From 671016e6859fee3ae4e9bff81312b5e0d43e2cce Mon Sep 17 00:00:00 2001
From: Joe Haig <josephhaig@gmail.com>
Date: Fri, 5 Aug 2016 15:50:05 +0100
Subject: [PATCH] Add CSRF to hostapd config

And tidy things up a bit
---
 includes/functions.php |  29 ++++
 includes/hostapd.php   | 321 +++++++++++++++++++----------------------
 2 files changed, 180 insertions(+), 170 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 20944244..20a44d2f 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -20,6 +20,35 @@ function CSRFValidate() {
   return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']);
 }
 
+/**
+* Test whether array is associative
+*/
+function isAssoc($arr) {
+  return array_keys($arr) !== range(0, count($arr) - 1);
+}
+
+/**
+*
+* Display a selector field for a form. Arguments are:
+*   $name:     Field name
+*   $options:  Array of options
+*   $selected: Selected option (optional)
+*       If $options is an associative array this should be the key
+*
+*/
+function SelectorOptions($name, $options, $selected = null) {
+  echo "<select class=\"form-control\" name=\"$name\">";
+  foreach ( $options as $opt => $label) {
+    $select = '';
+    $key = isAssoc($options) ? $opt : $label;
+    if( $key == $selected ) {
+      $select = " selected";
+    }
+    echo "<option value=\"$key\"$select>$label</options>";
+  }
+  echo "</select>";
+}
+
 /**
 *
 * @param string $input
diff --git a/includes/hostapd.php b/includes/hostapd.php
index 1d7e1408..1eb4aa6b 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -1,19 +1,73 @@
 <?php
+
+include_once( 'includes/status_messages.php' );
+
 /**
 *
 *
 */
 function DisplayHostAPDConfig(){
 
+  $status = new StatusMessages();
+
+  if( isset($_POST['SaveHostAPDSettings']) ) {
+    if (CSRFValidate()) {
+      $config = 'driver=nl80211'.PHP_EOL
+        .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL
+        .'ctrl_interface_group=0'.PHP_EOL
+        .'beacon_int=100'.PHP_EOL
+        .'auth_algs=1'.PHP_EOL
+        .'wpa_key_mgmt=WPA-PSK'.PHP_EOL;
+
+      $config .= "interface=".$_POST['interface'].PHP_EOL;
+      $config .= "ssid=".$_POST['ssid'].PHP_EOL;
+      $config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL;
+      $config .= "channel=".$_POST['channel'].PHP_EOL;
+      $config .= "wpa=".$_POST['wpa'].PHP_EOL;
+      $config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL;
+      $config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL;
+      $config .="country_code=".$_POST['country_code'];
+
+      exec( "echo '$config' > /tmp/hostapddata", $return );
+      system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return );
+
+      if( $return == 0 ) {
+        $status->addMessage('Wifi Hotspot settings saved', 'success');
+      } else {
+        $status->addMessage('Wifi Hotspot settings failed to be saved', 'danger');
+      }
+    } else {
+      error_log('CSRF violation');
+    }
+  } elseif( isset($_POST['StartHotspot']) ) {
+    if (CSRFValidate()) {
+      $status->addMessage('Attempting to start hotspot', 'info');
+      exec( 'sudo /etc/init.d/hostapd start', $return );
+      foreach( $return as $line ) {
+        $status->addMessage($line, 'info');
+      }
+    } else {
+      error_log('CSRF violation');
+    }
+  } elseif( isset($_POST['StopHotspot']) ) {
+    if (CSRFValidate()) {
+      $status->addMessage('Attempting to stop hotspot', 'info');
+      exec( 'sudo /etc/init.d/hostapd stop', $return );
+      foreach( $return as $line ) {
+        $status->addMessage($line, 'info');
+      }
+    } else {
+      error_log('CSRF violation');
+    }
+  }
+
   exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return );
   exec( 'pidof hostapd | wc -l', $hostapdstatus);
 
   if( $hostapdstatus[0] == 0 ) {
-    $status = '<div class="alert alert-warning alert-dismissable">HostAPD is not running
-          <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
+    $status->addMessage('HostAPD is not running', 'warning');
   } else {
-    $status = '<div class="alert alert-success alert-dismissable">HostAPD is running
-          <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
+    $status->addMessage('HostAPD is running', 'success');
   }
 
