// unfinished. do not use
void start_wifidog(void)
{
if (nvram_match("wd_enable", "1")) {
insmod("ipt_mark");
insmod("ipt_mac");
insmod("xt_mark");
insmod("xt_mac");
mkdir("/tmp/wifidog/", 0744);
FILE *fp = fopen("/tmp/wifidog/wifidog.conf", "wb");
if (!strlen(nvram_safe_get("wd_gwid")))
fprintf(fp, "GatewayID %s\n", nvram_safe_get("router_name"));
else
fprintf(fp, "GatewayID %s\n", nvram_safe_get("wd_gwid"));
if (nvram_invmatch("wan_proto", "disabled")) //WIP
fprintf(fp, "ExternalInterface %s\n", get_wan_face());
else
fprintf(fp, "ExternalInterface %s\n", nvram_safe_get("wd_extiface"));
fprintf(fp, "GatewayInterface %s\n", nvram_safe_get("wd_iface"));
// fprintf (fp, "Portal %s\n", nvram_safe_get ("wd_url"));
fprintf(fp, "GatewayPort %s\n", nvram_safe_get("wd_gwport"));
fprintf(fp, "HTTPDMaxConn %s\n", nvram_safe_get("wd_httpdcon"));
fprintf(fp, "HTTPDName %s\n", nvram_safe_get("wd_httpdname"));
fprintf(fp, "CheckInterval %s\n", nvram_safe_get("wd_interval"));
fprintf(fp, "ClientTimeout %s\n", nvram_safe_get("wd_timeout"));
fprintf(fp, "TrustedMACList %s\n", nvram_safe_get("wd_maclist"));
fprintf(fp, "AuthServer {\n");
fprintf(fp, "Hostname %s\n", nvram_safe_get("wd_hostname"));
fprintf(fp, "SSLAvailable %s\n", nvram_match("wd_sslavailable", "1") ? "yes" : "no");
fprintf(fp, "SSLPort %s\n", nvram_safe_get("wd_sslport"));
fprintf(fp, "HTTPPort %s\n", nvram_safe_get("wd_httpport"));
if (strlen(nvram_safe_get("wd_messagefile")) > 0) {
fprintf(fp, "HtmlMessageFile %s\n", nvram_safe_get("wd_messagefile"));
}
if (nvram_match("wd_auth", "1")) {
if (strlen(nvram_safe_get("wd_realm")) > 0)
fprintf(fp, "HTTPDRealm %s\n", nvram_safe_get("wd_realm"));
fprintf(fp, "HTTPDUserName %s\n", nvram_safe_get("wd_username"));
fprintf(fp, "HTTPDPassword %s\n", nvram_safe_get("wd_password"));
}
fprintf(fp, "Path %s\n", nvram_safe_get("wd_path"));
fprintf(fp, "}\n");
if (strlen(nvram_safe_get("wd_config")) > 0) {
fwritenvram("wd_config", fp);
} else {
fprintf(fp, "FirewallRuleSet validating-users {\n");
fprintf(fp, "FirewallRule allow to 0.0.0.0/0\n");
fprintf(fp, "}\n");
fprintf(fp, "FirewallRuleSet known-users {\n");
fprintf(fp, "FirewallRule allow to 0.0.0.0/0\n");
fprintf(fp, "}\n");
fprintf(fp, "FirewallRuleSet unknown-users {\n");
fprintf(fp, "FirewallRule allow udp port 53\n");
fprintf(fp, "FirewallRule allow tcp port 53\n");
fprintf(fp, "FirewallRule allow udp port 67\n");
fprintf(fp, "FirewallRule allow tcp port 67\n");
fprintf(fp, "}\n");
fprintf(fp, "FirewallRuleSet locked-users {\n");
fprintf(fp, "FirewallRule block to 0.0.0.0/0\n");
fprintf(fp, "}\n");
}
fclose(fp);
eval("wifidog");
dd_syslog(LOG_INFO, "wifidog successfully started\n");
eval("iptables", "-D", "FORWARD", "-i", nvram_safe_get("wd_iface"), "-d", nvram_safe_get("wd_hostname"), "-j", "ACCEPT");
eval("iptables", "-I", "FORWARD", "-i", nvram_safe_get("wd_iface"), "-d", nvram_safe_get("wd_hostname"), "-j", "ACCEPT");
}
#ifdef HAVE_TIEXTRA2
start_mwifidog();
#endif
}
static void create_pptp_config(char *servername, char *username)
{
FILE *fp;
mkdir("/tmp/ppp", 0777);
symlink("/sbin/rc", "/tmp/ppp/ip-up");
symlink("/sbin/rc", "/tmp/ppp/ip-down");
symlink("/dev/null", "/tmp/ppp/connect-errors");
/*
* Generate options file
*/
if (!(fp = fopen("/tmp/ppp/options", "w"))) {
perror("/tmp/ppp/options");
return;
}
fprintf(fp, "defaultroute\n"); // Add a default route to the
// system routing tables, using the peer as the gateway
fprintf(fp, "usepeerdns\n"); // Ask the peer for up to 2 DNS
// server addresses
fprintf(fp, "pty 'pptp %s --localbind %s --nolaunchpppd", servername,nvram_safe_get("wan_ipaddr"));
if (nvram_match("pptp_reorder", "0"))
fprintf(fp, " --nobuffer");
// PPTP client also supports synchronous mode.
