Merge pull request #6 from splash-networks/ruckus

Ruckus
2025-02-24 11:31:33 +05:00
parent 0d71534d55 ccf24ff004
commit 7a997b466b
2 changed files with 133 additions and 0 deletions
--- a/Ruckus/README.md
+++ b/Ruckus/README.md
@@ -13,3 +13,43 @@ Apache access log for Ruckus Unleashed:
 ```
 "GET /?sip=192.168.0.253&mac=b479c83c4b20&client_mac=5edec34d503d&uip=192.168.1.106&lid=&dn=&url=http%3a%2f%2fcaptive.apple.com%2fhotspot%2ddetect.html&ssid=Captive+Ruckus+Test&loc=&vlan=1 HTTP/1.0" 200 5193 "-" "CaptiveNetworkSupport-443.40.1 wispr"
 ```
+
+When using Ruckus virtual SmartZone (vSZ) the access log is like this:
+
+```
+"GET /?nbiIP=192.168.200.211&client_mac=ENCd2dbf9a1f1689ed0e5ab4c59c6ea8055bb6673892a41751e&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=ruckus&dn=scg.ruckuswireless.com&ssid=ruckus&mac=00:33:58:16:ef:20&url=http%3A%2F%2Fconnectivitycheck.gstatic.com%2Fgenerate_204&proxy=0&vlan=1&wlan=1&sip=scg.ruckuswireless.com&zoneName=8DT35_ORh3sMfx-OkfQWdsVkUHecuUNVnVoM7abVZ-Q_1740048752130&apip=192.168.200.32&sshTunnelStatus=1&uip=ENCb2579826807a6430655a4e4d78347972&StartURL=https%3A%2F%2Fwww.google.com HTTP/1.1" 200 4378 "-" "Mozilla/5.0 (Linux; Android 14; SM-A336E Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.49 Mobile Safari/537.36"
+```
+
+We can use the command `no encrypt-mac-ip` in vSZ commandline to get unencrypted MAC and IP in the query parameters:
+
+```
+"GET /?nbiIP=192.168.200.211&client_mac=2A:27:69:06:54:D7&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=ruckus&dn=scg.ruckuswireless.com&ssid=ruckus&mac=00:33:58:16:ef:20&url=http%3A%2F%2Fconnectivitycheck.gstatic.com%2Fgenerate_204&proxy=0&vlan=1&wlan=1&sip=scg.ruckuswireless.com&zoneName=9cnnpXWnSBXgaxwcB5hfZLjF4XXDk0VPL61R2DOf-nA_1740227749817&apip=192.168.200.32&sshTunnelStatus=1&uip=192.168.200.34&StartURL=https%3A%2F%2Fwww.google.com HTTP/1.1" 200 636 "-" "Mozilla/5.0 (Linux; Android 14; SM-A336E Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.49 Mobile Safari/537.36"
+```
+
+FreeRADIUS debug log:
+
+```
+(0) Received Access-Request Id 51 from 192.168.200.211:51082 to 192.168.200.38:1812 length 356
+(0)   User-Name = "test"
+(0)   User-Password = "test"
+(0)   NAS-IP-Address = 192.168.200.32
+(0)   Service-Type = Login-User
+(0)   Framed-IP-Address = 192.168.200.34
+(0)   WISPr-Logoff-URL = "http://192.168.200.38"
+(0)   Ruckus-VLAN-ID = 1
+(0)   Ruckus-SSID = "ruckus"
+(0)   Ruckus-Wlan-Name = "ruckus"
+(0)   Ruckus-Zone-Name = "Default Zone"
+(0)   Ruckus-Client-Host-Name = "Nasir-s-A33"
+(0)   Ruckus-Client-Os-Type = "Android"
+(0)   Ruckus-Client-Os-Class = "Android"
+(0)   Ruckus-Client-Device-Type = "Smartphones"
+(0)   Called-Station-Id = "00-33-58-56-EF-20:ruckus"
+(0)   Calling-Station-Id = "2A-27-69-06-54-D7"
+(0)   NAS-Identifier = "00-33-58-56-EF-20"
+(0)   Acct-Session-Id = "815dfcc8-855c-453f-a3e2-fd57c5110165"
+(0)   NAS-Port-Type = Wireless-802.11
+(0)   Event-Timestamp = "Feb 24 2025 05:44:20 UTC"
+(0)   Message-Authenticator = 0x3659ab5f1b72213ad75c26c56219b0b5
+(0)   Proxy-State = 0x323439
+```
--- a/Ruckus/vsz/index.php
+++ b/Ruckus/vsz/index.php
@@ -0,0 +1,93 @@
+<?php
+
+session_start();
+
+########### Set the following parameters according to your environment #########
+
+// Northbound Portal Interface credentials
+
+$username = 'admin';
+$password = 'Admin@123';
+
+// Redirect URL after successful user authorization
+
+$redirectURL = "https://www.google.com";
+
+################################################################################
+
+
+if (!isset($_POST['submit'])) {
+  $_SESSION['url'] = "http://" . $_GET['nbiIP'] . ":9080/portalintf";
+  // In case of https: $_SESSION['url'] = "https://" . $_GET['nbiIP'] . ":9443/portalintf";
+  $_SESSION['client_mac'] = $_GET['client_mac'];
+  $_SESSION['uip'] = $_GET['uip'];
+} else {
+  $postData = [
+    "Vendor" => "ruckus",
+    "RequestUserName" => $username,
+    "RequestPassword" => $password,
+    "APIVersion" => "1.0",
+    "RequestCategory" => "UserOnlineControl",
+    "RequestType" => "Login",
+    "UE-IP" => $_SESSION["uip"],
+    "UE-MAC" => $_SESSION["client_mac"],
+    "UE-Proxy" => "0",
+    "UE-Username" => $_SESSION['client_mac'],
+    "UE-Password" => $_SESSION['client_mac']
+  ];
+
+  $curl = curl_init();
+
+  curl_setopt_array($curl, array(
+    CURLOPT_URL => $_SESSION['url'],
+    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_ENCODING => '',
+    CURLOPT_MAXREDIRS => 10,
+    CURLOPT_TIMEOUT => 0,
+    CURLOPT_SSL_VERIFYPEER => false,
+    CURLOPT_SSL_VERIFYHOST => false,
+    CURLOPT_FOLLOWLOCATION => true,
+    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+    CURLOPT_CUSTOMREQUEST => 'POST',
+    CURLOPT_POSTFIELDS => json_encode($postData),
+    CURLOPT_HTTPHEADER => array(
+      'Content-Type: application/json'
+    ),
+  ));
+
+  $response = curl_exec($curl);
+
+  curl_close($curl);
+
+  if ($response !== false) {
+    $json = json_decode($response, true);
+    $responseCode = $json['ResponseCode'];
+    if ($responseCode == 201 || $responseCode == 101) {
+      header("Location: " . $redirectURL);
+    } else {
+        echo "Error: check with your network administrator";
+    }
+  }
+  else {
+    die("Error: check with your network administrator");
+  }
+}
+
+?>
+
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>WiFi Portal</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
+</head>
+<body>
+<p>Welcome!<br>
+  Please login to our Wifi service</p>
+
+<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
+    <input type="submit" name="submit" value="LOGIN" />
+</form>
+</body>
+</html>