external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into ansible-2.7.3

Browse source
This commit is contained in:
A Holt 2018-11-29 18:51:29 -05:00 committed by GitHub
commit 09bbc13474
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
35 changed files with 421 additions and 355 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/1-prep/tasks/main.yml
View file

@ -5,7 +5,9 @@
- name: Install uuid-runtime package (debuntu)
package:
name: uuid-runtime
name:
- uuid-runtime
- sudo
state: present
when: is_debuntu

5
roles/3-base-server/tasks/main.yml
View file

@ -21,6 +21,11 @@
state: restarted
when: not installing
- name: Create a Python interface to iiab.env
template:
src: roles/1-prep/templates/iiab_env.py.j2
dest: /etc/iiab/iiab_env.py
- name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile:
dest: "{{ iiab_env_file }}"

13
roles/4-server-options/tasks/main.yml
View file

@ -13,7 +13,12 @@
when: named_install
tags: base, named, network, domain
- name: Install dhcpd
- name: Installing captive portal
include_tasks: roles/captive-portal/tasks/main.yml
when: captive_portal_install
tags: base, captive-portal, network, domain
- name: Installing dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
when: dhcpd_install
tags: base, dhcpd, network, domain
@ -69,12 +74,6 @@
when: usb_lib_install
tags: usb-lib
# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
- name: Create a Python interface to iiab.env
template:
src: roles/1-prep/templates/iiab_env.py.j2
dest: /etc/iiab/iiab_env.py
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml)
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs

1
roles/captive-portal/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
captive_portal_port: 9090

2
roles/network/files/mac.template → roles/captive-portal/files/mac.template
View file

@ -48,7 +48,7 @@
<br><br>
<br><br>
<br><br>
<a class="button" href="http://iiab-server.lan/home">{{ btn1 }}</a>
<a class="button" href="http://{{ FQDN }}">{{ btn1 }}</a>
</div>
</body>
</html>

2
roles/network/files/simple.template → roles/captive-portal/files/simple.template
View file

@ -69,7 +69,7 @@
<script>
var w = window.innerWidth;
function homeclick(){
window.open("http://iiab-server.lan/home","_system");
window.open("http://{{ FQDN }}","_system");
$.ajax("/home_selected");
}

118
roles/captive-portal/tasks/main.yml Normal file
View file

@ -0,0 +1,118 @@
- name: Download & install python-dateutil, sqlite3
package:
name: "{{ item }}"
state: present
with_items:
- python-dateutil
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
- name: Create directory /opt/iiab/captive-portal for scripts & templates
file:
path: /opt/iiab/captive-portal
state: directory
- name: 'Copy scripts: checkurls, capture-wsgi.py'
template:
src: "{{ item.src }}"
dest: /opt/iiab/captive-portal/
mode: "{{ item.mode }}"
with_items:
- { src: roles/captive-portal/templates/checkurls, mode: '0644' }
- { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
- name: 'Copy templates: simple.template, mac.template'
copy:
src: "{{ item }}"
dest: /opt/iiab/captive-portal/
with_items:
- roles/captive-portal/files/simple.template
- roles/captive-portal/files/mac.template
- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
template:
src: "{{ item }}"
dest: /usr/bin/
owner: root
group: root
mode: 0755
with_items:
- roles/captive-portal/templates/iiab-catch
- roles/captive-portal/templates/iiab-uncatch
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
shell: /usr/bin/iiab-uncatch
- name: Install systemd unit file captive-portal.service from template
template:
src: roles/captive-portal/templates/captive-portal.service.j2
dest: /etc/systemd/system/captive-portal.service
owner: root
group: root
mode: 0644
- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
template:
src: roles/captive-portal/templates/001-captive-portal.conf
dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
owner: root
group: root
mode: 0644
when: captive_portal_enabled
- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
file:
src: /etc/apache2/sites-available/001-captive-portal.conf
path: /etc/apache2/sites-enabled/001-captive-portal.conf
state: link
when: captive_portal_enabled and is_debuntu
- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
file:
src: /etc/apache2/sites-available/default-ssl.conf
path: /etc/apache2/sites-enabled/default-ssl.conf
state: link
when: captive_portal_enabled and is_debuntu
- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
systemd:
name: captive-portal.service
daemon-reload: yes
enabled: yes
state: started
when: captive_portal_enabled
- name: Disable & Stop captive-portal.service if not captive_portal_enabled
systemd:
name: captive-portal.service
enabled: no
state: stopped
when: not captive_portal_enabled
- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/001-captive-portal.conf
state: absent
when: not captive_portal_enabled and is_debuntu
- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/default-ssl.conf
state: absent
when: not captive_portal_enabled and is_debuntu
- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
file:
path: /etc/dnsmasq.d/capture
state: absent
when: not captive_portal_enabled
- name: Restart apache2
systemd:
name: apache2
state: restarted
- name: Restart dnsmasq
systemd:
name: dnsmasq
state: restarted
when: dnsmasq_enabled

