mirror of
https://github.com/esphome/esphome.git
synced 2024-11-25 00:18:11 +01:00
WPA2 Enterprise - Explicitly set TTLS Phase 2 (#6436)
Co-authored-by: Jesse Hills <3060199+jesserockz@users.noreply.github.com>
This commit is contained in:
parent
08509f7755
commit
2921831b55
5 changed files with 42 additions and 0 deletions
|
@ -33,6 +33,7 @@ from esphome.const import (
|
||||||
CONF_KEY,
|
CONF_KEY,
|
||||||
CONF_USERNAME,
|
CONF_USERNAME,
|
||||||
CONF_EAP,
|
CONF_EAP,
|
||||||
|
CONF_TTLS_PHASE_2,
|
||||||
CONF_ON_CONNECT,
|
CONF_ON_CONNECT,
|
||||||
CONF_ON_DISCONNECT,
|
CONF_ON_DISCONNECT,
|
||||||
)
|
)
|
||||||
|
@ -98,6 +99,14 @@ STA_MANUAL_IP_SCHEMA = AP_MANUAL_IP_SCHEMA.extend(
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
TTLS_PHASE_2 = {
|
||||||
|
"pap": cg.global_ns.ESP_EAP_TTLS_PHASE2_PAP,
|
||||||
|
"chap": cg.global_ns.ESP_EAP_TTLS_PHASE2_CHAP,
|
||||||
|
"mschap": cg.global_ns.ESP_EAP_TTLS_PHASE2_MSCHAP,
|
||||||
|
"mschapv2": cg.global_ns.ESP_EAP_TTLS_PHASE2_MSCHAPV2,
|
||||||
|
"eap": cg.global_ns.ESP_EAP_TTLS_PHASE2_EAP,
|
||||||
|
}
|
||||||
|
|
||||||
EAP_AUTH_SCHEMA = cv.All(
|
EAP_AUTH_SCHEMA = cv.All(
|
||||||
cv.Schema(
|
cv.Schema(
|
||||||
{
|
{
|
||||||
|
@ -105,6 +114,9 @@ EAP_AUTH_SCHEMA = cv.All(
|
||||||
cv.Optional(CONF_USERNAME): cv.string_strict,
|
cv.Optional(CONF_USERNAME): cv.string_strict,
|
||||||
cv.Optional(CONF_PASSWORD): cv.string_strict,
|
cv.Optional(CONF_PASSWORD): cv.string_strict,
|
||||||
cv.Optional(CONF_CERTIFICATE_AUTHORITY): wpa2_eap.validate_certificate,
|
cv.Optional(CONF_CERTIFICATE_AUTHORITY): wpa2_eap.validate_certificate,
|
||||||
|
cv.Optional(CONF_TTLS_PHASE_2): cv.All(
|
||||||
|
cv.enum(TTLS_PHASE_2), cv.only_with_esp_idf
|
||||||
|
),
|
||||||
cv.Inclusive(
|
cv.Inclusive(
|
||||||
CONF_CERTIFICATE, "certificate_and_key"
|
CONF_CERTIFICATE, "certificate_and_key"
|
||||||
): wpa2_eap.validate_certificate,
|
): wpa2_eap.validate_certificate,
|
||||||
|
@ -338,6 +350,7 @@ def eap_auth(config):
|
||||||
("ca_cert", ca_cert),
|
("ca_cert", ca_cert),
|
||||||
("client_cert", client_cert),
|
("client_cert", client_cert),
|
||||||
("client_key", key),
|
("client_key", key),
|
||||||
|
("ttls_phase_2", config.get(CONF_TTLS_PHASE_2, TTLS_PHASE_2["mschapv2"])),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
#include "wifi_component.h"
|
#include "wifi_component.h"
|
||||||
#include <cinttypes>
|
#include <cinttypes>
|
||||||
|
#include <map>
|
||||||
|
|
||||||
|
#ifdef USE_ESP_IDF
|
||||||
|
#include <esp_wpa2.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(USE_ESP32) || defined(USE_ESP_IDF)
|
#if defined(USE_ESP32) || defined(USE_ESP_IDF)
|
||||||
#include <esp_wifi.h>
|
#include <esp_wifi.h>
|
||||||
|
@ -318,6 +323,16 @@ void WiFiComponent::start_connecting(const WiFiAP &ap, bool two) {
|
||||||
ESP_LOGV(TAG, " Identity: " LOG_SECRET("'%s'"), eap_config.identity.c_str());
|
ESP_LOGV(TAG, " Identity: " LOG_SECRET("'%s'"), eap_config.identity.c_str());
|
||||||
ESP_LOGV(TAG, " Username: " LOG_SECRET("'%s'"), eap_config.username.c_str());
|
ESP_LOGV(TAG, " Username: " LOG_SECRET("'%s'"), eap_config.username.c_str());
|
||||||
ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), eap_config.password.c_str());
|
ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), eap_config.password.c_str());
|
||||||
|
#ifdef USE_ESP_IDF
|
||||||
|
#if ESPHOME_LOG_LEVEL >= ESPHOME_LOG_LEVEL_VERBOSE
