#!/bin/bash _WWW='/www' _PWDFILE="/opt/lib/htpasswd" _TMP="${_WWW}/tmp" _LOG="${_WWW}/log/admin.log" _DEBUG=1 ## logging logThis() { [[ $_DEBUG -gt 0 ]] || return 0 [[ $_ERR -gt 0 ]] && _TYPE='E:' || _TYPE='I:' ## Info or Error indication local _TIME=$(printf '%(%d.%m.%Y %H:%M:%S)T' -1) printf '%b\n' "$_TIME $_TYPE ${1} " >> $_LOG [[ $_DEBUG -gt 1 ]] && printf '%b\n' "[verbose] $_TYPE ${1}" return 0 } ## http response headerPrint() { case ${1} in 200) printf '%b' 'HTTP/1.1 200 OK\nAccess-Control-Allow-Origin: *\n\n';; 301) printf '%b' "HTTP/1.1 301 Moved Permanently\nLocation: ${HTTP_REFERER}\n\n";; 403) printf '%b' 'HTTP/1.1 403 Forbidden\n\n';; 405) printf '%b' 'HTTP/1.1 405 Method Not Allowed\n\n';; 406) printf '%b' 'HTTP/1.1 406 Not Acceptable\n\n';; esac return 0 } htDigest() { _USER='admin' _PWD=$1 _REALM='superglue' _HASH=$(echo -n "$_USER:$_REALM:$_PWD" | md5sum | cut -b -32) echo -n "$_USER:$_REALM:$_HASH" } urlDec() { local value=${*//+/%20} for part in ${value//%/ \\x}; do printf "%b%s" "${part:0:4}" "${part:4}" done } setQueryVars() { local _POST=$(cat) local vars=${_POST//\*/%2A} for var in ${vars//&/ }; do local value=$(urlDec "${var#*=}") value=${value//\\/\\\\} eval "_${var%=*}=\"${value//\"/\\\"}\"" done } getQueryFile() { _POST_TMP=$(mktemp -p $_TMP) ## make tmp POST file cat > $_POST_TMP ## cautiously storing entire POST in a file logThis "'multipart': decoding stream" local _BND=$(findPostOpt 'boundary') ## bash is binary unsafe and eats away precious lines ## thus using gawk function cutFile() { gawk -v "want=$1" -v "bnd=$_BND" ' BEGIN { RS="\r\n"; ORS="\r\n" } # reset based on boundaries $0 == "--"bnd"" { st=1; next; } $0 == "--"bnd"--" { st=0; next; } $0 == "--"bnd"--\r" { st=0; next; } # search for wanted file st == 1 && $0 ~ "^Content-Disposition:.* name=\""want"\"" { st=2; next; } st == 1 && $0 == "" { st=9; next; } # wait for newline, then start printing st == 2 && $0 == "" { st=3; next; } st == 3 { print $0 } ' 2>&1 } cutFile 'fwupload' < "${_POST_TMP}" > "${_TMP}/fwupload.bin" } ## find arbitrary option supplied in Content-Type header ## eg: "Content-Type:application/octet-stream; verbose=1" findPostOpt() { for i in "${CONTENT_TYPE[@]:1}"; do case "${i/=*}" in "$1") printf '%b' "${i/*=}" ;; esac done return 0 } runSuid() { local _SID=$(/usr/bin/ps -p $$ -o sid=) ## pass session id to the child local _CMD=$@ sudo ./suid.sh $_CMD $_SID 2>/dev/null } validIp() { local _IP=$1 local _RET=1 if [[ $_IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then OIFS=$IFS IFS='.' _IP=($_IP) IFS=$OIFS [[ ${_IP[0]} -le 255 && ${_IP[1]} -le 255 && ${_IP[2]} -le 255 && ${_IP[3]} -le 255 ]] _RET=$? fi return $_RET } pwdChange() { if [[ ! -z "${_pwd##$_pwdd}" ]]; then _ERR=1 showMesg 'Passwords did not match' fi if [[ ${#_pwd} -lt 6 ]]; then _ERR=1 showMesg 'Password must be at least 6 characters long' fi runSuid "echo -e \"$_pwd\n$_pwd\" | passwd root" runSuid "echo $(htDigest $_pwd) > $_PWDFILE" _ERR=$? if [[ $_ERR -gt 0 ]]; then showMesg 'Password change failed' else showMesg 'Password is changed' fi } lanAddr() { logThis "new LAN addr is: $_laddr" validIp $_laddr || showMesg 'Not valid network address' doUci set laddr $_laddr _ERR=$? if [[ $_ERR -gt 0 ]]; then showMesg 'Setting network address failed' else (sleep 1; doUci commit network; doUci commit wireless;)& showMesg 'New network address is set' "Your server is now accessible under http://superglue.local/admin" fi } wanSet() { if [[ ! -z $_wanifname ]]; then ## eth and wlan wan cases are different! ## eth wan requires: ## config interface 'wan' ## option ifname 'eth0' ## ## config wifi-iface ## option device 'radio0' ## option network 'wan' ## option disabled '1' (or no 'config wifi-iface' section at all) ## ## wlan wan requires: ## config interface 'wan' ## option proto 'dhcp' ## (without 'option ifname' specified!) ## ## config wifi-iface ## option device 'radio0' ## option network 'wan' logThis "wan.ifname=$_wanifname" if [[ $_wanifname == 'eth0' ]]; then doUci set wanifname $_wanifname doUci set wanwifacedis '1' elif [[ $_wanifname == 'wlan1' ]]; then doUci set wanifname '' doUci set wanwifacedis '' fi if [[ $_wanproto == 'dhcp' ]]; then doUci set wanproto dhcp elif [[ $_wanproto == 'static' ]]; then logThis "wan.ipaddr=$_wanipaddr" doUci set wanproto static doUci set wanipaddr $_wanipaddr doUci set wannetmask $_wannetmask fi if [[ $_wanifname == 'wlan1' ]]; then ssidChange || showMesg 'Wireless changes failed' fi ## background the following doUci commit network && showMesg 'Internet connection is configured' 'Waiting for device to get ready' || showMesg 'Configuring Internet connection failed' fi logThis "new WAN iface is: $_wanifname" } ssidChange() { ## check for iface [[ ! $_iface =~ ^('wan'|'lan')$ ]] && showMesg 'Error changing wireless settings' 'unknown/unconfigured interface' logThis "$_iface is being set" _p=$_iface ## default enc for now local _enc='psk2' if [[ $_iface == 'wan' ]]; then local _mode='sta' local _ssid="${_wanssid}" local _key="${_wankey}" else local _mode='ap' local _ssid="${_lanssid}" local _key="${_lankey}" fi logThis "ssid: $_ssid [$_mode], key: $_key [$_enc]" logThis $_wanssid if [[ ${#_ssid} -lt 4 ]]; then _ERR=1 showMesg 'SSID must be at least 4 characters long' fi doUci set $_p'ssid' "${_ssid}" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg 'New SSID is not set' if [[ -z $_key ]]; then ## if key is empty set encryption to none and remove key doUci set $_p'key' && doUci set $_p'enc' 'none' _ERR=$? else if [[ ${#_key} -lt 8 ]]; then _ERR=1 showMesg 'Passphrase must be at least 8 characters long' fi doUci set $_p'key' "${_key}" && doUci set $_p'enc' "${_enc}" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg 'Passphrase is not set' fi [[ $_ERR -gt 0 ]] && return $_ERR ##showMesg 'Wireless changes failed' doUci commit wireless ##&& showMesg 'Wireless changes applied' } #showError() { # headerPrint 406 # logThis "$@" # echo "ERROR: $@" # exit 1 #} showMesg() { logThis "$@" local _MSG=$1 local _SUBMSG=$2 _MSG=${_MSG:='Not defined'} _SUBMSG=${_SUBMSG:='back to control panel in a second..'} if [[ $_ERR -gt 0 ]]; then local _TYPE='ERROR: ' headerPrint 406 else local _TYPE='OK: ' headerPrint 200 fi htmlHead "" echo "

