initial commit of file from CVS for smeserver-coova-chilli on Sat Sep 7 20:15:38 AEST 2024
This commit is contained in:
parent
ee4df6cdb4
commit
2120fa2210
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
*.rpm
|
||||||
|
*.log
|
||||||
|
*spec-20*
|
||||||
|
*.tar.xz
|
21
Makefile
Normal file
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Makefile for source rpm: smeserver-coova-chilli
|
||||||
|
# $Id: Makefile,v 1.1 2020/12/21 16:38:33 brianr Exp $
|
||||||
|
NAME := smeserver-coova-chilli
|
||||||
|
SPECFILE = $(firstword $(wildcard *.spec))
|
||||||
|
|
||||||
|
define find-makefile-common
|
||||||
|
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||||
|
|
||||||
|
ifeq ($(MAKEFILE_COMMON),)
|
||||||
|
# attept a checkout
|
||||||
|
define checkout-makefile-common
|
||||||
|
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||||
|
endef
|
||||||
|
|
||||||
|
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||||
|
endif
|
||||||
|
|
||||||
|
include $(MAKEFILE_COMMON)
|
16
README.md
16
README.md
@ -1,3 +1,15 @@
|
|||||||
# smeserver-coova-chilli
|
# <img src="https://www.koozali.org/images/koozali/Logo/Png/Koozali_logo_2016.png" width="25%" vertical="auto" style="vertical-align:bottom"> smeserver-coova-chilli
|
||||||
|
|
||||||
SMEServer Koozali developed git repo for smeserver-coova-chilli smecontribs
|
SMEServer Koozali developed git repo for smeserver-coova-chilli smecontribs
|
||||||
|
|
||||||
|
## Wiki
|
||||||
|
<br />https://wiki.koozali.org/
|
||||||
|
|
||||||
|
## Bugzilla
|
||||||
|
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-coova-chilli&product=SME%20Contribs&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
|
||||||
|
*Once it has been checked, then this comment will be deleted*
|
||||||
|
<br />
|
||||||
|
1
contriborbase
Normal file
1
contriborbase
Normal file
@ -0,0 +1 @@
|
|||||||
|
contribs10
|
27
createlinks
Normal file
27
createlinks
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
use esmith::Build::CreateLinks qw(:all);
|
||||||
|
|
||||||
|
safe_symlink("restart", "root/etc/e-smith/events/chilli-update/services2adjust/chilli");
|
||||||
|
safe_symlink("adjust", "root/etc/e-smith/events/chilli-update/services2adjust/masq");
|
||||||
|
safe_symlink("sigusr1", "root/etc/e-smith/events/chilli-update/services2adjust/httpd-e-smith");
|
||||||
|
safe_symlink("restart", "root/etc/e-smith/events/chilli-update/services2adjust/squid");
|
||||||
|
safe_symlink("sigterm", "root/etc/e-smith/events/chilli-update/services2adjust/radiusd");
|
||||||
|
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/sudoers");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli.conf");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/chilli/config");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/radiusd.conf");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/raddb/clients.conf");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/httpd/conf/httpd.conf");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/squid/squid.conf");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/etc/rc.d/init.d/masq");
|
||||||
|
safe_touch("root/etc/e-smith/events/chilli-update/templates2expand/opt/chilli/hotspotlogin-conf.pl");
|
||||||
|
|
||||||
|
service_link_enhanced("chilli", "S80", "7");
|
||||||
|
service_link_enhanced("chilli", "K25", "6");
|
||||||
|
service_link_enhanced("chilli", "K25", "0");
|
||||||
|
|
||||||
|
|
||||||
|
#safe_symlink("../../../functions/chilli", "root/etc/e-smith/web/panels/manager/cgi-bin/chilli");
|
||||||
|
|
5
root/etc/chilli/call_condown.sh
Normal file
5
root/etc/chilli/call_condown.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
exec /usr/bin/sudo /etc/chilli/condown.sh $ADDR $FRAMED_IP_ADDRESS
|
||||||
|
|
||||||
|
|
4
root/etc/chilli/call_conup.sh
Normal file
4
root/etc/chilli/call_conup.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
exec /usr/bin/sudo /etc/chilli/conup.sh $ADDR $FRAMED_IP_ADDRESS
|
||||||
|
|
13
root/etc/chilli/condown.sh
Normal file
13
root/etc/chilli/condown.sh
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status)
|
||||||
|
WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests)
|
||||||
|
|
||||||
|
if [[ $SQUID_STATUS == 'enabled' && $WEB_REQ == 'squid' ]]; then
|
||||||
|
SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
|
||||||
|
/sbin/iptables -D IN_FROM_CHILLI -s $2 \
|
||||||
|
-p tcp --dport $SQUID_PORT --syn -j ACCEPT
|
||||||
|
/sbin/iptables -t nat -D PREROUTING_FROM_CHILLI -s $2 \
|
||||||
|
-p tcp --dport 80 -j DNAT --to $1:$SQUID_PORT
|
||||||
|
fi
|
||||||
|
|
16
root/etc/chilli/conup.sh
Normal file
16
root/etc/chilli/conup.sh
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
SQUID_STATUS=$(/sbin/e-smith/db configuration getprop squid status)
|
||||||
|
WEB_REQ=$(/sbin/e-smith/db configuration getprop chilli WebRequests)
|
||||||
|
|
||||||
|
if [[ $SQUID_STATUS == 'enabled' && $WEB_REQ == 'squid' ]]; then
|
||||||
|
SQUID_PORT=$(/sbin/e-smith/db configuration getprop squid TransparentPort)
|
||||||
|
# We need to insert rules just before the accept, so we'll have to compute this position
|
||||||
|
POSITION=$(LANG=C iptables -t nat -L PREROUTING_FROM_CHILLI -n | \
|
||||||
|
egrep -v '(Chain|target)' | grep -n ACCEPT | cut -d':' -f1)
|
||||||
|
/sbin/iptables -t nat -I PREROUTING_FROM_CHILLI $POSITION -s $2 \
|
||||||
|
-p tcp --dport 80 -j DNAT --to $1:$SQUID_PORT
|
||||||
|
/sbin/iptables -I IN_FROM_CHILLI 7 -s $2 \
|
||||||
|
-p tcp --dport $SQUID_PORT --syn -j ACCEPT
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1 @@
|
|||||||
|
tcp:any:443
|
@ -0,0 +1 @@
|
|||||||
|
3990
|
@ -0,0 +1 @@
|
|||||||
|
direct
|
1
root/etc/e-smith/db/configuration/defaults/chilli/access
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/access
Normal file
@ -0,0 +1 @@
|
|||||||
|
private
|
@ -0,0 +1 @@
|
|||||||
|
900
|
@ -0,0 +1 @@
|
|||||||
|
7200
|
@ -0,0 +1 @@
|
|||||||
|
254
|
1
root/etc/e-smith/db/configuration/defaults/chilli/dhcpif
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/dhcpif
Normal file
@ -0,0 +1 @@
|
|||||||
|
eth2
|
@ -0,0 +1 @@
|
|||||||
|
10
|
1
root/etc/e-smith/db/configuration/defaults/chilli/dns1
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/dns1
Normal file
@ -0,0 +1 @@
|
|||||||
|
8.8.8.8
|
1
root/etc/e-smith/db/configuration/defaults/chilli/dns2
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/dns2
Normal file
@ -0,0 +1 @@
|
|||||||
|
8.8.4.4
|
@ -0,0 +1 @@
|
|||||||
|
disabled
|
@ -0,0 +1 @@
|
|||||||
|
400
|
@ -0,0 +1 @@
|
|||||||
|
64
|
1
root/etc/e-smith/db/configuration/defaults/chilli/net
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/net
Normal file
@ -0,0 +1 @@
|
|||||||
|
10.1.0.0/255.255.255.0
|
1
root/etc/e-smith/db/configuration/defaults/chilli/noc2c
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/noc2c
Normal file
@ -0,0 +1 @@
|
|||||||
|
enabled
|
1
root/etc/e-smith/db/configuration/defaults/chilli/status
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/status
Normal file
@ -0,0 +1 @@
|
|||||||
|
disabled
|
1
root/etc/e-smith/db/configuration/defaults/chilli/tundev
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/tundev
Normal file
@ -0,0 +1 @@
|
|||||||
|
tun0
|
1
root/etc/e-smith/db/configuration/defaults/chilli/type
Normal file
1
root/etc/e-smith/db/configuration/defaults/chilli/type
Normal file
@ -0,0 +1 @@
|
|||||||
|
service
|
@ -0,0 +1 @@
|
|||||||
|
|
16
root/etc/e-smith/db/configuration/migrate/60Chilli
Normal file
16
root/etc/e-smith/db/configuration/migrate/60Chilli
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{
|
||||||
|
my $chilliconf = $DB->get('chilli') || $DB->new_record('chilli', {type => 'service'});
|
||||||
|
my $uamsecret = $chilliconf->prop('uamsecret') || '';
|
||||||
|
|
||||||
|
if ($uamsecret eq ''){
|
||||||
|
$pass=`/usr/bin/openssl rand -base64 60 | tr -c -d '[:graph:]'`;
|
||||||
|
$chilliconf->set_prop('uamsecret',$pass);
|
||||||
|
}
|
||||||
|
# change default dns server as they are not available anymore
|
||||||
|
# new default is google
|
||||||
|
my $dns1 = $chilliconf->prop('dns1') || '212.73.209.226';
|
||||||
|
my $dns2 = $chilliconf->prop('dns2') || '194.206.120.1';
|
