From 2120fa22100c20137a5bb4884c409f86b2260866 Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Sat, 7 Sep 2024 20:15:38 +1000 Subject: [PATCH] initial commit of file from CVS for smeserver-coova-chilli on Sat Sep 7 20:15:38 AEST 2024 --- .gitignore | 4 + Makefile | 21 + README.md | 16 +- contriborbase | 1 + createlinks | 27 + root/etc/chilli/call_condown.sh | 5 + root/etc/chilli/call_conup.sh | 4 + root/etc/chilli/condown.sh | 13 + root/etc/chilli/conup.sh | 16 + .../defaults/chilli/AllowedOutgoing | 1 + .../db/configuration/defaults/chilli/TCPPort | 1 + .../configuration/defaults/chilli/WebRequests | 1 + .../db/configuration/defaults/chilli/access | 1 + .../defaults/chilli/defidletimeout | 1 + .../defaults/chilli/defsessiontimeout | 1 + .../db/configuration/defaults/chilli/dhcpend | 1 + .../db/configuration/defaults/chilli/dhcpif | 1 + .../configuration/defaults/chilli/dhcpstart | 1 + .../db/configuration/defaults/chilli/dns1 | 1 + .../db/configuration/defaults/chilli/dns2 | 1 + .../configuration/defaults/chilli/guestAccess | 1 + .../defaults/chilli/guestDownLink | 1 + .../configuration/defaults/chilli/guestUpLink | 1 + .../db/configuration/defaults/chilli/net | 1 + .../db/configuration/defaults/chilli/noc2c | 1 + .../db/configuration/defaults/chilli/status | 1 + .../db/configuration/defaults/chilli/tundev | 1 + .../db/configuration/defaults/chilli/type | 1 + .../configuration/defaults/chilli/uamallowed | 1 + .../e-smith/db/configuration/migrate/60Chilli | 16 + .../chilli-update/services2adjust/.gitignore | 0 .../templates2expand/etc/chilli.conf | 0 .../templates2expand/etc/chilli/config | 0 .../etc/httpd/conf/httpd.conf | 0 .../templates2expand/etc/raddb/clients.conf | 0 .../templates2expand/etc/raddb/radiusd.conf | 0 .../templates2expand/etc/raddb/users | 0 .../templates2expand/etc/squid/squid.conf | 0 .../opt/chilli/hotspotlogin-conf.pl | 0 .../opt/chilli/hotspotlogin-conf.pl | 3 + .../e-smith/templates/etc/chilli.conf/00setup | 3 + .../templates/etc/chilli.conf/10socket | 1 + .../e-smith/templates/etc/chilli.conf/15pid | 1 + .../e-smith/templates/etc/chilli.conf/20net | 2 + .../e-smith/templates/etc/chilli.conf/22dev | 2 + .../templates/etc/chilli.conf/25listen | 10 + .../e-smith/templates/etc/chilli.conf/30port | 2 + .../templates/etc/chilli.conf/35dhcpif | 2 + .../templates/etc/chilli.conf/37dhcpRange | 4 + .../templates/etc/chilli.conf/40uamallowed | 10 + .../templates/etc/chilli.conf/45domain | 5 + .../templates/etc/chilli.conf/50radius | 14 + .../templates/etc/chilli.conf/55uamserver | 11 + .../templates/etc/chilli.conf/60timeout | 3 + .../templates/etc/chilli.conf/65conscripts | 3 + .../templates/etc/chilli.conf/70UidGid | 4 + .../e-smith/templates/etc/chilli.conf/75noc2c | 4 + .../templates/etc/chilli.conf/95macallowed | 15 + .../templates/etc/chilli/config/10dhcpif | 1 + .../templates/etc/chilli/config/20radconf | 2 + .../etc/httpd/conf/httpd.conf/98chilli | 31 ++ .../etc/raddb/radiusd.conf/25modules31unix | 8 + .../radiusd.conf/70authenticate25AuthUnix | 4 + .../templates/etc/raddb/users/40chilli | 29 ++ .../init.d/masq/00Functions01Chilli00setup | 20 + .../init.d/masq/00Functions01Chilli10stop | 43 ++ .../init.d/masq/00Functions01Chilli20input | 46 ++ .../init.d/masq/00Functions01Chilli30output | 14 + .../masq/00Functions01Chilli40forwardFrom | 69 +++ .../masq/00Functions01Chilli45forwardTo | 14 + .../masq/00Functions01Chilli50prerouting | 29 ++ .../init.d/masq/00Functions01Chilli60start | 20 + .../etc/rc.d/init.d/masq/91restartChilli | 11 + .../etc/squid/squid.conf/15HTTPPortChilli | 18 + .../etc/squid/squid.conf/20ACL10chilli | 14 + .../squid.conf/40http_access76AllowChilli | 6 + .../templates/etc/sudoers/00ChilliAlias | 3 + .../e-smith/templates/etc/sudoers/30Chilli | 3 + .../opt/chilli/hotspotlogin-conf.pl/all | 7 + root/opt/chilli/cgi-bin/hotspotlogin.cgi | 485 ++++++++++++++++++ root/opt/chilli/css/sme.css | 33 ++ root/opt/chilli/images/smeserver_logo.jpg | Bin 0 -> 5925 bytes root/opt/chilli/lang/hotspotlogin.en.pl | 21 + root/opt/chilli/lang/hotspotlogin.fr.pl | 22 + smeserver-coova-chilli.spec | 239 +++++++++ 85 files changed, 1432 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 contriborbase create mode 100644 createlinks create mode 100644 root/etc/chilli/call_condown.sh create mode 100644 root/etc/chilli/call_conup.sh create mode 100644 root/etc/chilli/condown.sh create mode 100644 root/etc/chilli/conup.sh create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/TCPPort create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/WebRequests create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/access create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/defidletimeout create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/defsessiontimeout create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/dhcpend create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/dhcpif create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/dhcpstart create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/dns1 create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/dns2 create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/guestAccess create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/guestDownLink create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/guestUpLink create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/net create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/noc2c create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/status create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/tundev create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/type create mode 100644 root/etc/e-smith/db/configuration/defaults/chilli/uamallowed create mode 100644 root/etc/e-smith/db/configuration/migrate/60Chilli create mode 100644 root/etc/e-smith/events/chilli-update/services2adjust/.gitignore create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli.conf create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli/config create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/httpd/conf/httpd.conf create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/clients.conf create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/radiusd.conf create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/users create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/etc/squid/squid.conf create mode 100644 root/etc/e-smith/events/chilli-update/templates2expand/opt/chilli/hotspotlogin-conf.pl create mode 100644 root/etc/e-smith/templates.metadata/opt/chilli/hotspotlogin-conf.pl create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/00setup create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/10socket create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/15pid create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/20net create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/22dev create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/25listen create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/30port create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/35dhcpif create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/40uamallowed create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/45domain create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/50radius create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/55uamserver create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/60timeout create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/65conscripts create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/70UidGid create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/75noc2c create mode 100644 root/etc/e-smith/templates/etc/chilli.conf/95macallowed create mode 100644 root/etc/e-smith/templates/etc/chilli/config/10dhcpif create mode 100644 root/etc/e-smith/templates/etc/chilli/config/20radconf create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98chilli create mode 100644 root/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules31unix create mode 100644 root/etc/e-smith/templates/etc/raddb/radiusd.conf/70authenticate25AuthUnix create mode 100644 root/etc/e-smith/templates/etc/raddb/users/40chilli create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start create mode 100644 root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/15HTTPPortChilli create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/40http_access76AllowChilli create mode 100644 root/etc/e-smith/templates/etc/sudoers/00ChilliAlias create mode 100644 root/etc/e-smith/templates/etc/sudoers/30Chilli create mode 100644 root/etc/e-smith/templates/opt/chilli/hotspotlogin-conf.pl/all create mode 100644 root/opt/chilli/cgi-bin/hotspotlogin.cgi create mode 100644 root/opt/chilli/css/sme.css create mode 100644 root/opt/chilli/images/smeserver_logo.jpg create mode 100644 root/opt/chilli/lang/hotspotlogin.en.pl create mode 100644 root/opt/chilli/lang/hotspotlogin.fr.pl create mode 100644 smeserver-coova-chilli.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a47f0f6 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: smeserver-coova-chilli +# $Id: Makefile,v 1.1 2020/12/21 16:38:33 brianr Exp $ +NAME := smeserver-coova-chilli +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index df8f46c..f809d96 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ -# smeserver-coova-chilli +# smeserver-coova-chilli -SMEServer Koozali developed git repo for smeserver-coova-chilli smecontribs \ No newline at end of file +SMEServer Koozali developed git repo for smeserver-coova-chilli smecontribs + +## Wiki +
