aboutsummaryrefslogtreecommitdiffstats
path: root/hotspot-to-wpa.capsman.rsc
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2023-08-09 18:56:29 +0200
committerGravatar Christian Hesse <mail@eworm.de>2023-08-15 11:26:18 +0200
commit2c3e077b8ec984f501156f757c72a57703f846b4 (patch)
tree9cb609e7515b68256a37a6efe06b8373ca6eae8f /hotspot-to-wpa.capsman.rsc
parentc37739c2f6b050c965e0fa734309e1ecbed90add (diff)
parent92aca1aac05ba943fa41c9c6640265991a906e30 (diff)
Merge branch 'wifiwave2' into next
Diffstat (limited to 'hotspot-to-wpa.capsman.rsc')
-rw-r--r--hotspot-to-wpa.capsman.rsc89
1 files changed, 89 insertions, 0 deletions
diff --git a/hotspot-to-wpa.capsman.rsc b/hotspot-to-wpa.capsman.rsc
new file mode 100644
index 0000000..a7ebafb
--- /dev/null
+++ b/hotspot-to-wpa.capsman.rsc
@@ -0,0 +1,89 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa.capsman
+# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# add private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "hotspot-to-wpa.capsman";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global EitherOr;
+:global LogPrintExit2;
+:global ParseKeyValueStore;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:local MacAddress $"mac-address";
+:local UserName $username;
+
+:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
+ $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
+}
+
+:local Date [ /system/clock/get date ];
+:local UserVal ({});
+:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
+ :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
+}
+:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
+:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
+
+:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+ /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+ $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
+}
+:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+
+:if ([ :len [ /caps-man/access-list/find where \
+ comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
+ /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+ $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
+}
+:local Template [ /caps-man/access-list/get ([ find where \
+ comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
+
+:if ($Template->"action" = "reject") do={
+ $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
+}
+
+# allow login page to load
+:delay 1s;
+
+$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
+ " (user " . $UserName . ").") false;
+/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+/caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+ mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
+ action=reject place-before=$PlaceBefore;
+
+:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
+ comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
+:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
+:if ([ :len $PrivatePassphrase ] > 0) do={
+ :if ($PrivatePassphrase = "ignore") do={
+ /caps-man/access-list/set $Entry !private-passphrase;
+ } else={
+ /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
+ }
+}
+:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
+:if ([ :len $SsidRegexp ] > 0) do={
+ /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
+}
+:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
+:if ([ :len $VlanId ] > 0) do={
+ /caps-man/access-list/set $Entry vlan-id=$VlanId;
+}
+:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
+:if ([ :len $VlanMode] > 0) do={
+ /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
+}
+
+:delay 2s;
+/caps-man/access-list/set $Entry action=accept;