def load_rpc_manager_list(appid=None):
# create a list for all of the apps we discover
captureList = list()
# first we get the uvm context
uvmContext = Uvm().getUvmContext()
if (appid == None):
applist = uvmContext.appManager().appInstancesIds()
for item in applist['list']:
app = uvmContext.appManager().app(long(item))
name = app.getAppSettings()['appName']
if (name == 'captive-portal'):
captureList.append(app)
# appid was passed so use it
else:
app = uvmContext.appManager().app(long(appid))
captureList.append(app)
# if we can't find the app then throw an exception
if (len(captureList) == 0):
raise Exception("The uvm app manager could not locate captive-portal")
return(captureList)
def load_rpc_manager_list(appid=None):
# create a list for all of the apps we discover
captureList = list()
# first we get the uvm context
uvmContext = Uvm().getUvmContext()
if (appid == None):
applist = uvmContext.appManager().appInstancesIds()
for item in applist['list']:
app = uvmContext.appManager().app(long(item))
name = app.getAppSettings()['appName']
if (name == 'captive-portal'):
captureList.append(app)
# appid was passed so use it
else:
app = uvmContext.appManager().app(long(appid))
captureList.append(app)
# if we can't find the app then throw an exception
if (len(captureList) == 0):
raise Exception("The uvm app manager could not locate captive-portal")
return (captureList)
def load_rpc_manager(appid=None):
# first we get the uvm context
uvmContext = Uvm().getUvmContext()
# if no appid provided we lookup capture app by name
# otherwise we use the appid passed to us
if (appid == None):
captureApp = uvmContext.appManager().app("captive-portal")
else:
captureApp = uvmContext.appManager().app(int(appid))
# if we can't find the app then throw an exception
if (captureApp == None):
raise Exception("The uvm app manager could not locate captive-portal")
return(captureApp)
def load_rpc_manager(appid=None):
# first we get the uvm context
uvmContext = Uvm().getUvmContext()
# if no appid provided we lookup capture app by name
# otherwise we use the appid passed to us
if (appid == None):
captureApp = uvmContext.appManager().app("captive-portal")
else:
captureApp = uvmContext.appManager().app(int(appid))
# if we can't find the app then throw an exception
if (captureApp == None):
raise Exception("The uvm app manager could not locate captive-portal")
return (captureApp)
def generate_page(req,captureSettings,args,extra=''):
# We use the path from the request filename to locate the correct template
# and start with the OAuth selection page if that authentication type is
# enabled. Otherwise we use the configured page type to decide.
if (captureSettings.get("authenticationType") == "ANY_OAUTH"):
name = req.filename[:req.filename.rindex('/')] + "/pickpage.html"
elif (captureSettings.get('pageType') == 'BASIC_LOGIN'):
name = req.filename[:req.filename.rindex('/')] + "/authpage.html"
elif (captureSettings.get('pageType') == 'BASIC_MESSAGE'):
name = req.filename[:req.filename.rindex('/')] + "/infopage.html"
elif (captureSettings.get('pageType') == 'CUSTOM'):
name = req.filename[:req.filename.rindex('/')] + "/custom_" + str(args['APPID']) + "/custom.html"
else:
page = "<html><head><title>Captive Portal Error</title></head><body><h2>Invalid Captive Portal configuration</h2></body></html>"
return(page)
webfile = open(name, "r")
page = webfile.read();
webfile.close()
if (not 'certificateDetection' in captureSettings):
captureSettings['certificateDetection'] = 'DISABLE_DETECTION'
if captureSettings['certificateDetection'] == 'CHECK_CERTIFICATE':
page = replace_marker(page,'$.SecureEndpointCheck.$','checkSecureEndpoint(false);')
elif captureSettings['certificateDetection'] == 'REQUIRE_CERTIFICATE':
page = replace_marker(page,'$.SecureEndpointCheck.$','checkSecureEndpoint(true);')
else:
page = replace_marker(page,'$.SecureEndpointCheck.$','')
if (captureSettings.get('pageType') == 'BASIC_LOGIN'):
page = replace_marker(page,'$.CompanyName.$', captureSettings.get('companyName'))
page = replace_marker(page,'$.PageTitle.$', captureSettings.get('basicLoginPageTitle'))
page = replace_marker(page,'$.WelcomeText.$', captureSettings.get('basicLoginPageWelcome'))
page = replace_marker(page,'$.MessageText.$', captureSettings.get('basicLoginMessageText'))
