#!/bin/bash _WWW='/www' _PWDFILE="${_WWW}/lib/htpasswd" _TMP="${_WWW}/tmp" _LOG="${_WWW}/log/admin.log" _DEBUG=1 ## logging logThis() { [[ $_DEBUG -gt 0 ]] || return 0 [[ $_ERR -gt 0 ]] && _TYPE='E:' || _TYPE='I:' ## Info or Error indication local _TIME=$(printf '%(%d.%m.%Y %H:%M:%S)T' -1) printf '%b\n' "$_TIME $_TYPE ${1} " >> $_LOG [[ $_DEBUG -gt 1 ]] && printf '%b\n' "[verbose] $_TYPE ${1}" return 0 } ## http response headerPrint() { case ${1} in 200) printf '%b' 'HTTP/1.1 200 OK\nAccess-Control-Allow-Origin: *\n\n';; 301) printf '%b' "HTTP/1.1 301 Moved Permanently\nLocation: ${HTTP_REFERER}\n\n";; 403) printf '%b' 'HTTP/1.1 403 Forbidden\n\n';; 405) printf '%b' 'HTTP/1.1 405 Method Not Allowed\n\n';; 406) printf '%b' 'HTTP/1.1 406 Not Acceptable\n\n';; esac return 0 } htDigest() { _USER='admin' _PWD=$1 _REALM='superglue' _HASH=$(echo -n "$_USER:$_REALM:$_PWD" | md5sum | cut -b -32) echo -n "$_USER:$_REALM:$_HASH" } urlDec() { local value=${*//+/%20} for part in ${value//%/ \\x}; do printf "%b%s" "${part:0:4}" "${part:4}" done } setQueryVars() { local _POST=$(cat) local vars=${_POST//\*/%2A} for var in ${vars//&/ }; do local value=$(urlDec "${var#*=}") value=${value//\\/\\\\} eval "_${var%=*}=\"${value//\"/\\\"}\"" done } getQueryFile() { _POST_TMP=$(mktemp -p $_TMP) ## make tmp POST file cat > $_POST_TMP ## cautiously storing entire POST in a file logThis "'multipart': decoding stream" local _BND=$(findPostOpt 'boundary') ## bash is binary unsafe and eats away precious lines ## thus using gawk function cutFile() { gawk -v "want=$1" -v "bnd=$_BND" ' BEGIN { RS="\r\n"; ORS="\r\n" } # reset based on boundaries $0 == "--"bnd"" { st=1; next; } $0 == "--"bnd"--" { st=0; next; } $0 == "--"bnd"--\r" { st=0; next; } # search for wanted file st == 1 && $0 ~ "^Content-Disposition:.* name=\""want"\"" { st=2; next; } st == 1 && $0 == "" { st=9; next; } # wait for newline, then start printing st == 2 && $0 == "" { st=3; next; } st == 3 { print $0 } ' 2>&1 } cutFile 'fwupload' < "${_POST_TMP}" > "${_TMP}/fwupload.bin" } ## find arbitrary option supplied in Content-Type header ## eg: "Content-Type:application/octet-stream; verbose=1" findPostOpt() { for i in "${CONTENT_TYPE[@]:1}"; do case "${i/=*}" in "$1") printf '%b' "${i/*=}" ;; esac done return 0 } runSuid() { local _SID=$(/usr/bin/ps -p $$ -o sid=) ## pass session id to the child local _CMD=$@ sudo ./suid.sh $_CMD $_SID 2>&1 } validIp() { local _IP=$1 local _RET=1 if [[ $_IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then OIFS=$IFS IFS='.' _IP=($_IP) IFS=$OIFS [[ ${_IP[0]} -le 255 && ${_IP[1]} -le 255 && ${_IP[2]} -le 255 && ${_IP[3]} -le 255 ]] _RET=$? fi return $_RET } pwdChange() { if [[ ! -z "${_pwd##$_pwdd}" ]]; then _ERR=1 showMesg 'Passwords did not match' fi if [[ ${#_pwd} -lt 6 ]]; then _ERR=1 showMesg 'Password must be at least 6 characters long' fi runSuid "echo -e \"$_pwd\n$_pwd\" | passwd root" runSuid "echo $(htDigest $_pwd) > $_PWDFILE" _ERR=$? if [[ $_ERR -gt 0 ]]; then showMesg 'Password change failed' else showMesg 'Password is changed' fi } lanAddr() { logThis "new LAN addr is: $_laddr" validIp $_laddr || showMesg 'Not valid network address' doUci set laddr $_laddr _ERR=$? if [[ $_ERR -gt 0 ]]; then showMesg 'Setting network address failed' else (sleep 1; doUci commit network; doUci commit wireless;)& showMesg 'New network address is set' "Your server is now accessible under http://$_laddr/admin" fi } ssidChange() { ## default enc for now local _enc='psk2' logThis "new ssid is: $_ssid" logThis "new key is: $_key" if [[ ${#_ssid} -lt 4 ]]; then _ERR=1 showMesg 'SSID must be at least 4 characters long' fi doUci set ssid $_ssid _ERR=$? [[ $_ERR -gt 0 ]] && showMesg 'New SSID is not set' if [[ -z $_key ]]; then ## if key is empty set encryption to none and remove key doUci set key && doUci set enc 'none' _ERR=$? else if [[ ${#_key} -lt 8 ]]; then _ERR=1 showMesg 'Passphrase must be at least 8 characters long' fi doUci set key $_key && doUci set enc $_enc _ERR=$? [[ $_ERR -gt 0 ]] && showMesg 'Passphrase is not set' fi [[ $_ERR -gt 0 ]] && showMesg 'Wireless changes failed' doUci commit wireless && showMesg 'Wireless changes applied' } #showError() { # headerPrint 406 # logThis "$@" # echo "ERROR: $@" # exit 1 #} showMesg() { logThis "$@" local _MSG=$1 local _SUBMSG=$2 _MSG=${_MSG:='Not defined'} _SUBMSG=${_SUBMSG:='back to control panel in a second..'} if [[ $_ERR -gt 0 ]]; then local _TYPE='ERROR: ' headerPrint 406 else local _TYPE='OK: ' headerPrint 200 fi htmlHead "" echo "

