mirror of
https://git.eworm.de/cgit/routeros-scripts
synced 2025-07-23 12:24:28 +02:00
hotspot-to-wpa: convert to template, split capsman & wifiwave2
This commit is contained in:
parent
8ce1683733
commit
6552b0c02d
9 changed files with 523 additions and 158 deletions
|
@ -19,24 +19,35 @@ Requirements and installation
|
|||
You need a properly configured hotspot on one (open) SSID and a WP2 enabled
|
||||
SSID with suffix "`-wpa`".
|
||||
|
||||
Then install the script:
|
||||
Then install the script. Depending on whether you use `wifiwave2` package
|
||||
(`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) you need
|
||||
to install a different script and set it as `on-login` script in hotspot.
|
||||
|
||||
$ScriptInstallUpdate hotspot-to-wpa;
|
||||
For `wifiwave2`:
|
||||
|
||||
Configure your hotspot to use this script as `on-login` script:
|
||||
$ScriptInstallUpdate hotspot-to-wpa.wifiwave2;
|
||||
/ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifiwave2" [ find ];
|
||||
|
||||
/ip/hotspot/user/profile/set on-login=hotspot-to-wpa [ find ];
|
||||
For legacy CAPsMAN:
|
||||
|
||||
$ScriptInstallUpdate hotspot-to-wpa.capsman;
|
||||
/ip/hotspot/user/profile/set on-login="hotspot-to-wpa.capsman" [ find ];
|
||||
|
||||
### Automatic cleanup
|
||||
|
||||
With just `hotspot-to-wpa` installed the mac addresses will last in the
|
||||
access list forever. Install the optional script for automatic cleanup:
|
||||
access list forever. Install the optional script for automatic cleanup
|
||||
and add a scheduler.
|
||||
|
||||
$ScriptInstallUpdate hotspot-to-wpa-cleanup,lease-script;
|
||||
For `wifiwave2`:
|
||||
|
||||
Create a scheduler:
|
||||
$ScriptInstallUpdate hotspot-to-wpa-cleanup.wifiwave2,lease-script;
|
||||
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifiwave2;" start-time=startup;
|
||||
|
||||
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup;
|
||||
For legacy CAPsMAN:
|
||||
|
||||
$ScriptInstallUpdate hotspot-to-wpa-cleanup.capsman,lease-script;
|
||||
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.capsman;" start-time=startup;
|
||||
|
||||
And add the lease script and matcher comment to your wpa interfaces' dhcp
|
||||
server. You can add more information to the comment, separated by comma. In
|
||||
|
@ -74,7 +85,12 @@ Additionally templates can be created to give more options for access list:
|
|||
* `vlan-id`: connect device to specific VLAN
|
||||
* `vlan-mode`: set the VLAN mode for device
|
||||
|
||||
For a hotspot called `example` the template could look like this:
|
||||
For a hotspot called `example` the template could look like this. For
|
||||
`wifiwave2`:
|
||||
|
||||
/interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
|
||||
|
||||
For legacy CAPsMAN:
|
||||
|
||||
/caps-man/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
|
||||
|
||||
|
|
68
hotspot-to-wpa-cleanup.capsman.rsc
Normal file
68
hotspot-to-wpa-cleanup.capsman.rsc
Normal file
|
@ -0,0 +1,68 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa-cleanup.capsman
|
||||
# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# provides: lease-script, order=80
|
||||
#
|
||||
# manage and clean up private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! Do not edit this file, it is generated from template!
|
||||
|
||||
:local 0 "hotspot-to-wpa-cleanup.capsman";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0 false 10;
|
||||
|
||||
:local DHCPServers ({});
|
||||
:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
|
||||
:local ServerVal [ /ip/dhcp-server/get $Server ]
|
||||
:local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
|
||||
:if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
|
||||
:set ($DHCPServers->($ServerVal->"name")) \
|
||||
[ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
|
||||
:local ClientVal [ /caps-man/registration-table/get $Client ];
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
|
||||
mac-address=($ClientVal->"mac-address") ] do={
|
||||
:if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" connected to WPA, making lease static.") false;
|
||||
/ip/dhcp-server/lease/make-static $Lease;
|
||||
/ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
|
||||
!(comment~[ /system/clock/get date ]) ] do={
|
||||
:local ClientVal [ /caps-man/access-list/get $Client ];
|
||||
:if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($ClientVal->"mac-address") ] ] = 0) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" did not connect to WPA, removing from access list.") false;
|
||||
/caps-man/access-list/remove $Client;
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Server,Timeout in=$DHCPServers do={
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
|
||||
server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
|
||||
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
|
||||
" was not seen for " . $Timeout . ", removing.") false;
|
||||
/caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($LeaseVal->"mac-address") ];
|
||||
/ip/dhcp-server/lease/remove $Lease;
|
||||
}
|
||||
}
|
|
@ -1,66 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa-cleanup
|
||||
# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# provides: lease-script, order=80
|
||||
#
|
||||
# manage and clean up private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
|
||||
:local 0 "hotspot-to-wpa-cleanup";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0 false 10;
|
||||
|
||||
:local DHCPServers ({});
|
||||
:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
|
||||
:local ServerVal [ /ip/dhcp-server/get $Server ]
|
||||
:local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
|
||||
:if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
|
||||
:set ($DHCPServers->($ServerVal->"name")) \
|
||||
[ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
|
||||
:local ClientVal [ /caps-man/registration-table/get $Client ];
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
|
||||
mac-address=($ClientVal->"mac-address") ] do={
|
||||
:if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" connected to WPA, making lease static.") false;
|
||||
/ip/dhcp-server/lease/make-static $Lease;
|
||||
/ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
|
||||
!(comment~[ /system/clock/get date ]) ] do={
|
||||
:local ClientVal [ /caps-man/access-list/get $Client ];
|
||||
:if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($ClientVal->"mac-address") ] ] = 0) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" did not connect to WPA, removing from access list.") false;
|
||||
/caps-man/access-list/remove $Client;
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Server,Timeout in=$DHCPServers do={
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
|
||||
server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
|
||||
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
|
||||
" was not seen for " . $Timeout . ", removing.") false;
|
||||
/caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($LeaseVal->"mac-address") ];
|
||||
/ip/dhcp-server/lease/remove $Lease;
|
||||
}
|
||||
}
|
||||
# dummy for migration
|
||||
|
|
75
hotspot-to-wpa-cleanup.template.rsc
Normal file
75
hotspot-to-wpa-cleanup.template.rsc
Normal file
|
@ -0,0 +1,75 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa-cleanup%TEMPL%
|
||||
# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# provides: lease-script, order=80
|
||||
#
|
||||
# manage and clean up private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! This is just a template to generate the real script!
|
||||
# !! Pattern '%TEMPL%' is replaced, paths are filtered.
|
||||
|
||||
:local 0 "hotspot-to-wpa-cleanup%TEMPL%";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0 false 10;
|
||||
|
||||
:local DHCPServers ({});
|
||||
:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
|
||||
:local ServerVal [ /ip/dhcp-server/get $Server ]
|
||||
:local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
|
||||
:if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
|
||||
:set ($DHCPServers->($ServerVal->"name")) \
|
||||
[ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
|
||||
:foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
|
||||
:local ClientVal [ /caps-man/registration-table/get $Client ];
|
||||
:local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
|
||||
mac-address=($ClientVal->"mac-address") ] do={
|
||||
:if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" connected to WPA, making lease static.") false;
|
||||
/ip/dhcp-server/lease/make-static $Lease;
|
||||
/ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
|
||||
:foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
|
||||
!(comment~[ /system/clock/get date ]) ] do={
|
||||
:local ClientVal [ /caps-man/access-list/get $Client ];
|
||||
:local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
|
||||
:if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($ClientVal->"mac-address") ] ] = 0) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" did not connect to WPA, removing from access list.") false;
|
||||
/caps-man/access-list/remove $Client;
|
||||
/interface/wifiwave2/access-list/remove $Client;
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Server,Timeout in=$DHCPServers do={
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
|
||||
server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
|
||||
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
|
||||
" was not seen for " . $Timeout . ", removing.") false;
|
||||
/caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
|
||||
/interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($LeaseVal->"mac-address") ];
|
||||
/ip/dhcp-server/lease/remove $Lease;
|
||||
}
|
||||
}
|
68
hotspot-to-wpa-cleanup.wifiwave2.rsc
Normal file
68
hotspot-to-wpa-cleanup.wifiwave2.rsc
Normal file
|
@ -0,0 +1,68 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa-cleanup.wifiwave2
|
||||
# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# provides: lease-script, order=80
|
||||
#
|
||||
# manage and clean up private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! Do not edit this file, it is generated from template!
|
||||
|
||||
:local 0 "hotspot-to-wpa-cleanup.wifiwave2";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0 false 10;
|
||||
|
||||
:local DHCPServers ({});
|
||||
:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
|
||||
:local ServerVal [ /ip/dhcp-server/get $Server ]
|
||||
:local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
|
||||
:if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
|
||||
:set ($DHCPServers->($ServerVal->"name")) \
|
||||
[ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
|
||||
:local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
|
||||
mac-address=($ClientVal->"mac-address") ] do={
|
||||
:if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" connected to WPA, making lease static.") false;
|
||||
/ip/dhcp-server/lease/make-static $Lease;
|
||||
/ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
|
||||
!(comment~[ /system/clock/get date ]) ] do={
|
||||
:local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
|
||||
:if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($ClientVal->"mac-address") ] ] = 0) do={
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
|
||||
" did not connect to WPA, removing from access list.") false;
|
||||
/interface/wifiwave2/access-list/remove $Client;
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Server,Timeout in=$DHCPServers do={
|
||||
:foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
|
||||
server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
|
||||
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
|
||||
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
|
||||
" was not seen for " . $Timeout . ", removing.") false;
|
||||
/interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
|
||||
mac-address=($LeaseVal->"mac-address") ];
|
||||
/ip/dhcp-server/lease/remove $Lease;
|
||||
}
|
||||
}
|
89
hotspot-to-wpa.capsman.rsc
Normal file
89
hotspot-to-wpa.capsman.rsc
Normal file
|
@ -0,0 +1,89 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa.capsman
|
||||
# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# add private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! Do not edit this file, it is generated from template!
|
||||
|
||||
:local 0 "hotspot-to-wpa.capsman";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0;
|
||||
|
||||
:local MacAddress $"mac-address";
|
||||
:local UserName $username;
|
||||
|
||||
:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
|
||||
$LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
|
||||
}
|
||||
|
||||
:local Date [ /system/clock/get date ];
|
||||
:local UserVal ({});
|
||||
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
|
||||
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
|
||||
}
|
||||
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
|
||||
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
||||
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
|
||||
}
|
||||
:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
||||
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
|
||||
}
|
||||
:local Template [ /caps-man/access-list/get ([ find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
|
||||
|
||||
:if ($Template->"action" = "reject") do={
|
||||
$LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
|
||||
}
|
||||
|
||||
# allow login page to load
|
||||
:delay 1s;
|
||||
|
||||
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
|
||||
" (user " . $UserName . ").") false;
|
||||
/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
||||
/caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
||||
mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
|
||||
action=reject place-before=$PlaceBefore;
|
||||
|
||||
:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
|
||||
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
|
||||
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
|
||||
:if ([ :len $PrivatePassphrase ] > 0) do={
|
||||
:if ($PrivatePassphrase = "ignore") do={
|
||||
/caps-man/access-list/set $Entry !private-passphrase;
|
||||
} else={
|
||||
/caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
|
||||
}
|
||||
}
|
||||
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
|
||||
:if ([ :len $SsidRegexp ] > 0) do={
|
||||
/caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
||||
}
|
||||
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
|
||||
:if ([ :len $VlanId ] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-id=$VlanId;
|
||||
}
|
||||
:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
|
||||
:if ([ :len $VlanMode] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-mode=$VlanMode;
|
||||
}
|
||||
|
||||
:delay 2s;
|
||||
/caps-man/access-list/set $Entry action=accept;
|
|
@ -1,87 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa
|
||||
# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# add private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
|
||||
:local 0 "hotspot-to-wpa";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0;
|
||||
|
||||
:local MacAddress $"mac-address";
|
||||
:local UserName $username;
|
||||
|
||||
:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
|
||||
$LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
|
||||
}
|
||||
|
||||
:local Date [ /system/clock/get date ];
|
||||
:local UserVal ({});
|
||||
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
|
||||
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
|
||||
}
|
||||
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
|
||||
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
||||
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
|
||||
}
|
||||
:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
||||
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
|
||||
}
|
||||
:local Template [ /caps-man/access-list/get ([ find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
|
||||
|
||||
:if ($Template->"action" = "reject") do={
|
||||
$LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
|
||||
}
|
||||
|
||||
# allow login page to load
|
||||
:delay 1s;
|
||||
|
||||
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
|
||||
" (user " . $UserName . ").") false;
|
||||
/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
||||
/caps-man/access-list/add comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
|
||||
mac-address=$MacAddress private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
||||
action=reject place-before=$PlaceBefore;
|
||||
|
||||
:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
|
||||
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
|
||||
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
|
||||
:if ([ :len $PrivatePassphrase ] > 0) do={
|
||||
:if ($PrivatePassphrase = "ignore") do={
|
||||
/caps-man/access-list/set $Entry !private-passphrase;
|
||||
} else={
|
||||
/caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
|
||||
}
|
||||
}
|
||||
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
|
||||
:if ([ :len $SsidRegexp ] > 0) do={
|
||||
/caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
||||
}
|
||||
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
|
||||
:if ([ :len $VlanId ] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-id=$VlanId;
|
||||
}
|
||||
:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
|
||||
:if ([ :len $VlanMode] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-mode=$VlanMode;
|
||||
}
|
||||
|
||||
:delay 2s;
|
||||
/caps-man/access-list/set $Entry action=accept;
|
||||
# dummy for migration
|
||||
|
|
110
hotspot-to-wpa.template.rsc
Normal file
110
hotspot-to-wpa.template.rsc
Normal file
|
@ -0,0 +1,110 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa%TEMPL%
|
||||
# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# add private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! This is just a template to generate the real script!
|
||||
# !! Pattern '%TEMPL%' is replaced, paths are filtered.
|
||||
|
||||
:local 0 "hotspot-to-wpa%TEMPL%";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0;
|
||||
|
||||
:local MacAddress $"mac-address";
|
||||
:local UserName $username;
|
||||
|
||||
:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
|
||||
$LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
|
||||
}
|
||||
|
||||
:local Date [ /system/clock/get date ];
|
||||
:local UserVal ({});
|
||||
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
|
||||
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
|
||||
}
|
||||
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
|
||||
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
||||
:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
||||
/interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
||||
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
|
||||
}
|
||||
:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
||||
:local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
||||
|
||||
:if ([ :len [ /caps-man/access-list/find where \
|
||||
:if ([ :len [ /interface/wifiwave2/access-list/find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
|
||||
/caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
||||
/interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
||||
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
|
||||
}
|
||||
:local Template [ /caps-man/access-list/get ([ find where \
|
||||
:local Template [ /interface/wifiwave2/access-list/get ([ find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
|
||||
|
||||
:if ($Template->"action" = "reject") do={
|
||||
$LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
|
||||
}
|
||||
|
||||
# allow login page to load
|
||||
:delay 1s;
|
||||
|
||||
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
|
||||
" (user " . $UserName . ").") false;
|
||||
/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
||||
/interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
||||
/caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
||||
/interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
||||
mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
|
||||
action=reject place-before=$PlaceBefore;
|
||||
|
||||
:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
|
||||