||||||
|
$chilliconf->set_prop('dns1','8.8.8.8') if $dns1 eq '212.73.209.226';
|
||||||
|
$chilliconf->set_prop('dns2','8.8.4.4') if $dns2 eq '194.206.120.1';
|
||||||
|
}
|
||||||
|
|
0
root/etc/e-smith/events/chilli-update/services2adjust/.gitignore
vendored
Normal file
0
root/etc/e-smith/events/chilli-update/services2adjust/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
PERMS=0750
|
||||||
|
UID="root"
|
||||||
|
GID="www"
|
3
root/etc/e-smith/templates/etc/chilli.conf/00setup
Normal file
3
root/etc/e-smith/templates/etc/chilli.conf/00setup
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
use NetAddr::IP;
|
||||||
|
}
|
1
root/etc/e-smith/templates/etc/chilli.conf/10socket
Normal file
1
root/etc/e-smith/templates/etc/chilli.conf/10socket
Normal file
@ -0,0 +1 @@
|
|||||||
|
cmdsock /var/run/chilli.sock
|
1
root/etc/e-smith/templates/etc/chilli.conf/15pid
Normal file
1
root/etc/e-smith/templates/etc/chilli.conf/15pid
Normal file
@ -0,0 +1 @@
|
|||||||
|
pidfile /var/run/chilli.pid
|
2
root/etc/e-smith/templates/etc/chilli.conf/20net
Normal file
2
root/etc/e-smith/templates/etc/chilli.conf/20net
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
net {$chilli{'net'} || '10.1.0.0/255.255.255.0';}
|
||||||
|
|
2
root/etc/e-smith/templates/etc/chilli.conf/22dev
Normal file
2
root/etc/e-smith/templates/etc/chilli.conf/22dev
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
tundev {$chilli{'tundev'} || 'tun0';}
|
||||||
|
|
10
root/etc/e-smith/templates/etc/chilli.conf/25listen
Normal file
10
root/etc/e-smith/templates/etc/chilli.conf/25listen
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
# Compute the first IP of the network
|
||||||
|
our $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
|
||||||
|
our $chillip = NetAddr::IP->new($net) + 1;
|
||||||
|
$chillip = $chillip->addr;
|
||||||
|
|
||||||
|
$OUT = "uamlisten $chillip\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
2
root/etc/e-smith/templates/etc/chilli.conf/30port
Normal file
2
root/etc/e-smith/templates/etc/chilli.conf/30port
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
uamport {$chilli{'TCPPort'} || '3990';}
|
||||||
|
|
2
root/etc/e-smith/templates/etc/chilli.conf/35dhcpif
Normal file
2
root/etc/e-smith/templates/etc/chilli.conf/35dhcpif
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
dhcpif {$chilli{'dhcpif'} || 'eth2';}
|
||||||
|
|
4
root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange
Normal file
4
root/etc/e-smith/templates/etc/chilli.conf/37dhcpRange
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
|
||||||
|
dhcpstart {$chilli{'dhcpstart'} || '10';}
|
||||||
|
dhcpend {$chilli{'dhcpend'} || '254';}
|
||||||
|
|
10
root/etc/e-smith/templates/etc/chilli.conf/40uamallowed
Normal file
10
root/etc/e-smith/templates/etc/chilli.conf/40uamallowed
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
my @uamalloweds = split(/[;,]/, ($chilli{'uamallowed'} || ''));
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
# TODO: check the entry with a good regex
|
||||||
|
|
||||||
|
$OUT .= 'uamallowed '.$_."\n" foreach (@uamalloweds);
|
||||||
|
|
||||||
|
}
|
5
root/etc/e-smith/templates/etc/chilli.conf/45domain
Normal file
5
root/etc/e-smith/templates/etc/chilli.conf/45domain
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
domain lan
|
||||||
|
dns1 {$chilli{'dns1'} || '212.73.209.226';}
|
||||||
|
dns2 {$chilli{'dns2'} || '194.206.120.1';}
|
||||||
|
dnsparanoia
|
||||||
|
|
14
root/etc/e-smith/templates/etc/chilli.conf/50radius
Normal file
14
root/etc/e-smith/templates/etc/chilli.conf/50radius
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
radiusserver1 127.0.0.1
|
||||||
|
radiusserver2 127.0.0.1
|
||||||
|
{
|
||||||
|
use esmith::util;
|
||||||
|
$pw = esmith::util::LdapPassword;
|
||||||
|
$pw =~ s/^(.{31}).*$/$1/;
|
||||||
|
"";
|
||||||
|
}
|
||||||
|
radiussecret {$pw || 'azerty';}
|
||||||
|
radiusauthport {$radiusd{'UDPPort'} || '1812';}
|
||||||
|
radiusacctport 1813
|
||||||
|
radiusnasid localhost
|
||||||
|
radiustimeout 3
|
||||||
|
|
11
root/etc/e-smith/templates/etc/chilli.conf/55uamserver
Normal file
11
root/etc/e-smith/templates/etc/chilli.conf/55uamserver
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
my $uamsecret = $chilli{'uamsecret'} || 'azerty';
|
||||||
|
my $uamhomepage = $chilli{'uamhomepage'} || '';
|
||||||
|
|
||||||
|
$OUT = "uamserver https://$chillip/chilli/cgi-bin/hotspotlogin.cgi\n";
|
||||||
|
$OUT .= "uamsecret $uamsecret\n";
|
||||||
|
|
||||||
|
$OUT .= "uamhomepage $uamhomepage\n" if ($uamhomepage ne '');
|
||||||
|
|
||||||
|
}
|
3
root/etc/e-smith/templates/etc/chilli.conf/60timeout
Normal file
3
root/etc/e-smith/templates/etc/chilli.conf/60timeout
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defsessiontimeout {$chilli{'defsessiontimeout'} || '7200';}
|
||||||
|
defidletimeout {$chilli{'defidletimeout'} || '900';}
|
||||||
|
|
3
root/etc/e-smith/templates/etc/chilli.conf/65conscripts
Normal file
3
root/etc/e-smith/templates/etc/chilli.conf/65conscripts
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
conup /etc/chilli/call_conup.sh
|
||||||
|
condown /etc/chilli/call_condown.sh
|
||||||
|
|
4
root/etc/e-smith/templates/etc/chilli.conf/70UidGid
Normal file
4
root/etc/e-smith/templates/etc/chilli.conf/70UidGid
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
|
||||||
|
uid={getpwnam("coovachilli");}
|
||||||
|
gid={getgrnam("coovachilli");}
|
||||||
|
|
4
root/etc/e-smith/templates/etc/chilli.conf/75noc2c
Normal file
4
root/etc/e-smith/templates/etc/chilli.conf/75noc2c
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
return '' if (($chilli{'noc2c'} || 'enabled') eq 'disabled');
|
||||||
|
$OUT .= "noc2c\n";
|
||||||
|
}
|
15
root/etc/e-smith/templates/etc/chilli.conf/95macallowed
Normal file
15
root/etc/e-smith/templates/etc/chilli.conf/95macallowed
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
|
||||||
|
macallowlocal
|
||||||
|
{
|
||||||
|
my @macalloweds = split(/[;,]/, ($chilli{'macallowed'} || ''));
|
||||||
|
|
||||||
|
$OUT = '';
|
||||||
|
|
||||||
|
# TODO: check the entry with a good regex
|
||||||
|
|
||||||
|
foreach (@macalloweds){
|
||||||
|
$_ =~ s/:/-/g;
|
||||||
|
$OUT .= 'macallowed '.uc($_)."\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
1
root/etc/e-smith/templates/etc/chilli/config/10dhcpif
Normal file
1
root/etc/e-smith/templates/etc/chilli/config/10dhcpif
Normal file
@ -0,0 +1 @@
|
|||||||
|
HS_LANIF={$chilli{'dhcpif'} || 'eth2';}
|
2
root/etc/e-smith/templates/etc/chilli/config/20radconf
Normal file
2
root/etc/e-smith/templates/etc/chilli/config/20radconf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
HS_RADCONF=off
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
|
||||||
|
|
||||||
|
if ($chilli{'status'} eq 'enabled'){
|
||||||
|
|
||||||
|
$OUT .=<<END
|
||||||
|
|
||||||
|
# Chilli config
|
||||||
|
ScriptAlias /chilli/cgi-bin /opt/chilli/cgi-bin
|
||||||
|
Alias /chilli /opt/chilli
|
||||||
|
|
||||||
|
<Directory /opt/chilli>
|
||||||
|
AllowOverride None
|
||||||
|
<FilesMatch "hotspotlogin-conf.pl">
|
||||||
|
Require all denied
|
||||||
|
</FilesMatch>
|
||||||
|
Require ip $net
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
<Directory /opt/chilli/cgi-bin>
|
||||||
|
Options ExecCGI
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
<Directory /opt/chilli/lang>
|
||||||
|
Require all denied
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
END
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,8 @@
|
|||||||
|
#Unix Auth for Chilli
|
||||||
|
unix \{
|
||||||
|
cache = yes
|
||||||
|
cache_reload = 600
|
||||||
|
passwd = /etc/passwd
|
||||||
|
shadow = /etc/shadow
|
||||||
|
group = /etc/group
|
||||||
|
\}
|
@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
push(@authModules, "\tunix\n");
|
||||||
|
}
|
||||||
|
|
29
root/etc/e-smith/templates/etc/raddb/users/40chilli
Normal file
29
root/etc/e-smith/templates/etc/raddb/users/40chilli
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
if ((($chilli{'status'} || 'disabled') eq 'enabled') &&
|
||||||
|
($chilli{'guestAccess'} || 'disabled') eq 'enabled'){
|
||||||
|
my $downlink = $chilli{'guestDownLink'} || '400';
