From 9a23cb441209ea78d7fdf19d02b301c289534891 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Thu, 13 Jul 2017 20:50:45 +0200 Subject: [PATCH] nodogsplash2: initial package This package is a transitional package for nodogsplash, so that the old version is still available for those who miss features that have not yet been implemented. Signed-off-by: Moritz Warning --- nodogsplash2/Makefile | 61 +++++ nodogsplash2/files/nodogsplash.config | 53 ++++ nodogsplash2/files/nodogsplash.init | 355 ++++++++++++++++++++++++++ 3 files changed, 469 insertions(+) create mode 100644 nodogsplash2/Makefile create mode 100644 nodogsplash2/files/nodogsplash.config create mode 100755 nodogsplash2/files/nodogsplash.init diff --git a/nodogsplash2/Makefile b/nodogsplash2/Makefile new file mode 100644 index 0000000..f8a2344 --- /dev/null +++ b/nodogsplash2/Makefile @@ -0,0 +1,61 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=nodogsplash2 +PKG_FIXUP:=autoreconf +PKG_VERSION:=2.0.0 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=git://github.com/nodogsplash/nodogsplash.git +PKG_SOURCE_VERSION:=9d985d93f15db4052677dc34c37232bc958944bc +PKG_MIRROR_HASH:=12f9ea4e19c76f438f54a2214b098af233645713db7f8893c968fe1cab98ab1b +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_MAINTAINER:=Moritz Warning +PKG_BUILD_PARALLEL:=1 +PKG_LICENSE:=GPL-2.0+ + +include $(INCLUDE_DIR)/package.mk + + +define Package/nodogsplash2 + SUBMENU:=Captive Portals + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libpthread +iptables-mod-ipopt +libmicrohttpd-no-ssl + TITLE:=Open public network gateway daemon + URL:=https://github.com/nodogsplash/nodogsplash + CONFLICTS:=nodogsplash +endef + +define Package/nodogsplash2/description + Nodogsplash offers a simple way to open a free hotspot providing + restricted access to an internet connection. +endef + +define Package/nodogsplash2/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) files/nodogsplash.init $(1)/etc/init.d/nodogsplash + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) files/nodogsplash.config $(1)/etc/config/nodogsplash + + $(INSTALL_DIR) $(1)/etc/$(PKG_NAME)/htdocs/images + $(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/$(PKG_NAME)/htdocs/ + $(CP) $(PKG_BUILD_DIR)/resources/infoskel.html $(1)/etc/$(PKG_NAME)/htdocs/ + $(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/$(PKG_NAME)/htdocs/images/ +endef + +define Package/nodogsplash2/conffiles +/etc/nodogsplash/nodogsplash.conf +endef + +$(eval $(call BuildPackage,nodogsplash2)) diff --git a/nodogsplash2/files/nodogsplash.config b/nodogsplash2/files/nodogsplash.config new file mode 100644 index 0000000..c02b66f --- /dev/null +++ b/nodogsplash2/files/nodogsplash.config @@ -0,0 +1,53 @@ + +# The options available here are an adaptation of the settings used in nodogsplash.conf. +# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf + +config nodogsplash + # Set to 1 to enable nodogsplash + option enabled 0 + + # Use plain configuration file + #option config '/etc/nodogsplash/nodogsplash.conf' + + # The network the users are connected to + option network 'lan' + option gatewayname 'LEDE Nodogsplash' + option maxclients '250' + option clientidletimeout '1200' + + # Your router may have several interfaces, and you + # probably want to keep them private from the network/gatewayinterface. + # If so, you should block the entire subnets on those interfaces, e.g.: + list authenticated_users 'block to 192.168.0.0/16' + list authenticated_users 'block to 10.0.0.0/8' + + # Typical ports you will probably want to open up. + list authenticated_users 'allow tcp port 22' + list authenticated_users 'allow tcp port 53' + list authenticated_users 'allow udp