diff --git a/luci-app-pptpserver/Makefile b/luci-app-pptpserver/Makefile index 08d8bcd..0010053 100644 --- a/luci-app-pptpserver/Makefile +++ b/luci-app-pptpserver/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 2018-2020 Lienol +# Copyright (C) 2018-2021 Lienol # # This is free software, licensed under the Apache License, Version 2.0 . # @@ -6,10 +6,10 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI support for PPTP VPN Server -LUCI_DEPENDS:=+pptpd +kmod-mppe +ppp +LUCI_DEPENDS:=+pptpd +kmod-mppe +ppp +luci-lib-jsonc LUCI_PKGARCH:=all -PKG_VERSION:=1 -PKG_RELEASE:=5-20200608 +PKG_VERSION:=20211223 +PKG_RELEASE:=1 include $(TOPDIR)/feeds/luci/luci.mk diff --git a/luci-app-pptpserver/luasrc/controller/pptpd.lua b/luci-app-pptpserver/luasrc/controller/pptpd.lua index 234b84d..88cbe41 100644 --- a/luci-app-pptpserver/luasrc/controller/pptpd.lua +++ b/luci-app-pptpserver/luasrc/controller/pptpd.lua @@ -5,14 +5,11 @@ function index() if not nixio.fs.access("/etc/config/luci-app-pptpserver") then return end entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false - entry({"admin", "vpn", "pptpd"}, alias("admin", "vpn", "pptpd", "settings"), - _("PPTP VPN Server"), 48) - entry({"admin", "vpn", "pptpd", "settings"}, cbi("pptpd/settings"), - _("General Settings"), 10).leaf = true - entry({"admin", "vpn", "pptpd", "users"}, cbi("pptpd/users"), - _("Users Manager"), 20).leaf = true - entry({"admin", "vpn", "pptpd", "online"}, cbi("pptpd/online"), - _("Online Users"), 30).leaf = true + entry({"admin", "vpn", "pptpd"}, alias("admin", "vpn", "pptpd", "settings"), _("PPTP VPN Server"), 48) + entry({"admin", "vpn", "pptpd", "settings"}, cbi("pptpd/settings"), _("General Settings"), 10).leaf = true + entry({"admin", "vpn", "pptpd", "users"}, cbi("pptpd/users"), _("Users Manager"), 20).leaf = true + entry({"admin", "vpn", "pptpd", "user"}, cbi("pptpd/user")).leaf = true + entry({"admin", "vpn", "pptpd", "online"}, cbi("pptpd/online"), _("Online Users"), 30).leaf = true entry({"admin", "vpn", "pptpd", "status"}, call("status")).leaf = true end diff --git a/luci-app-pptpserver/luasrc/model/cbi/pptpd/online.lua b/luci-app-pptpserver/luasrc/model/cbi/pptpd/online.lua index d73248f..a99a0d4 100644 --- a/luci-app-pptpserver/luasrc/model/cbi/pptpd/online.lua +++ b/luci-app-pptpserver/luasrc/model/cbi/pptpd/online.lua @@ -1,78 +1,84 @@ -local e = {} local o = require "luci.dispatcher" -local a = luci.util.execi("/bin/busybox top -bn1 | grep '/usr/sbin/pppd'") -for t in a do - local a, n, h, s, o, i = t:match("^ *(%d+) +(%d+) +.+options%.pptpd +(%d+) +(%S.-%S)%:(%S.-%S) +.+ +(.+)") - local t = tonumber(a) - if t then - e["%02i.