Difuse/routing
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nodogsplash: Bump to v3.3.0-1 (#457)

Browse source 
Signed-off-by: Rob White <rob@blue-wave.net>
This commit is contained in:
Rob White 2019-03-25 13:28:02 +00:00 committed by Moritz Warning
parent 4265df9dcc
commit b01e4b0e7c
6 changed files with 7 additions and 416 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nodogsplash/Makefile
View file

@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nodogsplash
PKG_FIXUP:=autoreconf
PKG_VERSION:=3.2.1
PKG_RELEASE:=3
PKG_VERSION:=3.3.0
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://codeload.github.com/nodogsplash/nodogsplash/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=nodogsplash-$(PKG_VERSION).tar.gz
PKG_HASH:=16da76ecf7820cd8b32081237e05b24a7d2d8a9db8a47242badc7937d6cf1ae8
PKG_HASH:=ad89af14086982ebb07da6dd079c10e93e31af149e06611649d0dbee79cb8e67
PKG_BUILD_DIR:=$(BUILD_DIR)/nodogsplash-$(PKG_VERSION)
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
@ -41,7 +41,6 @@ define Package/nodogsplash/description
endef
define Package/nodogsplash/install
$(CP) ./files/* $(1)/
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/
@ -52,6 +51,10 @@ define Package/nodogsplash/install
$(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/status.html $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/nodogsplash/htdocs/images/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/config/nodogsplash $(1)/etc/config/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/init.d/nodogsplash $(1)/etc/init.d/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/uci-defaults/40_nodogsplash $(1)/etc/uci-defaults/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh $(1)/usr/lib/nodogsplash/
endef
define Package/nodogsplash/postrm

144
nodogsplash/files/etc/config/nodogsplash
View file

@ -1,144 +0,0 @@
# The options available here are an adaptation of the settings used in nodogsplash.conf.
# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
config nodogsplash
# Set to 0 to disable nodogsplash
option enabled 1
# Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
# This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
option fwhook_enabled '1'
# Serve the file splash.html from this directory
option webroot '/etc/nodogsplash/htdocs'
# Use plain configuration file
#option config '/etc/nodogsplash/nodogsplash.conf'
# Use this option to set the device nogogsplash will bind to.
# The value may be an interface section in /etc/config/network or a device name such as br-lan.
option gatewayinterface 'br-lan'
option gatewayname 'OpenWrt Nodogsplash'
option maxclients '250'
# Enables debug output (0-7)
#option debuglevel '7'
# Client timeouts in minutes
option preauthidletimeout '30'
option authidletimeout '120'
# Session Timeout is the interval after which clients are forced out (a value of 0 means never)
option sessiontimeout '1200'
# The interval in seconds at which nodogsplash checks client timeout status
option checkinterval '600'
# Enable BinAuth Support.
# If set, a program is called with several parameters on authentication (request) and deauthentication.
# Request for authentication:
# $<BinAuth> auth_client <client_mac> '<username>' '<password>'
#
# The username and password values may be empty strings and are URL encoded.
# The program is expected to output the number of seconds the client
# is to be authenticated. Zero or negative seconds will cause the authentification request
# to be rejected. The same goes for an exit code that is not 0.
# The output may contain a user specific download and upload limit in KBit/s:
# <seconds> <upload> <download>
#
# Called on authentication or deauthentication:
# $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end>
#
# "client_auth": Client authenticated via this script.
# "client_deauth": Client deauthenticated by the client via splash page.
# "idle_deauth": Client was deauthenticated because of inactivity.
# "timeout_deauth": Client was deauthenticated because the session timed out.
# "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
# "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
# "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
#
# Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
#
#option binauth '/bin/myauth.sh'
# Enable Forwarding Authentication Service (FAS)
# If set redirection is changed from splash.html to a FAS (provided by the system administrator)
# The value is the IP port number of the FAS
#option fasport '80'
# Option: fasremoteip
# Default: GatewayAddress (the IP of NDS)
# If set, this is the remote ip address of the FAS.
#option fasremoteip '46.32.240.41'
# Option: faspath
# Default: /
# This is the path from the FAS Web Root to the FAS login page
# (not the file system root).
#option faspath '/onboard-wifi.net/nodog/fas.php'
# Option: fas_secure_enabled
# Default: 1
# If set to "1", authaction and the client token are not revealed and it is the responsibility
# of the FAS to request the token from NDSCTL.
# If set to "0", the client token is sent to the FAS in clear text in the query string of the
# redirect along with authaction and redir.
#option fas_secure_enabled '0'
# Your router may have several interfaces, and you
# probably want to keep them private from the network/gatewayinterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
#list authenticated_users 'block to 192.168.0.0/16'
#list authenticated_users 'block to 10.0.0.0/8'
# Typical ports you will probably want to open up.
#list authenticated_users 'allow tcp port 22'
#list authenticated_users 'allow tcp port 53'
#list authenticated_users 'allow udp port 53'
#list authenticated_users 'allow tcp port 80'
#list authenticated_users 'allow tcp port 443'
# Or for happy customers allow all
list authenticated_users 'allow all'
# For preauthenticated users to resolve IP addresses in their
# initial request not using the router itself as a DNS server,
# Leave commented to help prevent DNS tunnelling
#list preauthenticated_users 'allow tcp port 53'
#list preauthenticated_users 'allow udp port 53'
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
list users_to_router 'allow tcp port 22'
list users_to_router 'allow tcp port 23'
list users_to_router 'allow tcp port 53'
list users_to_router 'allow udp port 53'
list users_to_router 'allow udp port 67'
list users_to_router 'allow tcp port 80'
# MAC addresses that are / are not allowed to access the splash page
# Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
#option macmechanism 'allow'
#list allowedmac '00:00:C0:01:D0:0D'
#list allowedmac '00:00:C0:01:D0:1D'
#list blockedmac '00:00:C0:01:D0:2D'
# MAC addresses that do not need to authenticate
#list trustedmac '00:00:C0:01:D0:1D'
# Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
# This mask can conflict with the requirements of other packages such as mwan3, sqm etc
# Any values set here are interpreted as in hex format.
#
# List: fw_mark_authenticated
# Default: 30000 (0011|0000|0000|0000|0000 binary)
#
# List: fw_mark_trusted
# Default: 20000 (0010|0000|0000|0000|0000 binary)
#
# List: fw_mark_blocked
# Default: 10000 (0001|0000|0000|0000|0000 binary)
#
#list fw_mark_authenticated '30000'
#list fw_mark_trusted '20000'
#list fw_mark_blocked '10000'