|
||||||
|
my $uplink = $chilli{'guestUpLink'} || '64';
|
||||||
|
$downlink = $downlink * 1000;
|
||||||
|
$uplink = $uplink * 1000;
|
||||||
|
$OUT =<<"END";
|
||||||
|
|
||||||
|
guest NAS-Identifier == "localhost", Auth-Type := Local, User-Password == 'guest'
|
||||||
|
WISPr-Bandwidth-Max-Down = $downlink, WISPr-Bandwidth-Max-Up = $uplink
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
if (($chilli{'status'} || 'disabled') eq 'enabled'){
|
||||||
|
$OUT .=<<END;
|
||||||
|
|
||||||
|
DEFAULT Group == "chilli", NAS-Identifier == "localhost", Auth-Type := unix
|
||||||
|
# WISPr-Bandwidth-Max-Down = 512000, WISPr-Bandwidth-Max-Up = 128000
|
||||||
|
|
||||||
|
DEFAULT Group != "chilli", NAS-Identifier == "localhost", Auth-Type := Reject
|
||||||
|
Reply-Message = "Your are not member of the allowed group"
|
||||||
|
|
||||||
|
END
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
# Compute the first IP of the network
|
||||||
|
our $net = ${'chilli'}{'net'} || '10.1.0.0/255.255.255.0';
|
||||||
|
my @netaddr = split(/\//,$net);
|
||||||
|
my $netaddr = $netaddr[0];
|
||||||
|
my @nums = split(/\./,$netaddr);
|
||||||
|
my $i = 0;
|
||||||
|
our $chillip = '';
|
||||||
|
foreach (@nums){
|
||||||
|
$chillip .= $_."." if ($i ne '3');
|
||||||
|
$chillip .= "1" if ($i eq '3');
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
our $tundev = ${'chilli'}{'tundev'} || 'tun0';
|
||||||
|
our $chilliport = ${'chilli'}{'TCPPort'} || '3990';
|
||||||
|
|
||||||
|
$OUT .= '';
|
||||||
|
}
|
@ -0,0 +1,43 @@
|
|||||||
|
{
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# This will flush any existing rules for coova-chilli
|
||||||
|
stopChilli()\{
|
||||||
|
CHAIN='IN_FROM_CHILLI'
|
||||||
|
STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
|
||||||
|
if [ \$STATE -ge 1 ]; then
|
||||||
|
/sbin/iptables -D INPUT -i $tundev -j \$CHAIN
|
||||||
|
/sbin/iptables -F \$CHAIN
|
||||||
|
/sbin/iptables -X \$CHAIN
|
||||||
|
fi
|
||||||
|
CHAIN='OUT_TO_CHILLI'
|
||||||
|
STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
|
||||||
|
if [ \$STATE -ge 1 ]; then
|
||||||
|
/sbin/iptables -D OUTPUT -o $tundev -j \$CHAIN
|
||||||
|
/sbin/iptables -F \$CHAIN
|
||||||
|
/sbin/iptables -X \$CHAIN
|
||||||
|
fi
|
||||||
|
CHAIN='FORWARD_FROM_CHILLI'
|
||||||
|
STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
|
||||||
|
if [ \$STATE -ge 1 ]; then
|
||||||
|
/sbin/iptables -D FORWARD -i $tundev -j \$CHAIN
|
||||||
|
/sbin/iptables -F \$CHAIN
|
||||||
|
/sbin/iptables -X \$CHAIN
|
||||||
|
fi
|
||||||
|
CHAIN='FORWARD_TO_CHILLI'
|
||||||
|
STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
|
||||||
|
if [ \$STATE -ge 1 ]; then
|
||||||
|
/sbin/iptables -D FORWARD -o $tundev -j \$CHAIN
|
||||||
|
/sbin/iptables -F \$CHAIN
|
||||||
|
/sbin/iptables -X \$CHAIN
|
||||||
|
fi
|
||||||
|
CHAIN='PREROUTING_FROM_CHILLI'
|
||||||
|
STATE=\$(/sbin/iptables -t nat -L -n | grep -c \$CHAIN)
|
||||||
|
if [ \$STATE -ge 1 ]; then
|
||||||
|
/sbin/iptables -D PREROUTING -t nat -i $tundev -j \$CHAIN
|
||||||
|
/sbin/iptables -t nat -F \$CHAIN
|
||||||
|
/sbin/iptables -t nat -X \$CHAIN
|
||||||
|
fi
|
||||||
|
\}
|
||||||
|
HERE
|
||||||
|
}
|
@ -0,0 +1,46 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Input (from the wireless client to the server)
|
||||||
|
inFromChilli()\{
|
||||||
|
/sbin/iptables -N IN_FROM_CHILLI
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI -j state_chk
|
||||||
|
# DHCP requests are allowed
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI ! -s $net -j denylog
|
||||||
|
# Allow wireless clients to ping the server
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
# Mandatory services for chilli (https, coova-chill)
|
||||||
|
# /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'modSSL'}{'TCPPort'} --syn -j ACCEPT
|
||||||
|
/sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT
|
||||||
|
HERE
|
||||||
|
|
||||||
|
foreach (split(/[;,]/, ${'chilli'}{'AllowedServices'} || '')){
|
||||||
|
my $service = $_;
|
||||||
|
next if ((${"$service"}{'status'} || 'disabled') ne 'enabled');
|
||||||
|
my @tcpports = split(/[;,]/, (${"$service"}{'TCPPort'} || '').",".(${"$service"}{'TCPPorts'} || ''));
|
||||||
|
my @udpports = split(/[;,]/, (${"$service"}{'UDPPort'} || '').",".(${"$service"}{'UDPPorts'} || ''));
|
||||||
|
if (@tcpports > 0){
|
||||||
|
foreach(@tcpports){
|
||||||
|
$OUT .= " # Acces to $service is allowed:\n" .
|
||||||
|
" /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $_ --syn -j ACCEPT\n" if ($_ ne '');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (@udpports > 0){
|
||||||
|
foreach(@udpports){
|
||||||
|
$OUT .= " # Acces to $service is allowed:\n" .
|
||||||
|
" /sbin/iptables -A IN_FROM_CHILLI -p udp --dport $_ -j ACCEPT\n" if ($_ ne '');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# Special case for pptp, which uses GRE proto
|
||||||
|
if ($service eq 'pptpd'){
|
||||||
|
$OUT .= " /sbin/iptables -A IN_FROM_CHILLI -p 47 -j gre-in\n";
|
||||||
|
$OUT .= " /sbin/iptables -I gre-in -s $net -j ACCEPT\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$OUT .= " /sbin/iptables -A IN_FROM_CHILLI -j denylog\n\}\n";
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Output (from the server to the wireless clients)
|
||||||
|
outToChilli()\{
|
||||||
|
/sbin/iptables -N OUT_TO_CHILLI
|
||||||
|
/sbin/iptables -A OUT_TO_CHILLI -j state_chk
|
||||||
|
/sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
/sbin/iptables -A OUT_TO_CHILLI -j denylog
|
||||||
|
\}
|
||||||
|
HERE
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,69 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Forward from chilli (from the wireless clients to the internet)
|
||||||
|
forwardFromChilli()\{
|
||||||
|
/sbin/iptables -N FORWARD_FROM_CHILLI
|
||||||
|
/sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk
|
||||||
|
/sbin/iptables -A FORWARD_FROM_CHILLI ! -s $net -j denylog
|
||||||
|
/sbin/iptables -A FORWARD_FROM_CHILLI ! -o \$OUTERIF -j denylog
|
||||||
|
/sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
# Allow http for un-authenticated clients so uamallowed works
|
||||||
|
# Https need to be allowed in AllowedOutgoing
|
||||||
|
/sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 80 -j ACCEPT
|
||||||
|
|
||||||
|
HERE
|
||||||
|
|
||||||
|
my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
|
||||||
|
my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
|
||||||
|
my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
|
||||||
|
|
||||||
|
# Allow services specidied in AllowedOutgoing
|
||||||
|
foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
|
||||||
|
# Check the rules has the form proto:remote_host:remote_port
|
||||||
|
next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
|
||||||
|
my @params = split(/:/, $_);
|
||||||
|
my $proto = $params[0];
|
||||||
|
my $host = $params[1];
|
||||||
|
my $dport = $params[2];
|
||||||
|
$OUT .= " # $_ is allowed:\n";
|
||||||
|
$OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI ";
|
||||||
|
$OUT .= "-p $proto ";
|
||||||
|
$OUT .= "-d $host " if ($host !~ /(any|\*)/i);
|
||||||
|
$OUT .= "--dport $dport " if ($dport !~ /(any|\*)/i);
|
||||||
|
$OUT .= "--syn " if ($proto =~ /tcp/i);
|
||||||
|
$OUT .= "-j ACCEPT\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){
|
||||||
|
# Check the rules has the form proto:remote_host:remote_port
|
||||||
|
# Or host:port or protocol:host
|
||||||
|
next unless /^((tcp|TCP|udp|UDP):)?(${ReIpAddr})(:${RePort})?$/;
|
||||||
|
my @param = split(/:/, $_);
|
||||||
|
my $proto = $param[0];
|
||||||
|
my $host = $param[1];
|
||||||
|
my $dport = $param[2];
|
||||||
|
$OUT .= " # $_ is allowed:\n";
|
||||||
|
$OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI ";
|
||||||
|
$OUT .= "-p $proto " if (($proto) && ($proto ne ''));
|
||||||
|
$OUT .= "-d $host ";
|
||||||
|
$OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
|
||||||
|
$OUT .= "--syn " if ($proto =~ /tcp/i);
|
||||||
|
$OUT .= "-j ACCEPT\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Allow the two dns servers specified
|
||||||
|
$OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" .
