wireless: support for WPA-EAP authentication

zielmicha · Nov 22, 2016 · 13a8365 · 13a8365
1 parent 0b10bd0
commit 13a8365
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 18 deletions.
diff --git a/examples/eduroam.conf b/examples/eduroam.conf
@@ -0,0 +1,19 @@
+
+link dev wlan0 {
+    wireless_station default {
+        network {
+            ssid eduroam;
+            passphrase XXX;
+
+            identity "foobar@example.com";
+            ca_cert "ca.pem";
+            key_mgmt "WPA-EAP";
+            eap "TTLS";
+            phase2 "auth=PAP";
+
+            domain_suffix_match "tinia.uoks.uj.edu.pl";
+            dhcp {};
+        };
+    };
+
+};
diff --git a/netd/wireless.nim b/netd/wireless.nim
@@ -1,5 +1,5 @@
 # Most complete documentation for wpa_supplicant is example configuration file: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
-import subprocess, conf/ast, strutils, collections/random, os, tables, securehash, options, posix
+import subprocess, conf/ast, strutils, collections/random, os, tables, securehash, options, posix, strutils
 import netd/core, netd/processmanager, netd/link, netd/addr, netd/iproute, netd/main
 import netd/dbuscore, dbus, dbus/def, dbus/lowlevel
 include netd/wirelessconfig

diff --git a/netd/wirelessconfig.nim b/netd/wirelessconfig.nim
@@ -7,23 +7,23 @@ let baseWirelessCommands = SuiteDef(commands: @[
 ], includeSuites: @[linkCommands])
 
 let apWirelessCommands = SuiteDef(commands: @[
-  cmd("keymgmt", singleValueArgDef()),
-  cmd("passphrase", singleValueArgDef()),
+  cmd("key_mgmt", singleValueArgDef()),
 ], includeSuites: @[baseWirelessCommands])
 
-let stationWirelessCommands = SuiteDef(commands: @[
-  cmd("name", singleValueArgDef()),
-  cmd("network", @[suiteArgDef(suiteDef=baseWirelessCommands)]),
-  cmd("passphrase", singleValueArgDef()),
+let stationNetworkWirelessCommands = SuiteDef(commands: @[
   cmd("key_mgmt", singleValueArgDef()),
-  # passthrough
   cmd("anonymous_identity", singleValueArgDef()),
   cmd("identity", singleValueArgDef()),
   cmd("phase2", singleValueArgDef()),
   cmd("eap", singleValueArgDef()),
   cmd("password", singleValueArgDef()),
   cmd("domain_suffix_match", singleValueArgDef()),
   cmd("ca_cert", singleValueArgDef()), # TODO: file
+], includeSuites: @[baseWirelessCommands])
+
+let stationWirelessCommands = SuiteDef(commands: @[
+  cmd("name", singleValueArgDef()),
+  cmd("network", @[suiteArgDef(suiteDef=stationNetworkWirelessCommands)]),
 ])
 
 addressDefCommands.commands.add cmd("wireless_station", @[valueArgDef(name="name"), suiteArgDef(suiteDef=stationWirelessCommands)])

diff --git a/netd/wirelessstation.nim b/netd/wirelessstation.nim
@@ -61,6 +61,12 @@ proc wpaQuote(s: string): string =
     raise newException(ValueError, "bad value")
   return "\"" & s & "\""
 
+proc wpaQuoteRaw(s: string): string =
+  for ch in s:
+    if ch notin Letters and ch notin Digits and ch notin {'-', '_'}:
+      raise newException(ValueError, "bad value")
+  return s
+
 proc configureStation(self: WirelessPlugin, iface: ManagedInterface, config: Suite) =
   # 1. Configure network if connected to any
   let activeConfig = self.stationSubinterface(iface, config)
@@ -95,22 +101,33 @@ proc configureStation(self: WirelessPlugin, iface: ManagedInterface, config: Sui
     let ssid = network.singleValue("ssid").stringValue
     let id_str = iface.abstractName & "/" & ssid
     configStr &= "network={\n"
-    configStr &= "  id_str=\"" & id_str.wpaQuote & "\"\n"
-    configStr &= "  ssid=\"" & ssid.wpaQuote & "\"\n"
+    configStr &= "  id_str=" & id_str.wpaQuote & "\n"
+    configStr &= "  ssid=" & ssid.wpaQuote & "\n"
     let passphrase = network.singleValue("passphrase", required=false).stringValue
+    let keyMgmt = network.singleValue("key_mgmt", required=false).stringValue
+
+    if passphrase == nil and keyMgmt == nil:
+      configStr &= "  key_mgmt=NONE\n"
+
+    if keyMgmt != nil:
+      configStr &= "  key_mgmt=" & keyMgmt.wpaQuoteRaw & " \n"
+
     if passphrase != nil:
-      configStr &= "  psk=\"" & passphrase.wpaQuote & "\"\n"
-    else:
-      let keyMgmt = network.singleValue("key_mgmt", required=false).stringValue
-      if keyMgmt == nil:
-        configStr &= "  key_mgmt=NONE\n"
+      if keyMgmt == "WPA-EAP":
+        configStr &= "  password=" & passphrase.wpaQuote & "\n"
       else:
-        configStr &= "  key_mgmt=" & keyMgmt.wpaQuote & " \n"
+        configStr &= "  psk=" & passphrase.wpaQuote & "\n"
+
+    for key in @["eap"]:
+      let val = network.singleValue(key, required=false).stringValue
+      if val != nil:
+        configStr &= "  " & key & "=" & val.wpaQuoteRaw & "\n"
 
-    for key in @["identity", "anonymous_identity", "phase2", "eap", "password"]:
+    for key in @["identity", "anonymous_identity", "phase2", "password",
+                 "domain_suffix_match", "ca_cert"]:
       let val = network.singleValue(key, required=false).stringValue
       if val != nil:
-        configStr &= "  " & key & "=" & val
+        configStr &= "  " & key & "=" & val.wpaQuote & "\n"
 
     configStr &= "}\n"