14
roles/network/templates/captive-portal/captive-portal.conf → roles/captive-portal/templates/001-captive-portal.conf
View file

@ -1,3 +1,13 @@
<VirtualHost _default_:80>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<Directory {{ doc_root }}>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
@ -9,6 +19,6 @@
ServerName iiab.io
Include /etc/apache2/capture
ProxyPreserveHost On
ProxyPass / http://box.lan:{{ py_captive_portal_port }}/
ProxyPassReverse / http://box.lan:{{ py_captive_portal_port }}/
ProxyPass / http://box.lan:{{ captive_portal_port }}/
ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
</VirtualHost>

2
roles/network/templates/captive-portal/py-captive-portal.service.j2 → roles/captive-portal/templates/captive-portal.service.j2
View file

@ -7,7 +7,7 @@ Type=simple
User=root
Group=root
WorkingDirectory=/opt/iiab/captive-portal
ExecStart=/opt/iiab/captive-portal/capture-wsgi.py
ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
StandardOutput=syslog
StandardError=syslog

335
roles/network/templates/captive-portal/capture-wsgi.py → roles/captive-portal/templates/capture-wsgi.py
View file

@ -37,15 +37,8 @@ PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page
sys.path.append('/etc/iiab/')
from iiab_env import get_iiab_env
doc_root = get_iiab_env("WWWROOT")
fully_qualified_domain_name = get_iiab_env("FQDN")
# make a way to find new URLs queried by new clients
# CATCH substitues this server for apache at port 80
CATCH = False
if len(sys.argv) > 1 and sys.argv[1] == '-d':
CATCH = True
PORT=80
else:
PORT=9090
# set up some logging -- selectable for diagnostics
# Create dummy iostream to capture stderr and stdout
@ -64,28 +57,30 @@ class StreamToLogger(object):
if len(sys.argv) > 1 and sys.argv[1] == '-l':
loggingLevel = logging.DEBUG
try:
os.remove('/var/log/apache2/portal.log')
except:
pass
else:
loggingLevel = logging.ERROR
# divert stdout and stderr to logger
logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
logger = logging.getLogger('/var/log/apache2/portal.log')
handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
logger.addHandler(handler)
# divert stdout and stderr to logger
stdout_logger = logging.getLogger('STDOUT')
sl = StreamToLogger(stdout_logger, logging.ERROR)
#sys.stdout = sl
sys.stdout = sl
stderr_logger = logging.getLogger('STDERR')
sl = StreamToLogger(stderr_logger, logging.ERROR)
sys.stderr = sl
PORT={{ captive_portal_port }}
# Define globals
MAC_SUCCESS=False
ANDROID_TRIGGERED=False
logger.debug("")
@ -145,6 +140,8 @@ def timeout_info(ip):
def is_inactive(ip):
ts=tstamp(datetime.datetime.now(tzutc()))
current_ts, last_ts, send204after = timeout_info(ip)
logger.debug("In is_inactive. current_ts:%s. last_ts:%s. send204after:%s"%\
(current_ts,last_ts,send204after,))
if not last_ts:
return True
if ts - int(last_ts) > INACTIVITY_TO:
@ -179,8 +176,7 @@ def set_lasttimestamp(ip):
conn.commit()
# ################### Action routines based on OS ################3
def microsoft(environ,start_response):
#logger.debug("sending microsoft response")
def microsoft_splash(environ,start_response):
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@ -196,6 +192,31 @@ def microsoft(environ,start_response):
start_response(status, response_headers)
return [response_body]
def microsoft(environ,start_response):
global MICROSOFT_TRIGGERED
# firefox -- seems both mac and Windows use it
agent = environ.get('HTTP_USER_AGENT','default_agent')
if agent.startswith('Mozilla'):
return home(environ, start_response)
logger.debug("sending microsoft redirect")
response_body = ""
status = '302 Moved Temporarily'
response_headers = [('Location','/microsoft_splash'),
('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
def home(environ,start_response):
logger.debug("sending direct to home")
response_body = ""
status = '302 Moved Temporarily'
response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
def android(environ, start_response):
global ANDROID_TRIGGERED
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
