1 files changed, 83 insertions, 67 deletions

diff --git a/hotspot-to-wpa.capsman.rsc b/hotspot-to-wpa.capsman.rsc
index a7ebafb..3f51475 100644
--- a/hotspot-to-wpa.capsman.rsc
+++ b/hotspot-to-wpa.capsman.rsc
@@ -1,89 +1,105 @@
 #!rsc by RouterOS
 # RouterOS script: hotspot-to-wpa.capsman
-# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
-# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+# Copyright (c) 2019-2025 Christian Hesse <mail@eworm.de>
+# https://rsc.eworm.de/COPYING.md
+#
+# requires RouterOS, version=7.15
+# requires device-mode, hotspot
 #
 # add private WPA passphrase after hotspot login
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+# https://rsc.eworm.de/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa.capsman";
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
-:global EitherOr;
-:global LogPrintExit2;
-:global ParseKeyValueStore;
-:global ScriptLock;
+:local ExitOK false;
+:do {
+  :local ScriptName [ :jobname ];
 
-$ScriptLock $0;
+  :global EitherOr;
+  :global LogPrint;
+  :global ParseKeyValueStore;
+  :global ScriptLock;
 
-:local MacAddress $"mac-address";
-:local UserName $username;
+  :local MacAddress $"mac-address";
+  :local UserName $username;
 
-:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
-  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
-}
+  :if ([ $ScriptLock $ScriptName ] = false) do={
+    :set ExitOK true;
+    :error false;
+  }
 
-:local Date [ /system/clock/get date ];
-:local UserVal ({});
-:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
-  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
-}
-:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
-:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
+  :if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
+    $LogPrint error $ScriptName ("This script is supposed to run from hotspot on login.");
+    :set ExitOK true;
+    :error false;
+  }
 
-:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
-  /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
-  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
-}
-:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+  :local Date [ /system/clock/get date ];
+  :local UserVal ({});
+  :if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
+    :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
+  }
+  :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
+  :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
 
-:if ([ :len [ /caps-man/access-list/find where \
-    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
-  /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
-  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
-}
-:local Template [ /caps-man/access-list/get ([ find where \
-    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
+  :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+    /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+    $LogPrint warning $ScriptName ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.");
+  }
+  :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 
-:if ($Template->"action" = "reject") do={
-  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
-}
+  :if ([ :len [ /caps-man/access-list/find where \
+      comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
+    /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+    $LogPrint warning $ScriptName ("Added template in access-list for hotspot '" . $Hotspot . "'.");
+  }
+  :local Template [ /caps-man/access-list/get ([ find where \
+      comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
 
-# allow login page to load
-:delay 1s;
+  :if ($Template->"action" = "reject") do={
+    $LogPrint info $ScriptName ("Ignoring login for hotspot '" . $Hotspot . "'.");
+    :set ExitOK true;
+    :error true;
+  }
+
+  # allow login page to load
+  :delay 1s;
 
-$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
-  " (user " . $UserName . ").") false;
-/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
-/caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
-    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
-    action=reject place-before=$PlaceBefore;
+  $LogPrint info $ScriptName ("Adding/updating access-list entry for mac address " . $MacAddress . \
+    " (user " . $UserName . ").");
+  /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+  /caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+      mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
+      action=reject place-before=$PlaceBefore;
 
-:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
-    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
-:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
-:if ([ :len $PrivatePassphrase ] > 0) do={
-  :if ($PrivatePassphrase = "ignore") do={
-    /caps-man/access-list/set $Entry !private-passphrase;
-  } else={
-    /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
+  :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
+      comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
+  :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
+  :if ([ :len $PrivatePassphrase ] > 0) do={
+    :if ($PrivatePassphrase = "ignore") do={
+      /caps-man/access-list/set $Entry !private-passphrase;
+    } else={
+      /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
+    }
+  }
+  :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
+  :if ([ :len $SsidRegexp ] > 0) do={
+    /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
+  }
+  :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
+  :if ([ :len $VlanId ] > 0) do={
+    /caps-man/access-list/set $Entry vlan-id=$VlanId;
+  }
+  :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
+  :if ([ :len $VlanMode] > 0) do={
+    /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
   }
-}
-:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
-:if ([ :len $SsidRegexp ] > 0) do={
-  /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
-}
-:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
-:if ([ :len $VlanId ] > 0) do={
-  /caps-man/access-list/set $Entry vlan-id=$VlanId;
-}
-:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
-:if ([ :len $VlanMode] > 0) do={
-  /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
-}
 
-:delay 2s;
-/caps-man/access-list/set $Entry action=accept;
+  :delay 2s;
+  /caps-man/access-list/set $Entry action=accept;
+} on-error={
+  :global ExitError; $ExitError $ExitOK [ :jobname ];
+}