コード例 #1
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def doPreauth():

    result = None
    POSTVarsNames = [ ]

    hotspotType = getHotspotType(request)

    #FIX. Must be changed
    if hotspotType == 'mikrotik':
        POSTVarsNames = MT_PREAUTH_VARS
    elif hotspotType == 'ubiquity':    
        POSTVarsNames = UNI_PREAUTH_VARS         
    elif hotspotType == 'aruba':    
        POSTVarsNames = ARUBA_PREAUTH_VARS  
    elif hotspotType == 'ruckus':    
        POSTVarsNames = RUCKUS_PREAUTH_VARS 
    elif hotspotType == 'openwrt':    
        POSTVarsNames = OPENWRT_PREAUTH_VARS 
    elif hotspotType == 'outage': #test case
        hotspotType = None
        POSTVarsNames = MT_PREAUTH_VARS

    session['hotspotType'] = hotspotType    
    session['POSTVarsNames'] = POSTVarsNames    

    varsOk = preauthGoodVars(request) 
    session['model'] = getPreauthModel(request)        #getPreauthModel

    if hotspotType is not None:        
        waitTime = idleCheck(request)
        
        if waitTime != False and waitTime:
            extradata = {'wait_time': waitTime}
            logIt( app.logger.debug, DEB_PREFIX, 'render idle template' )
            return render_template('preauth_idle.html', extradata = extradata)

        if doSaveSessionData(request) != True:
            logIt( app.logger.debug, DEB_PREFIX, 'Can\'t save session. Render error template' )    
            return render_template('error.html') 

        extradata = session['model']
        logIt( app.logger.debug, DEB_PREFIX, 'OK. Render preauth template' )
        return render_template('preauth.html', extradata = extradata, url = app.config.get('SHOPSTER_URL'), hotspottype = hotspotType )

    elif varsOk:                                #didnt get hotspot type and vars are ok then shopster system is down
        logIt( app.logger.debug, DEB_PREFIX, 'Auth service is down. Render outage template' )
        result = render_template('shopster_outage.html')
        return result

    logIt( app.logger.debug, DEB_PREFIX, 'Default exit. Render error template' )    
    return render_template('error.html')
コード例 #2
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def checkHotspotType( typeObj, request):

    logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )

    result = None
    typeName = typeObj.get( 'type', None )     
    for varName in typeObj.get( 'attrs' ):
        if request.values.get( varName, default = None ) == None:
            return result
                    
    result = typeName
    logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )

    return result
コード例 #3
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def preauthGoodVars(request):

    result = False

    logIt ( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) ) 

    POSTVarsNames = session.get( 'POSTVarsNames', None )
    for POSTVarName in POSTVarsNames:
            POSTVarValue = request.values.get(POSTVarName, None)            
            if POSTVarValue == None:
                logIt( app.logger.warning, DEB_PREFIX, ' input var {0} check failed'.format( POSTVarName) )
                return result
    if len( POSTVarsNames ):
        result = True        

    logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )

    return result
コード例 #4
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def getHotspotType(request):

    logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )

    result = None
    ds = app.config.get('PREAUTH_TYPE_DS', None)
    if ds == None:
        logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )
        return result

    for typeObj in ds:
        hotspotType = checkHotspotType( typeObj, request )
        if hotspotType != None:
            result = hotspotType
            break      

    logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )

    return result 
コード例 #5
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def getHotspotType_old(request):

    result = None
    h_id = None

    logIt( app.logger.debug, DEB_PREFIX, ' request args ', request.values.to_dict(flat = False) )

    if request.method == 'POST':
        h_id = request.values.get('hotspot_id', None)
    elif request.method == 'GET':
        idNames = [ 'ap', 'apname', 'called', 'mac' ]
        for idName in idNames:
            try:
                h_id = request.args[idName]
                break
            except KeyError:
                continue
        
    #test cases    
    if h_id == 'outage':
        logIt( app.logger.debug, DEB_PREFIX, 'TEST CASE shopster is down' )
        result = 'outage'
    elif h_id == '44:d9:e7:48:81:63' or h_id == '44:d9:e7:48:84:74':
        result = 'ubiquity'
    elif h_id == 'ac:a3:1e:c5:8c:7c':
        result = 'aruba'
    elif h_id == '6caab339afe0':
        result = 'ruckus'
    elif h_id == '90-F6-52-5B-73-F4':
        result = 'openwrt'
    elif h_id == '00:10:FF:01:BE:5D':
        result = 'cisco'
    elif h_id != None and request.method == 'POST':
        result = 'mikrotik'

    logIt( app.logger.debug, DEB_PREFIX, ' returns ', result )

    return result 
コード例 #6
0
ファイル: preauth.py プロジェクト: drrtuy/charon
def doSaveSessionData(request):

    result = False

    h = app.config.get('DB_HOST')
    d = app.config.get('DB_NAME')
    u = app.config.get('DB_USER') 
    p = app.config.get('DB_PASS')