// This should improve the speeds.
if (nvram_match("pptp_synchronous", "1"))
fprintf(fp, " --sync'\nsync\n");
else
fprintf(fp, "'\n");
fprintf(fp, "user '%s'\n", username);
// fprintf(fp, "persist\n"); // Do not exit after a connection is terminated.
if (nvram_match("mtu_enable", "1"))
fprintf(fp, "mtu %s\n", nvram_safe_get("wan_mtu"));
if (nvram_match("ppp_demand", "1")) { // demand mode
fprintf(fp, "idle %d\n",
nvram_match("ppp_demand",
"1") ?
atoi(nvram_safe_get("ppp_idletime")) * 60 : 0);
fprintf(fp, "demand\n"); // Dial on demand
fprintf(fp, "persist\n"); // Do not exit after a connection is
// terminated.
fprintf(fp, "%s:%s\n", PPP_PSEUDO_IP, PPP_PSEUDO_GW); // <local
// IP>:<remote
// IP>
fprintf(fp, "ipcp-accept-remote\n");
fprintf(fp, "ipcp-accept-local\n");
fprintf(fp, "connect true\n");
fprintf(fp, "noipdefault\n"); // Disables the default
// behaviour when no local IP
// address is specified
fprintf(fp, "ktune\n"); // Set /proc/sys/net/ipv4/ip_dynaddr
// to 1 in demand mode if the local
// address changes
} else { // keepalive mode
start_redial();
}
if (nvram_match("pptp_encrypt", "0")) {
fprintf(fp, "nomppe\n"); // Disable mppe negotiation
fprintf(fp, "noccp\n"); // Disable CCP (Compression Control
// Protocol)
} else {
fprintf(fp, "mppe required,stateless\n");
}
fprintf(fp, "default-asyncmap\n"); // Disable asyncmap negotiation
fprintf(fp, "nopcomp\n"); // Disable protocol field compression
fprintf(fp, "noaccomp\n"); // Disable Address/Control compression
fprintf(fp, "novj\n"); // Disable Van Jacobson style TCP/IP header compression
fprintf(fp, "nobsdcomp\n"); // Disables BSD-Compress compression
fprintf(fp, "nodeflate\n"); // Disables Deflate compression
fprintf(fp, "lcp-echo-failure 20\n");
fprintf(fp, "lcp-echo-interval 3\n"); // echo-request frame to the peer
fprintf(fp, "noipdefault\n");
fprintf(fp, "lock\n");
fprintf(fp, "noauth\n");
fprintf(fp, "debug\n" "logfd 2\n");
if (nvram_invmatch("pptp_extraoptions", ""))
fwritenvram("pptp_extraoptions", fp);
fclose(fp);
}
void setupSupplicant(char *prefix)
{
char akm[16];
sprintf(akm, "%s_akm", prefix);
char wmode[16];
sprintf(wmode, "%s_mode", prefix);
if (nvram_match(akm, "wep")) {
char key[16];
int cnt = 1;
int i;
char bul[8];
for (i = 1; i < 5; i++) {
sprintf(key, "%s_key%d", prefix, i);
char *athkey = nvram_safe_get(key);
if (athkey != NULL && strlen(athkey) > 0) {
sprintf(bul, "[%d]", cnt++);
eval("iwconfig", prefix, "key", bul, athkey); // setup wep
// encryption
// key
}
}
sprintf(key, "%s_key", prefix);
sprintf(bul, "[%s]", nvram_safe_get(key));
eval("iwconfig", prefix, "key", bul);
// eval ("iwpriv", prefix, "authmode", "2");
} else if (nvram_match(akm, "psk") || nvram_match(akm, "psk2") || nvram_match(akm, "psk psk2")) {
char fstr[64];
char psk[16];
sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix);
FILE *fp = fopen(fstr, "wb");
#ifdef HAVE_MAKSAT
fprintf(fp, "ap_scan=1\n");
#elif HAVE_NEWMEDIA
fprintf(fp, "ap_scan=1\n");
#else
fprintf(fp, "ap_scan=2\n");
#endif
fprintf(fp, "fast_reauth=1\n");
fprintf(fp, "eapol_version=1\n");
// fprintf (fp, "ctrl_interface_group=0\n");
// fprintf (fp, "ctrl_interface=/var/run/wpa_supplicant\n");