https://wiki.koozali.org/ + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-coova-chilli&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..9b7fd51 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +contribs10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..c382e29 --- /dev/null +++ b/createlinks @@ -0,0 +1,27 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +safe_symlink("restart", "root/etc/e-smith/events/chilli-update/services2adjust/chilli"); +safe_symlink("adjust", "root/etc/e-smith/events/chilli-update/services2adjust/masq"); +safe_symlink("sigusr1", "root/etc/e-smith/events/chilli-update/services2adjust/httpd-e-smith"); +safe_symlink("restart", "root/etc/e-smith/events/chilli-update/services2adjust/squid"); +safe_symlink("sigterm", "root/etc/e-smith/events/chilli-update/services2adjust/radiusd"); + +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/sudoers"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli.conf"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli/config"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/radiusd.conf"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/clients.conf"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/httpd/conf/httpd.conf"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/squid/squid.conf"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/rc.d/init.d/masq"); +safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/opt/chilli/hotspotlogin-conf.pl"); + +service_link_enhanced("chilli", "S80", "7"); +service_link_enhanced("chilli", "K25", "6"); +service_link_enhanced("chilli", "K25", "0"); + + +#safe_symlink("../../../functions/chilli", "root/etc/e-smith/web/panels/manager/cgi-bin/chilli"); + diff --git a/root/etc/chilli/call_condown.sh b/root/etc/chilli/call_condown.sh new file mode 100644 index 0000000..05770a9 --- /dev/null +++ b/root/etc/chilli/call_condown.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +exec /usr/bin/sudo /etc/chilli/condown.sh $ADDR $FRAMED_IP_ADDRESS + + diff --git a/root/etc/chilli/call_conup.sh b/root/etc/chilli/call_conup.sh new file mode 100644 index 0000000..fb80f19 --- /dev/null +++ b/root/etc/chilli/call_conup.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +exec /usr/bin/sudo /etc/chilli/conup.sh $ADDR $FRAMED_IP_ADDRESS + diff --git a/root/etc/chilli/condown.sh b/root/etc/chilli/condown.sh new file mode 100644 index 0000000..c70db37 --- /dev/null +++ b/root/etc/chilli/condown.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status) +WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests) + +if [[ $SQUID_STATUS == 'enabled' && $WEB_REQ == 'squid' ]]; then + SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort) + /sbin/iptables -D IN_FROM_CHILLI -s $2 \ + -p tcp --dport $SQUID_PORT --syn -j ACCEPT + /sbin/iptables -t nat -D PREROUTING_FROM_CHILLI -s $2 \ + -p tcp --dport 80 -j DNAT --to $1:$SQUID_PORT +fi + diff --git a/root/etc/chilli/conup.sh b/root/etc/chilli/conup.sh new file mode 100644 index 0000000..f0ae8e5 --- /dev/null +++ b/root/etc/chilli/conup.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status) +WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests) + +if [[ $SQUID_STATUS == 'enabled' && $WEB_REQ == 'squid' ]]; then + SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort) + # We need to insert rules just before the accept, so we'll have to compute this position + POSITION=$(LANG=C iptables -t nat -L PREROUTING_FROM_CHILLI -n | \ + egrep -v '(Chain|target)' | grep -n ACCEPT | cut -d':' -f1) + /sbin/iptables -t nat -I PREROUTING_FROM_CHILLI $POSITION -s $2 \ + -p tcp --dport 80 -j DNAT --to $1:$SQUID_PORT + /sbin/iptables -I IN_FROM_CHILLI 7 -s $2 \ + -p tcp --dport $SQUID_PORT --syn -j ACCEPT +fi + diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing b/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing new file mode 100644 index 0000000..2d2ba10 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/AllowedOutgoing @@ -0,0 +1 @@ +tcp:any:443 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/TCPPort b/root/etc/e-smith/db/configuration/defaults/chilli/TCPPort new file mode 100644 index 0000000..f1a9b5f --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/TCPPort @@ -0,0 +1 @@ +3990 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests b/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests new file mode 100644 index 0000000..aa81b5e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/WebRequests @@ -0,0 +1 @@ +direct diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/access b/root/etc/e-smith/db/configuration/defaults/chilli/access new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/access @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/defidletimeout b/root/etc/e-smith/db/configuration/defaults/chilli/defidletimeout new file mode 100644 index 0000000..4b02a19 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/defidletimeout @@ -0,0 +1 @@ +900 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/defsessiontimeout b/root/etc/e-smith/db/configuration/defaults/chilli/defsessiontimeout new file mode 100644 index 0000000..6e80319 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/defsessiontimeout @@ -0,0 +1 @@ +7200 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/dhcpend b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpend new file mode 100644 index 0000000..f1aaa90 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpend @@ -0,0 +1 @@ +254 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/dhcpif b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpif new file mode 100644 index 0000000..a908f0d --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpif @@ -0,0 +1 @@ +eth2 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/dhcpstart b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpstart new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/dhcpstart @@ -0,0 +1 @@ +10 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/dns1 b/root/etc/e-smith/db/configuration/defaults/chilli/dns1 new file mode 100644 index 0000000..701e77e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/dns1 @@ -0,0 +1 @@ +8.8.8.8 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/dns2 b/root/etc/e-smith/db/configuration/defaults/chilli/dns2 new file mode 100644 index 0000000..1db4ef6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/dns2 @@ -0,0 +1 @@ +8.8.4.4 \ No newline at end of file diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/guestAccess b/root/etc/e-smith/db/configuration/defaults/chilli/guestAccess new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/guestAccess @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/guestDownLink b/root/etc/e-smith/db/configuration/defaults/chilli/guestDownLink new file mode 100644 index 0000000..d411bb7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/guestDownLink @@ -0,0 +1 @@ +400 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/guestUpLink b/root/etc/e-smith/db/configuration/defaults/chilli/guestUpLink new file mode 100644 index 0000000..900731f --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/guestUpLink @@ -0,0 +1 @@ +64 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/net b/root/etc/e-smith/db/configuration/defaults/chilli/net new file mode 100644 index 0000000..ddeb14f --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/net @@ -0,0 +1 @@ +10.1.0.0/255.255.255.0 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/noc2c b/root/etc/e-smith/db/configuration/defaults/chilli/noc2c new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/noc2c @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/status b/root/etc/e-smith/db/configuration/defaults/chilli/status new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/status @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/tundev b/root/etc/e-smith/db/configuration/defaults/chilli/tundev new file mode 100644 index 0000000..91f5bd8 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/tundev @@ -0,0 +1 @@ +tun0 diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/type b/root/etc/e-smith/db/configuration/defaults/chilli/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed b/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/chilli/uamallowed @@ -0,0 +1 @@ + diff --git a/root/etc/e-smith/db/configuration/migrate/60Chilli b/root/etc/e-smith/db/configuration/migrate/60Chilli new file mode 100644 index 0000000..39b67c7 --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/60Chilli @@ -0,0 +1,16 @@ +{ + my $chilliconf = $DB->get('chilli') || $DB->new_record('chilli', {type => 'service'}); + my $uamsecret = $chilliconf->prop('uamsecret') || ''; + + if ($uamsecret eq ''){ + $pass=`/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]'`; + $chilliconf->set_prop('uamsecret',$pass); + } + # change default dns server as they are not available anymore + # new default is google + my $dns1 = $chilliconf->prop('dns1') || '212.73.209.226'; + my $dns2 = $chilliconf->prop('dns2') || '194.206.120.1'; + $chilliconf->set_prop('dns1','8.8.8.8') if $dns1 eq '212.73.209.226'; + $chilliconf->set_prop('dns2','8.8.4.4') if $dns2 eq '194.206.120.1'; +} + diff --git a/root/etc/e-smith/events/chilli-update/services2adjust/.gitignore b/root/etc/e-smith/events/chilli-update/services2adjust/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli.conf b/root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli.conf new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli/config b/root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli/config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/httpd/conf/httpd.conf b/root/etc/e-smith/events/chilli-update/templates2expand/etc/httpd/conf/httpd.conf new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/clients.conf b/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/clients.conf new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/radiusd.conf b/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/radiusd.conf new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/users b/root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/users new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/etc/squid/squid.conf b/root/etc/e-smith/events/chilli-update/templates2expand/etc/squid/squid.conf new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/chilli-update/templates2expand/opt/chilli/hotspotlogin-conf.pl b/root/etc/e-smith/events/chilli-update/templates2expand/opt/chilli/hotspotlogin-conf.pl new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates.metadata/opt/chilli/hotspotlogin-conf.pl b/root/etc/e-smith/templates.metadata/opt/chilli/hotspotlogin-conf.pl new file mode 100644 index 0000000..456c374 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/opt/chilli/hotspotlogin-conf.pl @@ -0,0 +1,3 @@ +PERMS=0750 +UID="root" +GID="www" diff --git a/root/etc/e-smith/templates/etc/chilli.conf/00setup b/root/etc/e-smith/templates/etc/chilli.conf/00setup new file mode 100644 index 0000000..a8f8dd9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/00setup @@ -0,0 +1,3 @@ +{ +use NetAddr::IP; +} diff --git a/root/etc/e-smith/templates/etc/chilli.conf/10socket b/root/etc/e-smith/templates/etc/chilli.conf/10socket new file mode 100644 index 0000000..64a40bc --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/10socket @@ -0,0 +1 @@ +cmdsock /var/run/chilli.sock diff --git a/root/etc/e-smith/templates/etc/chilli.conf/15pid b/root/etc/e-smith/templates/etc/chilli.conf/15pid new file mode 100644 index 0000000..859246d --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/15pid @@ -0,0 +1 @@ +pidfile /var/run/chilli.pid diff --git a/root/etc/e-smith/templates/etc/chilli.conf/20net b/root/etc/e-smith/templates/etc/chilli.conf/20net new file mode 100644 index 0000000..ae3eb66 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/20net @@ -0,0 +1,2 @@ +net {$chilli{'net'} || '10.1.0.0/255.255.255.0';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/22dev b/root/etc/e-smith/templates/etc/chilli.conf/22dev new file mode 100644 index 0000000..af4b151 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/22dev @@ -0,0 +1,2 @@ +tundev {$chilli{'tundev'} || 'tun0';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/25listen b/root/etc/e-smith/templates/etc/chilli.conf/25listen new file mode 100644 index 0000000..40e43ac --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/25listen @@ -0,0 +1,10 @@ +{ +# Compute the first IP of the network +our $net = $chilli{'net'} || '10.1.0.0/255.255.255.0'; +our $chillip = NetAddr::IP->new($net) + 1; +$chillip = $chillip->addr; + +$OUT = "uamlisten $chillip\n"; + +} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/30port b/root/etc/e-smith/templates/etc/chilli.conf/30port new file mode 100644 index 0000000..3f2463d --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/30port @@ -0,0 +1,2 @@ +uamport {$chilli{'TCPPort'} || '3990';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/35dhcpif b/root/etc/e-smith/templates/etc/chilli.conf/35dhcpif new file mode 100644 index 0000000..7256df0 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/35dhcpif @@ -0,0 +1,2 @@ +dhcpif {$chilli{'dhcpif'} || 'eth2';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange b/root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange new file mode 100644 index 0000000..23138ca --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange @@ -0,0 +1,4 @@ + +dhcpstart {$chilli{'dhcpstart'} || '10';} +dhcpend {$chilli{'dhcpend'} || '254';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/40uamallowed b/root/etc/e-smith/templates/etc/chilli.conf/40uamallowed new file mode 100644 index 0000000..07f71e8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/40uamallowed @@ -0,0 +1,10 @@ +{ +my @uamalloweds = split(/[;,]/, ($chilli{'uamallowed'} || '')); + +$OUT = ''; + +# TODO: check the entry with a good regex + +$OUT .= 'uamallowed '.$_."\n" foreach (@uamalloweds); + +} diff --git a/root/etc/e-smith/templates/etc/chilli.conf/45domain b/root/etc/e-smith/templates/etc/chilli.conf/45domain new file mode 100644 index 0000000..0a9b3e4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/45domain @@ -0,0 +1,5 @@ +domain lan +dns1 {$chilli{'dns1'} || '212.73.209.226';} +dns2 {$chilli{'dns2'} || '194.206.120.1';} +dnsparanoia + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/50radius b/root/etc/e-smith/templates/etc/chilli.conf/50radius new file mode 100644 index 0000000..5622bab --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/50radius @@ -0,0 +1,14 @@ +radiusserver1 127.0.0.1 +radiusserver2 127.0.0.1 +{ + use esmith::util; + $pw = esmith::util::LdapPassword; + $pw =~ s/^(.{31}).*$/$1/; + ""; +} +radiussecret {$pw || 'azerty';} +radiusauthport {$radiusd{'UDPPort'} || '1812';} +radiusacctport 1813 +radiusnasid localhost +radiustimeout 3 + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/55uamserver b/root/etc/e-smith/templates/etc/chilli.conf/55uamserver new file mode 100644 index 0000000..9cc106d --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/55uamserver @@ -0,0 +1,11 @@ +{ + +my $uamsecret = $chilli{'uamsecret'} || 'azerty'; +my $uamhomepage = $chilli{'uamhomepage'} || ''; + +$OUT = "uamserver https://$chillip/chilli/cgi-bin/hotspotlogin.cgi\n"; +$OUT .= "uamsecret $uamsecret\n"; + +$OUT .= "uamhomepage $uamhomepage\n" if ($uamhomepage ne ''); + +} diff --git a/root/etc/e-smith/templates/etc/chilli.conf/60timeout b/root/etc/e-smith/templates/etc/chilli.conf/60timeout new file mode 100644 index 0000000..0472109 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/60timeout @@ -0,0 +1,3 @@ +defsessiontimeout {$chilli{'defsessiontimeout'} || '7200';} +defidletimeout {$chilli{'defidletimeout'} || '900';} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/65conscripts b/root/etc/e-smith/templates/etc/chilli.conf/65conscripts new file mode 100644 index 0000000..3bee3e5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/65conscripts @@ -0,0 +1,3 @@ +conup /etc/chilli/call_conup.sh +condown /etc/chilli/call_condown.sh + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/70UidGid b/root/etc/e-smith/templates/etc/chilli.conf/70UidGid new file mode 100644 index 0000000..9096541 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/70UidGid @@ -0,0 +1,4 @@ + +uid={getpwnam("coovachilli");} +gid={getgrnam("coovachilli");} + diff --git a/root/etc/e-smith/templates/etc/chilli.conf/75noc2c b/root/etc/e-smith/templates/etc/chilli.conf/75noc2c new file mode 100644 index 0000000..80807bd --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/75noc2c @@ -0,0 +1,4 @@ +{ +return '' if (($chilli{'noc2c'} || 'enabled') eq 'disabled'); +$OUT .= "noc2c\n"; +} diff --git a/root/etc/e-smith/templates/etc/chilli.conf/95macallowed b/root/etc/e-smith/templates/etc/chilli.conf/95macallowed new file mode 100644 index 0000000..ff537d0 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli.conf/95macallowed @@ -0,0 +1,15 @@ + +macallowlocal +{ +my @macalloweds = split(/[;,]/, ($chilli{'macallowed'} || '')); + +$OUT = ''; + +# TODO: check the entry with a good regex + +foreach (@macalloweds){ + $_ =~ s/:/-/g; + $OUT .= 'macallowed '.uc($_)."\n"; +} + +} diff --git a/root/etc/e-smith/templates/etc/chilli/config/10dhcpif b/root/etc/e-smith/templates/etc/chilli/config/10dhcpif new file mode 100644 index 0000000..5f6abe9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli/config/10dhcpif @@ -0,0 +1 @@ +HS_LANIF={$chilli{'dhcpif'} || 'eth2';} diff --git a/root/etc/e-smith/templates/etc/chilli/config/20radconf b/root/etc/e-smith/templates/etc/chilli/config/20radconf new file mode 100644 index 0000000..5fb4276 --- /dev/null +++ b/root/etc/e-smith/templates/etc/chilli/config/20radconf @@ -0,0 +1,2 @@ +HS_RADCONF=off + diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98chilli b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98chilli new file mode 100644 index 0000000..4af4e63 --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98chilli @@ -0,0 +1,31 @@ +{ +my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0'; + +if ($chilli{'status'} eq 'enabled'){ + +$OUT .=< + AllowOverride None + + Require all denied + + Require ip $net + + + + Options ExecCGI + + + + Require all denied + + +END +} +} + diff --git a/root/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules31unix b/root/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules31unix new file mode 100644 index 0000000..48048a4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/raddb/radiusd.conf/25modules31unix @@ -0,0 +1,8 @@ + #Unix Auth for Chilli + unix \{ + cache = yes + cache_reload = 600 + passwd = /etc/passwd + shadow = /etc/shadow + group = /etc/group + \} diff --git a/root/etc/e-smith/templates/etc/raddb/radiusd.conf/70authenticate25AuthUnix b/root/etc/e-smith/templates/etc/raddb/radiusd.conf/70authenticate25AuthUnix new file mode 100644 index 0000000..15643b4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/raddb/radiusd.conf/70authenticate25AuthUnix @@ -0,0 +1,4 @@ +{ + push(@authModules, "\tunix\n"); +} + diff --git a/root/etc/e-smith/templates/etc/raddb/users/40chilli b/root/etc/e-smith/templates/etc/raddb/users/40chilli new file mode 100644 index 0000000..961258f --- /dev/null +++ b/root/etc/e-smith/templates/etc/raddb/users/40chilli @@ -0,0 +1,29 @@ +{ + +if ((($chilli{'status'} || 'disabled') eq 'enabled') && + ($chilli{'guestAccess'} || 'disabled') eq 'enabled'){ + my $downlink = $chilli{'guestDownLink'} || '400'; + my $uplink = $chilli{'guestUpLink'} || '64'; + $downlink = $downlink * 1000; + $uplink = $uplink * 1000; + $OUT =<<"END"; + +guest NAS-Identifier == "localhost", Auth-Type := Local, User-Password == 'guest' + WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink +END +} + +if (($chilli{'status'} || 'disabled') eq 'enabled'){ + $OUT .=< 0){ + foreach(@tcpports){ + $OUT .= " # Acces to $service is allowed:\n" . + " /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $_ --syn -j ACCEPT\n" if ($_ ne ''); + } + } + if (@udpports > 0){ + foreach(@udpports){ + $OUT .= " # Acces to $service is allowed:\n" . + " /sbin/iptables -A IN_FROM_CHILLI -p udp --dport $_ -j ACCEPT\n" if ($_ ne ''); + } + } + # Special case for pptp, which uses GRE proto + if ($service eq 'pptpd'){ + $OUT .= " /sbin/iptables -A IN_FROM_CHILLI -p 47 -j gre-in\n"; + $OUT .= " /sbin/iptables -I gre-in -s $net -j ACCEPT\n"; + } +} + +$OUT .= " /sbin/iptables -A IN_FROM_CHILLI -j denylog\n\}\n"; + +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output new file mode 100644 index 0000000..d80cbd0 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output @@ -0,0 +1,14 @@ +{ + +$OUT .=<<"HERE"; + +# Output (from the server to the wireless clients) +outToChilli()\{ + /sbin/iptables -N OUT_TO_CHILLI + /sbin/iptables -A OUT_TO_CHILLI -j state_chk + /sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT + /sbin/iptables -A OUT_TO_CHILLI -j denylog +\} +HERE + +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom new file mode 100644 index 0000000..e8654e8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom @@ -0,0 +1,69 @@ +{ + +$OUT .