Merge pull request #1156 from yast/nm_wireless_support

Enhance NM writers supporting more authentication modes (WEP, WPA_EAP)

package/yast2-network.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jan 29 15:56:44 UTC 2021 - Knut Anderssen <kanderssen@suse.com>
+
+- Improved the NetworkManager wireless configuration writers adding
+  support for writing WPA-EAP and open WEP authentication modes.
+- 4.3.42
+
+
 -------------------------------------------------------------------
 Tue Jan 26 11:23:33 UTC 2021 - Imobach Gonzalez Sosa <igonzalezsosa@suse.com>
 

package/yast2-network.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2-network
-Version:        4.3.41
+Version:        4.3.42
 Release:        0
 Summary:        YaST2 - Network Configuration
 License:        GPL-2.0-only

src/lib/cfa/interface_file.rb

@@ -264,6 +264,10 @@ def variable_name(param_name)
     #   @return [String] client private key used for encryption in TLS
     define_variable(:wireless_client_key)
 
+    # @!attribute [r] wireless_client_key_password
+    #   @return [String] client private key password used for encryption in TLS
+    define_variable(:wireless_client_key_password)
+
     # @!attribute [r] wireless_eap_mode
     #   @return [String] WPA-EAP outer authentication method
     define_variable(:wireless_eap_mode)

src/lib/y2network/autoinst_profile/interface_section.rb

@@ -394,6 +394,7 @@ def init_from_wireless(config)
         @wireless_channel = config.channel.to_s if config.channel
         @wireless_client_cert = config.client_cert
         @wireless_client_key = config.client_key
+        @wireless_client_key_password = config.client_key_password
         @wireless_essid = config.essid
         @wireless_auth_mode = config.auth_mode.to_s
         @wireless_nick = config.nick

src/lib/y2network/connection_config/wireless.rb

@@ -73,6 +73,8 @@ class Wireless < Base
       attr_accessor :client_cert
       # @return [String] client private key used to encrypt for TLS
       attr_accessor :client_key
+      # @return [String] client private key password
+      attr_accessor :client_key_password
 
       def initialize
         super
@@ -86,7 +88,7 @@ def initialize
         self.keys = []
         self.default_key = 0
         self.eap_mode = "PEAP"
-        self.eap_auth = "MSCHAPV2"
+        self.eap_auth = "mschapv2"
         self.ap_scanmode = 1
         # For WIFI DHCP makes more sense as majority of wifi routers act as dhcp servers
         self.bootproto = BootProtocol::DHCP
@@ -98,7 +100,7 @@ def ==(other)
         [:mode, :essid, :nwid, :auth_mode, :wpa_psk, :key_length, :keys, :default_key, :nick,
          :eap_mode, :eap_auth, :channel, :frequency, :bitrate, :ap, :ap_scanmode,
          :wpa_password, :wpa_identity, :wpa_anonymous_identity, :ca_cert, :client_cert,
-         :client_key].all? do |method|
+         :client_key, :client_key_password].all? do |method|
           public_send(method) == other.public_send(method)
         end
       end
@@ -109,6 +111,13 @@ def ==(other)
       def mode=(wireless_mode)
         @mode = wireless_mode.to_s.downcase
       end
+
+      # Convenience method to check whether there are some WEP key defined
+      #
+      # @return [Boolean] return true if there is at least one not empty key
+      def keys?
+        !(keys || []).compact.all?(&:empty?)
+      end
     end
   end
 end

src/lib/y2network/interface_config_builders/wireless.rb

@@ -53,6 +53,7 @@ def access_point=(value)
         :wpa_anonymous_identity, :wpa_anonymous_identity=,
         :ca_cert, :ca_cert=,
         :client_key, :client_key=,
+        :client_key_password, :client_key_password=,
         :client_cert, :client_cert=,
         :channel, :channel=,
         :bitrate, :bitrate=,

src/lib/y2network/network_manager/connection_config_writers/wireless.rb

@@ -25,30 +25,19 @@ module ConnectionConfigWriters
       # This class is responsible for writing the information from a ConnectionConfig::Wireless
       # object to the underlying system.
       class Wireless < Base
+        DEFAULT_MODE = "infrastructure".freeze
         MODE = { "ad-hoc" => "ad-hoc", "master" => "ap", "managed" => "infrastructure" }.freeze
 
