From c67066ebbf2fcd6b3c82ba2145404a6246b2e33f Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Wed, 13 Dec 2017 20:21:57 +0100 Subject: [PATCH] luci-app-travelmate: enhance wireless security connection settings * fix wpa enterprise options * add various wpa / wep options Signed-off-by: Dirk Brenken --- .../luasrc/model/cbi/travelmate/wifi_add.lua | 120 ++++++++++++----- .../luasrc/model/cbi/travelmate/wifi_edit.lua | 147 ++++++++++++++++----- .../luasrc/view/travelmate/wifi_scan.htm | 8 +- 3 files changed, 206 insertions(+), 69 deletions(-) diff --git a/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua b/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua index 921e1b832..31869478f 100644 --- a/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua +++ b/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua @@ -5,7 +5,6 @@ local fs = require("nixio.fs") local uci = require("luci.model.uci").cursor() local http = require("luci.http") local trmiface = uci.get("travelmate", "global", "trm_iface") or "trm_wwan" -local val = "" m = SimpleForm("add", translate("Add Wireless Uplink Configuration")) m.submit = translate("Save") @@ -38,35 +37,88 @@ bssid.datatype = "macaddr" bssid.default = m.hidden.bssid or "" if (tonumber(m.hidden.wep) or 0) == 1 then - wkey = m:field(Value, "key", translate("WEP passphrase"), - translate("Specify the secret encryption key here.")) + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("wep", "WEP") + encr:value("wep+open", "WEP Open System") + encr:value("wep+mixed", "WEP mixed") + encr:value("wep+shared", "WEP Shared Key") + encr.default = "wep+open" + + wkey = m:field(Value, "key", translate("WEP-Passphrase")) wkey.password = true wkey.datatype = "wepkey" elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then - wkey = m:field(Value, "key", translate("WPA passphrase"), - translate("Specify the secret encryption key here.")) + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("psk", "WPA PSK") + encr:value("psk-mixed", "WPA/WPA2 mixed") + encr:value("psk2", "WPA2 PSK") + encr.default = "psk2" + + ciph = m:field(ListValue, "cipher", translate("Cipher")) + ciph:value("auto", translate("Automatic")) + ciph:value("ccmp", translate("Force CCMP (AES)")) + ciph:value("tkip", translate("Force TKIP")) + ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)")) + ciph.default = "auto" + + wkey = m:field(Value, "key", translate("WPA-Passphrase")) wkey.password = true wkey.datatype = "wpakey" elseif m.hidden.wpa_suites == "802.1X" then + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("wpa", "WPA Enterprise") + encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed") + encr:value("wpa2", "WPA2 Enterprise") + encr.default = "wpa2" + + ciph = m:field(ListValue, "cipher", translate("Cipher")) + ciph:value("auto", translate("Automatic")) + ciph:value("ccmp", translate("Force CCMP (AES)")) + ciph:value("tkip", translate("Force TKIP")) + ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)")) + ciph.default = "auto" + eaptype = m:field(ListValue, "eap_type", translate("EAP-Method")) - eaptype:value("TLS") - eaptype:value("TTLS") - eaptype:value("PEAP") - eaptype.default = "PEAP" + eaptype:value("tls", "TLS") + eaptype:value("ttls", "TTLS") + eaptype:value("peap", "PEAP") + eaptype:value("fast", "FAST") + eaptype.default = "peap" authentication = m:field(ListValue, "auth", translate("Authentication")) authentication:value("PAP") authentication:value("CHAP") authentication:value("MSCHAP") authentication:value("MSCHAPV2") - authentication.default = "MSCHAPV2" + authentication:value("EAP-GTC") + authentication:value("EAP-MD5") + authentication:value("EAP-MSCHAPV2") + authentication:value("EAP-TLS") + authentication.default = "EAP-MSCHAPV2" ident = m:field(Value, "identity", translate("Identity")) - pass = m:field(Value, "password", translate("Password")) - pass.datatype = "wpakey" - pass.password = true + wkey = m:field(Value, "password", translate("Password")) + wkey.password = true + wkey.datatype = "wpakey" + + cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate")) + cacert.rmempty = true + + clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate")) + clientcert:depends("eap_type","tls") + clientcert.rmempty = true + + privkey = m:field(Value, "priv_key", translate("Path to Private Key")) + privkey:depends("eap_type","tls") + privkey.rmempty = true + + privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key")) + privkeypwd:depends("eap_type","tls") + privkeypwd.datatype = "wpakey" + privkeypwd.password = true + privkeypwd.rmempty = true end end @@ -79,34 +131,32 @@ function wssid.write(self, section, value) bssid = bssid:formvalue(section), disabled = "1" }) - if wkey ~= nil then - val = wkey:formvalue(section) - if val == "" then - val = "changeme" - end - end + if (tonumber(m.hidden.wep) or 0) == 1 