github/openNDS
1
1
Fork 0
mirror of https://github.com/openNDS/openNDS.git synced 2026-01-09 11:57:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

More renaming, new splash image.

Browse Source 
Signed-off-by: Rob White <rob@blue-wave.net>
This commit is contained in:
Rob White
2020-04-05 16:53:33 +01:00
parent 489ae62e8f
commit 3d1033d39e
56 changed files with 581 additions and 1133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/README.md vendored
View File

@@ -1,5 +1,5 @@
To create a Debian package of NoDogSplash (a \*.deb file),
To create a Debian package of openNDS (a \*.deb file),
you first need to have installed the following programs and libraries:
```

11
debian/control vendored
View File

@@ -1,19 +1,18 @@
Source: nodogsplash
Source: opennds
Section: net
Priority: optional
Maintainer: Shiao-An Yuan <shiao.an.yuan@gmail.com>
Uploaders: Moritz Warning <moritzwarning@web.de>, Steffen Moeller <moeller@debian.org>
Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1~), dh-systemd (>= 1.5), libmicrohttpd-dev (>= 0.9.51)
Standards-Version: 3.9.6
Homepage: http://kokoro.ucsd.edu/nodogsplash/
Vcs-Git: git://github.com/nodogsplash/nodogsplash.git
Vcs-Browser: http://github.com/nodogsplash/nodogsplash
Vcs-Git: git://github.com/opennds/opennds.git
Vcs-Browser: http://github.com/opennds/opennds
Package: nodogsplash
Package: opennds
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libmicrohttpd12 (>= 0.9.51)
Description: manage access to public internet access
Nodogsplash controls access to a public Internet connection and offers
openNDS controls access to a public Internet connection and offers
a simple way to open a Hotspot for wireless networks. It provides a
captive portal to inform users about the services and optionally have
them acknowledge the terms and conditions of its use.

4
debian/copyright vendored
View File

@@ -1,6 +1,6 @@
Format: http://dep.debian.net/deps/dep5
Upstream-Name: nodogsplash
Source: http://github.com/nodogsplash
Upstream-Name: opennds
Source: http://github.com/opennds
Files: *
Copyright: (C) 2013-20 BlueWave Projects and Services <dot@blue-wave.net>

270
debian/doc/nodogsplash.1 → debian/doc/opennds.1 vendored
View File

@@ -1,8 +1,8 @@
.\" Man page generated from reStructuredText.
.
.TH "NODOGSPLASH" "1" "Mar 03, 2020" "4.5.0" "NoDogSplash"
.TH "OPENNDS" "1" "Apr 05, 2020" "5.0.0beta" "openNDS"
.SH NAME
nodogsplash \- nodogsplash Documentation
opennds \- opennds Documentation
.
.nr rst2man-indent-level 0
.
@@ -31,16 +31,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
Nodogspash is a high performance, small footprint Captive Portal,
openNDS is a high performance, small footprint Captive Portal,
offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
.sp
It was derived originally from the codebase of the Wifi Guard Dog project.
.sp
Nodogsplash is released under the GNU General Public License.
openNDS is released under the GNU General Public License.
.INDENT 0.0
.IP \(bu 2
Mailing List: \fI\%http://ml.ninux.org/mailman/listinfo/nodogsplash\fP
.IP \(bu 2
Original Homepage \fIdown\fP: \fI\%http://kokoro.ucsd.edu/nodogsplash\fP
.IP \(bu 2
Wifidog: \fI\%http://dev.wifidog.org/\fP
@@ -48,13 +46,13 @@ Wifidog: \fI\%http://dev.wifidog.org/\fP
GNU GPL: \fI\%http://www.gnu.org/copyleft/gpl.html\fP
.UNINDENT
.sp
The following describes what Nodogsplash does, how to get it and run it, and
The following describes what openNDS does, how to get it and run it, and
how to customize its behavior for your application.
.sp
Contents:
.SH OVERVIEW
.sp
\fBNoDogSplash\fP (NDS) is a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
\fBopenNDS\fP (NDS) is a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
.SS Captive Portal Detection (CPD)
.INDENT 0.0
.INDENT 3.5
@@ -92,19 +90,19 @@ NDS can be used as the "Engine" behind the most sophisticated Captive Portal sys
.UNINDENT
.UNINDENT
.UNINDENT
.SH INSTALLING NODOGSPLASH
.SH INSTALLING OPENNDS
.SS OpenWrt
.INDENT 0.0
.IP \(bu 2
Have a router working with OpenWrt. At the time of writing, Nodogsplash has been tested with OpenWrt 18.06.x, 19.7.x and Snapshot.
Have a router working with OpenWrt. At the time of writing, openNDS has been tested with OpenWrt 18.06.x, 19.7.x and Snapshot.
.IP \(bu 2
It may or may not work on older versions of OpenWrt or on other kinds of Linux\-based router firmware.
.IP \(bu 2
Make sure your router is basically working before you try to install Nodogsplash. In particular, make sure your DHCP daemon is serving addresses on the interface that nodogsplash will manage.
Make sure your router is basically working before you try to install openNDS. In particular, make sure your DHCP daemon is serving addresses on the interface that openNDS will manage.
.sp
The default is br\-lan but can be changed to any interface by editing the /etc/config/nodogsplash file.
The default is br\-lan but can be changed to any interface by editing the /etc/config/opennds file.
.IP \(bu 2
To install Nodogsplash, you may use the OpenWrt Luci web interface or alternatively, ssh to your router and run the command:
To install openNDS, you may use the OpenWrt Luci web interface or alternatively, ssh to your router and run the command:
.INDENT 2.0
.INDENT 3.5
\fBopkg update\fP
@@ -114,50 +112,50 @@ To install Nodogsplash, you may use the OpenWrt Luci web interface or alternativ
followed by
.INDENT 2.0
.INDENT 3.5
\fBopkg install nodogsplash\fP
\fBopkg install opennds\fP
.UNINDENT
.UNINDENT
.IP \(bu 2
Nodogsplash is enabled by default and will start automatically on reboot or can be started and stopped manually.
openNDS is enabled by default and will start automatically on reboot or can be started and stopped manually.
.IP \(bu 2
If the interface that you want Nodogsplash to manage is not br\-lan,
edit /etc/config/nodogsplash and set GatewayInterface.
If the interface that you want openNDS to manage is not br\-lan,
edit /etc/config/opennds and set GatewayInterface.
.IP \(bu 2
To start Nodogsplash, run the following, or just reboot the router:
To start openNDS, run the following, or just reboot the router:
.INDENT 2.0
.INDENT 3.5
\fBservice nodogsplash start\fP
\fBservice opennds start\fP
.UNINDENT
.UNINDENT
.IP \(bu 2
To test the installation, connect a client device to the interface on your router that is managed by Nodogsplash (for example, connect to the router\(aqs wireless lan).
To test the installation, connect a client device to the interface on your router that is managed by openNDS (for example, connect to the router\(aqs wireless lan).
.UNINDENT
.INDENT 0.0
.INDENT 3.5
Most client device operating systems and browsers support Captive Portal Detection (CPD) and the operating system or browser on that device will attempt to contact a pre defined port 80 web page.
.sp
CPD will trigger Nodogsplash to serve the default splash page where you can click or tap Continue to access the Internet.
CPD will trigger openNDS to serve the default splash page where you can click or tap Continue to access the Internet.
.sp
See the Authentication section for details of setting up a proper authentication process.
.sp
If your client device does not display the splash page it most likely does not support CPD.
.sp
You should then manually trigger Nodogsplash by trying to access a port 80 web site (for example, google.com:80 is a good choice).
You should then manually trigger openNDS by trying to access a port 80 web site (for example, google.com:80 is a good choice).
.UNINDENT
.UNINDENT
.INDENT 0.0
.IP \(bu 2
To stop Nodogsplash:
To stop openNDS:
.INDENT 2.0
.INDENT 3.5
\fBservice nodogsplash stop\fP
\fBservice opennds stop\fP
.UNINDENT
.UNINDENT
.IP \(bu 2
To uninstall Nodogsplash:
To uninstall openNDS:
.INDENT 2.0
.INDENT 3.5
\fBopkg remove nodogsplash\fP
\fBopkg remove opennds\fP
.UNINDENT
.UNINDENT
.UNINDENT
@@ -173,10 +171,10 @@ libmicrohttpd\-dev (>= 0.9.51) [avaiable in \fBstretch\fP]
.sp
But you can also compile libmicrohttpd your self if you\(aqre still running jessie or older.
.sp
To compile NoDogSplash and create the Debian package, see the chapter "How to Compile Nodogsplash".
.SH HOW NODOGSPLASH (NDS) WORKS
To compile openNDS and create the Debian package, see the chapter "How to Compile openNDS".
.SH HOW OPENNDS (NDS) WORKS
.sp
NoDogSplash is a Captive Portal Engine. Any Captive Portal, including NDS, will have two main components:
openNDS is a Captive Portal Engine. Any Captive Portal, including NDS, will have two main components:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
@@ -188,7 +186,7 @@ Something to provide a Portal for client users to log in.
.UNINDENT
.UNINDENT
.sp
NoDogSplash MUST run on a device configured as an IPv4 router.
openNDS MUST run on a device configured as an IPv4 router.
.sp
A wireless router will typically be running OpenWrt or some other Linux distribution.
.sp
@@ -332,25 +330,25 @@ However, SSID "Customers" is configured on virtual interface wlan0\-1, and consi
NDS detects which zone is being used by a client and a relevant login page can be served.
.SS Packet filtering
.sp
Nodogsplash considers four kinds of packets coming into the router over the managed interface. Each packet is one of these kinds:
openNDS considers four kinds of packets coming into the router over the managed interface. Each packet is one of these kinds:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.IP 1. 3
\fBBlocked\fP, if the MAC mechanism is block, and the source MAC address of the packet matches one listed in the BlockedMACList; or if the MAC mechanism is allow, and source MAC address of the packet does not match one listed in the AllowedMACList or the TrustedMACList. These packets are dropped.
.IP 2. 3
\fBTrusted\fP, if the source MAC address of the packet matches one listed in the TrustedMACList. By default, these packets are accepted and routed to all destination addresses and ports. If desired, this behavior can be customized by FirewallRuleSet trusted\-users and FirewallRuleSet trusted\-users\-to\-router lists in the nodogsplash.conf configuration file, or by the EmptyRuleSetPolicy trusted\-users EmptyRuleSetPolicy trusted\-users\-to\-router directives.
\fBTrusted\fP, if the source MAC address of the packet matches one listed in the TrustedMACList. By default, these packets are accepted and routed to all destination addresses and ports. If desired, this behavior can be customized by FirewallRuleSet trusted\-users and FirewallRuleSet trusted\-users\-to\-router lists in the opennds.conf configuration file, or by the EmptyRuleSetPolicy trusted\-users EmptyRuleSetPolicy trusted\-users\-to\-router directives.
.IP 3. 3
\fBAuthenticated\fP, if the packet\(aqs IP and MAC source addresses have gone through the nodogsplash authentication process and has not yet expired. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet authenticated\-users and FirewallRuleSet users\-to\-router in the nodogsplash.conf configuration file).
\fBAuthenticated\fP, if the packet\(aqs IP and MAC source addresses have gone through the openNDS authentication process and has not yet expired. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet authenticated\-users and FirewallRuleSet users\-to\-router in the opennds.conf configuration file).
.IP 4. 3
\fBPreauthenticated\fP\&. Any other packet. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet preauthenticated\-users and FirewallRuleSet users\-to\-router in the nodogsplash.conf configuration file). Any other packet is dropped, except that a packet for destination port 80 at any address is redirected to port 2050 on the router, where nodogsplash\(aqs built in libhttpd\-based web server is listening. This begins the \(aqauthentication\(aq process. The server will serve a splash page back to the source IP address of the packet. The user clicking the appropriate link on the splash page will complete the process, causing future packets from this IP/MAC address to be marked as Authenticated until the inactive or forced timeout is reached, and its packets revert to being Preauthenticated.
\fBPreauthenticated\fP\&. Any other packet. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet preauthenticated\-users and FirewallRuleSet users\-to\-router in the opennds.conf configuration file). Any other packet is dropped, except that a packet for destination port 80 at any address is redirected to port 2050 on the router, where openNDS\(aqs built in libhttpd\-based web server is listening. This begins the \(aqauthentication\(aq process. The server will serve a splash page back to the source IP address of the packet. The user clicking the appropriate link on the splash page will complete the process, causing future packets from this IP/MAC address to be marked as Authenticated until the inactive or forced timeout is reached, and its packets revert to being Preauthenticated.
.UNINDENT
.UNINDENT
.UNINDENT
.sp
NoDogSplash implements these actions by inserting rules in the router\(aqs iptables mangle PREROUTING chain to mark packets, and by inserting rules in the nat PREROUTING, filter INPUT and filter FORWARD chains which match on those marks.
openNDS implements these actions by inserting rules in the router\(aqs iptables mangle PREROUTING chain to mark packets, and by inserting rules in the nat PREROUTING, filter INPUT and filter FORWARD chains which match on those marks.
.sp
Because it inserts its rules at the beginning of existing chains, NoDogSplash should be insensitive to most typical existing firewall configurations.
Because it inserts its rules at the beginning of existing chains, openNDS should be insensitive to most typical existing firewall configurations.
.SS Traffic control
.sp
Data rate control on an IP connection basis can be achieved using Smart Queue Management (SQM) configured separately, with NDS being fully compatible.
@@ -358,7 +356,7 @@ Data rate control on an IP connection basis can be achieved using Smart Queue Ma
It should be noted that while setup options and BinAuth do accept traffic/quota settings, these values currently have no effect and are reserved for future development.
.SH THE SPLASH PAGE
.sp
As you will see mentioned in the "How Nodogsplash (NDS) Works" section, an initial port 80 request is generated on a client device, either by the user manually browsing to an http web page, or, more usually, automatically by the client device\(aqs built in Captive Portal Detection (CPD).
As you will see mentioned in the "How openNDS (NDS) Works" section, an initial port 80 request is generated on a client device, either by the user manually browsing to an http web page, or, more usually, automatically by the client device\(aqs built in Captive Portal Detection (CPD).
.sp
This request is intercepted by NDS and an html Splash Page is served to the user of the client device to enable them to authenticate and obtain Internet access.
.SS Types of Splash Page
@@ -428,7 +426,7 @@ section of the PreAuth chapter.
.SH FORWARDING AUTHENTICATION SERVICE (FAS)
.SS Overview
.sp
Nodogsplash (NDS) has the ability to forward requests to a third party authentication service (FAS). This is enabled via simple configuration options.
openNDS (NDS) has the ability to forward requests to a third party authentication service (FAS). This is enabled via simple configuration options.
.INDENT 0.0
.TP
.B These options are:
@@ -491,12 +489,12 @@ The cipher used is "AES\-256\-CBC".
.sp
The "php\-cli" package and the "php\-openssl" module must both be installed for fas_secure level 2.
.sp
Nodogsplash does not depend on this package and module, but will exit gracefully if this package and module are not installed when this level is set.
openNDS does not depend on this package and module, but will exit gracefully if this package and module are not installed when this level is set.
.sp
The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string. An example FAS level 2 php script (fas\-aes.php) is preinstalled in the /etc/nodogsplash directory and also supplied in the source code.
The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string. An example FAS level 2 php script (fas\-aes.php) is preinstalled in the /etc/opennds directory and also supplied in the source code.
.sp
\fBIf set to "3"\fP The FAS is enforced by NDS to use \fBhttps\fP protocol.
Level 3 is the same as level 2 except the use of https protocol is enforced for FAS. In addition, the "authmon" daemon is loaded. This allows the external FAS, after client verification, to effectively traverse inbound firewalls and address translation to achieve NDS authentication without generating browser security warnings or errors. An example FAS level 3 php script (fas\-aes\-https.php) is preinstalled in the /etc/nodogsplash directory and also supplied in the source code.
Level 3 is the same as level 2 except the use of https protocol is enforced for FAS. In addition, the "authmon" daemon is loaded. This allows the external FAS, after client verification, to effectively traverse inbound firewalls and address translation to achieve NDS authentication without generating browser security warnings or errors. An example FAS level 3 php script (fas\-aes\-https.php) is preinstalled in the /etc/opennds directory and also supplied in the source code.
.UNINDENT
.UNINDENT
.sp
@@ -518,7 +516,7 @@ Option faskey must be pre\-shared with FAS.
.INDENT 3.5
\fBLevel 0\fP (fas_secure_enabled = 0), NDS sends the token and other information to FAS as clear text.
.sp
\fIhttp://fasremoteip:fasport/faspath?authaction=http://gatewayaddress:gatewayport/nodogsplash_auth/?clientip=[clientip]&gatewayname=[gatewayname]&tok=[token]&redir=[requested_url]\fP
\fIhttp://fasremoteip:fasport/faspath?authaction=http://gatewayaddress:gatewayport/opennds_auth/?clientip=[clientip]&gatewayname=[gatewayname]&tok=[token]&redir=[requested_url]\fP
.INDENT 0.0
.INDENT 3.5
Although the simplest to set up, a knowledgeable user could bypass FAS, so running fas_secure_enabled at level 1 or 2 is recommended.
@@ -547,7 +545,7 @@ The return url will be constructed by FAS from predetermined knowledge of the co
.sp
The client\(aqs unique access token will be obtained from NDS by the FAS making a call to the get_client_token library utility:
.sp
\fB/usr/lib/nodogsplash/./get_client_token $clientip\fP
\fB/usr/lib/opennds/./get_client_token $clientip\fP
.sp
A json parser could be used to extract all the client variables supplied by ndsctl, an example can be found in the default PreAuth Login script in /usr/lib/nogogsplash/login.sh.
.UNINDENT
@@ -669,7 +667,7 @@ This will be of the form:
.UNINDENT
.sp
FAS should then serve a suitable error page informing the client user that they are already logged in.
.SS Running FAS on your Nodogsplash router
.SS Running FAS on your openNDS router
.sp
FAS has been tested using uhttpd, lighttpd, ngnix, apache and libmicrohttpd.
.sp
@@ -734,7 +732,7 @@ You can run the FAS example script, fas\-aes\-https.php, remotely on an Internet
Assuming you have installed your web server of choice, configured it for port 2080 and added PHP support using the package php7\-cgi, you can do the following.
.INDENT 0.0
.INDENT 3.5
(Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
(Under other operating systems you may need to edit the opennds.conf file in /etc/opennds instead, but the process is very similar.)
.INDENT 0.0
.IP \(bu 2
Install the packages php7\-cli and php7\-mod\-openssl
@@ -743,9 +741,9 @@ Create a folder for the FAs script eg: /[server\-web\-root]/nds/ on the Internet
.IP \(bu 2
Place the file fas\-aes.php in /[server\-web\-root]/nds/
.sp
(You can find it in the /etc/nodogsplash directory.)
(You can find it in the /etc/opennds directory.)
.IP \(bu 2
Edit the file /etc/config/nodogsplash
Edit the file /etc/config/opennds
.UNINDENT
.INDENT 0.0
.INDENT 3.5
@@ -765,7 +763,7 @@ adding the lines:
.UNINDENT
.INDENT 0.0
.IP \(bu 2
Restart NDS using the command \fBservice nodogsplash restart\fP
Restart NDS using the command \fBservice opennds restart\fP
.UNINDENT
.UNINDENT
.UNINDENT
@@ -774,7 +772,7 @@ Restart NDS using the command \fBservice nodogsplash restart\fP
Assuming you have access to an Internet based https web server you can do the following.
.INDENT 0.0
.INDENT 3.5
(Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
(Under other operating systems you may need to edit the opennds.conf file in /etc/opennds instead, but the process is very similar.)
.INDENT 0.0
.IP \(bu 2
Install the packages php7\-cli and php7\-mod\-openssl on your NDS router
@@ -783,9 +781,9 @@ Create a folder for the FAs script eg: /[server\-web\-root]/nds/ on the Internet
.IP \(bu 2
Place the file fas\-aes.php in /[server\-web\-root]/nds/
.sp
(You can find it in the /etc/nodogsplash directory.)
(You can find it in the /etc/opennds directory.)
.IP \(bu 2
Edit the file /etc/config/nodogsplash
Edit the file /etc/config/opennds
.UNINDENT
.INDENT 0.0
.INDENT 3.5
@@ -809,7 +807,7 @@ adding the lines:
.UNINDENT
.INDENT 0.0
.IP \(bu 2
Restart NDS using the command \fBservice nodogsplash restart\fP
Restart NDS using the command \fBservice opennds restart\fP
.UNINDENT
.UNINDENT
.UNINDENT
@@ -839,7 +837,7 @@ A PreAuth program could be, for example, a compiled program written in C or any
The PreAuth script or program will parse the url encoded command line (query string) passed to it and output html depending on the contents of the query string it receives from NDS. In turn, NDS will serve this html to the client device that is attempting to access the Internet.
.SS Selecting Pre\-Installed Username / Email Login Script (v4.3.0 onwards)
.sp
The default preauth login script is installed as part of the NoDogSplash package providing username/emailaddress login as an alternative to the basic splash page.
The default preauth login script is installed as part of the openNDS package providing username/emailaddress login as an alternative to the basic splash page.
.sp
It is enabled by setting in config:
.sp
@@ -859,9 +857,9 @@ No additional FAS or PreAuth config settings are required.
This option overrides any other FAS configuration and takes the form of the path to the PreAuth script.
The path to the preinstalled login script is included in option preauth in the default config files, for example in OpenWrt:
.sp
\fI#option preauth \(aq/usr/lib/nodogsplash/login.sh\(aq\fP
\fI#option preauth \(aq/usr/lib/opennds/login.sh\(aq\fP
.sp
The "#" symbol means the line is commented. To activate, remove the "#". save and restart Nodogsplash.
The "#" symbol means the line is commented. To activate, remove the "#". save and restart opennds.
.SS Using PreAuth version 3.3.1 to version 4.0.1
.sp
From version 3.3.1 to version 4.0.1, PreAuth is set up using the standard NDS configuration for FAS
@@ -875,7 +873,7 @@ In addition a single PreAuth configuration option is required to inform NDS of t
.IP 1. 3
\fBfasport\fP\&. This enables FAS and \fImust\fP be set to the same value as the gateway port.
.IP 2. 3
\fBfaspath\fP\&. This \fImust\fP be set to the PreAuth virtual url, "/nodogsplash_preauth/" by default.
\fBfaspath\fP\&. This \fImust\fP be set to the PreAuth virtual url, "/opennds_preauth/" by default.
.IP 3. 3
\fBpreauth\fP\&. This the path to the PreAuth script.
