nodogsplash: fix uci configuration by fixing append_config_option
[feed/routing.git] / nodogsplash / files / nodogsplash.init
1 #!/bin/sh /etc/rc.common
2 #
3 # description: Startup/shutdown script for nodogsplash captive portal
4 #
5 # Alexander Couzens <> 2014
6 # P. Kube 2007
7 #
8 # (Based on wifidog startup script
9 # Date : 2004-08-25
10 # Version : 1.0
11 # Comment by that author: Could be better, but it's working as expected)
12 #
14 START=95
15 STOP=95
19 IPT=/usr/sbin/iptables
20 WD_DIR=/usr/bin
21 # -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
22 # -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
23 OPTIONS="-s -f -d 5"
24 CONFIGFILE="/tmp/invalid_nodogsplash.conf"
26 # nolog(loglevel message ...)
27 nolog() {
28 local level=$1
29 shift
30 logger -s -t nodogsplash -p daemon.$level $@
31 }
33 # append_config_option <cfgfile> <uci_cfg_obj> <option_name> <config_counterpart> [<optional default>]
34 # append "$config_counterpart $value" to cfgfile if option_name exists
35 # e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress
36 # will append "BindAddress" if uci bind_address is ''
37 append_config_option() {
38 local val=""
39 local config_file="$1"
40 local cfg="$2"
41 local option_name="$3"
42 local config_counterpart="$4"
43 local default="$5"
44 config_get val "$cfg" "$option_name" "$default"
45 [ -n "$val" ] && echo "$config_counterpart $val" >> $config_file
46 }
48 setup_user_authentication() {
49 local cfg="$1"
50 local val
52 config_get_bool val "$cfg" authenticate_immediately 0
53 [ $val -gt 0 ] && echo "AuthenticateImmediately yes" >> $CONFIGFILE
55 config_get val "$cfg" username
56 if [ -n "$val" ] ; then
57 echo "UsernameAuthentication" >> $CONFIGFILE
58 echo "Username $val" >> $CONFIGFILE
59 fi
61 config_get val "$cfg" password
62 if [ -n "$val" ] ; then
63 echo "PasswordAuthentication" >> $CONFIGFILE
64 echo "Password $val" >> $CONFIGFILE
65 fi
66 }
68 setup_mac_lists() {
69 local cfg="$1"
70 local MAC=""
71 local val
73 append_mac() {
74 append MAC "$1" ","
75 }
77 config_get val "$cfg" macmechanism
78 if [ -z "$val" ] ; then
79 # check if we have AllowedMACList or BlockedMACList defined they will be ignored
80 config_get val "$cfg" allowedmac
81 if [ -n "$val" ] ; then
82 echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
83 fi
85 config_get val "$cfg" blockedmac
86 if [ -n "$val" ] ; then
87 echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
88 fi
89 elif [ "$val" == "allow" ] ; then
90 MAC=""
91 config_list_foreach "$cfg" allowedmac append_mac
92 echo "AllowedMACList $MAC" >> $CONFIGFILE
93 elif [ "$val" == "block" ] ; then
94 MAC=""
95 config_list_foreach "$cfg" blockedmac append_mac
96 echo "BlockedMACList $MAC" >> $CONFIGFILE
97 else
98 nolog error "$cfg Invalid macmechanism '$val' - allow or block are valid."
