mirror of
https://github.com/pi-hole/pi-hole.git
synced 2025-01-12 06:54:53 +00:00
Merge pull request #3352 from pi-hole/merge-master-dev
Merge master dev
This commit is contained in:
commit
be25b4d9c4
14 changed files with 155 additions and 332 deletions
|
@ -104,4 +104,10 @@ upgrade_gravityDB(){
|
||||||
sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
|
sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
|
||||||
version=11
|
version=11
|
||||||
fi
|
fi
|
||||||
|
if [[ "$version" == "11" ]]; then
|
||||||
|
# Rename group 0 from "Unassociated" to "Default"
|
||||||
|
echo -e " ${INFO} Upgrading gravity database from version 11 to 12"
|
||||||
|
sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
|
||||||
|
version=12
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
19
advanced/Scripts/database_migration/gravity/11_to_12.sql
Normal file
19
advanced/Scripts/database_migration/gravity/11_to_12.sql
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
.timeout 30000
|
||||||
|
|
||||||
|
PRAGMA FOREIGN_KEYS=OFF;
|
||||||
|
|
||||||
|
BEGIN TRANSACTION;
|
||||||
|
|
||||||
|
UPDATE "group" SET name = 'Default' WHERE id = 0;
|
||||||
|
UPDATE "group" SET description = 'The default group' WHERE id = 0;
|
||||||
|
|
||||||
|
DROP TRIGGER IF EXISTS tr_group_zero;
|
||||||
|
|
||||||
|
CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"
|
||||||
|
BEGIN
|
||||||
|
INSERT OR IGNORE INTO "group" (id,enabled,name,description) VALUES (0,1,'Default','The default group');
|
||||||
|
END;
|
||||||
|
|
||||||
|
UPDATE info SET value = 12 WHERE property = 'version';
|
||||||
|
|
||||||
|
COMMIT;
|
|
@ -22,6 +22,9 @@ web=false
|
||||||
domList=()
|
domList=()
|
||||||
|
|
||||||
typeId=""
|
typeId=""
|
||||||
|
comment=""
|
||||||
|
declare -i domaincount
|
||||||
|
domaincount=0
|
||||||
|
|
||||||
colfile="/opt/pihole/COL_TABLE"
|
colfile="/opt/pihole/COL_TABLE"
|
||||||
source ${colfile}
|
source ${colfile}
|
||||||
|
@ -97,10 +100,12 @@ ValidateDomain() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "${validDomain}" ]]; then
|
if [[ -n "${validDomain}" ]]; then
|
||||||
domList=("${domList[@]}" ${validDomain})
|
domList=("${domList[@]}" "${validDomain}")
|
||||||
else
|
else
|
||||||
echo -e " ${CROSS} ${domain} is not a valid argument or domain name!"
|
echo -e " ${CROSS} ${domain} is not a valid argument or domain name!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
domaincount=$((domaincount+1))
|
||||||
}
|
}
|
||||||
|
|
||||||
ProcessDomainList() {
|
ProcessDomainList() {
|
||||||
|
@ -151,7 +156,12 @@ AddDomain() {
|
||||||
reload=true
|
reload=true
|
||||||
# Insert only the domain here. The enabled and date_added fields will be filled
|
# Insert only the domain here. The enabled and date_added fields will be filled
|
||||||
# with their default values (enabled = true, date_added = current timestamp)
|
# with their default values (enabled = true, date_added = current timestamp)
|
||||||
|
if [[ -z "${comment}" ]]; then
|
||||||
sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
|
sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
|
||||||
|
else
|
||||||
|
# also add comment when variable has been set through the "--comment" option
|
||||||
|
sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
RemoveDomain() {
|
RemoveDomain() {
|
||||||
|
@ -224,8 +234,16 @@ NukeList() {
|
||||||
sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
|
sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
|
||||||
}
|
}
|
||||||
|
|
||||||
for var in "$@"; do
|
GetComment() {
|
||||||
case "${var}" in
|
comment="$1"
|
||||||
|
if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then
|
||||||
|
echo " ${CROSS} Found invalid characters in domain comment!"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
while (( "$#" )); do
|
||||||
|
case "${1}" in
|
||||||
"-w" | "whitelist" ) typeId=0;;
|
"-w" | "whitelist" ) typeId=0;;
|
||||||
"-b" | "blacklist" ) typeId=1;;
|
"-b" | "blacklist" ) typeId=1;;
|
||||||
"--white-regex" | "white-regex" ) typeId=2;;
|
"--white-regex" | "white-regex" ) typeId=2;;
|
||||||
|
@ -239,13 +257,15 @@ for var in "$@"; do
|
||||||
"-l" | "--list" ) Displaylist;;
|
"-l" | "--list" ) Displaylist;;
|
||||||
"--nuke" ) NukeList;;
|
"--nuke" ) NukeList;;
|
||||||
"--web" ) web=true;;
|
"--web" ) web=true;;
|
||||||
* ) ValidateDomain "${var}";;
|
"--comment" ) GetComment "${2}"; shift;;
|
||||||
|
* ) ValidateDomain "${1}";;
|
||||||
esac
|
esac
|
||||||
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
shift
|
shift
|
||||||
|
|
||||||
if [[ $# = 0 ]]; then
|
if [[ ${domaincount} == 0 ]]; then
|
||||||
helpFunc
|
helpFunc
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1107,22 +1107,19 @@ show_db_entries() {
|
||||||
}
|
}
|
||||||
|
|
||||||
show_groups() {
|
show_groups() {
|
||||||
show_db_entries "Groups" "SELECT id,name,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 50 7 19 19 50"
|
show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
|
||||||
}
|
}
|
||||||
|
|
||||||
show_adlists() {
|
show_adlists() {
|
||||||
show_db_entries "Adlists" "SELECT id,address,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist" "4 100 7 19 19 50"
|
show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50"
|
||||||
show_db_entries "Adlist groups" "SELECT * FROM adlist_by_group" "4 4"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
