d8afb165922d9cb7e11b2bf1)
-rw-r--r--data/templates/wifi/wpa_supplicant.conf.j214
-rw-r--r--interface-definitions/interfaces_wireless.xml.in16
-rwxr-xr-xsrc/conf_mode/interfaces_wireless.py9
3 files changed, 34 insertions, 5 deletions
diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2
index ac857a04a..8839663e1 100644
--- a/data/templates/wifi/wpa_supplicant.conf.j2
+++ b/data/templates/wifi/wpa_supplicant.conf.j2
@@ -61,6 +61,8 @@ network={
# If not set, this defaults to: WPA-PSK WPA-EAP
{% if security.wpa.mode is vyos_defined('wpa3') %}
key_mgmt=SAE
+{% elif security.wpa.username is vyos_defined %}
+ key_mgmt=WPA-EAP WPA-EAP-SHA256
{% else %}
key_mgmt=WPA-PSK WPA-PSK-SHA256
{% endif %}
@@ -76,8 +78,18 @@ network={
# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
# startup and reconfiguration time can be optimized by generating the PSK only
# only when the passphrase or SSID has actually changed.
+{% if security.wpa.username is vyos_defined %}
+ identity="{{ security.wpa.username }}"
+ password="{{ security.wpa.passphrase }}"
+ phase2="auth=MSCHAPV2"
+ eap=PEAP
+{% elif security.wpa.username is not vyos_defined %}
psk="{{ security.wpa.passphrase }}"
-{% else %}
+{% else %}
key_mgmt=NONE
+{% endif %}
+{% endif %}
+{% if security.bssid is vyos_defined %}
+ bssid={{ security.bssid }}
{% endif %}
}
diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in
index 4de90591b..c1a101ee8 100644
--- a/interface-definitions/interfaces_wireless.xml.in
+++ b/interface-definitions/interfaces_wireless.xml.in
@@ -759,6 +759,15 @@
<help>Wireless security settings</help>
</properties>
<children>
+ <leafNode name="bssid">
+ <properties>
+ <help>Basic Service Set Identifier (BSSID)</help>
+ <constraint>
+ <regex>([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid BSSID</constraintErrorMessage>
+ </properties>
+ </leafNode>
<node name="station-address">
<properties>
<help>Station MAC address based authentication</help>
@@ -935,15 +944,16 @@
</properties>
<defaultValue>wpa+wpa2</defaultValue>
</leafNode>
+ #include <include/generic-username.xml.i>
<leafNode name="passphrase">
<properties>
- <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
+ <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
<valueHelp>
<format>txt</format>
- <description>Passphrase of at least 8 but not more than 63 printable characters</description>
+ <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description>
</valueHelp>
<constraint>
- <regex>.{8,63}</regex>
+ <regex>.*</regex>
</constraint>
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py
index aa65adc10..d24675ee6 100755
--- a/src/conf_mode/interfaces_wireless.py
+++ b/src/conf_mode/interfaces_wireless.py
@@ -193,11 +193,18 @@ def verify(wifi):
if not any(i in ['passphrase', 'radius'] for i in wpa):
raise ConfigError('Misssing WPA key or RADIUS server')
+ if 'username' in wpa:
+ if 'passphrase' not in wpa:
+ raise ConfigError('WPA-Enterprise configured - missing passphrase!')
+ elif 'passphrase' in wpa:
+ # check if passphrase meets the regex .{8,63}
+ if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63:
+ raise ConfigError('WPA passphrase must be between 8 and 63 characters long')
if 'radius' in wpa:
if 'server' in wpa['radius']:
for server in wpa['radius']['server']:
if 'key' not in wpa['radius']['server'][server]:
- raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}')
+ raise ConfigError(f'Missing RADIUS shared secret key for server: {server}')
if 'capabilities' in wifi:
capabilities = wifi['capabilities']