networking is done (probably)
This commit is contained in:
parent
edc78ea18e
commit
7bd704b284
42
aif.xsd
42
aif.xsd
@ -422,40 +422,27 @@
|
|||||||
</xs:restriction>
|
</xs:restriction>
|
||||||
</xs:simpleType>
|
</xs:simpleType>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
<!-- "mode" only valid for WPA/WPA2 (and maybe WPA3 once supported?) -->
|
<!-- only valid for WPA/WPA2 (and maybe WPA3 once supported?) -->
|
||||||
<xs:element name="mode" minOccurs="0" maxOccurs="1" default="personal">
|
|
||||||
<xs:simpleType>
|
|
||||||
<xs:restriction base="xs:token">
|
|
||||||
<!-- PSK -->
|
|
||||||
<xs:enumeration value="personal"/>
|
|
||||||
<!-- RADIUS, etc. -->
|
|
||||||
<!-- <xs:enumeration value="enterprise"/> -->
|
|
||||||
<xs:whiteSpace value="collapse"/>
|
|
||||||
</xs:restriction>
|
|
||||||
</xs:simpleType>
|
|
||||||
</xs:element>
|
|
||||||
<xs:element name="creds" minOccurs="1" maxOccurs="1">
|
<xs:element name="creds" minOccurs="1" maxOccurs="1">
|
||||||
|
<xs:complexType>
|
||||||
|
<xs:choice minOccurs="1" maxOccurs="1">
|
||||||
|
<!-- "personal" -->
|
||||||
|
<xs:element name="psk">
|
||||||
<xs:complexType>
|
<xs:complexType>
|
||||||
<xs:simpleContent>
|
<xs:simpleContent>
|
||||||
<xs:extension base="xs:token">
|
<xs:extension base="xs:string">
|
||||||
<xs:attribute name="type" use="optional" default="psk">
|
<!-- a key can be generated via "wpa_passphrase <ssid> <passphrase>" -->
|
||||||
<!-- TODO: change this to sub-elements. <psk> or a <radius> thinger. -->
|
<!-- or via genPSK.py in extras/ -->
|
||||||
<!-- <psk raw="false">PSK_HERE</psk> -->
|
<xs:attribute name="isKey" type="xs:boolean" use="optional" default="false"/>
|
||||||
<!-- or e.g. wpa_passphrase test testingpsk -->
|
|
||||||
<!-- <psk raw="true">
|
|
||||||
124153ff24015a16d1993323b1840f3e6309ae24c07df7007d9fff8cff22f74c
|
|
||||||
</psk> -->
|
|
||||||
<xs:simpleType>
|
|
||||||
<xs:restriction base="xs:token">
|
|
||||||
<xs:enumeration value="psk"/>
|
|
||||||
<!-- <xs:enumeration value="radius"/> -->
|
|
||||||
</xs:restriction>
|
|
||||||
</xs:simpleType>
|
|
||||||
</xs:attribute>
|
|
||||||
</xs:extension>
|
</xs:extension>
|
||||||
</xs:simpleContent>
|
</xs:simpleContent>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
</xs:element>
|
</xs:element>
|
||||||
|
<!-- TODO -->
|
||||||
|
<!-- <xs:element name="enterprise"></xs:element> -->
|
||||||
|
</xs:choice>
|
||||||
|
</xs:complexType>
|
||||||
|
</xs:element>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
|
|
||||||
@ -465,6 +452,7 @@
|
|||||||
<xs:sequence>
|
<xs:sequence>
|
||||||
<xs:element name="encryption" type="aif:t_wifi_crypto" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="encryption" type="aif:t_wifi_crypto" minOccurs="0" maxOccurs="1"/>
|
||||||
</xs:sequence>
|
</xs:sequence>
|
||||||
|
<!-- TODO: SSID needs to support unicode chars in both XML(/XSD type=?) and python -->
|
||||||
<xs:attribute name="essid" type="xs:string" use="required"/>
|
<xs:attribute name="essid" type="xs:string" use="required"/>
|
||||||
<xs:attribute name="bssid" type="aif:t_mac_addr" use="optional"/>
|
<xs:attribute name="bssid" type="aif:t_mac_addr" use="optional"/>
|
||||||
<xs:attribute name="hidden" type="xs:boolean" use="optional" default="false"/>
|
<xs:attribute name="hidden" type="xs:boolean" use="optional" default="false"/>
|
||||||
|
@ -65,22 +65,29 @@ def convertPSK(ssid, passphrase):
|
|||||||
|
|