         # @see Y2Network::ConnectionConfigWriters::Base#update_file
         def update_file(conn)
           file.connection["type"] = "wifi"
           file.wifi["ssid"] = conn.essid unless conn.essid.to_s.empty?
-          file.wifi["mode"] = MODE[conn.mode]
+          file.wifi["mode"] = MODE[conn.mode] || DEFAULT_MODE
           file.wifi["channel"] = con.channel if conn.channel
 
           write_auth_settings(conn)
         end
 
-        # Writes autentication settings for WPA-EAP networks
-        #
-        # @param _conn [Y2Network::ConnectionConfig::Base] Configuration to write
-        def write_eap_auth_settings(_conn)
-          # FIXME: incomplete
-          file.wifi_security["key-mgmt"] = "wpa-eap"
-          # wrong section name
-          #
-          # file.802_1x["eap"] = conn.eap_mode
-          # file.802_1x["phase2-auth"] = conn.eap_auth
-        end
-
         # Writes authentication settings
         #
         # This method relies in `write_*_auth_settings` methods.
@@ -58,25 +47,83 @@ def write_eap_auth_settings(_conn)
         #
         # @see #write_eap_auth_settings
         # @see #write_psk_auth_settings
+        # @see #write_open_auth_settings
         # @see #write_shared_auth_settings
         def write_auth_settings(conn)
-          meth = "write_#{conn.auth_mode}_auth_settings".to_sym
+          auth_mode = conn.auth_mode || :open
+          meth = "write_#{auth_mode}_auth_settings"
           send(meth, conn) if respond_to?(meth, true)
         end
 
+        # Writes autentication settings for WPA-EAP networks
+        #
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_eap_auth_settings(conn)
+          file.wifi_security["key-mgmt"] = "wpa-eap"
+          section = file.section_for("802-1x")
+
+          section["eap"] = conn.eap_mode.downcase if conn.eap_mode
+          section["phase2-auth"] = conn.eap_auth if conn.eap_auth
+          section["password"] = conn.wpa_password if conn.wpa_password && conn.eap_mode != "TLS"
+          section["anonymous-identity"] = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS"
+          section["identity"] = conn.wpa_identity if conn.wpa_identity
+          section["ca-cert"] = conn.ca_cert if conn.ca_cert
+
+          return unless conn.eap_mode == "TLS"
+
+          section["client-cert"] = conn.client_cert
+          section["private-key"] = conn.client_key
+          section["private-key-password"] = conn.client_key_password
+        end
+
         # Writes autentication settings for WPA-PSK networks
         #
         # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
         def write_psk_auth_settings(conn)
-          file.wifi_security["auth-alg"] = "open"
           file.wifi_security["key-mgmt"] = "wpa-psk"
+          file.wifi_security["auth-alg"] = "open"
           file.wifi_security["psk"] = conn.wpa_psk
         end
 
         # Writes autentication settings for WEP networks
         #
-        # @param _conn [Y2Network::ConnectionConfig::Base] Configuration to write
-        def write_shared_auth_settings(_conn); end
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_wep_auth_settings(conn)
+          file.wifi_security["key-mgmt"] = "none"
+          default_key_idx = conn.default_key || 0
+          file.wifi_security["wep-tx-keyidx"] = default_key_idx.to_s if !default_key_idx.zero?
+          conn.keys.each_with_index do |v, i|
+            next if v.to_s.empty?
+
+            file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh]:/, "")
+          end
+          passphrase_used = conn.keys[default_key_idx].to_s.start_with?(/h:/)
+          # see https://developer.gnome.org/libnm/stable/NMSettingWirelessSecurity.html#NMWepKeyType
+          # 1: Hex or ASCII, 2: 104/128-bit Passphrase
+          file.wifi_security["wep-key-type"] = passphrase_used ? "2" : "1"
+
+          true
+        end
+
+        # Writes autentication settings for WEP networks (open auth)
+        #
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_open_auth_settings(conn)
+          return unless conn.keys?
+
+          file.wifi_security["auth-alg"] = "open"
+          write_wep_auth_settings(conn)
+        end
+
+        # Writes autentication settings for WEP networks (shared auth)
+        #
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_shared_auth_settings(conn)
+          return unless conn.keys?
+
+          file.wifi_security["auth-alg"] = "shared"
+          write_wep_auth_settings(conn)
+        end
       end
     end
   end

