Annotation of embedaddon/coova-chilli/src/redir.c, revision 1.1
1.1 ! misho 1: /*
! 2: * HTTP redirection functions.
! 3: * Copyright (C) 2004, 2005 Mondru AB.
! 4: * Copyright (c) 2006-2007 David Bird <david@cova.com>
! 5: *
! 6: * The contents of this file may be used under the terms of the GNU
! 7: * General Public License Version 2, provided that the above copyright
! 8: * notice and this permission notice is included in all copies or
! 9: * substantial portions of the software.
! 10: *
! 11: */
! 12:
! 13: #include "system.h"
! 14: #include "syserr.h"
! 15: #include "radius.h"
! 16: #include "radius_wispr.h"
! 17: #include "radius_chillispot.h"
! 18: #include "redir.h"
! 19: #include "md5.h"
! 20: #include "dhcp.h"
! 21: #include "chilli.h"
! 22: #include "options.h"
! 23:
! 24: static int optionsdebug = 0; /* TODO: Should be changed to instance */
! 25:
! 26: static int keep_going = 1; /* OK as global variable for child process */
! 27:
! 28: static int termstate = REDIR_TERM_INIT; /* When we were terminated */
! 29:
! 30: char credits[] =
! 31: "<H1>CoovaChilli(ChilliSpot) " VERSION "</H1>"
! 32: "<p>Copyright 2002-2005 Mondru AB</p>"
! 33: "<p>Copyright 2006-2007 Coova.org</p>"
! 34: "ChilliSpot is an Open Source captive portal or wireless LAN access point "
! 35: "controller developed by the community at <a href=\"http://coova.org\">coova.org</a>. "
! 36: "It is licensed under the Gnu Public License (GPL). ";
! 37:
! 38: struct redir_socket{int fd[2];};
! 39: static unsigned char redir_radius_id=0;
! 40: static int redir_getparam(struct redir_t *redir, char *src, char *param, bstring dst);
! 41: extern time_t mainclock;
! 42:
! 43: /* Termination handler for clean shutdown */
! 44: static void redir_termination(int signum) {
! 45: if (optionsdebug) log_dbg("Terminating redir client!\n");
! 46: keep_going = 0;
! 47: }
! 48:
! 49: /* Alarm handler for ensured shutdown */
! 50: static void redir_alarm(int signum) {
! 51: log_warn(0, "Client process timed out: %d", termstate);
! 52: exit(0);
! 53: }
! 54:
! 55: /* Generate a 16 octet random challenge */
! 56: static int redir_challenge(unsigned char *dst) {
! 57: FILE *file;
! 58:
! 59: if ((file = fopen("/dev/urandom", "r")) == NULL) {
! 60: log_err(errno, "fopen(/dev/urandom, r) failed");
! 61: return -1;
! 62: }
! 63:
! 64: if (fread(dst, 1, REDIR_MD5LEN, file) != REDIR_MD5LEN) {
! 65: log_err(errno, "fread() failed");
! 66: return -1;
! 67: }
! 68:
! 69: fclose(file);
! 70: return 0;
! 71: }
! 72:
! 73: /* Convert 32+1 octet ASCII hex string to 16 octet unsigned char */
! 74: static int redir_hextochar(unsigned char *src, unsigned char * dst) {
! 75: char x[3];
! 76: int n;
! 77: int y;
! 78:
! 79: for (n=0; n< REDIR_MD5LEN; n++) {
! 80: x[0] = src[n*2+0];
! 81: x[1] = src[n*2+1];
! 82: x[2] = 0;
! 83: if (sscanf (x, "%2x", &y) != 1) {
! 84: log_err(0, "HEX conversion failed!");
! 85: return -1;
! 86: }
! 87: dst[n] = (unsigned char) y;
! 88: }
! 89:
! 90: return 0;
! 91: }
! 92:
! 93: /* Convert 16 octet unsigned char to 32+1 octet ASCII hex string */
! 94: static int redir_chartohex(unsigned char *src, char *dst) {
! 95: char x[3];
! 96: int n;
! 97:
! 98: for (n=0; n<REDIR_MD5LEN; n++) {
! 99: snprintf(x, 3, "%.2x", src[n]);
! 100: dst[n*2+0] = x[0];
! 101: dst[n*2+1] = x[1];
! 102: }
! 103:
! 104: dst[REDIR_MD5LEN*2] = 0;
! 105: return 0;
! 106: }
! 107:
! 108: static int redir_xmlencode(char *src, int srclen, char *dst, int dstsize) {
! 109: char *x;
! 110: int n;
! 111: int i = 0;
! 112:
! 113: for (n=0; n<srclen; n++) {
! 114: x=0;
! 115: switch(src[n]) {
! 116: case '&': x = "&"; break;
! 117: case '\"': x = """; break;
! 118: case '<': x = "<"; break;
! 119: case '>': x = ">"; break;
! 120: default:
! 121: if (i < dstsize - 1) dst[i++] = src[n];
! 122: break;
! 123: }
! 124: if (x) {
! 125: if (i < dstsize - strlen(x)) {
! 126: strncpy(dst + i, x, strlen(x));
! 127: i += strlen(x);
! 128: }
! 129: }
! 130: }
! 131: dst[i] = 0;
! 132: return 0;
! 133: }
! 134:
! 135: static int bstrtocstr(bstring src, char *dst, unsigned int len) {
! 136: int l;
! 137:
! 138: if (!src || src->slen == 0) {
! 139: strcpy(dst,"");
! 140: return 0;
! 141: }
! 142:
! 143: l = src->slen;
! 144: if (l > len) l = len;
! 145: strncpy(dst, (char*)src->data, len);
! 146: return 0;
! 147: }
! 148:
! 149: /* Encode src as urlencoded and place null terminated result in dst */
! 150: static int redir_urlencode(bstring src, bstring dst) {
! 151: char x[3];
! 152: int n;
! 153:
! 154: bassigncstr(dst, "");
! 155: for (n=0; n<src->slen; n++) {
! 156: if ((('A' <= src->data[n]) && (src->data[n] <= 'Z')) ||
! 157: (('a' <= src->data[n]) && (src->data[n] <= 'z')) ||
! 158: (('0' <= src->data[n]) && (src->data[n] <= '9')) ||
! 159: ('-' == src->data[n]) ||
! 160: ('_' == src->data[n]) ||
! 161: ('.' == src->data[n]) ||
! 162: ('!' == src->data[n]) ||
! 163: ('~' == src->data[n]) ||
! 164: ('*' == src->data[n])) {
! 165: bconchar(dst,src->data[n]);
! 166: }
! 167: else {
! 168: snprintf(x, 3, "%.2x", src->data[n]);
! 169: bconchar(dst, '%');
! 170: bconchar(dst, x[0]);
! 171: bconchar(dst, x[1]);
! 172: }
! 173: }
! 174: return 0;
! 175: }
! 176:
! 177: /* Decode urlencoded src and place null terminated result in dst */
! 178: static int redir_urldecode(bstring src, bstring dst) {
! 179: char x[3];
! 180: int n = 0;
! 181: unsigned int c;
! 182:
! 183: bassigncstr(dst, "");
! 184: while (n<src->slen) {
! 185: if (src->data[n] == '%') {
! 186: if ((n+2) < src->slen) {
! 187: x[0] = src->data[n+1];
! 188: x[1] = src->data[n+2];
! 189: x[2] = 0;
! 190: c = '_';
! 191: sscanf(x, "%x", &c);
! 192: bconchar(dst,c);
! 193: }
! 194: n += 3;
! 195: }
! 196: else {
! 197: bconchar(dst,src->data[n]);
! 198: n++;
! 199: }
! 200: }
! 201: return 0;
! 202: }
! 203:
! 204: /* Make an XML Reply */
! 205: static int redir_xmlreply(struct redir_t *redir,
! 206: struct redir_conn_t *conn, int res, long int timeleft, char* hexchal,
! 207: char* reply, char* redirurl, bstring b) {
! 208: bstring bt;
! 209:
! 210: if (redir->no_uamwispr &&
! 211: !(redir->chillixml)) return 0;
! 212:
! 213: bt = bfromcstr("");
! 214:
! 215: bcatcstr(b,
! 216: "<!--\r\n"
! 217: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n");
! 218:
! 219: if (!redir->no_uamwispr) {
! 220: bcatcstr(b,
! 221: "<WISPAccessGatewayParam\r\n"
! 222: " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\r\n"
! 223: " xsi:noNamespaceSchemaLocation=\"http://www.acmewisp.com/WISPAccessGatewayParam.xsd\""
! 224: ">\r\n");
! 225:
! 226: switch (res) {
! 227:
! 228: case REDIR_ALREADY:
! 229: bcatcstr(b,
! 230: "<AuthenticationPollReply>\r\n"
! 231: "<MessageType>140</MessageType>\r\n"
! 232: "<ResponseCode>102</ResponseCode>\r\n"
