external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #187 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2018-12-09 10:57:19 -05:00 committed by GitHub
commit fb31156e2b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 106 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

57
roles/captive-portal/tasks/main.yml
View file

@ -6,10 +6,27 @@
- python-dateutil - python-dateutil
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018 - sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
- name: Install wsgi (debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- libapache2-mod-wsgi
when: is_debuntu
- name: Install wsgi (not debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- mod_wsgi
when: not is_debuntu
- name: Create directory /opt/iiab/captive-portal for scripts & templates - name: Create directory /opt/iiab/captive-portal for scripts & templates
file: file:
path: /opt/iiab/captive-portal path: /opt/iiab/captive-portal
state: directory state: directory
owner: "{{ apache_user }}"
- name: 'Copy scripts: checkurls, capture-wsgi.py' - name: 'Copy scripts: checkurls, capture-wsgi.py'
template: template:
@ -42,13 +59,13 @@
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2 - name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
shell: /usr/bin/iiab-uncatch shell: /usr/bin/iiab-uncatch
- name: Install systemd unit file captive-portal.service from template #- name: Install systemd unit file captive-portal.service from template
template: # template:
src: roles/captive-portal/templates/captive-portal.service.j2 # src: roles/captive-portal/templates/captive-portal.service.j2
dest: /etc/systemd/system/captive-portal.service # dest: /etc/systemd/system/captive-portal.service
owner: root # owner: root
group: root # group: root
mode: 0644 # mode: 0644
- name: Install Apache's captive-portal.conf from template if captive_portal_enabled - name: Install Apache's captive-portal.conf from template if captive_portal_enabled
template: template:
@ -73,20 +90,20 @@
state: link state: link
when: captive_portal_enabled and is_debuntu when: captive_portal_enabled and is_debuntu
- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled #- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
systemd: # systemd:
name: captive-portal.service # name: captive-portal.service
daemon-reload: yes # daemon-reload: yes
enabled: yes # enabled: yes
state: started # state: started
when: captive_portal_enabled # when: captive_portal_enabled
- name: Disable & Stop captive-portal.service if not captive_portal_enabled #- name: Disable & Stop captive-portal.service if not captive_portal_enabled
systemd: # systemd:
name: captive-portal.service # name: captive-portal.service
enabled: no # enabled: no
state: stopped # state: stopped
when: not captive_portal_enabled # when: not captive_portal_enabled
- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu) - name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
file: file:

25
roles/captive-portal/templates/001-captive-portal.conf
View file

@ -18,7 +18,26 @@
# However, you must set it for any further virtual host explicitly. # However, you must set it for any further virtual host explicitly.
ServerName iiab.io ServerName iiab.io
Include /etc/apache2/capture Include /etc/apache2/capture
ProxyPreserveHost On # ProxyPreserveHost On
ProxyPass / http://box.lan:{{ captive_portal_port }}/ # ProxyPass / http://box.lan:{{ captive_portal_port }}/
ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/ # ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
ErrorLog /var/log/apache2/cp_error.log
WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
WSGIScriptReloading On
<Directory /opt/iiab/captive-portal>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 127.0.0.1:80>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
<Directory /library/www/html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost> </VirtualHost>