port 53' + list authenticated_users 'allow tcp port 80' + list authenticated_users 'allow tcp port 443' + + # For preauthenticated users to resolve IP addresses in their + # initial request not using the router itself as a DNS server, + list preauthenticated_users 'allow tcp port 53' + list preauthenticated_users 'allow udp port 53' + + # Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS + list users_to_router 'allow tcp port 22' + list users_to_router 'allow tcp port 23' + list users_to_router 'allow tcp port 53' + list users_to_router 'allow udp port 53' + list users_to_router 'allow udp port 67' + list users_to_router 'allow tcp port 80' + list users_to_router 'allow tcp port 443' + + # MAC addresses that are / are not allowed to access the splash page + # Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used. + #option macmechanism 'allow' + #list allowedmac '00:00:C0:01:D0:0D' + #list allowedmac '00:00:C0:01:D0:1D' + #list blockedmac '00:00:C0:01:D0:2D' + + #MAC addresses that do not need to authenticate + #list trustedmac '00:00:C0:01:D0:1D' diff --git a/nodogsplash2/files/nodogsplash.init b/nodogsplash2/files/nodogsplash.init new file mode 100755 index 0000000..32dc1eb --- /dev/null +++ b/nodogsplash2/files/nodogsplash.init @@ -0,0 +1,355 @@ +#!/bin/sh /etc/rc.common +# +# description: Startup/shutdown script for nodogsplash captive portal +# +# Alexander Couzens 2014 +# P. Kube 2007 +# +# (Based on wifidog startup script +# Date : 2004-08-25 +# Version : 1.0 +# Comment by that author: Could be better, but it's working as expected) +# + +START=95 +STOP=95 + +USE_PROCD=1 + +IPT=/usr/sbin/iptables +WD_DIR=/usr/bin +# -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog +# -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal +OPTIONS="-s -f -d 5" +CONFIGFILE="/tmp/invalid_nodogsplash.conf" + +# nolog(loglevel message ...) +nolog() { + local level=$1 + shift + logger -s -t nodogsplash -p daemon.$level $@ +} + +# append_config_option_map [] +# append "$config_counterpart $value" to cfgfile if option_name exists +# e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address BindAddress 0.0.0.0 +# will append "BindAddress 192.168.1.1" if uci bind_address is '192.168.1.1' +append_config_option_map() { + local val="" + local config_file="$1" + local cfg="$2" + local option_name="$3" + local config_counterpart="$4" + local default="$5" + config_get val "$cfg" "$option_name" "$default" + [ -n "$val" ] && echo "$config_counterpart $val" >> $config_file +} + +# append_config_option [] +# append "$option_name $value" to cfgfile if option_name exists +# e.g. append_config_option "$CONFIGFILE" "$cfg" bind_address 0.0.0.0 +# will append "bind_address 192.168.1.1" if uci bind_address is '192.168.1.1' +# if uci bind_address is unset append "bind_address 0.0.0.0" +append_config_option() { + local val="" + local config_file="$1" + local cfg="$2" + local option_name="$3" + local default="$4" + config_get val "$cfg" "$option_name" "$default" + [ -n "$val" ] && echo "$option_name $val" >> $config_file +} + +setup_mac_lists() { + local cfg="$1" + local MAC="" + local val + + append_mac() { + append MAC "$1" "," + } + + config_get val "$cfg" macmechanism + if [ -z "$val" ] ; then + # check if we have AllowedMACList or BlockedMACList defined they will be ignored + config_get val "$cfg" allowedmac + if [ -n "$val" ] ; then + echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2 + fi + + config_get val "$cfg" blockedmac + if [ -n "$val" ] ; then + echo "Ignoring blockedmac - macmechanism not \"block\"" >&2 + fi + elif [ "$val" == "allow" ] ; then + MAC="" + config_list_foreach "$cfg" allowedmac append_mac + echo "AllowedMACList $MAC" >> $CONFIGFILE + elif [ "$val" == "block" ] ; then + MAC="" + config_list_foreach "$cfg" blockedmac append_mac + echo "BlockedMACList $MAC" >> $CONFIGFILE + else + nolog error "$cfg Invalid macmechanism '$val' - allow or block are valid." + return 1 + fi + MAC="" + config_list_foreach "$cfg" trustedmac append_mac + [ -n "$MAC" ] && echo "TrustedMACList $MAC" >> $CONFIGFILE +} + +setup_firewall() { + local cfg="$1" + local uciname + local val + + append_firewall() { + echo " FirewallRule $1" >> $CONFIGFILE + } + + for rule in $(echo authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router) + do + uci_name=${rule//-/_} + # uci does not allow - dashes + echo "FirewallRuleSet $rule {" >> $CONFIGFILE + config_list_foreach "$cfg" ${uci_name} append_firewall + echo "}" >> $CONFIGFILE + config_get val "$cfg" policy_${uci_name} + [ -n "$val" ] && echo "EmptyRuleSetPolicy $rule $val" >> $CONFIGFILE + done +} + +wait_for_interface() +{ + local ifname="$1" + local timeout=10 + for i in $(seq $timeout); do + if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then + break + fi + sleep 1 + if [ $i == $timeout ] ; then + nolog error "$ifname not detected, NoDogSplash not starting." + exit 1 + fi + done +} + +generate_uci_config() { + local cfg="$1" + local val + local ifname + local download + local upload + + CONFIGFILE="/tmp/etc/nodogsplash_$cfg.conf" + + echo "# auto-generated config file from /etc/config/nodogsplash" > $CONFIGFILE + + config_get val "$cfg" config + if [ -n "$val" ] ; then + if [ ! -f "$val" ] ; then + nolog error "Configuration file '$file' doesn't exist" + return 0 + fi + cat "$val" >> $CONFIGFILE + fi + + config_get val "$cfg" network + if [ -n "$val" ] ; then + if ! network_get_device ifname "$val" ; then + nolog error "$cfg can not find ifname for network '$val'" + return 1 + fi + fi + + config_get val "$cfg" gatewayinterface + if [ -n "$val" ] ; then + if [ -n "$ifname" ] ; then + nolog error "$cfg cannot use both option network and gatewayinterface" + return 1 + fi + ifname="$val" + fi + + if [ -z "$ifname" ] ; then + nolog error "$cfg option network or gatewayinterface missing" + return 1 + fi + + wait_for_interface "$ifname" + + echo "GatewayInterface $ifname" >> $CONFIGFILE + + append_config_option "$CONFIGFILE" "$cfg" gatewayname + append_config_option "$CONFIGFILE" "$cfg" gatewayaddress + append_config_option "$CONFIGFILE" "$cfg" gatewayport + append_config_option "$CONFIGFILE" "$cfg" maxclients + append_config_option "$CONFIGFILE" "$cfg" webroot + append_config_option "$CONFIGFILE" "$cfg" debuglevel + append_config_option "$CONFIGFILE" "$cfg" splashpage + append_config_option "$CONFIGFILE" "$cfg" pagesdir + append_config_option "$CONFIGFILE" "$cfg" checkinterval + append_config_option "$CONFIGFILE" "$cfg" syslogfacility + append_config_option "$CONFIGFILE" "$cfg" gatewayiprange + append_config_option "$CONFIGFILE" "$cfg" imagedir + append_config_option "$CONFIGFILE" "$cfg" redirecturl + append_config_option "$CONFIGFILE" "$cfg" clientidletimeout + append_config_option "$CONFIGFILE" "$cfg" clientforcetimeout + append_config_option "$CONFIGFILE" "$cfg" gatewayiprange + append_config_option "$CONFIGFILE" "$cfg" passwordattempts + append_config_option "$CONFIGFILE" "$cfg" macmechanism + append_config_option "$CONFIGFILE" "$cfg" uploadlimit + append_config_option "$CONFIGFILE" "$cfg" downloadlimit + append_config_option "$CONFIGFILE" "$cfg" remoteauthenticatoraction + append_config_option "$CONFIGFILE" "$cfg" enablepreauth + append_config_option "$CONFIGFILE" "$cfg" binvoucher + append_config_option "$CONFIGFILE" "$cfg" forcevoucher + append_config_option "$CONFIGFILE" "$cfg" passwordauthentication + append_config_option "$CONFIGFILE" "$cfg" usernameauthentication + append_config_option "$CONFIGFILE" "$cfg" passwordattempts + append_config_option "$CONFIGFILE" "$cfg" username + append_config_option "$CONFIGFILE" "$cfg" password + append_config_option "$CONFIGFILE" "$cfg" authenticateimmediately + append_config_option "$CONFIGFILE" "$cfg" decongesthttpdthreads + append_config_option "$CONFIGFILE" "$cfg" httpdthreadthreshold + append_config_option "$CONFIGFILE" "$cfg" httpdthreaddelayms + append_config_option "$CONFIGFILE" "$cfg" fw_mark_authenticated + append_config_option "$CONFIGFILE" "$cfg" fw_mark_trusted + append_config_option "$CONFIGFILE" "$cfg" fw_mark_blocked + + config_get download "$cfg" downloadlimit + config_get upload "$cfg" uploadlimit + [ -n "$upload" -o -n "$download" ] && echo "TrafficControl yes" >> $CONFIGFILE + + setup_mac_lists "$cfg" + setup_firewall "$cfg" +} + +# setup configuration and start instance +create_instance() { + local cfg="$1" + local manual_config + local val + + config_get_bool val "$cfg" enabled 0 + [ $val -gt 0 ] || return 0 + + generate_uci_config "$cfg" + + if ! test_module ; then + logger -s -t nodogsplash -p daemon.error "nodogsplash is missing some kernel modules" + fi + + procd_open_instance $cfg + procd_set_param command /usr/bin/nodogsplash -c $CONFIGFILE $OPTIONS + procd_set_param respawn + procd_set_param file $CONFIGFILE + procd_close_instance +} + +start_service() { + include /lib/functions + + mkdir -p /tmp/etc/ + config_load nodogsplash + + config_foreach create_instance nodogsplash +} + +stop_service() { + # nodogsplash doesn't exit fast enought, when procd terminates it. + # otherwise procd will restart nodogsplash twice. first time starting nodogsplash fails, second time it succeeds + sleep 1 +} + +status() { + $WD_DIR/ndsctl status +} + +# Test if we got all modules loaded +test_module() { + ### Test ipt_mark with iptables + test_ipt_mark () { + ($IPT -A FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null + IPTABLES_OK=$? + if [ "$IPTABLES_OK" -eq 0 ]; then + ($IPT -D FORWARD -m mark --mark 2 -j ACCEPT 2>&1) > /dev/null + return 0 + else + return 1 + fi + } + + ### Test ipt_mac with iptables + test_ipt_mac () { + ($IPT -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null + IPTABLES_OK=$? + if [ "$IPTABLES_OK" -eq 0 ]; then + ($IPT -D INPUT -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT 2>&1) > /dev/null + return 0 + else + return 1 + fi + } + + ### Test ipt_IMQ with iptables + test_ipt_IMQ () { + ($IPT -t mangle -A PREROUTING -j IMQ --todev 0 2>&1) > /dev/null + IPTABLES_OK=$? + if [ "$IPTABLES_OK" -eq 0 ]; then + ($IPT -t mangle -D PREROUTING -j IMQ --todev 0 2>&1) > /dev/null + return 0 + else + return 1 + fi + } + + ### Test imq with ip + test_imq () { + (ip link set imq0 up 2>&1) > /dev/null + IMQ0_OK=$? + (ip link set imq1 up 2>&1) > /dev/null + IMQ1_OK=$? + if [ "$IMQ0_OK" -eq 0 -a "$IMQ1_OK" -eq 0 ]; then + (ip link set imq0 down 2>&1) > /dev/null + (ip link set imq1 down 2>&1) > /dev/null + return 0 + else + return 1 + fi + } + + ### Test sch_htb with tc; requires imq0 + test_sch_htb () { + (tc qdisc del dev imq0 root 2>&1) > /dev/null + (tc qdisc add dev imq0 root htb 2>&1) > /dev/null + TC_OK=$? + if [ "$TC_OK" -eq 0 ]; then + (tc qdisc del dev imq0 root 2>&1) > /dev/null + return 0 + else + return 1 + fi + } + + ### Find a module on disk + module_exists () { + EXIST=$(find /lib/modules/`uname -r` -name $1.*o 2> /dev/null) + if [ -n "$EXIST" ]; then + return 0 + else + return 1 + fi + } + + ### Test if a module is in memory + module_in_memory () { + MODULE=$(lsmod | grep $1 | awk '{print $1}') + if [ "$MODULE" = "$1" ]; then + return 0 + else + return 1 + fi + } +} -- 2.30.2