@ -204,10 +225,12 @@ def android(environ, start_response):
logger.debug("system < 6:%s"%system_version)
location = '/android_splash'
set_204after(ip,0)
elif system_version.startswith('8'):
location = "http://" + fully_qualified_domain_name + "/home"
else:
set_204after(ip,20)
#set_204after(ip,20)
location = '/android_https'
agent = environ['HTTP_USER_AGENT']
agent = environ.get('HTTP_USER_AGENT','default_agent')
response_body = "hello"
status = '302 Moved Temporarily'
response_headers = [('Location',location)]
@ -217,8 +240,10 @@ def android(environ, start_response):
def android_splash(environ, start_response):
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
'btn1':"GO TO IIAB HOME PAGE", \
"FQDN": fully_qualified_domain_name, \
'doc_root':get_iiab_env("WWWROOT") }
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
if lang == "en":
txt = en_txt
@ -235,8 +260,10 @@ def android_https(environ, start_response):
en_txt={ 'message':"""Please ignore the SECURITY warning which appears after clicking the first button""",\
'btn2':'Click this first Go to the browser we need',\
'btn1':'Then click this to go to IIAB home page',\
"FQDN": fully_qualified_domain_name, \
'doc_root':get_iiab_env("WWWROOT") }
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
if lang == "en":
txt = en_txt
@ -253,8 +280,10 @@ def mac_splash(environ,start_response):
logger.debug("in function mac_splash")
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
"FQDN": fully_qualified_domain_name, \
'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
if lang == "en":
txt = en_txt
@ -366,177 +395,145 @@ def parse_agent(agent):
if match:
system = match.group(1)
system_version = match.group(2)
match = re.search(r"(Microsoft NCSI)",agent)
if match:
system = match.group(1)
system_version = "8"
return (system, system_version)
#
# ================== Start serving the wsgi application =================
def application (environ, start_response):
global ip
global CATCH
global LIST
global INACTIVITY_TO
global ANDROID_TRIGGERED
global ip
global CATCH
global LIST
global INACTIVITY_TO
global ANDROID_TRIGGERED
# Log the URLs that are not in checkurls
# This "CATCH" mode substitutes this server for apache at port 80
# CATCH mode is started by "iiab-catch" and turned off by "iiab-uncath".
if CATCH:
logger.debug("Checking for url %s. USER_AGENT:%s"%(environ['HTTP_HOST'],\
environ['HTTP_USER_AGENT'],))
if environ['HTTP_HOST'] == '/box.lan':
return
if 'HTTP_X_FORWARDED_FOR' in environ:
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
else:
ip = environ['HTTP_HOST'].strip()
cmd="arp -an %s|gawk \'{print $4}\'" % ip
mac = subprocess.check_output(cmd, shell=True)
data = []
data.append("host: %s\n"%environ['HTTP_HOST'])
data.append("path: %s\n"%environ['PATH_INFO'])
data.append("query: %s\n"%environ['QUERY_STRING'])
data.append("ip: %s\n"%ip)
agent = environ['HTTP_USER_AGENT']
data.append("AGENT: %s\n"%agent)
#print(data)
found = False
url_list = os.path.join(CAPTIVE_PORTAL_BASE,"checkurls")
if os.path.exists(url_list):
with open(url_list,"r") as checkers:
for line in checkers:
if line.find(environ['HTTP_HOST']) > -1:
found = True
break
if not found:
with open(url_list,"a") as checkers:
outstr ="%s\n" % (environ['HTTP_HOST'])
checkers.write(outstr)
data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
logger.debug("This url was missing from checkurls:%s"%data)
# Normal query for captive portal
else:
if 'HTTP_X_FORWARDED_FOR' in environ:
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
else:
data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
#logger.debug("need the correct ip:%s"%data)
ip = environ['REMOTE_ADDR'].strip()
cmd="arp -an %s|gawk \'{print $4}\'" % ip
mac = subprocess.check_output(cmd, shell=True)
data = []
data.append("host: %s\n"%environ['HTTP_HOST'])
data.append("path: %s\n"%environ['PATH_INFO'])
data.append("query: %s\n"%environ['QUERY_STRING'])
data.append("ip: %s\n"%ip)
agent = environ['HTTP_USER_AGENT']
data.append("AGENT: %s\n"%agent)
logger.debug(data)
#print(data)
found = False
return_204_flag = "False"
