Add "Advanced config" page (#237)

* initial commit

* feature: advanced configuration page

fixes #230

* add help page updates

* added menu links to perlfunc.pm

* add default value for serverpath

* move "Reset to Firstboot" button from setup page to advancedconfig page

* secure page
minor ui changes

* center the help icon

* implement callback capabilities pre/post

* hardening uci calls to prevent command injection attacks

* moved settings to custom aredn uci file

* resolve shellcheck warnings

files/etc/arednsysupgrade.conf

@@ -17,6 +17,7 @@
 /etc/config.mesh/_setup.services.dmz
 /etc/config.mesh/_setup.services.nat
 /etc/config.mesh/vtun
+/etc/config.mesh/aredn
 /etc/config.router/_setup
 /etc/config.router/_setup.dhcp
 /etc/config.router/_setup.ports

files/etc/config.mesh/aredn

@@ -0,0 +1,7 @@
+config downloads
+        option firmwarepath 'http://downloads.arednmesh.org/firmware/ubnt'
+        
+config map
+        option leafletjs 'http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.js'
+        option leafletcss 'http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.css'
+        option maptiles 'http://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoiazVkbHEiLCJhIjoiY2lqMnlieTM4MDAyNXUwa3A2eHMxdXE3MiJ9.BRFvx4q2vi70z5Uu2zRYQw'

files/etc/config.mesh/system

@@ -21,10 +21,5 @@ config button
         option handler 'firstboot -y && reboot'
         option min '12'
         option max '20'
-
-config map
-        option leafletjs 'http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.js'
-        option leafletcss 'http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.css'
-        option maptiles 'http://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoiazVkbHEiLCJhIjoiY2lqMnlieTM4MDAyNXUwa3A2eHMxdXE3MiJ9.BRFvx4q2vi70z5Uu2zRYQw'
-
+        
 include /etc/aredn_include/system_netled

files/etc/httpd.conf

@@ -5,3 +5,4 @@
 /cgi-bin/vpnc:root:$p$root
 /cgi-bin/supporttool:root:$p$root
 /cgi-bin/scan:root:$p$root
+/cgi-bin/advancedconfig:root:$p$root

files/www/cgi-bin/admin

@@ -98,9 +98,10 @@ $patch_install = 0;
 @fw_images = ();
 %fw_md5 = ();
 
-@serverpaths = (
-    "http://downloads.arednmesh.org/firmware/ubnt"
-);
+@serverpaths = ();
+$uciserverpath=`uci get aredn.\@downloads[0].firmwarepath`;
+chomp($uciserverpath);
+push @serverpaths, $uciserverpath;
 
 $hardwaretype = `/usr/local/bin/get_hardwaretype`;
 chomp($hardwaretype);
@@ -145,7 +146,7 @@ if($parms{button_refresh_fw})
 {
     if(get_default_gw() ne "none")
     {
-	push @fw_output, "Downloading firmware list...\n";
+	push @fw_output, "Downloading firmware list from $uciserverpath...\n";
 	unlink "/tmp/web/firmware.list";
 	$ok = 0;
 	foreach $serverpath (@serverpaths)

