1 #!/bin/sh /etc/rc.common
3 # description: Startup/shutdown script for nodogsplash captive portal
5 # Alexander Couzens <lynxis@fe80.eu> 2014
8 # (Based on wifidog startup script
11 # Comment by that author: Could be better, but it's working as expected)
19 IPT
=/usr
/sbin
/iptables
21 # -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
22 # -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
24 CONFIGFILE
="/tmp/invalid_nodogsplash.conf"
26 # nolog(loglevel message ...)
30 logger
-s -t nodogsplash
-p daemon.
$level $@
33 # append_config_option <cfgfile> <uci_cfg_obj> <option_name> <config_counterpart> [<optional default>]
34 # append "$config_counterpart $value" to cfgfile if option_name exists
35 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress 0.0.0.0
36 # will append "BindAddress 192.168.1.1" if uci bind_address is '192.168.1.1'
37 append_config_option
() {
40 local config_file
="$2"
41 local option_name
="$3"
42 local config_counterpart
="$4"
44 config_get val
"$cfg" "$option_name" "$default"
45 [ -n "$val" ] && echo "" >> $config_file
48 setup_user_authentication
() {
52 config_get_bool val
"$cfg" authenticate_immediately
0
53 [ $val -gt 0 ] && echo "AuthenticateImmediately yes" >> $CONFIGFILE
55 config_get val
"$cfg" username
56 if [ -n "${val}" ] ; then
57 echo "UsernameAuthentication" >> $CONFIGFILE
58 echo "Username ${val}" >> $CONFIGFILE
61 config_get val
"$cfg" password
62 if [ -n "${val}" ] ; then
63 echo "PasswordAuthentication" >> $CONFIGFILE
64 echo "Password ${val}" >> $CONFIGFILE
77 config_get val
"$cfg" macmechanism
78 if [ -z "${val}" ] ; then
79 # check if we have AllowedMACList or BlockedMACList defined they will be ignored
80 config_get val
"$cfg" allowedmac
81 if [ -n "${val}" ] ; then
82 echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
85 config_get val
"$cfg" blockedmac
86 if [ -n "${val}" ] ; then
87 echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
89 elif [ "${val}" == "allow" ] ; then
91 config_list_foreach
"$cfg" allowedmac append_mac
92 echo "AllowedMACList $MAC" >> $CONFIGFILE
93 elif [ "${val}" == "block" ] ; then
95 config_list_foreach
"$cfg" blockedmac append_mac
96 echo "BlockedMACList $MAC" >> $CONFIGFILE
98 nolog error
"$cfg Invalid macmechanism '$val' - allow or block are valid."
102 config_list_foreach
"$cfg" trustedmac append_mac
103 [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE
112 echo " FirewallRule $1" >> $CONFIGFILE
115 for rule
in $
(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router
)
117 uci_name
=${rule//-/_}
118 # uci does not allow - dashes
119 echo "FirewallRuleSet $rule {" >> $CONFIGFILE
120 config_list_foreach
"$cfg" ${uci_name} append_firewall
121 echo "}" >> $CONFIGFILE
122 config_get val
"$cfg" policy_
${uci_name}
123 [ -n "${val}" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
127 generate_uci_config
() {
134 CONFIGFILE
="/tmp/etc/nodogsplash_$cfg.conf"
136 echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
137 config_get val
"$cfg" network
138 if [ ! -n "${val}" ] ; then
139 nolog error
"$cfg missing network"
143 if ! network_get_device ifname
$val ; then
144 nolog error
"$cfg can not find ifname for network '${val}'"
148 echo "GatewayInterface $ifname" >> $CONFIGFILE
149 config_get val
"$cfg" externalnetwork
150 [ -n "${val}" ] && network_get_device ifname
${val} && echo "ExternalInterface $ifname" >> $CONFIGFILE
152 append_config_option
"$CONFIGFILE" "$cfg" gatewayname GatewayName
153 append_config_option
"$CONFIGFILE" "$cfg" gatewayaddress GatewayAddress
154 append_config_option
"$CONFIGFILE" "$cfg" gatewayport GatewayPort
155 append_config_option
"$CONFIGFILE" "$cfg" maxclients MaxClients
156 append_config_option
"$CONFIGFILE" "$cfg" imagedir ImagesDir
157 append_config_option
"$CONFIGFILE" "$cfg" redirecturl RedirectURL
158 append_config_option
"$CONFIGFILE" "$cfg" clientidletimeout ClientIdleTimeout
159 append_config_option
