|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* * ******************************************************************************** |
|
4
|
|
|
* (c) 2011-15 GÉANT on behalf of the GN3, GN3plus and GN4 consortia |
|
5
|
|
|
* License: see the LICENSE file in the root directory |
|
6
|
|
|
* ********************************************************************************* */ |
|
7
|
|
|
|
|
8
|
|
|
/** |
|
9
|
|
|
* This file creates Linux installers |
|
10
|
|
|
* |
|
11
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
12
|
|
|
* @author Michał Gasewicz <[email protected]> (Network Manager support) |
|
13
|
|
|
* |
|
14
|
|
|
* @package ModuleWriting |
|
15
|
|
|
*/ |
|
16
|
|
|
namespace devices\linux; |
|
17
|
|
|
use Exception; |
|
18
|
|
|
/** |
|
19
|
|
|
* This class creates Linux installers. It supports NetworkManager and raw |
|
20
|
|
|
* wpa_supplicant files. |
|
21
|
|
|
* |
|
22
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
23
|
|
|
* @author Michał Gasewicz <[email protected]> (Network Manager support) |
|
24
|
|
|
* |
|
25
|
|
|
* @package ModuleWriting |
|
26
|
|
|
*/ |
|
27
|
|
|
class Device_Linux extends \core\DeviceConfig { |
|
28
|
|
|
|
|
29
|
|
|
final public function __construct() { |
|
30
|
|
|
parent::__construct(); |
|
31
|
|
|
$this->setSupportedEapMethods([\core\common\EAP::EAPTYPE_PEAP_MSCHAP2, \core\common\EAP::EAPTYPE_TTLS_PAP, \core\common\EAP::EAPTYPE_TTLS_MSCHAP2, \core\common\EAP::EAPTYPE_TLS, \core\common\EAP::EAPTYPE_SILVERBULLET]); |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
public function writeInstaller() { |
|
35
|
|
|
$installerPath = $this->installerBasename . ".py"; |
|
36
|
|
|
$this->copyFile("main.py", $installerPath); |
|
37
|
|
|
$installer = fopen($installerPath,"a"); |
|
38
|
|
|
if ($installer === FALSE) { |
|
39
|
|
|
throw new Exception("Unable to open installer file for writing!"); |
|
40
|
|
|
} |
|
41
|
|
|
fwrite($installer,$this->writeMessages()); |
|
42
|
|
|
fwrite($installer,$this->writeConfigVars()); |
|
43
|
|
|
fwrite($installer, "run_installer()\n"); |
|
44
|
|
|
fclose($installer); |
|
45
|
|
|
return($installerPath); |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
public function writeDeviceInfo() { |
|
49
|
|
|
$ssidCount = count($this->attributes['internal:SSID']); |
|
50
|
|
|
$out = ''; |
|
51
|
|
|
|
|
52
|
|
|
$out .= _("The installer is in the form of a Python script. It will try to configure eduroam under Network Manager and if this is either not appropriate for your system or your version of Network Manager is too old, a wpa_supplicant config file will be created instead."); |
|
53
|
|
|
$out .= "<p>"; |
|
54
|
|
|
if ($ssidCount > 1) { |
|
55
|
|
|
if ($ssidCount > 2) { |
|
56
|
|
|
$out .= sprintf(_("In addition to <strong>%s</strong> the installer will also configure access to the following networks:"), implode(', ', CONFIG_CONFASSISTANT['CONSORTIUM']['ssid'])) . " "; |
|
57
|
|
|
} else { |
|
58
|
|
|
$out .= sprintf(_("In addition to <strong>%s</strong> the installer will also configure access to:"), implode(', ', CONFIG_CONFASSISTANT['CONSORTIUM']['ssid'])) . " "; |
|
59
|
|
|
} |
|
60
|
|
|
$iterator = 0; |
|
61
|
|
|
foreach ($this->attributes['internal:SSID'] as $ssid => $v) { |
|
62
|
|
|
if (!in_array($ssid, CONFIG_CONFASSISTANT['CONSORTIUM']['ssid'])) { |
|
63
|
|
|
if ($iterator > 0) { |
|
64
|
|
|
$out .= ", "; |
|
65
|
|
|
} |
|
66
|
|
|
$iterator++; |
|
67
|
|
|
$out .= "<strong>$ssid</strong>"; |
|
68
|
|
|
} |
|
69
|
|
|
} |
|
70
|
|
|
$out .= "<p>"; |
|
71
|
|
|
} |
|
72
|
|
|
$out .= _("The installer will create .cat_installer sub-directory in your home directory and will copy your server certificates there."); |
