implement OTA lock / security

do not reboot after settings set -> add reboot button

ota not really working yet
This commit is contained in:
cschwinne 2016-11-20 01:47:15 +01:00
parent e22fb965f7
commit 9a06c748c0
9 changed files with 107 additions and 20 deletions

View File

@ -3,19 +3,20 @@ sequence
simple slide transition
additional color picker field
implement all settings setters
implement OTA lock / security
implement HSB slider option
implement ranges
implement discrete range color setter
implement discrete single color setter
do not reboot after settings set -> add reboot button
svg icons in html
notifier function -> send get request
nightlight function -> turns off after set time (+implement fading)
add preferred colors to settings -> quickly t. UI, button select,
use iframe for settings, seperate tabs for wifi and application confg
use iframe for all adv. features?
/dumpeeprom and /pusheeprom
BUGS
static ip disables mdns
XXX authentification for security relevant areas (/edit, /update (!!!), /list, /down, [/settings, /reset, /cleareeprom])
? authentification for security relevant areas ([/settings, /reset])
(Unverified) led_amount does nothing (is always 16) because NeoPixelBus is initiated before EEPROM read
notifier wrong ips

View File

@ -188,7 +188,7 @@
<body onload="Startup()" class=" __plain_text_READY__">
<div id="tbB" class="tool_box">
<input type="image" class="settingsbutton" src="/button.png" onclick="OpenSettings()"id="tool">
<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">
<!--<input type="image" class="nightbutton" src="/moon.png" onclick="ToggleNightMode()"id="night">-->
</div>
<div id="cdB" class="ctrl_box">
<form id="form_c" name="Ctrl_form">

View File

@ -47,9 +47,7 @@
document.S_form.NORAP.checked = (this.responseXML.getElementsByTagName('norap')[0].innerHTML)!=0?true:false;
document.getElementsByClassName("sip")[0].innerHTML = this.responseXML.getElementsByTagName('sip')[0].innerHTML;
document.getElementsByClassName("sip")[1].innerHTML = this.responseXML.getElementsByTagName('sip')[1].innerHTML;
document.getElementsByClassName("otastat")[0].innerHTML = this.responseXML.getElementsByTagName('otastat')[0].innerHTML;
document.getElementsByClassName("msg")[0].innerHTML = this.responseXML.getElementsByTagName('msg')[0].innerHTML;
if (S_form.NOOTA.checked) {document.S_form.NOOTA.disabled="disabled";}
}
}
}
@ -124,12 +122,11 @@
Hosts to send notifications to: (1 IP per line) <br>
<textarea name="NSIPS" rows="8" cols="16"></textarea>
<h3>Security</h3>
OTA enabled: <input type="checkbox" name="NOOTA" value="0"> <br>
OTA locked: <input type="checkbox" name="NOOTA" value="0"> <br>
Passphrase: <input type="password" name="OPASS" maxlength="32"> <br>
To enable OTA, for security reasons you need to also enter the correct password! <br>
The password may/should be changed when OTA is enabled. <br>
Disable OTA when not in use, otherwise an attacker could reflash device software! <br>
Current status: <span class="otastat"> Unknown </span> <br> <br>
Disable OTA when not in use, otherwise an attacker could reflash device software! <br> <br>
Disable recovery AP (<i>Not implemented</i>): <input type="checkbox" name="NORAP" value="0"> <br>
In case of a connection error there will be no wireless recovery possible! <br>
Completely disables all Access Point functions. <br> <br>

View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Saved Settings</title>
<script>
function OpenMain()
{
window.open("/","_self");
}
function OpenReboot()
{
window.open("/reset","_self");
}
</script>
</head><body>
<div align="center">
<h2>Settings saved.</h2>
<p>If you made changes to WiFi configuration, please reboot.</p><br>
<input type="button" name="BACK" value="Close" onclick="OpenMain()">
<input type="button" name="BACK" value="Reboot" onclick="OpenReboot()">
</div></body>
</html>

View File

@ -30,7 +30,8 @@ byte col[]{255, 127, 0};
boolean fadeTransition = true;
boolean seqTransition = false;
uint16_t transitionDelay = 1500;
boolean ota_lock = false;
boolean ota_lock = true;
String otapass = "wledota";
boolean only_ap = false;
uint8_t led_amount = 16;
uint8_t buttonPin = 3; //needs pull-up

