From 234d38027b20d8b818d97fa6d3f8c67a6d31316d Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Tue, 11 Feb 2025 23:10:28 +0100
Subject: [PATCH 1/7] VM: make reference to interface instead of vhost

This requires users to update their VM settings and use the interface name instead of the vhost name as network source.

This brings VMs inline with Docker which also shows the interface name for custom networks
---
 .../plugins/dynamix.vm.manager/include/libvirt.php |  2 +-
 .../dynamix.vm.manager/include/libvirt_helpers.php | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
index 51c4a4754..3e1ab499c 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
@@ -631,7 +631,7 @@ class Libvirt {
 				if (empty($nic['mac']) || empty($nic['network'])) continue;
 				$netmodel = $nic['model'] ?: 'virtio-net';
 				$net_res = $this->libvirt_get_net_res($this->conn, $nic['network']);
-				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|vhost|wlan)[0-9]+(\.[0-9]+)?'", $host);
+				exec("ls --indicator-style=none /sys/class/net | grep -Po '^((vir)?br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'", $host);
 				$nicboot = $nic["boot"] != null ? "<boot order='".$nic["boot"]."'/>" : "";
 				if ($net_res) {
 					$netstr .= "<interface type='network'>
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index 1d85578a2..a42120e39 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1230,11 +1230,19 @@ class Array2XML {
 	function getValidNetworks() {
 		global $lv;
 		$arrValidNetworks = [];
-		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|vhost|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
+		exec("ls --indicator-style=none /sys/class/net | grep -Po '^(br|bond|eth|wlan)[0-9]+(\.[0-9]+)?'",$arrBridges);
 		// add 'virbr0' as default first choice
 		array_unshift($arrBridges, 'virbr0');
-
-		$arrValidNetworks['bridges'] = array_values($arrBridges);
+		// remove redundant references of bridge and bond interfaces
+		$remove = [];
+		foreach ($arrBridges as $name) {
+			if (substr($name,0,4) == 'bond') {
+				$remove = array_merge($remove, (array)@file("/sys/class/net/$name/bonding/slaves",FILE_IGNORE_NEW_LINES));
+			} elseif (substr($name,0,2) == 'br') {
+				$remove = array_merge($remove, array_map(function($n){return end(explode('/',$n));}, glob("/sys/class/net/$name/brif/*")));
+			} 
+		}
+		$arrValidNetworks['bridges'] = array_diff($arrBridges, $remove);
 
 		// This breaks VMSettings.page if libvirt is not running
 		/*	if ($libvirt_running == "yes") {

From f9097ed09c377af8c2507aa704553b9e438394f2 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Tue, 11 Feb 2025 23:24:19 +0100
Subject: [PATCH 2/7] Wireless: remove IP assignment when disabling interface

---
 etc/rc.d/rc.wireless | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless
index 3d3898d5b..8faa8ec1e 100755
--- a/etc/rc.d/rc.wireless
+++ b/etc/rc.d/rc.wireless
@@ -216,6 +216,7 @@ wifi_stop(){
     fi
     run pkill wpa_supplicant
     run iw dev $PORT disconnect
+    run ip addr flush dev wlan0
     run rm -f $INI
     if ! wifi_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   else

From 3d7aa0fb7bec569ed6ca090a3347d0094c69c853 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 12 Feb 2025 00:03:09 +0100
Subject: [PATCH 3/7] Update rc.wireless

---
 etc/rc.d/rc.wireless | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless
index 8faa8ec1e..8c100daad 100755
--- a/etc/rc.d/rc.wireless
+++ b/etc/rc.d/rc.wireless
@@ -216,7 +216,7 @@ wifi_stop(){
     fi
     run pkill wpa_supplicant
     run iw dev $PORT disconnect
-    run ip addr flush dev wlan0
+    run ip addr flush dev $PORT
     run rm -f $INI
     if ! wifi_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   else

From b772e017b13307ac19fa8dffff157f58f8404d40 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 12 Feb 2025 03:09:00 +0100
Subject: [PATCH 4/7] Wireless support - allow initial plain username and
 password

