From 873f0fa6ca054328acab6d25c0148ceb35c7a0d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Wed, 27 Jan 2021 12:11:53 +0000 Subject: [PATCH 01/13] Added some eap attributes drop when moved to network-ng --- src/lib/y2network/autoinst_profile/interface_section.rb | 1 + src/lib/y2network/connection_config/wireless.rb | 2 ++ src/lib/y2network/interface_config_builders/wireless.rb | 1 + src/lib/y2network/wicked/connection_config_writers/wireless.rb | 1 + 4 files changed, 5 insertions(+) diff --git a/src/lib/y2network/autoinst_profile/interface_section.rb b/src/lib/y2network/autoinst_profile/interface_section.rb index 663af6999..118b0ce1d 100644 --- a/src/lib/y2network/autoinst_profile/interface_section.rb +++ b/src/lib/y2network/autoinst_profile/interface_section.rb @@ -394,6 +394,7 @@ def init_from_wireless(config) @wireless_channel = config.channel.to_s if config.channel @wireless_client_cert = config.client_cert @wireless_client_key = config.client_key + @wireless_client_key_password = config.client_key_password @wireless_essid = config.essid @wireless_auth_mode = config.auth_mode.to_s @wireless_nick = config.nick diff --git a/src/lib/y2network/connection_config/wireless.rb b/src/lib/y2network/connection_config/wireless.rb index 1c8396c4b..eb4df1128 100644 --- a/src/lib/y2network/connection_config/wireless.rb +++ b/src/lib/y2network/connection_config/wireless.rb @@ -73,6 +73,8 @@ class Wireless < Base attr_accessor :client_cert # @return [String] client private key used to encrypt for TLS attr_accessor :client_key + # @return [String] client private key password + attr_accessor :client_key_password def initialize super diff --git a/src/lib/y2network/interface_config_builders/wireless.rb b/src/lib/y2network/interface_config_builders/wireless.rb index d22e01d5f..bf458509b 100644 --- a/src/lib/y2network/interface_config_builders/wireless.rb +++ b/src/lib/y2network/interface_config_builders/wireless.rb @@ -53,6 +53,7 @@ def access_point=(value) :wpa_anonymous_identity, :wpa_anonymous_identity=, :ca_cert, :ca_cert=, :client_key, :client_key=, + :client_key_password, :client_key_password=, :client_cert, :client_cert=, :channel, :channel=, :bitrate, :bitrate=, diff --git a/src/lib/y2network/wicked/connection_config_writers/wireless.rb b/src/lib/y2network/wicked/connection_config_writers/wireless.rb index a89520850..96546c30d 100644 --- a/src/lib/y2network/wicked/connection_config_writers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_writers/wireless.rb @@ -60,6 +60,7 @@ def write_auth_settings(conn) # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_eap_auth_settings(conn) file.wireless_eap_mode = conn.eap_mode + file.wireless_eap_auth = conn.eap_auth file.wireless_wpa_password = conn.wpa_password file.wireless_wpa_identity = conn.wpa_identity file.wireless_ca_cert = conn.ca_cert From 6e339e50d5e36f4789ff132e2725ba87931e1bf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Wed, 27 Jan 2021 12:13:18 +0000 Subject: [PATCH 02/13] Added writer for NM WPA_EAP config --- .../connection_config_writers/wireless.rb | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 3d66b0e0d..6651222ac 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -25,13 +25,15 @@ module ConnectionConfigWriters # This class is responsible for writing the information from a ConnectionConfig::Wireless # object to the underlying system. class Wireless < Base + DEFAULT_MODE = "infrastructure".freeze MODE = { "ad-hoc" => "ad-hoc", "master" => "ap", "managed" => "infrastructure" }.freeze + SCHEME_PATH = "file://".freeze # @see Y2Network::ConnectionConfigWriters::Base#update_file def update_file(conn) file.connection["type"] = "wifi" file.wifi["ssid"] = conn.essid unless conn.essid.to_s.empty? - file.wifi["mode"] = MODE[conn.mode] + file.wifi["mode"] = MODE[conn.mode] || DEFAULT_MODE file.wifi["channel"] = con.channel if conn.channel write_auth_settings(conn) @@ -39,14 +41,24 @@ def update_file(conn) # Writes autentication settings for WPA-EAP networks # - # @param _conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_eap_auth_settings(_conn) + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_eap_auth_settings(conn) # FIXME: incomplete file.wifi_security["key-mgmt"] = "wpa-eap" - # wrong section name - # - # file.802_1x["eap"] = conn.eap_mode - # file.802_1x["phase2-auth"] = conn.eap_auth + section = file.section_for("802-1x") + + section["eap"] = conn.eap_mode + section["phase2-auth"] = conn.eap_auth if conn.eap_auth + section["password"] = conn.wpa_password if conn.wpa_password + section["anonymous-identity"] = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS" + section["identity"] = conn.wpa_identity if conn.wpa_identity + section["ca-cert"] = File.join(SCHEME_PATH, conn.ca_cert) if conn.ca_cert + + return unless conn.eap_mode == "TLS" + + section["client-cert"] = File.join(SCHEME_PATH, conn.client_cert) + section["private-key"] = File.join(SCHEME_PATH, conn.client_key) + section["private-key-password"] = File.join(SCHEME_PATH, conn.client_key_password) end # Writes authentication settings From 8f20522546d126f9276508efeefb9441bcfd971a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Wed, 27 Jan 2021 12:13:56 +0000 Subject: [PATCH 03/13] Added writer for NM WEP config --- .../connection_config_writers/wireless.rb | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 6651222ac..e0c2f55ea 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -80,15 +80,30 @@ def write_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_psk_auth_settings(conn) - file.wifi_security["auth-alg"] = "open" file.wifi_security["key-mgmt"] = "wpa-psk" + file.wifi_security["auth-alg"] = "open" file.wifi_security["psk"] = conn.wpa_psk end # Writes autentication settings for WEP networks # - # @param _conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_shared_auth_settings(_conn); end + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_shared_auth_settings(conn) + file.wifi_secutiry["auth-alg"] = "shared" + + return if (conn.keys || []).empty? + + file.wifi_security["key-mgmt"] = "none" + default_key_idx = conn.default_key || 0 + file.wifi_security["wep-tx-keyidx"] = default_key_idx + conn.keys.each_with_index do |v, i| + file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh:]/, "") + end + passphrase_used = conn.keys[conn.default_key_idx].to_s.start_with(/h:/) + # see https://developer.gnome.org/libnm/stable/NMSettingWirelessSecurity.html#NMWepKeyType + # 1: Hex or ASCII, 2: 104/128-bit Passphrase + file.wifi_security["wep-key-type"] = passphrase_used ? 2 : 1 + end end end end From 570753edd609f8b31293648d42f37201e6dfa812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Wed, 27 Jan 2021 12:16:50 +0000 Subject: [PATCH 04/13] Added widget for the EAP TLS client key password It also does some stretch of the widgets in order to use all the available space --- src/lib/cfa/interface_file.rb | 4 +++ .../y2network/connection_config/wireless.rb | 2 +- .../connection_config_readers/wireless.rb | 1 + .../connection_config_writers/wireless.rb | 7 +++-- .../{client_key_path.rb => client_key.rb} | 28 +++++++++++++++++++ src/lib/y2network/widgets/path_widget.rb | 7 +++-- src/lib/y2network/widgets/wireless_eap.rb | 18 ++++++++---- 7 files changed, 57 insertions(+), 10 deletions(-) rename src/lib/y2network/widgets/{client_key_path.rb => client_key.rb} (71%) diff --git a/src/lib/cfa/interface_file.rb b/src/lib/cfa/interface_file.rb index d77cebda8..3b2e8ca62 100644 --- a/src/lib/cfa/interface_file.rb +++ b/src/lib/cfa/interface_file.rb @@ -264,6 +264,10 @@ def variable_name(param_name) # @return [String] client private key used for encryption in TLS define_variable(:wireless_client_key) + # @!attribute [r] wireless_client_key_password + # @return [String] client private key password used for encryption in TLS + define_variable(:wireless_client_key_password) + # @!attribute [r] wireless_eap_mode # @return [String] WPA-EAP outer authentication method define_variable(:wireless_eap_mode) diff --git a/src/lib/y2network/connection_config/wireless.rb b/src/lib/y2network/connection_config/wireless.rb index eb4df1128..88788742e 100644 --- a/src/lib/y2network/connection_config/wireless.rb +++ b/src/lib/y2network/connection_config/wireless.rb @@ -100,7 +100,7 @@ def ==(other) [:mode, :essid, :nwid, :auth_mode, :wpa_psk, :key_length, :keys, :default_key, :nick, :eap_mode, :eap_auth, :channel, :frequency, :bitrate, :ap, :ap_scanmode, :wpa_password, :wpa_identity, :wpa_anonymous_identity, :ca_cert, :client_cert, - :client_key].all? do |method| + :client_key, :client_key_password].all? do |method| public_send(method) == other.public_send(method) end end diff --git a/src/lib/y2network/wicked/connection_config_readers/wireless.rb b/src/lib/y2network/wicked/connection_config_readers/wireless.rb index 3c4a96252..77a2833ff 100644 --- a/src/lib/y2network/wicked/connection_config_readers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_readers/wireless.rb @@ -41,6 +41,7 @@ def update_connection_config(conn) conn.ca_cert = file.wireless_ca_cert conn.client_cert = file.wireless_client_cert conn.client_key = file.wireless_client_key + conn.client_key_password = file.wireless_client_key_password conn.wpa_password = file.wireless_wpa_password conn.wpa_psk = file.wireless_wpa_psk conn.wpa_identity = file.wireless_wpa_identity diff --git a/src/lib/y2network/wicked/connection_config_writers/wireless.rb b/src/lib/y2network/wicked/connection_config_writers/wireless.rb index 96546c30d..faf971860 100644 --- a/src/lib/y2network/wicked/connection_config_writers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_writers/wireless.rb @@ -65,8 +65,11 @@ def