From: Rob White Date: Thu, 25 Jul 2019 11:32:53 +0000 (+0100) Subject: nodogsplash: Backport of Version 4.0.0. (#486) X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=a55193512ffa1d59836490180d9ca86bc46056c2;p=feed%2Frouting.git nodogsplash: Backport of Version 4.0.0. (#486) This version has numerous fixes and enhancements. It is compatible with the previous v3.2.1 release and onwards. Maintainer: Moritz Warning Signed-off-by: Rob White --- diff --git a/nodogsplash/Makefile b/nodogsplash/Makefile index e6127ad..d56aa11 100644 --- a/nodogsplash/Makefile +++ b/nodogsplash/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nodogsplash PKG_FIXUP:=autoreconf -PKG_VERSION:=3.2.1 -PKG_RELEASE:=2 +PKG_VERSION:=4.0.0 +PKG_RELEASE:=1 PKG_SOURCE_URL:=https://codeload.github.com/nodogsplash/nodogsplash/tar.gz/v$(PKG_VERSION)? PKG_SOURCE:=nodogsplash-$(PKG_VERSION).tar.gz -PKG_HASH:=16da76ecf7820cd8b32081237e05b24a7d2d8a9db8a47242badc7937d6cf1ae8 +PKG_HASH:=4cc3a9200380f03c8c3a71afc1fda0006b8e7bf70129f2419768a767b734da21 PKG_BUILD_DIR:=$(BUILD_DIR)/nodogsplash-$(PKG_VERSION) PKG_MAINTAINER:=Moritz Warning @@ -41,17 +41,26 @@ define Package/nodogsplash/description endef define Package/nodogsplash/install - $(CP) ./files/* $(1)/ $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/ $(INSTALL_DIR) $(1)/etc/nodogsplash/htdocs/images + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DIR) $(1)/usr/lib/nodogsplash $(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/nodogsplash/htdocs/ $(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/nodogsplash/htdocs/ $(CP) $(PKG_BUILD_DIR)/resources/status.html $(1)/etc/nodogsplash/htdocs/ $(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/nodogsplash/htdocs/images/ + $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/config/nodogsplash $(1)/etc/config/ + $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/init.d/nodogsplash $(1)/etc/init.d/ + $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/uci-defaults/40_nodogsplash $(1)/etc/uci-defaults/ + $(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh $(1)/usr/lib/nodogsplash/ + $(CP) $(PKG_BUILD_DIR)/forward_authentication_service/PreAuth/demo-preauth.sh $(1)/usr/lib/nodogsplash/login.sh + $(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/nodogsplash/ endef define Package/nodogsplash/postrm diff --git a/nodogsplash/files/etc/config/nodogsplash b/nodogsplash/files/etc/config/nodogsplash deleted file mode 100644 index 714d9bf..0000000 --- a/nodogsplash/files/etc/config/nodogsplash +++ /dev/null @@ -1,144 +0,0 @@ - -# The options available here are an adaptation of the settings used in nodogsplash.conf. -# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf - -config nodogsplash - # Set to 0 to disable nodogsplash - option enabled 1 - - # Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts. - # This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries. - option fwhook_enabled '1' - - # Serve the file splash.html from this directory - option webroot '/etc/nodogsplash/htdocs' - - # Use plain configuration file - #option config '/etc/nodogsplash/nodogsplash.conf' - - # Use this option to set the device nogogsplash will bind to. - # The value may be an interface section in /etc/config/network or a device name such as br-lan. - option gatewayinterface 'br-lan' - - option gatewayname 'OpenWrt Nodogsplash' - option maxclients '250' - - # Enables debug output (0-7) - #option debuglevel '7' - - # Client timeouts in minutes - option preauthidletimeout '30' - option authidletimeout '120' - # Session Timeout is the interval after which clients are forced out (a value of 0 means never) - option sessiontimeout '1200' - - # The interval in seconds at which nodogsplash checks client timeout status - option checkinterval '600' - - # Enable BinAuth Support. - # If set, a program is called with several parameters on authentication (request) and deauthentication. - # Request