-
Notifications
You must be signed in to change notification settings - Fork 3
/
unifid
executable file
·355 lines (291 loc) · 9.74 KB
/
unifid
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
#!./luajit
package.cpath = "/home/essele/dev/unifi/c/?.so"
unisvr = package.loadlib("c/unisvr.so", "luaopen_unisvr")()
print(unisvr.gen_hex(16));
--x = unisvr.read_table("ap/fred");
--print("x="..tostring(x));
--print("a="..x.a);
--print("c="..x.c);
--l = {}
--l.a = 45;
--l.b = 98;
--l.c = "hello";
--unisvr.write_table("fred", l)
-- we will keep live data in a table (key=mac) so that we don't
-- write too much data to the flash, we don't need to persist
-- too much.
registry = {}
registry.settings = {} -- overall settings
registry.ap = {} -- access points
-- read our main configuration file in, this will be editable
-- through the admin interface
cf = unisvr.read_table("conf/main.cf")
-- the key to use when we get an initial request
default_key = "ba86f2bbe107c7c57eb5f2690775c712"
-- function to read a config item, but setting a default if
-- there isn't a value defined
function get_config(item, default)
if(cf[item] == nil) then
return default
else
return cf[item]
end
end
-- prepare the initial response for new clients
function handle_adopting(c)
local ap = registry.ap[c.mac]
local full_response = false;
print("IN ADOPING NOW")
print(c.data.model)
print(c.data.model_display)
if(c.data.cfgversion == ap.cfgversion) then
-- this means we have responded to the initial config, so we
-- need to send the full response
full_response = true;
end
-- if(c.data.cfgversion == "?" or c.data.cfgversion ~= ap.cfgversion) then
print("New Initial Config Needed")
local env = {}
local t = {}
local include_authkey = false
-- first work out if we need a new authkey, basically if we don't
-- have one in the registry, or if we used a different one then we
-- regenerate
if(not ap.authkey or ap.authkey ~= c.used_authkey) then
ap.authkey = unisvr.gen_hex(16)
include_authkey = true
end
-- we create a config version for this config
-- ubnt seem to use just a random hex string, I'm not sure it's the
-- best approach since you could get a duplicate, but its very unlikely
ap.cfgversion = unisvr.gen_hex(8)
-- we need to encrypt the password for this ap but we want to keep
-- the salt common for a given access point
if(not ap.crypted_password) then
ap.crypted_password = unisvr.crypt_password(get_config("admin_pass", "ubnt"))
end
--
-- prepare for our template generation
--
env.CONFIG = get_config
env.AP = ap
env.include_authkey = include_authkey
-- HACK TO TEST TEMPLATE
full_response = true
-- now generate the mgmtcfg template and fill in the other bits
t.mgmtcfg = unisvr.template("templates/mgmtcfg.ltp", env)
t._type = "setparam"
t.server_time_in_utc = unisvr.time()
if(full_response) then
t.system_cfg = unisvr.template("templates/system_cfg.ltp", env);
-- local admin_user = get_config("admin_user", "ubnt")
-- local admin_pass = get_config("admin_pass", "ubnt")
-- local ntp_server = get_config("ntp_server", "0.ubnt.pool.ntp.org")
--
-- -- TODO: crypt with random salt
-- unisvr.add_cfg(t, "system_cfg", "# users")
-- unisvr.add_cfg(t, "system_cfg", "users.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "users.1.name", admin_user)
-- unisvr.add_cfg(t, "system_cfg", "users.1.password", admin_pass)
-- unisvr.add_cfg(t, "system_cfg", "users.1.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "# bridge")
-- unisvr.add_cfg(t, "system_cfg", "bridge.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "bridge.1.devname", "br0")
-- unisvr.add_cfg(t, "system_cfg", "bridge.1.fd", "1")
-- unisvr.add_cfg(t, "system_cfg", "bridge.1.stp.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "bridge.1.port.1.devname", "eth0")
-- if(ap.inform.has_eth1 == true) then
-- unisvr.add_cfg(t, "system_cfg", "bridge.1.port.2.devname", "eth1")
-- end
-- unisvr.add_cfg(t, "system_cfg", "snmp.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "ppp.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "pwdog.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "dnsmasq.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "wpasupplicant.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "dhcpd.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "httpd.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "httpd.port.http", "80")
-- unisvr.add_cfg(t, "system_cfg", "httpd.port", "80")
-- unisvr.add_cfg(t, "system_cfg", "igmpproxy.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "telnetd.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "tshaper.status", "disabled")
-- unisvr.add_cfg(t, "system_cfg", "netmode", "bridge")
-- unisvr.add_cfg(t, "system_cfg", "ntpclient.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "ntpclient.1.server", ntp_server)
-- unisvr.add_cfg(t, "system_cfg", "ntpclient.1.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "syslog.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "syslog.level", "7") -- TODO: 7 or 8
-- unisvr.add_cfg(t, "system_cfg", "resolv.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "resolv.nameserver.1.status", "disabled") -- TODO: by config
-- unisvr.add_cfg(t, "system_cfg", "resolv.nameserver.2.status", "disabled") -- TODO: by config
-- unisvr.add_cfg(t, "system_cfg", "dhcpc.1.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "dhcpc.1.devname", "br0")
-- unisvr.add_cfg(t, "system_cfg", "route.status", "enabled")
-- unisvr.add_cfg(t, "system_cfg", "vlan.status", "enabled")
--
end
c.data = t;
print(unisvr.serialise(t, true)) -- DEBUG
end
-- there is a basic state machine process that we need to follow
-- for "inform" messages.
