mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-12-20 10:51:27 +00:00
cb8bbc7ac1
This Patch add APNOS support for captive portal radius user authentication Package: OpenNDS Signed-off-by: Nagendrababu <nagendrababu.bonkuri@connectus.ai>
168 lines
6.2 KiB
Diff
168 lines
6.2 KiB
Diff
--- a/src/conf.c
|
|
+++ b/src/conf.c
|
|
@@ -116,7 +116,14 @@ typedef enum {
|
|
oFWMarkTrusted,
|
|
oFWMarkBlocked,
|
|
oBinAuth,
|
|
- oPreAuth
|
|
+ oPreAuth,
|
|
+ oSplashPageTitle,
|
|
+ oLoginSuccessText,
|
|
+ oAcceptancePolicy,
|
|
+ oRadiusServerIp,
|
|
+ oRadiusServerPort,
|
|
+ oRadiusServerSecret,
|
|
+ oRadiusAuthType
|
|
} OpCodes;
|
|
|
|
/** @internal
|
|
@@ -178,6 +185,13 @@ static const struct {
|
|
{ "fw_mark_blocked", oFWMarkBlocked },
|
|
{ "binauth", oBinAuth },
|
|
{ "preauth", oPreAuth },
|
|
+ { "acceptance_policy", oAcceptancePolicy },
|
|
+ { "splash_page_title", oSplashPageTitle },
|
|
+ { "login_success_text", oLoginSuccessText },
|
|
+ { "radius_server_ip", oRadiusServerIp},
|
|
+ { "radius_server_port", oRadiusServerPort},
|
|
+ { "radius_server_secret", oRadiusServerSecret},
|
|
+ { "radius_auth_type", oRadiusAuthType},
|
|
{ NULL, oBadOption },
|
|
};
|
|
|
|
@@ -269,7 +283,13 @@ config_init(void)
|
|
config.ip6 = DEFAULT_IP6;
|
|
config.binauth = NULL;
|
|
config.preauth = NULL;
|
|
-
|
|
+ config.acceptance_policy = safe_strdup(DEFAULT_ACCEPTANCE_POLICY);
|
|
+ config.splash_page_title = safe_strdup(DEFAULT_SPLASH_PAGE_TITLE);
|
|
+ config.login_success_text = safe_strdup(DEFAULT_LOGIN_SUCCESS_TEXT);
|
|
+ config.radius_server_secret = NULL;
|
|
+ config.radius_server_port = NULL;
|
|
+ config.radius_server_ip = NULL;
|
|
+ config.radius_auth_type = NULL;
|
|
// Set up default FirewallRuleSets, and their empty ruleset policies
|
|
rs = add_ruleset("trusted-users");
|
|
rs->emptyrulesetpolicy = safe_strdup(DEFAULT_EMPTY_TRUSTED_USERS_POLICY);
|
|
@@ -1026,6 +1046,27 @@ config_read(const char *filename)
|
|
exit(1);
|
|
}
|
|
break;
|
|
+ case oAcceptancePolicy:
|
|
+ config.acceptance_policy = safe_strdup(p1);
|
|
+ break;
|
|
+ case oLoginSuccessText:
|
|
+ config.login_success_text = safe_strdup(p1);
|
|
+ break;
|
|
+ case oSplashPageTitle:
|
|
+ config.splash_page_title = safe_strdup(p1);
|
|
+ break;
|
|
+ case oRadiusServerIp:
|
|
+ config.radius_server_ip = safe_strdup(p1);
|
|
+ break;
|
|
+ case oRadiusServerPort:
|
|
+ config.radius_server_port = safe_strdup(p1);
|
|
+ break;
|
|
+ case oRadiusServerSecret:
|
|
+ config.radius_server_secret = safe_strdup(p1);
|
|
+ break;
|
|
+ case oRadiusAuthType:
|
|
+ config.radius_auth_type = safe_strdup(p1);
|
|
+ break;
|
|
case oBadOption:
|
|
debug(LOG_ERR, "Bad option %s on line %d in %s", s, linenum, filename);
|
|
debug(LOG_ERR, "Exiting...");
|
|
--- a/src/conf.h
|
|
+++ b/src/conf.h
|
|
@@ -52,7 +52,7 @@
|
|
#define DEFAULT_DEBUGLEVEL 1
|
|
#define DEFAULT_MAXCLIENTS 20
|
|
#define DEFAULT_GATEWAY_IPRANGE "0.0.0.0/0"
|
|
-#define DEFAULT_GATEWAYNAME "openNDS"
|
|
+#define DEFAULT_GATEWAYNAME "Telecom Infra Project Gateway"
|
|
#define DEFAULT_GATEWAYPORT 2050
|
|
#define DEFAULT_FASPORT 0
|
|
#define DEFAULT_LOGIN_OPTION_ENABLED 0
|
|
@@ -98,7 +98,9 @@
|
|
#define DEFAULT_EMPTY_AUTHENTICATED_USERS_POLICY "RETURN"
|
|
#define DEFAULT_EMPTY_PREAUTHENTICATED_USERS_POLICY "REJECT"
|
|
#define DEFAULT_IP6 0
|
|
-
|
|
+#define DEFAULT_SPLASH_PAGE_TITLE "Captive Portal"
|
|
+#define DEFAULT_ACCEPTANCE_POLICY "Use this network at your own risk. No warranty of any kind "
|
|
+#define DEFAULT_LOGIN_SUCCESS_TEXT "Welcome to Network"
