projects / feed / routing.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #191 from lynxis/for-upstream
[feed/routing.git] / nodogsplash / files / nodogsplash.init
1 #!/bin/sh /etc/rc.common
2 #
3 # description: Startup/shutdown script for nodogsplash captive portal
4 #
5 # Alexander Couzens <lynxis@fe80.eu> 2014
6 # P. Kube 2007
7 #
8 # (Based on wifidog startup script
9 # Date : 2004-08-25
10 # Version : 1.0
11 # Comment by that author: Could be better, but it's working as expected)
12 #
13
14 START=95
15 STOP=95
16
17 USE_PROCD=1
18
19 IPT=/usr/sbin/iptables
20 WD_DIR=/usr/bin
21 # -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
22 # -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
23 OPTIONS="-s -f -d 5"
24 CONFIGFILE="/tmp/invalid_nodogsplash.conf"
25
26 # nolog(loglevel message ...)
27 nolog() {
28 local level=$1
29 shift
30 logger -s -t nodogsplash -p daemon.$level $@
31 }
32
33 # append_config_option_map <cfgfile> <uci_cfg_obj> <option_name> <config_counterpart> [<optional default>]
34 # append "$config_counterpart $value" to cfgfile if option_name exists
35 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress 0.0.0.0
36 # will append "BindAddress 192.168.1.1" if uci bind_address is '192.168.1.1'
37 append_config_option_map() {
38 local val=""
39 local config_file="$1"
40 local cfg="$2"
41 local option_name="$3"
42 local config_counterpart="$4"
43 local default="$5"
44 config_get val "$cfg" "$option_name" "$default"
45 [ -n "$val" ] && echo "$config_counterpart $val" >> $config_file
46 }
47
48 # append_config_option <cfgfile> <uci_cfg_obj> <option_name> [<optional default>]
49 # append "$option_name $value" to cfgfile if option_name exists
50 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address 0.0.0.0
51 # will append "bind_address 192.168.1.1" if uci bind_address is '192.168.1.1'
52 # if uci bind_address is unset append "bind_address 0.0.0.0"
53 append_config_option() {
54 local val=""
55 local config_file="$1"
56 local cfg="$2"
57 local option_name="$3"
58 local default="$4"
59 config_get val "$cfg" "$option_name" "$default"
60 [ -n "$val" ] && echo "$option_name $val" >> $config_file
61 }
62
63 setup_mac_lists() {
64 local cfg="$1"
65 local MAC=""
66 local val
67
68 append_mac() {
69 append MAC "$1" ","
70 }
71
72 config_get val "$cfg" macmechanism
73 if [ -z "$val" ] ; then
74 # check if we have AllowedMACList or BlockedMACList defined they will be ignored
75 config_get val "$cfg" allowedmac
76 if [ -n "$val" ] ; then
77 echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
78 fi
79
80 config_get val "$cfg" blockedmac
81 if [ -n "$val" ] ; then
82 echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
83 fi
84 elif [ "$val" == "allow" ] ; then
85 MAC=""
86 config_list_foreach "$cfg" allowedmac append_mac
87 echo "AllowedMACList $MAC" >> $CONFIGFILE
88 elif [ "$val" == "block" ] ; then
89 MAC=""
90 config_list_foreach "$cfg" blockedmac append_mac
91 echo "BlockedMACList $MAC" >> $CONFIGFILE
92 else
93 nolog error "$cfg Invalid macmechanism '$val' - allow or block are valid."
