def doPreauth():
result = None
POSTVarsNames = [ ]
hotspotType = getHotspotType(request)
#FIX. Must be changed
if hotspotType == 'mikrotik':
POSTVarsNames = MT_PREAUTH_VARS
elif hotspotType == 'ubiquity':
POSTVarsNames = UNI_PREAUTH_VARS
elif hotspotType == 'aruba':
POSTVarsNames = ARUBA_PREAUTH_VARS
elif hotspotType == 'ruckus':
POSTVarsNames = RUCKUS_PREAUTH_VARS
elif hotspotType == 'openwrt':
POSTVarsNames = OPENWRT_PREAUTH_VARS
elif hotspotType == 'outage': #test case
hotspotType = None
POSTVarsNames = MT_PREAUTH_VARS
session['hotspotType'] = hotspotType
session['POSTVarsNames'] = POSTVarsNames
varsOk = preauthGoodVars(request)
session['model'] = getPreauthModel(request) #getPreauthModel
if hotspotType is not None:
waitTime = idleCheck(request)
if waitTime != False and waitTime:
extradata = {'wait_time': waitTime}
logIt( app.logger.debug, DEB_PREFIX, 'render idle template' )
return render_template('preauth_idle.html', extradata = extradata)
if doSaveSessionData(request) != True:
logIt( app.logger.debug, DEB_PREFIX, 'Can\'t save session. Render error template' )
return render_template('error.html')
extradata = session['model']
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render preauth template' )
return render_template('preauth.html', extradata = extradata, url = app.config.get('SHOPSTER_URL'), hotspottype = hotspotType )
elif varsOk: #didnt get hotspot type and vars are ok then shopster system is down
logIt( app.logger.debug, DEB_PREFIX, 'Auth service is down. Render outage template' )
result = render_template('shopster_outage.html')
return result
logIt( app.logger.debug, DEB_PREFIX, 'Default exit. Render error template' )
return render_template('error.html')
def checkHotspotType( typeObj, request):
logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )
result = None
typeName = typeObj.get( 'type', None )
for varName in typeObj.get( 'attrs' ):
if request.values.get( varName, default = None ) == None:
return result
result = typeName
logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
return result
def preauthGoodVars(request):
result = False
logIt ( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )
POSTVarsNames = session.get( 'POSTVarsNames', None )
for POSTVarName in POSTVarsNames:
POSTVarValue = request.values.get(POSTVarName, None)
if POSTVarValue == None:
logIt( app.logger.warning, DEB_PREFIX, ' input var {0} check failed'.format( POSTVarName) )
return result
if len( POSTVarsNames ):
result = True
logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
return result
def getHotspotType(request):
logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )
result = None
ds = app.config.get('PREAUTH_TYPE_DS', None)
if ds == None:
logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
return result
for typeObj in ds:
hotspotType = checkHotspotType( typeObj, request )
if hotspotType != None:
result = hotspotType
break
logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
return result
def getHotspotType_old(request):
result = None
h_id = None
logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )
if request.method == 'POST':
h_id = request.values.get('hotspot_id', None)
elif request.method == 'GET':
idNames = [ 'ap', 'apname', 'called', 'mac' ]
for idName in idNames:
try:
h_id = request.args[idName]
break
except KeyError:
continue
#test cases
if h_id == 'outage':
logIt( app.logger.debug, DEB_PREFIX, 'TEST CASE shopster is down' )
result = 'outage'
elif h_id == '44:d9:e7:48:81:63' or h_id == '44:d9:e7:48:84:74':
result = 'ubiquity'
elif h_id == 'ac:a3:1e:c5:8c:7c':
result = 'aruba'
elif h_id == '6caab339afe0':
result = 'ruckus'
elif h_id == '90-F6-52-5B-73-F4':
result = 'openwrt'
elif h_id == '00:10:FF:01:BE:5D':
result = 'cisco'
elif h_id != None and request.method == 'POST':
result = 'mikrotik'
logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
return result
def doSaveSessionData(request):
result = False
h = app.config.get('DB_HOST')
d = app.config.get('DB_NAME')
u = app.config.get('DB_USER')
p = app.config.get('DB_PASS')
# model = getPreauthModel(request)
model = session.get( 'model' )
logIt ( app.logger.debug, DEB_PREFIX, 'normalized args from model', model )
if model == None:
logIt( app.logger.error, DEB_PREFIX, 'model is empty')
logIt( app.logger.debug, DEB_PREFIX, 'result', result )
return result
userMAC = userName = model.get('client_id', None)
hotspotID = model.get('hotspot_id', None)
entrypointID = model.get('entrypoint_id', None)
originalURL = model.get('original_url', None)
hotspotLoginURL = model.get('hotspot_login_url', None)
passWord = genPass()
if None in ( userName, passWord, hotspotID, entrypointID, originalURL, hotspotLoginURL ):
logIt( app.logger.error, DEB_PREFIX, 'not enough data in the model')
logIt( app.logger.debug, DEB_PREFIX, 'result', result )