|
||||||
|
" /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n"
|
||||||
|
if ((${'chilli'}{'dns1'} || '') ne '');
|
||||||
|
|
||||||
|
$OUT .= " # Allow dns requests to ${'chilli'}{'dns2'}\n" .
|
||||||
|
" /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns2'} -j ACCEPT\n"
|
||||||
|
if ((${'chilli'}{'dns2'} || '') ne '');
|
||||||
|
|
||||||
|
$OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog\n\}\n";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Forward to (from the local network or the internet to the wireless clients)
|
||||||
|
forwardToChilli()\{
|
||||||
|
/sbin/iptables -N FORWARD_TO_CHILLI
|
||||||
|
/sbin/iptables -A FORWARD_TO_CHILLI -j state_chk
|
||||||
|
/sbin/iptables -A FORWARD_TO_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT
|
||||||
|
/sbin/iptables -A FORWARD_TO_CHILLI -j denylog
|
||||||
|
\}
|
||||||
|
HERE
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Prerouting from chilli (before the server routes paquets from wireless clients)
|
||||||
|
preroutingFromChilli()\{
|
||||||
|
/sbin/iptables -N PREROUTING_FROM_CHILLI -t nat
|
||||||
|
/sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip
|
||||||
|
HERE
|
||||||
|
|
||||||
|
$OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip\n" if $ExternalIP;
|
||||||
|
|
||||||
|
# Redirect also addresses specified in RedirectToChilli
|
||||||
|
|
||||||
|
foreach my $ip (split(/[;,]/,(${'chilli'}{'RedirectToChilli'} || ''))){
|
||||||
|
my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
|
||||||
|
my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)};
|
||||||
|
# Check the $ip is a valid ip address
|
||||||
|
next unless $ip =~ /^${ReIpAddr}$/;
|
||||||
|
$OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ip -j DNAT --to $chillip\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Accept other connexions in order to skip other pre-routing rules. Note that packets will be filtered
|
||||||
|
# in the FORWARD_FROM_CHILLI chain
|
||||||
|
$OUT .=" /sbin/iptables -t nat -A PREROUTING_FROM_CHILLI -j ACCEPT\n";
|
||||||
|
|
||||||
|
$OUT .= "\}\n";
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
|
||||||
|
$OUT .=<<"HERE";
|
||||||
|
|
||||||
|
# Send the paquets from and to chilli to the correct chains
|
||||||
|
startChilli()\{
|
||||||
|
inFromChilli
|
||||||
|
outToChilli
|
||||||
|
preroutingFromChilli
|
||||||
|
forwardFromChilli
|
||||||
|
forwardToChilli
|
||||||
|
/sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI
|
||||||
|
/sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI
|
||||||
|
/sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI
|
||||||
|
/sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI
|
||||||
|
/sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI
|
||||||
|
\}
|
||||||
|
HERE
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,11 @@
|
|||||||
|
|
||||||
|
# First, remove hotspot rules
|
||||||
|
stopChilli
|
||||||
|
|
||||||
|
# Then, insert it if chilli is enabled
|
||||||
|
status=$(/sbin/e-smith/config getprop chilli status)
|
||||||
|
if [ $status = "enabled" ]
|
||||||
|
then
|
||||||
|
startChilli
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
use NetAddr::IP;
|
||||||
|
my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
|
||||||
|
$net = NetAddr::IP->new($net) + 1;
|
||||||
|
my $chillip = $net->addr;
|
||||||
|
|
||||||
|
my $transparent = ' transparent';
|
||||||
|
my $squid = `rpm -q --qf %{VERSION} squid`;
|
||||||
|
|
||||||
|
$transparent = '' if ($squid =~ /^2\.5/);
|
||||||
|
|
||||||
|
$OUT ='';
|
||||||
|
if ($chilli{'status'} eq 'enabled'){
|
||||||
|
my $squidport = $squid{'TCPPort'} || '3128';
|
||||||
|
$OUT = "http_port $chillip:$squidport$transparent\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,14 @@
|
|||||||
|
{
|
||||||
|
if ((($chilli{'status'} || 'disabled') eq 'enabled') &&
|
||||||
|
(($chilli{'WebRequests'} || 'direct') eq 'squid')){
|
||||||
|
|
||||||
|
my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
|
||||||
|
|
||||||
|
$OUT .=<<END
|
||||||
|
acl chillisrc src $net
|
||||||
|
acl chillidst dst $net
|
||||||
|
|
||||||
|
END
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,6 @@
|
|||||||
|
{
|
||||||
|
if ((($chilli{'status'} || 'disabled') eq 'enabled') &&
|
||||||
|
(($chilli{'WebRequests'} || 'direct') eq 'squid')){
|
||||||
|
$OUT = "http_access allow chillisrc\n";
|
||||||
|
}
|
||||||
|
}
|
3
root/etc/e-smith/templates/etc/sudoers/00ChilliAlias
Normal file
3
root/etc/e-smith/templates/etc/sudoers/00ChilliAlias
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
Cmnd_Alias CHILLI = /etc/chilli/conup.sh, /etc/chilli/condown.sh
|
||||||
|
|
3
root/etc/e-smith/templates/etc/sudoers/30Chilli
Normal file
3
root/etc/e-smith/templates/etc/sudoers/30Chilli
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
coovachilli ALL=(root) NOPASSWD: CHILLI
|
||||||
|
|
@ -0,0 +1,7 @@
|
|||||||
|
$conf\{domain\} = "{"$DomainName";}";
|
||||||
|
$conf\{contactinfo\} = "admin\@{"$DomainName";}";
|
||||||
|
$conf\{uamsecret\} = "{($chilli{'uamsecret'} || 'azerty');}";
|
||||||
|
$conf\{userpassword\} = 1;
|
||||||
|
$conf\{guestaccess\} = {($chilli{'guestAccess'} || 'disabled') eq 'enabled' ? '1':'0';};