=<<"HERE"; + +# Forward from chilli (from the wireless clients to the internet) +forwardFromChilli()\{ + /sbin/iptables -N FORWARD_FROM_CHILLI + /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk + /sbin/iptables -A FORWARD_FROM_CHILLI ! -s $net -j denylog + /sbin/iptables -A FORWARD_FROM_CHILLI ! -o \$OUTERIF -j denylog + /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT + # Allow http for un-authenticated clients so uamallowed works + # Https need to be allowed in AllowedOutgoing + /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 80 -j ACCEPT + +HERE + +my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])}; +my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*}; +my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/; + +# Allow services specidied in AllowedOutgoing +foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){ + # Check the rules has the form proto:remote_host:remote_port + next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/; + my @params = split(/:/, $_); + my $proto = $params[0]; + my $host = $params[1]; + my $dport = $params[2]; + $OUT .= " # $_ is allowed:\n"; + $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI "; + $OUT .= "-p $proto "; + $OUT .= "-d $host " if ($host !~ /(any|\*)/i); + $OUT .= "--dport $dport " if ($dport !~ /(any|\*)/i); + $OUT .= "--syn " if ($proto =~ /tcp/i); + $OUT .= "-j ACCEPT\n" +} + +foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){ + # Check the rules has the form proto:remote_host:remote_port + # Or host:port or protocol:host + next unless /^((tcp|TCP|udp|UDP):)?(${ReIpAddr})(:${RePort})?$/; + my @param = split(/:/, $_); + my $proto = $param[0]; + my $host = $param[1]; + my $dport = $param[2]; + $OUT .= " # $_ is allowed:\n"; + $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI "; + $OUT .= "-p $proto " if (($proto) && ($proto ne '')); + $OUT .= "-d $host "; + $OUT .= "--dport $dport " if (($dport) && ($dport ne '')); + $OUT .= "--syn " if ($proto =~ /tcp/i); + $OUT .= "-j ACCEPT\n" +} + + +# Allow the two dns servers specified +$OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" . + " /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n" + if ((${'chilli'}{'dns1'} || '') ne ''); + +$OUT .= " # Allow dns requests to ${'chilli'}{'dns2'}\n" . + " /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns2'} -j ACCEPT\n" + if ((${'chilli'}{'dns2'} || '') ne ''); + +$OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog\n\}\n"; + +} + diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo new file mode 100644 index 0000000..ba3616c --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo @@ -0,0 +1,14 @@ +{ + +$OUT .=<<"HERE"; + +# Forward to (from the local network or the internet to the wireless clients) +forwardToChilli()\{ + /sbin/iptables -N FORWARD_TO_CHILLI + /sbin/iptables -A FORWARD_TO_CHILLI -j state_chk + /sbin/iptables -A FORWARD_TO_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT + /sbin/iptables -A FORWARD_TO_CHILLI -j denylog +\} +HERE + +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting new file mode 100644 index 0000000..522ebcc --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting @@ -0,0 +1,29 @@ +{ + +$OUT .=<<"HERE"; + +# Prerouting from chilli (before the server routes paquets from wireless clients) +preroutingFromChilli()\{ + /sbin/iptables -N PREROUTING_FROM_CHILLI -t nat + /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip +HERE + +$OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip\n" if $ExternalIP; + +# Redirect also addresses specified in RedirectToChilli + +foreach my $ip (split(/[;,]/,(${'chilli'}{'RedirectToChilli'} || ''))){ + my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])}; + my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)}; + # Check the $ip is a valid ip address + next unless $ip =~ /^${ReIpAddr}$/; + $OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ip -j DNAT --to $chillip\n"; +} + +# Accept other connexions in order to skip other pre-routing rules. Note that packets will be filtered +# in the FORWARD_FROM_CHILLI chain +$OUT .=" /sbin/iptables -t nat -A PREROUTING_FROM_CHILLI -j ACCEPT\n"; + +$OUT .= "\}\n"; + +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start new file mode 100644 index 0000000..6f8d572 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start @@ -0,0 +1,20 @@ +{ + +$OUT .=<<"HERE"; + +# Send the paquets from and to chilli to the correct chains +startChilli()\{ + inFromChilli + outToChilli + preroutingFromChilli + forwardFromChilli + forwardToChilli + /sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI + /sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI + /sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI + /sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI + /sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI +\} +HERE + +} diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli new file mode 100644 index 0000000..c5f3472 --- /dev/null +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli @@ -0,0 +1,11 @@ + + # First, remove hotspot rules + stopChilli + + # Then, insert it if chilli is enabled + status=$(/sbin/e-smith/config getprop chilli status) + if [ $status = "enabled" ] + then + startChilli + fi + diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/15HTTPPortChilli b/root/etc/e-smith/templates/etc/squid/squid.conf/15HTTPPortChilli new file mode 100644 index 0000000..20ff519 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/15HTTPPortChilli @@ -0,0 +1,18 @@ +{ +use NetAddr::IP; +my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0'; +$net = NetAddr::IP->new($net) + 1; +my $chillip = $net->addr; + +my $transparent = ' transparent'; +my $squid = `rpm -q --qf %{VERSION} squid`; + +$transparent = '' if ($squid =~ /^2\.5/); + +$OUT =''; +if ($chilli{'status'} eq 'enabled'){ + my $squidport = $squid{'TCPPort'} || '3128'; + $OUT = "http_port $chillip:$squidport$transparent\n"; +} +} + diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli new file mode 100644 index 0000000..df0ba6a --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL10chilli @@ -0,0 +1,14 @@ +{ +if ((($chilli{'status'} || 'disabled') eq 'enabled') && + (($chilli{'WebRequests'} || 'direct') eq 'squid')){ + +my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0'; + +$OUT .=< + +use Digest::MD5 qw(md5 md5_hex md5_base64); + +# Import the config +require ('../hotspotlogin-conf.pl'); + +# detect browser language +$language = $ENV{'HTTP_ACCEPT_LANGUAGE'}; + +@array = split(',',$language); + +foreach $var ( @array ) +{ + $var = substr($var,0,2); + + if($var =~ /^fr$/) { $language = "fr"; last; } + if($var =~ /^en$/) { $language = "en"; last; } +} + +if(-e "../lang/hotspotlogin.$language.pl"){ + require("../lang/hotspotlogin.$language.pl"); +} +else{ + require('../lang/hotspotlogin.en.pl'); +} + +# Login page need https +if (!($ENV{HTTPS} =~ /^on$/)) { +print "Content-type: text/html\n\n + + + +$conf{domain}/title> +<meta http-equiv=\"Cache-control\" content=\"no-cache\"> +<meta http-equiv=\"Pragma\" content=\"no-cache\"> +<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" /> +</head> +<body> +<p> </p><p> </p> +<h2>$lang{loginfailed}</H2><br> +$lang{neddencrypted}</body></html>"; +exit(0); +} +$loginpath = $ENV{'SCRIPT_NAME'}; + +# Make sure that the form parameters are clean +$OK_CHARS='-a-zA-Z0-9_.@&=%!'; +$_ = (<STDIN> || ''); +s/[^$OK_CHARS]/_/go; +$input = $_; + +# Make sure that the get query parameters are clean +$OK_CHARS='-a-zA-Z0-9_.@&=%!'; +$_ = $query=$ENV{QUERY_STRING}; +s/[^$OK_CHARS]/_/go; +$query = $_; + + + + + +#Read form parameters which we care about +@array = split('&',$input); +$replyencoded = ''; +$username = ''; +$password = ''; +$challenge = ''; +$button = ''; +$res = ''; +$uamip = ''; +$uamport = ''; +$userurl = ''; +$timeleft = ''; +$redirurl = ''; +$mac = ''; + +foreach $var ( @array ) +{ + @array2 = split('=',$var); + if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; } + if ($array2[0] =~ /^Password$/) { $password = $array2[1]; } + if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } + if ($array2[0] =~ /^button$/) { $button = $array2[1]; } + if ($array2[0] =~ /^res$/) { $res = $array2[1]; } + if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } + if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } + if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } + if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } + if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } + if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } + +# This should be added to 'standard' cgi script also + if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } +} + +#Read query parameters which we care about +@array = split('&',$query); +foreach $var ( @array ) +{ + @array2 = split('=',$var); + if ($array2[0] =~ /^res$/) { $res = $array2[1]; } + if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; } + if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; } + if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; } + +# This should be changed in 'standard' cgi script also + if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; } + if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; } + if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; } + if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; } + if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; } +} + +# This should be added to 'standard' cgi script also +$reply = $replyencoded; + +$reply =~ s/\+/ /g; +$reply =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; + +$button =~ s/\+/ /g; +$button =~ s/\_/ /g; + +$userurldecode = $userurl; +$userurldecode =~ s/\+/ /g; +$userurldecode =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; + +$redirurldecode = $redirurl; +$redirurldecode =~ s/\+/ /g; +$redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; + +# Tim added these two lines: +$username =~ s/\+/ /g; +$username =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; + +$password =~ s/\+/ /g; +$password =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg; + +# If attempt to login +if (($button =~ $lang{login} || $button =~ $lang{guestbutton})) { + $hexchal = pack "H32", $challenge; + if (defined $conf{uamsecret}) { + $newchal = md5($hexchal, $conf{uamsecret}); + } + else { + $newchal = $hexchal; + } + $response = md5_hex("\0", $password, $newchal); + $pappassword = unpack "H32", ($password ^ $newchal); + +print "Content-type: text/html\n\n"; +print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> +<html> +<head> +<title>$conf{domain} + +"; + if ( (defined $conf{uamsecret}) && (defined $conf{userpassword})) { + print ""; + } + else { + print ""; + } + +print " + +
"; +print "