"$CONFIGFILE" "$cfg" clientforcetimeout ClientForceTimeout
160 append_config_option
"$CONFIGFILE" "$cfg" gatewayiprange GatewayIPRange
161 append_config_option
"$CONFIGFILE" "$cfg" passwordattempts PasswordAttempts
162 append_config_option
"$CONFIGFILE" "$cfg" macmechanism MACMechanism
163 append_config_option
"$CONFIGFILE" "$cfg" uploadlimit UploadLimit
164 append_config_option
"$CONFIGFILE" "$cfg" downloadlimit DownloadLimit
166 config_get download
"$cfg" downloadlimit
167 config_get upload
"$cfg" uploadlimit
168 [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE
170 setup_mac_lists
"$cfg"
171 setup_user_authentication
"$cfg"
172 setup_firewall
"$cfg"
175 # setup configuration and start instance
180 CONFIGFILE
="/tmp/etc/nodogsplash_$cfg.conf"
182 config_get_bool val
"$cfg" disabled
0
183 [ $val -gt 0 ] && return 0
185 config_get manual_config
"$cfg" config
""
186 if [ ! -n "$manual_config" ] ; then
187 generate_uci_config
"$cfg"
189 # check if configration exists
190 if [ ! -f "$manual_config" ] ; then
191 nolog error
"Configuration file '$file' doesn't exists"
194 CONFIGFILE
="$manual_config"
197 if ! test_module
; then
198 logger
-s -t nodogsplash
-p daemon.error
"nodogsplash is missing some kernel modules"
201 procd_open_instance
$cfg
202 procd_set_param
command /usr
/bin
/nodogsplash
-c $CONFIGFILE $OPTIONS
203 procd_set_param respawn
204 procd_set_param
file $CONFIGFILE
209 include
/lib
/functions
212 config_load nodogsplash
214 config_foreach create_instance instance
218 # nodogsplash doesn't exit fast enought, when procd terminates it.
219 # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds
224 $WD_DIR/ndsctl status
227 # Test if we got all modules loaded
230 ### Test ipt_mark with iptables
232 ($IPT -A FORWARD
-m mark
--mark 2 -j ACCEPT
2>&1) > /dev
/null
234 if [ "$IPTABLES_OK" -eq 0 ]; then
235 ($IPT -D FORWARD
-m mark
--mark 2 -j ACCEPT
2>&1) > /dev
/null
241 ### Test ipt_mac with iptables
243 ($IPT -A INPUT
-m mac
--mac-source 00:00:00:00:00:00 -j ACCEPT
2>&1) > /dev
/null
245 if [ "$IPTABLES_OK" -eq 0 ]; then
246 ($IPT -D INPUT
-m mac
--mac-source 00:00:00:00:00:00 -j ACCEPT
2>&1) > /dev
/null
253 ### Test ipt_IMQ with iptables
255 ($IPT -t mangle
-A PREROUTING
-j IMQ
--todev 0 2>&1) > /dev
/null
257 if [ "$IPTABLES_OK" -eq 0 ]; then
258 ($IPT -t mangle
-D PREROUTING
-j IMQ
--todev 0 2>&1) > /dev
/null
267 (ip link
set imq0 up
2>&1) > /dev
/null
269 (ip link
set imq1 up
2>&1) > /dev
/null
271 if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
272 (ip link
set imq0 down
2>&1) > /dev
/null
273 (ip link
set imq1 down
2>&1) > /dev
/null
280 ### Test sch_htb with tc; requires imq0
282 (tc qdisc del dev imq0 root
2>&1) > /dev
/null
283 (tc qdisc add dev imq0 root htb
2>&1) > /dev
/null
285 if [ "$TC_OK" -eq 0 ]; then
286 (tc qdisc del dev imq0 root
2>&1) > /dev
/null
294 ### Find a module on disk
296 EXIST
=$
(find /lib
/modules
/`uname -r` -name $1.
*o
2> /dev
/null
)
297 if [ -n "$EXIST" ]; then
304 ### Test if a module is in memory
305 module_in_memory
() {
306 MODULE
=$
(lsmod |
grep $1 |
awk '{print $1}')
307 if [ "$MODULE" = "$1" ]; then
314 ### Test functionality of a module; load if necessary
316 echo " Testing module $1 $2"
318 if [ $?
-ne 0 ]; then
319 echo " Module $1 $2 needed"
320 echo " Scanning disk for $1 module"
322 if [ $?
-ne 0 ]; then
323 echo " $1 module missing: please install it"
326 echo " $1 exists, trying to load"
327 insmod
$1 $2 > /dev
/null
328 if [ $?
-ne 0 ]; then
329 echo " Error: insmod $1 $2 failed"
332 echo " $1 $2 loaded successfully"
336 echo " $1 is working"
341 echo " Testing required modules"
343 do_module_tests
"ipt_mac"
344 do_module_tests
"ipt_mark"
346 # test for imq modules, only if TrafficControl is enabled in conf
347 if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$NDS_CONF" ) ; then
348 do_module_tests
"imq" "numdevs=2"
349 do_module_tests
"ipt_IMQ"
350 do_module_tests
"sch_htb"