Start splitting supplicant logic
This commit is contained in:
		
							parent
							
								
									7c6fac34a0
								
							
						
					
					
						commit
						09a00a2594
					
				
					 6 changed files with 200 additions and 38 deletions
				
			
		|  | @ -61,7 +61,7 @@ final class GenDuid extends Command | ||||||
|         return implode(':', $bytes); |         return implode(':', $bytes); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     private function getInstructions($id): string |     private function getInstructions(string $id): string | ||||||
|     { |     { | ||||||
|         return <<<EOF |         return <<<EOF | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -8,6 +8,7 @@ use Pfatt\Service\Config; | ||||||
| use Pfatt\Service\IfConfig; | use Pfatt\Service\IfConfig; | ||||||
| use Pfatt\Service\KldLoad; | use Pfatt\Service\KldLoad; | ||||||
| use Pfatt\Service\NgCtl; | use Pfatt\Service\NgCtl; | ||||||
|  | use Pfatt\Service\WpaCli; | ||||||
| use Psr\Log\LoggerInterface; | use Psr\Log\LoggerInterface; | ||||||
| use Symfony\Component\Console\Command\Command; | use Symfony\Component\Console\Command\Command; | ||||||
| use Symfony\Component\Console\Input\InputInterface; | use Symfony\Component\Console\Input\InputInterface; | ||||||
|  | @ -18,18 +19,20 @@ final class Startup extends Command | ||||||
| { | { | ||||||
|     protected static $defaultName = 'startup'; |     protected static $defaultName = 'startup'; | ||||||
|     protected static $defaultDescription = 'Start netgraph connetion'; |     protected static $defaultDescription = 'Start netgraph connetion'; | ||||||
|     protected Config $config; |     private Config $config; | ||||||
|     protected LoggerInterface $logger; |     private LoggerInterface $logger; | ||||||
|     protected NgCtl $ngControl; |     private NgCtl $ngControl; | ||||||
|     private IfConfig $ifConfig; |     private IfConfig $ifConfig; | ||||||
|     private KldLoad $kldLoad; |     private KldLoad $kldLoad; | ||||||
|  |     private WpaCli $wpaCli; | ||||||
| 
 | 
 | ||||||
|     public function __construct( |     public function __construct( | ||||||
|         Config $config, |         Config $config, | ||||||
|         LoggerInterface $logger, |         LoggerInterface $logger, | ||||||
|         NgCtl $ngControl, |         NgCtl $ngControl, | ||||||
|         IfConfig $ifConfig, |         IfConfig $ifConfig, | ||||||
|         KldLoad $kldLoad |         KldLoad $kldLoad, | ||||||
|  |         WpaCli $wpaCli | ||||||
|     ) { |     ) { | ||||||
|         parent::__construct('startup'); |         parent::__construct('startup'); | ||||||
|         $this->config = $config; |         $this->config = $config; | ||||||
|  | @ -37,6 +40,7 @@ final class Startup extends Command | ||||||
|         $this->ngControl = $ngControl; |         $this->ngControl = $ngControl; | ||||||
|         $this->ifConfig = $ifConfig; |         $this->ifConfig = $ifConfig; | ||||||
|         $this->kldLoad = $kldLoad; |         $this->kldLoad = $kldLoad; | ||||||
|  |         $this->wpaCli = $wpaCli; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|  | @ -74,6 +78,19 @@ final class Startup extends Command | ||||||
|                 $this->logger->info('OK!'); |                 $this->logger->info('OK!'); | ||||||
|                 break; |                 break; | ||||||
|         } |         } | ||||||
|  |         if ($this->config->getAuthMode() === 'bridge') { | ||||||
|  |             $this->setupBridge(); | ||||||
|  |         } | ||||||
|  |         else { | ||||||
|  |             $this->setupSupplicant(); | ||||||
|  |         } | ||||||
|  |         $this->logger->info("ngeth0 should now be available to configure as your pfSense WAN"); | ||||||
|  |         $this->logger->info("Done"); | ||||||
|  |         return Command::SUCCESS; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     private function setupBridge(): void | ||||||
|  |     { | ||||||
|         $this->ngControl->createBridge( |         $this->ngControl->createBridge( | ||||||
|             $this->config->getOntInterface(), |             $this->config->getOntInterface(), | ||||||
|             $this->config->getRgInterface(), |             $this->config->getRgInterface(), | ||||||
|  | @ -83,9 +100,34 @@ final class Startup extends Command | ||||||
|             $this->config->getOntInterface(), |             $this->config->getOntInterface(), | ||||||
|             $this->config->getRgInterface() |             $this->config->getRgInterface() | ||||||
|         ); |         ); | ||||||
|         $this->logger->info("ngeth0 should now be available to configure as your pfSense WAN"); |     } | ||||||
|         $this->logger->info("Done"); | 
 | ||||||
|         return Command::SUCCESS; |     private function setupSupplicant(): void | ||||||
|  |     { | ||||||
