nodogsplash/files/etc/init.d/nodogsplash

   1 #!/bin/sh /etc/rc.common
   2
   3 #
   4 # Startup/shutdown script for nodogsplash captive portal
   5 #
   6
   7 START=95
   8 STOP=95
   9
  10 USE_PROCD=1
  11
  12 IPT=/usr/sbin/iptables
  13 WD_DIR=/usr/bin
  14
  15 # Run in PROCD (-f) and log to SYSLOG (-s)
  16 OPTIONS="-f -s"
  17 #
  18
  19 CONFIG=""
  20
  21
  22 addline() {
  23   append CONFIG "$1" "$N"
  24 }
  25
  26 setup_mac_lists() {
  27   local cfg="$1"
  28   local macs=""
  29   local val
  30
  31   append_mac() {
  32     append macs "$1" ","
  33   }
  34
  35   config_get val "$cfg" macmechanism
  36   if [ -z "$val" ]; then
  37     # Check if we have AllowedMACList or BlockedMACList defined they will be ignored
  38     config_get val "$cfg" allowedmac
  39     if [ -n "$val" ]; then
  40       echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
  41     fi
  42
  43     config_get val "$cfg" blockedmac
  44     if [ -n "$val" ]; then
  45       echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
  46     fi
  47   elif [ "$val" = "allow" ]; then
  48     config_list_foreach "$cfg" allowedmac append_mac
  49     addline "MACmechanism allow"
  50     addline "AllowedMACList $macs"
  51   elif [ "$val" = "block" ]; then
  52     config_list_foreach "$cfg" blockedmac append_mac
  53     addline "MACmechanism block"
  54     addline "BlockedMACList $macs"
  55   else
  56     echo "Invalid macmechanism '$val' - allow or block are valid." >&2
  57     return 1
  58   fi
  59
  60   macs=""
  61   config_list_foreach "$cfg" trustedmac append_mac
  62   if [ -n "$macs" ]; then
  63     addline "TrustedMACList $macs"
  64   fi
  65
  66   return 0
  67 }
  68
  69 setup_firewall() {
  70   local cfg="$1"
  71   local uci_name
  72   local val
  73
  74   append_firewall() {
  75     addline "  FirewallRule $1"
  76   }
  77
  78   for rule in authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router; do
  79     # uci does not allow dashes
  80     uci_name=${rule//-/_}
  81     addline "FirewallRuleSet $rule {"
  82     config_list_foreach "$cfg" "$uci_name" append_firewall
  83     addline "}"
  84     config_get val "$cfg" "policy_${uci_name}"
  85     if [ -n "$val" ]; then
  86       addline "EmptyRuleSetPolicy $rule $val"
  87     fi
  88   done
  89 }
  90
  91 wait_for_interface() {
  92   local ifname="$1"
  93   local timeout=10
  94
  95   for i in $(seq $timeout); do
  96     if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then
  97       break
  98     fi
  99     sleep 1
 100     if [ $i = $timeout ]; then
 101       echo "Interface $ifname not detected." >&2
 102       return 1
 103     fi
 104   done
 105
 106   return 0
 107 }
 108
 109 generate_uci_config() {
 110   local cfg="$1"
 111   local val
 112   local ifname
 113   local download
 114   local upload
 115
 116   # Init config file content
 117   CONFIG="# auto-generated config file from /etc/config/nodogsplash"
 118
 119   config_get val "$cfg" config
 120   if [ -n "$val" ]; then
 121     if [ ! -f "$val" ]; then
 122       echo "Configuration file '$file' doesn't exist." >&2
 123       return 1
 124     fi
 125     addline "$(cat $val)"
 126   fi
 127
 128   config_get ifname "$cfg" gatewayinterface
 129
 130   # Get device name if interface name is a section name in /etc/config/network
 131   if network_get_device tmp "$ifname"; then
 132     ifname="$tmp"
 133   fi
 134
 135   if [ -z "$ifname" ]; then
 136     echo "Option network or gatewayinterface missing." >&2
 137     return 1
 138   fi
 139
 140   wait_for_interface "$ifname" || return 1
 141
 142   addline "GatewayInterface $ifname"
 143
 144   for option in preauth binauth \
 145     daemon debuglevel maxclients gatewayname gatewayinterface gatewayiprange \
 146     gatewayaddress gatewayport webroot splashpage statuspage \
 147     redirecturl sessiontimeout preauthidletimeout authidletimeout checkinterval \
 148     setmss mssvalue trafficcontrol downloadlimit uploadlimit \
 149     syslogfacility ndsctlsocket fw_mark_authenticated \
 150     fw_mark_blocked fw_mark_trusted
 151   do
 152     config_get val "$cfg" "$option"
 153
 154     if [ -n "$val" ]; then
 155       addline "$option $val"
 156     fi
 157   done
 158   for option in fasport fasremoteip faspath fas_secure_enabled ; do
 159     config_get val "$cfg" "$option"
 160     if [ -n "$val" ]; then
 161       echo "Warning: nodogsplash does not support $val"
 162       return 1
 163     fi
 164   done
 165   config_get download "$cfg" downloadlimit
 166   config_get upload "$cfg" uploadlimit
 167
 168   if [ -n "$upload" -o -n "$download" ]; then
 169     addline "TrafficControl yes"
 170   fi
 171
 172   setup_mac_lists "$cfg" || return 1
 173   setup_firewall "$cfg"
 174
 175   echo "$CONFIG" > "/tmp/etc/nodogsplash_$cfg.conf"
 176   return 0
 177 }
 178
 179 # setup configuration and start instance
 180 create_instance() {
 181   local cfg="$1"
 182   local val
 183
 184   config_get_bool val "$cfg" enabled 0
 185   [ $val -gt 0 ] || return 0
 186
 187   if ! generate_uci_config "$cfg"; then
 188     echo "Can not generate uci config. Will not start instance $cfg." >&2
 189     return 1
 190   fi
 191
 192   procd_open_instance $cfg
 193   procd_set_param command /usr/bin/nodogsplash -c "/tmp/etc/nodogsplash_$cfg.conf" $OPTIONS
 194   procd_set_param respawn
 195   procd_set_param file "/tmp/etc/nodogsplash_$cfg.conf"
 196   procd_close_instance
 197 }
 198
 199 start_service() {
 200   # For network_get_device()
 201   include /lib/functions
 202
 203   # For nodogsplash.conf file
 204   mkdir -p /tmp/etc/
 205
 206   config_load nodogsplash
 207   config_foreach create_instance nodogsplash
 208 }
 209
 210 stop_service() {
 211   # When procd terminates nodogsplash, it does not exit fast enough.
 212   # Otherwise procd will restart nodogsplash twice. First time starting
 213   # nodogsplash fails, second time it succeeds.
 214   sleep 1
 215 }