diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7fd0e4e4..4685aa2c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 43d5ca96..0ff0a24a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Remove 'stale' label run: gh issue edit ${{ github.event.issue.number }} --remove-label $stale_label env: diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml index 5435b7db..a1025629 100644 --- a/.github/workflows/sync-back-to-dev.yml +++ b/.github/workflows/sync-back-to-dev.yml @@ -33,7 +33,7 @@ jobs: name: Syncing branches steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Opening pull request run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 09462eb4..9f32302e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Check scripts in repository are executable run: | @@ -72,10 +72,10 @@ jobs: DISTRO: ${{matrix.distro}} steps: - name: Checkout repository - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Set up Python 3.10 - uses: actions/setup-python@v4.7.0 + uses: actions/setup-python@v4.7.1 with: python-version: "3.10" diff --git a/README.md b/README.md index adfd3450..eb50030b 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-c ### The Web Interface Dashboard -This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! +This [optional dashboard](https://github.com/pi-hole/web) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve! Some notable features include: diff --git a/advanced/Scripts/chronometer.sh b/advanced/Scripts/chronometer.sh index 49de6efd..fc728e17 100755 --- a/advanced/Scripts/chronometer.sh +++ b/advanced/Scripts/chronometer.sh @@ -225,7 +225,7 @@ get_sys_stats() { if [[ -n "${ph_ver_raw[0]}" ]]; then ph_core_ver="${ph_ver_raw[0]}" if [[ ${#ph_ver_raw[@]} -eq 2 ]]; then - # AdminLTE not installed + # web not installed ph_lte_ver="(not installed)" ph_ftl_ver="${ph_ver_raw[1]}" else diff --git a/advanced/Scripts/database_migration/gravity-db.sh b/advanced/Scripts/database_migration/gravity-db.sh index 851ddb0a..e36d9b1e 100755 --- a/advanced/Scripts/database_migration/gravity-db.sh +++ b/advanced/Scripts/database_migration/gravity-db.sh @@ -134,4 +134,11 @@ upgrade_gravityDB(){ pihole-FTL sqlite3 "${database}" < "${scriptPath}/15_to_16.sql" version=16 fi + if [[ "$version" == "16" ]]; then + # Add antigravity table + # Add column type to adlist table (to support adlist types) + echo -e " ${INFO} Upgrading gravity database from version 16 to 17" + pihole-FTL sqlite3 "${database}" < "${scriptPath}/16_to_17.sql" + version=17 + fi } diff --git a/advanced/Scripts/database_migration/gravity/16_to_17.sql b/advanced/Scripts/database_migration/gravity/16_to_17.sql new file mode 100644 index 00000000..23532e3a --- /dev/null +++ b/advanced/Scripts/database_migration/gravity/16_to_17.sql @@ -0,0 +1,27 @@ +.timeout 30000 + +PRAGMA FOREIGN_KEYS=OFF; + +BEGIN TRANSACTION; + +ALTER TABLE adlist ADD COLUMN type INTEGER NOT NULL DEFAULT 0; + +UPDATE adlist SET type = 0; + +CREATE VIEW vw_antigravity AS SELECT domain, adlist_by_group.group_id AS group_id + FROM antigravity + LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = antigravity.adlist_id + LEFT JOIN adlist ON adlist.id = antigravity.adlist_id + LEFT JOIN "group" ON "group".id = adlist_by_group.group_id + WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) AND adlist.type = 1; + +DROP VIEW vw_adlist; + +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id, type + FROM adlist + WHERE enabled = 1 + ORDER BY id; + +UPDATE info SET value = 17 WHERE property = 'version'; + +COMMIT; diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index c3bc81b0..0e3bbf3d 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -397,7 +397,7 @@ os_check() { } diagnose_operating_system() { - # error message in a variable so we can easily modify it later (or re-use it) + # error message in a