#!/usr/local/bin/php . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ $pgtitle = array("Interfaces", "Assign network ports", "Edit WLAN"); require("guiconfig.inc"); if (!is_array($config['wlans']['wlan'])) $config['wlans']['wlan'] = array(); $a_wlans = &$config['wlans']['wlan']; $portlist = get_interface_list(false, true, false); /* if there's only one interface, we can "pre-select" it */ if (count($portlist) == 1) { $pconfig = array(); foreach ($portlist as $pn => $pv) { $pconfig['if'] = $pn; break; } } $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_wlans[$id]) { $pconfig['if'] = $a_wlans[$id]['if']; $pconfig['descr'] = $a_wlans[$id]['descr']; $pconfig['standard'] = $a_wlans[$id]['standard']; $pconfig['ht'] = isset($a_wlans[$id]['ht']); $pconfig['mode'] = $a_wlans[$id]['mode']; $pconfig['ssid'] = $a_wlans[$id]['ssid']; $pconfig['channel'] = $a_wlans[$id]['channel']; $pconfig['txpower'] = $a_wlans[$id]['txpower']; $pconfig['wep_enable'] = isset($a_wlans[$id]['wep']['enable']); $pconfig['hidessid'] = isset($a_wlans[$id]['hidessid']); $pconfig['wpamode'] = $a_wlans[$id]['wpa']['mode']; $pconfig['wpaversion'] = $a_wlans[$id]['wpa']['version']; $pconfig['wpacipher'] = $a_wlans[$id]['wpa']['cipher']; $pconfig['wpapsk'] = $a_wlans[$id]['wpa']['psk']; $pconfig['radiusip'] = $a_wlans[$id]['wpa']['radius']['server']; $pconfig['radiusauthport'] = $a_wlans[$id]['wpa']['radius']['authport']; $pconfig['radiusacctport'] = $a_wlans[$id]['wpa']['radius']['acctport']; $pconfig['radiussecret'] = $a_wlans[$id]['wpa']['radius']['secret']; if (is_array($a_wlans[$id]['wep']['key'])) { $i = 1; foreach ($a_wlans[$id]['wep']['key'] as $wepkey) { $pconfig['key' . $i] = $wepkey['value']; if (isset($wepkey['txkey'])) $pconfig['txkey'] = $i; $i++; } if (!isset($wepkey['txkey'])) $pconfig['txkey'] = 1; } } if ($_POST) { unset($input_errors); $pconfig = $_POST; } /* If a physical interface has been selected at this point, we can determine the supported standards and channels */ if ($pconfig['if']) { $wlstandards = wireless_get_standards($pconfig['if']); $wlchannels = wireless_get_channellist($pconfig['if']); } else { $wlstandards = array(); $wlchannels = array(); } if ($_POST) { if (!$_POST['chgifonly']) { /* input validation */ $reqdfields = "if mode ssid channel txpower"; $reqdfieldsn = "Parent interface,Mode,SSID,Channel,Transmit power"; if ($_POST['wpamode'] != "none") { $reqdfields .= " wpaversion wpacipher"; $reqdfieldsn .= ",WPA version,WPA cipher"; if ($_POST['wpamode'] == "psk") { $reqdfields .= " wpapsk"; $reqdfieldsn .= ",WPA PSK"; } else if ($_POST['wpamode'] == "enterprise") { $reqdfields .= " radiusip radiussecret"; $reqdfieldsn .= ",RADIUS IP,RADIUS Shared secret"; } } do_input_validation($_POST, explode(" ", $reqdfields), explode(",", $reqdfieldsn), &$input_errors); if ($_POST['radiusip'] && !is_ipaddr($_POST['radiusip'])) $input_errors[] = "A valid RADIUS IP address must be specified."; if ($_POST['radiusauthport'] && !is_port($_POST['radiusauthport'])) $input_errors[] = "A valid RADIUS authentication port number must be specified."; if ($_POST['radiusacctport'] && !is_port($_POST['radiusacctport'])) $input_errors[] = "A valid RADIUS accounting port number must be specified."; if ($_POST['wpapsk'] && !(strlen($_POST['wpapsk']) >= 8 && strlen($_POST['wpapsk']) <= 63)) $input_errors[] = "The WPA PSK must be between 8 and 63 characters long."; /* XXX - check whether multiple WLANs are supported on the physical interface */ if (!$input_errors) { /* if an 11a channel is selected, the mode must be 11a too, and vice versa */ $is_chan_11a = (strpos($wlchannels[$_POST['channel']]['mode'], "11a") !== false); $is_std_11a = ($_POST['standard'] == "11a" || $_POST['standard'] == "11na"); if ($is_chan_11a && !$is_std_11a) $input_errors[] = "802.11a channels can only be selected if the standard is set to 802.11(n)a too."; else if (!$is_chan_11a && $is_std_11a) $input_errors[] = "802.11(n)a can only be selected if an 802.11a channel is selected too."; /* currently, WPA is only supported in AP (hostap) mode */ if ($_POST['wpamode'] != "none" && $pconfig['mode'] != "hostap") $input_errors[] = "WPA is only supported in hostap mode."; } if (!