.UNINDENT
@@ -901,14 +899,14 @@ From version 3.3.1 onwards, the example PreAuth script is preinstalled.
.UNINDENT
.SS Enabling the Preinstalled Login Script (v3.3.1 to 4.0.1)
.sp
On Openwrt, edit (to uncomment) following lines in the /etc/config/nodogsplash file:
On Openwrt, edit (to uncomment) following lines in the /etc/config/opennds file:
.INDENT 0.0
.INDENT 3.5
\fI#option fasport \(aq2050\(aq\fP
.sp
\fI#option faspath \(aq/nodogsplash_preauth/\(aq\fP
\fI#option faspath \(aq/opennds_preauth/\(aq\fP
.sp
\fI#option preauth \(aq/usr/lib/nodogsplash/login.sh\(aq\fP
\fI#option preauth \(aq/usr/lib/opennds/login.sh\(aq\fP
.UNINDENT
.UNINDENT
.sp
@@ -917,28 +915,28 @@ To read:
.INDENT 3.5
\fIoption fasport \(aq2050\(aq\fP
.sp
\fIoption faspath \(aq/nodogsplash_preauth/\(aq\fP
\fIoption faspath \(aq/opennds_preauth/\(aq\fP
.sp
\fIoption preauth \(aq/usr/lib/nodogsplash/login.sh\(aq\fP
\fIoption preauth \(aq/usr/lib/opennds/login.sh\(aq\fP
.UNINDENT
.UNINDENT
.SS Enabling the Preinstalled Login Script (v4.0.2 onwards)
.sp
On Openwrt, edit (to uncomment) following line in the /etc/config/nodogsplash file:
On Openwrt, edit (to uncomment) following line in the /etc/config/opennds file:
.INDENT 0.0
.INDENT 3.5
\fI#option preauth \(aq/usr/lib/nodogsplash/login.sh\(aq\fP
\fI#option preauth \(aq/usr/lib/opennds/login.sh\(aq\fP
.UNINDENT
.UNINDENT
.sp
To read:
.INDENT 0.0
.INDENT 3.5
\fIoption preauth \(aq/usr/lib/nodogsplash/login.sh\(aq\fP
\fIoption preauth \(aq/usr/lib/opennds/login.sh\(aq\fP
.UNINDENT
.UNINDENT
.sp
For other operating systems edit the equivalent lines in the /etc/nodogsplash/nodogsplash.conf file
For other operating systems edit the equivalent lines in the /etc/opennds/opennds.conf file
.sp
After making the change, save the file and restart the router.
.SS What Does the Example Login Script Do?
@@ -958,7 +956,7 @@ This is a simple example of a script to demonstrate how to use PreAuth as a buil
An additional example PreAuth script, demo\-preauth\-remote\-image.sh, is available in the source code:
.INDENT 0.0
.INDENT 3.5
\fIhttps://github.com/nodogsplash/nodogsplash/archive/master.zip\fP
\fIhttps://github.com/opennds/opennds/archive/master.zip\fP
.UNINDENT
.UNINDENT
.sp
@@ -971,17 +969,17 @@ and extracting from the folder:
.sp
This is an enhancement of the preinstalled login.sh, giving an example of how to display images pulled in from remote web servers, both http and https.
.sp
The example displays the NodogSplash avatar image dynamically retreived from Github.
The example displays the opennds avatar image dynamically retreived from Github.
.SS Writing A Preauth Script
.sp
A Preauth script can be written as a shell script or any other language that the system has an interpreter for. It could also be a complied program.
.sp
NDS calls the preauth script with a command line equivalent to an html query string but with ", " (comma space) in place of "&" (ampersand).
.sp
Full details are included in the example script demo\-preauth.sh available by downloading the Nodogsplash zip file from
Full details are included in the example script demo\-preauth.sh available by downloading the opennds zip file from
.INDENT 0.0
.INDENT 3.5
\fIhttps://github.com/nodogsplash/nodogsplash/\fP
\fIhttps://github.com/opennds/opennds/\fP
.UNINDENT
.UNINDENT
.sp
@@ -1017,7 +1015,7 @@ To return to the script and show additional pages, the form action must be set t
.sp
.nf
.ft C
<form action=\e"/nodogsplash_preauth/\e" method=\e"get\e">
<form action=\e"/opennds_preauth/\e" method=\e"get\e">
.ft P
.fi
.UNINDENT
@@ -1059,7 +1057,7 @@ When the logic of this script decides we should allow the client to access the I
.sp
.nf
.ft C
"<form action=\e"/nodogsplash_auth/\e" method=\e"get\e">"
"<form action=\e"/opennds_auth/\e" method=\e"get\e">"
.ft P
.fi
.UNINDENT
@@ -1113,7 +1111,7 @@ A modified version of the Username/Email\-address login script is available that
This additional example PreAuth script, demo\-preauth\-remote\-image.sh, is available in the source code:
.INDENT 0.0
.INDENT 3.5
\fIhttps://github.com/nodogsplash/nodogsplash/archive/master.zip\fP
\fIhttps://github.com/opennds/opennds/archive/master.zip\fP
.UNINDENT
.UNINDENT
.sp
@@ -1126,7 +1124,7 @@ and extracting from the folder:
.sp
This is an enhancement of the preinstalled login.sh, giving an example of how to display images pulled in from remote web servers, both http and https.
.sp
The example displays the NodogSplash avatar image dynamically retrieved from Github.
The example displays the openNDS avatar image dynamically retrieved from Github.
.SH BINAUTH OPTION
.SS Overview
.sp
@@ -1165,11 +1163,11 @@ After NDS has received a shutdown command
.SS Example BinAuth Scripts
.sp
Two example BinAuth scripts are included in the source files available for download at:
\fI\%https://github.com/nodogsplash/nodogsplash/releases\fP
\fI\%https://github.com/opennds/opennds/releases\fP
.sp
The files can be extracted from the downloaded release archive file and reside in the folder:
.sp
\fI/nodogsplash\-[*version*]/forward_authentication_service/binauth\fP
\fI/opennds\-[*version*]/forward_authentication_service/binauth\fP
.SS Example 1 \- Sitewide Username/Password
.sp
This example is a script designed to be used with or without FAS and provides site wide Username/Password login for two groups of users, in this case "Staff" and "Guest" with two corresponding sets of credentials. If used without FAS, a special html splash page must be installed, otherwise FAS must forward the required username and password variables.
@@ -1191,34 +1189,34 @@ splash_sitewide.html
.UNINDENT
.UNINDENT
.sp
The file binauth_sitewide.sh should be copied to a suitable location on the NDS router, eg \fI/etc/nodogsplash/\fP
The file binauth_sitewide.sh should be copied to a suitable location on the NDS router, eg \fI/etc/opennds/\fP
.sp
The file splash_sitewide.html should be copied to \fI/etc/nodogsplash/htdocs/\fP
The file splash_sitewide.html should be copied to \fI/etc/opennds/htdocs/\fP
.sp
Assuming FAS is not being used, NDS is then configured by setting the BinAuth and SplashPage options in the config file (/etc/config/nodogsplash on Openwrt, or /etc/nodogsplash/nodogsplash.conf on other operating systems.
Assuming FAS is not being used, NDS is then configured by setting the BinAuth and SplashPage options in the config file (/etc/config/opennds on Openwrt, or /etc/opennds/opennds.conf on other operating systems.
.sp
On OpenWrt this is most easily accomplished by issuing the following commands:
.INDENT 0.0
.INDENT 3.5
\fIuci set nodogsplash.@nodogsplash[0].splashpage=\(aqsplash_sitewide.html\(aq\fP
\fIuci set opennds.@opennds[0].splashpage=\(aqsplash_sitewide.html\(aq\fP
.sp
\fIuci set nodogsplash.@nodogsplash[0].binauth=\(aq/etc/nodogsplash/binauth_sitewide.sh\(aq\fP
\fIuci set opennds.@opennds[0].binauth=\(aq/etc/opennds/binauth_sitewide.sh\(aq\fP
.sp
\fIuci commit nodogsplash\fP
\fIuci commit opennds\fP
.UNINDENT
.UNINDENT
.sp
The script file must be executable and is flagged as such in the source archive. If necessary set using the command:
.INDENT 0.0
.INDENT 3.5
\fIchmod u+x /etc/nodogsplash/binauth_sitewide.sh\fP
\fIchmod u+x /etc/opennds/binauth_sitewide.sh\fP
.UNINDENT
.UNINDENT
.sp
This script is then activated with the command:
.INDENT 0.0
.INDENT 3.5
\fIservice nodogsplash restart\fP
\fIservice opennds restart\fP
.UNINDENT
.UNINDENT
.sp
@@ -1278,7 +1276,7 @@ case "$METHOD" in
# timeout_deauth: Client was deauthenticated because the session timed out.
# ndsctl_auth: Client was authenticated by the ndsctl tool.
# ndsctl_deauth: Client was deauthenticated by the ndsctl tool.
# shutdown_deauth: Client was deauthenticated by Nodogsplash terminating.
# shutdown_deauth: Client was deauthenticated by opennds terminating.
;;
esac
.ft P
@@ -1310,7 +1308,7 @@ The \fISESSION_START\fP and \fISESSION_END\fP values are the number of seconds s
<!\-\-
Content:
Nodogsplash (NDS), by default, serves this splash page (splash.html)
opennds (NDS), by default, serves this splash page (splash.html)
when a client device Captive Portal Detection (CPD) process
attempts to send a port 80 request to the Internet.
@@ -1382,7 +1380,7 @@ or appended to the query string of the authtarget link:
</form>
<hr>
<copy\-right>Copyright &copy; The Nodogsplash Contributors 2004\-2019.<br>This software is released under the GNU GPL license.</copy\-right>
<copy\-right>Copyright &copy; The opennds Contributors 2004\-2019.<br>This software is released under the GNU GPL license.</copy\-right>
</div></div>
</body>
@@ -1409,30 +1407,30 @@ binauth_log.sh
.UNINDENT
.UNINDENT
.sp
The file binauth_log.sh should be copied to a suitable location on the NDS router, eg \fI/etc/nodogsplash/\fP
The file binauth_log.sh should be copied to a suitable location on the NDS router, eg \fI/etc/opennds/\fP
.sp
Assuming FAS is not being used, NDS is then configured by setting the BinAuth option in the config file (/etc/config/nodogsplash on Openwrt, or /etc/nodogsplash/nodogsplash.conf on other operating systems.
Assuming FAS is not being used, NDS is then configured by setting the BinAuth option in the config file (/etc/config/opennds on Openwrt, or /etc/opennds/opennds.conf on other operating systems.
.sp
On OpenWrt this is most easily accomplished by issuing the following commands:
.INDENT 0.0
.INDENT 3.5
\fIuci set nodogsplash.@nodogsplash[0].binauth=\(aq/etc/nodogsplash/binauth_log.sh\(aq\fP
\fIuci set opennds.@opennds[0].binauth=\(aq/etc/opennds/binauth_log.sh\(aq\fP
.sp
\fIuci commit nodogsplash\fP
\fIuci commit opennds\fP
.UNINDENT
.UNINDENT
.sp
The script file must be executable and is flagged as such in the source archive. If necessary set using the command:
.INDENT 0.0
.INDENT 3.5
\fIchmod u+x /etc/nodogsplash/binauth_log.sh\fP
\fIchmod u+x /etc/opennds/binauth_log.sh\fP
.UNINDENT
.UNINDENT
.sp
This script is then activated with the command:
.INDENT 0.0
.INDENT 3.5
\fIservice nodogsplash restart\fP
\fIservice opennds restart\fP
.UNINDENT
.UNINDENT
.sp
@@ -1534,7 +1532,7 @@ A number of library utilities are included. These may be used by NDS itself, FAS
.sp
By default, library utilities will be installed in the folder
.sp
\fB/usr/lib/nodogsplash/\fP
\fB/usr/lib/opennds/\fP
.SS List of Library Utilities
.SS get_client_token.sh
.sp
@@ -1612,7 +1610,7 @@ Where:
.SH TRAFFIC CONTROL
.SS Overview
.sp
Nodogsplash (NDS) supports Traffic Control (Bandwidth Limiting) using the SQM \- Smart Queue Management (sqm\-scripts) package, available for OpenWrt and generic Linux.
openNDS (NDS) supports Traffic Control (Bandwidth Limiting) using the SQM \- Smart Queue Management (sqm\-scripts) package, available for OpenWrt and generic Linux.
.sp
\fI\%https://github.com/tohojo/sqm\-scripts\fP
.sp
@@ -1789,10 +1787,10 @@ Further details about SQM can be found at the following links:
\fI\%https://openwrt.org/docs/guide\-user/network/traffic\-shaping/sqm\-details\fP
.SH USING NDSCTL
.sp
A nodogsplash install includes ndsctl, a separate application which provides some control over a running nodogsplash process by communicating with it over a unix socket. Some command line options:
A openNDS install includes ndsctl, a separate application which provides some control over a running openNDS process by communicating with it over a unix socket. Some command line options:
.INDENT 0.0
.IP \(bu 2
To print to stdout some information about your nodogsplash process:
To print to stdout some information about your openNDS process:
.INDENT 2.0
.INDENT 3.5
\fB/usr/bin/ndsctl status\fP
@@ -1876,10 +1874,10 @@ debuglevel 3 : debuglevel 2 + LOG_DEBUG
All other levels are undefined and will result in debug level 3 being set.
.UNINDENT
.sp
For more options, run ndsctl \-h. (Note that if you want the effect of ndsctl commands to to persist across nodogsplash restarts, you have to edit the configuration file.)
.SH CUSTOMISING NODOGSPLASH
For more options, run ndsctl \-h. (Note that if you want the effect of ndsctl commands to to persist across openNDS restarts, you have to edit the configuration file.)
.SH CUSTOMISING OPENNDS
.sp
After initial installation, NoDogSplash (NDS) should be working in its most basic mode and client Captive Portal Detection (CPD) should pop up the default splash page.
After initial installation, openNDS (NDS) should be working in its most basic mode and client Captive Portal Detection (CPD) should pop up the default splash page.
.sp
Before attempting to customise NDS you should ensure it is working in this basic mode before you start.
.sp
@@ -1910,14 +1908,14 @@ Prohibit the execution of javascript.
In OpenWrt, or operating systems supporting UCI (such as LEDE) the configuration is kept in the file:
.INDENT 0.0
.INDENT 3.5
\fB/etc/config/nodogsplash\fP
\fB/etc/config/opennds\fP
.UNINDENT
.UNINDENT
.sp
In other operating systems the configuration is kept in the file:
.INDENT 0.0
.INDENT 3.5
\fB/etc/nodogsplash/nodogsplash.conf\fP
\fB/etc/opennds/opennds.conf\fP
.UNINDENT
.UNINDENT
.sp
@@ -1931,7 +1929,7 @@ For example, to list the full configuration, at the command line type:
.sp
.nf
.ft C
uci show nodogsplash
uci show opennds
.ft P
.fi
.UNINDENT
@@ -1943,7 +1941,7 @@ To display the Gateway Name, type:
.sp
.nf
.ft C
uci get nodogsplash.@nodogsplash[0].gatewayname
uci get opennds.@opennds[0].gatewayname
.ft P
.fi
.UNINDENT
@@ -1955,7 +1953,7 @@ To set the Gateway Name to a new value, type:
.sp
.nf
.ft C
uci set nodogsplash.@nodogsplash[0].gatewayname=\(aqmy new gateway\(aq
uci set opennds.@opennds[0].gatewayname=\(aqmy new gateway\(aq
.ft P
.fi
.UNINDENT
@@ -1967,7 +1965,7 @@ To add a new firewall rule allowing access to another service running on port 88
.sp
.nf
.ft C
uci add_list nodogsplash.@nodogsplash[0].users_to_router=\(aqallow
uci add_list opennds.@opennds[0].users_to_router=\(aqallow
tcp port 8888\(aq
.ft P
.fi
@@ -1980,7 +1978,7 @@ Finally you must tell UCI to commit your changes to the configuration file:
.sp
.nf
.ft C
uci commit nodogsplash
uci commit opennds
.ft P
.fi
.UNINDENT
@@ -1991,7 +1989,7 @@ Enabled by setting option login_option_enabled = "0" (default)
The default default splash page can be found at:
.INDENT 0.0
.INDENT 3.5
\fB/etc/nodogsplash/htdocs/splash.html\fP
\fB/etc/opennds/htdocs/splash.html\fP
.UNINDENT
.UNINDENT
.sp
@@ -1999,9 +1997,9 @@ When the splash page is served, the following variables in the page are
replaced by their values:
.INDENT 0.0
.IP \(bu 2
\fI$gatewayname\fP The value of GatewayName as set in nodogsplash.conf.
\fI$gatewayname\fP The value of GatewayName as set in opennds.conf.
.IP \(bu 2
\fI$authtarget\fP A URL which encodes a unique token and the URL of the user\(aqs original web request. If nodogsplash receives a request at this URL, it completes the authentication process for the client and replies to the request with a "302 Found" to the encoded originally requested URL.
\fI$authtarget\fP A URL which encodes a unique token and the URL of the user\(aqs original web request. If opennds receives a request at this URL, it completes the authentication process for the client and replies to the request with a "302 Found" to the encoded originally requested URL.
.sp
It should be noted however that, depending on vendor, the client\(aqs built in CPD may not respond to simple html links.
.UNINDENT
@@ -2014,22 +2012,22 @@ An href link example that my prove to be problematical:
.UNINDENT
.UNINDENT
.sp
(You should instead use a GET\-method HTML form to send this information to the nodogsplash server; see below.)
(You should instead use a GET\-method HTML form to send this information to the opennds server; see below.)
.UNINDENT
.UNINDENT
.INDENT 0.0
.IP \(bu 2
\fI$tok\fP, \fI$redir\fP, \fI$authaction\fP, and \fI$denyaction\fP are available and should be used to write the splash page to use a GET\-method HTML form instead of using $authtarget as the value of an href attribute to communicate with the nodogsplash server.
\fI$tok\fP, \fI$redir\fP, \fI$authaction\fP, and \fI$denyaction\fP are available and should be used to write the splash page to use a GET\-method HTML form instead of using $authtarget as the value of an href attribute to communicate with the opennds server.
.UNINDENT
.INDENT 0.0
.INDENT 3.5
\fI$authaction\fP and \fI$denyaction\fP are virtual urls used to inform NDS that a client should be authenticated or deauthenticated and are of the form:
.sp
\fIhttp://gatewayaddress:gatewayport/nodogsplash_auth/\fP
\fIhttp://gatewayaddress:gatewayport/opennds_auth/\fP
.sp
and
.sp
\fIhttp://gatewayaddress:gatewayport/nodogsplash_deny/\fP
\fIhttp://gatewayaddress:gatewayport/opennds_deny/\fP
.sp
A simple example of a GET\-method form:
.UNINDENT
@@ -2057,7 +2055,7 @@ needs to be forwarded to some other place by the splash page itself.
\fI$nclients\fP and \fI$maxclients\fP User stats. Useful when you need to
display something like "n of m users online" on the splash site.
.IP \(bu 2
\fI$uptime\fP The time Nodogsplash has been running.
\fI$uptime\fP The time opennds has been running.
.UNINDENT
.INDENT 0.0
.INDENT 3.5
@@ -2065,7 +2063,7 @@ A list of all available variables are included in the splash.html file.
.sp
If the user accesses the virtual url \fI$authaction\fP when already authenticated, a status page is shown:
.sp
\fB/etc/nodogsplash/htdocs/status.html\fP
\fB/etc/opennds/htdocs/status.html\fP
.sp
In the status.html file, the same variables as in the splash.html site can be used.
.UNINDENT
@@ -2087,7 +2085,7 @@ Prohibit the execution of javascript.
.UNINDENT
.UNINDENT
.sp
Also, note that any images you reference should reside in the subdirectory /etc/nodogsplash/htdocs/images/.
Also, note that any images you reference should reside in the subdirectory /etc/opennds/htdocs/images/.
.SS Dynamic Splash Pages
.SS Pre\-Installed User Login Dynamic Splash Page
.sp
@@ -2119,7 +2117,7 @@ for v0.9.
.UNINDENT
.INDENT 0.0
.INDENT 3.5
A forwarding authentication service. FAS supports development of "Credential Verification" running on any dynamic web serving platform, on the same device as NoDogSplash, on another device on the local network, or on an Internet hosted web server.
A forwarding authentication service. FAS supports development of "Credential Verification" running on any dynamic web serving platform, on the same device as openNDS, on another device on the local network, or on an Internet hosted web server.
.UNINDENT
.UNINDENT
.INDENT 0.0
@@ -2128,7 +2126,7 @@ A forwarding authentication service. FAS supports development of "Credential Ver
.UNINDENT
.INDENT 0.0
.INDENT 3.5
An implementation of FAS running on the same device as Nodogsplash and using NoDogSplash\(aqs own web server to generate dynamic web pages. Any scripting language or even a compiled application program can be used. This has the advantage of not requiring the resources of a separate web server.
An implementation of FAS running on the same device as openNDS and using openNDS\(aqs own web server to generate dynamic web pages. Any scripting language or even a compiled application program can be used. This has the advantage of not requiring the resources of a separate web server.
.UNINDENT
.UNINDENT
.INDENT 0.0
@@ -2232,7 +2230,7 @@ The original pre version 1 feature has been broken since OpenWrt 12.09 (Attitude
.INDENT 3.5
\fBPull Requests are welcome!\fP
.sp
However the OpenWrt package, SQM Scripts (Smart Queue Management), is fully compatible with Nodogsplash and if configured to operate on the Nodogsplash interface (br\-lan by default) will provide efficient IP connection based traffic control to ensure fair usage of available bandwidth.
However the OpenWrt package, SQM Scripts (Smart Queue Management), is fully compatible with openNDS and if configured to operate on the openNDS interface (br\-lan by default) will provide efficient IP connection based traffic control to ensure fair usage of available bandwidth.
.UNINDENT
.UNINDENT
.SS Is https capture supported?
@@ -2267,17 +2265,17 @@ Prohibit the execution of javascript.
.UNINDENT
.UNINDENT
.UNINDENT
.SH HOW TO COMPILE NODOGSPLASH
.SH HOW TO COMPILE OPENNDS
.SS Linux/Unix
.sp
The Libmicrohttpd library is a dependency of NoDogSplash so you must first iInstall libmicrohttpd including the header files (often called \-dev package). Then proceed to download the NoDogSplash source files:
The Libmicrohttpd library is a dependency of opennds so you must first iInstall libmicrohttpd including the header files (often called \-dev package). Then proceed to download the opennds source files:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
git clone https://github.com/nodogsplash/nodogsplash.git
cd nodogsplash
git clone https://github.com/opennds/opennds.git
cd opennds
make
.ft P
.fi
@@ -2297,11 +2295,11 @@ make CFLAGS="\-I/tmp/libmicrohttpd_install/include" LDFLAGS="\-L/tmp/libmicrohtt
.UNINDENT
.UNINDENT
.sp
After compiling you can call \fBmake install\fP to install NoDogSplash to /usr/
After compiling you can call \fBmake install\fP to install opennds to /usr/
.SS Making a Package for Installation
.SS OpenWrt Package
.sp
To compile NoDogSplash and create its installable package, please use the package definition from the feeds package.
To compile opennds and create its installable package, please use the package definition from the feeds package.
.INDENT 0.0
.INDENT 3.5
.sp
@@ -2311,7 +2309,7 @@ git clone git://git.openwrt.org/trunk/openwrt.git
cd openwrt
\&./scripts/feeds update
\&./scripts/feeds install
\&./scripts/feeds install nodogsplash
\&./scripts/feeds install opennds
.ft P
.fi
.UNINDENT
@@ -2332,7 +2330,7 @@ make
.UNINDENT
.SS Debian Package
.sp
First you must compile NoDogSplash as described above for Linux/Unix.
First you must compile opennds as described above for Linux/Unix.
Then run the command:
.INDENT 0.0
.INDENT 3.5
@@ -2344,10 +2342,10 @@ make deb
.fi
.UNINDENT
.UNINDENT
.SH DEBUGGING NODOGSPLASH
.SH DEBUGGING OPENNDS
.SS Syslog Logging
.sp
NoDogSplash supports four levels of debugging to syslog.
openNDS supports four levels of debugging to syslog.
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
@@ -2367,7 +2365,7 @@ All other levels are undefined and will result in debug level 3 being set.
.UNINDENT
.UNINDENT
.sp
To see maximally verbose debugging output from NoDogSplash, set log level to 3. This can be done in the UCI configuration file on OpenWrt adding the line:
To see maximally verbose debugging output from openNDS, set log level to 3. This can be done in the UCI configuration file on OpenWrt adding the line:
.INDENT 0.0
.INDENT 3.5
\fBoption debuglevel \(aq3\(aq\fP
@@ -2384,17 +2382,17 @@ Logging level can also be set using ndsctl.
.SS Firewall Cleanup
.INDENT 0.0
.INDENT 3.5
When stopped, NoDogSplash deletes its iptables rules, attempting to leave the router\(aqs firewall in its original state. If not (for example, if NoDogSplash crashes instead of exiting cleanly) subsequently starting and stopping NoDogSplash should remove its rules.
When stopped, openNDS deletes its iptables rules, attempting to leave the router\(aqs firewall in its original state. If not (for example, if openNDS crashes instead of exiting cleanly) subsequently starting and stopping openNDS should remove its rules.
.sp
