Author: viethen Date: Mon Aug 29 01:58:50 2011 New Revision: 2729 Log: add a number of scripts to enable pairing mobile devices with Trust Points, as an extension to the OpenWrt webif GUI Added: trunk/pairing/ trunk/pairing/README trunk/pairing/uci/ trunk/pairing/uci/update-pisasd-conf (contents, props changed) trunk/pairing/webif/ trunk/pairing/webif/apply.sh.patch trunk/pairing/webif/categories.patch trunk/pairing/webif/mobileaccess-add.sh (contents, props changed) trunk/pairing/webif/mobileaccess-cand.sh (contents, props changed) trunk/pairing/webif/mobileaccess.sh (contents, props changed) Modified: trunk/Makefile.am Modified: trunk/Makefile.am ============================================================================== --- trunk/Makefile.am Sun Aug 28 22:50:43 2011 (r2728) +++ trunk/Makefile.am Mon Aug 29 01:58:50 2011 (r2729) @@ -15,6 +15,8 @@ # distcleancheck has trouble building the C files below tools/. DIST_WILDCARDS = community-operator-legacy/*.cfg \ debian/* \ + pairing/webif/*.patch \ + pairing/webif/*.sh \ pairing-legacy/*.cfg \ pairing-legacy/*.txt \ pisacd/*.sh \ @@ -35,6 +37,8 @@ docs \ kernel \ openwrt \ + pairing/README \ + pairing/uci/update-pisasd-conf \ pairing-legacy/defaults \ pairing-legacy/pisaum \ tools/convenience-scripts \ Added: trunk/pairing/README ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/README Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,18 @@ +pairing subdirectory: Pairing code for PiSA + +List of files / directories +=========================== +README this file + +uci contains a script that will copy the current UCI configuration + of paired hosts into /etc/pisa/pisasd.conf, section + allowed_hosts + +webif contains a number of scripts in order to extend the + webif GUI of a Trust Point with pairing functionality + + + + +C. Viethen, August 2011 + Added: trunk/pairing/uci/update-pisasd-conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/uci/update-pisasd-conf Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,188 @@ +#!/bin/sh +# +# This script will try to find the right place to enter an +# "allowed_hosts" block into a pisasd.conf file, and, if +# successful, will dump the current set of paired hosts +# (according to what is recorded in this system's UCI config) +# to that place. +# + +. /etc/functions.sh +. /lib/config/uci.sh + +# global settings +expiry_date="2099-12-31:23:59:59.99999"; +pisasdconf_path="/etc/pisa/pisasd.conf" + +# global vars +paired_devices_count=0 +paired_devices="" +linenum_allowed_hosts=0 +linenum_closing_brace=0 + +# callback function called automagically by uci_load +config_cb() { + local cfg_type="$1" + local cfg_name="$2" + + case "$cfg_type" in + paired_device) + paired_devices_count=$((paired_devices_count+1)) + export paired_device_${paired_devices_count}=$cfg_name + ;; + esac +} + +# +# this function will dump the list of paired devices in the format required +# for the allowed_hosts section within pisasd.conf, into the global +# variable $paired_devices +# +generate_allowed_hosts() +{ + local device_i + local paired_devices_tmp + local cfg_name_ref + local cfg_name + local device_id_ref + local device_id + local device_hit_ref + local device_hit + + if [ $((paired_devices_count)) -gt 0 ]; then + device_i=1 + + paired_devices_tmp="allowed_hosts = ( +" + + while [ $((device_i)) -lt $((paired_devices_count+1)) ]; do + + if [ "$device_i" -gt "1" ]; then + paired_devices_tmp=${paired_devices_tmp}", +" + fi + + cfg_name_ref=\${paired_device_$((device_i))} + eval cfg_name=$cfg_name_ref + unset cfg_name_ref + + device_id_ref=\${CONFIG_${cfg_name}_identifier} + eval device_id=$device_id_ref + unset device_id_ref + + device_hit_ref=\${CONFIG_${cfg_name}_hit} + eval device_hit=$device_hit_ref + unset device_hit_ref + + paired_devices_tmp=${paired_devices_tmp}" { + # ${device_id} + hit=\"${device_hit}\"; + expires=\"${expiry_date}\"; + }" + + device_i=$((device_i+1)) + done + + paired_devices=$paired_devices_tmp" +); +" + + fi +} + + +# +# this function will find the line numbers within pisasd.conf that mark +# the section that will need to be replaced by a newly-generated +# allowed_hosts section, and write them to the following global +# vars: linenum_allowed_hosts, linenum_closing_brace +# +find_config_lines() +{ + local matchline_allowed_hosts + local matchline_closing_brace + local linenum_closing_brace_rel + + # find number of first line in config to contain "allowed_hosts = (" + matchline_allowed_hosts=$(grep -m 1 -n '^allowed_hosts = ($' "${pisasdconf_path}") + linenum_allowed_hosts=$(echo "${matchline_allowed_hosts}" | awk -F ':' '{ print $1 }') + + if [ $((linenum_allowed_hosts)) -gt "0" ]; then + # find first occurence of line containing only ");" in the remaining config + matchline_closing_brace=$(tail -n +"${linenum_allowed_hosts}" "${pisasdconf_path}" | grep -m 1 -n '^);$') + + linenum_closing_brace_rel=$(echo "${matchline_closing_brace}" | awk -F ':' '{ print $1 }') + linenum_closing_brace=$(($((linenum_allowed_hosts)) + $((linenum_closing_brace_rel)) - 1)) + + if [ $((linenum_closing_brace_rel)) -le "0" ]; then # something's broken + return 1 + fi + else # allowed_hosts section not in config file + linenum_allowed_hosts=0 + linenum_closing_brace=0 + fi + + return 0 +} + +# +# this function updates the actual config file, overwriting the section +# containing allowed_hosts with the new one +# +update_configfile() +{ + echo -n "${paired_devices}" > /tmp/pisasdconf_middle + + # find head and tail to glue around the new config + if [ $((linenum_allowed_hosts)) -gt "0" ]; then + head -n $(($((linenum_allowed_hosts)) - 1)) "${pisasdconf_path}" > /tmp/pisasdconf_head + tail -n +$(($((linenum_closing_brace)) + 1)) "${pisasdconf_path}" > /tmp/pisasdconf_tail + else + # or just take the whole file for head and an empty file for tail in case + # the allowed_hosts section could not be found in the config file + cp "${pisasdconf_path}" /tmp/pisasdconf_head + + rm 2>/dev/null -f /tmp/pisasdconf_tail + touch /tmp/pisasdconf_tail + fi + + cat > /tmp/pisasd.conf-new /tmp/pisasdconf_head /tmp/pisasdconf_middle /tmp/pisasdconf_tail + + rm -f /tmp/pisasdconf_head + rm -f /tmp/pisasdconf_middle + rm -f /tmp/pisasdconf_tail + + mv -f /tmp/pisasd.conf-new "${pisasdconf_path}" +} + +# +# actual execution starts here +# + +uci_load mobileaccess + +if [ "$?" -ne "0" ]; then # fail + exit 1 +fi + +# check whether pisasd.conf exists and is writable +if [ ! -w "${pisasdconf_path}" ]; then # fail + exit 1 +fi + +# if there are any paired devices at all ... +if [ "${paired_devices_count}" -gt "0" ]; then + # generate a chunk of text to be inserted into pisasd.conf + generate_allowed_hosts +fi + +# find out where exactly to insert it +if ! find_config_lines; then + # something's inconsistent about the config file - don't touch it + exit 1 +fi + +# perform the actual insertion +update_configfile + + Added: trunk/pairing/webif/apply.sh.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/webif/apply.sh.patch Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,13 @@ +--- apply.sh-orig ++++ apply.sh +@@ -229,6 +229,10 @@ + for package in $process_packages; do + # process settings + case "$package" in ++ "mobileaccess") ++ /usr/bin/update-pisasd-conf ++ /usr/bin/pisasdconf reload ++ ;; + "qos") + reload_qos + ;; Added: trunk/pairing/webif/categories.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/webif/categories.patch Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,9 @@ +--- .categories-orig ++++ .categories +@@ -8,4 +8,6 @@ + ##WEBIF:category:HotSpot + ##WEBIF:category:VPN + ##WEBIF:category:- ++##WEBIF:category:MobileACcess ++##WEBIF:category:- + ##WEBIF:category:Logout Added: trunk/pairing/webif/mobileaccess-add.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/webif/mobileaccess-add.sh Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,172 @@ +#!