View File

@ -1,6 +1,6 @@
void clearEEPROM()
{
for (int i = 0; i < 256; i++)
for (int i = 0; i < 1024; i++)
{
EEPROM.write(i, 0);
}
@ -36,10 +36,14 @@ void saveSettingsToEEPROM()
}
EEPROM.write(224, nightlightDelayMins);
EEPROM.write(225, nightlightFade);
EEPROM.write(228, aphide);
EEPROM.write(226, notifyDirect);
EEPROM.write(227, apchannel);
EEPROM.write(228, aphide);
EEPROM.write(229, led_amount);
EEPROM.write(230, notifyButton);
EEPROM.write(231, notifyForward);
EEPROM.write(232, buttonEnabled);
//233 reserved for first boot flag
EEPROM.write(234, staticip[0]);
EEPROM.write(235, staticip[1]);
EEPROM.write(236, staticip[2]);
@ -56,9 +60,17 @@ void saveSettingsToEEPROM()
EEPROM.write(247, col[1]);
EEPROM.write(248, col[2]);
EEPROM.write(249, bri);
EEPROM.write(250, receiveNotifications);
EEPROM.write(251, fadeTransition);
EEPROM.write(253, (transitionDelay >> 0) & 0xFF);
EEPROM.write(254, (transitionDelay >> 8) & 0xFF);
EEPROM.write(255, bri_n);
//255,250,231,230,226 notifier bytes
for (int i = 256; i < 288; ++i)
{
EEPROM.write(i, otapass.charAt(i-256));
}
EEPROM.write(289, ota_lock);
EEPROM.commit();
}
@ -99,11 +111,16 @@ void loadSettingsFromEEPROM()
if (EEPROM.read(i) == 0) break;
appass += char(EEPROM.read(i));
}
aphide = EEPROM.read(228);
if (aphide > 1) aphide = 1;
nightlightDelayMins = EEPROM.read(224);
nightlightFade = EEPROM.read(225);
notifyDirect = EEPROM.read(226);
apchannel = EEPROM.read(227);
if (apchannel > 13 || apchannel < 1) apchannel = 1;
aphide = EEPROM.read(228);
if (aphide > 1) aphide = 1;
led_amount = EEPROM.read(229);
notifyButton = EEPROM.read(230);
notifyForward = EEPROM.read(231);
buttonEnabled = EEPROM.read(232);
staticip[0] = EEPROM.read(234);
staticip[1] = EEPROM.read(235);
@ -121,6 +138,14 @@ void loadSettingsFromEEPROM()
col[1] = EEPROM.read(247);
col[2] = EEPROM.read(248);
bri = EEPROM.read(249);
receiveNotifications = EEPROM.read(250);
fadeTransition = EEPROM.read(251);
transitionDelay = ((EEPROM.read(253) << 0) & 0xFF) + ((EEPROM.read(254) << 8) & 0xFF00);
bri_n = EEPROM.read(255);
for (int i = 256; i < 288; ++i)
{
if (EEPROM.read(i) == 0) break;
otapass += char(EEPROM.read(i));
}
ota_lock = EEPROM.read(289);
}

View File

@ -102,7 +102,9 @@ void XML_response_settings()
resp = resp + "\n";
}
resp = resp + "</nsips>";
resp = resp + "<noota>0</noota>"; //NI
resp = resp + "<noota>";
resp = resp + bool2int(ota_lock);
resp = resp +"</noota>";
resp = resp + "<norap>0</norap>"; //NI
resp = resp + "<sip>";
if (!WiFi.localIP()[0] == 0)
@ -132,7 +134,7 @@ void XML_response_settings()
{
resp = resp + "Not active";
}
resp = resp + "</sip><otastat>Not implemented</otastat>";
resp = resp + "</sip><otastat>LS</otastat>";
resp = resp + "<msg>WLED 0.3pd OK</msg>";
resp = resp + "</vs>";
Serial.println(resp);

View File

@ -105,6 +105,12 @@ void handleSettingsSet()
int i = server.arg("TDLAY").toInt();
if (i > 0) transitionDelay = i;
}
if (server.hasArg("TLDUR"))
{
int i = server.arg("TLDUR").toInt();
if (i > 0) nightlightDelayMins = i;
}
nightlightFade = server.hasArg("TLFDE");
receiveNotifications = server.hasArg("NRCVE");
if (server.hasArg("NRBRI"))
{
@ -118,6 +124,21 @@ void handleSettingsSet()
{
notifier_ips_raw = server.arg("NSIPS");
}
if (server.hasArg("OPASS"))
{
if (!ota_lock)
{
if (server.arg("OPASS").length() > 0)
otapass = server.arg("OPASS");
} else if (!server.hasArg("NOOTA"))
{
if (otapass.equals(server.arg("OPASS")))
{
ota_lock = false;
}
}
}
if (server.hasArg("NOOTA")) ota_lock = true;
saveSettingsToEEPROM();
}

View File

@ -20,7 +20,7 @@ void wledInit()
Serial.printf("\n");
}
Serial.println("Init EEPROM");
EEPROM.begin(256);
EEPROM.begin(1024);
loadSettingsFromEEPROM();
Serial.print("CC: SSID: ");
@ -77,11 +77,13 @@ void wledInit()
server.on("/", HTTP_GET, [](){
if(!handleFileRead("/index.htm")) server.send(404, "text/plain", "FileNotFound");
});
server.on("/reset", HTTP_GET, reset);
server.on("/reset", HTTP_GET, [](){
server.send(200, "text/plain", "Rebooting... Go to main page when lights turn on.");
reset();
});
server.on("/set-settings", HTTP_POST, [](){
handleSettingsSet();
server.send(200, "text/plain", "Settings saved. Please wait for light to turn back on, then go to main page...");
reset();
if(!handleFileRead("/settingssaved.htm")) server.send(404, "text/plain", "SettingsSaved");
});
if (!ota_lock){
server.on("/edit", HTTP_GET, [](){
@ -94,6 +96,20 @@ void wledInit()
server.on("/cleareeprom", HTTP_GET, clearEEPROM);
//init ota page
httpUpdater.setup(&server);
} else
{
server.on("/edit", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/down", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/cleareeprom", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
server.on("/update", HTTP_GET, [](){
server.send(500, "text/plain", "OTA lock active");
});
}
//called when the url is not defined here, ajax-in; get-settings
server.onNotFound([](){