|  |         $this->ngControl->setupWpaSupplicant( | ||||||
|  |             $this->config->getOntInterface(), | ||||||
|  |             $this->config->getRgInterface(), | ||||||
|  |             $this->config->getRgEthernetMac() | ||||||
|  |         ); | ||||||
|  |         $this->ifConfig->start( | ||||||
|  |             $this->config->getOntInterface() | ||||||
|  |         ); | ||||||
|  |         // @todo startup wpa_supplicant
 | ||||||
|  |         $this->wpaCli->configureSupplicant($this->config->getRgEthernetMac()); | ||||||
|  |         // TODO do supplicant things. So many things.
 | ||||||
|  |         $this->logger->notice('Waiting for EAP authorization...'); | ||||||
|  |         while ($this->wpaCli->status() !== 'Authorized') { | ||||||
|  |             sleep(1); | ||||||
|  |         } | ||||||
|  |         $this->logger->notice('EAP authorization completed'); | ||||||
|  |         $ip = $this->ifConfig->getIp('ngeth0'); | ||||||
|  |         if ($ip === '0.0.0.0') { | ||||||
|  |             // @todo restart DHCP?
 | ||||||
|  |             // Is this really necessary or dhcpd resolve resolve itself?
 | ||||||
|  |         } | ||||||
|  |         $this->logger->info('IP address is ' . $ip); | ||||||
|  |         $this->logger->info('ngeth0 should now be available to configure as your WAN'); | ||||||
|  | 
 | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|  |  | ||||||
|  | @ -71,4 +71,15 @@ class Config | ||||||
|     { |     { | ||||||
|         return $this->rgEthernetMac; |         return $this->rgEthernetMac; | ||||||
|     } |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Get authorization mode. | ||||||
|  |      * | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getAuthMode(): string | ||||||
|  |     { | ||||||
|  |         // @todo detect the variant to trigger different behaviors.
 | ||||||
|  |         return 'bridge'; | ||||||
|  |     } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -16,23 +16,14 @@ class IfConfig | ||||||
|         $this->logger = $logger; |         $this->logger = $logger; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     public function start(string $ont, string $rg): void |     public function start(string ...$interfaces): void | ||||||
|     { |     { | ||||||
|         $this->logger->info("   enabling $rg interface..."); |         foreach ($interfaces as $interface) { | ||||||
|         $this->exec([$rg, 'up']); |             $this->logger->info("   enabling $interface interface..."); | ||||||
|         $this->logger->info('OK!'); |             $this->exec([$interface, 'up']); | ||||||
| 
 |             $this->exec([$interface, 'promisc']); | ||||||
|         $this->logger->info("   enabling $ont interface..."); |             $this->logger->info('OK!'); | ||||||
|         $this->exec([$ont, 'up"']); |         } | ||||||
|         $this->logger->info('OK!'); |  | ||||||
| 
 |  | ||||||
|         $this->logger->info("   enabling promiscuous mode on $rg..."); |  | ||||||
|         $this->exec([$rg, 'promisc']); |  | ||||||
|         $this->logger->info('OK!'); |  | ||||||
| 
 |  | ||||||
|         $this->logger->info("   enabling promiscuous mode on $ont..."); |  | ||||||
|         $this->exec([$ont, 'promisc']); |  | ||||||
|         $this->logger->info('OK!'); |  | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     public function stop(string $ont, string $rg): void |     public function stop(string $ont, string $rg): void | ||||||
|  | @ -49,9 +40,21 @@ class IfConfig | ||||||
|      * @return bool |      * @return bool | ||||||
|      *   True on success, false on failure. |      *   True on success, false on failure. | ||||||
|      */ |      */ | ||||||
|     private function exec(array $args): bool |     private function exec(array $args, ?callable $callback = null): bool | ||||||
|     { |     { | ||||||
|         $process = new Process(['/sbin/ifconfig', ...$args], '/tmp'); |         $process = new Process(['/sbin/ifconfig', ...$args], '/tmp'); | ||||||
|         return !$process->run(); |         return !$process->run($callback); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function getIp(string $interface): string | ||||||
|  |     { | ||||||
|  |         $ip = ''; | ||||||
|  |         $this->exec([$interface], function (string $type, string $buffer) use (&$ip) { | ||||||
|  |             if ($type === Process::OUT | ||||||
|  |                 && str_contains($buffer, 'inet ')) { | ||||||
|  |                 [, $ip] = explode(' ', $buffer); | ||||||
|  |             } | ||||||
|  |         }); | ||||||
|  |         return $ip; | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -4,11 +4,10 @@ declare(strict_types=1); | ||||||
| 
 | 
 | ||||||
| namespace Pfatt\Service; | namespace Pfatt\Service; | ||||||
| 
 | 
 | ||||||
| use Psr\Log\LoggerAwareInterface; |  | ||||||
