summaryrefslogtreecommitdiffhomepage
path: root/modules
diff options
context:
space:
mode:
authorDaniel Golle <daniel@makrotopia.org>2016-01-18 00:25:05 +0100
committerDaniel Golle <daniel@makrotopia.org>2016-01-19 10:54:39 +0100
commit7b2cef8936b4d9cbd66c76e383cdef053f054596 (patch)
treefb3418ec940f437c888a83f2fe86c4114c9f4265 /modules
parenta5e43323e7dd58c329350e7fcddc280b2de266ca (diff)
luci-admin-full: improve WPA(2)-Enterprise client support
* add more WPA-EAP phase2 authentication methods. * client cert, client key and key password are only relevant for WPA EAP-TLS, change dependency accordingly. * add support for certificates and key for EAP-TLS phase2 auth. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'modules')
-rw-r--r--modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua68
1 files changed, 57 insertions, 11 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index 20edd68fe..6f5229323 100644
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -864,6 +864,7 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
eaptype:value("tls", "TLS")
eaptype:value("ttls", "TTLS")
eaptype:value("peap", "PEAP")
+ eaptype:value("fast", "FAST")
eaptype:depends({mode="sta", encryption="wpa"})
eaptype:depends({mode="sta", encryption="wpa2"})
eaptype:depends({mode="sta-wds", encryption="wpa"})
@@ -874,12 +875,13 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
cacert:depends({mode="sta", encryption="wpa2"})
cacert:depends({mode="sta-wds", encryption="wpa"})
cacert:depends({mode="sta-wds", encryption="wpa2"})
+ cacert.rmempty = true
clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
- clientcert:depends({mode="sta", encryption="wpa"})
- clientcert:depends({mode="sta", encryption="wpa2"})
- clientcert:depends({mode="sta-wds", encryption="wpa"})
- clientcert:depends({mode="sta-wds", encryption="wpa2"})
+ clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
+ clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
+ clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
+ clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
@@ -892,42 +894,86 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
-
-
- auth = s:taboption("encryption", Value, "auth", translate("Authentication"))
- auth:value("PAP")
- auth:value("CHAP")
- auth:value("MSCHAP")
- auth:value("MSCHAPV2")
+ privkeypwd.rmempty = true
+ privkeypwd.password = true
+
+ auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
+ auth:value("PAP", "PAP", {eap_type="ttls"})
+ auth:value("CHAP", "CHAP", {eap_type="ttls"})
+ auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
+ auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
+ auth:value("EAP-GTC")
+ auth:value("EAP-MD5")
+ auth:value("EAP-MSCHAPV2")
+ auth:value("EAP-TLS")
+ auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+ auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+ auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+ auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
+ cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
+ cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+ cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+ cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+ cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+ clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
+ clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+ clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+ clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+ clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+ privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
+ privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+ privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+ privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+ privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+
+ privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
+ privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
+ privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
+ privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
+ privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
+ privkeypwd2.rmempty = true
+ privkeypwd2.password = true
identity = s:taboption("encryption", Value, "identity", translate("Identity"))
+ identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+ identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+ identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+ identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
password = s:taboption("encryption", Value, "password", translate("Password"))
+ password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
+ password:depends({mode="sta", eap_type="fast", encryption="wpa"})
password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
password:depends({mode="sta", eap_type="peap", encryption="wpa"})
password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
+ password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
+ password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
+ password.rmempty = true
+ password.password = true
end
if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then