diff options
| author | Oldřich Jedlička <oldium.pro@gmail.com> | 2020-10-05 09:50:01 +0200 |
|---|---|---|
| committer | Oldřich Jedlička <oldium.pro@gmail.com> | 2020-10-31 09:40:38 +0100 |
| commit | e24415ac12dd485a6ae5a79fc440089227eed222 (patch) | |
| tree | 2ce0c40a560b48b64e3ee531e785b6d8fff9bc08 /applications/luci-app-fwknopd/root | |
| parent | 5a485f8c686cdc918c008e75bbf96bc51515d6aa (diff) | |
luci-app-fwknopd: Client-side rendering and improvements/fixes.
* Use client-side rendering.
* Asynchronous QR code generation and on-the-fly updates.
* Added button to generate keys.
* Added keys validation (empty, __CHANGEME__ and CHANGEME values are not
valid).
* Added SOURCE option non-empty validation (SOURCE is mandatory field).
* Added network and DESTINATION options.
* Use checkboxes for Y/N options instead of text fields.
* Fix the qrencode tool, which currently has only `--inline` option, not
`-I`. Use `--inline` instead.
* Improve configuration handling by removing the key type from the config
file. The key type is deduced from the actual values (normal/base64).
* Provide migration script (clean-up of stale keytype/hkeytype values in
config).
* Fixed usage of translations.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Diffstat (limited to 'applications/luci-app-fwknopd/root')
4 files changed, 29 insertions, 40 deletions
diff --git a/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd b/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd index 7cecf27461..00d721e067 100644 --- a/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd +++ b/applications/luci-app-fwknopd/root/etc/uci-defaults/40_luci-fwknopd @@ -3,16 +3,24 @@ #-- Licensed to the public under the GNU General Public License v2. . /lib/functions/network.sh -[ "$(uci -q get fwknopd.@access[0].KEY)" != "CHANGEME" ] && exit 0 +# Clean-up - keytype/hkeytype is unnecessary now +if uci -q show fwknopd | grep \\.h\\?keytype > /dev/null; then + for keytype in $(uci -q show fwknopd | grep \\.h\\?keytype= | cut -d= -f1); do + uci delete $keytype + done + uci commit fwknopd +fi -uci delete fwknopd.@access[0].KEY -uci delete fwknopd.@access[0].HMAC_KEY -uci set fwknopd.@access[0].keytype='Base64 key' -uci set fwknopd.@access[0].hkeytype='Base64 key' -uci set fwknopd.@access[0].KEY_BASE64=`fwknopd --key-gen | awk '/^KEY/ {print $2;}'` -uci set fwknopd.@access[0].HMAC_KEY_BASE64=`fwknopd --key-gen | awk '/^HMAC/ {print $2;}'` -uci set fwknopd.@config[0].ENABLE_IPT_FORWARDING='y' -uci set fwknopd.@config[0].ENABLE_NAT_DNS='y' +# Generate valid keys +if [ "$(uci -q get fwknopd.@access[0].KEY)" = "CHANGEME" ]; then + uci delete fwknopd.@access[0].KEY + uci delete fwknopd.@access[0].HMAC_KEY + uci set fwknopd.@access[0].KEY_BASE64=`fwknopd --key-gen | awk '/^KEY/ {print $2;}'` + uci set fwknopd.@access[0].HMAC_KEY_BASE64=`fwknopd --key-gen | awk '/^HMAC/ {print $2;}'` + uci set fwknopd.@config[0].ENABLE_IPT_FORWARDING='y' + uci set fwknopd.@config[0].ENABLE_NAT_DNS='y' + + uci commit fwknopd +fi -uci commit fwknopd exit 0 diff --git a/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh b/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh deleted file mode 100644 index 48850bd361..0000000000 --- a/applications/luci-app-fwknopd/root/usr/sbin/gen-qr.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -entry_num=0 -if [ "$1" != "" ]; then -entry_num=$1 -fi - -key_base64=$(uci -q get fwknopd.@access[$entry_num].KEY_BASE64) -key=$(uci -q get fwknopd.@access[$entry_num].KEY) -hmac_key_base64=$(uci -q get fwknopd.@access[$entry_num].HMAC_KEY_BASE64) -hmac_key=$(uci -q get fwknopd.@access[$entry_num].HMAC_KEY) - -if [ "$key_base64" != "" ]; then -qr="KEY_BASE64:$key_base64" -fi -if [ "$key" != "" ]; then -qr="$qr KEY:$key" - -fi -if [ "$hmac_key_base64" != "" ]; then -qr="$qr HMAC_KEY_BASE64:$hmac_key_base64" -fi -if [ "$hmac_key" != "" ]; then -qr="$qr HMAC_KEY:$hmac_key" -fi - -qrencode -t svg -I -o - "$qr" diff --git a/applications/luci-app-fwknopd/root/usr/share/luci/menu.d/luci-app-fwknopd.json b/applications/luci-app-fwknopd/root/usr/share/luci/menu.d/luci-app-fwknopd.json index 85486b997e..e3ada68d78 100644 --- a/applications/luci-app-fwknopd/root/usr/share/luci/menu.d/luci-app-fwknopd.json +++ b/applications/luci-app-fwknopd/root/usr/share/luci/menu.d/luci-app-fwknopd.json @@ -2,12 +2,15 @@ "admin/services/fwknopd": { "title": "Firewall Knock Daemon", "action": { - "type": "cbi", - "path": "fwknopd", - "post": { "cbi.submit": true } + "type": "view", + "path": "fwknopd" }, "depends": { "acl": [ "luci-app-fwknopd" ], + "fs": { + "/usr/bin/qrencode": "executable", + "/usr/sbin/fwknopd": "executable" + }, "uci": { "fwknopd": true } } } diff --git a/applications/luci-app-fwknopd/root/usr/share/rpcd/acl.d/luci-app-fwknopd.json b/applications/luci-app-fwknopd/root/usr/share/rpcd/acl.d/luci-app-fwknopd.json index 3877f87526..15d7975bde 100644 --- a/applications/luci-app-fwknopd/root/usr/share/rpcd/acl.d/luci-app-fwknopd.json +++ b/applications/luci-app-fwknopd/root/usr/share/rpcd/acl.d/luci-app-fwknopd.json @@ -2,7 +2,11 @@ "luci-app-fwknopd": { "description": "Grant UCI access for luci-app-fwknopd", "read": { - "uci": [ "fwknopd" ] + "uci": [ "fwknopd" ], + "file": { + "/usr/bin/qrencode": [ "exec" ], + "/usr/sbin/fwknopd --key-gen": [ "exec" ] + } }, "write": { "uci": [ "fwknopd" ] |