// unfinished. do not use void start_wifidog(void) { if (nvram_match("wd_enable", "1")) { insmod("ipt_mark"); insmod("ipt_mac"); insmod("xt_mark"); insmod("xt_mac"); mkdir("/tmp/wifidog/", 0744); FILE *fp = fopen("/tmp/wifidog/wifidog.conf", "wb"); if (!strlen(nvram_safe_get("wd_gwid"))) fprintf(fp, "GatewayID %s\n", nvram_safe_get("router_name")); else fprintf(fp, "GatewayID %s\n", nvram_safe_get("wd_gwid")); if (nvram_invmatch("wan_proto", "disabled")) //WIP fprintf(fp, "ExternalInterface %s\n", get_wan_face()); else fprintf(fp, "ExternalInterface %s\n", nvram_safe_get("wd_extiface")); fprintf(fp, "GatewayInterface %s\n", nvram_safe_get("wd_iface")); // fprintf (fp, "Portal %s\n", nvram_safe_get ("wd_url")); fprintf(fp, "GatewayPort %s\n", nvram_safe_get("wd_gwport")); fprintf(fp, "HTTPDMaxConn %s\n", nvram_safe_get("wd_httpdcon")); fprintf(fp, "HTTPDName %s\n", nvram_safe_get("wd_httpdname")); fprintf(fp, "CheckInterval %s\n", nvram_safe_get("wd_interval")); fprintf(fp, "ClientTimeout %s\n", nvram_safe_get("wd_timeout")); fprintf(fp, "TrustedMACList %s\n", nvram_safe_get("wd_maclist")); fprintf(fp, "AuthServer {\n"); fprintf(fp, "Hostname %s\n", nvram_safe_get("wd_hostname")); fprintf(fp, "SSLAvailable %s\n", nvram_match("wd_sslavailable", "1") ? "yes" : "no"); fprintf(fp, "SSLPort %s\n", nvram_safe_get("wd_sslport")); fprintf(fp, "HTTPPort %s\n", nvram_safe_get("wd_httpport")); if (strlen(nvram_safe_get("wd_messagefile")) > 0) { fprintf(fp, "HtmlMessageFile %s\n", nvram_safe_get("wd_messagefile")); } if (nvram_match("wd_auth", "1")) { if (strlen(nvram_safe_get("wd_realm")) > 0) fprintf(fp, "HTTPDRealm %s\n", nvram_safe_get("wd_realm")); fprintf(fp, "HTTPDUserName %s\n", nvram_safe_get("wd_username")); fprintf(fp, "HTTPDPassword %s\n", nvram_safe_get("wd_password")); } fprintf(fp, "Path %s\n", nvram_safe_get("wd_path")); fprintf(fp, "}\n"); if (strlen(nvram_safe_get("wd_config")) > 0) { fwritenvram("wd_config", fp); } else { fprintf(fp, "FirewallRuleSet validating-users {\n"); fprintf(fp, "FirewallRule allow to 0.0.0.0/0\n"); fprintf(fp, "}\n"); fprintf(fp, "FirewallRuleSet known-users {\n"); fprintf(fp, "FirewallRule allow to 0.0.0.0/0\n"); fprintf(fp, "}\n"); fprintf(fp, "FirewallRuleSet unknown-users {\n"); fprintf(fp, "FirewallRule allow udp port 53\n"); fprintf(fp, "FirewallRule allow tcp port 53\n"); fprintf(fp, "FirewallRule allow udp port 67\n"); fprintf(fp, "FirewallRule allow tcp port 67\n"); fprintf(fp, "}\n"); fprintf(fp, "FirewallRuleSet locked-users {\n"); fprintf(fp, "FirewallRule block to 0.0.0.0/0\n"); fprintf(fp, "}\n"); } fclose(fp); eval("wifidog"); dd_syslog(LOG_INFO, "wifidog successfully started\n"); eval("iptables", "-D", "FORWARD", "-i", nvram_safe_get("wd_iface"), "-d", nvram_safe_get("wd_hostname"), "-j", "ACCEPT"); eval("iptables", "-I", "FORWARD", "-i", nvram_safe_get("wd_iface"), "-d", nvram_safe_get("wd_hostname"), "-j", "ACCEPT"); } #ifdef HAVE_TIEXTRA2 start_mwifidog(); #endif }
static void create_pptp_config(char *servername, char *username) { FILE *fp; mkdir("/tmp/ppp", 0777); symlink("/sbin/rc", "/tmp/ppp/ip-up"); symlink("/sbin/rc", "/tmp/ppp/ip-down"); symlink("/dev/null", "/tmp/ppp/connect-errors"); /* * Generate options file */ if (!