| use Psr\Log\LoggerInterface; | use Psr\Log\LoggerInterface; | ||||||
| use Symfony\Component\Process\Process; | use Symfony\Component\Process\Process; | ||||||
| 
 | 
 | ||||||
| class NgCtl implements LoggerAwareInterface | class NgCtl | ||||||
| { | { | ||||||
|     private LoggerInterface $logger; |     private LoggerInterface $logger; | ||||||
| 
 | 
 | ||||||
|  | @ -42,7 +41,13 @@ class NgCtl implements LoggerAwareInterface | ||||||
|     public function ngConnect(): void |     public function ngConnect(): void | ||||||
|     { |     { | ||||||
|         $this->logger->info('Connecting netgraph node ...'); |         $this->logger->info('Connecting netgraph node ...'); | ||||||
|         $this->exec(['connect', 'waneapfilter:', 'laneapfilter:', 'eapout', 'eapout']) ? |         $this->exec([ | ||||||
|  |             'connect', | ||||||
|  |             'waneapfilter:', | ||||||
|  |             'laneapfilter:', | ||||||
|  |             'eapout', | ||||||
|  |             'eapout' | ||||||
|  |         ]) ? | ||||||
|             $this->logger->info('OK!') : |             $this->logger->info('OK!') : | ||||||
|             $this->logger->error('ERROR!'); |             $this->logger->error('ERROR!'); | ||||||
|     } |     } | ||||||
|  | @ -56,7 +61,6 @@ class NgCtl implements LoggerAwareInterface | ||||||
|      *   Residential Gateway network connection interface. |      *   Residential Gateway network connection interface. | ||||||
|      * @param string $rgMac |      * @param string $rgMac | ||||||
|      *   Residential Gateway MAC address. |      *   Residential Gateway MAC address. | ||||||
|      * @return void |  | ||||||
|      */ |      */ | ||||||
|     public function createBridge(string $ont, string $rg, string $rgMac): void |     public function createBridge(string $ont, string $rg, string $rgMac): void | ||||||
|     { |     { | ||||||
|  | @ -140,6 +144,14 @@ class NgCtl implements LoggerAwareInterface | ||||||
|         $this->logger->info('OK!'); |         $this->logger->info('OK!'); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     /** | ||||||
|  |      * Remove nodes. | ||||||
|  |      * | ||||||
|  |      * @param string $ont | ||||||
|  |      *   ONT network connection interface. | ||||||
|  |      * @param string $rg | ||||||
|  |      *   Residential Gateway network connection interface. | ||||||
|  |      */ | ||||||
|     public function removeNodes(string $ont, string $rg): void |     public function removeNodes(string $ont, string $rg): void | ||||||
|     { |     { | ||||||
|         $this->exec(['shutdown', 'waneapfilter:']); |         $this->exec(['shutdown', 'waneapfilter:']); | ||||||
|  | @ -151,6 +163,30 @@ class NgCtl implements LoggerAwareInterface | ||||||
|         $this->exec(['shutdown', 'ngeth0:']); |         $this->exec(['shutdown', 'ngeth0:']); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     /** | ||||||
|  |      * Setup connections fo WPA supplicant. | ||||||
|  |      * | ||||||
|  |      * @param string $ont | ||||||
|  |      *   ONT network connection interface. | ||||||
|  |      * @param string $rg | ||||||
|  |      *   Residential Gateway network connection interface. | ||||||
|  |      * @param string $rgMac | ||||||
|  |      *   Residential Gateway MAC address. | ||||||
|  |      */ | ||||||
|  |     public function setupWpaSupplicant( | ||||||
|  |         string $ont, | ||||||
|  |         string $rg, | ||||||
|  |         string $rgMac | ||||||
|  |     ): void { | ||||||
|  |         $this->logger->info('Creating vlan node and ngeth0 interface.'); | ||||||
|  |         $this->exec(['mkpeer', $ont . ':', 'vlan', 'lower', 'donstream']); | ||||||
|  |         $this->exec(['name', $ont . ':lower', 'vlan0']); | ||||||
|  |         $this->exec(['mkpeer', 'vlan0:', 'eiface', 'vlan0', 'ether']); | ||||||
|  |         $this->exec(['msg vlan: \'addfilter { vlan=0 hook="vlan0" }']); | ||||||
|  |         $this->exec(['msg', 'ngeth0:', 'set', $rgMac]); | ||||||
|  |         $this->logger->info('OK!'); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     /** |     /** | ||||||
|      * Run a ngctl command. |      * Run a ngctl command. | ||||||
|      * |      * | ||||||
|  | @ -165,12 +201,4 @@ class NgCtl implements LoggerAwareInterface | ||||||
|         $process = new Process(['/usr/sbin/ngctl', ...$args], '/tmp'); |         $process = new Process(['/usr/sbin/ngctl', ...$args], '/tmp'); | ||||||
|         return !$process->run(); |         return !$process->run(); | ||||||
|     } |     } | ||||||
| 
 |  | ||||||
|     /** |  | ||||||
|      * {@inheritDoc} |  | ||||||
|      */ |  | ||||||
|     public function setLogger(LoggerInterface $logger): void |  | ||||||
|     { |  | ||||||
|         $this->logger = $logger; |  | ||||||
|     } |  | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										78
									