 

 

+

$lang{longgingin}


$lang{wait}
"; +exit(0); +} + + +# Default: It was not a form request +$result = 0; + +# If login successful +if ($res =~ /^success$/) { $result = 1; } + +# If login failed +if ($res =~ /^failed$/) { $result = 2; } + +# If logout successful +if ($res =~ /^logoff$/) { $result = 3; } + +# If tried to login while already logged in +if ($res =~ /^already$/) { $result = 4; } + +# If not logged in yet +if ($res =~ /^notyet$/) { $result = 5; } + +# If login from smart client +if ($res =~ /^smartclient$/) { $result = 6; } + +# If requested a logging in pop up window +if ($res =~ /^popup1$/) { $result = 11; } + +# If requested a success pop up window +if ($res =~ /^popup2$/) { $result = 12; } + +# If requested a logout pop up window +if ($res =~ /^popup3$/) { $result = 13; } + + +# Otherwise it was not a form request +# Send out an error message +if ($result == 0) { + print "Content-type: text/html\n\n + + + +$conf{domain} + + + + + +
+

 

 

+

$lang{loginfailed}


+$lang{chillierror}
"; +exit(0); +} + +#Generate the output +print "Content-type: text/html\n\n + + + +$conf{domain} + + + + + +
"; +# In body onLoad above, after $timeleft, add '&reply=$replyencoded to 'standard' cgi script + +if ($result == 2){ + print "

 

 

$lang{loginfailed}

"; + if ($reply) { print "$reply
"; } +} + +if ($result == 2 || $result == 5){ + print "

 

 

+
+ + + + + + + + + + + + + + + + + + + "; + } + + print "
$lang{username}:
$lang{password}:
+ $lang{saveuser}"; + + if($conf{guestaccess}){ + print "
$lang{guestdesc}
"; + + if($lang{loginstring}) { print "
$lang{loginstring}
"; } + print "
"; +} + + +if ($result == 1){ + print "

 

 

$lang{loggedin}


"; + if ($lang{loggedinstring}) { print "$lang{loggedinstring}

"; } + if ($reply) { print "$reply

"; } + print "$lang{logout}"; +} + +if (($result == 4) || ($result == 12)){ + print "

 

 

$lang{loggedin}


"; + if ($lang{loggedinstring}) { print "$lang{loggedinstring}

"; } + if ($reply) { print "$reply

"; } + print "$lang{logout}
"; +} + +if ($result == 11){ + print "

 

 

$lang{longgingin}


"; + print "
$lang{wait}"; +} + +if (($result == 3) || ($result == 13)){ + print "

 

 