SG rescue mode


$_TYPE $_MSG

$_SUBMSG
" exit 0 } updateFw() { logThis "updating fw" _FWFILE="${_TMP}/fwupload.bin" logThis "fwfile is: $(ls -lad $_FWFILE)" _OUT="$(/sbin/sysupgrade -T $_FWFILE 2>&1)" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg "$_OUT" _OUT="$(runSuid /sbin/mtd -e firmware -q write $_FWFILE firmware)" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg "mtd failed, $_OUT" runSuid reboot showMesg 'Firmware update is completed, rebooting..' 'this might take up to 60 seconds' } rebootNow() { logThis "reboot: now!" runSuid reboot showMesg 'Rebooting..' 'this might take up to 60 seconds' } doUci() { local _CMD='' local _ARG='' case $1 in get|set|commit) _CMD=$1;; *) logThis 'bad UCI command'; headerPrint 405; echo 'bad UCI command'; exit 1 ;; esac case $2 in lanssid) _ARG='wireless.@wifi-iface[0].ssid';; lanenc) _ARG='wireless.@wifi-iface[0].encryption';; lankey) _ARG='wireless.@wifi-iface[0].key';; lanipaddr) _ARG='network.lan.ipaddr';; wanifname) _ARG='network.wan.ifname';; wanproto) _ARG='network.wan.proto';; wanipaddr) _ARG='network.wan.ipaddr';; wannetmask) _ARG='network.wan.netmask';; wanwifacedis) _ARG='wireless.@wifi-iface[1].disabled';; wanssid) _ARG='wireless.@wifi-iface[1].ssid';; wanenc) _ARG='wireless.@wifi-iface[1].encryption';; wankey) _ARG='wireless.@wifi-iface[1].key';; *) if [[ $_CMD == 'commit' ]]; then _ARG=$2 else logThis "bad UCI entry: $2" _ERR=1 showMesg 'bad UCI entry' fi ;; esac if [[ $_CMD == 'get' ]]; then if [ ! -z $_ARG ]; then /sbin/uci -q get $_ARG || return $? fi fi if [[ $_CMD == 'set' ]]; then local _VAL=$3 if [ -z $_VAL ]; then logThis "empty $_ARG value, removing record" runSuid /sbin/uci delete $_ARG || ( echo "uci delete $_ARG: error"; exit 1; ) fi if [ ! -z $_ARG ]; then logThis "setting $_ARG value" runSuid /sbin/uci set $_ARG=$_VAL || ( echo "uci set $_ARG: error"; exit 1; ) fi fi if [[ $_CMD == 'commit' ]]; then runSuid /sbin/uci commit $_ARG|| echo "uci commit $_ARG: error" if [[ "$_ARG" == 'wireless' ]]; then runSuid /sbin/wifi || echo 'wifi: error' fi if [[ "$_ARG" == 'network' ]]; then runSuid /etc/init.d/dnsmasq restart && runSuid /etc/init.d/network restart || echo 'network: error' fi fi } getStat() { . /usr/share/libubox/jshn.sh local _IFACE=$1 local _IFSTAT=$(runSuid ubus call network.interface.wan status 2>/dev/null) logThis "$_IFSTAT" json_get_type _IFSTAT ipv4_address if json_get_type _IFSTAT ipv4_address && [[ "$_IFSTAT" == 'array' ]]; then json_select ipv4_address json_get_type _IFSTAT 1 if [[ "$_IFSTAT" == 'object' ]]; then json_select 1 json_get_var IP4 address json_get_var Subnet4 mask [[ "$IP4" != '' ]] && [[ "$Subnet4" != '' ]] && IP4="$IP4/$Subnet4" fi fi logThis $IP4 } ##getStat wan htmlHead() { echo " SuperGlue | Administration $@ " } ## unless auth is disabled in lighttpd ## it should never come to this, if [[ -z $HTTP_AUTHORIZATION ]]; then if [[ -z $HTTP_AUTHORIZATION ]]; then logThis 'no auth' headerPrint 403 echo 'no is no' exit 1 else logThis 'auth OK' fi if [[ $REQUEST_METHOD == 'POST' ]]; then if [[ $CONTENT_LENGTH -gt 0 ]]; then CONTENT_TYPE=( ${CONTENT_TYPE} ) _CONTENT_TYPE="${CONTENT_TYPE[0]/;}" _ENC="${HTTP_CONTENT_ENCODING}" case "${_CONTENT_TYPE}" in application/x-www-form-urlencoded) setQueryVars;; multipart/form-data) getQueryFile;; *) _ERR=1; _OUT='this is not a post' ;; esac case $REQUEST_URI in /admin/pwdchange) pwdChange;; /admin/ssidchange) ssidChange;; /admin/lanaddr) lanAddr;; /admin/updatefw) updateFw;; /admin/rebootnow) rebootNow;; /admin/wan) wanSet;; *) logThis 'bad action'; headerPrint 405; echo 'no such thing'; exit 1;; esac fi headerPrint 301 fi headerPrint 200 ## html head htmlHead sgver=$(cat /etc/superglue_version) devmod=$(cat /etc/superglue_model) openwrt=$(cat /etc/openwrt_version) wanifname=$(doUci get wanifname || echo 'wlan0') ## TODO fix this wanproto=$(doUci get wanproto) wanipaddr=$(doUci get wanipaddr) wannetmask=$(doUci get wannetmask) wanssid=$(doUci get wanssid) wankey=$(doUci get wankey) echo "

SG rescue mode


System version: $sgver | Device: $devmod | OpenWRT: $openwrt $(uptime)
Internet connection:

Local wireless network:

Change password:

Update firmware:


Memory:
$(free)

Storage:
$(df -h)

Environment:
$(env)

$_POST " exit 0