write_eap_auth_settings(conn) file.wireless_wpa_identity = conn.wpa_identity file.wireless_ca_cert = conn.ca_cert file.wireless_wpa_anonid = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS" - file.wireless_client_cert = conn.client_cert if conn.eap_mode == "TLS" - file.wireless_client_key = conn.client_key if conn.eap_mode == "TLS" + return unless conn.eap_mode == "TLS" + + file.wireless_client_cert = conn.client_cert + file.wireless_client_key = conn.client_key + file.wireless_client_key_password = conn.client_key_password end # Writes autentication settings for WPA-PSK networks diff --git a/src/lib/y2network/widgets/client_key_path.rb b/src/lib/y2network/widgets/client_key.rb similarity index 71% rename from src/lib/y2network/widgets/client_key_path.rb rename to src/lib/y2network/widgets/client_key.rb index ccc16a25d..5cd12e696 100644 --- a/src/lib/y2network/widgets/client_key_path.rb +++ b/src/lib/y2network/widgets/client_key.rb @@ -21,6 +21,34 @@ module Y2Network module Widgets + # Widget that represent EAP Client Key password + class ClientKeyPassword < CWM::Password + def initialize(builder) + @builder = builder + textdomain "network" + end + + def opt + [:hstretch] + end + + def label + _("Client Key Password") + end + + def init + self.value = @builder.client_key_password + end + + def store + @builder.client_key_password = value + end + + def help + "" # TODO: write it + end + end + class ClientKeyPath < PathWidget def initialize(builder) textdomain "network" diff --git a/src/lib/y2network/widgets/path_widget.rb b/src/lib/y2network/widgets/path_widget.rb index 1bf76b239..8918e8ef4 100644 --- a/src/lib/y2network/widgets/path_widget.rb +++ b/src/lib/y2network/widgets/path_widget.rb @@ -33,8 +33,11 @@ def initialize def contents HBox( - InputField(Id(text_id), label), - PushButton(Id(button_id), button_label) + InputField(Id(text_id), Opt(:hstretch), label), + VBox( + VSpacing(1), + PushButton(Id(button_id), button_label) + ) ) end diff --git a/src/lib/y2network/widgets/wireless_eap.rb b/src/lib/y2network/widgets/wireless_eap.rb index fb23069e9..4aa593fb5 100644 --- a/src/lib/y2network/widgets/wireless_eap.rb +++ b/src/lib/y2network/widgets/wireless_eap.rb @@ -23,7 +23,7 @@ require "y2network/widgets/wireless_eap_mode" require "y2network/widgets/server_ca_path" require "y2network/widgets/client_cert_path" -require "y2network/widgets/client_key_path" +require "y2network/widgets/client_key" module Y2Network module Widgets @@ -50,6 +50,7 @@ def handle(event) def contents VBox( + HStretch(), eap_mode, VSpacing(0.2), replace_widget @@ -99,7 +100,7 @@ def initialize(settings) def contents VBox( - HBox(EapUser.new(@settings), EapPassword.new(@settings)), + HBox(EapUser.new(@settings), HSpacing(1), EapPassword.new(@settings)), ServerCAPath.new(@settings) ) end @@ -115,7 +116,7 @@ def initialize(settings) def contents VBox( - HBox(EapUser.new(@settings), EapPassword.new(@settings)), + HBox(EapUser.new(@settings), HSpacing(1), EapPassword.new(@settings)), EapAnonymousUser.new(@settings), ServerCAPath.new(@settings) ) @@ -132,9 +133,12 @@ def initialize(settings) def contents VBox( + HStretch(), + ClientCertPath.new(@settings), HBox( - ClientCertPath.new(@settings), - ClientKeyPath.new(@settings) + ClientKeyPath.new(@settings), + HSpacing(1), + ClientKeyPassword.new(@settings) ), ServerCAPath.new(@settings) ) @@ -152,6 +156,10 @@ def label _("Password") end + def opt + [:hstretch] + end + def init self.value = @builder.wpa_password end From d6a05d263e0d8807671a98d671a64f985f3370ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Thu, 28 Jan 2021 09:22:19 +0000 Subject: [PATCH 05/13] Fix write of WEP keys for open auth mode --- .../wicked/connection_config_readers/wireless.rb | 2 +- .../wicked/connection_config_writers/wireless.rb | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/lib/y2network/wicked/connection_config_readers/wireless.rb b/src/lib/y2network/wicked/connection_config_readers/wireless.rb index 77a2833ff..3f7253a48 100644 --- a/src/lib/y2network/wicked/connection_config_readers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_readers/wireless.rb @@ -57,7 +57,7 @@ def update_connection_config(conn) # Reads the array of wireless keys from the file def wireless_keys - (0..MAX_WIRELESS_KEYS - 1).map { |i| file.wireless_keys["_#{i}"] } + (0..MAX_WIRELESS_KEYS - 1).map { |i| file.wireless_keys["_#{i}"].to_s } end BACKWARD_MAPPING = { diff --git a/src/lib/y2network/wicked/connection_config_writers/wireless.rb b/src/lib/y2network/wicked/connection_config_writers/wireless.rb index faf971860..af844e046 100644 --- a/src/lib/y2network/wicked/connection_config_writers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_writers/wireless.rb @@ -79,15 +79,27 @@ def write_psk_auth_settings(conn) file.wireless_wpa_psk = conn.wpa_psk end - # Writes autentication settings