nemo
/
mir3c
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
mir3c/squashfs-root/usr/sbin/sysapi

626 lines
16 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
# Note: such sysapi file is invoked by web-Luci, so cannot be removed.
# Anyway, its been restored again.
#
. /lib/lib.scripthelper.sh
TS="$(date -u +%s)"
TUUID=$(echo "$@-$TS"|md5sum|awk '{print $1}'|head -c8)
PARENTIDINFO=$PPID
PCMD=$(awk -F'
' '{OFS=" " ;print $0}' /proc/$PARENTIDINFO/cmdline|xargs)
SCRIPTTAG="$SCRIPTTAG-$TUUID-$PARENTIDINFO-$PCMD"
dlog "INFO: input ARGS: $@"
ARGS=`echo $@|tr "[a-z]" "[A-Z]"`
fun="$1"
shift
action="$1"
shift
#action=`echo $ARGS|grep -iEo "(set|get|del|update|commit)"`
#fun=`echo $ARGS|grep -iEo "(macfilter|traffic_ctl|system_info|dnsaccelerate|webinitrdr|pdnsd)"`
macfilter_conf="/etc/config/macfilter"
dnsaccelerate_conf="/etc/dnsmasq.securedomain.list"
UCI="uci -q"
CONFIGPATH="/tmp/etc/config"
MACCONFIGFILE="$CONFIGPATH/macfilter"
#PARAMETERAPPEND="-c${CONFIGPATH}"
PARAMETERAPPEND=""
FLUSH_MAC="rm -f $MACCONFIGFILE"
UCI_SAVE="$UCI commit macfilter"
apply_firewall() {
trap "lock -u /var/run/fw3.lock; exit 1" SIGHUP SIGINT SIGTERM
lock /var/run/fw3.lock
lua /usr/sbin/macfilterctl -v "$@"
lock -u /var/run/fw3.lock
}
usage(){
local idx
idx="$1"
case "$idx" in
macfilter)
elog "USAGE: $0 macfilter <set|get|update|del|commit> [wanmode|adminmode|<MAC=xx:xx:xx:xx:> [lan=yes|no] [wan=yes|no] [admin=yes|no] [pridisk=yes|no]]"
;;
traffic_ctl)
elog "USAGE: $0 traffic_ctl <set> <key=on|off>"
;;
system_info)
elog "USAGE: $0 system_info <get> <cpuload|memory|disk>"
;;
dnsaccelerate)
elog "USAGE: $0 dnsaccelerate <set> <appleacc=[on|off]>"
;;
webinitrdr)
elog "USAGE: $0 webinitrdr <set> <on|off>"
;;
pdnsd)
elog "USAGE: $0 pdnsd <set> <on|off>"
;;
*)
elog "USAGE: $0 <macfilter|traffic_ctl|system_info|webinitrdr|pdnsd> [function args ...]"
;;
esac
return 0
}
case "$fun" in
macfilter|MACFILTER)
mkdir -p ${CONFIGPATH} 2>/dev/null
[ -e "$MACCONFIGFILE" ] || cp -a ${macfilter_conf} ${CONFIGPATH}
if [ -d "$CONFIGPATH" ];then
dlog "macfilter use config path $CONFIGPATH."
else
CONFIGPATH="/etc/config"
#PARAMETERAPPEND="-c${CONFIGPATH}"
dlog "macfilter use config path /etc/config."
