1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #494 from JohnTheNerd/master

Properly locked down the back-end in monitoring mode
This commit is contained in:
Bill Zimmerman 2020-02-15 00:05:32 +01:00 committed by GitHub
commit c0af41a53b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 174 additions and 154 deletions

View File

@ -1,5 +1,7 @@
<?php <?php
require_once 'config.php';
/** /**
* Show dashboard page. * Show dashboard page.
*/ */
@ -146,33 +148,35 @@ function DisplayDashboard(&$extraFooterScripts)
} }
if (isset($_POST['ifdown_wlan0'])) { if (!RASPI_MONITOR_ENABLED) {
// Pressed stop button if (isset($_POST['ifdown_wlan0'])) {
if ($interfaceState === 'UP') { // Pressed stop button
$status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning'); if ($interfaceState === 'UP') {
exec('sudo ip link set '.RASPI_WIFI_CLIENT_INTERFACE.' down'); $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning');
$wlan0up = false; exec('sudo ip link set '.RASPI_WIFI_CLIENT_INTERFACE.' down');
$status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success'); $wlan0up = false;
} elseif ($interfaceState === 'unknown') { $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success');
$status->addMessage(_('Interface state unknown.'), 'danger'); } elseif ($interfaceState === 'unknown') {
$status->addMessage(_('Interface state unknown.'), 'danger');
} else {
$status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning');
}
} elseif (isset($_POST['ifup_wlan0'])) {
// Pressed start button
if ($interfaceState === 'DOWN') {
$status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
exec('sudo ip link set ' . RASPI_WIFI_CLIENT_INTERFACE . ' up');
exec('sudo ip -s a f label ' . RASPI_WIFI_CLIENT_INTERFACE);
$wlan0up = true;
$status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
} elseif ($interfaceState === 'unknown') {
$status->addMessage(_('Interface state unknown.'), 'danger');
} else {
$status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning');
}
} else { } else {
$status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning'); $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
} }
} elseif (isset($_POST['ifup_wlan0'])) {
// Pressed start button
if ($interfaceState === 'DOWN') {
$status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning');
exec('sudo ip link set ' . RASPI_WIFI_CLIENT_INTERFACE . ' up');
exec('sudo ip -s a f label ' . RASPI_WIFI_CLIENT_INTERFACE);
$wlan0up = true;
$status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success');
} elseif ($interfaceState === 'unknown') {
$status->addMessage(_('Interface state unknown.'), 'danger');
} else {
$status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning');
}
} else {
$status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
} }
echo renderTemplate("dashboard", compact( echo renderTemplate("dashboard", compact(

