Merge pull request #494 from nodogsplash/4.4.1beta

Add get_client_token library utility

Makefile

@@ -46,6 +46,7 @@ install:
 	mkdir -p $(DESTDIR)/usr/lib/nodogsplash
 	cp forward_authentication_service/PreAuth/demo-preauth.sh $(DESTDIR)/usr/lib/nodogsplash/login.sh
 	cp forward_authentication_service/libs/get_client_interface.sh $(DESTDIR)/usr/lib/nodogsplash/
+	cp forward_authentication_service/libs/get_client_token.sh $(DESTDIR)/usr/lib/nodogsplash/
 	cp forward_authentication_service/libs/unescape.sh $(DESTDIR)/usr/lib/nodogsplash/
 	cp forward_authentication_service/fas-aes/fas-aes.php $(DESTDIR)/etc/nodogsplash/
 

docs/source/fas.rst

@@ -94,17 +94,11 @@ Example FAS Query strings
 
    The return url will be constructed by FAS from predetermined knowledge of the configuration of NDS using gatewayname as an identifier.
 
-   The client's unique access token will be obtained from NDS by the FAS making a call to the ndsctl tool.
+   The client's unique access token will be obtained from NDS by the FAS making a call to the get_client_token library utility:
 
-   For example, the following command returns just the token:
+   ``/usr/lib/nodogsplash/./get_client_token $clientip``
 
-   ``ndsctl json $clientip | grep token | cut -c 10- | cut -c -8``
-
-   or alternatively:
-
-   ``ndsctl json $clientip | awk -F '"' '$2=="token"{print $4}'``
-
-   A more sophisticated json parser could be used to extract all the client variables supplied by ndsctl, an example can be found in the default PreAuth Login script in /usr/lib/nogogsplash/login.sh.
+   A json parser could be used to extract all the client variables supplied by ndsctl, an example can be found in the default PreAuth Login script in /usr/lib/nogogsplash/login.sh.
 
   **Level 2** (fas_secure_enabled = 2), NDS sends encrypted information to FAS.
 

forward_authentication_service/libs/get_client_token.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+#Copyright (C) The Nodogsplash Contributors 2004-2020
+#Copyright (C) Blue Wave Projects and Services 2015-2019
+#This software is released under the GNU GPL license.
+
+# ip address of client is passed as a command line argument
+clientip=$1
+
+# exit if ip not passed
+
+if [  $(echo $clientip | awk -F '.' '{print NF}') != 4 ]; then
+	echo "
+  Usage: get_client_token.sh [clientip]
+
+  Returns: [client token]
+
+  Where:
+    [client token] is the unique client token string.
+"
+	exit 1
+fi
+
+
+wait_for_ndsctl () {
+	local timeout=3
+
+	for i in $(seq $timeout); do
+
+		if [ ! -f "/tmp/ndsctl.lock" ]; then
+			break
+		fi
+
+		sleep 1
+
+		if [ $i == $timeout ] ; then
+			pid=$(ps | grep get_client_token | awk -F ' ' 'NR==2 {print $1}')
+			echo "ndsctl is busy or locked" | logger -p "daemon.warn" -s -t "NDS-Library[$pid]"
+			exit 1
+		fi
+
+	done
+}
+
+wait_for_ndsctl
+client_token=$(ndsctl json $clientip | awk -F '"' '$2=="token"{printf $4}')
+
+if [ -z $client_token ]; then
+	pid=$(ps | grep get_client_token | awk -F ' ' 'NR==2 {print $1}')
+	echo "client at [$clientip] is not preauthenticated" | logger -p "daemon.warn" -s -t "NDS-Library[$pid]"
+	exit 1
+else
+	echo $client_token
+fi
+exit 0

openwrt/nodogsplash/Makefile

@@ -61,6 +61,7 @@ define Package/nodogsplash/install
 	$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh $(1)/usr/lib/nodogsplash/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/PreAuth/demo-preauth.sh $(1)/usr/lib/nodogsplash/login.sh
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_interface.sh $(1)/usr/lib/nodogsplash/
+	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_token.sh $(1)/usr/lib/nodogsplash/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/unescape.sh $(1)/usr/lib/nodogsplash/
 	$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/nodogsplash/
 endef