-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth_portal.sh
57 lines (50 loc) · 1.71 KB
/
auth_portal.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
bash /root/iptables.sh # restore rules
auth_pipe=/tmp/captive_auth
res_pipe=/tmp/captive_res
user=joshua5201
group=joshua5201
extif=enp0s3
trap "rm -f $auth_pipe $res_pipe" EXIT
if [[ ! -p $auth_pipe ]]; then
mkfifo $auth_pipe
chown $user:$group $auth_pipe
fi
if [[ ! -p $res_pipe ]]; then
mkfifo $res_pipe
chown $user:$group $res_pipe
fi
passwd_file=portal.passwd
while true
do
if read line < $auth_pipe ; then
authuser=`echo "$line" | awk 'BEGIN {FS=";"}{print $1}'`
authpasswd=`echo "$line" | awk 'BEGIN {FS=";"}{print $2}'`
authipaddr=`echo "$line" | awk 'BEGIN {FS=";"}{print $3}'`
authtime=`echo "$line" | awk 'BEGIN {FS=";"}{print $4}'`
echo "Auth from $authipaddr $authtime"
echo "username: $authuser"
echo "passwd: $authpasswd"
passed=false
while read authdata
do
if [[ "$authuser;$authpasswd" == "$authdata" ]]; then
echo "passed" > $res_pipe
#requirement of NA course (redirecting to proxy)
iptables -t nat -I PREROUTING 1 -s $authipaddr -p tcp --dport 80 -j REDIRECT --to-ports 3128
#iptables -t nat -I PREROUTING 1 -s $authipaddr -p tcp --dport 80 -j ACCEPT
iptables -t filter -I FORWARD 1 -s $authipaddr -p tcp --dport 443 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -o $extif -j MASQUERADE
passed=true
echo "auth passed"
break
fi
sleep 1
done < "$passwd_file"
if [[ "$passed" == "false" ]]; then
echo "failed\n" > $res_pipe
echo "auth failed"
fi
fi
sleep 1
done