99 return 1
100 fi
101 MAC=""
102 config_list_foreach "$cfg" trustedmac append_mac
103 [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE
104 }
106 setup_firewall() {
107 local cfg="$1"
108 local uciname
109 local val
111 append_firewall() {
112 echo " FirewallRule $1" >> $CONFIGFILE
113 }
115 for rule in $(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router)
116 do
117 uci_name=${rule//-/_}
118 # uci does not allow - dashes
119 echo "FirewallRuleSet $rule {" >> $CONFIGFILE
120 config_list_foreach "$cfg" ${uci_name} append_firewall
121 echo "}" >> $CONFIGFILE
122 config_get val "$cfg" policy_${uci_name}
123 [ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE
124 done
125 }
127 generate_uci_config() {
128 local cfg="$1"
129 local val
130 local ifname
131 local download
132 local upload
134 CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf"
136 echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE
138 config_get val "$cfg" config
139 if [ -n "$val" ] ; then
140 if [ -f "$val" ] ; then
141 nolog error "Configuration file '$file' doesn't exist"
142 return 0
143 fi
144 cat $val > CONFIGFILE
145 fi
147 config_get val "$cfg" network
148 if [ -n "$val" ] ; then
149 if ! network_get_device ifname "$val" ; then
150 nolog error "$cfg can not find ifname for network '$val'"
151 return 1
152 fi
153 fi
155 config_get val "$cfg" gatewayinterface
156 if [ -n "$val" ] ; then
157 if [ -n "$ifname" ] ; then
158 nolog error "$cfg cannot use both option network and gatewayinterface"
159 return 1
160 fi
161 ifname="$val"
162 fi
164 if [ -z "$ifname" ] ; then
165 nolog error "$cfg option network or gatewayinterface missing"
166 return 1
167 fi
169 echo "GatewayInterface $ifname" >> $CONFIGFILE
171 append_config_option "$CONFIGFILE" "$cfg" gatewayname GatewayName
172 append_config_option "$CONFIGFILE" "$cfg" gatewayaddress GatewayAddress
173 append_config_option "$CONFIGFILE" "$cfg" gatewayport GatewayPort
174 append_config_option "$CONFIGFILE" "$cfg" maxclients MaxClients
175 append_config_option "$CONFIGFILE" "$cfg" webroot webroot
176 append_config_option "$CONFIGFILE" "$cfg" debuglevel debuglevel
177 append_config_option "$CONFIGFILE" "$cfg" splashpage splashpage
178 append_config_option "$CONFIGFILE" "$cfg" pagesdir pagesdir
179 append_config_option "$CONFIGFILE" "$cfg" checkinterval checkinterval
180 append_config_option "$CONFIGFILE" "$cfg" syslogfacility syslogfacility
181 append_config_option "$CONFIGFILE" "$cfg" gatewayiprange gatewayiprange
182 append_config_option "$CONFIGFILE" "$cfg" imagedir ImagesDir
183 append_config_option "$CONFIGFILE" "$cfg" redirecturl RedirectURL
184 append_config_option "$CONFIGFILE" "$cfg" clientidletimeout ClientIdleTimeout
185 append_config_option "$CONFIGFILE" "$cfg" clientforcetimeout ClientForceTimeout
186 append_config_option "$CONFIGFILE" "$cfg" gatewayiprange GatewayIPRange
187 append_config_option "$CONFIGFILE" "$cfg" passwordattempts PasswordAttempts
188 append_config_option "$CONFIGFILE" "$cfg" macmechanism MACMechanism
189 append_config_option "$CONFIGFILE" "$cfg" uploadlimit UploadLimit
190 append_config_option "$CONFIGFILE" "$cfg" downloadlimit DownloadLimit
191 append_config_option "$CONFIGFILE" "$cfg" remoteauthenticatoraction remoteauthenticatoraction
192 append_config_option "$CONFIGFILE" "$cfg" enablepreauth enablepreauth
193 append_config_option "$CONFIGFILE" "$cfg" binvoucher binvoucher
194 append_config_option "$CONFIGFILE" "$cfg" forcevoucher forcevoucher
195 append_config_option "$CONFIGFILE" "$cfg" passwordauthentication passwordauthentication
196 append_config_option "$CONFIGFILE" "$cfg" usernameauthentication usernameauthentication
197 append_config_option "$CONFIGFILE" "$cfg" passwordattempts passwordattempts
198 append_config_option "$CONFIGFILE" "$cfg" username username
199 append_config_option "$CONFIGFILE" "$cfg" password password
200 append_config_option "$CONFIGFILE" "$cfg" authenticateimmediately authenticateimmediately
201 append_config_option "$CONFIGFILE" "$cfg" decongesthttpdthreads decongesthttpdthreads
202 append_config_option "$CONFIGFILE" "$cfg" httpdthreadthreshold httpdthreadthreshold
203 append_config_option "$CONFIGFILE" "$cfg" httpdthreaddelayms httpdthreaddelayms
204 append_config_option "$CONFIGFILE" "$cfg" fw_mark_authenticated fw_mark_authenticated
205 append_config_option "$CONFIGFILE" "$cfg" fw_mark_trusted fw_mark_trusted
206 append_config_option "$CONFIGFILE" "$cfg" fw_mark_blocked fw_mark_blocked
208 config_get download "$cfg" downloadlimit
209 config_get upload "$cfg" uploadlimit
210 [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE
212 setup_mac_lists "$cfg"
213 setup_user_authentication "$cfg"
214 setup_firewall "$cfg"
215 }
217 # setup configuration and start instance
218 create_instance() {
219 local cfg="$1"
220 local manual_config
221 local val
223 config_get_bool val "$cfg" enabled 0
224 [ $val -gt 0 ] || return 0
226 generate_uci_config "$cfg"
228 if ! test_module ; then
229 logger -s -t nodogsplash -p daemon.error "nodogsplash is missing some kernel modules"
230 fi
232 procd_open_instance $cfg
233 procd_set_param command /usr/bin/nodogsplash -c $CONFIGFILE $OPTIONS
234 procd_set_param respawn
235 procd_set_param file $CONFIGFILE
236 procd_close_instance
237 }
239 start_service() {
240 include /lib/functions
242 mkdir -p /tmp/etc/
243 config_load nodogsplash
245 config_foreach create_instance instance
246 }
248 stop_service() {
249 # nodogsplash doesn't exit fast enought, when procd terminates it.
