#!/bin/bash # PirateBox app for YunoHost # Copyright (C) 2015 Julien Vaubourg # Contribute at https://github.com/labriqueinternet/piratebox_ynh # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # Functions ## State functions has_hotspot_app() { [ -e /tmp/.ynh-hotspot-started ] } is_nat4_dns_set() { iptables -nvt nat -L PREROUTING | grep 'udp dpt:53' | grep -q "${ynh_wifi_device}" \ && iptables -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${ynh_wifi_device}" } is_nat4_web_set() { iptables -nvt nat -L PREROUTING | grep 'tcp dpt:80' | grep -q "${ynh_wifi_device}" } is_filt4_nohttps_set() { iptables -nv -L INPUT | grep 'tcp dpt:443 reject' | grep -q "${ynh_wifi_device}" } is_filt4_nofwd_set() { iptables -nv -L FORWARD | grep 'reject-with' | grep -q "${ynh_wifi_device}" } is_fakedns_running() { ps aux | grep -v grep | grep -q piratebox_fakedns } is_running() { has_hotspot_app \ && is_nat4_dns_set && is_nat4_web_set \ && is_filt4_nohttps_set && is_filt4_nofwd_set \ && is_captive_set \ && is_fakedns_running } is_captive_set() { ls /etc/nginx/conf.d/captive-piratebox.conf &> /dev/null } ## Setters # The IPv6 NAT features are not available available before the kernel 3.8 # therefore the IPv6-compliance will be add when Debian Stable has a # compliant kernel set_nat4_dns() { iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j DNAT --to-destination "${ynh_ip4_nat_prefix}.1:4253" iptables -t nat -A POSTROUTING -o "${ynh_wifi_device}" -j MASQUERADE } set_nat4_web() { iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p tcp --dport 80 -j REDIRECT --to-port 4280 } set_filt4_nohttps() { iptables -I INPUT 1 -i "${ynh_wifi_device}" -p tcp --dport 443 -j REJECT } set_filt4_nofwd() { iptables -I FORWARD 1 -j REJECT -i "${ynh_wifi_device}" } set_captive() { cp /var/www/piratebox/config.{tpl.,}php sed -i "s||${ynh_opt_name}|" -i /var/www/piratebox/config.php sed -i "s||${ynh_opt_renaming}|" -i /var/www/piratebox/config.php sed -i "s||${ynh_opt_maxspace}|" -i /var/www/piratebox/config.php sed -i "s||${ynh_opt_deleting}|" -i /var/www/piratebox/config.php sed -i "s||${ynh_opt_chat}|" -i /var/www/piratebox/config.php cp /etc/nginx/{,conf.d/}captive-piratebox.conf systemctl reload nginx } start_fakedns() { (/usr/local/bin/piratebox_fakedns "${ynh_ip4_nat_prefix}.1" &> /dev/null) & } ## Unsetters unset_nat4_dns() { iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j DNAT --to-destination "${ynh_ip4_nat_prefix}.1:4253" iptables -t nat -D POSTROUTING -o "${ynh_wifi_device}" -j MASQUERADE } unset_nat4_web() { iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p tcp --dport 80 -j REDIRECT --to-port 4280 } unset_filt4_nohttps() { iptables -D INPUT -i "${ynh_wifi_device}" -p tcp --dport 443 -j REJECT } unset_filt4_nofwd() { iptables -D FORWARD -j REJECT -i "${ynh_wifi_device}" } unset_captive() { rm -f /etc/nginx/conf.d/captive-piratebox.conf systemctl reload nginx } stop_fakedns() { kill $(ps aux | grep piratebox_fakedns | awk '{ print $2 }' | head -n1) } ## Tools ynh_setting_get() { app=${1} setting=${2} grep "^${setting}:" "/etc/yunohost/apps/${app}/settings.yml" | sed s/^[^:]\\+:\\s*[\"\']\\?