On OpenWrt, restarting the firewall will overwrite NoDogSplash\(aqs iptables rules, so when the firewall is restarted it will automatically restart NoDogSplash if it is running.
On OpenWrt, restarting the firewall will overwrite openNDS\(aqs iptables rules, so when the firewall is restarted it will automatically restart openNDS if it is running.
.UNINDENT
.UNINDENT
.SS Packet Marking
.INDENT 0.0
.INDENT 3.5
NoDogSplash operates by marking packets. Many packages, such as mwan3 and SQM scripts, also mark packets.
openNDS operates by marking packets. Many packages, such as mwan3 and SQM scripts, also mark packets.
.sp
By default, NoDogSplash marks its packets in such a way that conflicts are unlikely to occur but the masks used by NoDogSplash can be changed if necessary in the configuration file.
By default, openNDS marks its packets in such a way that conflicts are unlikely to occur but the masks used by openNDS can be changed if necessary in the configuration file.
.UNINDENT
.UNINDENT
.SS IPtables Conflicts
@@ -2444,8 +2442,8 @@ genindex
search
.UNINDENT
.SH AUTHOR
The Nodogsplash Contributors
The openNDS Contributors
.SH COPYRIGHT
2016 - 2020, The Nodogsplash Contributors
2016 - 2020, The NoDogSplash and openNDS Contributors
.\" Generated by docutils manpage writer.
.

1
debian/nodogsplash.links vendored
View File

@@ -1 +0,0 @@
usr/share/man/man1/nodogsplash.1.gz usr/share/man/man1/ndsctl.1.gz

1
debian/nodogsplash.manpages vendored
View File

@@ -1 +0,0 @@
debian/doc/nodogsplash.1

1
debian/opennds.links vendored Normal file
View File

@@ -0,0 +1 @@
usr/share/man/man1/opennds.1.gz usr/share/man/man1/ndsctl.1.gz

1
debian/opennds.manpages vendored Normal file
View File

@@ -0,0 +1 @@
debian/doc/opennds.1

5
debian/nodogsplash.service → debian/opennds.service vendored
View File

@@ -1,10 +1,11 @@
[Unit]
Description=NoDogSplash Captive Portal
Description=openNDS Captive Portal
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/nodogsplash $OPTIONS
ExecStartPre=sleep 10
ExecStart=/usr/bin/opennds $OPTIONS
Restart=on-failure
[Install]

10
docs/Makefile
View File

@@ -1,6 +1,6 @@
# Makefile for Sphinx documentation
# run command "make man" in this folder
# then copy nodogsplash.1 to the Debian docs folder
# then copy opennds.1 to the Debian docs folder
#
# You can set these variables from the command line.
@@ -93,9 +93,9 @@ qthelp:
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/nodogsplash.qhcp"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/opennds.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/nodogsplash.qhc"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/opennds.qhc"
.PHONY: applehelp
applehelp:
@@ -112,8 +112,8 @@ devhelp:
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/nodogsplash"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/nodogsplash"
@echo "# mkdir -p $$HOME/.local/share/devhelp/opennds"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/opennds"
@echo "# devhelp"
.PHONY: epub

38
docs/source/binauth.rst
View File

@@ -27,11 +27,11 @@ BinAuth is not available when FAS is used at fas_secure_enabled = 3.
Example BinAuth Scripts
***********************
Two example BinAuth scripts are included in the source files available for download at:
https://github.com/nodogsplash/nodogsplash/releases
https://github.com/opennds/opennds/releases
The files can be extracted from the downloaded release archive file and reside in the folder:
`/nodogsplash-[*version*]/forward_authentication_service/binauth`
`/opennds-[*version*]/forward_authentication_service/binauth`
Example 1 - Sitewide Username/Password
**************************************
@@ -48,27 +48,27 @@ This script has two components, the actual script and an associated html file.
* binauth_sitewide.sh
* splash_sitewide.html
The file binauth_sitewide.sh should be copied to a suitable location on the NDS router, eg `/etc/nodogsplash/`
The file binauth_sitewide.sh should be copied to a suitable location on the NDS router, eg `/etc/opennds/`
The file splash_sitewide.html should be copied to `/etc/nodogsplash/htdocs/`
The file splash_sitewide.html should be copied to `/etc/opennds/htdocs/`
Assuming FAS is not being used, NDS is then configured by setting the BinAuth and SplashPage options in the config file (/etc/config/nodogsplash on Openwrt, or /etc/nodogsplash/nodogsplash.conf on other operating systems.
Assuming FAS is not being used, NDS is then configured by setting the BinAuth and SplashPage options in the config file (/etc/config/opennds on Openwrt, or /etc/opennds/opennds.conf on other operating systems.
On OpenWrt this is most easily accomplished by issuing the following commands:
`uci set nodogsplash.@nodogsplash[0].splashpage='splash_sitewide.html'`
`uci set opennds.@opennds[0].splashpage='splash_sitewide.html'`
`uci set nodogsplash.@nodogsplash[0].binauth='/etc/nodogsplash/binauth_sitewide.sh'`
`uci set opennds.@opennds[0].binauth='/etc/opennds/binauth_sitewide.sh'`
`uci commit nodogsplash`
`uci commit opennds`
The script file must be executable and is flagged as such in the source archive. If necessary set using the command:
`chmod u+x /etc/nodogsplash/binauth_sitewide.sh`
`chmod u+x /etc/opennds/binauth_sitewide.sh`
This script is then activated with the command:
`service nodogsplash restart`
`service opennds restart`
**The Example 1 script contains the following code:**
@@ -124,7 +124,7 @@ This script is then activated with the command:
# timeout_deauth: Client was deauthenticated because the session timed out.
# ndsctl_auth: Client was authenticated by the ndsctl tool.
# ndsctl_deauth: Client was deauthenticated by the ndsctl tool.
# shutdown_deauth: Client was deauthenticated by Nodogsplash terminating.
# shutdown_deauth: Client was deauthenticated by opennds terminating.
;;
esac
@@ -151,7 +151,7 @@ The `SESSION_START` and `SESSION_END` values are the number of seconds since 197
<!--
Content:
Nodogsplash (NDS), by default, serves this splash page (splash.html)
opennds (NDS), by default, serves this splash page (splash.html)
when a client device Captive Portal Detection (CPD) process
attempts to send a port 80 request to the Internet.
@@ -223,7 +223,7 @@ The `SESSION_START` and `SESSION_END` values are the number of seconds since 197
</form>
<hr>
<copy-right>Copyright &copy; The Nodogsplash Contributors 2004-2019.<br>This software is released under the GNU GPL license.</copy-right>
<copy-right>Copyright &copy; The opennds Contributors 2004-2019.<br>This software is released under the GNU GPL license.</copy-right>
</div></div>
</body>
@@ -243,23 +243,23 @@ This script has a single component, the shell script.
* binauth_log.sh
The file binauth_log.sh should be copied to a suitable location on the NDS router, eg `/etc/nodogsplash/`
The file binauth_log.sh should be copied to a suitable location on the NDS router, eg `/etc/opennds/`
Assuming FAS is not being used, NDS is then configured by setting the BinAuth option in the config file (/etc/config/nodogsplash on Openwrt, or /etc/nodogsplash/nodogsplash.conf on other operating systems.
Assuming FAS is not being used, NDS is then configured by setting the BinAuth option in the config file (/etc/config/opennds on Openwrt, or /etc/opennds/opennds.conf on other operating systems.
On OpenWrt this is most easily accomplished by issuing the following commands:
`uci set nodogsplash.@nodogsplash[0].binauth='/etc/nodogsplash/binauth_log.sh'`
`uci set opennds.@opennds[0].binauth='/etc/opennds/binauth_log.sh'`
`uci commit nodogsplash`
`uci commit opennds`
The script file must be executable and is flagged as such in the source archive. If necessary set using the command:
`chmod u+x /etc/nodogsplash/binauth_log.sh`
`chmod u+x /etc/opennds/binauth_log.sh`
This script is then activated with the command:
`service nodogsplash restart`
`service opennds restart`
**The Example 2 script contains the following code:**

16
docs/source/compile.rst
View File

@@ -1,15 +1,15 @@
How to Compile Nodogsplash
How to Compile opennds
##########################
Linux/Unix
**********
The Libmicrohttpd library is a dependency of NoDogSplash so you must first iInstall libmicrohttpd including the header files (often called -dev package). Then proceed to download the NoDogSplash source files:
The Libmicrohttpd library is a dependency of opennds so you must first iInstall libmicrohttpd including the header files (often called -dev package). Then proceed to download the opennds source files:
.. code::
git clone https://github.com/nodogsplash/nodogsplash.git
cd nodogsplash
git clone https://github.com/opennds/opennds.git
cd opennds
make
If you installed the libmicrohttpd to another location (e.g. /tmp/libmicrohttpd_install/)
@@ -19,7 +19,7 @@ replace path in the make call with
make CFLAGS="-I/tmp/libmicrohttpd_install/include" LDFLAGS="-L/tmp/libmicrohttpd_install/lib"
After compiling you can call ``make install`` to install NoDogSplash to /usr/
After compiling you can call ``make install`` to install opennds to /usr/
Making a Package for Installation
*********************************
@@ -27,7 +27,7 @@ Making a Package for Installation
OpenWrt Package
===============
To compile NoDogSplash and create its installable package, please use the package definition from the feeds package.
To compile opennds and create its installable package, please use the package definition from the feeds package.
.. code::
@@ -35,7 +35,7 @@ To compile NoDogSplash and create its installable package, please use the packag
cd openwrt
./scripts/feeds update
./scripts/feeds install
./scripts/feeds install nodogsplash
./scripts/feeds install opennds
Select the appropriate "Target System" and "Target Profile" in the menuconfig menu and build the image.
@@ -48,7 +48,7 @@ Select the appropriate "Target System" and "Target Profile" in the menuconfig me
Debian Package
==============
First you must compile NoDogSplash as described above for Linux/Unix.
First you must compile opennds as described above for Linux/Unix.
Then run the command:
.. code::

26
docs/source/conf.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# nodogsplash documentation build configuration file, created by
# opennds documentation build configuration file, created by
# sphinx-quickstart on Thu Nov 10 13:53:25 2016.
#
# This file is execfile()d with the current directory set to its
@@ -51,18 +51,18 @@ source_suffix = '.rst'
master_doc = 'index'
# General information about the project.
project = 'NoDogSplash'
copyright = '2016 - 2020, The Nodogsplash Contributors'
author = 'The Nodogsplash Contributors'
project = 'openNDS'
copyright = '2016 - 2020, The NoDogSplash and openNDS Contributors'
author = 'The openNDS Contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '4.5.1beta'
version = '5.0.0beta'
# The full version, including alpha/beta/rc tags.
release = '4.5.1beta'
release = '5.0.0beta'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@@ -236,7 +236,7 @@ html_static_path = ['_static']
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'nodogsplashdoc'
htmlhelp_basename = 'openndsdoc'
# -- Options for LaTeX output ---------------------------------------------
@@ -262,8 +262,8 @@ latex_elements = {
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'nodogsplash.tex', 'nodogsplash Documentation',
'the nodogsplash contributors', 'manual'),
(master_doc, 'opennds.tex', 'opennds Documentation',
'the opennds contributors', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
@@ -304,7 +304,7 @@ latex_documents = [
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'nodogsplash', 'nodogsplash Documentation',
(master_doc, 'opennds', 'opennds Documentation',
[author], 1)
]
@@ -319,12 +319,12 @@ man_pages = [
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'nodogsplash', 'nodogsplash Documentation',
author, 'nodogsplash', 'One line description of project.',
(master_doc, 'opennds', 'opennds Documentation',
author, 'opennds', 'One line description of project.',
'Miscellaneous'),
]
# original homepage of nodogsplash is down.
# original homepage of opennds is down.
linkcheck_ignore = [r'http://kokoro.ucsd.edu/nodogsplash']
# Documents to append as an appendix to all manuals.

38
docs/source/customize.rst
View File

@@ -1,7 +1,7 @@
Customising NoDogSplash
Customising openNDS
########################
After initial installation, NoDogSplash (NDS) should be working in its most basic mode and client Captive Portal Detection (CPD) should pop up the default splash page.
After initial installation, openNDS (NDS) should be working in its most basic mode and client Captive Portal Detection (CPD) should pop up the default splash page.
Before attempting to customise NDS you should ensure it is working in this basic mode before you start.
@@ -29,12 +29,12 @@ The Configuration File
In OpenWrt, or operating systems supporting UCI (such as LEDE) the configuration is kept in the file:
``/etc/config/nodogsplash``
``/etc/config/opennds``
In other operating systems the configuration is kept in the file:
``/etc/nodogsplash/nodogsplash.conf``
``/etc/opennds/opennds.conf``
Both of these files contain a full list of options and can be edited directly. A restart of NDS is required for any changes to take effect.
@@ -44,32 +44,32 @@ For example, to list the full configuration, at the command line type:
.. code-block:: sh
uci show nodogsplash
uci show opennds
To display the Gateway Name, type:
.. code-block:: sh
uci get nodogsplash.@nodogsplash[0].gatewayname
uci get opennds.@opennds[0].gatewayname
To set the Gateway Name to a new value, type:
.. code-block:: sh
uci set nodogsplash.@nodogsplash[0].gatewayname='my new gateway'
uci set opennds.@opennds[0].gatewayname='my new gateway'
To add a new firewall rule allowing access to another service running on port 8888 on the router, type:
.. code-block:: sh
uci add_list nodogsplash.@nodogsplash[0].users_to_router='allow
uci add_list opennds.@opennds[0].users_to_router='allow
tcp port 8888'
Finally you must tell UCI to commit your changes to the configuration file:
.. code-block:: sh
uci commit nodogsplash
uci commit opennds
The Default Click and Go Splash Page
************************************
@@ -77,13 +77,13 @@ The Default Click and Go Splash Page
Enabled by setting option login_option_enabled = "0" (default)
The default default splash page can be found at:
``/etc/nodogsplash/htdocs/splash.html``
``/etc/opennds/htdocs/splash.html``
When the splash page is served, the following variables in the page are
replaced by their values:
* *$gatewayname* The value of GatewayName as set in nodogsplash.conf.
* *$authtarget* A URL which encodes a unique token and the URL of the user's original web request. If nodogsplash receives a request at this URL, it completes the authentication process for the client and replies to the request with a "302 Found" to the encoded originally requested URL.
* *$gatewayname* The value of GatewayName as set in opennds.conf.
* *$authtarget* A URL which encodes a unique token and the URL of the user's original web request. If opennds receives a request at this URL, it completes the authentication process for the client and replies to the request with a "302 Found" to the encoded originally requested URL.
It should be noted however that, depending on vendor, the client's built in CPD may not respond to simple html links.
@@ -91,17 +91,17 @@ replaced by their values:
``<a href="$authtarget">Enter</a>``
(You should instead use a GET-method HTML form to send this information to the nodogsplash server; see below.)
(You should instead use a GET-method HTML form to send this information to the opennds server; see below.)
* *$tok*, *$redir*, *$authaction*, and *$denyaction* are available and should be used to write the splash page to use a GET-method HTML form instead of using $authtarget as the value of an href attribute to communicate with the nodogsplash server.
* *$tok*, *$redir*, *$authaction*, and *$denyaction* are available and should be used to write the splash page to use a GET-method HTML form instead of using $authtarget as the value of an href attribute to communicate with the opennds server.
*$authaction* and *$denyaction* are virtual urls used to inform NDS that a client should be authenticated or deauthenticated and are of the form:
`http://gatewayaddress:gatewayport/nodogsplash_auth/`
`http://gatewayaddress:gatewayport/opennds_auth/`
and
`http://gatewayaddress:gatewayport/nodogsplash_deny/`
`http://gatewayaddress:gatewayport/opennds_deny/`
A simple example of a GET-method form:
@@ -121,13 +121,13 @@ replaced by their values:
* *$nclients* and *$maxclients* User stats. Useful when you need to
display something like "n of m users online" on the splash site.
* *$uptime* The time Nodogsplash has been running.
* *$uptime* The time opennds has been running.
A list of all available variables are included in the splash.html file.
If the user accesses the virtual url *$authaction* when already authenticated, a status page is shown:
``/etc/nodogsplash/htdocs/status.html``
``/etc/opennds/htdocs/status.html``
In the status.html file, the same variables as in the splash.html site can be used.
@@ -141,7 +141,7 @@ It should be noted when designing a custom splash page that for security reasons
* Prohibit the execution of javascript.
Also, note that any images you reference should reside in the subdirectory /etc/nodogsplash/htdocs/images/.
Also, note that any images you reference should reside in the subdirectory /etc/opennds/htdocs/images/.
Dynamic Splash Pages
********************

14
docs/source/debug.rst
View File

@@ -1,10 +1,10 @@
Debugging NoDogSplash
Debugging openNDS
#####################
Syslog Logging
**************
NoDogSplash supports four levels of debugging to syslog.
openNDS supports four levels of debugging to syslog.
* debuglevel 0 : Silent (only LOG_ERR and LOG_EMERG messages will be seen, otherwise there will be no logging.)
* debuglevel 1 : LOG_ERR, LOG_EMERG, LOG_WARNING and LOG_NOTICE (this is the default level).
@@ -13,7 +13,7 @@ NoDogSplash supports four levels of debugging to syslog.
All other levels are undefined and will result in debug level 3 being set.
To see maximally verbose debugging output from NoDogSplash, set log level to 3. This can be done in the UCI configuration file on OpenWrt adding the line:
To see maximally verbose debugging output from openNDS, set log level to 3. This can be done in the UCI configuration file on OpenWrt adding the line:
``option debuglevel '3'``
@@ -26,16 +26,16 @@ NoDogSplash supports four levels of debugging to syslog.
Firewall Cleanup
****************
When stopped, NoDogSplash deletes its iptables rules, attempting to leave the router's firewall in its original state. If not (for example, if NoDogSplash crashes instead of exiting cleanly) subsequently starting and stopping NoDogSplash should remove its rules.
When stopped, openNDS deletes its iptables rules, attempting to leave the router's firewall in its original state. If not (for example, if openNDS crashes instead of exiting cleanly) subsequently starting and stopping openNDS should remove its rules.
On OpenWrt, restarting the firewall will overwrite NoDogSplash's iptables rules, so when the firewall is restarted it will automatically restart NoDogSplash if it is running.
On OpenWrt, restarting the firewall will overwrite openNDS's iptables rules, so when the firewall is restarted it will automatically restart openNDS if it is running.
Packet Marking
**************
NoDogSplash operates by marking packets. Many packages, such as mwan3 and SQM scripts, also mark packets.
openNDS operates by marking packets. Many packages, such as mwan3 and SQM scripts, also mark packets.
By default, NoDogSplash marks its packets in such a way that conflicts are unlikely to occur but the masks used by NoDogSplash can be changed if necessary in the configuration file.
By default, openNDS marks its packets in such a way that conflicts are unlikely to occur but the masks used by openNDS can be changed if necessary in the configuration file.
IPtables Conflicts
******************

6
docs/source/faq.rst
View File

@@ -14,11 +14,11 @@ for v0.9.
* **FAS**
A forwarding authentication service. FAS supports development of "Credential Verification" running on any dynamic web serving platform, on the same device as NoDogSplash, on another device on the local network, or on an Internet hosted web server.
A forwarding authentication service. FAS supports development of "Credential Verification" running on any dynamic web serving platform, on the same device as openNDS, on another device on the local network, or on an Internet hosted web server.
* **PreAuth**
An implementation of FAS running on the same device as Nodogsplash and using NoDogSplash's own web server to generate dynamic web pages. Any scripting language or even a compiled application program can be used. This has the advantage of not requiring the resources of a separate web server.
An implementation of FAS running on the same device as openNDS and using openNDS's own web server to generate dynamic web pages. Any scripting language or even a compiled application program can be used. This has the advantage of not requiring the resources of a separate web server.
* **BinAuth**
@@ -91,7 +91,7 @@ The original pre version 1 feature has been broken since OpenWrt 12.09 (Attitude
**Pull Requests are welcome!**
However the OpenWrt package, SQM Scripts (Smart Queue Management), is fully compatible with Nodogsplash and if configured to operate on the Nodogsplash interface (br-lan by default) will provide efficient IP connection based traffic control to ensure fair usage of available bandwidth.
However the OpenWrt package, SQM Scripts (Smart Queue Management), is fully compatible with openNDS and if configured to operate on the openNDS interface (br-lan by default) will provide efficient IP connection based traffic control to ensure fair usage of available bandwidth.
Is https capture supported?
***************************

30
docs/source/fas.rst
View File

@@ -3,7 +3,7 @@ Forwarding Authentication Service (FAS)
Overview
********
Nodogsplash (NDS) has the ability to forward requests to a third party authentication service (FAS). This is enabled via simple configuration options.
openNDS (NDS) has the ability to forward requests to a third party authentication service (FAS). This is enabled via simple configuration options.
These options are:
1. **fasport**. This enables Forwarding Authentication Service (FAS). Redirection is changed from splash.html to a FAS. The value is the IP port number of the FAS.
@@ -55,12 +55,12 @@ Security
The "php-cli" package and the "php-openssl" module must both be installed for fas_secure level 2.
Nodogsplash does not depend on this package and module, but will exit gracefully if this package and module are not installed when this level is set.
openNDS does not depend on this package and module, but will exit gracefully if this package and module are not installed when this level is set.
The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string. An example FAS level 2 php script (fas-aes.php) is preinstalled in the /etc/nodogsplash directory and also supplied in the source code.