|
73
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_TLS) { |
|
74
|
|
|
$out .= sprintf(_("In order to connect to the network you will need a personal certificate in the form of a p12 file. You should obtain this certificate from your %s. Consult the support page to find out how this certificate can be obtained. Such certificate files are password protected. You should have both the file and the password available during the installation process. Your p12 file will also be copied to the .cat_installer directory."), $this->nomenclature_inst); |
|
75
|
|
|
} elseif ($this->selectedEap != \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
76
|
|
|
$out .= sprintf(_("In order to connect to the network you will need an account from your %s. You should consult the support page to find out how this account can be obtained. It is very likely that your account is already activated."), $this->nomenclature_inst); |
|
77
|
|
|
$out .= "<p>"; |
|
78
|
|
|
$out .= _("You will be requested to enter your account credentials during the installation. This information will be saved so that you will reconnect to the network automatically each time you are in the range."); |
|
79
|
|
|
} |
|
80
|
|
|
// nothing to say if we are doing silverbullet. |
|
81
|
|
|
$out .= "<p>"; |
|
82
|
|
|
return $out; |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
private function writeMessages() { |
|
86
|
|
|
$out = ''; |
|
87
|
|
|
$out .= 'Messages.quit = "' . _("Really quit?") . "\"\n"; |
|
88
|
|
|
$out .= 'Messages.username_prompt = "' . _("enter your userid") . "\"\n"; |
|
89
|
|
|
$out .= 'Messages.enter_password = "' . _("enter password") . "\"\n"; |
|
90
|
|
|
$out .= 'Messages.enter_import_password = "' . _("enter your import password") . "\"\n"; |
|
91
|
|
|
$out .= 'Messages.incorrect_password = "' . _("incorrect password") . "\"\n"; |
|
92
|
|
|
$out .= 'Messages.repeat_password = "' . _("repeat your password") . "\"\n"; |
|
93
|
|
|
$out .= 'Messages.passwords_difffer = "' . _("passwords do not match") . "\"\n"; |
|
94
|
|
|
$out .= 'Messages.installation_finished = "' . _("Installation successful") . "\"\n"; |
|
95
|
|
|
$out .= 'Messages.cat_dir_exisits = "' . _("Directory {} exists; some of its files may be overwritten.") . "\"\n"; |
|
96
|
|
|
$out .= 'Messages.cont = "' . _("Continue?") . "\"\n"; |
|
97
|
|
|
$out .= 'Messages.nm_not_supported = "' . _("This Network Manager version is not supported") . "\"\n"; |
|
98
|
|
|
$out .= 'Messages.cert_error = "' . _("Certificate file not found, looks like a CAT error") . "\"\n"; |
|
99
|
|
|
$out .= 'Messages.unknown_version = "' . _("Unknown version") . "\"\n"; |
|
100
|
|
|
$out .= 'Messages.dbus_error = "' . _("DBus connection problem, a sudo might help") . "\"\n"; |
|
101
|
|
|
$out .= 'Messages.yes = "' . _("Y") . "\"\n"; |
|
102
|
|
|
$out .= 'Messages.no = "' . _("N") . "\"\n"; |
|
103
|
|
|
$out .= 'Messages.p12_filter = "' . _("personal certificate file (p12 or pfx)") . "\"\n"; |
|
104
|
|
|
$out .= 'Messages.all_filter = "' . _("All files") . "\"\n"; |
|
105
|
|
|
$out .= 'Messages.p12_title = "' . _("personal certificate file (p12 or pfx)") . "\"\n"; |
|
106
|
|
|
$out .= 'Messages.save_wpa_conf = "' . _("Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text.") . "\"\n"; |
|
107
|
|
|
$out .= 'Messages.save_wpa_confirm = "' . _("Write the file") . "\"\n"; |
|
108
|
|
|
$out .= 'Messages.wrongUsernameFormat = "' ._("Error: Your username must be of the form 'xxx@institutionID' e.g. '[email protected]'!") . "\"\n"; |
|
109
|
|
|
