security update

2026-05-04 16:59:27 -05:00 · 2025-02-01 15:41:22 +01:00
parent 95696b606a
commit 5374a363b4
4 changed files with 16 additions and 7 deletions
@@ -114,13 +114,13 @@ case 'list':
  echo json_encode($echo);
  break;
 case 'join':
-  extract(parse_ini_file("/etc/rc.d/rc.ssl.input"));
+  extract((array)@parse_ini_file("/etc/rc.d/rc.ssl.input"));
  $token   = parse_ini_file($var)['csrf_token'];
  $ssid    = rawurldecode($_POST['ssid']);
  $drop    = $_POST['task']==1;
  $manual  = $_POST['task']==3;
-  $user    = _var($wifi[$ssid],'USERNAME') ? openssl_decrypt($wifi[$ssid]['USERNAME'],$cipher,$key,0,$iv) : '';
-  $passwd  = _var($wifi[$ssid],'PASSWORD') ? openssl_decrypt($wifi[$ssid]['PASSWORD'],$cipher,$key,0,$iv) : '';
+  $user    = _var($wifi[$ssid],'USERNAME') && isset($cipher) ? openssl_decrypt($wifi[$ssid]['USERNAME'],$cipher,$key,0,$iv) : '';
+  $passwd  = _var($wifi[$ssid],'PASSWORD') && isset($cipher) ? openssl_decrypt($wifi[$ssid]['PASSWORD'],$cipher,$key,0,$iv) : '';
  $join    = _var($wifi[$ssid],'AUTOJOIN','no');
  $dhcp4   = _var($wifi[$ssid],'DHCP4','yes');
  $dns4    = _var($wifi[$ssid],'DNS4','no');
@@ -42,7 +42,7 @@ function update_translation($locale) {
 }

 $echo  = [];
-$wlan0 = '/sys/class/net/wlan0/carrier'
+$wlan0 = '/sys/class/net/wlan0/carrier';
 $ini   = '/var/local/emhttp/wireless.ini';
 while (true) {
  extract(parse_plugin_cfg('dynamix',true));
@@ -1,3 +0,0 @@
-cipher=aes-256-cbc
-key=UnraidEncryptionKey
-iv=12345678910111213
@@ -172,6 +172,15 @@ wifi_start(){
  log "Starting $DAEMON..."
  local REPLY
  if [[ -e $SYSTEM/$PORT ]]; then
+    if [[ ! -e $SSLINPUT ]]; then
+      [[ -e /boot/config/ident.cfg ]] && KEY=$(grep -Pom1 '^NAME="\K[^"]+' /boot/config/ident.cfg)
+      [[ -e /boot/config/ident.cfg ]] && IV=$(grep -Pom1 '^timeZone="\K[^"]+' /boot/config/ident.cfg)
+      KEY="${KEY}ABCDEFGH"
+      IV="${IV}1234567890123456"
+      echo "cipher=aes-256-cbc" >$SSLINPUT
+      echo "key=$KEY" >>$SSLINPUT
+      echo "iv=${IV:0:16}" >>$SSLINPUT
+    fi
    ip link set $PORT up
    # start active SSID
    $STARTWIFI
@@ -222,6 +231,9 @@ wifi_join(){
  fi
 # get SSL keys
  . $SSLINPUT
+  echo $cipher
+  echo $key
+  echo $iv
  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
  SECURITY=${SECURITY:-$ATTR3}