diff options
| -rw-r--r-- | .github/workflows/add-pr-labels.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/chceck-pr-message.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/check-unused-imports.yml | 5 | ||||
| -rw-r--r-- | .github/workflows/codeql.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/package-smoketest.yml | 42 | ||||
| -rw-r--r-- | data/templates/wifi/wpa_supplicant.conf.j2 | 14 | ||||
| -rw-r--r-- | interface-definitions/interfaces_wireless.xml.in | 20 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_load-balancing_reverse-proxy.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_wireless.py | 9 |
9 files changed, 62 insertions, 40 deletions
diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml index a7ee8446f..a0c076064 100644 --- a/.github/workflows/add-pr-labels.yml +++ b/.github/workflows/add-pr-labels.yml @@ -5,10 +5,6 @@ on: pull_request_target: branches: - current - - crux - - equuleus - - sagitta - - circinus permissions: pull-requests: write diff --git a/.github/workflows/chceck-pr-message.yml b/.github/workflows/chceck-pr-message.yml index c567a5934..625ba2d75 100644 --- a/.github/workflows/chceck-pr-message.yml +++ b/.github/workflows/chceck-pr-message.yml @@ -5,10 +5,6 @@ on: pull_request_target: branches: - current - - crux - - equuleus - - sagitta - - circinus types: [opened, synchronize, edited] permissions: diff --git a/.github/workflows/check-unused-imports.yml b/.github/workflows/check-unused-imports.yml index 17a52d3e4..3f6e8757e 100644 --- a/.github/workflows/check-unused-imports.yml +++ b/.github/workflows/check-unused-imports.yml @@ -1,11 +1,8 @@ name: Check for unused imports using Pylint on: - pull_request: + pull_request_target: branches: - current - - equuleus - - sagitta - - circinus workflow_dispatch: permissions: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 12654e42e..00387f725 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,7 +2,7 @@ name: "Perform CodeQL Analysis" on: push: - branches: [ "current", "sagitta", "equuleus", "circinus" ] + branches: [ "current" ] pull_request: # The branches below must be a subset of the branches above branches: [ "current" ] diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 08c8d42f5..68f914108 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -4,7 +4,6 @@ on: pull_request_target: branches: - current - - circinus permissions: pull-requests: write @@ -79,12 +78,13 @@ jobs: id: test shell: bash run: | - # always fail first - echo "exit_code=1" >> $GITHUB_OUTPUT + set -e sudo make test - exit_code=$? - echo "exit_code=$exit_code" >> $GITHUB_OUTPUT - exit $exit_code + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi test_config_load: needs: build_iso @@ -109,12 +109,13 @@ jobs: id: test shell: bash run: | - # always fail first - echo "exit_code=1" >> $GITHUB_OUTPUT + set -e sudo make testc - exit_code=$? - echo "exit_code=$exit_code" >> $GITHUB_OUTPUT - exit $exit_code + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi test_raid1_install: needs: build_iso @@ -139,12 +140,13 @@ jobs: id: test shell: bash run: | - # always fail first - echo "exit_code=1" >> $GITHUB_OUTPUT + set -e sudo make testraid - exit_code=$? - echo "exit_code=$exit_code" >> $GITHUB_OUTPUT - exit $exit_code + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi result: needs: @@ -160,15 +162,15 @@ jobs: uses: mshick/add-pr-comment@v2 with: message: | - CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 0 && needs.test_config_load.outputs.exit_code == 0 && needs.test_raid1_install.outputs.exit_code == 0 && '👍 passed!' || '❌ failed!' }} + CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && needs.test_config_load.outputs.exit_code == 'success' && needs.test_raid1_install.outputs.exit_code == 'success' && '👍 passed!' || '❌ failed!' }} ### Details [CI logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) - * ${{ needs.test_smoketest_cli.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} CLI Smoketests returned: ${{ needs.test_smoketest_cli.outputs.exit_code }} - * ${{ needs.test_config_load.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} Config tests returned: ${{ needs.test_config_load.outputs.exit_code }} - * ${{ needs.test_raid1_install.outputs.exit_code == '0' && '👍 passed' || '❌ failed' }} RAID1 tests returned: ${{ needs.test_raid1_install.outputs.exit_code }} + * CLI Smoketests ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }} + * Config tests ${{ needs.test_config_load.