From c7785ce672b164fec17c77e1463b124f5177d187 Mon Sep 17 00:00:00 2001 From: John Karabudak Date: Thu, 13 Feb 2020 21:59:58 -0330 Subject: [PATCH 1/2] fixed security hole that allowed web console in monitor mode --- includes/webconsole.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/includes/webconsole.php b/includes/webconsole.php index a26b0c0d..092e07cd 100755 --- a/includes/webconsole.php +++ b/includes/webconsole.php @@ -2,6 +2,10 @@ require_once 'config.php'; require_once RASPI_CONFIG.'/raspap.php'; +if (RASPI_MONITOR_ENABLED) { + die(); +}; + session_start(); header('X-Frame-Options: SAMEORIGIN'); header("Content-Security-Policy: default-src 'none'; frame-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"); From 8fe0e9e59a9efaa84061fea3304a0b9a435d7c72 Mon Sep 17 00:00:00 2001 From: John Date: Thu, 13 Feb 2020 23:08:46 -0330 Subject: [PATCH 2/2] fully locked down the back-end in monitoring mode --- includes/dashboard.php | 54 ++++++++------- includes/dhcp.php | 153 +++++++++++++++++++++-------------------- includes/hostapd.php | 37 +++++----- includes/openvpn.php | 41 ++++++----- includes/system.php | 39 ++++++----- 5 files changed, 170 insertions(+), 154 deletions(-) diff --git a/includes/dashboard.php b/includes/dashboard.php index fc03c0aa..b560fc16 100755 --- a/includes/dashboard.php +++ b/includes/dashboard.php @@ -1,5 +1,7 @@ addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning'); - exec('sudo ip link set '.RASPI_WIFI_CLIENT_INTERFACE.' down'); - $wlan0up = false; - $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success'); - } elseif ($interfaceState === 'unknown') { - $status->addMessage(_('Interface state unknown.'), 'danger'); + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['ifdown_wlan0'])) { + // Pressed stop button + if ($interfaceState === 'UP') { + $status->addMessage(sprintf(_('Interface is going %s.'), _('down')), 'warning'); + exec('sudo ip link set '.RASPI_WIFI_CLIENT_INTERFACE.' down'); + $wlan0up = false; + $status->addMessage(sprintf(_('Interface is now %s.'), _('down')), 'success'); + } elseif ($interfaceState === 'unknown') { + $status->addMessage(_('Interface state unknown.'), 'danger'); + } else { + $status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning'); + } + } elseif (isset($_POST['ifup_wlan0'])) { + // Pressed start button + if ($interfaceState === 'DOWN') { + $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning'); + exec('sudo ip link set ' . RASPI_WIFI_CLIENT_INTERFACE . ' up'); + exec('sudo ip -s a f label ' . RASPI_WIFI_CLIENT_INTERFACE); + $wlan0up = true; + $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success'); + } elseif ($interfaceState === 'unknown') { + $status->addMessage(_('Interface state unknown.'), 'danger'); + } else { + $status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning'); + } } else { - $status->addMessage(sprintf(_('Interface already %s.'), _('down')), 'warning'); + $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus); } - } elseif (isset($_POST['ifup_wlan0'])) { - // Pressed start button - if ($interfaceState === 'DOWN') { - $status->addMessage(sprintf(_('Interface is going %s.'), _('up')), 'warning'); - exec('sudo ip link set ' . RASPI_WIFI_CLIENT_INTERFACE . ' up'); - exec('sudo ip -s a f label ' . RASPI_WIFI_CLIENT_INTERFACE); - $wlan0up = true; - $status->addMessage(sprintf(_('Interface is now %s.'), _('up')), 'success'); - } elseif ($interfaceState === 'unknown') { - $status->addMessage(_('Interface state unknown.'), 'danger'); - } else { - $status->addMessage(sprintf(_('Interface already %s.'), _('up')), 'warning'); - } - } else { - $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus); } echo renderTemplate("dashboard", compact( diff --git a/includes/dhcp.php b/includes/dhcp.php index 3ecfd797..7ccc292d 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -1,6 +1,7 @@ = IFNAMSIZ) { - $errors .= _('Invalid interface name.').'
'.PHP_EOL; - } - - if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) && - !empty($_POST['RangeStart'])) { // allow ''/null ? - $errors .= _('Invalid DHCP range start.').'
'.PHP_EOL; - } - - if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) && - !empty($_POST['RangeEnd'])) { // allow ''/null ? - $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL; - } - - if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') { - $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL; - } - - if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) { - $errors .= _('Unknown DHCP lease time unit.').'
'.PHP_EOL; - } - - $return = 1; - if (empty($errors)) { - $config = 'interface='.$_POST['interface'].PHP_EOL. - 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd']. - ',255.255.255.0,'; - if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') { - $config .= $_POST['RangeLeaseTime']; + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['savedhcpdsettings'])) { + $errors = ''; + define('IFNAMSIZ', 16); + if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) || + strlen($_POST['interface']) >= IFNAMSIZ) { + $errors .= _('Invalid interface name.').'
