scottk/wlan-cloud-opensync-controller
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-opensync-controller.git synced 2025-11-01 19:17:52 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

WIFI-1994: NAS-ID use BSSID as default, to support EAP with 11r

Browse Source 
When in EAP/Radius security mode, and 80211r is enabled, enforce that
radius_nas_id can only be the BSSID of the SSID being created.
This commit is contained in:
Mike Hansen
2021-04-08 14:35:05 -04:00
parent d43a1d0f7b
commit 1e74c777fd
1 changed files with 202 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

460
opensync-gateway/src/main/java/com/telecominfraproject/wlan/opensync/ovsdb/dao/OvsdbSsidConfig.java
View File

@@ -1,3 +1,4 @@
package com.telecominfraproject.wlan.opensync.ovsdb.dao; package com.telecominfraproject.wlan.opensync.ovsdb.dao;
import com.telecominfraproject.wlan.core.model.equipment.MacAddress; import com.telecominfraproject.wlan.core.model.equipment.MacAddress;
@@ -83,27 +84,26 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
} }
} }
if ((result != null) && (result.length > 0) && (result[0] instanceof SelectResult) if ((result != null) && (result.length > 0) && (result[0] instanceof SelectResult) && !((SelectResult) result[0]).getRows().isEmpty()) {
&& !((SelectResult) result[0]).getRows().isEmpty()) {
for (Row row : ((SelectResult) result[0]).getRows()) { for (Row row : ((SelectResult) result[0]).getRows()) {
String radioFrequencyBand = getSingleValueFromSet(row, "freq_band"); String radioFrequencyBand = getSingleValueFromSet(row, "freq_band");
switch (radioFrequencyBand) { switch (radioFrequencyBand) {
case "2.4G": case "2.4G":
radios.add(RadioType.is2dot4GHz); radios.add(RadioType.is2dot4GHz);
break; break;
case "5G": case "5G":
radios.add(RadioType.is5GHz); radios.add(RadioType.is5GHz);
break; break;
case "5GL": case "5GL":
radios.add(RadioType.is5GHzL); radios.add(RadioType.is5GHzL);
break; break;
case "5GU": case "5GU":
radios.add(RadioType.is5GHzU); radios.add(RadioType.is5GHzU);
break; break;
default: default:
LOG.debug("Unsupported or unrecognized radio band type {}", radioFrequencyBand); LOG.debug("Unsupported or unrecognized radio band type {}", radioFrequencyBand);
} }
@@ -157,8 +157,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param dtimPeriod * @param dtimPeriod
* @param customOptions * @param customOptions
*/ */
void configureCustomOptionsForDtimFragAnd80211k(boolean enable80211k, int dtimPeriod, void configureCustomOptionsForDtimFragAnd80211k(boolean enable80211k, int dtimPeriod, Map<String, String> customOptions) {
Map<String, String> customOptions) {
customOptions.put("dtim_period", String.valueOf(dtimPeriod)); customOptions.put("dtim_period", String.valueOf(dtimPeriod));
if (enable80211k) { if (enable80211k) {
customOptions.put("ieee80211k", String.valueOf(1)); customOptions.put("ieee80211k", String.valueOf(1));
@@ -173,16 +172,18 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param radiusNasId * @param radiusNasId
* @param radiusNasIp * @param radiusNasIp
* @param radiusOperatorName * @param radiusOperatorName
* @param enable80211r
* @param customOptions * @param customOptions
*/ */
void configureCustomOptionsForRadiusNas(OvsdbClient ovsdbClient, String radiusNasId, String radiusNasIp, void configureCustomOptionsForRadiusNas(OvsdbClient ovsdbClient, String radiusNasId, String radiusNasIp, String radiusOperatorName, boolean enable80211r,
String radiusOperatorName, Map<String, String> customOptions) { Map<String, String> customOptions) {
ConnectNodeInfo partialConnectNode = new ConnectNodeInfo(); ConnectNodeInfo partialConnectNode = new ConnectNodeInfo();
ovsdbNode.fillInWanIpAddressAndMac(ovsdbClient, partialConnectNode, defaultWanInterfaceType, ovsdbNode.fillInWanIpAddressAndMac(ovsdbClient, partialConnectNode, defaultWanInterfaceType, defaultWanInterfaceName);
defaultWanInterfaceName);
if (radiusNasId != null) { if (radiusNasId != null) {
if (radiusNasId.equals(NasIdType.AP_BASE_MAC.toString())) { if (enable80211r) {
LOG.info("NAS-ID is {}, 80211r is enabled, do not configure, AP will determine radius_nas_id when SSID configuration complete.", radiusNasId);
} else if (radiusNasId.equals(NasIdType.AP_BASE_MAC.toString())) {
LOG.info("NAS-ID is {}, set radius_nas_id to {}", radiusNasId, partialConnectNode.macAddress); LOG.info("NAS-ID is {}, set radius_nas_id to {}", radiusNasId, partialConnectNode.macAddress);
customOptions.put("radius_nas_id", partialConnectNode.macAddress); customOptions.put("radius_nas_id", partialConnectNode.macAddress);
} else if (radiusNasId.equals(NasIdType.DEFAULT.toString()) || radiusNasId.equals(NasIdType.BSSID.toString())) { } else if (radiusNasId.equals(NasIdType.DEFAULT.toString()) || radiusNasId.equals(NasIdType.BSSID.toString())) {
@@ -205,8 +206,9 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
} }
/** /**
* SSID UL/DL Limits from profile should be tagged against the client UL/DL limit * SSID UL/DL Limits from profile should be tagged against the client UL/DL limit
* ssid_ul_limit/ssid_dl_limit no longer used, set to 0 on AP to avoid unknown behaviours. * ssid_ul_limit/ssid_dl_limit no longer used, set to 0 on AP to avoid unknown behaviours.
