From 81eaf78ae75381f29e7f84e96a6e18937b751bb9 Mon Sep 17 00:00:00 2001
From: Stefan Laudemann <thisco@webcake.de>
Date: Sat, 21 Feb 2015 18:45:27 +0100
Subject: [PATCH] Adds security quick-fix to avoid an open 'OpenWrt' WLAN after
 an update.

For an so far unknown reason one of the nodes in the testing stream had
an additional open WLAN called 'OpenWrt' after updating from v0.5.3 to
v0.6.0~rc2. It has to be mentioned, though, that this node used a
heavily customized network configuration prior to the update to fullfil
some very specific needs.

It should however be avoided that a new network suddenly appears after
applying an update in any case. As a cause for this, the mac80211.sh
located in '/lib/wifi/' has been identified, which scans for unknown
PHYs when executed and adds them along with such an example network to
'/etc/config/wireless'. For a pure OpenWRT router this behaviour is not
that much a problem, as the radio itself gets deactivated by adding an
"option disabled '1'" that must be removed manually by a user. In comb-
ination with Gluon this becomes critical, as the gluon-mesh-batman-adv-
core package would enable the radio automatically, such that a node can
connect to other Freifunk nodes over WiFi. Generally, a network
'OpenWrt' should not exist anymore in '/etc/config/wireless' by that
time. The reason for which in the case mentioned above there was such
an entry is still unknown.

In order to exclude such a security risk, for now we provide a modified
copy of '/lib/wifi/mac802111.sh' with this packages, in which the
corresponding lines to add a default/example network 'OpenWrt' have been
removed compeletely. This modified version of the script replaces the
original script at build-time.

Signed-off-by: Stefan Laudemann <thisco@webcake.de>
---
 ffpb/ffpb-openwrt-migration-tools/Makefile    |   8 +-
 .../files/lib/wifi/mac80211.sh                | 112 ++++++++++++++++++
 2 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 ffpb/ffpb-openwrt-migration-tools/files/lib/wifi/mac80211.sh

diff --git a/ffpb/ffpb-openwrt-migration-tools/Makefile b/ffpb/ffpb-openwrt-migration-tools/Makefile
index f2f8bd3..57430c7 100644
--- a/ffpb/ffpb-openwrt-migration-tools/Makefile
+++ b/ffpb/ffpb-openwrt-migration-tools/Makefile
@@ -12,7 +12,7 @@ define Package/ffpb-openwrt-migration-tools
   SECTION:=ffpb
   CATEGORY:=Gluon
   TITLE:=Toolset of scripts that support the migration from one version of OpenWRT to another.
-  DEPENDS:=+gluon-core +busybox +hostapd-common
+  DEPENDS:=+gluon-core +busybox +hostapd-common +netifd
   MAINTAINER:=Freifunk Paderborn <maschinenraum@paderborn.freifunk.net>
   URL:=https://git.c3pb.de/freifunk-pb/ffpb-packages
   SOURCE:=git@git.c3pb.de:freifunk-pb/ffpb-packages.git
@@ -44,16 +44,22 @@ cd "$${IPKG_INSTROOT}/lib/netifd/"
 if [ -f "hostapd.sh" ] ; then
 	/bin/rm "./hostapd.sh"
 fi
+cd "$${IPKG_INSTROOT}/lib/wifi/"
+if [ -f "mac80211.sh" ] ; then
+	/bin/rm "./mac80211.sh"
+fi
 exit 0
 endef
 
 define Package/ffpb-openwrt-migration-tools/install
 	$(INSTALL_DIR) $(1)/etc/uci-defaults/
 	$(INSTALL_DIR) $(1)/lib/netifd/wireless/
+	$(INSTALL_DIR) $(1)/lib/wifi/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/90-tlwr1043ndv2-autoupdater-to-stable $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/etc/uci-defaults/40-wireless-config-hwmode-fix $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) ./files/lib/netifd/wireless/mac80211.sh $(1)/lib/netifd/wireless/
 	$(INSTALL_BIN) ./files/lib/netifd/hostapd.sh $(1)/lib/netifd/
+	$(INSTALL_BIN) ./files/lib/wifi/mac80211.sh $(1)/lib/wifi/
 endef
 