files/www/cgi-bin/advancedconfig

@@ -0,0 +1,219 @@
+#!/usr/bin/perl
+=for comment
+
+  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
+  Copyright (C) 2018 - Darryl Quinn
+   See Contributors file for additional contributors
+
+  Copyright (c) 2013 David Rivenburg et al. BroadBand-HamNet
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation version 3 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Additional Terms:
+
+  Additional use restrictions exist on the AREDN(TM) trademark and logo.
+    See AREDNLicense.txt for more info.
+
+  Attributions to the AREDN Project must be retained in the source code.
+  If importing this code into a new or existing project attribution 
+  to the AREDN project must be added to the source code.
+
+  You must not misrepresent the origin of the material contained within.
+
+  Modified versions must be modified to attribute to the original source
+  and be marked in reasonable ways as differentiate it from the original
+  version.
+
+=cut
+
+BEGIN {push @INC, '/www/cgi-bin'};
+use perlfunc;
+
+$debug = 0;
+$| = 1;
+
+# ---------------------------------------- ADVANCED CONFIG ALLOWED UCI VALUES ------------------
+@setting = ();
+push @setting, {
+  key => "aredn.\@map[0].maptiles", 
+  type => "string", 
+  desc => "Specifies the URL of the location to access map tiles", 
+  default => "http://api.tiles.mapbox.com/v4/{id}/{z}/{x}/{y}.png?access_token=pk.eyJ1IjoiazVkbHEiLCJhIjoiY2lqMnlieTM4MDAyNXUwa3A2eHMxdXE3MiJ9.BRFvx4q2vi70z5Uu2zRYQw"
+};
+push @setting, {
+  key => "aredn.\@map[0].leafletcss", 
+  type => "string", 
+  desc => "Specifies the URL of the leaflet.css file", 
+  default => "http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.css"
+};
+push @setting, {
+  key => "aredn.\@map[0].leafletjs", 
+  type => "string", 
+  desc => "Specifies the URL of the leaflet.js file", 
+  default => "http://cdn.leafletjs.com/leaflet/v0.7.7/leaflet.js" 
+};
+push @setting, {
+  key => "aredn.\@downloads[0].firmwarepath", 
+  type => "string", 
+  desc => "Specifies the URL of the location from which firmware files will be downloaded.", 
+  default => "http://downloads.arednmesh.org/firmware/ubnt", 
+  #precallback => "testpre()",
+  #postcallback => "testpost()"
+};
+# ----------------------------------------
+
+# ----- CALLBACKS ----------
+#sub testpre()
+#{
+#    push @msg, "TESTPRE callback executed";
+#}
+#sub testpost()
+#{
+#    push @msg, "TESTPOST callback executed";
+#}
+# ----- CALLBACKS ----------
+
+if($parms{button_firstboot})
+{
+    system "firstboot -y";
+    reboot_page("/cgi-bin/status");
+}
+
+reboot_page("/cgi-bin/status") if $parms{button_reboot};
+read_postdata({acceptfile => false});
+$node = nvram_get("node");
+
+# make developer mode stick
+system "touch /tmp/developer_mode" if $parms{dev};
+$parms{dev} = 1 if -e "/tmp/developer_mode";
+
+#
+# process POSTED data
+#
+$scount = scalar @setting;
+for($i=0;$i<$scount;$i++)
+{
+  if($parms{eval "button_save_" . $i})
+  {
+    $newvalfield=eval "newval_" . $i;
+    $newval=$parms{$newvalfield};
+    $newval=~ s/^\s+|\s+$//;
+    $newval="1" if($setting[$i]->{'type'} eq "boolean") and $newval;
+    $key=$setting[$i]->{'key'};
+    @x=split(/\./, $setting[$i]->{'key'});
+    $cfgfile=$x[0];
+
+    # run precallbacks
+    eval $setting[$i]->{'precallback'} if($setting[$i]->{'precallback'});
+
+    # set "live" settings
+    system("uci set '$key=$newval'");
+    system("uci commit '$cfgfile'");
+    
+    # set AREDN config settings (used after a "Save Settings" on the Setup page)
+    system("uci -S -c /etc/config.mesh set '$key=$newval'");
+    system("uci -S -c /etc/config.mesh commit '$cfgfile'");
+    
+    push @msg, "Changed $key";
+
+    # run postcallbacks
+    eval $setting[$i]->{'postcallback'} if($setting[$i]->{'postcallback'});
+
+    last;
+  }
+}
+
+#
+# generate the page
+#
+
+http_header();
+html_header("$node Advanced Configuration", 1);
+
+print "<body><center>\n";
+alert_banner();
+print "<div style=\"padding:5px;background-color:#FF0000;border:1px solid #ccc;width:600px;\">Changing these advanced settings can be harmful to the stability, security, and performance of this node and potentially the entire mesh network.<br><strong>You should only continue if you are sure of what you are doing.</strong></a></div>\n";
+print "<form method=post action=advancedconfig enctype='multipart/form-data'>\n";
+print "<table width=790>\n";
+print "<tr><td>\n";
+navbar("advancedconfig");
+print "</td></tr>\n";
+
+print "<tr><td align=center><a href='/help.html#advancedconfig' target='_blank'>Help</a>&nbsp;&nbsp;";
+print "<input type=submit name=button_reboot value=Reboot style='font-weight:bold' title='Immediately reboot this node'>";
+print "&nbsp;&nbsp;<input type=submit name=button_firstboot value='Reset to Firstboot' onclick=\"return confirm('All config settings and add-on packages will be lost back to first boot state. Continue?')\"  title='Reset this node to the initial/firstboot status and reboot.'>";
+print "</td></tr>\n";
+
+if(@msg)
+{
+  foreach(@msg)
+  {
+    print "<tr><td align='center'><strong>$_</strong></td></tr>\n";
+  }
+}
+
+print "<tr><td align=center>\n";
+print "<table border=1>\n";
+print <<EOF;
+    <thead>
+      <tr>
+        <th>Help<br><small>(hover)</small></th>
+        <th>Config Setting</th>
+        <th>Current/New Value</th>
+        <th>Actions</th>
+      </tr>
+    </thead>
+EOF
+
+$scount = 0;
+foreach(@setting)
+{
+  $sconfig = $_->{'key'};
+  $sval = `uci get '$sconfig'`;
+  print <<EOF;
+      <tr>
+          <td align="center"><span title="$setting[$scount]->{'desc'}"><img src="/qmark.png" /></span></td>
+          <td>$sconfig</td>
+          <td>
+EOF
+  print "$sval" if($setting[$scount]->{'type'} eq "string");
+  print "ON" if($setting[$scount]->{'type'} eq "boolean" and $sval);
+  print "OFF" if($setting[$scount]->{'type'} eq "boolean" and !$sval);
+
+  print "<br />";
+
+  print "<input type='text' id='field_$scount' name='newval_$scount' size='65'>" if($setting[$scount]->{'type'} eq "string");
+  print "<input type='checkbox' id='field_$scount' name='newval_$scount' value='1' >" if($setting[$scount]->{'type'} eq "boolean");
+
+  print <<EOF;
+          </td>
+          <td align="center"><input type="submit" name="button_save_$scount" value="Save Setting" /><br><br>
+          <input value="Set to Default" type="button" onclick="document.getElementById('field_$scount').value='$setting[$scount]->{'default'}';"></td>
+      </tr>
+EOF
+  $scount++;  
+}
+
+print "</table>\n";
+print "</td></tr>\n";
+print "</table>\n";
+
+print "</form>\n";
+print "</center>\n";
+
+show_debug_info();
+show_parse_errors();
+
+page_footer();
+print "</body>\n";
+print "</html>\n";