if 'HTTP_X_FORWARDED_FOR' in environ:
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
else:
data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
#logger.debug("need the correct ip:%s"%data)
ip = environ['REMOTE_ADDR'].strip()
cmd="arp -an %s|gawk \'{print $4}\'" % ip
mac = subprocess.check_output(cmd, shell=True)
data = []
data.append("host: %s\n"%environ['HTTP_HOST'])
data.append("path: %s\n"%environ['PATH_INFO'])
data.append("query: %s\n"%environ['QUERY_STRING'])
data.append("ip: %s\n"%ip)
agent = environ.get('HTTP_USER_AGENT','default_agent')
data.append("AGENT: %s\n"%agent)
logger.debug(data)
#print(data)
found = False
return_204_flag = "False"
# record the activity with this ip
ts=tstamp(datetime.datetime.now(tzutc()))
sql = "INSERT or IGNORE INTO users (current_ts,ip) VALUES (?,?)"
c.execute(sql,(ts,ip,))
sql = "UPDATE users SET current_ts = ? where ip = ?"
c.execute(sql,(ts,ip,))
if c.rowcount == 0:
logger.debug("failed UPDATE users SET current_ts = %s WHERE ip = %s"%(ts,ip,))
conn.commit()
ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
# record the activity with this ip
ts=tstamp(datetime.datetime.now(tzutc()))
sql = "INSERT or IGNORE INTO users (current_ts,ip) VALUES (?,?)"
c.execute(sql,(ts,ip,))
sql = "UPDATE users SET current_ts = ? where ip = ?"
c.execute(sql,(ts,ip,))
if c.rowcount == 0:
logger.debug("failed UPDATE users SET current_ts = %s WHERE ip = %s"%(ts,ip,))
conn.commit()
ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
system,system_version = parse_agent(agent)
if system != '':
update_user(ip, mac, system, system_version, ymd)
system,system_version = parse_agent(agent)
if system != '':
update_user(ip, mac, system, system_version, ymd)
####### Return pages based upon PATH ###############
# do more specific stuff first
if environ['PATH_INFO'] == "/iiab_banner6.png":
return banner(environ, start_response)
####### Return pages based upon PATH ###############
# do more specific stuff first
if environ['PATH_INFO'] == "/iiab_banner6.png":
return banner(environ, start_response)
if environ['PATH_INFO'] == "/bootstrap.min.js":
return bootstrap(environ, start_response)
if environ['PATH_INFO'] == "/bootstrap.min.js":
return bootstrap(environ, start_response)
if environ['PATH_INFO'] == "/bootstrap.min.css":
return bootstrap_css(environ, start_response)
if environ['PATH_INFO'] == "/bootstrap.min.css":
return bootstrap_css(environ, start_response)
if environ['PATH_INFO'] == "/jquery.min.js":
return jquery(environ, start_response)
if environ['PATH_INFO'] == "/jquery.min.js":
return jquery(environ, start_response)
if environ['PATH_INFO'] == "/favicon.ico":
return null(environ, start_response)
if environ['PATH_INFO'] == "/favicon.ico":
return null(environ, start_response)
if environ['PATH_INFO'] == "/home_selected":
# the js link to home page triggers this ajax url
# mark the sign-in conversation completed, return 204 or Success or Success
ANDROID_TRIGGERED = True
#data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
#logger.debug("need the correct ip:%s"%data)
logger.debug("function: home_selected. Setting flag to return_204")
#print("setting flag to return_204")
set_204after(ip,PORTAL_TO)
set_lasttimestamp(ip)
status = '200 OK'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
return [""]
if environ['PATH_INFO'] == "/home_selected":
# the js link to home page triggers this ajax url
# mark the sign-in conversation completed, return 204 or Success or Success
ANDROID_TRIGGERED = True
#data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
#logger.debug("need the correct ip:%s"%data)
logger.debug("function: home_selected. Setting flag to return_204")
#print("setting flag to return_204")
set_204after(ip,PORTAL_TO)
set_lasttimestamp(ip)
status = '200 OK'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
return [""]
#### parse OS platform based upon URL ##################
# mac
if environ['PATH_INFO'] == "/mac_splash":
return mac_splash(environ, start_response)
#### parse OS platform based upon URL ##################
# mac
if environ['PATH_INFO'] == "/mac_splash":