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -11,98 +12,102 @@ function DisplayDHCPConfig()
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (isset($_POST['savedhcpdsettings'])) { if (!RASPI_MONITOR_ENABLED) {
$errors = ''; if (isset($_POST['savedhcpdsettings'])) {
define('IFNAMSIZ', 16); $errors = '';
if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) || define('IFNAMSIZ', 16);
strlen($_POST['interface']) >= IFNAMSIZ) { if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
$errors .= _('Invalid interface name.').'<br />'.PHP_EOL; strlen($_POST['interface']) >= IFNAMSIZ) {
} $errors .= _('Invalid interface name.').'<br />'.PHP_EOL;
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
!empty($_POST['RangeStart'])) { // allow ''/null ?
$errors .= _('Invalid DHCP range start.').'<br />'.PHP_EOL;
}
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
!empty($_POST['RangeEnd'])) { // allow ''/null ?
$errors .= _('Invalid DHCP range end.').'<br />'.PHP_EOL;
}
if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
$errors .= _('Invalid DHCP lease time, not a number.').'<br />'.PHP_EOL;
}
if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
$errors .= _('Unknown DHCP lease time unit.').'<br />'.PHP_EOL;
}
$return = 1;
if (empty($errors)) {
$config = 'interface='.$_POST['interface'].PHP_EOL.
'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
',255.255.255.0,';
if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
$config .= $_POST['RangeLeaseTime'];
} }
$config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL; if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
!empty($_POST['RangeStart'])) { // allow ''/null ?
$errors .= _('Invalid DHCP range start.').'<br />'.PHP_EOL;
}
for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) { if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
$mac = trim($_POST["static_leases"]["mac"][$i]); !empty($_POST['RangeEnd'])) { // allow ''/null ?
$ip = trim($_POST["static_leases"]["ip"][$i]); $errors .= _('Invalid DHCP range end.').'<br />'.PHP_EOL;
if ($mac != "" && $ip != "") { }
$config .= "dhcp-host=$mac,$ip".PHP_EOL;
if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
$errors .= _('Invalid DHCP lease time, not a number.').'<br />'.PHP_EOL;
}
if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
$errors .= _('Unknown DHCP lease time unit.').'<br />'.PHP_EOL;
}
$return = 1;
if (empty($errors)) {
$config = 'interface='.$_POST['interface'].PHP_EOL.
'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
',255.255.255.0,';
if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
$config .= $_POST['RangeLeaseTime'];
} }
}
if ($_POST['DNS1']){ $config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL;
$config .= "dhcp-option=6," . $_POST['DNS1'];
if ($_POST['DNS2']){ for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
$config .= ','.$_POST['DNS2']; $mac = trim($_POST["static_leases"]["mac"][$i]);
$ip = trim($_POST["static_leases"]["ip"][$i]);
if ($mac != "" && $ip != "") {
$config .= "dhcp-host=$mac,$ip".PHP_EOL;
}
} }
$config .= PHP_EOL;
if ($_POST['DNS1']){
$config .= "dhcp-option=6," . $_POST['DNS1'];
if ($_POST['DNS2']){
$config .= ','.$_POST['DNS2'];
}
$config .= PHP_EOL;
}
file_put_contents("/tmp/dnsmasqdata", $config);
system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return);
} else {
$status->addMessage($errors, 'danger');
} }
file_put_contents("/tmp/dnsmasqdata", $config); if ($return == 0) {
system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return); $status->addMessage('Dnsmasq configuration updated successfully', 'success');
} else { } else {
$status->addMessage($errors, 'danger'); $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
} }
if ($return == 0) {
$status->addMessage('Dnsmasq configuration updated successfully', 'success');
} else {
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
} }
} }
exec('pidof dnsmasq | wc -l', $dnsmasq); exec('pidof dnsmasq | wc -l', $dnsmasq);
$dnsmasq_state = ($dnsmasq[0] > 0); $dnsmasq_state = ($dnsmasq[0] > 0);
if (isset($_POST['startdhcpd'])) { if (!RASPI_MONITOR_ENABLED) {
if ($dnsmasq_state) { if (isset($_POST['startdhcpd'])) {
$status->addMessage('dnsmasq already running', 'info'); if ($dnsmasq_state) {
} else { $status->addMessage('dnsmasq already running', 'info');
exec('sudo /bin/systemctl start dnsmasq.service', $dnsmasq, $return);
if ($return == 0) {
$status->addMessage('Successfully started dnsmasq', 'success');
$dnsmasq_state = true;
} else { } else {
$status->addMessage('Failed to start dnsmasq', 'danger'); exec('sudo /bin/systemctl start dnsmasq.service', $dnsmasq, $return);
if ($return == 0) {
$status->addMessage('Successfully started dnsmasq', 'success');
$dnsmasq_state = true;
} else {
$status->addMessage('Failed to start dnsmasq', 'danger');
}
} }
} } elseif (isset($_POST['stopdhcpd'])) {
} elseif (isset($_POST['stopdhcpd'])) { if ($dnsmasq_state) {
if ($dnsmasq_state) { exec('sudo /bin/systemctl stop dnsmasq.service', $dnsmasq, $return);
exec('sudo /bin/systemctl stop dnsmasq.service', $dnsmasq, $return); if ($return == 0) {
if ($return == 0) { $status->addMessage('Successfully stopped dnsmasq', 'success');
$status->addMessage('Successfully stopped dnsmasq', 'success'); $dnsmasq_state = false;
$dnsmasq_state = false; } else {
$status->addMessage('Failed to stop dnsmasq', 'danger');
}
} else { } else {
$status->addMessage('Failed to stop dnsmasq', 'danger'); $status->addMessage('dnsmasq already stopped', 'info');
} }
} else {
$status->addMessage('dnsmasq already stopped', 'info');
} }
} }

View File

@ -2,6 +2,7 @@
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
include_once('app/lib/system.php'); include_once('app/lib/system.php');
require_once 'config.php';
/** /**
* *
@ -25,23 +26,25 @@ function DisplayHostAPDConfig()
$managedModeEnabled = false; $managedModeEnabled = false;
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
if (isset($_POST['SaveHostAPDSettings'])) { if (!RASPI_MONITOR_ENABLED) {
SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); if (isset($_POST['SaveHostAPDSettings'])) {
} elseif (isset($_POST['StartHotspot'])) { SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
$status->addMessage('Attempting to start hotspot', 'info'); } elseif (isset($_POST['StartHotspot'])) {
if ($arrHostapdConf['WifiAPEnable'] == 1) { $status->addMessage('Attempting to start hotspot', 'info');
exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); if ($arrHostapdConf['WifiAPEnable'] == 1) {
} else { exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return); } else {
} exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return);
foreach ($return as $line) { }
$status->addMessage($line, 'info'); foreach ($return as $line) {
} $status->addMessage($line, 'info');
} elseif (isset($_POST['StopHotspot'])) { }
$status->addMessage('Attempting to stop hotspot', 'info'); } elseif (isset($_POST['StopHotspot'])) {
exec('sudo /bin/systemctl stop hostapd.service', $return); $status->addMessage('Attempting to stop hotspot', 'info');
foreach ($return as $line) { exec('sudo /bin/systemctl stop hostapd.service', $return);
$status->addMessage($line, 'info'); foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} }
} }

