Sign up here and you can log into the forum!

php script question

This is the place to ask for how to use software that is (or isn't) included in the various wdlxtv flavours. Questions about software such as rtorrent, NZBGet, sshfs, curlftpfs, ssh, telnet, etc.

php script question   

Postby KAD » Thu Feb 27, 2014 12:53 am

hey any of you guys up for a brain teaser

so it's my first attempt at much of anything using php

and this seems it should be simple
Code: Select all
<html>
<head>
<link type="text/css" rel="stylesheet" href="/css/dhtmlwindowcontent.css" />
</head>
<body>
<?
   
   print "Current HomeBrew Status : ";
   echo shell_exec("/bin/fw_sign_get.sh 2>&1");

?>
<form action="./changehomebrew.php?changehb=1" method="post">
  <h4>Change HomeBrew Mode
    <label><br />
    </label>
  </h4>
    <input type="submit" name="submit" value="Change HomeBrew Mode!" />
  </h4>
</form>
</body>
</html>


line in question is
Code: Select all
echo shell_exec("/bin/fw_sign_get.sh 2>&1");

when run from web via php above, output is "fwup"

but if run from cmd line output is "sisi"

and I've verified that "sisi" is the correct output

so any thoughts on what can cause the php to return an incorrect value

CGI is enabled
from access_log
Code: Select all
192.168.1.233 - - [27/Feb/2014:08:50:20 +0000] "GET /addons/systools/homebrew.php?noMenu=1 HTTP/1.1" 200 370
192.168.1.233 - - [27/Feb/2014:08:50:28 +0000] "POST /addons/systools/changehomebrew.php?changehb=1 HTTP/1.1" 200 141


also no errors in error_log

and apache is running as user root : group root
so permissions don't appear to be an issue
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby recliq » Thu Feb 27, 2014 4:53 am

Code: Select all
- echo shell_exec("/bin/fw_sign_get.sh 2>&1");
+ echo shell_exec("sudo /bin/fw_sign_get.sh 2>&1");

and you need to allow apache user to sudo without passwd:
/etc/sudoers
Code: Select all
www-data ALL=NOPASSWD: ALL


It's most likely a permissions issue... apache normally can't be run as root, that's why we needed this sudo trick when we changed httpd from lighttpd to apache.
­WDLXTV Project Maintainer
-:] If you like my contributions feel free to donate for a beer or a new flash drive. ...and always remember: RTFM! (README, FAQ, WIKI) [:-
User avatar
recliq
WDLXTV Team
 
Posts: 5513
Joined: Thu Apr 15, 2010 8:09 am
Location: Kiel, Germany

Re: php script question   

Postby KAD » Thu Feb 27, 2014 8:50 am

appreciate the help

I'll have to take a closer look

I did remember WDLXTV webend required sudo
but sudo does not exist in gen3 firmware

I guess, I'll have to look to add that as well
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby KAD » Sun Mar 02, 2014 3:34 am

well you were right, it's apache's permissions

if I do
Code: Select all
killall httpd
/webserver/bin/apachectl -f /webserver/conf/wdlxtv-httpd.conf -k restart


then the php code works, but it does not work if the system starts apache

so looking into sudo, not sure how much more I can do, without some guidance
I tried the version from b-rad's alpha firmware and from debian
both require newer version of glibc

there was mention of a wrapper script in b-rad's alpha firmware
I couldn't find it, but found some wrapper examples online

so I tried
Code: Select all
#!/bin/sh
LD_PRELOAD='/newlibs/ld.so.1 /newlibs/libc.so.6 /newlibs/libdl.so.2 /newlibs/libpam.so.0' /usr/bin/sudo.orig $*
unset LD_PRELOAD


if I use LD_PRELOAD in a wrapper
it no longer complains about glibc version
but instead gives segfault
Code: Select all
# sudo /bin/fw_sign_get.sh 2>&1
sudo.orig: Segmentation fault


I thought to compile sudo from source with static libs
but it seems to ignor the static flags
and from what I read, there was some problems on old Live with static linked binaries anyways

so thoughts ?

edit-
got my cross compile VM going again
using the gcc from WD's toolchain
and after a few errors I resolved, I get an ELF MIPS 32 dynamically linked version of sudo
but if I put the file on WD and run ldd
I get "not a dynamic executable"
if I try to run it, I just get some garbage output :cry:
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby KAD » Sat Mar 08, 2014 11:19 pm

so I've got sudo working

but it doesn't solve the problem

anybody have an idea

it is permissions something, but it goes beyond apache and php
here's the following from cmd line
Code: Select all
# sudo /bin/fw_sign_get.sh 2>&1
fwup
# /bin/fw_sign_get.sh 2>&1
sisi
# ls -al /bin/fw_sign_get.sh
-rwxrwxrwx    1 1007     1007           425 Nov 28 05:30 /bin/fw_sign_get.sh


getting closer, fw sign get calls another script this is what actually fails

Code: Select all
# setxenv_mtd.sh 0 l.alpha.fw_sign | cut -d ' ' -f 5
0x69736973
# sudo setxenv_mtd.sh 0 l.alpha.fw_sign | cut -d ' ' -f 5

