Skip to content

Commit

Permalink
wireless: T6496: support for EAP-MSCHAPv2 client over wifi
Browse files Browse the repository at this point in the history 
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`

fix: attempt to fix indentation on `wpa_supplicant.conf.j2`

fix: incorrect bssid mapping

fix: use the correct jinja templating (I think)

fix: “remote blank space

fix: attempt to fix the formatting in j2

fix: attempt to fix the formatting in j2

feat: rename enterprise username and password + add checks in conf mode.

fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part

fix: fix indentation on `wpa_supplicant.conf.j2`
  • Loading branch information
@part1cleth1ef
part1cleth1ef committed Jun 23, 2024
1 parent 50a5a29 commit fe4b3e1
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 4 deletions.
16 changes: 14 additions & 2 deletions data/templates/wifi/wpa_supplicant.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ network={
# this will add latency to scanning, so enable this only when needed)
scan_ssid=1

{% if security.wpa.passphrase is vyos_defined %}
{% if security.wpa.passphrase is vyos_defined or security.wpa.enterprise_passphrase %}
# ieee80211w: whether management frame protection is enabled
# 0 = disabled (default unless changed with the global pmf parameter)
# 1 = optional
Expand Down Expand Up @@ -61,6 +61,8 @@ network={
# If not set, this defaults to: WPA-PSK WPA-EAP
{% if security.wpa.mode is vyos_defined('wpa3') %}
key_mgmt=SAE
{% elif security.wpa.enterprise_username is vyos_defined %}
key_mgmt=WPA-EAP WPA-EAP-SHA256
{% else %}
key_mgmt=WPA-PSK WPA-PSK-SHA256
{% endif %}
Expand All @@ -76,8 +78,18 @@ network={
# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
# startup and reconfiguration time can be optimized by generating the PSK only
# only when the passphrase or SSID has actually changed.
{% if security.wpa.enterprise_username is vyos_defined %}
identity="{{ security.wpa.enterprise_username }}"
password="{{ security.wpa.enterprise_passphrase }}"
phase2="auth=MSCHAPV2"
eap=PEAP
{% elif security.wpa.enterprise_username is not vyos_defined %}
psk="{{ security.wpa.passphrase }}"
{% else %}
{% else %}
key_mgmt=NONE
{% endif %}
{% endif %}
{% if security.bssid is vyos_defined %}
bssid={{ security.bssid }}
{% endif %}
}
37 changes: 36 additions & 1 deletion interface-definitions/interfaces_wireless.xml.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -599,6 +599,15 @@
<help>Wireless security settings</help>
</properties>
<children>
<leafNode name="bssid">
<properties>
<help>Basic Service Set Identifier (BSSID)</help>
<constraint>
<regex>([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}</regex>
</constraint>
<constraintErrorMessage>Invalid BSSID</constraintErrorMessage>
</properties>
</leafNode>
<node name="station-address">
<properties>
<help>Station MAC address based authentication</help>
Expand Down Expand Up @@ -759,9 +768,22 @@
</properties>
<defaultValue>wpa+wpa2</defaultValue>
</leafNode>
<leafNode name="enterprise_username">
<properties>
<help>WPA Enterprise username (MSCHAPv2)</help>
<valueHelp>
<format>txt</format>
<description>A username (domains can be specified using standard AD syntax)</description>
</valueHelp>
<constraint>
<regex>.*</regex>
</constraint>
<constraintErrorMessage>Somehow you've managed to break the .* regex...</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="passphrase">
<properties>
<help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
<help>WPA personal shared passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help>
<valueHelp>
<format>txt</format>
<description>Passphrase of at least 8 but not more than 63 printable characters</description>
Expand All @@ -772,6 +794,19 @@
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enterprise_passphrase">
<properties>
<help>WPA enterprise passphrase. If you are using special characters in the passphrase then single quotes are required.</help>
<valueHelp>
<format>txt</format>
<description>Passphrase of at least 8 but not more than 63 printable characters</description>
</valueHelp>
<constraint>
<regex>.*</regex>
</constraint>
<constraintErrorMessage>Somehow you've managed to break the .* regex...</constraintErrorMessage>
</properties>
</leafNode>
#include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
Expand Down
7 changes: 6 additions & 1 deletion src/conf_mode/interfaces_wireless.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,14 @@ def verify(wifi):

elif 'wpa' in wifi['security']:
wpa = wifi['security']['wpa']
if not any(i in ['passphrase', 'radius'] for i in wpa):
if not any(i in ['passphrase', 'enterprise_passphrase', 'radius'] for i in wpa):
raise ConfigError('Misssing WPA key or RADIUS server')

if 'enterprise_passphrase' in wpa:
if 'passphrase' in wpa:
raise ConfigError('Cannot use both WPA-Personal and WPA-Enterprise!')
elif 'enterprise_username' not in wpa:
raise ConfigError('Enterprise passphrase configured - missing username!')
if 'radius' in wpa:
if 'server' in wpa['radius']:
for server in wpa['radius']['server']:
Expand Down

0 comments on commit fe4b3e1

Please sign in to comment.