%s" % {t, "online"}] = { - ['PID'] = a, - ['PPID'] = n, - ['SPEED'] = h, - ['GATEWAY'] = s, - ['VIP'] = o, - ['CIP'] = i, - ['BLACKLIST'] = 0 - } +local fs = require "nixio.fs" +local jsonc = require "luci.jsonc" + +local sessions = {} +local session_path = "/var/etc/pptpd/session" +if fs.access(session_path) then + for filename in fs.dir(session_path) do + local session_file = session_path .. "/" .. filename + local file = io.open(session_file, "r") + local t = jsonc.parse(file:read("*a")) + if t then + t.session_file = session_file + sessions[#sessions + 1] = t + end + file:close() end end -local a = luci.util.execi("sed = /etc/firewall.user | sed 'N;s/\\n/:/'") -for t in a do - local t, a = t:match("^ *(%d+)%:.+%#%# pptpd%-blacklist%-(.+)") - local t = tonumber(t) - if t then - e["%02i.%s" % {t, "blacklist"}] = - { - ['PID'] = "-1", - ['PPID'] = "-1", - ['SPEED'] = "-1", - ['GATEWAY'] = "-", - ['VIP'] = "-", - ['CIP'] = a, - ['BLACKLIST'] = 1 - } + +local blacklist = {} +local firewall_user_path = "/etc/firewall.user" +if fs.access(firewall_user_path) then + for line in io.lines(firewall_user_path) do + local m = line:match('pptpd%-blacklist%-([^\n]+)') + if m then + local t = {} + t.ip = m + blacklist[#blacklist + 1] = t + end end end + f = SimpleForm("processes", translate("PPTP VPN Server")) f.reset = false f.submit = false f.description = translate("Simple, quick and convenient PPTP VPN, universal across the platform") -t = f:section(Table, e, translate("Online Users")) -t:option(DummyValue, "GATEWAY", translate("Server IP")) -t:option(DummyValue, "VIP", translate("Client IP")) -t:option(DummyValue, "CIP", translate("IP address")) -blacklist = t:option(Button, "_blacklist", translate("Blacklist")) -function blacklist.render(e, t, a) - if e.map:get(t, "BLACKLIST") == 0 then - e.title = translate("Add to Blacklist") - e.inputstyle = "remove" - else - e.title = translate("Remove from Blacklist") - e.inputstyle = "apply" - end + +t = f:section(Table, sessions, translate("Online Users")) +t:option(DummyValue, "username", translate("Username")) +t:option(DummyValue, "interface", translate("Interface")) +t:option(DummyValue, "ip", translate("Client IP")) +t:option(DummyValue, "remote_ip", translate("IP address")) +t:option(DummyValue, "login_time", translate("Login Time")) + +_blacklist = t:option(Button, "_blacklist", translate("Blacklist")) +function _blacklist.render(e, t, a) + e.title = translate("Add to Blacklist") + e.inputstyle = "remove" Button.render(e, t, a) end -function blacklist.write(t, a) - local e = t.map:get(a, "CIP") - if t.map:get(a, "BLACKLIST") == 0 then - luci.util.execi( - "echo 'iptables -A input_rule -s %s -p tcp --dport 1723 -j DROP ## pptpd-blacklist-%s' >> /etc/firewall.user" % - {e, e}) - luci.util.execi( - "iptables -A input_rule -s %s -p tcp --dport 1723 -j DROP" % {e}) - null, t.tag_error[a] = luci.sys.process.signal(t.map:get(a, "PID"), 9) - else - luci.util.execi( - "sed -i -e '/## pptpd-blacklist-%s/d' /etc/firewall.user" % {e}) - luci.util.execi( - "iptables -D input_rule -s %s -p tcp --dport 1723 -j DROP" % {e}) - end +function _blacklist.write(t, s) + local e = t.map:get(s, "remote_ip") + luci.util.execi("echo 'iptables -I INPUT -s %s -p tcp --dport 1723 -j DROP ## pptpd-blacklist-%s' >> /etc/firewall.user" % {e, e}) + luci.util.execi("iptables -I INPUT -s %s -p tcp --dport 1723 -j DROP" % {e}) + luci.util.execi("rm -f " .. t.map:get(s, "session_file")) + null, t.tag_error[s] = luci.sys.process.signal(t.map:get(s, "pid"), 9) luci.http.redirect(o.build_url("admin/vpn/pptpd/online")) end -kill = t:option(Button, "_kill", translate("Forced offline")) -kill.inputstyle = "reset" -function kill.write(e, t) - null, e.tag_error[t] = luci.sys.process.signal(e.map:get(t, "PID"), 9) + +_kill = t:option(Button, "_kill", translate("Forced offline")) +_kill.inputstyle = "reset" +function _kill.write(t, s) + luci.util.execi("rm -f " .. t.map:get(s, "session_file")) + null, t.tag_error[t] = luci.sys.process.signal(t.map:get(s, "pid"), 9) luci.http.redirect(o.build_url("admin/vpn/pptpd/online")) end + +t = f:section(Table, blacklist, translate("Blacklist")) +t:option(DummyValue, "ip", translate("IP address")) + +_blacklist2 = t:option(Button, "_blacklist2", translate("Blacklist")) +function _blacklist2.render(e, t, a) + e.title = translate("Remove from Blacklist") + e.inputstyle = "apply" + Button.render(e, t, a) +end +function _blacklist2.write(t, s) + local e = t.map:get(s, "ip") + luci.util.execi("sed -i -e '/## pptpd-blacklist-%s/d' /etc/firewall.user" % {e}) + luci.util.execi("iptables -D INPUT -s %s -p tcp --dport 1723 -j DROP" % {e}) + luci.http.redirect(o.build_url("admin/vpn/pptpd/online")) +end + return f diff --git a/luci-app-pptpserver/luasrc/model/cbi/pptpd/settings.lua b/luci-app-pptpserver/luasrc/model/cbi/pptpd/settings.lua index 807231f..11da24f 100644 --- a/luci-app-pptpserver/luasrc/model/cbi/pptpd/settings.lua +++ b/luci-app-pptpserver/luasrc/model/cbi/pptpd/settings.lua @@ -13,7 +13,7 @@ o = s:option(DummyValue, "pptpd_status", translate("Current Condition")) o.template = "pptpd/status" o.value = translate("Collecting data...") -o = s:option(Flag, "enabled", translate("Enable VPN Server")) +o = s:option(Flag, "enabled", translate("Enabled")) o.rmempty = false o = s:option(Value, "localip", translate("Server IP"), translate("VPN Server IP address, it not required.")) diff --git a/luci-app-pptpserver/luasrc/model/cbi/pptpd/user.lua b/luci-app-pptpserver/luasrc/model/cbi/pptpd/user.lua new file mode 100644 index 0000000..85d6fc8 --- /dev/null +++ b/luci-app-pptpserver/luasrc/model/cbi/pptpd/user.lua @@ -0,0 +1,32 @@ +local d = require "luci.dispatcher" + +m = Map("luci-app-pptpserver", translate("Users Manager")) +m.redirect = d.build_url("admin", "vpn", "pptpd", "users") + +s = m:section(NamedSection, arg[1], "users", "") +s.addremove = false +s.anonymous = true + +o = s:option(Flag, "enabled", translate("Enabled")) +o.default = 1 +o.rmempty = false + +o = s:option(Value, "username", translate("Username")) +o.placeholder = translate("Username") +o.rmempty = false + +o = s:option(Value, "password", translate("Password")) +o.placeholder = translate("Password") +o.rmempty = false + +o = s:option(Value, "ipaddress", translate("IP address")) +o.placeholder = translate("Automatically") +o.datatype = "ip4addr" +o.rmempty = true + +o = s:option(DynamicList, "routes", translate("Static Routes")) +o.placeholder = "192.168.10.0/24" +o.datatype = "ipmask4" +o.rmempty = true + +return m diff --git a/luci-app-pptpserver/luasrc/model/cbi/pptpd/users.lua b/luci-app-pptpserver/luasrc/model/cbi/pptpd/users.lua index 8d98663..c1acea0 100644 --- a/luci-app-pptpserver/luasrc/model/cbi/pptpd/users.lua +++ b/luci-app-pptpserver/luasrc/model/cbi/pptpd/users.lua @@ -1,3 +1,4 @@ +local d = require "luci.dispatcher" m = Map("luci-app-pptpserver", translate("PPTP VPN Server")) m.description = translate("Simple, quick and convenient PPTP VPN, universal across the platform") @@ -5,20 +6,27 @@ s = m:section(TypedSection, "users", translate("Users Manager")) s.addremove = true s.anonymous = true s.template = "cbi/tblsection" +s.extedit = d.build_url("admin", "vpn", "pptpd", "user", "%s") +function s.create(e, t) + t = TypedSection.create(e, t) + luci.http.redirect(e.extedit:format(t)) +end o = s:option(Flag, "enabled", translate("Enabled")) +o.default = 1 o.rmempty = false -o = s:option(Value, "username", translate("User name")) -o.placeholder = translate("User name") -o.rmempty = true +o = s:option(Value, "username", translate("Username")) +o.placeholder = translate("Username") +o.rmempty = false o = s:option(Value, "password", translate("Password")) -o.rmempty = true +o.placeholder = translate("Password") +o.rmempty = false o = s:option(Value, "ipaddress", translate("IP address")) o.placeholder = translate("Automatically") -o.datatype = "ipaddr" +o.datatype = "ip4addr" o.rmempty = true return m diff --git a/luci-app-pptpserver/po/zh-cn/pptpd.po b/luci-app-pptpserver/po/zh-cn/pptpd.po index 0b766d5..4ccdd9f 100644 --- a/luci-app-pptpserver/po/zh-cn/pptpd.po +++ b/luci-app-pptpserver/po/zh-cn/pptpd.po @@ -4,17 +4,14 @@ msgstr "PPTP VPN 服务器" msgid "Simple, quick and convenient PPTP VPN, universal across the platform" msgstr "简单快捷方便的PPTP VPN,全平台通用。" -msgid "PPTP VPN Server status" -msgstr "PPTP VPN 服务器运行状态" - msgid "Current Condition" msgstr "当前状态" msgid "General settings" msgstr "基本设置" -msgid "Enable VPN Server" -msgstr "启用 VPN 服务器" +msgid "Enabled" +msgstr "启用" msgid "Server IP" msgstr "服务器 IP 地址" @@ -28,34 +25,16 @@ msgstr "客户端 IP 地址" msgid "VPN Client IP address, it not required." msgstr "分配给客户端的 IP 地址范围,留空将自动设置。" -msgid "DNS IP address" -msgstr "DNS IP 地址" - -msgid "This will be sent to the client, it not required." -msgstr "设置 VPN 服务器默认 DNS 服务器,该设置非必须。" - msgid "Enable MPPE Encryption" msgstr "启用MPPE 加密" msgid "Allows 128-bit encrypted connection." msgstr "允许使用 128 位加密连接。" -msgid "is_nat" -msgstr "NAT转发" - -msgid "Interface" -msgstr "接口" - -msgid "Specify interface forwarding traffic." -msgstr "指定接口转发流量。" - msgid "Users Manager" msgstr "用户管理" -msgid "Enabled" -msgstr "启用" - -msgid "User name" +msgid "Username" msgstr "用户名" msgid "Password" @@ -67,9 +46,12 @@ msgstr "IP 地址" msgid "Automatically" msgstr "自动分配" -msgid "Online Users"" +msgid "Online Users" msgstr "在线用户" +msgid "Login Time" +msgstr "登录时间" + msgid "Blacklist" msgstr "黑名单" diff --git a/luci-app-pptpserver/root/etc/config/luci-app-pptpserver b/luci-app-pptpserver/root/etc/config/luci-app-pptpserver index 849d209..044cce6 100644 --- a/luci-app-pptpserver/root/etc/config/luci-app-pptpserver +++ b/luci-app-pptpserver/root/etc/config/luci-app-pptpserver @@ -5,8 +5,3 @@ config service 'pptpd' option remoteip '192.168.2.10-20' option enabled '0' -config users - option enabled '1' - option username 'guest' - option password '123456' - diff --git a/luci-app-pptpserver/root/etc/init.d/luci-app-pptpserver b/luci-app-pptpserver/root/etc/init.d/luci-app-pptpserver index acd6064..22dda3c 100644 --- a/luci-app-pptpserver/root/etc/init.d/luci-app-pptpserver +++ b/luci-app-pptpserver/root/etc/init.d/luci-app-pptpserver @@ -1,59 +1,51 @@ #!/bin/sh /etc/rc.common START=99 -CONFIG=luci-app-pptpserver -CONFIG_FILE=/var/etc/$CONFIG.conf -RUN_D=/var/run -CHAP_SECRETS=/var/etc/chap-secrets -SERVER_NAME="pptp-server" -TEMP=/tmp/pptpd.tmp +CONFIG="luci-app-pptpserver" +PPTP_PATH=/var/etc/pptpd +PPTP_CONFIG_FILE=${PPTP_PATH}/pptpd.conf +PPTP_OPTIONS_FILE=${PPTP_PATH}/options.pptpd +CHAP_SECRETS=/etc/ppp/chap-secrets -add_rule() { - iptables -t nat -I POSTROUTING -s ${localip%.*}.0/24 -m comment --comment "PPTP VPN Server" -j MASQUERADE - iptables -I forwarding_rule -s ${localip%.*}.0/24 -m comment --comment "PPTP VPN Server" -j ACCEPT - iptables -I INPUT -p tcp --dport 1723 -m comment --comment "PPTP VPN Server" -j ACCEPT 2>/dev/null +localip=$(uci -q get ${CONFIG}.@service[0].localip) +[ -z "${localip}" ] && localip="172.16.100.1" + +ipt_flag="PPTP VPN Server" + +get_enabled_anonymous_secs() { + uci -q show "${CONFIG}" | grep "${1}\[.*\.enabled='1'" | cut -d '.' -sf2 } -del_rule() { - iptables -D INPUT -p tcp --dport 1723 -m comment --comment "PPTP VPN Server" -j ACCEPT 2> /dev/null - pptp_nums=$(iptables -t nat -n -L POSTROUTING 2>/dev/null | grep -c "PPTP VPN Server") - if [ -n "$pptp_nums" ]; then - until [ "$pptp_nums" = 0 ] - do - pptp_rules=$(iptables -t nat -n -L POSTROUTING --line-num 2>/dev/null | grep "PPTP VPN Server" | awk '{print $1}') - for pptp_rule in $pptp_rules - do - iptables -t nat -D POSTROUTING $pptp_rule 2> /dev/null - break +ipt_rule() { + if [ "$1" = "add" ]; then + iptables -t nat -I POSTROUTING -s ${localip%.*}.0/24 -m comment --comment "${ipt_flag}" -j MASQUERADE 2>/dev/null + iptables -I forwarding_rule -s ${localip%.