diff options
4 files changed, 346 insertions, 64 deletions
diff --git a/applications/luci-splash/luasrc/controller/splash/splash.lua b/applications/luci-splash/luasrc/controller/splash/splash.lua index 8603b141fa..88aafcdf52 100644 --- a/applications/luci-splash/luasrc/controller/splash/splash.lua +++ b/applications/luci-splash/luasrc/controller/splash/splash.lua @@ -6,6 +6,8 @@ function index() node("splash").target = call("action_dispatch") node("splash", "activate").target = call("action_activate") node("splash", "splash").target = template("splash_splash/splash") + + entry({"admin", "status", "splash"}, call("action_status_admin"), "Client-Splash") end function action_dispatch() @@ -28,3 +30,69 @@ function action_activate() luci.http.redirect(luci.dispatcher.build_url()) end end + +function action_status_admin() + local uci = luci.model.uci.cursor_state() + local macs = luci.http.formvaluetable("save") + + local function delete_mac(what, mac) + uci:delete_all("luci_splash", what, + function(s) + return ( s.mac and s.mac:lower() == mac ) + end) + end + + local function leases(mac) + local leases = { } + + uci:foreach("luci_splash", "lease", function(s) + if s.start and s.mac and s.mac:lower() ~= mac then + leases[#leases+1] = { + start = s.start, + mac = s.mac + } + end + end) + + uci:revert("luci_splash") + + return leases + end + + local function commit(leases, no_commit) + if not no_commit then + uci:save("luci_splash") + uci:commit("luci_splash") + end + + for _, l in ipairs(leases) do + uci:section("luci_splash", "lease", nil, l) + end + + uci:save("luci_splash") + os.execute("/etc/init.d/luci_splash restart") + end + + for key, _ in pairs(macs) do + local policy = luci.http.formvalue("policy.%s" % key) + local mac = luci.http.protocol.urldecode(key) + local lslist = leases(policy ~= "kick" and mac) + + delete_mac("blacklist", mac) + delete_mac("whitelist", mac) + + if policy == "whitelist" or policy == "blacklist" then + uci:section("luci_splash", policy, nil, { mac = mac }) + elseif policy == "normal" then + lslist[#lslist+1] = { mac = mac, start = os.time() } + elseif policy == "kick" then + for _, l in ipairs(lslist) do + if l.mac:lower() == mac then l.kicked="1" end + end + end + + commit(lslist) + end + + luci.template.render("admin_status/splash", { is_admin = true }) +end diff --git a/applications/luci-splash/luasrc/view/admin_status/splash.htm b/applications/luci-splash/luasrc/view/admin_status/splash.htm new file mode 100644 index 0000000000..20ea25b873 --- /dev/null +++ b/applications/luci-splash/luasrc/view/admin_status/splash.htm @@ -0,0 +1,189 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2009 Jo-Philipp Wich <xm@leipzig.freifunk.net> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> + +<%- + +local utl = require "luci.util" +local ipt = require "luci.sys.iptparser".IptParser() +local uci = require "luci.model.uci".cursor_state() +local wat = require "luci.tools.webadmin" +local clients = { } +local leasetime = tonumber(uci:get("luci_splash", "general", "leasetime") or 1) * 60 * 60 +local leasefile = "/tmp/dhcp.leases" + +uci:foreach("dhcp", "dnsmasq", + function(s) + if s.leasefile then leasefile = s.leasefile end + end) + + +uci:foreach("luci_splash", "lease", + function(s) + if s.start and s.mac then + clients[s.mac:lower()] = { + start = tonumber(s.start), + limit = ( tonumber(s.start) + leasetime ), + mac = s.mac:upper(), + policy = "normal", + packets = 0, + bytes = 0, + kicked = s.kicked and true or false + } + end + end) + +for _, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" then + if not clients[r.options[2]:lower()] then + clients[r.options[2]:lower()] = { + start = 0, + limit = 0, + mac = r.options[2]:upper(), + policy = ( r.target == "RETURN" ) and "whitelist" or "blacklist", + packets = 0, + bytes = 0 + } + end + end +end + +for _, r in ipairs(ipt:find({table="filter", chain="luci_splash_counter"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" then + local c = clients[r.options[2]:lower()] + if c and c.packets == 0 then + c.bytes = tonumber(r.bytes) + c.packets = tonumber(r.packets) + end + end +end + +uci:foreach("luci_splash", "whitelist", + function(s) + if s.mac and clients[s.mac:lower()] then + clients[s.mac:lower()].policy="whitelist" + end + end) + +uci:foreach("luci_splash", "blacklist", + function(s) + if s.mac and clients[s.mac:lower()] then + clients[s.mac:lower()].policy=(s.kicked and "kicked" or "blacklist") + end + end) + +if luci.fs.access(leasefile) then + for l in io.lines(leasefile) do + local time, mac, ip, name = l:match("^(%d+) (%S+) (%S+) (%S+)") + if time and mac and ip then + local c = clients[mac:lower()] + if c then + c.ip = ip + c.hostname = ( name ~= "*" ) and name or nil + end + end + end +end + +for i, a in ipairs(luci.sys.net.arptable()) do + local c = clients[a["HW address"]:lower()] + if c and not c.ip then + c.ip = a["IP address"] + end +end + +local function showmac(mac) + if not is_admin then + mac = mac:gsub("(%S%S:%S%S):%S%S:%S%S:(%S%S:%S%S)", "%1:XX:XX:%2") + end + return mac +end + +-%> + +<%+header%> + +<div id="cbi-splash-leases" class="cbi-map"> + <h2><a id="content" name="content"><%:ff_splash Client-Splash%></a></h2> + <fieldset id="cbi-table-table" class="cbi-section"> + <legend><%:ff_splash_clients Active Clients%></legend> + <div class="cbi-section-node"> + <% if is_admin then %><form action="<%=REQUEST_URI%>" method="post"><% end %> + <table class="cbi-section-table"> + <tr class="cbi-section-table-titles"> + <th class="cbi-section-table-cell"><%:ff_splash_hostname Hostname%></th> + <th class="cbi-section-table-cell"><%:ff_splash_ip IP Address%></th> + <th class="cbi-section-table-cell"><%:ff_splash_mac MAC Address%></th> + <th class="cbi-section-table-cell"><%:ff_splash_timeleft Time remaining%></th> + <th class="cbi-section-table-cell"><%:ff_splash_traffic Outgoing traffic%></th> + <th class="cbi-section-table-cell"><%:ff_splash_policy Policy%></th> + </tr> + + <%- + local count = 0 + for _, c in utl.spairs(clients, + function(a,b) + if clients[a].policy == clients[b].policy then + return (clients[a].start > clients[b].start) + else + return (clients[a].policy > clients[b].policy) + end + end) + do + if c.ip then + count = count + 1 + -%> + <tr class="cbi-section-table-row cbi-rowstyle-<%=2-(count%2)%>"> + <td class="cbi-section-table-cell"><%=c.hostname or "<em>" .. translate("ff_splash_unknown", "unknown") .. "</em>"%></td> + <td class="cbi-section-table-cell"><%=c.ip or "<em>" .. translate("ff_splash_unknown", "unknown") .. "</em>"%></td> + <td class="cbi-section-table-cell"><%=showmac(c.mac)%></td> + <td class="cbi-section-table-cell"><%= + (c.limit >= os.time()) and wat.date_format(c.limit-os.time()) or + (c.policy ~= "normal") and "-" or "<em>" .. translate("ff_splash_expired", "expired") .. "</em>" + %></td> + <td class="cbi-section-table-cell"><%=wat.byte_format(c.bytes)%></td> + <td class="cbi-section-table-cell"> + <% if is_admin then %> + <select name="policy.<%=c.mac:lower()%>" style="width:200px"> + <option value="whitelist"<%=c.policy=="whitelist" and ' selected="selected"'%>><%:ff_splash_whitelisted whitelisted%></option> + <option value="normal"<%=c.policy=="normal" and not c.kicked and ' selected="selected"'%>><%:ff_splash_splashed splashed%></option> + <option value="blacklist"<%=c.policy=="blacklist" and ' selected="selected"'%>><%:ff_splash_blacklisted blacklisted%></option> + <% if c.policy == "normal" then -%> + <option value="kick"<%=c.kicked and ' selected="selected"'%>><%:ff_splash_tempblock temporarily blocked%> (<%=wat.date_format(c.limit-os.time())%>)</option> + <%- end %> + </select> + <input type="submit" class="cbi-button cbi-button-save" name="save.