When user name and password are stored in plain text, these will be encrypted at start up.
---
 .../dynamix/include/update.wireless.php       |  7 ++---
 emhttp/plugins/dynamix/scripts/open_ssl       | 28 +++++++++++++++++++
 etc/rc.d/rc.wireless                          | 19 ++++++++++---
 3 files changed, 46 insertions(+), 8 deletions(-)
 create mode 100644 emhttp/plugins/dynamix/scripts/open_ssl

diff --git a/emhttp/plugins/dynamix/include/update.wireless.php b/emhttp/plugins/dynamix/include/update.wireless.php
index 898f4b163..0aa3f00bb 100644
--- a/emhttp/plugins/dynamix/include/update.wireless.php
+++ b/emhttp/plugins/dynamix/include/update.wireless.php
@@ -11,12 +11,11 @@
  */
 ?>
 <?
-$ssl = '/etc/rc.d/rc.ssl.input';
-if (is_readable($ssl)) extract(parse_ini_file($ssl));
+$open_ssl = "/usr/local/emhttp/webGui/scripts/open_ssl";
 
 // encrypt username and password before saving (if existing)
-if (!empty($_POST['USERNAME']) && isset($cipher,$key,$iv)) $_POST['USERNAME'] = openssl_encrypt($_POST['USERNAME'],$cipher,$key,0,$iv);
-if (!empty($_POST['PASSWORD']) && isset($cipher,$key,$iv)) $_POST['PASSWORD'] = openssl_encrypt($_POST['PASSWORD'],$cipher,$key,0,$iv);
+if (!empty($_POST['USERNAME'])) $_POST['USERNAME'] = exec("$open_ssl encrypt \"{$_POST['USERNAME']}\"");
+if (!empty($_POST['PASSWORD'])) $_POST['PASSWORD'] = exec("$open_ssl encrypt \"{$_POST['PASSWORD']}\"");
 
 // update active wifi selection
 foreach ($keys as $key => $val) if (isset($val['GROUP'])) $keys[$key]['GROUP'] = 'saved';
diff --git a/emhttp/plugins/dynamix/scripts/open_ssl b/emhttp/plugins/dynamix/scripts/open_ssl
new file mode 100644
index 000000000..734511776
--- /dev/null
+++ b/emhttp/plugins/dynamix/scripts/open_ssl
@@ -0,0 +1,28 @@
+#!/usr/bin/php -q
+<?PHP
+/* Copyright 2005-2025, Lime Technology
+ * Copyright 2012-2025, Bergware International.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ */
+?>
+<?
+$ssl_input = '/etc/rc.d/rc.ssl.input';
+if (is_readable($ssl_input)) extract(parse_ini_file($ssl_input));
+
+switch ($argv[1]) {
+case 'encrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $encrypt = openssl_encrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($encrypt)) echo "$encrypt";
+  break;
+case 'decrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $decrypt = openssl_decrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($decrypt)) echo "$decrypt";
+  break;
+}
+?>
diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless
index 8c100daad..8ee968d0e 100755
--- a/etc/rc.d/rc.wireless
+++ b/etc/rc.d/rc.wireless
@@ -11,6 +11,7 @@ CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
 SSLINPUT="/etc/rc.d/rc.ssl.input"
+OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"
 
@@ -233,10 +234,20 @@ wifi_join(){
     return
   fi
   [[ -e $SSLINPUT ]] || ssl_init
-# get SSL keys
-  . $SSLINPUT
-  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
-  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
+  [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME")
+  [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1
+  [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD")
+  [[ -n $DECRYPT2 ]] && PASSWORD=$DECRYPT2
+# plain username, encrypt username in settings file
+  if [[ -n $USERNAME && -z $DECRYPT1 ]]; then
+    ENCRYPT1=$($OPENSSL encrypt "$USERNAME")
+    sed -ri "s/^(USERNAME=\").+$/\1$ENCRYPT1\"/" $CFG
+  fi
+# plain password, encrypt password in settings file
+  if [[ -n $PASSWORD && -z $DECRYPT2 ]]; then
+    ENCRYPT2=$($OPENSSL encrypt "$PASSWORD")
+    sed -ri "s/^(PASSWORD=\").+$/\1$ENCRYPT2\"/" $CFG
+  fi
   SECURITY=${SECURITY:-$ATTR3}
   if [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
     # open network

