탐색 도움말
로그인
tmp
/
libreCMC
원본 프로젝트 : libreCMC/libreCMC
1
0
포크 0
파일
트리: 43b024b724
브랜치 태그
libreCMC
/
package
/
network
/
services
/
cjdns
/
lua
/
cjdns
/
uci.lua

uci.lua 8.2 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289 
  1. common = require("cjdns/common")
    2. 

  2. uci    = require("uci")
    3. 

  3. 

  4. UCI = {}
    5. 

  5. common.uci = UCI
    6. 

  6. 

  7. --- Return the configuration defaults as a table suitable for JSON output
    8. 

  8. --
    9. 

  9. -- Mostly taken from cjdroute --genconf
    10. 

  10. -- @return table with configuration defaults
    11. 

  11. function UCI.defaults()
    12. 

  12.   return {
    13. 

  13.     security = {
    14. 

  14.       { setuser = "nobody", keepNetAdmin = 1 },
    15. 

  15.       { chroot = "/var/run/" },
    16. 

  16.       { nofiles = 0 },
    17. 

  17.       { noforks = 1 },
    18. 

  18.       { seccomp = 0 },
    19. 

  19.       { setupComplete = 1 }
    20. 

  20.     },
    21. 

  21.     router = {
    22. 

  22.         ipTunnel = { outgoingConnections = {}, allowedConnections = {} },
    23. 

  23.         interface = { type = "TUNInterface" }
    24. 

  24.     },
    25. 

  25.     interfaces = { UDPInterface = {}, ETHInterface = {} },
    26. 

  26.     authorizedPasswords = {},
    27. 

  27.     logging = { logTo = "stdout" }
    28. 

  28.   }
    29. 

  29. end
    30. 

  30. 

  31. --- Return the cjdns configuration as a table suitable for JSON output
    32. 

  32. --
    33. 

  33. -- Iterates over cjdns, eth_interface, udp_interface, eth_peer, udp_peer,
    34. 

  34. -- and password sections. Doesn't include IPTunnel related options yet.
    35. 

  35. -- @return table with cjdns configuration
    36. 

  36. function UCI.get()
    37. 

  37.   local obj = UCI.defaults()
    38. 

  38. 

  39.   local cursor = uci.cursor()
    40. 

  40. 

  41.   local config = cursor:get_all("cjdns", "cjdns")
    42. 

  42.   if not config then return obj end
    43. 

  43. 

  44.   obj.ipv6 = config.ipv6
    45. 

  45.   obj.publicKey = config.public_key
    46. 

  46.   obj.privateKey = config.private_key
    47. 

  47.   obj.admin = {
    48. 

  48.     bind = config.admin_address .. ":" .. config.admin_port,
    49. 

  49.     password = config.admin_password }
    50. 

  50. 

  51.   if config.tun_device and string.len(config.tun_device) > 0 then
    52. 

  52.     obj.router.interface.tunDevice = config.tun_device
    53. 

  53.   end
    54. 

  54. 

  55.   for i,section in pairs(obj.security) do
    56. 

  56.     if type(section.seccomp) == "number" then
    57. 

  57.       obj.security[i].seccomp = tonumber(config.seccomp)
    58. 

  58.     end
    59. 

  59.   end
    60. 

  60. 

  61.   cursor:foreach("cjdns", "iptunnel_outgoing", function(outgoing)
    62. 

  62.     table.insert(obj.router.ipTunnel.outgoingConnections, outgoing.public_key)
    63. 

  63.   end)
    64. 

  64. 

  65.   cursor:foreach("cjdns", "iptunnel_allowed", function(allowed)
    66. 

  66.     entry = { publicKey = allowed.public_key }
    67. 

  67.     if allowed.ipv4 then
    68. 

  68.       entry["ip4Address"] = allowed.ipv4
    69. 

  69.     end
    70. 

  70.     if allowed.ipv6 then
    71. 

  71.       entry["ip6Address"] = allowed.ipv6
    72. 

  72.     end
    73. 

  73.     table.insert(obj.router.ipTunnel.allowedConnections, entry)
    74. 

  74.   end)
    75. 

  75. 

  76.   cursor:foreach("cjdns", "eth_interface", function(eth_interface)
    77. 

  77.     table.insert(obj.interfaces.ETHInterface, {
    78. 

  78.       bind = eth_interface.bind,
    79. 

  79.       beacon = tonumber(eth_interface.beacon),
    80. 

  80.       connectTo = {}
    81. 

  81.     })
    82. 

  82.   end)
    83. 

  83. 

  84.   cursor:foreach("cjdns", "udp_interface", function(udp_interface)
    85. 

  85.     table.insert(obj.interfaces.UDPInterface, {
    86. 

  86.       bind = udp_interface.address .. ":" .. udp_interface.port,
    87. 

  87.       connectTo = {}
    88. 

  88.     })
    89. 

  89.   end)
    90. 

