unifid

#!./luajit

package.cpath = "/home/essele/dev/unifi/c/?.so"

unisvr = package.loadlib("c/unisvr.so", "luaopen_unisvr")()



print(unisvr.gen_hex(16));

--x = unisvr.read_table("ap/fred");
--print("x="..tostring(x));
--print("a="..x.a);
--print("c="..x.c);

--l = {}
--l.a = 45;
--l.b = 98;
--l.c = "hello";
--unisvr.write_table("fred", l)



-- we will keep live data in a table (key=mac) so that we don't
-- write too much data to the flash, we don't need to persist
-- too much.

registry = {}
registry.settings = {}			-- overall settings
registry.ap = {}				-- access points

-- read our main configuration file in, this will be editable
-- through the admin interface

cf = unisvr.read_table("conf/main.cf")

-- the key to use when we get an initial request

default_key = "ba86f2bbe107c7c57eb5f2690775c712"

-- function to read a config item, but setting a default if
-- there isn't a value defined
function get_config(item, default)
	if(cf[item] == nil) then
		return default
	else
		return cf[item]
	end
end

-- prepare the initial response for new clients
function handle_adopting(c)
	local ap = registry.ap[c.mac]
	local full_response = false;

	print("IN ADOPING NOW")
	print(c.data.model)
	print(c.data.model_display)

	if(c.data.cfgversion == ap.cfgversion) then
		-- this means we have responded to the initial config, so we
		-- need to send the full response
		full_response = true;
	end

--	if(c.data.cfgversion == "?" or c.data.cfgversion ~= ap.cfgversion) then
	print("New Initial Config Needed")
	local env = {}
	local t = {}
	local include_authkey = false

	-- first work out if we need a new authkey, basically if we don't
	-- have one in the registry, or if we used a different one then we
	-- regenerate
	if(not ap.authkey or ap.authkey ~= c.used_authkey) then
		ap.authkey = unisvr.gen_hex(16)
		include_authkey = true
	end

	-- we create a config version for this config
	-- ubnt seem to use just a random hex string, I'm not sure it's the
	-- best approach since you could get a duplicate, but its very unlikely
	ap.cfgversion = unisvr.gen_hex(8)

	-- we need to encrypt the password for this ap but we want to keep
	-- the salt common for a given access point
	if(not ap.crypted_password) then
		ap.crypted_password = unisvr.crypt_password(get_config("admin_pass", "ubnt"))
	end

	--
	-- prepare for our template generation
	--
	env.CONFIG = get_config
	env.AP = ap
	env.include_authkey = include_authkey

-- HACK TO TEST TEMPLATE
full_response = true

	-- now generate the mgmtcfg template and fill in the other bits
	t.mgmtcfg = unisvr.template("templates/mgmtcfg.ltp", env)
	t._type = "setparam"
	t.server_time_in_utc = unisvr.time()

	if(full_response) then
		t.system_cfg = unisvr.template("templates/system_cfg.ltp", env);
--		local admin_user = get_config("admin_user", "ubnt")
--		local admin_pass = get_config("admin_pass", "ubnt")
--		local ntp_server = get_config("ntp_server", "0.ubnt.pool.ntp.org")
--
--		-- TODO: crypt with random salt

--		unisvr.add_cfg(t, "system_cfg", "# users")
--		unisvr.add_cfg(t, "system_cfg", "users.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "users.1.name", admin_user)
--		unisvr.add_cfg(t, "system_cfg", "users.1.password", admin_pass)
--		unisvr.add_cfg(t, "system_cfg", "users.1.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "# bridge")
--		unisvr.add_cfg(t, "system_cfg", "bridge.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "bridge.1.devname", "br0")
--		unisvr.add_cfg(t, "system_cfg", "bridge.1.fd", "1")
--		unisvr.add_cfg(t, "system_cfg", "bridge.1.stp.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "bridge.1.port.1.devname", "eth0")
--		if(ap.inform.has_eth1 == true) then
--			unisvr.add_cfg(t, "system_cfg", "bridge.1.port.2.devname", "eth1")
--		end
--		unisvr.add_cfg(t, "system_cfg", "snmp.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "ppp.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "pwdog.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "dnsmasq.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "wpasupplicant.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "dhcpd.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "httpd.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "httpd.port.http", "80")
--		unisvr.add_cfg(t, "system_cfg", "httpd.port", "80")
--		unisvr.add_cfg(t, "system_cfg", "igmpproxy.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "telnetd.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "tshaper.status", "disabled")
--		unisvr.add_cfg(t, "system_cfg", "netmode", "bridge")
--		unisvr.add_cfg(t, "system_cfg", "ntpclient.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "ntpclient.1.server", ntp_server)
--		unisvr.add_cfg(t, "system_cfg", "ntpclient.1.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "syslog.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "syslog.level", "7")		-- TODO: 7 or 8
--		unisvr.add_cfg(t, "system_cfg", "resolv.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "resolv.nameserver.1.status", "disabled")	-- TODO: by config
--		unisvr.add_cfg(t, "system_cfg", "resolv.nameserver.2.status", "disabled")	-- TODO: by config
--		unisvr.add_cfg(t, "system_cfg", "dhcpc.1.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "dhcpc.1.devname", "br0")
--		unisvr.add_cfg(t, "system_cfg", "route.status", "enabled")
--		unisvr.add_cfg(t, "system_cfg", "vlan.status", "enabled")
--		
	end

	c.data = t;
	print(unisvr.serialise(t, true))		-- DEBUG
end

-- there is a basic state machine process that we need to follow
-- for "inform" messages.
--
-- If we don't know the client then we put it as pending (PENDING)
-- Once set to adopt, we generate keys and send the base reply (ADOPTING)
-- Once the base reply is fed back we configure (PROVISIONING)
-- When complete, it's (CONNECTED)

function process_inform(c)
	local authkey
	print("Processing client: "..c.mac)