250 # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds
251 sleep 1
252 }
254 status() {
255 $WD_DIR/ndsctl status
256 }
258 # Test if we got all modules loaded
259 test_module() {
260 ### Test ipt_mark with iptables
261 test_ipt_mark () {
262 ($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
264 if [ "$IPTABLES_OK" -eq 0 ]; then
265 ($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null
266 return 0
267 else
268 return 1
269 fi
270 }
272 ### Test ipt_mac with iptables
273 test_ipt_mac () {
274 ($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
276 if [ "$IPTABLES_OK" -eq 0 ]; then
277 ($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null
278 return 0
279 else
280 return 1
281 fi
282 }
284 ### Test ipt_IMQ with iptables
285 test_ipt_IMQ () {
286 ($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
288 if [ "$IPTABLES_OK" -eq 0 ]; then
289 ($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null
290 return 0
291 else
292 return 1
293 fi
294 }
296 ### Test imq with ip
297 test_imq () {
298 (ip link set imq0 up 2>&1) > /dev/null
299 IMQ0_OK=$?
300 (ip link set imq1 up 2>&1) > /dev/null
301 IMQ1_OK=$?
302 if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then
303 (ip link set imq0 down 2>&1) > /dev/null
304 (ip link set imq1 down 2>&1) > /dev/null
305 return 0
306 else
307 return 1
308 fi
309 }
311 ### Test sch_htb with tc; requires imq0
312 test_sch_htb () {
313 (tc qdisc del dev imq0 root 2>&1) > /dev/null
314 (tc qdisc add dev imq0 root htb 2>&1) > /dev/null
315 TC_OK=$?
316 if [ "$TC_OK" -eq 0 ]; then
317 (tc qdisc del dev imq0 root 2>&1) > /dev/null
318 return 0
319 else
320 return 1
321 fi
322 }
324 ### Find a module on disk
325 module_exists () {
326 EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null)
327 if [ -n "$EXIST" ]; then
328 return 0
329 else
330 return 1
331 fi
332 }
334 ### Test if a module is in memory
335 module_in_memory () {
336 MODULE=$(lsmod | grep $1 | awk '{print $1}')
337 if [ "$MODULE" = "$1" ]; then
338 return 0
339 else
340 return 1
341 fi
342 }
344 ### Test functionality of a module; load if necessary
345 do_module_tests () {
346 echo " Testing module $1 $2"
347 "test_$1"
348 if [ $? -ne 0 ]; then
349 echo " Module $1 $2 needed"
350 echo " Scanning disk for $1 module"
351 module_exists $1
352 if [ $? -ne 0 ]; then
353 echo " $1 module missing: please install it"
354 exit 1
355 else
356 echo " $1 exists, trying to load"
357 insmod $1 $2 > /dev/null
358 if [ $? -ne 0 ]; then
359 echo " Error: insmod $1 $2 failed"
360 exit 1
361 else
362 echo " $1 $2 loaded successfully"
363 fi
364 fi
365 else
366 echo " $1 is working"
367 fi
368 }
370 echo " Testing required modules"
372 do_module_tests "ipt_mac"
373 do_module_tests "ipt_mark"
375 # test for imq modules, only if TrafficControl is enabled in conf
376 if ( grep -q -E '^[[:space:]]*TrafficControl[[:space:]]+(yes|true|1)' "$CONFIGFILE" ) ; then
377 do_module_tests "imq" "numdevs=2"
378 do_module_tests "ipt_IMQ"
379 do_module_tests "sch_htb"
380 fi
381 }