(fp = fopen("/tmp/ppp/options", "w"))) { perror("/tmp/ppp/options"); return; } fprintf(fp, "defaultroute\n"); // Add a default route to the // system routing tables, using the peer as the gateway fprintf(fp, "usepeerdns\n"); // Ask the peer for up to 2 DNS // server addresses fprintf(fp, "pty 'pptp %s --localbind %s --nolaunchpppd", servername,nvram_safe_get("wan_ipaddr")); if (nvram_match("pptp_reorder", "0")) fprintf(fp, " --nobuffer"); // PPTP client also supports synchronous mode. // This should improve the speeds. if (nvram_match("pptp_synchronous", "1")) fprintf(fp, " --sync'\nsync\n"); else fprintf(fp, "'\n"); fprintf(fp, "user '%s'\n", username); // fprintf(fp, "persist\n"); // Do not exit after a connection is terminated. if (nvram_match("mtu_enable", "1")) fprintf(fp, "mtu %s\n", nvram_safe_get("wan_mtu")); if (nvram_match("ppp_demand", "1")) { // demand mode fprintf(fp, "idle %d\n", nvram_match("ppp_demand", "1") ? atoi(nvram_safe_get("ppp_idletime")) * 60 : 0); fprintf(fp, "demand\n"); // Dial on demand fprintf(fp, "persist\n"); // Do not exit after a connection is // terminated. fprintf(fp, "%s:%s\n", PPP_PSEUDO_IP, PPP_PSEUDO_GW); // <local // IP>:<remote // IP> fprintf(fp, "ipcp-accept-remote\n"); fprintf(fp, "ipcp-accept-local\n"); fprintf(fp, "connect true\n"); fprintf(fp, "noipdefault\n"); // Disables the default // behaviour when no local IP // address is specified fprintf(fp, "ktune\n"); // Set /proc/sys/net/ipv4/ip_dynaddr // to 1 in demand mode if the local // address changes } else { // keepalive mode start_redial(); } if (nvram_match("pptp_encrypt", "0")) { fprintf(fp, "nomppe\n"); // Disable mppe negotiation fprintf(fp, "noccp\n"); // Disable CCP (Compression Control // Protocol) } else { fprintf(fp, "mppe required,stateless\n"); } fprintf(fp, "default-asyncmap\n"); // Disable asyncmap negotiation fprintf(fp, "nopcomp\n"); // Disable protocol field compression fprintf(fp, "noaccomp\n"); // Disable Address/Control compression fprintf(fp, "novj\n"); // Disable Van Jacobson style TCP/IP header compression fprintf(fp, "nobsdcomp\n"); // Disables BSD-Compress compression fprintf(fp, "nodeflate\n"); // Disables Deflate compression fprintf(fp, "lcp-echo-failure 20\n"); fprintf(fp, "lcp-echo-interval 3\n"); // echo-request frame to the peer fprintf(fp, "noipdefault\n"); fprintf(fp, "lock\n"); fprintf(fp, "noauth\n"); fprintf(fp, "debug\n" "logfd 2\n"); if (nvram_invmatch("pptp_extraoptions", "")) fwritenvram("pptp_extraoptions", fp); fclose(fp); }
void setupSupplicant(char *prefix) { char akm[16]; sprintf(akm, "%s_akm", prefix); char wmode[16]; sprintf(wmode, "%s_mode", prefix); if (nvram_match(akm, "wep")) { char key[16]; int cnt = 1; int i; char bul[8]; for (i = 1; i < 5; i++) { sprintf(key, "%s_key%d", prefix, i); char *athkey = nvram_safe_get(key); if (athkey != NULL && strlen(athkey) > 0) { sprintf(bul, "[%d]", cnt++); eval("iwconfig", prefix, "key", bul, athkey); // setup wep // encryption // key } } sprintf(key, "%s_key", prefix); sprintf(bul, "[%s]", nvram_safe_get(key)); eval("iwconfig", prefix, "key", bul); // eval ("iwpriv", prefix, "authmode", "2"); } else if (nvram_match(akm, "psk") || nvram_match(akm, "psk2") || nvram_match(akm, "psk psk2")) { char fstr[64]; char psk[16]; sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix); FILE *fp = fopen(fstr, "wb"); #ifdef HAVE_MAKSAT fprintf(fp, "ap_scan=1\n"); #elif HAVE_NEWMEDIA fprintf(fp, "ap_scan=1\n"); #else fprintf(fp, "ap_scan=2\n"); #endif fprintf(fp, "fast_reauth=1\n"); fprintf(fp, "eapol_version=1\n"); // fprintf (fp, "ctrl_interface_group=0\n"); // fprintf (fp, "ctrl_interface=/var/run/wpa_supplicant\n"); fprintf(fp, "network={\n"); sprintf(psk, "%s_ssid", prefix); fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk)); // fprintf (fp, "\tmode=0\n"); fprintf(fp, "\tscan_ssid=1\n"); fprintf(fp, "\tkey_mgmt=WPA-PSK\n"); sprintf(psk, "%s_crypto", prefix); if (nvram_match(psk, "aes")) { #if 1 fprintf(fp, "\tpairwise=CCMP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); #else fprintf(fp, "\tpairwise=CCMP\n"); fprintf(fp, "\tgroup=CCMP\n"); #endif } if (nvram_match(psk, "tkip")) { fprintf(fp, "\tpairwise=TKIP\n"); fprintf(fp, "\tgroup=TKIP\n"); } if (nvram_match(psk, "tkip+aes")) { fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); } if (nvram_match(akm, "psk")) fprintf(fp, "\tproto=WPA\n"); if (nvram_match(akm, "psk2")) fprintf(fp, "\tproto=RSN\n"); if (nvram_match(akm, "psk psk2")) fprintf(fp, "\tproto=WPA RSN\n"); sprintf(psk, "%s_wpa_psk", prefix); fprintf(fp, "\tpsk=\"%s\"\n", nvram_safe_get(psk)); fprintf(fp, "}\n"); fclose(fp); if (!strcmp(prefix, "wl0")) sprintf(psk, "-i%s", nvram_safe_get("wl0_ifname")); else if (!strcmp(prefix, "wl1")) sprintf(psk, "-i%s", nvram_safe_get("wl1_ifname")); else sprintf(psk, "-i%s", prefix); if (nvram_match(wmode, "wdssta") || nvram_match(wmode, "wet")) eval("wpa_supplicant", "-b", getBridge(prefix), "-B", "-Dwext", psk, "-c", fstr); else eval("wpa_supplicant", "-B", "-Dwext", psk, "-c", fstr); } else if (nvram_match(akm, "8021X")) { char fstr[32]; char psk[64]; char ath[64]; sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix); FILE *fp = fopen(fstr, "wb"); fprintf(fp, "ap_scan=1\n"); fprintf(fp, "fast_reauth=1\n"); fprintf(fp, "eapol_version=1\n"); // fprintf (fp, "ctrl_interface_group=0\n"); // fprintf (fp, "ctrl_interface=/var/run/wpa_supplicant\n"); fprintf(fp, "network={\n"); sprintf(psk, "%s_ssid", prefix); fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk)); fprintf(fp, "\tscan_ssid=1\n"); if (nvram_prefix_match("8021xtype", prefix, "tls")) { // -> added habeIchVergessen char *keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); char *wpaOpts[40]; if (strlen(keyExchng) == 0) nvram_nset("wep", "%s_tls8021xkeyxchng", prefix); sprintf(wpaOpts, ""); keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); if (strcmp("wpa2", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP\n\tgroup=CCMP\n"); if (strcmp("wpa2mixed", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP TKIP\n\tgroup=CCMP TKIP\n"); if (strcmp("wpa", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=TKIP\n\tgroup=TKIP\n"); fprintf(fp, "\tkey_mgmt=%s\n%s", (strlen(wpaOpts) == 0 ? "IEEE8021X" : "WPA-EAP"), wpaOpts); // <- added habeIchVergessen fprintf(fp, "\teap=TLS\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("tls8021xuser", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk, 0700); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_tls8021xca", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.pem", prefix); sprintf(ath, "%s_tls8021xpem", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.prv", prefix); sprintf(ath, "%s_tls8021xprv", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=/tmp/%s/ca.pem\n", prefix); fprintf(fp, "\tclient_cert=/tmp/%s/user.pem\n", prefix); fprintf(fp, "\tprivate_key=/tmp/%s/user.prv\n", prefix); fprintf(fp, "\tprivate_key_passwd=\"%s\"\n", nvram_prefix_get("tls8021xpasswd", prefix)); fprintf(fp, "\teapol_flags=3\n"); if (strlen(nvram_nget("%s_tls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_tls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_tls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_tls8021xanon", prefix)); } if (strlen(nvram_nget("%s_tls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_tls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "peap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=PEAP\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tphase1=\"peapver=0\"\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("peap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("peap8021xpasswd", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk, 