*
* @param rateLimitEnable * @param rateLimitEnable
* @param ssidDlLimit * @param ssidDlLimit
* @param ssidUlLimit * @param ssidUlLimit
@@ -215,8 +217,8 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param rtsCtsThreshold * @param rtsCtsThreshold
* @param customOptions * @param customOptions
*/ */
void configureCustomOptionsForRatesAndLimits(boolean rateLimitEnable, int ssidDlLimit, int ssidUlLimit, void configureCustomOptionsForRatesAndLimits(boolean rateLimitEnable, int ssidDlLimit, int ssidUlLimit, int clientDlLimit, int clientUlLimit,
int clientDlLimit, int clientUlLimit, int rtsCtsThreshold, Map<String, String> customOptions) { int rtsCtsThreshold, Map<String, String> customOptions) {
customOptions.put("rate_limit_en", rateLimitEnable ? "1" : "0"); customOptions.put("rate_limit_en", rateLimitEnable ? "1" : "0");
customOptions.put("ssid_ul_limit", String.valueOf(0)); customOptions.put("ssid_ul_limit", String.valueOf(0));
customOptions.put("ssid_dl_limit", String.valueOf(0)); customOptions.put("ssid_dl_limit", String.valueOf(0));
@@ -224,7 +226,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
customOptions.put("client_ul_limit", String.valueOf(ssidUlLimit * 1000)); customOptions.put("client_ul_limit", String.valueOf(ssidUlLimit * 1000));
customOptions.put("rts_threshold", String.valueOf(rtsCtsThreshold)); customOptions.put("rts_threshold", String.valueOf(rtsCtsThreshold));
} }
void configureCustomOptionsForUseRadiusProxy(boolean useRadiusProxy, Map<String, String> customOptions) { void configureCustomOptionsForUseRadiusProxy(boolean useRadiusProxy, Map<String, String> customOptions) {
customOptions.put("radproxy", useRadiusProxy ? "1" : "0"); customOptions.put("radproxy", useRadiusProxy ? "1" : "0");
} }
@@ -235,6 +237,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* *
* @param ovsdbClient * @param ovsdbClient
* @param enable80211k * @param enable80211k
* @param enable80211r TODO
* @param rateLimitEnable * @param rateLimitEnable
* @param ssidDlLimit * @param ssidDlLimit
* @param ssidUlLimit * @param ssidUlLimit
@@ -247,38 +250,33 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param radiusOperatorName * @param radiusOperatorName
* @param updateColumns * @param updateColumns
* @param dynamicVlan * @param dynamicVlan
* @param useRadiusProxy * @param useRadiusProxy
*/ */
void configureCustomOptionsForSsid(OvsdbClient ovsdbClient, boolean enable80211k, boolean rateLimitEnable, void configureCustomOptionsForSsid(OvsdbClient ovsdbClient, boolean enable80211k, boolean enable80211r, boolean rateLimitEnable, int ssidDlLimit,
int ssidDlLimit, int ssidUlLimit, int clientDlLimit, int clientUlLimit, int rtsCtsThreshold, int dtimPeriod, int ssidUlLimit, int clientDlLimit, int clientUlLimit, int rtsCtsThreshold, int dtimPeriod, String radiusNasId, String radiusNasIp,
String radiusNasId, String radiusNasIp, String radiusOperatorName, Map<String, Value> updateColumns, String radiusOperatorName, Map<String, Value> updateColumns, int dynamicVlan, Boolean useRadiusProxy) {
int dynamicVlan, Boolean useRadiusProxy) {
Map<String, String> customOptions = new HashMap<>(); Map<String, String> customOptions = new HashMap<>();
configureCustomOptionsForUseRadiusProxy(useRadiusProxy, customOptions);
configureCustomOptionsForRatesAndLimits(rateLimitEnable, ssidDlLimit, ssidUlLimit, clientDlLimit, clientUlLimit,
rtsCtsThreshold, customOptions);
configureCustomOptionsForRadiusNas(ovsdbClient, radiusNasId, radiusNasIp, radiusOperatorName, customOptions); configureCustomOptionsForUseRadiusProxy(useRadiusProxy, customOptions);
configureCustomOptionsForRatesAndLimits(rateLimitEnable, ssidDlLimit, ssidUlLimit, clientDlLimit, clientUlLimit, rtsCtsThreshold, customOptions);
configureCustomOptionsForRadiusNas(ovsdbClient, radiusNasId, radiusNasIp, radiusOperatorName, enable80211r, customOptions);
configureCustomOptionsForDtimFragAnd80211k(enable80211k, dtimPeriod, customOptions); configureCustomOptionsForDtimFragAnd80211k(enable80211k, dtimPeriod, customOptions);
configureCustomOptionsForDynamicVlan(dynamicVlan, customOptions); configureCustomOptionsForDynamicVlan(dynamicVlan, customOptions);
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
com.vmware.ovsdb.protocol.operation.notation.Map<String, String> customMap = com.vmware.ovsdb.protocol.operation.notation.Map com.vmware.ovsdb.protocol.operation.notation.Map<String, String> customMap = com.vmware.ovsdb.protocol.operation.notation.Map.of(customOptions);
.of(customOptions);
updateColumns.put("custom_options", customMap); updateColumns.put("custom_options", customMap);
} }
void configureSingleSsid(OvsdbClient ovsdbClient, String vifInterfaceName, String ssid, boolean ssidBroadcast, void configureSingleSsid(OvsdbClient ovsdbClient, String vifInterfaceName, String ssid, boolean ssidBroadcast, Map<String, String> security, int vlanId,
Map<String, String> security, int vlanId, boolean rrmEnabled, boolean enable80211r, int mobilityDomain, boolean rrmEnabled, boolean enable80211r, int mobilityDomain, boolean enable80211v, boolean enable80211k, String minHwMode, boolean enabled,
boolean enable80211v, boolean enable80211k, String minHwMode, boolean enabled, int keyRefresh, int keyRefresh, boolean uapsdEnabled, boolean apBridge, NetworkForwardMode networkForwardMode, List<MacAddress> macBlockList,
boolean uapsdEnabled, boolean apBridge, NetworkForwardMode networkForwardMode, boolean rateLimitEnable, int ssidDlLimit, int ssidUlLimit, int clientDlLimit, int clientUlLimit, int rtsCtsThreshold, int dtimPeriod,
List<MacAddress> macBlockList, boolean rateLimitEnable, int ssidDlLimit, int ssidUlLimit, int clientDlLimit, Map<String, String> captiveMap, List<String> walledGardenAllowlist, String radiusNasId, String radiusNasIp, String radiusOperatorName,
int clientUlLimit, int rtsCtsThreshold, int dtimPeriod, Map<String, String> captiveMap,
List<String> walledGardenAllowlist, String radiusNasId, String radiusNasIp, String radiusOperatorName,
String greTunnelName, int dynamicVlan, Boolean useRadiusProxy, List<Operation> operations) { String greTunnelName, int dynamicVlan, Boolean useRadiusProxy, List<Operation> operations) {