fi
for i in "$@"
do
local op=$(echo $i | cut -f 1 -d'=' | tr "[A-Z]" "[a-z]")
case $op in
lan)
lan=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
shift
;;
wan)
wan=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
shift
;;
admin)
admin=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
shift
;;
pridisk)
pridisk=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
shift
;;
mac)
ccmac=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
mac=$(echo $ccmac | grep -iEo "[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}:[A-F0-9]{2}" | tr "[A-Z]" "[a-z]")
shift
;;
wanmode)
wmode=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
[ -n $wmode ] && gwmode="wanmode"
shift
;;
lanmode)
lmode=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
[ -n $lmode ] && glmode="lanmode"
shift
;;
adminmode)
amode=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
[ -n $amode ] && gamode="adminmode"
shift
;;
pridiskmode)
primode=$(echo ${i#*=} | tr "[A-Z]" "[a-z]")
[ -n $primode ] && gprimode="pridiskmode"
shift
;;
esac
done
global_wan=$($UCI $PARAMETERAPPEND get macfilter.@mode[0].wan)
global_wan=${global_wan:-"blacklist"}
global_lan=$($UCI $PARAMETERAPPEND get macfilter.@mode[0].lan)
global_lan=${global_lan:-"blacklist"}
global_admin=$($UCI $PARAMETERAPPEND get macfilter.@mode[0].admin)
global_admin=${global_admin:-"blacklist"}
global_pridisk=$($UCI $PARAMETERAPPEND get macfilter.@mode[0].pridisk)
global_pridisk=${global_pridisk:-"whitelist"}
if [ -n "$mac" -o -n "$ccmac" ];then
uciprefix=$($UCI $PARAMETERAPPEND show macfilter | grep "$mac" | cut -d\. -f1-2)
fixwan=$($UCI $PARAMETERAPPEND get $uciprefix.wan)
fixlan=$($UCI $PARAMETERAPPEND get $uciprefix.lan)
fixadmin=$($UCI $PARAMETERAPPEND get $uciprefix.admin)
fixpridisk=$($UCI $PARAMETERAPPEND get $uciprefix.pridisk)
if [ "$global_wan" == "blacklist" ];then
[ -z "$wan" ] && [ -z "$fixwan" ] && wan="yes"
else
[ -z "$wan" ] && [ -z "$fixwan" ] && wan="no"
fi
if [ "$global_lan" == "blacklist" ];then
[ -z "$lan" ] && [ -z "$fixlan" ] && lan="yes"
else
[ -z "$lan" ] && [ -z "$fixlan" ] && lan="no"
fi
if [ "$global_admin" == "blacklist" ];then
[ -z "$admin" ] && [ -z "$fixadmin" ] && admin="yes"
else
[ -z "$admin" ] && [ -z "$fixadmin" ] && admin="no"
fi
if [ "$global_pridisk" == "blacklist" ];then
[ -z "$pridisk" ] && [ -z "$fixpridisk" ] && pridisk="yes"
else
[ -z "$pridisk" ] && [ -z "$fixpridisk" ] && pridisk="no"
fi
fi
;;
TRAFFIC_CTL|traffic_ctl)
traffic_params=`echo $ARGS|grep -iEo "(FOREIGN_CTL|TRAFFIC_DNS|TRAFFIC_ALLVPN|NGINX_CACHE|NGINX_FILTER|NGINX_GUESTWIFI)(\=(on|off))?"`
key=`echo $traffic_params|cut -d"=" -f1`
status=`echo $traffic_params|cut -d"=" -f2`
;;
SYSTEM_INFO|system_info)
key=`echo $ARGS|grep -iEo "(cpuload|memory|disk)"`
cpu_load=`/usr/sbin/getstat.lua|cut -d"%" -f1`
;;
DNSACCELERATE|dnsaccelerate)
dnsaccelerate_params=`echo $ARGS|grep -iEo "appleacc=(on|off)"`
key=`echo $dnsaccelerate_params|cut -d"=" -f1`
status=`echo $dnsaccelerate_params|cut -d"=" -f2`
;;
webinitrdr|WEBINITRDR)
key=`echo $ARGS|grep -iEo "(on|off)"|tr "[A-Z]" "[a-z]"`
trap "lock -u /var/run/fw3.lock; exit 1" SIGHUP SIGINT SIGTERM
lock /var/run/fw3.lock
/usr/sbin/sysapi.firewall webinitrdr $key
lock -u /var/run/fw3.lock
exit $?
;;
PDNSD|pdnsd)
key=`echo $ARGS|grep -iEo "(on|off)"|tr "[A-Z]" "[a-z]"`
;;
*)
elog "WARNING: Unsupport sysapi Function $fun!"
usage
exit 1
;;
esac
#macfilter start
setrule(){
grep -iq "$mac" $macfilter_conf
if [ $? -ne 0 ]; then
$UCI batch <<-EOF
add macfilter mac
set macfilter.@mac[-1].mac="$mac"
set macfilter.@mac[-1].wan="$wan"
set macfilter.@mac[-1].lan="$lan"
set macfilter.@mac[-1].admin="$admin"
set macfilter.@mac[-1].pridisk="$pridisk"
commit macfilter
EOF
if [ ! "$mac" == "$($UCI get macfilter.@mac[-1].mac)" ]; then
dlog "ERROR: Add rule failed $mac" && return 1
fi
else
dlog "WARNING: $mac already exist in macfilter list, setrule function!"
return 1
fi
return 0
}
getrule(){
if [ -n "$gwmode" ]
then
if ! $UCI $PARAMETERAPPEND get macfilter.@mode[0].wan; then
dlog "ERROR: get macfilter wan mode failed!"