for WEP networks + # Writes autentication settings for WEP networks (open or shared) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_shared_auth_settings(conn) + def write_wep_auth_settings(conn) + return if (conn.keys || []).empty? + file.wireless_keys = conn.keys file.wireless_key_length = conn.key_length file.wireless_default_key = conn.default_key end end + + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_open_auth_settings(conn) + write_wep_auth_settings(conn) + end + + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_shared_auth_settings(conn) + write_wep_auth_settings(conn) + end end end end From a5073af2c44b0e1d91210d10c12b4e0d42138f16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Thu, 28 Jan 2021 13:58:37 +0000 Subject: [PATCH 06/13] Remove not needed scheme path and fix WEP open config --- .../connection_config_writers/wireless.rb | 71 ++++++++++++------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index e0c2f55ea..4fb69be53 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -27,7 +27,6 @@ module ConnectionConfigWriters class Wireless < Base DEFAULT_MODE = "infrastructure".freeze MODE = { "ad-hoc" => "ad-hoc", "master" => "ap", "managed" => "infrastructure" }.freeze - SCHEME_PATH = "file://".freeze # @see Y2Network::ConnectionConfigWriters::Base#update_file def update_file(conn) @@ -39,6 +38,21 @@ def update_file(conn) write_auth_settings(conn) end + # Writes authentication settings + # + # This method relies in `write_*_auth_settings` methods. + # + # + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + # + # @see #write_eap_auth_settings + # @see #write_psk_auth_settings + # @see #write_shared_auth_settings + def write_auth_settings(conn) + meth = "write_#{conn.auth_mode}_auth_settings".to_sym + send(meth, conn) if respond_to?(meth, true) + end + # Writes autentication settings for WPA-EAP networks # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write @@ -52,28 +66,13 @@ def write_eap_auth_settings(conn) section["password"] = conn.wpa_password if conn.wpa_password section["anonymous-identity"] = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS" section["identity"] = conn.wpa_identity if conn.wpa_identity - section["ca-cert"] = File.join(SCHEME_PATH, conn.ca_cert) if conn.ca_cert + section["ca-cert"] = conn.ca_cert if conn.ca_cert return unless conn.eap_mode == "TLS" - section["client-cert"] = File.join(SCHEME_PATH, conn.client_cert) - section["private-key"] = File.join(SCHEME_PATH, conn.client_key) - section["private-key-password"] = File.join(SCHEME_PATH, conn.client_key_password) - end - - # Writes authentication settings - # - # This method relies in `write_*_auth_settings` methods. - # - # - # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write - # - # @see #write_eap_auth_settings - # @see #write_psk_auth_settings - # @see #write_shared_auth_settings - def write_auth_settings(conn) - meth = "write_#{conn.auth_mode}_auth_settings".to_sym - send(meth, conn) if respond_to?(meth, true) + section["client-cert"] = conn.client_cert + section["private-key"] = conn.client_key + section["private-key-password"] = conn.client_key_password end # Writes autentication settings for WPA-PSK networks @@ -88,21 +87,39 @@ def write_psk_auth_settings(conn) # Writes autentication settings for WEP networks # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_shared_auth_settings(conn) - file.wifi_secutiry["auth-alg"] = "shared" + def write_wep_auth_settings(conn) + file.wifi_security["key-mgmt"] = "none" - return if (conn.keys || []).empty? + return if (conn.keys || []).all?(&:empty?) - file.wifi_security["key-mgmt"] = "none" default_key_idx = conn.default_key || 0 - file.wifi_security["wep-tx-keyidx"] = default_key_idx + file.wifi_security["wep-tx-keyidx"] = default_key_idx.to_s if !default_key_idx.zero? conn.keys.each_with_index do |v, i| + next if v.empty? file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh:]/, "") end - passphrase_used = conn.keys[conn.default_key_idx].to_s.start_with(/h:/) + passphrase_used = conn.keys[default_key_idx].to_s.start_with?(/h:/) # see https://developer.gnome.org/libnm/stable/NMSettingWirelessSecurity.html#NMWepKeyType # 1: Hex or ASCII, 2: 104/128-bit Passphrase - file.wifi_security["wep-key-type"] = passphrase_used ? 