From 2131842fe7c62304fe5968f8de00c75e60859a7f Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Wed, 27 Jul 2016 20:34:56 +0000 Subject: [PATCH 1/5] Tidy up some whitespace Sorry, I don't like tab indentation. (and I definitely don't like a mixture of tab and space indentation) --- index.php | 198 +++++++++++++++++++++++++++--------------------------- 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/index.php b/index.php index b53eec8c..16103132 100755 --- a/index.php +++ b/index.php @@ -59,8 +59,8 @@ $csrf_token = $_SESSION['csrf_token']; - - + + @@ -96,106 +96,106 @@ $csrf_token = $_SESSION['csrf_token']; - - + + -
- - - -
-
-

- RaspAP -

-
-
+
- -
+ +
+
+

+ RaspAP +

+
+
+ + +
@@ -217,5 +217,5 @@ $csrf_token = $_SESSION['csrf_token']; - + From bfb1332cdfdcd5269dbd5f60608b01408702dda2 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Wed, 27 Jul 2016 20:43:40 +0000 Subject: [PATCH 2/5] Move HostAPD into separate file --- includes/functions.php | 180 ----------------------------------------- includes/hostapd.php | 177 ++++++++++++++++++++++++++++++++++++++++ index.php | 1 + 3 files changed, 178 insertions(+), 180 deletions(-) create mode 100755 includes/hostapd.php diff --git a/includes/functions.php b/includes/functions.php index 3e9f4ddb..4a19a0c7 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -375,186 +375,6 @@ update_config=1 HostAPD is not running - '; - } else { - $status = '
HostAPD is running -
'; - } - - $arrConfig = array(); - $arrChannel = array('a','b','g'); - $arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2'); - $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP'); - - foreach( $return as $a ) { - if( $a[0] != "#" ) { - $arrLine = explode( "=",$a) ; - $arrConfig[$arrLine[0]]=$arrLine[1]; - } - }; - ?> -
-
-
-
Configure hotspot -
- -
- - - - -
-

-
- -

Basic settings

-
-
-
- - -
-
-
-
- - -
-
-
-
- - -
-
-
-
- - -
-
-
-
-

Security settings

-
-
- - -
-
-
-
- - -
-
-
-
- - -
-
-
-
-

Advanced settings

-
-
- - -
-
-
- - - '; - } else { - echo ''; - }; - ?> - -
-
-
Information provided by hostapd
-
-
-HostAPD is not running +
'; + } else { + $status = '
HostAPD is running +
'; + } + + $arrConfig = array(); + $arrChannel = array('a','b','g'); + $arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2'); + $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP'); + + foreach( $return as $a ) { + if( $a[0] != "#" ) { + $arrLine = explode( "=",$a) ; + $arrConfig[$arrLine[0]]=$arrLine[1]; + } + }; + ?> +
+
+
+
Configure hotspot +
+ +
+ + + + +
+

