Permalink
Browse files

Initial commit of code from hg r534

  • Loading branch information...
1 parent ea510dd commit 93a7278aa80b7b256678d2c8b8bce71abe425f6a @micolous committed Apr 28, 2011
Showing with 18,308 additions and 0 deletions.
  1. +16 −0 CREDITS
  2. +661 −0 LICENSE
  3. +50 −0 Makefile
  4. +109 −0 README
  5. 0 __init__.py
  6. 0 api/__init__.py
  7. +146 −0 api/models.py
  8. +26 −0 api/urls.py
  9. +357 −0 api/views.py
  10. +25 −0 backend/dbus-system-tollgate.conf
  11. +10 −0 backend/iptables-clean
  12. +394 −0 backend/iptables.py
  13. +136 −0 backend/tollgate.py
  14. +20 −0 backend/tollgate.sh
  15. +42 −0 captive_landing/index.py
  16. +19 −0 commons.py
  17. +7 −0 frontend/__init__.py
  18. +67 −0 frontend/admin.py
  19. +72 −0 frontend/common.py
  20. +114 −0 frontend/forms.py
  21. +685 −0 frontend/models.py
  22. +144 −0 frontend/urls.py
  23. +826 −0 frontend/views.py
  24. +147 −0 locale/eo/LC_MESSAGES/django.po
  25. +11 −0 manage.py
  26. +172 −0 media/cake.css
  27. BIN media/console_icons/apple.png
  28. BIN media/console_icons/cisco.png
  29. BIN media/console_icons/nintendo.png
  30. BIN media/console_icons/pc.png
  31. BIN media/console_icons/playstation.png
  32. BIN media/console_icons/xbox.png
  33. BIN media/doasisay.png
  34. +1,024 −0 media/flot/API.txt
  35. +71 −0 media/flot/FAQ.txt
  36. +22 −0 media/flot/LICENSE.txt
  37. +15 −0 media/flot/Makefile
  38. +340 −0 media/flot/NEWS.txt
  39. +105 −0 media/flot/PLUGINS.txt
  40. +81 −0 media/flot/README.txt
  41. +1,427 −0 media/flot/excanvas.js
  42. +1 −0 media/flot/excanvas.min.js
  43. +174 −0 media/flot/jquery.colorhelpers.js
  44. +1 −0 media/flot/jquery.colorhelpers.min.js
  45. +156 −0 media/flot/jquery.flot.crosshair.js
  46. +1 −0 media/flot/jquery.flot.crosshair.min.js
  47. +237 −0 media/flot/jquery.flot.image.js
  48. +1 −0 media/flot/jquery.flot.image.min.js
  49. +2,119 −0 media/flot/jquery.flot.js
  50. +1 −0 media/flot/jquery.flot.min.js
  51. +272 −0 media/flot/jquery.flot.navigate.js
  52. +1 −0 media/flot/jquery.flot.navigate.min.js
  53. +299 −0 media/flot/jquery.flot.selection.js
  54. +1 −0 media/flot/jquery.flot.selection.min.js
  55. +152 −0 media/flot/jquery.flot.stack.js
  56. +1 −0 media/flot/jquery.flot.stack.min.js
  57. +103 −0 media/flot/jquery.flot.threshold.js
  58. +1 −0 media/flot/jquery.flot.threshold.min.js
  59. +4,376 −0 media/flot/jquery.js
  60. +19 −0 media/flot/jquery.min.js
  61. BIN media/greenstripes.png
  62. +166 −0 media/platinum.css
  63. BIN media/portal-bg.png
  64. BIN media/portal2.png
  65. +136 −0 media/terminal.css
  66. BIN media/virtue.ttf
  67. +87 −0 scraper.dat
  68. +214 −0 scraper.py
  69. +137 −0 settings.py
  70. +10 −0 templates/admin/base_site.html
  71. +29 −0 templates/frontend/arp-cache-error.html
  72. +29 −0 templates/frontend/base-internet.html
  73. +31 −0 templates/frontend/base-pclist.html
  74. +34 −0 templates/frontend/base-usage.html
  75. +135 −0 templates/frontend/base.html
  76. +28 −0 templates/frontend/cant-reset-yourself.html
  77. +99 −0 templates/frontend/captive_landing.html
  78. +56 −0 templates/frontend/controller-error.html
  79. +45 −0 templates/frontend/error.html
  80. +31 −0 templates/frontend/event-not-active.html
  81. +171 −0 templates/frontend/help/api.html
  82. +189 −0 templates/frontend/help/new.html
  83. +34 −0 templates/frontend/help/source.html
  84. +56 −0 templates/frontend/index.html
  85. +71 −0 templates/frontend/internet.html
  86. +29 −0 templates/frontend/internet_login-already_owned.html
  87. +32 −0 templates/frontend/internet_login-not_in_subnet.html
  88. +43 −0 templates/frontend/internet_login.html
  89. +64 −0 templates/frontend/internet_login_here-failure.html
  90. +46 −0 templates/frontend/ip4portforward_confirm_delete.html
  91. +33 −0 templates/frontend/ip4portforward_form.html
  92. +55 −0 templates/frontend/ip4portforward_list.html
  93. +54 −0 templates/frontend/login.html
  94. +34 −0 templates/frontend/logout.html
  95. +30 −0 templates/frontend/not-a-console.html
  96. +33 −0 templates/frontend/not-signed-in.html
  97. +79 −0 templates/frontend/pclist.html
  98. +201 −0 templates/frontend/quota.html
  99. +57 −0 templates/frontend/reset-lecture.html
  100. +35 −0 templates/frontend/signin1.html
  101. +35 −0 templates/frontend/signin2.html
  102. +35 −0 templates/frontend/signin3.html
  103. +181 −0 templates/frontend/usage-info.html
  104. +74 −0 templates/frontend/usage.html
  105. +70 −0 tollgate_controller_api.py
  106. +43 −0 urls.py
View
16 CREDITS
@@ -0,0 +1,16 @@
+# Credits / Thanks #
+
+## Michael Farrell (2008-) ##
+ - Website (for email contact): http://micolous.id.au/
+ - Started the project, wrote everything.