return 1
else
return 0
fi
fi
if [ -n "$glmode" ];then
if ! $UCI $PARAMETERAPPEND get macfilter.@mode[0].lan;then
dlog "ERROR: get macfilter lan mode failed !"
return 1
else
return 0
fi
fi
if [ -n "$gamode" ];then
if ! $UCI $PARAMETERAPPEND get macfilter.@mode[0].admin ;then
dlog "ERROR: get macfilter admin mode failed!"
return 1
else
return 0
fi
fi
if [ -n "$gprimode" ];then
if ! $UCI $PARAMETERAPPEND get macfilter.@mode[0].pridisk ;then
dlog "ERROR: get macfilter pridisk mode failed!"
return 1
else
return 0
fi
fi
if [ -z "$mac" -a -z "$ccmac" ]
then
$UCI $PARAMETERAPPEND show macfilter |awk -F'\.' '{key[$1$2]=(key[$1$2]";"$3)}END{for(i in key){if(key[i] ~ "mac"){print key[i]}}}' |sed 's/^;//g'
else
if [ -z "$mac" -a -n "$ccmac" ]
then
echo "mac=$ccmac;wan=$wan;lan=$lan;admin=$admin;pridisk=$pridisk"
else
ucitype=`$UCI $PARAMETERAPPEND show macfilter |grep -i "$mac"|cut -d\. -f1-2`
if [ -n "$ucitype" ]; then
viewmac=`$UCI $PARAMETERAPPEND get $ucitype.mac`
viewwan=`$UCI $PARAMETERAPPEND get $ucitype.wan`
viewlan=`$UCI $PARAMETERAPPEND get $ucitype.lan`
viewadmin=`$UCI $PARAMETERAPPEND get $ucitype.admin`
viewpridisk=`$UCI $PARAMETERAPPEND get $ucitype.pridisk`
echo "mac=$viewmac;wan=$viewwan;lan=$viewlan;admin=$viewadmin;pridisk=$viewpridisk"
else
echo "mac=$mac;wan=$wan;lan=$lan;admin=$admin;pridisk=$pridisk"
fi
fi
fi
return 0
}
delrule(){
if [ -z "$mac" ]
then
dlog "ERROR: Parameter error! delrule function" && return 1
else
for macmac in `$UCI show macfilter |grep -i "$mac"|cut -d\. -f1-2`
do
$UCI delete "$macmac"
$UCI_SAVE
apply_firewall del "$mac"
done
if [ $? -ne 0 ];then
dlog "ERROR: del rule failed $mac"
return 1
fi
fi
return 0
}
updaterule(){
if [ -n "$mac" ]
then
if [ -n "$wan" -a -n "$lan" -a -n "$admin" -a -n "$pridisk" ];then
for macmac in `$UCI show macfilter |grep -i "$mac"|cut -d\. -f1-2`;do
$UCI delete "$macmac"
$UCI_SAVE
apply_firewall del "$mac" 2>/dev/null
done
[ $? -ne 0 ] && dlog "ERROR: update-del rule failed $mac!" && return 1
$UCI batch <<EOF
add macfilter mac
set macfilter.@mac[-1].mac="$mac"
set macfilter.@mac[-1].wan="$wan"
set macfilter.@mac[-1].lan="$lan"
set macfilter.@mac[-1].admin="$admin"
set macfilter.@mac[-1].pridisk="$pridisk"
commit macfilter
EOF
if [ "$mac" == "$($UCI get macfilter.@mac[-1].mac)" ]; then
apply_firewall set "{mac='$mac',wan='$wan',lan='$lan',admin='$admin'}" && dlog "INFO: Add rule {mac='$mac',wan='$wan',lan='$lan',admin='$admin',pridisk='$pridisk'} in wan:$global_wan lan:$global_lan admin:$global_admin pridisk:$global_pridisk" && return 0
else
dlog "ERROR: update-add rule failed $mac" && return 1
fi
fi
uciprefix=`$UCI show macfilter|grep "$mac"|cut -d\. -f1-2`
if [ -n "$wan" ]; then
if [ "$($UCI get $uciprefix.wan)" != "$wan" ] ;then
$UCI set "$uciprefix".wan="$wan" && $UCI_SAVE && apply_firewall set "{mac='$mac',wan='$wan'}"
if [ $? -ne 0 ];then
dlog "ERROR: update $mac wan $wan failed!" && return 1
fi
else
dlog "INFO: $mac wan $wan no change!" && return 0
fi
fi
if [ -n "$lan" ]; then
if [ "$($UCI get $uciprefix.lan)" != "$lan" ] ;then
$UCI set "$uciprefix".lan="$lan" && $UCI_SAVE && apply_firewall set "{mac='$mac',lan='$lan'}"
if [ $? -eq 0 ];then
if [ "$lan" = "no" ] ;then
/usr/sbin/shareUpdate -c && dlog "INFO: shareUpdate reload succeed mac:$mac lan:$lan [macfilter updaterule action]"
[ $? -ne 0 ] && dlog "ERROR: shareUpdate reload failed mac:$mac lan:$lan [macfilter updaterule action]"
fi
else
dlog "ERROR: ERROR: update $mac lan $lan failed!"