$lang{loggedout}


"; + if ($lang{loggedoutstring}) { print "$lang{loggedoutstring}

"; } + print "$lang{login}"; +} + +exit(0); diff --git a/root/opt/chilli/css/sme.css b/root/opt/chilli/css/sme.css new file mode 100644 index 0000000..dcfca18 --- /dev/null +++ b/root/opt/chilli/css/sme.css @@ -0,0 +1,33 @@ +/* mod_auth_tkt example css */ + +BODY {background-image: url(/chilli/images/smeserver_logo.jpg); + background-repeat: no-repeat; + background-position: 400px 40px; + background-position: top; + + font-family: arial, helvetica, sans-serif; + font-size: small; +} + +P, TH, TD { + font-family: arial, helvetica, sans-serif; + font-size: small; +} + +H1, H2, H3, H4, H5, H6 { color: #006; } +H1 { font-size: x-large; } +H2 { font-size: large; } +H3 { font-size: medium; } + +.warning { color: #c00; font-size: medium; font-weight: bold; } + + +TABLE { + background-color: #eee; + color: #666; + border: 1px solid #ccc; + padding: 20px; +} + + +/* arch-tag: ac35e093-c2c0-4994-bc18-2d25715b1192 */ diff --git a/root/opt/chilli/images/smeserver_logo.jpg b/root/opt/chilli/images/smeserver_logo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b7547ced89f467f77843bc41e9c07c9aff83533b GIT binary patch literal 5925 zcmb_gbyQSuw?4x#3=Knvq=2-50)ljjgmei=45jo?3M!paBVE!cAu=cp0?q(ZQbW!V z5+bRfblv&g?|$p9@1OhEea<>-owJ|4cD!qy_ubFAnz>p6XmzyiYXKk-2+$^6z}0tv zN%QGr7XZ-L2ZR9tASK)cT;Tw9fapH}CI%A`fr%l+{{TV)`EQVrK%t~iCul+<4crY#DUQWF&)qm{)I$ErcE#gehqZJJ2N_%!*lMiN6&c!G1*LR z&-3?yIy+^be9JOfwA(1~KxxBse+*ZbPm}F69-)Aw}7jQ|XO`SYm6FKVSU(9M4Ny=S)+Fo1oHa;eAe=~P` zEM~yD<#_$t6+mPk2)r1|&QY<5nQsYP3{?ot2oSYkhyTP*uBqQ^Jnh^G30*qLz0W)J zx!Bv~l^B~}*-lZoorKA$#?iJiB6%KqUftw#MDO6&>N)=Rn{qBqe(1mpwqqyOt~h`+ zZX1MmuaEd(dpb5gnIt2#)1UjE@&Nq>JZ}d$&zxG%j=PQaLh(ucyRJXwchn9wwei#(jP{sSu|UFC||2* z_U#8|%>`x|5)4s-h)n_5jF68`R>6TQyjj!BdUGwNfg5IY+bk>HCTSGH$PxFzm6mFF zNyI9yYe!7o9(U>6fO1-M=iF$11k+?gYjxg7M}zelwt!do1lnFav5=qW)6gy73hu4Tg1y*ttIkWahseeomho|I z5#sU)*qN2~Gndr>R=$}oe+x~+RZUX+T@vbI)B7oQtmJ*YbqO{W2h$L@FBJ;PwCO%t ztCF2j`LTX^+qS(~#H{Y_y1GI612P9~Ii5j&)CC!@WONxPRBgL4K$ONeq;?eoHbY#( ztt4!Ud?5O8$W2DsBzL{Sao^#I@*H=vkkGfZGl1vq2_gu7Y+{pA>LXx(U+ za2KH{KsEuSj(0Z_HG3ROAVK~_oBw0xCioXYNbf#-xh&*VEGB6&p*i>Rl{M#fv{O&c58uxQkjj@LzkuOvsm)l^)s!tz7Ibkz=v09)8#tV z*Z@v>4E95=X=0~ZqQ!(xs92**R(pC#NtH`wdO7V+l`Wfg_2gpZL8ky6Q&;|a@1M2z z?gSg5^@^`W!bz`R-)amj#J-77xdMy;!dE0t+N)CtGudC5m}H)R?ESs$n~;b{f3?|I z6SlWN>aUCRQEvw)uGS>>ermkUJ8)BNE)mDG0#19|)?ag-x>B$|>}72?436HInvY=f zFZ$dxl{Fr!w0ab?mRPAObLsDI(te410rhP0mk2Yxj?6o>CZ3&pFs@ZnT=VQ?_SF+( z5=20Fp)hjN%M}(D2IG%|2qh>0U3Z^VH6VMRqb1{;zn3i6vui+DrY5+jl=O(9uMT@e zQpFeTXP!`-crL>9cK_V6I<@aPOwHNKyJV8t&u~fIb>`^5v13`n&8hO`-Odqtixh91 z-SLlCZCR8Dev;+nzO7RR-Nq)b?A*@G`s3+jPU zt2q=csjj;h(x!kQ^|Hn#+VUi~g;_C^@z`#pBd+QF`Pl0>Bg2aB9BjElcO)}>)>O2^ zF?(x*UU2A}jKKK2c{?c4mer}0Fm_*GZ%0WEbwbwcqVSah5O`8Tg% zTUTfE(}%OMH#VP=`!D8Mg2V=@?+s7#=7*=g{Ub}y?0BtWlLJFF-YBWpf4^jBi_7*m zn?ne@bGLO*N4@Ds;||htMuuETFF#-HU5&i_UK599wF_Aob>9AiU_GN2Q+_4B+~l6u z=4tr#w=z@nm4Wnl3BxxVdF41LOfE0shnyS(B^a{=#>&o>4!LKKw$k@jz2v6;T|>g& zy4O(+39-)cVtp2qygFsoGOn+DFZ@pV`e6jgVqMInaV7jZ5nZnxT{}Aam)omHL+H$L zvgY{bK{|4_%Voy;rI7gy-kNNX3GZ8NQbP&v=?+HoVIP#_Pn=yETgKNvmb*LkOCCqV z%cjVvyHE;Y=WqBm$b_8v4oZLU?RZszzFv-6FH06i=?Z9X5UqvwSWaP^SIk;ypd1MK zz*S0@VLk4hjc)E`VjgY3%Wwnf7Ay8r_kx=BJ@(9qfz9tPlvkqmJ*Rq3O5S|794L@p zq%TRDEn0+gP0-Rx4tciH=tl&1)crw=wOF%)ZFCF{TB#g&FdzOgx<8Q}9)bv_TQEv}qi^9}wqcsj zn>*kETmu&GgoS=<48Yq)IrwXzT4Hx5Ypkqysdqopp?0hT+~m$|14#@m{3**xe^v@t zN3cqh!lil4mJCny>_LKYq_*<8L%!oyXUzJCOo|<*oeq!iwF1en(p8zOo9;S>Eb2Yt zxSi%zSm7%Cc1sMSjy2Tyfe*xGX!UXQAHG8d*wa5P0z#+&25wtJ;srr~6RiTVWL6<- zH^dM&KNg535RwFt?5PNbBt79zcrUR=AjJtg_P@*;1bZsy!?3em%@3TolS=yZjC(kX3VoFJ!k9C`uq7!)@h-e*P{EISaiN!_*b8q z*lZoF@l;Lif!L?=D?n(wbYZYkeK%tto3Aohu{~y#=auJgA{6VrBk04?_jj(tg#Y&n zH(JxU=SE!Rl(Cm&=YFr4)eCFa*!4@1y$8bHun6BTV;2&Ma3Sl8mf^ddFN6h?C3{0& z*LyL+m}h$~O1@7s*OM`jZxp_}OI|3@<=+*Y-R9kRMw4)oZ@m-)hTWeY@Ybnc)Wlbg zG*#`=9R^M8wie#v-Lqg#>FKp<`(xhU&(G@F-ytLvGG!%qOs-6JIjkdJnq=;D z+9>$Z4y)sich0)!&EU*dB_w(kCVybk>4s6KfCooJQ*nU~$^#C^cT!XA?%b~zZvBV| zd8UEAxh_mJCgZ+;1-!Ja99?*8{e8<(_Xh`|r-{MVv>1%UdY*js^B&DRm+< zM-2XHRHo5F=Z)sG{pzl^iZraS)Ti+kJwU_`kXU_raqj?DCKrzo+Sw3s?B8tsne|m8 z@Uubyl2a_O;%l$`kEC;zg(W&k8Hv1@Gfyk*Li9n@*G}>?-j$}^YL}@&cYPHlEiGw# z=yMZWRJTTy&c`tD^X|FYJ%MrAD}a?d{gabN6|vcEzPXYe1}s&wv8aliO83D`@U$ex zeZq*Xdwh!`;d0`0vDhs7qnn2Ik{){T6GC%TxW6`jjLV3TY-Ek23A8Out(zt$;FiT? zbMw8TG48|dZ>K-aN{*iBZ6g$JGN)Y67dJi&s=TqE{no(e4vl_mGR}f-9p#<5`fE?1 zNnmH#cIW}Va_|NS!Nbf$#vMBVzop7IX8Ar@QLX~P{uf5IS@lOsA^rhERxPN8@7nv5 zst)zVu!NAlhsICD56;ZYiPE*z#3Q13S^*l^OyDo;jiXzB{l^(rhr2f;C#Xdmw6uSl zzkkp7bfsSq8cf#WpVP&>3;=h3;r>!%D;rY7n|H1~WICvO&I6sB*0pv6xC5WpLaIeX?d0`TT2}cCCDa zmeStzIhOvfiLvzjytlft9yC=D88^%igc?eOVNDlY`rHb2_Qs6rhH`o_b&ol?IK$cN zUFM}Ka_`g12$32e0>FnNpX;rPF;U?v;x$Cx3;+#bqK%@c`uE^jP4p8ao4^vriB<=y z0UF;TU_lT<?_&Y60AW9=fNGrZc~es|ULjNaDZ zehg|*PTG{&bLYqXLhLzSCz~kb3P3f47QW=$;}Beby6M0AN$bEWDqeZZS!ioV`&SUPj%c z>FfQxYqrOyBVRL1^Mp^EN_N|vH;kZl`(%GKjZ}K%D0!B29K*uG{+>?n2H$RP^^L99 z-F~XKR;8cO^Cs+5*x0_YMt5ds+YK0!i-O`V0faGym+ zI?M9P$D-A3H6jRqg}M=|wp`+{&@7mw@OB-V3p zjJHQN87$gw!3O&V1;67Wi{A1xntt)i)?m0;VbKUZ(2rR+^p`E$KcIv;&?F~eFKrcd z=A&m_aT5A@f!lLsT06OX8rDU&$4DtCUAlrlKyx`)Z6w33kX1IU>_S#vYm@Y92bZ~o zK*Aomtt009C$#URQkR;&ruX0gznn}SdXMgX2=8iseEK>Y$BfIwv?K^7cAHqCyKWfL zA<+#?rbRpxYqEwH?r=wIsqLhARHIG24h_GRk8C>JFCobgsX^`ZfTu2p9}KU!ejpf) zkoHB8B#yp(%~NKS?hq}u+^%X|8=o1#y%cR2*`h&bJJvt?a#Efa+i!7w;|id3?kABt z5#g|IN=%3Qx^wQU-eTF{6i%yy>B&lQO=NaU}iR z5t_>yU%Ax6EO?@9k+%<`rG}~><5QB}=Y4ia^LCrlJXLen31iVC+cklzz}T`FhV@J3 zKZ)Y3xp1h%f-DG^C(f5&5?(w@A0Y%9x*^kjBoUWnR^!0tG%UL`gxQl*NJ|oHD=}lZ zpwksrFZwk>-NQ`v?R5lb#m}f)$)#c}Wu=3E14oai+-(niRctSQXUULd==9sXcuJM3 z-Z|w)Kp?(?_Ckd5PSNU!mbG3sb>N;gx9;+wx!PabQ^XUzPML#`Yh1iuE^Z%()Cj+1 zd}Q-1=>cX{vA2axCB>nb+wlKMy7CXs4M%qFJZ@83@!oZGWlx}1>7Z5xfdwjwgJw4J zfgY}Rkmm|aQWbQc+)d8M2&eSWk0FWMC@jBPRl8Ho6|fjE%=Wy~U+xWe`Mh*}ZttSR z4Y}yV2!n?xOZtmZE9Qi9%;LOcxC;IUBLbXjj;1#(p7b|{iO)3Ca zw(=|4l|%)h=I=L!J~!5QKTISFcwJn95dIyQ)JhDC?