The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string. An example FAS level 2 php script (fas-aes.php) is preinstalled in the /etc/opennds directory and also supplied in the source code.
**If set to "3"** The FAS is enforced by NDS to use **https** protocol.
Level 3 is the same as level 2 except the use of https protocol is enforced for FAS. In addition, the "authmon" daemon is loaded. This allows the external FAS, after client verification, to effectively traverse inbound firewalls and address translation to achieve NDS authentication without generating browser security warnings or errors. An example FAS level 3 php script (fas-aes-https.php) is preinstalled in the /etc/nodogsplash directory and also supplied in the source code.
Level 3 is the same as level 2 except the use of https protocol is enforced for FAS. In addition, the "authmon" daemon is loaded. This allows the external FAS, after client verification, to effectively traverse inbound firewalls and address translation to achieve NDS authentication without generating browser security warnings or errors. An example FAS level 3 php script (fas-aes-https.php) is preinstalled in the /etc/opennds directory and also supplied in the source code.
**Option faskey must be set** if fas secure is set to levels 2 and 3 but is optional for level 1.
@@ -79,7 +79,7 @@ Example FAS Query strings
**Level 0** (fas_secure_enabled = 0), NDS sends the token and other information to FAS as clear text.
`http://fasremoteip:fasport/faspath?authaction=http://gatewayaddress:gatewayport/nodogsplash_auth/?clientip=[clientip]&gatewayname=[gatewayname]&tok=[token]&redir=[requested_url]`
`http://fasremoteip:fasport/faspath?authaction=http://gatewayaddress:gatewayport/opennds_auth/?clientip=[clientip]&gatewayname=[gatewayname]&tok=[token]&redir=[requested_url]`
Although the simplest to set up, a knowledgeable user could bypass FAS, so running fas_secure_enabled at level 1 or 2 is recommended.
@@ -102,7 +102,7 @@ Example FAS Query strings
The client's unique access token will be obtained from NDS by the FAS making a call to the get_client_token library utility:
``/usr/lib/nodogsplash/./get_client_token $clientip``
``/usr/lib/opennds/./get_client_token $clientip``
A json parser could be used to extract all the client variables supplied by ndsctl, an example can be found in the default PreAuth Login script in /usr/lib/nogogsplash/login.sh.
@@ -202,7 +202,7 @@ If the user of an already authenticated client device manually accesses the NDS
FAS should then serve a suitable error page informing the client user that they are already logged in.
Running FAS on your Nodogsplash router
Running FAS on your openNDS router
**************************************
FAS has been tested using uhttpd, lighttpd, ngnix, apache and libmicrohttpd.
@@ -259,7 +259,7 @@ Example Script File fas-aes.php
Assuming you have installed your web server of choice, configured it for port 2080 and added PHP support using the package php7-cgi, you can do the following.
(Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
(Under other operating systems you may need to edit the opennds.conf file in /etc/opennds instead, but the process is very similar.)
* Install the packages php7-cli and php7-mod-openssl
@@ -267,9 +267,9 @@ Assuming you have installed your web server of choice, configured it for port 20
* Place the file fas-aes.php in /[server-web-root]/nds/
(You can find it in the /etc/nodogsplash directory.)
(You can find it in the /etc/opennds directory.)
* Edit the file /etc/config/nodogsplash
* Edit the file /etc/config/opennds
adding the lines:
@@ -281,14 +281,14 @@ Assuming you have installed your web server of choice, configured it for port 20
``option faskey '1234567890'``
* Restart NDS using the command ``service nodogsplash restart``
* Restart NDS using the command ``service opennds restart``
Example Script File fas-aes-https.php
=====================================
Assuming you have access to an Internet based https web server you can do the following.
(Under other operating systems you may need to edit the nodogsplash.conf file in /etc/nodogsplash instead, but the process is very similar.)
(Under other operating systems you may need to edit the opennds.conf file in /etc/opennds instead, but the process is very similar.)
* Install the packages php7-cli and php7-mod-openssl on your NDS router
@@ -296,9 +296,9 @@ Assuming you have access to an Internet based https web server you can do the fo
* Place the file fas-aes.php in /[server-web-root]/nds/
(You can find it in the /etc/nodogsplash directory.)
(You can find it in the /etc/opennds directory.)
* Edit the file /etc/config/nodogsplash
* Edit the file /etc/config/opennds
adding the lines:
@@ -314,7 +314,7 @@ Assuming you have access to an Internet based https web server you can do the fo
``option fasremotefqdn 'blue-wave.net'`` (change this to the actual FQDN of the remote server)
* Restart NDS using the command ``service nodogsplash restart``
* Restart NDS using the command ``service opennds restart``
Changing faskey

18
docs/source/howitworks.rst
View File

@@ -1,12 +1,12 @@
How NoDogSplash (NDS) works
How openNDS (NDS) works
###########################
NoDogSplash is a Captive Portal Engine. Any Captive Portal, including NDS, will have two main components:
openNDS is a Captive Portal Engine. Any Captive Portal, including NDS, will have two main components:
* Something that does the capturing, and
* Something to provide a Portal for client users to log in.
NoDogSplash MUST run on a device configured as an IPv4 router.
openNDS MUST run on a device configured as an IPv4 router.
A wireless router will typically be running OpenWrt or some other Linux distribution.
@@ -137,17 +137,17 @@ NDS detects which zone is being used by a client and a relevant login page can b
Packet filtering
****************
Nodogsplash considers four kinds of packets coming into the router over the managed interface. Each packet is one of these kinds:
openNDS considers four kinds of packets coming into the router over the managed interface. Each packet is one of these kinds:
1. **Blocked**, if the MAC mechanism is block, and the source MAC address of the packet matches one listed in the BlockedMACList; or if the MAC mechanism is allow, and source MAC address of the packet does not match one listed in the AllowedMACList or the TrustedMACList. These packets are dropped.
2. **Trusted**, if the source MAC address of the packet matches one listed in the TrustedMACList. By default, these packets are accepted and routed to all destination addresses and ports. If desired, this behavior can be customized by FirewallRuleSet trusted-users and FirewallRuleSet trusted-users-to-router lists in the nodogsplash.conf configuration file, or by the EmptyRuleSetPolicy trusted-users EmptyRuleSetPolicy trusted-users-to-router directives.
3. **Authenticated**, if the packet's IP and MAC source addresses have gone through the nodogsplash authentication process and has not yet expired. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet authenticated-users and FirewallRuleSet users-to-router in the nodogsplash.conf configuration file).
4. **Preauthenticated**. Any other packet. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet preauthenticated-users and FirewallRuleSet users-to-router in the nodogsplash.conf configuration file). Any other packet is dropped, except that a packet for destination port 80 at any address is redirected to port 2050 on the router, where nodogsplash's built in libhttpd-based web server is listening. This begins the 'authentication' process. The server will serve a splash page back to the source IP address of the packet. The user clicking the appropriate link on the splash page will complete the process, causing future packets from this IP/MAC address to be marked as Authenticated until the inactive or forced timeout is reached, and its packets revert to being Preauthenticated.
2. **Trusted**, if the source MAC address of the packet matches one listed in the TrustedMACList. By default, these packets are accepted and routed to all destination addresses and ports. If desired, this behavior can be customized by FirewallRuleSet trusted-users and FirewallRuleSet trusted-users-to-router lists in the opennds.conf configuration file, or by the EmptyRuleSetPolicy trusted-users EmptyRuleSetPolicy trusted-users-to-router directives.
3. **Authenticated**, if the packet's IP and MAC source addresses have gone through the openNDS authentication process and has not yet expired. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet authenticated-users and FirewallRuleSet users-to-router in the opennds.conf configuration file).
4. **Preauthenticated**. Any other packet. These packets are accepted and routed to a limited set of addresses and ports (see FirewallRuleSet preauthenticated-users and FirewallRuleSet users-to-router in the opennds.conf configuration file). Any other packet is dropped, except that a packet for destination port 80 at any address is redirected to port 2050 on the router, where openNDS's built in libhttpd-based web server is listening. This begins the 'authentication' process. The server will serve a splash page back to the source IP address of the packet. The user clicking the appropriate link on the splash page will complete the process, causing future packets from this IP/MAC address to be marked as Authenticated until the inactive or forced timeout is reached, and its packets revert to being Preauthenticated.
NoDogSplash implements these actions by inserting rules in the router's iptables mangle PREROUTING chain to mark packets, and by inserting rules in the nat PREROUTING, filter INPUT and filter FORWARD chains which match on those marks.
openNDS implements these actions by inserting rules in the router's iptables mangle PREROUTING chain to mark packets, and by inserting rules in the nat PREROUTING, filter INPUT and filter FORWARD chains which match on those marks.
Because it inserts its rules at the beginning of existing chains, NoDogSplash should be insensitive to most typical existing firewall configurations.
Because it inserts its rules at the beginning of existing chains, openNDS should be insensitive to most typical existing firewall configurations.
Traffic control
***************

11
docs/source/index.rst
View File

@@ -1,24 +1,23 @@
.. nodogsplash documentation master file, created by
.. openNDS documentation master file, created by
sphinx-quickstart on Thu Nov 10 13:53:25 2016.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to Nodogsplash's documentation!
Welcome to openNDS's documentation!
=======================================
Nodogspash is a high performance, small footprint Captive Portal,
openNDS is a high performance, small footprint Captive Portal,
offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
It was derived originally from the codebase of the Wifi Guard Dog project.
Nodogsplash is released under the GNU General Public License.
openNDS is released under the GNU General Public License.
* Mailing List: http://ml.ninux.org/mailman/listinfo/nodogsplash
* Original Homepage *down*: http://kokoro.ucsd.edu/nodogsplash
* Wifidog: http://dev.wifidog.org/
* GNU GPL: http://www.gnu.org/copyleft/gpl.html
The following describes what Nodogsplash does, how to get it and run it, and
The following describes what openNDS does, how to get it and run it, and
how to customize its behavior for your application.
Contents:

38
docs/source/install.rst
View File

@@ -1,53 +1,53 @@
Installing Nodogsplash
Installing openNDS
######################
OpenWrt
*******
* Have a router working with OpenWrt. At the time of writing, Nodogsplash has been tested with OpenWrt 18.06.x, 19.7.x and Snapshot.
* Have a router working with OpenWrt. At the time of writing, openNDS has been tested with OpenWrt 18.06.x, 19.7.x and Snapshot.
* It may or may not work on older versions of OpenWrt or on other kinds of Linux-based router firmware.
* Make sure your router is basically working before you try to install Nodogsplash. In particular, make sure your DHCP daemon is serving addresses on the interface that nodogsplash will manage.
* Make sure your router is basically working before you try to install openNDS. In particular, make sure your DHCP daemon is serving addresses on the interface that openNDS will manage.
The default is br-lan but can be changed to any interface by editing the /etc/config/nodogsplash file.
The default is br-lan but can be changed to any interface by editing the /etc/config/opennds file.
* To install Nodogsplash, you may use the OpenWrt Luci web interface or alternatively, ssh to your router and run the command:
* To install openNDS, you may use the OpenWrt Luci web interface or alternatively, ssh to your router and run the command:
``opkg update``
followed by
``opkg install nodogsplash``
``opkg install opennds``
* Nodogsplash is enabled by default and will start automatically on reboot or can be started and stopped manually.
* openNDS is enabled by default and will start automatically on reboot or can be started and stopped manually.
* If the interface that you want Nodogsplash to manage is not br-lan,
edit /etc/config/nodogsplash and set GatewayInterface.
* If the interface that you want openNDS to manage is not br-lan,
edit /etc/config/opennds and set GatewayInterface.
* To start Nodogsplash, run the following, or just reboot the router:
* To start openNDS, run the following, or just reboot the router:
``service nodogsplash start``
``service opennds start``
* To test the installation, connect a client device to the interface on your router that is managed by Nodogsplash (for example, connect to the router's wireless lan).
* To test the installation, connect a client device to the interface on your router that is managed by openNDS (for example, connect to the router's wireless lan).
Most client device operating systems and browsers support Captive Portal Detection (CPD) and the operating system or browser on that device will attempt to contact a pre defined port 80 web page.
CPD will trigger Nodogsplash to serve the default splash page where you can click or tap Continue to access the Internet.
CPD will trigger openNDS to serve the default splash page where you can click or tap Continue to access the Internet.
See the Authentication section for details of setting up a proper authentication process.
If your client device does not display the splash page it most likely does not support CPD.
You should then manually trigger Nodogsplash by trying to access a port 80 web site (for example, google.com:80 is a good choice).
You should then manually trigger openNDS by trying to access a port 80 web site (for example, google.com:80 is a good choice).
* To stop Nodogsplash:
* To stop openNDS:
``service nodogsplash stop``
``service opennds stop``
* To uninstall Nodogsplash:
* To uninstall openNDS:
``opkg remove nodogsplash``
``opkg remove opennds``
Debian
******
@@ -60,4 +60,4 @@ Requirements beside Debian tools are:
But you can also compile libmicrohttpd your self if you're still running jessie or older.
To compile NoDogSplash and create the Debian package, see the chapter "How to Compile Nodogsplash".
To compile openNDS and create the Debian package, see the chapter "How to Compile openNDS".

2
docs/source/libraries.rst
View File

@@ -8,7 +8,7 @@ A number of library utilities are included. These may be used by NDS itself, FAS
By default, library utilities will be installed in the folder
``/usr/lib/nodogsplash/``
``/usr/lib/opennds/``
List of Library Utilities
*************************

6
docs/source/ndsctl.rst
View File

@@ -1,9 +1,9 @@
Using ndsctl
############
A nodogsplash install includes ndsctl, a separate application which provides some control over a running nodogsplash process by communicating with it over a unix socket. Some command line options:
A openNDS install includes ndsctl, a separate application which provides some control over a running openNDS process by communicating with it over a unix socket. Some command line options:
* To print to stdout some information about your nodogsplash process:
* To print to stdout some information about your openNDS process:
``/usr/bin/ndsctl status``
@@ -52,5 +52,5 @@ A nodogsplash install includes ndsctl, a separate application which provides som
All other levels are undefined and will result in debug level 3 being set.
For more options, run ndsctl -h. (Note that if you want the effect of ndsctl commands to to persist across nodogsplash restarts, you have to edit the configuration file.)
For more options, run ndsctl -h. (Note that if you want the effect of ndsctl commands to to persist across openNDS restarts, you have to edit the configuration file.)

4
docs/source/overview.rst
View File

@@ -1,7 +1,7 @@
Overview
########
**NoDogSplash** (NDS) is a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
**openNDS** (NDS) is a high performance, small footprint Captive Portal, offering by default a simple splash page restricted Internet connection, yet incorporates an API that allows the creation of sophisticated authentication applications.
Captive Portal Detection (CPD)
******************************
@@ -22,4 +22,4 @@ Write Your Own Captive Portal.
* **Forward Authentication Service (FAS)**. FAS provides pre-authentication user validation in the form of a set of dynamic web pages, typically served by a web service independent of NDS, located remotely on the Internet, on the local area network or on the NDS router.
* **PreAuth**. A special case of FAS that runs locally on the NDS router with dynamic html served by NDS itself. This requires none of the overheads of a full FAS implementation and is ideal for NDS routers with limited RAM and Flash memory.
* **BinAuth**. A method of running a post authentication script or extension program.
* **BinAuth**. A method of running a post authentication script or extension program.

42
docs/source/preauth.rst
View File

@@ -22,7 +22,7 @@ The PreAuth script or program will parse the url encoded command line (query str
Selecting Pre-Installed Username / Email Login Script (v4.3.0 onwards)
**********************************************************************
The default preauth login script is installed as part of the NoDogSplash package providing username/emailaddress login as an alternative to the basic splash page.
The default preauth login script is installed as part of the openNDS package providing username/emailaddress login as an alternative to the basic splash page.
It is enabled by setting in config:
@@ -38,9 +38,9 @@ From version 4.0.2 onwards, PreAuth is enabled with a single configuration optio
This option overrides any other FAS configuration and takes the form of the path to the PreAuth script.
The path to the preinstalled login script is included in option preauth in the default config files, for example in OpenWrt:
`#option preauth '/usr/lib/nodogsplash/login.sh'`
`#option preauth '/usr/lib/opennds/login.sh'`
The "#" symbol means the line is commented. To activate, remove the "#". save and restart Nodogsplash.
The "#" symbol means the line is commented. To activate, remove the "#". save and restart opennds.
Using PreAuth version 3.3.1 to version 4.0.1
********************************************
@@ -51,7 +51,7 @@ In addition a single PreAuth configuration option is required to inform NDS of t
In summary, the following configuration options should be set:
1. **fasport**. This enables FAS and *must* be set to the same value as the gateway port.
2. **faspath**. This *must* be set to the PreAuth virtual url, "/nodogsplash_preauth/" by default.
2. **faspath**. This *must* be set to the PreAuth virtual url, "/opennds_preauth/" by default.
3. **preauth**. This the path to the PreAuth script.
The remaining FAS configuration options must be left unset at the default values.
@@ -67,35 +67,35 @@ ie:
Enabling the Preinstalled Login Script (v3.3.1 to 4.0.1)
********************************************************
On Openwrt, edit (to uncomment) following lines in the /etc/config/nodogsplash file:
On Openwrt, edit (to uncomment) following lines in the /etc/config/opennds file:
`#option fasport '2050'`
`#option faspath '/nodogsplash_preauth/'`
`#option faspath '/opennds_preauth/'`
`#option preauth '/usr/lib/nodogsplash/login.sh'`
`#option preauth '/usr/lib/opennds/login.sh'`
To read:
`option fasport '2050'`
`option faspath '/nodogsplash_preauth/'`
`option faspath '/opennds_preauth/'`
`option preauth '/usr/lib/nodogsplash/login.sh'`
`option preauth '/usr/lib/opennds/login.sh'`
Enabling the Preinstalled Login Script (v4.0.2 onwards)
********************************************************
On Openwrt, edit (to uncomment) following line in the /etc/config/nodogsplash file:
On Openwrt, edit (to uncomment) following line in the /etc/config/opennds file:
`#option preauth '/usr/lib/nodogsplash/login.sh'`
`#option preauth '/usr/lib/opennds/login.sh'`
To read:
`option preauth '/usr/lib/nodogsplash/login.sh'`
`option preauth '/usr/lib/opennds/login.sh'`
For other operating systems edit the equivalent lines in the /etc/nodogsplash/nodogsplash.conf file
For other operating systems edit the equivalent lines in the /etc/opennds/opennds.conf file
After making the change, save the file and restart the router.
@@ -118,7 +118,7 @@ PreAuth with Remote Images
An additional example PreAuth script, demo-preauth-remote-image.sh, is available in the source code:
`https://github.com/nodogsplash/nodogsplash/archive/master.zip`
`https://github.com/opennds/opennds/archive/master.zip`
and extracting from the folder:
@@ -126,7 +126,7 @@ and extracting from the folder:
This is an enhancement of the preinstalled login.sh, giving an example of how to display images pulled in from remote web servers, both http and https.
The example displays the NodogSplash avatar image dynamically retreived from Github.
The example displays the opennds avatar image dynamically retreived from Github.
Writing A Preauth Script
@@ -136,9 +136,9 @@ A Preauth script can be written as a shell script or any other language that the
NDS calls the preauth script with a command line equivalent to an html query string but with ", " (comma space) in place of "&" (ampersand).
Full details are included in the example script demo-preauth.sh available by downloading the Nodogsplash zip file from
Full details are included in the example script demo-preauth.sh available by downloading the opennds zip file from
`https://github.com/nodogsplash/nodogsplash/`
`https://github.com/opennds/opennds/`
and extracting from the folder
@@ -163,7 +163,7 @@ To return to the script and show additional pages, the form action must be set t
.. code-block:: sh
<form action=\"/nodogsplash_preauth/\" method=\"get\">
<form action=\"/opennds_preauth/\" method=\"get\">
Note: In a shell script, quotes ( " ) must be escaped with the
@@ -187,7 +187,7 @@ When the logic of this script decides we should allow the client to access the I
.. code-block:: sh
"<form action=\"/nodogsplash_auth/\" method=\"get\">"
"<form action=\"/opennds_auth/\" method=\"get\">"
