luci-app-travelmate: enhance wireless security connection settings
authorDirk Brenken <dev@brenken.org>
Wed, 13 Dec 2017 19:21:57 +0000 (20:21 +0100)
committerDirk Brenken <dev@brenken.org>
Wed, 13 Dec 2017 19:26:02 +0000 (20:26 +0100)
* fix wpa enterprise options
* add various wpa / wep options

Signed-off-by: Dirk Brenken <dev@brenken.org>
applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua
applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua
applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm

index 921e1b8323cb40cd43246ddd59b5ddce2a2420a1..31869478fad7476c9e09b683ba92c9b27e1be274 100644 (file)
@@ -5,7 +5,6 @@ local fs       = require("nixio.fs")
 local uci      = require("luci.model.uci").cursor()
 local http     = require("luci.http")
 local trmiface = uci.get("travelmate", "global", "trm_iface") or "trm_wwan"
-local val      = ""
 
 m = SimpleForm("add", translate("Add Wireless Uplink Configuration"))
 m.submit = translate("Save")
@@ -38,35 +37,88 @@ bssid.datatype = "macaddr"
 bssid.default = m.hidden.bssid or ""
 
 if (tonumber(m.hidden.wep) or 0) == 1 then
-       wkey = m:field(Value, "key", translate("WEP passphrase"),
-               translate("Specify the secret encryption key here."))
+       encr = m:field(ListValue, "encryption", translate("Encryption"))
+       encr:value("wep", "WEP")
+       encr:value("wep+open", "WEP Open System")
+       encr:value("wep+mixed", "WEP mixed")
+       encr:value("wep+shared", "WEP Shared Key")
+       encr.default = "wep+open"
+
+       wkey = m:field(Value, "key", translate("WEP-Passphrase"))
        wkey.password = true
        wkey.datatype = "wepkey"
 elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then
        if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then
-               wkey = m:field(Value, "key", translate("WPA passphrase"),
-                       translate("Specify the secret encryption key here."))
+               encr = m:field(ListValue, "encryption", translate("Encryption"))
+               encr:value("psk", "WPA PSK")
+               encr:value("psk-mixed", "WPA/WPA2 mixed")
+               encr:value("psk2", "WPA2 PSK")
+               encr.default = "psk2"
+
+               ciph = m:field(ListValue, "cipher", translate("Cipher"))
+               ciph:value("auto", translate("Automatic"))
+               ciph:value("ccmp", translate("Force CCMP (AES)"))
+               ciph:value("tkip", translate("Force TKIP"))
+               ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+               ciph.default = "auto"
+
+               wkey = m:field(Value, "key", translate("WPA-Passphrase"))
                wkey.password = true
                wkey.datatype = "wpakey"
        elseif m.hidden.wpa_suites == "802.1X" then
+               encr = m:field(ListValue, "encryption", translate("Encryption"))
+               encr:value("wpa", "WPA Enterprise")
+               encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed")
+               encr:value("wpa2", "WPA2 Enterprise")
+               encr.default = "wpa2"
+
+               ciph = m:field(ListValue, "cipher", translate("Cipher"))
+               ciph:value("auto", translate("Automatic"))
+               ciph:value("ccmp", translate("Force CCMP (AES)"))
+               ciph:value("tkip", translate("Force TKIP"))
+               ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+               ciph.default = "auto"
+
                eaptype = m:field(ListValue, "eap_type", translate("EAP-Method"))
-               eaptype:value("TLS")
-               eaptype:value("TTLS")
-               eaptype:value("PEAP")
-               eaptype.default = "PEAP"
+               eaptype:value("tls", "TLS")
+               eaptype:value("ttls", "TTLS")
+               eaptype:value("peap", "PEAP")
+               eaptype:value("fast", "FAST")
+               eaptype.default = "peap"
 
                authentication = m:field(ListValue, "auth", translate("Authentication"))
                authentication:value("PAP")
                authentication:value("CHAP")
                authentication:value("MSCHAP")
                authentication:value("MSCHAPV2")
-               authentication.default = "MSCHAPV2"
+               authentication:value("EAP-GTC")
+               authentication:value("EAP-MD5")
+               authentication:value("EAP-MSCHAPV2")
+               authentication:value("EAP-TLS")
+               authentication.default = "EAP-MSCHAPV2"
 
                ident = m:field(Value, "identity", translate("Identity"))
 