for authentication: - # $ auth_client '' '' - # - # The username and password values may be empty strings and are URL encoded. - # The program is expected to output the number of seconds the client - # is to be authenticated. Zero or negative seconds will cause the authentification request - # to be rejected. The same goes for an exit code that is not 0. - # The output may contain a user specific download and upload limit in KBit/s: - # - # - # Called on authentication or deauthentication: - # $ <*auth|*deauth> - # - # "client_auth": Client authenticated via this script. - # "client_deauth": Client deauthenticated by the client via splash page. - # "idle_deauth": Client was deauthenticated because of inactivity. - # "timeout_deauth": Client was deauthenticated because the session timed out. - # "ndsctl_auth": Client was authenticated manually by the ndsctl tool. - # "ndsctl_deauth": Client was deauthenticated by the ndsctl tool. - # "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating. - # - # Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited. - # - #option binauth '/bin/myauth.sh' - - # Enable Forwarding Authentication Service (FAS) - # If set redirection is changed from splash.html to a FAS (provided by the system administrator) - # The value is the IP port number of the FAS - #option fasport '80' - - # Option: fasremoteip - # Default: GatewayAddress (the IP of NDS) - # If set, this is the remote ip address of the FAS. - #option fasremoteip '46.32.240.41' - - # Option: faspath - # Default: / - # This is the path from the FAS Web Root to the FAS login page - # (not the file system root). - #option faspath '/onboard-wifi.net/nodog/fas.php' - - # Option: fas_secure_enabled - # Default: 1 - # If set to "1", authaction and the client token are not revealed and it is the responsibility - # of the FAS to request the token from NDSCTL. - # If set to "0", the client token is sent to the FAS in clear text in the query string of the - # redirect along with authaction and redir. - #option fas_secure_enabled '0' - - # Your router may have several interfaces, and you - # probably want to keep them private from the network/gatewayinterface. - # If so, you should block the entire subnets on those interfaces, e.g.: - #list authenticated_users 'block to 192.168.0.0/16' - #list authenticated_users 'block to 10.0.0.0/8' - - # Typical ports you will probably want to open up. - #list authenticated_users 'allow tcp port 22' - #list authenticated_users 'allow tcp port 53' - #list authenticated_users 'allow udp port 53' - #list authenticated_users 'allow tcp port 80' - #list authenticated_users 'allow tcp port 443' - # Or for happy customers allow all - list authenticated_users 'allow all' - - # For preauthenticated users to resolve IP addresses in their - # initial request not using the router itself as a DNS server, - # Leave commented to help prevent DNS tunnelling - #list preauthenticated_users 'allow tcp port 53' - #list preauthenticated_users 'allow udp port 53' - - # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS - list users_to_router 'allow tcp port 22' - list users_to_router 'allow tcp port 23' - list users_to_router 'allow tcp port 53' - list users_to_router 'allow udp port 53' - list users_to_router 'allow udp port 67' - list users_to_router 'allow tcp port 80' - - # MAC addresses that are / are not allowed to access the splash page - # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used. - #option macmechanism 'allow' - #list allowedmac '00:00:C0:01:D0:0D' - #list allowedmac '00:00:C0:01:D0:1D' - #list blockedmac '00:00:C0:01:D0:2D' - - # MAC addresses that do not need to authenticate - #list trustedmac '00:00:C0:01:D0:1D' - - # Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask. - # This mask can conflict with the requirements of other packages such as mwan3, sqm etc - # Any values set here are interpreted as in hex format. - # - # List: fw_mark_authenticated - # Default: 30000 (0011|0000|0000|0000|0000 binary) - # - # List: fw_mark_trusted - # Default: 20000 (0010|0000|0000|0000|0000 binary) - # - # List: fw_mark_blocked - # Default: 10000 (0001|0000|0000|0000|0000 binary) - # - #list fw_mark_authenticated '30000' - #list fw_mark_trusted '20000' - #list fw_mark_blocked '10000' - diff --git a/nodogsplash/files/etc/init.d/nodogsplash b/nodogsplash/files/etc/init.d/nodogsplash deleted file mode 100755 index 3c3335c..0000000 --- a/nodogsplash/files/etc/init.d/nodogsplash +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/sh /etc/rc.common - -# -# Startup/shutdown script for nodogsplash captive portal -# - -START=95 -STOP=95 - -USE_PROCD=1 - -IPT=/usr/sbin/iptables -WD_DIR=/usr/bin -# -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog -# -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal -OPTIONS="-s -f -d 5" -CONFIG="" - - -addline() { - append CONFIG "$1" "$N" -} - -setup_mac_lists() { - local cfg="$1" - local macs="" - local val - - append_mac() { - append macs "$1" "," - } - - config_get val "$cfg" macmechanism - if [ -z "$val" ]; then - # Check if we have AllowedMACList or BlockedMACList defined they will be ignored - config_get val "$cfg" allowedmac - if [ -n "$val" ]; then - echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2 - fi - - config_get val "$cfg" blockedmac - if [ -n "$val" ]; then - echo "Ignoring blockedmac - macmechanism not \"block\"" >&2 - fi - elif [ "$val" = "allow" ]; then - config_list_foreach "$cfg" allowedmac append_mac - addline "AllowedMACList $macs" - elif [ "$val" = "block" ]; then - config_list_foreach "$cfg" blockedmac append_mac - addline "BlockedMACList $macs" - else - echo "Invalid macmechanism '$val' - allow or block are valid." >&2 - exit 1 - fi - - macs="" - config_list_foreach "$cfg" trustedmac append_mac - if [ -n "$macs" ]; then - addline "TrustedMACList $macs" - fi -} - -setup_firewall() { - local cfg="$1" - local uci_name - local val - - append_firewall() { - addline " FirewallRule $1" - } - - for rule in authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router; do - # uci does not allow dashes - uci_name=${rule//-/_} - addline "FirewallRuleSet $rule {" - config_list_foreach "$cfg" "$uci_name" append_firewall - addline "}" - config_get val "$cfg" "policy_${uci_name}" - if [ -n "$val" ]; then - addline "EmptyRuleSetPolicy $rule $val" - fi - done -} - -wait_for_interface() { - local ifname="$1" - local timeout=10 - - for i in $(seq $timeout); do - if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then - break - fi - sleep 1 - if [ $i = $timeout ]; then - echo "Interface $ifname not detected." >&2 - exit 1 - fi - done -} - -generate_uci_config() { - local cfg="$1" - local val - local ifname - local download - local upload - - # Init config file content - CONFIG="# auto-generated config file from /etc/config/nodogsplash" - - config_get val "$cfg" config - if [ -n "$val" ]; then - if [ ! -f "$val" ]; then - echo "Configuration file '$file' doesn't exist." >&2 - exit 1 - fi - addline "$(cat $val)" - fi - - config_get ifname "$cfg" gatewayinterface - if [ -z "$ifname" ]; then - config_get ifname "$cfg" network - fi - - # Get device name if interface name is a section name in /etc/config/network - if network_get_device tmp "$ifname"; then - ifname="$tmp" - fi - - if [ -z "$ifname" ]; then - echo "Option network or gatewayinterface missing." >&2 - exit 1 - fi - - wait_for_interface "$ifname" - - addline "GatewayInterface $ifname" - - for option in binauth fasport fasremoteip faspath fas_secure_enabled \ - daemon debuglevel maxclients gatewayname gatewayinterface gatewayiprange \ - gatewayaddress gatewayport webroot splashpage statuspage imagesdir pagesdir \ - redirecturl sessiontimeout preauthidletimeout authidletimeout checkinterval \ - setmss mssvalue trafficcontrol downloadlimit uploadlimit \ - syslogfacility ndsctlsocket