<%=c.mac:lower()%>" value="<%:save Save%>" /> + <% else %> + <%=c.policy%> + <% end %> + </td> + </tr> + <%- + end + end + + if count == 0 then + -%> + <tr class="cbi-section-table-row"> + <td colspan="7" class="cbi-section-table-cell"> + <br /><em><%:ff_splash_noclients No clients connected%></em><br /> + </td> + </tr> + <%- end -%> + </table> + <% if is_admin then %></form><% end %> + </div> + </fieldset> +</div> + +<%+footer%> diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash index 31ffb783ad..ffcd6f8837 100755 --- a/applications/luci-splash/root/etc/init.d/luci_splash +++ b/applications/luci-splash/root/etc/init.d/luci_splash @@ -35,14 +35,24 @@ blacklist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP + [ -n "$mac" ] && { + iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN + iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP + } } whitelist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN + config_get ban "$cfg" kicked + + ban=${ban:+DROP} + + [ -n "$mac" ] && { + iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN + iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}" + } } boot() { @@ -72,28 +82,31 @@ start() { include /lib/network scan_interfaces config_load luci_splash - + ### Create subchains + iptables -N luci_splash_counter iptables -t nat -N luci_splash_portal iptables -t nat -N luci_splash_leases iptables -t nat -N luci_splash_prerouting - + ### Build the main and portal rule config_foreach blacklist_add blacklist config_foreach whitelist_add whitelist config_foreach whitelist_add lease config_foreach iface_add iface - + ### Build the portal rule + iptables -I INPUT -j luci_splash_counter + iptables -I FORWARD -j luci_splash_counter iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN iptables -t nat -A luci_splash_portal -p icmp -j RETURN iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN iptables -t nat -A luci_splash_portal -j luci_splash_leases - + ### Build the leases rule iptables -t nat -A luci_splash_leases -p tcp --dport 80 -j REDIRECT --to-ports 8082 iptables -t nat -A luci_splash_leases -j DROP - + ### Add crontab entry test -f /etc/crontabs/root || touch /etc/crontabs/root grep -q luci-splash /etc/crontabs/root || { @@ -105,16 +118,20 @@ stop() { ### Clear interface rules config_load luci_splash config_foreach iface_del iface - + iptables -D INPUT -j luci_splash_counter + iptables -D FORWARD -j luci_splash_counter + ### Clear subchains iptables -t nat -F luci_splash_leases iptables -t nat -F luci_splash_portal iptables -t nat -F luci_splash_prerouting - + iptables -F luci_splash_counter + ### Delete subchains iptables -t nat -X luci_splash_leases iptables -t nat -X luci_splash_portal iptables -t nat -X luci_splash_prerouting + iptables -X luci_splash_counter sed -ie '/\/usr\/sbin\/luci-splash sync/d' /var/spool/cron/crontabs/root } diff --git a/applications/luci-splash/root/usr/sbin/luci-splash b/applications/luci-splash/root/usr/sbin/luci-splash index 82662c8718..d12b9f3a33 100755 --- a/applications/luci-splash/root/usr/sbin/luci-splash +++ b/applications/luci-splash/root/usr/sbin/luci-splash @@ -1,39 +1,35 @@ #!