diff options
Diffstat (limited to 'contrib/package/ffluci-splash/src')
7 files changed, 315 insertions, 0 deletions
diff --git a/contrib/package/ffluci-splash/src/luci-splash.lua b/contrib/package/ffluci-splash/src/luci-splash.lua new file mode 100644 index 000000000..54c32add6 --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci-splash.lua @@ -0,0 +1,173 @@ +#!/usr/bin/lua +package.path = "/usr/lib/lua/?.lua;/usr/lib/lua/?/init.lua;" .. package.path +package.cpath = "/usr/lib/lua/?.so;" .. package.cpath + +require("ffluci.http") +require("ffluci.sys") +require("ffluci.model.uci") + +-- Init state session +uci = ffluci.model.uci.Session("/var/state") + + +-- Parse stdin and do something +function main(argv) + local cmd = argv[1] + local arg = argv[2] + + if not cmd then + print("Usage: " .. argv[0] .. " <status|add|remove|sync> [MAC]") + os.exit(1) + elseif cmd == "status" then + if not arg then + os.exit(1) + end + + if iswhitelisted(arg) then + print("whitelisted") + os.exit(0) + end + + if haslease(arg) then + print("lease") + os.exit(0) + end + + print("unknown") + os.exit(0) + elseif cmd == "add" then + if not arg then + os.exit(1) + end + + if not haslease(arg) then + add_lease(arg) + else + print("already leased!") + os.exit(2) + end + os.exit(0) + elseif cmd == "remove" then + if not cmd[2] then + os.exit(1) + end + + remove_lease(arg) + os.exit(0) + elseif cmd == "sync" then + sync() + os.exit(0) + end +end + +-- Add a lease to state and invoke add_rule +function add_lease(mac) + local key = uci:add("luci_splash", "lease") + uci:set("luci_splash", key, "mac", mac) + uci:set("luci_splash", key, "start", os.time()) + add_rule(mac) +end + + +-- Remove a lease from state and invoke remove_rule +function remove_lease(mac) + mac = mac:lower() + + for k, v in pairs(uci:show("luci_splash").luci_splash) do + if v.mac:lower() == mac then + remove_rule(mac) + uci:del("luci_splash", k) + end + end +end + + +-- Add an iptables rule +function add_rule(mac) + return os.execute("iptables -t nat -I luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") +end + + +-- Remove an iptables rule +function remove_rule(mac) + return os.execute("iptables -t nat -D luci_splash_leases -m mac --mac-source '"..mac.."' -j RETURN") +end + + +-- Check whether a MAC-Address is listed in the lease state list +function haslease(mac) + mac = mac:lower() + + for k, v in pairs(uci:show("luci_splash").luci_splash) do + if v[".type"] == "lease" and v.mac and v.mac:lower() == mac then + return true + end + end + + return false +end + + +-- Check whether a MAC-Address is whitelisted +function iswhitelisted(mac) + mac = mac:lower() + + for k, v in pairs(uci:show("luci_splash").luci_splash) do + if v[".type"] == "whitelist" and v.mac and v.mac:lower() == mac then + return true + end + end + + return false +end + + +-- Returns a list of MAC-Addresses for which a rule is existing +function listrules() + local cmd = "iptables -t nat -L luci_splash_leases | grep RETURN |" + cmd = cmd .. "egrep -io [0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+" + return ffluci.util.split(ffluci.sys.exec(cmd)) +end + + +-- Synchronise leases, remove abandoned rules +function sync() + local written = {} + local time = os.time() + + -- Current leases in state files + local leases = uci:show("luci_splash").luci_splash + + -- Convert leasetime to seconds + local leasetime = tonumber(uci:get("luci_splash", "general", "leasetime")) * 3600 + + -- Clean state file + uci:revert("luci_splash") + + + -- For all leases + for k, v in pairs(uci:show("luci_splash")) do + if v[".type"] == "lease" then + if os.difftime(time, tonumber(v.start)) > leasetime then + -- Remove expired + remove_rule(v.mac) + else + -- Rewrite state + local n = uci:add("luci_splash", "lease") + uci:set("luci_splash", n, "mac", v.mac) + uci:set("luci_splash", n, "start", v.start) + written[v.mac] = 1 + end + end + end + + + -- Delete rules without state + for i, r in ipairs(listrules()) do + if #r > 0 and not written[r] then + remove_rule(r) + end + end +end + +main(arg)
\ No newline at end of file diff --git a/contrib/package/ffluci-splash/src/luci-splash/htdocs/cgi-bin/index.cgi b/contrib/package/ffluci-splash/src/luci-splash/htdocs/cgi-bin/index.cgi new file mode 100644 index 000000000..4cbddc0c5 --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci-splash/htdocs/cgi-bin/index.cgi @@ -0,0 +1,39 @@ +#!/usr/bin/haserl --shell=luac +package.path = "/usr/lib/lua/?.lua;/usr/lib/lua/?/init.lua;" .. package.path +package.cpath = "/usr/lib/lua/?.so;" .. package.cpath + +require("ffluci.http") +require("ffluci.sys") +require("ffluci.model.uci") + +local srv +local ip = ffluci.http.remote_addr() +for k, v in pairs(ffluci.model.uci.show("network").network) do + if v[".type"] == "interface" and v.ipaddr then + local p = ffluci.sys.net.mask4prefix(v.netmask) + if ffluci.sys.net.belongs(ip, v.ipaddr, p) then + srv = v.ipaddr + break + end + end +end + +if not srv then + ffluci.http.textheader() + return print("Unable to detect network settings!") +end + +local action = "splash" + +local mac = ffluci.sys.net.ip4mac(ip) +if not mac then + action = "unknown" +end + +local status = ffluci.sys.exec("luci-splash status "..mac) + +if status == "whitelisted" or status == "lease" then + action = "allowed" +end + +ffluci.http.redirect("http://" .. srv .. "/cgi-bin/luci-splash/" .. action)
