Gitiles
Code Review Sign In
192.168.1.100 / T108 / c2023d5d03be91dbb983606f0ec5e9e4ea36c8c2 / . / external / subpack / net / apfree-wifidog / files / wifidogx.init
blob: a7f85dd6184a50f2ade882d82223b17082d733b5 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1#!/bin/sh /etc/rc.common
2# Copyright (C) 2018 Dengfeng Liu
3
4. /lib/functions/network.sh
5
6START=99
7
8USE_PROCD=1
9PROG=/usr/bin/wifidogx
10CONFIGFILE=/tmp/wifidogx.conf
11
12extra_command "status" "Print the status of the service"
13
14PX5G_BIN="/usr/sbin/px5g"
15OPENSSL_BIN="/usr/bin/openssl"
16APFREE_CERT="/etc/apfree.crt"
17APFREE_KEY="/etc/apfree.key"
18
19generate_keys() {
20 local days bits country state location commonname
21 local UNIQUEID GENKEY_CMD
22
23 # Prefer px5g for certificate generation (existence evaluated last)
24 UNIQUEID=$(hexdump -n 4 -e '4/1 "%02x" "\n"' /dev/urandom)
25 [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
26 [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
27 [ -n "$GENKEY_CMD" ] && {
28 $GENKEY_CMD \
29 -days "${days:-720}" -newkey rsa:"${bits:-2048}" -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
30 -subj /C="${country:-CN}"/ST="${state:-Beijing}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
31 sync
32 mv "${APFREE_KEY}.new" "${APFREE_KEY}"
33 mv "${APFREE_CERT}.new" "${APFREE_CERT}"
34 }
35}
36
37service_trigger() {
38 procd_add_reload_trigger "wifidogx"
39}
40
41echo_firewall_rule() {
42 echo " FirewallRule $1"
43}
44
45prepare_mqtt_conf() {
46 local cfg=$1
47 local serveraddr
48 local serverport
49
50 config_get serveraddr "$cfg" "serveraddr"
51 config_get serverport "$cfg" "serverport"
52 [ -z "${serveraddr}" ] || [ -z "${serverport}" ] && return 1
53
54 cat <<-EOF >>${CONFIGFILE}
55 MQTT {
56 ServerAddr ${serveraddr}
57 ServerPort ${serverport}
58 }
59 EOF
60}
61
62prepare_wifidog_conf() {
63 local cfg=$1
64 local disabled
65 local gateway_id
66 local gateway_interface
67 local auth_server_hostname
68 local auth_server_path
69 local auth_server_path_login
70 local auth_server_path_portal
71 local auth_server_path_msg
72 local auth_server_path_ping
73 local auth_server_path_auth
74 local delta_traffic
75 local check_interval
76 local client_timeout
77 local trusted_domains
78 local js_filter
79 local trusted_maclist
80 local untrusted_maclist
81 local pool_mode
82 local thread_number
83 local queue_size
84 local wired_passed
85 local trusted_iplist
86 local trusted_pan_domains
87 local proxy_port
88 local no_auth
89 local apple_cna
90 local update_domain_interval
91 local dns_timeout
92 local default_gateway_id
93 local external_interface
94 local auth_server_port
95
96 [ -f ${CONFIGFILE} ] && rm -f ${CONFIGFILE}
97
98 config_get disabled "${cfg}" "disabled" 1
99 if [ "${disabled}" = "1" ]; then
100 echo "wifidogx disabled in /etc/config/wifidogx file, please set disabled to 0 to enable it" >&2
101 return
102 fi
103
104 default_gateway_id=$(sed -e 's/://g' /sys/class/net/br-lan/address)
105
106 network_get_device external_interface wan
107
108 config_get gateway_id "${cfg}" "gateway_id" "${default_gateway_id}"
109 config_get gateway_interface "${cfg}" "gateway_interface" "br-lan"
110 config_get auth_server_hostname "${cfg}" "auth_server_hostname"
111 config_get auth_server_port "${cfg}" "auth_server_port" "80"
112 config_get auth_server_path "${cfg}" "auth_server_path" "/wifidog/"