2 : 1 + file.wifi_security["wep-key-type"] = passphrase_used ? "2" : "1" + end + + # Writes autentication settings for WEP networks (open auth) + # + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_open_auth_settings(conn) + file.wifi_security["auth-alg"] = "open" + + write_wep_auth_settings(conn) + end + + # Writes autentication settings for WEP networks (shared auth) + # + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_shared_auth_settings(conn) + file.wifi_security["auth-alg"] = "shared" + + write_wep_auth_settings(conn) end end end From 985c3912ae35addcf8b1d9cd5935ecbc05a68b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Thu, 28 Jan 2021 15:31:47 +0000 Subject: [PATCH 07/13] We need to initialize the eap_mode widget before refreshing --- .../network_manager/connection_config_writers/wireless.rb | 1 + src/lib/y2network/widgets/wireless_eap.rb | 2 ++ 2 files changed, 3 insertions(+) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 4fb69be53..e9d8e2c22 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -96,6 +96,7 @@ def write_wep_auth_settings(conn) file.wifi_security["wep-tx-keyidx"] = default_key_idx.to_s if !default_key_idx.zero? conn.keys.each_with_index do |v, i| next if v.empty? + file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh:]/, "") end passphrase_used = conn.keys[default_key_idx].to_s.start_with?(/h:/) diff --git a/src/lib/y2network/widgets/wireless_eap.rb b/src/lib/y2network/widgets/wireless_eap.rb index 4aa593fb5..9a9f809cd 100644 --- a/src/lib/y2network/widgets/wireless_eap.rb +++ b/src/lib/y2network/widgets/wireless_eap.rb @@ -38,6 +38,7 @@ def initialize(settings) end def init + eap_mode.init refresh end @@ -134,6 +135,7 @@ def initialize(settings) def contents VBox( HStretch(), + EapUser.new(@settings), ClientCertPath.new(@settings), HBox( ClientKeyPath.new(@settings), From 082ae2743c87ef73215d6533ed571b4422505f20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Thu, 28 Jan 2021 16:23:51 +0000 Subject: [PATCH 08/13] EAP mode has to be downcased --- .../network_manager/connection_config_writers/wireless.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index e9d8e2c22..18483cb90 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -61,7 +61,7 @@ def write_eap_auth_settings(conn) file.wifi_security["key-mgmt"] = "wpa-eap" section = file.section_for("802-1x") - section["eap"] = conn.eap_mode + section["eap"] = conn.eap_mode.downcase if conn.eap_mode section["phase2-auth"] = conn.eap_auth if conn.eap_auth section["password"] = conn.wpa_password if conn.wpa_password section["anonymous-identity"] = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS" From 0c44b74a3e1016a499537bb1995bfb5e0512481f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Thu, 28 Jan 2021 20:36:37 +0000 Subject: [PATCH 09/13] Fix eap_auth initialization --- src/lib/y2network/connection_config/wireless.rb | 2 +- src/lib/y2network/wicked/connection_config_readers/wireless.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/y2network/connection_config/wireless.rb b/src/lib/y2network/connection_config/wireless.rb index 88788742e..7beeb1eef 100644 --- a/src/lib/y2network/connection_config/wireless.rb +++ b/src/lib/y2network/connection_config/wireless.rb @@ -88,7 +88,7 @@ def initialize self.keys = [] self.default_key = 0 self.eap_mode = "PEAP" - self.eap_auth = "MSCHAPV2" + self.eap_auth = "mschapv2" self.ap_scanmode = 1 # For WIFI DHCP makes more sense as majority of wifi routers act as dhcp servers self.bootproto = BootProtocol::DHCP diff --git a/src/lib/y2network/wicked/connection_config_readers/wireless.rb b/src/lib/y2network/wicked/connection_config_readers/wireless.rb index 3f7253a48..12cab0f26 100644 --- a/src/lib/y2network/wicked/connection_config_readers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_readers/wireless.rb @@ -31,7 +31,7 @@ def update_connection_config(conn) conn.ap_scanmode = file.wireless_ap_scanmode conn.auth_mode = transform_auth_mode(file.wireless_auth_mode) conn.default_key = file.wireless_default_key - conn.eap_auth = file.wireless_eap_auth + conn.eap_auth = file.wireless_eap_auth if file.wireless_eap_auth conn.eap_mode = file.wireless_eap_mode conn.essid = file.wireless_essid conn.key_length = file.wireless_key_length From bc2f086ec9b4db6640d1fa344baa394975734908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Fri, 29 Jan 2021 15:41:33 +0000 Subject: [PATCH 10/13] Improve unit test coverage for NM wireless writer --- .../connection_config_writers/wireless.rb | 21 +-- .../connection_config_readers/wireless.rb | 2 +- .../connection_config_writers/wireless.rb | 24 +-- .../wireless_test.rb | 150 +++++++++++++++++- 4 files changed, 172 insertions(+), 25 deletions(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 18483cb90..876d4e490 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -47,9 +47,11 @@ def update_file(conn) # # @see #write_eap_auth_settings # @see #write_psk_auth_settings + # @see #write_open_auth_settings # @see #write_shared_auth_settings def write_auth_settings(conn) - meth = "write_#{conn.auth_mode}_auth_settings".to_sym + auth_mode = conn.auth_mode || :open + meth = "write_#{auth_mode}_auth_settings".to_sym send(meth, conn) if respond_to?