profxadke/captive.whump.shanti-portal
1
0
Fork 0
mirror of https://codeberg.org/prof_x_pvt_ltd/captive.whump.shanti-portal synced 2024-08-14 22:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

support for using a wrapper script.

Browse source
This commit is contained in:
Stefan Midjich 2016-12-08 14:25:45 +01:00
parent fb5d7b1261
commit 0ff80fb629
1 changed files with 23 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

47
plugins/iptables.py
View file

@ -1,4 +1,7 @@
# Add an iptables rule # Add an iptables rule
# This actually runs a command, so you can either define an iptables
# command or a script. See the plugins.cfg for the options that are
# replaced into the command line.
import re import re
import socket import socket
@ -13,9 +16,11 @@ except ImportError:
from portal import logHandler, logFormatter from portal import logHandler, logFormatter
# Try to import arping for mac_from_ip() # Try to import arping for mac_from_ip()
use_arping = True
try: try:
from sh import arping from sh import arping
except ImportError: except ImportError:
use_arping = False
pass pass
# By default run iptables through sudo, so the worker process must run with # By default run iptables through sudo, so the worker process must run with
@ -38,6 +43,7 @@ def run(arg):
l.setLevel(DEBUG) l.setLevel(DEBUG)
l.debug('debug logging enabled') l.debug('debug logging enabled')
# Get client IP from webapp
client_ip = environ.get( client_ip = environ.get(
'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED_FOR',
environ.get('REMOTE_ADDR') environ.get('REMOTE_ADDR')
@ -46,7 +52,7 @@ def run(arg):
error_msg = None error_msg = None
iptables_failed = False iptables_failed = False
# Verify IP # Verify client IP
try: try:
socket.inet_aton(client_ip) socket.inet_aton(client_ip)
except socket.error: except socket.error:
@ -56,19 +62,20 @@ def run(arg):
'failed': True 'failed': True
} }
# Attempt to get client HW address first. # Attempt to get client HW address with arping
try: if use_arping:
client_mac = mac_from_ip( try:
l, client_mac = mac_from_ip(
config.get('iptables', 'arping'), l,
client_ip config.get('iptables', 'arping'),
) client_ip
except Exception as e: )
l.warn('Failed to get client HW address: {error}'.format( except Exception as e:
error=str(e) l.warn('Failed to get client HW address: {error}'.format(
)) error=str(e)
error_msg = str(e) ))
pass error_msg = str(e)
pass
# If HW address was found, use it now. # If HW address was found, use it now.
if client_mac and config.getboolean('iptables', 'use_mac'): if client_mac and config.getboolean('iptables', 'use_mac'):
@ -85,14 +92,10 @@ def run(arg):
output = BytesIO() output = BytesIO()
error = BytesIO() error = BytesIO()
try: try:
rc = sudo.iptables(iptables_mac, _out=output, _err=error) rc = sudo(iptables_mac, _out=output, _err=error)
if rc.exit_code == 0: if rc.exit_code == 0:
l.debug('Created iptables MAC rule successfully') l.debug('Created iptables MAC rule successfully')
return {
'error': error_msg,
'failed': False
}
except ErrorReturnCode: except ErrorReturnCode:
error.seek(0) error.seek(0)
error_msg = error.read() error_msg = error.read()
@ -125,14 +128,10 @@ def run(arg):
output = BytesIO() output = BytesIO()
error = BytesIO() error = BytesIO()
try: try:
rc = sudo.iptables(iptables_ip, _out=output, _err=error) rc = sudo(iptables_ip, _out=output, _err=error)
if rc.exit_code == 0: if rc.exit_code == 0:
l.debug('Created iptables IP rule successfully') l.debug('Created iptables IP rule successfully')
return {
'error': error_msg,
'failed': False
}
except ErrorReturnCode: except ErrorReturnCode:
error.seek(0) error.seek(0)
error_msg = error.read() error_msg = error.read()