Map<String, Value> updateColumns = new HashMap<>(); Map<String, Value> updateColumns = new HashMap<>();
@@ -299,15 +297,13 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
updateColumns.put("mode", new Atom<>("ap")); updateColumns.put("mode", new Atom<>("ap"));
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
com.vmware.ovsdb.protocol.operation.notation.Map<String, String> captivePortalMap = com.vmware.ovsdb.protocol.operation.notation.Map com.vmware.ovsdb.protocol.operation.notation.Map<String, String> captivePortalMap = com.vmware.ovsdb.protocol.operation.notation.Map.of(captiveMap);
.of(captiveMap);
updateColumns.put("captive_portal", captivePortalMap); updateColumns.put("captive_portal", captivePortalMap);
if (walledGardenAllowlist != null && !walledGardenAllowlist.isEmpty()) { if (walledGardenAllowlist != null && !walledGardenAllowlist.isEmpty()) {
Set<Atom<String>> atomMacList = new HashSet<>(); Set<Atom<String>> atomMacList = new HashSet<>();
walledGardenAllowlist.forEach(allow -> atomMacList.add(new Atom<>(allow))); walledGardenAllowlist.forEach(allow -> atomMacList.add(new Atom<>(allow)));
com.vmware.ovsdb.protocol.operation.notation.Set allowListSet = com.vmware.ovsdb.protocol.operation.notation.Set com.vmware.ovsdb.protocol.operation.notation.Set allowListSet = com.vmware.ovsdb.protocol.operation.notation.Set.of(atomMacList);
.of(atomMacList);
updateColumns.put("captive_allowlist", allowListSet); updateColumns.put("captive_allowlist", allowListSet);
} else { } else {
updateColumns.put("captive_allowlist", new com.vmware.ovsdb.protocol.operation.notation.Set()); updateColumns.put("captive_allowlist", new com.vmware.ovsdb.protocol.operation.notation.Set());
@@ -335,12 +331,10 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
updateColumns.put("group_rekey", new Atom<>(keyRefresh)); updateColumns.put("group_rekey", new Atom<>(keyRefresh));
updateColumns.put("ap_bridge", new Atom<>(apBridge)); updateColumns.put("ap_bridge", new Atom<>(apBridge));
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
com.vmware.ovsdb.protocol.operation.notation.Map<String, String> securityMap = com.vmware.ovsdb.protocol.operation.notation.Map com.vmware.ovsdb.protocol.operation.notation.Map<String, String> securityMap = com.vmware.ovsdb.protocol.operation.notation.Map.of(security);
.of(security);
updateColumns.put("security", securityMap); updateColumns.put("security", securityMap);
configureCustomOptionsForSsid(ovsdbClient, enable80211k, rateLimitEnable, ssidDlLimit, ssidUlLimit, configureCustomOptionsForSsid(ovsdbClient, enable80211k, enable80211r, rateLimitEnable, ssidDlLimit, ssidUlLimit, clientDlLimit, clientUlLimit,
clientDlLimit, clientUlLimit, rtsCtsThreshold, dtimPeriod, radiusNasId, radiusNasIp, radiusOperatorName, rtsCtsThreshold, dtimPeriod, radiusNasId, radiusNasIp, radiusOperatorName, updateColumns, dynamicVlan, useRadiusProxy);
updateColumns, dynamicVlan, useRadiusProxy);
updateBlockList(updateColumns, macBlockList); updateBlockList(updateColumns, macBlockList);
Row row = new Row(updateColumns); Row row = new Row(updateColumns);
operations.add(new Insert(wifiVifConfigDbTable, row)); operations.add(new Insert(wifiVifConfigDbTable, row));
@@ -349,8 +343,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
void configureSsids(OvsdbClient ovsdbClient, OpensyncAPConfig opensyncApConfig) { void configureSsids(OvsdbClient ovsdbClient, OpensyncAPConfig opensyncApConfig) {
boolean rrmEnabled = false; boolean rrmEnabled = false;
if ((opensyncApConfig.getEquipmentLocation() != null) if ((opensyncApConfig.getEquipmentLocation() != null) && (opensyncApConfig.getEquipmentLocation().getDetails() != null)) {
&& (opensyncApConfig.getEquipmentLocation().getDetails() != null)) {
rrmEnabled = opensyncApConfig.getEquipmentLocation().getDetails().isRrmEnabled(); rrmEnabled = opensyncApConfig.getEquipmentLocation().getDetails().isRrmEnabled();
} }
List<MacAddress> macBlockList = opensyncApConfig.getBlockedClients(); List<MacAddress> macBlockList = opensyncApConfig.getBlockedClients();
@@ -363,8 +356,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
for (Profile ssidProfile : opensyncApConfig.getSsidProfile()) { for (Profile ssidProfile : opensyncApConfig.getSsidProfile()) {
SsidConfiguration ssidConfig = (SsidConfiguration) ssidProfile.getDetails(); SsidConfiguration ssidConfig = (SsidConfiguration) ssidProfile.getDetails();
ApElementConfiguration apElementConfig = (ApElementConfiguration) opensyncApConfig.getCustomerEquipment() ApElementConfiguration apElementConfig = (ApElementConfiguration) opensyncApConfig.getCustomerEquipment().getDetails();
.getDetails();
RfConfiguration rfConfig = (RfConfiguration) opensyncApConfig.getRfProfile().getDetails(); RfConfiguration rfConfig = (RfConfiguration) opensyncApConfig.getRfProfile().getDetails();
for (RadioType radioType : ssidConfig.getAppliedRadios()) { for (RadioType radioType : ssidConfig.getAppliedRadios()) {
@@ -397,8 +389,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
clientUlLimit = ssidConfig.getClientBandwidthLimitUp(); clientUlLimit = ssidConfig.getClientBandwidthLimitUp();
} }
Map<String, WifiRadioConfigInfo> provisionedRadioConfigs = getProvisionedData Map<String, WifiRadioConfigInfo> provisionedRadioConfigs = getProvisionedData.getProvisionedWifiRadioConfigs(ovsdbClient);
.getProvisionedWifiRadioConfigs(ovsdbClient);
String freqBand = null; String freqBand = null;
String ifName = null; String ifName = null;
String radioName = null; String radioName = null;
@@ -433,8 +424,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
ifName = defaultRadio2; ifName = defaultRadio2;
} }
if (ifName == null) { if (ifName == null) {
LOG.debug("Cannot provision SSID for radio {} freqBand {} with VIF if_name null", radioName, LOG.debug("Cannot provision SSID for radio {} freqBand {} with VIF if_name null", radioName, freqBand);
freqBand);
continue; continue;
} }
@@ -478,8 +468,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