We must also send NDS the client token as a hidden variable, but first we must obtain the token from ndsctl using a suitable command such as:
@@ -226,7 +226,7 @@ A modified version of the Username/Email-address login script is available that
This additional example PreAuth script, demo-preauth-remote-image.sh, is available in the source code:
`https://github.com/nodogsplash/nodogsplash/archive/master.zip`
`https://github.com/opennds/opennds/archive/master.zip`
and extracting from the folder:
@@ -234,5 +234,5 @@ and extracting from the folder:
This is an enhancement of the preinstalled login.sh, giving an example of how to display images pulled in from remote web servers, both http and https.
The example displays the NodogSplash avatar image dynamically retrieved from Github.
The example displays the openNDS avatar image dynamically retrieved from Github.

2
docs/source/splash.rst
View File

@@ -1,7 +1,7 @@
The Splash Page
###############
As you will see mentioned in the "How Nodogsplash (NDS) Works" section, an initial port 80 request is generated on a client device, either by the user manually browsing to an http web page, or, more usually, automatically by the client device's built in Captive Portal Detection (CPD).
As you will see mentioned in the "How openNDS (NDS) Works" section, an initial port 80 request is generated on a client device, either by the user manually browsing to an http web page, or, more usually, automatically by the client device's built in Captive Portal Detection (CPD).
This request is intercepted by NDS and an html Splash Page is served to the user of the client device to enable them to authenticate and obtain Internet access.

2
docs/source/traffic.rst
View File

@@ -4,7 +4,7 @@ Traffic Control
Overview
********
Nodogsplash (NDS) supports Traffic Control (Bandwidth Limiting) using the SQM - Smart Queue Management (sqm-scripts) package, available for OpenWrt and generic Linux.
openNDS (NDS) supports Traffic Control (Bandwidth Limiting) using the SQM - Smart Queue Management (sqm-scripts) package, available for OpenWrt and generic Linux.
https://github.com/tohojo/sqm-scripts

6
forward_authentication_service/FAS-Docs/readme
View File

@@ -1,6 +0,0 @@
Forwarding Authentication Service (FAS)
#######################################
Full documentation can be found here:
https://nodogsplashdocs.readthedocs.io/en/stable/fas.html

22
forward_authentication_service/PreAuth/demo-preauth-remote-image.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
#
@@ -60,11 +60,11 @@ logname="ndslog.log"
# functions:
get_image_file() {
imagepath="/etc/nodogsplash/htdocs/images/remote"
imagepath="/etc/opennds/htdocs/images/remote"
mkdir "/tmp/remote"
if [ ! -d "$imagepath" ]; then
ln -s /tmp/remote /etc/nodogsplash/htdocs/images/remote
ln -s /tmp/remote /etc/opennds/htdocs/images/remote
fi
md5=$(echo -e "$imageurl" | md5sum);
@@ -101,7 +101,7 @@ get_client_zone () {
# This zone name is only displayed here but could be used to customise the login form for each zone
client_mac=$(ip -4 neigh |grep "$clientip" | awk '{print $5}')
client_if_string=$(/usr/lib/nodogsplash/get_client_interface.sh $client_mac)
client_if_string=$(/usr/lib/opennds/get_client_interface.sh $client_mac)
client_if=$(echo "$client_if_string" | awk '{printf $1}')
client_meshnode=$(echo "$client_if_string" | awk '{printf $2}' | awk -F ':' '{print $1$2$3$4$5$6}')
local_mesh_if=$(echo "$client_if_string" | awk '{printf $3}')
@@ -128,7 +128,7 @@ write_log () {
echo "$datetime, New log file created" > $logfile
fi
ndspid=$(ps | grep nodogsplash | awk -F ' ' 'NR==2 {print $1}')
ndspid=$(ps | grep opennds | awk -F ' ' 'NR==2 {print $1}')
filesize=$(ls -s -1 $logfile | awk -F' ' '{print $1}')
available=$(df | grep "$mountpoint" | eval "$awkcmd")
sizeratio=$(($available/$filesize))
@@ -138,7 +138,7 @@ write_log () {
clientinfo="macaddress=$clientmac, clientzone=$client_zone, useragent=$user_agent"
echo "$datetime, $userinfo, $clientinfo" >> $logfile
else
echo "PreAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "nodogsplash[$ndspid]: "
echo "PreAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "opennds[$ndspid]: "
fi
}
@@ -162,7 +162,7 @@ user_agent=$(printf "${user_agent_enc//%/\\x}")
# If we want to show a sequence of forms or information pages we can do this easily.
#
# To return to this script and show additional pages, the form action must be set to:
# <form action=\"/nodogsplash_preauth/\" method=\"get\">
# <form action=\"/opennds_preauth/\" method=\"get\">
# Note: quotes ( " ) must be escaped with the "\" character.
#
# Any variables we need to preserve and pass back to ourselves or NDS must be added
@@ -173,7 +173,7 @@ user_agent=$(printf "${user_agent_enc//%/\\x}")
#
# When the logic of this script decides we should allow the client to access the Internet
# we inform NDS with a final page displaying a continue button with the form action set to:
# "<form action=\"/nodogsplash_auth/\" method=\"get\">"
# "<form action=\"/opennds_auth/\" method=\"get\">"
#
# We must also send NDS the client token as a hidden variable, but first we must obtain
# the token from ndsctl using a suitable command such as:
@@ -293,7 +293,7 @@ footer="
<copy-right>
<br><br>
Nodogsplash $version.
openNDS $version.
</copy-right>
</div>
</div>
@@ -303,7 +303,7 @@ footer="
# Define a login form
login_form="
<form action=\"/nodogsplash_preauth/\" method=\"get\">
<form action=\"/opennds_preauth/\" method=\"get\">
<input type=\"hidden\" name=\"clientip\" value=\"$clientip\">
<input type=\"hidden\" name=\"gatewayname\" value=\"$gatewaynamehtml\">
<input type=\"hidden\" name=\"hid\" value=\"$hid\">
@@ -384,7 +384,7 @@ else
# as this router has Internet access whilst the client device does not (yet).
echo "<br><italic-black> Your News or Advertising could be here, contact the owners of this Hotspot to find out how!</italic-black>"
echo "<form action=\"/nodogsplash_auth/\" method=\"get\">"
echo "<form action=\"/opennds_auth/\" method=\"get\">"
echo "<input type=\"hidden\" name=\"tok\" value=\"$tok\">"
echo "<input type=\"hidden\" name=\"redir\" value=\"$requested\"><br>"
echo "<input type=\"submit\" value=\"Continue\" >"

18
forward_authentication_service/PreAuth/demo-preauth.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
#
@@ -65,7 +65,7 @@ get_client_zone () {
# This zone name is only displayed here but could be used to customise the login form for each zone
client_mac=$(ip -4 neigh |grep "$clientip" | awk '{print $5}')
client_if_string=$(/usr/lib/nodogsplash/get_client_interface.sh $client_mac)
client_if_string=$(/usr/lib/opennds/get_client_interface.sh $client_mac)
client_if=$(echo "$client_if_string" | awk '{printf $1}')
client_meshnode=$(echo "$client_if_string" | awk '{printf $2}' | awk -F ':' '{print $1$2$3$4$5$6}')
local_mesh_if=$(echo "$client_if_string" | awk '{printf $3}')
@@ -92,7 +92,7 @@ write_log () {
echo "$datetime, New log file created" > $logfile
fi
ndspid=$(ps | grep nodogsplash | awk -F ' ' 'NR==2 {print $1}')
ndspid=$(ps | grep opennds | awk -F ' ' 'NR==2 {print $1}')
filesize=$(ls -s -1 $logfile | awk -F' ' '{print $1}')
available=$(df | grep "$mountpoint" | eval "$awkcmd")
sizeratio=$(($available/$filesize))
@@ -102,7 +102,7 @@ write_log () {
clientinfo="macaddress=$clientmac, clientzone=$client_zone, useragent=$user_agent"
echo "$datetime, $userinfo, $clientinfo" >> $logfile
else
echo "PreAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "nodogsplash[$ndspid]: "
echo "PreAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "opennds[$ndspid]: "
fi
}
@@ -126,7 +126,7 @@ user_agent=$(printf "${user_agent_enc//%/\\x}")
# If we want to show a sequence of forms or information pages we can do this easily.
#
# To return to this script and show additional pages, the form action must be set to:
# <form action=\"/nodogsplash_preauth/\" method=\"get\">
# <form action=\"/opennds_preauth/\" method=\"get\">
# Note: quotes ( " ) must be escaped with the "\" character.
#
# Any variables we need to preserve and pass back to ourselves or NDS must be added
@@ -137,7 +137,7 @@ user_agent=$(printf "${user_agent_enc//%/\\x}")
#
# When the logic of this script decides we should allow the client to access the Internet
# we inform NDS with a final page displaying a continue button with the form action set to:
# "<form action=\"/nodogsplash_auth/\" method=\"get\">"
# "<form action=\"/opennds_auth/\" method=\"get\">"
#
# We must also send NDS the client token as a hidden variable, but first we must obtain
# the token from ndsctl using a suitable command such as:
@@ -246,7 +246,7 @@ footer="
<copy-right>
<br><br>
Nodogsplash $version.
openNDS $version.
</copy-right>
</div>
</div>
@@ -256,7 +256,7 @@ footer="
# Define a login form
login_form="
<form action=\"/nodogsplash_preauth/\" method=\"get\">
<form action=\"/opennds_preauth/\" method=\"get\">
<input type=\"hidden\" name=\"clientip\" value=\"$clientip\">
<input type=\"hidden\" name=\"gatewayname\" value=\"$gatewaynamehtml\">
<input type=\"hidden\" name=\"hid\" value=\"$hid\">
@@ -337,7 +337,7 @@ else
# as this router has Internet access whilst the client device does not (yet).
echo "<br><italic-black> Your News or Advertising could be here, contact the owners of this Hotspot to find out how!</italic-black>"
echo "<form action=\"/nodogsplash_auth/\" method=\"get\">"
echo "<form action=\"/opennds_auth/\" method=\"get\">"
echo "<input type=\"hidden\" name=\"tok\" value=\"$tok\">"
echo "<input type=\"hidden\" name=\"redir\" value=\"$requested\"><br>"
echo "<input type=\"submit\" value=\"Continue\" >"

6
forward_authentication_service/binauth/binauth_log.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
@@ -67,7 +67,7 @@ write_log () {
echo "$datetime, New log file created" > $logfile
fi
ndspid=$(ps | grep nodogsplash | awk -F ' ' 'NR==2 {print $1}')
ndspid=$(ps | grep opennds | awk -F ' ' 'NR==2 {print $1}')
filesize=$(ls -s -1 $logfile | awk -F' ' '{print $1}')
available=$(df | grep "$mountpoint" | eval "$awkcmd")
sizeratio=$(($available/$filesize))
@@ -75,7 +75,7 @@ write_log () {
if [ $sizeratio -ge $min_freespace_to_log_ratio ]; then
echo "$datetime, $log_entry" >> $logfile
else
echo "BinAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "nodogsplash[$ndspid]: "
echo "BinAuth - log file too big, please archive contents" | logger -p "daemon.err" -s -t "opennds[$ndspid]: "
fi
}

4
forward_authentication_service/binauth/binauth_sitewide.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
@@ -54,7 +54,7 @@ case "$METHOD" in
# timeout_deauth: Client was deauthenticated because the session timed out.
# ndsctl_auth: Client was authenticated by the ndsctl tool.
# ndsctl_deauth: Client was deauthenticated by the ndsctl tool.
# shutdown_deauth: Client was deauthenticated by Nodogsplash terminating.
# shutdown_deauth: Client was deauthenticated by openNDS terminating.
;;
esac

4
forward_authentication_service/binauth/splash_sitewide.html
View File

@@ -14,7 +14,7 @@
<!--
Content:
Nodogsplash (NDS), by default, serves this splash page (splash.html)
openNDS (NDS), by default, serves this splash page (splash.html)
when a client device Captive Portal Detection (CPD) process
attempts to send a port 80 request to the Internet.
@@ -86,7 +86,7 @@ or appended to the query string of the authtarget link:
</form>
<hr>
<copy-right>Copyright &copy; The Nodogsplash Contributors 2004-2019.<br>This software is released under the GNU GPL license.</copy-right>
<copy-right>Copyright &copy; The openNDS Contributors 2004-2019.<br>This software is released under the GNU GPL license.</copy-right>
</div></div>
</body>

10
forward_authentication_service/fas-aes/fas-aes-https.php
View File

@@ -1,7 +1,7 @@
<?php
/* (c) Blue Wave Projects and Services 2015-2020. This software is released under the GNU GPL license.
This is a FAS script providing an example of remote Forward Authentication for Nodogsplash (NDS) on an http web server supporting PHP.
This is a FAS script providing an example of remote Forward Authentication for openNDS (NDS) on an http web server supporting PHP.
The following NDS configurations must be set:
1. fasport: Set to the port number the remote webserver is using (typically port 80)
@@ -29,7 +29,7 @@
The "php-cli" package and the "php-openssl" module must both be installed for fas_secure level 2.
Nodogsplash does not have "php-cli" and "php-openssl" as dependencies, but will exit gracefully at runtime if this package and module
openNDS does not have "php-cli" and "php-openssl" as dependencies, but will exit gracefully at runtime if this package and module
are not installed when fas_secure_enabled is set to level 3.
The FAS must use the initialisation vector passed with the query string and the pre shared faskey to decrypt the required information.
@@ -160,7 +160,7 @@ if (isset($_GET['fas']) and isset($_GET['iv'])) {
}
if (!isset($gatewayname)) {
$gatewayname="NoDogSplash";
$gatewayname="openNDS";
}
$landing=false;
@@ -313,7 +313,7 @@ if ($fullname == "" or $email == "") {
$logpath="";
if (file_exists("/etc/nodogsplash")) {
if (file_exists("/etc/opennds")) {
$logpath="/tmp/";
}
@@ -374,7 +374,7 @@ function display_footer() {
echo "<hr>
<div style=\"font-size:0.5em;\">
<img style=\"float:left; width:7em; height:7em;\" src=\"".$imagepath."\">
&copy; The Nodogsplash Contributors 2004-".date("Y")."<br>
&copy; The openNDS Contributors 2004-".date("Y")."<br>
&copy; Blue Wave Projects and Services 2015-".date("Y")."<br>
This software is released under the GNU GPL license.<br><br><br><br><br>
</div>

12
forward_authentication_service/fas-aes/fas-aes.php
View File

@@ -1,7 +1,7 @@
<?php
/* (c) Blue Wave Projects and Services 2015-2019. This software is released under the GNU GPL license.
This is a FAS script providing an example of remote Forward Authentication for Nodogsplash (NDS) on an http web server supporting PHP.
This is a FAS script providing an example of remote Forward Authentication for openNDS (NDS) on an http web server supporting PHP.
The following NDS configurations must be set:
1. fasport: Set to the port number the remote webserver is using (typically port 80)
@@ -29,7 +29,7 @@
The "php-cli" package and the "php-openssl" module must both be installed for fas_secure level 2.
Nodogsplash does not have "php-cli" and "php-openssl" as dependencies, but will exit gracefully at runtime if this package and module
openNDS does not have "php-cli" and "php-openssl" as dependencies, but will exit gracefully at runtime if this package and module
are not installed when fas_secure_enabled is set to level 2.
The FAS must use the initialisation vector passed with the query string and the pre shared faskey to decrypt the required information.
@@ -40,7 +40,7 @@
in the same folder as this script.
This script requests the client CPD to display the NDS splash.jpg image directly from the
/etc/nodogsplash/htdocs/images folder of the NDS device.
/etc/opennds/htdocs/images folder of the NDS device.
This script displays an example Terms of Service. You should modify this for your local legal juristiction.
@@ -109,7 +109,7 @@ if (isset($_GET['fas']) and isset($_GET['iv'])) {
}
if (!isset($gatewayname)) {
$gatewayname="NoDogSplash";
$gatewayname="openNDS";
}
$landing=false;
@@ -167,7 +167,7 @@ if (isset($gatewayaddress)) {
$footer="<hr>
<div style=\"font-size:0.5em;\">
$image
&copy; The Nodogsplash Contributors 2004-".date("Y")."<br>
&copy; The openNDS Contributors 2004-".date("Y")."<br>
&copy; Blue Wave Projects and Services 2015-".date("Y")."<br>
This software is released under the GNU GPL license.<br><br><br><br><br>
</div>
@@ -257,7 +257,7 @@ if ($fullname == "" or $email == "") {
$logpath="";
if (file_exists("/etc/nodogsplash")) {
if (file_exists("/etc/opennds")) {
$logpath="/tmp/";
}

12
forward_authentication_service/fas-hid/fas-hid.php
View File

@@ -1,7 +1,7 @@
<?php
/* (c) Blue Wave Projects and Services 2015-2020. This software is released under the GNU GPL license.
This is a FAS script providing an example of remote Forward Authentication for Nodogsplash (NDS) on an http web server supporting PHP.
This is a FAS script providing an example of remote Forward Authentication for openNDS (NDS) on an http web server supporting PHP.
The following NDS configurations must be set:
1. fasport: Set to the port number the remote webserver is using (typically port 80)
@@ -30,7 +30,7 @@
in /tmp or the same folder as this script.
This script requests the client CPD to display the NDS splash.jpg image directly from the
/etc/nodogsplash/htdocs/images folder of the NDS device.
/etc/opennds/htdocs/images folder of the NDS device.
This script displays an example Terms of Service. You should modify this for your local legal juristiction.
@@ -40,7 +40,7 @@
*/
$key="1234567890";
$authdir="nodogsplash_auth";
$authdir="opennds_auth";
date_default_timezone_set("UTC");
@@ -80,7 +80,7 @@ if (isset($_GET["status"])) {
}
if (!isset($gatewayname)) {
$gatewayname="NoDogSplash";
$gatewayname="openNDS";
}
$landing=false;
@@ -205,7 +205,7 @@ if ($fullname == "" or $email == "") {
$logpath="";
if (file_exists("/etc/nodogsplash")) {
if (file_exists("/etc/opennds")) {
$logpath="/tmp/";
}
@@ -230,7 +230,7 @@ footer();
function footer() {
echo "<hr>\n</div>\n";
echo "<div style=\"font-size:0.7em;\">\n";
echo "&copy; The Nodogsplash Contributors 2004-".date("Y")."<br>";
echo "&copy; The openNDS Contributors 2004-".date("Y")."<br>";
echo "&copy; Blue Wave Projects and Services 2015-".date("Y")."<br>".
"This software is released under the GNU GPL license.\n";
echo "</div>\n";

4
forward_authentication_service/libs/authmon.sh
View File

@@ -4,7 +4,7 @@ url=$1
gatewayhash=$2
phpcli=$3
loopinterval=5
postrequest="/usr/lib/nodogsplash/post-request.php"
postrequest="/usr/lib/opennds/post-request.php"
#action can be "list" (list and delete from FAS auth log) or "view" (view and leave in FAS auth log)
#
@@ -14,7 +14,7 @@ postrequest="/usr/lib/nodogsplash/post-request.php"
action="list"
version=$(ndsctl status 2>/dev/null | grep Version | awk '{printf $2}')
user_agent="NoDogSplash(authmon;NDS:$version;)"
user_agent="openNDS(authmon;NDS:$version;)"
while true; do
authlist=$($phpcli -f "$postrequest" "$url" "$action" "$gatewayhash" "$user_agent")

2
forward_authentication_service/libs/get_client_interface.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
#

2
forward_authentication_service/libs/get_client_token.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
#

2
forward_authentication_service/libs/unescape.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
#Copyright (C) The Nodogsplash Contributors 2004-2020
#Copyright (C) The openNDS Contributors 2004-2020
#Copyright (C) BlueWave Projects and Services 2015-2020
#This software is released under the GNU GPL license.
#

2
forward_authentication_service/readme
View File

@@ -3,5 +3,5 @@ Forwarding Authentication Service (FAS)
Author: Rob White @bluewavenet - BlueWave Projects and Services
Copyright (C) 2015-2020 BlueWave Projects and Services. This software is released under the GNU GPL license.
Nodogsplash (NDS) supports external (to NDS) authentication with with simple config options.
openNDS (NDS) supports external (to NDS) authentication with with simple config options.
In addition, Binauth can be configured to be operational at the same time as FAS to provide post authentication processing.

10
notes/release_todos
View File

@@ -8,14 +8,14 @@ When ready to do a release, do the following:
6. openwrt/Makefile - update copyright notice eg current year, version and release numbers, files to copy etc as applicable
7. /Makefile - update copyright notice eg current year, version and release numbers, files to copy etc as applicable
8. resources/splash.html and resources/status.html - update copyright dates as required eg current year
9. "cd docs" then "make man". Copy resulting docs/build/man/nodogsplash.1 to overwrite old debian/doc/nodogsplash.1
9. "cd docs" then "make man". Copy resulting docs/build/man/opennds.1 to overwrite old debian/doc/opennds.1
10. remove /docs/build directory created in step 9
11. Commit and Push to origin
12. Github - Create Pull Request and Merge to master
13. Github proceed to "Draft New Release"
14. Github tag release as eg. v3.3.0 (remembering the leading "v"")
(or use git tag -a v3.3.0 -m "nodogsplash release 3.3.0 " and git push --tags.)
14. Github tag release as eg. v5.0.0 (remembering the leading "v"")
(or use git tag -a v5.0.0 -m "opennds release 3.3.0 " and git push --tags.)
15. In your local repository, make a new branch called "stable"
16. Push branch "stable" to origin, overwriting the existing "stable".
Note:Branch stable is the source for the readthedocs stable documentation at https://nodogsplashdocs.readthedocs.io/en/stable/
17. In Master, set version to -beta eg 3.1.1-beta in conf.h, conf.py, openwrt/Makefile
Note:Branch stable is the source for the readthedocs stable documentation at https://openndsdocs.readthedocs.io/en/stable/
17. In Master, set version to -beta eg 5.0.1-beta in conf.h, conf.py, openwrt/Makefile

22
openwrt/README.md
View File

@@ -1,4 +1,4 @@
To include NoDogSplash into your OpenWRT image or to create an .ipk
To include openNDS into your OpenWRT image or to create an .ipk
package (similar to Debians .deb files), you have to build an OpenWRT image.
To build the firmware you need a Unix console to enter commands into.
@@ -14,11 +14,11 @@ cd openwrt
./scripts/feeds update -a
./scripts/feeds install -a
./scripts/feeds uninstall nodogsplash
./scripts/feeds uninstall opennds
git clone git://github.com/nodogsplash/nodogsplash.git
cp -rf nodogsplash/openwrt/nodogsplash package/
rm -rf nodogsplash/
git clone git://github.com/opennds/opennds.git
cp -rf opennds/openwrt/opennds package/
rm -rf opennds/
make defconfig
make menuconfig
@@ -26,7 +26,7 @@ make menuconfig
At this point select the appropriate "Target System" and "Target Profile"
depending on what target chipset/router you want to build for.
Now select the NoDogSplash package in "Network ---> Captive Portals".
Now select the openNDS package in "Network ---> Captive Portals".
Now compile/build everything:
@@ -35,7 +35,7 @@ make
```
The images and all ipk packages are now inside the bin/ folder.
You can install the NoDogSplash .ipk using `opkg install <ipkg-file>` on the router or just use the whole image.
You can install the openNDS .ipk using `opkg install <ipkg-file>` on the router or just use the whole image.
For details please check the OpenWRT documentation.
@@ -47,16 +47,16 @@ You might want to use your own source location and not the remote respository.
To do this you need to checkout the repository yourself and commit your changes locally:
```
git clone git://github.com/nodogsplash/nodogsplash.git
cd nodogsplash
git clone git://github.com/opennds/opennds.git
cd opennds
... apply your changes
git commit -am "my change"
```
Now create a symbolic link in the NoDogSplash package folder using the abolute path:
Now create a symbolic link in the openNDS package folder using the abolute path:
```
ln -s /my/own/project/folder/nodogsplash/.git openwrt/package/nodogsplash/git-src
ln -s /my/own/project/folder/opennds/.git openwrt/package/opennds/git-src
```
Also make sure to enable

