From 42bd8469878ac077e7203d45efbc01a7fa4fae3d Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Sun, 3 Nov 2013 13:23:32 -0500 Subject: [PATCH 1/5] Patches to require existing admin password for password change --- files/etc/uci-defaults/luci-mod-commotion | 10 ++ .../commotion/patches/admin.oldpasswd.patch | 91 +++++++++++++++++++ .../commotion/patches/system.oldpasswd.patch | 27 ++++++ 3 files changed, 128 insertions(+) create mode 100644 files/usr/share/commotion/patches/admin.oldpasswd.patch create mode 100644 files/usr/share/commotion/patches/system.oldpasswd.patch diff --git a/files/etc/uci-defaults/luci-mod-commotion b/files/etc/uci-defaults/luci-mod-commotion index bfd9d8e..751984b 100755 --- a/files/etc/uci-defaults/luci-mod-commotion +++ b/files/etc/uci-defaults/luci-mod-commotion @@ -12,4 +12,14 @@ cp -f /usr/share/commotion/files/node-hna-mini.gif /www/luci-static/resources/ol cp -f /usr/share/commotion/files/olsr-viz.sh /www/cgi-bin/olsr-viz.sh } +[ -f "/usr/bin/patch" ] && { \ + cd /usr/lib/lua/luci/controller/admin/ + patch -p0 < /usr/share/commotion/patches/system.oldpasswd.patch + + cd /usr/lib/lua/luci/model/cbi/admin_system/ + patch -p0 < /usr/share/commotion/patches/admin.oldpasswd.patch +} + +rm -f /tmp/luci-indexcache + exit 0 diff --git a/files/usr/share/commotion/patches/admin.oldpasswd.patch b/files/usr/share/commotion/patches/admin.oldpasswd.patch new file mode 100644 index 0000000..9a2e776 --- /dev/null +++ b/files/usr/share/commotion/patches/admin.oldpasswd.patch @@ -0,0 +1,91 @@ +diff --git a/admin.lua b/admin.lua +index 61f0141..cb9b496 100644 +--- a/admin.lua ++++ b/admin.lua +@@ -15,13 +15,33 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ + + local fs = require "nixio.fs" + +-m = Map("system", translate("Router Password"), +- translate("Changes the administrator password for accessing the device")) ++m = Map("system", translate("System Access"), ++ translate("System functions related to system access")) ++local v0 = true -- track password success across maps ++ ++-- Allow incorrect root password to prevent settings change ++-- Don't prompt for password if none has been set ++if luci.sys.user.getpasswd("root") then ++ s0 = m:section(TypedSection, "_dummy", translate("Current Password"), ++ translate("Current password required to make changes on this page")) ++ s0.addremove = false ++ s0.anonymous = true ++ ++ pw0 = s0:option(Value, "pw0", translate("Current Password")) ++ pw0.password = true ++ -- fail by default ++ v0 = false ++ ++ function s0.cfgsections() ++ return { "_pass0" } ++ end ++end + +-s = m:section(TypedSection, "_dummy", "") ++s = m:section(TypedSection, "_dummy", translate("Router Password"), ++ translate("Changes the administrator password for accessing the device")) + s.addremove = false + s.anonymous = true +- ++ + pw1 = s:option(Value, "pw1", translate("Password")) + pw1.password = true + +@@ -32,24 +52,36 @@ function s.cfgsections() + return { "_pass" } + end + ++function m.on_before_commit(map) ++ -- if existing password, make sure user has old password ++ if pw0:formvalue("_pass0") then ++ v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass0")) ++ end ++ ++ if v0 == false then ++ m.message = translate("Incorrect password. Changes rejected!") ++ m.save=v0 ++ m2.save=v0 ++ end ++end ++ + function m.on_commit(map) + local v1 = pw1:formvalue("_pass") + local v2 = pw2:formvalue("_pass") + +- if v1 and v2 and #v1 > 0 and #v2 > 0 then +- if v1 == v2 then +- if luci.sys.user.setpasswd(luci.dispatcher.context.authuser, v1) == 0 then +- m.message = translate("Password successfully changed!") +- else +- m.message = translate("Unknown Error, password not changed!") +- end +- else +- m.message = translate("Given password confirmation did not match, password not changed!") +- end +- end ++ if v0 == true and v1 and v2 and #v1 > 0 and #v2 > 0 then ++ if v1 == v2 then ++ if luci.sys.user.setpasswd(luci.dispatcher.context.authuser, v1) == 0 then ++ m.message = translate("Password successfully changed!") ++ else ++ m.message = translate("Unknown Error, password not changed!") ++ end ++ else ++ m.message = translate("Given password confirmation did not match, password not changed!") ++ end ++ end + end + +- + if fs.access("/etc/config/dropbear") then + + m2 = Map("dropbear", translate("SSH Access"), diff --git a/files/usr/share/commotion/patches/system.oldpasswd.patch b/files/usr/share/commotion/patches/system.oldpasswd.patch new file mode 100644 index 0000000..380c74c --- /dev/null +++ b/files/usr/share/commotion/patches/system.oldpasswd.patch @@ -0,0 +1,27 @@ +diff --git a/system.lua b/system.lua +index 5d0c74b..332d533 100644 +--- a/system.lua ++++ b/system.lua +@@ -314,22 +314,6 @@ function action_flashops() + end + end + +-function action_passwd() +- local p1 = luci.http.formvalue("pwd1") +- local p2 = luci.http.formvalue("pwd2") +- local stat = nil +- +- if p1 or p2 then +- if p1 == p2 then +- stat = luci.sys.user.setpasswd("root", p1) +- else +- stat = 10 +- end +- end +- +- luci.template.render("admin_system/passwd", {stat=stat}) +-end +- + function action_reboot() + local reboot = luci.http.formvalue("reboot") + luci.template.render("admin_system/reboot", {reboot=reboot}) From e9557cb5cc6bfe9d49e8df4f4f38a6061056ad4f Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Mon, 4 Nov 2013 10:04:03 -0500 Subject: [PATCH 2/5] Fixed -p option in password patches --- files/etc/uci-defaults/luci-mod-commotion | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/etc/uci-defaults/luci-mod-commotion b/files/etc/uci-defaults/luci-mod-commotion index 751984b..2739a7c 100755 --- a/files/etc/uci-defaults/luci-mod-commotion +++ b/files/etc/uci-defaults/luci-mod-commotion @@ -14,10 +14,10 @@ cp -f /usr/share/commotion/files/olsr-viz.sh /www/cgi-bin/olsr-viz.sh [ -f "/usr/bin/patch" ] && { \ cd /usr/lib/lua/luci/controller/admin/ - patch -p0 < /usr/share/commotion/patches/system.oldpasswd.patch + patch -p1 < /usr/share/commotion/patches/system.oldpasswd.patch cd /usr/lib/lua/luci/model/cbi/admin_system/ - patch -p0 < /usr/share/commotion/patches/admin.oldpasswd.patch + patch -p1 < /usr/share/commotion/patches/admin.oldpasswd.patch } rm -f /tmp/luci-indexcache From 00e9d8fa0200ce148b96dfa9f7fe1f93fca886a5 Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Wed, 20 Nov 2013 12:17:44 -0500 Subject: [PATCH 3/5] Fixed nil value error on conditional check --- .../commotion/patches/admin.oldpasswd.patch | 49 ++++++++++--------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/files/usr/share/commotion/patches/admin.oldpasswd.patch b/files/usr/share/commotion/patches/admin.oldpasswd.patch index 9a2e776..bab2445 100644 --- a/files/usr/share/commotion/patches/admin.oldpasswd.patch +++ b/files/usr/share/commotion/patches/admin.oldpasswd.patch @@ -1,59 +1,60 @@ diff --git a/admin.lua b/admin.lua -index 61f0141..cb9b496 100644 +index 61f0141..9757c3e 100644 --- a/admin.lua +++ b/admin.lua -@@ -15,13 +15,33 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ +@@ -15,14 +15,34 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ local fs = require "nixio.fs" -m = Map("system", translate("Router Password"), - translate("Changes the administrator password for accessing the device")) +m = Map("system", translate("System Access"), -+ translate("System functions related to system access")) ++ translate("System functions related to system access")) +local v0 = true -- track password success across maps + +-- Allow incorrect root password to prevent settings change +-- Don't prompt for password if none has been set +if luci.sys.user.getpasswd("root") then -+ s0 = m:section(TypedSection, "_dummy", translate("Current Password"), -+ translate("Current password required to make changes on this page")) -+ s0.addremove = false -+ s0.anonymous = true ++ s0 = m:section(TypedSection, "_dummy", translate("Current Password"), ++ translate("Current password required to make changes on this page")) ++ s0.addremove = false ++ s0.anonymous = true + -+ pw0 = s0:option(Value, "pw0", translate("Current Password")) -+ pw0.password = true -+ -- fail by default -+ v0 = false -+ -+ function s0.cfgsections() -+ return { "_pass0" } -+ end ++ pw0 = s0:option(Value, "pw0", translate("Current Password")) ++ pw0.password = true ++ -- fail by default ++ v0 = false ++ ++ function s0.cfgsections() ++ return { "_pass0" } ++ end +end -s = m:section(TypedSection, "_dummy", "") +s = m:section(TypedSection, "_dummy", translate("Router Password"), -+ translate("Changes the administrator password for accessing the device")) ++ translate("Changes the administrator password for accessing the device")) s.addremove = false s.anonymous = true -- -+ - pw1 = s:option(Value, "pw1", translate("Password")) + +-pw1 = s:option(Value, "pw1", translate("Password")) ++pw1 = s:option(Value, "pw1", translate("New Password")) pw1.password = true + pw2 = s:option(Value, "pw2", translate("Confirmation")) @@ -32,24 +52,36 @@ function s.cfgsections() return { "_pass" } end +function m.on_before_commit(map) -+ -- if existing password, make sure user has old password -+ if pw0:formvalue("_pass0") then -+ v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass0")) ++ -- returns true|false ++ if _pass0 then ++ v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass")) + end + + if v0 == false then + m.message = translate("Incorrect password. Changes rejected!") -+ m.save=v0 -+ m2.save=v0 ++ m.save=v0 ++ m2.save=v0 + end +end + From ebe652643d1b0d63b3f23c6b7323a6ad427aff4e Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Wed, 20 Nov 2013 13:08:26 -0500 Subject: [PATCH 4/5] Last commit patched against wrong revision --- .../commotion/patches/admin.oldpasswd.patch | 53 +++++++++---------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/files/usr/share/commotion/patches/admin.oldpasswd.patch b/files/usr/share/commotion/patches/admin.oldpasswd.patch index bab2445..9e21182 100644 --- a/files/usr/share/commotion/patches/admin.oldpasswd.patch +++ b/files/usr/share/commotion/patches/admin.oldpasswd.patch @@ -1,60 +1,59 @@ -diff --git a/admin.lua b/admin.lua -index 61f0141..9757c3e 100644 ---- a/admin.lua -+++ b/admin.lua -@@ -15,14 +15,34 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ +diff --git a/REMOVE-BEFORE-FLIGHT/admin.lua b/REMOVE-BEFORE-FLIGHT/admin.lua +index 61f0141..6160197 100644 +--- a/REMOVE-BEFORE-FLIGHT/admin.lua ++++ b/REMOVE-BEFORE-FLIGHT/admin.lua +@@ -15,13 +15,33 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ local fs = require "nixio.fs" -m = Map("system", translate("Router Password"), - translate("Changes the administrator password for accessing the device")) +m = Map("system", translate("System Access"), -+ translate("System functions related to system access")) ++ translate("System functions related to system access")) +local v0 = true -- track password success across maps + +-- Allow incorrect root password to prevent settings change +-- Don't prompt for password if none has been set +if luci.sys.user.getpasswd("root") then -+ s0 = m:section(TypedSection, "_dummy", translate("Current Password"), -+ translate("Current password required to make changes on this page")) -+ s0.addremove = false -+ s0.anonymous = true ++ s0 = m:section(TypedSection, "_dummy", translate("Current Password"), ++ translate("Current password required to make changes on this page")) ++ s0.addremove = false ++ s0.anonymous = true + -+ pw0 = s0:option(Value, "pw0", translate("Current Password")) -+ pw0.password = true -+ -- fail by default -+ v0 = false -+ -+ function s0.cfgsections() -+ return { "_pass0" } -+ end ++ pw0 = s0:option(Value, "pw0", translate("Current Password")) ++ pw0.password = true ++ -- fail by default ++ v0 = false ++ ++ function s0.cfgsections() ++ return { "_pass0" } ++ end +end -s = m:section(TypedSection, "_dummy", "") +s = m:section(TypedSection, "_dummy", translate("Router Password"), -+ translate("Changes the administrator password for accessing the device")) ++ translate("Changes the administrator password for accessing the device")) s.addremove = false s.anonymous = true - --pw1 = s:option(Value, "pw1", translate("Password")) -+pw1 = s:option(Value, "pw1", translate("New Password")) +- ++ + pw1 = s:option(Value, "pw1", translate("Password")) pw1.password = true - pw2 = s:option(Value, "pw2", translate("Confirmation")) @@ -32,24 +52,36 @@ function s.cfgsections() return { "_pass" } end +function m.on_before_commit(map) -+ -- returns true|false ++ -- if existing password, make sure user has old password + if _pass0 then -+ v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass")) ++ v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass0")) + end + + if v0 == false then + m.message = translate("Incorrect password. Changes rejected!") -+ m.save=v0 -+ m2.save=v0 ++ m.save=v0 ++ m2.save=v0 + end +end + From 6d990964b06e9458604690bc326273ba4015be89 Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Wed, 20 Nov 2013 12:17:44 -0500 Subject: [PATCH 5/5] Fixed nil value error on conditional check --- files/usr/share/commotion/patches/admin.oldpasswd.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/usr/share/commotion/patches/admin.oldpasswd.patch b/files/usr/share/commotion/patches/admin.oldpasswd.patch index 9a2e776..32b01fc 100644 --- a/files/usr/share/commotion/patches/admin.oldpasswd.patch +++ b/files/usr/share/commotion/patches/admin.oldpasswd.patch @@ -1,5 +1,5 @@ diff --git a/admin.lua b/admin.lua -index 61f0141..cb9b496 100644 +index 61f0141..6160197 100644 --- a/admin.lua +++ b/admin.lua @@ -15,13 +15,33 @@ $Id: admin.lua 8153 2012-01-06 16:42:02Z jow $ @@ -46,7 +46,7 @@ index 61f0141..cb9b496 100644 +function m.on_before_commit(map) + -- if existing password, make sure user has old password -+ if pw0:formvalue("_pass0") then ++ if _pass0 then + v0 = luci.sys.user.checkpasswd("root", pw0:formvalue("_pass0")) + end +