0700); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_peap8021xca", prefix); if (!nvram_match(ath, "")) { write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_peap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_peap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_peap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_peap8021xanon", prefix)); } if (strlen(nvram_nget("%s_peap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_peap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "ttls")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=TTLS\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("ttls8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("ttls8021xpasswd", prefix)); if (strlen(nvram_nget("%s_ttls8021xca", prefix)) > 0) { sprintf(psk, "/tmp/%s", prefix); mkdir(psk, 0700); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_ttls8021xca", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_ttls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_ttls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_ttls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_ttls8021xanon", prefix)); } if (strlen(nvram_nget("%s_ttls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_ttls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "leap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=LEAP\n"); fprintf(fp, "\tauth_alg=LEAP\n"); fprintf(fp, "\tproto=WPA RSN\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("leap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("leap8021xpasswd", prefix)); if (strlen(nvram_nget("%s_leap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_leap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_leap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_leap8021xanon", prefix)); } if (strlen(nvram_nget("%s_leap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_leap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } fprintf(fp, "}\n"); fclose(fp); if (!strcmp(prefix, "wl0")) sprintf(psk, "-i%s", nvram_safe_get("wl0_ifname")); else if (!strcmp(prefix, "wl1")) sprintf(psk, "-i%s", nvram_safe_get("wl1_ifname")); else sprintf(psk, "-i%s", prefix); char bvar[32]; sprintf(bvar, "%s_bridged", prefix); if (nvram_match(bvar, "1") && (nvram_match(wmode, "wdssta") || nvram_match(wmode, "wet"))) eval("wpa_supplicant", "-b", nvram_safe_get("lan_ifname"), "-B", "-Dwext", psk, "-c", fstr); else eval("wpa_supplicant", "-B", "-Dwext", psk, "-c", fstr); } else { eval("iwconfig", prefix, "key", "off"); // eval ("iwpriv", prefix, "authmode", "0"); } }
void setupSupplicant(char *prefix) { char akm[16]; sprintf(akm, "%s_akm", prefix); char wmode[16]; sprintf(wmode, "%s_mode", prefix); if (nvram_match(akm, "8021X")) { char fstr[32]; char psk[64]; char ath[64]; sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix); FILE *fp = fopen(fstr, "wb"); fprintf(fp, "ap_scan=1\n"); fprintf(fp, "fast_reauth=1\n"); fprintf(fp, "eapol_version=1\n"); fprintf(fp, "network={\n"); sprintf(psk, "%s_ssid", prefix); fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk)); fprintf(fp, "\tscan_ssid=1\n"); if (nvram_prefix_match("8021xtype", prefix, "tls")) { // -> added habeIchVergessen char *keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); char *wpaOpts[40]; if (strlen(keyExchng)==0) nvram_nset("wep","%s_tls8021xkeyxchng", prefix); sprintf(wpaOpts, ""); keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); if (strcmp("wpa2", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP\n\tgroup=CCMP\n"); if (strcmp("wpa2mixed", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP TKIP\n\tgroup=CCMP TKIP\n"); if (strcmp("wpa", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=TKIP\n\tgroup=TKIP\n"); fprintf(fp, "\tkey_mgmt=%s\n%s", (strlen(wpaOpts) == 0 ? "IEEE8021X" : "WPA-EAP"), wpaOpts); // <- added habeIchVergessen fprintf(fp, "\teap=TLS\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("tls8021xuser", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_tls8021xca", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.pem", prefix); sprintf(ath, "%s_tls8021xpem", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.prv", prefix); sprintf(ath, "%s_tls8021xprv", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=/tmp/%s/ca.pem\n", prefix); fprintf(fp, "\tclient_cert=/tmp/%s/user.pem\n", prefix); fprintf(fp, "\tprivate_key=/tmp/%s/user.prv\n", prefix); fprintf(fp, "\tprivate_key_passwd=\"%s\"\n", nvram_prefix_get("tls8021xpasswd", prefix)); fprintf(fp, "\teapol_flags=3\n"); if (strlen(nvram_nget("%s_tls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_tls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_tls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_tls8021xanon", prefix)); } if (strlen(nvram_nget("%s_tls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_tls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "peap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=PEAP\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tphase1=\"peapver=0\"\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("peap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("peap8021xpasswd", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_peap8021xca", prefix); if (!nvram_match(ath, "")) { write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_peap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_peap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_peap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_peap8021xanon", prefix)); } if (strlen(nvram_nget("%s_peap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_peap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "ttls")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=TTLS\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("ttls8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("ttls8021xpasswd", prefix)); if (strlen(nvram_nget("%s_ttls8021xca", prefix)) > 0) { sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_ttls8021xca", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_ttls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_ttls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_ttls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_ttls8021xanon", prefix)); } if (strlen(nvram_nget("%s_ttls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_ttls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "leap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=LEAP\n"); fprintf(fp, "\tauth_alg=LEAP\n"); fprintf(fp, "\tproto=WPA RSN\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("leap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("leap8021xpasswd", prefix)); if (strlen(nvram_nget("%s_leap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_leap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_leap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_leap8021xanon", prefix)); } if (strlen(nvram_nget("%s_leap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_leap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } fprintf(fp, "}\n"); fclose(fp); sprintf(psk, "-i%s", getRADev(prefix)); char bvar[32]; sprintf(bvar, "%s_bridged", prefix); if (nvram_match(bvar, "1") && (nvram_match(wmode, "wdssta") || nvram_match(wmode, "wet"))) eval("wpa_supplicant", "-b", nvram_safe_get("lan_ifname"), "-B", "-Dralink", psk, "-c", fstr); else eval("wpa_supplicant", "-B", "-Dralink", psk, "-c", fstr); } }