|
||||||
|
|
||||||
|
1
|
485
root/opt/chilli/cgi-bin/hotspotlogin.cgi
Normal file
485
root/opt/chilli/cgi-bin/hotspotlogin.cgi
Normal file
@ -0,0 +1,485 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
# chilli - ChilliSpot.org. A Wireless LAN Access Point Controller
|
||||||
|
# Copyright (C) 2003, 2004 Mondru AB.
|
||||||
|
#
|
||||||
|
# The contents of this file may be used under the terms of the GNU
|
||||||
|
# General Public License Version 2, provided that the above copyright
|
||||||
|
# notice and this permission notice is included in all copies or
|
||||||
|
# substantial portions of the software.
|
||||||
|
|
||||||
|
# Adapted for SME Server by Daniel B. <daniel@firewall-services.com>
|
||||||
|
|
||||||
|
use Digest::MD5 qw(md5 md5_hex md5_base64);
|
||||||
|
|
||||||
|
# Import the config
|
||||||
|
require ('../hotspotlogin-conf.pl');
|
||||||
|
|
||||||
|
# detect browser language
|
||||||
|
$language = $ENV{'HTTP_ACCEPT_LANGUAGE'};
|
||||||
|
|
||||||
|
@array = split(',',$language);
|
||||||
|
|
||||||
|
foreach $var ( @array )
|
||||||
|
{
|
||||||
|
$var = substr($var,0,2);
|
||||||
|
|
||||||
|
if($var =~ /^fr$/) { $language = "fr"; last; }
|
||||||
|
if($var =~ /^en$/) { $language = "en"; last; }
|
||||||
|
}
|
||||||
|
|
||||||
|
if(-e "../lang/hotspotlogin.$language.pl"){
|
||||||
|
require("../lang/hotspotlogin.$language.pl");
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
require('../lang/hotspotlogin.en.pl');
|
||||||
|
}
|
||||||
|
|
||||||
|
# Login page need https
|
||||||
|
if (!($ENV{HTTPS} =~ /^on$/)) {
|
||||||
|
print "Content-type: text/html\n\n
|
||||||
|
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>$conf{domain}/title>
|
||||||
|
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
|
||||||
|
<meta http-equiv=\"Pragma\" content=\"no-cache\">
|
||||||
|
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<p> </p><p> </p>
|
||||||
|
<h2>$lang{loginfailed}</H2><br>
|
||||||
|
$lang{neddencrypted}</body></html>";
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
$loginpath = $ENV{'SCRIPT_NAME'};
|
||||||
|
|
||||||
|
# Make sure that the form parameters are clean
|
||||||
|
$OK_CHARS='-a-zA-Z0-9_.@&=%!';
|
||||||
|
$_ = (<STDIN> || '');
|
||||||
|
s/[^$OK_CHARS]/_/go;
|
||||||
|
$input = $_;
|
||||||
|
|
||||||
|
# Make sure that the get query parameters are clean
|
||||||
|
$OK_CHARS='-a-zA-Z0-9_.@&=%!';
|
||||||
|
$_ = $query=$ENV{QUERY_STRING};
|
||||||
|
s/[^$OK_CHARS]/_/go;
|
||||||
|
$query = $_;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#Read form parameters which we care about
|
||||||
|
@array = split('&',$input);
|
||||||
|
$replyencoded = '';
|
||||||
|
$username = '';
|
||||||
|
$password = '';
|
||||||
|
$challenge = '';
|
||||||
|
$button = '';
|
||||||
|
$res = '';
|
||||||
|
$uamip = '';
|
||||||
|
$uamport = '';
|
||||||
|
$userurl = '';
|
||||||
|
$timeleft = '';
|
||||||
|
$redirurl = '';
|
||||||
|
$mac = '';
|
||||||
|
|
||||||
|
foreach $var ( @array )
|
||||||
|
{
|
||||||
|
@array2 = split('=',$var);
|
||||||
|
if ($array2[0] =~ /^UserName$/) { $username = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^Password$/) { $password = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^button$/) { $button = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; }
|
||||||
|
|
||||||
|
# This should be added to 'standard' cgi script also
|
||||||
|
if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; }
|
||||||
|
}
|
||||||
|
|
||||||
|
#Read query parameters which we care about
|
||||||
|
@array = split('&',$query);
|
||||||
|
foreach $var ( @array )
|
||||||
|
{
|
||||||
|
@array2 = split('=',$var);
|
||||||
|
if ($array2[0] =~ /^res$/) { $res = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^challenge$/) { $challenge = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^uamip$/) { $uamip = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^uamport$/) { $uamport = $array2[1]; }
|
||||||
|
|
||||||
|
# This should be changed in 'standard' cgi script also
|
||||||
|
if ($array2[0] =~ /^reply$/) { $replyencoded = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^userurl$/) { $userurl = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^timeleft$/) { $timeleft = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^redirurl$/) { $redirurl = $array2[1]; }
|
||||||
|
if ($array2[0] =~ /^mac$/) { $mac = $array2[1]; }
|
||||||
|
}
|
||||||
|
|
||||||
|
# This should be added to 'standard' cgi script also
|
||||||
|
$reply = $replyencoded;
|
||||||
|
|
||||||
|
$reply =~ s/\+/ /g;
|
||||||
|
$reply =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
|
||||||
|
|
||||||
|
$button =~ s/\+/ /g;
|
||||||
|
$button =~ s/\_/ /g;
|
||||||
|
|
||||||
|
$userurldecode = $userurl;
|
||||||
|
$userurldecode =~ s/\+/ /g;
|
||||||
|
$userurldecode =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
|
||||||
|
|
||||||
|
$redirurldecode = $redirurl;
|
||||||
|
$redirurldecode =~ s/\+/ /g;
|
||||||
|
$redirurldecode =~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
|
||||||
|
|
||||||
|
# Tim added these two lines:
|
||||||
|
$username =~ s/\+/ /g;
|
||||||
|
$username =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
|
||||||
|
|
||||||
|
$password =~ s/\+/ /g;
|
||||||
|
$password =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/seg;
|
||||||
|
|
||||||
|
# If attempt to login
|
||||||
|
if (($button =~ $lang{login} || $button =~ $lang{guestbutton})) {
|
||||||
|
$hexchal = pack "H32", $challenge;
|
||||||
|
if (defined $conf{uamsecret}) {
|
||||||
|
$newchal = md5($hexchal, $conf{uamsecret});
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$newchal = $hexchal;
|
||||||
|
}
|
||||||
|
$response = md5_hex("\0", $password, $newchal);
|
||||||
|
$pappassword = unpack "H32", ($password ^ $newchal);
|
||||||
|
|
||||||
|
print "Content-type: text/html\n\n";
|
||||||
|
print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>$conf{domain}</title>
|
||||||
|
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
|
||||||
|
<meta http-equiv=\"Pragma\" content=\"no-cache\">";
|
||||||
|
if ( (defined $conf{uamsecret}) && (defined $conf{userpassword})) {
|
||||||
|
print "<meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&password=$pappassword&userurl=$userurl\">";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
print "<meta http-equiv=\"refresh\" content=\"0;url=http://$uamip:$uamport/logon?username=$username&response=$response&userurl=$userurl\">";
|
||||||
|
}
|
||||||
|
|
||||||
|
print "<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
|
||||||
|
</head><body>
|
||||||
|
<center>";
|
||||||
|
print "<p> </p><p> </p>
|
||||||
|
<h3>$lang{longgingin}</H3><br>$lang{wait}</center></body></html>";
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Default: It was not a form request
|
||||||
|
$result = 0;
|
||||||
|
|
||||||
|
# If login successful
|
||||||
|
if ($res =~ /^success$/) { $result = 1; }
|
||||||
|
|
||||||
|
# If login failed
|
||||||
|
if ($res =~ /^failed$/) { $result = 2; }
|
||||||
|
|
||||||
|
# If logout successful
|
||||||
|
if ($res =~ /^logoff$/) { $result = 3; }
|
||||||
|
|
||||||
|
# If tried to login while already logged in
|
||||||
|
if ($res =~ /^already$/) { $result = 4; }
|
||||||
|
|
||||||
|
# If not logged in yet
|
||||||
|
if ($res =~ /^notyet$/) { $result = 5; }
|
||||||
|
|
||||||
|
# If login from smart client
|
||||||
|
if ($res =~ /^smartclient$/) { $result = 6; }
|
||||||
|
|
||||||
|
# If requested a logging in pop up window
|
||||||
|
if ($res =~ /^popup1$/) { $result = 11; }
|
||||||
|
|
||||||
|
# If requested a success pop up window
|
||||||
|
if ($res =~ /^popup2$/) { $result = 12; }
|
||||||
|
|
||||||
|
# If requested a logout pop up window
|
||||||
|
if ($res =~ /^popup3$/) { $result = 13; }
|
||||||
|
|
||||||
|
|
||||||
|
# Otherwise it was not a form request
|
||||||
|
# Send out an error message
|
||||||
|
if ($result == 0) {
|
||||||
|
print "Content-type: text/html\n\n
|
||||||
|
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>$conf{domain}</title>
|
||||||
|
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
|
||||||
|
<meta http-equiv=\"Pragma\" content=\"no-cache\">
|
||||||
|
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<center>
|
||||||
|
<p> </p><p> </p>
|
||||||
|
<h3>$lang{loginfailed}</h3><br>
|
||||||
|
$lang{chillierror}</center></body></html>";
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
#Generate the output