|
|
// Firewall targets
|
|
typedef enum {
|
|
TARGET_DROP,
|
|
@@ -195,6 +197,13 @@ typedef struct {
|
|
int ip6; //@brief enable IPv6
|
|
char *binauth; //@brief external authentication program
|
|
char *preauth; //@brief external preauthentication program
|
|
+ char *acceptance_policy;
|
|
+ char *login_success_text;
|
|
+ char *splash_page_title;
|
|
+ char *radius_server_ip;
|
|
+ char *radius_server_port;
|
|
+ char *radius_server_secret;
|
|
+ char *radius_auth_type;
|
|
} s_config;
|
|
|
|
// @brief Get the current gateway configuration
|
|
--- a/src/http_microhttpd.c
|
|
+++ b/src/http_microhttpd.c
|
|
@@ -696,7 +696,7 @@ static int show_preauthpage(struct MHD_C
|
|
uh_urlencode(enc_query, sizeof(enc_query), query, strlen(query));
|
|
debug(LOG_DEBUG, "PreAuth: query: %s", query);
|
|
}
|
|
-
|
|
+ debug(LOG_WARNING, "Preauth script: querystring:%s ,user_agent:%s", enc_query, enc_user_agent);
|
|
rc = execute_ret(msg, HTMLMAXSIZE - 1, "%s '%s' '%s'", config->preauth, enc_query, enc_user_agent);
|
|
|
|
if (rc != 0) {
|
|
@@ -950,7 +950,6 @@ static char *construct_querystring(t_cli
|
|
char clientif[64] = {0};
|
|
|
|
s_config *config = config_get_config();
|
|
-
|
|
if (config->fas_secure_enabled == 0) {
|
|
snprintf(querystr, QUERYMAXLEN, "?clientip=%s&gatewayname=%s&tok=%s", client->ip, config->url_encoded_gw_name, client->token);
|
|
|
|
@@ -959,10 +958,12 @@ static char *construct_querystring(t_cli
|
|
if (config->fas_hid) {
|
|
hash_str(hash, sizeof(hash), client->token);
|
|
debug(LOG_DEBUG, "hid=%s", hash);
|
|
- snprintf(querystr, QUERYMAXLEN, "?clientip=%s&gatewayname=%s&hid=%s&gatewayaddress=%s",
|
|
- client->ip, config->url_encoded_gw_name, hash, config->gw_address);
|
|
+ snprintf(querystr, QUERYMAXLEN, "?clientip=%s&gatewayname=%s&hid=%s&gatewayaddress=%s&radiusserverip=%s&radiusserverport=%s&radiusserversecret=%s&radiusauthtype=%s",
|
|
+ client->ip, config->url_encoded_gw_name, hash, config->gw_address, config->radius_server_ip, config->radius_server_port, config->radius_server_secret, config->radius_auth_type);
|
|
} else {
|
|
- snprintf(querystr, QUERYMAXLEN, "?clientip=%s&gatewayname=%s", client->ip, config->url_encoded_gw_name);
|
|
+ snprintf(querystr, QUERYMAXLEN,"?clientip=%s&gatewayname=%s&splashpagetitle=%s&acceptancepolicy=%s&loginsuccesstext=%s&redirecturl=%s&radiusserverip=%s&radiusserverport=%s&radiusserversecret=%s&radiusauthtype=%s",
|
|
+ client->ip, config->url_encoded_gw_name, config->splash_page_title, config->acceptance_policy, config->login_success_text, config->redirectURL, config->radius_server_ip, config->radius_server_port, config->radius_server_secret, config->radius_auth_type);
|
|
+
|
|
}
|
|
|
|
} else if (config->fas_secure_enabled == 2 || config->fas_secure_enabled == 3) {
|
|
@@ -1320,6 +1321,10 @@ static void replace_variables(
|
|
{"token", client->token},
|
|
{"uptime", uptime},
|
|
{"version", VERSION},
|
|
+ {"acceptancepolicy", config->acceptance_policy},
|
|
+ {"loginsuccesstext", config->login_success_text},
|
|
+ {"splashpagetitle", config->splash_page_title},
|
|
+ {"redirecturl", config->redirectURL},
|
|
{NULL, NULL}
|
|
};
|
|
|
|
--- a/src/main.c
|
|
+++ b/src/main.c
|
|
@@ -394,7 +394,6 @@ setup_from_config(void)
|
|
if (config->preauth) {
|
|
debug(LOG_NOTICE, "Preauth is Enabled - Overiding FAS configuration.\n");
|
|
debug(LOG_INFO, "Preauth Script is %s\n", config->preauth);
|
|
-
|
|
//override all other FAS settings
|
|
config->fas_remoteip = safe_strdup(config->gw_ip);
|
|
config->fas_remotefqdn = NULL;
|