! 233: "<ReplyMessage>Already logged on</ReplyMessage>\r\n"
! 234: "</AuthenticationPollReply>\r\n");
! 235: break;
! 236:
! 237: case REDIR_FAILED_REJECT:
! 238: bcatcstr(b,
! 239: "<AuthenticationPollReply>\r\n"
! 240: "<MessageType>140</MessageType>\r\n"
! 241: "<ResponseCode>100</ResponseCode>\r\n");
! 242:
! 243: if (reply) {
! 244: bassignformat(bt, "<ReplyMessage>%s</ReplyMessage>\r\n", reply);
! 245: bconcat(b, bt);
! 246: }
! 247: else {
! 248: bcatcstr(b, "<ReplyMessage>Invalid Password</ReplyMessage>\r\n");
! 249: }
! 250:
! 251: bcatcstr(b, "</AuthenticationPollReply>\r\n");
! 252: break;
! 253:
! 254: case REDIR_FAILED_OTHER:
! 255: bcatcstr(b,
! 256: "<AuthenticationPollReply>\r\n"
! 257: "<MessageType>140</MessageType>\r\n"
! 258: "<ResponseCode>102</ResponseCode>\r\n");
! 259:
! 260: if (reply) {
! 261: bassignformat(bt, "<ReplyMessage>%s</ReplyMessage>\r\n", reply);
! 262: bconcat(b, bt);
! 263: }
! 264: else {
! 265: bcatcstr(b, "<ReplyMessage>Radius error</ReplyMessage>\r\n");
! 266: }
! 267:
! 268: bcatcstr(b, "</AuthenticationPollReply>\r\n");
! 269: break;
! 270:
! 271: case REDIR_SUCCESS:
! 272: bcatcstr(b,
! 273: "<AuthenticationPollReply>\r\n"
! 274: "<MessageType>140</MessageType>\r\n"
! 275: "<ResponseCode>50</ResponseCode>\r\n");
! 276:
! 277: if (reply) {
! 278: bassignformat(bt, "<ReplyMessage>%s</ReplyMessage>\r\n", reply);
! 279: bconcat(b, bt);
! 280: }
! 281:
! 282: bassignformat(bt, "<LogoffURL>http://%s:%d/logoff</LogoffURL>\r\n",
! 283: inet_ntoa(redir->addr), redir->port);
! 284: bconcat(b, bt);
! 285:
! 286: if (redirurl) {
! 287: bassignformat(bt, "<RedirectionURL>%s</RedirectionURL>\r\n", redirurl);
! 288: bconcat(b, bt);
! 289: }
! 290: bcatcstr(b, "</AuthenticationPollReply>\r\n");
! 291: break;
! 292:
! 293: case REDIR_LOGOFF:
! 294: bcatcstr(b,
! 295: "<LogoffReply>\r\n"
! 296: "<MessageType>130</MessageType>\r\n"
! 297: "<ResponseCode>150</ResponseCode>\r\n"
! 298: "</LogoffReply>\r\n");
! 299: break;
! 300:
! 301: case REDIR_SPLASH:
! 302: case REDIR_NOTYET:
! 303: bcatcstr(b,
! 304: "<Redirect>\r\n"
! 305: "<AccessProcedure>1.0</AccessProcedure>\r\n");
! 306:
! 307: if (redir->radiuslocationid) {
! 308: bassignformat(bt, "<AccessLocation>%s</AccessLocation>\r\n", redir->radiuslocationid);
! 309: bconcat(b, bt);
! 310: }
! 311:
! 312: if (redir->radiuslocationname) {
! 313: bassignformat(bt, "<LocationName>%s</LocationName>\r\n", redir->radiuslocationname);
! 314: bconcat(b, bt);
! 315: }
! 316:
! 317: bassignformat(bt, "<LoginURL>%s%cres=smartclient&uamip=%s&uamport=%d&challenge=%s</LoginURL>\r\n",
! 318: options.wisprlogin ? options.wisprlogin : redir->url,
! 319: strchr(options.wisprlogin ? options.wisprlogin : redir->url, '?') ? '&' : '?',
! 320: inet_ntoa(redir->addr), redir->port, hexchal);
! 321: bconcat(b, bt);
! 322:
! 323: bassignformat(bt, "<AbortLoginURL>http://%s:%d/abort</AbortLoginURL>\r\n",
! 324: inet_ntoa(redir->addr), redir->port);
! 325: bconcat(b, bt);
! 326:
! 327: bcatcstr(b,
! 328: "<MessageType>100</MessageType>\r\n"
! 329: "<ResponseCode>0</ResponseCode>\r\n"
! 330: "</Redirect>\r\n");
! 331: break;
! 332:
! 333: case REDIR_ABORT_ACK:
! 334: bcatcstr(b,
! 335: "<AbortLoginReply>\r\n"
! 336: "<MessageType>150</MessageType>\r\n"
! 337: "<ResponseCode>151</ResponseCode>\r\n"
! 338: "</AbortLoginReply>\r\n");
! 339: break;
! 340:
! 341: case REDIR_ABORT_NAK:
! 342: bcatcstr(b,
! 343: "<AbortLoginReply>\r\n"
! 344: "<MessageType>150</MessageType>\r\n"
! 345: "<ResponseCode>50</ResponseCode>\r\n");
! 346: bassignformat(bt, "<LogoffURL>http://%s:%d/logoff</LogoffURL>\r\n",
! 347: inet_ntoa(redir->addr), redir->port);
! 348: bconcat(b, bt);
! 349: bcatcstr(b, "</AbortLoginReply>\r\n");
! 350: break;
! 351:
! 352: case REDIR_STATUS:
! 353: bcatcstr(b,
! 354: "<AuthenticationPollReply>\r\n"
! 355: "<MessageType>140</MessageType>\r\n");
! 356: if (conn->s_state.authenticated != 1) {
! 357: bcatcstr(b,
! 358: "<ResponseCode>150</ResponseCode>\r\n"
! 359: "<ReplyMessage>Not logged on</ReplyMessage>\r\n");
! 360: } else {
! 361: bcatcstr(b,
! 362: "<ResponseCode>50</ResponseCode>\r\n"
! 363: "<ReplyMessage>Already logged on</ReplyMessage>\r\n");
! 364: }
! 365: bcatcstr(b, "</AuthenticationPollReply>\r\n");
! 366: break;
! 367:
! 368: default:
! 369: log_err(0, "Unknown res in switch");
! 370: bdestroy(bt);
! 371: return -1;
! 372:
! 373: }
! 374: bcatcstr(b, "</WISPAccessGatewayParam>\r\n");
! 375: }
! 376:
! 377: if (redir->chillixml) {
! 378: bcatcstr(b, "<ChilliSpotSession>\r\n");
! 379: switch (res) {
! 380: case REDIR_SPLASH:
! 381: case REDIR_NOTYET:
! 382: bassignformat(bt, "<Challenge>%s</Challenge>\r\n", hexchal);
! 383: bconcat(b, bt);
! 384: break;
! 385: case REDIR_STATUS:
! 386: if (conn->s_state.authenticated == 1) {
! 387: time_t timenow = time(0);
! 388: uint32_t sessiontime;
! 389:
! 390: sessiontime = timenow - conn->s_state.start_time;
! 391:
! 392: bcatcstr(b, "<State>1</State>\r\n");
! 393:
! 394: bassignformat(bt, "<StartTime>%d</StartTime>\r\n" , conn->s_state.start_time);
! 395: bconcat(b, bt);
! 396:
! 397: bassignformat(bt, "<SessionTime>%d</SessionTime>\r\n", sessiontime);
! 398: bconcat(b, bt);
! 399:
! 400: if (timeleft) {
! 401: bassignformat(bt, "<TimeLeft>%d</TimeLeft>\r\n", timeleft);
! 402: bconcat(b, bt);
! 403: }
! 404:
! 405: bassignformat(bt, "<Timeout>%d</Timeout>\r\n", conn->s_params.sessiontimeout);
! 406: bconcat(b, bt);
! 407:
! 408: bassignformat(bt, "<InputOctets>%d</InputOctets>\r\n", conn->s_state.input_octets);
! 409: bconcat(b, bt);
! 410:
! 411: bassignformat(bt, "<OutputOctets>%d</OutputOctets>\r\n", conn->s_state.output_octets);
! 412: bconcat(b, bt);
! 413:
! 414: bassignformat(bt, "<MaxInputOctets>%d</MaxInputOctets>\r\n", conn->s_params.maxinputoctets);
! 415: bconcat(b, bt);
! 416:
! 417: bassignformat(bt, "<MaxOutputOctets>%d</MaxOutputOctets>\r\n", conn->s_params.maxoutputoctets);
! 418: bconcat(b, bt);
! 419:
! 420: bassignformat(bt, "<MaxTotalOctets>%d</MaxTotalOctets>\r\n", conn->s_params.maxtotaloctets);
! 421: bconcat(b, bt);
! 422: }
! 423: else {
! 424: bcatcstr(b, "<State>0</State>\r\n");
! 425: }
! 426:
! 427: break;
! 428:
! 429: case REDIR_ALREADY:
! 430: bcatcstr(b, "<Already>1</Already>\r\n");
! 431: break;
! 432:
! 433: case REDIR_FAILED_REJECT:
! 434: case REDIR_FAILED_OTHER:
! 435: if (reply) {
! 436: bassignformat(bt, "<ReplyMessage>%s</ReplyMessage>\r\n", reply);
! 437: bconcat(b, bt);
! 438: }
! 439: bcatcstr(b, "<State>0</State>\r\n");
! 440:
! 441: break;
! 442: case REDIR_SUCCESS:
! 443: if (reply) {
! 444: bassignformat(bt, "<ReplyMessage>%s</ReplyMessage>\r\n", reply);
! 445: bconcat(b, bt);
! 446: }
! 447: bcatcstr(b, "<State>1</State>\r\n");
! 448: break;
! 449: case REDIR_LOGOFF:
! 450: bcatcstr(b, "<State>0</State>\r\n");