/usr/bin/lua -require("luci.http") require("luci.util") require("luci.model.uci") +require("luci.sys.iptparser") -- Init state session local uci = luci.model.uci.cursor_state() +local ipt = luci.sys.iptparser.IptParser() function main(argv) local cmd = argv[1] local arg = argv[2] - if cmd == "status" then - if not arg then - os.exit(1) - end - - if iswhitelisted(arg) then + if cmd == "status" and arg then + if islisted("whitelist", arg) then print("whitelisted") - os.exit(0) + elseif islisted("blacklist", arg) then + print("blacklisted") + else + local lease = haslease(arg) + if lease and lease.kicked then + print("kicked") + elseif lease then + print("lease") + else + print("unknown") + end end - - if haslease(arg) then - print("lease") - os.exit(0) - end - - print("unknown") os.exit(0) - elseif cmd == "add" then - if not arg then - os.exit(1) - end - + elseif cmd == "add" and arg then if not haslease(arg) then add_lease(arg) else @@ -41,11 +37,7 @@ function main(argv) os.exit(2) end os.exit(0) - elseif cmd == "remove" then - if not arg then - os.exit(1) - end - + elseif cmd == "remove" and arg then remove_lease(arg) os.exit(0) elseif cmd == "sync" then @@ -72,19 +64,10 @@ end -- Remove a lease from state and invoke remove_rule function remove_lease(mac) mac = mac:lower() - local del = {} + remove_rule(mac) - uci:foreach("luci_splash", "lease", - function (section) - if section.mac:lower() == mac then - table.insert(del, section[".name"]) - end - end) - - for i,j in ipairs(del) do - remove_rule(j) - uci:delete("luci_splash", j) - end + uci:delete_all("luci_splash", "lease", + function(s) return ( s.mac:lower() == mac ) end) uci:save("luci_splash") end @@ -92,54 +75,76 @@ end -- Add an iptables rule function add_rule(mac) + os.execute("iptables -I luci_splash_counter -m mac --mac-source '"..mac.."'") return os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") end -- Remove an iptables rule function remove_rule(mac) - return os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") + for _, r in ipairs(ipt:find({table="filter", chain="luci_splash_counter"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" and + r.options[2]:lower() == mac:lower() + then + os.execute("iptables -D luci_splash_counter -m mac --mac-source %q -j %s" + %{ mac, r.target }) + end + end + + for _, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" and + r.options[2]:lower() == mac:lower() + then + os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source %q -j %s" + %{ mac, r.target }) + end + end + + ipt:resync() end -- Check whether a MAC-Address is listed in the lease state list function haslease(mac) mac = mac:lower() - local stat = false - + local lease = nil + uci:foreach("luci_splash", "lease", function (section) if section.mac:lower() == mac then - stat = true - return + lease = section end end) - - return stat + + return lease end --- Check whether a MAC-Address is whitelisted -function iswhitelisted(mac) +-- Check whether a MAC-Address is in given list +function islisted(what, mac) mac = mac:lower() - - uci:foreach("luci_splash", "whitelist", + + uci:foreach("luci_splash", what, function (section) if section.mac:lower() == mac then stat = true return end end) - + return false end -- Returns a list of MAC-Addresses for which a rule is existing function listrules() - local cmd = "iptables -t nat -L luci_splash_leases | grep RETURN |" - cmd = cmd .. "egrep -io [0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+" - return luci.util.split(luci.util.exec(cmd)) + local macs = { } + for i, r in ipairs(ipt:find({table="nat", chain="luci_splash_leases"})) do + if r.options and #r.options >= 2 and r.options[1] == "MAC" then + macs[r.options[2]:lower()] = true + end + end + return luci.util.keys(macs) end @@ -168,11 +173,14 @@ function sync() else -- Rewrite state uci:section("luci_splash", "lease", nil, { - mac = v.mac, - start = v.start + mac = v.mac, + start = v.start, + kicked = v.kicked }) written[v.mac:lower()] = 1 end + elseif v[".type"] == "whitelist" or v[".type"] == "blacklist" then + written[v.mac:lower()] = 1 end end @@ -187,4 +195,4 @@ function sync() uci:save("luci_splash") end -main(arg)
\ No newline at end of file +main(arg) |