*}.0/24 -m comment --comment "${ipt_flag}" -j ACCEPT 2>/dev/null + iptables -I INPUT -p tcp --dport 1723 -m comment --comment "${ipt_flag}" -j ACCEPT 2>/dev/null + iptables -t mangle -I OUTPUT -p tcp --sport 1723 -m comment --comment "${ipt_flag}" -j RETURN 2>/dev/null + else + ipt_del() { + for i in $(seq 1 $($1 -nL $2 | grep -c "${ipt_flag}")); do + local index=$($1 --line-number -nL $2 | grep "${ipt_flag}" | head -1 | awk '{print $1}') + $1 -w -D $2 $index 2>/dev/null done - pptp_nums=$(expr $pptp_nums - 1) - done - fi - nums=$(iptables -n -L forwarding_rule 2>/dev/null | grep -c "PPTP VPN Server") - if [ -n "$nums" ]; then - until [ "$nums" = 0 ] - do - rules=$(iptables -n -L forwarding_rule --line-num 2>/dev/null | grep "PPTP VPN Server" | awk '{print $1}') - for rule in $rules - do - iptables -D forwarding_rule $rule 2> /dev/null - break - done - nums=$(expr $nums - 1) - done + } + ipt_del "iptables" "forwarding_rule" + ipt_del "iptables" "INPUT" + ipt_del "iptables -t nat" "POSTROUTING" + ipt_del "iptables -t mangle" "OUTPUT" fi } gen_include() { - echo '#!/bin/sh' > /var/etc/$CONFIG.include + echo '#!/bin/sh' > /var/etc/${CONFIG}.include extract_rules() { echo "*$1" - iptables-save -t $1 | grep "PPTP VPN Server" | \ + iptables-save -t $1 | grep "${ipt_flag}" | \ sed -e "s/^-A \(INPUT\)/-I \1 1/" echo 'COMMIT' } - cat <<-EOF >> /var/etc/$CONFIG.include - iptables-save -c | grep -v "PPTP VPN Server" | iptables-restore -c + cat <<-EOF >> /var/etc/${CONFIG}.include + iptables-save -c | grep -v "${ipt_flag}" | iptables-restore -c iptables-restore -n <<-EOT $(extract_rules filter) $(extract_rules nat) @@ -62,76 +54,72 @@ gen_include() { return 0 } -setup_login() { - config_get enabled $1 enabled - [ "$enabled" -eq 0 ] && return 0 - config_get ipaddress $1 ipaddress - [ -n "$ipaddress" ] || local ipaddress="*" - config_get username $1 username - config_get password $1 password - [ -n "$username" ] || return 0 - [ -n "$password" ] || return 0 - echo "$username $SERVER_NAME $password $ipaddress" >> $CHAP_SECRETS -} - -setup_config() { - config_get enabled $1 enabled - [ "$enabled" -eq 0 ] && return 1 - - mkdir -p /var/etc - cp /etc/pptpd.conf $CONFIG_FILE - - config_get localip $1 localip - config_get remoteip $1 remoteip - [ -z "$localip" ] && localip="172.16.100.1" - [ -z "$remoteip" ] && remoteip="172.16.100.10-20" - [ -n "$localip" ] && echo "localip $localip" >> $CONFIG_FILE - [ -n "$remoteip" ] && echo "remoteip $remoteip" >> $CONFIG_FILE - echo "option /etc/ppp/options.pptpd" >> $CONFIG_FILE - - sed -i '/mppe/d' /etc/ppp/options.pptpd - config_get mppe $1 mppe - [ -n "$mppe" ] && [ "$mppe" -eq 1 ] && echo "mppe required,no40,no56,stateless" >> /etc/ppp/options.pptpd - - sed -i '/ms-dns/d' /etc/ppp/options.pptpd - config_get dns $1 dns - [ -z "$dns" ] && dns="8.8.4.4" - echo "ms-dns $dns">>/etc/ppp/options.pptpd - - return 0 -} - -start_pptpd() { - mkdir -p $RUN_D - for m in arc4 sha1_generic slhc crc-ccitt ppp_generic ppp_async ppp_mppe; do - insmod $m >/dev/null 2>&1 - done - ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets - chmod 600 /etc/ppp/*-secrets - /usr/sbin/pptpd -c $CONFIG_FILE -} - -del_user() -{ - cat $CHAP_SECRETS | grep -v $SERVER_NAME > $TEMP - cat $TEMP > $CHAP_SECRETS - rm -rf $TEMP -} - start() { - config_load $CONFIG - setup_config "pptpd" || return - del_user - add_rule - config_foreach setup_login users - start_pptpd + local enabled=$(uci -q get ${CONFIG}.