|
||||||
|
print "Content-type: text/html\n\n
|
||||||
|
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>$conf{domain}</title>
|
||||||
|
<meta http-equiv=\"Cache-control\" content=\"no-cache\">
|
||||||
|
<meta http-equiv=\"Pragma\" content=\"no-cache\">
|
||||||
|
<SCRIPT LANGUAGE=\"JavaScript\">
|
||||||
|
var blur = 0;
|
||||||
|
var starttime = new Date();
|
||||||
|
var startclock = starttime.getTime();
|
||||||
|
var mytimeleft = 0;
|
||||||
|
var user = \"\";
|
||||||
|
var password = \"\";
|
||||||
|
|
||||||
|
function getCookie(c_name)
|
||||||
|
{
|
||||||
|
if (document.cookie.length>0)
|
||||||
|
{
|
||||||
|
c_start=document.cookie.indexOf(c_name + \"=\");
|
||||||
|
|
||||||
|
if(c_start!=-1)
|
||||||
|
{
|
||||||
|
c_start=c_start + c_name.length+1;
|
||||||
|
c_end=document.cookie.indexOf(\";\",c_start);
|
||||||
|
if (c_end==-1) c_end=document.cookie.length;
|
||||||
|
return unescape(document.cookie.substring(c_start,c_end));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return \"\";
|
||||||
|
}
|
||||||
|
|
||||||
|
function setCookie(c_name,value,expiredays)
|
||||||
|
{
|
||||||
|
var exdate=new Date();
|
||||||
|
exdate.setDate(exdate.getDate()+expiredays);
|
||||||
|
document.cookie=c_name+ \"=\" +escape(value)+((expiredays==null) ? \"\" : \";expires=\"+exdate.toGMTString());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function getCookies()
|
||||||
|
{
|
||||||
|
user=getCookie('user');
|
||||||
|
if(user!=null && user!=\"\")
|
||||||
|
{
|
||||||
|
document.form1.UserName.value = user;
|
||||||
|
document.form1.saveusrpass.checked = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
password=getCookie('password');
|
||||||
|
if(password!=null && password!=\"\")
|
||||||
|
{
|
||||||
|
document.form1.Password.value = password;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function setCookies()
|
||||||
|
{
|
||||||
|
if(!document.form1.saveusrpass.checked)
|
||||||
|
{
|
||||||
|
setCookie('user',\"\",365);
|
||||||
|
setCookie('password',\"\",365);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
user = document.form1.UserName.value;
|
||||||
|
password = document.form1.Password.value;
|
||||||
|
|
||||||
|
if(user!=null && user!=\"\")
|
||||||
|
{
|
||||||
|
if(password!=null && password!=\"\")
|
||||||
|
{
|
||||||
|
setCookie('user',user,365);
|
||||||
|
setCookie('password',password,365);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function doTime() {
|
||||||
|
window.setTimeout( \"doTime()\", 1000 );
|
||||||
|
t = new Date();
|
||||||
|
time = Math.round((t.getTime() - starttime.getTime())/1000);
|
||||||
|
if (mytimeleft) {
|
||||||
|
time = mytimeleft - time;
|
||||||
|
if (time <= 0) {
|
||||||
|
window.location = \"$loginpath?res=popup3&uamip=$uamip&uamport=$uamport\";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (time < 0) time = 0;
|
||||||
|
hours = (time - (time % 3600)) / 3600;
|
||||||
|
time = time - (hours * 3600);
|
||||||
|
mins = (time - (time % 60)) / 60;
|
||||||
|
secs = time - (mins * 60);
|
||||||
|
if (hours < 10) hours = \"0\" + hours;
|
||||||
|
if (mins < 10) mins = \"0\" + mins;
|
||||||
|
if (secs < 10) secs = \"0\" + secs;
|
||||||
|
title = \"$lang{onlinetime}: \" + hours + \":\" + mins + \":\" + secs;
|
||||||
|
if (mytimeleft) {
|
||||||
|
title = \"$lang{remainingtime}: \" + hours + \":\" + mins + \":\" + secs;
|
||||||
|
}
|
||||||
|
if(document.all || document.getElementById){
|
||||||
|
document.title = title;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
self.status = title;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function popUp(URL) {
|
||||||
|
|
||||||
|
if (self.name != \"chillispot_popup\") {
|
||||||
|
chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=310');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function doOnLoad(result, URL, userurl, redirurl, timeleft) {
|
||||||
|
|
||||||
|
if (timeleft) {
|
||||||
|
mytimeleft = timeleft;
|
||||||
|
}
|
||||||
|
if ((result == 1) && (self.name == \"chillispot_popup\")) {
|
||||||
|
doTime();
|
||||||
|
}
|
||||||
|
if ((result == 1) && (self.name != \"chillispot_popup\")) {
|
||||||
|
chillispot_popup = window.open(URL, 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300');
|
||||||
|
}
|
||||||
|
if ((result == 2) || result == 5) {
|
||||||
|
getCookies();
|
||||||
|
document.form1.UserName.focus()
|
||||||
|
}
|
||||||
|
if ((result == 2) && (self.name != \"chillispot_popup\")) {
|
||||||
|
chillispot_popup = window.open('', 'chillispot_popup', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=400,height=200');
|
||||||
|
chillispot_popup.close();
|
||||||
|
}
|
||||||
|
if ((result == 12) && (self.name == \"chillispot_popup\")) {
|
||||||
|
doTime();
|
||||||
|
if (redirurl) {
|
||||||
|
window.opener.top.location.href = redirurl;
|
||||||
|
}
|
||||||
|
else if (userurl) {
|
||||||
|
window.opener.top.location.href = userurl;
|
||||||
|
}
|
||||||
|
else if (opener.home) {
|
||||||
|
window.opener.top.location.href.home();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
window.opener.top.location.href = \"about:home\";
|
||||||
|
}
|
||||||
|
self.focus();
|
||||||
|
blur = 0;
|
||||||
|
}
|
||||||
|
if ((result == 13) && (self.name == \"chillispot_popup\")) {
|
||||||
|
self.focus();
|
||||||
|
blur = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function doOnBlur(result) {
|
||||||
|
if ((result == 12) && (self.name == \"chillispot_popup\")) {
|
||||||
|
if (blur == 0) {
|
||||||
|
blur = 1;
|
||||||
|
self.focus();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function doOnBeforeUnLoad(result) {
|
||||||
|
if ((result==12) && (self.name=='chillispot_popup')) {
|
||||||
|
document.location.href=('http://$uamip:$uamport/logoff');
|
||||||
|
window.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function fillGuestAccess() {
|
||||||
|
form1.UserName.value = 'guest';
|
||||||
|
form1.Password.value = 'guest';
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
<link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
|
||||||
|
</head>
|
||||||
|
<body onLoad=\"javascript:doOnLoad($result, '$loginpath?res=popup2&uamip=$uamip&uamport=$uamport&userurl=$userurl&redirurl=$redirurl&timeleft=$timeleft&reply=$replyencoded','$userurldecode', '$redirurldecode', '$timeleft')\" onBlur = \"javascript:doOnBlur($result)\" onBeforeUnLoad = \"doOnBeforeUnLoad($result)\"><center>";
|
||||||
|
# In body onLoad above, after $timeleft, add '&reply=$replyencoded to 'standard' cgi script
|
||||||
|
|
||||||
|
if ($result == 2){
|
||||||
|
print "<p> </p><p> </p><h3>$lang{loginfailed}</h3>";
|
||||||
|
if ($reply) { print "$reply<br>"; }
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($result == 2 || $result == 5){
|
||||||
|
print "<p> </p><p> </p>
|
||||||
|
<form name=\"form1\" method=\"post\" action=\"$loginpath\"\" onSubmit=\"setCookies()\">
|
||||||
|
<INPUT TYPE=\"hidden\" NAME=\"challenge\" VALUE=\"$challenge\">
|
||||||
|
<INPUT TYPE=\"hidden\" NAME=\"uamip\" VALUE=\"$uamip\">
|
||||||
|
<INPUT TYPE=\"hidden\" NAME=\"uamport\" VALUE=\"$uamport\">
|
||||||
|
<INPUT TYPE=\"hidden\" NAME=\"userurl\" VALUE=\"$userurldecode\">
|
||||||
|
<INPUT TYPE=\"hidden\" NAME=\"mac\" VALUE=\"$mac\">
|
||||||
|
|
||||||
|
<table style=\"width: 570px;\">
|
||||||
|
<tr>
|
||||||
|
<td align=\"right\">$lang{username}:</td>
|
||||||
|
<td><input type=\"text\" name=\"UserName\" size=\"14\" maxlength=\"128\"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td align=\"right\">$lang{password}:</td>
|
||||||
|
<td><input type=\"password\" name=\"Password\" size=\"14\" maxlength=\"128\"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"submit\" name=\"button\" value=\"$lang{login}\" onClick=\"javascript:popUp('$loginpath?res=popup1&uamip=$uamip&uamport=$uamport&mac=$mac')\"></td></tr>
|
||||||
|
<tr>
|
||||||
|
<td align=\"center\" colspan=\"2\">
|
||||||
|
<input type=\"checkbox\" name=\"saveusrpass\"> $lang{saveuser}";
|
||||||
|
|
||||||
|
if($conf{guestaccess}){
|
||||||
|
print "<tr><td align=\"center\" colspan=\"2\" height=\"23\">$lang{guestdesc}</td></tr><tr><td align=\"center\" colspan=\"2\" height=\"23\"><input type=\"button\" name=\"button_guest\" value=\"$lang{guestbutton}\" onClick=\"javascript:fillGuestAccess()\"></td></tr>";
|
||||||
|
}
|
||||||
|
|
||||||
|
print " </table></form>";
|
||||||
|
|
||||||
|
if($lang{loginstring}) { print "<div style=\"width: 90%; height:330px; overflow:auto; padding-right : 12px; align:center;\"><table><td>$lang{loginstring}</td></table></div>"; }
