START=99
USE_PROCD=1
-PROG=/usr/bin/wifidogx
+NAME=wifidogx
+PROG=/usr/bin/${NAME}
CONFIGFILE=/tmp/wifidogx.conf
-extra_command "status" "Print the status of the service"
-
-PX5G_BIN="/usr/sbin/px5g"
-OPENSSL_BIN="/usr/bin/openssl"
-APFREE_CERT="/etc/apfree.crt"
-APFREE_KEY="/etc/apfree.key"
-
-generate_keys() {
- local days bits country state location commonname
- local UNIQUEID GENKEY_CMD
-
- # Prefer px5g for certificate generation (existence evaluated last)
- UNIQUEID=$(hexdump -n 4 -e '4/1 "%02x" "\n"' /dev/urandom)
- [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
- [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
- [ -n "$GENKEY_CMD" ] && {
- $GENKEY_CMD \
- -days "${days:-720}" -newkey rsa:"${bits:-2048}" -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
- -subj /C="${country:-CN}"/ST="${state:-Beijing}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
- sync
- mv "${APFREE_KEY}.new" "${APFREE_KEY}"
- mv "${APFREE_CERT}.new" "${APFREE_CERT}"
- }
-}
-
service_trigger() {
- procd_add_reload_trigger "wifidogx"
-}
-
-echo_firewall_rule() {
- echo " FirewallRule $1"
-}
-
-prepare_mqtt_conf() {
- local cfg=$1
- local serveraddr
- local serverport
-
- config_get serveraddr "$cfg" "serveraddr"
- config_get serverport "$cfg" "serverport"
- [ -z "${serveraddr}" ] || [ -z "${serverport}" ] && return 1
-
- cat <<-EOF >>${CONFIGFILE}
- MQTT {
- ServerAddr ${serveraddr}
- ServerPort ${serverport}
- }
- EOF
+ procd_add_reload_trigger ${NAME}
}
prepare_wifidog_conf() {
- local cfg=$1
- local disabled
- local gateway_id
- local gateway_interface
- local auth_server_hostname
- local auth_server_path
- local auth_server_path_login
- local auth_server_path_portal
- local auth_server_path_msg
- local auth_server_path_ping
- local auth_server_path_auth
- local delta_traffic
- local check_interval
- local client_timeout
- local trusted_domains
- local js_filter
- local trusted_maclist
- local untrusted_maclist
- local pool_mode
- local thread_number
- local queue_size
- local wired_passed
- local trusted_iplist
- local trusted_pan_domains
- local proxy_port
- local no_auth
- local apple_cna
- local update_domain_interval
- local dns_timeout
- local default_gateway_id
- local external_interface
- local auth_server_port
[ -f ${CONFIGFILE} ] && rm -f ${CONFIGFILE}
- config_get disabled "${cfg}" "disabled" 1
- if [ "${disabled}" = "1" ]; then
- echo "wifidogx disabled in /etc/config/wifidogx file, please set disabled to 0 to enable it" >&2
- return
- fi
-
- default_gateway_id=$(sed -e 's/://g' /sys/class/net/br-lan/address)
-
network_get_device external_interface wan
- config_get gateway_id "${cfg}" "gateway_id" "${default_gateway_id}"
- config_get gateway_interface "${cfg}" "gateway_interface" "br-lan"
- config_get auth_server_hostname "${cfg}" "auth_server_hostname"
- config_get auth_server_port "${cfg}" "auth_server_port" "80"
- config_get auth_server_path "${cfg}" "auth_server_path" "/wifidog/"
- config_get auth_server_path_login "${cfg}" "auth_server_path_login"
- config_get auth_server_path_portal "${cfg}" "auth_server_path_portal"
- config_get auth_server_path_msg "${cfg}" "auth_server_path_msg"
- config_get auth_server_path_ping "${cfg}" "auth_server_path_ping"