boolean enable80211k = true; boolean enable80211k = true;
// off by default, only applicable for is2do4GHz // off by default, only applicable for is2do4GHz
if ((ssidConfig.getRadioBasedConfigs() != null) if ((ssidConfig.getRadioBasedConfigs() != null)
&& (ssidConfig.getRadioBasedConfigs().containsKey(radioType) && (ssidConfig.getRadioBasedConfigs().containsKey(radioType) && (ssidConfig.getRadioBasedConfigs().get(radioType) != null))) {
&& (ssidConfig.getRadioBasedConfigs().get(radioType) != null))) {
if (ssidConfig.getRadioBasedConfigs().get(radioType).getEnable80211r() != null) { if (ssidConfig.getRadioBasedConfigs().get(radioType).getEnable80211r() != null) {
enable80211r = ssidConfig.getRadioBasedConfigs().get(radioType).getEnable80211r(); enable80211r = ssidConfig.getRadioBasedConfigs().get(radioType).getEnable80211r();
if (enable80211r) { if (enable80211r) {
@@ -514,21 +503,18 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
int dynamicVlan = 0; int dynamicVlan = 0;
if (opensyncSecurityMode.endsWith("EAP")) { if (opensyncSecurityMode.endsWith("EAP")) {
if (ssidConfig.getRadiusClientConfiguration() != null) { if (ssidConfig.getRadiusClientConfiguration() != null) {
radiusNasId = ssidConfig.getRadiusClientConfiguration().getNasClientId() radiusNasId = ssidConfig.getRadiusClientConfiguration().getNasClientId().equals(NasIdType.USER_DEFINED)
.equals(NasIdType.USER_DEFINED) ? ssidConfig.getRadiusClientConfiguration().getUserDefinedNasId()
? ssidConfig.getRadiusClientConfiguration().getUserDefinedNasId() : ssidConfig.getRadiusClientConfiguration().getNasClientId().toString();
: ssidConfig.getRadiusClientConfiguration().getNasClientId().toString(); radiusNasIp = ssidConfig.getRadiusClientConfiguration().getNasClientIp().equals(NasIpType.USER_DEFINED)
radiusNasIp = ssidConfig.getRadiusClientConfiguration().getNasClientIp() ? ssidConfig.getRadiusClientConfiguration().getUserDefinedNasIp()
.equals(NasIpType.USER_DEFINED) : ssidConfig.getRadiusClientConfiguration().getNasClientIp().toString();
? ssidConfig.getRadiusClientConfiguration().getUserDefinedNasIp()
: ssidConfig.getRadiusClientConfiguration().getNasClientIp().toString();
radiusOperName = ssidConfig.getRadiusClientConfiguration().getOperatorId(); radiusOperName = ssidConfig.getRadiusClientConfiguration().getOperatorId();
} else { } else {
radiusNasId = NasIdType.DEFAULT.toString(); radiusNasId = NasIdType.DEFAULT.toString();
radiusNasIp = NasIpType.WAN_IP.toString(); radiusNasIp = NasIpType.WAN_IP.toString();
} }
if (ssidConfig.getForwardMode() == null if (ssidConfig.getForwardMode() == null || ssidConfig.getForwardMode().equals(NetworkForwardMode.BRIDGE)) {
|| ssidConfig.getForwardMode().equals(NetworkForwardMode.BRIDGE)) {
// get the dynamicVlan value for this ssid, when in // get the dynamicVlan value for this ssid, when in
// bridge forward mode // bridge forward mode
// null implies bridge // null implies bridge
@@ -546,9 +532,8 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
boolean enabled = ssidConfig.getSsidAdminState().equals(StateSetting.enabled); boolean enabled = ssidConfig.getSsidAdminState().equals(StateSetting.enabled);
int vlanId = ssidConfig.getVlanId() != null ? ssidConfig.getVlanId() : 1; int vlanId = ssidConfig.getVlanId() != null ? ssidConfig.getVlanId() : 1;
Optional<GreTunnelConfiguration> tunnelConfiguration = ((ApNetworkConfiguration) opensyncApConfig Optional<GreTunnelConfiguration> tunnelConfiguration = ((ApNetworkConfiguration) opensyncApConfig.getApProfile().getDetails())
.getApProfile().getDetails()).getGreTunnelConfigurations().stream() .getGreTunnelConfigurations().stream().filter(t -> t.getVlanIdsInGreTunnel().contains(vlanId)).findFirst();
.filter(t -> t.getVlanIdsInGreTunnel().contains(vlanId)).findFirst();
String greTunnelName = null; String greTunnelName = null;
if (tunnelConfiguration.isPresent()) { if (tunnelConfiguration.isPresent()) {
greTunnelName = tunnelConfiguration.get().getGreTunnelName(); greTunnelName = tunnelConfiguration.get().getGreTunnelName();
@@ -566,21 +551,18 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
useRadiusProxy = ssidConfig.getUseRadiusProxy(); useRadiusProxy = ssidConfig.getUseRadiusProxy();
} }
try { try {
configureSingleSsid(ovsdbClient, ifName, ssidConfig.getSsid(), ssidBroadcast, security, vlanId, configureSingleSsid(ovsdbClient, ifName, ssidConfig.getSsid(), ssidBroadcast, security, vlanId, rrmEnabled, enable80211r, mobilityDomain,
rrmEnabled, enable80211r, mobilityDomain, enable80211v, enable80211k, minHwMode, enabled, enable80211v, enable80211k, minHwMode, enabled, keyRefresh, uapsdEnabled, apBridge, ssidConfig.getForwardMode(), macBlockList,
keyRefresh, uapsdEnabled, apBridge, ssidConfig.getForwardMode(), macBlockList, rateLimitEnable, ssidDlLimit, ssidUlLimit, clientDlLimit, clientUlLimit, rtsCtsThreshold, dtimPeriod, captiveMap,
rateLimitEnable, ssidDlLimit, ssidUlLimit, clientDlLimit, clientUlLimit, rtsCtsThreshold, walledGardenAllowlist, radiusNasId, radiusNasIp, radiusOperName, greTunnelName, dynamicVlan, useRadiusProxy, operations);
dtimPeriod, captiveMap, walledGardenAllowlist, radiusNasId, radiusNasIp, radiusOperName,
greTunnelName, dynamicVlan, useRadiusProxy, operations); networkConfig.configureInetVifInterface(ovsdbClient, ifName, enabled, ssidConfig.getForwardMode(), operations);
networkConfig.configureInetVifInterface(ovsdbClient, ifName, enabled, ssidConfig.getForwardMode(),
operations);
if (useRadiusProxy) { if (useRadiusProxy) {
// make sure it's enabled if we are going to use it // make sure it's enabled if we are going to use it
radsecConfig.configureApc(ovsdbClient, useRadiusProxy,operations); radsecConfig.configureApc(ovsdbClient, useRadiusProxy, operations);
} }
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
// could not provision this SSID, but still can go on // could not provision this SSID, but still can go on
LOG.warn("could not provision SSID {} on {}", ssidConfig.getSsid(), freqBand); LOG.warn("could not provision SSID {} on {}", ssidConfig.getSsid(), freqBand);