|
||||||
|
std::map<esp_eap_ttls_phase2_types, std::string> phase2types = {{ESP_EAP_TTLS_PHASE2_PAP, "pap"},
|
||||||
|
{ESP_EAP_TTLS_PHASE2_CHAP, "chap"},
|
||||||
|
{ESP_EAP_TTLS_PHASE2_MSCHAP, "mschap"},
|
||||||
|
{ESP_EAP_TTLS_PHASE2_MSCHAPV2, "mschapv2"},
|
||||||
|
{ESP_EAP_TTLS_PHASE2_EAP, "eap"}};
|
||||||
|
ESP_LOGV(TAG, " TTLS Phase 2: " LOG_SECRET("'%s'"), phase2types[eap_config.ttls_phase_2].c_str());
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
bool ca_cert_present = eap_config.ca_cert != nullptr && strlen(eap_config.ca_cert);
|
bool ca_cert_present = eap_config.ca_cert != nullptr && strlen(eap_config.ca_cert);
|
||||||
bool client_cert_present = eap_config.client_cert != nullptr && strlen(eap_config.client_cert);
|
bool client_cert_present = eap_config.client_cert != nullptr && strlen(eap_config.client_cert);
|
||||||
bool client_key_present = eap_config.client_key != nullptr && strlen(eap_config.client_key);
|
bool client_key_present = eap_config.client_key != nullptr && strlen(eap_config.client_key);
|
||||||
|
|
|
@ -19,6 +19,10 @@
|
||||||
#include <WiFi.h>
|
#include <WiFi.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(USE_ESP_IDF) && defined(USE_WIFI_WPA2_EAP)
|
||||||
|
#include <esp_wpa2.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef USE_ESP8266
|
#ifdef USE_ESP8266
|
||||||
#include <ESP8266WiFi.h>
|
#include <ESP8266WiFi.h>
|
||||||
#include <ESP8266WiFiType.h>
|
#include <ESP8266WiFiType.h>
|
||||||
|
@ -102,6 +106,10 @@ struct EAPAuth {
|
||||||
// used for EAP-TLS
|
// used for EAP-TLS
|
||||||
const char *client_cert;
|
const char *client_cert;
|
||||||
const char *client_key;
|
const char *client_key;
|
||||||
|
// used for EAP-TTLS
|
||||||
|
#ifdef USE_ESP_IDF
|
||||||
|
esp_eap_ttls_phase2_types ttls_phase_2;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
#endif // USE_WIFI_WPA2_EAP
|
#endif // USE_WIFI_WPA2_EAP
|
||||||
|
|
||||||
|
|
|
@ -396,6 +396,11 @@ bool WiFiComponent::wifi_sta_connect_(const WiFiAP &ap) {
|
||||||
if (err != ESP_OK) {
|
if (err != ESP_OK) {
|
||||||
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_password failed! %d", err);
|
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_password failed! %d", err);
|
||||||
}
|
}
|
||||||
|
// set TTLS Phase 2, defaults to MSCHAPV2
|
||||||
|
err = esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(eap.ttls_phase_2);
|
||||||
|
if (err != ESP_OK) {
|
||||||
|
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_ttls_phase2_method failed! %d", err);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
err = esp_wifi_sta_wpa2_ent_enable();
|
err = esp_wifi_sta_wpa2_ent_enable();
|
||||||
if (err != ESP_OK) {
|
if (err != ESP_OK) {
|
||||||
|
|
|
@ -856,6 +856,7 @@ CONF_TRANSFORM = "transform"
|
||||||
CONF_TRANSITION_LENGTH = "transition_length"
|
CONF_TRANSITION_LENGTH = "transition_length"
|
||||||
CONF_TRIGGER_ID = "trigger_id"
|
CONF_TRIGGER_ID = "trigger_id"
|
||||||
CONF_TRIGGER_PIN = "trigger_pin"
|
CONF_TRIGGER_PIN = "trigger_pin"
|
||||||
|
CONF_TTLS_PHASE_2 = "ttls_phase_2"
|
||||||
CONF_TUNE_ANTENNA = "tune_antenna"
|
CONF_TUNE_ANTENNA = "tune_antenna"
|
||||||
CONF_TURN_OFF_ACTION = "turn_off_action"
|
CONF_TURN_OFF_ACTION = "turn_off_action"
|
||||||
CONF_TURN_ON_ACTION = "turn_on_action"
|
CONF_TURN_ON_ACTION = "turn_on_action"
|
||||||
|
|
Loading…
Reference in a new issue