--
-- If we don't know the client then we put it as pending (PENDING)
-- Once set to adopt, we generate keys and send the base reply (ADOPTING)
-- Once the base reply is fed back we configure (PROVISIONING)
-- When complete, it's (CONNECTED)
function process_inform(c)
local authkey
print("Processing client: "..c.mac)
-- first we work out if we can decrypt the message if it's
-- encrypted
if(c.encrypted) then
if(registry.ap[c.mac] and registry.ap[c.mac].authkey) then
authkey = registry.ap[c.mac].authkey
local rc, err = unisvr.decrypt(c, authkey)
if(not rc) then
print("failed to decrypt using specified key, will try default")
end
end
if(not c.data) then
authkey = "ba86f2bbe107c7c57eb5f2690775c712"
local rc, err = unisvr.decrypt(c, authkey)
if(not rc) then
print("err is "..err)
return 0
end
end
c.used_authkey = authkey
end
if(not registry.ap[c.mac]) then
-- this is the completely unknown case, we simply mark
-- the client as pending and drop through...
registry.ap[c.mac] = {}
registry.ap[c.mac].state = "PENDING"
registry.ap[c.mac].inform = c.data
print("new client in pending state: "..c.mac)
end
-- We know the client by this stage, but it could just be pending
-- in which case we reply with a 400 Bad Request
if(registry.ap[c.mac].state == "PENDING") then
c.status = 400
c.data = nil
unisvr.reply(c)
return
end
-- If we have a client in "ADOPTING" then we need to see what
-- kind of request it was. If we have no config or the wrong
-- config then we set some defaults and reply. Otherwise we
-- start provisioning
if(registry.ap[c.mac].state == "ADOPTING") then
handle_adopting(c)
c.status = 200;
-- if we are encrypted then we need to encrypt the data
-- with the key we used to decrypt (not the new key)
if(c.encrypted) then
local rc, err = unisvr.encrypt(c, authkey);
if(not rc) then
print("err is "..err);
return 0
end
end
unisvr.reply(c)
return
end
end
--
-- handle incoming admin requests.
--
function process_admin(c)
print("have admin message");
-- basic sanity check to ensure we could deserialise
-- the request
if(not c.data or not c.data.action) then
c.data = { error = "malformed request" }
goto done
end
-- the adopt action takes a mac address as an argument
if(c.data.action == "adopt") then
local mac = c.data.args[1]
if(not mac) then
c.data = { error = "expected mac address" }
goto done
end
if(not registry.ap[mac]) then
c.data = { error = "unknown ap" }
goto done
end
print("STATE is "..registry.ap[mac].state)
if(registry.ap[mac].state ~= "PENDING") then
c.data = { error = "ap not in PENDING state" }
goto done
end
registry.ap[mac].state = "ADOPTING"
c.data = { status = "ok" }
goto done
end
if(c.data.action == "list-ap") then
c.data = { status = "ok", ap = {} }
for k,v in pairs(registry.ap) do
c.data.ap[k] = v;
end
goto done
end
::done::
unisvr.reply(c);
return 0
end
-- this is the main loop that sits waiting for network connections.
-- we will accept an "inform" message from an access point or a local
-- connection from the admin client
local c -- the client/control message
unisvr.server_init()
while(1) do
-- get an "inform" or a "control" message
c = unisvr.get_client()
-- process the message
if(c.inform) then
process_inform(c)
elseif(c.admin) then
process_admin(c)
else
print("unknown message")
end
end
-- read our record...
-- if we don't have one then create some stuff
if(c.encrypted) then
local rc, err = unisvr.decrypt(c, "ba86f2bbe107c7c57eb5f2690775c712")
if(not rc) then
print("err is "..err);
return 0
end
end
print(unisvr.serialise(c))
--print(unisvr.serialise(x))
-- print("rrr is " .. t.rrr)
-- print("rrr is " .. type(t.rrr))
--[[
t = {}
t.fred = 1
t.bill = "new"
t.three = {}
t.three.__list = 1
t.three[1] = "hello"
t.three[2] = "blah"
t.three[3] = 556677.45
t.four = {}
t.four.athstats = {}
t.four.athstats.__list = 1
t.four.athstats[1] = {}
t.four.athstats[1].ast_ath_reset = 1
t.four.athstats[1].n_rx_affr = 1
t.four.athstats[1].n_tx_pkts = 0
t.four.athstats[2] = {}
t.four.athstats[2].ast_ath_reset = 1
t.four.athstats[2].n_rx_affr = 1
t.four.athstats[2].n_tx_pkts = 0
t.four.a = 45;
t.four.b = 44;
print(unisvr.serialise(t))
]]--