return result
# Future db upserts depend on data we upsert now. So we commit after the first chunk.
try:
c = connect(host = h, user = u, password = p, database = d)
cursor = c.cursor()
cursor.execute('UPDATE charon_clients\
SET last_action_timestamp=now()\
WHERE client_id=%s AND hotspot_id=%s;',
(userMAC, hotspotID)
)
cursor.execute('INSERT INTO charon_clients\
(client_id,hotspot_id,entrypoint_id)\
SELECT %s,%s,%s WHERE NOT EXISTS (SELECT 1 FROM charon_clients WHERE client_id=%s AND hotspot_id=%s);',
(userMAC, hotspotID, entrypointID, userMAC, hotspotID)
)
c.commit()
except pgError as e:
logIt( app.logger.error, DEB_PREFIX, 'database exception', str(e) )
c.close()
return result
try:
cursor.execute('UPDATE charon_authentication\
SET username=%s, password=%s\
WHERE client_id=%s AND hotspot_id=%s;',
(userName, passWord, userMAC, hotspotID)
)
cursor.execute('INSERT INTO charon_authentication\
(username,password,client_id,hotspot_id)\
SELECT %s,%s,%s,%s WHERE NOT EXISTS\
(SELECT 1 FROM charon_authentication\
WHERE client_id = %s and hotspot_id = %s);',
(userName, passWord, userMAC, hotspotID, userMAC, hotspotID)
)
cursor.execute('UPDATE charon_urls\
SET origin_url=%s,hotspot_login_url=%s\
WHERE client_id=%s AND hotspot_id=%s;',
(originalURL, hotspotLoginURL, userMAC, hotspotID)
)
cursor.execute('INSERT INTO charon_urls\
(origin_url,hotspot_login_url,client_id,hotspot_id)\
SELECT %s,%s,%s,%s WHERE NOT EXISTS\
(SELECT 1 FROM charon_urls\
WHERE client_id = %s and hotspot_id = %s);',
(originalURL, hotspotLoginURL, userMAC, hotspotID, userMAC, hotspotID)
)
c.commit()
result = True
except pgError as e:
logIt( app.logger.error, DEB_PREFIX, 'database exception', str(e) )
finally:
c.close()
logIt( app.logger.debug, DEB_PREFIX, 'result', result )
return result
def getFormData(request):
h = app.config.get('DB_HOST')
d = app.config.get('DB_NAME')
u = app.config.get('DB_USER')
p = app.config.get('DB_PASS')
result = None
model = session.get('model')
logIt ( app.logger.debug, DEB_PREFIX, 'normalized args from model', model )
clientID = model.get('client_id')
hotspotID = model.get('hotspot_id')
if None in ( clientID, hotspotID):
logIt( app.logger.debug, DEB_PREFIX, 'returns', result )
return result
try:
c = connect(host = h, user = u, password = p, database = d)
cursor = c.cursor()
cursor.execute( 'SELECT * FROM charon_postauth_getformdata(%s,%s) as (a varchar,b varchar,c varchar,d varchar,e varchar);',\
(clientID, hotspotID),
)
row = cursor.fetchone()
if not row:
c.close()
result = None
logIt( app.logger.error, DEB_PREFIX, 'session data not found', result )
logIt( app.logger.debug, DEB_PREFIX, 'returns', result )
return result
result = {}
(result['username'], result['password'],\
result['origin_url'], result['hotspot_login_url'], result['session_hash']) \
= row
c.close()
#redirect URL crafting
st = '{0}?session_hash={1}&origin_url={2}'.format(\
app.config.get('POSTPOSTAUTH_URL'), result['session_hash'], result['origin_url']\
)
result['origin_url'] = st
except pgError as e:
logIt( app.logger.error, DEB_PREFIX, 'db exception', str(e) )
logIt( app.logger.debug, DEB_PREFIX, 'returns', result )
return result
def doPostPostauth():