+
+ +

Basic settings

+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+

Security settings

+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+

Advanced settings

+
+
+ + +
+
+
+ + + '; + } else { + echo ''; + }; + ?> + +
+
+
Information provided by hostapd
+
+
+ diff --git a/index.php b/index.php index 16103132..2dea62f9 100755 --- a/index.php +++ b/index.php @@ -42,6 +42,7 @@ include_once( 'includes/functions.php' ); include_once( 'includes/authenticate.php' ); include_once( 'includes/admin.php' ); include_once( 'includes/dhcp.php' ); +include_once( 'includes/hostapd.php' ); $output = $return = 0; $page = $_GET['page']; From 15a4ece43390e27ebe71bdffa976f00165ce84a2 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Wed, 27 Jul 2016 20:48:27 +0000 Subject: [PATCH 3/5] Move function to save HostAPD config too --- includes/functions.php | 73 ---------------------------------------- includes/hostapd.php | 76 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 73 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 4a19a0c7..20944244 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -741,77 +741,4 @@ function DisplaySystem(){ /tmp/hostapddata", $return ); - system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); - - if( $return == 0 ) { - echo "Wifi Hotspot settings saved"; - } else { - echo "Wifi Hotspot settings failed to be saved"; - } - } elseif( isset($_POST['SaveOpenVPNSettings']) ) { - // TODO - } elseif( isset($_POST['SaveTORProxySettings']) ) { - // TODO - } elseif( isset($_POST['StartHotspot']) ) { - echo "Attempting to start hotspot"; - exec( 'sudo /etc/init.d/hostapd start', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StopHotspot']) ) { - echo "Attempting to stop hotspot"; - exec( 'sudo /etc/init.d/hostapd stop', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StartOpenVPN']) ) { - echo "Attempting to start openvpn"; - exec( 'sudo /etc/init.d/openvpn start', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StopOpenVPN']) ) { - echo "Attempting to stop openvpn"; - exec( 'sudo /etc/init.d/openvpn stop', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StartTOR']) ) { - echo "Attempting to start TOR"; - exec( 'sudo /etc/init.d/tor start', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StopTOR']) ) { - echo "Attempting to stop TOR"; - exec( 'sudo /etc/init.d/tor stop', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } -} ?> - diff --git a/includes/hostapd.php b/includes/hostapd.php index 30517e69..1d7e1408 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -175,3 +175,79 @@ function DisplayHostAPDConfig(){ + /tmp/hostapddata", $return ); + system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); + + if( $return == 0 ) { + echo "Wifi Hotspot settings saved"; + } else { + echo "Wifi Hotspot settings failed to be saved"; + } + } elseif( isset($_POST['SaveOpenVPNSettings']) ) { + // TODO + } elseif( isset($_POST['SaveTORProxySettings']) ) { + // TODO + } elseif( isset($_POST['StartHotspot']) ) { + echo "Attempting to start hotspot"; + exec( 'sudo /etc/init.d/hostapd start', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StopHotspot']) ) { + echo "Attempting to stop hotspot"; + exec( 'sudo /etc/init.d/hostapd stop', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StartOpenVPN']) ) { + echo "Attempting to start openvpn"; + exec( 'sudo /etc/init.d/openvpn start', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StopOpenVPN']) ) { + echo "Attempting to stop openvpn"; + exec( 'sudo /etc/init.d/openvpn stop', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StartTOR']) ) { + echo "Attempting to start TOR"; + exec( 'sudo /etc/init.d/tor start', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StopTOR']) ) { + echo "Attempting to stop TOR"; + exec( 'sudo /etc/init.d/tor stop', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } +} +?> + From 671016e6859fee3ae4e9bff81312b5e0d43e2cce Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Fri, 5 Aug 2016 15:50:05 +0100 Subject: [PATCH 4/5] Add CSRF to hostapd config And tidy things up a bit --- includes/functions.php | 29 ++++ includes/hostapd.php | 321 +++++++++++++++++++---------------------- 2 files changed, 180 insertions(+), 170 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 20944244..20a44d2f 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -20,6 +20,35 @@ function CSRFValidate() { return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']); } +/** +* Test whether array is associative +*/ +function isAssoc($arr) { + return array_keys($arr) !== range(0, count($arr) - 1); +} + +/** +* +* Display a selector field for a form. Arguments are: +* $name: Field name +* $options: Array of options +* $selected: Selected option (optional) +* If $options is an associative array this should be the key +* +*/ +function SelectorOptions($name, $options, $selected = null) { + echo ""; +} + /** * * @param string $input diff --git a/includes/hostapd.php b/includes/hostapd.php index 1d7e1408..1eb4aa6b 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -1,19 +1,73 @@ /tmp/hostapddata", $return ); + system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); + + if( $return == 0 ) { + $status->addMessage('Wifi Hotspot settings saved', 'success'); + } else { + $status->addMessage('Wifi Hotspot settings failed to be saved', 'danger'); + } + } else { + error_log('CSRF violation'); + } + } elseif( isset($_POST['StartHotspot']) ) { + if (CSRFValidate()) { + $status->addMessage('Attempting to start hotspot', 'info'); + exec( 'sudo /etc/init.d/hostapd start', $return ); + foreach( $return as $line ) { + $status->addMessage($line, 'info'); + } + } else { + error_log('CSRF violation'); + } + } elseif( isset($_POST['StopHotspot']) ) { + if (CSRFValidate()) { + $status->addMessage('Attempting to stop hotspot', 'info'); + exec( 'sudo /etc/init.d/hostapd stop', $return ); + foreach( $return as $line ) { + $status->addMessage($line, 'info'); + } + } else { + error_log('CSRF violation'); + } + } + exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return ); exec( 'pidof hostapd | wc -l', $hostapdstatus); if( $hostapdstatus[0] == 0 ) { - $status = '
HostAPD is not running -
'; + $status->addMessage('HostAPD is not running', 'warning'); } else { - $status = '
HostAPD is running -
'; + $status->addMessage('HostAPD is running', 'success'); } $arrConfig = array(); @@ -29,148 +83,111 @@ function DisplayHostAPDConfig(){ }; ?>
-
+
-
Configure hotspot -
+
Configure hotspot
- +
+ -
-

