diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
index 51c4a4754..3e1ab499c 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
@@ -631,7 +631,7 @@ class Libvirt {
 				if (empty($nic['mac']) || empty($nic['network'])) continue;
 				$netmodel = $nic['model'] ?: 'virtio-net';
 				$net_res = $this->libvirt_get_net_res($this->conn, $nic['network']);
-				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|vhost|wlan)[0-9]+(\.[0-9]+)?'", $host);
+				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'", $host);
 				$nicboot = $nic["boot"] != null ? "<boot order='".$nic["boot"]."'/>" : "";
 				if ($net_res) {
 					$netstr .= "<interface type='network'>
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index 1d85578a2..a42120e39 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1230,11 +1230,19 @@ class Array2XML {
 	function getValidNetworks() {
 		global $lv;
 		$arrValidNetworks = [];
-		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|vhost|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
+		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
 		// add 'virbr0' as default first choice
 		array_unshift($arrBridges, 'virbr0');
-
-		$arrValidNetworks['bridges'] = array_values($arrBridges);
+		// remove redundant references of bridge and bond interfaces
+		$remove = [];
+		foreach ($arrBridges as $name) {
+			if (substr($name,0,4) == 'bond') {
+				$remove = array_merge($remove, (array)@file("/sys/class/net/$name/bonding/slaves",FILE_IGNORE_NEW_LINES));
+			} elseif (substr($name,0,2) == 'br') {
+				$remove = array_merge($remove, array_map(function($n){return end(explode('/',$n));}, glob("/sys/class/net/$name/brif/*")));
+			} 
+		}
+		$arrValidNetworks['bridges'] = array_diff($arrBridges, $remove);
 
 		// This breaks VMSettings.page if libvirt is not running
 		/*	if ($libvirt_running == "yes") {
diff --git a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
index 1f018f4f6..0cc843528 100644
--- a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
+++ b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
@@ -1474,12 +1474,13 @@ foreach ($arrConfig['shares'] as $i => $arrShare) {
 }
 foreach ($arrConfig['nic'] as $i => $arrNic) {
 	$strLabel = ($i > 0) ? appendOrdinalSuffix($i + 1) : '';
+	$disabled = $arrNic['network']=='wlan0' ? 'disabled' : '';
 ?>
 <table data-category="Network" data-multiple="true" data-minimum="1" data-index="<?=$i?>" data-prefix="<?=$strLabel?>">
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>"><i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>" <?=$disabled?>><i class="fa fa-refresh mac_generate <?=$i?>" <?=$disabled?>></i></span>
 		</td>
 		<td>
 			<textarea class="xml" id="xmlnet<?=$i?>" rows="5" disabled ><?=htmlspecialchars($xml2['devices']['interface'][$i])?></textarea>
@@ -1488,7 +1489,7 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow">
+			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow" onchange="updateMAC(<?=$i?>,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -1554,13 +1555,13 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate INDEX"></i></span>
 		</td>
 	</tr>
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow">
+			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow" onchange="updateMAC(INDEX,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -2004,6 +2005,12 @@ foreach ($arrConfig['evdev'] as $i => $arrEvdev) {
 var storageType = "<?=get_storage_fstype($arrConfig['template']['storage']);?>";
 var storageLoc  = "<?=$arrConfig['template']['storage']?>";
 
+function updateMAC(index,port) {
+	$('input[name="nic['+index+'][mac]"').prop('disabled',port=='wlan0');
+	$('i.mac_generate.'+index).prop('disabled',port=='wlan0');
+	if (port != 'wlan0') $('i.mac_generate.'+index).click();
+}
+
 function ShareChange(share) {
 	var value = share.value;
 	var text = share.options[share.selectedIndex].text;
diff --git a/emhttp/plugins/dynamix/include/update.wireless.php b/emhttp/plugins/dynamix/include/update.wireless.php
index 898f4b163..0aa3f00bb 100644
--- a/emhttp/plugins/dynamix/include/update.wireless.php
+++ b/emhttp/plugins/dynamix/include/update.wireless.php
@@ -11,12 +11,11 @@
  */
 ?>
 <?
-$ssl = '/etc/rc.d/rc.ssl.input';
-if (is_readable($ssl)) extract(parse_ini_file($ssl));
+$open_ssl = "/usr/local/emhttp/webGui/scripts/open_ssl";
 
