ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/net/apfree-wifidog/files/wifidogx.init b/external/subpack/net/apfree-wifidog/files/wifidogx.init
new file mode 100644
index 0000000..a7f85dd
--- /dev/null
+++ b/external/subpack/net/apfree-wifidog/files/wifidogx.init
@@ -0,0 +1,284 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 Dengfeng Liu
+
+. /lib/functions/network.sh
+
+START=99
+
+USE_PROCD=1
+PROG=/usr/bin/wifidogx
+CONFIGFILE=/tmp/wifidogx.conf
+
+extra_command "status" "Print the status of the service"
+
+PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
+APFREE_CERT="/etc/apfree.crt"
+APFREE_KEY="/etc/apfree.key"
+
+generate_keys() {
+ local days bits country state location commonname
+ local UNIQUEID GENKEY_CMD
+
+ # Prefer px5g for certificate generation (existence evaluated last)
+ UNIQUEID=$(hexdump -n 4 -e '4/1 "%02x" "\n"' /dev/urandom)
+ [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
+ [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
+ [ -n "$GENKEY_CMD" ] && {
+ $GENKEY_CMD \
+ -days "${days:-720}" -newkey rsa:"${bits:-2048}" -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
+ -subj /C="${country:-CN}"/ST="${state:-Beijing}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
+ sync
+ mv "${APFREE_KEY}.new" "${APFREE_KEY}"
+ mv "${APFREE_CERT}.new" "${APFREE_CERT}"
+ }
+}
+
+service_trigger() {
+ procd_add_reload_trigger "wifidogx"
+}
+
+echo_firewall_rule() {
+ echo " FirewallRule $1"
+}
+
+prepare_mqtt_conf() {
+ local cfg=$1
+ local serveraddr
+ local serverport
+
+ config_get serveraddr "$cfg" "serveraddr"
+ config_get serverport "$cfg" "serverport"
+ [ -z "${serveraddr}" ] || [ -z "${serverport}" ] && return 1
+
+ cat <<-EOF >>${CONFIGFILE}
+ MQTT {
+ ServerAddr ${serveraddr}
+ ServerPort ${serverport}
+ }
+ EOF
+}
+
+prepare_wifidog_conf() {
+ local cfg=$1
+ local disabled
+ local gateway_id
+ local gateway_interface
+ local auth_server_hostname
+ local auth_server_path
+ local auth_server_path_login
+ local auth_server_path_portal
+ local auth_server_path_msg
+ local auth_server_path_ping
+ local auth_server_path_auth
+ local delta_traffic
+ local check_interval
+ local client_timeout
+ local trusted_domains
+ local js_filter
+ local trusted_maclist
+ local untrusted_maclist
+ local pool_mode
+ local thread_number
+ local queue_size
+ local wired_passed
+ local trusted_iplist
+ local trusted_pan_domains
+ local proxy_port
+ local no_auth
+ local apple_cna
+ local update_domain_interval
+ local dns_timeout
+ local default_gateway_id
+ local external_interface
+ local auth_server_port
+
+ [ -f ${CONFIGFILE} ] && rm -f ${CONFIGFILE}
+
+ config_get disabled "${cfg}" "disabled" 1
+ if [ "${disabled}" = "1" ]; then
+ echo "wifidogx disabled in /etc/config/wifidogx file, please set disabled to 0 to enable it" >&2
+ return
+ fi
+
+ default_gateway_id=$(sed -e 's/://g' /sys/class/net/br-lan/address)
+
+ network_get_device external_interface wan
+
+ config_get gateway_id "${cfg}" "gateway_id" "${default_gateway_id}"
+ config_get gateway_interface "${cfg}" "gateway_interface" "br-lan"
+ config_get auth_server_hostname "${cfg}" "auth_server_hostname"
+ config_get auth_server_port "${cfg}" "auth_server_port" "80"