94 return 1
95 fi
96 MAC=""
97 config_list_foreach "$cfg" trustedmac append_mac
98 [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE
99 }
100
101 setup_firewall() {
102 local cfg="$1"
103 local uciname
104 local val
105
106 append_firewall() {
107 echo " FirewallRule $1" >> $CONFIGFILE
108 }
109
110 for rule in $(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router)
111 do
112 uci_name=${rule//-/_}
113 # uci does not allow - dashes
114 echo "FirewallRuleSet $rule {" >> $CONFIGFILE
115 config_list_foreach "$cfg" ${uci_name} append_firewall
116 echo "}" >> $CONFIGFILE
117 config_get val "$cfg" policy_${uci_name}
118 [ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
119 done
120 }
121
122 generate_uci_config() {
123 local cfg="$1"
124 local val
125 local ifname
126 local download
127 local upload
128
129 CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf"
130
131 echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
132
133 config_get val "$cfg" config
134 if [ -n "$val" ] ; then
135 if [ ! -f "$val" ] ; then
136 nolog error "Configuration file '$file' doesn't exist"
137 return 0
138 fi
139 cat "$val" >> $CONFIGFILE
140 fi
141
142 config_get val "$cfg" network
143 if [ -n "$val" ] ; then
144 if ! network_get_device ifname "$val" ; then
145 nolog error "$cfg can not find ifname for network '$val'"
146 return 1
147 fi
148 fi
149
150 config_get val "$cfg" gatewayinterface
151 if [ -n "$val" ] ; then
152 if [ -n "$ifname" ] ; then
153 nolog error "$cfg cannot use both option network and gatewayinterface"
154 return 1
155 fi
156 ifname="$val"
157 fi
158
159 if [ -z "$ifname" ] ; then
160 nolog error "$cfg option network or gatewayinterface missing"
161 return 1
162 fi
163
164 echo "GatewayInterface $ifname" >> $CONFIGFILE
165
166 append_config_option "$CONFIGFILE" "$cfg" gatewayname
167 append_config_option "$CONFIGFILE" "$cfg" gatewayaddress
168 append_config_option "$CONFIGFILE" "$cfg" gatewayport
169 append_config_option "$CONFIGFILE" "$cfg" maxclients
170 append_config_option "$CONFIGFILE" "$cfg" webroot
171 append_config_option "$CONFIGFILE" "$cfg" debuglevel
172 append_config_option "$CONFIGFILE" "$cfg" splashpage
173 append_config_option "$CONFIGFILE" "$cfg" pagesdir
174 append_config_option "$CONFIGFILE" "$cfg" checkinterval
175 append_config_option "$CONFIGFILE" "$cfg" syslogfacility
176 append_config_option "$CONFIGFILE" "$cfg" gatewayiprange
177 append_config_option "$CONFIGFILE" "$cfg" imagedir
178 append_config_option "$CONFIGFILE" "$cfg" redirecturl
179 append_config_option "$CONFIGFILE" "$cfg" clientidletimeout
180 append_config_option "$CONFIGFILE" "$cfg" clientforcetimeout
181 append_config_option "$CONFIGFILE" "$cfg" gatewayiprange
182 append_config_option "$CONFIGFILE" "$cfg" passwordattempts
183 append_config_option "$CONFIGFILE" "$cfg" macmechanism
184 append_config_option "$CONFIGFILE" "$cfg" uploadlimit
185 append_config_option "$CONFIGFILE" "$cfg" downloadlimit
186 append_config_option "$CONFIGFILE" "$cfg" remoteauthenticatoraction
187 append_config_option "$CONFIGFILE" "$cfg" enablepreauth
188 append_config_option "$CONFIGFILE" "$cfg" binvoucher
189 append_config_option "$CONFIGFILE" "$cfg" forcevoucher
190 append_config_option "$CONFIGFILE" "$cfg" passwordauthentication
191 append_config_option "$CONFIGFILE" "$cfg" usernameauthentication
192 append_config_option "$CONFIGFILE" "$cfg" passwordattempts
193 append_config_option "$CONFIGFILE" "$cfg" username
194 append_config_option "$CONFIGFILE" "$cfg" password
195 append_config_option "$CONFIGFILE" "$cfg" authenticateimmediately
196 append_config_option "$CONFIGFILE" "$cfg" decongesthttpdthreads
197 append_config_option "$CONFIGFILE" "$cfg" httpdthreadthreshold
198 append_config_option "$CONFIGFILE" "$cfg" httpdthreaddelayms
199 append_config_option "$CONFIGFILE" "$cfg" fw_mark_authenticated
200 append_config_option "$CONFIGFILE" "$cfg" fw_mark_trusted
201 append_config_option "$CONFIGFILE" "$cfg" fw_mark_blocked
202
203 config_get download "$cfg" downloadlimit
204 config_get upload "$cfg" uploadlimit
205 [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE
206
207 setup_mac_lists "$cfg"
208 setup_firewall "$cfg"
209 }
210
211 # setup configuration and start instance
212 create_instance() {
213 local cfg="$1"
214 local manual_config
215 local val
216
217 config_get_bool val "$cfg" enabled 0
218 [ $val -gt 0 ] || return 0
219
220 generate_uci_config "$cfg"
221
222 if ! test_module ; then
223 logger -s -t nodogsplash -p daemon.error "nodogsplash is missing some kernel modules"
224 fi
225
226 procd_open_instance $cfg
227 procd_set_param command /usr/bin/nodogsplash -c $CONFIGFILE $OPTIONS
228 procd_set_param respawn
229 procd_set_param file $CONFIGFILE
230 procd_close_instance
231 }
232
233 start_service() {
234 include /lib/functions
235
236 mkdir -p /tmp/etc/
237 config_load nodogsplash
238
239 config_foreach create_instance nodogsplash
240 }
241
242 stop_service() {
243 # nodogsplash doesn't exit fast enought, when procd terminates it.