+
+

showMessages(); ?>

- +

Basic settings

- -
-
- - -
-
-
-
- - -
-
-
-
- - -
-
-
-
- - -
-
-
-
+ +
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+

Security settings

-
- - -
-
-
-
- - -
-
-
-
- - -
-
+
+ + +
+
+
+
+ + 'TKIP+CCMP' but I am not yet sure what + * exactly is correct. + * At I read it, 'TKIP CCMP' would get written to the + * hostapd.conf file when it is saved but the correct option + * would only be selected if it reads 'TKIP+CCMP'. This is + * clearly broken. + * Now it is consistent, albeit possibly still broken. + */ + ?> + +
+
+
+
+ + +
+
-
-

Advanced settings

-
-
- - -
-
-
+
+

Advanced settings

+
+
+ + +
+
+
- - '; - } else { - echo ''; - }; - ?> - -
-
+ + '; + } else { + echo ''; + }; + ?> + +
Information provided by hostapd
-
+
/tmp/hostapddata", $return ); - system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); - - if( $return == 0 ) { - echo "Wifi Hotspot settings saved"; - } else { - echo "Wifi Hotspot settings failed to be saved"; - } - } elseif( isset($_POST['SaveOpenVPNSettings']) ) { + if( isset($_POST['SaveOpenVPNSettings']) ) { // TODO } elseif( isset($_POST['SaveTORProxySettings']) ) { // TODO - } elseif( isset($_POST['StartHotspot']) ) { - echo "Attempting to start hotspot"; - exec( 'sudo /etc/init.d/hostapd start', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StopHotspot']) ) { - echo "Attempting to stop hotspot"; - exec( 'sudo /etc/init.d/hostapd stop', $return ); - foreach( $return as $line ) { - echo $line."
"; - } } elseif( isset($_POST['StartOpenVPN']) ) { echo "Attempting to start openvpn"; exec( 'sudo /etc/init.d/openvpn start', $return ); From bff9dfbbbc1ace6c68b467928856e420391c3d1b Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Fri, 5 Aug 2016 20:38:02 +0000 Subject: [PATCH 5/5] Some validation on POST data --- includes/admin.php | 2 +- includes/functions.php | 35 ++++++++++ includes/hostapd.php | 155 ++++++++++++++++++++--------------------- index.php | 2 +- 4 files changed, 111 insertions(+), 83 deletions(-) diff --git a/includes/admin.php b/includes/admin.php index 7e7e900f..ba927224 100755 --- a/includes/admin.php +++ b/includes/admin.php @@ -14,7 +14,7 @@ function DisplayAuthConfig($username, $password){ $status->addMessage('Username must not be empty', 'danger'); } else { if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) { - fwrite($auth_file, $new_username.PHP_EOL); + fwrite($auth_file, $new_username.PHP_EOL); fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL); fclose($auth_file); $username = $new_username; diff --git a/includes/functions.php b/includes/functions.php index 20a44d2f..eb76ffca 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -770,4 +770,39 @@ function DisplaySystem(){ "; + } + } elseif( isset($_POST['StopOpenVPN']) ) { + echo "Attempting to stop openvpn"; + exec( 'sudo /etc/init.d/openvpn stop', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StartTOR']) ) { + echo "Attempting to start TOR"; + exec( 'sudo /etc/init.d/tor start', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } elseif( isset($_POST['StopTOR']) ) { + echo "Attempting to stop TOR"; + exec( 'sudo /etc/init.d/tor stop', $return ); + foreach( $return as $line ) { + echo $line."