+ config_get auth_server_path "${cfg}" "auth_server_path" "/wifidog/"
+ config_get auth_server_path_login "${cfg}" "auth_server_path_login"
+ config_get auth_server_path_portal "${cfg}" "auth_server_path_portal"
+ config_get auth_server_path_msg "${cfg}" "auth_server_path_msg"
+ config_get auth_server_path_ping "${cfg}" "auth_server_path_ping"
+ config_get auth_server_path_auth "${cfg}" "auth_server_path_auth"
+ config_get delta_traffic "${cfg}" "delta_traffic"
+ config_get check_interval "${cfg}" "check_interval" "60"
+ config_get js_filter "${cfg}" "js_filter" 1
+ config_get client_timeout "${cfg}" "client_timeout" "5"
+ config_get trusted_domains "${cfg}" "trusted_domains"
+ config_get trusted_maclist "${cfg}" "trusted_maclist"
+ config_get untrusted_maclist "${cfg}" "untrusted_maclist"
+ config_get pool_mode "${cfg}" "pool_mode" 0
+ config_get thread_number "${cfg}" "thread_number" 20
+ config_get queue_size "${cfg}" "queue_size" 200
+ config_get wired_passed "${cfg}" "wired_passed" 1
+ config_get trusted_iplist "${cfg}" "trusted_iplist"
+ config_get trusted_pan_domains "${cfg}" "trusted_pan_domains"
+ config_get proxy_port "${cfg}" "proxy_port"
+ config_get no_auth "${cfg}" "no_auth"
+ config_get apple_cna "${cfg}" "bypass_apple_cna"
+ config_get update_domain_interval "${cfg}" "update_domain_interval"
+ config_get dns_timeout "${cfg}" "dns_timeout"
+
+ local set_auth_server_path_login
+ local set_auth_server_path_portal
+ local set_auth_server_path_msg
+ local set_auth_server_path_ping
+ local set_auth_server_path_auth
+ local set_delta_traffic
+ local set_trusted_maclist
+ local set_untrusted_maclist
+ local set_trusted_domains
+ local set_trusted_iplist
+ local set_trusted_pan_domains
+ local set_proxy_port
+ local set_no_auth
+ local set_firewall_rule_global
+ local set_firewall_rule_validating_users
+ local set_firewall_rule_known_users
+ local set_firewall_rule_auth_is_down
+ local set_firewall_rule_unknown_users
+ local set_firewall_rule_locked_users
+ local set_apple_cna
+ local set_update_domain_interval
+ local set_dns_timeout
+
+ set_auth_server_path_login=$([ -n "$auth_server_path_login" ] && echo " LoginScriptPathFragment $auth_server_path_login")
+ set_auth_server_path_portal=$([ -n "$auth_server_path_portal" ] && echo " PortalScriptPathFragment $auth_server_path_portal")
+ set_auth_server_path_msg=$([ -n "$auth_server_path_msg" ] && echo " MsgScriptPathFragment $auth_server_path_msg")
+ set_auth_server_path_ping=$([ -n "$auth_server_path_ping" ] && echo " PingScriptPathFragment $auth_server_path_ping")
+ set_auth_server_path_auth=$([ -n "$auth_server_path_auth" ] && echo " AuthScriptPathFragment $auth_server_path_auth")
+ set_delta_traffic=$([ -n "$delta_traffic" ] && echo "DeltaTraffic $delta_traffic")
+ set_trusted_maclist=$([ -n "$trusted_maclist" ] && echo "TrustedMACList $trusted_maclist")
+ set_untrusted_maclist=$([ -n "$untrusted_maclist" ] && echo "UntrustedMACList $untrusted_maclist")
+ set_trusted_domains=$([ -n "$trusted_domains" ] && echo "TrustedDomains $trusted_domains")
+ set_trusted_iplist=$([ -n "$trusted_iplist" ] && echo "TrustedIpList $trusted_iplist")
+ set_trusted_pan_domains=$([ -n "$trusted_pan_domains" ] && echo "TrustedPanDomains $trusted_pan_domains")