logIt( app.logger.debug, DEB_PREFIX, 'request args', request.values.to_dict(flat = False) )
hotspotType = session.get('hotspotType')
logIt( app.logger.debug, DEB_PREFIX, 'hotspot type is', hotspotType )
waitTime = idleCheck(request)
if waitTime != False and waitTime:
extradata = {'wait_time': waitTime}
return render_template('postpostauth_idle.html', extradata = extradata)
model = session.get('model', None)
#if model != None
formData = getFormData(request)
if None not in ( formData, model ) and idleCheck(request) == 0:
if hotspotType == 'mikrotik':
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render mikrotik template' )
return render_template('postpostauth_mikrotik.html', formdata = formData)
if hotspotType == 'aruba':
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render aruba template' )
return render_template('postpostauth_aruba.html', formdata = formData)
if hotspotType == 'openwrt':
openwrtSecret = app.config.get('OPENWRT_SECRET_KEY')
challAsBinString = unhexlify( model.get('challenge') )
#md5 digest of a concatenated challenge sent by chilli and chilli uamsecret setting.
challWithSecret = md5( '{}{}'.format( challAsBinString, openwrtSecret ) ).digest()
passLen = len( formData.get('password') )
#16 bytes aligned password
alignedPass = '******'.format( formData.get('password'), '\x00' * ( HASH_LEN - passLen ) )
xoredPass = xorString( alignedPass, challWithSecret )
url = 'http://{}:{}/logon?username={}&password={}&userurl={}'.format(
formData.get('hotspot_login_url'), model.get('uamport'),
formData.get('username'), hexlify( xoredPass ),
formData.get('origin_url')
)
logIt( app.logger.debug, DEB_PREFIX, 'challWithSecret is {}'.format( hexlify( challWithSecret ) ) )
logIt( app.logger.debug, DEB_PREFIX, 'aligned pass is {}'.format( hexlify( alignedPass ) ) )
logIt( app.logger.debug, DEB_PREFIX, 'xored pass is {}'.format( hexlify( xoredPass ) ) )
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render openwrt template' )
return render_template('postpostauth_openwrt.html', url = url )
if hotspotType == 'ubiquity':
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ubiquity template' )
return render_template('postpostauth_ubiquity.html', url = formData.get('origin_url') )
if hotspotType == 'cisco':
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render cisco template' )
return render_template('postpostauth_cisco.html', formdata = formData )
if hotspotType == 'ruckus' and not session.get('zone_director_passed'):
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ruckus intermediate template' )
return render_template('postpostauth_ruckus.html',\
url = 'http://{0}:9997/login?username={1}&password={2}'.format( formData.get('hotspot_login_url'),
formData.get('username'), formData.get('password') )
)
elif hotspotType == 'ruckus':
session['zone_director_passed'] = False
r = make_response(
render_template( 'postpostauth_ruckus.html', url = formData.get('origin_url') )
)
logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ruckus intermediate template' )
return r
logIt( app.logger.debug, DEB_PREFIX, 'Default exit. Render error template' )
return render_template('error.html')