summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-admin-full/luasrc/controller
AgeCommit message (Collapse)Author
2018-07-27treewide: rework rollback/apply workflowJo-Philipp Wich
Rework the apply confirmation mechanism to be session agnostic in order to circumvent cross domain restrictions which prevent the JS code from issuing apply confirm requests in some cases, e.g. when changing the LAN IP. Confirmation calls may now be done from unauthenticated pages, as long as a matching confirmation token is sent along with the request. The reasoning behind this is that there is little security impact in confirming pending apply sessions, especially since those sessions can only be initiated while being authenticated. After this change, LuCI will now launch a confirmation process on every rendered page when a rollback is pending. The confirmation will happen regardless of whether the user is logged in or not, or if the current page is a CBI form or static template. A confirmation request now also requires a random one-time token which is rendered along with the confirmation JavaScript code in order to succeed. This token is not meant to provide security but to ensure that the confirm was triggered from an interactive browser session and not some background HTTP requests that happened to end up in the admin ui. As a consequence, the different apply/confirm/rollback code paths in CBI maps and the UCI change/revert pages have been consolidated into one common implementation residing in the common global theme agnostic footer template. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-18luci-mod-admin-full: use incremental background scanning for wireless joinJo-Philipp Wich
The previous approach of synchroneously scanning while building the result page was suboptimal since it frequently led to connection resets when accessing LuCI via wireless. It also exhibited problems when accessed via SSL on recent Firefox versions where the page were only loaded partially. Rework the wireless scanning to gather scan results in a background process and put them into the ubus session data area where they can be readily accessed without causing network interruptions. Subsequently rebuild the wireless join page to use XHR polling to incrementally fetch updated scan results. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-15luci-mod-admin-full: improve interface overview displayJo-Philipp Wich
Remove the guessing of primary interfaces for now as we cannot yet properly track parent / child interface relations. Instead, add tooltips to the interface icons displaying detailed physical layer information per netdev. For dynamic or true alias interfaces (using "@" notation), skip the reporting of MAC and traffic stats. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-12luci-mod-admin-full: produce valid JSON in status/realtime/connections_statusJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-12luci-mod-admin-full: rework interface overview pageJo-Philipp Wich
Convert interface enable, disable and delete actions to proper cbi operations so that we can benefit from the apply/rollback workflow when performing critical interface operations. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-12luci-mod-admin-full: expose errors, description and up state in net statusJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-12luci-mod-admin-full: reimplement wireless overview page as cbi modelJo-Philipp Wich
This will offer apply/rollback workflow for tasks like deleting or shutting down wireless networks. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-03luci-mod-admin-full: check backup.tar.gz on applyFlorian Eckert
If an uploaded backup.tar.gz is not valid we will not get a respond from LuCI. The system will perform a reboot without applying the "tar.gz" even though the backup import failed. To fix this check if the backup archive is valid with the command "gunzip -t <archive>" and if the validation fails render the flashops page with a hint. On the other hand apply the backup archive and perform a reboot as before. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-06-26Merge pull request #1912 from Ansuel/fixassociJo-Philipp Wich
luci-mod-admin-full: fix missing wifi_assoclist
2018-06-26luci-mod-admin-full: fix missing wifi_assoclistAnsuel Smith
With #e5ba594d77eed77d31d4b9b8c0e86026eb5a5fac the list of the connected device broke up. This fix this problem by creating a proper request link. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-06-23luci-mod-admin-full: packages: display available packages by defaultJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-19luci-mod-admin-full: fix crash on wireless when no networks are declaredJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-18Merge pull request #1769 from jow-/masterJo-Philipp Wich
UCI apply/rollback workflow
2018-05-07luci-mod-admin-full: use fs.glob instead nixio.fs.globYousong Zhou
It's how the module was named when "require"d and used by other code in the same function Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07luci-mod-admin-full: no menu entry for leds if "/sys/class/leds" is emptyFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07luci-mod-admin-full: change supports_reset() test for factory resetFlorian Eckert