files/www/cgi-bin/perlfunc.pm

@@ -80,13 +80,14 @@ sub navbar
   my($current) = @_;
   $current = "" unless $current;
 
-  my @pages = qw(status setup ports vpn vpnc admin);
+  my @pages = qw(status setup ports vpn vpnc admin advancedconfig);
   my %titles = (status => "Node Status",
                 setup  => "Basic Setup",
                 ports  => "Port Forwarding,<br>DHCP, and Services",
                 vpn    => "Tunnel<br>Server",
                 vpnc   => "Tunnel<br>Client",
-                admin  => "Administration");
+                admin  => "Administration",
+                advancedconfig  => "Advanced<br>Configuration");
 
   #my($active_bg, $active_fg);
   #if(-f "/tmp/.night") { $active_bg = "red";   $active_fg = "black" }

files/www/cgi-bin/setup

@@ -454,12 +454,6 @@ if($parms{button_save})
 
 system "rm -rf /tmp/web/save";
 
-if($parms{button_firstboot})
-{
-    system "firstboot -y";
-    reboot_page("/cgi-bin/status");
-}
-
 reboot_page("/cgi-bin/status") if $parms{button_reboot};
 
 #
@@ -470,9 +464,9 @@ $desc = &uci_get_indexed_option("system", "system", 0, "description");
 # Retreive map url, css, and js locations
 #
 my ($rc, $maptiles, $leafletcss, $leafletjs);
-($rc, $maptiles)=&uci_get_indexed_option("system","map",0,"maptiles");
-($rc, $leafletcss)=&uci_get_indexed_option("system","map",0,"leafletcss");
-($rc, $leafletjs)=&uci_get_indexed_option("system","map",0,"leafletjs");
+($rc, $maptiles)=&uci_get_indexed_option("aredn","map",0,"maptiles");
+($rc, $leafletcss)=&uci_get_indexed_option("aredn","map",0,"leafletcss");
+($rc, $leafletjs)=&uci_get_indexed_option("aredn","map",0,"leafletjs");
 
 #
 # generate the page
@@ -584,7 +578,6 @@ print "<tr><td align=center>
 <input type=submit name=button_reset value='Reset Values' title='Revert to the last saved settings'>&nbsp;
 <input type=submit name=button_default value='Default Values' title='Set all values to their default'>&nbsp;
 <input type=submit name=button_reboot value=Reboot style='font-weight:bold' title='Immediately reboot this node'>
-<input type=submit name=button_firstboot value='Reset to Firstboot' onclick=\"return confirm('All config settings and add-on packages will be lost back to first boot state. Continue?')\"  title='Reset this node to the initial/firstboot status and reboot.'>
 </td></tr>
 <tr><td>&nbsp;</td></tr>\n";
 

files/www/help.html

@@ -19,6 +19,7 @@ Table of Contents:
 <li><a href='#lanmode'>LAN Mode</a></li>
 <li><a href='#ports'>Port Forwarding, DHCP, and Services</a></li>
 <li><a href='#admin'>Administration</a></li>
+<li><a href='#advancedconfig'>Advanced Configuration</a></li>
 </ul>
 <li><a href='#appendix'>Appendix</a></li>
 <ul><li><a href='#failsafe'>Failsafe Mode</a></li></ul>
@@ -737,6 +738,14 @@ abc</strong>", then reboot.  If you don't have an authorized key installed,
 the only way in is to use <a href='#failsafe'>Failsafe Mode</a> as described
 in the appendix.
 </p>
+<br><br><hr>
+<a name=advancedconfig><h2>Advanced Configuration</h2></a>
+<p>
+<strong>Note:</strong></br>Changing these advanced settings can be harmful to the stability, security, and performance of this node and the entire mesh network. You should only continue if you are sure what you are doing.
+</p>
+<p>
+Refer the the help icon (hover over it) for each setting on the page.
+</p>
 
 <hr><a name='appendix'><h2>Appendix</h2></a><hr>