|
||||||
|
print "</center></body></html>";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if ($result == 1){
|
||||||
|
print "<p> </p><p> </p><h3>$lang{loggedin}</h3><br>";
|
||||||
|
if ($lang{loggedinstring}) { print "$lang{loggedinstring}<br><br>"; }
|
||||||
|
if ($reply) { print "$reply</BR></BR>"; }
|
||||||
|
print "<a href=\"javascript:doOnBeforeUnLoad(12);\">$lang{logout}</a></center></body></html>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (($result == 4) || ($result == 12)){
|
||||||
|
print "<p> </p><p> </p><h3>$lang{loggedin}</h3><br>";
|
||||||
|
if ($lang{loggedinstring}) { print "$lang{loggedinstring}<br><br>"; }
|
||||||
|
if ($reply) { print "$reply</BR></BR>"; }
|
||||||
|
print "<a href=\"javascript:doOnBeforeUnLoad(12);\">$lang{logout}</a><br></center></body></html>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($result == 11){
|
||||||
|
print "<p> </p><p> </p><h3>$lang{longgingin}</h3><br>";
|
||||||
|
print "<br>$lang{wait}</center></body></html>";
|
||||||
|
}
|
||||||
|
|
||||||
|
if (($result == 3) || ($result == 13)){
|
||||||
|
print "<p> </p><p> </p><h3>$lang{loggedout}</h3><br>";
|
||||||
|
if ($lang{loggedoutstring}) { print "$lang{loggedoutstring}<br><br>"; }
|
||||||
|
print "<a href=\"http://$uamip:$uamport/prelogin\">$lang{login}</a></center></body></html>";
|
||||||
|
}
|
||||||
|
|
||||||
|
exit(0);
|
33
root/opt/chilli/css/sme.css
Normal file
33
root/opt/chilli/css/sme.css
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
/* mod_auth_tkt example css */
|
||||||
|
|
||||||
|
BODY {background-image: url(/chilli/images/smeserver_logo.jpg);
|
||||||
|
background-repeat: no-repeat;
|
||||||
|
background-position: 400px 40px;
|
||||||
|
background-position: top;
|
||||||
|
|
||||||
|
font-family: arial, helvetica, sans-serif;
|
||||||
|
font-size: small;
|
||||||
|
}
|
||||||
|
|
||||||
|
P, TH, TD {
|
||||||
|
font-family: arial, helvetica, sans-serif;
|
||||||
|
font-size: small;
|
||||||
|
}
|
||||||
|
|
||||||
|
H1, H2, H3, H4, H5, H6 { color: #006; }
|
||||||
|
H1 { font-size: x-large; }
|
||||||
|
H2 { font-size: large; }
|
||||||
|
H3 { font-size: medium; }
|
||||||
|
|
||||||
|
.warning { color: #c00; font-size: medium; font-weight: bold; }
|
||||||
|
|
||||||
|
|
||||||
|
TABLE {
|
||||||
|
background-color: #eee;
|
||||||
|
color: #666;
|
||||||
|
border: 1px solid #ccc;
|
||||||
|
padding: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* arch-tag: ac35e093-c2c0-4994-bc18-2d25715b1192 */
|
BIN
root/opt/chilli/images/smeserver_logo.jpg
Normal file
BIN
root/opt/chilli/images/smeserver_logo.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 5.8 KiB |
21
root/opt/chilli/lang/hotspotlogin.en.pl
Normal file
21
root/opt/chilli/lang/hotspotlogin.en.pl
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
$lang{chillierror} = "You can only login while connected to the hotspot.";
|
||||||
|
|
||||||
|
$lang{login} = "Login";
|
||||||
|
$lang{guestdesc} = "You can click here to have a limited guest access";
|
||||||
|
$lang{guestbutton} = "Guest access";
|
||||||
|
$lang{logout} = "Logout";
|
||||||
|
$lang{loginfailed} = "Login failed";
|
||||||
|
$lang{loggingin} = "Logging in";
|
||||||
|
$lang{loggedin} = "Logged in";
|
||||||
|
$lang{loggedout} = "Logged out";
|
||||||
|
$lang{username} = "User";
|
||||||
|
$lang{password} = "Password";
|
||||||
|
$lang{wait} = "Please wait ...";
|
||||||
|
$lang{onlinetime} = "Online time";
|
||||||
|
$lang{remainingtime} = "Remaining time";
|
||||||
|
$lang{needencrypted} = "Login must use encrypted connection (https)";
|
||||||
|
$lang{saveuser} = "Remember user/password";
|
||||||
|
# Custom resource vars
|
||||||
|
$lang{loginstring} = "If you have any question, please contact <a href=mailto:$conf{contactinfo}>$conf{contactinfo}</a>";
|
||||||
|
$lang{loggedinstring} = "Welcome!<br>Closing this windows will disconnect you..";
|
||||||
|
$lang{loggedoutstring} = "Thanks for using $conf{domain} hotspot service";
|
22
root/opt/chilli/lang/hotspotlogin.fr.pl
Normal file
22
root/opt/chilli/lang/hotspotlogin.fr.pl
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
$lang{chillierror} = "L'identification doit se faire à travers le démon Coova-Chilli";
|
||||||
|
|
||||||
|
$lang{login} = "Identification";
|
||||||
|
$lang{guestdesc} = "Si vous n'avez pas d'identifiants, cliquez sur ce boutton pour obtenir un accès limité";
|
||||||
|
$lang{guestbutton} = "Accès invité";
|
||||||
|
$lang{logout} = "Se déconnecter";
|
||||||
|
$lang{loginfailed} = "L'identification a échoué";
|
||||||
|
$lang{loggingin} = "Identification en cours";
|
||||||
|
$lang{loggedin} = "Authentifié";
|
||||||
|
$lang{loggedout} = "Déconnecé";
|
||||||
|
$lang{username} = "Utilisateur";
|
||||||
|
$lang{password} = "Mot de passe";
|
||||||
|
$lang{wait} = "Veuillez patienter ...";
|
||||||
|
$lang{onlinetime} = "Durée de la session";
|
||||||
|
$lang{remainingtime} = "Temps restant";
|
||||||
|
$lang{needencrypted} = "L'identification doit utiliser une connexion sécurisé (https)";
|
||||||
|
$lang{saveuser} = "Se souvenir de mes identifiants";
|
||||||
|
# Custom resource vars
|
||||||
|
$lang{loginstring} = "Pour toute question relative au fonctionnement de cet accès, vous pouvez contacter le responsable <a href=mailto:$conf{contactinfo}>$conf{contactinfo}</a>";
|
||||||
|
|
||||||
|
$lang{loggedinstring} = "Bienvenue!<br>La fermeture de cette fenêtre terminera votre session.";
|
||||||
|
$lang{loggedoutstring} = "$conf{domain} vous remercie";
|
239
smeserver-coova-chilli.spec
Normal file
239
smeserver-coova-chilli.spec
Normal file
@ -0,0 +1,239 @@
|
|||||||
|
# $Id: smeserver-coova-chilli.spec,v 1.4 2022/07/29 05:25:17 jpp Exp $
|
||||||
|
# Authority: vip-ire
|
||||||
|
# Name: Daniel Berteaud
|
||||||
|
|
||||||
|
Summary: Coova-Chilli, a captive portal based on ChilliSpot configured for SME server
|
||||||
|
%define name smeserver-coova-chilli
|
||||||
|
Name: %{name}
|
||||||
|
%define version 0.3
|
||||||
|
%define release 7
|
||||||
|
Version: %{version}
|
||||||
|
Release: %{release}%{?dist}
|
||||||
|
License: GPL
|
||||||
|
Group: Networking/Remote access
|
||||||
|
Source: %{name}-%{version}.tar.xz
|
||||||
|
URL: https://contribs.org
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
|
BuildArchitectures: noarch
|
||||||
|
BuildRequires: e-smith-devtools
|
||||||
|
Requires: e-smith-apache >= 2.6.0-19
|
||||||
|
Requires: e-smith-release >= 10.0
|
||||||
|
Requires: openssl
|
||||||
|
Requires: coova-chilli >= 1.0.13
|
||||||
|
Requires: e-smith-radiusd >= 1.0.0-18
|
||||||
|
Requires: perl(NetAddr::IP)
|
||||||
|
Requires: smeserver-remoteuseraccess
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package allow you to configure a third interface
|
||||||
|
(eth2). Just plug a WiFi AP on it, and you'll have
|
||||||
|
a secured captive portal. Users will be redirected
|
||||||
|
on a logon page and they'll have to enter credentials
|
||||||
|
(sme accounts) before the server allows them. By default,
|
||||||
|
they'll only have web access if they are members of the group "chilli"
|
||||||
|
This contrib will only work in server&gateway mode
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.3-7.sme
|
||||||
|
- Roll up patches and move to git repo [SME: 12338]
|
||||||
|
|
||||||
|
* Sat Sep 07 2024 BogusDateBot
|
||||||
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||||
|
by assuming the date is correct and changing the weekday.
|
||||||
|
|
||||||
|
* Fri Jul 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-6.sme
|
||||||
|
- update access syntax for httpd 2.4 [SME: 12041]
|
||||||
|
|
||||||
|
* Mon Dec 21 2020 Brian Read <brianr@bjsystems.co.uk> 0.3-5.sme
|
||||||
|
- Initial Import in SME10 [SME: 11289]
|
||||||
|
|
||||||
|
* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-4.sme
|
||||||
|
- fix old dns default are not available [SME: 9514]
|
||||||
|
|
||||||
|
* Tue Jul 05 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-3.sme
|
||||||
|
- fix format for logout screen [SME: 9514]
|
||||||
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
||||||
|
by assuming the date is correct and changing the weekday.
|
||||||
|
Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
|
||||||
|
Sun Mar 07 2009 --> Sun Mar 01 2009 or Sat Mar 07 2009 or Sun Mar 08 2009 or ....
|
||||||
|
Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....