								
								src/Service/WpaCli.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										78
									
								
								src/Service/WpaCli.php
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,78 @@ | ||||||
|  | <?php | ||||||
|  | 
 | ||||||
|  | namespace Pfatt\Service; | ||||||
|  | 
 | ||||||
|  | use Symfony\Component\Process\Process; | ||||||
|  | 
 | ||||||
|  | class WpaCli | ||||||
|  | { | ||||||
|  |     const CA_LOCATION = '/conf/pfatt/wpa/ca.pem'; | ||||||
|  |     const CLIENT_CERT_LOCATION = '/conf/pfatt/wpa/client.pem'; | ||||||
|  |     const PRIVATE_KEY_LOCATION = '/conf/pfatt/wpa/private.pem'; | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Setup configuration of wpa_supplicant. | ||||||
|  |      * | ||||||
|  |      * @param string $rgMac | ||||||
|  |      *   Residential Gateway MAC address. | ||||||
|  |      */ | ||||||
|  |     public function configureSupplicant(string $rgMac): void | ||||||
|  |     { | ||||||
|  |         $this->exec(['set', 'eapol_version', '2']); | ||||||
|  |         $this->exec(['set', 'fast_reauth', '1']); | ||||||
|  |         $this->exec(['ap_scan', '0']); | ||||||
|  |         $this->exec(['add_network']); | ||||||
|  |         $this->exec([ | ||||||
|  |             'set_network', | ||||||
|  |             '0', | ||||||
|  |             'ca_cert', | ||||||
|  |             '"' . self::CA_LOCATION . '"' | ||||||
|  |         ]); | ||||||
|  |         $this->exec([ | ||||||
|  |             'set_network', | ||||||
|  |             '0', | ||||||
|  |             'client_cert', | ||||||
|  |             '"' . self::CLIENT_CERT_LOCATION . '"' | ||||||
|  |         ]); | ||||||
|  |         $this->exec(['set_network', '0', 'eap', 'TLS']); | ||||||
|  |         $this->exec(['set_network', '0', 'eapol_flags', '0']); | ||||||
|  |         $this->exec(['set_network', '0', 'identity', '"' . $rgMac . '"']); | ||||||
|  |         $this->exec(['set_network', '0', 'key_mgmt', 'IEEE8021X']); | ||||||
|  |         $this->exec(['set_network', '0', 'phase1', '"allow_canned_success=1"']); | ||||||
|  |         $this->exec([ | ||||||
|  |             'set_network', | ||||||
|  |             '0', | ||||||
|  |             'private_key', | ||||||
|  |             '"' . self::PRIVATE_KEY_LOCATION . '"' | ||||||
|  |         ]); | ||||||
|  |         $this->exec(['enable_network', '0']); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function status(): string | ||||||
|  |     { | ||||||
|  |         $status = ''; | ||||||
|  |         $this->exec(['status'], | ||||||
|  |             function (string $type, string $buffer) use (&$status) { | ||||||
|  |                 if ($type === Process::OUT | ||||||
|  |                     && str_contains($buffer, 'suppPortStatus')) { | ||||||
|  |                     [, $status] = explode('=', $buffer); | ||||||
|  |                 } | ||||||
|  |             }); | ||||||
|  |         return $status; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Run a wpa_cli command. | ||||||
|  |      * | ||||||
|  |      * @param array<int, string> $args | ||||||
|  |      *   Additional arguments to pass to ngctl. | ||||||
|  |      * | ||||||
|  |      * @return bool | ||||||
|  |      *   True on success, false on failure. | ||||||
|  |      */ | ||||||
|  |     private function exec(array $args, ?callable $callback = null): bool | ||||||
|  |     { | ||||||
|  |         $process = new Process(['/usr/sbin/wpa_cli', ...$args], '/tmp'); | ||||||
|  |         return !$process->run($callback); | ||||||
|  |     } | ||||||
|  | } | ||||||
		Loading…
	
		Reference in a new issue
	
	 James Gilliland
						James Gilliland