fprintf(fp, "network={\n");
sprintf(psk, "%s_ssid", prefix);
fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk));
// fprintf (fp, "\tmode=0\n");
fprintf(fp, "\tscan_ssid=1\n");
fprintf(fp, "\tkey_mgmt=WPA-PSK\n");
sprintf(psk, "%s_crypto", prefix);
if (nvram_match(psk, "aes")) {
#if 1
fprintf(fp, "\tpairwise=CCMP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
#else
fprintf(fp, "\tpairwise=CCMP\n");
fprintf(fp, "\tgroup=CCMP\n");
#endif
}
if (nvram_match(psk, "tkip")) {
fprintf(fp, "\tpairwise=TKIP\n");
fprintf(fp, "\tgroup=TKIP\n");
}
if (nvram_match(psk, "tkip+aes")) {
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
}
if (nvram_match(akm, "psk"))
fprintf(fp, "\tproto=WPA\n");
if (nvram_match(akm, "psk2"))
fprintf(fp, "\tproto=RSN\n");
if (nvram_match(akm, "psk psk2"))
fprintf(fp, "\tproto=WPA RSN\n");
sprintf(psk, "%s_wpa_psk", prefix);
fprintf(fp, "\tpsk=\"%s\"\n", nvram_safe_get(psk));
fprintf(fp, "}\n");
fclose(fp);
if (!strcmp(prefix, "wl0"))
sprintf(psk, "-i%s", nvram_safe_get("wl0_ifname"));
else if (!strcmp(prefix, "wl1"))
sprintf(psk, "-i%s", nvram_safe_get("wl1_ifname"));
else
sprintf(psk, "-i%s", prefix);
if (nvram_match(wmode, "wdssta") || nvram_match(wmode, "wet"))
eval("wpa_supplicant", "-b", getBridge(prefix), "-B", "-Dwext", psk, "-c", fstr);
else
eval("wpa_supplicant", "-B", "-Dwext", psk, "-c", fstr);
} else if (nvram_match(akm, "8021X")) {
char fstr[32];
char psk[64];
char ath[64];
sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix);
FILE *fp = fopen(fstr, "wb");
fprintf(fp, "ap_scan=1\n");
fprintf(fp, "fast_reauth=1\n");
fprintf(fp, "eapol_version=1\n");
// fprintf (fp, "ctrl_interface_group=0\n");
// fprintf (fp, "ctrl_interface=/var/run/wpa_supplicant\n");
fprintf(fp, "network={\n");
sprintf(psk, "%s_ssid", prefix);
fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk));
fprintf(fp, "\tscan_ssid=1\n");
if (nvram_prefix_match("8021xtype", prefix, "tls")) {
// -> added habeIchVergessen
char *keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix);
char *wpaOpts[40];
if (strlen(keyExchng) == 0)
nvram_nset("wep", "%s_tls8021xkeyxchng", prefix);
sprintf(wpaOpts, "");
keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix);
if (strcmp("wpa2", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=CCMP\n\tgroup=CCMP\n");
if (strcmp("wpa2mixed", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=CCMP TKIP\n\tgroup=CCMP TKIP\n");
if (strcmp("wpa", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=TKIP\n\tgroup=TKIP\n");
fprintf(fp, "\tkey_mgmt=%s\n%s", (strlen(wpaOpts) == 0 ? "IEEE8021X" : "WPA-EAP"), wpaOpts);
// <- added habeIchVergessen
fprintf(fp, "\teap=TLS\n");
fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("tls8021xuser", prefix));
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk, 0700);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_tls8021xca", prefix);
write_nvram(psk, ath);
sprintf(psk, "/tmp/%s/user.pem", prefix);
sprintf(ath, "%s_tls8021xpem", prefix);
write_nvram(psk, ath);
sprintf(psk, "/tmp/%s/user.prv", prefix);
sprintf(ath, "%s_tls8021xprv", prefix);
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=/tmp/%s/ca.pem\n", prefix);