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }} + * RAID1 tests ${{ needs.test_raid1_install.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }} message-id: "SMOKETEST_RESULTS" allow-repeats: false diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2 index ac857a04a..04088e1ad 100644 --- a/data/templates/wifi/wpa_supplicant.conf.j2 +++ b/data/templates/wifi/wpa_supplicant.conf.j2 @@ -61,6 +61,8 @@ network={ # If not set, this defaults to: WPA-PSK WPA-EAP {% if security.wpa.mode is vyos_defined('wpa3') %} key_mgmt=SAE +{% elif security.wpa.username is vyos_defined %} + key_mgmt=WPA-EAP WPA-EAP-SHA256 {% else %} key_mgmt=WPA-PSK WPA-PSK-SHA256 {% endif %} @@ -76,8 +78,18 @@ network={ # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant # startup and reconfiguration time can be optimized by generating the PSK only # only when the passphrase or SSID has actually changed. +{% if security.wpa.username is vyos_defined %} + identity="{{ security.wpa.username }}" + password="{{ security.wpa.passphrase }}" + phase2="auth=MSCHAPV2" + eap=PEAP +{% elif security.wpa.username is not vyos_defined %} psk="{{ security.wpa.passphrase }}" -{% else %} +{% else %} key_mgmt=NONE +{% endif %} +{% endif %} +{% if bssid is vyos_defined %} + bssid={{ bssid }} {% endif %} } diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 0a62b3255..fdcb79b19 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -899,15 +899,16 @@ </properties> <defaultValue>wpa+wpa2</defaultValue> </leafNode> + #include <include/generic-username.xml.i> <leafNode name="passphrase"> <properties> - <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> + <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> <valueHelp> <format>txt</format> - <description>Passphrase of at least 8 but not more than 63 printable characters</description> + <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description> </valueHelp> <constraint> - <regex>.{8,63}</regex> + <regex>[[:ascii:]]{1,256}</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> @@ -940,6 +941,19 @@ <constraintErrorMessage>Invalid SSID</constraintErrorMessage> </properties> </leafNode> + <leafNode name="bssid"> + <properties> + <help>Basic Service Set Identifier (BSSID) - currently station mode only</help> + <valueHelp> + <format>macaddr</format> + <description>BSSID (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <constraintErrorMessage>Invalid BSSID</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="type"> <properties> <help>Wireless device type for this interface</help> diff --git a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py index db43a78ec..34f77b95d 100755 --- a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py +++ b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py @@ -465,8 +465,6 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase): # Ensure default logging configuration is present config = read_file(HAPROXY_CONF) - self.assertIn('log /dev/log local0', config) - self.assertIn('log /dev/log local1 notice', config) # Test global-parameters logging options self.cli_set(base_path + ['global-parameters', 'logging', 'facility', 'local1', 'level', 'err']) diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py index 73944dc8b..5fd7ab6e9 100755 --- a/src/conf_mode/interfaces_wireless.py +++ b/src/conf_mode/interfaces_wireless.py @@ -184,11 +184,18 @@ def verify(wifi): if not any(i in ['passphrase', 'radius'] for i in wpa): raise ConfigError('Misssing WPA key or RADIUS server') + if 'username' in wpa: + if 'passphrase' not in wpa: + raise ConfigError('WPA-Enterprise configured - missing passphrase!') + elif 'passphrase' in wpa: + # check if passphrase meets the regex .{8,63} + if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63: + raise ConfigError('WPA passphrase must be between 8 and 63 characters long') if 'radius' in wpa: if 'server' in wpa['radius']: for server in wpa['radius']['server']: if 'key' not in wpa['radius']['server'][server]: - raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}') + raise ConfigError(f'Missing RADIUS shared secret key for server: {server}') if 'capabilities' in wifi: capabilities = wifi['capabilities'] |