show_domainlist() {
|
show_domainlist() {
|
||||||
show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,type,domain,enabled,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist" "4 4 100 7 19 19 50"
|
show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0 ' WHEN '1' THEN ' 1 ' WHEN '2' THEN ' 2 ' WHEN '3' THEN ' 3' ELSE type END type,CASE enabled WHEN '0' THEN ' 0' WHEN '1' THEN ' 1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50"
|
||||||
show_db_entries "Domainlist groups" "SELECT * FROM domainlist_by_group" "10 10"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
show_clients() {
|
show_clients() {
|
||||||
show_db_entries "Clients" "SELECT id,ip,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM client" "4 100 19 19 50"
|
show_db_entries "Clients" "SELECT id,GROUP_CONCAT(client_by_group.group_id) group_ids,ip,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM client LEFT JOIN client_by_group ON client.id = client_by_group.client_id GROUP BY id;" "4 12 100 19 19 50"
|
||||||
show_db_entries "Client groups" "SELECT * FROM client_by_group" "10 10"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
analyze_gravity_list() {
|
analyze_gravity_list() {
|
||||||
|
|
|
@ -84,6 +84,21 @@ getRemoteVersion(){
|
||||||
# Get the version from the remote origin
|
# Get the version from the remote origin
|
||||||
local daemon="${1}"
|
local daemon="${1}"
|
||||||
local version
|
local version
|
||||||
|
local cachedVersions
|
||||||
|
local arrCache
|
||||||
|
cachedVersions="/etc/pihole/GitHubVersions"
|
||||||
|
|
||||||
|
#If the above file exists, then we can read from that. Prevents overuse of Github API
|
||||||
|
if [[ -f "$cachedVersions" ]]; then
|
||||||
|
IFS=' ' read -r -a arrCache < "$cachedVersions"
|
||||||
|
case $daemon in
|
||||||
|
"pi-hole" ) echo "${arrCache[0]}";;
|
||||||
|
"AdminLTE" ) echo "${arrCache[1]}";;
|
||||||
|
"FTL" ) echo "${arrCache[2]}";;
|
||||||
|
esac
|
||||||
|
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
version=$(curl --silent --fail "https://api.github.com/repos/pi-hole/${daemon}/releases/latest" | \
|
version=$(curl --silent --fail "https://api.github.com/repos/pi-hole/${daemon}/releases/latest" | \
|
||||||
awk -F: '$1 ~/tag_name/ { print $2 }' | \
|
awk -F: '$1 ~/tag_name/ { print $2 }' | \
|
||||||
|
@ -97,22 +112,48 @@ getRemoteVersion(){
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getLocalBranch(){
|
||||||
|
# Get the checked out branch of the local directory
|
||||||
|
local directory="${1}"
|
||||||
|
local branch
|
||||||
|
|
||||||
|
# Local FTL btranch is stored in /etc/pihole/ftlbranch
|
||||||
|
if [[ "$1" == "FTL" ]]; then
|
||||||
|
branch="$(pihole-FTL branch)"
|
||||||
|
else
|
||||||
|
cd "${directory}" 2> /dev/null || { echo "${DEFAULT}"; return 1; }
|
||||||
|
branch=$(git rev-parse --abbrev-ref HEAD || echo "$DEFAULT")
|
||||||
|
fi
|
||||||
|
if [[ ! "${branch}" =~ ^v ]]; then
|
||||||
|
if [[ "${branch}" == "master" ]]; then
|
||||||
|
echo ""
|
||||||
|
elif [[ "${branch}" == "HEAD" ]]; then
|
||||||
|
echo "in detached HEAD state at "
|
||||||
|
else
|
||||||
|
echo "${branch} "
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Branch started in "v"
|
||||||
|
echo "release "
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
versionOutput() {
|
versionOutput() {
|
||||||
[[ "$1" == "pi-hole" ]] && GITDIR=$COREGITDIR
|
[[ "$1" == "pi-hole" ]] && GITDIR=$COREGITDIR
|
||||||
[[ "$1" == "AdminLTE" ]] && GITDIR=$WEBGITDIR
|
[[ "$1" == "AdminLTE" ]] && GITDIR=$WEBGITDIR
|
||||||
[[ "$1" == "FTL" ]] && GITDIR="FTL"
|
[[ "$1" == "FTL" ]] && GITDIR="FTL"
|
||||||
|
|
||||||
[[ "$2" == "-c" ]] || [[ "$2" == "--current" ]] || [[ -z "$2" ]] && current=$(getLocalVersion $GITDIR)
|
[[ "$2" == "-c" ]] || [[ "$2" == "--current" ]] || [[ -z "$2" ]] && current=$(getLocalVersion $GITDIR) && branch=$(getLocalBranch $GITDIR)
|
||||||
[[ "$2" == "-l" ]] || [[ "$2" == "--latest" ]] || [[ -z "$2" ]] && latest=$(getRemoteVersion "$1")
|
[[ "$2" == "-l" ]] || [[ "$2" == "--latest" ]] || [[ -z "$2" ]] && latest=$(getRemoteVersion "$1")
|
||||||
if [[ "$2" == "-h" ]] || [[ "$2" == "--hash" ]]; then
|
if [[ "$2" == "-h" ]] || [[ "$2" == "--hash" ]]; then
|
||||||
[[ "$3" == "-c" ]] || [[ "$3" == "--current" ]] || [[ -z "$3" ]] && curHash=$(getLocalHash "$GITDIR")
|
[[ "$3" == "-c" ]] || [[ "$3" == "--current" ]] || [[ -z "$3" ]] && curHash=$(getLocalHash "$GITDIR") && branch=$(getLocalBranch $GITDIR)
|
||||||
[[ "$3" == "-l" ]] || [[ "$3" == "--latest" ]] || [[ -z "$3" ]] && latHash=$(getRemoteHash "$1" "$(cd "$GITDIR" 2> /dev/null && git rev-parse --abbrev-ref HEAD)")
|
[[ "$3" == "-l" ]] || [[ "$3" == "--latest" ]] || [[ -z "$3" ]] && latHash=$(getRemoteHash "$1" "$(cd "$GITDIR" 2> /dev/null && git rev-parse --abbrev-ref HEAD)")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$current" ]] && [[ -n "$latest" ]]; then
|
if [[ -n "$current" ]] && [[ -n "$latest" ]]; then
|
||||||
output="${1^} version is $current (Latest: $latest)"
|
output="${1^} version is $branch$current (Latest: $latest)"
|
||||||
elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then
|
elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then
|
||||||
output="Current ${1^} version is $current"
|
output="Current ${1^} version is $branch$current."