fprintf(fp, "\tclient_cert=/tmp/%s/user.pem\n", prefix);
fprintf(fp, "\tprivate_key=/tmp/%s/user.prv\n", prefix);
fprintf(fp, "\tprivate_key_passwd=\"%s\"\n", nvram_prefix_get("tls8021xpasswd", prefix));
fprintf(fp, "\teapol_flags=3\n");
if (strlen(nvram_nget("%s_tls8021xphase2", prefix)) > 0) {
fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_tls8021xphase2", prefix));
}
if (strlen(nvram_nget("%s_tls8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_tls8021xanon", prefix));
}
if (strlen(nvram_nget("%s_tls8021xaddopt", prefix)) > 0) {
sprintf(ath, "%s_tls8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "peap")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=PEAP\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tphase1=\"peapver=0\"\n");
fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("peap8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("peap8021xpasswd", prefix));
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk, 0700);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_peap8021xca", prefix);
if (!nvram_match(ath, "")) {
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix);
}
if (strlen(nvram_nget("%s_peap8021xphase2", prefix)) > 0) {
fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_peap8021xphase2", prefix));
}
if (strlen(nvram_nget("%s_peap8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_peap8021xanon", prefix));
}
if (strlen(nvram_nget("%s_peap8021xaddopt", prefix)) > 0) {
sprintf(ath, "%s_peap8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "ttls")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=TTLS\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("ttls8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("ttls8021xpasswd", prefix));
if (strlen(nvram_nget("%s_ttls8021xca", prefix)) > 0) {
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk, 0700);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_ttls8021xca", prefix);
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix);
}
if (strlen(nvram_nget("%s_ttls8021xphase2", prefix)) > 0) {
fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_ttls8021xphase2", prefix));
}
if (strlen(nvram_nget("%s_ttls8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_ttls8021xanon", prefix));
}
if (strlen(nvram_nget("%s_ttls8021xaddopt", prefix)) > 0) {
sprintf(ath, "%s_ttls8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "leap")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=LEAP\n");
fprintf(fp, "\tauth_alg=LEAP\n");
fprintf(fp, "\tproto=WPA RSN\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("leap8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("leap8021xpasswd", prefix));
if (strlen(nvram_nget("%s_leap8021xphase2", prefix)) > 0) {
fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_leap8021xphase2", prefix));
}
if (strlen(nvram_nget("%s_leap8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_leap8021xanon", prefix));
}
if (strlen(nvram_nget("%s_leap8021xaddopt", prefix)) > 0) {
sprintf(ath, "%s_leap8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
fprintf(fp, "}\n");
fclose(fp);
if (!strcmp(prefix, "wl0"))
sprintf(psk, "-i%s", nvram_safe_get("wl0_ifname"));
