Remove pihole-FTL.port file (#4945)

This commit is contained in:
Adam Warner 2022-10-01 14:30:23 +01:00 committed by GitHub
commit 9dd51b79b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 46 additions and 67 deletions

View File

@ -14,7 +14,9 @@ LC_NUMERIC=C
# Retrieve stats from FTL engine # Retrieve stats from FTL engine
pihole-FTL() { pihole-FTL() {
local ftl_port LINE local ftl_port LINE
ftl_port=$(cat /run/pihole-FTL.port 2> /dev/null) # shellcheck disable=SC1091
. /opt/pihole/utils.sh
ftl_port=$(getFTLAPIPort)
if [[ -n "$ftl_port" ]]; then if [[ -n "$ftl_port" ]]; then
# Open connection to FTL # Open connection to FTL
exec 3<>"/dev/tcp/127.0.0.1/$ftl_port" exec 3<>"/dev/tcp/127.0.0.1/$ftl_port"

View File

@ -126,7 +126,6 @@ PIHOLE_COMMAND="${BIN_DIRECTORY}/pihole"
PIHOLE_COLTABLE_FILE="${BIN_DIRECTORY}/COL_TABLE" PIHOLE_COLTABLE_FILE="${BIN_DIRECTORY}/COL_TABLE"
FTL_PID="${RUN_DIRECTORY}/pihole-FTL.pid" FTL_PID="${RUN_DIRECTORY}/pihole-FTL.pid"
FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log" PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*" PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
@ -155,7 +154,6 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
"${PIHOLE_COMMAND}" "${PIHOLE_COMMAND}"
"${PIHOLE_COLTABLE_FILE}" "${PIHOLE_COLTABLE_FILE}"
"${FTL_PID}" "${FTL_PID}"
"${FTL_PORT}"
"${PIHOLE_LOG}" "${PIHOLE_LOG}"
"${PIHOLE_LOG_GZIPS}" "${PIHOLE_LOG_GZIPS}"
"${PIHOLE_DEBUG_LOG}" "${PIHOLE_DEBUG_LOG}"

View File

@ -32,8 +32,8 @@ addOrEditKeyValPair() {
local value="${3}" local value="${3}"
if grep -q "^${key}=" "${file}"; then if grep -q "^${key}=" "${file}"; then
# Key already exists in file, modify the value # Key already exists in file, modify the value
sed -i "/^${key}=/c\\${key}=${value}" "${file}" sed -i "/^${key}=/c\\${key}=${value}" "${file}"
else else
# Key does not already exist, add it and it's value # Key does not already exist, add it and it's value
echo "${key}=${value}" >> "${file}" echo "${key}=${value}" >> "${file}"
@ -52,8 +52,8 @@ addKey(){
local key="${2}" local key="${2}"
if ! grep -q "^${key}" "${file}"; then if ! grep -q "^${key}" "${file}"; then
# Key does not exist, add it. # Key does not exist, add it.
echo "${key}" >> "${file}" echo "${key}" >> "${file}"
fi fi
} }
@ -70,47 +70,27 @@ removeKey() {
sed -i "/^${key}/d" "${file}" sed -i "/^${key}/d" "${file}"
} }
#######################
# returns path of FTL's port file
#######################
getFTLAPIPortFile() {
local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
local DEFAULT_PORT_FILE="/run/pihole-FTL.port"
local FTL_APIPORT_FILE
if [ -s "${FTLCONFFILE}" ]; then
# if PORTFILE is not set in pihole-FTL.conf, use the default path
FTL_APIPORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)"
else
# if there is no pihole-FTL.conf, use the default path
FTL_APIPORT_FILE="${DEFAULT_PORT_FILE}"
fi
echo "${FTL_APIPORT_FILE}"
}
####################### #######################
# returns FTL's current telnet API port based on the content of the pihole-FTL.port file # returns FTL's current telnet API port based on the setting in /etc/pihole-FTL.conf
# ########################
# Takes one argument: path to pihole-FTL.port
# Example getFTLAPIPort "/run/pihole-FTL.port"
#######################
getFTLAPIPort(){ getFTLAPIPort(){
local PORTFILE="${1}" local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
local DEFAULT_FTL_PORT=4711 local DEFAULT_FTL_PORT=4711
local ftl_api_port local ftl_api_port
if [ -s "$PORTFILE" ]; then if [ -s "$FTLCONFFILE" ]; then
# -s: FILE exists and has a size greater than zero # if FTLPORT is not set in pihole-FTL.conf, use the default port
ftl_api_port=$(cat "${PORTFILE}") ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
# Exploit prevention: unset the variable if there is malicious content # Exploit prevention: set the port to the default port if there is malicious (non-numeric)
# Verify that the value read from the file is numeric # content set in pihole-FTL.conf
expr "$ftl_api_port" : "[^[:digit:]]" > /dev/null && unset ftl_api_port expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
else
# if there is no pihole-FTL.conf, use the default port
ftl_api_port="${DEFAULT_FTL_PORT}"
fi fi
# echo the port found in the portfile or default to the default port echo "${ftl_api_port}"
echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
} }
####################### #######################