(meth, true) end @@ -63,7 +65,7 @@ def write_eap_auth_settings(conn) section["eap"] = conn.eap_mode.downcase if conn.eap_mode section["phase2-auth"] = conn.eap_auth if conn.eap_auth - section["password"] = conn.wpa_password if conn.wpa_password + section["password"] = conn.wpa_password if conn.wpa_password && conn.eap_mode != "TLS" section["anonymous-identity"] = conn.wpa_anonymous_identity if conn.eap_mode == "TTLS" section["identity"] = conn.wpa_identity if conn.wpa_identity section["ca-cert"] = conn.ca_cert if conn.ca_cert @@ -89,28 +91,28 @@ def write_psk_auth_settings(conn) # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_wep_auth_settings(conn) file.wifi_security["key-mgmt"] = "none" - - return if (conn.keys || []).all?(&:empty?) - default_key_idx = conn.default_key || 0 file.wifi_security["wep-tx-keyidx"] = default_key_idx.to_s if !default_key_idx.zero? conn.keys.each_with_index do |v, i| - next if v.empty? + next if v.to_s.empty? - file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh:]/, "") + file.wifi_security["wep-key#{i}"] = v.gsub(/^[sh]:/, "") end passphrase_used = conn.keys[default_key_idx].to_s.start_with?(/h:/) # see https://developer.gnome.org/libnm/stable/NMSettingWirelessSecurity.html#NMWepKeyType # 1: Hex or ASCII, 2: 104/128-bit Passphrase file.wifi_security["wep-key-type"] = passphrase_used ? "2" : "1" + + true end # Writes autentication settings for WEP networks (open auth) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_open_auth_settings(conn) - file.wifi_security["auth-alg"] = "open" + return if (conn.keys || []).compact.all?(&:empty?) + file.wifi_security["auth-alg"] = "open" write_wep_auth_settings(conn) end @@ -118,8 +120,9 @@ def write_open_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_shared_auth_settings(conn) - file.wifi_security["auth-alg"] = "shared" + return if (conn.keys || []).compact.all?(&:empty?) + file.wifi_security["auth-alg"] = "shared" write_wep_auth_settings(conn) end end diff --git a/src/lib/y2network/wicked/connection_config_readers/wireless.rb b/src/lib/y2network/wicked/connection_config_readers/wireless.rb index 12cab0f26..a28d52a63 100644 --- a/src/lib/y2network/wicked/connection_config_readers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_readers/wireless.rb @@ -57,7 +57,7 @@ def update_connection_config(conn) # Reads the array of wireless keys from the file def wireless_keys - (0..MAX_WIRELESS_KEYS - 1).map { |i| file.wireless_keys["_#{i}"].to_s } + (0..MAX_WIRELESS_KEYS - 1).map { |i| file.wireless_keys["_#{i}"] } end BACKWARD_MAPPING = { diff --git a/src/lib/y2network/wicked/connection_config_writers/wireless.rb b/src/lib/y2network/wicked/connection_config_writers/wireless.rb index af844e046..8d28745ec 100644 --- a/src/lib/y2network/wicked/connection_config_writers/wireless.rb +++ b/src/lib/y2network/wicked/connection_config_writers/wireless.rb @@ -34,7 +34,7 @@ def update_file(conn) file.wireless_nwid = conn.nwid file.wireless_channel = conn.channel file.wireless_rate = conn.bitrate - write_auth_settings(conn) if conn.auth_mode + write_auth_settings(conn) end private @@ -50,8 +50,8 @@ def update_file(conn) # @see #write_psk_auth_settings # @see #write_shared_auth_settings def write_auth_settings(conn) - file.wireless_auth_mode = conn.auth_mode || :open - meth = "write_#{conn.auth_mode}_auth_settings".to_sym + file.wireless_auth_mode = conn.auth_mode + meth = "write_#{conn.auth_mode || :open}_auth_settings".to_sym send(meth, conn) if respond_to?(meth, true) end @@ -83,22 +83,22 @@ def write_psk_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_wep_auth_settings(conn) - return if (conn.keys || []).empty? + return if (conn.keys || []).compact.all?(&:empty?) file.wireless_keys = conn.keys file.wireless_key_length = conn.key_length file.wireless_default_key = conn.default_key end - end - # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_open_auth_settings(conn) - write_wep_auth_settings(conn) - end + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_open_auth_settings(conn) + write_wep_auth_settings(conn) + end - # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write - def write_shared_auth_settings(conn) - write_wep_auth_settings(conn) + # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write + def write_shared_auth_settings(conn) + write_wep_auth_settings(conn) + end end end end diff --git a/test/y2network/network_manager/connection_config_writers/wireless_test.rb b/test/y2network/network_manager/connection_config_writers/wireless_test.rb index e0930a261..af116d680 100644 --- a/test/y2network/network_manager/connection_config_writers/wireless_test.rb +++ b/test/y2network/network_manager/connection_config_writers/wireless_test.rb @@ -43,7 +43,7 @@ end describe "#write" do - it "sets relevant attributes" do + it "sets device and IP relevant attributes" do handler.write(conn) expect(file.wifi["ssid"]).to eql(conn.essid) expect(file.wifi["mode"]).to eql("infrastructure") @@ -51,7 +51,39 @@ expect(file.ipv6["method"]).to eql("auto") end - context "WPA-PSK network configuration" do + context "when configuring without encryption" do + it "does not set any authentication" do + handler.write(conn) + expect(file.wifi_security["auth-alg"]).to be(nil) + end + end + + context "when configuring with WEP authentication (open or shared)" do + let(:conn) do + Y2Network::ConnectionConfig::Wireless.new.tap do |c| + c.startmode = Y2Network::Startmode.create("auto") + c.bootproto = Y2Network::BootProtocol::STATIC + c.mode = "managed" + c.auth_mode = "shared" + c.keys = ["123456", "s:abcdef"] + c.key_length = 128 + c.default_key = 1 + end + end + + it "sets specific WEP wireless security attributes" do + handler.write(conn) + expect(file.wifi_security["auth-alg"]).to eql("shared") + expect(file.wifi_security["wep-tx-keyidx"]).to eql("1") + expect(file.wifi_security["wep-key1"]).to eql("abcdef") + expect(file.wifi_security["wep-key-type"]).to eql("1") + conn.auth_mode = :open + handler.write(conn) + expect(file.wifi_security["auth-alg"]).to eql("open") + end + end + + context "when configuring with WPA-PSK authentication" do let(:conn) do Y2Network::ConnectionConfig::Wireless.new.tap do |c| c.startmode = Y2Network::Startmode.create("auto") @@ -62,11 +94,123 @@ end end - it "sets specific WPA-PSK attributes" do + it "sets specific WPA-PSK wireless security attributes" do handler.write(conn) expect(file.wifi_security["key-mgmt"]).to eql("wpa-psk") expect(file.wifi_security["psk"]).to eql("example_psk") end end + + context "when configuring with WPA-EAP authentication" do + let(:server_cert) { "/etc/raddb/certs/server.crt" } + let(:client_cert) { "/etc/raddb/certs/client.crt" } + let(:client_key) { "/etc/raddb/certs/client.key" } + let(:client_key_password) { "whatever" } + let(:eap_mode) { "PEAP" } + let(:section_802_1x) { file.section_for("802-1x") } + + let(:conn) do + Y2Network::ConnectionConfig::Wireless.new.tap do |c| + c.startmode = Y2Network::Startmode.create("auto") + c.bootproto = Y2Network::BootProtocol::DHCP + c.mode = "managed" + c.auth_mode = "eap" + c.eap_mode = eap_mode + c.wpa_identity = "user@example.com" + c.wpa_password = "testing123" + c.wpa_anonymous_identity = "anonymous@example.com" + end + end + + it "sets specific WPA-EAP wireless security attributes" do + handler.write(conn) + expect(file.wifi_security["key-mgmt"]).to eql("wpa-eap") + expect(section_802_1x["eap"]).to_not be_nil + end + + context "using PEAP eap mode" do + it "sets the the eap mode to 'peap'" do + handler.write(conn) + expect(section_802_1x["eap"]).to eql("peap") + end + + it "sets the identity and password" do + handler.write(conn) + expect(section_802_1x["identity"]).to eql("user@example.com") + expect(section_802_1x["password"]).to eql("testing123") + end + + context "when defined a server certificate" do + it "sets it" do + conn.ca_cert = server_cert + handler.write(conn) + expect(section_802_1x["ca-cert"]).to eql(server_cert) + end + end + end + + context "using TLS eap mode" do + let(:eap_mode) { "TLS" } + before do + conn.client_key = client_key + conn.client_key_password = client_key_password + conn.client_cert = client_cert + conn.ca_cert = server_cert + end + + it "sets the the eap mode to 'tls'" do + handler.write(conn) + expect(section_802_1x["eap"]).to eql("tls") + end + + it "sets the identity" do + handler.write(conn) + expect(section_802_1x["identity"]).to eql("user@example.com") + end + + it "sets the client key, client key password and client certificate" do + handler.write(conn) + expect(section_802_1x["client-cert"]).to eql(client_cert) + expect(section_802_1x["private-key"]).to eql(client_key) + expect(section_802_1x["private-key-password"]).to eql(client_key_password) + end + + context "when defined a server certificate" do + it "sets it" do + conn.ca_cert = server_cert + handler.write(conn) + expect(section_802_1x["ca-cert"]).to eql(server_cert) + end + end + end + + context "using TTLS eap mode" do + let(:eap_mode) { "TTLS" } + + before do + conn.ca_cert = server_cert + end + + it "sets the the eap mode to 'tls'" do + handler.write(conn) + expect(section_802_1x["eap"]).to eql("ttls") + end + + it "sets the identity, anonymous identity and password" do + handler.write(conn) + expect(section_802_1x["identity"]).to eql("user@example.com") + expect(section_802_1x["anonymous-identity"]).to eql("anonymous@example.com") + expect(section_802_1x["password"]).to eql("testing123") + end + + context "when defined a server certificate" do + it "sets it" do + conn.ca_cert = server_cert + handler.write(conn) + expect(section_802_1x["ca-cert"]).to eql(server_cert) + end + end + end + end end end From d27f9660d99cd6c724252b2fd7f8b51c01530448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Fri, 29 Jan 2021 16:04:12 +0000 Subject: [PATCH 11/13] Bump version & changelog --- package/yast2-network.changes | 8 ++++++++ package/yast2-network.spec | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/package/yast2-network.changes b/package/yast2-network.changes index a8f48121a..fbdb6bfd6 100644 --- a/package/yast2-network.changes +++ b/package/yast2-network.