! 451: break;
! 452: case REDIR_ABORT_ACK:
! 453: bcatcstr(b, "<Abort_ack>1</Abort_ack>\r\n");
! 454: break;
! 455: case REDIR_ABORT_NAK:
! 456: bcatcstr(b, "<Abort_nak>1</Abort_nak>\r\n");
! 457: break;
! 458: default:
! 459: log_err(0, "Unknown res in switch");
! 460: bdestroy(bt);
! 461: return -1;
! 462: }
! 463: bcatcstr(b, "</ChilliSpotSession>\r\n");
! 464: }
! 465:
! 466: bcatcstr(b, "-->\r\n");
! 467: bdestroy(bt);
! 468: return 0;
! 469: }
! 470:
! 471: static int redir_buildurl(struct redir_conn_t *conn, bstring str,
! 472: struct redir_t *redir, char *resp,
! 473: long int timeleft, char* hexchal, char* uid,
! 474: char* userurl, char* reply, char* redirurl,
! 475: uint8_t *hismac, struct in_addr *hisip) {
! 476: char *redir_url = redir->url;
! 477: bstring bt = bfromcstr("");
! 478: bstring bt2 = bfromcstr("");
! 479:
! 480: if ((conn->s_params.flags & REQUIRE_UAM_SPLASH) &&
! 481: conn->s_params.url[0]) {
! 482: redir_url = conn->s_params.url;
! 483: }
! 484:
! 485: bassignformat(str, "%s%cres=%s&uamip=%s&uamport=%d",
! 486: redir_url, strchr(redir_url, '?') ? '&' : '?',
! 487: resp, inet_ntoa(redir->addr), redir->port);
! 488:
! 489: if (hexchal) {
! 490: bassignformat(bt, "&challenge=%s", hexchal);
! 491: bconcat(str, bt);
! 492: bassigncstr(bt,"");
! 493: }
! 494:
! 495: if (conn->type == REDIR_STATUS) {
! 496: int starttime = conn->s_state.start_time;
! 497: if (starttime) {
! 498: int sessiontime;
! 499: time_t timenow = time(0);
! 500:
! 501: sessiontime = timenow - starttime;
! 502:
! 503: bassignformat(bt, "&starttime=%ld", starttime);
! 504: bconcat(str, bt);
! 505: bassignformat(bt, "&sessiontime=%ld", sessiontime);
! 506: bconcat(str, bt);
! 507: }
! 508:
! 509: if (conn->s_params.sessiontimeout) {
! 510: bassignformat(bt, "&sessiontimeout=%ld", conn->s_params.sessiontimeout);
! 511: bconcat(str, bt);
! 512: }
! 513:
! 514: if (conn->s_params.sessionterminatetime) {
! 515: bassignformat(bt, "&stoptime=%ld", conn->s_params.sessionterminatetime);
! 516: bconcat(str, bt);
! 517: }
! 518: }
! 519:
! 520: if (uid) {
! 521: bcatcstr(str, "&uid=");
! 522: bassigncstr(bt, uid);
! 523: redir_urlencode(bt, bt2);
! 524: bconcat(str, bt2);
! 525: }
! 526:
! 527: if (timeleft) {
! 528: bassignformat(bt, "&timeleft=%ld", timeleft);
! 529: bconcat(str, bt);
! 530: }
! 531:
! 532: if (hismac) {
! 533: bcatcstr(str, "&mac=");
! 534: bassignformat(bt, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
! 535: hismac[0], hismac[1],
! 536: hismac[2], hismac[3],
! 537: hismac[4], hismac[5]);
! 538: redir_urlencode(bt, bt2);
! 539: bconcat(str, bt2);
! 540: }
! 541:
! 542: if (hisip) {
! 543: bassignformat(bt, "&ip=%s", inet_ntoa(*hisip));
! 544: bconcat(str, bt);
! 545: }
! 546:
! 547: if (reply) {
! 548: bcatcstr(str, "&reply=");
! 549: bassigncstr(bt, reply);
! 550: redir_urlencode(bt, bt2);
! 551: bconcat(str, bt2);
! 552: }
! 553:
! 554: if (redir->ssid) {
! 555: bcatcstr(str, "&ssid=");
! 556: bassigncstr(bt, redir->ssid);
! 557: redir_urlencode(bt, bt2);
! 558: bconcat(str, bt2);
! 559: }
! 560:
! 561: if (redir->nasmac) {
! 562: bcatcstr(str, "&called=");
! 563: bassigncstr(bt, redir->nasmac);
! 564: redir_urlencode(bt, bt2);
! 565: bconcat(str, bt2);
! 566: }
! 567:
! 568: if (redir->radiusnasid) {
! 569: bcatcstr(str, "&nasid=");
! 570: bassigncstr(bt, redir->radiusnasid);
! 571: redir_urlencode(bt, bt2);
! 572: bconcat(str, bt2);
! 573: }
! 574:
! 575: if (conn->lang[0]) {
! 576: bcatcstr(str, "&lang=");
! 577: bassigncstr(bt, conn->lang);
! 578: redir_urlencode(bt, bt2);
! 579: bconcat(str, bt2);
! 580: }
! 581:
! 582: if (redirurl) {
! 583: bcatcstr(str, "&redirurl=");
! 584: bassigncstr(bt, redirurl);
! 585: redir_urlencode(bt, bt2);
! 586: bconcat(str, bt2);
! 587: }
! 588:
! 589: if (userurl) {
! 590: bcatcstr(str, "&userurl=");
! 591: bassigncstr(bt, userurl);
! 592: redir_urlencode(bt, bt2);
! 593: bconcat(str, bt2);
! 594: }
! 595:
! 596: if (redir->secret && *redir->secret) { /* take the md5 of the url+uamsecret as a checksum */
! 597: MD5_CTX context;
! 598: unsigned char cksum[16];
! 599: char hex[32+1];
! 600: int i;
! 601:
! 602: MD5Init(&context);
! 603: MD5Update(&context, (uint8_t*)str->data, str->slen);
! 604: MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret));
! 605: MD5Final(cksum, &context);
! 606:
! 607: hex[0]=0;
! 608: for (i=0; i<16; i++)
! 609: sprintf(hex+strlen(hex), "%.2X", cksum[i]);
! 610:
! 611: bcatcstr(str, "&md=");
! 612: bcatcstr(str, hex);
! 613: }
! 614:
! 615: bdestroy(bt);
! 616: bdestroy(bt2);
! 617: return 0;
! 618: }
! 619:
! 620: ssize_t
! 621: tcp_write_timeout(int timeout, struct redir_socket *sock, char *buf, size_t len) {
! 622: fd_set fdset;
! 623: struct timeval tv;
! 624: int fd = sock->fd[1];
! 625:
! 626: FD_ZERO(&fdset);
! 627: FD_SET(fd,&fdset);
! 628:
! 629: tv.tv_sec = timeout;
! 630: tv.tv_usec = 0;
! 631:
! 632: if (select(fd + 1,(fd_set *) 0,&fdset,(fd_set *) 0,&tv) == -1)
! 633: return -1;
! 634:
! 635: if (FD_ISSET(fd, &fdset))
! 636: #if WIN32
! 637: return send(fd,buf,len,0);
! 638: #else
! 639: return write(fd,buf,len);
! 640: #endif
! 641:
! 642: return -1;
! 643: }
! 644:
! 645: static int timeout = 10;
! 646:
! 647: ssize_t
! 648: tcp_write(struct redir_socket *sock, char *buf, size_t len) {
! 649: ssize_t c;
! 650: size_t r = 0;
! 651: while (r < len) {
! 652: c = tcp_write_timeout(timeout, sock, buf+r, len-r);
! 653: if (c <= 0) return (ssize_t)r;
! 654: r += (size_t)c;
! 655: }
! 656: return (ssize_t)r;
! 657: }
! 658:
! 659: static int redir_json_reply(struct redir_t *redir, int res, struct redir_conn_t *conn,
! 660: char *hexchal, char *userurl, char *redirurl, uint8_t *hismac,
! 661: char *reply, char *qs, bstring s) {
! 662: bstring tmp = bfromcstr("");
! 663: bstring json = bfromcstr("");
! 664:
! 665: unsigned char flg = 0;
! 666: #define FLG_cb 1
! 667: #define FLG_chlg 2
! 668: #define FLG_sess 4
! 669: #define FLG_loc 8
! 670: #define FLG_redir 16
! 671:
! 672: int state = conn->s_state.authenticated;
! 673: int splash = (conn->s_params.flags & REQUIRE_UAM_SPLASH) == REQUIRE_UAM_SPLASH;
! 674:
! 675: redir_getparam(redir, qs, "callback", tmp);
! 676:
! 677: if (tmp->slen) {
! 678: bconcat(json, tmp);
! 679: bcatcstr(json, "(");
! 680: flg |= FLG_cb;
! 681: }
! 682:
! 683: switch (res) {
! 684: case REDIR_ALREADY:
! 685: flg |= FLG_sess;
! 686: break;
! 687:
! 688: case REDIR_FAILED_REJECT:
! 689: case REDIR_FAILED_OTHER:
! 690: flg |= FLG_chlg;
! 691: flg |= FLG_redir;
! 692: break;
! 693:
! 694: case REDIR_SUCCESS:
! 695: flg |= FLG_sess;
! 696: flg |= FLG_redir;
! 697: state = 1;
! 698: break;
! 699:
! 700: case REDIR_LOGOFF:
! 701: flg |= FLG_sess | FLG_chlg;
! 702: break;
! 703:
! 704: case REDIR_SPLASH:
