This commit introduces a helper function "ratelimit_client()", invoked
from allow_client(), which parses the radius reply for known
ratelimiting attributes:
- WISPr-Bandwidth-Max-{Up,Down}
- ChilliSpot-Bandwidth-Max-{Up,Down}
WISPr attributes are expressed in bits/s, ChilliSpot in kbits/s.
If none of the attributes are present, the function is a NOP.
If any of the -Up or -Down is missing, the corresponding limit is not
set. NB: ratelimit currently does not support setting only up OR down
ratelimiting if defaults are not set.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
27b1d45 cmd_upgrade: create /ucentral.upgrade
7109e62 add captive portal devices to the bridger block list
Signed-off-by: John Crispin <john@phrozen.org>
/openwrt/build_dir/target-arm_cortex-a7_musl_eabi/uspot/radius.c:264:4: error: label at end of compound statement
default:
^
Signed-off-by: John Crispin <john@phrozen.org>
This is required per documentation and may result in segfault if not
used.
Also remove the "servers" settings which is unnecessary in the context
of a single server.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Streamline the code to make it easier to extend supported attributes,
and to clarify code flow. Improve error checking.
Add licensing information (with permission from John Crispin, original
author).
NB: a few things are still hardcoded toward the end of radius(), to be
revisited.
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This carries over two Chilli options used during mac authentication:
- macpasswd, which sets a static password when performing mac-auth
- macsuffix, which allows suffixing the mac address provided as username
These options are implemented in config uspot section as:
- option mac_passwd 'password'
- option mac_suffix 'suffix'
If unset, this commit is a NOP.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
If debug is disabled, this commit deletes the temporary json files
passed to radius-client.
Furthermore, to reduce the risk of collision, use a different prefix in
accounting.uc ('uacct') vs common.uc ('acct').
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
For basic uspot setups, this commit implements a 'generate' verb to
uspot /usr/bin/captive that takes a config uspot section name, and
parses the following extra options to generate the relevant spotfilter
config:
option generate_spotfilter (bool) # if unset/false, generate is a NOP
option interface 'name' # config/network interface name to redirect to
option client_autoremove (bool) # if set/true, sets client_autoremove
list wl_hosts '*.example.com' # optional list of whitelist hostnames
list wl_addrs '1.2.3.4' # optional list of whitelist IPs
"captive generate" is called in spotfilter.init to optionally (depending
on 'generate_spotfilter') create the required spotfilter-XXX.json before
starting spotfilter.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
The current uspot config uses a single named section to assign ifnames
to uspot interfaces like so:
config devices 'devices'
option wlanc0 'hotspot1'
option wlanc1 'hotspot1'
Where 'wlanc0' and 'wlanc1' are physical ifnames.
Code in common.uc also hardcodes a check to match ifnames with 'wlanc*'.
This comit gets rid of the "config device" sections and accepts in the
"config uspot" sections e.g.:
option ifname 'wlanc0'
or
list ifname 'wlanc0'
list ifname 'wlanc1'
The listed devices are then associated with the current uspot config
exactly as they were with the previous configuration system.
The hardcoded check in common.uc is also removed, allowing arbitrary
ifnames to be used.
Malformed sections are ignored with a warning. Subsequent duplicate
entries for a given ifname are be ignored with a warning.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This commit moves session id creation outside of radius_init() and
stores the identifier in ctx and client data, making it available to
various handlers.
The id is added to the list of uam_url parameters to be sent to the
backend.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Because _md[32] is defined as "char" instead of "unsigned char" in
uc_md5() and sprintf() is used instead of snprintf(), the resulting
string can be malformed (padded with FF for negative values) and
can overflow the target buffer, producing strings like:
21FFFF0D12FFFF6A48651050FFFF4CFFFFFFBA
FFFFFF16FF3EFF7C6560FFFF6BFFFFFFFFFFE7
The same issue affects the hex_to_str() helper function which uc_md5()
does not use.
This commit addresses these issues by:
- refactoring hex_to_str():
- accept a const void * input buffer internally cast to uchar
- use snprintf() and the correct format length modifier 'hh'
- use hex_to_str() in uc_md5()
- adjust uses in other callers to pass sizeof(inbuf)/2 instead of a
hardcoded number
str_to_hex() is also refactored with the same guidelines to simplify the
code and minimally address sscanf() failures by ending conversion.
While there, document these two helpers.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