200
nodogsplash/files/etc/init.d/nodogsplash
View file

@ -1,200 +0,0 @@
#!/bin/sh /etc/rc.common
#
# Startup/shutdown script for nodogsplash captive portal
#
START=95
STOP=95
USE_PROCD=1
IPT=/usr/sbin/iptables
WD_DIR=/usr/bin
# -s -d 5 runs in background, with level 5 (not so verbose) messages to syslog
# -f -d 7 runs in foreground, with level 7 (verbose) debug messages to terminal
OPTIONS="-s -f -d 5"
CONFIG=""
addline() {
append CONFIG "$1" "$N"
}
setup_mac_lists() {
local cfg="$1"
local macs=""
local val
append_mac() {
append macs "$1" ","
}
config_get val "$cfg" macmechanism
if [ -z "$val" ]; then
# Check if we have AllowedMACList or BlockedMACList defined they will be ignored
config_get val "$cfg" allowedmac
if [ -n "$val" ]; then
echo "Ignoring allowedmac - macmechanism not \"allow\"" >&2
fi
config_get val "$cfg" blockedmac
if [ -n "$val" ]; then
echo "Ignoring blockedmac - macmechanism not \"block\"" >&2
fi
elif [ "$val" = "allow" ]; then
config_list_foreach "$cfg" allowedmac append_mac
addline "AllowedMACList $macs"
elif [ "$val" = "block" ]; then
config_list_foreach "$cfg" blockedmac append_mac
addline "BlockedMACList $macs"
else
echo "Invalid macmechanism '$val' - allow or block are valid." >&2
exit 1
fi
macs=""
config_list_foreach "$cfg" trustedmac append_mac
if [ -n "$macs" ]; then
addline "TrustedMACList $macs"
fi
}
setup_firewall() {
local cfg="$1"
local uci_name
local val
append_firewall() {
addline " FirewallRule $1"
}
for rule in authenticated-users preauthenticated-users users-to-router trusted-users trusted-users-to-router; do
# uci does not allow dashes
uci_name=${rule//-/_}
addline "FirewallRuleSet $rule {"
config_list_foreach "$cfg" "$uci_name" append_firewall
addline "}"
config_get val "$cfg" "policy_${uci_name}"
if [ -n "$val" ]; then
addline "EmptyRuleSetPolicy $rule $val"
fi
done
}
wait_for_interface() {
local ifname="$1"
local timeout=10
for i in $(seq $timeout); do
if [ $(ip -4 addr show dev $ifname 2> /dev/null | grep -c inet) -ne 0 ]; then
break
fi
sleep 1
if [ $i = $timeout ]; then
echo "Interface $ifname not detected." >&2
exit 1
fi
done
}
generate_uci_config() {
local cfg="$1"
local val
local ifname
local download
local upload
# Init config file content
CONFIG="# auto-generated config file from /etc/config/nodogsplash"
config_get val "$cfg" config
if [ -n "$val" ]; then
if [ ! -f "$val" ]; then
echo "Configuration file '$file' doesn't exist." >&2
exit 1
fi
addline "$(cat $val)"
fi
config_get ifname "$cfg" gatewayinterface
if [ -z "$ifname" ]; then
config_get ifname "$cfg" network
fi
# Get device name if interface name is a section name in /etc/config/network
if network_get_device tmp "$ifname"; then
ifname="$tmp"
fi
if [ -z "$ifname" ]; then
echo "Option network or gatewayinterface missing." >&2
exit 1
fi
wait_for_interface "$ifname"
addline "GatewayInterface $ifname"
for option in binauth fasport fasremoteip faspath fas_secure_enabled \
daemon debuglevel maxclients gatewayname gatewayinterface gatewayiprange \
gatewayaddress gatewayport webroot splashpage statuspage imagesdir pagesdir \
redirecturl sessiontimeout preauthidletimeout authidletimeout checkinterval \
setmss mssvalue trafficcontrol downloadlimit uploadlimit \
syslogfacility ndsctlsocket fw_mark_authenticated \
fw_mark_blocked fw_mark_trusted
do
config_get val "$cfg" "$option"
if [ -n "$val" ]; then
addline "$option $val"
fi
done
config_get download "$cfg" downloadlimit
config_get upload "$cfg" uploadlimit
if [ -n "$upload" -o -n "$download" ]; then
addline "TrafficControl yes"
fi
setup_mac_lists "$cfg"
setup_firewall "$cfg"
echo "$CONFIG" > "/tmp/etc/nodogsplash_$cfg.conf"
}
# setup configuration and start instance
create_instance() {
local cfg="$1"
local val
config_get_bool val "$cfg" enabled 0
[ $val -gt 0 ] || return 0
generate_uci_config "$cfg"
procd_open_instance $cfg
procd_set_param command /usr/bin/nodogsplash -c "/tmp/etc/nodogsplash_$cfg.conf" $OPTIONS
procd_set_param respawn
procd_set_param file "/tmp/etc/nodogsplash_$cfg.conf"
procd_close_instance
}
start_service() {
# For network_get_device()
include /lib/functions
# For nodogsplash.conf file
mkdir -p /tmp/etc/
config_load nodogsplash
config_foreach create_instance nodogsplash
}
stop_service() {
# When procd terminates nodogsplash, it does not exit fast enough.
# Otherwise procd will restart nodogsplash twice. First time starting
# nodogsplash fails, second time it succeeds.
sleep 1
}

