LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27337 Commits
1 Branch
46 MiB
Tree: c8d6afe2cc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c8d6afe2cc'
${ noResults }
openwrt-packages-dist/net/hs20/files/hs20.init

203 lines
6.3 KiB
Raw Normal View History

hs20: prepare server using uci-defaults and ship files Setup user database if non-existent, configure uhttpd .php interpreter and patch php scripts to work out-of-the-box. Also ship Hotspot 2.0 SPP and OMA DM XML schema/DTD files needed at run-time for both client and server. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
hs20: some small improvements * update device description framework to v1.3 * setup methods in database * setup uhttpd to use hs20 cert Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
hs20: prepare server using uci-defaults and ship files Setup user database if non-existent, configure uhttpd .php interpreter and patch php scripts to work out-of-the-box. Also ship Hotspot 2.0 SPP and OMA DM XML schema/DTD files needed at run-time for both client and server. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
hs20: some small improvements * update device description framework to v1.3 * setup methods in database * setup uhttpd to use hs20 cert Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
hs20: prepare server using uci-defaults and ship files Setup user database if non-existent, configure uhttpd .php interpreter and patch php scripts to work out-of-the-box. Also ship Hotspot 2.0 SPP and OMA DM XML schema/DTD files needed at run-time for both client and server. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago
 
  1. #!/bin/sh /etc/rc.common
  2. 

  3. START=49
  4. 

  5. USE_PROCD=1
  6. 

  7. setup_ca() {
  8. 	[ -e /etc/hs20/AS/Key/server.pem ] && return 0
  9. 

  10. 	local company friendly_name rootsubject logo_sha1 logo_sha256 logo_url domain osu_client_subject ocsp_server_subject key_passphrase osu_server_name ocsp_uri revoked_subject
  11. 	config_load hs20
  12. 	config_get company ca company
  13. 	config_get friendly_name ca friendly_name
  14. 	config_get rootsubject ca rootsubject
  15. 	config_get logo_sha1 ca logo_sha1
  16. 	config_get logo_sha256 ca logo_sha256
  17. 	config_get logo_url ca logo_url
  18. 	config_get domain ca domain
  19. 	config_get osu_client_subject ca osu_client_subject
  20. 	config_get ocsp_server_subject ca ocsp_server_subject
  21. 	config_get key_passphrase ca key_passphrase
  22. 	config_get osu_server_name ca osu_server_name
  23. 	config_get ocsp_uri ca ocsp_uri
  24. 

  25. 	mkdir -p /etc/hs20/ca
  26. 	(
  27. 	  cd /etc/hs20/ca
  28. 	  /bin/busybox sh /usr/share/hs20/ca/setup.sh -c "$company" -C "$friendly_name" -g "$logo_sha1" -G "$logo_sha256" -l "$logo_url" -m "$domain" -o "$osu_client_subject" -O "$ocsp_server_subject" -p "$key_passphrase" -S "$osu_server_name" -u "$ocsp_uri" -V "$revoked_subject"
  29. 	)
  30. 

  31. 	mkdir -p /etc/hs20/AS/Key
  32. 	cp /etc/hs20/ca/server.* /etc/hs20/ca/ca.pem /etc/hs20/AS/Key
  33. 

  34. 	uci batch <<EOF
  35. set uhttpd.main.cert='/etc/hs20/ca/server.pem'
  36. set uhttpd.main.key='/etc/hs20/ca/server.key'
  37. commit uhttpd
  38. EOF
  39. 

  40. 	return 0
  41. }
  42. 

  43. sql_set() {
  44. 	echo "DELETE FROM osu_config WHERE realm='$1' AND field='$2';"
  45. 	echo "INSERT INTO osu_config(realm,field,value) VALUES('$1','$2','$3');"
  46. }
  47. 

  48. setup_dbconf() {
  49. 	local domain spp_http_auth_url trust_root_cert_url
  50. 	config_load hs20
  51. 	config_get realm ca domain
  52. 	config_get spp_http_auth_url server spp_http_auth_url
  53. 	config_get trust_root_cert_url server trust_root_cert_url
  54. 	config_get trust_root_cert_fingerprint server trust_root_cert_fingerprint
  55. 	config_get aaa_trust_root_cert_url server aaa_trust_root_cert_url
  56. 	config_get aaa_trust_root_cert_fingerprint server aaa_trust_root_cert_fingerprint
  57. 	config_get free_account server free_account
  58. 	config_get policy_url server policy_url
  59. 	config_get remediation_url server remediation_url
  60. 	config_get free_remediation_url server free_remediation_url
  61. 	config_get signup_url server signup_url
  62. 	(
  63. 		sql_set $realm spp_http_auth_url "$spp_http_auth_url"
  64. 		sql_set $realm trust_root_cert_url "$trust_root_cert_url"
  65. 		sql_set $realm trust_root_cert_fingerprint "$trust_root_cert_fingerprint"
  66. 		sql_set $realm aaa_trust_root_cert_url "$aaa_trust_root_cert_url"
  67. 		sql_set $realm aaa_trust_root_cert_fingerprint "$aaa_trust_root_cert_fingerprint"
  68. 		sql_set $realm free_account "$free_account"
  69. 		sql_set $realm policy_url "$policy_url"
  70. 		sql_set $realm remediation_url "$remediation_url"
  71. 		sql_set $realm free_remediation_url "$free_remediation_url"
  72. 		sql_set $realm signup_url "$signup_url"
  73. 		echo "DELETE FROM wildcards WHERE identity='';"
  74. 		echo "INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');"
  75. 	) | sqlite3 /etc/hs20/AS/DB/eap_user.db
  76. 

  77. 	return 0
  78. }
  79. 