@@ -598,19 +580,14 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
} }
} }
void getBonjourGatewayConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, void getBonjourGatewayConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, Map<Short, Set<String>> bonjourServiceMap) {
Map<Short, Set<String>> bonjourServiceMap) { if ((ssidConfig.getBonjourGatewayProfileId() != null) && (opensyncApConfig.getBonjourGatewayProfiles() != null)) {
if ((ssidConfig.getBonjourGatewayProfileId() != null)
&& (opensyncApConfig.getBonjourGatewayProfiles() != null)) {
for (Profile profileBonjour : opensyncApConfig.getBonjourGatewayProfiles()) { for (Profile profileBonjour : opensyncApConfig.getBonjourGatewayProfiles()) {
if ((ssidConfig.getBonjourGatewayProfileId() == profileBonjour.getId()) if ((ssidConfig.getBonjourGatewayProfileId() == profileBonjour.getId()) && (profileBonjour.getDetails() != null)) {
&& (profileBonjour.getDetails() != null)) {
BonjourGatewayProfile bonjourGatewayConfiguration = (BonjourGatewayProfile) profileBonjour BonjourGatewayProfile bonjourGatewayConfiguration = (BonjourGatewayProfile) profileBonjour.getDetails();
.getDetails();
Collection<BonjourServiceSet> bonjourServicesCollection = bonjourGatewayConfiguration Collection<BonjourServiceSet> bonjourServicesCollection = bonjourGatewayConfiguration.getBonjourServices();
.getBonjourServices();
bonjourServicesCollection.forEach(b -> { bonjourServicesCollection.forEach(b -> {
Set<String> serviceSet = new HashSet<>(); Set<String> serviceSet = new HashSet<>();
if (bonjourServiceMap.containsKey(b.getVlanId())) { if (bonjourServiceMap.containsKey(b.getVlanId())) {
@@ -634,15 +611,15 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
*/ */
String getCaptiveAuthentication(CaptivePortalAuthenticationType authentication) { String getCaptiveAuthentication(CaptivePortalAuthenticationType authentication) {
switch (authentication) { switch (authentication) {
case guest: case guest:
return "None"; return "None";
case username: case username:
return "username"; return "username";
case radius: case radius:
return "radius"; return "radius";
default: default:
LOG.error("Unsupported captive portal authentication {}", authentication); LOG.error("Unsupported captive portal authentication {}", authentication);
return "None"; return "None";
} }
} }
@@ -653,68 +630,55 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param captiveMap * @param captiveMap
* @param walledGardenAllowlist * @param walledGardenAllowlist
*/ */
void getCaptiveConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, void getCaptiveConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, Map<String, String> captiveMap,
Map<String, String> captiveMap, List<String> walledGardenAllowlist) { List<String> walledGardenAllowlist) {
if ((ssidConfig.getCaptivePortalId() != null) && (opensyncApConfig.getCaptiveProfiles() != null)) { if ((ssidConfig.getCaptivePortalId() != null) && (opensyncApConfig.getCaptiveProfiles() != null)) {
for (Profile profileCaptive : opensyncApConfig.getCaptiveProfiles()) { for (Profile profileCaptive : opensyncApConfig.getCaptiveProfiles()) {
if ((ssidConfig.getCaptivePortalId() == profileCaptive.getId()) if ((ssidConfig.getCaptivePortalId() == profileCaptive.getId()) && (profileCaptive.getDetails() != null)) {
&& (profileCaptive.getDetails() != null)) { CaptivePortalConfiguration captiveProfileDetails = ((CaptivePortalConfiguration) profileCaptive.getDetails());
CaptivePortalConfiguration captiveProfileDetails = ((CaptivePortalConfiguration) profileCaptive
.getDetails());
// +#define SCHEMA_CONSTS_PAGE_TITLE "page_title" // +#define SCHEMA_CONSTS_PAGE_TITLE "page_title"
if (captiveProfileDetails.getBrowserTitle() != null) { if (captiveProfileDetails.getBrowserTitle() != null) {
captiveMap.put("session_timeout", captiveMap.put("session_timeout", String.valueOf(captiveProfileDetails.getSessionTimeoutInMinutes()));
String.valueOf(captiveProfileDetails.getSessionTimeoutInMinutes()));
captiveMap.put("page_title", captiveProfileDetails.getBrowserTitle()); captiveMap.put("page_title", captiveProfileDetails.getBrowserTitle());
} }
if (captiveProfileDetails.getAuthenticationType().equals(CaptivePortalAuthenticationType.radius)) { if (captiveProfileDetails.getAuthenticationType().equals(CaptivePortalAuthenticationType.radius)) {
Optional<Profile> optional = opensyncApConfig.getRadiusProfiles().stream() Optional<Profile> optional =
.filter(p -> p.getId() == captiveProfileDetails.getRadiusServiceId()).findFirst(); opensyncApConfig.getRadiusProfiles().stream().filter(p -> p.getId() == captiveProfileDetails.getRadiusServiceId()).findFirst();
if (optional.isPresent()) { if (optional.isPresent()) {
Profile profile = optional.get(); Profile profile = optional.get();
RadiusProfile radiusProfile = (RadiusProfile) profile.getDetails(); RadiusProfile radiusProfile = (RadiusProfile) profile.getDetails();
captiveMap.put("radius_server_ip", String.valueOf( captiveMap.put("radius_server_ip", String.valueOf(radiusProfile.getPrimaryRadiusAuthServer().getIpAddress().getHostAddress()));
radiusProfile.getPrimaryRadiusAuthServer().getIpAddress().getHostAddress()));
captiveMap.put("radius_server_port", captiveMap.put("radius_server_port", String.valueOf(radiusProfile.getPrimaryRadiusAuthServer().getPort()));
String.valueOf(radiusProfile.getPrimaryRadiusAuthServer().getPort()));
captiveMap.put("radius_server_secret", captiveMap.put("radius_server_secret", String.valueOf(radiusProfile.getPrimaryRadiusAuthServer().getSecret()));
String.valueOf(radiusProfile.getPrimaryRadiusAuthServer().getSecret()));
if (captiveProfileDetails.getRadiusAuthMethod() != null) { if (captiveProfileDetails.getRadiusAuthMethod() != null) {
captiveMap.put("radius_auth_type", captiveMap.put("radius_auth_type", String.valueOf(captiveProfileDetails.getRadiusAuthMethod()));
String.valueOf(captiveProfileDetails.getRadiusAuthMethod()));
} }
} }
} }
if (captiveProfileDetails.getRedirectURL() != null) { if (captiveProfileDetails.getRedirectURL() != null) {
