分类 wifidog源码 下的文章

install AuthPuppy On OpenWRT with Lighttpd

  1. Install OpenWRT on an X86 platform.
    Following the instructions here (http://blog.ich8.com/post/4494), which could install a clean installtion of OpenWRT on an x86 platform with version 14.03.

  2. Setup LAMP
    It has been a while that the default sources on OpenWRT is wrong, that the offical sources has re-archit the directories. Here are some instructions.

2.1 Base part

source: http://downloads.openwrt.org/barrier_breaker/14.07/x86/generic/packages/base/
package list: libexpat libgd libjpeg libncurses libncursesw libopenssl libpcre libpng libpthread libreadline librt iptables-mod-extra iptables-mod-nat-extra

Note after install libpcre, system may not find the proper libpcre.so.0, just make a soft link from libpcre.so.1 in /usr/lib will make it work.

2.2 Lighttpd

source: http://downloads.openwrt.org/barrier_breaker/14.07/x86/generic/packages/packages/

package list: lighttpd lighttpd-mod-access lighttpd-mod-alias lighttpd-mod-cgi lighttpd-mod-fastcgi lighttpd-mod-rewrite

2.3 MySQL

source: http://downloads.openwrt.org/barrier_breaker/14.07/x86/generic/packages/oldpackages/

package list: mysql-server libmysqlclient

2.4 PHP

source: http://downloads.openwrt.org/barrier_breaker/14.07/x86/generic/packages/oldpackages/

package list: php5 php5-cgi php5-fastcgi php5-mod-apc php5-mod-gd php5-mod-mysql php5-mod-pdo php5-mod-pdo-mysql php5-mod-xml

  1. Setup PHP
    Modify /etc/php.ini. First make the doc_root empty, and then modify the max-memory size from 8MB to a much larger one.

  2. Setup Lighttpd
    4.1 Enable some plugins in Lighttpd following this page (http://wiki.openwrt.org/doc/howto/lamp)
    4.2 Enbale mod_rewrite which is used in AuthPuppy
    4.3 !IMPORTANT Migrate the rewrite rules in AuthPuppy’s .htaccess to url.rewrite part, like below:

    url.rewrite-once = (".php$" => "$0", ".html$" => "$0", "^$" => "index.html", "^([^.]+)($|\?.*$)" => "index.php/$1$2")

  3. Now you can install authpuppy and wifidog as usual.

It is much easier to record than try to make it.

本文章由 http://www.wifidog.pro/2015/02/26/openwrt-%E5%AE%89%E8%A3%85-wifidog%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E5%99%A8authpuppy.html 整理编辑,转载请注明出处

wifidog报错: Auth server did NOT say pong!

在wifidog启动过程中,我们可能会经常看到这种log:
Auth server did NOT say pong!

这个debug信息是再告诉我们,wifidog的ping协议没有收到来自auth server 的pong 回应。
首先解释下什么是ping协议。这种协议是路由器用来告诉auth server 路由器当前的状态,协议格式:
http://auth_server/ping/?gw_id=xxx&sys_uptime=xxx&sys_memfree&sys_load=xxx&wifidog_uptime=xxx
gw_id是路由器的标识符,sys_uptime是路由器启动时间,sys_memfree是路由器的内存剩余,sys_load是系统负载,wifidog_uptime是wifidog启动时间,路由器将这些信息发送给auth server,server 回"Pong" 来表示server知道这台路由器还在工作。

下面是出现上述log的代码:

do {   
        FD_ZERO(&readfds);   
        FD_SET(sockfd, &readfds);   
        timeout.tv_sec = 30; /* XXX magic... 30 second */   
        timeout.tv_usec = 0;   
        nfds = sockfd + 1;   

        nfds = select(nfds, &readfds, NULL, NULL, &timeout);   

        if (nfds > 0) {   
            /** We don't have to use FD_ISSET() because there  
             *  was only one fd. */   
            numbytes = read(sockfd, request + totalbytes, MAX_BUF - (totalbytes + 1));   
            if (numbytes < 0) {   
                debug(LOG_ERR, "An error occurred while reading from auth server: %s", strerror(errno));   
                /* FIXME */   
                close(sockfd);   
                return;   
            }   
            else if (numbytes == 0) {   
                done = 1;   
            }   
            else {   
                totalbytes += numbytes;   
                debug(LOG_DEBUG, "Read %d bytes, total now %d", numbytes, totalbytes);   
            }   
        }
else if (nfds == 0) {   
            debug(LOG_ERR, "Timed out reading data via select() from auth server");   
            /* FIXME */   
            close(sockfd);   
            return;   
        }   
        else if (nfds < 0) {   
            debug(LOG_ERR, "Error reading data via select() from auth server: %s", strerror(errno));   
            /* FIXME */   
            close(sockfd);   
            return;   
        }   
    } while (!done);   
    close(sockfd);   