'.PHP_EOL; } - $config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL; + if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) && + !empty($_POST['RangeStart'])) { // allow ''/null ? + $errors .= _('Invalid DHCP range start.').'
'.PHP_EOL; + } - for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) { - $mac = trim($_POST["static_leases"]["mac"][$i]); - $ip = trim($_POST["static_leases"]["ip"][$i]); - if ($mac != "" && $ip != "") { - $config .= "dhcp-host=$mac,$ip".PHP_EOL; + if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) && + !empty($_POST['RangeEnd'])) { // allow ''/null ? + $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL; + } + + if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') { + $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL; + } + + if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) { + $errors .= _('Unknown DHCP lease time unit.').'
'.PHP_EOL; + } + + $return = 1; + if (empty($errors)) { + $config = 'interface='.$_POST['interface'].PHP_EOL. + 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd']. + ',255.255.255.0,'; + if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') { + $config .= $_POST['RangeLeaseTime']; } - } - if ($_POST['DNS1']){ - $config .= "dhcp-option=6," . $_POST['DNS1']; - if ($_POST['DNS2']){ - $config .= ','.$_POST['DNS2']; + $config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL; + + for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) { + $mac = trim($_POST["static_leases"]["mac"][$i]); + $ip = trim($_POST["static_leases"]["ip"][$i]); + if ($mac != "" && $ip != "") { + $config .= "dhcp-host=$mac,$ip".PHP_EOL; + } } - $config .= PHP_EOL; + + if ($_POST['DNS1']){ + $config .= "dhcp-option=6," . $_POST['DNS1']; + if ($_POST['DNS2']){ + $config .= ','.$_POST['DNS2']; + } + $config .= PHP_EOL; + } + + file_put_contents("/tmp/dnsmasqdata", $config); + system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return); + } else { + $status->addMessage($errors, 'danger'); } - file_put_contents("/tmp/dnsmasqdata", $config); - system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_CONFIG, $return); - } else { - $status->addMessage($errors, 'danger'); - } - - if ($return == 0) { - $status->addMessage('Dnsmasq configuration updated successfully', 'success'); - } else { - $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger'); + if ($return == 0) { + $status->addMessage('Dnsmasq configuration updated successfully', 'success'); + } else { + $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger'); + } } } exec('pidof dnsmasq | wc -l', $dnsmasq); $dnsmasq_state = ($dnsmasq[0] > 0); - if (isset($_POST['startdhcpd'])) { - if ($dnsmasq_state) { - $status->addMessage('dnsmasq already running', 'info'); - } else { - exec('sudo /bin/systemctl start dnsmasq.service', $dnsmasq, $return); - if ($return == 0) { - $status->addMessage('Successfully started dnsmasq', 'success'); - $dnsmasq_state = true; + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['startdhcpd'])) { + if ($dnsmasq_state) { + $status->addMessage('dnsmasq already running', 'info'); } else { - $status->addMessage('Failed to start dnsmasq', 'danger'); + exec('sudo /bin/systemctl start dnsmasq.service', $dnsmasq, $return); + if ($return == 0) { + $status->addMessage('Successfully started dnsmasq', 'success'); + $dnsmasq_state = true; + } else { + $status->addMessage('Failed to start dnsmasq', 'danger'); + } } - } - } elseif (isset($_POST['stopdhcpd'])) { - if ($dnsmasq_state) { - exec('sudo /bin/systemctl stop dnsmasq.service', $dnsmasq, $return); - if ($return == 0) { - $status->addMessage('Successfully stopped dnsmasq', 'success'); - $dnsmasq_state = false; + } elseif (isset($_POST['stopdhcpd'])) { + if ($dnsmasq_state) { + exec('sudo /bin/systemctl stop dnsmasq.service', $dnsmasq, $return); + if ($return == 0) { + $status->addMessage('Successfully stopped dnsmasq', 'success'); + $dnsmasq_state = false; + } else { + $status->addMessage('Failed to stop dnsmasq', 'danger'); + } } else { - $status->addMessage('Failed to stop dnsmasq', 'danger'); + $status->addMessage('dnsmasq already stopped', 'info'); } - } else { - $status->addMessage('dnsmasq already stopped', 'info'); } } diff --git a/includes/hostapd.php b/includes/hostapd.php index d8a6810b..b8398513 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -2,6 +2,7 @@ include_once('includes/status_messages.php'); include_once('app/lib/system.php'); +require_once 'config.php'; /** * @@ -25,23 +26,25 @@ function DisplayHostAPDConfig() $managedModeEnabled = false; exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); - if (isset($_POST['SaveHostAPDSettings'])) { - SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); - } elseif (isset($_POST['StartHotspot'])) { - $status->addMessage('Attempting