|
||||||
elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then
|
elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then
|
||||||
output="Latest ${1^} version is $latest"
|
output="Latest ${1^} version is $latest"
|
||||||
elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then
|
elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then
|
||||||
|
|
|
@ -36,7 +36,6 @@ Options:
|
||||||
-c, celsius Set Celsius as preferred temperature unit
|
-c, celsius Set Celsius as preferred temperature unit
|
||||||
-f, fahrenheit Set Fahrenheit as preferred temperature unit
|
-f, fahrenheit Set Fahrenheit as preferred temperature unit
|
||||||
-k, kelvin Set Kelvin as preferred temperature unit
|
-k, kelvin Set Kelvin as preferred temperature unit
|
||||||
-r, hostrecord Add a name to the DNS associated to an IPv4/IPv6 address
|
|
||||||
-e, email Set an administrative contact address for the Block Page
|
-e, email Set an administrative contact address for the Block Page
|
||||||
-h, --help Show this help dialog
|
-h, --help Show this help dialog
|
||||||
-i, interface Specify dnsmasq's interface listening behavior
|
-i, interface Specify dnsmasq's interface listening behavior
|
||||||
|
@ -482,32 +481,6 @@ RemoveDHCPStaticAddress() {
|
||||||
sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}"
|
sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}"
|
||||||
}
|
}
|
||||||
|
|
||||||
SetHostRecord() {
|
|
||||||
if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
|
|
||||||
echo "Usage: pihole -a hostrecord <domain> [IPv4-address],[IPv6-address]
|
|
||||||
Example: 'pihole -a hostrecord home.domain.com 192.168.1.1,2001:db8:a0b:12f0::1'
|
|
||||||
Add a name to the DNS associated to an IPv4/IPv6 address
|
|
||||||
|
|
||||||
Options:
|
|
||||||
\"\" Empty: Remove host record
|
|
||||||
-h, --help Show this help dialog"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ -n "${args[3]}" ]]; then
|
|
||||||
change_setting "HOSTRECORD" "${args[2]},${args[3]}"
|
|
||||||
echo -e " ${TICK} Setting host record for ${args[2]} to ${args[3]}"
|
|
||||||
else
|
|
||||||
change_setting "HOSTRECORD" ""
|
|
||||||
echo -e " ${TICK} Removing host record"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ProcessDNSSettings
|
|
||||||
|
|
||||||
# Restart dnsmasq to load new configuration
|
|
||||||
RestartDNS
|
|
||||||
}
|
|
||||||
|
|
||||||
SetAdminEmail() {
|
SetAdminEmail() {
|
||||||
if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
|
if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
|
||||||
echo "Usage: pihole -a email <address>
|
echo "Usage: pihole -a email <address>
|
||||||
|
@ -523,7 +496,10 @@ Options:
|
||||||
if [[ -n "${args[2]}" ]]; then
|
if [[ -n "${args[2]}" ]]; then
|
||||||
|
|
||||||
# Sanitize email address in case of security issues
|
# Sanitize email address in case of security issues
|
||||||
if [[ ! "${args[2]}" =~ ^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ ]]; then
|
# Regex from https://stackoverflow.com/a/2138832/4065967
|
||||||
|
local regex
|
||||||
|
regex="^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\$"
|
||||||
|
if [[ ! "${args[2]}" =~ ${regex} ]]; then
|
||||||
echo -e " ${CROSS} Invalid email address"
|
echo -e " ${CROSS} Invalid email address"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -672,7 +648,6 @@ main() {
|
||||||
"resolve" ) ResolutionSettings;;
|
"resolve" ) ResolutionSettings;;
|
||||||
"addstaticdhcp" ) AddDHCPStaticAddress;;
|
"addstaticdhcp" ) AddDHCPStaticAddress;;
|
||||||
"removestaticdhcp" ) RemoveDHCPStaticAddress;;
|
"removestaticdhcp" ) RemoveDHCPStaticAddress;;
|
||||||
"-r" | "hostrecord" ) SetHostRecord "$3";;
|
|
||||||
"-e" | "email" ) SetAdminEmail "$3";;
|
"-e" | "email" ) SetAdminEmail "$3";;
|
||||||
"-i" | "interface" ) SetListeningMode "$@";;
|
"-i" | "interface" ) SetListeningMode "$@";;
|
||||||
"-t" | "teleporter" ) Teleporter;;
|
"-t" | "teleporter" ) Teleporter;;
|
||||||
|
|
|
@ -10,7 +10,7 @@ CREATE TABLE "group"
|
||||||
date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
|
date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
|
||||||
description TEXT
|
description TEXT
|
||||||
);
|
);
|
||||||
INSERT INTO "group" (id,enabled,name) VALUES (0,1,'Unassociated');
|
INSERT INTO "group" (id,enabled,name,description) VALUES (0,1,'Default','The default group');
|
||||||
|
|
||||||
CREATE TABLE domainlist
|
CREATE TABLE domainlist
|
||||||
(
|
(
|
||||||
|
@ -52,7 +52,7 @@ CREATE TABLE info
|
||||||
value TEXT NOT NULL
|
value TEXT NOT NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
INSERT INTO "info" VALUES('version','11');
|
INSERT INTO "info" VALUES('version','12');
|
||||||
|
|
||||||
CREATE TABLE domain_audit
|
CREATE TABLE domain_audit
|
||||||
(
|
(
|
||||||
|
@ -167,7 +167,7 @@ CREATE TRIGGER tr_group_update AFTER UPDATE ON "group"
|
||||||
|
|
||||||
CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"
|
CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"
|
||||||
BEGIN
|
BEGIN
|
||||||
INSERT OR IGNORE INTO "group" (id,enabled,name) VALUES (0,1,'Unassociated');
|
INSERT OR IGNORE INTO "group" (id,enabled,name) VALUES (0,1,'Default');
|
||||||
END;
|
END;
|
||||||
|
|
||||||
CREATE TRIGGER tr_domainlist_delete AFTER DELETE ON domainlist
|
CREATE TRIGGER tr_domainlist_delete AFTER DELETE ON domainlist
|
||||||
|
|
|
@ -15,7 +15,7 @@ _pihole() {
|
||||||
COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
|
COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
|
||||||
;;
|
;;
|
||||||
"admin")
|
"admin")
|
||||||
opts_admin="celsius email fahrenheit hostrecord interface kelvin password privacylevel"
|
opts_admin="celsius email fahrenheit interface kelvin password privacylevel"
|
||||||
COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
|
COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
|
||||||
;;
|
;;
|
||||||
"checkout")
|
"checkout")
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
* This file is copyright under the latest version of the EUPL.
|
* This file is copyright under the latest version of the EUPL.
|
||||||
* Please see LICENSE file for your rights under this license. */
|
* Please see LICENSE file for your rights under this license. */
|
||||||
|
|
||||||
// Sanitize HTTP_HOST output
|
// Sanitize SERVER_NAME output
|
||||||
$serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);
|
$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
|
||||||
// Remove external ipv6 brackets if any
|
// Remove external ipv6 brackets if any
|
||||||
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
|
$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
|
||||||
|
|
||||||
|
@ -50,16 +50,24 @@ function setHeader($type = "x") {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Determine block page type
|
// Determine block page type
|
||||||
if ($serverName === "pi.hole") {
|
if ($serverName === "pi.hole"
|
||||||
|
|| (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
|
||||||
// Redirect to Web Interface
|
// Redirect to Web Interface
|
||||||
exit(header("Location: /admin"));
|
exit(header("Location: /admin"));
|
||||||
} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
|
} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
|
||||||
// Set Splash Page output
|
// Set Splash Page output
|
||||||
$splashPage = "
|
$splashPage = "
|
||||||
<html><head>
|
<html>
|
||||||
|
<head>
|
||||||
$viewPort
|
$viewPort
|
||||||
<link rel='stylesheet' href='/pihole/blockingpage.css' type='text/css'/>
|
<link rel='stylesheet' href='pihole/blockingpage.css' type='text/css'/>
|
||||||
</head><body id='splashpage'><img src='/admin/img/logo.svg'/><br/>Pi-<b>hole</b>: Your black hole for Internet advertisements<br><a href='/admin'>Did you mean to go to the admin panel?</a></body></html>
|
</head>
|
||||||
|
<body id='splashpage'>
|
||||||
|
<img src='admin/img/logo.svg'/><br/>
|
||||||
|
Pi-<b>hole</b>: Your black hole for Internet advertisements<br/>
|
||||||
|
<a href='/admin'>Did you mean to go to the admin panel?</a>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
";
|
";
|
||||||
|
|
||||||
// Set splash/landing page based off presence of $landPage
|
// Set splash/landing page based off presence of $landPage
|
||||||
|
@ -131,7 +139,12 @@ ini_set("default_socket_timeout", 3);
|
||||||
function queryAds($serverName) {
|
function queryAds($serverName) {
|
||||||
// Determine the time it takes while querying adlists
|
// Determine the time it takes while querying adlists
|
||||||
$preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
|
$preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
|
||||||
$queryAds = file("http://127.0.0.1/admin/scripts/pi-hole/php/queryads.php?domain=$serverName&bp", FILE_IGNORE_NEW_LINES);
|
$queryAdsURL = sprintf(
|
||||||
|
"http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
|
||||||
|
$_SERVER["SERVER_PORT"],
|
||||||
|
$serverName
|
||||||
|
);
|
||||||
|
$queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
|
||||||
$queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
|
$queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
|
||||||
$queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
|
$queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
|
||||||
|
|
||||||
|
@ -226,10 +239,10 @@ setHeader();
|
||||||
<?=$viewPort ?>
|
<?=$viewPort ?>
|
||||||
<meta name="robots" content="noindex,nofollow"/>
|
<meta name="robots" content="noindex,nofollow"/>
|
||||||
<meta http-equiv="x-dns-prefetch-control" content="off">
|
<meta http-equiv="x-dns-prefetch-control" content="off">
|
||||||
<link rel="shortcut icon" href="//pi.hole/admin/img/favicon.png" type="image/x-icon"/>
|
<link rel="shortcut icon" href="admin/img/favicon.png" type="image/x-icon"/>
|
||||||
<link rel="stylesheet" href="//pi.hole/pihole/blockingpage.css" type="text/css"/>
|
<link rel="stylesheet" href="pihole/blockingpage.css" type="text/css"/>
|
||||||
<title>● <?=$serverName ?></title>
|
<title>● <?=$serverName ?></title>
|
||||||
<script src="//pi.hole/admin/scripts/vendor/jquery.min.js"></script>
|
<script src="admin/scripts/vendor/jquery.min.js"></script>
|
||||||
<script>
|
<script>
|
||||||
window.onload = function () {
|
window.onload = function () {
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -1214,11 +1214,10 @@ chooseBlocklists() {
|
||||||
mv "${adlistFile}" "${adlistFile}.old"
|
mv "${adlistFile}" "${adlistFile}.old"
|
||||||
fi
|
fi
|
||||||
# Let user select (or not) blocklists via a checklist
|
# Let user select (or not) blocklists via a checklist
|
||||||
cmd=(whiptail --separate-output --checklist "Pi-hole relies on third party lists in order to block ads.\\n\\nYou can use the suggestions below, and/or add your own after installation\\n\\nTo deselect any list, use the arrow keys and spacebar" "${r}" "${c}" 6)
|
cmd=(whiptail --separate-output --checklist "Pi-hole relies on third party lists in order to block ads.\\n\\nYou can use the suggestions below, and/or add your own after installation\\n\\nTo deselect any list, use the arrow keys and spacebar" "${r}" "${c}" 5)
|
||||||
# In an array, show the options available (all off by default):
|
# In an array, show the options available (all off by default):
|
||||||
options=(StevenBlack "StevenBlack's Unified Hosts List" on
|
options=(StevenBlack "StevenBlack's Unified Hosts List" on
|
||||||
MalwareDom "MalwareDomains" on
|
MalwareDom "MalwareDomains" on
|
||||||
Cameleon "Cameleon" on
|
|
||||||
DisconTrack "Disconnect.me Tracking" on
|
DisconTrack "Disconnect.me Tracking" on
|
||||||
DisconAd "Disconnect.me Ads" on)
|
DisconAd "Disconnect.me Ads" on)
|
||||||
|
|
||||||
|
@ -1239,7 +1238,6 @@ appendToListsFile() {
|
||||||
case $1 in
|
case $1 in
|
||||||
StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";;
|
StevenBlack ) echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> "${adlistFile}";;
|
||||||
MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";;
|
MalwareDom ) echo "https://mirror1.malwaredomains.com/files/justdomains" >> "${adlistFile}";;
|
||||||
Cameleon ) echo "https://sysctl.org/cameleon/hosts" >> "${adlistFile}";;
|
|
||||||
DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";;
|
DisconTrack ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" >> "${adlistFile}";;
|
||||||
DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";;
|
DisconAd ) echo "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" >> "${adlistFile}";;
|
||||||
esac
|
esac
|
||||||
|
@ -1255,10 +1253,8 @@ installDefaultBlocklists() {
|
||||||
fi
|
fi
|
||||||
appendToListsFile StevenBlack
|
appendToListsFile StevenBlack
|
||||||
appendToListsFile MalwareDom
|
appendToListsFile MalwareDom
|
||||||
appendToListsFile Cameleon
|
|
||||||
appendToListsFile DisconTrack
|
appendToListsFile DisconTrack
|
||||||
appendToListsFile DisconAd
|
appendToListsFile DisconAd
|
||||||
appendToListsFile HostsFile
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory
|
# Check if /etc/dnsmasq.conf is from pi-hole. If so replace with an original and install new in .d directory
|
||||||
|
@ -1823,45 +1819,6 @@ create_pihole_user() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Allow HTTP and DNS traffic
|
|
||||||
configureFirewall() {
|
|
||||||
printf "\\n"
|
|
||||||
# If a firewall is running,
|
|
||||||
if firewall-cmd --state &> /dev/null; then
|
|
||||||
# ask if the user wants to install Pi-hole's default firewall rules
|
|
||||||
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" "${r}" "${c}" || \
|
|
||||||
{ printf " %b Not installing firewall rulesets.\\n" "${INFO}"; return 0; }
|
|
||||||
printf " %b Configuring FirewallD for httpd and pihole-FTL\\n" "${TICK}"
|
|
||||||
# Allow HTTP and DNS traffic
|
|
||||||
firewall-cmd --permanent --add-service=http --add-service=dns
|
|
||||||
# Reload the firewall to apply these changes
|
|
||||||
firewall-cmd --reload
|
|
||||||
return 0
|
|
||||||
# Check for proper kernel modules to prevent failure
|
|
||||||
elif modinfo ip_tables &> /dev/null && is_command iptables ; then
|
|
||||||
# If chain Policy is not ACCEPT or last Rule is not ACCEPT
|
|
||||||
# then check and insert our Rules above the DROP/REJECT Rule.
|
|
||||||
if iptables -S INPUT | head -n1 | grep -qv '^-P.*ACCEPT$' || iptables -S INPUT | tail -n1 | grep -qv '^-\(A\|P\).*ACCEPT$'; then
|
|
||||||
whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" "${r}" "${c}" || \
|
|
||||||
{ printf " %b Not installing firewall rulesets.\\n" "${INFO}"; return 0; }
|
|
||||||
printf " %b Installing new IPTables firewall rulesets\\n" "${TICK}"
|
|
||||||
# Check chain first, otherwise a new rule will duplicate old ones
|
|
||||||
iptables -C INPUT -p tcp -m tcp --dport 80 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
|
|
||||||
iptables -C INPUT -p tcp -m tcp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT
|
|
||||||
iptables -C INPUT -p udp -m udp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
|
|
||||||
iptables -C INPUT -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
# Otherwise,
|
|
||||||
else
|
|
||||||
# no firewall is running
|
|
||||||
printf " %b No active firewall detected.. skipping firewall configuration\\n" "${INFO}"
|
|
||||||
# so just exit
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
printf " %b Skipping firewall configuration\\n" "${INFO}"
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
finalExports() {
|
finalExports() {
|
||||||
# If the Web interface is not set to be installed,
|
# If the Web interface is not set to be installed,
|
||||||
|
@ -2010,10 +1967,6 @@ installPihole() {
|
||||||
# Check if dnsmasq is present. If so, disable it and back up any possible
|
# Check if dnsmasq is present. If so, disable it and back up any possible
|
||||||
# config file
|
# config file
|
||||||
disable_dnsmasq
|
disable_dnsmasq
|
||||||
# Configure the firewall
|
|
||||||
if [[ "${useUpdateVars}" == false ]]; then
|
|
||||||
configureFirewall
|
|
||||||
fi
|
|
||||||
|
|
||||||
# install a man page entry for pihole
|
# install a man page entry for pihole
|
||||||
install_manpage
|
install_manpage
|
||||||
|
|
14
gravity.sh
14
gravity.sh
|
@ -376,7 +376,7 @@ gravity_DownloadBlocklists() {
|
||||||
echo -e " ${INFO} Target: ${url}"
|
echo -e " ${INFO} Target: ${url}"
|
||||||
local regex
|
local regex
|
||||||
# Check for characters NOT allowed in URLs
|
# Check for characters NOT allowed in URLs
|
||||||
regex="[^a-zA-Z0-9:/?&%=~._-]"
|
regex="[^a-zA-Z0-9:/?&%=~._()-]"
|
||||||
if [[ "${url}" =~ ${regex} ]]; then
|
if [[ "${url}" =~ ${regex} ]]; then
|
||||||
echo -e " ${CROSS} Invalid Target"
|
echo -e " ${CROSS} Invalid Target"
|
||||||
else
|
else
|
||||||
|
@ -573,12 +573,14 @@ gravity_ParseFileIntoDomains() {
|
||||||
# It also helps with debugging so each stage of the script can be researched more in depth
|
# It also helps with debugging so each stage of the script can be researched more in depth
|
||||||
# 1) Remove carriage returns
|
# 1) Remove carriage returns
|
||||||
# 2) Convert all characters to lowercase
|
# 2) Convert all characters to lowercase
|
||||||
# 3) Remove lines containing "#" or "/"
|
# 3) Remove comments (text starting with "#", include possible spaces before the hash sign)
|
||||||
# 4) Remove leading tabs, spaces, etc.
|
# 4) Remove lines containing "/"
|
||||||
# 5) Delete lines not matching domain names
|
# 5) Remove leading tabs, spaces, etc.
|
||||||
|
# 6) Delete lines not matching domain names
|
||||||
< "${source}" tr -d '\r' | \
|
< "${source}" tr -d '\r' | \
|
||||||
tr '[:upper:]' '[:lower:]' | \
|
tr '[:upper:]' '[:lower:]' | \
|
||||||
sed -r '/(\/|#).*$/d' | \
|
sed 's/\s*#.*//g' | \
|
||||||
|
sed -r '/(\/).*$/d' | \
|
||||||
sed -r 's/^.*\s+//g' | \
|
sed -r 's/^.*\s+//g' | \
|
||||||
sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}"
|
sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}"
|
||||||
chmod 644 "${destination}"
|
chmod 644 "${destination}"
|
||||||
|
@ -638,7 +640,7 @@ gravity_Table_Count() {
|
||||||
if [[ "${table}" == "vw_gravity" ]]; then
|
if [[ "${table}" == "vw_gravity" ]]; then
|
||||||
local unique
|
local unique
|
||||||
unique="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
|
unique="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
|
||||||
echo -e " ${INFO} Number of ${str}: ${num} (${unique} unique domains)"
|
echo -e " ${INFO} Number of ${str}: ${num} (${COL_BOLD}${unique} unique domains${COL_NC})"
|
||||||
sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
|
sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
|
||||||
else
|
else
|
||||||
echo -e " ${INFO} Number of ${str}: ${num}"
|
echo -e " ${INFO} Number of ${str}: ${num}"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.TH "Pi-hole" "8" "Pi-hole" "Pi-hole" "May 2018"
|
.TH "Pi-hole" "8" "Pi-hole" "Pi-hole" "April 2020"
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
|
|
||||||
Pi-hole : A black-hole for internet advertisements
|
Pi-hole : A black-hole for internet advertisements
|
||||||
|
@ -11,8 +11,6 @@ Pi-hole : A black-hole for internet advertisements
|
||||||
.br
|
.br
|
||||||
\fBpihole -a\fR (\fB-c|-f|-k\fR)
|
\fBpihole -a\fR (\fB-c|-f|-k\fR)
|
||||||
.br
|
.br
|
||||||
\fBpihole -a\fR [\fB-r\fR hostrecord]
|
|
||||||
.br
|
|
||||||
\fBpihole -a -e\fR email
|
\fBpihole -a -e\fR email
|
||||||
.br
|
.br
|
||||||
\fBpihole -a -i\fR interface
|
\fBpihole -a -i\fR interface
|
||||||
|
@ -43,7 +41,7 @@ pihole -g\fR
|
||||||
.br
|
.br
|
||||||
pihole status
|
pihole status
|
||||||
.br
|
.br
|
||||||
pihole restartdns\fR
|
pihole restartdns\fR [options]
|
||||||
.br
|
.br
|
||||||
\fBpihole\fR (\fBenable\fR|\fBdisable\fR [time])
|
\fBpihole\fR (\fBenable\fR|\fBdisable\fR [time])
|
||||||
.br
|
.br
|
||||||
|
@ -134,9 +132,6 @@ Available commands and options:
|
||||||
-f, fahrenheit Set Fahrenheit as preferred temperature unit
|
-f, fahrenheit Set Fahrenheit as preferred temperature unit
|
||||||
.br
|
.br
|
||||||
-k, kelvin Set Kelvin as preferred temperature unit
|
-k, kelvin Set Kelvin as preferred temperature unit
|
||||||
.br
|
|
||||||
-r, hostrecord Add a name to the DNS associated to an
|
|
||||||
IPv4/IPv6 address
|
|
||||||
.br
|
.br
|
||||||
-e, email Set an administrative contact address for the
|
-e, email Set an administrative contact address for the
|
||||||
Block Page
|
Block Page
|
||||||
|
@ -260,9 +255,16 @@ Available commands and options:
|
||||||
#m Disable Pi-hole functionality for # minute(s)
|
#m Disable Pi-hole functionality for # minute(s)
|
||||||
.br
|
.br
|
||||||
|
|
||||||
\fBrestartdns\fR
|
\fBrestartdns\fR [options]
|
||||||
.br
|
.br
|
||||||
Restart Pi-hole subsystems
|
Full restart Pi-hole subsystems
|
||||||
|
.br
|
||||||
|
|
||||||
|
(restart options):
|
||||||
|
.br
|
||||||
|
reload Updates the lists and flushes DNS cache
|
||||||
|
.br
|
||||||
|
reload-lists Updates the lists WITHOUT flushing the DNS cache
|
||||||
.br
|
.br
|
||||||
|
|
||||||
\fBcheckout\fR [repo] [branch]
|
\fBcheckout\fR [repo] [branch]
|
||||||
|
|
4
pihole
4
pihole
|
@ -413,7 +413,9 @@ Options:
|
||||||
enable Enable Pi-hole subsystems
|
enable Enable Pi-hole subsystems
|
||||||
disable Disable Pi-hole subsystems
|
disable Disable Pi-hole subsystems
|
||||||
Add '-h' for more info on disable usage
|
Add '-h' for more info on disable usage
|
||||||
restartdns Restart Pi-hole subsystems
|
restartdns Full restart Pi-hole subsystems
|
||||||
|
Add 'reload' to update the lists and flush the cache without restarting the DNS server
|
||||||
|
Add 'reload-lists' to only update the lists WITHOUT flushing the cache or restarting the DNS server
|
||||||
checkout Switch Pi-hole subsystems to a different Github branch
|
checkout Switch Pi-hole subsystems to a different Github branch
|
||||||
Add '-h' for more info on checkout usage
|
Add '-h' for more info on checkout usage
|
||||||
arpflush Flush information stored in Pi-hole's network tables";
|
arpflush Flush information stored in Pi-hole's network tables";
|
||||||
|
|
|
@ -92,213 +92,6 @@ def test_setupVars_saved_to_file(Pihole):
|
||||||
assert "{}={}".format(k, v) in output
|
assert "{}={}".format(k, v) in output
|
||||||
|
|
||||||
|
|
||||||
def test_pihole_user_group_creation(Pihole):
|
|
||||||
'''
|
|
||||||
check user creation works if user or group already exist
|
|
||||||
'''
|
|
||||||
sudo_cmd = 'su --shell /bin/bash --command "{0}" -p root'
|
|
||||||
# normal situation where neither user or group exist
|
|
||||||
user_create = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
create_pihole_user
|
|
||||||
''')
|
|
||||||
expected_stdout = tick_box + ' Creating user \'pihole\''
|
|
||||||
assert expected_stdout in user_create.stdout
|
|
||||||
# situation where both user and group already exist
|
|
||||||
user_create = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
create_pihole_user
|
|
||||||
''')
|
|
||||||
expected_stdout = tick_box + ' Checking for user \'pihole\''
|
|
||||||
assert expected_stdout in user_create.stdout
|
|
||||||
# situation where only group and no user exists
|
|
||||||
Pihole.run(sudo_cmd.format('userdel -r pihole'))
|
|
||||||
user_create = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
create_pihole_user
|
|
||||||
''')
|
|
||||||
expected_stdout = tick_box + ' Creating user \'pihole\''
|
|
||||||
assert expected_stdout in user_create.stdout
|
|
||||||
# situation where only user and no group exists
|
|
||||||
Pihole.run(sudo_cmd.format('userdel -r pihole'))
|
|
||||||
Pihole.run(sudo_cmd.format('groupdel pihole'))
|
|
||||||
Pihole.run(sudo_cmd.format('groupadd pihole_dummy'))
|
|
||||||
useradd_dummy = (
|
|
||||||
'useradd -r --no-user-group -g pihole_dummy ' +
|
|
||||||
'-s /usr/sbin/nologin pihole')
|
|
||||||
Pihole.run(sudo_cmd.format(useradd_dummy))
|
|
||||||
user_create = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
create_pihole_user
|
|
||||||
''')
|
|
||||||
expected_stdout = tick_box + ' Creating group \'pihole\''
|
|
||||||
assert expected_stdout in user_create.stdout
|
|
||||||
expected_stdout = tick_box + ' Adding user \'pihole\' to group \'pihole\''
|
|
||||||
assert expected_stdout in user_create.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_firewalld_running_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms firewalld rules are applied when firewallD is running
|
|
||||||
'''
|
|
||||||
# firewallD returns 'running' as status
|
|
||||||
mock_command('firewall-cmd', {'*': ('running', 0)}, Pihole)
|
|
||||||
# Whiptail dialog returns Ok for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', 0)}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
|
|
||||||
assert 'firewall-cmd --state' in firewall_calls
|
|
||||||
assert ('firewall-cmd '
|
|
||||||
'--permanent '
|
|
||||||
'--add-service=http '
|
|
||||||
'--add-service=dns') in firewall_calls
|
|
||||||
assert 'firewall-cmd --reload' in firewall_calls
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms firewalld rules are not applied when firewallD is not running
|
|
||||||
'''
|
|
||||||
# firewallD returns non-running status
|
|
||||||
mock_command('firewall-cmd', {'*': ('not running', '1')}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = ('No active firewall detected.. '
|
|
||||||
'skipping firewall configuration')
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms firewalld rules are not applied when firewallD is running, user
|
|
||||||
declines ruleset
|
|
||||||
'''
|
|
||||||
# firewallD returns running status
|
|
||||||
mock_command('firewall-cmd', {'*': ('running', 0)}, Pihole)
|
|
||||||
# Whiptail dialog returns Cancel for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', 1)}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'Not installing firewall rulesets.'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_no_firewall(Pihole):
|
|
||||||
''' confirms firewall skipped no daemon is running '''
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'No active firewall detected'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms IPTables rules are not applied when IPTables is running, user
|
|
||||||
declines ruleset
|
|
||||||
'''
|
|
||||||
# iptables command exists
|
|
||||||
mock_command('iptables', {'*': ('', '0')}, Pihole)
|
|
||||||
# modinfo returns always true (ip_tables module check)
|
|
||||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
|
||||||
# Whiptail dialog returns Cancel for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', '1')}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'Not installing firewall rulesets.'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms IPTables rules are not applied when IPTables is running and rules
|
|
||||||
exist
|
|
||||||
'''
|
|
||||||
# iptables command exists and returns 0 on calls
|
|
||||||
# (should return 0 on iptables -C)
|
|
||||||
mock_command('iptables', {'-S': ('-P INPUT DENY', '0')}, Pihole)
|
|
||||||
# modinfo returns always true (ip_tables module check)
|
|
||||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
|
||||||
# Whiptail dialog returns Cancel for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'Installing new IPTables firewall rulesets'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
|
|
||||||
# General call type occurrences
|
|
||||||
assert len(re.findall(r'iptables -S', firewall_calls)) == 1
|
|
||||||
assert len(re.findall(r'iptables -C', firewall_calls)) == 4
|
|
||||||
assert len(re.findall(r'iptables -I', firewall_calls)) == 0
|
|
||||||
|
|
||||||
# Specific port call occurrences
|
|
||||||
assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 1
|
|
||||||
assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 1
|
|
||||||
assert len(re.findall(r'udp --dport 53', firewall_calls)) == 1
|
|
||||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 1
|
|
||||||
|
|
||||||
|
|
||||||
def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
|
|
||||||
'''
|
|
||||||
confirms IPTables rules are applied when IPTables is running and rules do
|
|
||||||
not exist
|
|
||||||
'''
|
|
||||||
# iptables command and returns 0 on calls (should return 1 on iptables -C)
|
|
||||||
mock_command(
|
|
||||||
'iptables',
|
|
||||||
{
|
|
||||||
'-S': (
|
|
||||||
'-P INPUT DENY',
|
|
||||||
'0'
|
|
||||||
),
|
|
||||||
'-C': (
|
|
||||||
'',
|
|
||||||
1
|
|
||||||
),
|
|
||||||
'-I': (
|
|
||||||
'',
|
|
||||||
0
|
|
||||||
)
|
|
||||||
},
|
|
||||||
Pihole
|
|
||||||
)
|
|
||||||
# modinfo returns always true (ip_tables module check)
|
|
||||||
mock_command('modinfo', {'*': ('', '0')}, Pihole)
|
|
||||||
# Whiptail dialog returns Cancel for user prompt
|
|
||||||
mock_command('whiptail', {'*': ('', '0')}, Pihole)
|
|
||||||
configureFirewall = Pihole.run('''
|
|
||||||
source /opt/pihole/basic-install.sh
|
|
||||||
configureFirewall
|
|
||||||
''')
|
|
||||||
expected_stdout = 'Installing new IPTables firewall rulesets'
|
|
||||||
assert expected_stdout in configureFirewall.stdout
|
|
||||||
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
|
|
||||||
# General call type occurrences
|
|
||||||
assert len(re.findall(r'iptables -S', firewall_calls)) == 1
|
|
||||||
assert len(re.findall(r'iptables -C', firewall_calls)) == 4
|
|
||||||
assert len(re.findall(r'iptables -I', firewall_calls)) == 4
|
|
||||||
|
|
||||||
# Specific port call occurrences
|
|
||||||
assert len(re.findall(r'tcp --dport 80', firewall_calls)) == 2
|
|
||||||
assert len(re.findall(r'tcp --dport 53', firewall_calls)) == 2
|
|
||||||
assert len(re.findall(r'udp --dport 53', firewall_calls)) == 2
|
|
||||||
assert len(re.findall(r'tcp --dport 4711:4720', firewall_calls)) == 2
|
|
||||||
|
|
||||||
|
|
||||||
def test_selinux_not_detected(Pihole):
|
def test_selinux_not_detected(Pihole):
|
||||||
'''
|
'''
|
||||||
confirms installer continues when SELinux configuration file does not exist
|
confirms installer continues when SELinux configuration file does not exist
|
||||||
|
|
Loading…
Reference in a new issue