! 705: case REDIR_NOTYET:
! 706: flg |= FLG_chlg;
! 707: flg |= FLG_loc;
! 708: flg |= FLG_redir;
! 709: break;
! 710:
! 711: case REDIR_ABORT_ACK:
! 712: case REDIR_ABORT_NAK:
! 713: case REDIR_ABOUT:
! 714: break;
! 715:
! 716: case REDIR_STATUS:
! 717: if (state && !splash) {
! 718: flg |= FLG_sess;
! 719: } else {
! 720: flg |= FLG_chlg;
! 721: flg |= FLG_loc;
! 722: }
! 723: flg |= FLG_redir;
! 724: break;
! 725:
! 726: default:
! 727: break;
! 728: }
! 729:
! 730: if (state && splash)
! 731: state = 3;
! 732:
! 733: bcatcstr(json, "{\"version\":\"1.0\",\"clientState\":");
! 734:
! 735: bassignformat(tmp, "%d", state);
! 736: bconcat(json, tmp);
! 737:
! 738: if (reply) {
! 739: bcatcstr(json, ",\"message\":\"");
! 740: bcatcstr(json, reply);
! 741: bcatcstr(json, "\"");
! 742: }
! 743:
! 744: if ((flg & FLG_chlg) && hexchal) {
! 745: bcatcstr(json, ",\"challenge\":\"");
! 746: bcatcstr(json, hexchal);
! 747: bcatcstr(json, "\"");
! 748: }
! 749:
! 750: if (flg & FLG_loc) {
! 751: bcatcstr(json,",\"location\":{\"name\":\"");
! 752: if (redir->locationname)
! 753: bcatcstr(json, redir->locationname);
! 754: else if (redir->radiuslocationname)
! 755: bcatcstr(json, redir->radiuslocationname);
! 756: bcatcstr(json,"\"");
! 757: bcatcstr(json,"}");
! 758: }
! 759:
! 760: if (flg & FLG_redir)
! 761: session_redir_json_fmt(json, userurl, redirurl, hismac);
! 762:
! 763: if (flg & FLG_sess)
! 764: session_json_fmt(&conn->s_state, &conn->s_params,
! 765: json, res == REDIR_SUCCESS);
! 766:
! 767: bcatcstr(json, "}");
! 768:
! 769: if (flg & FLG_cb) {
! 770: bcatcstr(json, ")");
! 771: }
! 772:
! 773: bassigncstr(s, "HTTP/1.1 200 OK\r\n");
! 774: bcatcstr(s, "Cache-Control: no-cache, must-revalidate\r\n");
! 775:
! 776: bcatcstr(s, "Content-Length: ");
! 777: bassignformat(tmp , "%ld", blength(json) );
! 778: bconcat(s, tmp);
! 779:
! 780: bcatcstr(s, "\r\nContent-type: ");
! 781: if (tmp->slen) bcatcstr(s, "text/javascript");
! 782: else bcatcstr(s, "application/json");
! 783:
! 784: bcatcstr(s, "\r\n\r\n");
! 785: bconcat(s, json);
! 786:
! 787: if (options.debug) {
! 788: log_dbg("sending json: %s\n", json->data);
! 789: }
! 790:
! 791: bdestroy(json);
! 792: bdestroy(tmp);
! 793:
! 794: return 0;
! 795: }
! 796:
! 797: /* Make an HTTP redirection reply and send it to the client */
! 798: static int redir_reply(struct redir_t *redir, struct redir_socket *sock,
! 799: struct redir_conn_t *conn, int res, bstring url,
! 800: long int timeleft, char* hexchal, char* uid,
! 801: char* userurl, char* reply, char* redirurl,
! 802: uint8_t *hismac, struct in_addr *hisip, char *qs) {
! 803:
! 804: char *resp = NULL;
! 805: bstring buffer;
! 806:
! 807: switch (res) {
! 808: case REDIR_ALREADY:
! 809: resp = "already";
! 810: break;
! 811: case REDIR_FAILED_REJECT:
! 812: case REDIR_FAILED_OTHER:
! 813: resp = "failed";
! 814: break;
! 815: case REDIR_SUCCESS:
! 816: resp = "success";
! 817: break;
! 818: case REDIR_LOGOFF:
! 819: resp = "logoff";
! 820: break;
! 821: case REDIR_NOTYET:
! 822: resp = "notyet";
! 823: break;
! 824: case REDIR_SPLASH:
! 825: resp = "splash";
! 826: break;
! 827: case REDIR_ABORT_ACK:
! 828: resp = "logoff";
! 829: break;
! 830: case REDIR_ABORT_NAK:
! 831: resp = "already";
! 832: break;
! 833: case REDIR_ABOUT:
! 834: case REDIR_ABORT:
! 835: break;
! 836: case REDIR_STATUS:
! 837: resp = conn->s_state.authenticated == 1 ? "already" : "notyet";
! 838: break;
! 839: default:
! 840: log_err(0, "Unknown res in switch");
! 841: return -1;
! 842: }
! 843:
! 844: buffer = bfromcstralloc(1024, "");
! 845:
! 846: if (conn->format == REDIR_FMT_JSON) {
! 847:
! 848: redir_json_reply(redir, res, conn, hexchal, userurl, redirurl, hismac, reply, qs, buffer);
! 849:
! 850: } else if (resp) {
! 851: bcatcstr(buffer, "HTTP/1.0 302 Moved Temporarily\r\nLocation: ");
! 852:
! 853: if (url) {
! 854: bconcat(buffer, url);
! 855: } else {
! 856: bstring bt = bfromcstralloc(1024,"");
! 857: if (redir_buildurl(conn, bt, redir, resp, timeleft, hexchal,
! 858: uid, userurl, reply, redirurl, hismac, hisip) == -1) {
! 859: bdestroy(bt);
! 860: bdestroy(buffer);
! 861: return -1;
! 862: }
! 863: log_dbg("here: %s\n", bt->data);
! 864: bconcat(buffer, bt);
! 865: bdestroy(bt);
! 866: }
! 867:
! 868: bcatcstr(buffer,
! 869: "\r\n\r\n<HTML><BODY><H2>Browser error!</H2>"
! 870: "Browser does not support redirects!</BODY>\r\n");
! 871:
! 872: redir_xmlreply(redir, conn, res, timeleft, hexchal, reply, redirurl, buffer);
! 873:
! 874: bcatcstr(buffer, "\r\n</HTML>\r\n");
! 875:
! 876: } else {
! 877: bassigncstr(buffer,
! 878: "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"
! 879: "<HTML><HEAD><TITLE>CoovaChilli</TITLE></HEAD><BODY>");
! 880: bcatcstr(buffer, credits);
! 881: bcatcstr(buffer, "</BODY></HTML>\r\n");
! 882: }
! 883:
! 884: if (tcp_write(sock, (char*)buffer->data, buffer->slen) < 0) {
! 885: log_err(errno, "tcp_write() failed!");
! 886: bdestroy(buffer);
! 887: return -1;
! 888: }
! 889:
! 890: bdestroy(buffer);
! 891: return 0;
! 892: }
! 893:
! 894: /* Allocate new instance of redir */
! 895: int redir_new(struct redir_t **redir,
! 896: struct in_addr *addr, int port, int uiport) {
! 897: struct sockaddr_in address;
! 898: int optval = 1;
! 899: int n = 0;
! 900:
! 901: if (!(*redir = calloc(1, sizeof(struct redir_t)))) {
! 902: log_err(errno, "calloc() failed");
! 903: return EOF;
! 904: }
! 905:
! 906: (*redir)->addr = *addr;
! 907: (*redir)->port = port;
! 908: (*redir)->uiport = uiport;
! 909: (*redir)->starttime = 0;
! 910:
! 911: if (((*redir)->fd[0] = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
! 912: log_err(errno, "socket() failed");
! 913: return -1;
! 914: }
! 915:
! 916: if (uiport && ((*redir)->fd[1] = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
! 917: log_err(errno, "socket() failed");
! 918: return -1;
! 919: }
! 920:
! 921: /* Set up address */
! 922: address.sin_family = AF_INET;
! 923: #if defined(__FreeBSD__) || defined (__APPLE__) || defined (__OpenBSD__) || defined (__NetBSD__)
! 924: address.sin_len = sizeof (struct sockaddr_in);
! 925: #endif
! 926:
! 927: for (n = 0; n < 2 && (*redir)->fd[n]; n++) {
! 928:
! 929: switch(n) {
! 930: case 0:
! 931: address.sin_addr.s_addr = addr->s_addr;
! 932: address.sin_port = htons(port);
! 933: break;
! 934: case 1:
! 935: /* XXX: binding to 0.0.0.0:uiport (should be configurable?) */
! 936: address.sin_addr.s_addr = INADDR_ANY;
! 937: address.sin_port = htons(uiport);
! 938: break;
! 939: }
! 940:
! 941: if (setsockopt((*redir)->fd[n], SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval))) {
! 942: log_err(errno, "setsockopt() failed");
! 943: close((*redir)->fd[n]);
! 944: (*redir)->fd[n]=0;
! 945: break;
! 946: }
! 947:
! 948: /* TODO: FreeBSD?