fi
#if [ $? -ne 0 ];then
#dlog "ERROR: update $mac lan $lan failed!" && return 1
#fi
else
dlog "INFO: $mac lan $lan no change!" && return 0
fi
fi
if [ -n "$admin" ]; then
if [ "$($UCI get $uciprefix.admin)" != "$admin" ] ;then
$UCI set "$uciprefix".admin="$admin" && $UCI_SAVE && apply_firewall set "{mac='$mac',admin='$admin'}"
if [ $? -ne 0 ];then
dlog "ERROR: update $mac admin $admin failed!" && return 1
fi
else
dlog "INFO: $mac admin $admin no change!" && return 0
fi
fi
if [ -n "$pridisk" ]; then
if [ "$($UCI get $uciprefix.pridisk)" != "$pridisk" ] ;then
$UCI set "$uciprefix".pridisk="$pridisk" && $UCI_SAVE
if [ $? -ne 0 ];then
dlog "ERROR: update $mac pridisk $pridisk failed!" && return 1
fi
else
dlog "INFO: $mac pridisk $pridisk no change!" && return 0
fi
fi
elif [ -n "$wmode" ]; then
$UCI set macfilter.@mode[0].wan="$wmode" && $UCI_SAVE && apply_firewall mode 2>/dev/null
if [ $? -ne 0 ];then
dlog "ERROR: update wan mode failed!" && return 1
fi
elif [ -n "$lmode" ]; then
$UCI set macfilter.@mode[0].lan="$lmode" && $UCI_SAVE && apply_firewall mode 2>/dev/null
if [ $? -ne 0 ];then
dlog "ERROR: update lan mode failed!" && return 1
fi
elif [ -n "$amode" ]; then
if [ "$amode" = "close" ]; then
$UCI set macfilter.@mode[0].admin="blacklist"
local mac_list=$(uci show macfilter|grep admin|grep '@mac'|cut -d\. -f1-2)
for mac in $mac_list; do
$UCI set "$mac".admin='yes'
done
else
$UCI set macfilter.@mode[0].admin="$amode"
fi
$UCI_SAVE
apply_firewall mode 2>/dev/null
elif [ -n "$primode" ]; then
$UCI set macfilter.@mode[0].pridisk="$primode" && $UCI_SAVE
if [ $? -ne 0 ];then
dlog "ERROR: update primode mode failed!" && return 1
fi
else
dlog "ERROR: update rule failed ,mac parameter error or null $mac" && return 1
fi
return 0
}
commit(){
#commit action no need
#apply_firewall set
[ $? -ne 0 ] && dlog "ERROR: new rule applay failed ,firewall error !" && return 1
return 0
}
macfilter(){
case "$action" in
SET|set)
updaterule && $FLUSH_MAC || return 1
;;
GET|get)
getrule || return 1
;;
DEL|del)
delrule && $FLUSH_MAC || return 1
;;
UPDATE|update)
updaterule && $FLUSH_MAC || return 1
;;
COMMIT|commit)
commit || return 1
;;
*)
elog "ERROR: Unsupport macfilter operation $action !"
usage macfilter
return 1
;;
esac
return 0
}
#macfilter end
#traffic start
settraffic(){
nkey=`cat $traffic_conf|grep -iEo "^$key=(on|off)"|tail -n1`
nstatus=`cat $traffic_conf|grep -i "^$key"|cut -d"=" -f2`;
status=`echo $status|tr "[A-Z]" "[a-z]"`
if [ -z "$nkey" ];then
echo $traffic_params >>$traffic_conf 2>/dev/nul
[ $? -ne 0 ] && dlog "ERROR: update $traffic_conf $key failed failed!" && return 1
fi
if [ -n "$nkey" -a -n "nstatus" -a -n "$key" -a -n "$status" ];then
sed -i "/^$key/{ s/$nstatus/$status/ }" $traffic_conf
[ $? -ne 0 ] && dlog "ERROR: update $traffic_conf $key failed!" && return 1
fi
}
gettraffic(){
nkey=`cat $traffic_conf|grep -iEo "^$key=(on|off)"|tail -n1`
nstatus=`cat $traffic_conf|grep -i "^$key"|cut -d"=" -f2`;
status=`echo $status|tr "[A-Z]" "[a-z]"`
if [ -z "$nkey" ];then
echo "$key=on"
else
echo "$nkey"
fi
}
traffic_ctl(){
case "$action" in
SET)
settraffic || return 1
;;
GET)
gettraffic || return 1
;;
*)
elog "ERROR: Unsupport traffic_ctl operation $action !"
