Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-mod-admin-full/luasrc/controller/admin/system.lua
Jo-Philipp Wich b5826f1ffb luci-mod-admin-full: protect clock, flash and opkg ops with submit token 
* Use post_on() target to require csrf token verification for modifying actions
* Ensure that package and flash operation handlers guard modifying operations
  with parameter check

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20 21:04:46 +02:00

394 lines
10 KiB
Lua
Raw Blame History

-- Copyright 2008 Steven Barth <steven@midlink.org>
-- Copyright 2008-2011 Jo-Philipp Wich <jow@openwrt.org>
-- Licensed to the public under the Apache License 2.0.
module("luci.controller.admin.system", package.seeall)
function index()
local fs = require "nixio.fs"
entry({"admin", "system"}, alias("admin", "system", "system"), _("System"), 30).index = true
entry({"admin", "system", "system"}, cbi("admin_system/system"), _("System"), 1)
entry({"admin", "system", "clock_status"}, post_on({ set = true }, "action_clock_status"))
entry({"admin", "system", "admin"}, cbi("admin_system/admin"), _("Administration"), 2)
if fs.access("/bin/opkg") then
entry({"admin", "system", "packages"}, post_on({ exec = "1" }, "action_packages"), _("Software"), 10)
entry({"admin", "system", "packages", "ipkg"}, form("admin_system/ipkg"))
end
entry({"admin", "system", "startup"}, form("admin_system/startup"), _("Startup"), 45)
entry({"admin", "system", "crontab"}, form("admin_system/crontab"), _("Scheduled Tasks"), 46)
if fs.access("/sbin/block") then
entry({"admin", "system", "fstab"}, cbi("admin_system/fstab"), _("Mount Points"), 50)
entry({"admin", "system", "fstab", "mount"}, cbi("admin_system/fstab/mount"), nil).leaf = true
entry({"admin", "system", "fstab", "swap"}, cbi("admin_system/fstab/swap"), nil).leaf = true
end
if fs.access("/sys/class/leds") then
entry({"admin", "system", "leds"}, cbi("admin_system/leds"), _("<abbr title=\"Light Emitting Diode\">LED</abbr> Configuration"), 60)
end
entry({"admin", "system", "flashops"}, post_on({ exec = "1" }, "action_flashops"), _("Backup / Flash Firmware"), 70)
entry({"admin", "system", "flashops", "backupfiles"}, form("admin_system/backupfiles"))
entry({"admin", "system", "reboot"}, template("admin_system/reboot"), _("Reboot"), 90)
entry({"admin", "system", "reboot", "call"}, post("action_reboot"))
end
function action_clock_status()
local set = tonumber(luci.http.formvalue("set"))
if set ~= nil and set > 0 then
local date = os.date("*t", set)
if date then
luci.sys.call("date -s '%04d-%02d-%02d %02d:%02d:%02d'" %{
date.year, date.month, date.day, date.hour, date.min, date.sec
})
end
end
luci.http.prepare_content("application/json")
luci.http.write_json({ timestring = os.date("%c") })
end
function action_packages()
local fs = require "nixio.fs"
local ipkg = require "luci.model.ipkg"
local submit = (luci.http.formvalue("exec") == "1")
local update, upgrade
local changes = false
local install = { }
local remove = { }
local stdout = { "" }
local stderr = { "" }
local out, err
-- Display
local display = luci.http.formvalue("display") or "installed"
-- Letter
local letter = string.byte(luci.http.formvalue("letter") or "A", 1)
letter = (letter == 35 or (letter >= 65 and letter <= 90)) and letter or 65
-- Search query
local query = luci.http.formvalue("query")
query = (query ~= '') and query or nil
-- Modifying actions
if submit then
-- Packets to be installed
local ninst = luci.http.formvalue("install")
local uinst = nil
-- Install from URL
local url = luci.http.formvalue("url")
if url and url ~= '' then
uinst = url
end
-- Do install
if ninst then
install[ninst], out, err = ipkg.install(ninst)
stdout[#stdout+1] = out
stderr[#stderr+1] = err
changes = true
end
if uinst then
local pkg
for pkg in luci.util.imatch(uinst) do
install[uinst], out, err = ipkg.install(pkg)
stdout[#stdout+1] = out
stderr[#stderr+1] = err
changes = true
end
end
-- Remove packets
local rem = luci.http.formvalue("remove")
if rem then
remove[rem], out, err = ipkg.remove(rem)
stdout[#stdout+1] = out
stderr[#stderr+1] = err
changes = true
end
-- Update all packets
update = luci.http.formvalue("update")
if update then
update, out, err = ipkg.update()
stdout[#stdout+1] = out
stderr[#stderr+1] = err
end
-- Upgrade all packets
upgrade = luci.http.formvalue("upgrade")
if upgrade then
upgrade, out, err = ipkg.upgrade()
stdout[#stdout+1] = out
stderr[#stderr+1] = err
end
end
-- List state
local no_lists = true
local old_lists = false
if fs.access("/var/opkg-lists/") then
local list
for list in fs.dir("/var/opkg-lists/") do
no_lists = false
if (fs.stat("/var/opkg-lists/"..list, "mtime") or 0) < (os.time() - (24 * 60 * 60)) then
old_lists = true
break
end
end
end
luci.template.render("admin_system/packages", {
display = display,
letter = letter,
query = query,
install = install,
remove = remove,
update = update,
upgrade = upgrade,
no_lists = no_lists,
old_lists = old_lists,
stdout = table.concat(stdout, ""),
stderr = table.concat(stderr, "")
})
-- Remove index cache
if changes then
fs.unlink("/tmp/luci-indexcache")
end
end
function action_flashops()
local http = require "luci.http"
local sys = require "luci.sys"
local fs = require "nixio.fs"
local submit = (http.formvalue("exec") == "1")
local upgrade_avail = fs.access("/lib/upgrade/platform.sh")
local reset_avail = os.execute([[grep '"rootfs_data"' /proc/mtd >/dev/null 2>&1]]) == 0
local restore_cmd = "tar -xzC/ >/dev/null 2>&1"
local backup_cmd = "sysupgrade --create-backup - 2>/dev/null"
local image_tmp = "/tmp/firmware.img"
local function image_supported()
return (os.execute("sysupgrade -T %q >/dev/null" % image_tmp) == 0)
end
local function image_checksum()
return (luci.sys.exec("md5sum %q" % image_tmp):match("^([^%s]+)"))
end
local function storage_size()
local size = 0
if fs.access("/proc/mtd") then
for l in io.lines("/proc/mtd") do
local d, s, e, n = l:match('^([^%s]+)%s+([^%s]+)%s+([^%s]+)%s+"([^%s]+)"')
if n == "linux" or n == "firmware" then
size = tonumber(s, 16)
break
end
end
elseif fs.access("/proc/partitions") then
for l in io.lines("/proc/partitions") do
local x, y, b, n = l:match('^%s*(%d+)%s+(%d+)%s+([^%s]+)%s+([^%s]+)')
if b and n and not n:match('[0-9]') then
size = tonumber(b) * 1024
break
end
end
end
return size
end
--
-- Handle modifying actions
--
if submit then
local fp
http.setfilehandler(
function(meta, chunk, eof)
if not fp then
if meta and meta.name == "image" then
fp = io.open(image_tmp, "w")
else
fp = io.popen(restore_cmd, "w")
end
end
if chunk then
fp:write(chunk)
end
if eof then
fp:close()
end
end
)
if http.formvalue("backup") then
--
-- Assemble file list, generate backup
--
local reader = ltn12_popen(backup_cmd)
http.header('Content-Disposition', 'attachment; filename="backup-%s-%s.tar.gz"' % {