||||||
|
|
||||||
def convertWifiCrypto(crypto_xmlobj, ssid):
|
def convertWifiCrypto(crypto_xmlobj, ssid):
|
||||||
crypto = {'type': crypto_xmlobj.find('type').text.strip()}
|
crypto = {'type': crypto_xmlobj.find('type').text.strip(),
|
||||||
|
'auth': {}}
|
||||||
|
creds_xml = crypto_xmlobj.xpath('psk|enterprise')[0]
|
||||||
# if crypto['type'] in ('wpa', 'wpa2', 'wpa3'):
|
# if crypto['type'] in ('wpa', 'wpa2', 'wpa3'):
|
||||||
if crypto['type'] in ('wpa', 'wpa2'):
|
if crypto['type'] in ('wpa', 'wpa2'):
|
||||||
crypto['mode'] = crypto_xmlobj.find('mode')
|
crypto['mode'] = creds_xml.tag
|
||||||
if not crypto['mode']:
|
if crypto['mode'] == 'psk':
|
||||||
crypto['mode'] = 'personal'
|
crypto['mode'] = 'personal'
|
||||||
else:
|
|
||||||
crypto['mode'] = crypto['mode'].text.strip()
|
|
||||||
else:
|
else:
|
||||||
crypto['mode'] = None
|
crypto['mode'] = None
|
||||||
creds = crypto_xmlobj.find('creds')
|
if crypto['mode'] == 'personal':
|
||||||
crypto['auth'] = {'type': creds.attrib.get('type', 'psk').strip()}
|
psk_xml = creds_xml.find('psk')
|
||||||
if crypto['auth']['type'] == 'psk':
|
if aif.utils.xmlBool(psk_xml.attrib.get('isKey', 'false')):
|
||||||
crypto['auth']['passphrase'] = creds.text.strip('\r').strip('\n')
|
try:
|
||||||
crypto['auth']['psk'] = convertPSK(ssid, creds.text)
|
crypto['auth']['passphrase'] = psk_xml.text.strip('\r').strip('\n')
|
||||||
|
except UnicodeDecodeError:
|
||||||
|
raise ValueError('WPA-PSK passphrases must be ASCII')
|
||||||
|
crypto['auth']['psk'] = convertPSK(ssid, crypto['auth']['passphrase'])
|
||||||
|
else:
|
||||||
|
crypto['auth']['psk'] = psk_xml.text.strip().lower()
|
||||||
# TODO: enterprise support
|
# TODO: enterprise support
|
||||||
|
# elif crypto['mode'] == 'enterprise':
|
||||||
|
# pass
|
||||||
return(crypto)
|
return(crypto)
|
||||||
|
|
||||||
|
|
||||||
@ -230,7 +237,7 @@ class BaseConnection(object):
|
|||||||
self.routes[addrtype].append(addrset)
|
self.routes[addrtype].append(addrset)
|
||||||
return()
|
return()
|
||||||
|
|
||||||
def _writeConnCfg(self, chroot_base = None):
|
def _writeConnCfg(self, chroot_base):
|
||||||
# Dummy method.
|
# Dummy method.
|
||||||
pass
|
pass
|
||||||
return()
|
return()
|
||||||
|
@ -34,7 +34,9 @@ class Network(object):
|
|||||||
fh.write('{0}\n'.format(self.hostname))
|
fh.write('{0}\n'.format(self.hostname))
|
||||||
os.chown(cfg, 0, 0)
|
os.chown(cfg, 0, 0)
|
||||||
os.chmod(cfg, 0o0644)
|
os.chmod(cfg, 0o0644)
|
||||||
# TODO: symlinks for systemd for provider
|
for iface in self.connections:
|
||||||
# TODO: writeConf for provider
|
for src, dest in iface.services.items():
|
||||||
|
realdest = os.path.join(chroot_base, dest)
|
||||||
|
os.symlink(src, realdest)
|
||||||
|
iface.writeConf(chroot_base)
|
||||||
return()
|
return()
|
||||||
|
@ -128,7 +128,7 @@ class Wireless(Connection):
|
|||||||
self._initCfg()
|
self._initCfg()
|
||||||
|
|
||||||
def _initConnCfg(self):
|
def _initConnCfg(self):
|
||||||
self._wpasupp['ssid'] = self.xml.attrib['essid']
|
self._wpasupp['ssid'] = '"{0}"'.format(self.xml.attrib['essid'])
|
||||||
hidden = aif.utils.xmlBool(self.xml.attrib.get('hidden', 'false'))
|
hidden = aif.utils.xmlBool(self.xml.attrib.get('hidden', 'false'))
|
||||||
if hidden:
|
if hidden:
|
||||||
self._wpasupp['scan_ssid'] = 1
|
self._wpasupp['scan_ssid'] = 1
|
||||||
@ -138,20 +138,33 @@ class Wireless(Connection):
|
|||||||
bssid = None
|
bssid = None