then - uci:set("wireless", newsection, "encryption", "wep-open") - uci:set("wireless", newsection, "key", "1") - uci:set("wireless", newsection, "key1", val) + uci:set("wireless", newsection, "encryption", encr:formvalue(section)) + uci:set("wireless", newsection, "key", wkey:formvalue(section) or "") elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then - uci:set("wireless", newsection, "encryption", "psk2") - uci:set("wireless", newsection, "key", val) + if ciph:formvalue(section) ~= "auto" then + uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section)) + else + uci:set("wireless", newsection, "encryption", encr:formvalue(section)) + end + uci:set("wireless", newsection, "key", wkey:formvalue(section) or "") elseif m.hidden.wpa_suites == "802.1X" then - uci:set("wireless", newsection, "encryption", "wpa2") + if ciph:formvalue(section) ~= "auto" then + uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section)) + else + uci:set("wireless", newsection, "encryption", encr:formvalue(section)) + end uci:set("wireless", newsection, "eap_type", eaptype:formvalue(section)) uci:set("wireless", newsection, "auth", authentication:formvalue(section)) - val = ident:formvalue(section) - if val == "" then - val = "changeme" - end - uci:set("wireless", newsection, "identity", val) - val = pass:formvalue(section) - if val == "" then - val = "changeme" - end - uci:set("wireless", newsection, "password", val) + uci:set("wireless", newsection, "identity", ident:formvalue(section) or "") + uci:set("wireless", newsection, "password", wkey:formvalue(section) or "") + uci:set("wireless", newsection, "ca_cert", cacert:formvalue(section) or "") + uci:set("wireless", newsection, "client_cert", clientcert:formvalue(section) or "") + uci:set("wireless", newsection, "priv_key", privkey:formvalue(section) or "") + uci:set("wireless", newsection, "priv_key_pwd", privkeypwd:formvalue(section) or "") end else uci:set("wireless", newsection, "encryption", "none") diff --git a/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua b/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua index 1baca5be4..64659d65e 100644 --- a/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua +++ b/applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua @@ -4,7 +4,6 @@ local fs = require("nixio.fs") local uci = require("luci.model.uci").cursor() local http = require("luci.http") -local val = "" m = SimpleForm("edit", translate("Edit Wireless Uplink Configuration")) m.submit = translate("Save") @@ -27,23 +26,103 @@ if s ~= nil then bssid = m:field(Value, "bssid", translate("BSSID")) bssid.datatype = "macaddr" bssid.default = s.bssid - if s.identity then - ident = m:field(Value, "identity", translate("Identity")) - ident.default = s.identity - end - if s.encryption and s.key then - wkey = m:field(Value, "key", translatef("Passphrase (%s)", s.encryption)) - elseif s.encryption and s.password then - wkey = m:field(Value, "password", translatef("Passphrase (%s)", s.encryption)) + + if string.match(s.encryption, '\+') and not string.match(s.encryption, '^wep') then + s.pos = string.find(s.encryption, '\+') + s.cipher = string.sub(s.encryption, s.pos + 1) + s.encryption = string.sub(s.encryption, 0, s.pos - 1) + else + s.cipher = "auto" end - if s.encryption and (s.key or s.password) then - wkey.password = true - wkey.default = s.key or s.password - if s.encryption == "wep" then + + if s.encryption and s.encryption ~= "none" then + if string.match(s.encryption, '^wep') then + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("wep", "WEP") + encr:value("wep+open", "WEP Open System") + encr:value("wep+mixed", "WEP mixed") + encr:value("wep+shared", "WEP Shared Key") + encr.default = s.encryption + + wkey = m:field(Value, "key", translate("Passphrase")) wkey.datatype = "wepkey" - else + elseif string.match(s.encryption, '^psk') then + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("psk", "WPA PSK") + encr:value("psk-mixed", "WPA/WPA2 mixed") + encr:value("psk2", "WPA2 PSK") + encr.default = s.encryption + + ciph = m:field(ListValue, "cipher", translate("Cipher")) + ciph:value("auto", translate("Automatic")) + ciph:value("ccmp", translate("Force CCMP (AES)")) + ciph:value("tkip", translate("Force TKIP")) + ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)")) + ciph.default = s.cipher + + wkey = m:field(Value, "key", translate("Passphrase")) + wkey.datatype = "wpakey" + elseif string.match(s.encryption, '^wpa') then + encr = m:field(ListValue, "encryption", translate("Encryption")) + encr:value("wpa", "WPA Enterprise") + encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed") + encr:value("wpa2", "WPA2 Enterprise") + encr.default = s.encryption + + ciph = m:field(ListValue, "cipher", translate("Cipher")) + ciph:value("auto", translate("Automatic")) + ciph:value("ccmp", translate("Force