luci.sys.hostname(), os.date("%Y-%m-%d")})
http.prepare_content("application/x-targz")
luci.ltn12.pump.all(reader, http.write)
return
elseif http.formvalue("restore") then
--
-- Unpack received .tar.gz
--
local upload = http.formvalue("archive")
if upload and #upload > 0 then
luci.template.render("admin_system/applyreboot")
luci.sys.reboot()
return
end
elseif http.formvalue("image") or http.formvalue("step") then
--
-- Initiate firmware flash
--
local step = tonumber(http.formvalue("step") or 1)
if step == 1 then
if image_supported() then
luci.template.render("admin_system/upgrade", {
checksum = image_checksum(),
storage = storage_size(),
size = (fs.stat(image_tmp, "size") or 0),
keep = (not not http.formvalue("keep"))
})
else
fs.unlink(image_tmp)
luci.template.render("admin_system/flashops", {
reset_avail = reset_avail,
upgrade_avail = upgrade_avail,
image_invalid = true
})
end
return
--
-- Start sysupgrade flash
--
elseif step == 2 then
local keep = (http.formvalue("keep") == "1") and "" or "-n"
luci.template.render("admin_system/applyreboot", {
title = luci.i18n.translate("Flashing..."),
msg = luci.i18n.translate("The system is flashing now.<br /> DO NOT POWER OFF THE DEVICE!<br /> Wait a few minutes before you try to reconnect. It might be necessary to renew the address of your computer to reach the device again, depending on your settings."),
addr = (#keep > 0) and "192.168.1.1" or nil
})
fork_exec("killall dropbear uhttpd; sleep 1; /sbin/sysupgrade %s %q" %{ keep, image_tmp })
return
end
elseif reset_avail and http.formvalue("reset") then
--
-- Reset system
--
luci.template.render("admin_system/applyreboot", {
title = luci.i18n.translate("Erasing..."),
msg = luci.i18n.translate("The system is erasing the configuration partition now and will reboot itself when finished."),
addr = "192.168.1.1"
})
fork_exec("killall dropbear uhttpd; sleep 1; mtd -r erase rootfs_data")
return
end
end
--
-- Overview
--
luci.template.render("admin_system/flashops", {
reset_avail = reset_avail,
upgrade_avail = upgrade_avail
})
end
function action_passwd()
local p1 = luci.http.formvalue("pwd1")
local p2 = luci.http.formvalue("pwd2")
local stat = nil
if p1 or p2 then
if p1 == p2 then
stat = luci.sys.user.setpasswd("root", p1)
else
stat = 10
end
end
luci.template.render("admin_system/passwd", {stat=stat})
end
function action_reboot()
luci.sys.reboot()
end
function fork_exec(command)
local pid = nixio.fork()
if pid > 0 then
return
elseif pid == 0 then
-- change to root dir
nixio.chdir("/")
-- patch stdin, out, err to /dev/null
local null = nixio.open("/dev/null", "w+")
if null then
nixio.dup(null, nixio.stderr)
nixio.dup(null, nixio.stdout)
nixio.dup(null, nixio.stdin)
if null:fileno() > 2 then
null:close()
end
end
-- replace with target command
nixio.exec("/bin/sh", "-c", command)
end
end
function ltn12_popen(command)
local fdi, fdo = nixio.pipe()
local pid = nixio.fork()
if pid > 0 then
fdo:close()
local close
return function()
local buffer = fdi:read(2048)
local wpid, stat = nixio.waitpid(pid, "nohang")
if not close and wpid and stat == "exited" then
close = true
end
if buffer and #buffer > 0 then
return buffer
elseif close then
fdi:close()
return nil
end
end
elseif pid == 0 then
nixio.dup(fdo, nixio.stdout)
fdi:close()
fdo:close()
nixio.exec("/bin/sh", "-c", command)
end
end
Reference in a new issue View git blame Copy permalink