View File

@ -9,7 +9,7 @@
# Description: Enable service provided by pihole-FTL daemon # Description: Enable service provided by pihole-FTL daemon
### END INIT INFO ### END INIT INFO
#source utils.sh for getFTLPIDFile(), getFTLPID (), getFTLAPIPortFile() #source utils.sh for getFTLPIDFile(), getFTLPID ()
PI_HOLE_SCRIPT_DIR="/opt/pihole" PI_HOLE_SCRIPT_DIR="/opt/pihole"
utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
. "${utilsfile}" . "${utilsfile}"
@ -31,7 +31,6 @@ start() {
# Touch files to ensure they exist (create if non-existing, preserve if existing) # Touch files to ensure they exist (create if non-existing, preserve if existing)
mkdir -pm 0755 /run/pihole /var/log/pihole mkdir -pm 0755 /run/pihole /var/log/pihole
[ ! -f "${FTL_PID_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ ! -f "${FTL_PID_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
[ ! -f "${FTL_PORT_FILE}" ] && install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
[ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
[ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
[ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
@ -91,7 +90,7 @@ stop() {
echo "Not running" echo "Not running"
fi fi
# Cleanup # Cleanup
rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}" rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}"
echo echo
} }
@ -111,7 +110,6 @@ status() {
# Get file paths # Get file paths
FTL_PID_FILE="$(getFTLPIDFile)" FTL_PID_FILE="$(getFTLPIDFile)"
FTL_PORT_FILE="$(getFTLAPIPortFile)"
# Get FTL's current PID # Get FTL's current PID
FTL_PID="$(getFTLPID ${FTL_PID_FILE})" FTL_PID="$(getFTLPID ${FTL_PID_FILE})"

5
pihole
View File

@ -303,14 +303,13 @@ analyze_ports() {
statusFunc() { statusFunc() {
# Determine if there is pihole-FTL service is listening # Determine if there is pihole-FTL service is listening
local pid port ftl_api_port ftl_pid_file ftl_apiport_file local pid port ftl_api_port ftl_pid_file
ftl_pid_file="$(getFTLPIDFile)" ftl_pid_file="$(getFTLPIDFile)"
pid="$(getFTLPID ${ftl_pid_file})" pid="$(getFTLPID ${ftl_pid_file})"
ftl_apiport_file="${getFTLAPIPortFile}" ftl_api_port="$(getFTLAPIPort)"
ftl_api_port="$(getFTLAPIPort ${ftl_apiport_file})"
if [[ "$pid" -eq "-1" ]]; then if [[ "$pid" -eq "-1" ]]; then
case "${1}" in case "${1}" in
"web") echo "-1";; "web") echo "-1";;

View File

@ -62,50 +62,52 @@ def test_key_removal_works(host):
assert expected_stdout == output.stdout assert expected_stdout == output.stdout
def test_getFTLAPIPortFile_default(host):
"""Confirms getFTLAPIPortFile returns the default API port file path"""
output = host.run(
"""
source /opt/pihole/utils.sh
getFTLAPIPortFile
"""
)
expected_stdout = "/run/pihole-FTL.port\n"
assert expected_stdout == output.stdout
def test_getFTLAPIPort_default(host): def test_getFTLAPIPort_default(host):
"""Confirms getFTLAPIPort returns the default API port""" """Confirms getFTLAPIPort returns the default API port"""
output = host.run( output = host.run(
""" """
source /opt/pihole/utils.sh source /opt/pihole/utils.sh
getFTLAPIPort "/run/pihole-FTL.port" getFTLAPIPort
""" """
) )
expected_stdout = "4711\n" expected_stdout = "4711\n"
assert expected_stdout == output.stdout assert expected_stdout == output.stdout
def test_getFTLAPIPortFile_and_getFTLAPIPort_custom(host): def test_getFTLAPIPort_custom(host):
"""Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location""" """Confirms getFTLAPIPort returns a custom API port"""
host.run( host.run(
""" """
tmpfile=$(mktemp) echo "FTLPORT=1234" > /etc/pihole/pihole-FTL.conf
echo "PORTFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
echo "1234" > ${tmpfile}
""" """
) )
output = host.run( output = host.run(
""" """
source /opt/pihole/utils.sh source /opt/pihole/utils.sh
FTL_API_PORT_FILE=$(getFTLAPIPortFile) getFTLAPIPort
getFTLAPIPort "${FTL_API_PORT_FILE}"
""" """
) )
expected_stdout = "1234\n" expected_stdout = "1234\n"
assert expected_stdout == output.stdout assert expected_stdout == output.stdout
def test_getFTLAPIPort_malicious(host):
"""Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
host.run(
"""
echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
"""
)
output = host.run(
"""
source /opt/pihole/utils.sh
getFTLAPIPort
"""
)
expected_stdout = "4711\n"
assert expected_stdout == output.stdout
def test_getFTLPIDFile_default(host): def test_getFTLPIDFile_default(host):
"""Confirms getFTLPIDFile returns the default PID file path""" """Confirms getFTLPIDFile returns the default PID file path"""
output = host.run( output = host.run(