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -10,25 +11,27 @@ include_once('includes/status_messages.php');
function DisplayOpenVPNConfig() function DisplayOpenVPNConfig()
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (isset($_POST['SaveOpenVPNSettings'])) { if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['authUser'])) { if (isset($_POST['SaveOpenVPNSettings'])) {
$authUser = strip_tags(trim($_POST['authUser'])); if (isset($_POST['authUser'])) {
} $authUser = strip_tags(trim($_POST['authUser']));
if (isset($_POST['authPassword'])) { }
$authPassword = strip_tags(trim($_POST['authPassword'])); if (isset($_POST['authPassword'])) {
} $authPassword = strip_tags(trim($_POST['authPassword']));
$return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword); }
} elseif (isset($_POST['StartOpenVPN'])) { $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword);
$status->addMessage('Attempting to start OpenVPN', 'info'); } elseif (isset($_POST['StartOpenVPN'])) {
exec('sudo /bin/systemctl start openvpn-client@client', $return); $status->addMessage('Attempting to start OpenVPN', 'info');
foreach ($return as $line) { exec('sudo /bin/systemctl start openvpn-client@client', $return);
$status->addMessage($line, 'info'); foreach ($return as $line) {
} $status->addMessage($line, 'info');
} elseif (isset($_POST['StopOpenVPN'])) { }
$status->addMessage('Attempting to stop OpenVPN', 'info'); } elseif (isset($_POST['StopOpenVPN'])) {
exec('sudo /bin/systemctl stop openvpn-client@client', $return); $status->addMessage('Attempting to stop OpenVPN', 'info');
foreach ($return as $line) { exec('sudo /bin/systemctl stop openvpn-client@client', $return);
$status->addMessage($line, 'info'); foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} }
} }

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -72,25 +73,34 @@ function DisplaySystem()
} }
} }
if (isset($_POST['SaveServerPort'])) { if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['serverPort'])) { if (isset($_POST['SaveServerPort'])) {
if (strlen($_POST['serverPort']) > 4 || !is_numeric($_POST['serverPort'])) { if (isset($_POST['serverPort'])) {
$status->addMessage('Invalid value for port number', 'danger'); if (strlen($_POST['serverPort']) > 4 || !is_numeric($_POST['serverPort'])) {
} else { $status->addMessage('Invalid value for port number', 'danger');
$serverPort = escapeshellarg($_POST['serverPort']); } else {
exec("sudo /etc/raspap/lighttpd/configport.sh $serverPort " .RASPI_LIGHTTPD_CONFIG. " ".$_SERVER['SERVER_NAME'], $return); $serverPort = escapeshellarg($_POST['serverPort']);
foreach ($return as $line) { exec("sudo /etc/raspap/lighttpd/configport.sh $serverPort " .RASPI_LIGHTTPD_CONFIG. " ".$_SERVER['SERVER_NAME'], $return);
$status->addMessage($line, 'info'); foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} }
} }
} }
if (isset($_POST['system_reboot'])) {
$status->addMessage("System Rebooting Now!", "warning", false);
$result = shell_exec("sudo /sbin/reboot");
}
if (isset($_POST['system_shutdown'])) {
$status->addMessage("System Shutting Down Now!", "warning", false);
$result = shell_exec("sudo /sbin/shutdown -h now");
}
} }
if (isset($_POST['RestartLighttpd'])) { if (isset($_POST['RestartLighttpd'])) {
$status->addMessage('Restarting lighttpd in 3 seconds...','info'); $status->addMessage('Restarting lighttpd in 3 seconds...','info');
exec('sudo /etc/raspap/lighttpd/configport.sh --restart'); exec('sudo /etc/raspap/lighttpd/configport.sh --restart');
} }
exec('cat '. RASPI_LIGHTTPD_CONFIG, $return); exec('cat '. RASPI_LIGHTTPD_CONFIG, $return);
$conf = ParseConfig($return); $conf = ParseConfig($return);
$ServerPort = $conf['server.port']; $ServerPort = $conf['server.port'];
@ -118,14 +128,5 @@ function DisplaySystem()
'el_GR.UTF-8' => 'Ελληνικά' 'el_GR.UTF-8' => 'Ελληνικά'
); );
if (isset($_POST['system_reboot'])) {
$status->addMessage("System Rebooting Now!", "warning", false);
$result = shell_exec("sudo /sbin/reboot");
}
if (isset($_POST['system_shutdown'])) {
$status->addMessage("System Shutting Down Now!", "warning", false);
$result = shell_exec("sudo /sbin/shutdown -h now");
}
echo renderTemplate("system", compact("arrLocales", "status", "system", "ServerPort")); echo renderTemplate("system", compact("arrLocales", "status", "system", "ServerPort"));
} }

View File

@ -2,6 +2,10 @@
require_once 'config.php'; require_once 'config.php';
require_once RASPI_CONFIG.'/raspap.php'; require_once RASPI_CONFIG.'/raspap.php';
if (RASPI_MONITOR_ENABLED) {
die();
};
session_start(); session_start();
header('X-Frame-Options: SAMEORIGIN'); header('X-Frame-Options: SAMEORIGIN');
header("Content-Security-Policy: default-src 'none'; frame-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"); header("Content-Security-Policy: default-src 'none'; frame-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");