! 949: if (setsockopt((*redir)->fd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval))) {
! 950: log_err(errno, "setsockopt() failed");
! 951: close((*redir)->fd);
! 952: return -1;
! 953: }
! 954: */
! 955:
! 956: while (bind((*redir)->fd[n], (struct sockaddr *)&address, sizeof(address))) {
! 957: if ((EADDRINUSE == errno) && (10 > n++)) {
! 958: log_warn(0, "UAM port already in use. Waiting for retry.");
! 959: if (sleep(30)) { /* In case we got killed */
! 960: close((*redir)->fd[n]);
! 961: (*redir)->fd[n]=0;
! 962: break;
! 963: }
! 964: }
! 965: else {
! 966: log_err(errno, "bind() failed");
! 967: close((*redir)->fd[n]);
! 968: (*redir)->fd[n]=0;
! 969: break;
! 970: }
! 971: }
! 972:
! 973: if (listen((*redir)->fd[n], REDIR_MAXLISTEN)) {
! 974: log_err(errno, "listen() failed");
! 975: close((*redir)->fd[n]);
! 976: (*redir)->fd[n]=0;
! 977: break;
! 978: }
! 979: }
! 980:
! 981: if (((*redir)->msgid = msgget(IPC_PRIVATE, 0)) < 0) {
! 982: log_err(errno, "msgget() failed");
! 983: log_err(0, "Most likely your computer does not have System V IPC installed");
! 984: return -1;
! 985: }
! 986:
! 987: return 0;
! 988: }
! 989:
! 990:
! 991: /* Free instance of redir */
! 992: int redir_free(struct redir_t *redir) {
! 993: int n;
! 994: for (n = 0; n < 2 && redir->fd[n]; n++) {
! 995: if (close(redir->fd[n])) {
! 996: log_err(errno, "close() failed");
! 997: }
! 998: }
! 999:
! 1000: if (msgctl(redir->msgid, IPC_RMID, NULL)) {
! 1001: log_err(errno, "msgctl() failed");
! 1002: }
! 1003:
! 1004: free(redir);
! 1005: return 0;
! 1006: }
! 1007:
! 1008: /* Set redir parameters */
! 1009: void redir_set(struct redir_t *redir, int debug) {
! 1010: optionsdebug = debug; /* TODO: Do not change static variable from instance */
! 1011: redir->debug = debug;
! 1012: redir->no_uamsuccess = options.no_uamsuccess;
! 1013: redir->no_uamwispr = options.no_uamwispr;
! 1014: redir->chillixml = options.chillixml;
! 1015: redir->url = options.uamurl;
! 1016: redir->homepage = options.uamhomepage;
! 1017: redir->secret = options.uamsecret;
! 1018: redir->ssid = options.ssid;
! 1019: redir->nasmac = options.nasmac;
! 1020: redir->nasip = options.nasip;
! 1021: redir->radiusserver0 = options.radiusserver1;
! 1022: redir->radiusserver1 = options.radiusserver2;
! 1023: redir->radiusauthport = options.radiusauthport;
! 1024: redir->radiusacctport = options.radiusacctport;
! 1025: redir->radiussecret = options.radiussecret;
! 1026: redir->radiusnasid = options.radiusnasid;
! 1027: redir->radiuslocationid = options.radiuslocationid;
! 1028: redir->radiuslocationname = options.radiuslocationname;
! 1029: redir->locationname = options.locationname;
! 1030: redir->radiusnasporttype = options.radiusnasporttype;
! 1031: return;
! 1032: }
! 1033:
! 1034: /* Get a parameter of an HTTP request. Parameter is url decoded */
! 1035: /* TODO: Should be merged with other parsers */
! 1036: static int redir_getparam(struct redir_t *redir, char *src, char *param, bstring dst) {
! 1037: char *p1;
! 1038: char *p2;
! 1039: char sstr[255];
! 1040: int len = 0;
! 1041:
! 1042: strncpy(sstr, param, sizeof(sstr));
! 1043: sstr[sizeof(sstr)-1] = 0;
! 1044: strncat(sstr, "=", sizeof(sstr));
! 1045: sstr[sizeof(sstr)-1] = 0;
! 1046:
! 1047: if (!(p1 = strcasestr(src, sstr))) return -1;
! 1048: p1 += strlen(sstr);
! 1049:
! 1050: /* The parameter ends with a & or null */
! 1051: p2 = strstr(p1, "&");
! 1052:
! 1053: if (p2) len = p2 - p1;
! 1054: else len = strlen(p1);
! 1055:
! 1056: if (len) {
! 1057: bstring s = blk2bstr(p1, len);
! 1058: redir_urldecode(s, dst);
! 1059: bdestroy(s);
! 1060: } else
! 1061: bassigncstr(dst, "");
! 1062:
! 1063: log_dbg("The parameter %s is: [%.*s]", param, dst->slen, dst->data);/**/
! 1064:
! 1065: return 0;
! 1066: }
! 1067:
! 1068: /* Read the an HTTP request from a client */
! 1069: /* If POST is allowed, 1 is the input value of ispost */
! 1070: static int redir_getreq(struct redir_t *redir, struct redir_socket *sock,
! 1071: struct redir_conn_t *conn, int *ispost, size_t *clen,
! 1072: char *qs, size_t qslen) {
! 1073: int fd = sock->fd[0];
! 1074: fd_set fds;
! 1075: struct timeval idleTime;
! 1076: int status;
! 1077: ssize_t recvlen = 0;
! 1078: size_t buflen = 0;
! 1079: char buffer[REDIR_MAXBUFFER];
! 1080: char host[256];
! 1081: char path[256];
! 1082: int i, lines=0, done=0;
! 1083: char *eol;
! 1084:
! 1085: memset(buffer, 0, sizeof(buffer));
! 1086: memset(host, 0, sizeof(host));
! 1087: memset(path, 0, sizeof(path));
! 1088:
! 1089: /* read whatever the client send to us */
! 1090: while (!done && (redir->starttime + REDIR_HTTP_MAX_TIME) > time(NULL)) {
! 1091: FD_ZERO(&fds);
! 1092: FD_SET(fd, &fds);
! 1093:
! 1094: idleTime.tv_sec = 0;
! 1095: idleTime.tv_usec = REDIR_HTTP_SELECT_TIME;
! 1096:
! 1097: switch (status = select(fd + 1, &fds, NULL, NULL, &idleTime)) {
! 1098: case -1:
! 1099: log_err(errno,"select() returned -1!");
! 1100: return -1;
! 1101: case 0:
! 1102: log_dbg("HTTP request timeout!");
! 1103: return -1;
! 1104: default:
! 1105: break;
! 1106: }
! 1107:
! 1108: if ((status > 0) && FD_ISSET(fd, &fds)) {
! 1109: if (buflen + 2 >= sizeof(buffer)) { /* ensure space for a least one more byte + null */
! 1110: log_err(0, "Too much data in http request!");
! 1111: return -1;
! 1112: }
! 1113:
! 1114: /* if post is allowed, we do not buffer on the read (to not eat post data) */
! 1115: if ((recvlen = recv(fd, buffer + buflen, (*ispost) ? 1 : sizeof(buffer) - 1 - buflen, 0)) < 0) {
! 1116: if (errno != ECONNRESET)
! 1117: log_err(errno, "recv() failed!");
! 1118: return -1;
! 1119: }
! 1120:
! 1121: if (recvlen == 0) done=1;
! 1122: buflen += recvlen;
! 1123: buffer[buflen] = 0;
! 1124: }
! 1125:
! 1126: if (buflen == 0) {
! 1127: log_dbg("No data in HTTP request!");
! 1128: return -1;
! 1129: }
! 1130:
! 1131: while ((eol = strstr(buffer, "\r\n"))) {
! 1132: size_t linelen = eol - buffer;
! 1133: *eol = 0;
! 1134:
! 1135: if (lines++ == 0) { /* first line */
! 1136: size_t dstlen = 0;
! 1137: char *p1 = buffer;
! 1138: char *p2;
! 1139:
! 1140: if (optionsdebug)
! 1141: log_dbg("http-request: %s", buffer);
! 1142:
! 1143: if (!strncmp("GET ", p1, 4)) { p1 += 4; *ispost = 0; }
! 1144: else if (!strncmp("HEAD ", p1, 5)) { p1 += 5; *ispost = 0; }