+
+## Ben Christian and Darren Mullighan (2009-) ##
+ - Provided valuable feedback and user experience testing.
+
+## Rebecca Irving (2009) ##
+ - Contributed portal2 logo (/frontend/media/portal2.png)
+
+## David B (2010-) ##
+ - Reports security bugs.
+
+
View
661 LICENSE

Large diffs are not rendered by default.

Oops, something went wrong.
View
@@ -0,0 +1,50 @@
+# tollgate Makefile
+# Copyright 2008-2011 Michael Farrell <http://micolous.id.au/>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+HASKEY = $(shell grep -P '^SECRET_KEY = ' settings_local.py)
+HASSRC = $(shell grep -P '^SOURCE_URL = ' settings_local.py)
+
+all:
+ # repairing permissions...
+ chmod a+x manage.py scraper.py backend/tollgate.py
+
+ifeq ($(HASKEY),)
+ # Create new secret key.
+ python -c 'import string,random;print "\n\nSECRET_KEY = %s\n" % repr("".join([random.choice(string.letters + string.digits + string.punctuation) for i in range(80)]))' >> settings_local.py
+endif
+
+ifeq ($(HASSRC),)
+ echo '# Please setup a location where the source code to your modifications to tollgate are stored.' >> settings_local.py
+ echo '# This must be a publicly-accessible web (http/https) URL. If your VCS does not provide access over HTTP, provide a link to a web page where instructions to configure access to your repository are.' >> settings_local.py
+ echo '# Tip: You can use the "fork" functionality in GitHub to do this. Make sure you push back to your fork.' >> settings_local.py
+ echo '# A message will be inserted in all pages until you set this correctly.' >> settings_local.py
+ echo 'SOURCE_URL = None' >> settings_local.py
+endif
+
+ # finished. please see the README for further instructions.
+
+export:
+ rm -rf export
+ svn export . export
+ rm export/Makefile
+
+tarball: export
+ rm -f tollgate.tar.bz2
+ tar -jcvf tollgate.tar.bz2 --owner=0 --group=0 -Cexport .
+
+clean:
+ rm -rf export
+ rm -f tollgate.tar.bz2
View
109 README
@@ -0,0 +1,109 @@
+# tollgate README #
+
+tollgate - A captive portal software for Linux for LAN parties.
+Copyright 2008-2011 Michael Farrell <http://micolous.id.au>.
+
+## Introduction ##
+
+Welcome to tollgate. This is a captive portal system for Linux, designed for operating LAN parties. A lot of the concepts in the software are specific to how a LAN party operates, however you could use it for a sharehouse if you wanted, or something else.
+
+It was originally called 'portal2'. It managed the StreetGeek and SAGA internet connection for about two years, before I discontinued my involvement with the event. It was called 'portal2' as it we previously experimented with a modified version of WiFiDog before abandoning it at the event. It's changed the name to avoid potential trademark issues.
+
+Currently this version is a little broken, as all StreetGeek and SAGA related components have been pulled out from under it. There's also some policies for the event that were hard-coded into the software (such as one free quota reset). I have however pulled out all copyrighted images from the source tree that may cause problems.
+
+It's undergoing porting to LanConnect's data models, but that software is not yet released, so the system is in a state of flux. At that point, a lot of those policies that were specific to the event will also be pulled out and replaced with something that's more flexible and easier to configure.
+
+It consists of two parts, connected via dbus:
+
+- A frontend system, which does most of the heavy lifting, including managing users and quota. It is a Django website.