-               pass = m:field(Value, "password", translate("Password"))
-               pass.datatype = "wpakey"
-               pass.password = true
+               wkey = m:field(Value, "password", translate("Password"))
+               wkey.password = true
+               wkey.datatype = "wpakey"
+
+               cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate"))
+               cacert.rmempty = true
+
+               clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate"))
+               clientcert:depends("eap_type","tls")
+               clientcert.rmempty = true
+
+               privkey = m:field(Value, "priv_key", translate("Path to Private Key"))
+               privkey:depends("eap_type","tls")
+               privkey.rmempty = true
+
+               privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key"))
+               privkeypwd:depends("eap_type","tls")
+               privkeypwd.datatype = "wpakey"
+               privkeypwd.password = true
+               privkeypwd.rmempty = true
        end
 end
 
@@ -79,34 +131,32 @@ function wssid.write(self, section, value)
                bssid    = bssid:formvalue(section),
                disabled = "1"
        })
-       if wkey ~= nil then
-               val = wkey:formvalue(section)
-               if val == "" then
-                       val = "changeme"
-               end
-       end
+       
        if (tonumber(m.hidden.wep) or 0) == 1 then
-               uci:set("wireless", newsection, "encryption", "wep-open")
-               uci:set("wireless", newsection, "key", "1")
-               uci:set("wireless", newsection, "key1", val)
+               uci:set("wireless", newsection, "encryption", encr:formvalue(section))
+               uci:set("wireless", newsection, "key", wkey:formvalue(section) or "")
        elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then
                if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then
-                       uci:set("wireless", newsection, "encryption", "psk2")
-                       uci:set("wireless", newsection, "key", val)
+                       if ciph:formvalue(section) ~= "auto" then
+                               uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+                       else
+                               uci:set("wireless", newsection, "encryption", encr:formvalue(section))
+                       end
+                       uci:set("wireless", newsection, "key", wkey:formvalue(section) or "")
                elseif m.hidden.wpa_suites == "802.1X" then
-                       uci:set("wireless", newsection, "encryption", "wpa2")
+                       if ciph:formvalue(section) ~= "auto" then
+                               uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+                       else
+                               uci:set("wireless", newsection, "encryption", encr:formvalue(section))
+                       end
                        uci:set("wireless", newsection, "eap_type", eaptype:formvalue(section))
                        uci:set("wireless", newsection, "auth", authentication:formvalue(section))
-                       val = ident:formvalue(section)
-                       if val == "" then
-                               val = "changeme"
-                       end
-                       uci:set("wireless", newsection, "identity", val)
-                       val = pass:formvalue(section)
-                       if val == "" then
-                               val = "changeme"
-                       end
-                       uci:set("wireless", newsection, "password", val)
+                       uci:set("wireless", newsection, "identity", ident:formvalue(section) or "")
+                       uci:set("wireless", newsection, "password", wkey:formvalue(section) or "")
+                       uci:set("wireless", newsection, "ca_cert", cacert:formvalue(section) or "")
+                       uci:set("wireless", newsection, "client_cert", clientcert:formvalue(section) or "")
+                       uci:set("wireless", newsection, "priv_key", privkey:formvalue(section) or "")
+                       uci:set("wireless", newsection, "priv_key_pwd", privkeypwd:formvalue(section) or "")
                end
        else
                uci:set("wireless", newsection, "encryption", "none")
index 1baca5be40ebb5e87cee72e1f76778c0b5f49a60..64659d65e64480526be723aa1573177c5cab2026 100644 (file)
@@ -4,7 +4,6 @@
 local fs   = require("nixio.fs")
 local uci  = require("luci.model.uci").cursor()
 local http = require("luci.http")
-local val  = ""
 