page = replace_marker(page,'$.UserLabel.$', captureSettings.get('basicLoginUsername'))
page = replace_marker(page,'$.PassLabel.$', captureSettings.get('basicLoginPassword'))
page = replace_marker(page,'$.FooterText.$', captureSettings.get('basicLoginFooter'))
if (captureSettings.get('pageType') == 'BASIC_MESSAGE'):
page = replace_marker(page,'$.CompanyName.$', captureSettings.get('companyName'))
page = replace_marker(page,'$.PageTitle.$', captureSettings.get('basicMessagePageTitle'))
page = replace_marker(page,'$.WelcomeText.$', captureSettings.get('basicMessagePageWelcome'))
page = replace_marker(page,'$.MessageText.$', captureSettings.get('basicMessageMessageText'))
page = replace_marker(page,'$.FooterText.$', captureSettings.get('basicMessageFooter'))
if (captureSettings.get('basicMessageAgreeBox') == True):
page = replace_marker(page,'$.AgreeText.$', captureSettings.get('basicMessageAgreeText'))
page = replace_marker(page,'$.AgreeBox.$','checkbox')
else:
page = replace_marker(page,'$.AgreeText.$', '')
page = replace_marker(page,'$.AgreeBox.$','hidden')
if (captureSettings.get('pageType') == 'CUSTOM'):
path = "/capture/custom_" + str(args['APPID'])
page = replace_marker(page,'$.CustomPath.$',path)
if (captureSettings.get("authenticationType") == "ANY_OAUTH"):
uvmContext = Uvm().getUvmContext()
networkSettings = uvmContext.networkManager().getNetworkSettings()
target = ""
port = None
if (captureSettings.get("alwaysUseSecureCapture" == True)):
target += "https://"
if (networkSettings.get('httpsPort') != 443):
port = str(httpsPort)
else:
target += "http://"
if (networkSettings.get('httpPort') != 80):
port = str(httpPort)
target += req.hostname
if (port != None):
target += ":"
target += port
target += "/capture/handler.py/index"
target += "?nonce=" + args['NONCE']
target += "&method=" + args['METHOD']
target += "&appid=" + args['APPID']
target += "&host=" + args['HOST']
target += "&uri=" + args['URI']
page = replace_marker(page,'$.GoogleState.$', urllib.quote(target + "&authmode=GOOGLE").encode('utf8'))
page = replace_marker(page,'$.FacebookState.$', urllib.quote(target + "&authmode=FACEBOOK").encode('utf8'))
page = replace_marker(page,'$.MicrosoftState.$', urllib.quote(target + "&authmode=MICROSOFT").encode('utf8'))
# plug the values into the hidden form fields of the authentication page
# page by doing search and replace for each of the placeholder text tags
page = replace_marker(page,'$.method.$', args['METHOD'])
page = replace_marker(page,'$.nonce.$', args['NONCE'])
page = replace_marker(page,'$.appid.$', args['APPID'])
page = replace_marker(page,'$.host.$', args['HOST'])
page = replace_marker(page,'$.uri.$', args['URI'])
# replace the text in the problem section with the agumented value
page = replace_marker(page,'$.ProblemText.$',extra)
# debug = create_debug(args,captureSettings)
debug = ""
page = replace_marker(page,'<!--DEBUG-->',debug)
# return the login page we just created
return(page)
def index(req):
# get the original destination and other arguments passed
# in the URL when the redirect was generated
args = split_args(req.args)
if (not 'AUTHCODE' in args): args['AUTHCODE'] = "Empty"
if (not 'AUTHMODE' in args): args['AUTHMODE'] = "Empty"
if (not 'METHOD' in args): args['METHOD'] = "Empty"
if (not 'NONCE' in args): args['NONCE'] = "Empty"
if (not 'APPID' in args): args['APPID'] = "Empty"
if (not 'HOST' in args): args['HOST'] = "Empty"
if (not 'URI' in args): args['URI'] = "Empty"
# load the configuration data
appid = args['APPID']
captureSettings = load_capture_settings(req, appid)
captureApp = None
authcode = args['AUTHCODE']
authmode = args['AUTHMODE']
if (authcode != "Empty"):
authenticationType = captureSettings.get("authenticationType")
uri_base = None
if authenticationType in OAUTH_TYPES:
ut = Uvm().getUvmContext().uriManager().getUriTranslationByHost(
"auth-relay.untangle.com")
port = ""
if ut['port'] != -1:
ut['port'] = ":" + str(ut['port'])
uri_base = ut['scheme'] + '://' + ut[
'host'] + port + "/cgi-bin/getClientToken?authPlatform={authPlatform}&authCode={authCode}"
if (authenticationType
== "GOOGLE") or ((authenticationType == "ANY_OAUTH") and
(authmode == "GOOGLE")):