@service[0].enabled) + [ "${enabled}" -eq 1 ] || return 1 + touch ${CHAP_SECRETS} + mkdir -p ${PPTP_PATH} + + cp /etc/ppp/options.pptpd ${PPTP_OPTIONS_FILE} + sed -i '/mppe/d' ${PPTP_OPTIONS_FILE} 2>/dev/null + sed -i '/ms-dns/d' ${PPTP_OPTIONS_FILE} 2>/dev/null + sed -i '/name/d' ${PPTP_OPTIONS_FILE} 2>/dev/null + echo "name pptp-server">> ${PPTP_OPTIONS_FILE} + + local mppe=$(uci -q get ${CONFIG}.@service[0].mppe) + [ -n "${mppe}" ] && [ "${mppe}" -eq 1 ] && echo "mppe required,no40,no56,stateless" >> ${PPTP_OPTIONS_FILE} + + echo "ms-dns ${localip}">> ${PPTP_OPTIONS_FILE} + + cp /etc/pptpd.conf ${PPTP_CONFIG_FILE} + sed -i '/localip/d' ${PPTP_CONFIG_FILE} 2>/dev/null + sed -i '/remoteip/d' ${PPTP_CONFIG_FILE} 2>/dev/null + sed -i '/option/d' ${PPTP_CONFIG_FILE} 2>/dev/null + sed -i '/name/d' ${PPTP_CONFIG_FILE} 2>/dev/null + echo "name pptp-server">> ${PPTP_CONFIG_FILE} + + local remoteip=$(uci -q get ${CONFIG}.@service[0].remoteip) + [ -z "${remoteip}" ] && remoteip="172.16.100.10-20" + + echo "localip ${localip}" >> ${PPTP_CONFIG_FILE} + echo "remoteip ${remoteip}" >> ${PPTP_CONFIG_FILE} + echo "option ${PPTP_OPTIONS_FILE}" >> ${PPTP_CONFIG_FILE} + + local _users=$(get_enabled_anonymous_secs "@users") + [ -n "${_users}" ] && { + for _user in ${_users}; do + local u_enabled=$(uci -q get ${CONFIG}.${_user}.enabled) + [ "${u_enabled}" -eq 1 ] || continue + + local u_username=$(uci -q get ${CONFIG}.${_user}.username) + [ -n "${u_username}" ] || continue + + local u_password=$(uci -q get ${CONFIG}.${_user}.password) + [ -n "${u_password}" ] || continue + + local u_ipaddress=$(uci -q get ${CONFIG}.${_user}.ipaddress) + [ -n "${u_ipaddress}" ] || u_ipaddress="*" + + echo "${u_username} pptp-server ${u_password} ${u_ipaddress}" >> ${CHAP_SECRETS} + done + } + + echo "ip-up-script /usr/share/pptpd/ip-up" >> ${PPTP_OPTIONS_FILE} + echo "ip-down-script /usr/share/pptpd/ip-down" >> ${PPTP_OPTIONS_FILE} + + for m in arc4 sha1_generic slhc crc-ccitt ppp_generic ppp_async ppp_mppe; do + insmod ${m} >/dev/null 2>&1 + done + /usr/sbin/pptpd -c ${PPTP_CONFIG_FILE} + + ipt_rule add gen_include } stop() { - ps -w | grep "$CONFIG_FILE" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 - ps -w | grep "pppd local" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 - del_user - del_rule - rm -rf /var/etc/$CONFIG.include + sed -i '/pptp-server/d' ${CHAP_SECRETS} 2>/dev/null + top -bn1 | grep "${PPTP_PATH}" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + ipt_rule del + rm -rf /var/etc/${CONFIG}.include + rm -rf ${PPTP_PATH} } diff --git a/luci-app-pptpserver/root/etc/uci-defaults/luci-app-pptpserver