9
nodogsplash/files/etc/uci-defaults/40_nodogsplash
View file

@ -1,9 +0,0 @@
#!/bin/sh
uci -q batch <<-EOF
delete firewall.nodogsplash
set firewall.nodogsplash=include
set firewall.nodogsplash.type=script
set firewall.nodogsplash.path=/usr/lib/nodogsplash/restart.sh
commit firewall
EOF

8
nodogsplash/files/usr/lib/nodogsplash/restart.sh
View file

@ -1,8 +0,0 @@
#!/bin/sh
# Check if nodogsplash is running
if ndsctl status &> /dev/null; then
if [ "$(uci -q get nodogsplash.@nodogsplash[0].fwhook_enabled)" = "1" ]; then
/etc/init.d/nodogsplash restart
fi
fi

51
nodogsplash/patches/0001-fix-invalid-pointer-when-clock-is-turned-back.patch
View file

@ -1,51 +0,0 @@
From af548c1f885e46309baa6aa175a3822fd16afb2a Mon Sep 17 00:00:00 2001
From: Moritz Warning <moritzwarning@web.de>
Date: Thu, 14 Mar 2019 17:19:40 +0100
Subject: [PATCH] fix invalid pointer when clock is turned back
---
src/util.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/util.c b/src/util.c
index 621062d..77228bf 100644
--- a/src/util.c
+++ b/src/util.c
@@ -362,14 +362,14 @@ format_duration(time_t from, time_t to, char buf[64])
{
int days, hours, minutes, seconds;
long long int secs;
+ const char *neg = "";
if (from <= to) {
secs = to - from;
} else {
secs = from - to;
// Prepend minus sign
- buf[0] = '-';
- buf += 1;
+ neg = "-";
}
days = secs / (24 * 60 * 60);
@@ -381,13 +381,13 @@ format_duration(time_t from, time_t to, char buf[64])
seconds = secs;
if (days > 0) {
- sprintf(buf, "%dd %dh %dm %ds", days, hours, minutes, seconds);
+ snprintf(buf, 64, "%s%dd %dh %dm %ds", neg, days, hours, minutes, seconds);
} else if (hours > 0) {
- sprintf(buf, "%dh %dm %ds", hours, minutes, seconds);
+ snprintf(buf, 64, "%s%dh %dm %ds", neg, hours, minutes, seconds);
} else if (minutes > 0) {
- sprintf(buf, "%dm %ds", minutes, seconds);
+ snprintf(buf, 64, "%s%dm %ds", neg, minutes, seconds);
} else {
- sprintf(buf, "%ds", seconds);
+ snprintf(buf, 64, "%s%ds", neg, seconds);
}
return buf;
--
2.20.1