else if (!strcmp(prefix, "wl1"))
sprintf(psk, "-i%s", nvram_safe_get("wl1_ifname"));
else
sprintf(psk, "-i%s", prefix);
char bvar[32];
sprintf(bvar, "%s_bridged", prefix);
if (nvram_match(bvar, "1")
&& (nvram_match(wmode, "wdssta")
|| nvram_match(wmode, "wet")))
eval("wpa_supplicant", "-b", nvram_safe_get("lan_ifname"), "-B", "-Dwext", psk, "-c", fstr);
else
eval("wpa_supplicant", "-B", "-Dwext", psk, "-c", fstr);
} else {
eval("iwconfig", prefix, "key", "off");
// eval ("iwpriv", prefix, "authmode", "0");
}
}
void setupSupplicant(char *prefix)
{
char akm[16];
sprintf(akm, "%s_akm", prefix);
char wmode[16];
sprintf(wmode, "%s_mode", prefix);
if (nvram_match(akm, "8021X")) {
char fstr[32];
char psk[64];
char ath[64];
sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix);
FILE *fp = fopen(fstr, "wb");
fprintf(fp, "ap_scan=1\n");
fprintf(fp, "fast_reauth=1\n");
fprintf(fp, "eapol_version=1\n");
fprintf(fp, "network={\n");
sprintf(psk, "%s_ssid", prefix);
fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk));
fprintf(fp, "\tscan_ssid=1\n");
if (nvram_prefix_match("8021xtype", prefix, "tls")) {
// -> added habeIchVergessen
char *keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix);
char *wpaOpts[40];
if (strlen(keyExchng)==0)
nvram_nset("wep","%s_tls8021xkeyxchng", prefix);
sprintf(wpaOpts, "");
keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix);
if (strcmp("wpa2", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=CCMP\n\tgroup=CCMP\n");
if (strcmp("wpa2mixed", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=CCMP TKIP\n\tgroup=CCMP TKIP\n");
if (strcmp("wpa", keyExchng) == 0)
sprintf(wpaOpts, "\tpairwise=TKIP\n\tgroup=TKIP\n");
fprintf(fp, "\tkey_mgmt=%s\n%s", (strlen(wpaOpts) == 0 ? "IEEE8021X" : "WPA-EAP"), wpaOpts);
// <- added habeIchVergessen
fprintf(fp, "\teap=TLS\n");
fprintf(fp, "\tidentity=\"%s\"\n",
nvram_prefix_get("tls8021xuser", prefix));
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_tls8021xca", prefix);
write_nvram(psk, ath);
sprintf(psk, "/tmp/%s/user.pem", prefix);
sprintf(ath, "%s_tls8021xpem", prefix);
write_nvram(psk, ath);
sprintf(psk, "/tmp/%s/user.prv", prefix);
sprintf(ath, "%s_tls8021xprv", prefix);
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=/tmp/%s/ca.pem\n", prefix);
fprintf(fp, "\tclient_cert=/tmp/%s/user.pem\n", prefix);
fprintf(fp, "\tprivate_key=/tmp/%s/user.prv\n", prefix);
fprintf(fp, "\tprivate_key_passwd=\"%s\"\n",
nvram_prefix_get("tls8021xpasswd", prefix));
fprintf(fp, "\teapol_flags=3\n");
if (strlen(nvram_nget("%s_tls8021xphase2", prefix)) > 0) {
fprintf(fp, "\tphase2=\"%s\"\n",
nvram_nget("%s_tls8021xphase2",
prefix));
}
if (strlen(nvram_nget("%s_tls8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n",
nvram_nget("%s_tls8021xanon", prefix));
}
if (strlen(nvram_nget("%s_tls8021xaddopt", prefix)) > 0) {
sprintf(ath, "%s_tls8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "peap")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=PEAP\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tphase1=\"peapver=0\"\n");
fprintf(fp, "\tidentity=\"%s\"\n",
nvram_prefix_get("peap8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n",