  90. 

  91.   cursor:foreach("cjdns", "eth_peer", function(eth_peer)
    92. 

  92.     if not eth_peer.address == "" then
    93. 

  93.       local i = tonumber(eth_peer.interface)
    94. 

  94.       obj.interfaces.ETHInterface[i].connectTo[eth_peer.address] = {
    95. 

  95.         publicKey = eth_peer.public_key,
    96. 

  96.         password = eth_peer.password
    97. 

  97.       }
    98. 

  98.     end
    99. 

  99.   end)
    100. 

  100. 

  101.   cursor:foreach("cjdns", "udp_peer", function(udp_peer)
    102. 

  102.     local bind = udp_peer.address .. ":" .. udp_peer.port
    103. 

  103.     local i = tonumber(udp_peer.interface)
    104. 

  104.     obj.interfaces.UDPInterface[i].connectTo[bind] = {
    105. 

  105.       user = udp_peer.user,
    106. 

  106.       publicKey = udp_peer.public_key,
    107. 

  107.       password = udp_peer.password
    108. 

  108.     }
    109. 

  109.   end)
    110. 

  110. 

  111.   cursor:foreach("cjdns", "password", function(password)
    112. 

  112.     table.insert(obj.authorizedPasswords, {
    113. 

  113.       password = password.password,
    114. 

  114.       user = password.user,
    115. 

  115.       contact = password.contact
    116. 

  116.     })
    117. 

  117.   end)
    118. 

  118. 

  119.   return obj
    120. 

  120. end
    121. 

  121. 

  122. --- Parse and save updated configuration from JSON input
    123. 

  123. --
    124. 

  124. -- Transforms general settings, ETHInterface, UDPInterface, connectTo, and
    125. 

  125. -- authorizedPasswords fields into UCI sections, and replaces the UCI config's
    126. 

  126. -- contents with them.
    127. 

  127. -- @param table JSON input
    128. 

  128. -- @return Boolean whether saving succeeded
    129. 

  129. function UCI.set(obj)
    130. 

  130.   local cursor = uci.cursor()
    131. 

  131. 

  132.   for i, section in pairs(cursor:get_all("cjdns")) do
    133. 

  133.     cursor:delete("cjdns", section[".name"])
    134. 

  134.   end
    135. 

  135. 

  136.   local admin_address, admin_port = string.match(obj.admin.bind, "^(.*):(.*)$")
    137. 

  137.   UCI.cursor_section(cursor, "cjdns", "cjdns", "cjdns", {
    138. 

  138.     ipv6 = obj.ipv6,
    139. 

  139.     public_key = obj.publicKey,
    140. 

  140.     private_key = obj.privateKey,
    141. 

  141.     admin_password = obj.admin.password,
    142. 

  142.     admin_address = admin_address,
    143. 

  143.     admin_port = admin_port
    144. 

  144.   })
    145. 

  145. 

  146.   if obj.router.interface.tunDevice then
    147. 

  147.     UCI.cursor_section(cursor, "cjdns", "cjdns", "cjdns", {
    148. 

  148.       tun_device = tostring(obj.router.interface.tunDevice)
    149. 

  149.     })
    150. 

  150.   end
    151. 

  151. 

  152.   if obj.security then
    153. 

  153.     for i,section in pairs(obj.security) do
    154. 

  154.       for key,value in pairs(section) do
    155. 

  155.         if key == "seccomp" then
    156. 

  156.           UCI.cursor_section(cursor, "cjdns", "cjdns", "cjdns", {
    157. 

  157.             seccomp = tonumber(value)
    158. 

  158.           })
    159. 

  159.         end
    160. 

  160.       end
    161. 

  161.     end
    162. 

  162.   end
    163. 

  163. 

  164.   if obj.router.ipTunnel.outgoingConnections then
    165. 

  165.     for i,public_key in pairs(obj.router.ipTunnel.outgoingConnections) do
    166. 

  166.       UCI.cursor_section(cursor, "cjdns", "iptunnel_outgoing", nil, {
    167. 

  167.         public_key = public_key
    168. 

  168.       })
    169. 

  169.     end
    170. 

  170.   end
    171. 

  171. 

  172.   if obj.router.ipTunnel.allowedConnections then
    173. 

  173.     for i,allowed in pairs(obj.router.ipTunnel.allowedConnections) do
    174. 

  174.       entry = { public_key = allowed.publicKey }
    175. 

  175.       if allowed.ip4Address then
    176. 

  176.         entry["ipv4"] = allowed.ip4Address
    177. 

  177.       end
    178. 

  178.       if allowed.ip6Address then
    179. 

  179.         entry["ipv6"] = allowed.ip6Address
    180. 

  180.       end
    181. 

  181. 

  182.       UCI.cursor_section(cursor, "cjdns", "iptunnel_allowed", nil, entry)
    183. 

  183.     end
    184. 

  184.   end
    185. 

  185. 