fw_mark_authenticated \ - fw_mark_blocked fw_mark_trusted - do - config_get val "$cfg" "$option" - - if [ -n "$val" ]; then - addline "$option $val" - fi - done - - config_get download "$cfg" downloadlimit - config_get upload "$cfg" uploadlimit - - if [ -n "$upload" -o -n "$download" ]; then - addline "TrafficControl yes" - fi - - setup_mac_lists "$cfg" - setup_firewall "$cfg" - - echo "$CONFIG" > "/tmp/etc/nodogsplash_$cfg.conf" -} - -# setup configuration and start instance -create_instance() { - local cfg="$1" - local val - - config_get_bool val "$cfg" enabled 0 - [ $val -gt 0 ] || return 0 - - generate_uci_config "$cfg" - - procd_open_instance $cfg - procd_set_param command /usr/bin/nodogsplash -c "/tmp/etc/nodogsplash_$cfg.conf" $OPTIONS - procd_set_param respawn - procd_set_param file "/tmp/etc/nodogsplash_$cfg.conf" - procd_close_instance -} - -start_service() { - # For network_get_device() - include /lib/functions - - # For nodogsplash.conf file - mkdir -p /tmp/etc/ - - config_load nodogsplash - config_foreach create_instance nodogsplash -} - -stop_service() { - # When procd terminates nodogsplash, it does not exit fast enough. - # Otherwise procd will restart nodogsplash twice. First time starting - # nodogsplash fails, second time it succeeds. - sleep 1 -} diff --git a/nodogsplash/files/etc/uci-defaults/40_nodogsplash b/nodogsplash/files/etc/uci-defaults/40_nodogsplash deleted file mode 100644 index c4f461a..0000000 --- a/nodogsplash/files/etc/uci-defaults/40_nodogsplash +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -uci -q batch <<-EOF - delete firewall.nodogsplash - set firewall.nodogsplash=include - set firewall.nodogsplash.type=script - set firewall.nodogsplash.path=/usr/lib/nodogsplash/restart.sh - commit firewall -EOF diff --git a/nodogsplash/files/usr/lib/nodogsplash/restart.sh b/nodogsplash/files/usr/lib/nodogsplash/restart.sh deleted file mode 100755 index e67f11d..0000000 --- a/nodogsplash/files/usr/lib/nodogsplash/restart.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Check if nodogsplash is running -if ndsctl status &> /dev/null; then - if [ "$(uci -q get nodogsplash.@nodogsplash[0].fwhook_enabled)" = "1" ]; then - /etc/init.d/nodogsplash restart - fi -fi diff --git a/nodogsplash/patches/0001-fix-invalid-pointer-when-clock-is-turned-back.patch b/nodogsplash/patches/0001-fix-invalid-pointer-when-clock-is-turned-back.patch deleted file mode 100644 index 9ea55d0..0000000 --- a/nodogsplash/patches/0001-fix-invalid-pointer-when-clock-is-turned-back.patch +++ /dev/null @@ -1,51 +0,0 @@ -From af548c1f885e46309baa6aa175a3822fd16afb2a Mon Sep 17 00:00:00 2001 -From: Moritz Warning -Date: Thu, 14 Mar 2019 17:19:40 +0100 -Subject: [PATCH] fix invalid pointer when clock is turned back - ---- - src/util.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/util.c b/src/util.c -index 621062d..77228bf 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -362,14 +362,14 @@ format_duration(time_t from, time_t to, char buf[64]) - { - int days, hours, minutes, seconds; - long long int secs; -+ const char *neg = ""; - - if (from <= to) { - secs = to - from; - } else { - secs = from - to; - // Prepend minus sign -- buf[0] = '-'; -- buf += 1; -+ neg = "-"; - } - - days = secs / (24 * 60 * 60); -@@ -381,13 +381,13 @@ format_duration(time_t from, time_t to, char buf[64]) - seconds = secs; - - if (days > 0) { -- sprintf(buf, "%dd %dh %dm %ds", days, hours, minutes, seconds); -+ snprintf(buf, 64, "%s%dd %dh %dm %ds", neg, days, hours, minutes, seconds); - } else if (hours > 0) { -- sprintf(buf, "%dh %dm %ds", hours, minutes, seconds); -+ snprintf(buf, 64, "%s%dh %dm %ds", neg, hours, minutes, seconds); - } else if (minutes > 0) { -- sprintf(buf, "%dm %ds", minutes, seconds); -+ snprintf(buf, 64, "%s%dm %ds", neg, minutes, seconds); - } else { -- sprintf(buf, "%ds", seconds); -+ snprintf(buf, 64, "%s%ds", neg, seconds); - } - - return buf; --- -2.20.1 -