! 1145: else if ((*ispost) &&
! 1146: !strncmp("POST ", p1, 5)) { p1 += 5; *ispost = 1; }
! 1147: else {
! 1148: if (optionsdebug)
! 1149: log_dbg("Unhandled http request: %s", buffer);
! 1150: return -1;
! 1151: }
! 1152:
! 1153: while (*p1 == ' ') p1++; /* Advance through additional white space */
! 1154: if (*p1 == '/') p1++;
! 1155: else return -1;
! 1156:
! 1157: /* The path ends with a ? or a space */
! 1158: p2 = strchr(p1, '?');
! 1159: if (!p2) p2 = strchr(p1, ' ');
! 1160: if (!p2) return -1;
! 1161: dstlen = p2 - p1;
! 1162:
! 1163: if (dstlen >= sizeof(path)-1)
! 1164: dstlen = sizeof(path)-1;
! 1165:
! 1166: strncpy(path, p1, dstlen);
! 1167:
! 1168: if (optionsdebug)
! 1169: log_dbg("The path: %s", path);
! 1170:
! 1171: /* TODO: Should also check the Host: to make sure we are talking directly to uamlisten */
! 1172:
! 1173: if (!strncmp(path, "json/", 5) && strlen(path) > 6) {
! 1174: int i, last=strlen(path)-5;
! 1175:
! 1176: conn->format = REDIR_FMT_JSON;
! 1177:
! 1178: for (i=0; i < last; i++)
! 1179: path[i] = path[i+5];
! 1180:
! 1181: path[last]=0;
! 1182:
! 1183: log_dbg("The (json format) path: %s", path);
! 1184: }
! 1185:
! 1186: if ((!strcmp(path, "logon")) || (!strcmp(path, "login")))
! 1187: conn->type = REDIR_LOGIN;
! 1188: else if ((!strcmp(path, "logoff")) || (!strcmp(path, "logout")))
! 1189: conn->type = REDIR_LOGOUT;
! 1190: else if (!strncmp(path, "www/", 4) && strlen(path) > 4)
! 1191: conn->type = REDIR_WWW;
! 1192: else if (!strcmp(path, "status"))
! 1193: conn->type = REDIR_STATUS;
! 1194: else if (!strncmp(path, "msdownload", 10))
! 1195: { conn->type = REDIR_MSDOWNLOAD; return 0; }
! 1196: else if (!strcmp(path, "prelogin"))
! 1197: { conn->type = REDIR_PRELOGIN; return 0; }
! 1198: else if (!strcmp(path, "abort"))
! 1199: { conn->type = REDIR_ABORT; return 0; }
! 1200:
! 1201: if (*p2 == '?') {
! 1202: p1 = p2 + 1;
! 1203: p2 = strchr(p1, ' ');
! 1204:
! 1205: if (p2) {
! 1206: dstlen = p2 - p1;
! 1207:
! 1208: if (dstlen >= qslen-1)
! 1209: dstlen = qslen-1;
! 1210:
! 1211: strncpy(qs, p1, dstlen);
! 1212:
! 1213: if (optionsdebug)
! 1214: log_dbg("Query string: %s", qs);
! 1215: }
! 1216: }
! 1217: } else if (linelen == 0) {
! 1218: /* end of headers */
! 1219: /*log_dbg("end of http-request");*/
! 1220: done = 1;
! 1221: break;
! 1222: } else {
! 1223: /* headers */
! 1224: char *p;
! 1225: size_t len;
! 1226:
! 1227: if (!strncasecmp(buffer,"Host:",5)) {
! 1228: p = buffer + 5;
! 1229: while (*p && isspace(*p)) p++;
! 1230: len = strlen(p);
! 1231: if (len >= sizeof(host)-1)
! 1232: len = sizeof(host)-1;
! 1233: strncpy(host, p, len);
! 1234: host[len]=0;
! 1235: if (optionsdebug)
! 1236: log_dbg("Host: %s",host);
! 1237: }
! 1238: else if (!strncasecmp(buffer,"Content-Length:",15)) {
! 1239: p = buffer + 15;
! 1240: while (*p && isspace(*p)) p++;
! 1241: len = strlen(p);
! 1242: if (len > 0) *clen = atoi(p);
! 1243: if (optionsdebug)
! 1244: log_dbg("Content-Length: %s",p);
! 1245: }
! 1246: else if (!strncasecmp(buffer,"User-Agent:",11)) {
! 1247: p = buffer + 11;
! 1248: while (*p && isspace(*p)) p++;
! 1249: len = strlen(p);
! 1250: if (len >= sizeof(conn->useragent)-1)
! 1251: len = sizeof(conn->useragent)-1;
! 1252: strncpy(conn->useragent, p, len);
! 1253: conn->useragent[len]=0;
! 1254: if (optionsdebug)
! 1255: log_dbg("User-Agent: %s",conn->useragent);
! 1256: }
! 1257: }
! 1258:
! 1259: /* shift buffer */
! 1260: linelen += 2;
! 1261: for (i = 0; i < (int)(buflen - linelen); i++)
! 1262: buffer[i] = buffer[(int)linelen+i];
! 1263:
! 1264: buflen -= linelen;
! 1265: }
! 1266: }
! 1267:
! 1268: switch(conn->type) {
! 1269:
! 1270: case REDIR_STATUS:
! 1271: return 0;
! 1272:
! 1273: case REDIR_LOGIN:
! 1274: {
! 1275: bstring bt = bfromcstr("");
! 1276:
! 1277: if (!redir_getparam(redir, qs, "lang", bt))
! 1278: bstrtocstr(bt, conn->lang, sizeof(conn->lang));
! 1279:
! 1280: if (!redir_getparam(redir, qs, "ident", bt) && bt->slen)
! 1281: conn->chap_ident = atoi((char*)bt->data);
! 1282:
! 1283: if (redir_getparam(redir, qs, "username", bt)) {
! 1284: log_err(0, "No username found in login request");
! 1285: bdestroy(bt);
! 1286: return -1;
! 1287: }
! 1288:
! 1289: bstrtocstr(bt, conn->s_state.redir.username, sizeof(conn->s_state.redir.username));
! 1290: log_dbg("-->> Setting username=[%s]",conn->s_state.redir.username);
! 1291:
! 1292: if (!redir_getparam(redir, qs, "userurl", bt)) {
! 1293: bstring bt2 = bfromcstr("");
! 1294: redir_urldecode(bt, bt2);
! 1295: bstrtocstr(bt2, conn->s_state.redir.userurl, sizeof(conn->s_state.redir.userurl));
! 1296: if (optionsdebug)
! 1297: log_dbg("-->> Setting userurl=[%s]",conn->s_state.redir.userurl);
! 1298: bdestroy(bt2);
! 1299: }
! 1300:
! 1301: if (!redir_getparam(redir, qs, "response", bt)) {
! 1302: redir_hextochar(bt->data, conn->chappassword);
! 1303: conn->chap = 1;
! 1304: conn->password[0] = 0;
! 1305: }
! 1306: else if (!redir_getparam(redir, qs, "password", bt)) {
! 1307: redir_hextochar(bt->data, conn->password);
! 1308: conn->chap = 0;
! 1309: conn->chappassword[0] = 0;
! 1310: } else {
! 1311: if (optionsdebug)
! 1312: log_dbg("No password found!");
! 1313: bdestroy(bt);
! 1314: return -1;
! 1315: }
! 1316: bdestroy(bt);
! 1317: }
! 1318: break;
! 1319:
! 1320: case REDIR_LOGOUT:
! 1321: case REDIR_PRELOGIN:
! 1322: {
! 1323: bstring bt = bfromcstr("");
! 1324: if (!redir_getparam(redir, qs, "userurl", bt)) {
! 1325: bstring bt2 = bfromcstr("");
! 1326: redir_urldecode(bt, bt2);
! 1327: bstrtocstr(bt2, conn->s_state.redir.userurl, sizeof(conn->s_state.redir.userurl));
! 1328: if (optionsdebug)
! 1329: log_dbg("-->> Setting userurl=[%s]",conn->s_state.redir.userurl);
! 1330: bdestroy(bt2);
! 1331: }
! 1332: bdestroy(bt);
! 1333: }
! 1334: break;
! 1335:
! 1336: case REDIR_WWW:
! 1337: {
! 1338: bstring bt = bfromcstr(path+4);
! 1339: bstring bt2 = bfromcstr("");
! 1340: redir_urldecode(bt, bt2);
! 1341: bstrtocstr(bt2,conn->wwwfile, sizeof(conn->wwwfile));
! 1342: if (optionsdebug)
! 1343: log_dbg("Serving file %s", conn->wwwfile);
! 1344: bdestroy(bt2);
! 1345: bdestroy(bt);
! 1346: }
! 1347: break;
! 1348:
! 1349: default:
! 1350: {
! 1351: /* some basic checks for urls we don't care about */
! 1352:
! 1353: snprintf(conn->s_state.redir.userurl, sizeof(conn->s_state.redir.userurl), "http://%s/%s%s%s",
! 1354: host, path, qs[0] ? "?" : "", qs[0] ? qs : "");
! 1355:
! 1356: if (optionsdebug)
! 1357: log_dbg("-->> Setting userurl=[%s]",conn->s_state.redir.userurl);
! 1358: }
! 1359: break;
! 1360:
! 1361: }
! 1362:
! 1363: return 0;
! 1364: }
! 1365:
! 1366: /* Radius callback when access accept/reject/challenge has been received */
! 1367: static int redir_cb_radius_auth_conf(struct radius_t *radius,
! 1368: struct radius_packet_t *pack,
! 1369: struct radius_packet_t *pack_req, void *cbp) {
! 1370: struct redir_conn_t *conn = (struct redir_conn_t*) cbp;
! 1371: struct radius_attr_t *stateattr = NULL;
! 1372: struct radius_attr_t *classattr = NULL;
! 1373: struct radius_attr_t *attr = NULL;
! 1374: char attrs[RADIUS_ATTR_VLEN+1];
! 1375:
! 1376: if (optionsdebug)
! 1377: log_dbg("Received access request confirmation from radius server\n");
! 1378:
! 1379: if (!conn) {
! 1380: log_err(0, "No peer protocol defined");
! 1381: conn->response = REDIR_FAILED_OTHER;
! 1382: return 0;
! 1383: }
! 1384:
! 1385: if (!pack) { /* Timeout */
! 1386: log_err(0, "Radius request timed out");
! 1387: conn->response = REDIR_FAILED_OTHER;
! 1388: return 0;
! 1389: }
! 1390:
! 1391: /* We expect ACCESS-ACCEPT, ACCESS-REJECT (or ACCESS-CHALLENGE) */
! 1392: if ((pack->code != RADIUS_CODE_ACCESS_REJECT) &&
! 1393: (pack->code != RADIUS_CODE_ACCESS_CHALLENGE) &&
! 1394: (pack->code != RADIUS_CODE_ACCESS_ACCEPT)) {
! 1395: log_err(0, "Unknown radius access reply code %d", pack->code);
! 1396: conn->response = REDIR_FAILED_OTHER;
! 1397: return 0;
! 1398: }
! 1399:
! 1400: /* Reply message (might be present in both ACCESS-ACCEPT and ACCESS-REJECT */
! 1401: if (!radius_getattr(pack, &attr, RADIUS_ATTR_REPLY_MESSAGE, 0, 0, 0)) {
! 1402: memcpy(conn->replybuf, attr->v.t, attr->l-2);
! 1403: conn->replybuf[attr->l-2] = 0;
! 1404: conn->reply = conn->replybuf;
! 1405: }
! 1406: else {
! 1407: conn->replybuf[0] = 0;
! 1408: conn->reply = NULL;
! 1409: }
! 1410:
! 1411: config_radius_session(&conn->s_params, pack, 0);
! 1412:
! 1413: /* Class */
! 1414: if (!radius_getattr(pack, &classattr, RADIUS_ATTR_CLASS, 0, 0, 0)) {
! 1415: conn->s_state.redir.classlen = classattr->l-2;
! 1416: memcpy(conn->s_state.redir.classbuf, classattr->v.t, classattr->l-2);
! 1417: log_dbg("!!!! CLASSLEN = %d !!!!", conn->s_state.redir.classlen);
! 1418: }
! 1419: /*else {
! 1420: log_dbg("!!!! RESET CLASSLEN !!!!");
! 1421: conn->s_state.redir.classlen = 0;
! 1422: }*/
! 1423:
! 1424: if (pack->code != RADIUS_CODE_ACCESS_ACCEPT) {
! 1425: /* ACCESS-REJECT */
! 1426: conn->response = REDIR_FAILED_REJECT;
! 1427: return 0;
! 1428: }
! 1429:
! 1430: /* ACCESS-ACCEPT */
! 1431:
! 1432: /* State */
! 1433: if (!radius_getattr(pack, &stateattr, RADIUS_ATTR_STATE, 0, 0, 0)) {
! 1434: conn->s_state.redir.statelen = stateattr->l-2;
! 1435: memcpy(conn->s_state.redir.statebuf, stateattr->v.t, stateattr->l-2);
! 1436: }
! 1437: else {
! 1438: conn->s_state.redir.statelen = 0;
! 1439: }
! 1440:
! 1441: if (conn->s_params.sessionterminatetime) {
! 1442: time_t timenow = time(0);
! 1443: if (timenow > conn->s_params.sessionterminatetime) {
! 1444: conn->response = REDIR_FAILED_OTHER;
! 1445: log_warn(0, "WISPr-Session-Terminate-Time in the past received: %s", attrs);
! 1446: return 0;
! 1447: }
! 1448: }
! 1449:
! 1450: conn->response = REDIR_SUCCESS;
! 1451: return 0;
! 1452: }
! 1453:
! 1454: /* Send radius Access-Request and wait for answer */
! 1455: static int redir_radius(struct redir_t *redir, struct in_addr *addr,
! 1456: struct redir_conn_t *conn, char reauth) {
! 1457: unsigned char chap_password[REDIR_MD5LEN + 2];
! 1458: unsigned char chap_challenge[REDIR_MD5LEN];
! 1459: unsigned char user_password[REDIR_MD5LEN + 1];
! 1460: struct radius_packet_t radius_pack;
! 1461: struct radius_t *radius; /* Radius client instance */
! 1462: struct timeval idleTime; /* How long to select() */
! 1463: time_t endtime, now; /* for radius wait */
! 1464: int maxfd = 0; /* For select() */
! 1465: fd_set fds; /* For select() */
! 1466: int status;
! 1467:
! 1468: MD5_CTX context;
! 1469:
! 1470: char mac[REDIR_MACSTRLEN+1];
! 1471: char url[REDIR_URL_LEN];
! 1472: int n;
! 1473:
! 1474: if (radius_new(&radius,
! 1475: &redir->radiuslisten, 0, 0,
! 1476: NULL, 0, NULL, NULL, NULL)) {
! 1477: log_err(0, "Failed to create radius");
! 1478: return -1;
! 1479: }
! 1480:
! 1481: radius->next = redir_radius_id;
! 1482:
! 1483: if (radius->fd > maxfd)
! 1484: maxfd = radius->fd;
! 1485:
! 1486: radius_set(radius, dhcp ? dhcp->ipif.hwaddr : 0, (options.debug & DEBUG_RADIUS));
! 1487:
! 1488: radius_set_cb_auth_conf(radius, redir_cb_radius_auth_conf);
! 1489:
! 1490: radius_default_pack(radius, &radius_pack, RADIUS_CODE_ACCESS_REQUEST);
! 1491:
! 1492: if (optionsdebug)
! 1493: log_dbg("created radius packet (code=%d, id=%d, len=%d)\n",
! 1494: radius_pack.code, radius_pack.id, ntohs(radius_pack.length));
! 1495:
! 1496: radius_addattr(radius, &radius_pack, RADIUS_ATTR_USER_NAME, 0, 0, 0,
! 1497: (uint8_t*) conn->s_state.redir.username, strlen(conn->s_state.redir.username));
! 1498:
! 1499: /* If lang on logon url, then send it with attribute ChilliSpot-Lang */
! 1500: if(conn->lang[0])
! 1501: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1502: RADIUS_VENDOR_CHILLISPOT, RADIUS_ATTR_CHILLISPOT_LANG,
! 1503: 0, (uint8_t*) conn->lang, strlen(conn->lang));
! 1504:
! 1505: if (options.radiusoriginalurl)
! 1506: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1507: RADIUS_VENDOR_CHILLISPOT, RADIUS_ATTR_CHILLISPOT_ORIGINALURL,
! 1508: 0, (uint8_t*) conn->s_state.redir.userurl, strlen(conn->s_state.redir.userurl));
! 1509:
! 1510: if (redir->secret && *redir->secret) {
! 1511: /*fprintf(stderr,"SECRET: [%s]\n",redir->secret);*/
! 1512: /* Get MD5 hash on challenge and uamsecret */
! 1513: MD5Init(&context);
! 1514: MD5Update(&context, conn->s_state.redir.uamchal, REDIR_MD5LEN);
! 1515: MD5Update(&context, (uint8_t*) redir->secret, strlen(redir->secret));
! 1516: MD5Final(chap_challenge, &context);
! 1517: }
! 1518: else {
! 1519: memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
! 1520: }
! 1521:
! 1522: if (conn->chap == 0) {