From 300bd2d4689d908d8f4ad44fc355b5f51657bd1a Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 12 Feb 2025 03:09:28 +0100
Subject: [PATCH 5/7] Make script executable

---
 emhttp/plugins/dynamix/scripts/open_ssl | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 emhttp/plugins/dynamix/scripts/open_ssl

diff --git a/emhttp/plugins/dynamix/scripts/open_ssl b/emhttp/plugins/dynamix/scripts/open_ssl
old mode 100644
new mode 100755

From 76f0d68f2424e064ed03df3f11ca126ec6b85422 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 12 Feb 2025 03:50:42 +0100
Subject: [PATCH 6/7] wireless fine tuning

---
 emhttp/plugins/dynamix/scripts/open_ssl |  7 +++++++
 etc/rc.d/rc.wireless                    | 14 ++------------
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/emhttp/plugins/dynamix/scripts/open_ssl b/emhttp/plugins/dynamix/scripts/open_ssl
index 734511776..e62a0b3fa 100755
--- a/emhttp/plugins/dynamix/scripts/open_ssl
+++ b/emhttp/plugins/dynamix/scripts/open_ssl
@@ -16,6 +16,13 @@ $ssl_input = '/etc/rc.d/rc.ssl.input';
 if (is_readable($ssl_input)) extract(parse_ini_file($ssl_input));
 
 switch ($argv[1]) {
+case 'reload':
+  if (file_exists($ssl_input)) break;
+case 'load':
+  $key = exec("dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g'")."ABCDEFGH";
+  $iv  = "12".exec("cat /sys/class/net/wlan0/address | sed 's/://g'")."34";
+  file_put_contents($ssl_input, "cipher=aes-256-cbc\nkey=".substr($key,0,63)."\niv=$iv\n");
+  break;
 case 'encrypt':
   if (!empty($argv[2]) && isset($cipher,$key,$iv)) $encrypt = openssl_encrypt($argv[2],$cipher,$key,0,$iv);
   if (!empty($encrypt)) echo "$encrypt";
diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless
index 8ee968d0e..7fedd793c 100755
--- a/etc/rc.d/rc.wireless
+++ b/etc/rc.d/rc.wireless
@@ -10,7 +10,6 @@ DAEMON="WiFi network"
 CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
-SSLINPUT="/etc/rc.d/rc.ssl.input"
 OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"
@@ -42,15 +41,6 @@ unzero6(){
   echo -n $(for Q in ${A//:/ }; do [[ $Q != - ]] && printf "$M%x" "0x$Q" || printf ":"; M=:; done)
 }
 
-# function to initialize openSSL variables
-ssl_init(){
-  KEY="$(dmidecode -qt1 | grep -Pom1 'Manufacturer: \K.+' | sed 's/ /_/g')ABCDEFGH"
-  IV="12$(cat $SYSTEM/$PORT/address | sed 's/://g')34"
-  echo "cipher=aes-256-cbc" >$SSLINPUT
-  echo "key=${KEY:0:63}" >>$SSLINPUT
-  echo "iv=$IV" >>$SSLINPUT
-}
-
 # function to convert text to hex
 hex(){
   echo -n $1 | od -An -tx1 | tr -d ' \n'
@@ -184,7 +174,7 @@ wifi_start(){
     [[ -e $SYSTEM/$LINK ]] || run ip link add link $PORT name $LINK type ipvtap mode l2 bridge
     run ip link set $PORT up
     run ip link set $LINK up
-    ssl_init
+    $OPENSSL load
     # start active SSID
     $STARTWIFI
     if ! carrier_up $PORT; then
@@ -233,7 +223,7 @@ wifi_join(){
     log "$DAEMON...  No configuration."
     return
   fi
-  [[ -e $SSLINPUT ]] || ssl_init
+  $OPENSSL reload
   [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME")
   [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1
   [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD")