captiveMap.put("redirect_url", captiveProfileDetails.getRedirectURL()); captiveMap.put("redirect_url", captiveProfileDetails.getRedirectURL());
} }
captiveMap.put("session_timeout", captiveMap.put("session_timeout", String.valueOf(captiveProfileDetails.getSessionTimeoutInMinutes()));
String.valueOf(captiveProfileDetails.getSessionTimeoutInMinutes()));
captiveMap.put("browser_title", captiveProfileDetails.getBrowserTitle()); captiveMap.put("browser_title", captiveProfileDetails.getBrowserTitle());
captiveMap.put("splash_page_title", captiveProfileDetails.getHeaderContent()); captiveMap.put("splash_page_title", captiveProfileDetails.getHeaderContent());
captiveMap.put("acceptance_policy", captiveProfileDetails.getUserAcceptancePolicy()); captiveMap.put("acceptance_policy", captiveProfileDetails.getUserAcceptancePolicy());
captiveMap.put("login_success_text", captiveProfileDetails.getSuccessPageMarkdownText()); captiveMap.put("login_success_text", captiveProfileDetails.getSuccessPageMarkdownText());
captiveMap.put("authentication", captiveMap.put("authentication", getCaptiveAuthentication(captiveProfileDetails.getAuthenticationType()));
getCaptiveAuthentication(captiveProfileDetails.getAuthenticationType()));
if (captiveProfileDetails.getLogoFile() != null) { if (captiveProfileDetails.getLogoFile() != null) {
String splashLogoUrl = externalFileStoreURL + captiveProfileDetails.getLogoFile().getApExportUrl(); String splashLogoUrl = externalFileStoreURL + captiveProfileDetails.getLogoFile().getApExportUrl();
captiveMap.put("splash_page_logo", captiveMap.put("splash_page_logo", splashLogoUrl);
splashLogoUrl);
} }
if (captiveProfileDetails.getBackgroundFile() != null) { if (captiveProfileDetails.getBackgroundFile() != null) {
String splashBackgroundUrl = externalFileStoreURL + captiveProfileDetails.getBackgroundFile().getApExportUrl(); String splashBackgroundUrl = externalFileStoreURL + captiveProfileDetails.getBackgroundFile().getApExportUrl();
captiveMap.put("splash_page_background_logo", captiveMap.put("splash_page_background_logo", splashBackgroundUrl);
splashBackgroundUrl);
} }
if (captiveProfileDetails.getAuthenticationType() if (captiveProfileDetails.getAuthenticationType().equals(CaptivePortalAuthenticationType.username)) {
.equals(CaptivePortalAuthenticationType.username)) {
// create a user/password file for the AP to pull // create a user/password file for the AP to pull
Path userFilepath = createCaptivePortalUserFile(captiveProfileDetails.getUserList(), Path userFilepath = createCaptivePortalUserFile(captiveProfileDetails.getUserList(), profileCaptive.getId());
profileCaptive.getId());
ManagedFileInfo mfi = new ManagedFileInfo(); ManagedFileInfo mfi = new ManagedFileInfo();
mfi.setFileCategory(FileCategory.UsernamePasswordList); mfi.setFileCategory(FileCategory.UsernamePasswordList);
mfi.setFileType(FileType.TEXT); mfi.setFileType(FileType.TEXT);
@@ -733,8 +697,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
Path createCaptivePortalUserFile(List<TimedAccessUserRecord> userList, long captivePortalProfileId) { Path createCaptivePortalUserFile(List<TimedAccessUserRecord> userList, long captivePortalProfileId) {
Path path = Paths.get( Path path = Paths.get(fileStoreDirectoryName + File.separator + "captive-portal-users-" + captivePortalProfileId + ".txt");
fileStoreDirectoryName + File.separator + "captive-portal-users-" + captivePortalProfileId + ".txt");
try { try {
Files.deleteIfExists(path); Files.deleteIfExists(path);
@@ -742,9 +705,9 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
LOG.error("Cannot delete {}", path, e); LOG.error("Cannot delete {}", path, e);
} }
for (TimedAccessUserRecord userRecord : userList) { for (TimedAccessUserRecord userRecord : userList) {
byte[] bytes = ("username=" + userRecord.getUsername() + ", password=" + userRecord.getPassword() byte[] bytes = ("username=" + userRecord.getUsername() + ", password=" + userRecord.getPassword() + ", firstname="
+ ", firstname=" + userRecord.getUserDetails().getFirstName() + ", lastname=" + userRecord.getUserDetails().getFirstName() + ", lastname=" + userRecord.getUserDetails().getLastName() + System.lineSeparator())
+ userRecord.getUserDetails().getLastName() + System.lineSeparator()).getBytes(); .getBytes();
try { try {
Files.write(path, bytes, StandardOpenOption.APPEND); Files.write(path, bytes, StandardOpenOption.APPEND);
LOG.debug("Successfully written data to the file {}", path); LOG.debug("Successfully written data to the file {}", path);
@@ -770,44 +733,42 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
*/ */
String getOpensyncSecurityMode(String ssidSecurityMode, String opensyncSecurityMode) { String getOpensyncSecurityMode(String ssidSecurityMode, String opensyncSecurityMode) {
switch (ssidSecurityMode) { switch (ssidSecurityMode) {
case "wpaPSK": case "wpaPSK":
case "wpa2PSK": case "wpa2PSK":
case "wpa2OnlyPSK": case "wpa2OnlyPSK":
opensyncSecurityMode = "WPA-PSK"; opensyncSecurityMode = "WPA-PSK";
break; break;
case "wep": case "wep":
opensyncSecurityMode = "WEP"; opensyncSecurityMode = "WEP";
break; break;
case "wpaEAP": case "wpaEAP":
case "wpa2EAP": case "wpa2EAP":
case "wpa2OnlyEAP": case "wpa2OnlyEAP":
case "wpaRadius": case "wpaRadius":
case "wpa2OnlyRadius": case "wpa2OnlyRadius":
case "wpa2Radius": case "wpa2Radius":
opensyncSecurityMode = "WPA-EAP"; opensyncSecurityMode = "WPA-EAP";
break; break;
case "wpa3OnlySAE": case "wpa3OnlySAE":
case "wpa3MixedSAE": case "wpa3MixedSAE":
opensyncSecurityMode = "WPA-SAE"; opensyncSecurityMode = "WPA-SAE";
break; break;
case "wpa3OnlyEAP": case "wpa3OnlyEAP":
case "wpa3MixedEAP": case "wpa3MixedEAP":
opensyncSecurityMode = "WPA3-EAP"; opensyncSecurityMode = "WPA3-EAP";
break; break;
} }
return opensyncSecurityMode; return opensyncSecurityMode;
} }
void getRadiusAccountingConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, void getRadiusAccountingConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, Map<String, String> security) {
Map<String, String> security) {
