Skip to content

Commit a21ecbf

Browse files
authored
Merge pull request #2012 from RaspAP/fix/wifi-security-open
Fix: Use SECURITY_OPEN for evaluating network protocol
2 parents f5ade0f + cca91df commit a21ecbf

5 files changed

Lines changed: 344 additions & 147 deletions

File tree

includes/configure_client.php

100755100644
Lines changed: 41 additions & 111 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
use RaspAP\Networking\Hotspot\WiFiManager;
44

55
/**
6-
*
6+
* WiFi client configuration page handler
77
*
88
*/
99
function DisplayWPAConfig()
@@ -16,138 +16,68 @@ function DisplayWPAConfig()
1616
$wifi->knownWifiStations($networks);
1717
$wifi->setKnownStationsWPA($networks);
1818

19-
$iface = escapeshellarg($_SESSION['wifi_client_interface']);
19+
$clientInterface = $_SESSION['wifi_client_interface'];
2020

2121
if (isset($_POST['connect'])) {
2222
$netid = intval($_POST['connect']);
23-
$cmd = "sudo wpa_cli -i $iface select_network $netid";
24-
$return = shell_exec($cmd);
25-
sleep(2);
26-
if (trim($return) == "FAIL") {
27-
$status->addMessage('WPA command line client returned failure. Check your adapter.', 'danger');
28-
} else {
23+
24+
if ($wifi->connectToNetwork($clientInterface, $netid)) {
2925
$status->addMessage('New network selected', 'success');
26+
} else {
27+
$status->addMessage('WPA command line client returned failure. Check your adapter.', 'danger');
3028
}
3129
} elseif (isset($_POST['wpa_reinit'])) {
3230
$status->addMessage('Attempting to reinitialize wpa_supplicant', 'warning');
3331
$force_remove = true;
3432
$result = $wifi->reinitializeWPA($force_remove);
3533
} elseif (isset($_POST['client_settings'])) {
3634
$tmp_networks = $networks;
37-
if ($wpa_file = fopen('/tmp/wifidata', 'w')) {
38-
fwrite($wpa_file, 'ctrl_interface=DIR=' . RASPI_WPA_CTRL_INTERFACE . ' GROUP=netdev' . PHP_EOL);
39-
fwrite($wpa_file, 'update_config=1' . PHP_EOL);
40-
41-
foreach (array_keys($_POST) as $post) {
4235

43-
if (preg_match('/delete(\d+)/', $post, $post_match)) {
44-
$network = $tmp_networks[$_POST['ssid' . $post_match[1]]];
45-
$netid = $network['index'];
46-
exec('sudo wpa_cli -i ' . $iface . ' disconnect ' . $netid);
47-
exec('sudo wpa_cli -i ' . $iface . ' remove_network ' . $netid);
48-
unset($tmp_networks[$_POST['ssid' . $post_match[1]]]);
36+
foreach (array_keys($_POST) as $post) {
4937