113 config_get auth_server_path_login "${cfg}" "auth_server_path_login"
114 config_get auth_server_path_portal "${cfg}" "auth_server_path_portal"
115 config_get auth_server_path_msg "${cfg}" "auth_server_path_msg"
116 config_get auth_server_path_ping "${cfg}" "auth_server_path_ping"
117 config_get auth_server_path_auth "${cfg}" "auth_server_path_auth"
118 config_get delta_traffic "${cfg}" "delta_traffic"
119 config_get check_interval "${cfg}" "check_interval" "60"
120 config_get js_filter "${cfg}" "js_filter" 1
121 config_get client_timeout "${cfg}" "client_timeout" "5"
122 config_get trusted_domains "${cfg}" "trusted_domains"
123 config_get trusted_maclist "${cfg}" "trusted_maclist"
124 config_get untrusted_maclist "${cfg}" "untrusted_maclist"
125 config_get pool_mode "${cfg}" "pool_mode" 0
126 config_get thread_number "${cfg}" "thread_number" 20
127 config_get queue_size "${cfg}" "queue_size" 200
128 config_get wired_passed "${cfg}" "wired_passed" 1
129 config_get trusted_iplist "${cfg}" "trusted_iplist"
130 config_get trusted_pan_domains "${cfg}" "trusted_pan_domains"
131 config_get proxy_port "${cfg}" "proxy_port"
132 config_get no_auth "${cfg}" "no_auth"
133 config_get apple_cna "${cfg}" "bypass_apple_cna"
134 config_get update_domain_interval "${cfg}" "update_domain_interval"
135 config_get dns_timeout "${cfg}" "dns_timeout"
136
137 local set_auth_server_path_login
138 local set_auth_server_path_portal
139 local set_auth_server_path_msg
140 local set_auth_server_path_ping
141 local set_auth_server_path_auth
142 local set_delta_traffic
143 local set_trusted_maclist
144 local set_untrusted_maclist
145 local set_trusted_domains
146 local set_trusted_iplist
147 local set_trusted_pan_domains
148 local set_proxy_port
149 local set_no_auth
150 local set_firewall_rule_global
151 local set_firewall_rule_validating_users
152 local set_firewall_rule_known_users
153 local set_firewall_rule_auth_is_down
154 local set_firewall_rule_unknown_users
155 local set_firewall_rule_locked_users
156 local set_apple_cna
157 local set_update_domain_interval
158 local set_dns_timeout
159
160 set_auth_server_path_login=$([ -n "$auth_server_path_login" ] && echo " LoginScriptPathFragment $auth_server_path_login")
161 set_auth_server_path_portal=$([ -n "$auth_server_path_portal" ] && echo " PortalScriptPathFragment $auth_server_path_portal")
162 set_auth_server_path_msg=$([ -n "$auth_server_path_msg" ] && echo " MsgScriptPathFragment $auth_server_path_msg")
163 set_auth_server_path_ping=$([ -n "$auth_server_path_ping" ] && echo " PingScriptPathFragment $auth_server_path_ping")
164 set_auth_server_path_auth=$([ -n "$auth_server_path_auth" ] && echo " AuthScriptPathFragment $auth_server_path_auth")
165 set_delta_traffic=$([ -n "$delta_traffic" ] && echo "DeltaTraffic $delta_traffic")
166 set_trusted_maclist=$([ -n "$trusted_maclist" ] && echo "TrustedMACList $trusted_maclist")
167 set_untrusted_maclist=$([ -n "$untrusted_maclist" ] && echo "UntrustedMACList $untrusted_maclist")
168 set_trusted_domains=$([ -n "$trusted_domains" ] && echo "TrustedDomains $trusted_domains")
169 set_trusted_iplist=$([ -n "$trusted_iplist" ] && echo "TrustedIpList $trusted_iplist")
170 set_trusted_pan_domains=$([ -n "$trusted_pan_domains" ] && echo "TrustedPanDomains $trusted_pan_domains")
171 set_proxy_port=$([ -n "$proxy_port" ] && echo "Proxyport $proxy_port")
