From 1a404195d5f8f58f89bb8671a6b8afc5feebdd94 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Tue, 22 Jun 2021 15:58:03 +0200
Subject: hotspot-to-wpa: add optional cleanup script

---
 hotspot-to-wpa-cleanup | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 hotspot-to-wpa-cleanup

(limited to 'hotspot-to-wpa-cleanup')

diff --git a/hotspot-to-wpa-cleanup b/hotspot-to-wpa-cleanup
new file mode 100644
index 0000000..2c418cd
--- /dev/null
+++ b/hotspot-to-wpa-cleanup
@@ -0,0 +1,47 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa-cleanup
+# Copyright (c) 2021 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script assign
+#
+# manage and clean up private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+
+:local 0 "hotspot-to-wpa-cleanup";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+
+:foreach Client in=[ / caps-man registration-table find where comment~"^hotspot-to-wpa:" ] do={
+  :local ClientVal [ / caps-man registration-table get $Client ];
+  :local Lease [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") dynamic ];
+  :if ([ :len $Lease ] > 0) do={
+    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+      " connected to WPA, making lease static.") false;
+    / ip dhcp-server lease make-static $Lease;
+    / ip dhcp-server lease set comment=($ClientVal->"comment") $Lease;
+  }
+}
+
+:foreach Client in=[ / caps-man access-list find where comment~"^hotspot-to-wpa:" and \
+    !(comment~[ / system clock get date ]) ] do={
+  :local ClientVal [ / caps-man access-list get $Client ];
+  :if ([ :len [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") \
+      !dynamic ] ] = 0) do={
+    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+      " did not connect to WPA, removing from access list.") false;
+    / caps-man access-list remove $Client;
+  }
+}
+
+:foreach Lease in=[ / ip dhcp-server lease find where !dynamic status=waiting \
+    last-seen>4w comment~"^hotspot-to-wpa:" ] do={
+  :local LeaseVal [ / ip dhcp-server lease get $Lease ];
+  $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
+    " was not seen for long time, removing.") false;
+  / caps-man access-list remove [ find where comment~"^hotspot-to-wpa:" \
+     mac-address=($LeaseVal->"mac-address") ];
+  / ip dhcp-server lease remove $Lease;
+}
-- 
cgit v1.2.3-54-g00ecf