Merge pull request #2013 from bergware/master

VM: make reference to interface instead of vhost
2026-05-06 04:11:17 -05:00 · 2025-02-12 09:07:48 -08:00
parent d46686c662 fd6a70ec01
commit 0f07915dba
6 changed files with 79 additions and 28 deletions
@@ -631,7 +631,7 @@ class Libvirt {
 				if (empty($nic['mac']) || empty($nic['network'])) continue;
 				$netmodel = $nic['model'] ?: 'virtio-net';
 				$net_res = $this->libvirt_get_net_res($this->conn, $nic['network']);
-				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|vhost|wlan)[0-9]+(\.[0-9]+)?'", $host);
+				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'", $host);
 				$nicboot = $nic["boot"] != null ? "<boot order='".$nic["boot"]."'/>" : "";
 				if ($net_res) {
 					$netstr .= "<interface type='network'>
@@ -1230,11 +1230,19 @@ class Array2XML {
 	function getValidNetworks() {
 		global $lv;
 		$arrValidNetworks = [];
-		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|vhost|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
+		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
 		// add 'virbr0' as default first choice
 		array_unshift($arrBridges, 'virbr0');
-
-		$arrValidNetworks['bridges'] = array_values($arrBridges);
+		// remove redundant references of bridge and bond interfaces
+		$remove = [];
+		foreach ($arrBridges as $name) {
+			if (substr($name,0,4) == 'bond') {
+				$remove = array_merge($remove, (array)@file("/sys/class/net/$name/bonding/slaves",FILE_IGNORE_NEW_LINES));
+			} elseif (substr($name,0,2) == 'br') {
+				$remove = array_merge($remove, array_map(function($n){return end(explode('/',$n));}, glob("/sys/class/net/$name/brif/*")));
+			} 
+		}
+		$arrValidNetworks['bridges'] = array_diff($arrBridges, $remove);

 		// This breaks VMSettings.page if libvirt is not running
 		/*	if ($libvirt_running == "yes") {
@@ -1474,12 +1474,13 @@ foreach ($arrConfig['shares'] as $i => $arrShare) {
 }
 foreach ($arrConfig['nic'] as $i => $arrNic) {
 	$strLabel = ($i > 0) ? appendOrdinalSuffix($i + 1) : '';
+	$disabled = $arrNic['network']=='wlan0' ? 'disabled' : '';
 ?>
 <table data-category="Network" data-multiple="true" data-minimum="1" data-index="<?=$i?>" data-prefix="<?=$strLabel?>">
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>"><i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>" <?=$disabled?>><i class="fa fa-refresh mac_generate <?=$i?>" <?=$disabled?>></i></span>
 		</td>
 		<td>
 			<textarea class="xml" id="xmlnet<?=$i?>" rows="5" disabled ><?=htmlspecialchars($xml2['devices']['interface'][$i])?></textarea>
@@ -1488,7 +1489,7 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow">
+			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow" onchange="updateMAC(<?=$i?>,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -1554,13 +1555,13 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate INDEX"></i></span>
 		</td>
 	</tr>
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow">
+			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow" onchange="updateMAC(INDEX,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -2004,6 +2005,12 @@ foreach ($arrConfig['evdev'] as $i => $arrEvdev) {
 var storageType = "<?=get_storage_fstype($arrConfig['template']['storage']);?>";
 var storageLoc  = "<?=$arrConfig['template']['storage']?>";

+function updateMAC(index,port) {
+	$('input[name="nic['+index+'][mac]"').prop('disabled',port=='wlan0');
+	$('i.mac_generate.'+index).prop('disabled',port=='wlan0');
+	if (port != 'wlan0') $('i.mac_generate.'+index).click();
+}
+
 function ShareChange(share) {
 	var value = share.value;
 	var text = share.options[share.selectedIndex].text;
@@ -11,12 +11,11 @@
 */
 ?>
 <?
-$ssl = '/etc/rc.d/rc.ssl.input';
-if (is_readable($ssl)) extract(parse_ini_file($ssl));
+$open_ssl = "/usr/local/emhttp/webGui/scripts/open_ssl";