variable so we can easily modify it later (or reuse it) local error_msg="Distribution unknown -- most likely you are on an unsupported platform and may run into issues." # Display the current test that is running echo_current_diagnostic "Operating system" @@ -809,11 +809,15 @@ dig_at() { local record_type="A" fi - # Find a random blocked url that has not been whitelisted. + # Find a random blocked url that has not been whitelisted and is not ABP style. # This helps emulate queries to different domains that a user might query # It will also give extra assurance that Pi-hole is correctly resolving and blocking domains local random_url - random_url=$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1") + random_url=$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity WHERE domain not like '||%^' ORDER BY RANDOM() LIMIT 1") + # Fallback if no non-ABP style domains were found + if [ -z "${random_url}" ]; then + random_url="flurry.com" + fi # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is @@ -1447,7 +1451,7 @@ upload_to_tricorder() { # If no token was generated else # Show an error and some help instructions - # Skip this if being called from web interface and autmatic mode was not chosen (users opt-out to upload) + # Skip this if being called from web interface and automatic mode was not chosen (users opt-out to upload) if [[ "${WEBCALL}" ]] && [[ ! "${AUTOMATED}" ]]; then : else diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index b6153293..9dae66df 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -11,7 +11,7 @@ # Please see LICENSE file for your rights under this license. # Variables -readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/AdminLTE.git" +readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git" readonly ADMIN_INTERFACE_DIR="/var/www/html/admin" readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git" readonly PI_HOLE_FILES_DIR="/etc/.pihole" diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 7d7103d2..8bb1888b 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -91,10 +91,10 @@ addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}" WEB_HASH="$(get_local_hash /var/www/html/admin)" addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}" -GITHUB_WEB_VERSION="$(get_remote_version AdminLTE)" +GITHUB_WEB_VERSION="$(get_remote_version web)" addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}" -GITHUB_WEB_HASH="$(get_remote_hash AdminLTE "${WEB_BRANCH}")" +GITHUB_WEB_HASH="$(get_remote_hash web "${WEB_BRANCH}")" addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_HASH" "${GITHUB_WEB_HASH}" # get FTL versions diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index af86b045..e3b4a6ae 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -24,7 +24,7 @@ fi getLocalVersion() { case ${1} in "Pi-hole" ) echo "${CORE_VERSION:=N/A}";; - "AdminLTE" ) echo "${WEB_VERSION:=N/A}";; + "web" ) echo "${WEB_VERSION:=N/A}";; "FTL" ) echo "${FTL_VERSION:=N/A}";; esac } @@ -32,7 +32,7 @@ getLocalVersion() { getLocalHash() { case ${1} in "Pi-hole" ) echo "${CORE_HASH:=N/A}";; - "AdminLTE" ) echo "${WEB_HASH:=N/A}";; + "web" ) echo "${WEB_HASH:=N/A}";; "FTL" ) echo "${FTL_HASH:=N/A}";; esac } @@ -40,7 +40,7 @@ getLocalHash() { getRemoteHash(){ case ${1} in "Pi-hole" ) echo "${GITHUB_CORE_HASH:=N/A}";; - "AdminLTE" ) echo "${GITHUB_WEB_HASH:=N/A}";; + "web" ) echo "${GITHUB_WEB_HASH:=N/A}";; "FTL" ) echo "${GITHUB_FTL_HASH:=N/A}";; esac } @@ -48,7 +48,7 @@ getRemoteHash(){ getRemoteVersion(){ case ${1} in "Pi-hole" ) echo "${GITHUB_CORE_VERSION:=N/A}";; - "AdminLTE" ) echo "${GITHUB_WEB_VERSION:=N/A}";; + "web" ) echo "${GITHUB_WEB_VERSION:=N/A}";; "FTL" ) echo "${GITHUB_FTL_VERSION:=N/A}";; esac } @@ -56,7 +56,7 @@ getRemoteVersion(){ getLocalBranch(){ case ${1} in "Pi-hole" ) echo "${CORE_BRANCH:=N/A}";; - "AdminLTE" ) echo "${WEB_BRANCH:=N/A}";; + "web" ) echo "${WEB_BRANCH:=N/A}";; "FTL" ) echo "${FTL_BRANCH:=N/A}";; esac } @@ -107,7 +107,7 @@ errorOutput() { defaultOutput() { versionOutput "Pi-hole" "$@" - versionOutput "AdminLTE" "$@" + versionOutput "web" "$@" versionOutput "FTL" "$@" } @@ -118,7 +118,7 @@ Show Pi-hole, Admin Console & FTL versions Repositories: -p, --pihole Only retrieve info regarding Pi-hole repository - -a, --admin Only retrieve info regarding AdminLTE repository + -a, --admin Only retrieve info regarding web repository -f, --ftl Only retrieve info regarding FTL repository Options: @@ -131,7 +131,7 @@ Options: case "${1}" in "-p" | "--pihole" ) shift; versionOutput "Pi-hole" "$@";; - "-a" | "--admin" ) shift; versionOutput "AdminLTE" "$@";; + "-a" | "--admin" ) shift; versionOutput "web" "$@";; "-f" | "--ftl" ) shift; versionOutput "FTL" "$@";; "-h" | "--help" ) helpFunc;; * ) defaultOutput "$@";; diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh deleted file mode 100755 index 67cbe766..00000000 --- a/advanced/Scripts/webpage.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC1090 -# shellcheck disable=SC2154 - - -# Pi-hole: A black hole for Internet advertisements -# (c) 2017 Pi-hole, LLC (https://pi-hole.net) -# Network-wide ad blocking via your own hardware. -# -# Web interface settings -# -# This file is copyright under the latest version of the EUPL. -# Please see LICENSE file for your rights under this license. - -# TODO - this entire file might be able to be removed in v6 - -readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" -readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf" -readonly FTLconf="/etc/pihole/pihole-FTL.conf" -# 03 -> wildcards -readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf" -readonly dnscustomfile="/etc/pihole/custom.list" -readonly dnscustomcnamefile="/etc/dnsmasq.d/05-pihole-custom-cname.conf" - -readonly gravityDBfile="/etc/pihole/gravity.db" - - -readonly setupVars="/etc/pihole/setupVars.conf" -readonly PI_HOLE_BIN_DIR="/usr/local/bin" - -# Root of the web server -readonly webroot="/var/www/html" - -# Source utils script -utilsfile="/opt/pihole/utils.sh" -source "${utilsfile}" - -coltable="/opt/pihole/COL_TABLE" -if [[ -f ${coltable} ]]; then - source ${coltable} -fi - -helpFunc() { - echo "Usage: pihole -a [options] -Example: pihole -a -p password -Set options for the API/Web interface - -Options: - -p, password Set API/Web interface password - -h, --help Show this help dialog" - exit 0 -} - -# TODO: We can probably remove the reliance on this function too, just tell people to pihole-FTL --config webserver.api.password "password" -SetWebPassword() { - if (( ${#args[2]} > 0 )) ; then - readonly PASSWORD="${args[2]}" - readonly CONFIRM="${PASSWORD}" - else - # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. - # So we reset the terminal via stty if the user does press Ctrl+C - trap '{ echo -e "\nNot changed" ; stty sane ; exit 1; }' INT - read -s -r -p "Enter New Password (Blank for no password): " PASSWORD - echo "" - - if [ "${PASSWORD}" == "" ]; then - setFTLConfigValue "webserver.api.pwhash" "" >/dev/null - echo -e " ${TICK} Password Removed" - exit 0 - fi - - read -s -r -p "Confirm Password: " CONFIRM - echo "" - fi - - if [ "${PASSWORD}" == "${CONFIRM}" ] ; then - # pihole-FTL will automatically hash the password - setFTLConfigValue "webserver.api.password" "${PASSWORD}" >/dev/null - echo -e " ${TICK} New password set" - else - echo -e " ${CROSS} Passwords don't match. Your password has not been changed" - exit 1 - fi -} - -main() { - args=("$@") - - case "${args[1]}" in - "-p" | "password" ) SetWebPassword;; - "-h" | "--help" ) helpFunc;; - * ) helpFunc;; - esac - - shift - - if [[ $# = 0 ]]; then - helpFunc - fi -} diff --git a/advanced/Templates/gravity.db.sql