nvram_prefix_get("peap8021xpasswd", prefix));
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_peap8021xca", prefix);
if (!nvram_match(ath, "")) {
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n",
prefix);
}
if (strlen(nvram_nget("%s_peap8021xphase2", prefix)) >
0) {
fprintf(fp, "\tphase2=\"%s\"\n",
nvram_nget("%s_peap8021xphase2",
prefix));
}
if (strlen(nvram_nget("%s_peap8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n",
nvram_nget("%s_peap8021xanon", prefix));
}
if (strlen(nvram_nget("%s_peap8021xaddopt", prefix)) >
0) {
sprintf(ath, "%s_peap8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "ttls")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=TTLS\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tidentity=\"%s\"\n",
nvram_prefix_get("ttls8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n",
nvram_prefix_get("ttls8021xpasswd", prefix));
if (strlen(nvram_nget("%s_ttls8021xca", prefix)) > 0) {
sprintf(psk, "/tmp/%s", prefix);
mkdir(psk);
sprintf(psk, "/tmp/%s/ca.pem", prefix);
sprintf(ath, "%s_ttls8021xca", prefix);
write_nvram(psk, ath);
fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n",
prefix);
}
if (strlen(nvram_nget("%s_ttls8021xphase2", prefix)) >
0) {
fprintf(fp, "\tphase2=\"%s\"\n",
nvram_nget("%s_ttls8021xphase2",
prefix));
}
if (strlen(nvram_nget("%s_ttls8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n",
nvram_nget("%s_ttls8021xanon", prefix));
}
if (strlen(nvram_nget("%s_ttls8021xaddopt", prefix)) >
0) {
sprintf(ath, "%s_ttls8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
if (nvram_prefix_match("8021xtype", prefix, "leap")) {
fprintf(fp, "\tkey_mgmt=WPA-EAP\n");
fprintf(fp, "\teap=LEAP\n");
fprintf(fp, "\tauth_alg=LEAP\n");
fprintf(fp, "\tproto=WPA RSN\n");
fprintf(fp, "\tpairwise=CCMP TKIP\n");
fprintf(fp, "\tgroup=CCMP TKIP\n");
fprintf(fp, "\tidentity=\"%s\"\n",
nvram_prefix_get("leap8021xuser", prefix));
fprintf(fp, "\tpassword=\"%s\"\n",
nvram_prefix_get("leap8021xpasswd", prefix));
if (strlen(nvram_nget("%s_leap8021xphase2", prefix)) >
0) {
fprintf(fp, "\tphase2=\"%s\"\n",
nvram_nget("%s_leap8021xphase2",
prefix));
}
if (strlen(nvram_nget("%s_leap8021xanon", prefix)) > 0) {
fprintf(fp, "\tanonymous_identity=\"%s\"\n",
nvram_nget("%s_leap8021xanon", prefix));
}
if (strlen(nvram_nget("%s_leap8021xaddopt", prefix)) >
0) {
sprintf(ath, "%s_leap8021xaddopt", prefix);
fprintf(fp, "\t"); // tab
fwritenvram(ath, fp);
fprintf(fp, "\n"); // extra new line at the end
}
}
fprintf(fp, "}\n");
fclose(fp);
sprintf(psk, "-i%s", getRADev(prefix));
char bvar[32];
sprintf(bvar, "%s_bridged", prefix);
if (nvram_match(bvar, "1")
&& (nvram_match(wmode, "wdssta")
|| nvram_match(wmode, "wet")))
eval("wpa_supplicant", "-b",
nvram_safe_get("lan_ifname"), "-B", "-Dralink",
psk, "-c", fstr);
else
eval("wpa_supplicant", "-B", "-Dralink", psk, "-c",
fstr);
}
}
void start_dnsmasq(void)
{
FILE *fp;
struct dns_lists *dns_list = NULL;
int ret;
int i;
if (nvram_match("dhcp_dnsmasq", "1")
&& nvram_match("lan_proto", "dhcp")
&& nvram_match("dnsmasq_enable", "0")) {
nvram_set("dnsmasq_enable", "1");
nvram_commit();
}
if (!nvram_invmatch("dnsmasq_enable", "0")) {
stop_dnsmasq();
return;
}
