From 1c9e2fa82c087fc2684719f1028e85d85ada0cf9 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 18 Aug 2017 15:27:29 +0200
Subject: [PATCH] wireless networks: Properly validate encryption modes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.wireless          | 4 ++++
 src/functions/functions.wireless-networks | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
index d132da68..7ddb59cb 100644
--- a/src/functions/functions.wireless
+++ b/src/functions/functions.wireless
@@ -25,6 +25,10 @@ NETWORK_SETTINGS_FILE_PARAMS="${NETWORK_SETTINGS_FILE_PARAMS} WIRELESS_REGULATOR
 
 WIRELESS_REGULATORY_DOMAIN_DATABASE="/usr/lib/crda/regulatory.bin"
 
+WIRELESS_DEFAULT_ENCRYPTION_MODE="NONE"
+WIRELESS_VALID_ENCRYPTION_MODES="WPA2-PSK-SHA256 WPA2-PSK \
+	WPA-PSK-SHA256 WPA-PSK WEP NONE"
+
 cli_wireless() {
 	local action=${1}
 	shift 1
diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index 7c71d9e5..0133fe7f 100644
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -21,8 +21,6 @@
 
 WIRELESS_NETWORK_CONFIG_SETTINGS="ENCRYPTION_MODE PRIORITY PSK SSID"
 
-WIRELESS_NETWORKS_VALID_ENCRYPTION_MODES="WPA2-PSK"
-
 cli_wireless_network() {
 	case "${1}" in
 		new)
@@ -228,6 +226,7 @@ wireless_network_new() {
 	echo "SSID=\"${ssid}\"" >>"${NETWORK_WIRELESS_NETWORKS_DIR}/${ssid_hash}/settings"
 
 	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
+	ENCRYPTION_MODE="${WIRELESS_DEFAULT_ENCRYPTION_MODE}"
 	SSID="${ssid}"
 	PRIORITY=500
 
@@ -267,7 +266,7 @@ wireless_network_encryption_mode() {
 	local ssid="${1}"
 	local mode="${2}"
 
-	if ! isoneof mode ${WIRELESS_NETWORKS_VALID_ENCRYPTION_MODES}; then
+	if ! isoneof mode ${WIRELESS_VALID_ENCRYPTION_MODES}; then
 		log ERROR "Encryption mode '${mode}' is invalid"
 		return ${EXIT_ERROR}
 	fi
-- 
2.47.2