# Here we call the relay server with the authcode that was returned to the client
# This will confirm the user is actually authenticated and return the email address
altres = urllib.urlopen(
str(
urlparse(
uri_base.format(
authPlatform=
"365238258169-6k7k0ett96gv2c8392b9e1gd602i88sr.apps.googleusercontent.com",
authCode=authcode)).geturl()))
altraw = altres.read()
if ("ERROR:" in altraw):
page = "<HTML><HEAD><TITLE>Login Failure</TITLE></HEAD><BODY><H1>" + altraw + "</H1></BODY></HTML>"
return (page)
nonce = args['NONCE']
host = args['HOST']
uri = args['URI']
raw = urllib.unquote(uri).decode('utf8')
address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None)
if captureApp == None:
captureApp = load_rpc_manager(appid)
captureApp.googleLogin(address, altraw)
redirectUrl = captureSettings.get('redirectUrl')
if (redirectUrl != None and len(redirectUrl) != 0
and (not redirectUrl.isspace())):
target = str(redirectUrl)
else:
if ((host == 'Empty') or (uri == 'Empty')):
page = "<HTML><HEAD><TITLE>Login Success</TITLE></HEAD><BODY><H1>Login Success</H1></BODY></HTML>"
return (page)
raw = urllib.unquote(uri).decode('utf8')
if (nonce == 'a1b2c3d4e5f6'):
target = str("https://" + host + raw)
else:
target = str("http://" + host + raw)
util.redirect(req, target)
return
if (authenticationType
== "FACEBOOK") or ((authenticationType == "ANY_OAUTH") and
(authmode == "FACEBOOK")):
# Here we call the relay server with the authcode that was returned to the client
# This will confirm the user is actually authenticated and return the email address
altres = urllib.urlopen(
str(
urlparse(
uri_base.format(authPlatform="1840471182948119",
authCode=authcode)).geturl()))
altraw = altres.read()
if ("ERROR:" in altraw):
page = "<HTML><HEAD><TITLE>Login Failure</TITLE></HEAD><BODY><H1>" + altraw + "</H1></BODY></HTML>"
return (page)
nonce = args['NONCE']
host = args['HOST']
uri = args['URI']
raw = urllib.unquote(uri).decode('utf8')
address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None)
if captureApp == None:
captureApp = load_rpc_manager(appid)
captureApp.facebookLogin(address, altraw)
redirectUrl = captureSettings.get('redirectUrl')
if (redirectUrl != None and len(redirectUrl) != 0
and (not redirectUrl.isspace())):
target = str(redirectUrl)
else:
if ((host == 'Empty') or (uri == 'Empty')):
page = "<HTML><HEAD><TITLE>Login Success</TITLE></HEAD><BODY><H1>Login Success</H1></BODY></HTML>"
return (page)
raw = urllib.unquote(uri).decode('utf8')
if (nonce == 'a1b2c3d4e5f6'):
target = str("https://" + host + raw)
else:
target = str("http://" + host + raw)
util.redirect(req, target)
return
if (authenticationType
== "MICROSOFT") or ((authenticationType == "ANY_OAUTH") and
(authmode == "MICROSOFT")):
# Here we call the relay server with the authcode that was returned to the client
# This will confirm the user is actually authenticated and return the email address
altres = urllib.urlopen(
str(
urlparse(
uri_base.format(
authPlatform="f8285e96-b240-4036-8ea5-f37cf6b981bb",
authCode=authcode)).geturl()))
altraw = altres.read()
if ("ERROR:" in altraw):
page = "<HTML><HEAD><TITLE>Login Failure</TITLE></HEAD><BODY><H1>" + altraw + "</H1></BODY></HTML>"
return (page)
nonce = args['NONCE']
host = args['HOST']
uri = args['URI']
raw = urllib.unquote(uri).decode('utf8')
address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None)
if captureApp == None:
captureApp = load_rpc_manager(appid)
captureApp.microsoftLogin(address, altraw)
redirectUrl = captureSettings.get('redirectUrl')
if (redirectUrl != None and len(redirectUrl) != 0
and (not redirectUrl.isspace())):
target = str(redirectUrl)
else:
if ((host == 'Empty') or (uri == 'Empty')):
page = "<HTML><HEAD><TITLE>Login Success</TITLE></HEAD><BODY><H1>Login Success</H1></BODY></HTML>"
return (page)
raw = urllib.unquote(uri).decode('utf8')
if (nonce == 'a1b2c3d4e5f6'):
target = str("https://" + host + raw)
else:
target = str("http://" + host + raw)
util.redirect(req, target)
return
# if configured for any OAuth provider create and return the selection page
if (captureSettings.get("authenticationType") == "ANY_OAUTH"):
page = generate_page(req, captureSettings, args)
return (page)
if captureSettings.get(
"sessionCookiesEnabled") == True and 'Cookie' in req.headers_in:
cookie = HandlerCookie(req)
if cookie.get_field("username") != None:
# Process cookie if exists.
address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None)
if captureApp == None:
captureApp = load_rpc_manager(appid)
if captureApp.isUserInCookieTable(address,
cookie.get_field("username")):
# User was found in expired cookie table.
captureApp.removeUserFromCookieTable(address)
cookie.expire()
elif ((cookie != None)
and (cookie.is_valid() == True) and (captureApp.userLogin(
address, cookie.get_field("username")) == 0)):
# Cookie checks out. Active them, let them through.
redirectUrl = captureSettings.get('redirectUrl')
if (redirectUrl != None and len(redirectUrl) != 0
and (not redirectUrl.isspace())):
target = str(redirectUrl)
else:
nonce = args['NONCE']
host = args['HOST']
uri = args['URI']
raw = urllib.unquote(uri).decode('utf8')
if ((host == 'Empty') or (uri == 'Empty')):
page = "<HTML><HEAD><TITLE>Login Success</TITLE></HEAD><BODY><H1>Login Success</H1></BODY></HTML>"
return (page)
if (nonce == 'a1b2c3d4e5f6'):
target = str("https://" + host + raw)
else:
target = str("http://" + host + raw)
util.redirect(req, target)
return
# if not using a custom capture page we generate and return a standard page
if (captureSettings.get('pageType') != 'CUSTOM'):
page = generate_page(req, captureSettings, args)
return (page)
# if we make it here they are using a custom page so we have to
# look to see if they are also using a custom.py script
rawpath = req.filename[:req.filename.rindex('/')] + "/custom_" + str(
args['APPID']) + "/"
webpath = "/capture/custom_" + str(args['APPID']) + "/"
# found a custom.py file so load it up, grab the index function reference
# and call the index function to generate the capture page
if (os.path.exists(rawpath + "custom.py")):
cust = import_file(rawpath + "custom.py")
if not cust:
raise Exception("Unable to locate or import custom.py")
func = getattr(cust, "index")
if not func:
raise Exception("Unable to locate index function in custom.py")
if not hasattr(func, '__call__'):
raise Exception(
"The index in custom.py is not a callable function")
page = func(req, rawpath, webpath, str(args['APPID']),
str(args['HOST']), str(args['URI']))
# no custom.py file so we generate the capture page ourselves
else:
page = generate_page(req, captureSettings, args)
# return the capture page we just created
return (page)
def generate_page(req, captureSettings, args, extra=''):
# We use the path from the request filename to locate the correct template
# and start with the OAuth selection page if that authentication type is
# enabled. Otherwise we use the configured page type to decide.
if (captureSettings.get("authenticationType") == "ANY_OAUTH"):
name = req.filename[:req.filename.rindex('/')] + "/pickpage.html"
elif (captureSettings.get('pageType') == 'BASIC_LOGIN'):
name = req.filename[:req.filename.rindex('/')] + "/authpage.html"
elif (captureSettings.get('pageType') == 'BASIC_MESSAGE'):
name = req.filename[:req.filename.rindex('/')] + "/infopage.html"
elif (captureSettings.get('pageType') == 'CUSTOM'):
name = req.filename[:req.filename.rindex('/')] + "/custom_" + str(
args['APPID']) + "/custom.html"
else:
page = "<html><head><title>Captive Portal Error</title></head><body><h2>Invalid Captive Portal configuration</h2></body></html>"
return (page)
webfile = open(name, "r")
page = webfile.read()
webfile.close()
if (not 'certificateDetection' in captureSettings):
captureSettings['certificateDetection'] = 'DISABLE_DETECTION'
if captureSettings['certificateDetection'] == 'CHECK_CERTIFICATE':
page = replace_marker(page, '$.SecureEndpointCheck.$',
'checkSecureEndpoint(false);')
elif captureSettings['certificateDetection'] == 'REQUIRE_CERTIFICATE':
page = replace_marker(page, '$.SecureEndpointCheck.$',
'checkSecureEndpoint(true);')
else:
page = replace_marker(page, '$.SecureEndpointCheck.$', '')
if (captureSettings.get('pageType') == 'BASIC_LOGIN'):
page = replace_marker(page, '$.CompanyName.$',
captureSettings.get('companyName'))
page = replace_marker(page, '$.PageTitle.$',
captureSettings.get('basicLoginPageTitle'))
page = replace_marker(page, '$.WelcomeText.$',