return mac_splash(environ, start_response)
if environ['PATH_INFO'] == "/step2":
return step2(environ, start_response)
if environ['PATH_INFO'] == "/step2":
return step2(environ, start_response)
if environ['HTTP_HOST'] == "captive.apple.com" or\
environ['HTTP_HOST'] == "appleiphonecell.com" or\
environ['HTTP_HOST'] == "detectportal.firefox.com" or\
environ['HTTP_HOST'] == "*.apple.com.edgekey.net" or\
environ['HTTP_HOST'] == "gsp1.apple.com" or\
environ['HTTP_HOST'] == "apple.com" or\
environ['HTTP_HOST'] == "www.apple.com":
current_ts, last_ts, send204after = timeout_info(ip)
if not send204after:
# take care of uninitialized state
set_204after(ip,0)
return macintosh(environ, start_response)
if environ['HTTP_HOST'] == "captive.apple.com" or\
environ['HTTP_HOST'] == "appleiphonecell.com" or\
environ['HTTP_HOST'] == "*.apple.com.edgekey.net" or\
environ['HTTP_HOST'] == "gsp1.apple.com" or\
environ['HTTP_HOST'] == "apple.com" or\
environ['HTTP_HOST'] == "www.apple.com":
current_ts, last_ts, send204after = timeout_info(ip)
if not send204after:
# take care of uninitialized state
set_204after(ip,0)
return macintosh(environ, start_response)
# android
if environ['PATH_INFO'] == "/android_splash":
return android_splash(environ, start_response)
if environ['PATH_INFO'] == "/android_https":
return android_https(environ, start_response)
if environ['HTTP_HOST'] == "clients3.google.com" or\
environ['HTTP_HOST'] == "mtalk.google.com" or\
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
current_ts, last_ts, send204after = timeout_info(ip)
logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
return android(environ, start_response)
elif is_after204_timeout(ip):
return put_204(environ,start_response)
return null(environ,start_response) #return without doing anything
# android
if environ['PATH_INFO'] == "/android_splash":
return android_splash(environ, start_response)
if environ['PATH_INFO'] == "/android_https":
return android_https(environ, start_response)
if environ['HTTP_HOST'] == "clients3.google.com" or\
environ['HTTP_HOST'] == "mtalk.google.com" or\
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
current_ts, last_ts, send204after = timeout_info(ip)
logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
return android(environ, start_response)
elif is_after204_timeout(ip):
return put_204(environ,start_response)
return null(environ,start_response) #return without doing anything
# microsoft
if environ['PATH_INFO'] == "/connecttest.txt" and not is_inactive(ip):
return microsoft_connect(environ, start_response)
if environ['HTTP_HOST'] == "ipv6.msftncsi.com" or\
environ['HTTP_HOST'] == "ipv6.msftncsi.com.edgesuite.net" or\
environ['HTTP_HOST'] == "www.msftncsi.com" or\
environ['HTTP_HOST'] == "www.msftncsi.com.edgesuite.net" or\
environ['HTTP_HOST'] == "www.msftconnecttest.com" or\
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com" or\
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
return microsoft(environ, start_response)
# microsoft
if environ['PATH_INFO'] == "/microsoft_splash":
return microsoft_splash(environ, start_response)
if environ['PATH_INFO'] == "/connecttest.txt" and not is_inactive(ip):
return microsoft_connect(environ, start_response)
if environ['HTTP_HOST'] == "ipv6.msftncsi.com" or\
environ['HTTP_HOST'] == "detectportal.firefox.com" or\
environ['HTTP_HOST'] == "ipv6.msftncsi.com.edgesuite.net" or\
environ['HTTP_HOST'] == "www.msftncsi.com" or\
environ['HTTP_HOST'] == "www.msftncsi.com.edgesuite.net" or\
environ['HTTP_HOST'] == "www.msftconnecttest.com" or\
environ['HTTP_HOST'] == "www.msn.com" or\
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com" or\
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
return microsoft(environ, start_response)
logger.debug("executing the defaut 204 response. [%s"%data)
return put_204(environ,start_response)
logger.debug("executing the defaut 204 response. [%s"%data)
return put_204(environ,start_response)
# Instantiate the server
httpd = make_server (