usejffs = 0;
if (nvram_match("dhcpd_usejffs", "1")) {
if (!(fp = fopen("/jffs/dnsmasq.leases", "a"))) {
usejffs = 0;
} else {
fclose(fp);
usejffs = 1;
}
}
/*
* Write configuration file based on current information
*/
if (!(fp = fopen("/tmp/dnsmasq.conf", "w"))) {
perror("/tmp/dnsmasq.conf");
return;
}
// fprintf(fp, "bind-interfaces\n");
if (nvram_match("chilli_enable", "1")) {
if (canlan())
fprintf(fp, "interface=%s", get_wdev());
else
fprintf(fp, "interface=%s,", get_wdev());
} else if (nvram_match("pptpd_enable", "1")) {
if (canlan())
fprintf(fp, "listen-address=%s,%s", "127.0.0.1",
nvram_safe_get("lan_ipaddr"));
else
fprintf(fp, "listen-address=%s", "127.0.0.1");
} else {
if (canlan())
fprintf(fp, "interface=%s",
nvram_safe_get("lan_ifname"));
else
fprintf(fp, "interface=");
}
int mdhcpcount = 0;
if (nvram_get("mdhcpd_count") != NULL) {
mdhcpcount = atoi(nvram_safe_get("mdhcpd_count"));
for (i = 0; i < mdhcpcount; i++) {
if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0
|| strlen(nvram_nget("%s_netmask", getmdhcp(0, i)))
== 0)
continue;
if (canlan() || i > 0) {
if (nvram_match("pptpd_enable", "1"))
fprintf(fp, ",%s",
nvram_nget("%s_ipaddr",
getmdhcp(0, i)));
else
fprintf(fp, ",%s", getmdhcp(0, i));
} else {
if (nvram_match("pptpd_enable", "1"))
fprintf(fp, "%s",
nvram_nget("%s_ipaddr",
getmdhcp(0, i)));
else
fprintf(fp, "%s", getmdhcp(0, i));
}
}
}
fprintf(fp, "\n");
fprintf(fp, "resolv-file=/tmp/resolv.dnsmasq\n" "all-servers\n"); //
/*
* Domain
*/
if (nvram_match("dhcp_domain", "wan")) {
if (nvram_invmatch("wan_domain", ""))
fprintf(fp, "domain=%s\n",
nvram_safe_get("wan_domain"));
else if (nvram_invmatch("wan_get_domain", ""))
fprintf(fp, "domain=%s\n",
nvram_safe_get("wan_get_domain"));
} else {
if (nvram_invmatch("lan_domain", ""))
fprintf(fp, "domain=%s\n",
nvram_safe_get("lan_domain"));
}
/*
* DD-WRT use dnsmasq as DHCP replacement
*/
//bs mod
if (hasdhcp()) {
/*
* DHCP leasefile
*/
if (nvram_match("dhcpd_usenvram", "1")) {
fprintf(fp, "leasefile-ro\n");
fprintf(fp, "dhcp-script=%s\n", "/etc/lease_update.sh");
} else {
if (usejffs)
fprintf(fp,
"dhcp-leasefile=/jffs/dnsmasq.leases\n");
else
fprintf(fp,
"dhcp-leasefile=/tmp/dnsmasq.leases\n");
}
int dhcp_max = 0;
if (landhcp())
dhcp_max +=
atoi(nvram_safe_get("dhcp_num")) +
atoi(nvram_safe_get("static_leasenum"));
for (i = 0; i < mdhcpcount; i++) {
if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0
|| strlen(nvram_nget("%s_netmask", getmdhcp(0, i)))
== 0)
continue;
dhcp_max += atoi(getmdhcp(3, i));
}
fprintf(fp, "dhcp-lease-max=%d\n", dhcp_max);
if (landhcp())
fprintf(fp, "dhcp-option=lan,3,%s\n",
nvram_safe_get("lan_ipaddr"));
for (i = 0; i < mdhcpcount; i++) {
if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0
|| strlen(nvram_nget("%s_netmask", getmdhcp(0, i)))
== 0)
continue;
fprintf(fp, "dhcp-option=%s,3,", getmdhcp(0, i));
fprintf(fp, "%s\n",
nvram_nget("%s_ipaddr", getmdhcp(0, i)));
}
if (nvram_invmatch("wan_wins", "")
&& nvram_invmatch("wan_wins", "0.0.0.0"))
fprintf(fp, "dhcp-option=44,%s\n",
nvram_safe_get("wan_wins"));
if (nvram_match("dns_dnsmasq", "0")) {
dns_list = get_dns_list();
if (dns_list
&& (strlen(dns_list->dns_server[0]) > 0