\ No newline at end of file diff --git a/contrib/package/ffluci-splash/src/luci-splash/htdocs/index.html b/contrib/package/ffluci-splash/src/luci-splash/htdocs/index.html new file mode 100644 index 000000000..58387a5fe --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci-splash/htdocs/index.html @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="refresh" content="0; URL=/cgi-bin/index.cgi" /> +</head> +<body style="background-color: black"> +<a style="color: white; text-decoration: none" href="/cgi-bin/index.cgi">FFLuCI - Freifunk Lua Configuration Interface</a> +</body> +</html>
\ No newline at end of file diff --git a/contrib/package/ffluci-splash/src/luci_splash.cron b/contrib/package/ffluci-splash/src/luci_splash.cron new file mode 100644 index 000000000..eae429474 --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci_splash.cron @@ -0,0 +1,2 @@ +#!/bin/sh +[ "$(date +%M | cut -c2)" == "5" ] && luci-splash sync
\ No newline at end of file diff --git a/contrib/package/ffluci-splash/src/luci_splash.init b/contrib/package/ffluci-splash/src/luci_splash.init new file mode 100644 index 000000000..a7bb4abeb --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci_splash.init @@ -0,0 +1,88 @@ +#!/bin/sh /etc/rc.common +START=70 + +iface_add() { + local cfg="$1" + + config_get net "$cfg" network + [ -n "$net" ] || return 0 + + config_get iface "$net" ifname + [ -n "$iface" ] || return 0 + iface="${iface%%:*}" + + config_get ipaddr "$net" ipaddr + [ -n "$ipaddr" ] || return 0 + + config_get netmask "$net" netmask + [ -n "$netmask" ] || return 0 + + eval "$(ipcalc.sh $ipaddr $netmask)" + + iptables -t nat -A luci_splash -i "$iface" -s "$IP/$PREFIX" -j luci_splash_portal + iptables -t nat -A luci_splash_portal -i "$iface" -s "$IP/$PREFIX" -d "$ipaddr" -p tcp --dport 80 -j RETURN +} + +blacklist_add() { + local cfg="$1" + + config_get mac "$cfg" mac + [ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j DROP +} + +whitelist_add() { + local cfg="$1" + + config_get mac "$cfg" mac + [ -n "$mac" ] && iptables -t nat -A luci_splash_portal -m mac --mac-source "$mac" -j RETURN +} + +start() { + ### Read chains from config + include /lib/network + scan_interfaces + config_load luci_splash + + ### Create subchains + iptables -t nat -N luci_splash + iptables -t nat -N luci_splash_portal + iptables -t nat -N luci_splash_leases + + ### Build the main and portal rule + config_foreach blacklist_add blacklist + config_foreach whitelist_add whitelist + config_foreach iface_add iface + + ### Build the portal rule + iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN + iptables -t nat -A luci_splash_portal -j luci_splash_leases + + ### Build the leases rule + iptables -t nat -A luci_splash_leases -p tcp --dport 80 -j REDIRECT --to-ports 8082 + iptables -t nat -A luci_splash_leases -j DROP + + ### Start the splash httpd + httpd -c /etc/luci_splash_httpd.conf -p 8082 -h /usr/lib/luci-splash/htdocs + + ### Sync leases + /usr/lib/luci-splash/sync.lua + + ### Hook in the chain + iptables -t nat -A prerouting_rule -j luci_splash +} + +stop() { + ### Hook out the chain + iptables -t nat -D prerouting_rule -j luci_splash + + ### Clear subchains + iptables -t nat -F luci_splash_leases + iptables -t nat -F luci_splash_portal + iptables -t nat -F luci_splash + + ### Delete subchains + iptables -t nat -X luci_splash_leases + iptables -t nat -X luci_splash_portal + iptables -t nat -X luci_splash +} + diff --git a/contrib/package/ffluci-splash/src/luci_splash.uci b/contrib/package/ffluci-splash/src/luci_splash.uci new file mode 100644 index 000000000..c4cfef5dd --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci_splash.uci @@ -0,0 +1,2 @@ +config core general + option leasetime 1
\ No newline at end of file diff --git a/contrib/package/ffluci-splash/src/luci_splash_httpd.conf b/contrib/package/ffluci-splash/src/luci_splash_httpd.conf new file mode 100644 index 000000000..6007e80db --- /dev/null +++ b/contrib/package/ffluci-splash/src/luci_splash_httpd.conf @@ -0,0 +1 @@ +E404:index.html
\ No newline at end of file |