 // encrypt username and password before saving (if existing)
-if (!empty($_POST['USERNAME']) && isset($cipher,$key,$iv)) $_POST['USERNAME'] = openssl_encrypt($_POST['USERNAME'],$cipher,$key,0,$iv);
-if (!empty($_POST['PASSWORD']) && isset($cipher,$key,$iv)) $_POST['PASSWORD'] = openssl_encrypt($_POST['PASSWORD'],$cipher,$key,0,$iv);
+if (!empty($_POST['USERNAME'])) $_POST['USERNAME'] = exec("$open_ssl encrypt \"{$_POST['USERNAME']}\"");
+if (!empty($_POST['PASSWORD'])) $_POST['PASSWORD'] = exec("$open_ssl encrypt \"{$_POST['PASSWORD']}\"");
 
 // update active wifi selection
 foreach ($keys as $key => $val) if (isset($val['GROUP'])) $keys[$key]['GROUP'] = 'saved';
diff --git a/emhttp/plugins/dynamix/scripts/open_ssl b/emhttp/plugins/dynamix/scripts/open_ssl
new file mode 100755
index 000000000..e62a0b3fa
--- /dev/null
+++ b/emhttp/plugins/dynamix/scripts/open_ssl
@@ -0,0 +1,35 @@
+#!/usr/bin/php -q
+<?PHP
+/* Copyright 2005-2025, Lime Technology
+ * Copyright 2012-2025, Bergware International.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ */
+?>
+<?
+$ssl_input = '/etc/rc.d/rc.ssl.input';
+if (is_readable($ssl_input)) extract(parse_ini_file($ssl_input));
+
+switch ($argv[1]) {
+case 'reload':
+  if (file_exists($ssl_input)) break;
+case 'load':
+  $key = exec("dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g'")."ABCDEFGH";
+  $iv  = "12".exec("cat /sys/class/net/wlan0/address | sed 's/://g'")."34";
+  file_put_contents($ssl_input, "cipher=aes-256-cbc\nkey=".substr($key,0,63)."\niv=$iv\n");
+  break;
+case 'encrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $encrypt = openssl_encrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($encrypt)) echo "$encrypt";
+  break;
+case 'decrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $decrypt = openssl_decrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($decrypt)) echo "$decrypt";
+  break;
+}
+?>
diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless
index 3d3898d5b..7fedd793c 100755
--- a/etc/rc.d/rc.wireless
+++ b/etc/rc.d/rc.wireless
@@ -10,7 +10,7 @@ DAEMON="WiFi network"
 CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
-SSLINPUT="/etc/rc.d/rc.ssl.input"
+OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"
 
@@ -41,15 +41,6 @@ unzero6(){
   echo -n $(for Q in ${A//:/ }; do [[ $Q != - ]] && printf "$M%x" "0x$Q" || printf ":"; M=:; done)
 }
 
-# function to initialize openSSL variables
-ssl_init(){
-  KEY="$(dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g')ABCDEFGH"
-  IV="12$(cat $SYSTEM/$PORT/address | sed 's/://g')34"
-  echo "cipher=aes-256-cbc" >$SSLINPUT
-  echo "key=${KEY:0:63}" >>$SSLINPUT
-  echo "iv=$IV" >>$SSLINPUT
-}
-
 # function to convert text to hex
 hex(){
   echo -n $1 | od -An -tx1 | tr -d ' \n'
@@ -183,7 +174,7 @@ wifi_start(){
     [[ -e $SYSTEM/$LINK ]] || run ip link add link $PORT name $LINK type ipvtap mode l2 bridge
     run ip link set $PORT up
     run ip link set $LINK up
-    ssl_init
+    $OPENSSL load
     # start active SSID
     $STARTWIFI
     if ! carrier_up $PORT; then
@@ -216,6 +207,7 @@ wifi_stop(){
     fi
     run pkill wpa_supplicant
     run iw dev $PORT disconnect
+    run ip addr flush dev $PORT
     run rm -f $INI
     if ! wifi_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   else
@@ -231,11 +223,21 @@ wifi_join(){
     log "$DAEMON...  No configuration."
     return
   fi
-  [[ -e $SSLINPUT ]] || ssl_init
-# get SSL keys
-  . $SSLINPUT
-  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
-  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
+  $OPENSSL reload
+  [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME")
+  [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1
+  [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD")
+  [[ -n $DECRYPT2 ]] && PASSWORD=$DECRYPT2
+# plain username, encrypt username in settings file
+  if [[ -n $USERNAME && -z $DECRYPT1 ]]; then
+    ENCRYPT1=$($OPENSSL encrypt "$USERNAME")
+    sed -ri "s/^(USERNAME=\").+$/\1$ENCRYPT1\"/" $CFG
+  fi
+# plain password, encrypt password in settings file
+  if [[ -n $PASSWORD && -z $DECRYPT2 ]]; then
+    ENCRYPT2=$($OPENSSL encrypt "$PASSWORD")
+    sed -ri "s/^(PASSWORD=\").+$/\1$ENCRYPT2\"/" $CFG
+  fi
   SECURITY=${SECURITY:-$ATTR3}
   if [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
     # open network

