00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00027 #define _GNU_SOURCE
00028
00029 #include <stdio.h>
00030 #include <stdlib.h>
00031 #include <pthread.h>
00032 #include <string.h>
00033 #include <stdarg.h>
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <unistd.h>
00037 #include <syslog.h>
00038
00039 #include "httpd.h"
00040 #include "http.h"
00041 #include "safe.h"
00042 #include "conf.h"
00043 #include "debug.h"
00044 #include "auth.h"
00045 #include "centralserver.h"
00046 #include "fw_iptables.h"
00047 #include "firewall.h"
00048 #include "client_list.h"
00049 #include "util.h"
00050
00051
00052 extern pthread_mutex_t client_list_mutex;
00053
00054
00055 extern long served_this_session;
00056
00062 void
00063 thread_client_timeout_check(const void *arg)
00064 {
00065 pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
00066 pthread_mutex_t cond_mutex = PTHREAD_MUTEX_INITIALIZER;
00067 struct timespec timeout;
00068
00069 while (1) {
00070
00071 timeout.tv_sec = time(NULL) + config_get_config()->checkinterval;
00072 timeout.tv_nsec = 0;
00073
00074
00075 pthread_mutex_lock(&cond_mutex);
00076
00077
00078 pthread_cond_timedwait(&cond, &cond_mutex, &timeout);
00079
00080
00081 pthread_mutex_unlock(&cond_mutex);
00082
00083 debug(LOG_DEBUG, "Running fw_counter()");
00084
00085 fw_sync_with_authserver();
00086 }
00087 }
00088
00093 void
00094 authenticate_client(request *r)
00095 {
00096 t_client *client;
00097 t_authresponse auth_response;
00098 char *mac,
00099 *token;
00100 char *urlFragment = NULL;
00101 s_config *config = NULL;
00102 t_auth_serv *auth_server = NULL;
00103
00104 LOCK_CLIENT_LIST();
00105
00106 client = client_list_find_by_ip(r->clientAddr);
00107
00108 if (client == NULL) {
00109 debug(LOG_ERR, "Could not find client for %s", r->clientAddr);
00110 UNLOCK_CLIENT_LIST();
00111 return;
00112 }
00113
00114 mac = safe_strdup(client->mac);
00115 token = safe_strdup(client->token);
00116
00117 UNLOCK_CLIENT_LIST();
00118
00119
00120
00121
00122
00123
00124 auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, r->clientAddr, mac, token, 0, 0);
00125
00126 LOCK_CLIENT_LIST();
00127
00128
00129 client = client_list_find(r->clientAddr, mac);
00130
00131 if (client == NULL) {
00132 debug(LOG_ERR, "Could not find client node for %s (%s)", r->clientAddr, mac);
00133 UNLOCK_CLIENT_LIST();
00134 free(token);
00135 free(mac);
00136 return;
00137 }
00138
00139 free(token);
00140 free(mac);
00141
00142
00143 config = config_get_config();
00144 auth_server = get_auth_server();
00145
00146 switch(auth_response.authcode) {
00147
00148 case AUTH_ERROR:
00149
00150 debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac);
00151 send_http_page(r, "Error!", "Error: We did not get a valid answer from the central server");
00152 break;
00153
00154 case AUTH_DENIED:
00155
00156 debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac);
00157 safe_asprintf(&urlFragment, "%smessage=%s",
00158 auth_server->authserv_msg_script_path_fragment,
00159 GATEWAY_MESSAGE_DENIED
00160 );
00161 http_send_redirect_to_auth(r, urlFragment, "Redirect to denied message");
00162 free(urlFragment);
00163 break;
00164
00165 case AUTH_VALIDATION:
00166
00167 debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s"
00168 "- adding to firewall and redirecting them to activate message", client->token,
00169 client->ip, client->mac);
00170 client->fw_connection_state = FW_MARK_PROBATION;
00171 fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
00172 safe_asprintf(&urlFragment, "%smessage=%s",
00173 auth_server->authserv_msg_script_path_fragment,
00174 GATEWAY_MESSAGE_ACTIVATE_ACCOUNT
00175 );
00176 http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message");
00177 free(urlFragment);
00178 break;
00179
00180 case AUTH_ALLOWED:
00181
00182 debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - "
00183 "adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
00184 client->fw_connection_state = FW_MARK_KNOWN;
00185 fw_allow(client->ip, client->mac, FW_MARK_KNOWN);
00186 served_this_session++;
00187 safe_asprintf(&urlFragment, "%sgw_id=%s",
00188 auth_server->authserv_portal_script_path_fragment,
00189 config->gw_id
00190 );
00191 http_send_redirect_to_auth(r, urlFragment, "Redirect to portal");
00192 free(urlFragment);
00193 break;
00194
00195 case AUTH_VALIDATION_FAILED:
00196
00197 debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s "
00198 "- redirecting them to failed_validation message", client->token, client->ip, client->mac);
00199 safe_asprintf(&urlFragment, "%smessage=%s",
00200 auth_server->authserv_msg_script_path_fragment,
00201 GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED
00202 );
00203 http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message");
00204 free(urlFragment);
00205 break;
00206
00207 default:
00208 debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac);
00209 send_http_page(r, "Internal Error", "We can not validate your request at this time");
00210 break;
00211
00212 }
00213
00214 UNLOCK_CLIENT_LIST();
00215 return;
00216 }
00217
00218