  80. setup_policy() {
  81. 	local update_interval update_method restriction uri
  82. 	config_load hs20
  83. 	config_get update_interval policy update_interval
  84. 	config_get update_method policy update_method
  85. 	config_get restriction policy restriction
  86. 	config_get uri policy uri
  87. 

  88. 	if [ ! -e "/etc/hs20/spp/policy/default.xml" ]; then
  89. 		mkdir -p /etc/hs20/spp/policy
  90. 		ln -s /tmp/run/spp-default-policy.xml /etc/hs20/spp/policy/default.xml
  91. 	fi
  92. 

  93. 	cat > /tmp/run/spp-default-policy.xml <<EOF
  94. <Policy>
  95. 	<PolicyUpdate>
  96. 		<UpdateInterval>$update_interval</UpdateInterval>
  97. 		<UpdateMethod>$update_method</UpdateMethod>
  98. 		<Restriction>$restriction</Restriction>
  99. 		<URI>$uri</URI>
  100. 	</PolicyUpdate>
  101. </Policy>
  102. 

  103. EOF
  104. 	return 0
  105. }
  106. 

  107. prepare_config() {
  108. 	local key_passphrase subscr_remediation_url osu_nai as_passphrase radius_passphrase
  109. 	config_load hs20
  110. 	config_get key_passphrase ca key_passphrase
  111. 	config_get subscr_remediation_url policy uri
  112. 	config_get osu_nai server osu_nai
  113. 	config_get as_passphrase server as_passphrase
  114. 	config_get radius_passphrase server radius_passphrase
  115. 

  116. 	cat > /tmp/run/as-sql.conf <<EOF
  117. driver=none
  118. radius_server_clients=/etc/hs20/AS/as.radius_clients
  119. eap_server=1
  120. eap_user_file=sqlite:/etc/hs20/AS/DB/eap_user.db
  121. ca_cert=/etc/hs20/AS/Key/ca.pem
  122. server_cert=/etc/hs20/AS/Key/server.pem
  123. private_key=/etc/hs20/AS/Key/server.key
  124. private_key_passwd=$key_passphrase
  125. eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=/etc/hs20/AS/DB/eap_sim.db
  126. subscr_remediation_url=$subscr_remediation_url
  127. EOF
  128. 

  129. 	mkdir -p /var/run/hostapd/hs20-radius
  130. 	cat > /tmp/run/radius-sql.conf <<EOF
  131. # hostapd-radius config for the radius used by the OSEN AP
  132. interface=lo
  133. driver=none
  134. logger_syslog=-1
  135. logger_syslog_level=2
  136. logger_stdout=-1
  137. logger_stdout_level=2
  138. ctrl_interface=/var/run/hostapd/hs20-radius
  139. ctrl_interface_group=0
  140. eap_server=1
  141. eap_user_file=/etc/hs20/AS/hostapd-osen.eap_user
  142. server_id=ben-ota-2-osen
  143. radius_server_auth_port=1811
  144. radius_server_clients=/etc/hs20/AS/hostap.radius_clients
  145. 

  146. ca_cert=/etc/hs20/ca/ca.pem
  147. server_cert=/etc/hs20/ca/server.pem
  148. private_key=/etc/hs20/ca/server.key
  149. private_key_passwd=$key_passphrase
  150. 

  151. ocsp_stapling_response=/etc/hs20/ca/ocsp-server-cache.der
  152. EOF
  153. 

  154. 	cat > /etc/hs20/AS/hostapd-osen.eap_user <<EOF
  155. # For OSEN authentication (Hotspot 2.0 Release 2)
  156. "$osu_nai"      WFA-UNAUTH-TLS
  157. EOF
  158. 

  159. 	cat > /etc/hs20/AS/hostap.radius_clients <<EOF
  160. 0.0.0.0/0       $radius_passphrase
  161. EOF
  162. 

  163. 	cat > /etc/hs20/AS/as.radius_clients <<EOF
  164. 0.0.0.0/0       $as_passphrase
  165. EOF
  166. 

  167. 	return 0
  168. }
  169. 

  170. start_service() {
  171. 	local enabled
  172. 	config_load hs20
  173. 	config_get enabled server enabled
  174. 

  175. 	[ "$enabled" != "1" ] && [ "$enabled" != "true" ] && exit 0
  176. 	echo "starting"
  177. 

  178. 	setup_ca
  179. 	setup_policy
  180. 	setup_dbconf
  181. 	prepare_config
  182. 

  183. 	procd_open_instance ocsp-responder
  184. 	procd_set_param command /usr/bin/openssl ocsp -index /etc/hs20/ca/demoCA/index.txt -port 8888 -nmin 5 -rsigner /etc/hs20/ca/ocsp.pem -rkey /etc/hs20/ca/ocsp.key -CA /etc/hs20/ca/demoCA/cacert.pem -text -ignore_err
  185. 	procd_set_param stdout 1
  186. 	procd_set_param stderr 1
  187. 	procd_set_param respawn
  188. 	procd_close_instance
  189. 

  190. 	procd_open_instance hs20-ac
  191. 	procd_set_param command /usr/sbin/hostapd-hs20-radius-server /tmp/run/as-sql.conf
  192. 	procd_set_param stdout 1
  193. 	procd_set_param stderr 1
  194. 	procd_set_param respawn
  195. 	procd_close_instance
  196. 

  197. 	procd_open_instance hs20-radius
  198. 	procd_set_param command /usr/sbin/hostapd-hs20-radius-server /tmp/run/radius-sql.conf
  199. 	procd_set_param stdout 1
  200. 	procd_set_param stderr 1
  201. 	procd_set_param respawn
  202. 	procd_close_instance
  203. }