#!/bin/sh
. /lib/functions.sh
SCRIPT=$0
# the lock is meant for ebtables, and other scripts are also
# using ebtables. Needs clean up, maybe move to functions.sh, TBD?
LOCKFILE=/tmp/ebtables.lock
LOGFILE=/tmp/log/parental_control.log
PACKAGE=parental_control
# variable to remember if parental control is enabled
parental_control_enabled=0
# uncomment the next line if matching rules should be logged to syslog
# (for debugging), needs watchers extension
#local EBLOG=--log
_log()
{
if [ ${LOGGING} -eq 1 ]; then
local ts=$(date)
echo "$ts $@" >> ${LOGFILE}
fi
}
_exit()
{
local rc=$1
lock -u ${LOCKFILE}
exit ${rc}
}
_cron_restart()
{
/etc/init.d/cron restart > /dev/null
}
_add_cron_script()
{
(crontab -l ; echo "$1") | sort -u | crontab -
}
_rm_cron_script()
{
crontab -l | grep -v "$1" | sort -u | crontab -
}
_rm_and_add_cron_script()
{
(crontab -l | grep -v "$1"; [ -n "$2" ] && echo "$2") | sort -u | crontab -
}
_format_dow_list()
{
local dow=$1
local flist=""
local day
for day in ${dow}
do
if [ ! -z ${flist} ]; then
flist="${flist},"
fi
flist="${flist}${day:0:3}"
done
echo ${flist}
}
_shift_dow_list_by_one_day()
{
local dow=$1
local flist=""
local day
for day in $1
do
if [ ! -z ${flist} ]; then
flist="${flist},"
fi
case $day in
Mon*)
flist="${flist}Tue"
;;
Tue*)
flist="${flist}Wed"
;;
Wed*)
flist="${flist}Thu"
;;
Thu*)
flist="${flist}Fri"
;;
Fri*)
flist="${flist}Sat"
;;
Sat*)
flist="${flist}Sun"
;;
Sun*)
flist="${flist}Mon"
;;
esac
done
echo "$flist"
}
_enable_parental_control()
{
local entry=$1
local enabled starttime stoptime dow
config_get enabled $entry enabled 0
[ "$enabled" -eq 0 ] && return 0
config_get starttime $entry starttime
[ -z "$starttime" ] && return 1
config_get stoptime $entry stoptime
[ -z "$stoptime" ] && return 1
config_get dow $entry daysofweek
[ -z "$dow" ] && return 1
local fdow=$(_format_dow_list "$dow")
# If it shall stop on the same day at 00:00, 24:00 is the transition to the following day, if this is the case,
# the days of the weeks have to be incremented by one
if [ "${stoptime}" == "24:00" ]; then
fdow_stop=$(_shift_dow_list_by_one_day "$dow")
stoptime="0:00"
else
fdow_stop=${fdow}
fi
local stop_cron_entry="$(echo ${stoptime} | awk -F':' '{print $2, $1}') * * ${fdow_stop} ${SCRIPT} check" # ${entry}"
echo "${stop_cron_entry}"
if [[ $starttime != $stoptime ]]
then
local start_cron_entry="$(echo ${starttime} | awk -F':' '{print $2, $1}') * * ${fdow} ${SCRIPT} check" # ${entry}"
echo "${start_cron_entry}"
fi
return 0
}
_create_cron_entries()
{
config_foreach _enable_parental_control entry
}
replace_rules() {
local mac macs="$1"
ebtables -F i-parental-control
ebtables -F o-parental-control
for mac in $macs; do
ebtables -A i-parental-control -s $mac -j DROP $EBLOG
ebtables -A o-parental-control -d $mac -j DROP $EBLOG
done
}
create_chains() {
ebtables -N i-parental-control -P RETURN 2>/dev/null || return 0
ebtables -N o-parental-control -P RETURN 2>/dev/null || return 0
ebtables -A INPUT -i ath+ -j i-parental-control $EBLOG
ebtables -A FORWARD -i ath+ -j i-parental-control $EBLOG
ebtables -A FORWARD -o ath+ -j o-parental-control $EBLOG
ebtables -A OUTPUT -o ath+ -j o-parental-control $EBLOG
}
delete_chains() {
ebtables -D INPUT -i ath+ -j i-parental-control $EBLOG 2>/dev/null
ebtables -D FORWARD -i ath+ -j i-parental-control $EBLOG 2>/dev/null
ebtables -D FORWARD -o ath+ -j o-parental-control $EBLOG 2>/dev/null
ebtables -D OUTPUT -o ath+ -j o-parental-control $EBLOG 2>/dev/null
ebtables -X i-parental-control 2>/dev/null
ebtables -X o-parental-control 2>/dev/null
}
check_cron_status()
{
if [ ${parental_control_enabled} -eq 1 ]; then
_rm_and_add_cron_script "${SCRIPT}" "$(_create_cron_entries)"
else
_rm_cron_script "${SCRIPT}"
fi
_cron_restart
}
handle_global() {
local cfg="$1"
config_get_bool parental_control_enabled "$cfg" enabled 0
config_get_bool LOGGING "$cfg" logging 0
}
handle_entry() {
local cfg="$1"; shift
local curTime="$1"; shift
local weekday="$1"; shift
local blocked_var="$1"; shift
local allowed_var="$1"; shift
local list_var
local entry_enabled starttime stoptime stations dow
config_get_bool entry_enabled "$cfg" enabled 0
# Check if current entry is enabled
[ "$entry_enabled" -eq 0 ] && return 0
# lowercase:
stations="$(config_get "$cfg" stations | tr ABCDEF abcdef)"
config_get dow "$cfg" daysofweek
[ -z "$dow" ] && return 1
config_get starttime "$cfg" starttime
[ -z "$starttime" ] && return 1
config_get stoptime "$cfg" stoptime
[ -z "$stoptime" ] && return 1
# Check if current entry is relevant for today
echo "$dow" | grep "$weekday" > /dev/null || return 0
#remove :, so that we can make easy integer comparison
starttime=${starttime//:}
stoptime=${stoptime//:}
if [ $curTime -ge $starttime ] && [ $curTime -lt $stoptime ]; then
list_var=$allowed_var
else
list_var=$blocked_var
fi
# add or delete rules to the list of stations
local st
for st in $stations; do
! list_contains $list_var $st && append $list_var $st
done
}
# evaluate if a MAC address is allowed at the current time of day
check_and_apply_parental_control_state() {
local curTime=$(date "+%k%M")
local weekday=$(date "+%A")
if [ "$parental_control_enabled" -eq 0 ]; then
delete_chains
else
local blocked_macs allowed_macs st stations
create_chains
# collect which MACs are allowed or blocked by a config entry in separate lists
config_foreach handle_entry entry "$curTime" "$weekday" blocked_macs allowed_macs
# allowed wins
for st in $blocked_macs; do
! list_contains allowed_macs $st && append stations $st
done
replace_rules "$stations"
fi
}
usage()
{
echo ""
echo "$0 cron|check|help"
echo ""
echo " UCI Config File: /etc/config/${PACKAGE}"
echo ""
echo " cron: Create cronjob entries."
echo " check: Check if stations should get access to the network or should be blocked"
echo " help: This description."
echo ""
}
###############################################################################
# MAIN
###############################################################################
config_load "${PACKAGE}"
config_foreach handle_global global
_log ${SCRIPT} $1 $2
lock ${LOCKFILE}
case "$1" in
cron) check_cron_status ;;
check) check_and_apply_parental_control_state;;
help|--help|-h|*) usage ;;
esac
_exit 0