From fd6a70ec019e7a98b2c98ca6bbbc517fe49a4a91 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 12 Feb 2025 12:13:02 +0100
Subject: [PATCH 7/7] VM: disable MAC selection for wireless interface

---
 .../dynamix.vm.manager/templates/Custom.form.php  | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
index 1f018f4f6..0cc843528 100644
--- a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
+++ b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
@@ -1474,12 +1474,13 @@ foreach ($arrConfig['shares'] as $i => $arrShare) {
 }
 foreach ($arrConfig['nic'] as $i => $arrNic) {
 	$strLabel = ($i > 0) ? appendOrdinalSuffix($i + 1) : '';
+	$disabled = $arrNic['network']=='wlan0' ? 'disabled' : '';
 ?>
 <table data-category="Network" data-multiple="true" data-minimum="1" data-index="<?=$i?>" data-prefix="<?=$strLabel?>">
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>"><i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[<?=$i?>][mac]" class="narrow" value="<?=htmlspecialchars($arrNic['mac'])?>" <?=$disabled?>><i class="fa fa-refresh mac_generate <?=$i?>" <?=$disabled?>></i></span>
 		</td>
 		<td>
 			<textarea class="xml" id="xmlnet<?=$i?>" rows="5" disabled ><?=htmlspecialchars($xml2['devices']['interface'][$i])?></textarea>
@@ -1488,7 +1489,7 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow">
+			<span class="width"><select name="nic[<?=$i?>][network]" class="narrow" onchange="updateMAC(<?=$i?>,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -1554,13 +1555,13 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
 	<tr class="advanced">
 		<td>_(Network MAC)_:</td>
 		<td>
-			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate"></i></span>
+			<span class="width"><input type="text" name="nic[{{INDEX}}][mac]" class="narrow" value=""> <i class="fa fa-refresh mac_generate INDEX"></i></span>
 		</td>
 	</tr>
 	<tr class="advanced">
 		<td>_(Network Source)_:</td>
 		<td>
-			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow">
+			<span class="width"><select name="nic[{{INDEX}}][network]" class="narrow" onchange="updateMAC(INDEX,this.value)">
 			<?
 			foreach (array_keys($arrValidNetworks) as $key) {
 				echo mk_option("", $key, "- "._($key)." -", "disabled");
@@ -2004,6 +2005,12 @@ foreach ($arrConfig['evdev'] as $i => $arrEvdev) {
 var storageType = "<?=get_storage_fstype($arrConfig['template']['storage']);?>";
 var storageLoc  = "<?=$arrConfig['template']['storage']?>";
 
+function updateMAC(index,port) {
+	$('input[name="nic['+index+'][mac]"').prop('disabled',port=='wlan0');
+	$('i.mac_generate.'+index).prop('disabled',port=='wlan0');
+	if (port != 'wlan0') $('i.mac_generate.'+index).click();
+}
+
 function ShareChange(share) {
 	var value = share.value;
 	var text = share.options[share.selectedIndex].text;

_(Network MAC)_:	- + >	<?=htmlspecialchars($xml2['devices']['interface'][$i])?> @@ -1488,7 +1489,7 @@ foreach ($arrConfig['nic'] as $i => $arrNic) {
_(Network Source)_:	- $arrNic) {
_(Network MAC)_:	- +
_(Network Source)_:	- $arrEvdev) { var storageType = ""; var storageLoc = ""; +function updateMAC(index,port) { + $('input[name="nic['+index+'][mac]"').prop('disabled',port=='wlan0'); + $('i.mac_generate.'+index).prop('disabled',port=='wlan0'); + if (port != 'wlan0') $('i.mac_generate.'+index).click(); +} + function ShareChange(share) { var value = share.value; var text = share.options[share.selectedIndex].text;