+- A backend system. This is only there to insulate the frontend from running programs as root directly. It also abstracts calls to the firewall, and maintains the list of unmetered and blacklisted hosts.
+
+This software isn't based on any existing captive portal solution - it's entirely from-scratch. At the time that development started (2008) there wasn't any freely available software that did what we wanted, so I wrote one.
+
+## Licensing ##
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+A full copy of the license is available in the file /LICENSE.
+
+Please be specifically aware of Section 13 "Remote Network Interaction; Use with the GNU General Public License." This requires you to make modifications to this software available to network users. The easiest way you can do this is by making a publicly available Git repository for your users. (GitHub has a nice 'fork' option, which makes it easy for me to track this stuff...)
+
+A notice will appear on all pages unless you set the SOURCE_URL setting to a location where the source code is stored. This is enforced as some members of the LAN community in my experience are "lax" about following licensing obligations. Removing the code that enforces this *does not* exempt you from the agreement - it is only there as a reminder and to assist you in license compliance.
+
+### flot ###
+
+This software uses flot, a jQuery library for generating charts, copyright 2007-2009 IOLA and Ole Laursen. A full copy of it's license is included in /media/flot/LICENSE.txt. It's terms ONLY apply to the flot library - not to the rest of the tollgate source code.
+
+flot itself also includes:
+
+ - excanvas: Copyright 2006 Google Inc., licensed under the terms of the Apache License v2.0.
+ - jQuery: Copyright 2009 John Resig and The Dojo Foundation, dual-licensed under the MIT and GPL.
+ - in jquery.flot.navigate.js:
+ - jQuery.event.drag: Copyright 2008 Three Dub Media <http://threedubmedia.com>, MIT licensed
+ - jquery.mousewheel: Copyright 2009 Brandon Aaron <http://brandonaaron.net> dual-licensed under the MIT and GPL.
+
+Additional licensing information about these components is in headers of their source files (in /frontend/media/flot/).
+
+### Virtue font ###
+
+The font 'virtue.ttf' is copyright 1997-1999 Marty P. Pfeiffer at Scooter Graphics. It is released as freeware.
+
+http://www.scootergraphics.com/virtue/index.html
+http://www.dafont.com/virtue.font
+
+## System Requirements ##
+
+The recommended platform for this software is Debian GNU/Linux 6.0. It has only been tested on i386, however should work correctly with other architectures as well.
+
+There are the following requirements for successful operation:
+
+- Python 2.4 or later.
+- Django 1.2 or later, as well as a database module (such as sqlite3, python-mysql) and database server (if applicable).
+- python-dbus, as well as a local DBUS installation
+- A HTTPS-secured webserver to run the django site in (like apache2)
+ - You could run the service without protection, but that's really silly.
+- iptables 1.4.3 or later. This is REALLY NEW, not in Debian GNU/Linux 5.0 "lenny"
+- Linux 2.4.21 or later, with netfilter support (most distributions ship with support for this). However it has only been tested with 2.6 kernels.
+- xtables-addons, you can either:
+ - use v1.22 or later, as they include my patch.
+ - It is available in GIT commit ID 7952a7d253a66a504df0589d4143088213451fe8 and later <http://xtables-addons.git.sourceforge.net/git/gitweb.cgi?p=xtables-addons/xtables-addons;a=commit;h=7952a7d253a66a504df0589d4143088213451fe8> which was added to the tree on Thu, 31 Dec 2009 15:24:47 +0000.
+- python-iplib
+- python-simplejson (if using Python <2.6)
+- python-lxml
+- screen
+
+## xtables-addons Installation Notes ##
+
+xtables-addons requires at least iptables 1.4.3. Debian GNU/Linux 5.0 "lenny" contains 1.4.2. squeeze contains iptables 1.4.8.
+
+### Automatic Installation with module-assistant ###
+
+If you have xtables-addons-source 1.22-1 or later available to you, this will have the required patches available. You can easily install the package with module-assistant:
+
+# apt-get install module-assistant
+# m-a a-i xtables-addons
+
+### Manual Installation ###
+
+You'll also need build-essential, autoconf, automake, libtool, iptables-dev, linux-headers-2.6-686 and pkg-config to compile xtables-addons. Make sure you run ./autogen.sh again if you were missing packages when you last ran it, otherwise it may repeatedly fail when you re-run ./configure.
+
+So, installation process for that part:
+
+# apt-get install build-essential autoconf automake libtool iptables-dev linux-headers-2.6-686 pkg-config
+# ./autogen.sh
+# ./configure
+# make
+# make install
+# cp -s /usr/local/libexec/xtables/* /lib/xtables/
+
+## Known Issues ##
+
+- xt_quota2 doesn't always show current quota data in iptables command. It should not be relied on for accurate display of quota information via iptables command, use /proc/net/xt_quota/ instead because that is accurate. The actual accounting process is accurate however.