/usr/bin/webif-page +<? +################################# +# MobileACcess page +# +# Description: +# Special functions for MobileACcess +# pairing functionality (TP side). +# +# Author(s) [in order of work date]: +# <christoph.viethen@xxxxxxxxxxxxxx> +# +# Major revisions: +# +# +# Configuration files referenced: +# /etc/config/mobileaccess +# +# +# TODO: + +. /usr/lib/webif/webif.sh + +paired_devices_count=0 + +config_cb() { + local cfg_type="$1" + local cfg_name="$2" + + case "$cfg_type" in + paired_device) + paired_devices_count=$((paired_devices_count+1)) + export paired_device_${paired_devices_count}=$cfg_name + ;; + esac +} + +ident_in_use() { + local no_match_found=1 + local device_i=1 + local cfg_name_ref + local cfg_name + local idstring_ref + local idstring + + while [ "(" "${device_i}" -le "${paired_devices_count}" ")" -a "(" "${no_match_found}" -eq "1" ")" ]; do + + cfg_name_ref=\${paired_device_$((device_i))} + eval cfg_name=$cfg_name_ref + + idstring_ref=\${CONFIG_"${cfg_name}"_identifier} + eval idstring=$idstring_ref + + if [ "$1" = "${idstring}" ]; then + no_match_found=0 + fi + + device_i=$((device_i+1)) + done + + return "${no_match_found}" +} + +uci_load mobileaccess + +header "MobileACcess" "Pair with one Device" "" ' onload="modechange()" ' "$SCRIPT_NAME" "" 0 + +if [ "${REQUEST_METHOD}" = 'POST' ]; then + postline_first=$( set | egrep '^POST_pair_' | head -q -n 1 ) + postline_second=$( set | egrep '^POST_pairnow_' | head -q -n 1 ) + + if [ -n "$postline_first" ]; then + tmp_part=${postline_first#POST_pair_*} + hit=${tmp_part%%=*} + + pagecontent='<h2>Really pair with this device?</h2><u>Please read carefully:</u> + <p style="padding-top:1ex">By pairing this Trust Point with the following device, + the user of the device will be permitted to use your Internet access.</p> + <p style="padding-top:2ex"><em>You</em> will be held accountable for anything + the user of this device does.</p> + <p style="padding-top:2ex">Make sure you immediately revoke its pairing in case + a device gets lost or stolen, or if you are not sure that it can only be used by a + person that you trust.</p> '"<p>(You can easily pair the device again later when it's back in your hands.)</p>" + + confirmation_form='<form enctype="multipart/form-data" action="'"${SCRIPT_NAME}"'" method="post"> + <table style="padding-top:2ex" border="0" cellpadding="0" cellspacing="4"> + <tr> + <td align="right">HIT:</td> + <td>'$hit'</td> + </tr> + <tr> + <td align="right">Identifier:</td> + <td><input name="identifier" type="text" size="50" maxlength="40"></td> + </tr> + <tr> + <td /> + <td><input name="pairnow_'$hit'" type="submit" value="Pair now!"></td> + </tr> + </table> + </form>' + + final_text='<p style="padding-top:2ex">Please specify an identifier (containing only a-z, 0-9 and spaces) for the device that you want to pair. + Use an easy-to-remember description for the device, for example "New laptop" + or "My xyPhone" or the like. You will need to know this identifier + later in case you want to revoke a pairing.</p>' + + unset postline_first + + elif [ -n "$postline_second" ]; then + + tmp_part=${postline_second#POST_pairnow_*} + hit=${tmp_part%%=*} + + # check whether the identifier (in $POST_identifier) conforms to our specs + num_of_conforming_chars=$(expr "$POST_identifier" : '[a-zA-Z0-9 ]*') + + if [ "$num_of_conforming_chars" -ne ${#POST_identifier} ]; then + pagecontent='<h2>Error</h2>Invalid chars in the identifier you chose - click "Add Devices" up in the menu bar to try again.' + confirmation_form='' + final_text='' + elif [ "(" ${#POST_identifier} -gt 40 ")" -o "(" ${#POST_identifier} -le 0 ")" ]; then + pagecontent='<h2>Error</h2>Identifier has invalid size - click "Add Devices" up in the menu bar to try again.' + confirmation_form='' + final_text='' + elif ident_in_use "${POST_identifier}"; then + pagecontent='<h2>Error</h2>Identifier is in use already - click "Add Devices" up in the menu bar and try a different one.' + confirmation_form='' + final_text='' + else + uci_add mobileaccess paired_device + uci_set mobileaccess "${CONFIG_SECTION}" identifier "${POST_identifier}" + uci_set mobileaccess "${CONFIG_SECTION}" hit "${hit}" + + pagecontent='<h2>Done ...</h2>Don'"'"'t forget to "Apply" the change if you want it to become active.' + + confirmation_form='' + final_text='' + + unset postline_second + fi + + unset num_of_conforming_chars + + else + pagecontent='<h2>Click on "Status" to continue.