mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Initial working copy of the captive portal
This commit is contained in:
parent
aeacbe60ca
commit
74fb19864f
5 changed files with 164 additions and 0 deletions
|
@ -71,3 +71,10 @@ named_enabled: True
|
|||
dnsmasq_enabled: False
|
||||
dnsmasq_install: False
|
||||
captive_portal_enabled: False
|
||||
|
||||
# for simple python captive portal
|
||||
py_captive_portal_install: True
|
||||
py_captive_portal_enabled: True
|
||||
captive_portal_port: "9090"
|
||||
captive_portal_username: "Admin"
|
||||
captive_portal_password: "g0adm1n"
|
||||
|
|
37
roles/network/tasks/captive_portal.yml
Normal file
37
roles/network/tasks/captive_portal.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
- name: Create directory for captive portal script
|
||||
file: path=/opt/iiab/captive-portal state=directory
|
||||
when: py_captive_portal_install
|
||||
|
||||
- name: Copy captive portal script
|
||||
template:
|
||||
src: roles/network/templates/captive_portal/captive_portal.py.j2
|
||||
dest: /opt/iiab/captive-portal/captive_portal.py
|
||||
owner: iiab-admin
|
||||
group: iiab-admin
|
||||
mode: 0740
|
||||
when: py_captive_portal_install
|
||||
|
||||
- name: Copy captive portal service file
|
||||
template:
|
||||
src: roles/network/templates/captive_portal/captive_portal.service.j2
|
||||
dest: /etc/systemd/system/captive_portal.service
|
||||
owner: iiab-admin
|
||||
group: iiab-admin
|
||||
mode: 0644
|
||||
when: py_captive_portal_install
|
||||
|
||||
- name: Enable captive_portal after copying files
|
||||
service: name=captive_portal.service enabled=yes
|
||||
when: py_captive_portal_install and py_captive_portal_enabled
|
||||
|
||||
- name: Start captive_portal after copying files
|
||||
service: name=captive_portal.service state=started
|
||||
when: py_captive_portal_install and py_captive_portal_enabled
|
||||
|
||||
- name: Disable captive_portal after copying files
|
||||
service: name=captive_portal.service enabled=no
|
||||
when: py_captive_portal_install and py_captive_portal_enabled
|
||||
|
||||
- name: Stop captive_portal after copying files
|
||||
service: name=captive_portal.service state=started
|
||||
when: py_captive_portal_install and py_captive_portal_enabled
|
|
@ -74,6 +74,14 @@
|
|||
include_tasks: squid.yml
|
||||
when: FQDN_changed and squid_install and iiab_stage|int == 9
|
||||
|
||||
#- name: FOREFULLY ENABLE CAPTIVE PORTAL
|
||||
# set_fact:
|
||||
# py_captive_portal_install: True
|
||||
|
||||
- name: (Re)Installing captive portal
|
||||
include_tasks: captive_portal.yml
|
||||
when: py_captive_portal_install
|
||||
|
||||
#### start services
|
||||
- include_tasks: avahi.yml
|
||||
tags:
|
||||
|
|
97
roles/network/templates/captive_portal/captive_portal.py.j2
Executable file
97
roles/network/templates/captive_portal/captive_portal.py.j2
Executable file
|
@ -0,0 +1,97 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
# Captive portal script adapted from https://github.com/nikosft/captive-portal
|
||||
|
||||
import subprocess
|
||||
import BaseHTTPServer
|
||||
import cgi
|
||||
|
||||
# These variables are used as settings
|
||||
PORT = int("{{ captive_portal_port }}") # the port in which the captive portal web server listens
|
||||
IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects
|
||||
IP_ADDRESS = "172.18.96.1" # the ip address of the captive portal (it can be the IP of IFACE)
|
||||
|
||||
'''
|
||||
This it the http server used by the the captive portal
|
||||
'''
|
||||
class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||
#this is the index of the captive portal
|
||||
#it simply redirects the user to the to login page
|
||||
html_redirect = """
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="refresh" content="0; url=http://%s:%s/login" />
|
||||
</head>
|
||||
<body>
|
||||
<b>Redirecting to login page</b>
|
||||
</body>
|
||||
</html>
|
||||
"""%(IP_ADDRESS, PORT)
|
||||
#the login page
|
||||
html_login = """
|
||||
<html>
|
||||
<body>
|
||||
<b>Login Form</b>
|
||||
<form method="POST" action="do_login">
|
||||
Username: <input type="text" name="username"><br>
|
||||
Password: <input type="password" name="password"><br>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
"""
|
||||
|
||||
'''
|
||||
if the user requests the login page show it, else
|
||||
use the redirect page
|
||||
'''
|
||||
def do_GET(self):
|
||||
path = self.path
|
||||
self.send_response(200)
|
||||
self.send_header("Content-type", "text/html")
|
||||
self.end_headers()
|
||||
if path == "/login":
|
||||
self.wfile.write(self.html_login)
|
||||
else:
|
||||
self.wfile.write(self.html_redirect)
|
||||
'''
|
||||
this is called when the user submits the login form
|
||||
'''
|
||||
def do_POST(self):
|
||||
self.send_response(200)
|
||||
self.send_header("Content-type", "text/html")
|
||||
self.end_headers()
|
||||
form = cgi.FieldStorage(
|
||||
fp=self.rfile,
|
||||
headers=self.headers,
|
||||
environ={'REQUEST_METHOD':'POST',
|
||||
'CONTENT_TYPE':self.headers['Content-Type'],
|
||||
})
|
||||
username = form.getvalue("username")
|
||||
password = form.getvalue("password")
|
||||
#dummy security check
|
||||
if username == '{{ captive_portal_username }}' and password == '{{ captive_portal_password }}':
|
||||
#authorized user
|
||||
remote_IP = self.client_address[0]
|
||||
print 'New authorization from '+ remote_IP
|
||||
print 'Updating IP tables'
|
||||
subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"])
|
||||
subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"])
|
||||
self.wfile.write("You are now authorized. Navigate to any URL")
|
||||
else:
|
||||
#show the login form
|
||||
self.wfile.write(self.html_login)
|
||||
|
||||
#the following function makes server produce no output
|
||||
#comment it out if you want to print diagnostic messages
|
||||
#def log_message(self, format, *args):
|
||||
# return
|
||||
|
||||
print "Starting captive portal web server"
|
||||
httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal)
|
||||
|
||||
try:
|
||||
httpd.serve_forever()
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
httpd.server_close()
|
|
@ -0,0 +1,15 @@
|
|||
[Unit]
|
||||
Description=Captive portal
|
||||
After=syslog.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=iiab-admin
|
||||
Group=iiab-admin
|
||||
WorkingDirectory=/opt/iiab/captive-portal
|
||||
ExecStart=/opt/iiab/captive-portal/captive_portal.py
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Add table
Add a link
Reference in a new issue