+ - This may only effect SMP systems, but using procfs is still recommended.
+ - Why the in-kernel quota system doesn't work for us: http://bugzilla.netfilter.org/show_bug.cgi?id=541
+- Port forwarding doesn't work correctly when the internal and external ports are different.
+
View
No changes.
View
No changes.
View
@@ -0,0 +1,146 @@
+#!/usr/bin/env python
+"""tollgate frontend api models
+Copyright 2008-2010 Michael Farrell <http://micolous.id.au/>
+$Id: py 109 2010-11-10 12:23:25Z michael $
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from django.db.models import *
+from django.conf import settings
+
+from sys import exc_info
+from hashlib import sha512
+from math import floor
+from time import time
+
+# don't really have models here, just validation for stuff.
+
+def is_valid_ip(ip):
+ """Validate an IP address input."""
+ a = ip.split('.')
+
+ if len(a) != 4:
+ return False
+
+ for x in a:
+ try:
+ y = int(x)
+ if y < 0 or y > 255:
+ return False
+ except:
+ return False
+
+ return True
+
+def is_valid_mac(mac):
+ mac = mac.upper()
+
+ if len(mac) != 12:
+ return False
+
+ for x in mac:
+ y = ord(x)
+ if (y < ord('0') or y > ord('9')) and (y < ord('A') or y > ord('F')):
+ return False
+
+ return True
+
+def steal_local(n):
+ """Steals a local variable from higher up in the call stack. This will
+ continually work it's way backwards, until it reaches the main, and return the
+ first result it finds. Throws an Exception if the variable cannot be found.
+
+ Yes, this function is evil, but unfortunately this is required to work around
+ a limitation in Django's handling of XMLRPC."""
+ try:
+ raise Exception
+ except:
+ tb = exc_info()[2].tb_frame
+ while tb != None:
+ if tb.f_locals.has_key(n):
+ return tb.f_locals[n]
+ tb = tb.f_back
+ # we have a problem
+ raise Exception, "That doesn't exist."
+
+def steal_request():
+ return steal_local('request')
+
+def calculate_authhash(secret, unix_minute, data):
+ if secret == '' or secret == None:
+ raise Exception("RESTRICTED_CALLS_KEY was not set!")
+ s = "%s:%s:%s" % (secret, unix_minute, data)
+ return sha512(s).hexdigest()
+
+def verify_authhash(data, authhash):
+ now = long(floor(time()/60.0))
+ for x in range(now-1, now+2):
+ real_ah = calculate_authhash(settings.RESTRICTED_CALLS_KEY, x, data)
+ if real_ah == authhash:
+ return True
+ return False
+
+
+def marshal_NetworkHost(nh):
+ """Marshalls a NetworkHost into a simple dict for xmlrpc calls"""
+ if nh.online:
+ ip = nh.ip_address
+ else:
+ ip = False
+ return dict(
+ mac_address = nh.mac_address,
+ ip_address = ip,
+ computer_name = nh.computer_name,
+ first_connection = nh.first_connection,
+ online = nh.online == 1,
+ type = nh.get_console_type()
+ )
+
+def marshal_UserProfile(p, hide_name=True):
+ o = dict(
+ internet_on = p.internet_on == 1,
+ username = p.user.username,
+ forum_uid = p.user.id,
+ first_name = p.user.first_name,
+ last_name = p.user.last_name
+ )
+
+
+ if hide_name:
+ o['first_name'] = ''
+ o['last_name'] = ''
+
+ return o
+
+def marshal_Usage(a):
+ o = dict(
+ unmetered = a.is_unmetered() == 1,
+ used = str(a.quota_used),
+ remaining = False,
+ total = False,
+ resets = False,
+ available = True
+ )
+
+ if not a.is_unmetered():
+ o['remaining'] = str(a.quota_remaining())
+ o['total'] = str(a.quota_amount)
+ o['resets'] = a.reset_count()
+ o['available'] = a.is_quota_available()
+ return o
+
+def marshal_NetworkUsageDataPoint(a):
+ return (a.when, str(a.bytes))
+
View
@@ -0,0 +1,26 @@
+"""tollgate api urls
+Copyright 2008-2010 Michael Farrell
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+
+from django.conf.urls.defaults import *
+from django.conf import settings
+from tollgate.frontend.forms import *
+
+
+urlpatterns = patterns('tollgate.api.views',
+ (r'^xmlrpc/$', 'xmlrpc_handler'),
+ (r'^httpget/(?P<output_format>\w+)/(?P<method>[\w\d_]+)/$', 'httpget_handler'),
+)
Oops, something went wrong.

0 comments on commit 93a7278

Please sign in to comment.