- config_get auth_server_path_auth "${cfg}" "auth_server_path_auth"
- config_get delta_traffic "${cfg}" "delta_traffic"
- config_get check_interval "${cfg}" "check_interval" "60"
- config_get js_filter "${cfg}" "js_filter" 1
- config_get client_timeout "${cfg}" "client_timeout" "5"
- config_get trusted_domains "${cfg}" "trusted_domains"
- config_get trusted_maclist "${cfg}" "trusted_maclist"
- config_get untrusted_maclist "${cfg}" "untrusted_maclist"
- config_get pool_mode "${cfg}" "pool_mode" 0
- config_get thread_number "${cfg}" "thread_number" 20
- config_get queue_size "${cfg}" "queue_size" 200
- config_get wired_passed "${cfg}" "wired_passed" 1
- config_get trusted_iplist "${cfg}" "trusted_iplist"
- config_get trusted_pan_domains "${cfg}" "trusted_pan_domains"
- config_get proxy_port "${cfg}" "proxy_port"
- config_get no_auth "${cfg}" "no_auth"
- config_get apple_cna "${cfg}" "bypass_apple_cna"
- config_get update_domain_interval "${cfg}" "update_domain_interval"
- config_get dns_timeout "${cfg}" "dns_timeout"
-
- local set_auth_server_path_login
- local set_auth_server_path_portal
- local set_auth_server_path_msg
- local set_auth_server_path_ping
- local set_auth_server_path_auth
- local set_delta_traffic
- local set_trusted_maclist
- local set_untrusted_maclist
- local set_trusted_domains
- local set_trusted_iplist
- local set_trusted_pan_domains
- local set_proxy_port
- local set_no_auth
- local set_firewall_rule_global
- local set_firewall_rule_validating_users
- local set_firewall_rule_known_users
- local set_firewall_rule_auth_is_down
- local set_firewall_rule_unknown_users
- local set_firewall_rule_locked_users
- local set_apple_cna
- local set_update_domain_interval
- local set_dns_timeout
-
- set_auth_server_path_login=$([ -n "$auth_server_path_login" ] && echo " LoginScriptPathFragment $auth_server_path_login")
- set_auth_server_path_portal=$([ -n "$auth_server_path_portal" ] && echo " PortalScriptPathFragment $auth_server_path_portal")
- set_auth_server_path_msg=$([ -n "$auth_server_path_msg" ] && echo " MsgScriptPathFragment $auth_server_path_msg")
- set_auth_server_path_ping=$([ -n "$auth_server_path_ping" ] && echo " PingScriptPathFragment $auth_server_path_ping")
- set_auth_server_path_auth=$([ -n "$auth_server_path_auth" ] && echo " AuthScriptPathFragment $auth_server_path_auth")
- set_delta_traffic=$([ -n "$delta_traffic" ] && echo "DeltaTraffic $delta_traffic")
- set_trusted_maclist=$([ -n "$trusted_maclist" ] && echo "TrustedMACList $trusted_maclist")
- set_untrusted_maclist=$([ -n "$untrusted_maclist" ] && echo "UntrustedMACList $untrusted_maclist")
- set_trusted_domains=$([ -n "$trusted_domains" ] && echo "TrustedDomains $trusted_domains")
- set_trusted_iplist=$([ -n "$trusted_iplist" ] && echo "TrustedIpList $trusted_iplist")
- set_trusted_pan_domains=$([ -n "$trusted_pan_domains" ] && echo "TrustedPanDomains $trusted_pan_domains")
- set_proxy_port=$([ -n "$proxy_port" ] && echo "Proxyport $proxy_port")
- set_no_auth=$([ -n "$no_auth" ] && echo "NoAuth $no_auth")
- set_firewall_rule_global=$(config_list_foreach "$cfg" "firewall_rule_global" echo_firewall_rule)
- set_firewall_rule_validating_users=$(config_list_foreach "$cfg" "firewall_rule_validating_users" echo_firewall_rule)