_(Network MAC)_:	- + >	<?=htmlspecialchars($xml2['devices']['interface'][$i])?> @@ -1488,7 +1489,7 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
_(Network Source)_:	- $arrNic) {
_(Network MAC)_:	- +
_(Network Source)_:	- $arrEvdev) { var storageType = ""; var storageLoc = ""; +function updateMAC(index,port) { + $('input[name="nic['+index+'][mac]"').prop('disabled',port=='wlan0'); + $('i.mac_generate.'+index).prop('disabled',port=='wlan0'); + if (port != 'wlan0') $('i.mac_generate.'+index).click(); +} + function ShareChange(share) { var value = share.value; var text = share.options[share.selectedIndex].text; diff --git a/emhttp/plugins/dynamix/include/update.wireless.php b/emhttp/plugins/dynamix/include/update.wireless.php index 898f4b163..0aa3f00bb 100644 --- a/emhttp/plugins/dynamix/include/update.wireless.php +++ b/emhttp/plugins/dynamix/include/update.wireless.php @@ -11,12 +11,11 @@ */ ?> $val) if (isset($val['GROUP'])) $keys[$key]['GROUP'] = 'saved'; diff --git a/emhttp/plugins/dynamix/scripts/open_ssl b/emhttp/plugins/dynamix/scripts/open_ssl new file mode 100755 index 000000000..e62a0b3fa --- /dev/null +++ b/emhttp/plugins/dynamix/scripts/open_ssl @@ -0,0 +1,35 @@ +#!/usr/bin/php -q + + diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless index 3d3898d5b..7fedd793c 100755 --- a/etc/rc.d/rc.wireless +++ b/etc/rc.d/rc.wireless @@ -10,7 +10,7 @@ DAEMON="WiFi network" CALLER="wifi" INI="/var/local/emhttp/wireless.ini" CFG="/boot/config/wireless.cfg" -SSLINPUT="/etc/rc.d/rc.ssl.input" +OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl" STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless" WPA="/etc/wpa_supplicant.conf" @@ -41,15 +41,6 @@ unzero6(){ echo -n $(for Q in ${A//:/ }; do [[ $Q != - ]] && printf "$M%x" "0x$Q" \|\| printf ":"; M=:; done) } -# function to initialize openSSL variables -ssl_init(){ - KEY="$(dmidecode -qt1 \| grep -Pom1 'Manufacturer: \K.+' \| sed 's/ /_/g')ABCDEFGH" - IV="12$(cat $SYSTEM/$PORT/address \| sed 's/://g')34" - echo "cipher=aes-256-cbc" >$SSLINPUT - echo "key=${KEY:0:63}" >>$SSLINPUT - echo "iv=$IV" >>$SSLINPUT -} - # function to convert text to hex hex(){ echo -n $1 \| od -An -tx1 \| tr -d ' \n' @@ -183,7 +174,7 @@ wifi_start(){ [[ -e $SYSTEM/$LINK ]] \|\| run ip link add link $PORT name $LINK type ipvtap mode l2 bridge run ip link set $PORT up run ip link set $LINK up - ssl_init + $OPENSSL load # start active SSID $STARTWIFI if ! carrier_up $PORT; then @@ -216,6 +207,7 @@ wifi_stop(){ fi run pkill wpa_supplicant run iw dev $PORT disconnect + run ip addr flush dev $PORT run rm -f $INI if ! wifi_running; then REPLY="Stopped"; else REPLY="Failed"; fi else @@ -231,11 +223,21 @@ wifi_join(){ log "$DAEMON... No configuration." return fi - [[ -e $SSLINPUT ]] \|\| ssl_init -# get SSL keys - . $SSLINPUT - [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME \| openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null) - [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD \| openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null) + $OPENSSL reload + [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME") + [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1 + [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD") + [[ -n $DECRYPT2 ]] && PASSWORD=$DECRYPT2 +# plain username, encrypt username in settings file + if [[ -n $USERNAME && -z $DECRYPT1 ]]; then + ENCRYPT1=$($OPENSSL encrypt "$USERNAME") + sed -ri "s/^(USERNAME=\").+$/\1$ENCRYPT1\"/" $CFG + fi +# plain password, encrypt password in settings file + if [[ -n $PASSWORD && -z $DECRYPT2 ]]; then + ENCRYPT2=$($OPENSSL encrypt "$PASSWORD") + sed -ri "s/^(PASSWORD=\").+$/\1$ENCRYPT2\"/" $CFG + fi SECURITY=${SECURITY:-$ATTR3} if [[ -z $SECURITY \|\| ${SECURITY^^} == "OPEN" ]]; then # open network