|| strlen(dns_list->dns_server[1]) > 0
|| strlen(dns_list->dns_server[2]) > 0)) {
fprintf(fp, "dhcp-option=6");
if (strlen(dns_list->dns_server[0]) > 0)
fprintf(fp, ",%s",
dns_list->dns_server[0]);
if (strlen(dns_list->dns_server[1]) > 0)
fprintf(fp, ",%s",
dns_list->dns_server[1]);
if (strlen(dns_list->dns_server[2]) > 0)
fprintf(fp, ",%s",
dns_list->dns_server[2]);
fprintf(fp, "\n");
}
if (dns_list)
free(dns_list);
}
if (nvram_match("auth_dnsmasq", "1"))
fprintf(fp, "dhcp-authoritative\n");
if (landhcp()) {
fprintf(fp, "dhcp-range=lan,");
fprintf(fp, "%d.%d.%d.%s,",
get_single_ip(nvram_safe_get("lan_ipaddr"), 0),
get_single_ip(nvram_safe_get("lan_ipaddr"), 1),
get_single_ip(nvram_safe_get("lan_ipaddr"), 2),
nvram_safe_get("dhcp_start"));
if (nvram_match("dhcp_num", "0")) {
fprintf(fp, "static,");
} else {
fprintf(fp, "%d.%d.%d.%d,",
get_single_ip(nvram_safe_get
("lan_ipaddr"), 0),
get_single_ip(nvram_safe_get
("lan_ipaddr"), 1),
get_single_ip(nvram_safe_get
("lan_ipaddr"), 2),
atoi(nvram_safe_get("dhcp_start")) +
atoi(nvram_safe_get("dhcp_num")) - 1);
}
fprintf(fp, "%s,", nvram_safe_get("lan_netmask"));
fprintf(fp, "%sm\n", nvram_safe_get("dhcp_lease"));
}
for (i = 0; i < mdhcpcount; i++) {
if (strcmp(getmdhcp(1, i), "On"))
continue;
if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0
|| strlen(nvram_nget("%s_netmask", getmdhcp(0, i)))
== 0)
continue;
fprintf(fp, "dhcp-range=%s,", getmdhcp(0, i));
fprintf(fp, "%d.%d.%d.",
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
0),
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
1),
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
2));
fprintf(fp, "%s,", getmdhcp(2, i));
fprintf(fp, "%d.%d.%d.",
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
0),
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
1),
get_single_ip(nvram_nget
("%s_ipaddr", getmdhcp(0, i)),
2));
int end = atoi(getmdhcp(2, i));
end += atoi(getmdhcp(3, i));
fprintf(fp, "%d,", end);
fprintf(fp, "%s,",
nvram_nget("%s_netmask", getmdhcp(0, i)));
fprintf(fp, "%sm\n", getmdhcp(4, i));
}
int leasenum = atoi(nvram_safe_get("static_leasenum"));
if (leasenum > 0) {
char *lease = nvram_safe_get("static_leases");
char *leasebuf = (char *)malloc(strlen(lease) + 1);
char *cp = leasebuf;
strcpy(leasebuf, lease);
for (i = 0; i < leasenum; i++) {
char *mac = strsep(&leasebuf, "=");
char *host = strsep(&leasebuf, "=");
char *ip = strsep(&leasebuf, "=");
char *time = strsep(&leasebuf, " ");
if (mac == NULL || host == NULL || ip == NULL)
continue;
if (!time || strlen(time) == 0)
fprintf(fp,
"dhcp-host=%s,%s,%s,infinite\n",
mac, host, ip);
else
fprintf(fp, "dhcp-host=%s,%s,%s,%sm\n",
mac, host, ip, time);
addHost(host, ip);
}
free(cp);
}
}
/* stop dns rebinding for private addresses */
if (nvram_match("dnsmasq_no_dns_rebind", "1")) {
fprintf(fp, "stop-dns-rebind\n");
}
/*
* Additional options
*/
if (nvram_invmatch("dnsmasq_options", "")) {
fwritenvram("dnsmasq_options", fp);
}
fclose(fp);
dns_to_resolv();
chmod("/etc/lease_update.sh", 0700);
ret = eval("dnsmasq", "--conf-file=/tmp/dnsmasq.conf");
dd_syslog(LOG_INFO, "dnsmasq : dnsmasq daemon successfully started\n");
cprintf("done\n");
return;
}