"; + } + } +} ?> diff --git a/includes/hostapd.php b/includes/hostapd.php index 1eb4aa6b..9d35785b 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -10,32 +10,16 @@ function DisplayHostAPDConfig(){ $status = new StatusMessages(); + $arrConfig = array(); + $arrChannel = array('a','b','g'); + $arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2'); + $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP'); + exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); + + if( isset($_POST['SaveHostAPDSettings']) ) { if (CSRFValidate()) { - $config = 'driver=nl80211'.PHP_EOL - .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL - .'ctrl_interface_group=0'.PHP_EOL - .'beacon_int=100'.PHP_EOL - .'auth_algs=1'.PHP_EOL - .'wpa_key_mgmt=WPA-PSK'.PHP_EOL; - - $config .= "interface=".$_POST['interface'].PHP_EOL; - $config .= "ssid=".$_POST['ssid'].PHP_EOL; - $config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL; - $config .= "channel=".$_POST['channel'].PHP_EOL; - $config .= "wpa=".$_POST['wpa'].PHP_EOL; - $config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL; - $config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL; - $config .="country_code=".$_POST['country_code']; - - exec( "echo '$config' > /tmp/hostapddata", $return ); - system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); - - if( $return == 0 ) { - $status->addMessage('Wifi Hotspot settings saved', 'success'); - } else { - $status->addMessage('Wifi Hotspot settings failed to be saved', 'danger'); - } + SaveHostAPDConfig($arrSecurity, $arrEncType, $arrChannel, $interfaces, $status); } else { error_log('CSRF violation'); } @@ -70,11 +54,6 @@ function DisplayHostAPDConfig(){ $status->addMessage('HostAPD is running', 'success'); } - $arrConfig = array(); - $arrChannel = array('a','b','g'); - $arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2'); - $arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP'); - foreach( $return as $a ) { if( $a[0] != "#" ) { $arrLine = explode( "=",$a) ; @@ -84,7 +63,7 @@ function DisplayHostAPDConfig(){ ?>
-
+
Configure hotspot
@@ -107,7 +86,6 @@ function DisplayHostAPDConfig(){
@@ -142,20 +120,6 @@ function DisplayHostAPDConfig(){
- 'TKIP+CCMP' but I am not yet sure what - * exactly is correct. - * At I read it, 'TKIP CCMP' would get written to the - * hostapd.conf file when it is saved but the correct option - * would only be selected if it reads 'TKIP+CCMP'. This is - * clearly broken. - * Now it is consistent, albeit possibly still broken. - */ - ?>
@@ -191,44 +155,73 @@ function DisplayHostAPDConfig(){
-"; - } - } elseif( isset($_POST['StopOpenVPN']) ) { - echo "Attempting to stop openvpn"; - exec( 'sudo /etc/init.d/openvpn stop', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StartTOR']) ) { - echo "Attempting to start TOR"; - exec( 'sudo /etc/init.d/tor start', $return ); - foreach( $return as $line ) { - echo $line."
"; - } - } elseif( isset($_POST['StopTOR']) ) { - echo "Attempting to stop TOR"; - exec( 'sudo /etc/init.d/tor stop', $return ); - foreach( $return as $line ) { - echo $line."