usage traffic_ctl
return 1
;;
esac
return 0
}
#traffic end
#system info start
system_info(){
case "$action" in
GET)
case "$key" in
CPULOAD)
echo "$cpu_load"
;;
MEMORY)
echo "$memory"
;;
DISK)
echo "$disk"
;;
*)
elog "ERROR: Unsupport system_info !"
usage SYSTEM_INFO
return 1
;;
esac
;;
*)
elog "ERROR: Unsupport traffic_ctl operation $action !"
usage traffic_ctl && return 1
;;
esac
return 0
}
#system info stop
#dns accelerate start
dnsaccelerate(){
case "$action" in
SET)
case "$key" in
APPLEACC)
if [ "$status" = "OFF" ];then
sed -i "/UPMARK='APPLEACC'/{ s/^F/#F/g }" $dnsaccelerate_conf 2>/dev/null
[ $? -ne 0 ] && elog "ERROR: Turn off apple accelerate failed! " && return 1
elif [ "$status" = "ON" ] ;then
sed -i "/UPMARK='APPLEACC'/{ s/^#F/F/g }" $dnsaccelerate_conf 2>/dev/null
[ $? -ne 0 ] && elog "ERROR: Turn on apple accelerate failed! " && return 1
else
elog "ERROR: Unsupport dnsaccelerate parameter! " && return 1
fi
;;
*)
elog "ERROR: Unsupport dnsaccelerate parameter $key !"
usage dnsaccelerate && return 1
;;
esac
;;
*)
elog "ERROR: Unsupport dnsaccelerate operation $action !"
usage dnsaccelerate && return 1
;;
esac
}
pdnsd(){
case "$action" in
SET)
if [ "$key" = "off" ];then
local step1 step2
$UCI del dhcp.@dnsmasq[0].local
step1=$?
$UCI set dhcp.@dnsmasq[0].resolvfile="/tmp/resolv.conf.auto"
step2=$?
if [ $step1 -eq 0 -a $step2 -eq 0 ];then
$UCI commit dhcp
/etc/init.d/pdnsd stop >/dev/null 2>&1;killall pdnsd >/dev/null 2>&1
/etc/init.d/dnsmasq restart >/dev/null 2>/dev/null && return 0
else
$UCI revert dhcp
return 1
fi
elif [ "$key" = "on" ] ;then
local step3 step4
$UCI dhcp.@dnsmasq[0].local="127.0.0.1#54"
step3=$?
$UCI del dhcp.@dnsmasq[0].resolvfile 2>/dev/null
step4=$?
if [ $step3 -eq 0 -a $step4 -eq 0 ];then
$UCI commit dhcp
killall pdnsd 2>/dev/null
/etc/init.d/pdnsd start >/dev/null 2>/dev/null && /etc/init.d/dnsmasq restart >/dev/null 2>/dev/null&&return 0
else
$UCI revert dhcp
return 1
fi
else
elog "INFO: unknow pdnsd parameter : $key."
return 1
fi
;;
GET)
grep -q 'server=127.0.0.1#54' /var/etc/dnsmasq.conf 2>/dev/null
if [ $? -eq 0 ] ;then
echo "on"
else
echo "off"
fi
;;
*)
elog "ERROR: Unsupport pdnsd operation $action !"
;;
esac
}
#dns accelerate stop
case "$fun" in
MACFILTER|macfilter)
macfilter
exit $?
;;
TRAFFIC_CTL|traffic_ctl)
#traffic_ctl
exit $?
;;
SYSTEM_INFO|system_info)
system_info
exit $?
;;
DNSACCELERATE|dnsaccelerate)
dnsaccelerate
exit $?
;;
webinitrdr|WEBINITRDR)
elog "ERROR: WEBINITRDR, should not reach here."
exit 1
;;
PDNSD|pdnsd)
pdnsd
exit $?
;;
*)
elog "WARNING: Unsupport sysapi Function $fun!"
usage
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink