[airos] updated aaa section configuration

many functions are now splitted for the interface mode and can be found
in the radius module or the aaa module

Author: edoput

netjsonconfig/backends/airos/aaa.py

@@ -2,21 +2,25 @@
 
 
 def ap_none(interface):
+    """
+    Returns the configuration for ``aaa``
+    when in ``access_point`` mode without authentication
+    """
     return {}
 
 
 def ap_psk(interface):
+    """
+    Returns the configuration for ``aaa``
+    when in ``access_point`` mode with psk authentication
+    """
     result = {
         'devname': radio(interface),
         'driver': 'madwifi',
         'ssid': ssid(interface),
         'wpa': {
             '1.pairwise': 'CCMP',
-            'key': [
-                {
-                    'mgmt': 'WPA-PSK',
-                }
-            ],
+            'key': [{'mgmt': 'WPA-PSK'}],
             'mode': 2,
             'psk': psk(interface),
         }
@@ -25,14 +29,35 @@ def ap_psk(interface):
 
 
 def ap_eap(interface):
-    return {}
+    """
+    Return the configuration for ``aaa``
+    when in ``access_point`` mode with eap authentication
+    """
+    return {
+        'devname': radio(interface),
+        'driver': 'madwifi',
+        'ssid': ssid(interface),
+        'wpa': {
+            '1.pairwise': 'CCMP',
+            'key': [{'mgmt': 'WPA-EAP'}],
+            'mode': 2,
+        },
+    }
 
 
 def sta_none(interface):
+    """
+    Return the configuration for ``aaa``
+    when in station mode without authentication
+    """
     return {}
 
 
 def sta_psk(interface):
+    """
+    Return the configuration for ``aaa``
+    when in station mode with psk authentication
+    """
     return {
         'wpa': {
             'psk': psk(interface),
@@ -41,6 +66,10 @@ def sta_psk(interface):
 
 
 def sta_eap(interface):
+    """
+    Return the configuration for ``aaa``
+    when in station mode with eap authentication
+    """
     return {}
 
 
@@ -61,6 +90,9 @@ def sta_eap(interface):
 
 
 def profile_from_interface(interface):
+    """
+    Returns the ``aaa`` configuration for interface
+    """
     profile = _profile.copy()
     profile.update(
             _profile_from_mode[mode(interface)][protocol(interface)](interface)
@@ -79,7 +111,7 @@ def profile_from_interface(interface):
             'status': 'enabled',
         },
         'wpa2_enterprise': {
-            'status': '',
+            'status': 'enabled',
         },
     },
     'station': {
@@ -90,13 +122,16 @@ def profile_from_interface(interface):
             'status': 'disabled',
         },
         'wpa2_enterprise': {
-            'status': '',
+            'status': 'disabled',
         },
     }
 }
 
 
 def status_from_interface(interface):
+    """
+    Returns ``aaa.status`` from interface
+    """
     status = _status.copy()
     status.update(
             _status_from_mode[mode(interface)][protocol(interface)]
@@ -106,12 +141,12 @@ def status_from_interface(interface):
 
 def bridge_devname(wireless_interface, bridge_interface):
     """
-    when in ``access_point`` with ``wpa2_personal`` authentication set also the
+    when in ``access_point`` with authentication set also the
     bridge interface name
 
     TODO: check if in ``netmode=router`` this happens again
     """
-    if mode(wireless_interface) == 'access_point' and protocol(wireless_interface) == 'wpa2_personal':
+    if mode(wireless_interface) == 'access_point' and protocol(wireless_interface) != 'none':
         return {
             'br': {
                 'devname': bridge_interface['name'],

netjsonconfig/backends/airos/converters.py

@@ -51,11 +51,6 @@ def wireless(self):
         """
         return wireless(get_copy(self.netjson, 'interfaces', []))
 
-    @property
-    def radius(self):
-        original = get_copy(self.netjson, 'radius', {})
-        return original
-
     def to_intermediate(self):
         base = {}
         result = []

netjsonconfig/backends/airos/radius.py

@@ -1,59 +1,109 @@
-from .interface import mode, protocol
+from .interface import encryption, mode, protocol
 
-_radius = {
-    'radius': {
-        'acct': [
-            {
-                'port': 1813,
-                'status': 'disabled',
-            }
-        ],
-        'auth': [
-            {
-                'port': 1812,
-            },
-        ],
-    },
-    'status': 'disabled',
+def ap_authentication(interface):
+    """
+    Returns the ``radius.auth`` dict for ``access_point`` interface
+    """
+    result = {}
+    proto = protocol(interface)
+    if proto == 'wpa2_personal':
+        result.update({
+            'status': 'disabled',
+        })
+    elif proto == 'wpa2_enterprise':
+        enc = encryption(interface)
+        result.update({
+            'ip': enc.get('server', ''),
+            'port': enc.get('port', 1812),
+            'secret': enc.get('key',''),
+            'status': 'enabled',
+        })
+    return result
+
+
+def sta_authentication(interface):
+    """
+    Returns the ``radius.auth`` dict for ``station`` interface
+    """
+    result = {}
+    return result
+
+
+_authentication_from_mode = {
+    'access_point': ap_authentication,
+    'station': sta_authentication,
 }
 
-_radius_from_mode = {
-    'access_point': {
-        'none': {},
-        'wpa2_personal': {
-            'radius': {
-                'auth': [{
-                    'port': 1812,
-                    'status': 'disabled',
-                }],
-                'acct': [
-                    {
-                        'port': 1813,
-                        'status': 'disabled',
-                    }
-                ],
-                'macacl': {
-                    'status': 'disabled',
-                },
-            },
-            'status': 'enabled',
-        },
-        'wpa2_enterprise': {},
-    },
-    'station': {
-        'none': {},
-        'wpa2_personal': {},
-        'wpa2_enterprise': {},
+
+def authentication(interface):
+    """
+    returns the ``radius.auth`` dict
+    """
+    result = {
+        'port': 1812,
     }
+    mod = mode(interface)
+    result.update(_authentication_from_mode[mode(interface)](interface))
+    return result
+
+
+def ap_accounting(interface):
+    result = {}
+    if protocol(interface) == 'wpa2_enterprise':
+        enc = encryption(interface)
+        result.update({
+            'port': enc.get('acct_server_port', 1813),
+            'ip': enc.get('acct_server', ''),
+            'status': 'enabled',
+        })
+    return result
+
+def sta_accounting(interface):
+    return {}
+
+
+_accounting_from_mode = {
+    'access_point': ap_accounting,
+    'station': sta_accounting,
 }
 
 
+def accounting(interface):
+    """
+    Returns the ``radius.acct`` dict
+    """
+    result = {
+        'port': 1813,
+        'status': 'disabled',
+    }
+    result.update(_accounting_from_mode[mode(interface)](interface))
+    return result
+
+
+
 def radius_from_interface(interface):
-    radius = _radius.copy()
-    radius.update(
-            _radius_from_mode[mode(interface)][protocol(interface)]
-    )
-    return radius
+    """
+    Return the ``radius`` configuration for
+    section ``aaa``
+    """
+    result = {
+        'radius': {
+            'auth': [
+                authentication(interface),
+            ],
+            'acct': [
+                accounting(interface),
+            ],
+        }
+    }
+    if protocol(interface) != 'none' and mode(interface) != 'station':
+        result['radius'].update({
+            'macacl': {
+                'status': 'disabled',
+            },
+        })
+
+    return result
 
 
 __all__ = [