 m = SimpleForm("edit", translate("Edit Wireless Uplink Configuration"))
 m.submit = translate("Save")
@@ -27,23 +26,103 @@ if s ~= nil then
        bssid = m:field(Value, "bssid", translate("BSSID"))
        bssid.datatype = "macaddr"
        bssid.default = s.bssid
-       if s.identity then
-               ident = m:field(Value, "identity", translate("Identity"))
-               ident.default = s.identity
-       end
-       if s.encryption and s.key then
-               wkey = m:field(Value, "key", translatef("Passphrase (%s)", s.encryption))
-       elseif s.encryption and s.password then
-               wkey = m:field(Value, "password", translatef("Passphrase (%s)", s.encryption))
+
+       if string.match(s.encryption, '\+') and not string.match(s.encryption, '^wep') then
+               s.pos = string.find(s.encryption, '\+')
+               s.cipher = string.sub(s.encryption, s.pos + 1)
+               s.encryption = string.sub(s.encryption, 0, s.pos - 1)
+       else
+               s.cipher = "auto"
        end
-       if s.encryption and (s.key or s.password) then
-               wkey.password = true
-               wkey.default = s.key or s.password
-               if s.encryption == "wep" then
+
+       if s.encryption and s.encryption ~= "none" then
+               if string.match(s.encryption, '^wep') then
+                       encr = m:field(ListValue, "encryption", translate("Encryption"))
+                       encr:value("wep", "WEP")
+                       encr:value("wep+open", "WEP Open System")
+                       encr:value("wep+mixed", "WEP mixed")
+                       encr:value("wep+shared", "WEP Shared Key")
+                       encr.default = s.encryption
+
+                       wkey = m:field(Value, "key", translate("Passphrase"))
                        wkey.datatype = "wepkey"
-               else
+               elseif string.match(s.encryption, '^psk') then
+                       encr = m:field(ListValue, "encryption", translate("Encryption"))
+                       encr:value("psk", "WPA PSK")
+                       encr:value("psk-mixed", "WPA/WPA2 mixed")
+                       encr:value("psk2", "WPA2 PSK")
+                       encr.default = s.encryption
+
+                       ciph = m:field(ListValue, "cipher", translate("Cipher"))
+                       ciph:value("auto", translate("Automatic"))
+                       ciph:value("ccmp", translate("Force CCMP (AES)"))
+                       ciph:value("tkip", translate("Force TKIP"))
+                       ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+                       ciph.default = s.cipher
+
+                       wkey = m:field(Value, "key", translate("Passphrase"))
+                       wkey.datatype = "wpakey"
+               elseif string.match(s.encryption, '^wpa') then
+                       encr = m:field(ListValue, "encryption", translate("Encryption"))
+                       encr:value("wpa", "WPA Enterprise")
+                       encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed")
+                       encr:value("wpa2", "WPA2 Enterprise")
+                       encr.default = s.encryption
+
+                       ciph = m:field(ListValue, "cipher", translate("Cipher"))
+                       ciph:value("auto", translate("Automatic"))
+                       ciph:value("ccmp", translate("Force CCMP (AES)"))
+                       ciph:value("tkip", translate("Force TKIP"))
+                       ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+                       ciph.default = s.cipher
+
+                       eaptype = m:field(ListValue, "eap_type", translate("EAP-Method"))
+                       eaptype:value("tls", "TLS")
+                       eaptype:value("ttls", "TTLS")
+                       eaptype:value("peap", "PEAP")
+                       eaptype:value("fast", "FAST")
+                       eaptype.default = s.eap_type or "peap"
+
+                       authentication = m:field(ListValue, "auth", translate("Authentication"))
+                       authentication:value("PAP")
+                       authentication:value("CHAP")
+                       authentication:value("MSCHAP")
+                       authentication:value("MSCHAPV2")
+                       authentication:value("EAP-GTC")
+                       authentication:value("EAP-MD5")
+                       authentication:value("EAP-MSCHAPV2")
+                       authentication:value("EAP-TLS")
+                       authentication.default = s.auth or "EAP-MSCHAPV2"
+
+                       ident = m:field(Value, "identity", translate("Identity"))
+                       ident.default = s.identity or ""
+
+                       wkey = m:field(Value, "password", translate("Passphrase"))
                        wkey.datatype = "wpakey"
+
+                       cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate"))
+                       cacert.rmempty = true
+                       cacert.default = s.ca_cert or ""
+                       
+                       clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate"))
+                       clientcert:depends("eap_type","tls")
+                       clientcert.rmempty = true