50-
} elseif (preg_match('/update(\d+)/', $post, $post_match)) {
51-
// NB, multiple protocols are separated with a forward slash ('/')
52-
$tmp_networks[$_POST['ssid' . $post_match[1]]] = array(
53-
'protocol' => ( $_POST['protocol' . $post_match[1]] === 'Open' ? 'Open' : 'WPA' ),
54-
'passphrase' => $_POST['passphrase' . $post_match[1]],
55-
'configured' => true
56-
);
57-
if (array_key_exists('priority' . $post_match[1], $_POST)) {
58-
$tmp_networks[$_POST['ssid' . $post_match[1]]]['priority'] = $_POST['priority' . $post_match[1]];
59-
}
60-
$network = $tmp_networks[$_POST['ssid' . $post_match[1]]];
61-
$ssid = escapeshellarg('"'.$_POST['ssid' . $post_match[1]].'"');
62-
$psk = escapeshellarg('"'.$_POST['passphrase' . $post_match[1]].'"');
63-
$netid = trim(shell_exec("sudo wpa_cli -i $iface add_network"));
64-
if (isset($netid)) {
65-
$commands = [
66-
"sudo wpa_cli -i $iface set_network $netid ssid $ssid",
67-
"sudo wpa_cli -i $iface set_network $netid psk $psk",
68-
"sudo wpa_cli -i $iface enable_network $netid"
69-
];
70-
foreach ($commands as $cmd) {
71-
exec($cmd);
72-
}
73-
} else {
74-
$status->addMessage('Unable to add network with WPA command line client', 'warning');
75-
}
38+
if (preg_match('/delete(\d+)/', $post, $post_match)) {
39+
$network = $tmp_networks[$_POST['ssid' . $post_match[1]]];
40+
$netid = $network['index'];
41+
$wifi->deleteNetwork($clientInterface, $netid);
42+
unset($tmp_networks[$_POST['ssid' . $post_match[1]]]);
43+
} elseif (preg_match('/disconnect(\d+)/', $post, $post_match)) {
44+
$network = $tmp_networks[$_POST['ssid' . $post_match[1]]];
45+
$netid = $network['index'];
46+
$wifi->disconnectNetwork($clientInterface, $netid);
47+
} elseif (preg_match('/update(\d+)/', $post, $post_match)) {
48+
// NB, multiple protocols are separated with a forward slash ('/')
49+
$protocol = $_POST['protocol' . $post_match[1]] === $wifi::SECURITY_OPEN ? $wifi::SECURITY_OPEN : 'WPA';
50+
$tmp_networks[$_POST['ssid' . $post_match[1]]] = array(
51+
'protocol' => $protocol,
52+
'passphrase' => $_POST['passphrase' . $post_match[1]] ?? '',
53+
'configured' => true
54+
);
55+
if (array_key_exists('priority' . $post_match[1], $_POST)) {
56+
$tmp_networks[$_POST['ssid' . $post_match[1]]]['priority'] = $_POST['priority' . $post_match[1]];
7657
}
77-
}
58+
$network = $tmp_networks[$_POST['ssid' . $post_match[1]]];
7859

79-
$ok = true;
80-
foreach ($tmp_networks as $ssid => $network) {
81-
if ($network['protocol'] === $wifi::SECURITY_OPEN) {
82-
fwrite($wpa_file, "network={".PHP_EOL);
83-
fwrite($wpa_file, "\tssid=\"".$ssid."\"".PHP_EOL);
84-
fwrite($wpa_file, "\tkey_mgmt=NONE".PHP_EOL);
85-
fwrite($wpa_file, "\tscan_ssid=1".PHP_EOL);
86-
if (array_key_exists('priority', $network)) {
87-
fwrite($wpa_file, "\tpriority=".$network['priority'].PHP_EOL);
88-
}
89-
fwrite($wpa_file, "}".PHP_EOL);
90-
} else {
91-
if (strlen($network['passphrase']) >=8 && strlen($network['passphrase']) <= 63) {
92-
unset($wpa_passphrase);
93-
unset($line);
94-
exec('wpa_passphrase '. $wifi->ssid2utf8( escapeshellarg($ssid) ) . ' ' . escapeshellarg($network['passphrase']), $wpa_passphrase);
95-
foreach ($wpa_passphrase as $line) {
96-
if (preg_match('/^\s*}\s*$/', $line)) {
97-
if (array_key_exists('priority', $network)) {
98-
fwrite($wpa_file, "\tpriority=".$network['priority'].PHP_EOL);
99-
}
100-
fwrite($wpa_file, $line.PHP_EOL);
101-
} else {
102-
if ( preg_match('/\\\\x[0-9A-Fa-f]{2}/',$ssid) && strpos($line, "ssid=\"") !== false ) {
103-
fwrite($wpa_file, "\tssid=P\"".$ssid."\"".PHP_EOL);
104-
} else {
105-
fwrite($wpa_file, $line.PHP_EOL);
106-
}
107-
}
108-
}
109-
} elseif (strlen($network['passphrase']) == 0 && strlen($network['passkey']) == 64) {
110-
$line = "\tpsk=" . $network['passkey'];
111-
fwrite($wpa_file, "network={".PHP_EOL);
112-
fwrite($wpa_file, "\tssid=\"".$ssid."\"".PHP_EOL);
113-
fwrite($wpa_file, $line.PHP_EOL);
114-
if (array_key_exists('priority', $network)) {
115-
fwrite($wpa_file, "\tpriority=".$network['priority'].PHP_EOL);
116-
}
117-
fwrite($wpa_file, "}".PHP_EOL);
118-
} else {
119-
$status->addMessage('WPA passphrase must be between 8 and 63 characters', 'danger');
120-
$ok = false;
121-
}
122-
}
123-
}
60+
$ssid = $_POST['ssid' . $post_match[1]];
61+
$passphrase = $_POST['passphrase' . $post_match[1]] ?? '';
12462