The check "supports_reset" only covers /proc/mtd partitions. If we have this the commands checks for names like ubi or rootfs_data. If this is found the system is possible for a factory reset. But on x86 the situation is different. We have no /proc/mtd partitions because this system do not use a bare metall flash. To solve this issue check if we have an overlay and if so we could do a factory reset. This could be applied for system which uses bare metal flash and system which uses FTL or harddisks. Jffs2reset is the current command used for factory reset. It will try to find volume "rootfs_data" and if it's mounted will delete all files under directory /overlay luci-mod-admin-mini also has check for reset available, but we leave it alone for now as it uses "mtd -r erase rootfs_data" Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-05treewide: rework uci apply workflowJo-Philipp Wich
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft- bricking devices by requiring an explicit confirmation call after config apply. When a user now clicks "Save & Apply", LuCI first issues a call to uci apply which commits and reloads configuration, then goes into a polling countdown mode where it repeatedly attempts to call uci confirm. If the committed configuration is sane, the confirm call will go through and cancel rpcd's pending rollback timer. If the configuration change leads to a loss of connectivity (e.g. due to bad firewall rules or similar), the rollback mechanism will kick in after the timeout and revert configuration files and pending changes to the pre-apply state. In order to cover such rare cases where a lost of connectivity is expected and desired, the user is offered an "unchecked" apply option after timing out, which allows committing and applying the changes anyway, without the extra safety checks. As a consequence of this change, the luci-reload mechanism is now completely unsused since rpcd uses ubus config reload signals to reload affected services, which means that only procd-enabled services will receive proper reload treatment with the new workflow. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-mod-admin-full: dispatch SimpleForm models using the form() actionJo-Philipp Wich
This fixes issues dicovered by check-controllers.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-06luci-mod-admin-full: fix request path access in uci controllerJo-Philipp Wich
Fixes #1725 Fixes 731ed77c0 ("treewide: improve handling of page redirections in uci change views") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05treewide: improve handling of page redirections in uci change viewsJo-Philipp Wich
Instead of passing the full LuCI request url, pass the relative resolved request path instead and filter the received value through the lookup() dispatcher function to only allow paths to actual internal pages. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05treewide: filter shell arguments through shellquote() where applicableJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05luci-mod-admin-full: fix possible shell injection in bandwith statusJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-12treewide: unify mac address handlingJo-Philipp Wich
Use the new luci.ip MAC address facilities to parse and verify MAC addresses in a common way, instead of relying on various ad-hoc solutions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-11luci-mod-admin-full: use rpcd-mod-rrdns for reverse DNS lookupsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-28mod-admin-full: Add IPv6 Prefix Delegation information to Status PagesCody R. Brown
The Overview page and Network>Interfaces page currently do not give much information about IPv6, particularly with Prefix Delegated setups. In these setups, ISP will delegate a prefix to the router. Currently LuCI doesn't display this Prefix Delegation from the ISP anywhere. A number of changes was added to this commit: 1) self:_ubus("ipv6-prefix") was extracted and put into protocol.ip6prefix. 2) Network>Interfaces page, if a .ip6prefix is present, show it under Status. (IPv6-PD). 3) On the Overview page, "Type" and "Prefix Delegated" has been added to the IPv6 Network Overview Status: - Type will display the .proto, similar to the IPv4 case. If a .ip6prefix is present, it'll display a "-pd" at the end of the Type: i.e. dhcpv6-pd vs. dhcpv6. - If no .ip6prefix is present, it'll do what it does currently, and just show Address, or :: if no address is present. - If .ip6prefix is present, it'll show the "Prefix Delegated", it'll also hide "Address" if no address is present, else it'll show ifc6.ip6addr as well. Signed-off-by: Cody R. Brown <dev@codybrown.ca>
2017-01-16Merge pull request #861 from ynezz/masterDaniel Dickinson
luci-mod-admin-full: Store system time into RTC also
2016-12-12luci-mod-admin-full: show realtime wlan graph only if iw command is installedFlorian Eckert
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-11-28luci-mod-admin-full: Store system time into RTC alsoPetr Štetiar