244 # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds
245 sleep 1
246 }
247
248 status() {
249 $WD_DIR/ndsctl status
250 }
251
252 # Test if we got all modules loaded
253 test_module() {
254 ### Test ipt_mark with iptables
255 test_ipt_mark () {
256 ($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
257 IPTABLES_OK=$?
258 if [ "$IPTABLES_OK" -eq 0 ]; then
259 ($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
260 return 0
261 else
262 return 1
263 fi
264 }
265
266 ### Test ipt_mac with iptables
267 test_ipt_mac () {
268 ($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
269 IPTABLES_OK=$?
270 if [ "$IPTABLES_OK" -eq 0 ]; then
271 ($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
272 return 0
273 else
274 return 1
275 fi
276 }
277
278 ### Test ipt_IMQ with iptables
279 test_ipt_IMQ () {
280 ($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
281 IPTABLES_OK=$?
282 if [ "$IPTABLES_OK" -eq 0 ]; then
283 ($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
284 return 0
285 else
286 return 1
287 fi
288 }
289
290 ### Test imq with ip
291 test_imq () {
292 (ip link set imq0 up 2>&1) > /dev/null
293 IMQ0_OK=$?
294 (ip link set imq1 up 2>&1) > /dev/null
295 IMQ1_OK=$?
296 if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
297 (ip link set imq0 down 2>&1) > /dev/null
298 (ip link set imq1 down 2>&1) > /dev/null
299 return 0
300 else
301 return 1
302 fi
303 }
304
305 ### Test sch_htb with tc; requires imq0
306 test_sch_htb () {
307 (tc qdisc del dev imq0 root 2>&1) > /dev/null
308 (tc qdisc add dev imq0 root htb 2>&1) > /dev/null
309 TC_OK=$?
310 if [ "$TC_OK" -eq 0 ]; then
311 (tc qdisc del dev imq0 root 2>&1) > /dev/null
312 return 0
313 else
314 return 1
315 fi
316 }
317
318 ### Find a module on disk
319 module_exists () {
320 EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null)
321 if [ -n "$EXIST" ]; then
322 return 0
323 else
324 return 1
325 fi
326 }
327
328 ### Test if a module is in memory
329 module_in_memory () {
330 MODULE=$(lsmod | grep $1 | awk '{print $1}')
331 if [ "$MODULE" = "$1" ]; then
332 return 0
333 else
334 return 1
335 fi
336 }
337
338 ### Test functionality of a module; load if necessary
339 do_module_tests () {
340 echo " Testing module $1 $2"
341 "test_$1"
342 if [ $? -ne 0 ]; then
343 echo " Module $1 $2 needed"
344 echo " Scanning disk for $1 module"
345 module_exists $1
346 if [ $? -ne 0 ]; then
347 echo " $1 module missing: please install it"
348 exit 1
349 else
350 echo " $1 exists, trying to load"
351 insmod $1 $2 > /dev/null
352 if [ $? -ne 0 ]; then
353 echo " Error: insmod $1 $2 failed"
354 exit 1
355 else
356 echo " $1 $2 loaded successfully"
357 fi
358 fi
359 else
360 echo " $1 is working"
361 fi
362 }
363
364 echo " Testing required modules"
365
366 do_module_tests "ipt_mac"
367 do_module_tests "ipt_mark"
368
369 # test for imq modules, only if TrafficControl is enabled in conf
370 if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$CONFIGFILE" ) ; then
371 do_module_tests "imq" "numdevs=2"
372 do_module_tests "ipt_IMQ"
373 do_module_tests "sch_htb"
374 fi
375 }
Mirror of routing feed