// | sed s/\\s*[\"\']\$// } ynh_setting_set() { app=${1} setting=${2} value=${3} yunohost app setting "${app}" "${setting}" -v "${value}" } if [ "$1" != restart ]; then # Restart php5-fpm at the first start (it needs to be restarted after the slapd start) if [ ! -e /tmp/.ynh-piratebox-boot ]; then touch /tmp/.ynh-piratebox-boot systemctl restart php5-fpm fi ynh_wifi_device_id=$(ynh_setting_get piratebox wifi_device_id) if [[ ! "${1}" =~ stop ]]; then exitcode=0 if [ "${ynh_wifi_device_id}" -eq -1 ]; then echo "[WARN] You need to select an associated wifi hotspot (you can do it through the web admin)" exitcode=1 fi [ "${exitcode}" -ne 0 ] && exit ${exitcode} fi # Variables echo -n "Retrieving Yunohost settings... " ynh_service_enabled=$(ynh_setting_get piratebox service_enabled) ynh_opt_renaming=$(ynh_setting_get piratebox opt_renaming) ynh_opt_maxspace=$(ynh_setting_get piratebox opt_maxspace) ynh_opt_deleting=$(ynh_setting_get piratebox opt_deleting) ynh_opt_chat=$(ynh_setting_get piratebox opt_chat) ynh_opt_name=$(ynh_setting_get piratebox opt_name) if [ "${ynh_wifi_device_id}" -eq 0 ]; then ynh_wifi_device="$(ynh_setting_get hotspot wifi_device)" else ynh_wifi_device="hotspot${ynh_wifi_device_id}" fi IFS='|' read -a ynh_ip4_nat_prefix <<< "$(ynh_setting_get hotspot ip4_nat_prefix)" ynh_ip4_nat_prefix=${ynh_ip4_nat_prefix[${ynh_wifi_device_id}]} echo "OK" fi # Script case "$1" in start) if is_running; then echo "Already started" elif [ "${ynh_service_enabled}" -eq 0 ]; then echo "Disabled service" elif ! has_hotspot_app; then echo "[ERR] Hotspot is not running" else echo "[piratebox] Starting..." touch /tmp/.ynh-piratebox-started # Purge tmp folder rm -rf /var/spool/piratebox/* # Set IPv4 DNS NAT if ! is_nat4_dns_set; then echo "Set IPv4 DNS NAT" set_nat4_dns fi # Set IPv4 Web NAT if ! is_nat4_web_set; then echo "Set IPv4 Web NAT" set_nat4_web fi # Set IPv4 No Https-filter rule if ! is_filt4_nohttps_set; then echo "Set IPv4 No Https-filter rule" set_filt4_nohttps fi # Set IPv4 No Forwarding-filter rule if ! is_filt4_nofwd_set; then echo "Set IPv4 No Forwarding-filter rule" set_filt4_nofwd fi # Set captive configuration if ! is_captive_set; then echo "Set the captive portal configuration" set_captive fi # Run fakedns if ! is_fakedns_running; then echo "Run fakedns" start_fakedns fi fi ;; stop) echo "[piratebox] Stopping..." rm -f /tmp/.ynh-piratebox-started if is_nat4_dns_set; then echo "Unset IPv4 DNS NAT" unset_nat4_dns fi if is_nat4_web_set; then echo "Unset IPv4 Web NAT" unset_nat4_web fi if is_filt4_nohttps_set; then echo "Unset IPv4 No Https-filter rule" unset_filt4_nohttps fi if is_filt4_nofwd_set; then echo "Unset IPv4 No Forwarding-filter rule" unset_filt4_nofwd fi if is_captive_set; then echo "Unset the captive portal" unset_captive fi if is_fakedns_running; then echo "Stop fakedns" stop_fakedns fi rm -rf /var/spool/piratebox/* ;; restart) $0 stop $0 start ;; status) exitcode=0 if [ "${ynh_service_enabled}" -eq 0 ]; then echo "[ERR] PirateBox Service disabled" exitcode=1 fi if ! has_hotspot_app; then echo "[ERR] Hotspot is not running" exitcode=1 fi if is_nat4_dns_set; then echo "[OK] IPv4 DNS NAT set" else echo "[ERR] No IPv4 DNS NAT set" exitcode=1 fi if is_nat4_web_set; then echo "[OK] IPv4 Web NAT set" else echo "[ERR] No IPv4 Web NAT set" exitcode=1 fi if is_filt4_nohttps_set; then echo "[OK] IPv4 No Https-filter rule set" else echo "[ERR] No IPv4 No Https-filter rule set" exitcode=1 fi if is_filt4_nofwd_set; then echo "[OK] IPv4 No Forwarding-filter rule set" else echo "[ERR] No IPv4 No Forwarding-filter rule set" exitcode=1 fi if is_captive_set; then echo "[OK] Captive portal set" else echo "[ERR] No captive portal set" exitcode=1 fi if is_fakedns_running; then echo "[OK] Fakedns is running" else echo "[ERR] Fakedns is not running" exitcode=1 fi exit ${exitcode} ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 ;; esac exit 0