    debug(LOG_DEBUG, "Done reading reply, total %d bytes", totalbytes);   

    request[totalbytes] = '\0';   

    debug(LOG_DEBUG, "HTTP Response from Server: [%s]", request);   

    if (strstr(request, "Pong") == 0) {   
        debug(LOG_WARNING, "Auth server did NOT say pong!");   
        /* FIXME */   
    }   
    else {   
        debug(LOG_DEBUG, "Auth Server Says: Pong");   
    }

这段log 出现在wifidog 在接收server 的响应包里没有出现Pong字符串。

本文章由 http://www.wifidog.pro/2015/02/25/wifidog%E7%9A%84ping%E5%8D%8F%E8%AE%AE.html 整理编辑,转载请注明出处

编写自己的WifiDog认证服务器

次我使用的是php来编写auth_server服务器,因为这样比较简单。
1.首先是login.php

<?php
include './tool/MySQLHelper.php';
if (!empty($_GET["mac"])){
    $result = selectMacByToken($_GET["mac"]);
    if (!empty($result)){
        header("location: http://192.168.1.1:2060/wifidog/auth?token=".$result);
    }
    else {
        header("location: http://xxxxx/WelcomePage.php?mac=".$_GET["mac"]);
    }
}
else {
    header("location: http://xxxxx/WelcomePage.php?mac=".$_GET["mac"]);
}
?>

2.ping.php:

<?php  
echo "Pong";  
?>  

这里没有做额外的处理,只是简单地向wifidog回应一个Pong。
3.auth.php

<?php
// 后门
if ($_GET["token"] == "123"){
    echo "Auth: 1";
    return;
}

if (!empty($_GET["token"]) && isset($_GET["token"])){
   &nbsp;//获取$result的过程//
    isValidate($result);
   &nbsp;//**后续处理**//
    return;
}
else if((!empty ($_GET["mac"])) && isset($_GET["mac"])){
   &nbsp;//**获取result*//
    $result = isSubscribeByMac($_GET["mac"]);
    isValidate($result);
    return;
}
else
{
    echo "Auth: 0";
}

// 输出是否合法.
function isValidate($result){
    if ($result == 1){
        echo "Auth: 1";
    }
    else {
        echo "Auth: 0";
    }
}
?>

这里根据一些参数来获取$result,从而决定是否允许认证。

本文章由 http://www.wifidog.pro/2015/02/15/wifidog%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E5%99%A8-2.html 整理编辑,转载请注明出处

为wifidog认证跳转url添加客户端ip地址

默认的的wifidog认证页面跳转url是这样的
login/?gw_address=%s&gw_port=%d&gw_id=%s&url=%s
Example: https://auth.ilesansfil.org/login/?gw_id=0016B6DA9AE0&gw_address=7.0.0.1&gw_port=2060
由于业务需要,需要在跳转到认证页面时加一个客户端内网IP地址,即ClienIPAddress

下载wifidog添代码,打开http.c,找到

/* Re-direct them to auth server */
char *urlFragment;
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&url=%s",
auth_server->authserv_login_script_path_fragment,
config->gw_address,
config->gw_port,
config->gw_id,
url);
debug(LOG_INFO, "Captured %s requesting [%s] and re-directing them to login page", r->clientAddr, url);
http_send_redirect_to_auth(r, urlFragment, "Redirect to login page");
free(urlFragment);

修改为

/* Re-direct them to auth server */
char *urlFragment;
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&url=%s&clientip=%s",
auth_server->authserv_login_script_path_fragment,
config->gw_address,
config->gw_port,
config->gw_id,
url,
r->clientAddr);
debug(LOG_INFO, "Captured %s requesting [%s] and re-directing them to login page", r->clientAddr, url);
http_send_redirect_to_auth(r, urlFragment, "Redirect to login page");
free(urlFragment);

重新编译以后就OK了

现在认证跳转url就带有客户端ip地址了。

本文章由 http://www.wifidog.pro/2015/02/15/wifidog%E6%B7%BB%E5%8A%A0%E5%AE%A2%E6%88%B7%E7%AB%AFIP.html 整理编辑,转载请注明出处