+ set_proxy_port=$([ -n "$proxy_port" ] && echo "Proxyport $proxy_port")
+ set_no_auth=$([ -n "$no_auth" ] && echo "NoAuth $no_auth")
+ set_firewall_rule_global=$(config_list_foreach "$cfg" "firewall_rule_global" echo_firewall_rule)
+ set_firewall_rule_validating_users=$(config_list_foreach "$cfg" "firewall_rule_validating_users" echo_firewall_rule)
+ set_firewall_rule_known_users=$(config_list_foreach "$cfg" "firewall_rule_known_users" echo_firewall_rule)
+ set_firewall_rule_auth_is_down=$(config_list_foreach "$cfg" "firewall_rule_auth_is_down" echo_firewall_rule)
+ set_firewall_rule_unknown_users=$(config_list_foreach "$cfg" "firewall_rule_unknown_users" echo_firewall_rule)
+ set_firewall_rule_locked_users=$(config_list_foreach "$cfg" "firewall_rule_locked_users" echo_firewall_rule)
+ set_apple_cna=$([ -n "$apple_cna" ] && echo "BypassAppleCNA $apple_cna")
+ set_update_domain_interval=$([ -n "$update_domain_interval" ] && echo "UpdateDomainInterval $update_domain_interval")
+ set_dns_timeout=$([ -n "$dns_timeout" ] && echo "DNSTimeout $dns_timeout")
+
+ cat <<-EOF >$CONFIGFILE
+ GatewayID $gateway_id
+ GatewayInterface $gateway_interface
+ Externalinterface $external_interface
+
+ AuthServer {
+ Hostname $auth_server_hostname
+ HTTPPort $auth_server_port
+ Path $auth_server_path
+ $set_auth_server_path_login
+ $set_auth_server_path_portal
+ $set_auth_server_path_msg
+ $set_auth_server_path_ping
+ $set_auth_server_path_auth
+ }
+
+ $set_delta_traffic
+ CheckInterval $check_interval
+ ClientTimeout $client_timeout
+ JsFilter $js_filter
+ WiredPassed $wired_passed
+ $set_trusted_domains
+ $set_untrusted_maclist
+ $set_trusted_maclist
+ $set_trusted_iplist
+ $set_trusted_pan_domains
+ $set_proxy_port
+ $set_no_auth
+ $set_apple_cna
+ $set_update_domain_interval
+ $set_dns_timeout
+
+ FirewallRuleSet global {
+ $set_firewall_rule_global
+ }
+
+ FirewallRuleSet validating-users {
+ $set_firewall_rule_validating_users
+ FirewallRule allow to 0.0.0.0/0
+ }
+
+ FirewallRuleSet known-users {
+ $set_firewall_rule_known_users
+ FirewallRule allow to 0.0.0.0/0
+ }
+
+ FirewallRuleSet auth-is-down {
+ $set_firewall_rule_auth_is_down
+ }
+
+ FirewallRuleSet unknown-users {
+ $set_firewall_rule_unknown_users
+ FirewallRule allow udp port 53
+ FirewallRule allow tcp port 53
+ FirewallRule allow udp port 67
+ FirewallRule allow tcp port 67
+ }
+
+ FirewallRuleSet locked-users {
+ $set_firewall_rule_locked_users
+ FirewallRule block to 0.0.0.0/0
+ }
+EOF
+}
+
+init_config() {
+ config_load wifidogx
+ config_foreach prepare_wifidog_conf wifidog
+
+ if [ ! -f ${CONFIGFILE} ]; then
+ echo "no wifidogx.conf, exit..." >&2
+ exit
+ fi
+
+ if [ ! -s "${APFREE_CERT}" ] || [ ! -s "${APFREE_KEY}" ]; then
+ generate_keys
+ fi
+
+ if [ ! -s ${APFREE_KEY} ] || [ ! -s ${APFREE_CERT} ]; then
+ echo "no cert or key, exit..." >&2
+ exit
+ fi
+
+ config_foreach prepare_mqtt_conf mqtt
+
+ sed -i -e '/^$/d' ${CONFIGFILE}
+}
+
+start_service() {
+ init_config
+
+ procd_open_instance
+ # -f: run in foreground
+ procd_set_param command $PROG -c $CONFIGFILE -f -d 0
+ procd_set_param respawn # respawn automatically if something died
+ procd_set_param file $CONFIGFILE
+ procd_close_instance
+}
+
+status_service() {
+ /usr/bin/wdctlx status
+}