82
openwrt/nodogsplash/Makefile
View File

@@ -1,82 +0,0 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=nodogsplash
PKG_FIXUP:=autoreconf
PKG_VERSION:=4.5.1beta
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://codeload.github.com/nodogsplash/nodogsplash/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=nodogsplash-$(PKG_VERSION).tar.gz
PKG_HASH:= #shasum -a 256 of tar.gz of source files goes here
PKG_BUILD_DIR:=$(BUILD_DIR)/nodogsplash-$(PKG_VERSION)
PKG_MAINTAINER:=Moritz Warning <moritzwarning@web.de>
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
include $(INCLUDE_DIR)/package.mk
define Package/nodogsplash
SUBMENU:=Captive Portals
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libpthread +iptables-mod-ipopt +libmicrohttpd-no-ssl
TITLE:=Open public network gateway daemon
URL:=https://github.com/nodogsplash/nodogsplash
CONFLICTS:=nodogsplash2
endef
define Package/nodogsplash/description
Nodogsplash is a Captive Portal that offers a simple way to
provide restricted access to the Internet by showing a splash
page to the user before Internet access is granted.
It also incorporates an API that allows the creation of
sophisticated authentication applications.
endef
define Package/nodogsplash/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nodogsplash $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/nodogsplash/htdocs/images
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/usr/lib/nodogsplash
$(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/status.html $(1)/etc/nodogsplash/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/nodogsplash/htdocs/images/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/config/nodogsplash $(1)/etc/config/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/init.d/nodogsplash $(1)/etc/init.d/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/etc/uci-defaults/40_nodogsplash $(1)/etc/uci-defaults/
$(CP) $(PKG_BUILD_DIR)/openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/PreAuth/demo-preauth.sh $(1)/usr/lib/nodogsplash/login.sh
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_interface.sh $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_token.sh $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/unescape.sh $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/authmon.sh $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/post-request.php $(1)/usr/lib/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/nodogsplash/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes-https.php $(1)/etc/nodogsplash/
endef
define Package/nodogsplash/postrm
#!/bin/sh
uci delete firewall.nodogsplash
uci commit firewall
endef
define Package/nodogsplash/conffiles
/etc/config/nodogsplash
endef
$(eval $(call BuildPackage,nodogsplash))