$out .= 'Messages.wrong_realm = "' . _("Error: your username must be in the form of 'xxx@{}'. Please enter the username in the correct format.") . "\"\n"; |
|
110
|
|
|
$out .= 'Messages.wrong_realm_suffix = "' . _("Error: your username must be in the form of 'xxx@institutionID' and end with '{}'. Please enter the username in the correct format.") . "\"\n"; |
|
111
|
|
|
$out .= 'Messages.user_cert_missing = "' . _("personal certificate file not found") . "\"\n"; |
|
112
|
|
|
|
|
113
|
|
|
return $out; |
|
114
|
|
|
} |
|
115
|
|
|
|
|
116
|
|
|
private function writeConfigVars() { |
|
117
|
|
|
$eapMethod = \core\common\EAP::eapDisplayName($this->selectedEap); |
|
118
|
|
|
$out = ''; |
|
119
|
|
|
$out .= 'Config.instname = "' . $this->attributes['general:instname'][0] . '"' . "\n"; |
|
120
|
|
|
$out .= 'Config.profilename = "' . $this->attributes['profile:name'][0] . '"' . "\n"; |
|
121
|
|
|
$contacts = $this->mkSupportContacts(); |
|
122
|
|
|
$out .= 'Config.url = "' . $contacts['url'] . '"' . "\n"; |
|
123
|
|
|
$out .= 'Config.email = "' . $contacts['email'] . '"' . "\n"; |
|
124
|
|
|
$out .= 'Config.title = "' . "eduroam CAT" . "\"\n"; |
|
125
|
|
|
$out .= 'Config.servers = ' . $this->mkSubjectAltNameList() . "\n"; |
|
126
|
|
|
$out .= 'Config.ssids = ' . $this->mkSsidList() . "\n"; |
|
127
|
|
|
$out .= 'Config.del_ssids = ' . $this->mkDelSsidList() . "\n"; |
|
128
|
|
|
$out .= "Config.server_match = '" . $this->glueServerNames() . "'\n"; |
|
129
|
|
|
$out .= "Config.eap_outer = '" . $eapMethod['OUTER'] . "'\n"; |
|
130
|
|
|
$out .= "Config.eap_inner = '" . $eapMethod['INNER'] . "'\n"; |
|
131
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_TLS && isset($this->attributes['eap-specific:tls_use_other_id']) && $this->attributes['eap-specific:tls_use_other_id'][0] == 'on') { |
|
132
|
|
|
$out .= "Config.use_other_tls_id = True\n"; |
|
133
|
|
|
} |
|
134
|
|
|
else { |
|
135
|
|
|
$out .= "Config.use_other_tls_id = False\n"; |
|
136
|
|
|
} |
|
137
|
|
|
$tou = $this->mkUserConsent(); |
|
138
|
|
|
$out .= 'Config.tou = ' . ( $tou ? '"""' . $tou . '"""' : 'None' ) . "\n"; |
|
139
|
|
|
$out .= 'Config.CA = """' . $this->mkCAfile() . '"""' . "\n"; |
|
140
|
|
|
$outerId = $this->determineOuterIdString(); |
|
141
|
|
|
if ($outerId !== NULL) { |
|
142
|
|
|
$out .= "Config.anonymous_identity = '$outerId'\n"; |
|
143
|
|
|
} |
|
144
|
|
|
$out .= 'Config.init_info = """' . $this->mkIntro() . '"""' . "\n"; |
|
145
|
|
|
$out .= 'Config.init_confirmation = "' . $this->mkProfileConfirmation() . "\"\n"; |
|
146
|
|
|
|
|
147
|
|
|
$out .= 'Config.sb_user_file = """' . $this->mkSbUserFile() . '"""' . "\n"; |
|
148
|
|
|
if (!empty($this->attributes['internal:realm'][0])) { |
|
149
|
|
|
$out .= 'Config.user_realm = "' . $this->attributes['internal:realm'][0] . "\"\n"; |
|
150
|
|
|
} |
|
151
|
|
|
if(!empty($this->attributes['internal:hint_userinput_suffix'][0]) && $this->attributes['internal:hint_userinput_suffix'][0] == 1) { |
|
152
|
|
|
$out .= "Config.hint_user_input = True\n"; |
|
153
|
|
|
} |
|
154
|
|
|
if(!empty($this->attributes['internal:verify_userinput_suffix'][0]) && $this->attributes['internal:verify_userinput_suffix'][0] == 1) { |
|
155
|
|
|
$out .= "Config.verify_user_realm_input = True\n"; |
|
156
|
|
|
} |
|
157
|
|
|
return $out; |
|
158
|
|
|
} |
|
159
|
|
|
|
|
160
|
|
|
|
|
161
|
|
|
private function glueServerNames() { |
|
162
|
|
|
$serverList = $this->attributes['eap:server_name']; |
|
163
|
|
|
if (!$serverList) { |
|
164
|
|
|
return ''; |
|
165
|
|
|
} |
|
166
|
|
|
$A0 = array_reverse(explode('.', array_shift($serverList))); |
|
167
|
|
|
$B = $A0; |
|
168
|
|
|
foreach ($serverList as $oneServer) { |
|
169
|
|