#   model = getPreauthModel(request)
    model = session.get( 'model' )
    logIt ( app.logger.debug, DEB_PREFIX, 'normalized args from model', model ) 

    if model == None:
        logIt( app.logger.error, DEB_PREFIX, 'model is empty')
        logIt( app.logger.debug, DEB_PREFIX, 'result', result )
        return result

    userMAC = userName = model.get('client_id', None)
    hotspotID = model.get('hotspot_id', None)
    entrypointID = model.get('entrypoint_id', None)
    originalURL = model.get('original_url', None)
    hotspotLoginURL = model.get('hotspot_login_url', None) 
    passWord = genPass()
    
    if None in ( userName, passWord, hotspotID, entrypointID, originalURL, hotspotLoginURL ):
        logIt( app.logger.error, DEB_PREFIX, 'not enough data in the model')
        logIt( app.logger.debug, DEB_PREFIX, 'result', result )
        return result

    # Future db upserts depend on data we upsert now. So we commit after the first chunk.    
    try:
        c = connect(host = h, user = u, password = p, database = d)
        cursor = c.cursor()
        cursor.execute('UPDATE charon_clients\
                SET last_action_timestamp=now()\
                WHERE client_id=%s AND hotspot_id=%s;', 
                (userMAC, hotspotID)
            )
        cursor.execute('INSERT INTO charon_clients\
            (client_id,hotspot_id,entrypoint_id)\
            SELECT %s,%s,%s WHERE NOT EXISTS (SELECT 1 FROM charon_clients WHERE client_id=%s AND hotspot_id=%s);',
            (userMAC, hotspotID, entrypointID, userMAC, hotspotID)
        )
        
        c.commit()
    except pgError as e:
        logIt( app.logger.error, DEB_PREFIX, 'database exception', str(e) )
        c.close()
        return result
        
    try:
        cursor.execute('UPDATE charon_authentication\
            SET username=%s, password=%s\
            WHERE client_id=%s AND hotspot_id=%s;',
            (userName, passWord, userMAC, hotspotID)
        )
        cursor.execute('INSERT INTO charon_authentication\
            (username,password,client_id,hotspot_id)\
            SELECT %s,%s,%s,%s WHERE NOT EXISTS\
                (SELECT 1 FROM charon_authentication\
                WHERE client_id = %s and hotspot_id = %s);', 
            (userName, passWord, userMAC, hotspotID, userMAC, hotspotID)
        )
        cursor.execute('UPDATE charon_urls\
            SET origin_url=%s,hotspot_login_url=%s\
            WHERE client_id=%s AND hotspot_id=%s;',
            (originalURL, hotspotLoginURL, userMAC, hotspotID)
        )
        cursor.execute('INSERT INTO charon_urls\
            (origin_url,hotspot_login_url,client_id,hotspot_id)\
            SELECT %s,%s,%s,%s WHERE NOT EXISTS\
                (SELECT 1 FROM charon_urls\
                WHERE client_id = %s and hotspot_id = %s);', 
            (originalURL, hotspotLoginURL, userMAC, hotspotID, userMAC, hotspotID)
        )
        c.commit()
        result = True
    except pgError as e:
        logIt( app.logger.error, DEB_PREFIX, 'database exception', str(e) )
    finally:
        c.close()

    logIt( app.logger.debug, DEB_PREFIX, 'result', result )

    return result
コード例 #7
0
ファイル: postpostauth.py プロジェクト: drrtuy/charon
def getFormData(request):
    h = app.config.get('DB_HOST')
    d = app.config.get('DB_NAME')
    u = app.config.get('DB_USER') 
    p = app.config.get('DB_PASS')

    result = None
      
    model = session.get('model')
    logIt ( app.logger.debug, DEB_PREFIX, 'normalized args from model', model )

    clientID = model.get('client_id')
    hotspotID = model.get('hotspot_id')

    if None in ( clientID, hotspotID):
        logIt( app.logger.debug, DEB_PREFIX, 'returns', result )
        return result

    try:
        c = connect(host = h, user = u, password = p, database = d)
        cursor = c.cursor()
      
        cursor.execute( 'SELECT * FROM charon_postauth_getformdata(%s,%s) as (a varchar,b varchar,c varchar,d varchar,e varchar);',\
            (clientID, hotspotID),
        )

        row = cursor.fetchone()
        if not row:
            c.close()
            result = None
            logIt( app.logger.error, DEB_PREFIX, 'session data not found', result )
            logIt( app.logger.debug, DEB_PREFIX, 'returns', result )
            return result

        result = {}
        (result['username'], result['password'],\
        result['origin_url'], result['hotspot_login_url'], result['session_hash']) \
        = row 
        c.close()
        
