aboutsummaryrefslogtreecommitdiffstats
path: root/daily-psk
blob: cc1597d7f313001094bb8c0b86ab8beaaaf1e587 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!rsc
# RouterOS script: daily-psk
# Copyright (c) 2013-2018 Christian Hesse <mail@eworm.de>
#
# update daily PSK (pre shared key)

:global "daily-psk-match-comment";

# return pseudo-random string for PSK
:local GeneratePSK do={
  :local date $1;

  :global "daily-psk-secrets";

  :local months {
    "jan"; "feb"; "mar"; "apr"; "may"; "jun";
    "jul"; "aug"; "sep"; "oct"; "nov"; "dec"
  }
  :local monthtbl {
    0; 3; 3; 6; 1; 4; 6; 2; 5; 0; 3; 5
  }

  :local monthstr [ :pick $date 0 3 ];
  :local month;
  :local day [ :pick $date 4 6 ];
  :local century [ :pick $date 7 9 ];
  :local year [ :pick $date 9 11 ];

  # get numeric value for month
  :for mindex from=0 to=[ :len $months ] do={
    :if ([ :pick $months $mindex ] = $monthstr) do={
      :set month $mindex;
    }
  }

  # calculate day of week
  :local sum 0;
  :set sum ($sum + (2 * (3 - ($century - (($century / 4) * 4)))));
  :set sum ($sum + ($year / 4));
  :set sum ($sum + $year + $day);
  :set sum ($sum + $month);
  :set sum ($sum - (($sum / 7) * 7));

  :local return ([ :pick [ :pick $"daily-psk-secrets" 0 ] ($day - 1) ] . \
    [ :pick [ :pick $"daily-psk-secrets" 1 ] $month ] . \
    [ :pick [ :pick $"daily-psk-secrets" 2 ] $sum ]);

  :return $return;
}

# check mail server
:if ([ / tool netwatch get [ find where comment=[ / tool e-mail get address ] ] status ] != "up" ) do={
  :error "Mail server is not up.";
}

# check time
:if ([ / system ntp client get status ] != "synchronized") do={
  :error "Time is not yet synchronized from ntp.";
}

:local date [ / system clock get date ];
:local newpsk [ $GeneratePSK $date ];

:local sendmail 0;

:foreach acclist in=[ / interface wireless access-list find where comment~$"daily-psk-match-comment" ] do={
  :local interface [ / interface wireless access-list get $acclist interface ];
  :local ssid [ / interface wireless get $interface ssid ];
  :local oldpsk [ / interface wireless access-list get $acclist private-pre-shared-key ];

  :if ($newpsk != $oldpsk) do={
    :log info ("Updating daily PSK for " . $interface . " to " . $newpsk . " (was " . $oldpsk . ")");
    / interface wireless access-list set $acclist private-pre-shared-key=$newpsk;

    :set sendmail 1;
  }
}

:if ($sendmail = 1) do={
  / system script run email-daily-psk;
}

/ system scheduler set disabled=yes [ find where name=daily-psk disabled=no ];