	-- first we work out if we can decrypt the message if it's
	-- encrypted
	
	if(c.encrypted) then
		if(registry.ap[c.mac] and registry.ap[c.mac].authkey) then
			authkey = registry.ap[c.mac].authkey
			local rc, err = unisvr.decrypt(c, authkey)
			if(not rc) then
				print("failed to decrypt using specified key, will try default")
			end
		end

		if(not c.data) then
			authkey = "ba86f2bbe107c7c57eb5f2690775c712"	
			local rc, err = unisvr.decrypt(c, authkey)
			if(not rc) then
				print("err is "..err)
				return 0
			end
		end

		c.used_authkey = authkey
	end

	if(not registry.ap[c.mac]) then
		-- this is the completely unknown case, we simply mark
		-- the client as pending and drop through...
		registry.ap[c.mac] = {}
		registry.ap[c.mac].state = "PENDING"
		registry.ap[c.mac].inform = c.data
		print("new client in pending state: "..c.mac)
	end

	-- We know the client by this stage, but it could just be pending
	-- in which case we reply with a 400 Bad Request
	if(registry.ap[c.mac].state == "PENDING") then
		c.status = 400
		c.data = nil
		unisvr.reply(c)
		return
	end

	-- If we have a client in "ADOPTING" then we need to see what
	-- kind of request it was. If we have no config or the wrong
	-- config then we set some defaults and reply. Otherwise we
	-- start provisioning
	if(registry.ap[c.mac].state == "ADOPTING") then
		handle_adopting(c)
		c.status = 200;

		-- if we are encrypted then we need to encrypt the data
		-- with the key we used to decrypt (not the new key)
		if(c.encrypted) then
			local rc, err = unisvr.encrypt(c, authkey);
			if(not rc) then
				print("err is "..err);
				return 0
			end
		end
		unisvr.reply(c)
		return
	end

end

-- 
-- handle incoming admin requests.
--

function process_admin(c)
	print("have admin message");

	-- basic sanity check to ensure we could deserialise
	-- the request
	if(not c.data or not c.data.action) then
		c.data = { error = "malformed request" }
		goto done
	end

	-- the adopt action takes a mac address as an argument
	if(c.data.action == "adopt") then
		local mac = c.data.args[1]

		if(not mac) then
			c.data = { error = "expected mac address" }
			goto done
		end
		if(not registry.ap[mac]) then
			c.data = { error = "unknown ap" }
			goto done
		end
		print("STATE is "..registry.ap[mac].state)
		if(registry.ap[mac].state ~= "PENDING") then
			c.data = { error = "ap not in PENDING state" }
			goto done
		end
		registry.ap[mac].state = "ADOPTING"
		c.data = { status = "ok" }
		goto done
	end

	if(c.data.action == "list-ap") then
		c.data = { status = "ok", ap = {} }
		for k,v in pairs(registry.ap) do
			c.data.ap[k] = v;
		end
		goto done
	end

::done::
	unisvr.reply(c);
	return 0
end


-- this is the main loop that sits waiting for network connections.
-- we will accept an "inform" message from an access point or a local
-- connection from the admin client

local c			-- the client/control message

unisvr.server_init()
while(1) do
	-- get an "inform" or a "control" message
	c = unisvr.get_client()

	-- process the message
	if(c.inform) then
		process_inform(c)
	elseif(c.admin) then
		process_admin(c)
	else
		print("unknown message")
	end
end

-- read our record...
-- if we don't have one then create some stuff


if(c.encrypted) then
	local rc, err = unisvr.decrypt(c, "ba86f2bbe107c7c57eb5f2690775c712")
	if(not rc) then
		print("err is "..err);
		return 0
	end
end

print(unisvr.serialise(c))


--print(unisvr.serialise(x))

-- print("rrr is " .. t.rrr)
-- print("rrr is " .. type(t.rrr))

--[[
t = {}
t.fred = 1
t.bill = "new"
t.three = {}

t.three.__list = 1
t.three[1] = "hello"
t.three[2] = "blah"
t.three[3] = 556677.45

t.four = {}
t.four.athstats = {}
t.four.athstats.__list = 1
t.four.athstats[1] = {}
t.four.athstats[1].ast_ath_reset = 1
t.four.athstats[1].n_rx_affr = 1
t.four.athstats[1].n_tx_pkts = 0
t.four.athstats[2] = {}
t.four.athstats[2].ast_ath_reset = 1
t.four.athstats[2].n_rx_affr = 1
t.four.athstats[2].n_tx_pkts = 0
t.four.a = 45;
t.four.b = 44;

print(unisvr.serialise(t))
]]--