</h2>' + confirmation_form='' + final_text='' + fi + + unset postline_first + unset postline_second + unset tmp_part + + paired_devices_count=0 + uci_load mobileaccess +fi + +################################################################### +# show form +# +display_form <<EOF +onchange|modechange +EOF + +echo "$pagecontent" +echo "$confirmation_form" +echo "$final_text" + +footer ?> + +<!-- +--> Added: trunk/pairing/webif/mobileaccess-cand.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/webif/mobileaccess-cand.sh Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,41 @@ +#!/usr/bin/webif-page +<? +################################# +# MobileACcess page +# +# Description: +# Special functions for MobileACcess +# pairing functionality (TP side). +# +# Author(s) [in order of work date]: +# <christoph.viethen@xxxxxxxxxxxxxx> +# +# Major revisions: +# +# +# Configuration files referenced: +# +# +# TODO: + +. /usr/lib/webif/webif.sh + +header "MobileACcess" "Pairing Candidates" "Pairing Candidates" ' onload="modechange()" ' "/cgi-bin/webif/mobileaccess-add.sh" "" 0 + +################################################################### +# show form +# +display_form <<EOF +onchange|modechange +EOF + +echo "The following list shows devices this Trust Point currently is associated with." +echo '<P style="padding-top:1ex">Click on "Pair ..." to add a device to the list of paired devices.</P>' + +/root/pairing/pairing-candidates + +footer ?> + +<!-- +##WEBIF:name:MobileACcess:2:Add Devices +--> Added: trunk/pairing/webif/mobileaccess.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/pairing/webif/mobileaccess.sh Mon Aug 29 01:58:50 2011 (r2729) @@ -0,0 +1,120 @@ +#!/usr/bin/webif-page +<? +################################# +# MobileACcess page +# +# Description: +# Special functions for MobileACcess +# pairing functionality (TP side). +# +# Author(s) [in order of work date]: +# <christoph.viethen@xxxxxxxxxxxxxx> +# +# Major revisions: +# +# +# Configuration files referenced: +# /etc/config/mobileaccess +# +# +# TODO: + +. /usr/lib/webif/webif.sh + +paired_devices_count=0 + +config_cb() { + local cfg_type="$1" + local cfg_name="$2" + + case "$cfg_type" in + paired_device) + paired_devices_count=$((paired_devices_count+1)) + export paired_device_${paired_devices_count}=$cfg_name + ;; + esac +} + +uci_load mobileaccess + +header "MobileACcess" "Pairing Status" "Paired Devices" ' onload="modechange()" ' "$SCRIPT_NAME" "" 0 + +if [ -n "$POST_submit" ]; then + postline=`set | egrep '^POST_revoke_pairing_' | head -q -n 1` + tmp_part=${postline#POST_revoke_pairing_*} + cfg_name=${tmp_part%%=*} + unset postline + unset tmp_part + + uci_remove mobileaccess $cfg_name + + paired_devices_count=0 + uci_load mobileaccess +fi + +if [ $((paired_devices_count)) -gt 0 ]; then + device_i=1 + paired_devices_tmp= + + while [ $((device_i)) -lt $((paired_devices_count+1)) ]; do + + cfg_name_ref=\${paired_device_$((device_i))} + eval cfg_name=$cfg_name_ref + unset cfg_name_ref + + device_id_ref=\${CONFIG_${cfg_name}_identifier} + eval device_id=$device_id_ref + unset device_id_ref + + device_hit_ref=\${CONFIG_${cfg_name}_hit} + eval device_hit=$device_hit_ref + unset device_hit_ref + + paired_devices_tmp=${paired_devices_tmp}"start_form|"${device_id}" +field|HIT +string|"${device_hit}" +submit|revoke_pairing_"${cfg_name}"|Revoke Pairing| + +end_form +" + device_i=$((device_i+1)) + done +else + echo "No paired devices found. In order to pair devices, select "Add Devices" from the MobileACcess menu." +fi + +paired_devices=$paired_devices_tmp + +##################################################################### +# modechange script +# +cat <<EOF +<script type="text/javascript" src="/webif.js"></script> +<script type="text/javascript"> +<!-- +function modechange() +{ + var v; + $js + + hide('save'); + show('save'); +} +--> +</script> + +EOF + +################################################################### +# show form +# +display_form <<EOF +onchange|modechange +$paired_devices +EOF + +footer ?> + +<!-- +##WEBIF:name:MobileACcess:1:Status +--> -- This is the pisa developer mailing list. Please also subscribe to the main pisa list at: //www.freelists.org/list/pisa