- set_firewall_rule_known_users=$(config_list_foreach "$cfg" "firewall_rule_known_users" echo_firewall_rule)
- set_firewall_rule_auth_is_down=$(config_list_foreach "$cfg" "firewall_rule_auth_is_down" echo_firewall_rule)
- set_firewall_rule_unknown_users=$(config_list_foreach "$cfg" "firewall_rule_unknown_users" echo_firewall_rule)
- set_firewall_rule_locked_users=$(config_list_foreach "$cfg" "firewall_rule_locked_users" echo_firewall_rule)
- set_apple_cna=$([ -n "$apple_cna" ] && echo "BypassAppleCNA $apple_cna")
- set_update_domain_interval=$([ -n "$update_domain_interval" ] && echo "UpdateDomainInterval $update_domain_interval")
- set_dns_timeout=$([ -n "$dns_timeout" ] && echo "DNSTimeout $dns_timeout")
-
- cat <<-EOF >$CONFIGFILE
- GatewayID $gateway_id
- GatewayInterface $gateway_interface
- Externalinterface $external_interface
-
- AuthServer {
- Hostname $auth_server_hostname
- HTTPPort $auth_server_port
- Path $auth_server_path
- $set_auth_server_path_login
- $set_auth_server_path_portal
- $set_auth_server_path_msg
- $set_auth_server_path_ping
- $set_auth_server_path_auth
- }
-
- $set_delta_traffic
- CheckInterval $check_interval
- ClientTimeout $client_timeout
- JsFilter $js_filter
- WiredPassed $wired_passed
- $set_trusted_domains
- $set_untrusted_maclist
- $set_trusted_maclist
- $set_trusted_iplist
- $set_trusted_pan_domains
- $set_proxy_port
- $set_no_auth
- $set_apple_cna
- $set_update_domain_interval
- $set_dns_timeout
-
- FirewallRuleSet global {
- $set_firewall_rule_global
- }
-
- FirewallRuleSet validating-users {
- $set_firewall_rule_validating_users
- FirewallRule allow to 0.0.0.0/0
- }
-
- FirewallRuleSet known-users {
- $set_firewall_rule_known_users
- FirewallRule allow to 0.0.0.0/0
- }
-
- FirewallRuleSet auth-is-down {
- $set_firewall_rule_auth_is_down
- }
-
- FirewallRuleSet unknown-users {
- $set_firewall_rule_unknown_users
- FirewallRule allow udp port 53
- FirewallRule allow tcp port 53
- FirewallRule allow udp port 67
- FirewallRule allow tcp port 67
- }
-
- FirewallRuleSet locked-users {
- $set_firewall_rule_locked_users
- FirewallRule block to 0.0.0.0/0
- }
-EOF
+ uci_validate_section ${NAME} ${NAME} common \
+ 'enabled:bool:0' \
+ 'gateway_id:string' \
+ 'gateway_interface:string:br-lan' \
+ 'external_interface:string:external_interface' \
+ 'auth_server_hostname:string' \
+ 'auth_server_port:port:443' \
+ 'auth_server_path:string:/wifidog/' \
+ 'check_interval:integer:60' \
+ 'client_timeout:integer:5' \
+ 'js_filter:bool:1' \
+ 'wired_passed:bool:1' \
+ 'apple_cna:bool:0' \
+ 'js_filter:bool:1'
+
+ # if gateway_id is not set, get it from br-lan
+ if [ -z "$gateway_id" ]; then
+ gateway_id=$(sed -e 's/://g' /sys/class/net/${gateway_interface}/address)
+ # uci add gateway_id to config file
+ uci set ${NAME}.common.gateway_id=$gateway_id
+ uci commit ${NAME}
+ fi
+
+ # set above variables to config file
+ echo "GatewayID $gateway_id" > ${CONFIGFILE}
+ echo "GatewayInterface $gateway_interface" >> ${CONFIGFILE}
+ echo "ExternalInterface $external_interface" >> ${CONFIGFILE}
+ echo "AuthServer {
+ Hostname $auth_server_hostname
+ HTTPPort $auth_server_port
+ Path $auth_server_path
+}" >> ${CONFIGFILE}
+ echo "CheckInterval $check_interval" >> ${CONFIGFILE}