1
roles/network/templates/captive-portal/checkurls → roles/captive-portal/templates/checkurls
View file

@ -10,6 +10,7 @@ ipv6.msftncsi.com.edgesuite.net
www.msftncsi.com
www.msftncsi.com.edgesuite.net
www.msftconnecttest.com
www.msn.com
teredo.ipv6.microsoft.com
teredo.ipv6.microsoft.com.nsatc.net
captive.apple.com

4
roles/network/templates/captive-portal/iiab-catch → roles/captive-portal/templates/iiab-catch
View file

@ -1,8 +1,8 @@
#!/bin/bash -x
# substitute our own server to catch OS connectivity checking URL's
systemctl stop apache2
systemctl stop py-captive-portal
systemctl stop {{ apache_service }}
systemctl stop captive-portal
echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
/opt/iiab/captive-portal/capture-wsgi.py -d &
# write the pid just started

6
roles/network/templates/captive-portal/iiab-uncatch → roles/captive-portal/templates/iiab-uncatch
View file

@ -8,6 +8,8 @@ if [ -n "$pid" ]; then
kill $pid
fi
awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
systemctl start py-captive-portal
systemctl start apache2
systemctl start captive-portal
systemctl start {{ apache_service }}

72
roles/httpd/files/html/css/font-faces.css Normal file
View file

@ -0,0 +1,72 @@
/* open-sans-regular - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 400;
src: local('Open Sans Regular'), local('OpenSans-Regular'),
url('/common/fonts/open-sans-v15-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-600 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 600;
src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'),
url('/common/fonts/open-sans-v15-latin-600.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-600.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-700 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 700;
src: local('Open Sans Bold'), local('OpenSans-Bold'),
url('/common/fonts/open-sans-v15-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* font-awesome 5 */
@font-face {
font-family: 'Font Awesome';
font-style: normal;
font-weight: 900;
src: url('/common/fonts/fa-solid-900.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/fa-solid-900.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* bubblegum-sans-regular - latin */
@font-face {
font-family: 'Bubblegum Sans';
font-style: normal;
font-weight: 400;
src: local('Bubblegum Sans Regular'), local('BubblegumSans-Regular'),
url('/common/fonts/bubblegum-sans-v6-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/bubblegum-sans-v6-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* finger-paint-regular - latin */
@font-face {
font-family: 'Finger Paint';
font-style: normal;
font-weight: 400;
src: local('Finger Paint Regular'), local('FingerPaint-Regular'),
url('/common/fonts/finger-paint-v7-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/finger-paint-v7-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* flavors-regular - latin */
@font-face {
font-family: 'Flavors';
font-style: normal;
font-weight: 400;
src: local('Flavors'), local('Flavors-Regular'),
url('/common/fonts/flavors-v6-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/flavors-v6-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* freckle-face-regular - latin */
@font-face {
font-family: 'Freckle Face';
font-style: normal;
font-weight: 400;
src: local('Freckle Face'), local('FreckleFace-Regular'),
url('/common/fonts/freckle-face-v6-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/freckle-face-v6-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}

28
roles/httpd/files/html/css/open-sans.css
View file

@ -1,28 +0,0 @@
/* open-sans-regular - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 400;
src: local('Open Sans Regular'), local('OpenSans-Regular'),
url('/common/fonts/open-sans-v15-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-600 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 600;
src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'),
url('/common/fonts/open-sans-v15-latin-600.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-600.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}
/* open-sans-700 - latin */
@font-face {
font-family: 'Open Sans';
font-style: normal;
font-weight: 700;
src: local('Open Sans Bold'), local('OpenSans-Bold'),
url('/common/fonts/open-sans-v15-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
url('/common/fonts/open-sans-v15-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
}

BIN
roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff2 Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff Normal file
View file

Binary file not shown.

BIN
roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff2 Normal file
View file

Binary file not shown.

