luci-admin-full: improve WPA(2)-Enterprise client support

[project/luci.git] / modules / luci-mod-admin-full / luasrc / model / cbi / admin_network / wifi.lua
diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua

index 9a2bd5d..6f52293 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -160,7 +160,7 @@ if found_sta then
                 found_sta.channel, table.concat(found_sta.names, ", "))
  else
         ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
-       ch.hwmodes = iw.hwmodelist
+       ch.hwmodes = hw_modes
         ch.freqlist = iw.freqlist
         ch.template = "cbi/wireless_modefreq"
  
@@ -174,7 +174,7 @@ else
  
         function ch.formvalue(self, section)
                 return {
-                       m:formvalue(self:cbid(section) .. ".band") or (iw.hwmodelist.g and "11g" or "11a"),
+                       m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
                         m:formvalue(self:cbid(section) .. ".channel") or "auto",
                         m:formvalue(self:cbid(section) .. ".htmode") or ""
                 }
@@ -361,7 +361,8 @@ s:tab("encryption", translate("Wireless Security"))
  s:tab("macfilter", translate("MAC-Filter"))
  s:tab("advanced", translate("Advanced Settings"))
  
-s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
+ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
+ssid.datatype = "maxlength(32)"
  
  mode = s:taboption("general", ListValue, "mode", translate("Mode"))
  mode.override_values = true
@@ -748,7 +749,7 @@ auth_server:depends({mode="ap", encryption="wpa2"})
  auth_server:depends({mode="ap-wds", encryption="wpa"})
  auth_server:depends({mode="ap-wds", encryption="wpa2"})
  auth_server.rmempty = true
-auth_server.datatype = "host"
+auth_server.datatype = "host(0)"
  
  auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
  auth_port:depends({mode="ap", encryption="wpa"})
@@ -772,7 +773,7 @@ acct_server:depends({mode="ap", encryption="wpa2"})
  acct_server:depends({mode="ap-wds", encryption="wpa"})
  acct_server:depends({mode="ap-wds", encryption="wpa2"})
  acct_server.rmempty = true
-acct_server.datatype = "host"
+acct_server.datatype = "host(0)"
  
  acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
  acct_port:depends({mode="ap", encryption="wpa"})
@@ -863,6 +864,7 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
         eaptype:value("tls",  "TLS")
         eaptype:value("ttls", "TTLS")
         eaptype:value("peap", "PEAP")
+       eaptype:value("fast", "FAST")
         eaptype:depends({mode="sta", encryption="wpa"})
         eaptype:depends({mode="sta", encryption="wpa2"})
         eaptype:depends({mode="sta-wds", encryption="wpa"})
@@ -873,12 +875,13 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
         cacert:depends({mode="sta", encryption="wpa2"})
         cacert:depends({mode="sta-wds", encryption="wpa"})
         cacert:depends({mode="sta-wds", encryption="wpa2"})
+       cacert.rmempty = true
  
         clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
-       clientcert:depends({mode="sta", encryption="wpa"})
-       clientcert:depends({mode="sta", encryption="wpa2"})
-       clientcert:depends({mode="sta-wds", encryption="wpa"})
-       clientcert:depends({mode="sta-wds", encryption="wpa2"})
+       clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
+       clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
+       clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
+       clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
  
         privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
         privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
@@ -891,42 +894,86 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
         privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
         privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
         privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
-
-
-       auth = s:taboption("encryption", Value, "auth", translate("Authentication"))
-       auth:value("PAP")
-       auth:value("CHAP")
-       auth:value("MSCHAP")
-       auth:value("MSCHAPV2")
+       privkeypwd.rmempty = true
+       privkeypwd.password = true
+
+       auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
+       auth:value("PAP", "PAP", {eap_type="ttls"})
+       auth:value("CHAP", "CHAP", {eap_type="ttls"})
+       auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
+       auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
+       auth:value("EAP-GTC")
+       auth:value("EAP-MD5")
+       auth:value("EAP-MSCHAPV2")
+       auth:value("EAP-TLS")
+       auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+       auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
         auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
         auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
         auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
         auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+       auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+       auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
         auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
         auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
         auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
         auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
  
+       cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
+       cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+       cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+       cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+       cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+       clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
+       clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+       clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+       clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+       clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+       privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
+       privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+       privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+       privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+       privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+       privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
+       privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+       privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+       privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+       privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+       privkeypwd2.rmempty = true
+       privkeypwd2.password = true
  
         identity = s:taboption("encryption", Value, "identity", translate("Identity"))
+       identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+       identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
         identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
         identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
         identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
         identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+       identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+       identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
         identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
         identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
         identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
         identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
  
         password = s:taboption("encryption", Value, "password", translate("Password"))
+       password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+       password:depends({mode="sta", eap_type="fast", encryption="wpa"})
         password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
         password:depends({mode="sta", eap_type="peap", encryption="wpa"})
         password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
         password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+       password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+       password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
         password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
         password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
         password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
         password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
+       password.rmempty = true
+       password.password = true
  end
  
  if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then