LOG.debug("getRadiusAccountingConfiguration for ssidConfig {} from radiusProfiles {}", ssidConfig, LOG.debug("getRadiusAccountingConfiguration for ssidConfig {} from radiusProfiles {}", ssidConfig, opensyncApConfig.getRadiusProfiles());
opensyncApConfig.getRadiusProfiles());
LOG.debug("Radius Accounting Profiles {}", opensyncApConfig.getRadiusProfiles()); LOG.debug("Radius Accounting Profiles {}", opensyncApConfig.getRadiusProfiles());
List<Profile> radiusProfileList = opensyncApConfig.getRadiusProfiles().stream() List<Profile> radiusProfileList =
.filter(t -> t.getId() == ssidConfig.getRadiusServiceId()).collect(Collectors.toList()); opensyncApConfig.getRadiusProfiles().stream().filter(t -> t.getId() == ssidConfig.getRadiusServiceId()).collect(Collectors.toList());
if (radiusProfileList.size() > 0) { if (radiusProfileList.size() > 0) {
Profile profileRadius = radiusProfileList.get(0); Profile profileRadius = radiusProfileList.get(0);
@@ -815,13 +776,11 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
RadiusServer rServer = profileDetails.getPrimaryRadiusAccountingServer(); RadiusServer rServer = profileDetails.getPrimaryRadiusAccountingServer();
if (rServer != null) { if (rServer != null) {
if (ssidConfig.getUseRadiusProxy()) { if (ssidConfig.getUseRadiusProxy()) {
security.put("radius_acct_ip", security.put("radius_acct_ip", "127.0.0.1");
"127.0.0.1");
security.put("radius_acct_port", rServer.getPort() != null ? String.valueOf(rServer.getPort()) : null); security.put("radius_acct_port", rServer.getPort() != null ? String.valueOf(rServer.getPort()) : null);
security.put("radius_acct_secret", "secret"); security.put("radius_acct_secret", "secret");
} else { } else {
security.put("radius_acct_ip", security.put("radius_acct_ip", rServer.getIpAddress() != null ? rServer.getIpAddress().getHostAddress() : null);
rServer.getIpAddress() != null ? rServer.getIpAddress().getHostAddress() : null);
security.put("radius_acct_port", rServer.getPort() != null ? String.valueOf(rServer.getPort()) : null); security.put("radius_acct_port", rServer.getPort() != null ? String.valueOf(rServer.getPort()) : null);
security.put("radius_acct_secret", rServer.getSecret()); security.put("radius_acct_secret", rServer.getSecret());
} }
@@ -830,57 +789,47 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
// radius_acct_interval // radius_acct_interval
security.put("radius_acct_interval", ssidConfig.getRadiusAcountingServiceInterval().toString()); security.put("radius_acct_interval", ssidConfig.getRadiusAcountingServiceInterval().toString());
} }
LOG.info( LOG.info("set Radius Accounting server attributes radius_acct_ip {} radius_acct_port {} radius_acct_secret {} radius_acct_interval {}",
"set Radius Accounting server attributes radius_acct_ip {} radius_acct_port {} radius_acct_secret {} radius_acct_interval {}", security.get("radius_acct_ip"), security.get("radius_acct_port"), security.get("radius_acct_secret"),
security.get("radius_acct_ip"), security.get("radius_acct_port"), security.get("radius_acct_interval"));
security.get("radius_acct_secret"), security.get("radius_acct_interval"));
} else { } else {
LOG.info("No Radius Accounting Server defined in Radius Profile"); LOG.info("No Radius Accounting Server defined in Radius Profile");
} }
} else { } else {
LOG.warn("Could not find radius profile {} in {}", ssidConfig.getRadiusServiceId(), LOG.warn("Could not find radius profile {} in {}", ssidConfig.getRadiusServiceId(), opensyncApConfig.getRadiusProfiles());
opensyncApConfig.getRadiusProfiles());
} }
} }
void getRadiusConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, void getRadiusConfiguration(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, Map<String, String> security) {
Map<String, String> security) {
LOG.debug("getRadiusConfiguration for ssidConfig {} from radiusProfiles {}", ssidConfig, LOG.debug("getRadiusConfiguration for ssidConfig {} from radiusProfiles {}", ssidConfig, opensyncApConfig.getRadiusProfiles());
opensyncApConfig.getRadiusProfiles());
LOG.debug("Radius Profiles {}", opensyncApConfig.getRadiusProfiles()); LOG.debug("Radius Profiles {}", opensyncApConfig.getRadiusProfiles());
List<Profile> radiusProfileList = opensyncApConfig.getRadiusProfiles().stream() List<Profile> radiusProfileList =
.filter(t -> t.getId() == ssidConfig.getRadiusServiceId()).collect(Collectors.toList()); opensyncApConfig.getRadiusProfiles().stream().filter(t -> t.getId() == ssidConfig.getRadiusServiceId()).collect(Collectors.toList());
if (radiusProfileList.size() > 0) { if (radiusProfileList.size() > 0) {
Profile profileRadius = radiusProfileList.get(0); Profile profileRadius = radiusProfileList.get(0);
RadiusProfile profileDetails = ((RadiusProfile) profileRadius.getDetails()); RadiusProfile profileDetails = ((RadiusProfile) profileRadius.getDetails());
RadiusServer radiusServer = profileDetails.getPrimaryRadiusAuthServer(); RadiusServer radiusServer = profileDetails.getPrimaryRadiusAuthServer();
if (ssidConfig.getUseRadiusProxy()) { if (ssidConfig.getUseRadiusProxy()) {
security.put("radius_server_ip", security.put("radius_server_ip", "127.0.0.1");
"127.0.0.1"); security.put("radius_server_port", radiusServer.getPort() != null ? String.valueOf(radiusServer.getPort()) : null);
security.put("radius_server_port",
radiusServer.getPort() != null ? String.valueOf(radiusServer.getPort()) : null);
security.put("radius_server_secret", "secret"); security.put("radius_server_secret", "secret");
} else { } else {
security.put("radius_server_ip", security.put("radius_server_ip", radiusServer.getIpAddress() != null ? radiusServer.getIpAddress().getHostAddress() : null);
radiusServer.getIpAddress() != null ? radiusServer.getIpAddress().getHostAddress() : null); security.put("radius_server_port", radiusServer.getPort() != null ? String.valueOf(radiusServer.getPort()) : null);
security.put("radius_server_port",
radiusServer.getPort() != null ? String.valueOf(radiusServer.getPort()) : null);
security.put("radius_server_secret", radiusServer.getSecret()); security.put("radius_server_secret", radiusServer.getSecret());
} }