2
roles/httpd/templates/010-iiab.conf.j2
View file

@ -177,7 +177,7 @@ DocumentRoot "{{ doc_root }}"
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerName {{ iiab_hostname }}
ServerAlias iiab-server.lan
ServerAlias {{ iiab_hostname }}.{{ iiab_domain }}
<Directory "{{ doc_root }}">
Options Indexes FollowSymLinks
AllowOverride None

6
roles/kiwix/defaults/main.yml
View file

@ -1,9 +1,9 @@
# Which kiwix-tools to download from http://download.iiab.io/packages/
# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/
kiwix_version_armhf: "kiwix-tools_linux-armhf-0.7.0-1"
kiwix_version_linux64: "kiwix-tools_linux-x86_64-0.7.0-1"
kiwix_version_i686: "kiwix-tools_linux-i586-0.7.0-1"
kiwix_version_armhf: "kiwix-tools_linux-armhf-0.8.0"
kiwix_version_linux64: "kiwix-tools_linux-x86_64-0.8.0"
kiwix_version_i686: "kiwix-tools_linux-i586-0.8.0"
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier:

4
roles/kiwix/templates/iiab-make-kiwix-lib.py
View file

@ -126,8 +126,8 @@ def get_zim_list(path):
wiki_name = old_zim_map[filename]
else:
ulpos = filename.rfind("_")
# but gutenberg don't - future maybe put in old_zim_map (en and fr, but instance dates may change)
if "gutenberg_" in filename:
# but old gutenberg and some other names are not canonical
if filename.rfind("-") < 0: # non-canonical name
ulpos = filename[:ulpos].rfind("_")
wiki_name = filename[:ulpos]
zim_versions[wiki_name] = filename # if there are multiples, last should win

7
roles/network/defaults/main.yml
View file

@ -75,12 +75,13 @@ dnsmasq_install: True
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
captive_portal_install: True
captive_portal_enabled: True
captive_portal_port: "9090"
py_captive_portal_port: "9090"
py_captive_portal_username: "Admin"
py_captive_portal_password: "changeme"
# In a pinch, disable it by running: systemctl disable py-captive-portal
# In a pinch, disable it by running: systemctl disable captive-portal
# For @tim-moody's Nodogsplash approach to Captive Portal?
# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608

107
roles/network/tasks/captive_portal.yml
View file

@ -1,107 +0,0 @@
- name: Download & install python-dateutil, sqlite3
package:
name: "{{ item }}"
state: present
with_items:
- python-dateutil
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
- name: Create directory /opt/iiab/captive-portal for scripts & templates
file:
path: /opt/iiab/captive-portal
state: directory
- name: 'Copy scripts: checkurls, capture-wsgi.py'
template:
src: "{{ item.src }}"
dest: /opt/iiab/captive-portal/
mode: "{{ item.mode }}"
with_items:
- { src: roles/network/templates/captive-portal/checkurls, mode: '0644' }
- { src: roles/network/templates/captive-portal/capture-wsgi.py, mode: '0755' }
- name: 'Copy templates: simple.template, mac.template'
copy:
src: "{{ item }}"
dest: /opt/iiab/captive-portal/
with_items:
- roles/network/files/simple.template
- roles/network/files/mac.template
- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
template:
src: "{{ item }}"
dest: /usr/bin/
owner: root
group: root
mode: 0755
with_items:
- roles/network/templates/captive-portal/iiab-catch
- roles/network/templates/captive-portal/iiab-uncatch
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
shell: /usr/bin/iiab-uncatch
- name: Install systemd unit file py-captive-portal.service from template
template:
src: roles/network/templates/captive-portal/py-captive-portal.service.j2
dest: /etc/systemd/system/py-captive-portal.service
owner: root
group: root
mode: 0644
- name: Install Apache's captive-portal.conf from template if py_captive_portal_enabled
template:
src: roles/network/templates/captive-portal/captive-portal.conf
dest: /etc/{{ apache_config_dir }}/captive-portal.conf
owner: root
group: root
mode: 0644
when: py_captive_portal_enabled
- name: Enable Apache's captive-portal.conf if py_captive_portal_enabled (debuntu)
file:
src: /etc/apache2/sites-available/captive-portal.conf
path: /etc/apache2/sites-enabled/captive-portal.conf
state: link
when: py_captive_portal_enabled and is_debuntu
- name: Enable Apache's default-ssl.conf if py_captive_portal_enabled (debuntu)
file:
src: /etc/apache2/sites-available/default-ssl.conf
path: /etc/apache2/sites-enabled/default-ssl.conf
state: link
when: py_captive_portal_enabled and is_debuntu
- name: Enable & Start systemd service py-captive-portal.service if py_captive_portal_enabled
systemd:
name: py-captive-portal.service
daemon-reload: yes
enabled: yes
state: started
when: py_captive_portal_enabled
- name: Disable & Stop py-captive-portal.service if not py_captive_portal_enabled
systemd:
name: py-captive-portal.service
enabled: no
state: stopped
when: not py_captive_portal_enabled
- name: Disable Apache's captive-portal.conf if not py_captive_portal_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/captive-portal.conf
state: absent
when: not py_captive_portal_enabled and is_debuntu
- name: Disable Apache's default-ssl.conf if not py_captive_portal_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/default-ssl.conf
state: absent
when: not py_captive_portal_enabled and is_debuntu
- name: Make sure dnsmasq is not diverting if not py_captive_portal_enabled
file:
path: /etc/dnsmasq.d/capture
state: absent
when: not py_captive_portal_enabled