$input_errors) { $wlan = array(); $wlan['if'] = $_POST['if']; $wlan['descr'] = $_POST['descr']; $wlan['standard'] = $_POST['standard']; $wlan['ht'] = $_POST['ht'] ? true : false; $wlan['mode'] = $_POST['mode']; $wlan['ssid'] = $_POST['ssid']; $wlan['channel'] = $_POST['channel']; $wlan['txpower'] = $_POST['txpower']; $wlan['wep']['enable'] = $_POST['wep_enable'] ? true : false; $wlan['hidessid'] = $_POST['hidessid'] ? true : false; $wlan['wep']['key'] = array(); for ($i = 1; $i <= 4; $i++) { if ($_POST['key' . $i]) { $newkey = array(); $newkey['value'] = $_POST['key' . $i]; if ($_POST['txkey'] == $i) $newkey['txkey'] = true; $wlan['wep']['key'][] = $newkey; } } $wlan['wpa'] = array(); $wlan['wpa']['mode'] = $_POST['wpamode']; $wlan['wpa']['version'] = $_POST['wpaversion']; $wlan['wpa']['cipher'] = $_POST['wpacipher']; $wlan['wpa']['psk'] = $_POST['wpapsk']; $wlan['wpa']['radius'] = array(); $wlan['wpa']['radius']['server'] = $_POST['radiusip']; $wlan['wpa']['radius']['authport'] = $_POST['radiusauthport']; $wlan['wpa']['radius']['acctport'] = $_POST['radiusacctport']; $wlan['wpa']['radius']['secret'] = $_POST['radiussecret']; if (isset($id) && $a_wlans[$id]) $a_wlans[$id] = $wlan; else $a_wlans[] = $wlan; write_config(); touch($d_sysrebootreqd_path); header("Location: interfaces_wlan.php"); exit; } } } if (!isset($pconfig['txpower']) || strlen($pconfig['txpower']) == 0) $pconfig['txpower'] = 17; /* pick a reasonable default */ function wireless_get_standards($if) { $standards = array(); $fd = popen("/sbin/ifconfig -m $if", "r"); if ($fd) { while (!feof($fd)) { $line = trim(fgets($fd)); if (preg_match("/media \S+ mode (11\S+)/", $line, $matches)) { $standards[] = $matches[1]; } } } return array_unique($standards); } function wireless_get_channellist($if) { $chanlist = array(); /* cannot get channels from physical interface anymore - need a subinterface. Find out if there is already one for this physical interface; if not, create one and destroy it again afterwards */ unset($subif); $fd = popen("/sbin/sysctl -a net.wlan", "r"); if ($fd) { while (!feof($fd)) { $line = trim(fgets($fd)); if (preg_match("/^net\.wlan\.(\d+)\.%parent: (\S+)$/", $line, $matches)) { if ($matches[2] == $if) { $subif = "wlan" . $matches[1]; break; } } } pclose($fd); } if (!isset($subif)) { $subif = "wlan999"; mwexec("/sbin/ifconfig wlan999 create wlandev " . escapeshellarg($if)); } $fd = popen("/sbin/ifconfig $subif list chan", "r"); if ($fd) { while (!feof($fd)) { $line = trim(fgets($fd)); /* could have two channels on this line */ $chans = explode("Channel", $line); foreach ($chans as $chan) { if (preg_match("/(\d+)\s+:\s+(\d+)\s+MHz\s+(.+)/i", $chan, $matches)) { $chaninfo = array(); $chaninfo['chan'] = $matches[1]; $chaninfo['freq'] = $matches[2]; $chaninfo['mode'] = trim($matches[3]); $chanlist[$chaninfo['chan']] = $chaninfo; } } } pclose($fd); } if ($subif == "wlan999") mwexec("/sbin/ifconfig wlan999 destroy"); ksort($chanlist, SORT_NUMERIC); return $chanlist; } ?>
Parent interface
Description
You may enter a description here for your reference (not parsed).
Standard
HT >Enable HT
Mode
SSID

>Hide SSID
If this option is selected, the SSID will not be broadcast in AP mode, and only clients that know the exact SSID will be able to connect. Note that this option should never be used as a substitute for proper security/encryption settings.
Channel
Transmit power
Not all transmit power settings listed above may actually be supported by the adapter; in that case the closest possible setting will be used. You must ensure that the setting you choose complies with local regulations.
WPA
WPA settings
Mode
Version
In most cases, you should select "WPA + WPA2" here.
Cipher
AES/CCMP provides better security than TKIP, but TKIP is more compatible with older hardware.
PSK
Enter the passphrase that will be used in WPA-PSK mode. This must be between 8 and 63 characters long.
RADIUS server
IP address
Enter the IP address of the RADIUS server that will be used in WPA-Enterprise mode.
Authentication port
Leave this field blank to use the default port (1812).
Accounting port
Leave this field blank to use the default port (1813).
Shared secret  
WEP onChange="wlan_enable_change(false)"> Enable WEP
     TX key 
Key 1:   >
Key 2:   >
Key 3:   >
Key 4:   >

40 (64) bit keys may be entered as 5 ASCII characters or 10 hex digits preceded by '0x'.
104 (128) bit keys may be entered as 13 ASCII characters or 26 hex digits preceded by '0x'.