        #redirect URL crafting
        st =  '{0}?session_hash={1}&origin_url={2}'.format(\
            app.config.get('POSTPOSTAUTH_URL'), result['session_hash'], result['origin_url']\
        ) 
    
        result['origin_url'] = st

    except pgError as e:
        logIt( app.logger.error, DEB_PREFIX, 'db exception', str(e) )       

    logIt( app.logger.debug, DEB_PREFIX, 'returns', result )

    return result
コード例 #8
0
ファイル: postpostauth.py プロジェクト: drrtuy/charon
def doPostPostauth():

    logIt( app.logger.debug, DEB_PREFIX, 'request args', request.values.to_dict(flat = False) )

    hotspotType = session.get('hotspotType')

    logIt( app.logger.debug, DEB_PREFIX, 'hotspot type is', hotspotType )    

    waitTime = idleCheck(request)
    
    if waitTime != False and waitTime:
        extradata = {'wait_time': waitTime}
        return render_template('postpostauth_idle.html', extradata = extradata)            

    model = session.get('model', None)
    
    #if model != None
    formData = getFormData(request)

    if None not in ( formData, model ) and idleCheck(request) == 0:
        if hotspotType == 'mikrotik':
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render mikrotik template' )            
            return render_template('postpostauth_mikrotik.html', formdata = formData)

        if hotspotType == 'aruba':
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render aruba template' )
            return render_template('postpostauth_aruba.html', formdata = formData)

        if hotspotType == 'openwrt':
            openwrtSecret = app.config.get('OPENWRT_SECRET_KEY')
            challAsBinString = unhexlify( model.get('challenge') )
            #md5 digest of a concatenated challenge sent by chilli and chilli uamsecret setting.              
            challWithSecret =  md5( '{}{}'.format( challAsBinString, openwrtSecret ) ).digest()
            passLen = len( formData.get('password') )
            #16 bytes aligned password
            alignedPass = '******'.format( formData.get('password'), '\x00' * ( HASH_LEN - passLen ) )            
            xoredPass = xorString( alignedPass, challWithSecret )
            url = 'http://{}:{}/logon?username={}&password={}&userurl={}'.format( 
                formData.get('hotspot_login_url'), model.get('uamport'),
                formData.get('username'), hexlify( xoredPass ),
                formData.get('origin_url')
            )
            logIt( app.logger.debug, DEB_PREFIX, 'challWithSecret is {}'.format( hexlify( challWithSecret ) ) )
            logIt( app.logger.debug, DEB_PREFIX, 'aligned pass is {}'.format( hexlify( alignedPass ) ) )
            logIt( app.logger.debug, DEB_PREFIX, 'xored pass is {}'.format( hexlify( xoredPass ) ) )
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render openwrt template' )
            return render_template('postpostauth_openwrt.html', url = url ) 

        if hotspotType == 'ubiquity':
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ubiquity template' )
            return render_template('postpostauth_ubiquity.html', url = formData.get('origin_url') )           

        if hotspotType == 'cisco':
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render cisco template' )
            return render_template('postpostauth_cisco.html', formdata = formData )

        if hotspotType == 'ruckus' and not session.get('zone_director_passed'):
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ruckus intermediate template' )
            return render_template('postpostauth_ruckus.html',\
               url = 'http://{0}:9997/login?username={1}&password={2}'.format( formData.get('hotspot_login_url'), 
                formData.get('username'), formData.get('password') )
            )
               
        elif hotspotType == 'ruckus':
            session['zone_director_passed'] = False                   
            r = make_response( 
                    render_template( 'postpostauth_ruckus.html', url = formData.get('origin_url') ) 
            )
            logIt( app.logger.debug, DEB_PREFIX, 'OK. Render ruckus intermediate template' )
            return r                
    logIt( app.logger.debug, DEB_PREFIX, 'Default exit. Render error template' )    
 
    return render_template('error.html')