diff options
| -rw-r--r-- | .github/workflows/add-pr-labels.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/chceck-pr-message.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/check-unused-imports.yml | 5 | ||||
| -rw-r--r-- | .github/workflows/codeql.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/package-smoketest.yml | 1 | ||||
| -rw-r--r-- | data/templates/wifi/wpa_supplicant.conf.j2 | 14 | ||||
| -rw-r--r-- | debian/vyos-1x.postinst | 3 | ||||
| -rw-r--r-- | debian/vyos-1x.preinst | 3 | ||||
| -rw-r--r-- | interface-definitions/interfaces_wireless.xml.in | 20 | ||||
| -rw-r--r-- | python/vyos/component_version.py | 19 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_wireless.py | 9 |
11 files changed, 51 insertions, 33 deletions
diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml index a7ee8446f..a0c076064 100644 --- a/.github/workflows/add-pr-labels.yml +++ b/.github/workflows/add-pr-labels.yml @@ -5,10 +5,6 @@ on: pull_request_target: branches: - current - - crux - - equuleus - - sagitta - - circinus permissions: pull-requests: write diff --git a/.github/workflows/chceck-pr-message.yml b/.github/workflows/chceck-pr-message.yml index c567a5934..625ba2d75 100644 --- a/.github/workflows/chceck-pr-message.yml +++ b/.github/workflows/chceck-pr-message.yml @@ -5,10 +5,6 @@ on: pull_request_target: branches: - current - - crux - - equuleus - - sagitta - - circinus types: [opened, synchronize, edited] permissions: diff --git a/.github/workflows/check-unused-imports.yml b/.github/workflows/check-unused-imports.yml index 17a52d3e4..3f6e8757e 100644 --- a/.github/workflows/check-unused-imports.yml +++ b/.github/workflows/check-unused-imports.yml @@ -1,11 +1,8 @@ name: Check for unused imports using Pylint on: - pull_request: + pull_request_target: branches: - current - - equuleus - - sagitta - - circinus workflow_dispatch: permissions: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 12654e42e..00387f725 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,7 +2,7 @@ name: "Perform CodeQL Analysis" on: push: - branches: [ "current", "sagitta", "equuleus", "circinus" ] + branches: [ "current" ] pull_request: # The branches below must be a subset of the branches above branches: [ "current" ] diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 56fee5784..68f914108 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -4,7 +4,6 @@ on: pull_request_target: branches: - current - - circinus permissions: pull-requests: write diff --git a/data/templates/wifi/wpa_supplicant.conf.j2 b/data/templates/wifi/wpa_supplicant.conf.j2 index ac857a04a..04088e1ad 100644 --- a/data/templates/wifi/wpa_supplicant.conf.j2 +++ b/data/templates/wifi/wpa_supplicant.conf.j2 @@ -61,6 +61,8 @@ network={ # If not set, this defaults to: WPA-PSK WPA-EAP {% if security.wpa.mode is vyos_defined('wpa3') %} key_mgmt=SAE +{% elif security.wpa.username is vyos_defined %} + key_mgmt=WPA-EAP WPA-EAP-SHA256 {% else %} key_mgmt=WPA-PSK WPA-PSK-SHA256 {% endif %} @@ -76,8 +78,18 @@ network={ # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant # startup and reconfiguration time can be optimized by generating the PSK only # only when the passphrase or SSID has actually changed. +{% if security.wpa.username is vyos_defined %} + identity="{{ security.wpa.username }}" + password="{{ security.wpa.passphrase }}" + phase2="auth=MSCHAPV2" + eap=PEAP +{% elif security.wpa.username is not vyos_defined %} psk="{{ security.wpa.passphrase }}" -{% else %} +{% else %} key_mgmt=NONE +{% endif %} +{% endif %} +{% if bssid is vyos_defined %} + bssid={{ bssid }} {% endif %} } diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 26b81db6f..141a9e8f9 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -256,3 +256,6 @@ python3 /usr/lib/python3/dist-packages/vyos/xml_ref/update_cache.py if [ ! -f /lib/systemd/system/ssh@.service ]; then ln /lib/systemd/system/ssh.service /lib/systemd/system/ssh@.service fi + +# T4287 - as we have a non-signed kernel use the upstream wireless reulatory database +update-alternatives --set regulatory.db /lib/firmware/regulatory.db-upstream diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst index dbad8bfa8..fbfc85566 100644 --- a/debian/vyos-1x.preinst +++ b/debian/vyos-1x.preinst @@ -9,6 +9,3 @@ dpkg-divert --package vyos-1x --add --no-rename /etc/netplug/netplugd.conf dpkg-divert --package vyos-1x --add --no-rename /etc/netplug/netplug dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.d/45-frr.conf dpkg-divert --package vyos-1x --add --no-rename /lib/udev/rules.d/99-systemd.rules - -# T4287 - as we have a non-signed kernel use the upstream wireless reulatory database -update-alternatives --set regulatory.db /lib/firmware/regulatory.db-upstream diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 0a62b3255..fdcb79b19 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -899,15 +899,16 @@ </properties> <defaultValue>wpa+wpa2</defaultValue> </leafNode> + #include <include/generic-username.xml.i> <leafNode name="passphrase"> <properties> - <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> + <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> <valueHelp> <format>txt</format> - <description>Passphrase of at least 8 but not more than 63 printable characters</description> + <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description> </valueHelp> <constraint> - <regex>.{8,63}</regex> + <regex>[[:ascii:]]{1,256}</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> @@ -940,6 +941,19 @@ <constraintErrorMessage>Invalid SSID</constraintErrorMessage> </properties> </leafNode> + <leafNode name="bssid"> + <properties> + <help>Basic Service Set Identifier (BSSID) - currently station mode only</help> + <valueHelp> + <format>macaddr</format> + <description>BSSID (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <constraintErrorMessage>Invalid BSSID</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="type"> <properties> <help>Wireless device type for this interface</help> diff --git a/python/vyos/component_version.py b/python/vyos/component_version.py index 0c305e5e0..94215531d 100644 --- a/python/vyos/component_version.py +++ b/python/vyos/component_version.py @@ -129,6 +129,7 @@ def component_from_string(string: str) -> dict: return {k: int(v) for k, v in re.findall(r'([\w,-]+)@(\d+)', string)} def version_info_from_file(config_file) -> VersionInfo: + """Return config file component and release version info.""" version_info = VersionInfo() try: with open(config_file) as f: @@ -166,9 +167,7 @@ def version_info_from_file(config_file) -> VersionInfo: return version_info def version_info_from_system() -> VersionInfo: - """ - Return system component versions. - """ + """Return system component and release version info.""" d = component_version() sort_d = dict(sorted(d.items(), key=lambda x: x[0])) version_info = VersionInfo( @@ -180,20 +179,18 @@ def version_info_from_system() -> VersionInfo: return version_info def version_info_copy(v: VersionInfo) -> VersionInfo: - """ - Make a copy of dataclass. - """ + """Make a copy of dataclass.""" return replace(v) def version_info_prune_component(x: VersionInfo, y: VersionInfo) -> VersionInfo: - """ - In place pruning of component keys of x not in y. - """ + """In place pruning of component keys of x not in y.""" + if x.component is None or y.component is None: + return x.component = { k: v for k,v in x.component.items() if k in y.component } def add_system_version(config_str: str = None, out_file: str = None): - """ - Wrap config string with system version and write to out_file. + """Wrap config string with system version and write to out_file. + For convenience, calling with no argument will write system version string to stdout, for use in bash scripts. """ diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py index 73944dc8b..5fd7ab6e9 100755 --- a/src/conf_mode/interfaces_wireless.py +++ b/src/conf_mode/interfaces_wireless.py @@ -184,11 +184,18 @@ def verify(wifi): if not any(i in ['passphrase', 'radius'] for i in wpa): raise ConfigError('Misssing WPA key or RADIUS server') + if 'username' in wpa: + if 'passphrase' not in wpa: + raise ConfigError('WPA-Enterprise configured - missing passphrase!') + elif 'passphrase' in wpa: + # check if passphrase meets the regex .{8,63} + if len(wpa['passphrase']) < 8 or len(wpa['passphrase']) > 63: + raise ConfigError('WPA passphrase must be between 8 and 63 characters long') if 'radius' in wpa: if 'server' in wpa['radius']: for server in wpa['radius']['server']: if 'key' not in wpa['radius']['server'][server]: - raise ConfigError(f'Misssing RADIUS shared secret key for server: {server}') + raise ConfigError(f'Missing RADIUS shared secret key for server: {server}') if 'capabilities' in wifi: capabilities = wifi['capabilities'] |