captureSettings.get('basicLoginPageWelcome'))
page = replace_marker(page, '$.MessageText.$',
captureSettings.get('basicLoginMessageText'))
page = replace_marker(page, '$.UserLabel.$',
captureSettings.get('basicLoginUsername'))
page = replace_marker(page, '$.PassLabel.$',
captureSettings.get('basicLoginPassword'))
page = replace_marker(page, '$.FooterText.$',
captureSettings.get('basicLoginFooter'))
if (captureSettings.get('pageType') == 'BASIC_MESSAGE'):
page = replace_marker(page, '$.CompanyName.$',
captureSettings.get('companyName'))
page = replace_marker(page, '$.PageTitle.$',
captureSettings.get('basicMessagePageTitle'))
page = replace_marker(page, '$.WelcomeText.$',
captureSettings.get('basicMessagePageWelcome'))
page = replace_marker(page, '$.MessageText.$',
captureSettings.get('basicMessageMessageText'))
page = replace_marker(page, '$.FooterText.$',
captureSettings.get('basicMessageFooter'))
if (captureSettings.get('basicMessageAgreeBox') == True):
page = replace_marker(page, '$.AgreeText.$',
captureSettings.get('basicMessageAgreeText'))
page = replace_marker(page, '$.AgreeBox.$', 'checkbox')
else:
page = replace_marker(page, '$.AgreeText.$', '')
page = replace_marker(page, '$.AgreeBox.$', 'hidden')
if (captureSettings.get('pageType') == 'CUSTOM'):
path = "/capture/custom_" + str(args['APPID'])
page = replace_marker(page, '$.CustomPath.$', path)
if (captureSettings.get("authenticationType") == "ANY_OAUTH"):
uvmContext = Uvm().getUvmContext()
networkSettings = uvmContext.networkManager().getNetworkSettings()
target = ""
port = None
if (captureSettings.get("alwaysUseSecureCapture" == True)):
target += "https://"
if (networkSettings.get('httpsPort') != 443):
port = str(networkSettings.get('httpsPort'))
else:
target += "http://"
if (networkSettings.get('httpPort') != 80):
port = str(networkSettings.get('httpPort'))
target += req.hostname
if (port != None):
target += ":"
target += port
target += "/capture/handler.py/index"
target += "?nonce=" + args['NONCE']
target += "&method=" + args['METHOD']
target += "&appid=" + args['APPID']
target += "&host=" + args['HOST']
target += "&uri=" + args['URI']
page = replace_marker(
page, '$.GoogleState.$',
urllib.quote(target + "&authmode=GOOGLE").encode('utf8'))
page = replace_marker(
page, '$.FacebookState.$',
urllib.quote(target + "&authmode=FACEBOOK").encode('utf8'))
page = replace_marker(
page, '$.MicrosoftState.$',
urllib.quote(target + "&authmode=MICROSOFT").encode('utf8'))
page = replace_marker(
page, '$.AuthRelayUri.$',
uvmContext.uriManager().getUri(
"https://auth-relay.untangle.com/callback.php"))
# plug the values into the hidden form fields of the authentication page
# page by doing search and replace for each of the placeholder text tags
page = replace_marker(page, '$.method.$', args['METHOD'])
page = replace_marker(page, '$.nonce.$', args['NONCE'])
page = replace_marker(page, '$.appid.$', args['APPID'])
page = replace_marker(page, '$.host.$', args['HOST'])
page = replace_marker(page, '$.uri.$', args['URI'])
# replace the text in the problem section with the agumented value
page = replace_marker(page, '$.ProblemText.$', extra)
# debug = create_debug(args,captureSettings)
debug = ""
page = replace_marker(page, '<!--DEBUG-->', debug)
# return the login page we just created
return (page)
vpnServerVpnLanIP = "192.168.235.96"
# special box with testshell in the sudoer group - used to connect to vpn as client
vpnClientVpnIP = "10.111.5.20"
testServerHost = 'test.untangle.com'
testServerIp = socket.gethostbyname(testServerHost)
ftpServer = socket.gethostbyname(testServerHost)
# Servers running remote syslog
listSyslogServer = '10.111.5.20'
accountFileServer = "10.111.56.29"
accountFile = "/tmp/account_login.json"
uvmContext = Uvm().getUvmContext(timeout=120)
uvmContextLongTimeout = Uvm().getUvmContext(timeout=300)
prefix = "@PREFIX@"
test_start_time = None
def get_public_ip_address(base_URL="test.untangle.com",
extra_options="",
localcall=False):
timeout = 4
result = ""
while result == "" and timeout > 0:
timeout -= 1
if localcall:
result = subprocess.check_output(