172 set_no_auth=$([ -n "$no_auth" ] && echo "NoAuth $no_auth")
173 set_firewall_rule_global=$(config_list_foreach "$cfg" "firewall_rule_global" echo_firewall_rule)
174 set_firewall_rule_validating_users=$(config_list_foreach "$cfg" "firewall_rule_validating_users" echo_firewall_rule)
175 set_firewall_rule_known_users=$(config_list_foreach "$cfg" "firewall_rule_known_users" echo_firewall_rule)
176 set_firewall_rule_auth_is_down=$(config_list_foreach "$cfg" "firewall_rule_auth_is_down" echo_firewall_rule)
177 set_firewall_rule_unknown_users=$(config_list_foreach "$cfg" "firewall_rule_unknown_users" echo_firewall_rule)
178 set_firewall_rule_locked_users=$(config_list_foreach "$cfg" "firewall_rule_locked_users" echo_firewall_rule)
179 set_apple_cna=$([ -n "$apple_cna" ] && echo "BypassAppleCNA $apple_cna")
180 set_update_domain_interval=$([ -n "$update_domain_interval" ] && echo "UpdateDomainInterval $update_domain_interval")
181 set_dns_timeout=$([ -n "$dns_timeout" ] && echo "DNSTimeout $dns_timeout")
182
183 cat <<-EOF >$CONFIGFILE
184 GatewayID $gateway_id
185 GatewayInterface $gateway_interface
186 Externalinterface $external_interface
187
188 AuthServer {
189 Hostname $auth_server_hostname
190 HTTPPort $auth_server_port
191 Path $auth_server_path
192 $set_auth_server_path_login
193 $set_auth_server_path_portal
194 $set_auth_server_path_msg
195 $set_auth_server_path_ping
196 $set_auth_server_path_auth
197 }
198
199 $set_delta_traffic
200 CheckInterval $check_interval
201 ClientTimeout $client_timeout
202 JsFilter $js_filter
203 WiredPassed $wired_passed
204 $set_trusted_domains
205 $set_untrusted_maclist
206 $set_trusted_maclist
207 $set_trusted_iplist
208 $set_trusted_pan_domains
209 $set_proxy_port
210 $set_no_auth
211 $set_apple_cna
212 $set_update_domain_interval
213 $set_dns_timeout
214
215 FirewallRuleSet global {
216 $set_firewall_rule_global
217 }
218
219 FirewallRuleSet validating-users {
220 $set_firewall_rule_validating_users
221 FirewallRule allow to 0.0.0.0/0
222 }
223
224 FirewallRuleSet known-users {
225 $set_firewall_rule_known_users
226 FirewallRule allow to 0.0.0.0/0
227 }
228
229 FirewallRuleSet auth-is-down {
230 $set_firewall_rule_auth_is_down
231 }
232
233 FirewallRuleSet unknown-users {
234 $set_firewall_rule_unknown_users
235 FirewallRule allow udp port 53
236 FirewallRule allow tcp port 53
237 FirewallRule allow udp port 67
238 FirewallRule allow tcp port 67
239 }
240
241 FirewallRuleSet locked-users {
242 $set_firewall_rule_locked_users
243 FirewallRule block to 0.0.0.0/0
244 }
245EOF
246}
247
248init_config() {
249 config_load wifidogx
250 config_foreach prepare_wifidog_conf wifidog
251
252 if [ ! -f ${CONFIGFILE} ]; then
253 echo "no wifidogx.conf, exit..." >&2
254 exit
255 fi
256
257 if [ ! -s "${APFREE_CERT}" ] || [ ! -s "${APFREE_KEY}" ]; then
258 generate_keys
259 fi
260
261 if [ ! -s ${APFREE_KEY} ] || [ ! -s ${APFREE_CERT} ]; then
262 echo "no cert or key, exit..." >&2
263 exit
264 fi
265
266 config_foreach prepare_mqtt_conf mqtt
267
268 sed -i -e '/^$/d' ${CONFIGFILE}
269}
270
271start_service() {
272 init_config
273
274 procd_open_instance
275 # -f: run in foreground
276 procd_set_param command $PROG -c $CONFIGFILE -f -d 0
277 procd_set_param respawn # respawn automatically if something died
278 procd_set_param file $CONFIGFILE
279 procd_close_instance
280}
281
282status_service() {
283 /usr/bin/wdctlx status
284}