diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rwxr-xr-x | contrib/html.sh | 9 | ||||
| -rw-r--r-- | contrib/html.sh.d/head.html | 15 | ||||
| -rw-r--r-- | doc/mod/ssh-keys-import.md | 5 | ||||
| -rw-r--r-- | fw-addr-lists.rsc | 28 | ||||
| -rw-r--r-- | global-functions.rsc | 52 | ||||
| -rw-r--r-- | log-forward.rsc | 2 | ||||
| -rw-r--r-- | mod/ipcalc.rsc | 26 | ||||
| -rw-r--r-- | mod/notification-email.rsc | 7 | ||||
| -rw-r--r-- | mod/notification-telegram.rsc | 6 | ||||
| -rw-r--r-- | mod/ssh-keys-import.rsc | 6 | ||||
| -rw-r--r-- | packages-update.rsc | 5 |
12 files changed, 136 insertions, 29 deletions
@@ -11,8 +11,8 @@ HTML = $(MARKDOWN:.md=.html) all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json -%.html: %.md Makefile - markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@ +%.html: %.md contrib/html.sh contrib/html.sh.d/head.html + contrib/html.sh $< > $@ %.capsman.rsc: %.template.rsc Makefile sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \ diff --git a/contrib/html.sh b/contrib/html.sh new file mode 100755 index 0000000..bbd8ba8 --- /dev/null +++ b/contrib/html.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +sed "s|__TITLE__|$(head -n1 "${1}")|" < "${0}.d/head.html" +markdown -f toc,idanchor "${1}" | sed \ + -e 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' \ + -e '/<h[1234] /s| id="\(.*\)">| id="\L\1">|' +printf '</body></html>' diff --git a/contrib/html.sh.d/head.html b/contrib/html.sh.d/head.html new file mode 100644 index 0000000..1b1dd03 --- /dev/null +++ b/contrib/html.sh.d/head.html @@ -0,0 +1,15 @@ +<!DOCTYPE html><html lang="en"> +<head><title>RouterOS Scripts :: __TITLE__</title> +<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<style> + body { font-family: sans-serif; } + h2 { border-bottom: 1px solid #ccc; color: #000; } + a { text-decoration: none; } + a:hover { text-decoration: underline; } + blockquote { border-left: 4px solid #ccc; padding: 0 10px; color: #777; } + code { margin: 0 2px; padding: 2px 5px; border: 1px solid #ccc; background-color: #f8f8f8; border-radius: 3px; } + pre { background-color: #f8f8f8; border: 1px solid #ccc; overflow: auto; padding: 6px 10px; border-radius: 3px; } + pre code { margin: 0; padding: 0; border: 0; } +</style> +<link rel="icon" href="/logo.png" type="image/png"> +</head><body> diff --git a/doc/mod/ssh-keys-import.md b/doc/mod/ssh-keys-import.md index 344f4bc..49276d0 100644 --- a/doc/mod/ssh-keys-import.md +++ b/doc/mod/ssh-keys-import.md @@ -38,8 +38,9 @@ import that key: $SSHKeysImport "ssh-rsa AAAAB3Nza...QYZk8= user" admin; The third part of the key (`user` in this example) is inherited as -`key-owner` in RouterOS. Also the `MD5` fingerprint is recorded, this helps -to audit and verify the available keys. +`key-owner` in RouterOS (or `info` starting with RouterOS 7.21beta2). Also +the `MD5` fingerprint is recorded, this helps to audit and verify the +available keys. > ℹ️️ **Info**: Use `ssh-keygen` to show a fingerprint of an existing public > key file: `ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub` diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 0c45f7e..c85cc8b 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -22,9 +22,12 @@ :global EitherOr; :global FetchHuge; :global HumanReadableNum; + :global IfThenElse; :global LogPrint; :global LogPrintOnce; :global LogPrintVerbose; + :global NetMask4; + :global NetMask6; :global ScriptLock; :global WaitFullyConnected; @@ -103,7 +106,7 @@ :foreach Line in=[ :deserialize $Data delimiter="\n" from=dsv options=dsv.plain ] do={ :set Line ($Line->0); :local Address; - :if ([ :pick $Line 0 1 ] = "{") do={ + :if ([ :pick $Line 0 1 ] = "{" && [ :pick $Line ([ :len $Line ] - 1) ] = "}") do={ :do { :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ]; } on-error={ } @@ -111,22 +114,35 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ $GetBranch $Address ]; + :local Branch; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ - :if ($Address ~ "/32\$") do={ - :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; + :local Net $Address; + :local CIDR 32; + :local Slash [ :find $Address "/" ]; + :if ([ :typeof $Slash ] = "num") do={ + :set Net [ :toip [ :pick $Address 0 $Slash ] ] + :set CIDR [ :pick $Address ($Slash + 1) [ :len $Address ] ]; + :set Address [ :tostr (([ :toip $Net ] & [ $NetMask4 $CIDR ]) . [ $IfThenElse ($CIDR < 32) ("/" . $CIDR) ]) ]; } + :set Branch [ $GetBranch $Address ]; :set ($IPv4Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ - :if ([ :typeof [ :find $Address "/" ] ] = "nil") do={ - :set Address ($Address . "/128"); + :local Net $Address; + :local CIDR 128; + :local Slash [ :find $Address "/" ]; + :if ([ :typeof $Slash ] = "num") do={ + :set Net [ :toip6 [ :pick $Address 0 $Slash ] ] + :set CIDR [ :pick $Address ($Slash + 1) [ :len $Address ] ]; } + :set Address (([ :toip6 $Net ] & [ $NetMask6 $CIDR ]) . "/" . $CIDR); + :set Branch [ $GetBranch $Address ]; :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; } :if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={ + :set Branch [ $GetBranch $Address ]; :set ($IPv4Addresses->$Branch->$Address) $TimeOut; :set ($IPv6Addresses->$Branch->$Address) $TimeOut; :error true; diff --git a/global-functions.rsc b/global-functions.rsc index 10d1b41..5ede654 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -61,6 +61,8 @@ :global MAX; :global MIN; :global MkDir; +:global NetMask4; +:global NetMask6; :global NotificationFunctions; :global ParseDate; :global ParseKeyValueStore; @@ -465,7 +467,7 @@ :local Error [ :tostr $3 ]; :global IfThenElse; - :global LogPrint; + :global LogPrint; :if ($ExitOK = "false") do={ $LogPrint error $Name ([ $IfThenElse ([ :pick $Name 0 1 ] = "\$") \ @@ -990,6 +992,43 @@ :return true; } +# return an IPv4 netmask for CIDR +:set NetMask4 do={ + :local CIDR [ :tonum $1 ]; + + :return ((255.255.255.255 << (32 - $CIDR)) & 255.255.255.255); +} + +# return an IPv6 netmask for CIDR +:set NetMask6 do={ + :local FuncName $0; + :local CIDR [ :tostr $1 ]; + + :global IfThenElse; + :global MAX; + :global MIN; + + :global NetMask6Cache; + + :if ([ :typeof ($NetMask6Cache->$CIDR) ] = "ip6") do={ + :return ($NetMask6Cache->$CIDR); + } + + :if ([ :typeof $NetMask6Cache ] = "nothing") do={ + :set NetMask6Cache ({}); + } + + :local Mask ""; + :for I from=0 to=7 do={ + :set Mask ($Mask . \ + [ :convert from=num to=hex (0xffff - (0xffff >> [ :tonum [ $MIN [ $MAX ($CIDR - (16 * $I)) 0 ] 16 ] ])) ] . \ + [ $IfThenElse ($I < 7) ":" ]); + } + :set Mask [ :toip6 $Mask ]; + :set ($NetMask6Cache->$CIDR) $Mask; + :return $Mask; +} + # prepare NotificationFunctions array :if ([ :typeof $NotificationFunctions ] != "array") do={ :set NotificationFunctions ({}); @@ -1787,14 +1826,11 @@ :local Delay ([ $MAX [ $EitherOr $WaitTime 2s ] 100ms ] / 9); :do { - :retry { - :if ([ :len [ /file/find where name=$FileName ] ] = 0) do={ - :error false; - } + :retry { + /file/get $FileName; + :return true; } delay=$Delay max=10; - } on-error={ - :return false; - } + } on-error={ } :while ([ :len [ /file/find where name=$FileName ] ] > 0) do={ :do { diff --git a/log-forward.rsc b/log-forward.rsc index be7eff7..3d7d054 100644 --- a/log-forward.rsc +++ b/log-forward.rsc @@ -95,7 +95,7 @@ :set LogForwardRateLimit ($LogForwardRateLimit + 10); $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification [ $IfThenElse ($Warning = true) "warning-sign" "memo" ] ] . \ + subject=([ $SymbolForNotification ("memo" . [ $IfThenElse ($Warning = true) ",warning-sign" ]) ] . \ "Log Forwarding"); \ message=("The log on " . $Identity . " contains " . [ $IfThenElse ($Count = 1) "this message" \ ("these " . $Count . " messages") ] . " after " . [ /system/resource/get