Skip to content

Commit 64fc29d

Browse files
holtaholta
authored
Merge pull request #2070 from georgejhunt/cap3.1
Cap3.1 on nginx and python 3 [Captive Portal]
2 parents 34bf528 + e9b9a5c commit 64fc29d

25 files changed

+301
-352
lines changed

roles/2-common/tasks/packages.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333
state: present
3434
when: is_debuntu | bool
3535

36-
- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
36+
- name: "Install 24 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3,sudo, tar, unzip, usbmount, usbutils, wget"
3737
package:
3838
name:
3939
- acpid
@@ -56,6 +56,7 @@
5656
- pandoc
5757
- pastebinit
5858
- rsync
59+
- sqlite3
5960
- sudo
6061
- tar
6162
- unzip

roles/9-local-addons/tasks/main.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@
1818

1919
# To be ported soon
2020
- name: CAPTIVE PORTAL
21-
include_tasks: roles/captive-portal/tasks/main.yml
22-
when: captive_portal_install | bool
23-
tags: base, captive-portal, network, domain
21+
include_tasks: roles/captiveportal/tasks/main.yml
22+
when: captiveportal_install | bool
23+
tags: base, captiveportal, network, domain
2424

2525
- name: MINETEST
2626
include_role:

roles/captive-portal/tasks/main.yml

Lines changed: 0 additions & 153 deletions
This file was deleted.

roles/captive-portal/templates/001-captive-portal.conf

Lines changed: 0 additions & 43 deletions
This file was deleted.

roles/captive-portal/templates/captive-portal.service.j2.deprecated

Lines changed: 0 additions & 15 deletions
This file was deleted.

roles/captive-portal/templates/iiab-catch

Lines changed: 0 additions & 9 deletions
This file was deleted.

roles/captive-portal/templates/iiab-uncatch

Lines changed: 0 additions & 15 deletions
This file was deleted.

roles/captiveportal/README.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
## Theory of Operation
2+
3+
* The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
4+
* Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL.
5+
* The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page.
6+
7+
## Components of the IIAB Captive Portal
8+
9+
* Files used
10+
1. checkurls -- the list of urls use by at least one of the OS's.
11+
1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
12+
1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
13+
1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
14+
1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
15+
16+
## Extending and Debugging Captive Portal
17+
* The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
18+
* Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
19+
* To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
20+
21+
## Known Problems
22+
1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.

roles/captive-portal/defaults/main.yml renamed to roles/captiveportal/defaults/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# captive_portal_install: False
22
# captive_portal_enabled: False
33

4-
# captive_portal_port: 9090
4+
# captiveportal_port: 9090
55

66
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
77
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

roles/captive-portal/files/mac.template renamed to roles/captiveportal/files/mac.template

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,16 +8,17 @@
88
#header {
99
display: block;
1010
height: 120px;
11-
width:1024px;
11+
width:900px;
1212
background: #000 url('iiab_banner6.png') no-repeat 0 0;
1313
border-radius: 5px;
1414
margin: 5px;
15+
object-fit: cover;
1516
}
1617
body {
1718
background-color: #CBFFAA;
1819
font-family: sans-serif;
1920
font-size: 100%;
20-
width: 1024px;
21+
width: 900px;
2122
margin: 3px;
2223
}
2324
}

0 commit comments

Comments
 (0)