diff options
| author | Katze Miau <miaukatzemiau@priveasy.de> | 2011-12-20 16:30:27 (GMT) |
|---|---|---|
| committer | Katze Miau <miaukatzemiau@priveasy.de> | 2011-12-20 16:30:27 (GMT) |
| commit | 8ebdb23cff88abd518c8f631eb5e8cc65036d08e (patch) | |
| tree | e223ba0259f69ff66d239cc498eedc6944d62f91 /files/common/www/service/cgi-bin/splash_click | |
| parent | 2c089f72e227ec7229709c7903d322ef42986abd (diff) | |
reintegrate splash
- add cronjob for splash_sync (every minute for debugging; to be
increased)
- add redirection for unsplashed users in queen.enter, remove it in
queen.leave
- add /etc/splash.sh to centralize functionality used in
/sbin/splash_sync and /www/service/*splash*
- make splash_sync to use a transactional update approach: insert
iptable rules for all splashed MACs into a new chain, then replace
old and new chain; this avoids downtime even if splash_sync is slow
- remove allowed services for splashed users; this is intended to not
move old cruft over to new code; if any of the those services shall
be reenabled, it should happen in /etc/firewall.user
- make /sbin/splash_sync aware of the current state of FSM inetable
(read via /sbin/fsm with optional command line override); this
allows to unconditionally call splash_sync via cron
- add locks to all places where the splash state is touched
- remove multiple escaping/quoting/encoding problems in splash cgi
scripts
- reenable link to the page the user initially demanded in
/www/service/cgi-bin/splash_click
Diffstat (limited to 'files/common/www/service/cgi-bin/splash_click')
| -rwxr-xr-x | files/common/www/service/cgi-bin/splash_click | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/files/common/www/service/cgi-bin/splash_click b/files/common/www/service/cgi-bin/splash_click index d08af6a..d7e3f2f 100755 --- a/files/common/www/service/cgi-bin/splash_click +++ b/files/common/www/service/cgi-bin/splash_click @@ -1,14 +1,19 @@ -#!/bin/sh +#!/bin/sh -e +. $IPKG_INSTROOT/etc/functions.sh +. /etc/splash.sh + echo -en "Status: 200 OK\r\n" echo -en "Content-Type: text/html\r\n" echo -en "\r\n" -TEST=`cat ` -TEST=`echo $TEST | sed 's/'target_url='/''/g'` -TEST=`/bin/urldecode "$TEST"` -TEST=`echo $TEST | sed 's/%2F/\//g'` -USER_MAC=`cat /proc/net/arp | grep $REMOTE_HOST | awk 'BEGIN { FS = " " } ; { print $4 }'` -. $IPKG_INSTROOT/etc/functions.sh +# decode request params +# url is decoded twice, as it is encoded by the browser and once by us +URL="http://$(sed 's/target_url=//g' | urldecode)" +USER_MAC=$(grep ^$REMOTE_HOST </proc/net/arp \ + | awk 'BEGIN { FS = " " } ; { print $4 }') + +# check if user is already splashed; splash otherwise +lockSplash ISSPLASHED=0 config_load splash_users is_mac() { @@ -17,22 +22,17 @@ is_mac() { ISSPLASHED=1 fi } -#check if user is alredy splashed config_foreach is_mac user -sed 's/targeturl/'"$(echo $TEST| sed 's#/#\\/#g')"'/g' /www/iframe.html +if [ $ISSPLASHED -eq 0 ]; then + # user is now free to go + chain=$chain_prefix$chain_id + iptables -t nat -I $chain 1 -m mac --mac-source $USER_MAC -j ACCEPT -if [ $ISSPLASHED -eq 1 ]; then - exit + uci -q add splash_users user >/dev/null + uci -q set splash_users.@user[-1].mac=$USER_MAC + uci -q set splash_users.@user[-1].time=`date +%s` fi -#User is now free to go -iptables -t nat -I ffj_splash 1 -m --mac-source $USER_MAC -j ACCEPT - -uci -q add splash_users user -uci -q set splash_users.@user[-1].mac=$USER_MAC -uci -q set splash_users.@user[-1].time=`date +%s` - -exit 0 - - - +unlockSplash +# send response +sed "s/targeturl/$(echo "$URL" | sed 's#/#\\/#g')/g" iframe.html |