CCMP (AES)")) + ciph:value("tkip", translate("Force TKIP")) + ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)")) + ciph.default = s.cipher + + eaptype = m:field(ListValue, "eap_type", translate("EAP-Method")) + eaptype:value("tls", "TLS") + eaptype:value("ttls", "TTLS") + eaptype:value("peap", "PEAP") + eaptype:value("fast", "FAST") + eaptype.default = s.eap_type or "peap" + + authentication = m:field(ListValue, "auth", translate("Authentication")) + authentication:value("PAP") + authentication:value("CHAP") + authentication:value("MSCHAP") + authentication:value("MSCHAPV2") + authentication:value("EAP-GTC") + authentication:value("EAP-MD5") + authentication:value("EAP-MSCHAPV2") + authentication:value("EAP-TLS") + authentication.default = s.auth or "EAP-MSCHAPV2" + + ident = m:field(Value, "identity", translate("Identity")) + ident.default = s.identity or "" + + wkey = m:field(Value, "password", translate("Passphrase")) wkey.datatype = "wpakey" + + cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate")) + cacert.rmempty = true + cacert.default = s.ca_cert or "" + + clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate")) + clientcert:depends("eap_type","tls") + clientcert.rmempty = true + clientcert.default = s.client_cert or "" + + privkey = m:field(Value, "priv_key", translate("Path to Private Key")) + privkey:depends("eap_type","tls") + privkey.rmempty = true + privkey.default = s.priv_key or "" + + privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key")) + privkeypwd:depends("eap_type","tls") + privkeypwd.datatype = "wpakey" + privkeypwd.password = true + privkeypwd.rmempty = true + privkeypwd.default = s.priv_key_pwd or "" end + wkey.password = true + wkey.default = s.key or s.password end else m.on_cancel() @@ -52,23 +131,31 @@ end function wssid.write(self, section, value) uci:set("wireless", m.hidden.cfg, "ssid", wssid:formvalue(section)) uci:set("wireless", m.hidden.cfg, "bssid", bssid:formvalue(section)) - if s.identity then - val = ident:formvalue(section) - if val == "" then - val = "changeme" - end - uci:set("wireless", m.hidden.cfg, "identity", val) - end - if s.encryption and s.encryption ~= "none" then - val = wkey:formvalue(section) - if val == "" then - val = "changeme" - end - if s.key then - uci:set("wireless", m.hidden.cfg, "key", val) - elseif s.password then - uci:set("wireless", m.hidden.cfg, "password", val) + if string.match(s.encryption, '^wep') then + uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section)) + uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "") + elseif string.match(s.encryption, '^psk') then + if ciph:formvalue(section) ~= "auto" then + uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section)) + else + uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section)) + end + uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "") + elseif string.match(s.encryption, '^wpa') then + if ciph:formvalue(section) ~= "auto" then + uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section)) + else + uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section)) + end + uci:set("wireless", m.hidden.cfg, "eap_type", eaptype:formvalue(section)) + uci:set("wireless", m.hidden.cfg, "auth", authentication:formvalue(section)) + uci:set("wireless", m.hidden.cfg, "identity", ident:formvalue(section) or "") + uci:set("wireless", m.hidden.cfg, "password", wkey:formvalue(section) or "") + uci:set("wireless", m.hidden.cfg, "ca_cert", cacert:formvalue(section) or "") + uci:set("wireless", m.hidden.cfg, "client_cert", clientcert:formvalue(section) or "") + uci:set("wireless", m.hidden.cfg, "priv_key", privkey:formvalue(section) or "") + uci:set("wireless", m.hidden.cfg, "priv_key_pwd", privkeypwd:formvalue(section) or "") end end uci:save("wireless") diff --git a/applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm b/applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm index 68ca63f45..aea194cde 100644 --- a/applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm +++ b/applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm @@ -17,7 +17,7 @@ This is free software, licensed under the Apache License, Version 2.0 if info.wep == true then return translate("WEP") elseif info.wpa > 0 then - return translate("WPA/WPA2 - " .. table.concat(info.auth_suites)) + return translatef("%s (%s/%s)", (info.wpa == 3) and translate("WPA/WPA2") or (info.wpa == 2 and "WPA2" or "WPA"), table.concat(info.auth_suites), table.concat(info.group_ciphers)) elseif info.enabled then return translate("Unknown") else @@ -70,9 +70,9 @@ This is free software, licensed under the Apache License, Version 2.0 <% if net.encryption.wpa then %> - - <% for _, v in ipairs(net.encryption.auth_suites) do %> - <% end; end %> + + <% for _, v in ipairs(net.encryption.auth_suites) do %><% end %> + <% end %> -- 2.11.0