|
||||||
|
|
||||||
|
* Thu May 26 2016 Jean-Philipe Pialasse <tests@pialasse.com> 0.3-2.sme
|
||||||
|
- fix iptables syntax exclamation mark misplaced [SME: 9514]
|
||||||
|
- smeserver-coova-chilli-0.3-MasqUpdate.patch
|
||||||
|
|
||||||
|
* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> 0.3-1
|
||||||
|
- Roll new stream for sme9
|
||||||
|
|
||||||
|
* Mon Mar 28 2011 Daniel B. <daniel@firewall-services.com> 0.2-20
|
||||||
|
- Fix uamhomepage setting
|
||||||
|
|
||||||
|
* Wed Oct 20 2010 Daniel B. <daniel@firewall-services.com> 0.2-19
|
||||||
|
- Drop all the trafic not going through the external interface
|
||||||
|
|
||||||
|
* Thu Jul 29 2010 Daniel B. <daniel@firewall-services.com> 0.2-18
|
||||||
|
- cleanup CGI login script
|
||||||
|
- remove obsolete php templates
|
||||||
|
- add macallowed DB key to bypass auth for some mac addresses
|
||||||
|
- add uamhomepage DB key
|
||||||
|
|
||||||
|
* Mon Jul 19 2010 Daniel B. <daniel@firewall-services.com> 0.2-17
|
||||||
|
- Fixes sudo env (bug only in SME8)
|
||||||
|
- Uses TCPPort squid key instead of TransparentPort so coova can
|
||||||
|
work with dansguardian
|
||||||
|
- insert NAT rule just before the ACCEPT (PREROUTING_FROM_CHILLI)
|
||||||
|
- add transparent directive to squid (required for squid => 2.6)
|
||||||
|
|
||||||
|
* Wed Apr 14 2010 Daniel B. <daniel@firewall-services.com> 0.2-16
|
||||||
|
- Fixe a bug in conup.sh and condown.sh
|
||||||
|
|
||||||
|
* Thu Jun 11 2009 Daniel B. <daniel@firewall-services.com> 0.2-15
|
||||||
|
- Fixe a bug in masq template for uamallowed entries
|
||||||
|
|
||||||
|
* Thu May 28 2009 Daniel B. <daniel@firewall-services.com> 0.2-14
|
||||||
|
- Remove space in hotspot-config.pl template
|
||||||
|
|
||||||
|
* Tue May 26 2009 Daniel B. <daniel@firewall-services.com> 0.2-13
|
||||||
|
- Add noc2c key (allow to disable the option, but default to enabled)
|
||||||
|
|
||||||
|
* Thu Apr 30 2009 Daniel B. <daniel@firewall-services.com> 0.2-12
|
||||||
|
- Create a new user coovachilli
|
||||||
|
- Add support of new options uid and gid to drop privileges
|
||||||
|
- Enabled noc2c (prevent client to client communication)
|
||||||
|
- Use sudo to call conup/condown script (as chilli runs under un
|
||||||
|
unprivileged account now)
|
||||||
|
- Add smeserver-remoteuseraccess as a dependency (for sudoers metadata templates)
|
||||||
|
- move templates2expand in creatlinks script
|
||||||
|
|
||||||
|
* Fri Mar 13 2009 Daniel B. <daniel@firewall-services.com> 0.2-11
|
||||||
|
Wed Mar 13 2009 --> Wed Mar 11 2009 or Fri Mar 13 2009 or Wed Mar 18 2009 or ....
|
||||||
|
- Automatically allow uamallowed entries in the firewall (no need to
|
||||||
|
explicitly allow it agin in AllowOutgoing)
|
||||||
|
|
||||||
|
* Thu Mar 12 2009 Daniel B. <daniel@firewall-services.com> 0.2-10
|
||||||
|
- Small typo correction
|
||||||
|
|
||||||
|
* Tue Mar 10 2009 Daniel B. <daniel@firewall-services.com> 0.2-9
|
||||||
|
- Use allready defined localhost NAS to fixe PPTP problem [SME: 4996]
|
||||||
|
(thanks John K Pruder)
|
||||||
|
- fix a typo in squid template
|
||||||
|
|
||||||
|
* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-8
|
||||||
|
- Add dhcpstart and dhcpstop db parameters (thanks John K Pruder)
|
||||||
|
|
||||||
|
* Sat Mar 07 2009 Daniel B. <daniel@firewall-services.com> 0.2-7
|
||||||
|
- Fix tundev template [SME: 5054]
|
||||||
|
|
||||||
|
* Thu Sep 18 2008 Daniel B. <daniel@firewall-services.com> 0.2-6
|
||||||
|
- Remove warning in httpd.conf file (httpd -t)
|
||||||
|
|
||||||
|
* Mon Sep 15 2008 Daniel B. <daniel@firewall-services.com> 0.2-5
|
||||||
|
- Fix Syntax Error in /etc/chilli.conf template (25listen) [SME: 4559]
|
||||||
|
|
||||||
|
* Mon Sep 08 2008 Daniel B. <daniel@firewall-services.com> 0.2-4
|
||||||
|
- Requires perl(NetAddr::IP)
|
||||||
|
|
||||||
|
* Fri Sep 5 2008 Daniel B. <daniel@firewall-services.com> 0.2-3
|
||||||
|
- Chilli IP computed with NetAddr::IP
|
||||||
|
- Radius timeout set to 3 sec
|
||||||
|
- syntax error in radius users template fixed (for guest access)
|
||||||
|
|
||||||
|
* Wed Sep 03 2008 Daniel B. <daniel@firewall-services.com> 0.2-2
|
||||||
|
Thu Sep 03 2008 --> Thu Aug 28 2008 or Wed Sep 03 2008 or Thu Sep 04 2008 or ....
|
||||||
|
- Bug fix for guest access
|
||||||
|
|
||||||
|
* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-1
|
||||||
|
- uplink and downlink for guest account are configurable via db keys
|
||||||
|
|
||||||
|
* Tue Sep 2 2008 Daniel B. <daniel@firewall-services.com> 0.2-0
|
||||||
|
- Login page is a CGI, with a server-manager login page look
|
||||||
|
- Guest Access can be enabled with guestAccess key (enabled/disabled)
|
||||||
|
- merge patchs in main package
|
||||||
|
|
||||||
|
* Mon Sep 01 2008 Daniel B. <daniel@firewall-services.com> 0.1-8
|
||||||
|
- Fix uamallowed not working (since bypass_auth_with_squid_fix patch)
|
||||||
|
- Add WebRequests key (use of squid or direct connexions, default to direct)
|
||||||
|
- disable radconf in /etc/chilli/config
|
||||||
|
- possible to disable https (enabled by default in AllowedOutgoing)
|
||||||
|
- add tcp:static.sourceforge.net:80 in uamallowed so daloradius homepage is displayed correctly
|
||||||
|
- add radiustimeout directive so authentication errors display the standard message quickly
|
||||||
|
|
||||||
|
* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-7
|
||||||
|
- Reverted moving of default db entries to SPEC file since common practice is to store them in files
|
||||||
|
|
||||||
|
* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-6
|
||||||
|
- split uamallowed (one per line)
|
||||||
|
- Add dnsparanoia directive
|
||||||
|
- correct cmdsock directive
|
||||||
|
- initialise default configuration db in the spec file
|
||||||
|
|
||||||
|
* Thu Aug 28 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-5
|
||||||
|
- Remove the reset of $OUT from the template
|
||||||
|
|
||||||
|
* Thu Aug 28 2008 Daniel B. <daniel@firewall-services.com> 0.1-4
|
||||||
|
- Add template to enable auth module unix (replace the template-custom)
|
||||||
|
- Copy images to /opt/chilli/template before removing .rpmnew directory
|
||||||
|
- Correct dependency (e-smith-radiusd not esmith-radiusd)
|
||||||
|
|
||||||
|
* Wed Aug 27 2008 Jonathan Martens <smeserver-contribs@snetram.nl> 0.1-3
|
||||||
|
- Split requirements to one per line
|
||||||
|
- Removed .rpmnew directory from package
|
||||||
|
- Removed the need for templates-custom as package now requires e-smith-radiusd >= 1.0.0-18
|
||||||
|
|
||||||
|
* Tue Aug 26 2008 Daniel B. <daniel@firewall-services.com>
|
||||||
|
- [0.1-2]
|
||||||
|
- Most firewall customizations (for incomming and forwarded traffic from
|
||||||
|
chilli network only) can be set through db commands (Patch3)
|
||||||
|
- Outgoing DNS is allowed only for the two DNS servers configured
|
||||||
|
- Clean spec file, and put php files in /opt/chilli (Patch4)
|
||||||
|
|
||||||
|
* Tue Apr 15 2008 Daniel Berteaud <daniel@firewall-services.com>
|
||||||
|
- [0.1-1]
|
||||||
|
- security fixe: auth bypass with squid (patch1)
|
||||||
|
- masq template not expanded (patch2)
|
||||||
|
|
||||||
|
* Fri Apr 04 2008 Daniel Berteaud <daniel@firewall-services.com>
|
||||||
|
- [0.1]
|
||||||
|
- initiale release
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup
|
||||||
|
|
||||||
|
%build
|
||||||
|
/usr/bin/perl createlinks
|
||||||
|
|
||||||
|
%install
|
||||||
|
/bin/rm -rf $RPM_BUILD_ROOT
|
||||||
|
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||||
|
/bin/rm -f %{name}-%{version}-filelist
|
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||||
|
--file /etc/chilli/conup.sh 'attr(755,root,root)' \
|
||||||
|
--file /etc/chilli/condown.sh 'attr(750,root,root)' \
|
||||||
|
--file /etc/chilli/call_conup.sh 'attr(755,root,root)' \
|
||||||
|
--file /etc/chilli/call_condown.sh 'attr(755,root,root)' \
|
||||||
|
--file /opt/chilli/cgi-bin/hotspotlogin.cgi 'attr(0750,root,www) %config(noreplace)' \
|
||||||
|
--file /opt/chilli/lang/hotspotlogin.fr.pl 'config(noreplace)' \
|
||||||
|
--file /opt/chilli/lang/hotspotlogin.en.pl 'config(noreplace)' \
|
||||||
|
--file /opt/chilli/css/sme.css 'config(noreplace)' \
|
||||||
|
> %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist
|
||||||
|
%defattr(-,root,root)
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%pre
|
||||||
|
if ! /usr/bin/id coovachilli &>/dev/null; then
|
||||||
|
/usr/sbin/useradd -c 'Coova Chilli User' -s /sbin/nologin -r -d /etc/chilli coovachilli &>/dev/null || \
|
||||||
|
%logmsg "Unexpected error adding user \"coovachilli\". Abort installation."
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
%preun
|
||||||
|
|
||||||
|
if [ $1 == 0 ]; then
|
||||||
|
/sbin/e-smith/db configuration setprop chilli status disabled
|
||||||
|
/etc/rc.d/init.d/chilli stop >& /dev/null || :
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue
Block a user