$_TYPE $_MSG

$_SUBMSG
" exit 0 } updateFw() { logThis "updating fw" _FWFILE="${_TMP}/fwupload.bin" logThis "fwfile is: $(ls -lad $_FWFILE)" _OUT="$(/sbin/sysupgrade -T $_FWFILE 2>&1)" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg "$_OUT" _OUT="$(runSuid /sbin/mtd -e firmware -q write $_FWFILE firmware)" _ERR=$? [[ $_ERR -gt 0 ]] && showMesg "mtd failed, $_OUT" runSuid reboot showMesg 'Firmware update is completed, rebooting..' 'this might take up to 60 seconds' } rebootNow() { logThis "reboot: now!" runSuid reboot showMesg 'Rebooting..' 'this might take up to 60 seconds' } doUci() { local _CMD='' local _ARG='' case $1 in get|set|commit) _CMD=$1;; *) logThis 'bad UCI command'; headerPrint 405; echo 'bad UCI command'; exit 1 ;; esac case $2 in ssid) _ARG='wireless.@wifi-iface[0].ssid';; enc) _ARG='wireless.@wifi-iface[0].encryption';; key) _ARG='wireless.@wifi-iface[0].key';; laddr) _ARG='network.lan.ipaddr';; *) if [[ $_CMD == 'commit' ]]; then _ARG=$2 else logThis 'bad UCI entry' _ERR=1 showMesg 'bad UCI entry' fi ;; esac if [[ $_CMD == 'get' ]]; then if [ ! -z $_ARG ]; then /sbin/uci get $_ARG fi fi if [[ $_CMD == 'set' ]]; then local _VAL=$3 if [ -z $_VAL ]; then logThis "empty $_ARG value, removing record" runSuid /sbin/uci delete $_ARG || ( echo "uci delete $_ARG: error"; exit 1; ) fi if [ ! -z $_ARG ]; then logThis "setting $_ARG value" runSuid /sbin/uci set $_ARG=$_VAL || ( echo "uci set $_ARG: error"; exit 1; ) fi fi if [[ $_CMD == 'commit' ]]; then runSuid /sbin/uci commit $_ARG|| echo "uci commit $_ARG: error" if [[ "$_ARG" == 'wireless' ]]; then runSuid /sbin/wifi || echo 'wifi: error' fi if [[ "$_ARG" == 'network' ]]; then runSuid /etc/init.d/dnsmasq restart && runSuid /etc/init.d/network restart || echo 'network: error' fi fi } htmlHead() { echo " SuperGlue | Administration $@ " } ## unless auth is disabled in lighttpd ## it should never come to this, if [[ -z $HTTP_AUTHORIZATION ]]; then logThis 'no auth' headerPrint 403 echo 'no is no' exit 1 else logThis 'auth OK' fi if [[ $REQUEST_METHOD == 'POST' ]]; then if [[ $CONTENT_LENGTH -gt 0 ]]; then CONTENT_TYPE=( ${CONTENT_TYPE} ) _CONTENT_TYPE="${CONTENT_TYPE[0]/;}" _ENC="${HTTP_CONTENT_ENCODING}" case "${_CONTENT_TYPE}" in application/x-www-form-urlencoded) setQueryVars;; multipart/form-data) getQueryFile;; *) _ERR=1; _OUT='this is not a post' ;; esac case $REQUEST_URI in /admin/pwdchange) pwdChange;; /admin/ssidchange) ssidChange;; /admin/lanaddr) lanAddr;; /admin/updatefw) updateFw;; /admin/rebootnow) rebootNow;; *) logThis 'bad action'; headerPrint 405; echo 'no such thing'; exit 1;; esac fi headerPrint 301 fi headerPrint 200 ## html head htmlHead echo "

Superglue server control panel

System version: "$(cat /etc/superglue_version || echo 'n/a')" | Device: "$(cat /etc/superglue_model || echo 'n/a')" | OpenWRT: "$(cat /etc/openwrt_version || echo 'n/a')" $(uptime)
Change password:

Configure wireless network:

Configure network address:

Update firmware:


Memory:
$(free)

Storage:
$(df -h)

Environment:
$(env)

$_POST " exit 0