#

If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby mad_ady » Sun Mar 09, 2014 11:38 pm

I don't have a gen3 so I'm not sure what the problem is, but can you run your script with shell debugging set?
Code: Select all
sudo sh -x setxenv_mtd.sh 0 l.alpha.fw_sign

With and without sudo. Also, you are running sudo as root, have you tried logging into the www-data user (or whatever it's called) and running it from there? You might need to assign a shell to www-data in /etc/passwd so that you can do "su - www-data"

A different, more dangerous idea that doesn't involve sudo is to mark the script as suid root (chmod 4755 setxenv_mtd.sh) so that when you call it, it will actually execute as root. Security warning - editing the script and adding arbitrary commands to it will also execute them as root!
User avatar
mad_ady
Developer
 
Posts: 4529
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: php script question   

Postby KAD » Sun Mar 09, 2014 11:49 pm

so your thoughts on this output

and yes, output from cmd line is as root

Code: Select all
# cat /etc/passwd
root:x:0:0:root:/:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/bin/sh
dbus:x:81:81:System message bus:/:/bin/sh
default:x:1000:1000:Default non-root user:/home/default:/bin/sh
# cat /etc/sudoers
Defaults env_reset
root ALL=(ALL) ALL
%sudo ALL=(ALL) ALL
www-data ALL=NOPASSWD: ALL
# sudo sh -x setxenv_mtd.sh 0 l.alpha.fw_sign
sh: can't open 'setxenv_mtd.sh'
# chmod 4755 /bin/setxenv_mtd.sh
# setxenv_mtd.sh 0 l.alpha.fw_sign
(0x00) 4 l.alpha.fw_sign 73.69.73.69. 0x69736973
# sudo setxenv_mtd.sh 0 l.alpha.fw_sign

#

#



here's the actual script in question
Code: Select all
# cat /bin/setxenv_mtd.sh
#!/bin/sh

if [ "x$2" == "x" ] || ( [ "x$1" != "x0" ] && [ "x$1" != "x1" ] && [ "x$1" != "x2" ] && [ "x$1" != "x3" ] ); then
        echo "Usage:"
        echo "  set binary data"
        echo "          $0  <block_offset>  -b  z.default_boot  1"
        echo "  set string data"
        echo "          $0  <block_offset>  l.alpha.fw_sign  okok"
        echo "  get data"
        echo "          $0  <block_offset>  l.alpha.fw_sign"
        echo "  where  <block_offset>  can be 0 ~ 3"
        echo ""
        echo ""
        echo ""
        exit 0;
fi

if [ "x$2" == "x-b" ]; then
        #Format : setxenv 0 -b z.default_boot 1
        WRITE="y";
        WRITE_BINARY="y";
elif [ "x$3" != "x" ]; then
        #Format : setxenv 0 l.alpha.fw_sign okok
        WRITE="y";
else
        #Format : setxenv 0 l.alpha.fw_sign
        WRITE="";
fi

#echo $WRITE
#echo $WRITE_BINARY
ERROR=0

if [ "x$WRITE" == "x" ]; then
        #read mode
        RET="`dumpxenv2.bash $1 | grep $2`" ;
        ERROR=$?
elif [ "x$WRITE_BINARY" == "xy" ]; then
        #write binary mode
        setxenv2bin.bash $1 $3 $4 ;
        ERROR=$?
        RET="`dumpxenv2.bash $1 | grep $3`" ;
else
        #write text mode
        setxenv2str.bash $1 $2 $3 ;
        ERROR=$?
        RET="`dumpxenv2.bash $1 | grep $2`" ;
fi

echo $RET

exit $ERROR



I can further see it calls another script, which I can try to mimic
Code: Select all
# dumpxenv2.bash | grep l.alpha.fw_sign
(0x00)     4 l.alpha.fw_sign 73.69.73.69. 0x69736973
# sudo dumpxenv2.bash | grep l.alpha.fw_sign
#


here we see sudo still doesn't solve the issue

and we follow the rabbit hole, here's dumpxenv2.bash
Code: Select all
# cat /bin/dumpxenv2.bash
#!/bin/sh

# Hardcoded, may need to be adjusted accordingly ...
# Block size 128KB
BLKSIZE=128
# XENV size (max. at 16KB)
XENVSIZE=16
# Boot block start offset (0, 128KB, 256KB, 384KB)
BBLKSTART=0
# Device node for accessing boot block
BBLKDEV=/dev/mtd0

# Temp variables ...
KB=1024
TMPBBLK=`mktemp /tmp/bblk.XXXXXX`
TMPBBLK1=`mktemp /tmp/bblk1.XXXXXX`
TMPXENV=`mktemp /tmp/xenv.XXXXXX`
TMPZBOOT=`mktemp /tmp/zboot.XXXXXX`
ERR=

# Check argument(s)
if [ "$1" == "0" ] || [ "$1" == "1" ] || [ "$1" == "2" ] || [ "$1" == "3" ]; then
        BBLKSTART=`expr $1 \* $BLKSIZE`
elif [ ! $# = 0 ]; then
        echo "usage:"
        echo "  dump all xenv data"
        echo "          $0"
        echo "  dump all xenv data with block offset"
        echo "          $0 <block offset>"
        echo "where block ofsset is 0 ~ 3"
        echo ""
        echo ""
        echo ""
        exit 1
fi