$q;@Q5qDJ;y<`^H zm8=XTo+Ser3m8&`m7T=bK^KG1pXDBlMDz8V5bGi*K7h%`^BFgul2RxuSy= zdZ&|b+lZUkbKQeWe?kpW74fzizuP-O!zezmsh>MeyOR2EFHyax2M~lVk)$Ha4K)?`I9%)(GB(GlD-`lXeSzhxk zvHq_~xg%8I?@D4N7@`Hq5*+{l#`bF+EuDbl+$>qhI`*>>wDuI=5QWEiJMH`wXiP7Y zutxOt4d?Z0&Ku+pDC$o7Y{$!hS!Jx>X#!*|VU^(=E)ni*iBQDaZA~Su?+lQpP)-WF@!bGQpWoT1h$DeY?+lcq`Qh0k6u`Iy_?Iobkrp=L7 z^n%NH(~L8!TX7{mX9}Kgo84{GFIu}?is700uL_%EB!k3|9(LB_wyynT$A$42iaL;e z`94zvpPzrmyJ3ZRFv}GncGF8b$>B+zV%;Ef)z>cFath?CUwVugKNKqxU?XT?2*f^d z^fIz!jYUh%wV^HxmQe?XHXkVh=5!Uc9(A?8U(x76Q{?1WkR^(Sm*i50+g2cIP#s%! zdS6roOH4pijZ!~)6nz%=Q*f7)t(qfamia-8AATpfWQqs$bfaIMUC7eZo(1kSA*;rn zF@nB^_}I5|l_DTU7eKK$47Pon&+?G1PL!aJP}|Zfgl9kyG8qPK9>tIzve7|+);fYv z0u*Dy$Z5sj{rmK7 GHTz$+!^$uK literal 0 HcmV?d00001 diff --git a/root/opt/chilli/lang/hotspotlogin.en.pl b/root/opt/chilli/lang/hotspotlogin.en.pl new file mode 100644 index 0000000..cf7c5a8 --- /dev/null +++ b/root/opt/chilli/lang/hotspotlogin.en.pl @@ -0,0 +1,21 @@ +$lang{chillierror} = "You can only login while connected to the hotspot."; + +$lang{login} = "Login"; +$lang{guestdesc} = "You can click here to have a limited guest access"; +$lang{guestbutton} = "Guest access"; +$lang{logout} = "Logout"; +$lang{loginfailed} = "Login failed"; +$lang{loggingin} = "Logging in"; +$lang{loggedin} = "Logged in"; +$lang{loggedout} = "Logged out"; +$lang{username} = "User"; +$lang{password} = "Password"; +$lang{wait} = "Please wait ..."; +$lang{onlinetime} = "Online time"; +$lang{remainingtime} = "Remaining time"; +$lang{needencrypted} = "Login must use encrypted connection (https)"; +$lang{saveuser} = "Remember user/password"; +# Custom resource vars +$lang{loginstring} = "If you have any question, please contact $conf{contactinfo}"; +$lang{loggedinstring} = "Welcome!
Closing this windows will disconnect you.."; +$lang{loggedoutstring} = "Thanks for using $conf{domain} hotspot service"; diff --git a/root/opt/chilli/lang/hotspotlogin.fr.pl b/root/opt/chilli/lang/hotspotlogin.fr.pl new file mode 100644 index 0000000..7db7d05 --- /dev/null +++ b/root/opt/chilli/lang/hotspotlogin.fr.pl @@ -0,0 +1,22 @@ +$lang{chillierror} = "L'identification doit se faire à travers le démon Coova-Chilli"; + +$lang{login} = "Identification"; +$lang{guestdesc} = "Si vous n'avez pas d'identifiants, cliquez sur ce boutton pour obtenir un accès limité"; +$lang{guestbutton} = "Accès invité"; +$lang{logout} = "Se déconnecter"; +$lang{loginfailed} = "L'identification a échoué"; +$lang{loggingin} = "Identification en cours"; +$lang{loggedin} = "Authentifié"; +$lang{loggedout} = "Déconnecé"; +$lang{username} = "Utilisateur"; +$lang{password} = "Mot de passe"; +$lang{wait} = "Veuillez patienter ..."; +$lang{onlinetime} = "Durée de la session"; +$lang{remainingtime} = "Temps restant"; +$lang{needencrypted} = "L'identification doit utiliser une connexion sécurisé (https)"; +$lang{saveuser} = "Se souvenir de mes identifiants"; +# Custom resource vars +$lang{loginstring} = "Pour toute question relative au fonctionnement de cet accès, vous pouvez contacter le responsable $conf{contactinfo}"; + +$lang{loggedinstring} = "Bienvenue!
La fermeture de cette fenêtre terminera votre session."; +$lang{loggedoutstring} = "$conf{domain} vous remercie"; diff --git a/smeserver-coova-chilli.spec b/smeserver-coova-chilli.spec new file mode 100644 index 0000000..dea8249 --- /dev/null +++ b/smeserver-coova-chilli.spec @@ -0,0 +1,239 @@ +# $Id: smeserver-coova-chilli.spec,v 1.4 2022/07/29 05:25:17 jpp Exp $ +# Authority: vip-ire +# Name: Daniel Berteaud + +Summary: Coova-Chilli, a captive portal based on ChilliSpot configured for SME server +%define name smeserver-coova-chilli +Name: %{name} +%define version 0.3 +%define release 7 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: Networking/Remote access +Source: %{name}-%{version}.tar.xz +URL: https://contribs.org +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +BuildRequires: e-smith-devtools +Requires: e-smith-apache >= 2.6.0-19 +Requires: e-smith-release >= 10.0 +Requires: openssl +Requires: coova-chilli >= 1.0.13 +Requires: e-smith-radiusd >= 1.0.0-18 +Requires: perl(NetAddr::IP) +Requires: smeserver-remoteuseraccess + +%description +This package allow you to configure a third interface +(eth2). Just plug a WiFi AP on it, and you'll have +a secured captive portal. Users will be redirected +on a logon page and they'll have to enter credentials +(sme accounts) before the server allows them. By default, +they'll only have web access if they are members of the group "chilli" +This contrib will only work in server&gateway mode + +%changelog +* Sat Sep 07 2024 cvs2git.sh aka Brian Read 0.3-7.sme +- Roll up patches and move to git repo [SME: 12338] + +* Sat Sep 07 2024 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Fri Jul 29 2022 Jean-Philippe Pialasse 0.3-6.sme +- update access syntax for httpd 2.4 [SME: 12041] + +* Mon Dec 21 2020 Brian Read 0.3-5.sme +- Initial Import in SME10 [SME: 11289] + +* Tue Jul 05 2016 Jean-Philipe Pialasse 0.3-4.sme +- fix old dns default are not available [SME: 9514] + +* Tue Jul 05 2016 Jean-Philipe Pialasse 0.3-3.sme +- fix format for logout screen [SME: 9514] +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or .... + Sun Mar 07 2009 --> Sun Mar 01 2009 or Sat Mar 07 2009 or Sun Mar 08 2009 or .... + Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or .... + +* Thu May 26 2016 Jean-Philipe Pialasse 0.3-2.sme +- fix iptables syntax exclamation mark misplaced [SME: 9514] +- smeserver-coova-chilli-0.3-MasqUpdate.patch + +* Fri May 13 2016 Daniel Berteaud 0.3-1 +- Roll new stream for sme9 + +* Mon Mar 28 2011 Daniel B. 0.2-20 +- Fix uamhomepage setting + +* Wed Oct 20 2010 Daniel B. 0.2-19 +- Drop all the trafic not going through the external interface + +* Thu Jul 29 2010 Daniel B. 0.2-18 +- cleanup CGI login script +- remove obsolete php templates +- add macallowed DB key to bypass auth for some mac addresses +- add uamhomepage DB key + +* Mon Jul 19 2010 Daniel B. 0.2-17 +- Fixes sudo env (bug only in SME8) +- Uses TCPPort squid key instead of TransparentPort so coova can + work with dansguardian +- insert NAT rule just before the ACCEPT (PREROUTING_FROM_CHILLI) +- add transparent directive to squid (required for squid => 2.6) + +* Wed Apr 14 2010 Daniel B. 0.2-16 +- Fixe a bug in conup.sh and condown.sh + +* Thu Jun 11 2009 Daniel B. 0.2-15 +- Fixe a bug in masq template for uamallowed entries + +* Thu May 28 2009 Daniel B. 0.2-14 +- Remove space in hotspot-config.pl template + +* Tue May 26 2009 Daniel B. 0.2-13 +- Add noc2c key (allow to disable the option, but default to enabled) + +* Thu Apr 30 2009 Daniel B. 0.2-12 +- Create a new user coovachilli +- Add support of new options uid and gid to drop privileges +- Enabled noc2c (prevent client to client communication) +- Use sudo to call conup/condown script (as chilli runs under un + unprivileged account now) +- Add smeserver-remoteuseraccess as a dependency (for sudoers metadata templates) +- move templates2expand in creatlinks script + +* Fri Mar 13 2009 Daniel B. 0.2-11 + Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or .... +- Automatically allow uamallowed entries in the firewall (no need to + explicitly allow it agin in AllowOutgoing) + +* Thu Mar 12 2009 Daniel B. 0.2-10 +- Small typo correction + +* Tue Mar 10 2009 Daniel B. 0.2-9 +- Use allready defined localhost NAS to fixe PPTP problem [SME: 4996] + (thanks John K Pruder) +- fix a typo in squid template + +* Sat Mar 07 2009 Daniel B. 0.2-8 +- Add dhcpstart and dhcpstop db parameters (thanks John K Pruder) + +* Sat Mar 07 2009 Daniel B. 0.2-7 +- Fix tundev template [SME: 5054] + +* Thu Sep 18 2008 Daniel B. 0.2-6 +- Remove warning in httpd.conf file (httpd -t) + +* Mon Sep 15 2008 Daniel B. 0.2-5 +- Fix Syntax Error in /etc/chilli.conf template (25listen) [SME: 4559] + +* Mon Sep 08 2008 Daniel B. 0.2-4 +- Requires perl(NetAddr::IP) + +* Fri Sep 5 2008 Daniel B. 0.2-3 +- Chilli IP computed with NetAddr::IP +- Radius timeout set to 3 sec +- syntax error in radius users template fixed (for guest access) + +* Wed Sep 03 2008 Daniel B. 0.2-2 + Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or .... +- Bug fix for guest access + +* Tue Sep 2 2008 Daniel B. 0.2-1 +- uplink and downlink for guest account are configurable via db keys + +* Tue Sep 2 2008 Daniel B. 0.2-0 +- Login page is a CGI, with a server-manager login page look +- Guest Access can be enabled with guestAccess key (enabled/disabled) +- merge patchs in main package + +* Mon Sep 01 2008 Daniel B. 0.1-8 +- Fix uamallowed not working (since bypass_auth_with_squid_fix patch) +- Add WebRequests key (use of squid or direct connexions, default to direct) +- disable radconf in /etc/chilli/config +- possible to disable https (enabled by default in AllowedOutgoing) +- add tcp:static.sourceforge.net:80 in uamallowed so daloradius homepage is displayed correctly +- add radiustimeout directive so authentication errors display the standard message quickly + +* Thu Aug 28 2008 Jonathan Martens 0.1-7 +- Reverted moving of default db entries to SPEC file since common practice is to store them in files + +* Thu Aug 28 2008 Daniel B. 0.1-6 +- split uamallowed (one per line) +- Add dnsparanoia directive +- correct cmdsock directive +- initialise default configuration db in the spec file + +* Thu Aug 28 2008 Jonathan Martens 0.1-5 +- Remove the reset of $OUT from the template + +* Thu Aug 28 2008 Daniel B. 0.1-4 +- Add template to enable auth module unix (replace the template-custom) +- Copy images to /opt/chilli/template before removing .rpmnew directory +- Correct dependency (e-smith-radiusd not esmith-radiusd) + +* Wed Aug 27 2008 Jonathan Martens 0.1-3 +- Split requirements to one per line +- Removed .rpmnew directory from package +- Removed the need for templates-custom as package now requires e-smith-radiusd >= 1.0.0-18 + +* Tue Aug 26 2008 Daniel B. +- [0.1-2] +- Most firewall customizations (for incomming and forwarded traffic from + chilli network only) can be set through db commands (Patch3) +- Outgoing DNS is allowed only for the two DNS servers configured +- Clean spec file, and put php files in /opt/chilli (Patch4) + +* Tue Apr 15 2008 Daniel Berteaud +- [0.1-1] +- security fixe: auth bypass with squid (patch1) +- masq template not expanded (patch2) + +* Fri Apr 04 2008 Daniel Berteaud +- [0.1] +- initiale release + +%prep +%setup + +%build +/usr/bin/perl createlinks + +%install +/bin/rm -rf $RPM_BUILD_ROOT +(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) +/bin/rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --file /etc/chilli/conup.sh 'attr(755,root,root)' \ + --file /etc/chilli/condown.sh 'attr(750,root,root)' \ + --file /etc/chilli/call_conup.sh 'attr(755,root,root)' \ + --file /etc/chilli/call_condown.sh 'attr(755,root,root)' \ + --file /opt/chilli/cgi-bin/hotspotlogin.cgi 'attr(0750,root,www) %config(noreplace)' \ + --file /opt/chilli/lang/hotspotlogin.fr.pl 'config(noreplace)' \ + --file /opt/chilli/lang/hotspotlogin.en.pl 'config(noreplace)' \ + --file /opt/chilli/css/sme.css 'config(noreplace)' \ + > %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +if ! /usr/bin/id coovachilli &>/dev/null; then + /usr/sbin/useradd -c 'Coova Chilli User' -s /sbin/nologin -r -d /etc/chilli coovachilli &>/dev/null || \ + %logmsg "Unexpected error adding user \"coovachilli\". Abort installation." +fi + + +%preun + +if [ $1 == 0 ]; then + /sbin/e-smith/db configuration setprop chilli status disabled + /etc/rc.d/init.d/chilli stop >& /dev/null || : +fi +