|
$A = array_reverse(explode('.', $oneServer)); |
|
170
|
|
|
$B = array_intersect_assoc($A0, $A); |
|
171
|
|
|
$A0 = $B; |
|
172
|
|
|
} |
|
173
|
|
|
return(implode('.', array_reverse($B))); |
|
174
|
|
|
} |
|
175
|
|
|
|
|
176
|
|
|
private function mkSupportContacts() { |
|
177
|
|
|
$url = (!empty($this->attributes['support:url'][0])) ? $this->attributes['support:url'][0] : $this->support_url_substitute; |
|
178
|
|
|
$email = (!empty($this->attributes['support:email'][0])) ? $this->attributes['support:email'][0] : $this->support_email_substitute; |
|
179
|
|
|
return(['url'=>$url, 'email'=>$email]); |
|
180
|
|
|
} |
|
181
|
|
|
|
|
182
|
|
|
private function mkSubjectAltNameList() { |
|
183
|
|
|
$serverList = $this->attributes['eap:server_name']; |
|
184
|
|
|
if (!$serverList) { |
|
185
|
|
|
return ''; |
|
186
|
|
|
} |
|
187
|
|
|
$out = ''; |
|
188
|
|
|
foreach ($serverList as $oneServer) { |
|
189
|
|
|
if ($out) { |
|
190
|
|
|
$out .= ','; |
|
191
|
|
|
} |
|
192
|
|
|
$out .= "'DNS:$oneServer'"; |
|
193
|
|
|
} |
|
194
|
|
|
return "[" . $out. "]"; |
|
195
|
|
|
} |
|
196
|
|
|
|
|
197
|
|
|
|
|
198
|
|
|
private function mkSsidList() { |
|
199
|
|
|
$ssids = $this->attributes['internal:SSID']; |
|
200
|
|
|
$outArray = []; |
|
201
|
|
|
foreach ($ssids as $ssid => $cipher) { |
|
202
|
|
|
$outArray[] = "'$ssid'"; |
|
203
|
|
|
} |
|
204
|
|
|
return '[' . implode(', ', $outArray) . ']'; |
|
205
|
|
|
} |
|
206
|
|
|
|
|
207
|
|
|
private function mkDelSsidList() { |
|
208
|
|
|
$outArray = []; |
|
209
|
|
|
$delSSIDs = $this->attributes['internal:remove_SSID']; |
|
210
|
|
|
foreach ($delSSIDs as $ssid => $cipher) { |
|
211
|
|
|
if ($cipher == 'DEL') { |
|
212
|
|
|
$outArray[] = "'$ssid'"; |
|
213
|
|
|
} |
|
214
|
|
|
} |
|
215
|
|
|
return '[' . implode(', ', $outArray) . ']'; |
|
216
|
|
|
} |
|
217
|
|
|
|
|
218
|
|
|
private function mkCAfile(){ |
|
219
|
|
|
$out = ''; |
|
220
|
|
|
$cAlist = $this->attributes['internal:CAs'][0]; |
|
221
|
|
|
foreach ($cAlist as $oneCa) { |
|
222
|
|
|
$out .= $oneCa['pem'] . "\n"; |
|
223
|
|
|
} |
|
224
|
|
|
return $out; |
|
225
|
|
|
} |
|
226
|
|
|
|
|
227
|
|
|
private function mkIntro() { |
|
228
|
|
|
$out = _("This installer has been prepared for {0}") . '\n\n' . _("More information and comments:") . '\n\nEMAIL: {1}\nWWW: {2}\n\n' . |
|
229
|
|
|
_("Installer created with software from the GEANT project.") . "\"\n"; |
|
230
|
|
|
return $out; |
|
231
|
|
|
} |
|
232
|
|
|
|
|
233
|
|
|
private function mkUserConsent() { |
|
234
|
|
|
$out = ''; |
|
235
|
|
|
if (isset($this->attributes['support:info_file'])) { |
|
236
|
|
|
if ($this->attributes['internal:info_file'][0]['mime'] == 'txt') { |
|
237
|
|
|
$out = $this->attributes['support:info_file'][0]; |
|
238
|
|
|
} |
|
239
|
|
|
} |
|
240
|
|
|
return $out; |
|
241
|
|
|
} |
|
242
|
|
|
|
|
243
|
|
|
private function mkProfileConfirmation() { |
|
244
|
|
|
if ($this->attributes['internal:profile_count'][0] > 1) { |
|
245
|
|
|
$out = _("This installer will only work properly if you are a member of {0} and the user group: {1}."); |
|
246
|
|
|
} else { |
|
247
|
|
|
$out = _("This installer will only work properly if you are a member of {0}."); |
|
248
|
|
|
} |
|
249
|
|
|
return $out; |
|
250
|
|
|
} |
|
251
|
|
|
|
|
252
|
|
|
|
|
253
|
|
|
|
|
254
|
|
|
private function mkSbUserFile() { |
|
255
|
|
|
if ($this->selectedEap == \core\common\EAP::EAPTYPE_SILVERBULLET) { |
|
256
|
|
|
return chunk_split(base64_encode($this->clientCert["certdata"]), 64, "\n"); |
|
257
|
|
|
} |
|
258
|
|
|
return ""; |
|
259
|
|
|
} |
|
260
|
|
|
|
|
261
|
|
|
} |
|
262
|
|
|
|
GEANT /
CAT