# Reading the boot block and break it to 2 chunks
nanddump -o -s `expr $BBLKSTART \* $KB` -l `expr $BLKSIZE \* $KB` -f $TMPBBLK $BBLKDEV > /dev/null 2>&1 || ERR="y"
if [ ! "$ERR" = "y" ]; then
        dd if=$TMPBBLK of=$TMPXENV bs=1k count=$XENVSIZE > /dev/null 2>&1
        dd if=$TMPBBLK of=$TMPZBOOT bs=1k skip=$XENVSIZE > /dev/null 2>&1

        # Setting individual key (numeric)
        setxenv2_mipsel -f $TMPXENV || ERR="y"
        if [ "$ERR" = "y" ]; then
                echo "$0 failed."
        fi
else
        echo "reading from $BBLKDEV failed."
fi

rm -f $TMPBBLK $TMPXENV $TMPZBOOT $TMPBBLK1

if [ ! "$ERR" = "y" ]; then
        exit 0
else
        exit 1
fi

If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby mad_ady » Mon Mar 10, 2014 12:37 am

Hmm, here's a wild idea - it's possible that when you run sudo you don't have the same environment as when you run the command through root directly. I can see the script calls nanddump which may not be in your path when you call with sudo. You can try to force the path when calling, like this:
Code: Select all
sudo PATH=/sbin:/usr/sbin:$PATH dumpxenv2.bash

You can get your path as root by running echo $PATH (actually you can compare the two - run also sudo echo $PATH).

The alternative to run a command as a real root user (with root's environment) is to run
Code: Select all
sudo su - -c "dumpxenv2.bash"
User avatar
mad_ady
Developer
 
Posts: 4529
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: php script question   

Postby KAD » Mon Mar 10, 2014 6:55 am

getting closer

Code: Select all
# which nanddump
/bin/nanddump
# sudo PATH=/sbin:/usr/sbin:/bin:$PATH dumpxenv2.bash
invalid xenv2_file (/tmp/xenv.9SVy3j)
/bin/dumpxenv2.bash failed.
#
sudo su - -c "dumpxenv2.bash"
<tons of data here>


but sudo su does not work with additional arguments
Code: Select all
sudo su - -c "dumpxenv2.bash" | grep 1.alpha.fw_sign
# sudo su - -c "dumpxenv2.bash" | sudo su - -c "grep 1.alpha.fw_sign"


I also went ahead and tested system start up
by putting
Code: Select all
/bin/fw_sign_get.sh > /tmp/fw_status

in the main start script /init
the result was incorrect output
so even system can not correct call this script
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Re: php script question   

Postby KAD » Mon Mar 10, 2014 5:48 pm

working solutions

To Read
Code: Select all
<html>
<head>
<link type="text/css" rel="stylesheet" href="/css/dhtmlwindowcontent.css" />
</head>
<body>
<?
   
   print "Current HomeBrew Status : ";
   $status = shell_exec("sudo su - -c fw_sign_get.sh");
   if (trim($status)=="sisi") {
       echo "ON\n";
   } else if (trim($status)=="okok") {
       echo "OFF\n";
   } else {
       echo "WTF, This Failed!\n";
   }

?>
<form action="./changehomebrew.php?changehb=1" method="post">
  <h4>Change HomeBrew Mode
    <label><br />
    </label>
  </h4>
    <input type="submit" name="submit" value="Change HomeBrew Mode!" />
  </h4>
</form>
</body>
</html>


To write
Code: Select all
<html>
<head>
<link type="text/css" rel="stylesheet" href="/css/dhtmlwindowcontent.css" />
</head>
<body>
<?php
$changehb = $_REQUEST['changehb'];
if ($changehb == 1) {
   $status = shell_exec("sudo su - -c fw_sign_get.sh");
   if (trim($status)=="sisi") {
      shell_exec("sudo su - -c \"fw_sign_set.sh okok\"");
      $status = shell_exec("sudo su - -c fw_sign_get.sh");
      if (trim($status)=="sisi") {
         echo "WTF, This Failed! - Homebrew Mode Still ON\n";
      } else if (trim($status)=="okok") {
         echo "Homebrew Mode changed to OFF <a href=\"./homebrew.php\"></a>\n";
      }
   } else if (trim($status)=="okok") {
      shell_exec("sudo su - -c \"fw_sign_set.sh sisi\"");
      $status = shell_exec("sudo su - -c fw_sign_get.sh");
      if (trim($status)=="okok") {
         echo "WTF, This Failed! - Homebrew Mode Still OFF\n";
      } else if(trim($status)=="sisi") {
         echo "Homebrew Mode changed to ON <a href=\"./homebrew.php\"></a>\n";
      }
   } else {
       echo "WTF, This Failed!\n";
   }
   
}
?>
</body>
</html>
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA

Next

Return to Application Questions

Who is online

Users browsing this forum: No registered users and 2 guests