8
roles/network/tasks/main.yml
View file

@ -74,14 +74,6 @@
include_tasks: squid.yml
when: FQDN_changed and squid_install and iiab_stage|int == 9
#- name: FOREFULLY ENABLE CAPTIVE PORTAL
# set_fact:
# py_captive_portal_install: True
- name: (Re)Installing Captive Portal
include_tasks: captive_portal.yml
when: py_captive_portal_install
#### start services
- include_tasks: avahi.yml
tags:

8
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -62,7 +62,7 @@ transmission_http_port={{ transmission_http_port }}
transmission_peer_port={{ transmission_peer_port }}
sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }}
py_captive_portal_enabled={{ py_captive_portal_enabled }}
captive_portal_enabled={{ captive_portal_enabled }}
echo "LAN is $lan and WAN is $wan"
#
@ -111,7 +111,7 @@ if [ "$gw_block_https" == "True" ]; then
fi
# Allow outgoing connections from the LAN side.
if ! [ "$py_captive_portal_enabled" == "True" ]; then
if ! [ "$captive_portal_enabled" == "True" ]; then
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside.
@ -123,8 +123,8 @@ if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
if [ "$py_captive_portal_enabled" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }}
if [ "$captive_portal_enabled" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }}
fi
if [ "$HTTPCACHE_ON" == "True" ]; then

2
scripts/ansible-2.6.x
View file

@ -1,7 +1,7 @@
#!/bin/bash -e
CURR_VER="undefined" # Ansible version you currently have installed
GOOD_VER="2.7.3" # For XO laptops (pip install) & CentOS (yum install rpm)
GOOD_VER="2.7.2" # For XO laptops (pip install) & CentOS (yum install rpm)
# On other OS's we attempt the latest from PPA, which might be more recent
export DEBIAN_FRONTEND=noninteractive

7
vars/default_vars.yml
View file

@ -117,9 +117,10 @@ dns_jail_enabled: False
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable py-captive-portal
captive_portal_install: True
captive_portal_enabled: True
captive_portal_port: 9090
# In a pinch, disable it by running: systemctl disable captive-portal
# For @tim-moody's Nodogsplash approach to Captive Portal?
# Highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608

6
vars/local_vars_big.yml
View file

@ -58,9 +58,9 @@ dns_jail_enabled: False
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable py-captive-portal
captive_portal_install: True
captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable captive-portal
# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False

6
vars/local_vars_medium.yml
View file

@ -58,9 +58,9 @@ dns_jail_enabled: False
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable py-captive-portal
captive_portal_install: True
captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable captive-portal
# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False

6
vars/local_vars_min.yml
View file

@ -58,9 +58,9 @@ dns_jail_enabled: False
# Python-based Captive Portal, that @m-anish & @jvonau experimented with in
# July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
# extensively refined in Sept 2018 (https://github.com/iiab/iiab/pull/1179)
py_captive_portal_install: True
py_captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable py-captive-portal
captive_portal_install: True
captive_portal_enabled: True
# In a pinch, disable it by running: systemctl disable captive-portal
# Unmaintained as of October 2017: https://github.com/iiab/iiab/pull/382
# wondershaper_install: False