to start hotspot', 'info'); - if ($arrHostapdConf['WifiAPEnable'] == 1) { - exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); - } else { - exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return); - } - foreach ($return as $line) { - $status->addMessage($line, 'info'); - } - } elseif (isset($_POST['StopHotspot'])) { - $status->addMessage('Attempting to stop hotspot', 'info'); - exec('sudo /bin/systemctl stop hostapd.service', $return); - foreach ($return as $line) { - $status->addMessage($line, 'info'); + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['SaveHostAPDSettings'])) { + SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); + } elseif (isset($_POST['StartHotspot'])) { + $status->addMessage('Attempting to start hotspot', 'info'); + if ($arrHostapdConf['WifiAPEnable'] == 1) { + exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); + } else { + exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return); + } + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } + } elseif (isset($_POST['StopHotspot'])) { + $status->addMessage('Attempting to stop hotspot', 'info'); + exec('sudo /bin/systemctl stop hostapd.service', $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } } } diff --git a/includes/openvpn.php b/includes/openvpn.php index 3cce43e2..d079c770 100755 --- a/includes/openvpn.php +++ b/includes/openvpn.php @@ -1,6 +1,7 @@ addMessage('Attempting to start OpenVPN', 'info'); - exec('sudo /bin/systemctl start openvpn-client@client', $return); - foreach ($return as $line) { - $status->addMessage($line, 'info'); - } - } elseif (isset($_POST['StopOpenVPN'])) { - $status->addMessage('Attempting to stop OpenVPN', 'info'); - exec('sudo /bin/systemctl stop openvpn-client@client', $return); - foreach ($return as $line) { - $status->addMessage($line, 'info'); + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['SaveOpenVPNSettings'])) { + if (isset($_POST['authUser'])) { + $authUser = strip_tags(trim($_POST['authUser'])); + } + if (isset($_POST['authPassword'])) { + $authPassword = strip_tags(trim($_POST['authPassword'])); + } + $return = SaveOpenVPNConfig($status, $_FILES['customFile'], $authUser, $authPassword); + } elseif (isset($_POST['StartOpenVPN'])) { + $status->addMessage('Attempting to start OpenVPN', 'info'); + exec('sudo /bin/systemctl start openvpn-client@client', $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } + } elseif (isset($_POST['StopOpenVPN'])) { + $status->addMessage('Attempting to stop OpenVPN', 'info'); + exec('sudo /bin/systemctl stop openvpn-client@client', $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } } } diff --git a/includes/system.php b/includes/system.php index 3993c160..b2565ec0 100755 --- a/includes/system.php +++ b/includes/system.php @@ -1,6 +1,7 @@ 4 || !is_numeric($_POST['serverPort'])) { - $status->addMessage('Invalid value for port number', 'danger'); - } else { - $serverPort = escapeshellarg($_POST['serverPort']); - exec("sudo /etc/raspap/lighttpd/configport.sh $serverPort " .RASPI_LIGHTTPD_CONFIG. " ".$_SERVER['SERVER_NAME'], $return); - foreach ($return as $line) { - $status->addMessage($line, 'info'); + if (!RASPI_MONITOR_ENABLED) { + if (isset($_POST['SaveServerPort'])) { + if (isset($_POST['serverPort'])) { + if (strlen($_POST['serverPort']) > 4 || !is_numeric($_POST['serverPort'])) { + $status->addMessage('Invalid value for port number', 'danger'); + } else { + $serverPort = escapeshellarg($_POST['serverPort']); + exec("sudo /etc/raspap/lighttpd/configport.sh $serverPort " .RASPI_LIGHTTPD_CONFIG. " ".$_SERVER['SERVER_NAME'], $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } } } } + if (isset($_POST['system_reboot'])) { + $status->addMessage("System Rebooting Now!", "warning", false); + $result = shell_exec("sudo /sbin/reboot"); + } + if (isset($_POST['system_shutdown'])) { + $status->addMessage("System Shutting Down Now!", "warning", false); + $result = shell_exec("sudo /sbin/shutdown -h now"); + } } if (isset($_POST['RestartLighttpd'])) { $status->addMessage('Restarting lighttpd in 3 seconds...','info'); exec('sudo /etc/raspap/lighttpd/configport.sh --restart'); } - exec('cat '. RASPI_LIGHTTPD_CONFIG, $return); $conf = ParseConfig($return); $ServerPort = $conf['server.port']; @@ -118,14 +128,5 @@ function DisplaySystem() 'el_GR.UTF-8' => 'Ελληνικά' ); - if (isset($_POST['system_reboot'])) { - $status->addMessage("System Rebooting Now!", "warning", false); - $result = shell_exec("sudo /sbin/reboot"); - } - if (isset($_POST['system_shutdown'])) { - $status->addMessage("System Shutting Down Now!", "warning", false); - $result = shell_exec("sudo /sbin/shutdown -h now"); - } - echo renderTemplate("system", compact("arrLocales", "status", "system", "ServerPort")); }