We're currently just setting system time, but we don't set battery backed RTC. Time in the RTC is only set on the graceful shutdown, which is quite hard to achieve on embedded devices. In other words, on systems with battery backed RTC we currently don't handle following use case properly: 1. Set system time from web UI (sets only system time, but not RTC) 2. Unplug the device from power Then after the reboot, we've wrong system time again, because time set in [1] is not saved to battery backed RTC. Signed-off-by: Petr Štetiar <ynezz@true.cz>
2016-08-19luci-mod-admin-full: show also sha256 checksum for sysupgrade imagesHannu Nyman
Show also the sha256 checksum in addition to MD5 checksum to enable image verification also for builds with only sha256 checksums. If the 'sha256sum' command is not present in the system, the value remains empty. Note: The easiest way to get the 'sha256sum' command is to compile it into busybox. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-06-09luci-mod-admin-full/mini: replace Wifi with Wireless in menusHannu Nyman
Replace the menu item "Wifi" by "Wireless", which is already used for page and section headings This closes #695 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-05-23luci-mod-admin-full: Look also if the file /etc/config/fstab exists.Guido Lipke
This pull request adds a condition, which checks whether the file "/etc/config/fstab" exists before it allows access to "mount points". Signed-off-by: Guido Lipke <lipkegu@gmail.com>
2016-03-23luci-mod-admin-full: Enable reset in Luci also for ubiHannu Nyman
Enable reset in LuCI also for ubi based firmwares. This closes #672 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-03-17luci-mod-admin-full: add sleep before sysupgradeJo-Philipp Wich
- Under some conditions the system will shutdown uhttpd before the page will be delivered to the client. Waiting one second should eleminate this behaviour. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com> Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-11-17luci-mod-admin-full: use :ipaddrs() and :ip6addrs() helper for iface_statusJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-22luci-mod-admin-full: restructure and fix backup, restore and sysuprade (#517)Jo-Philipp Wich
Do not use standard post security checking for actions that require file upload since reading the token value will trigger parsing of the http message body before the file upload handler has been set, which causes LuCI to buffer the entire request body in memory. In order to simplify the code and logic flow, split action_flashops() into separate handlers for reset, backup, restore and sysupgrade. Let the backup restore and sysupgrade handlers use the new test_post_security() method in luci.dispatcher to perform token checking *after* setting the upload handler. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-21luci-mod-admin-full: do not access dispatcher.context.urltoken in logoutJo-Philipp Wich
The urltoken table is going to be removed. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect iptables counter reset and restart with tokenJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect network post actions with csrf tokensJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-20luci-mod-admin-full: protect clock, flash and opkg ops with submit tokenJo-Philipp Wich
* Use post_on() target to require csrf token verification for modifying actions * Ensure that package and flash operation handlers guard modifying operations with parameter check Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-07luci-mod-admin-full: switch to POST action for rebootJo-Philipp Wich
Also rework the reboot tmeplate a little bit. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-10-06luci-mod-admin-full: switch to POST actions for UCI changesJo-Philipp Wich
Switches UCI apply/revert/save to CSRF token protected POST actions. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-07-03luci-mod-admin-full: restart the firewall instead of reloading itJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-04-12luci-mod-admin-full: simply fstab configurationJo-Philipp Wich
Simplify fstab setup by offering hints for uuid/label and device node options. Fix rootfs handling logic by removing obsolete references to the "is_rootfs" option and offering "/" and "/overlay" choices for the mountpoint instead. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-02-09Avoid setting duplicate cookiesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-24luci-mod-admin-full: use sysupgrade -T to test imagesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Update my email addresses in the license headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Globally reduce copyright headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-15luci-mod-admin-full: fix missing nixio.fs requireJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-15luci-mod-admin-full: switch to nixio.fsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-15luci-base: switch to ubus sessionsJo-Philipp Wich
Remove luci.sauth session storage implementation and offload the session management to the rpcd ubus backend. Also depend on rpcd due to this.