:local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
|
||||
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
|
||||
# NOT /caps-man #
|
||||
:set ($Template->"private-passphrase") ($Template->"passphrase");
|
||||
# NOT /caps-man #
|
||||
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
|
||||
:if ([ :len $PrivatePassphrase ] > 0) do={
|
||||
:if ($PrivatePassphrase = "ignore") do={
|
||||
/caps-man/access-list/set $Entry !private-passphrase;
|
||||
/interface/wifiwave2/access-list/set $Entry !passphrase;
|
||||
} else={
|
||||
/caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
|
||||
/interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
|
||||
}
|
||||
}
|
||||
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
|
||||
:if ([ :len $SsidRegexp ] > 0) do={
|
||||
/caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
||||
/interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
||||
}
|
||||
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
|
||||
:if ([ :len $VlanId ] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-id=$VlanId;
|
||||
/interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
|
||||
}
|
||||
# NOT /interface/wifiwave2 #
|
||||
:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
|
||||
:if ([ :len $VlanMode] > 0) do={
|
||||
/caps-man/access-list/set $Entry vlan-mode=$VlanMode;
|
||||
/interface/wifiwave2/access-list/set $Entry vlan-mode=$VlanMode;
|
||||
}
|
||||
# NOT /interface/wifiwave2 #
|
||||
|
||||
:delay 2s;
|
||||
/caps-man/access-list/set $Entry action=accept;
|
||||
/interface/wifiwave2/access-list/set $Entry action=accept;
|
86
hotspot-to-wpa.wifiwave2.rsc
Normal file
86
hotspot-to-wpa.wifiwave2.rsc
Normal file
|
@ -0,0 +1,86 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: hotspot-to-wpa.wifiwave2
|
||||
# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# add private WPA passphrase after hotspot login
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
||||
#
|
||||
# !! Do not edit this file, it is generated from template!
|
||||
|
||||
:local 0 "hotspot-to-wpa.wifiwave2";
|
||||
:global GlobalFunctionsReady;
|
||||
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
||||
|
||||
:global EitherOr;
|
||||
:global LogPrintExit2;
|
||||
:global ParseKeyValueStore;
|
||||
:global ScriptLock;
|
||||
|
||||
$ScriptLock $0;
|
||||
|
||||
:local MacAddress $"mac-address";
|
||||
:local UserName $username;
|
||||
|
||||
:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
|
||||
$LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
|
||||
}
|
||||
|
||||
:local Date [ /system/clock/get date ];
|
||||
:local UserVal ({});
|
||||
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
|
||||
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
|
||||
}
|
||||
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
|
||||
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
|
||||
|
||||
:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
||||
/interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
||||
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
|
||||
}
|
||||
:local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
||||
|
||||
:if ([ :len [ /interface/wifiwave2/access-list/find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
|
||||
/interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
||||
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
|
||||
}
|
||||
:local Template [ /interface/wifiwave2/access-list/get ([ find where \
|
||||
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
|
||||
|
||||
:if ($Template->"action" = "reject") do={
|
||||
$LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
|
||||
}
|
||||
|
||||
# allow login page to load
|
||||
:delay 1s;
|
||||
|
||||
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
|
||||
" (user " . $UserName . ").") false;
|
||||
/interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
||||
/interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
||||
mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
|
||||
action=reject place-before=$PlaceBefore;
|
||||
|
||||
:local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
|
||||
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
|
||||
:set ($Template->"private-passphrase") ($Template->"passphrase");
|
||||
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
|
||||
:if ([ :len $PrivatePassphrase ] > 0) do={
|
||||
:if ($PrivatePassphrase = "ignore") do={
|
||||
/interface/wifiwave2/access-list/set $Entry !passphrase;
|
||||
} else={
|
||||
/interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
|
||||
}
|
||||
}
|
||||
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
|
||||
:if ([ :len $SsidRegexp ] > 0) do={
|
||||
/interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
||||
}
|
||||
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
|
||||
:if ([ :len $VlanId ] > 0) do={
|
||||
/interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
|
||||
}
|
||||
|
||||
:delay 2s;
|
||||
/interface/wifiwave2/access-list/set $Entry action=accept;
|
Loading…
Add table
Add a link
Reference in a new issue