b/advanced/Templates/gravity.db.sql index 881cfcc3..46f26ba7 100644 --- a/advanced/Templates/gravity.db.sql +++ b/advanced/Templates/gravity.db.sql @@ -36,7 +36,8 @@ CREATE TABLE adlist number INTEGER NOT NULL DEFAULT 0, invalid_domains INTEGER NOT NULL DEFAULT 0, status INTEGER NOT NULL DEFAULT 0, - abp_entries INTEGER NOT NULL DEFAULT 0 + abp_entries INTEGER NOT NULL DEFAULT 0, + type INTEGER NOT NULL DEFAULT 0 ); CREATE TABLE adlist_by_group @@ -52,13 +53,19 @@ CREATE TABLE gravity adlist_id INTEGER NOT NULL REFERENCES adlist (id) ); +CREATE TABLE antigravity +( + domain TEXT NOT NULL, + adlist_id INTEGER NOT NULL REFERENCES adlist (id) +); + CREATE TABLE info ( property TEXT PRIMARY KEY, value TEXT NOT NULL ); -INSERT INTO "info" VALUES('version','16'); +INSERT INTO "info" VALUES('version','17'); CREATE TABLE domain_audit ( @@ -144,7 +151,14 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id LEFT JOIN "group" ON "group".id = adlist_by_group.group_id WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1); -CREATE VIEW vw_adlist AS SELECT DISTINCT address, id +CREATE VIEW vw_antigravity AS SELECT domain, adlist_by_group.group_id AS group_id + FROM antigravity + LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = antigravity.adlist_id + LEFT JOIN adlist ON adlist.id = antigravity.adlist_id + LEFT JOIN "group" ON "group".id = adlist_by_group.group_id + WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) AND adlist.type = 1; + +CREATE VIEW vw_adlist AS SELECT DISTINCT address, id, type FROM adlist WHERE enabled = 1 ORDER BY id; diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index ff4abf3a..abeaabc4 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -9,22 +9,26 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" # Get file paths FTL_PID_FILE="$(getFTLPIDFile)" -# Touch files to ensure they exist (create if non-existing, preserve if existing) +# Ensure that permissions are set so that pihole-FTL can edit all necessary files # shellcheck disable=SC2174 -mkdir -pm 0755 /run/pihole /var/log/pihole +mkdir -pm 0640 /var/log/pihole +chown -R pihole:pihole /etc/pihole /var/log/pihole +chmod -R 0640 /var/log/pihole +chmod -R 0660 /etc/pihole + +# allow all users to enter the directories +chmod 0755 /etc/pihole /var/log/pihole + +# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs) +# credits https://stackoverflow.com/a/11512211 +find /etc/pihole -type d -exec chmod 0755 {} \; + +# Touch files to ensure they exist (create if non-existing, preserve if existing) [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" -[ -f /var/log/pihole/FTL.log ] || install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log +[ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log [ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases -# Ensure that permissions are set so that pihole-FTL can edit all necessary files -chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases -# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist -chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log -chmod -f 0640 /var/log/pihole/pihole.log -# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist -chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db -# Chmod database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist -chmod -f 0664 /etc/pihole/pihole-FTL.db + # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole # Should be removed with Pi-hole v6.0 diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index e3d8ff29..ef2c8d52 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -64,11 +64,11 @@ webroot="/var/www/html" # We clone (or update) two git repositories during the install. This helps to make sure that we always have the latest versions of the relevant files. -# AdminLTE is used to set up the Web admin interface. +# web is