9
openwrt/nodogsplash/files/etc/uci-defaults/40_nodogsplash
View File

@@ -1,9 +0,0 @@
#!/bin/sh
uci -q batch <<-EOF
delete firewall.nodogsplash
set firewall.nodogsplash=include
set firewall.nodogsplash.type=script
set firewall.nodogsplash.path=/usr/lib/nodogsplash/restart.sh
commit firewall
EOF

10
openwrt/nodogsplash/files/usr/lib/nodogsplash/restart.sh
View File

@@ -1,10 +0,0 @@
#!/bin/sh
# Check if nodogsplash is running
ndspid=$(ps | grep nodogsplash_cfg | awk -F ' ' 'NR==2 {print $1}')
if [ ! -z $ndspid ]; then
if [ "$(uci -q get nodogsplash.@nodogsplash[0].fwhook_enabled)" = "1" ]; then
echo "fwhook restart request received - restarting " | logger -p "daemon.warn" -s -t "nodogsplash[$ndspid]: "
/etc/init.d/nodogsplash restart
fi
fi

81
openwrt/opennds/Makefile Normal file
View File

@@ -0,0 +1,81 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=opennds
PKG_FIXUP:=autoreconf
PKG_VERSION:=5.0.0beta
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://codeload.github.com/opennds/opennds/tar.gz/v$(PKG_VERSION)?
PKG_SOURCE:=opennds-$(PKG_VERSION).tar.gz
PKG_HASH:= #shasum -a 256 of tar.gz of source files goes here
PKG_BUILD_DIR:=$(BUILD_DIR)/opennds-$(PKG_VERSION)
PKG_MAINTAINER:=Rob White <rob@blue-wave.net>
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+
include $(INCLUDE_DIR)/package.mk
define Package/opennds
SUBMENU:=Captive Portals
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libpthread +iptables-mod-ipopt +libmicrohttpd-no-ssl
TITLE:=Open public network gateway daemon
URL:=https://github.com/opennds/opennds
endef
define Package/opennds/description
openNDS is a Captive Portal that offers a simple way to
provide restricted access to the Internet by showing a splash
page to the user before Internet access is granted.
It also incorporates an API that allows the creation of
sophisticated authentication applications.
endef
define Package/opennds/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/opennds $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndsctl $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/opennds/htdocs/images
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/usr/lib/opennds
$(CP) $(PKG_BUILD_DIR)/resources/splash.html $(1)/etc/opennds/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/opennds/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/status.html $(1)/etc/opennds/htdocs/
$(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/opennds/htdocs/images/
$(CP) $(PKG_BUILD_DIR)/openwrt/opennds/files/etc/config/opennds $(1)/etc/config/
$(CP) $(PKG_BUILD_DIR)/openwrt/opennds/files/etc/init.d/opennds $(1)/etc/init.d/
$(CP) $(PKG_BUILD_DIR)/openwrt/opennds/files/etc/uci-defaults/40_opennds $(1)/etc/uci-defaults/
$(CP) $(PKG_BUILD_DIR)/openwrt/opennds/files/usr/lib/opennds/restart.sh $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/PreAuth/demo-preauth.sh $(1)/usr/lib/opennds/login.sh
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_interface.sh $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/get_client_token.sh $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/unescape.sh $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/authmon.sh $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/libs/post-request.php $(1)/usr/lib/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes.php $(1)/etc/opennds/
$(CP) $(PKG_BUILD_DIR)/forward_authentication_service/fas-aes/fas-aes-https.php $(1)/etc/opennds/
endef
define Package/opennds/postrm
#!/bin/sh
uci delete firewall.opennds
uci commit firewall
endef
define Package/opennds/conffiles
/etc/config/opennds
endef
$(eval $(call BuildPackage,opennds))

54
openwrt/nodogsplash/files/etc/config/nodogsplash → openwrt/opennds/files/etc/config/opennds
View File

@@ -1,19 +1,19 @@
# The options available here are an adaptation of the settings used in nodogsplash.conf.
# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
# The options available here are an adaptation of the settings used in opennds.conf.
# See https://github.com/opennds/opennds/blob/master/resources/opennds.conf
config nodogsplash
# Set to 0 to disable nodogsplash
config opennds
# Set to 0 to disable opennds
option enabled 1
# Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
# This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
# Set to 0 to disable hook that makes opennds restart when the firewall restarts.
# This hook is needed as a restart of Firewall overwrites opennds iptables entries.
option fwhook_enabled '1'
# Login Option
# Default: 0
#
# NoDogSplash comes preconfigured for two basic modes of operation
# opennds comes preconfigured for two basic modes of operation
# A default preauth login script, requiring username and email address to be entered.
# and
# A default static splash page (splash.html) with template variables and click to continue
@@ -21,7 +21,7 @@ config nodogsplash
# 0: Use static splash page or FAS config options
# 1: Use default preauth login script
#
# The default preauth login script is installed as part of the NoDogSplash package providing
# The default preauth login script is installed as part of the openNDS package providing
# username/emailaddress login as an alternative to the basic splash page.
#
# It generates a login page asking for username and email address.
@@ -29,7 +29,7 @@ config nodogsplash
# Details of how the script works are contained in comments in the script itself.
#
# Both modes may be customised or a full custom system can be developed using FAS and BinAuth
# See documentation at: https://nodogsplashdocs.readthedocs.io/
# See documentation at: https://openndsdocs.readthedocs.io/
#
option login_option_enabled '0'
@@ -45,7 +45,7 @@ config nodogsplash
# MHD Unescape callback
# MHD has a built in unescape function that urldecodes incoming queries from browsers
# This option allows an external unescape script to be enabled
# The script must be named unescape.sh, be present in /usr/lib/nodogsplash/ and be executable.
# The script must be named unescape.sh, be present in /usr/lib/opennds/ and be executable.
# A standard unescape.sh script is installed by default
# Set to 1 to enable this option, 0 to disable
# default is disabled
@@ -53,36 +53,36 @@ config nodogsplash
# WebRoot
# Default: /etc/nodogsplash/htdocs
# Default: /etc/opennds/htdocs
#
# The local path where the splash page content resides.
# ie. Serve the file splash.html from this directory
#option webroot '/etc/nodogsplash/htdocs'
#option webroot '/etc/opennds/htdocs'
# Use plain configuration file
#option config '/etc/nodogsplash/nodogsplash.conf'
#option config '/etc/opennds/opennds.conf'
# Use this option to set the device nodogsplash will bind to.
# Use this option to set the device opennds will bind to.
# The value may be an interface section in /etc/config/network or a device name such as br-lan.
option gatewayinterface 'br-lan'
# GatewayPort
# Default: 2050
#
# Nodogsplash's own http server uses gateway address as its IP address.
# openNDS's own http server uses gateway address as its IP address.
# The port it listens to at that IP can be set here; default is 2050.
#
#option gatewayport '2050'
# GatewayName
# Default: NoDogSplash
# Default: openNDS
#
# gatewayname is used as an identifier for the instance of NoDogSplash
# gatewayname is used as an identifier for the instance of openNDS
#
# It is displayed on the default static splash page and the default preauth login script.
#
# It is particularly useful in the case of a single remote FAS server that serves multiple
# NoDogSplash sites, allowing the FAS to customise its response for each site.
# openNDS sites, allowing the FAS to customise its response for each site.
#
# Note: The single quote (or apostrophe) character ('), cannot be used in the gatewayname.
# If it is required, use the htmlentity &#39; instead.
@@ -92,7 +92,7 @@ config nodogsplash
# Instead use:
# option gatewayname 'Bill&#39;s WiFi'
#
option gatewayname 'OpenWrt Nodogsplash'
option gatewayname 'OpenWrt openNDS'
# MaxClients
# Default 20
@@ -115,7 +115,7 @@ config nodogsplash
# Session Timeout is the interval after which clients are forced out (a value of 0 means never)
option sessiontimeout '1200'
# The interval in seconds at which nodogsplash checks client timeout status
# The interval in seconds at which opennds checks client timeout status
option checkinterval '600'
# Enable BinAuth Support.
@@ -139,7 +139,7 @@ config nodogsplash
# "timeout_deauth": Client was deauthenticated because the session timed out.
# "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
# "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
# "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
# "shutdown_deauth": Client was deauthenticated by openNDS terminating.
#
# Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
#
@@ -216,7 +216,7 @@ config nodogsplash
# are encrypted using faskey and passed to FAS in the query string.
# The query string will also contain a randomly generated initialization vector to be used by the FAS for decryption.
# The "php-cli" package and the "php-openssl" module must both be installed for fas_secure level 2.
# Nodogsplash does not depend on this package and module, but will exit gracefully
# openNDS does not depend on this package and module, but will exit gracefully
# if this package and module are not installed when this level is set, logging the error in syslog.
# The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string.
# An example FAS php script is supplied in the source code.
@@ -230,13 +230,13 @@ config nodogsplash
# Initially FAS appends its query string to faspath.
# The Preauth program will output html code that will be served to the client by NDS
# Using html GET the Preauth program may call:
# /nodogsplash_preauth/ to ask the client for more information
# /opennds_preauth/ to ask the client for more information
# or
# /nodogsplash_auth/ to authenticate the client
# /opennds_auth/ to authenticate the client
#
# The Preauth program should append at least the client ip to the query string
# (using html input type hidden) for all calls to /nodogsplash_preauth/
# It must also obtain the client token (using ndsctl), for NDS authentication when calling /nodogsplash_auth/
# (using html input type hidden) for all calls to /opennds_preauth/
# It must also obtain the client token (using ndsctl), for NDS authentication when calling /opennds_auth/
#
#option preauth '/path/to/myscript/myscript.sh'
@@ -294,7 +294,7 @@ config nodogsplash
# MAC addresses that do not need to authenticate
#list trustedmac '00:00:C0:01:D0:1D'
# Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
# openNDS uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
# This mask can conflict with the requirements of other packages.
#
# However the defaults are fully compatible with the defaults used in mwan3 and sqm

22
openwrt/nodogsplash/files/etc/init.d/nodogsplash → openwrt/opennds/files/etc/init.d/opennds
View File

@@ -1,7 +1,7 @@
#!/bin/sh /etc/rc.common
#
# Startup/shutdown script for nodogsplash captive portal
# Startup/shutdown script for opennds captive portal
#
START=95
@@ -114,7 +114,7 @@ generate_uci_config() {
local upload
# Init config file content
CONFIG="# auto-generated config file from /etc/config/nodogsplash"
CONFIG="# auto-generated config file from /etc/config/opennds"
config_get val "$cfg" config
if [ -n "$val" ]; then
@@ -166,7 +166,7 @@ generate_uci_config() {
setup_mac_lists "$cfg" || return 1
setup_firewall "$cfg"
echo "$CONFIG" > "/tmp/etc/nodogsplash_$cfg.conf"
echo "$CONFIG" > "/tmp/etc/opennds_$cfg.conf"
return 0
}
@@ -184,9 +184,9 @@ create_instance() {
fi
procd_open_instance $cfg
procd_set_param command /usr/bin/nodogsplash -c "/tmp/etc/nodogsplash_$cfg.conf" $OPTIONS
procd_set_param command /usr/bin/opennds -c "/tmp/etc/opennds_$cfg.conf" $OPTIONS
procd_set_param respawn
procd_set_param file "/tmp/etc/nodogsplash_$cfg.conf"
procd_set_param file "/tmp/etc/opennds_$cfg.conf"
procd_close_instance
}
@@ -194,16 +194,16 @@ start_service() {
# For network_get_device()
include /lib/functions
# For nodogsplash.conf file
# For opennds.conf file
mkdir -p /tmp/etc/
config_load nodogsplash
config_foreach create_instance nodogsplash
config_load opennds
config_foreach create_instance opennds
}
stop_service() {
# When procd terminates nodogsplash, it does not exit fast enough.
# Otherwise procd will restart nodogsplash twice. First time starting
# nodogsplash fails, second time it succeeds.
# When procd terminates opennds, it does not exit fast enough.
# Otherwise procd will restart opennds twice. First time starting
# opennds fails, second time it succeeds.
sleep 1
}

9
openwrt/opennds/files/etc/uci-defaults/40_nodogsplash Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
uci -q batch <<-EOF
delete firewall.opennds
set firewall.opennds=include
set firewall.opennds.type=script
set firewall.opennds.path=/usr/lib/opennds/restart.sh
commit firewall
EOF

10
openwrt/opennds/files/usr/lib/opennds/restart.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
# Check if opennds is running
ndspid=$(ps | grep opennds_cfg | awk -F ' ' 'NR==2 {print $1}')
if [ ! -z $ndspid ]; then
if [ "$(uci -q get opennds.@opennds[0].fwhook_enabled)" = "1" ]; then
echo "fwhook restart request received - restarting " | logger -p "daemon.warn" -s -t "opennds[$ndspid]: "
/etc/init.d/opennds restart
fi
fi

