Add a new luci/getBuiltinEthernetPorts RPC call which returns a consolidated
list of known ethernet ports found in `/etc/board.json`.
Add an x86/64 specific workaround which attempts to enumerate missing
ethernet devices too.
Ref: #6534, #6538
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add entries from `/proc/swaps` to the result array as well in order to
let the ui properly deal with swap files.
Fixes: #6350
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This feature flag doesn't exist anymore, see this commit on the main repo:
7c63295bf4 "treewide: remove DRIVER_11N_SUPPORT"
Signed-off-by: Andre Heider <a.heider@gmail.com>
Instead of scraping the LuCI version from Lua sources, fetch it via ubus
in order to be independent from the Lua runtime.
Fixes: #6154
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The uci package name used to iterate the loaded configuration sections
must correspond to the file name being loaded.
Fixes: https://github.com/openwrt/openwrt/issues/11215
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Move classes required for Lua runtime support into a new `luci-lua-runtime`
package. Also replace the `luci.http` and `luci.util` classes in
`luci-lib-base` with stubbed versions interacting with the ucode based
runtime environment.
Finally merge `luci-base-ucode` into the remainders of `luci-base`.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since HTTP cookies may not overwrite HTTPS ("secure") ones, users are
frequently unable to log into LuCI when a stale, "secure" `sysauth` cookie
is still present in the browser as it commonly happens after e.g. a
sysupgrade operation or when frequently jumping between HTTP and HTTPS
access.
Rework the dispatcher to set either a `sysauth_http` or `sysauth_https`
cookie, depending on the HTTPS state of the server connection and accept
both cookie names when verifying the session ID.
This allows users to log into a HTTP-only LuCI instance while a stale,
"secure" HTTPS cookie is still present.
Requires commit 2b0539ef9d ("lucihttp: update to latest Git HEAD") to
function properly.
Fixes: #5843
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On boards with ADSL instead of VDSL support we need to expect an
`/sbin/dsl_cpe_control` instead of an `/sbin/vdsl_cpe_control` executable.
Ref: https://forum.openwrt.org/t/dsl-line-stats/126580
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure to invoke the Busybox `passwd` applet to change the system password
in a non-interactive manner. Non-Busybox variants may not take the new
password input from stdin or use password hashes which are not supported
by musl's `crypt()` implementation by default.
Fixes: #5629
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fallback to firewall4's helper list if the fw3 one cannot be loaded.
Fixes broken zone configuration when firewall4 is installed as backend.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When the system is running with nftables instead of iptables, the
proprietary XT_FLOWOFFLOAD module will not be present, query the nft
equivalent instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Initial changes required for firewall4 compatibility:
* depend on uc-firewall instead of firewall
* detect installed version of firewall and hide incompatible features
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
- Prefer nodes that do not require authentication over nodes that do
- Honour ACL dependencies while resolving firstchild nodes
- Consider currently active session while scanning menu tree instead
of only loading effective ACLs when a login node is encountered
- Do not consider nodes for firstchild dispatching which specify a
special "firstchild_ineligible" property
- Hide menu nodes that have no accessible children
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
OpenWrt commit 1a9b896d ("treewide: nuke DRIVER_11W_SUPPORT") enables
802.11w feature for all wpad/hostapd configurations. The feature flag
was removed at all but for the compatibility reasons 11w is still
advertised (but there's a plan to nuke it also) [1].
Remove conditional 802.11w LuCI support to match current behavior.
[1]: https://github.com/openwrt/openwrt/pull/3347
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Check if hostapd supports wps pushbutton features.
(wps is now supported by ubus instead of using hostapd_cli)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Move the VPN configuration section behind the network configuration. The normal
workflow is add/edit the network and then add/edit a vpn configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit adds WEP as a queryable WiFi feature.
Support for the deprecated WEP encryption is not
compiled-in to hostapd or wpa_supplicant by default
anymore.
Allow LuCi to query the availability of WEP to remove
it from the list of avialable encryption methods in case
hostapd / wpa_supplicant are compiled without it.
Signed-off-by: David Bauer <mail@david-bauer.net>
* minimal change to accept the usual logread location
plus the alternative location (/usr/sbin/logread)
used by syslog-ng (see openwrt/packages/issues/11535 for reference)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Since swconfig output varies wildly among different switch drivers, rely
on a simpler more robust parsing approach to find the required information.
Ref: https://forum.openwrt.org/t/cannot-read-property-link/50766
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add detection mechanism for system cert CA bundle installed by the
ca-bundle package. Used by LuCI to detect whether the "Use system
certificates" certificate validation option should be enabled.
Signed-off-by: David Lam <david@thedavid.net>
Replace the `iface_down` endpoint with a direct invocation of `/sbin/ifdown`
and replace the interface connectivity check with a call to the new
`remote_addr` endpoint.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