void start_dnsmasq(void) { FILE *fp; struct dns_lists *dns_list = NULL; int ret; int i; if (nvram_match("dhcp_dnsmasq", "1") && nvram_match("lan_proto", "dhcp") && nvram_match("dnsmasq_enable", "0")) { nvram_set("dnsmasq_enable", "1"); nvram_commit(); } if (!nvram_invmatch("dnsmasq_enable", "0")) { stop_dnsmasq(); return; } usejffs = 0; if (nvram_match("dhcpd_usejffs", "1")) { if (!(fp = fopen("/jffs/dnsmasq.leases", "a"))) { usejffs = 0; } else { fclose(fp); usejffs = 1; } } /* * Write configuration file based on current information */ if (!(fp = fopen("/tmp/dnsmasq.conf", "w"))) { perror("/tmp/dnsmasq.conf"); return; } // fprintf(fp, "bind-interfaces\n"); if (nvram_match("chilli_enable", "1")) { if (canlan()) fprintf(fp, "interface=%s", get_wdev()); else fprintf(fp, "interface=%s,", get_wdev()); } else if (nvram_match("pptpd_enable", "1")) { if (canlan()) fprintf(fp, "listen-address=%s,%s", "127.0.0.1", nvram_safe_get("lan_ipaddr")); else fprintf(fp, "listen-address=%s", "127.0.0.1"); } else { if (canlan()) fprintf(fp, "interface=%s", nvram_safe_get("lan_ifname")); else fprintf(fp, "interface="); } int mdhcpcount = 0; if (nvram_get("mdhcpd_count") != NULL) { mdhcpcount = atoi(nvram_safe_get("mdhcpd_count")); for (i = 0; i < mdhcpcount; i++) { if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0 || strlen(nvram_nget("%s_netmask", getmdhcp(0, i))) == 0) continue; if (canlan() || i > 0) { if (nvram_match("pptpd_enable", "1")) fprintf(fp, ",%s", nvram_nget("%s_ipaddr", getmdhcp(0, i))); else fprintf(fp, ",%s", getmdhcp(0, i)); } else { if (nvram_match("pptpd_enable", "1")) fprintf(fp, "%s", nvram_nget("%s_ipaddr", getmdhcp(0, i))); else fprintf(fp, "%s", getmdhcp(0, i)); } } } fprintf(fp, "\n"); fprintf(fp, "resolv-file=/tmp/resolv.dnsmasq\n" "all-servers\n"); // /* * Domain */ if (nvram_match("dhcp_domain", "wan")) { if (nvram_invmatch("wan_domain", "")) fprintf(fp, "domain=%s\n", nvram_safe_get("wan_domain")); else if (nvram_invmatch("wan_get_domain", "")) fprintf(fp, "domain=%s\n", nvram_safe_get("wan_get_domain")); } else { if (nvram_invmatch("lan_domain", "")) fprintf(fp, "domain=%s\n", nvram_safe_get("lan_domain")); } /* * DD-WRT use dnsmasq as DHCP replacement */ //bs mod if (hasdhcp()) { /* * DHCP leasefile */ if (nvram_match("dhcpd_usenvram", "1")) { fprintf(fp, "leasefile-ro\n"); fprintf(fp, "dhcp-script=%s\n", "/etc/lease_update.sh"); } else { if (usejffs) fprintf(fp, "dhcp-leasefile=/jffs/dnsmasq.leases\n"); else fprintf(fp, "dhcp-leasefile=/tmp/dnsmasq.leases\n"); } int dhcp_max = 0; if (landhcp()) dhcp_max += atoi(nvram_safe_get("dhcp_num")) + atoi(nvram_safe_get("static_leasenum")); for (i = 0; i < mdhcpcount; i++) { if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0 || strlen(nvram_nget("%s_netmask", getmdhcp(0, i))) == 0) continue; dhcp_max += atoi(getmdhcp(3, i)); } fprintf(fp, "dhcp-lease-max=%d\n", dhcp_max); if (landhcp()) fprintf(fp, "dhcp-option=lan,3,%s\n", nvram_safe_get("lan_ipaddr")); for (i = 0; i < mdhcpcount; i++) { if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0 || strlen(nvram_nget("%s_netmask", getmdhcp(0, i))) == 