+ echo "ClientTimeout $client_timeout" >> ${CONFIGFILE}
+ echo "JsFilter $js_filter" >> ${CONFIGFILE}
+ echo "WiredPassed $wired_passed" >> ${CONFIGFILE}
+ echo "BypassAppleCNA $apple_cna" >> ${CONFIGFILE}
}
init_config() {
- config_load wifidogx
- config_foreach prepare_wifidog_conf wifidog
+
+ prepare_wifidog_conf
if [ ! -f ${CONFIGFILE} ]; then
echo "no wifidogx.conf, exit..." >&2
exit
fi
-
- if [ ! -s "${APFREE_CERT}" ] || [ ! -s "${APFREE_KEY}" ]; then
- generate_keys
- fi
-
- if [ ! -s ${APFREE_KEY} ] || [ ! -s ${APFREE_CERT} ]; then
- echo "no cert or key, exit..." >&2
- exit
- fi
-
- config_foreach prepare_mqtt_conf mqtt
-
- sed -i -e '/^$/d' ${CONFIGFILE}
}
start_service() {
+ config_load $NAME
+
init_config
+ [ "$enabled" -eq 0 ] && {
+ echo "wifidogx is disabled, exit..." >&2
+ exit 0
+ }
+
procd_open_instance
# -f: run in foreground
procd_set_param command $PROG -c $CONFIGFILE -f -d 0
status_service() {
/usr/bin/wdctlx status
}
+
+reload_service() {
+ stop
+ start
+}
\ No newline at end of file
+++ /dev/null
-From 53a042836063e965f8df9fc85bb32e8e46da8a05 Mon Sep 17 00:00:00 2001
-From: staylightblow8 <liudf0716@gmail.com>
-Date: Thu, 20 Oct 2022 10:47:59 +0800
-Subject: [PATCH] support openssl > 3.0
-
----
- cmake/Modules/FindOpenSSL.cmake | 27 +++++++++++++++++++++++----
- 1 file changed, 23 insertions(+), 4 deletions(-)
-
---- a/cmake/Modules/FindOpenSSL.cmake
-+++ b/cmake/Modules/FindOpenSSL.cmake
-@@ -282,11 +282,11 @@ function(from_hex HEX DEC)
- set(${DEC} ${_res} PARENT_SCOPE)
- endfunction()
-
--if (OPENSSL_INCLUDE_DIR)
-- if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
-- file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
-- REGEX "^# *define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
-+if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
-+ file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" openssl_version_str
-+ REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
-
-+ if(openssl_version_str)
- # The version number is encoded as 0xMNNFFPPS: major minor fix patch status
- # The status gives if this is a developer or prerelease and is ignored here.
- # Major, minor, and fix directly translate into the version numbers shown in
-@@ -315,6 +315,25 @@ if (OPENSSL_INCLUDE_DIR)
- endif ()
-
- set(OPENSSL_VERSION "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_FIX}${OPENSSL_VERSION_PATCH_STRING}")
-+ else ()
-+ # Since OpenSSL 3.0.0, the new version format is MAJOR.MINOR.PATCH and
-+ # a new OPENSSL_VERSION_STR macro contains exactly that
-+ file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" OPENSSL_VERSION_STR
-+ REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*")
-+ string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
-+ "\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}")
-+
-+ set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
-+
-+ # Setting OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR and OPENSSL_VERSION_FIX
-+ string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
-+ list(POP_FRONT OPENSSL_VERSION_NUMBER
-+ OPENSSL_VERSION_MAJOR
-+ OPENSSL_VERSION_MINOR
-+ OPENSSL_VERSION_FIX)
-+
-+ unset(OPENSSL_VERSION_NUMBER)
-+ unset(OPENSSL_VERSION_STR)
- endif ()
- endif ()
-
projects / feed / packages.git / commitdiff