|
||||||
if bssid:
|
if bssid:
|
||||||
bssid = aif.network._common.canonizeEUI(bssid)
|
bssid = aif.network._common.canonizeEUI(bssid)
|
||||||
self._cfg['BASE']['AP'] = bssid
|
self._wpasupp['bssid'] = bssid
|
||||||
|
self._wpasupp['bssid_whitelist'] = bssid
|
||||||
crypto = self.xml.find('encryption')
|
crypto = self.xml.find('encryption')
|
||||||
if crypto:
|
if crypto:
|
||||||
crypto = aif.network._common.convertWifiCrypto(crypto, self._cfg['BASE']['ESSID'])
|
crypto = aif.network._common.convertWifiCrypto(crypto, self._cfg['BASE']['ESSID'])
|
||||||
# if crypto['type'] in ('wpa', 'wpa2', 'wpa3'):
|
# if crypto['type'] in ('wpa', 'wpa2', 'wpa3'):
|
||||||
if crypto['type'] in ('wpa', 'wpa2'):
|
|
||||||
# TODO: WPA2 enterprise
|
# TODO: WPA2 enterprise
|
||||||
self._cfg['BASE']['Security'] = 'wpa'
|
|
||||||
# if crypto['type'] in ('wep', 'wpa', 'wpa2', 'wpa3'):
|
|
||||||
if crypto['type'] in ('wpa', 'wpa2'):
|
if crypto['type'] in ('wpa', 'wpa2'):
|
||||||
self._cfg['BASE']['Key'] = crypto['auth']['psk']
|
self._wpasupp['psk'] = crypto['auth']['psk']
|
||||||
|
else:
|
||||||
|
self._wpasupp['key_mgmt'] = 'NONE'
|
||||||
|
self.wpasupp_tpl = self.j2_env.get_template('wpa_supplicant.conf.j2')
|
||||||
|
self.services[('/usr/lib/systemd/system/wpa_supplicant@.service')] = ('etc/systemd/'
|
||||||
|
'system/'
|
||||||
|
'multi-user.target.wants/'
|
||||||
|
'wpa_supplicant@'
|
||||||
|
'{0}.service').format(self.device)
|
||||||
return()
|
return()
|
||||||
|
|
||||||
def _writeConnCfg(self, chroot_base):
|
def _writeConnCfg(self, chroot_base):
|
||||||
cfgroot = os.path.join(chroot_base, 'etc', 'wpa_supplicant')
|
cfgroot = os.path.join(chroot_base, 'etc', 'wpa_supplicant')
|
||||||
cfgbase = os.path.join(cfgroot, 'wpa_supplicant.conf')
|
cfgfile = os.path.join(cfgroot, 'wpa_supplicant-{0}.conf'.format(self.device))
|
||||||
cfgfile = os.path.join(cfgroot, self.id)
|
os.makedirs(cfgroot, exist_ok = True)
|
||||||
|
os.chown(cfgroot, 0, 0)
|
||||||
|
os.chmod(cfgroot, 0o0755)
|
||||||
|
with open(cfgfile, 'w') as fh:
|
||||||
|
fh.write(self.wpasupp_tpl.render(wpa = self._wpasupp))
|
||||||
|
os.chown(cfgfile, 0, 0)
|
||||||
|
os.chmod(cfgfile, 0o0640)
|
||||||
|
return()
|
||||||
|
9
aif/network/wpa_supplicant.conf.j2
Normal file
9
aif/network/wpa_supplicant.conf.j2
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Generated by AIF-NG.
|
||||||
|
ctrl_interface=/run/wpa_supplicant
|
||||||
|
update_config=1
|
||||||
|
|
||||||
|
network={
|
||||||
|
{%- for k, v in wpa.items() %}
|
||||||
|
{{ k }}={{ v }}
|
||||||
|
{%- endfor %}
|
||||||
|
}
|
@ -150,12 +150,15 @@
|
|||||||
<ipv4 auto="true"/>
|
<ipv4 auto="true"/>
|
||||||
</addresses>
|
</addresses>
|
||||||
<routes>
|
<routes>
|
||||||
<ipv6 defaultGateway="true" auto="true"/>
|
<ipv6 auto="true"/>
|
||||||
</routes>
|
</routes>
|
||||||
<encryption>
|
<encryption>
|
||||||
<type>wpa2</type>
|
<type>wpa2</type>
|
||||||
<mode>personal</mode>
|
<creds>
|
||||||
<creds type="psk">ABadWiFiPassword</creds>
|
<psk isKey="false">ABadWiFiPassword</psk>
|
||||||
|
<!-- Or the key itself. See the manual for ways to generate this. -->
|
||||||
|
<!-- <psk isKey="true">ca8981cbe55374c7408af0174604588111b4611832969f87fc5604fe4c36365c</psk> -->
|
||||||
|
</creds>
|
||||||
</encryption>
|
</encryption>
|
||||||
</wireless>
|
</wireless>
|
||||||
</network>
|
</network>
|
||||||
|
Loading…
Reference in New Issue
Block a user