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Jan 29 15:56:44 UTC 2021 - Knut Anderssen + +- Improved the NetworkManager wireless configuration writers adding + support for writing WPA-EAP and open WEP authentication modes. +- 4.3.42 + + ------------------------------------------------------------------- Tue Jan 26 11:23:33 UTC 2021 - Imobach Gonzalez Sosa diff --git a/package/yast2-network.spec b/package/yast2-network.spec index 9f8b1868b..7ae70edef 100644 --- a/package/yast2-network.spec +++ b/package/yast2-network.spec @@ -17,7 +17,7 @@ Name: yast2-network -Version: 4.3.41 +Version: 4.3.42 Release: 0 Summary: YaST2 - Network Configuration License: GPL-2.0-only From 4be077e2bea0f85c69e2e03e4e466f1573e87023 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Fri, 29 Jan 2021 16:46:27 +0000 Subject: [PATCH 12/13] Adapted based on CR --- .../y2network/connection_config/wireless.rb | 7 +++++++ .../connection_config_writers/wireless.rb | 7 +++---- .../connection_config/wireless_test.rb | 19 +++++++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/lib/y2network/connection_config/wireless.rb b/src/lib/y2network/connection_config/wireless.rb index 7beeb1eef..2481503cf 100644 --- a/src/lib/y2network/connection_config/wireless.rb +++ b/src/lib/y2network/connection_config/wireless.rb @@ -111,6 +111,13 @@ def ==(other) def mode=(wireless_mode) @mode = wireless_mode.to_s.downcase end + + # Convenience method to check whether there are some WEP key defined + # + # @return [Boolean] return true if there is at least one not empty key + def keys? + !(keys || []).compact.all?(&:empty?) + end end end end diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 876d4e490..6672f230d 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -51,7 +51,7 @@ def update_file(conn) # @see #write_shared_auth_settings def write_auth_settings(conn) auth_mode = conn.auth_mode || :open - meth = "write_#{auth_mode}_auth_settings".to_sym + meth = "write_#{auth_mode}_auth_settings" send(meth, conn) if respond_to?(meth, true) end @@ -59,7 +59,6 @@ def write_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_eap_auth_settings(conn) - # FIXME: incomplete file.wifi_security["key-mgmt"] = "wpa-eap" section = file.section_for("802-1x") @@ -110,7 +109,7 @@ def write_wep_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_open_auth_settings(conn) - return if (conn.keys || []).compact.all?(&:empty?) + return if !conn.keys? file.wifi_security["auth-alg"] = "open" write_wep_auth_settings(conn) @@ -120,7 +119,7 @@ def write_open_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_shared_auth_settings(conn) - return if (conn.keys || []).compact.all?(&:empty?) + return if !conn.keys? file.wifi_security["auth-alg"] = "shared" write_wep_auth_settings(conn) diff --git a/test/y2network/connection_config/wireless_test.rb b/test/y2network/connection_config/wireless_test.rb index 8f18c7f4f..4b633a073 100644 --- a/test/y2network/connection_config/wireless_test.rb +++ b/test/y2network/connection_config/wireless_test.rb @@ -29,4 +29,23 @@ expect(config.type).to eq(Y2Network::InterfaceType::WIRELESS) end end + + describe "#keys?" do + let(:keys) { [nil, nil, nil, ""] } + before { config.keys = keys } + + context "when the connection has not defined any WEP key" do + it "returns false" do + expect(config.keys?).to eql(false) + end + end + + context "when the connection has defined at least one WEP key" do + let(:keys) { ["0123456789", nil, nil, ""] } + + it "returns true" do + expect(config.keys?).to eql(true) + end + end + end end From d430905f988ad0ee21a326914c0ac17d0c7f6d7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Knut=20Alejandro=20Anderssen=20Gonz=C3=A1lez?= Date: Fri, 29 Jan 2021 16:56:45 +0000 Subject: [PATCH 13/13] Cosmetic change :P --- .../network_manager/connection_config_writers/wireless.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb index 6672f230d..dee85ea28 100644 --- a/src/lib/y2network/network_manager/connection_config_writers/wireless.rb +++ b/src/lib/y2network/network_manager/connection_config_writers/wireless.rb @@ -109,7 +109,7 @@ def write_wep_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_open_auth_settings(conn) - return if !conn.keys? + return unless conn.keys? file.wifi_security["auth-alg"] = "open" write_wep_auth_settings(conn) @@ -119,7 +119,7 @@ def write_open_auth_settings(conn) # # @param conn [Y2Network::ConnectionConfig::Base] Configuration to write def write_shared_auth_settings(conn) - return if !conn.keys? + return unless conn.keys? file.wifi_security["auth-alg"] = "shared" write_wep_auth_settings(conn)