50
roles/captive-portal/templates/capture-wsgi.py
View file

@ -28,7 +28,7 @@ j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=Tr
# Define time outs # Define time outs
INACTIVITY_TO = 30 INACTIVITY_TO = 30
PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
# I had hoped that returning 204 status after some delay # I had hoped that returning 204 status after some delay
# would dispense with android's "sign-in to network" (no work) # would dispense with android's "sign-in to network" (no work)
@ -55,7 +55,8 @@ class StreamToLogger(object):
for line in buf.rstrip().splitlines(): for line in buf.rstrip().splitlines():
self.logger.log(self.log_level, line.rstrip()) self.logger.log(self.log_level, line.rstrip())
if len(sys.argv) > 1 and sys.argv[1] == '-l': #if len(sys.argv) > 1 and sys.argv[1] == '-l':
if True:
loggingLevel = logging.DEBUG loggingLevel = logging.DEBUG
try: try:
os.remove('/var/log/apache2/portal.log') os.remove('/var/log/apache2/portal.log')
@ -178,9 +179,12 @@ def set_lasttimestamp(ip):
# ################### Action routines based on OS ################3 # ################### Action routines based on OS ################3
def microsoft_splash(environ,start_response): def microsoft_splash(environ,start_response):
en_txt={ 'message':"Click on the button to go to the IIAB home page",\ en_txt={ 'message':"Click on the button to go to the IIAB home page",\
"FQDN": fully_qualified_domain_name, \
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")} 'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
txt = en_txt
if lang == "en": if lang == "en":
txt = en_txt txt = en_txt
elif lang == "es": elif lang == "es":
@ -219,13 +223,18 @@ def home(environ,start_response):
def android(environ, start_response): def android(environ, start_response):
global ANDROID_TRIGGERED global ANDROID_TRIGGERED
ip = environ['HTTP_X_FORWARDED_FOR'].strip() if environ.get('HTTP_X_FORWARDED_FOR'):
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
else:
ip = environ['REMOTE_ADDR'].strip()
system,system_version = platform_info(ip) system,system_version = platform_info(ip)
if not system_version:
put_302(environ, start_response)
if system_version[0:1] < '6': if system_version[0:1] < '6':
logger.debug("system < 6:%s"%system_version) logger.debug("system < 6:%s"%system_version)
location = '/android_splash' location = '/android_splash'
set_204after(ip,0) set_204after(ip,0)
elif system_version.startswith('8'): elif system_version.startswith('7'):
location = "http://" + fully_qualified_domain_name + "/home" location = "http://" + fully_qualified_domain_name + "/home"
else: else:
#set_204after(ip,20) #set_204after(ip,20)
@ -245,6 +254,7 @@ def android_splash(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \ "FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
txt = en_txt
if lang == "en": if lang == "en":
txt = en_txt txt = en_txt
elif lang == "es": elif lang == "es":
@ -265,6 +275,7 @@ def android_https(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \ "FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
txt = en_txt
if lang == "en": if lang == "en":
txt = en_txt txt = en_txt
elif lang == "es": elif lang == "es":
@ -285,6 +296,7 @@ def mac_splash(environ,start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \ "FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
txt = en_txt
if lang == "en": if lang == "en":
txt = en_txt txt = en_txt
elif lang == "es": elif lang == "es":
@ -300,6 +312,7 @@ def mac_splash(environ,start_response):
def macintosh(environ, start_response): def macintosh(environ, start_response):
global ip global ip
logger.debug("in function mcintosh") logger.debug("in function mcintosh")
#print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
if not is_inactive(ip): if not is_inactive(ip):
set_lasttimestamp(ip) set_lasttimestamp(ip)
return success(environ,start_response) return success(environ,start_response)
@ -355,7 +368,7 @@ def bootstrap_css(environ, start_response):
return [boot] return [boot]
def null(environ, start_response): def null(environ, start_response):
status = '200 ok' status = '404 Not Found'
headers = [('Content-type', 'text/html')] headers = [('Content-type', 'text/html')]
start_response(status, headers) start_response(status, headers)
return [""] return [""]
@ -376,6 +389,17 @@ def put_204(environ, start_response):
logger.debug("in function put_204: sending 204 html response") logger.debug("in function put_204: sending 204 html response")
return [response_body] return [response_body]
def put_302(environ, start_response):
status = '302 Moved Temporarily'
response_body = ''
location = "http://" + fully_qualified_domain_name + "/home"
response_headers = [('Content-type','text/html'),
('Location',location),
('Content-Length',str(len(response_body)))]
start_response(status, response_headers)
logger.debug("in function put_302: sending 302 html response")
return [response_body]
def parse_agent(agent): def parse_agent(agent):
system = '' system = ''
system_version = '' system_version = ''
@ -507,14 +531,15 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\ environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\ environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\ environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
environ['PATH_INFO'] == "/gen_204" or\
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com": environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
current_ts, last_ts, send204after = timeout_info(ip) current_ts, last_ts, send204after = timeout_info(ip)
logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,)) logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO): if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
return android(environ, start_response) return android(environ, start_response)
elif is_after204_timeout(ip): elif is_after204_timeout(ip):
return put_204(environ,start_response) return put_204(environ,start_response)
return null(environ,start_response) #return without doing anything return android(environ, start_response)
# microsoft # microsoft
if environ['PATH_INFO'] == "/microsoft_splash": if environ['PATH_INFO'] == "/microsoft_splash":
@ -532,16 +557,17 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
return microsoft(environ, start_response) return microsoft(environ, start_response)
logger.debug("executing the defaut 204 response. [%s"%data) logger.debug("executing the default 204 response. [%s"%data)
return put_204(environ,start_response) return put_302(environ,start_response)
# Instantiate the server # Instantiate the server
httpd = make_server ( if __name__ == "__main__":
httpd = make_server (
"", # The host name "", # The host name
PORT, # A port number where to wait for the request PORT, # A port number where to wait for the request
application # The application object name, in this case a function application # The application object name, in this case a function
) )
httpd.serve_forever() httpd.serve_forever()
#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark #vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark

5
roles/network/tasks/dnsmasq.yml
View file

@ -3,6 +3,11 @@
name: dnsmasq name: dnsmasq
state: present state: present
- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306)
template:
src: roles/network/templates/network/dnsmasq-iiab
dest: /etc/dnsmasq.d/dnsmasq-iiab
#- name: Stop dnsmasq #- name: Stop dnsmasq
# service: # service:
# name: dnsmasq # name: dnsmasq

1
roles/network/tasks/named.yml
View file

@ -104,3 +104,4 @@
systemd: systemd:
name: "{{ dns_service }}" name: "{{ dns_service }}"
state: started state: started
when: not dnsmasq_enabled # See PR #1303, #1306, PR #1318

10
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -62,7 +62,6 @@ transmission_http_port={{ transmission_http_port }}
transmission_peer_port={{ transmission_peer_port }} transmission_peer_port={{ transmission_peer_port }}
sugarizer_port={{ sugarizer_port }} sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }} block_DNS={{ block_DNS }}
captive_portal_enabled={{ captive_portal_enabled }}
echo "LAN is $lan and WAN is $wan" echo "LAN is $lan and WAN is $wan"
# #
@ -111,9 +110,8 @@ if [ "$gw_block_https" == "True" ]; then
fi fi
# Allow outgoing connections from the LAN side. # Allow outgoing connections from the LAN side.
if ! [ "$captive_portal_enabled" == "True" ]; then $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside. # Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP $IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP $IPTABLES -A INPUT -i $wan -j DROP
@ -123,10 +121,6 @@ if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi fi
if [ "$captive_portal_enabled" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }}
fi
if [ "$HTTPCACHE_ON" == "True" ]; then if [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi fi

1
roles/network/templates/network/dnsmasq-iiab Normal file
View file

@ -0,0 +1 @@
bind-interfaces