2018-07-04 12:42:10 +00:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
|
|
|
|
|
# Captive portal script adapted from https://github.com/nikosft/captive-portal
|
|
|
|
|
|
|
|
|
|
import subprocess
|
|
|
|
|
import BaseHTTPServer
|
|
|
|
|
import cgi
|
|
|
|
|
|
|
|
|
|
# These variables are used as settings
|
2018-07-05 17:24:20 +00:00
|
|
|
PORT = int("{{ py_captive_portal_port }}") # the port in which the captive portal web server listens
|
2018-07-04 12:42:10 +00:00
|
|
|
IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects
|
2018-07-04 13:32:07 +00:00
|
|
|
IP_ADDRESS = "{{ lan_ip }}" # the ip address of the captive portal (it can be the IP of IFACE)
|
2018-07-04 12:42:10 +00:00
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
This it the http server used by the the captive portal
|
|
|
|
|
'''
|
|
|
|
|
class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler):
|
|
|
|
|
#this is the index of the captive portal
|
|
|
|
|
#it simply redirects the user to the to login page
|
|
|
|
|
html_redirect = """
|
|
|
|
|
<html>
|
|
|
|
|
<head>
|
|
|
|
|
<meta http-equiv="refresh" content="0; url=http://%s:%s/login" />
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<b>Redirecting to login page</b>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
"""%(IP_ADDRESS, PORT)
|
|
|
|
|
#the login page
|
|
|
|
|
html_login = """
|
|
|
|
|
<html>
|
|
|
|
|
<body>
|
|
|
|
|
<b>Login Form</b>
|
|
|
|
|
<form method="POST" action="do_login">
|
|
|
|
|
Username: <input type="text" name="username"><br>
|
|
|
|
|
Password: <input type="password" name="password"><br>
|
|
|
|
|
<input type="submit" value="Submit">
|
|
|
|
|
</form>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
"""
|
2018-07-04 13:30:53 +00:00
|
|
|
|
2018-07-04 12:42:10 +00:00
|
|
|
'''
|
|
|
|
|
if the user requests the login page show it, else
|
|
|
|
|
use the redirect page
|
|
|
|
|
'''
|
|
|
|
|
def do_GET(self):
|
|
|
|
|
path = self.path
|
|
|
|
|
self.send_response(200)
|
|
|
|
|
self.send_header("Content-type", "text/html")
|
|
|
|
|
self.end_headers()
|
|
|
|
|
if path == "/login":
|
|
|
|
|
self.wfile.write(self.html_login)
|
|
|
|
|
else:
|
|
|
|
|
self.wfile.write(self.html_redirect)
|
|
|
|
|
'''
|
|
|
|
|
this is called when the user submits the login form
|
|
|
|
|
'''
|
|
|
|
|
def do_POST(self):
|
|
|
|
|
self.send_response(200)
|
|
|
|
|
self.send_header("Content-type", "text/html")
|
|
|
|
|
self.end_headers()
|
|
|
|
|
form = cgi.FieldStorage(
|
2018-07-04 13:30:53 +00:00
|
|
|
fp=self.rfile,
|
2018-07-04 12:42:10 +00:00
|
|
|
headers=self.headers,
|
|
|
|
|
environ={'REQUEST_METHOD':'POST',
|
|
|
|
|
'CONTENT_TYPE':self.headers['Content-Type'],
|
|
|
|
|
})
|
|
|
|
|
username = form.getvalue("username")
|
|
|
|
|
password = form.getvalue("password")
|
|
|
|
|
#dummy security check
|
2018-07-05 17:24:20 +00:00
|
|
|
if username == '{{ py_captive_portal_username }}' and password == '{{ py_captive_portal_password }}':
|
2018-07-04 12:42:10 +00:00
|
|
|
#authorized user
|
|
|
|
|
remote_IP = self.client_address[0]
|
|
|
|
|
print 'New authorization from '+ remote_IP
|
|
|
|
|
print 'Updating IP tables'
|
|
|
|
|
subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"])
|
|
|
|
|
subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"])
|
|
|
|
|
self.wfile.write("You are now authorized. Navigate to any URL")
|
|
|
|
|
else:
|
|
|
|
|
#show the login form
|
|
|
|
|
self.wfile.write(self.html_login)
|
2018-07-04 13:30:53 +00:00
|
|
|
|
2018-07-04 12:42:10 +00:00
|
|
|
#the following function makes server produce no output
|
|
|
|
|
#comment it out if you want to print diagnostic messages
|
|
|
|
|
#def log_message(self, format, *args):
|
|
|
|
|
# return
|
|
|
|
|
|
|
|
|
|
print "Starting captive portal web server"
|
|
|
|
|
httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
httpd.serve_forever()
|
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
|
pass
|
|
|
|
|
httpd.server_close()
|