src/lib/y2network/wicked/connection_config_readers/wireless.rb

@@ -31,7 +31,7 @@ def update_connection_config(conn)
           conn.ap_scanmode = file.wireless_ap_scanmode
           conn.auth_mode = transform_auth_mode(file.wireless_auth_mode)
           conn.default_key = file.wireless_default_key
-          conn.eap_auth = file.wireless_eap_auth
+          conn.eap_auth = file.wireless_eap_auth if file.wireless_eap_auth
           conn.eap_mode = file.wireless_eap_mode
           conn.essid = file.wireless_essid
           conn.key_length = file.wireless_key_length
@@ -41,6 +41,7 @@ def update_connection_config(conn)
           conn.ca_cert = file.wireless_ca_cert
           conn.client_cert = file.wireless_client_cert
           conn.client_key = file.wireless_client_key
+          conn.client_key_password = file.wireless_client_key_password
           conn.wpa_password = file.wireless_wpa_password
           conn.wpa_psk = file.wireless_wpa_psk
           conn.wpa_identity = file.wireless_wpa_identity

src/lib/y2network/wicked/connection_config_writers/wireless.rb

@@ -34,7 +34,7 @@ def update_file(conn)
           file.wireless_nwid = conn.nwid
           file.wireless_channel = conn.channel
           file.wireless_rate = conn.bitrate
-          write_auth_settings(conn) if conn.auth_mode
+          write_auth_settings(conn)
         end
 
       private
@@ -50,8 +50,8 @@ def update_file(conn)
         # @see #write_psk_auth_settings
         # @see #write_shared_auth_settings
         def write_auth_settings(conn)
-          file.wireless_auth_mode = conn.auth_mode || :open
-          meth = "write_#{conn.auth_mode}_auth_settings".to_sym
+          file.wireless_auth_mode = conn.auth_mode
+          meth = "write_#{conn.auth_mode || :open}_auth_settings".to_sym
           send(meth, conn) if respond_to?(meth, true)
         end
 
@@ -60,12 +60,16 @@ def write_auth_settings(conn)
         # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
         def write_eap_auth_settings(conn)
           file.wireless_eap_mode = conn.eap_mode
+          file.wireless_eap_auth = conn.eap_auth
           file.wireless_wpa_password = conn.wpa_password
           file.wireless_wpa_identity = conn.wpa_identity
           file.wireless_ca_cert = conn.ca_cert
           file.wireless_wpa_anonid = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS"
-          file.wireless_client_cert = conn.client_cert if conn.eap_mode == "TLS"
-          file.wireless_client_key = conn.client_key if conn.eap_mode == "TLS"
+          return unless conn.eap_mode == "TLS"
+
+          file.wireless_client_cert = conn.client_cert
+          file.wireless_client_key = conn.client_key
+          file.wireless_client_key_password = conn.client_key_password
         end
 
         # Writes autentication settings for WPA-PSK networks
@@ -75,14 +79,26 @@ def write_psk_auth_settings(conn)
           file.wireless_wpa_psk = conn.wpa_psk
         end
 
-        # Writes autentication settings for WEP networks
+        # Writes autentication settings for WEP networks (open or shared)
         #
         # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
-        def write_shared_auth_settings(conn)
+        def write_wep_auth_settings(conn)
+          return if (conn.keys || []).compact.all?(&:empty?)
+
           file.wireless_keys = conn.keys
           file.wireless_key_length = conn.key_length
           file.wireless_default_key = conn.default_key
         end
+
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_open_auth_settings(conn)
+          write_wep_auth_settings(conn)
+        end
+
+        # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write
+        def write_shared_auth_settings(conn)
+          write_wep_auth_settings(conn)
+        end
       end
     end
   end

src/lib/y2network/widgets/client_key_path.rb → src/lib/y2network/widgets/client_key.rb

@@ -21,6 +21,34 @@
 
 module Y2Network
   module Widgets
+    # Widget that represent EAP Client Key password
+    class ClientKeyPassword < CWM::Password
+      def initialize(builder)
+        @builder = builder
+        textdomain "network"
+      end
+
+      def opt
+        [:hstretch]
+      end
+
+      def label
+        _("Client Key Password")
+      end
+
+      def init
+        self.value = @builder.client_key_password
+      end
+
+      def store
+        @builder.client_key_password = value
+      end
+
+      def help
+        "" # TODO: write it
+      end
+    end
+
     class ClientKeyPath < PathWidget
       def initialize(builder)
         textdomain "network"

src/lib/y2network/widgets/path_widget.rb

@@ -33,8 +33,11 @@ def initialize
 
       def contents
         HBox(
-          InputField(Id(text_id), label),
-          PushButton(Id(button_id), button_label)
+          InputField(Id(text_id), Opt(:hstretch), label),
+          VBox(
+            VSpacing(1),
+            PushButton(Id(button_id), button_label)
+          )
         )
       end