   $arrConfig = array();
@@ -29,148 +83,111 @@ function DisplayHostAPDConfig(){
   };
   ?>
   <div class="row">
-  <div class="col-lg-12">
+    <div class="col-lg-12">
       <div class="panel panel-primary">           
-      <div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot
-            </div>
+        <div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot</div>
         <!-- /.panel-heading -->
         <div class="panel-body">
-          <!-- Nav tabs -->
+          <form role="form" action="/?page=hostapd_conf" method="POST">
+            <!-- Nav tabs -->
             <ul class="nav nav-tabs">
-                <li class="active"><a href="#basic" data-toggle="tab">Basic</a>
-                </li>
-                <li><a href="#security" data-toggle="tab">Security</a>
-                </li>
-                <li><a href="#advanced" data-toggle="tab">Advanced</a>
-                </li>
+              <li class="active"><a href="#basic" data-toggle="tab">Basic</a></li>
+              <li><a href="#security" data-toggle="tab">Security</a></li>
+              <li><a href="#advanced" data-toggle="tab">Advanced</a></li>
             </ul>
 
             <!-- Tab panes -->
-             <div class="tab-content">
-               <p><?php echo $status; ?></p>
+            <div class="tab-content">
+              <p><?php $status->showMessages(); ?></p>
               <div class="tab-pane fade in active" id="basic">
-                
+
                 <h4>Basic settings</h4>
-          <form role="form" action="/?page=save_hostapd_conf" method="POST">
-          <div class="row">
-              <div class="form-group col-md-4">
-            <label for="code">Interface</label>
-            <select class="form-control" name="interface">
-            <?php
-              exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
-              foreach( $interfaces as $int ) {
-                $select = '';
-                if( $int == $arrConfig['interface'] ) {
-                  $select = " selected";
-                }
-                echo '<option value="'.$int.'"'.$select.'>'.$int.'</option>';
-              }
-            ?>
-            </select>
-            </div>
-          </div>
-          <div class="row">
-            <div class="form-group col-md-4">
-              <label for="code">SSID</label>
-              <input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
-            </div>
-          </div>
-          <div class="row">
-            <div class="form-group col-md-4">
-              <label for="code">Wireless Mode</label>
-              <select class="form-control" name="hw_mode">
-              <?php
-                foreach( $arrChannel as $Mode ) {
-                  $select = '';
-                  if( $arrConfig['hw_mode'] == $Mode ) {
-                    $select = ' selected';
-                  }
-                  echo '<option value="'.$Mode.'"'.$select.'>'.$Mode.'</option>';
-                }
-              ?>
-              </select>
-            </div>
-          </div>
-          <div class="row">
-            <div class="form-group col-md-4">
-            <label for="code">Channel</label>
-              <select class="form-control" name="channel">'
-              <?php
-                for( $channel = 1; $channel < 14; $channel++ ) {
-                  $select = '';
-                  if( $channel == $arrConfig['channel'] ) {
-                    $select = " selected";
-                  }
-                  echo '<option value="'.$channel.'"'.$select.'>'.$channel.'</option>';
-                }
-              ?>
-              </select>
-            </div>
-          </div>  
-        </div>
-        <div class="tab-pane fade" id="security">
+                <?php CSRFToken() ?>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">Interface</label>
+                    <?php
+                      exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
+                      SelectorOptions('interface', $interfaces, $arrConfig['interface']);
+                    ?>
+                  </div>
+                </div>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">SSID</label>
+                    <input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
+                  </div>
+                </div>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">Wireless Mode</label>
+                    <?php SelectorOptions('hw_mode', $arrChannel, $arrConfig['hw_mode']); ?>
+                  </div>
+                </div>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">Channel</label>
+                    <?php SelectorOptions('channel', range(1, 14), intval($arrConfig['channel'])) ?>
+                  </div>
+                </div>
+              </div>
+              <div class="tab-pane fade" id="security">
                 <h4>Security settings</h4>
                 <div class="row">
-            <div class="form-group col-md-4">
-                  <label for="code">Security type</label>
-                    <select class="form-control" name="wpa">
-                      <?php 
-              foreach( $arrSecurity as $SecVal => $SecMode ) {
-                $select = '';
-                if( $SecVal == $arrConfig['wpa'] ) {
-                  $select = ' selected';
-                }
-                echo '<option value="'.$SecVal.'"'.$select.'>'.$SecMode.'</option>';
-              }
-              ?>
-            </select>
-            </div>
-          </div>
-          <div class="row">
-            <div class="form-group col-md-4">
-            <label for="code">Encryption Type</label>
-            <select class="form-control" name="wpa_pairwise">
-            <?php
-              foreach( $arrEncType as $EncConf => $Enc ) {
-                $select = '';
-                if( $Enc == $arrConfig['wpa_pairwise'] ) {
-                  $select = ' selected';
-                }
-                echo '<option value="'.$EncConf.'"'.$select.'>'.$Enc.'</option>';
-              } ?>
-            </select>
-            </div>
-          </div>
-          <div class="row">
-            <div class="form-group col-md-4">
-            <label for="code">PSK</label>
-            <input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
-            </div>
-          </div>
+                  <div class="form-group col-md-4">
+                    <label for="code">Security type</label>
+                    <?php SelectorOptions('wpa', $arrSecurity, $arrConfig['wpa']); ?>
+                  </div>
+                </div>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">Encryption Type</label>
+                    <?php
+                      /*
+                      * NB, the original tests $arrConfig['wpa_pairwise'] against
+                      * the value in the $arrEncType array rather than the key. I
+                      * think there must be something wrong in the case of
+                      * 'TKIP CCMP' => 'TKIP+CCMP' but I am not yet sure what
+                      * exactly is correct.
+                      * At I read it, 'TKIP CCMP' would get written to the
+                      * hostapd.conf file when it is saved but the correct option
+                      * would only be selected if it reads 'TKIP+CCMP'. This is
+                      * clearly broken.
+                      * Now it is consistent, albeit possibly still broken.
+                      */
+                    ?>
+                    <?php SelectorOptions('wpa_pairwise', $arrEncType, $arrConfig['wpa_pairwise']); ?>
+                  </div>
+                </div>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                    <label for="code">PSK</label>
+                    <input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
+                  </div>
+                </div>
               </div>
-        <div class="tab-pane fade in" id="advanced">
-          <h4>Advanced settings</h4>
-          <div class="row">
-            <div class="form-group col-md-4">
-            <label for="code">Country Code</label>
-            <input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
-            </div>
-          </div>
-        </div>
+              <div class="tab-pane fade" id="advanced">
+                <h4>Advanced settings</h4>
+                <div class="row">
+                  <div class="form-group col-md-4">
+                  <label for="code">Country Code</label>
+                  <input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
+                </div>
+              </div>
+            </div><!-- ./ Panel body -->
 