  186.   if obj.interfaces.ETHInterface then
    187. 

  187.     for i,interface in pairs(obj.interfaces.ETHInterface) do
    188. 

  188.       UCI.cursor_section(cursor, "cjdns", "eth_interface", nil, {
    189. 

  189.         bind = interface.bind,
    190. 

  190.         beacon = tostring(interface.beacon)
    191. 

  191.       })
    192. 

  192. 

  193.       if interface.connectTo then
    194. 

  194.         for peer_address,peer in pairs(interface.connectTo) do
    195. 

  195.           UCI.cursor_section(cursor, "cjdns", "eth_peer", nil, {
    196. 

  196.             interface = i,
    197. 

  197.             address = peer_address,
    198. 

  198.             public_key = peer.publicKey,
    199. 

  199.             password = peer.password
    200. 

  200.           })
    201. 

  201.         end
    202. 

  202.       end
    203. 

  203.     end
    204. 

  204.   end
    205. 

  205. 

  206.   if obj.interfaces.UDPInterface then
    207. 

  207.     for i,interface in pairs(obj.interfaces.UDPInterface) do
    208. 

  208.       local address, port = string.match(interface.bind, "^(.*):(.*)$")
    209. 

  209.       UCI.cursor_section(cursor, "cjdns", "udp_interface", nil, {
    210. 

  210.         address = address,
    211. 

  211.         port = port
    212. 

  212.       })
    213. 

  213. 

  214.       if interface.connectTo then
    215. 

  215.         for peer_bind,peer in pairs(interface.connectTo) do
    216. 

  216.           local peer_address, peer_port = string.match(peer_bind, "^(.*):(.*)$")
    217. 

  217.           UCI.cursor_section(cursor, "cjdns", "udp_peer", nil, {
    218. 

  218.             interface = i,
    219. 

  219.             address = peer_address,
    220. 

  220.             port = peer_port,
    221. 

  221.             user = peer.user,
    222. 

  222.             public_key = peer.publicKey,
    223. 

  223.             password = peer.password
    224. 

  224.           })
    225. 

  225.         end
    226. 

  226.       end
    227. 

  227.     end
    228. 

  228.   end
    229. 

  229. 

  230.   if obj.authorizedPasswords then
    231. 

  231.     for i,password in pairs(obj.authorizedPasswords) do
    232. 

  232.       local user = password.user
    233. 

  233.       if not user or string.len(user) == 0 then
    234. 

  234.         user = "user-" .. UCI.random_string(6)
    235. 

  235.       end
    236. 

  236. 

  237.       UCI.cursor_section(cursor, "cjdns", "password", nil, {
    238. 

  238.         password = password.password,
    239. 

  239.         user = user,
    240. 

  240.         contact = password.contact
    241. 

  241.       })
    242. 

  242.     end
    243. 

  243.   end
    244. 

  244. 

  245.   return cursor:save("cjdns")
    246. 

  246. end
    247. 

  247. 

  248. --- Simple backport of Cursor:section from luci.model.uci
    249. 

  249. --
    250. 

  250. -- Backport reason: we don't wanna depend on LuCI.
    251. 

  251. -- @param Cursor the UCI cursor to operate on
    252. 

  252. -- @param string name of the config
    253. 

  253. -- @param string type of the section
    254. 

  254. -- @param string name of the section (optional)
    255. 

  255. -- @param table config values
    256. 

  256. function UCI.cursor_section(cursor, config, type, section, values)
    257. 

  257.   if section then
    258. 

  258.     cursor:set(config, section, type)
    259. 

  259.   else
    260. 

  260.     section = cursor:add("cjdns", type)
    261. 

  261.   end
    262. 

  262. 

  263.   for k,v in pairs(values) do
    264. 

  264.     cursor:set(config, section, k, v)
    265. 

  265.   end
    266. 

  266. end
    267. 

  267. 

  268. function UCI.makeInterface()
    269. 

  269.   local cursor = uci.cursor()
    270. 

  270. 

  271.   local config = cursor:get_all("cjdns", "cjdns")
    272. 

  272.   if not config then return nil end
    273. 

  273. 

  274.   return common.AdminInterface.new({
    275. 

  275.     host = config.admin_address,
    276. 

  276.     port = config.admin_port,
    277. 

  277.     password = config.admin_password,
    278. 

  278.     config = UCI.get(),
    279. 

  279.     timeout = 2
    280. 

  280.   })
    281. 

  281. end
    282. 

  282. 

  283. function UCI.random_string(length)
    284. 

  284.   -- tr -cd 'A-Za-z0-9' < /dev/urandom
    285. 

  285.   local urandom = io.popen("tr -cd 'A-Za-z0-9' 2> /dev/null < /dev/urandom", "r")
    286. 

  286.   local string = urandom:read(length)
    287. 

  287.   urandom:close()
    288. 

  288.   return string
    289. 

  289. end
    290.