542
resources/nodogsplash.conf
View File

@@ -1,542 +0,0 @@
#
# Nodogsplash Configuration File
#
# The "#" character at the beginning of a line indicates that the whole line is a comment.
#
# "#" characters within a line are assumed to be part of the configured option
#
# Option: GatewayInterface
# Default: NONE
#
# GatewayInterface is not autodetected, has no default, and must be set here.
# Set GatewayInterface to the interface on your router
# that is to be managed by Nodogsplash.
# Typically br-lan for the wired and wireless lan.
#
GatewayInterface br-lan
# Login Option
# Default: 0
#
# NoDogSplash comes preconfigured for two basic modes of operation
# A default preauth login script, requiring username and email address to be entered.
# and
# A default static splash page (splash.html) with template variables and click to continue
#
# 0: Use static splash page or FAS config options
# 1: Use default preauth login script
#
# The default preauth login script is installed as part of the NoDogSplash package providing
# username/emailaddress login as an alternative to the basic splash page.
#
# It generates a login page asking for username and email address.
# User logins are recorded in the log file /tmp/ndslog.log
# Details of how the script works are contained in comments in the script itself.
#
# Both modes may be customised or a full custom system can be developed using FAS and BinAuth
# See documentation at: https://nodogsplashdocs.readthedocs.io/
#
login_option_enabled 0
# Use outdated libmicrohttpd (MHD)
# Older versions of MHD convert & and + characters to spaces when present in form data
# This can make a PreAuth or BinAuth impossible to use for a client if form data contains either of these characters
# eg. in username or password
# MHD versions earlier than 0.9.69 are detected.
# If this option is set to 0 (default), NDS will terminate if MHD is earlier than 0.9.69
# If this option is set to 1, NDS will start but log an error.
use_outdated_mhd 0
# MHD Unescape callback
# MHD has a built in unescape function that urldecodes incoming queries from browsers
# This option allows an external unescape script to be enabled
# The script must be named unescape.sh, be present in /usr/lib/nodogsplash/ and be executable.
# A standard unescape.sh script is installed by default
# Set to 1 to enable this option, 0 to disable
# default is disabled
#
unescape_callback_enabled 0
# Option: WebRoot
# Default: /etc/nodogsplash/htdocs
#
# The local path where the splash page content resides.
# FirewallRuleSet: authenticated-users
#
# Control access for users after authentication.
# These rules are inserted at the beginning of the
# FORWARD chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# have authenticated with Nodogsplash, and that are
# destined to be routed through the router. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, an authenticated
# packet that does not match any rule is rejected.
# N.B.: This ruleset is completely independent of
# the preauthenticated-users ruleset.
#
FirewallRuleSet authenticated-users {
# You may want to open access to a machine on a local
# subnet that is otherwise blocked (for example, to
# serve a redirect page; see RedirectURL). If so,
# allow that explicitly here, e.g:
# FirewallRule allow tcp port 80 to 192.168.254.254
# Your router may have several interfaces, and you
# probably want to keep them private from the GatewayInterface.
# If so, you should block the entire subnets on those interfaces, e.g.:
# FirewallRule block to 192.168.0.0/16
# FirewallRule block to 10.0.0.0/8
# Typical ports you will probably want to open up include
# 53 udp and tcp for DNS,
# 80 for http,
# 443 for https,
# 22 for ssh:
# FirewallRule allow tcp port 53
# FirewallRule allow udp port 53
# FirewallRule allow tcp port 80
# FirewallRule allow tcp port 443
# FirewallRule allow tcp port 22
# Or for happy customers allow all
FirewallRule allow all
# You might use ipset to easily allow/block range of ips, e.g.:
# FirewallRule allow ipset WHITELISTED_IPS
# FirewallRule allow tcp port 80 ipset WHITELISTED_IPS
}
# end FirewallRuleSet authenticated-users
# FirewallRuleSet: preauthenticated-users
#
# Control access for users before authentication.
# These rules are inserted in the PREROUTING chain
# of the router's nat table, and in the
# FORWARD chain of the router's filter table.
# These rules apply to packets that have come in to the
# router over the GatewayInterface from MAC addresses that
# are not on the BlockedMACList or TrustedMACList,
# are *not* authenticated with Nodogsplash. The rules are
# considered in order, and the first rule that matches
# a packet applies to it. A packet that does not match
# any rule here is rejected.
# N.B.: This ruleset is completely independent of
# the authenticated-users and users-to-router rulesets.
#
FirewallRuleSet preauthenticated-users {
# For preauthenticated users to resolve IP addresses in their
# initial request not using the router itself as a DNS server.
# Leave commented to help prevent DNS tunnelling
# FirewallRule allow tcp port 53
# FirewallRule allow udp port 53
#
# For splash page content not hosted on the router, you
# will want to allow port 80 tcp to the remote host here.
# Doing so circumvents the usual capture and redirect of
# any port 80 request to this remote host.
# Note that the remote host's numerical IP address must be known
# and used here.
# FirewallRule allow tcp port 80 to 123.321.123.321
}
# end FirewallRuleSet preauthenticated-users
# FirewallRuleSet: users-to-router
#
# Control access to the router itself from the GatewayInterface.
# These rules are inserted at the beginning of the
# INPUT chain of the router's filter table, and
# apply to packets that have come in to the router
# over the GatewayInterface from MAC addresses that
# are not on the TrustedMACList, and are destined for
# the router itself. The rules are
# considered in order, and the first rule that matches
# a packet applies to it.
# If there are any rules in this ruleset, a
# packet that does not match any rule is rejected.
#
FirewallRuleSet users-to-router {
# Nodogsplash automatically allows tcp to GatewayPort,
# at GatewayAddress, to serve the splash page.
# However you may want to open up other ports, e.g.
# 53 for DNS and 67 for DHCP if the router itself is
# providing these services.
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
# You may want to allow ssh, http, and https to the router
# for administration from the GatewayInterface. If not,
# comment these out.
FirewallRule allow tcp port 22
FirewallRule allow tcp port 80
FirewallRule allow tcp port 443
}
# end FirewallRuleSet users-to-router
# EmptyRuleSetPolicy directives
# The FirewallRuleSets that NoDogSplash permits are:
#
# authenticated-users
# preauthenticated-users
# users-to-router
# trusted-users
# trusted-users-to-router
#
# For each of these, an EmptyRuleSetPolicy can be specified.
# An EmptyRuleSet policy applies to a FirewallRuleSet if the
# FirewallRuleSet is missing from this configuration file,
# or if it exists but contains no FirewallRules.
#
# The possible values of an EmptyRuleSetPolicy are:
# allow -- packets are accepted
# block -- packets are rejected
# passthrough -- packets are passed through to pre-existing firewall rules
#
# Default EmptyRuleSetPolicies are set as follows:
# EmptyRuleSetPolicy authenticated-users passthrough
# EmptyRuleSetPolicy preauthenticated-users block
# EmptyRuleSetPolicy users-to-router block
# EmptyRuleSetPolicy trusted-users allow
# EmptyRuleSetPolicy trusted-users-to-router allow
# GatewayName
# Default: NoDogSplash
#
# gatewayname is used as an identifier for the instance of NoDogSplash
#
# It is displayed on the default static splash page and the default preauth login script.
#
# It is particularly useful in the case of a single remote FAS server that serves multiple
# NoDogSplash sites, allowing the FAS to customise its response for each site.
#
# Note: The single quote (or apostrophe) character ('), cannot be used in the gatewayname.
# If it is required, use the htmlentity &#39; instead.
#
# For example:
# GatewayName Bill's WiFi is invalid.
# Instead use:
# GatewayName Bill&#39;s WiFi
#
# GatewayName NoDogSplash
# Option: GatewayAddress
# Default: Discovered from GatewayInterface
#
# This should be autodetected and need not be specified.
# If set here, it must be set to the IP address of the router on
# the GatewayInterface. Setting incorrectly will result in failure of Nodogsplash.
#
# GatewayAddress 192.168.1.1
# Option: StatusPage
# Default: status.html
#
# The page the client is show if the client is already authenticated but navigates to the captive portal.
#
# StatusPage status.html
# Option: SplashPage
# Default: splash.html
#
# The page the client is redirected to if not authenticated or whitelisted.
#
# SplashPage splash.html
# Option: RedirectURL
# Default: none
#
# After authentication, normally a user is redirected
# to their initially requested page.
# If RedirectURL is set, the user is redirected to this URL instead.
# NOTE: RedirectURL is deprecated.
# redirectURL is now redundant as most CPD implementations immediately close the "splash" page
# as soon as NDS authenticates, thus redirectURL will not be shown.
#
# This functionality, ie displaying a particular web page as a final "Landing Page",
# can be achieved reliably using FAS, with NDS calling the previous "redirectURL" as the FAS page.
#
# Option: GatewayPort
# Default: 2050
#
# Nodogsplash's own http server uses GatewayAddress as its IP address.
# The port it listens to at that IP can be set here; default is 2050.
#
# GatewayPort 2050
# Option: MaxClients
# Default: 20
#
# Set MaxClients to the maximum number of users allowed to
# connect at any time. (Does not include users on the TrustedMACList,
# who do not authenticate.)
#
MaxClients 250
# Option: SessionTimeout
# Default: 0
#
# Set the default session length in minutes. A value of 0 is for
# sessions without an end.
#
# Option: PreAuthIdleTimeout
# Default: 10
#
# Set PreAuthIdleTimeout to the desired number of minutes before
# an pre-authenticated user is automatically removed from the client list.
#
# Option: AuthIdleTimeout
# Default: 120
#
# Set AuthIdleTimeout to the desired number of minutes before
# an authenticated user is automatically 'deauthenticated'
# and removed from the client list.
#
# Option: CheckInterval
# Default: 30
#
# Interval in seconds (!) the timeouts of all clients are checked.
#
# Option: MACMechanism
# Default: block
#
# Either block or allow.
# If 'block', MAC addresses on BlockedMACList are blocked from
# authenticating, and all others are allowed.
# If 'allow', MAC addresses on AllowedMACList are allowed to
# authenticate, and all other (non-trusted) MAC's are blocked.
#
# MACMechanism block
# Option: BlockedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will be completely blocked
# from the GatewayInterface. Ignored if MACMechanism is allow.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# BlockedMACList 00:00:DE:AD:BE:EF,00:00:C0:1D:F0:0D
# Option: AllowedMACList
# Default: none
#
# Comma-separated list of MAC addresses who will not be completely
# blocked from the GatewayInterface. Ignored if MACMechanism is block.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# AllowedMACList 00:00:12:34:56:78
# Option: TrustedMACList
# Default: none
#
# Comma-separated list of MAC addresses who are not subject to
# authentication, and are not restricted by any FirewallRuleSet.
# N.B.: weak security, since MAC addresses are easy to spoof.
#
# TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D
# Option: TrafficControl
# Default: no
#
# Set to yes (or true or 1), to enable traffic control in Nodogsplash.
#
# TrafficControl no
# Option: DownloadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum download
# speed to the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 768 kbit
# download speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 384.
# A value of 0 means no download limiting is done.
#
# DownloadLimit 384
# Option: UploadLimit
# Default: 0
#
# If TrafficControl is enabled, this sets the maximum upload
# speed from the GatewayInterface, in kilobits per second.
# For example if you have an ADSL connection with 128 kbit
# upload speed, and you want to allow about half of that
# bandwidth for the GatewayInterface, set this to 64.
# A value of 0 means no upload limiting is done.
#
# UploadLimit 64
# Option: GatewayIPRange
# Default: 0.0.0.0/0
#
# By setting this parameter, you can specify a range of IP addresses
# on the GatewayInterface that will be responded to and managed by
# Nodogsplash. Addresses outside this range do not have their packets
# touched by Nodogsplash at all.
# Defaults to 0.0.0.0/0, that is, all addresses.
#
# GatewayIPRange 0.0.0.0/0
# Option: DebugLevel
# Default: 1
# 0 : Silent (only LOG_ERR and LOG_EMERG messages will be seen, otherwise there will be no logging.)
# 1 : LOG_ERR, LOG_EMERG, LOG_WARNING and LOG_NOTICE (this is the default level).
# 2 : debuglevel 1 + LOG_INFO
# 3 : debuglevel 2 + LOG_DEBUG
# DebugLevel 1
# Option: fasport
# Default: None
#
# Enable Forwarding Authentication Service (FAS)
# If set redirection is changed from splash.html to a FAS (provided by the system administrator)
# The value is the IP port number of the FAS
# Note: if FAS is running locally (ie fasremoteip is NOT set), port 80 cannot be used
#
# Typical remote Hosted Example:
# fasport 80
#
# Typical Locally Hosted Example:
# fasport 2080
# Option: fasremotefqdn
# Default: Not set
# If set, this is the remote fully qualified domain name (FQDN) of the FAS.
# The protocol must NOT be prepended to the FQDN (ie http:// or https://)
# To prevent CPD or browser security errors NDS prepends http:// before redirection.
# If set, DNS MUST resolve fasremotefqdn to be the same ip address as fasremoteip.
# Typical Remote Shared Hosting Example:
# fasremotefqdn onboard-wifi.net
# Option: fasremoteip
# Default: GatewayAddress (the IP of NDS)
#
# If set, this is the remote ip address of the FAS.
#
# Typical Locally Hosted example (ie fasremoteip not set):
# fasremoteip 46.32.240.41
# Option: faspath
# Default: /
#
# This is the path from the FAS Web Root to the FAS login page
# (not the file system root).
#
# Typical Shared Hosting example:
# faspath '/onboard-wifi.net/nodog/fas.php'
#
# Typical Locally Hosted example (ie fasremoteip not set):
# faspath /nodog/fas.php
# Option: faskey
# Default: not set
# A key phrase for NDS to encrypt the query string sent to FAS
# Can be any combination of A-Z, a-z and 0-9, up to 16 characters with no white space
#option faskey 1234567890
#
# Option: fas_secure_enabled
# Default: 1
#
# ****If set to "0"****
# the client token is sent to the FAS in clear text in the query string of the
# redirect along with authaction and redir.
#
# ****If set to "1" and option faskey is NOT set****
# authaction and the client token are not revealed and it is the responsibility
# of the FAS to request the token from NDSCTL.
#
# ****If set to "1" and option faskey IS set****
# The client token will be hashed and sent to the FAS identified as “hid” in the query string.
# The gatewayaddress is also sent on the query string, allowing the FAS to construct the authaction parameter.
# FAS must return the sha256sum of the concatenation of the original hid and faskey, to be used by NDS for client authentication.
# This is returned in the normal way in the query string identified as “tok”.
# NDS will automatically detect whether hid mode is active or the raw token is being returned.
# Should sha256sum not be available to NDS when faskey is set, NDS will exit gracefully, logging the error in syslog.
#
# *****If set to 2****
# clientip, clientmac, gatewayname, client token, gatewayaddress, authdir, originurl and clientif
# are encrypted using faskey and passed to FAS in the query string.
# The query string will also contain a randomly generated initialization vector to be used by the FAS for decryption.
# The "php-cli" package and the "php-openssl" module must both be installed for fas_secure level 2.
# Nodogsplash does not depend on this package and module, but will exit gracefully
# if this package and module are not installed when this level is set, logging the error in syslog.
# The FAS must use the query string passed initialisation vector and the pre shared fas_key to decrypt the query string.
# An example FAS php script is supplied in the source code.
#
#fas_secure_enabled 0
# PreAuth
# PreAuth support allows FAS to call a local program or script with html served by the built in NDS web server
# If the option is set, it points to a program/script that is called by the NDS FAS handler
# All other FAS settings will be overidden.
# Initially FAS appends its query string to faspath.
# The Preauth program will output html code that will be served to the client by NDS
# Using html GET the Preauth program may call:
# /nodogsplash_preauth/ to ask the client for more information
# or
# /nodogsplash_auth/ to authenticate the client
#
# The Preauth program should append at least the client ip to the query string
# (using html input type hidden) for all calls to /nodogsplash_preauth/
# It must also obtain the client token (using ndsctl), for NDS authentication when calling /nodogsplash_auth/
#
#preauth /path/to/myscript/myscript.sh
# Option: BinAuth
#
# Enable BinAuth Support.
# If set, a program is called with several parameters on authentication (request) and deauthentication.
#
# Request for authentication:
#
# $<BinAuth> auth_client <client_mac> '<username>' '<password>'
#
# The username and password values may be empty strings and are URL encoded.
# The program is expected to output the number of seconds the client
# is to be authenticated. Zero or negative seconds will cause the authentification request
# to be rejected. The same goes for an exit code that is not 0.
# The output may contain a user specific download and upload limit in KBit/s:
# <seconds> <upload> <download>
#
# Called on authentication or deauthentication:
# $<BinAuth> <*auth|*deauth> <incoming_bytes> <outgoing_bytes> <session_start> <session_end>
#
# "client_auth": Client authenticated via this script.
# "client_deauth": Client deauthenticated by the client via splash page.
# "idle_deauth": Client was deauthenticated because of inactivity.
# "timeout_deauth": Client was deauthenticated because the session timed out.
# "ndsctl_auth": Client was authenticated manually by the ndsctl tool.
# "ndsctl_deauth": Client was deauthenticated by the ndsctl tool.
# "shutdown_deauth": Client was deauthenticated by Nodogsplash terminating.
#
# Values session_start and session_start are in seconds since 1970 or 0 for unknown/unlimited.
#
# BinAuth /bin/myauth.sh
# Nodogsplash uses specific HEXADECIMAL values to mark packets used by iptables as a bitwise mask.
# This mask can conflict with the requirements of other packages such as mwan3, sqm etc
# Any values set here are interpreted as in hex format.
#
# Option: fw_mark_authenticated
# Default: 30000 (0011|0000|0000|0000|0000 binary)
#
# Option: fw_mark_trusted
# Default: 20000 (0010|0000|0000|0000|0000 binary)
#
# Option: fw_mark_blocked
# Default: 10000 (0001|0000|0000|0000|0000 binary)
#

152
resources/splash.css
View File

@@ -1,86 +1,86 @@
body {
background-color: lightgrey;
color: black;
margin-left: 5%;
margin-right: 5%;
text-align: left;
}
body {
background-color: lightgrey;
color: black;
margin-left: 5%;
margin-right: 5%;
text-align: left;
}
hr {
display:block;
margin-top:0.5em;
margin-bottom:0.5em;
margin-left:auto;
margin-right:auto;
border-style:inset;
border-width:5px;
}
hr {
display:block;
margin-top:0.5em;
margin-bottom:0.5em;
margin-left:auto;
margin-right:auto;
border-style:inset;
border-width:5px;
}
.offset {
background: rgba(300, 300, 300, 0.6);
margin-left:auto;
margin-right:auto;
max-width:600px;
min-width:200px;
padding: 5px;
}
.offset {
background: rgba(300, 300, 300, 0.6);
margin-left:auto;
margin-right:auto;
max-width:600px;
min-width:200px;
padding: 5px;
}
.insert {
background: rgba(350, 350, 350, 0.7);
border: 2px solid #aaa;
border-radius: 4px;
min-width:200px;
max-width:100%;
padding: 5px;
}
.insert {
background: rgba(350, 350, 350, 0.7);
border: 2px solid #aaa;
border-radius: 4px;
min-width:200px;
max-width:100%;
padding: 5px;
}
img {
width: 40%;
max-width: 180px;
margin-left: 0%;
margin-right: 5%;
}
img {
width: 40%;
max-width: 180px;
margin-left: 0%;
margin-right: 5%;
}
input[type=text], input[type=email], input[type=password] {
font-size: 1em;
line-height: 2.0em;
height: 2.0em;
color: black;
background: lightgrey;
}
input[type=text], input[type=email], input[type=password] {
font-size: 1em;
line-height: 2.0em;
height: 2.0em;
color: black;
background: lightgrey;
}
input[type=submit], input[type=button] {
font-size: 1em;
line-height: 2.0em;
height: 2.0em;
color: black;
font-weight: bold;
background: lightblue;
}
input[type=submit], input[type=button] {
font-size: 1em;
line-height: 2.0em;
height: 2.0em;
color: black;
font-weight: bold;
background: lightblue;
}
med-blue {
font-size: 1.2em;
color: blue;
font-weight: bold;
font-style: normal;
}
med-blue {
font-size: 1.2em;
color: blue;
font-weight: bold;
font-style: normal;
}
big-red {
font-size: 1.5em;
color: red;
font-weight: bold;
}
big-red {
font-size: 1.5em;
color: red;
font-weight: bold;
}
italic-black {
font-size: 1.0em;
color: black;
font-weight: bold;
font-style: italic;
}
italic-black {
font-size: 1.0em;
color: black;
font-weight: bold;
font-style: italic;
}
copy-right {
font-size: 0.7em;
color: darkgrey;
font-weight: bold;
font-style:italic;
}
copy-right {
font-size: 0.7em;
color: darkgrey;
font-weight: bold;
font-style:italic;
}

4
resources/splash.html
View File

@@ -14,7 +14,7 @@
<!--
Content:
Nodogsplash (NDS), by default, serves this splash page (splash.html)
openNDS (NDS), by default, serves this splash page (splash.html)
when a client device Captive Portal Detection (CPD) process
attempts to send a port 80 request to the Internet.
@@ -82,7 +82,7 @@ or appended to the query string of the authtarget link:
</form>
<hr>
<copy-right>Copyright &copy; The Nodogsplash Contributors 2004-2020.<br>This software is released under the GNU GPL license.</copy-right>
<copy-right>Copyright &copy; The openNDS Contributors 2004-2020.<br>This software is released under the GNU GPL license.</copy-right>
</div></div>
</body>

BIN
resources/splash.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.1 KiB

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
resources/splash.xcf Normal file
View File

Binary file not shown.

2
resources/status.html
View File

@@ -36,7 +36,7 @@ Status:
<p><italic-black>You can use your Browser, Email and other network Apps as you normally would.</italic-black></p>
<hr>
<copy-right>Copyright &copy; The Nodogsplash Contributors 2004-2020.<br>This software is released under the GNU GPL license.</copy-right>
<copy-right>Copyright &copy; The openNDS Contributors 2004-2020.<br>This software is released under the GNU GPL license.</copy-right>
</div></div>
</body>