LOG.info("set Radius server attributes radius_server_ip {} radius_server_port {} radius_server_secret {}", LOG.info("set Radius server attributes radius_server_ip {} radius_server_port {} radius_server_secret {}", security.get("radius_server_ip"),
security.get("radius_server_ip"), security.get("radius_server_port"), security.get("radius_server_port"), security.get("radius_server_secret"));
security.get("radius_server_secret"));
} else { } else {
LOG.warn("Could not find radius profile {} in {}", ssidConfig.getRadiusServiceId(), LOG.warn("Could not find radius profile {} in {}", ssidConfig.getRadiusServiceId(), opensyncApConfig.getRadiusProfiles());
opensyncApConfig.getRadiusProfiles());
} }
} }
@@ -894,56 +843,56 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
* @param ssidSecurityMode * @param ssidSecurityMode
* @param opensyncSecurityMode * @param opensyncSecurityMode
*/ */
void populateSecurityMap(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, void populateSecurityMap(OpensyncAPConfig opensyncApConfig, SsidConfiguration ssidConfig, Map<String, String> security, String ssidSecurityMode,
Map<String, String> security, String ssidSecurityMode, String opensyncSecurityMode) { String opensyncSecurityMode) {
security.put("encryption", opensyncSecurityMode); security.put("encryption", opensyncSecurityMode);
// key and mode is N/A for OPEN security // key and mode is N/A for OPEN security
if (!opensyncSecurityMode.equals("OPEN")) { if (!opensyncSecurityMode.equals("OPEN")) {
switch (ssidSecurityMode) { switch (ssidSecurityMode) {
case "wpa2PSK": case "wpa2PSK":
case "wpa3MixedSAE": case "wpa3MixedSAE":
security.put("key", ssidConfig.getKeyStr()); security.put("key", ssidConfig.getKeyStr());
security.put("mode", "mixed"); security.put("mode", "mixed");
break; break;
case "wpa2OnlyPSK": case "wpa2OnlyPSK":
security.put("key", ssidConfig.getKeyStr()); security.put("key", ssidConfig.getKeyStr());
security.put("mode", "2"); security.put("mode", "2");
break; break;
case "wpa3OnlySAE": case "wpa3OnlySAE":
security.put("key", ssidConfig.getKeyStr()); security.put("key", ssidConfig.getKeyStr());
security.put("mode", "3"); security.put("mode", "3");
break; break;
case "wpaPSK": case "wpaPSK":
case "wep": case "wep":
security.put("key", ssidConfig.getKeyStr()); security.put("key", ssidConfig.getKeyStr());
security.put("mode", "1"); security.put("mode", "1");
break; break;
case "wpa2OnlyEAP": case "wpa2OnlyEAP":
case "wpa2OnlyRadius": case "wpa2OnlyRadius":
security.put("mode", "2"); security.put("mode", "2");
getRadiusConfiguration(opensyncApConfig, ssidConfig, security); getRadiusConfiguration(opensyncApConfig, ssidConfig, security);
getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security); getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security);
break; break;
case "wpa3OnlyEAP": case "wpa3OnlyEAP":
security.put("mode", "3"); security.put("mode", "3");
getRadiusConfiguration(opensyncApConfig, ssidConfig, security); getRadiusConfiguration(opensyncApConfig, ssidConfig, security);
getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security); getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security);
break; break;
case "wpa2EAP": case "wpa2EAP":
case "wpa2Radius": case "wpa2Radius":
case "wpa3MixedEAP": case "wpa3MixedEAP":
security.put("mode", "mixed"); security.put("mode", "mixed");
getRadiusConfiguration(opensyncApConfig, ssidConfig, security); getRadiusConfiguration(opensyncApConfig, ssidConfig, security);
getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security); getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security);
break; break;
case "wpaEAP": case "wpaEAP":
case "wpaRadius": case "wpaRadius":
security.put("mode", "1"); security.put("mode", "1");
getRadiusConfiguration(opensyncApConfig, ssidConfig, security); getRadiusConfiguration(opensyncApConfig, ssidConfig, security);
getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security); getRadiusAccountingConfiguration(opensyncApConfig, ssidConfig, security);
break; break;
} }
} }
} }
@@ -965,18 +914,14 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
LOG.info("removeAllSsids:result {}", res.toString()); LOG.info("removeAllSsids:result {}", res.toString());
} else if (res instanceof ErrorResult) { } else if (res instanceof ErrorResult) {
LOG.error("removeAllSsids:result error {}", (res)); LOG.error("removeAllSsids:result error {}", (res));
throw new RuntimeException("removeAllSsids " + ((ErrorResult) res).getError() + " " throw new RuntimeException("removeAllSsids " + ((ErrorResult) res).getError() + " " + ((ErrorResult) res).getDetails());
+ ((ErrorResult) res).getDetails());
} }
} }
Map<String, WifiVifConfigInfo> provisionedVifConfigs = getProvisionedData Map<String, WifiVifConfigInfo> provisionedVifConfigs = getProvisionedData.getProvisionedWifiVifConfigs(ovsdbClient);
.getProvisionedWifiVifConfigs(ovsdbClient);
// this should be empty // this should be empty
if (!provisionedVifConfigs.isEmpty()) { if (!provisionedVifConfigs.isEmpty()) {
throw new RuntimeException( throw new RuntimeException("Failed to remove all vif configurations from Wifi_VIF_Config dbTable, still has " + provisionedVifConfigs.values());
"Failed to remove all vif configurations from Wifi_VIF_Config dbTable, still has "
+ provisionedVifConfigs.values());
} }
LOG.info("Removed all ssids"); LOG.info("Removed all ssids");
@@ -996,8 +941,7 @@ public class OvsdbSsidConfig extends OvsdbDaoBase {
for (MacAddress mac : macBlockList) { for (MacAddress mac : macBlockList) {
atomMacList.add(new Atom<>(mac.getAddressAsString())); atomMacList.add(new Atom<>(mac.getAddressAsString()));
} }
com.vmware.ovsdb.protocol.operation.notation.Set macListSet = com.vmware.ovsdb.protocol.operation.notation.Set com.vmware.ovsdb.protocol.operation.notation.Set macListSet = com.vmware.ovsdb.protocol.operation.notation.Set.of(atomMacList);
.of(atomMacList);
updateColumns.put("mac_list", macListSet); updateColumns.put("mac_list", macListSet);
} else { } else {
updateColumns.put("mac_list_type", new Atom<>("none")); updateColumns.put("mac_list_type", new Atom<>("none"));