0) continue; fprintf(fp, "dhcp-option=%s,3,", getmdhcp(0, i)); fprintf(fp, "%s\n", nvram_nget("%s_ipaddr", getmdhcp(0, i))); } if (nvram_invmatch("wan_wins", "") && nvram_invmatch("wan_wins", "0.0.0.0")) fprintf(fp, "dhcp-option=44,%s\n", nvram_safe_get("wan_wins")); if (nvram_match("dns_dnsmasq", "0")) { dns_list = get_dns_list(); if (dns_list && (strlen(dns_list->dns_server[0]) > 0 || strlen(dns_list->dns_server[1]) > 0 || strlen(dns_list->dns_server[2]) > 0)) { fprintf(fp, "dhcp-option=6"); if (strlen(dns_list->dns_server[0]) > 0) fprintf(fp, ",%s", dns_list->dns_server[0]); if (strlen(dns_list->dns_server[1]) > 0) fprintf(fp, ",%s", dns_list->dns_server[1]); if (strlen(dns_list->dns_server[2]) > 0) fprintf(fp, ",%s", dns_list->dns_server[2]); fprintf(fp, "\n"); } if (dns_list) free(dns_list); } if (nvram_match("auth_dnsmasq", "1")) fprintf(fp, "dhcp-authoritative\n"); if (landhcp()) { fprintf(fp, "dhcp-range=lan,"); fprintf(fp, "%d.%d.%d.%s,", get_single_ip(nvram_safe_get("lan_ipaddr"), 0), get_single_ip(nvram_safe_get("lan_ipaddr"), 1), get_single_ip(nvram_safe_get("lan_ipaddr"), 2), nvram_safe_get("dhcp_start")); if (nvram_match("dhcp_num", "0")) { fprintf(fp, "static,"); } else { fprintf(fp, "%d.%d.%d.%d,", get_single_ip(nvram_safe_get ("lan_ipaddr"), 0), get_single_ip(nvram_safe_get ("lan_ipaddr"), 1), get_single_ip(nvram_safe_get ("lan_ipaddr"), 2), atoi(nvram_safe_get("dhcp_start")) + atoi(nvram_safe_get("dhcp_num")) - 1); } fprintf(fp, "%s,", nvram_safe_get("lan_netmask")); fprintf(fp, "%sm\n", nvram_safe_get("dhcp_lease")); } for (i = 0; i < mdhcpcount; i++) { if (strcmp(getmdhcp(1, i), "On")) continue; if (strlen(nvram_nget("%s_ipaddr", getmdhcp(0, i))) == 0 || strlen(nvram_nget("%s_netmask", getmdhcp(0, i))) == 0) continue; fprintf(fp, "dhcp-range=%s,", getmdhcp(0, i)); fprintf(fp, "%d.%d.%d.", get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 0), get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 1), get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 2)); fprintf(fp, "%s,", getmdhcp(2, i)); fprintf(fp, "%d.%d.%d.", get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 0), get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 1), get_single_ip(nvram_nget ("%s_ipaddr", getmdhcp(0, i)), 2)); int end = atoi(getmdhcp(2, i)); end += atoi(getmdhcp(3, i)); fprintf(fp, "%d,", end); fprintf(fp, "%s,", nvram_nget("%s_netmask", getmdhcp(0, i))); fprintf(fp, "%sm\n", getmdhcp(4, i)); } int leasenum = atoi(nvram_safe_get("static_leasenum")); if (leasenum > 0) { char *lease = nvram_safe_get("static_leases"); char *leasebuf = (char *)malloc(strlen(lease) + 1); char *cp = leasebuf; strcpy(leasebuf, lease); for (i = 0; i < leasenum; i++) { char *mac = strsep(&leasebuf, "="); char *host = strsep(&leasebuf, "="); char *ip = strsep(&leasebuf, "="); char *time = strsep(&leasebuf, " "); if (mac == NULL || host == NULL || ip == NULL) continue; if (!time || strlen(time) == 0) fprintf(fp, "dhcp-host=%s,%s,%s,infinite\n", mac, host, ip); else fprintf(fp, "dhcp-host=%s,%s,%s,%sm\n", mac, host, ip, time); addHost(host, ip); } free(cp); } } /* stop dns rebinding for private addresses */ if (nvram_match("dnsmasq_no_dns_rebind", "1")) { fprintf(fp, "stop-dns-rebind\n"); } /* * Additional options */ if (nvram_invmatch("dnsmasq_options", "")) { fwritenvram("dnsmasq_options", fp); } fclose(fp); dns_to_resolv(); chmod("/etc/lease_update.sh", 0700); ret = eval("dnsmasq", "--conf-file=/tmp/dnsmasq.conf"); dd_syslog(LOG_INFO, "dnsmasq : dnsmasq daemon successfully started\n"); cprintf("done\n"); return; }