00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00027 #define _GNU_SOURCE
00028
00029 #include <stdio.h>
00030 #include <stdlib.h>
00031 #include <pthread.h>
00032 #include <string.h>
00033 #include <stdarg.h>
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <unistd.h>
00037 #include <syslog.h>
00038
00039 #include "httpd.h"
00040 #include "http.h"
00041 #include "safe.h"
00042 #include "conf.h"
00043 #include "debug.h"
00044 #include "auth.h"
00045 #include "centralserver.h"
00046 #include "fw_iptables.h"
00047 #include "firewall.h"
00048 #include "client_list.h"
00049 #include "util.h"
00050
00051
00052 extern pthread_mutex_t client_list_mutex;
00053
00054
00055 extern long served_this_session;
00056
00062 void
00063 thread_client_timeout_check(void *arg)
00064 {
00065 pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
00066 pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER;
00067 struct timespec timeout;
00068
00069 while (1) {
00070
00071 timeout.tv_sec = time(NULL) + config_get_config()->checkinterval;
00072 timeout.tv_nsec = 0;
00073
00074
00075 pthread_mutex_lock(&cond_mutex);
00076
00077
00078 pthread_cond_timedwait(&cond, &cond_mutex, &timeout);
00079
00080
00081 pthread_mutex_unlock(&cond_mutex);
00082
00083 debug(LOG_DEBUG, "Running fw_counter()");
00084
00085 fw_sync_with_authserver();
00086 }
00087 }
00088
00092 void
00093 authenticate_client(request *r)
00094 {
00095 t_client *client;
00096 t_authresponse auth_response;
00097 char *ip,
00098 *mac,
00099 *token;
00100 char *newlocation = NULL;
00101 char *protocol = NULL;
00102 s_config *config = NULL;
00103 t_auth_serv *auth_server = NULL;
00104 int port = 80;
00105
00106 LOCK_CLIENT_LIST();
00107
00108 client = client_list_find_by_ip(r->clientAddr);
00109
00110 if (client == NULL) {
00111 debug(LOG_ERR, "Could not find client for %s", ip);
00112 UNLOCK_CLIENT_LIST();
00113 return;
00114 }
00115
00116 mac = safe_strdup(client->mac);
00117 token = safe_strdup(client->token);
00118
00119 UNLOCK_CLIENT_LIST();
00120
00121 auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, r->clientAddr, mac, token, 0, 0);
00122
00123 LOCK_CLIENT_LIST();
00124
00125
00126 client = client_list_find(r->clientAddr, mac);
00127
00128 if (client == NULL) {
00129 debug(LOG_ERR, "Could not find client node for %s (%s)", r->clientAddr, mac);
00130 UNLOCK_CLIENT_LIST();
00131 free(token);
00132 free(mac);
00133 return;
00134 }
00135
00136 free(token);
00137 free(mac);
00138
00139
00140 config = config_get_config();
00141 auth_server = get_auth_server();
00142
00143 if (auth_server->authserv_use_ssl) {
00144 protocol = "https";
00145 port = auth_server->authserv_ssl_port;
00146 } else {
00147 protocol = "http";
00148 port = auth_server->authserv_http_port;
00149 }
00150
00151 switch(auth_response.authcode) {
00152
00153 case AUTH_ERROR:
00154
00155 debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac);
00156 http_wifidog_header(r, "Error!");
00157 httpdOutput(r, "Error: We did not get a valid answer from the central server");
00158 http_wifidog_footer(r);
00159 break;
00160
00161 case AUTH_DENIED:
00162
00163 debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac);
00164 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=denied",
00165 protocol,
00166 auth_server->authserv_hostname,
00167 port,
00168 auth_server->authserv_path
00169 );
00170 httpdSetResponse(r, "307 Redirect to denied message\n");
00171 httpdAddHeader(r, newlocation);
00172 free(newlocation);
00173 http_wifidog_header(r, "Redirection to message");
00174 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=denied'>click here</a>.",
00175 protocol,
00176 auth_server->authserv_hostname,
00177 port,
00178 auth_server->authserv_path
00179 );
00180 http_wifidog_footer(r);
00181 break;
00182
00183 case AUTH_VALIDATION:
00184
00185 debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s - adding to firewall and redirecting them to activate message", client->token, client->ip, client->mac);
00186 client->fw_connection_state = FW_MARK_PROBATION;
00187 fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
00188 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=activate",
00189 protocol,
00190 auth_server->authserv_hostname,
00191 port,
00192 auth_server->authserv_path
00193 );
00194 httpdSetResponse(r, "307 Redirect to activate message\n");
00195 httpdAddHeader(r, newlocation);
00196 free(newlocation);
00197 http_wifidog_header(r, "Redirection to message");
00198 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=activate'>click here</a>.",
00199 protocol,
00200 auth_server->authserv_hostname,
00201 port,
00202 auth_server->authserv_path
00203 );
00204 http_wifidog_footer(r);
00205 break;
00206
00207 case AUTH_ALLOWED:
00208
00209 debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
00210 client->fw_connection_state = FW_MARK_KNOWN;
00211 fw_allow(client->ip, client->mac, FW_MARK_KNOWN);
00212 served_this_session++;
00213 safe_asprintf(&newlocation, "Location: %s://%s:%d%sportal/?gw_id=%s",
00214 protocol,
00215 auth_server->authserv_hostname,
00216 port,
00217 auth_server->authserv_path,
00218 config->gw_id
00219 );
00220 httpdSetResponse(r, "307 Redirect to portal\n");
00221 httpdAddHeader(r, newlocation);
00222 free(newlocation);
00223 http_wifidog_header(r, "Redirection to portal");
00224 httpdPrintf(r, "Please <a href='%s://%s:%d%sportal/?gw_id=%s'>click here</a> for the portal.",
00225 protocol,
00226 auth_server->authserv_hostname,
00227 port,
00228 auth_server->authserv_path,
00229 config->gw_id
00230 );
00231 http_wifidog_footer(r);
00232 break;
00233
00234 case AUTH_VALIDATION_FAILED:
00235
00236 debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s - redirecting them to failed_validation message", client->token, client->ip, client->mac);
00237 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=failed_validation",
00238 protocol,
00239 auth_server->authserv_hostname,
00240 port,
00241 auth_server->authserv_path
00242 );
00243 httpdSetResponse(r, "307 Redirect to failed validation message\n");
00244 httpdAddHeader(r, newlocation);
00245 free(newlocation);
00246 http_wifidog_header(r, "Redirection to message");
00247 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=failed_validation'>click here</a>.",
00248 protocol,
00249 auth_server->authserv_hostname,
00250 port,
00251 auth_server->authserv_path
00252 );
00253 http_wifidog_footer(r);
00254 break;
00255
00256 default:
00257 debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac);
00258 http_wifidog_header(r, "Internal error");
00259 httpdOutput(r, "We can not validate your request at this time");
00260 http_wifidog_footer(r);
00261 break;
00262
00263 }
00264
00265 UNLOCK_CLIENT_LIST();
00266 return;
00267 }
00268
00269