125-
if ($ok) {
126-
system('sudo cp /tmp/wifidata ' . RASPI_WPA_SUPPLICANT_CONFIG, $returnval);
127-
if ($returnval == 0) {
128-
exec('sudo wpa_cli -i ' . $_SESSION['wifi_client_interface'] . ' reconfigure', $reconfigure_out, $reconfigure_return);
129-
if ($reconfigure_return == 0) {
130-
$status->addMessage('Wifi settings updated successfully', 'success');
131-
$networks = $tmp_networks;
132-
} else {
133-
$status->addMessage('Wifi settings updated but cannot restart (cannot execute "wpa_cli reconfigure")', 'danger');
134-
}
135-
} else {
136-
$status->addMessage('Wifi settings failed to be updated', 'danger');
63+
$netid = $wifi->updateNetwork($clientInterface, $ssid, $passphrase, $protocol);
64+
if ($netid === null) {
65+
$status->addMessage('Unable to add network with WPA command line client', 'warning');
13766
}
13867
}
68+
}
69+
70+
$result = $wifi->writeWpaSupplicant($tmp_networks, $clientInterface);
71+
72+
if ($result['success']) {
73+
$status->addMessage($result['message'], 'success');
74+
$networks = $tmp_networks;
13975
} else {
140-
$status->addMessage('Failed to update wifi settings', 'danger');
76+
$status->addMessage($result['message'], 'danger');
14177
}
14278
}
14379

144-
$clientInterface = $_SESSION['wifi_client_interface'];
145-
146-
exec('ip a show '.$clientInterface, $stdoutIp);
147-
$stdoutIpAllLinesGlued = implode(" ", $stdoutIp);
148-
$stdoutIpWRepeatedSpaces = preg_replace('/\s\s+/', ' ', $stdoutIpAllLinesGlued);
149-
preg_match('/state (UP|DOWN)/i', $stdoutIpWRepeatedSpaces, $matchesState) || $matchesState[1] = 'unknown';
150-
$ifaceStatus = strtolower($matchesState[1]) ? "up" : "down";
80+
$ifaceStatus = $wifi->getInterfaceStatus($clientInterface);
15181

15282
echo renderTemplate("configure_client", compact("status", "clientInterface", "ifaceStatus"));
15383
}

includes/functions.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,9 @@ function getProviderValue($id, $key)
112112
if (!isset($obj['providers']) || !is_array($obj['providers'])) {
113113
return false;
114114
}
115+
if ($id === null || !is_numeric($id)) {
116+
return false;
117+
}
115118
$id--;
116119
if (!isset($obj['providers'][$id]) || !is_array($obj['providers'][$id])) {
117120
return false;

installers/raspap.sudoers

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,16 @@ www-data ALL=(ALL) NOPASSWD:/sbin/wpa_supplicant -i [a-zA-Z0-9]* -c /etc/wpa_sup
99
www-data ALL=(ALL) NOPASSWD:/bin/rm /var/run/wpa_supplicant/[a-zA-Z0-9]*
1010
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* scan_results
1111
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* scan
12+
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* status
1213
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* reconfigure
1314
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* add_network
1415
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* list_networks
15-
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i enable_network [0-9]
16-
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i disconnect [0-9]
16+
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* enable_network [0-9]
17+
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* disconnect [0-9]
1718
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* select_network [0-9]
1819
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* set_network [0-9] *
1920
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i [a-zA-Z0-9]* remove_network [0-9]
21+
www-data ALL=(ALL) NOPASSWD:/bin/rm -f /var/run/wpa_supplicant/wlan[0-9]
2022
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
2123
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
2224
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service

0 commit comments

Comments
 (0)