void setMacFilter(char *iface) { char *next; char var[32]; char nvvar[32]; sysprintf("iwpriv %s set ACLClearAll=1", getRADev(iface)); sysprintf("iwpriv %s set AccessPolicy=0", getRADev(iface)); sprintf(nvvar, "%s_macmode", iface); if (nvram_match(nvvar, "deny")) { sysprintf("iwpriv %s set AccessPolicy=2", getRADev(iface)); char nvlist[32]; sprintf(nvlist, "%s_maclist", iface); foreach(var, nvram_safe_get(nvlist), next) { sysprintf("iwpriv %s set ACLAddEntry=%s", getRADev(iface), var); }
void setupSupplicant(char *prefix) { char akm[16]; sprintf(akm, "%s_akm", prefix); char wmode[16]; sprintf(wmode, "%s_mode", prefix); if (nvram_match(akm, "8021X")) { char fstr[32]; char psk[64]; char ath[64]; sprintf(fstr, "/tmp/%s_wpa_supplicant.conf", prefix); FILE *fp = fopen(fstr, "wb"); fprintf(fp, "ap_scan=1\n"); fprintf(fp, "fast_reauth=1\n"); fprintf(fp, "eapol_version=1\n"); fprintf(fp, "network={\n"); sprintf(psk, "%s_ssid", prefix); fprintf(fp, "\tssid=\"%s\"\n", nvram_safe_get(psk)); fprintf(fp, "\tscan_ssid=1\n"); if (nvram_prefix_match("8021xtype", prefix, "tls")) { // -> added habeIchVergessen char *keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); char *wpaOpts[40]; if (strlen(keyExchng)==0) nvram_nset("wep","%s_tls8021xkeyxchng", prefix); sprintf(wpaOpts, ""); keyExchng = nvram_nget("%s_tls8021xkeyxchng", prefix); if (strcmp("wpa2", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP\n\tgroup=CCMP\n"); if (strcmp("wpa2mixed", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=CCMP TKIP\n\tgroup=CCMP TKIP\n"); if (strcmp("wpa", keyExchng) == 0) sprintf(wpaOpts, "\tpairwise=TKIP\n\tgroup=TKIP\n"); fprintf(fp, "\tkey_mgmt=%s\n%s", (strlen(wpaOpts) == 0 ? "IEEE8021X" : "WPA-EAP"), wpaOpts); // <- added habeIchVergessen fprintf(fp, "\teap=TLS\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("tls8021xuser", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_tls8021xca", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.pem", prefix); sprintf(ath, "%s_tls8021xpem", prefix); write_nvram(psk, ath); sprintf(psk, "/tmp/%s/user.prv", prefix); sprintf(ath, "%s_tls8021xprv", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=/tmp/%s/ca.pem\n", prefix); fprintf(fp, "\tclient_cert=/tmp/%s/user.pem\n", prefix); fprintf(fp, "\tprivate_key=/tmp/%s/user.prv\n", prefix); fprintf(fp, "\tprivate_key_passwd=\"%s\"\n", nvram_prefix_get("tls8021xpasswd", prefix)); fprintf(fp, "\teapol_flags=3\n"); if (strlen(nvram_nget("%s_tls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_tls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_tls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_tls8021xanon", prefix)); } if (strlen(nvram_nget("%s_tls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_tls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "peap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=PEAP\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tphase1=\"peapver=0\"\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("peap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("peap8021xpasswd", prefix)); sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_peap8021xca", prefix); if (!nvram_match(ath, "")) { write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_peap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_peap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_peap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_peap8021xanon", prefix)); } if (strlen(nvram_nget("%s_peap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_peap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "ttls")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=TTLS\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("ttls8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("ttls8021xpasswd", prefix)); if (strlen(nvram_nget("%s_ttls8021xca", prefix)) > 0) { sprintf(psk, "/tmp/%s", prefix); mkdir(psk); sprintf(psk, "/tmp/%s/ca.pem", prefix); sprintf(ath, "%s_ttls8021xca", prefix); write_nvram(psk, ath); fprintf(fp, "\tca_cert=\"/tmp/%s/ca.pem\"\n", prefix); } if (strlen(nvram_nget("%s_ttls8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_ttls8021xphase2", prefix)); } if (strlen(nvram_nget("%s_ttls8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_ttls8021xanon", prefix)); } if (strlen(nvram_nget("%s_ttls8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_ttls8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } if (nvram_prefix_match("8021xtype", prefix, "leap")) { fprintf(fp, "\tkey_mgmt=WPA-EAP\n"); fprintf(fp, "\teap=LEAP\n"); fprintf(fp, "\tauth_alg=LEAP\n"); fprintf(fp, "\tproto=WPA RSN\n"); fprintf(fp, "\tpairwise=CCMP TKIP\n"); fprintf(fp, "\tgroup=CCMP TKIP\n"); fprintf(fp, "\tidentity=\"%s\"\n", nvram_prefix_get("leap8021xuser", prefix)); fprintf(fp, "\tpassword=\"%s\"\n", nvram_prefix_get("leap8021xpasswd", prefix)); if (strlen(nvram_nget("%s_leap8021xphase2", prefix)) > 0) { fprintf(fp, "\tphase2=\"%s\"\n", nvram_nget("%s_leap8021xphase2", prefix)); } if (strlen(nvram_nget("%s_leap8021xanon", prefix)) > 0) { fprintf(fp, "\tanonymous_identity=\"%s\"\n", nvram_nget("%s_leap8021xanon", prefix)); } if (strlen(nvram_nget("%s_leap8021xaddopt", prefix)) > 0) { sprintf(ath, "%s_leap8021xaddopt", prefix); fprintf(fp, "\t"); // tab fwritenvram(ath, fp); fprintf(fp, "\n"); // extra new line at the end } } fprintf(fp, "}\n"); fclose(fp); sprintf(psk, "-i%s", getRADev(prefix)); char bvar[32]; sprintf(bvar, "%s_bridged", prefix); if (nvram_match(bvar, "1") && (nvram_match(wmode, "wdssta") || nvram_match(wmode, "wet"))) eval("wpa_supplicant", "-b", nvram_safe_get("lan_ifname"), "-B", "-Dralink", psk, "-c", fstr); else eval("wpa_supplicant", "-B", "-Dralink", psk, "-c", fstr); } }