b/luci-app-pptpserver/root/etc/uci-defaults/luci-app-pptpserver index 7a93ccb..8af7297 100644 --- a/luci-app-pptpserver/root/etc/uci-defaults/luci-app-pptpserver +++ b/luci-app-pptpserver/root/etc/uci-defaults/luci-app-pptpserver @@ -15,5 +15,7 @@ uci -q batch <<-EOF >/dev/null commit ucitrack EOF +/etc/init.d/pptpd disable 2>/dev/null +/etc/init.d/pptpd stop 2>/dev/null rm -rf /tmp/luci-*cache exit 0 diff --git a/luci-app-pptpserver/root/usr/share/pptpd/ip-down b/luci-app-pptpserver/root/usr/share/pptpd/ip-down new file mode 100644 index 0000000..97d8e92 --- /dev/null +++ b/luci-app-pptpserver/root/usr/share/pptpd/ip-down @@ -0,0 +1,27 @@ +#!/bin/sh + +_LOGOUT_TIME="$(date "+%Y-%m-%d %H:%M:%S")" +CONFIG="luci-app-pptpserver" +PPTP_PATH=/var/etc/pptpd +PPTP_SESSION_PATH=${PPTP_PATH}/session + +_USERNAME=${PEERNAME} +_IFACE=${1} +_TTY=${2} +_SPEED=${3} +_LOCALIP=${4} +_PEERIP=${5} +_REMOTEIP=${6} +_BYTES_SENT=${BYTES_SENT} +_BYTES_RCVD=${BYTES_RCVD} +_CONNECT_TIME=${CONNECT_TIME} + +rm -f ${PPTP_SESSION_PATH}/${_USERNAME}.${_IFACE} +rm -f /var/run/${_IFACE}.pid + +#可根据退出的账号自定义脚本,如静态路由表,组网等。 +SCRIPT="/usr/share/pptpd/ip-down.d/${_USERNAME}" +[ -s "$SCRIPT" ] && { + [ ! -x "$SCRIPT" ] && chmod 0755 "$SCRIPT" + "$SCRIPT" "$@" +} diff --git a/luci-app-pptpserver/root/usr/share/pptpd/ip-up b/luci-app-pptpserver/root/usr/share/pptpd/ip-up new file mode 100644 index 0000000..44fb417 --- /dev/null +++ b/luci-app-pptpserver/root/usr/share/pptpd/ip-up @@ -0,0 +1,58 @@ +#!/bin/sh + +_LOGIN_TIME="$(date "+%Y-%m-%d %H:%M:%S")" +CONFIG="luci-app-pptpserver" +PPTP_PATH=/var/etc/pptpd +PPTP_SESSION_PATH=${PPTP_PATH}/session + +_USERNAME=${PEERNAME} +_IFACE=${1} +_TTY=${2} +_SPEED=${3} +_LOCALIP=${4} +_PEERIP=${5} +_REMOTEIP=${6} + +_PID="$(cat /var/run/${_IFACE}.pid 2>/dev/null)" + +mkdir -p ${PPTP_SESSION_PATH} + +cat <<-EOF > ${PPTP_SESSION_PATH}/${_USERNAME}.${_IFACE} + { + "username": "${_USERNAME}", + "interface": "${_IFACE}", + "tty": "${_TTY}", + "speed": "${_SPEED}", + "ip": "${_PEERIP}", + "remote_ip": "${_REMOTEIP}", + "pid": "${_PID}", + "login_time": "${_LOGIN_TIME}" + } +EOF + +#只能单用户使用 +cfgid=$(uci show ${CONFIG} | grep "@users" | grep "\.username='${_USERNAME}'" | cut -d '.' -sf 2) +[ -n "$cfgid" ] && { + HAS_LOGIN=$(ls ${PPTP_SESSION_PATH} | grep "^${_USERNAME}\.ppp" | grep -v "${_IFACE}") + [ -n "$HAS_LOGIN" ] && { + #踢出之前的用户 + KO_IFACE=$(echo $HAS_LOGIN | awk -F '.' '{print $2}') + KO_PID=$(cat /var/run/${KO_IFACE}.pid 2>/dev/null) + [ -n "$KO_PID" ] && kill -9 ${KO_PID} >/dev/null 2>&1 + rm -f ${PPTP_SESSION_PATH}/${HAS_LOGIN} + rm -f /var/run/${KO_IFACE}.pid + } + routes=$(uci -q get ${CONFIG}.${cfgid}.routes) + [ -n "$routes" ] && { + for router in ${routes}; do + route add -net ${router} dev ${_IFACE} >/dev/null 2>&1 + done + } +} + +#可根据登录的账号自定义脚本,如组网、日志、限速、权限等特殊待遇。 +SCRIPT="/usr/share/pptpd/ip-up.d/${_USERNAME}" +[ -s "$SCRIPT" ] && { + [ ! -x "$SCRIPT" ] && chmod 0755 "$SCRIPT" + "$SCRIPT" "$@" +}