projects / project / luci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a349e51)
luci-mod-network: add ppsk option (support for Private PSK)
authorManuel Giganto <mgigantoregistros@gmail.com>
Mon, 12 Oct 2020 15:35:08 +0000 (15:35 +0000)
committerPaul Donald <newtwen@gmail.com>
Sun, 28 Jan 2024 15:26:09 +0000 (16:26 +0100)
Include support in luci to enable the Private PSK.
When Private PSK is enabled, clients can use a default password (common),
or have their own private password that is associated with the client MAC.

The password is retrieved from RADIUS server, asking for the client MAC,
and when such client MAC is not defined, RADIUS should return a default
password.

RADIUS can also return other parameters like VLANs, which can be used to
put clients dynamically in different VLANs based on their MAC, or the
default configuration.

Private PSK is not compatible yet with SAE encryption, therefore cannot
be used yet with WPA3 or WPA3-mixed.

It implements the UI for the PPSK already in master: https://github.com/openwrt/openwrt/pull/3509

Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
(cherry picked from commit 75a2fd233baabf6fa5bafcb13ccc6d7000a4604d)

modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js patch | blob | history

diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
index e59097bfc1c4727986f248e9e2f9b211826513b5..2ea50d99cdaec1be9b0d3bd1d39db36b39346f17 100644 (file)
--- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
+++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js
@@ -1407,19 +1407,25 @@ return view.extend({
                                }
 
 
+                               o = ss.taboption('encryption', form.Flag, 'ppsk', _('Enable Private PSK (PPSK)'), _('Private Pre-Shared Key (PPSK) allows the use of different Pre-Shared Key for each STA MAC address. Private MAC\'s PSKs are stored on RADIUS server.'));
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'] });
+
                                o = ss.taboption('encryption', form.Value, 'auth_server', _('RADIUS Authentication Server'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.rmempty = true;
                                o.datatype = 'host(0)';
 
                                o = ss.taboption('encryption', form.Value, 'auth_port', _('RADIUS Authentication Port'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.rmempty = true;
                                o.datatype = 'port';
                                o.placeholder = '1812';
 
                                o = ss.taboption('encryption', form.Value, 'auth_secret', _('RADIUS Authentication Secret'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.rmempty = true;
                                o.password = true;
 
@@ -1442,6 +1448,7 @@ return view.extend({
                                /* extra RADIUS settings start */
                                o = ss.taboption('encryption', form.ListValue, 'dynamic_vlan', _('RADIUS Dynamic VLAN Assignment'), _('Required: Rejects auth if RADIUS server does not provide appropriate VLAN attributes.'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.value('0', _('Disabled'));
                                o.value('1', _('Optional'));
                                o.value('2', _('Required'));
@@ -1451,13 +1458,16 @@ return view.extend({
 
                                o = ss.taboption('encryption', form.Flag, 'per_sta_vif', _('RADIUS Per STA VLAN'), _('Each STA is assigned its own AP_VLAN interface.'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
 
                                //hostapd internally defaults to vlan_naming=1 even with dynamic VLAN off
                                o = ss.taboption('encryption', form.Flag, 'vlan_naming', _('RADIUS VLAN Naming'), _('Off: <code>vlanXXX</code>, e.g., <code>vlan1</code>. On: <code>vlan_tagged_interface.XXX</code>, e.g. <code>eth0.1</code>.'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
 
                                o = ss.taboption('encryption', widgets.DeviceSelect, 'vlan_tagged_interface', _('RADIUS VLAN Tagged Interface'), _('E.g. eth0, eth1'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.size = 1;
                                o.rmempty = true;
                                o.multiple = false;
@@ -1468,6 +1478,7 @@ return view.extend({
 
                                o = ss.taboption('encryption', form.Value, 'vlan_bridge', _('RADIUS VLAN Bridge Naming Scheme'), _('E.g. <code>br-vlan</code> or <code>brvlan</code>.'));
                                add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] });
+                               add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['1'] });
                                o.rmempty = true;
                                /* extra RADIUS settings end */
 
@@ -1489,10 +1500,7 @@ return view.extend({
 
 
                                o = ss.taboption('encryption', form.Value, '_wpa_key', _('Key'));
-                               o.depends('encryption', 'psk');
-                               o.depends('encryption', 'psk2');
-                               o.depends('encryption', 'psk+psk2');
-                               o.depends('encryption', 'psk-mixed');
+                               add_dependency_permutations(o, { encryption: ['psk', 'psk2', 'psk+psk2', 'psk-mixed'], ppsk: ['0'] });
                                o.depends('encryption', 'sae');
                                o.depends('encryption', 'sae-mixed');
                                o.datatype = 'wpakey';
Lua Configuration Interface (mirror)