+                       clientcert.default = s.client_cert or ""
+
+                       privkey = m:field(Value, "priv_key", translate("Path to Private Key"))
+                       privkey:depends("eap_type","tls")
+                       privkey.rmempty = true
+                       privkey.default = s.priv_key or ""
+
+                       privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key"))
+                       privkeypwd:depends("eap_type","tls")
+                       privkeypwd.datatype = "wpakey"
+                       privkeypwd.password = true
+                       privkeypwd.rmempty = true
+                       privkeypwd.default = s.priv_key_pwd or ""
                end
+               wkey.password = true
+               wkey.default = s.key or s.password
        end
 else
        m.on_cancel()
@@ -52,23 +131,31 @@ end
 function wssid.write(self, section, value)
        uci:set("wireless", m.hidden.cfg, "ssid", wssid:formvalue(section))
        uci:set("wireless", m.hidden.cfg, "bssid", bssid:formvalue(section))
-       if s.identity then
-               val = ident:formvalue(section)
-               if val == "" then
-                       val = "changeme"
-               end
-               uci:set("wireless", m.hidden.cfg, "identity", val)
-       end
-
        if s.encryption and s.encryption ~= "none" then
-               val = wkey:formvalue(section)
-               if val == "" then
-                       val = "changeme"
-               end
-               if s.key then
-                       uci:set("wireless", m.hidden.cfg, "key", val)
-               elseif s.password then
-                       uci:set("wireless", m.hidden.cfg, "password", val)
+               if string.match(s.encryption, '^wep') then
+                       uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
+                       uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "")
+               elseif string.match(s.encryption, '^psk') then
+                       if ciph:formvalue(section) ~= "auto" then
+                               uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+                       else
+                               uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
+                       end
+                       uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "")
+               elseif string.match(s.encryption, '^wpa') then
+                       if ciph:formvalue(section) ~= "auto" then
+                               uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+                       else
+                               uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
+                       end
+                       uci:set("wireless", m.hidden.cfg, "eap_type", eaptype:formvalue(section))
+                       uci:set("wireless", m.hidden.cfg, "auth", authentication:formvalue(section))
+                       uci:set("wireless", m.hidden.cfg, "identity", ident:formvalue(section) or "")
+                       uci:set("wireless", m.hidden.cfg, "password", wkey:formvalue(section) or "")
+                       uci:set("wireless", m.hidden.cfg, "ca_cert", cacert:formvalue(section) or "")
+                       uci:set("wireless", m.hidden.cfg, "client_cert", clientcert:formvalue(section) or "")
+                       uci:set("wireless", m.hidden.cfg, "priv_key", privkey:formvalue(section) or "")
+                       uci:set("wireless", m.hidden.cfg, "priv_key_pwd", privkeypwd:formvalue(section) or "")
                end
        end
        uci:save("wireless")
index 68ca63f459c1cccd7e201ea2ab882e2c91dd92a6..aea194cde2fa49f515325a89eb515c628f3432d0 100644 (file)
@@ -17,7 +17,7 @@ This is free software, licensed under the Apache License, Version 2.0
         if info.wep == true then
             return translate("WEP")
         elseif info.wpa > 0 then
-            return translate("WPA/WPA2 - " .. table.concat(info.auth_suites))
+            return translatef("%s (%s/%s)", (info.wpa == 3) and translate("WPA/WPA2") or (info.wpa == 2 and "WPA2" or "WPA"), table.concat(info.auth_suites), table.concat(info.group_ciphers))
         elseif info.enabled then
             return translate("Unknown")
         else
@@ -70,9 +70,9 @@ This is free software, licensed under the Apache License, Version 2.0
                         <input type="hidden" name="bssid" value="<%=utl.pcdata(net.bssid)%>"/>
                         <input type="hidden" name="wep" value="<%=net.encryption.wep and 1 or 0%>"/>
                         <% if net.encryption.wpa then %>
-                        <input type="hidden" name="wpa_version" value="<%=net.encryption.wpa%>"/>
-                        <% for _, v in ipairs(net.encryption.auth_suites) do %><input type="hidden" name="wpa_suites" value="<%=v%>"/>
-                        <% end; end %>
+                            <input type="hidden" name="wpa_version" value="<%=net.encryption.wpa%>"/>
+                            <% for _, v in ipairs(net.encryption.auth_suites) do %><input type="hidden" name="wpa_suites" value="<%=v%>"/><% end %>
+                        <% end %>
                         <input class="cbi-button cbi-button-apply" type="submit" value="<%:Add Uplink%>"/>
                     </form>
                 </td>