 // encrypt username and password before saving (if existing)
-if (!empty($_POST['USERNAME']) && isset($cipher,$key,$iv)) $_POST['USERNAME'] = openssl_encrypt($_POST['USERNAME'],$cipher,$key,0,$iv);
-if (!empty($_POST['PASSWORD']) && isset($cipher,$key,$iv)) $_POST['PASSWORD'] = openssl_encrypt($_POST['PASSWORD'],$cipher,$key,0,$iv);
+if (!empty($_POST['USERNAME'])) $_POST['USERNAME'] = exec("$open_ssl encrypt \"{$_POST['USERNAME']}\"");
+if (!empty($_POST['PASSWORD'])) $_POST['PASSWORD'] = exec("$open_ssl encrypt \"{$_POST['PASSWORD']}\"");

 // update active wifi selection
 foreach ($keys as $key => $val) if (isset($val['GROUP'])) $keys[$key]['GROUP'] = 'saved';
@@ -0,0 +1,35 @@
+#!/usr/bin/php -q
+<?PHP
+/* Copyright 2005-2025, Lime Technology
+ * Copyright 2012-2025, Bergware International.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ */
+?>
+<?
+$ssl_input = '/etc/rc.d/rc.ssl.input';
+if (is_readable($ssl_input)) extract(parse_ini_file($ssl_input));
+
+switch ($argv[1]) {
+case 'reload':
+  if (file_exists($ssl_input)) break;
+case 'load':
+  $key = exec("dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g'")."ABCDEFGH";
+  $iv  = "12".exec("cat /sys/class/net/wlan0/address | sed 's/://g'")."34";
+  file_put_contents($ssl_input, "cipher=aes-256-cbc\nkey=".substr($key,0,63)."\niv=$iv\n");
+  break;
+case 'encrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $encrypt = openssl_encrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($encrypt)) echo "$encrypt";
+  break;
+case 'decrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $decrypt = openssl_decrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($decrypt)) echo "$decrypt";
+  break;
+}
+?>
@@ -10,7 +10,7 @@ DAEMON="WiFi network"
 CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
-SSLINPUT="/etc/rc.d/rc.ssl.input"
+OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"

@@ -41,15 +41,6 @@ unzero6(){
  echo -n $(for Q in ${A//:/ }; do [[ $Q != - ]] && printf "$M%x" "0x$Q" || printf ":"; M=:; done)
 }

-# function to initialize openSSL variables
-ssl_init(){
-  KEY="$(dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g')ABCDEFGH"
-  IV="12$(cat $SYSTEM/$PORT/address | sed 's/://g')34"
-  echo "cipher=aes-256-cbc" >$SSLINPUT
-  echo "key=${KEY:0:63}" >>$SSLINPUT
-  echo "iv=$IV" >>$SSLINPUT
-}
-
 # function to convert text to hex
 hex(){
  echo -n $1 | od -An -tx1 | tr -d ' \n'
@@ -183,7 +174,7 @@ wifi_start(){
    [[ -e $SYSTEM/$LINK ]] || run ip link add link $PORT name $LINK type ipvtap mode l2 bridge
    run ip link set $PORT up
    run ip link set $LINK up
-    ssl_init
+    $OPENSSL load
    # start active SSID
    $STARTWIFI
    if ! carrier_up $PORT; then
@@ -216,6 +207,7 @@ wifi_stop(){
    fi
    run pkill wpa_supplicant
    run iw dev $PORT disconnect
+    run ip addr flush dev $PORT
    run rm -f $INI
    if ! wifi_running; then REPLY="Stopped"; else REPLY="Failed"; fi
  else
@@ -231,11 +223,21 @@ wifi_join(){
    log "$DAEMON...  No configuration."
    return
  fi
-  [[ -e $SSLINPUT ]] || ssl_init
-# get SSL keys
-  . $SSLINPUT
-  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
-  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
+  $OPENSSL reload
+  [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME")
+  [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1
+  [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD")
+  [[ -n $DECRYPT2 ]] && PASSWORD=$DECRYPT2
+# plain username, encrypt username in settings file
+  if [[ -n $USERNAME && -z $DECRYPT1 ]]; then
+    ENCRYPT1=$($OPENSSL encrypt "$USERNAME")
+    sed -ri "s/^(USERNAME=\").+$/\1$ENCRYPT1\"/" $CFG
+  fi
+# plain password, encrypt password in settings file
+  if [[ -n $PASSWORD && -z $DECRYPT2 ]]; then
+    ENCRYPT2=$($OPENSSL encrypt "$PASSWORD")
+    sed -ri "s/^(PASSWORD=\").+$/\1$ENCRYPT2\"/" $CFG
+  fi
  SECURITY=${SECURITY:-$ATTR3}
  if [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
    # open network