uptime ] . " uptime." . \ diff --git a/mod/ipcalc.rsc b/mod/ipcalc.rsc index eacff6d..d65d472 100644 --- a/mod/ipcalc.rsc +++ b/mod/ipcalc.rsc @@ -34,20 +34,34 @@ # calculate and return netmask, network, min host, max host and broadcast :set IPCalcReturn do={ :local Input [ :tostr $1 ]; - :local Address [ :toip [ :pick $Input 0 [ :find $Input "/" ] ] ]; + + :global NetMask4; + :global NetMask6; + + :local Address [ :pick $Input 0 [ :find $Input "/" ] ]; :local Bits [ :tonum [ :pick $Input ([ :find $Input "/" ] + 1) [ :len $Input ] ] ]; - :local Mask ((255.255.255.255 << (32 - $Bits)) & 255.255.255.255); + :local Mask; + :local One; + :if ([ :typeof [ :toip $Address ] ] = "ip") do={ + :set Address [ :toip $Address ]; + :set Mask [ $NetMask4 $Bits ]; + :set One 0.0.0.1; + } else={ + :set Address [ :toip6 $Address ]; + :set Mask [ $NetMask6 $Bits ]; + :set One ::1; + } - :local Return { + :local Return ({ "address"=$Address; "netmask"=$Mask; "networkaddress"=($Address & $Mask); "networkbits"=$Bits; "network"=(($Address & $Mask) . "/" . $Bits); - "hostmin"=(($Address & $Mask) | 0.0.0.1); - "hostmax"=(($Address | ~$Mask) ^ 0.0.0.1); + "hostmin"=(($Address & $Mask) | $One); + "hostmax"=(($Address | ~$Mask) ^ $One); "broadcast"=($Address | ~$Mask); - } + }); :return $Return; } diff --git a/mod/notification-email.rsc b/mod/notification-email.rsc index ad9762a..7c3a6ff 100644 --- a/mod/notification-email.rsc +++ b/mod/notification-email.rsc @@ -101,8 +101,11 @@ $LogPrint warning $0 ("File '" . $File . "' does not exist, can not attach."); } } - /tool/e-mail/send from=[ $EMailGenerateFrom ] to=($Message->"to") cc=($Message->"cc") \ - subject=($Message->"subject") body=($Message->"body") file=$Attach; + :do { + /tool/e-mail/send from=[ $EMailGenerateFrom ] to=($Message->"to") \ + cc=($Message->"cc") subject=($Message->"subject") \ + body=($Message->"body") file=$Attach; + } on-error={ } :local Wait true; :do { :delay 1s; diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 2eb90e1..ff9b4da 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -21,6 +21,7 @@ :global TelegramQueue; :global TelegramMessageIDs; + :global CertificateAvailable; :global IsFullyConnected; :global LogPrint; @@ -29,6 +30,11 @@ :return false; } + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + $LogPrint warning $0 ("Downloading required certificate failed."); + :return false; + } + :local AllDone true; :local QueueLen [ :len $TelegramQueue ]; diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc index 7bdc95d..8bea64e 100644 --- a/mod/ssh-keys-import.rsc +++ b/mod/ssh-keys-import.rsc @@ -40,7 +40,9 @@ :local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ]; - :if ([ :len [ /user/ssh-keys/find where user=$User key-owner~("\\bmd5=" . $FingerPrintMD5 . "\\b") ] ] > 0) do={ + :local RegEx ("\\bmd5=" . $FingerPrintMD5 . "\\b"); + :if ([ :len [ /user/ssh-keys/find where user=$User \ + (key-owner~$RegEx or info~$RegEx) ] ] > 0) do={ $LogPrint warning $0 ("The ssh public key (MD5:" . $FingerPrintMD5 . \ ") is already available for user '" . $User . "'."); :return false; @@ -85,7 +87,7 @@ :return false; } - :if ([ $FileExists $FileName ] = true) do={ + :if ([ $FileExists $FileName ] = false) do={ $LogPrint warning $0 ("File '" . $FileName . "' does not exist."); :return false; } diff --git a/packages-update.rsc b/packages-update.rsc index d3140f2..379e818 100644 --- a/packages-update.rsc +++ b/packages-update.rsc @@ -41,6 +41,11 @@ /system/reboot; } + :if ([ :len [ /system/scheduler/find where name="_RebootForUpdate" ] ] > 0) do={ + $LogPrint warning $ScriptName ("Scheduler for reboot already exists."); + :return false; + } + :local Interval [ $IfThenElse ([ :totime $PackagesUpdateDeferReboot ] >= 1d) \ $PackagesUpdateDeferReboot 1d ]; :local StartTime [ :tostr [ :totime (10800 + [ $GetRandomNumber 7200 ]) ] ]; |