-        <input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
-        <?php 
-        if($hostapdstatus[0] == 0) {
-          echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
-        } else {
-          echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
-        };
-        ?>
-        </form>
-      </div><!-- ./ Panel body -->
-      </div><!-- /.panel-primary -->
+            <input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
+            <?php
+              if($hostapdstatus[0] == 0) {
+                echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
+              } else {
+                echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
+              };
+            ?>
+          </form>
+        </div><!-- /.panel-primary -->
       <div class="panel-footer"> Information provided by hostapd</div>
-  </div><!-- /.col-lg-12 -->
+    </div><!-- /.col-lg-12 -->
   </div><!-- /.row -->
 <?php 
 }
@@ -179,50 +196,14 @@ function DisplayHostAPDConfig(){
 
 /**
 *
+* NB This function is also used for TOR and VPN so don't completely delete
 *
 */
 function SaveHostAPDConfig(){
-  if( isset($_POST['SaveHostAPDSettings']) ) {
-    $config = 'driver=nl80211'.PHP_EOL
-      .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL
-      .'ctrl_interface_group=0'.PHP_EOL
-      .'beacon_int=100'.PHP_EOL
-      .'auth_algs=1'.PHP_EOL
-      .'wpa_key_mgmt=WPA-PSK'.PHP_EOL;
-
-    $config .= "interface=".$_POST['interface'].PHP_EOL;
-    $config .= "ssid=".$_POST['ssid'].PHP_EOL;
-    $config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL;
-    $config .= "channel=".$_POST['channel'].PHP_EOL;
-    $config .= "wpa=".$_POST['wpa'].PHP_EOL;
-    $config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL;
-    $config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL;
-    $config .="country_code=".$_POST['country_code'];
-
-    exec( "echo '$config' > /tmp/hostapddata", $return );
-    system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return );
-    
-      if( $return == 0 ) {
-      echo "Wifi Hotspot settings saved";
-    } else {
-      echo "Wifi Hotspot settings failed to be saved";
-    }
-  } elseif( isset($_POST['SaveOpenVPNSettings']) ) {
+  if( isset($_POST['SaveOpenVPNSettings']) ) {
     // TODO
   } elseif( isset($_POST['SaveTORProxySettings']) ) {
     // TODO
-  } elseif( isset($_POST['StartHotspot']) ) {
-    echo "Attempting to start hotspot";
-    exec( 'sudo /etc/init.d/hostapd start', $return );
-    foreach( $return as $line ) {
-      echo $line."<br />";
-    }
-  } elseif( isset($_POST['StopHotspot']) ) {
-    echo "Attempting to stop hotspot";
-    exec( 'sudo /etc/init.d/hostapd stop', $return );
-    foreach( $return as $line ) {
-      echo $line."<br />";
-    }
   } elseif( isset($_POST['StartOpenVPN']) ) {
     echo "Attempting to start openvpn";
     exec( 'sudo /etc/init.d/openvpn start', $return );