"; +function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) { + // It should not be possible to send bad data for these fields so clearly + // someone is up to something if they fail. Fail silently. + if (!(array_key_exists($_POST['wpa'], $wpa_array) && array_key_exists($_POST['wpa_pairwise'], $enc_types) && in_array($_POST['hw_mode'], $modes))) { + error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'"); + return false; + } + if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) || intval($_POST['channel']) < 1 || intval($_POST['channel']) > 14) { + error_log("Attempting to set channel to '".$_POST['channel']."'"); + return false; + } + + $good_input = true; + + // Verify input + if (strlen($_POST['ssid']) == 0 || strlen($_POST['ssid']) > 32) { + // Not sure of all the restrictions of SSID + $status->addMessage('SSID must be between 1 and 32 characters', 'danger'); + $good_input = false; + } + if (strlen($_POST['wpa_passphrase']) < 8 || strlen($_POST['wpa_passphrase']) > 63) { + $status->addMessage('WPA passphrase must be between 8 and 63 characters', 'danger'); + $good_input = false; + } + if (! in_array($_POST['interface'], $interfaces)) { + // The user is probably up to something here but it may also be a + // genuine error. + $status->addMessage('Unknown interface '.$_POST['interface'], 'danger'); + $good_input = false; + } + if (strlen($_POST['country_code']) != 0 && strlen($_POST['country_code']) != 2) { + $status->addMessage('Country code must be blank or two characters', 'danger'); + $good_input = false; + } + + if ($good_input) { + if ($tmp_file = fopen('/tmp/hostapddata', 'w')) { + // Fixed values + fwrite($tmp_file, 'driver=nl80211'.PHP_EOL); + fwrite($tmp_file, 'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL); + fwrite($tmp_file, 'ctrl_interface_group=0'.PHP_EOL); + fwrite($tmp_file, 'beacon_int=100'.PHP_EOL); + fwrite($tmp_file, 'auth_algs=1'.PHP_EOL); + fwrite($tmp_file, 'wpa_key_mgmt=WPA-PSK'.PHP_EOL); + + fwrite($tmp_file, 'ssid='.$_POST['ssid'].PHP_EOL); + fwrite($tmp_file, 'channel='.$_POST['channel'].PHP_EOL); + fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL); + fwrite($tmp_file, 'wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL); + fwrite($tmp_file, 'interface='.$_POST['interface'].PHP_EOL); + fwrite($tmp_file, 'wpa='.$_POST['wpa'].PHP_EOL); + fwrite($tmp_file, 'wpa_pairwise='.$_POST['wpa_pairwise'].PHP_EOL); + fwrite($tmp_file, 'country_code='.$_POST['country_code'].PHP_EOL); + fclose($tmp_file); + + system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); + if( $return == 0 ) { + $status->addMessage('Wifi Hotspot settings saved', 'success'); + } else { + $status->addMessage('Unable to save wifi hotspot settings', 'danger'); + } + } else { + $status->addMessage('Unable to save wifi hotspot settings', 'danger'); + return false; } } + return true; } ?> - diff --git a/index.php b/index.php index 2dea62f9..2b066bef 100755 --- a/index.php +++ b/index.php @@ -187,7 +187,7 @@ $csrf_token = $_SESSION['csrf_token']; DisplayAuthConfig($config['admin_user'], $config['admin_pass']); break; case "save_hostapd_conf": - SaveHostAPDConfig(); + SaveTORAndVPNConfig(); break; case "system_info": DisplaySystem();