mirror of
https://github.com/Telecominfraproject/ols-ucentral-schema.git
synced 2025-10-30 09:42:30 +00:00
add FCC restriction support
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
@@ -4,6 +4,8 @@ let uci = require("uci");
|
||||
let ubus = require("ubus");
|
||||
let capabfile = fs.open("/etc/ucentral/capabilities.json", "r");
|
||||
let capab = json(capabfile.read("all"));
|
||||
let restrictfile = fs.open("/etc/ucentral/restrictions.json", "r");
|
||||
let restrict = restrictfile ? json(restrictfile.read("all")) : null;
|
||||
let cmdfile = fs.open(ARGV[0], "r");
|
||||
let cmd = json(cmdfile.read("all"));
|
||||
let id = ARGV[1];
|
||||
@@ -50,6 +52,7 @@ let scope = {
|
||||
cursor: uci.cursor(),
|
||||
ctx,
|
||||
fs,
|
||||
restrict,
|
||||
|
||||
/* log helper */
|
||||
log,
|
||||
|
||||
@@ -8,6 +8,17 @@ if (!args.id || !args.server || !args.port || !args.token || !args.timeout) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (restrict.rtty) {
|
||||
result_json({
|
||||
"error": 2,
|
||||
"text": "RTTY is restricted.",
|
||||
"resultCode": -1
|
||||
});
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
cursor.load("rtty");
|
||||
cursor.set("rtty", "@rtty[-1]", "enable", 1);
|
||||
cursor.set("rtty", "@rtty[-1]", "id", args.id);
|
||||
|
||||
@@ -33,6 +33,23 @@ else if (!validation_result.valid) {
|
||||
return;
|
||||
}
|
||||
|
||||
function verify_signature(file, signature) {
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
if (restrict.sysupgrade) {
|
||||
if (!verify_signature(image_path, args.signature)) {
|
||||
result_json({
|
||||
"error": 2,
|
||||
"text": "Invalid signature",
|
||||
"resultCode": -1
|
||||
});
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
let archive_cmdline = [
|
||||
'tar', 'czf', '/tmp/sysupgrade.tgz',
|
||||
'/etc/config/ucentral'
|
||||
@@ -42,7 +59,7 @@ let files = [
|
||||
"/etc/ucentral/cas.pem", "/etc/ucentral/cert.pem",
|
||||
"/etc/ucentral/redirector.json", "/etc/ucentral/dev-id",
|
||||
"/etc/ucentral/key.pem", "/etc/config/ucentral",
|
||||
"/etc/ucentral/profile.json"
|
||||
"/etc/ucentral/profile.json", "/etc/ucentral/restrictions.json"
|
||||
];
|
||||
for (let f in files)
|
||||
if (fs.stat(f))
|
||||
|
||||
@@ -12,6 +12,9 @@ let conn = ubus ? ubus.connect() : null;
|
||||
let capabfile = fs.open("/etc/ucentral/capabilities.json", "r");
|
||||
let capab = capabfile ? json(capabfile.read("all")) : null;
|
||||
|
||||
let restrictfile = fs.open("/etc/ucentral/restrictions.json", "r");
|
||||
let restrict = restrictfile ? json(restrictfile.read("all")) : {};
|
||||
|
||||
let serial = cursor.get("ucentral", "config", "serial");
|
||||
|
||||
assert(cursor, "Unable to instantiate uci");
|
||||
@@ -1087,6 +1090,7 @@ return /** @lends uCentral.prototype */ {
|
||||
location: '/',
|
||||
cursor,
|
||||
capab,
|
||||
restrict,
|
||||
|
||||
/** @member {uCentral.files} */
|
||||
files,
|
||||
|
||||
@@ -57,6 +57,9 @@
|
||||
radio.country = capab.country_code;
|
||||
}
|
||||
|
||||
if (length(restrict.country) && !(radio.country in restrict.country))
|
||||
die("Country code is restricted");
|
||||
|
||||
function allowed_channel(radio) {
|
||||
if (radio.channel_width == 20)
|
||||
return true;
|
||||
@@ -133,6 +136,11 @@
|
||||
|
||||
return modes[require_mode] || '';
|
||||
}
|
||||
|
||||
if (restrict.dfs && radio.allow_dfs) {
|
||||
warn('DFS is restricted.');
|
||||
radio.allow_dfs = false;
|
||||
}
|
||||
%}
|
||||
|
||||
# Wireless Configuration
|
||||
@@ -154,7 +162,8 @@ set wireless.{{ phy.section }}.chan_bw={{ radio.bandwidth }}
|
||||
set wireless.{{ phy.section }}.maxassoc={{ radio.maximum_clients }}
|
||||
set wireless.{{ phy.section }}.noscan=1
|
||||
set wireless.{{ phy.section }}.acs_exclude_dfs={{ b(!radio.allow_dfs) }}
|
||||
{% if (radio.allow_dfs) for (let channel in radio.valid_channels): %}
|
||||
{% for (let channel in radio.valid_channels): %}
|
||||
{% if (!radio.allow_dfs && channel in phy.dfs_channels) continue %}
|
||||
add_list wireless.{{ phy.section }}.channels={{ channel }}
|
||||
{% endfor %}
|
||||
{% if (radio.he_settings && phy.he_mac_capa && match(htmode, /HE.*/)): %}
|
||||
|
||||
@@ -1,8 +1,17 @@
|
||||
{% let interfaces = services.lookup_interfaces("ssh") %}
|
||||
{% let enable = length(interfaces) %}
|
||||
{% services.set_enabled("dropbear", enable) %}
|
||||
{% if (!enable) return %}
|
||||
{% files.add_named("/etc/dropbear/authorized_keys", join("\n", ssh.authorized_keys || []) + "\n") %}
|
||||
{%
|
||||
let interfaces = services.lookup_interfaces("ssh");
|
||||
let enable = length(interfaces);
|
||||
|
||||
if (restrict.ssh && enable) {
|
||||
warn('SSH is restricted');
|
||||
enable = false;
|
||||
}
|
||||
|
||||
services.set_enabled("dropbear", enable);
|
||||
if (!enable)
|
||||
return;
|
||||
files.add_named("/etc/dropbear/authorized_keys", join("\n", ssh.authorized_keys || []) + "\n");
|
||||
%}
|
||||
|
||||
# SSH service configuration
|
||||
|
||||
|
||||
Reference in New Issue
Block a user