 $(eval $(call BuildPackage,ffpb-openwrt-migration-tools))
diff --git a/ffpb/ffpb-openwrt-migration-tools/files/lib/wifi/mac80211.sh b/ffpb/ffpb-openwrt-migration-tools/files/lib/wifi/mac80211.sh
new file mode 100644
index 0000000..f6e1c26
--- /dev/null
+++ b/ffpb/ffpb-openwrt-migration-tools/files/lib/wifi/mac80211.sh
@@ -0,0 +1,112 @@
+#!/bin/sh
+append DRIVERS "mac80211"
+
+lookup_phy() {
+	[ -n "$phy" ] && {
+		[ -d /sys/class/ieee80211/$phy ] && return
+	}
+
+	local devpath
+	config_get devpath "$device" path
+	[ -n "$devpath" ] && {
+		for _phy in /sys/devices/$devpath/ieee80211/phy*; do
+			[ -e "$_phy" ] && {
+				phy="${_phy##*/}"
+				return
+			}
+		done
+	}
+
+	local macaddr="$(config_get "$device" macaddr | tr 'A-Z' 'a-z')"
+	[ -n "$macaddr" ] && {
+		for _phy in $(ls /sys/class/ieee80211 2>/dev/null); do
+			[ "$macaddr" = "$(cat /sys/class/ieee80211/${_phy}/macaddress)" ] || continue
+			phy="$_phy"
+			return
+		done
+	}
+	phy=
+	return
+}
+
+find_mac80211_phy() {
+	local device="$1"
+
+	config_get phy "$device" phy
+	lookup_phy
+	[ -n "$phy" -a -d "/sys/class/ieee80211/$phy" ] || {
+		echo "PHY for wifi device $1 not found"
+		return 1
+	}
+	config_set "$device" phy "$phy"
+
+	config_get macaddr "$device" macaddr
+	[ -z "$macaddr" ] && {
+		config_set "$device" macaddr "$(cat /sys/class/ieee80211/${phy}/macaddress)"
+	}
+
+	return 0
+}
+
+check_mac80211_device() {
+	config_get phy "$1" phy
+	[ -z "$phy" ] && {
+		find_mac80211_phy "$1" >/dev/null || return 0
+		config_get phy "$1" phy
+	}
+	[ "$phy" = "$dev" ] && found=1
+}
+
+detect_mac80211() {
+	devidx=0
+	config_load wireless
+	while :; do
+		config_get type "radio$devidx" type
+		[ -n "$type" ] || break
+		devidx=$(($devidx + 1))
+	done
+	for dev in $(ls /sys/class/ieee80211); do
+		found=0
+		config_foreach check_mac80211_device wifi-device
+		[ "$found" -gt 0 ] && continue
+
+		mode_band="g"
+		channel="11"
+		htmode=""
+		ht_capab=""
+
+		iw phy "$dev" info | grep -q 'Capabilities:' && htmode=HT20
+		iw phy "$dev" info | grep -q '2412 MHz' || { mode_band="a"; channel="36"; }
+
+		vht_cap=$(iw phy "$dev" info | grep -c 'VHT Capabilities')
+		[ "$vht_cap" -gt 0 ] && {
+			mode_band="a";
+			channel="36"
+			htmode="VHT80"
+		}
+
+		[ -n $htmode ] && append ht_capab "	option htmode	$htmode" "$N"
+
+		if [ -x /usr/bin/readlink ]; then
+			path="$(readlink -f /sys/class/ieee80211/${dev}/device)"
+			path="${path##/sys/devices/}"
+			dev_id="	option path	'$path'"
+		else
+			dev_id="	option macaddr	$(cat /sys/class/ieee80211/${dev}/macaddress)"
+		fi
+
+		cat <<EOF
+config wifi-device  radio$devidx
+	option type     mac80211
+	option channel  ${channel}
+	option hwmode	11${mode_band}
+$dev_id
+$ht_capab
+	# REMOVE THIS LINE TO ENABLE WIFI:
+	option disabled 1
+
+EOF
+	devidx=$(($devidx + 1))
+	done
+}
+
-- 
GitLab