2023-08-08 22:55:30 +00:00
|
|
|
#!rsc by RouterOS
|
|
|
|
# RouterOS script: hotspot-to-wpa.wifiwave2
|
2024-01-01 14:25:25 +00:00
|
|
|
# Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
|
2023-08-08 22:55:30 +00:00
|
|
|
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
|
|
|
#
|
2023-11-15 20:31:18 +00:00
|
|
|
# requires RouterOS, version=7.12
|
|
|
|
#
|
2023-08-08 22:55:30 +00:00
|
|
|
# add private WPA passphrase after hotspot login
|
|
|
|
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
|
|
|
|
#
|
|
|
|
# !! Do not edit this file, it is generated from template!
|
|
|
|
|
2023-11-15 20:31:18 +00:00
|
|
|
:local 0 [ :jobname ];
|
2023-08-08 22:55:30 +00:00
|
|
|
:global GlobalFunctionsReady;
|
|
|
|
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
|
|
|
|
|
|
|
|
:global EitherOr;
|
|
|
|
:global LogPrintExit2;
|
|
|
|
:global ParseKeyValueStore;
|
|
|
|
:global ScriptLock;
|
|
|
|
|
|
|
|
$ScriptLock $0;
|
|
|
|
|
|
|
|
:local MacAddress $"mac-address";
|
|
|
|
:local UserName $username;
|
|
|
|
|
|
|
|
:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
|
|
|
|
$LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
|
|
|
|
}
|
|
|
|
|
|
|
|
:local Date [ /system/clock/get date ];
|
|
|
|
:local UserVal ({});
|
|
|
|
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
|
|
|
|
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
|
|
|
|
}
|
|
|
|
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
|
|
|
|
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
|
|
|
|
|
|
|
|
:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
|
|
|
|
/interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
|
|
|
|
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
|
|
|
|
}
|
|
|
|
:local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
|
|
|
|
|
|
|
|
:if ([ :len [ /interface/wifiwave2/access-list/find where \
|
|
|
|
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
|
|
|
|
/interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
|
|
|
|
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
|
|
|
|
}
|
|
|
|
:local Template [ /interface/wifiwave2/access-list/get ([ find where \
|
|
|
|
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
|
|
|
|
|
|
|
|
:if ($Template->"action" = "reject") do={
|
|
|
|
$LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
|
|
|
|
}
|
|
|
|
|
|
|
|
# allow login page to load
|
|
|
|
:delay 1s;
|
|
|
|
|
|
|
|
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
|
|
|
|
" (user " . $UserName . ").") false;
|
|
|
|
/interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
|
|
|
|
/interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
|
|
|
|
mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
|
|
|
|
action=reject place-before=$PlaceBefore;
|
|
|
|
|
|
|
|
:local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
|
|
|
|
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
|
|
|
|
:set ($Template->"private-passphrase") ($Template->"passphrase");
|
|
|
|
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
|
|
|
|
:if ([ :len $PrivatePassphrase ] > 0) do={
|
|
|
|
:if ($PrivatePassphrase = "ignore") do={
|
|
|
|
/interface/wifiwave2/access-list/set $Entry !passphrase;
|
|
|
|
} else={
|
|
|
|
/interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
|
|
|
|
:if ([ :len $SsidRegexp ] > 0) do={
|
|
|
|
/interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
|
|
|
|
}
|
|
|
|
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
|
|
|
|
:if ([ :len $VlanId ] > 0) do={
|
|
|
|
/interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
|
|
|
|
}
|
|
|
|
|
|
|
|
:delay 2s;
|
|
|
|
/interface/wifiwave2/access-list/set $Entry action=accept;
|