used to set up the Web admin interface. # Pi-hole contains various setup scripts and files which are critical to the installation. # Search for "PI_HOLE_LOCAL_REPO" in this file to see all such scripts. # Two notable scripts are gravity.sh (used to generate the HOSTS file) and advanced/Scripts/webpage.sh (used to install the Web admin interface) -webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git" +webInterfaceGitUrl="https://github.com/pi-hole/web.git" webInterfaceDir="${webroot}/admin" piholeGitUrl="https://github.com/pi-hole/pi-hole.git" PI_HOLE_LOCAL_REPO="/etc/.pihole" @@ -1094,7 +1094,7 @@ installConfigs() { # Install empty custom.list file if it does not exist if [[ ! -r "${PI_HOLE_CONFIG_DIR}/custom.list" ]]; then - if ! install -o root -m 644 /dev/null "${PI_HOLE_CONFIG_DIR}/custom.list" &>/dev/null; then + if ! install -o pihole -g pihole -m 660 /dev/null "${PI_HOLE_CONFIG_DIR}/custom.list" &>/dev/null; then printf " %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}" return 1 fi @@ -2203,7 +2203,7 @@ main() { # Check for and disable systemd-resolved-DNSStubListener before reloading resolved # DNSStubListener needs to remain in place for installer to download needed files, # so this change needs to be made after installation is complete, - # but before starting or resarting the ftl service + # but before starting or restarting the ftl service disable_resolved_stublistener printf " %b Restarting services...\\n" "${INFO}" diff --git a/gravity.sh b/gravity.sh index ed402a34..9133d33d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -178,7 +178,7 @@ database_table_from_file() { echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}" elif [[ "${table}" == "adlist" ]]; then # Adlist table format - echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0,0" >> "${tmpFile}" + echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0,0,0" >> "${tmpFile}" else # White-, black-, and regexlist table format echo "${rowid},${list_type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\"" >> "${tmpFile}" @@ -361,6 +361,7 @@ gravity_DownloadBlocklists() { # We source only enabled adlists, SQLite3 stores boolean values as 0 (false) or 1 (true) mapfile -t sources <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)" mapfile -t sourceIDs <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT id FROM vw_adlist;" 2> /dev/null)" + mapfile -t sourceTypes <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT type FROM vw_adlist;" 2> /dev/null)" # Parse source domains from $sources mapfile -t sourceDomains <<< "$( @@ -382,7 +383,7 @@ gravity_DownloadBlocklists() { unset sources fi - local url domain agent str target compression + local url domain str target compression adlist_type echo "" # Prepare new gravity database @@ -433,14 +434,20 @@ gravity_DownloadBlocklists() { url="${sources[$i]}" domain="${sourceDomains[$i]}" id="${sourceIDs[$i]}" + if [[ "${sourceTypes[$i]}" -eq "0" ]]; then + # Gravity list + str="blocklist" + adlist_type="gravity" + else + # AntiGravity list + str="allowlist" + adlist_type="antigravity" + fi # Save the file as list.#.domain saveLocation="${piholeDir}/list.${id}.${domain}.${domainsExtension}" activeDomains[$i]="${saveLocation}" - # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-) - agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36" - echo -e " ${INFO} Target: ${url}" local regex check_url # Check for characters NOT allowed in URLs @@ -453,7 +460,7 @@ gravity_DownloadBlocklists() { if [[ "${check_url}" =~ ${regex} ]]; then echo -e " ${CROSS} Invalid Target" else - gravity_DownloadBlocklistFromUrl "${url}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" + gravity_DownloadBlocklistFromUrl "${url}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}" "${adlist_type}" fi echo "" done @@ -485,7 +492,7 @@ compareLists() { # Download specified URL and perform checks on HTTP status and file content gravity_DownloadBlocklistFromUrl() { - local url="${1}" agent="${2}" adlistID="${3}" saveLocation="${4}" target="${5}" compression="${6}" + local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}" gravity_type="${6}" local heisenbergCompensator="" listCurlBuffer str httpCode success="" ip cmd_ext # Create temp file to store content on disk instead of RAM @@ -545,7 +552,7 @@ gravity_DownloadBlocklistFromUrl() { fi # shellcheck disable=SC2086 - httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${listCurlBuffer}" 2> /dev/null) + httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2> /dev/null) case $url in # Did we "download" a local file? @@ -579,7 +586,7 @@ gravity_DownloadBlocklistFromUrl() { if [[ "${success}" == true ]]; then if [[ "${httpCode}" == "304" ]]; then # Add domains to database table file - pihole-FTL gravity parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" + pihole-FTL ${gravity_type} parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" database_adlist_status "${adlistID}" "2" done="true" # Check if $listCurlBuffer is a non-zero length file @@ -589,7 +596,7 @@ gravity_DownloadBlocklistFromUrl() { # Remove curl buffer file after its use rm "${listCurlBuffer}" # Add domains to database table file - pihole-FTL gravity parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" + pihole-FTL ${gravity_type} parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" # Compare lists, are they identical? compareLists "${adlistID}" "${saveLocation}" done="true" @@ -605,7 +612,7 @@ gravity_DownloadBlocklistFromUrl() { if [[ -r "${saveLocation}" ]]; then echo -e " ${CROSS} List download failed: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}" # Add domains to database table file - pihole-FTL gravity parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" + pihole-FTL ${gravity_type} parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}" database_adlist_status "${adlistID}" "3" else echo -e " ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}" @@ -668,10 +675,10 @@ gravity_ShowCount() { # Here we use the table "gravity" instead of the view "vw_gravity" for speed. # It's safe to replace it here, because right after a gravity run both will show the exactly same number of domains. gravity_Table_Count "gravity" "gravity domains" "" - gravity_Table_Count "vw_blacklist" "exact blacklisted domains" - gravity_Table_Count "vw_regex_blacklist" "regex blacklist filters" - gravity_Table_Count "vw_whitelist" "exact whitelisted domains" - gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters" + gravity_Table_Count "vw_blacklist" "exact denied domains" + gravity_Table_Count "vw_regex_blacklist" "regex denied filters" + gravity_Table_Count "vw_whitelist" "exact allowed domains" + gravity_Table_Count "vw_regex_whitelist" "regex allowed filters" } # Create "localhost" entries into hosts format diff --git a/manpages/pihole.8 b/manpages/pihole.8 index 1cf8ab35..fec1fa5e 100644 --- a/manpages/pihole.8 +++ b/manpages/pihole.8 @@ -212,7 +212,7 @@ Available commands and options: .br -p, --pihole Only retrieve info regarding Pi-hole repository .br - -a, --admin Only retrieve info regarding AdminLTE + -a, --admin Only retrieve info regarding web repository .br -f, --ftl Only retrieve info regarding FTL repository @@ -339,7 +339,7 @@ Displaying version information \fBpihole -v -a -c\fR .br - Display the current version of AdminLTE + Display the current version of web .br Temporarily disabling Pi-hole diff --git a/pihole b/pihole index 66771b9b..5281c715 100755 --- a/pihole +++ b/pihole @@ -30,10 +30,36 @@ if [ -f "${versionsfile}" ]; then source "${versionsfile}" fi -webpageFunc() { - source "${PI_HOLE_SCRIPT_DIR}/webpage.sh" - main "$@" - exit 0 +# TODO: We can probably remove the reliance on this function too, just tell people to pihole-FTL --config webserver.api.password "password" +SetWebPassword() { + if [ -n "$2" ] ; then + readonly PASSWORD="$2" + readonly CONFIRM="${PASSWORD}" + else + # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed. + # So we reset the terminal via stty if the user does press Ctrl+C + trap '{ echo -e "\nNot changed" ; stty sane ; exit 1; }' INT + read -s -r -p "Enter New Password (Blank for no password): " PASSWORD + echo "" + + if [ "${PASSWORD}" == "" ]; then + setFTLConfigValue "webserver.api.pwhash" "" >/dev/null + echo -e " ${TICK} Password Removed" + exit 0 + fi + + read -s -r -p "Confirm Password: " CONFIRM + echo "" + fi + + if [ "${PASSWORD}" == "${CONFIRM}" ] ; then + # pihole-FTL will automatically hash the password + setFTLConfigValue "webserver.api.password" "${PASSWORD}" >/dev/null + echo -e " ${TICK} New password set" + else + echo -e " ${CROSS} Passwords don't match. Your password has not been changed" + exit 1 + fi } listFunc() { @@ -387,26 +413,30 @@ tailFunc() { } piholeCheckoutFunc() { - if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then - echo "Usage: pihole checkout [repo] [branch] -Example: 'pihole checkout master' or 'pihole checkout core dev' -Switch Pi-hole subsystems to a different GitHub branch + if [ -n "${DOCKER_VERSION}" ]; then + unsupportedFunc + else + if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then + echo "Usage: pihole checkout [repo] [branch] + Example: 'pihole checkout master' or 'pihole checkout core dev' + Switch Pi-hole subsystems to a different GitHub branch -Repositories: - core [branch] Change the branch of Pi-hole's core subsystem - web [branch] Change the branch of Web Interface subsystem - ftl [branch] Change the branch of Pi-hole's FTL subsystem + Repositories: + core [branch] Change the branch of Pi-hole's core subsystem + web [branch] Change the branch of Web Interface subsystem + ftl [branch] Change the branch of Pi-hole's FTL subsystem -Branches: - master Update subsystems to the latest stable release - dev Update subsystems to the latest development release - branchname Update subsystems to the specified branchname" - exit 0 + Branches: + master Update subsystems to the latest stable release + dev Update subsystems to the latest development release + branchname Update subsystems to the specified branchname" + exit 0 + fi + + source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh + shift + checkout "$@" fi - - source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh - shift - checkout "$@" } tricorderFunc() { @@ -466,8 +496,7 @@ Debugging Options: Options: - -a, admin Web interface options - Add '-h' for more info on Web Interface usage + setpassword set the password for the web interface -c, chronometer Calculates stats and displays to an LCD Add '-h' for more info on chronometer usage -g, updateGravity Update the list of ad-serving domains @@ -526,7 +555,7 @@ case "${1}" in "restartdns" ) ;; "-g" | "updateGravity" ) need_root=0;; "reloaddns" ) need_root=0;; - "-a" | "admin" ) ;; + "setpassword" ) ;; "checkout" ) ;; "updatechecker" ) ;; "arpflush" ) ;; @@ -581,7 +610,7 @@ case "${1}" in "disable" ) piholeEnable 0 "$2";; "restartdns" ) restartDNS "$2";; "reloaddns" ) restartDNS "reload";; - "-a" | "admin" ) webpageFunc "$@";; + "setpassword" ) SetWebPassword "$@";; "checkout" ) piholeCheckoutFunc "$@";; "updatechecker" ) shift; updateCheckFunc "$@";; "arpflush" ) arpFunc "$@";; diff --git a/test/requirements.txt b/test/requirements.txt index 5a551fa7..27417754 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,6 +1,6 @@ pyyaml == 6.0.1 -pytest == 7.4.0 +pytest == 7.4.2 pytest-xdist == 3.3.1 -pytest-testinfra == 8.1.0 -tox == 4.6.4 +pytest-testinfra == 9.0.0 +tox == 4.11.3