! 1523: for (n=0; n < REDIR_MD5LEN; n++)
! 1524: user_password[n] = conn->password[n] ^ chap_challenge[n];
! 1525:
! 1526: radius_addattr(radius, &radius_pack, RADIUS_ATTR_USER_PASSWORD, 0, 0, 0,
! 1527: (uint8_t*)user_password, REDIR_MD5LEN);
! 1528: }
! 1529: else if (conn->chap == 1) {
! 1530: chap_password[0] = conn->chap_ident; /* Chap ident found on logon url */
! 1531: memcpy(chap_password+1, conn->chappassword, REDIR_MD5LEN);
! 1532:
! 1533: radius_addattr(radius, &radius_pack, RADIUS_ATTR_CHAP_CHALLENGE, 0, 0, 0,
! 1534: chap_challenge, REDIR_MD5LEN);
! 1535:
! 1536: radius_addattr(radius, &radius_pack, RADIUS_ATTR_CHAP_PASSWORD, 0, 0, 0,
! 1537: chap_password, REDIR_MD5LEN+1);
! 1538: }
! 1539:
! 1540: radius_addnasip(radius, &radius_pack);
! 1541:
! 1542: radius_addattr(radius, &radius_pack, RADIUS_ATTR_SERVICE_TYPE, 0, 0,
! 1543: RADIUS_SERVICE_TYPE_LOGIN, NULL, 0); /* WISPr_V1.0 */
! 1544:
! 1545: radius_addattr(radius, &radius_pack, RADIUS_ATTR_FRAMED_IP_ADDRESS, 0, 0,
! 1546: ntohl(conn->hisip.s_addr), NULL, 0); /* WISPr_V1.0 */
! 1547:
! 1548: /* Include his MAC address */
! 1549: snprintf(mac, REDIR_MACSTRLEN+1, "%.2X-%.2X-%.2X-%.2X-%.2X-%.2X",
! 1550: conn->hismac[0], conn->hismac[1],
! 1551: conn->hismac[2], conn->hismac[3],
! 1552: conn->hismac[4], conn->hismac[5]);
! 1553:
! 1554: radius_addattr(radius, &radius_pack, RADIUS_ATTR_CALLING_STATION_ID, 0, 0, 0,
! 1555: (uint8_t*) mac, REDIR_MACSTRLEN);
! 1556:
! 1557: radius_addcalledstation(radius, &radius_pack);
! 1558:
! 1559:
! 1560: if (redir->radiusnasid)
! 1561: radius_addattr(radius, &radius_pack, RADIUS_ATTR_NAS_IDENTIFIER, 0, 0, 0,
! 1562: (uint8_t*) redir->radiusnasid,
! 1563: strlen(redir->radiusnasid)); /* WISPr_V1.0 */
! 1564:
! 1565:
! 1566: radius_addattr(radius, &radius_pack, RADIUS_ATTR_ACCT_SESSION_ID, 0, 0, 0,
! 1567: (uint8_t*) conn->s_state.sessionid, REDIR_SESSIONID_LEN-1);
! 1568:
! 1569: log_dbg("!!!! CLASSLEN = %d !!!!", conn->s_state.redir.classlen);
! 1570: if (conn->s_state.redir.classlen) {
! 1571: radius_addattr(radius, &radius_pack, RADIUS_ATTR_CLASS, 0, 0, 0,
! 1572: conn->s_state.redir.classbuf,
! 1573: conn->s_state.redir.classlen);
! 1574: }
! 1575:
! 1576: radius_addattr(radius, &radius_pack, RADIUS_ATTR_NAS_PORT_TYPE, 0, 0,
! 1577: redir->radiusnasporttype, NULL, 0);
! 1578:
! 1579: radius_addattr(radius, &radius_pack, RADIUS_ATTR_NAS_PORT, 0, 0,
! 1580: conn->nasport, NULL, 0);
! 1581:
! 1582: if (redir->radiuslocationid)
! 1583: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1584: RADIUS_VENDOR_WISPR, RADIUS_ATTR_WISPR_LOCATION_ID, 0,
! 1585: (uint8_t*) redir->radiuslocationid,
! 1586: strlen(redir->radiuslocationid));
! 1587:
! 1588: if (redir->radiuslocationname)
! 1589: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1590: RADIUS_VENDOR_WISPR, RADIUS_ATTR_WISPR_LOCATION_NAME, 0,
! 1591: (uint8_t*) redir->radiuslocationname,
! 1592: strlen(redir->radiuslocationname));
! 1593:
! 1594: if (snprintf(url, sizeof(url)-1, "http://%s:%d/logoff",
! 1595: inet_ntoa(redir->addr), redir->port) > 0)
! 1596: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1597: RADIUS_VENDOR_WISPR, RADIUS_ATTR_WISPR_LOGOFF_URL, 0,
! 1598: (uint8_t*)url, strlen(url));
! 1599:
! 1600: if (options.openidauth)
! 1601: radius_addattr(radius, &radius_pack, RADIUS_ATTR_VENDOR_SPECIFIC,
! 1602: RADIUS_VENDOR_CHILLISPOT, RADIUS_ATTR_CHILLISPOT_CONFIG,
! 1603: 0, (uint8_t*)"allow-openidauth", 16);
! 1604:
! 1605: radius_addattr(radius, &radius_pack, RADIUS_ATTR_MESSAGE_AUTHENTICATOR,
! 1606: 0, 0, 0, NULL, RADIUS_MD5LEN);
! 1607:
! 1608: if (optionsdebug)
! 1609: log_dbg("sending radius packet (code=%d, id=%d, len=%d)\n",
! 1610: radius_pack.code, radius_pack.id, ntohs(radius_pack.length));
! 1611:
! 1612: radius_req(radius, &radius_pack, conn);
! 1613:
! 1614: now = time(NULL);
! 1615: endtime = now + REDIR_RADIUS_MAX_TIME;
! 1616:
! 1617: while (endtime > now) {
! 1618:
! 1619: FD_ZERO(&fds);
! 1620: if (radius->fd != -1) FD_SET(radius->fd, &fds);
! 1621: if (radius->proxyfd != -1) FD_SET(radius->proxyfd, &fds);
! 1622:
! 1623: idleTime.tv_sec = 0;
! 1624: idleTime.tv_usec = REDIR_RADIUS_SELECT_TIME;
! 1625: radius_timeleft(radius, &idleTime);
! 1626:
! 1627: switch (status = select(maxfd + 1, &fds, NULL, NULL, &idleTime)) {
! 1628: case -1:
! 1629: log_err(errno, "select() returned -1!");
! 1630: break;
! 1631: case 0:
! 1632: /*log_dbg("Select returned 0");*/
! 1633: radius_timeout(radius);
! 1634: break;
! 1635: default:
! 1636: break;
! 1637: }
! 1638:
! 1639: if (status > 0) {
! 1640: if ((radius->fd != -1) && FD_ISSET(radius->fd, &fds) &&
! 1641: radius_decaps(radius) < 0) {
! 1642: log_err(0, "radius_ind() failed!");
! 1643: }
! 1644:
! 1645: if ((radius->proxyfd != -1) && FD_ISSET(radius->proxyfd, &fds) &&
! 1646: radius_proxy_ind(radius) < 0) {
! 1647: log_err(0, "radius_proxy_ind() failed!");
! 1648: }
! 1649: }
! 1650:
! 1651: if (conn->response) {
! 1652: radius_free(radius);
! 1653: return 0;
! 1654: }
! 1655:
! 1656: now = time(NULL);
! 1657: }
! 1658:
! 1659: return 0;
! 1660: }
! 1661:
! 1662: int set_nonblocking(int fd) {
! 1663: int flags = fcntl(fd, F_GETFL);
! 1664: if (flags < 0) return -1;
! 1665: fcntl(fd, F_SETFL, flags | O_NONBLOCK);
! 1666: return 0;
! 1667: }
! 1668:
! 1669: int clear_nonblocking(int fd) {
! 1670: int flags = fcntl(fd, F_GETFL);
! 1671: if (flags < 0) return -1;
! 1672: fcntl(fd, F_SETFL, flags & (~O_NONBLOCK));
! 1673: return 0;
! 1674: }
! 1675:
! 1676: int is_local_user(struct redir_t *redir, struct redir_conn_t *conn) {
! 1677: unsigned char user_password[REDIR_MD5LEN+1];
! 1678: unsigned char chap_challenge[REDIR_MD5LEN];
! 1679: unsigned char tmp[REDIR_MD5LEN+1];
! 1680: char u[256]; char p[256];
! 1681: size_t usernamelen, sz=1024;
! 1682: ssize_t len;
! 1683: int match=0;
! 1684: char *line=0;
! 1685: MD5_CTX context;
! 1686: FILE *f;
! 1687:
! 1688: if (!options.localusers) return 0;
! 1689:
! 1690: log_dbg("checking %s for user %s", options.localusers, conn->s_state.redir.username);
! 1691:
! 1692: if (!(f = fopen(options.localusers, "r"))) {
! 1693: log_err(errno, "fopen() failed opening %s!", options.localusers);
! 1694: return 0;
! 1695: }
! 1696:
! 1697: if (options.debug) {/*debug*/
! 1698: char buffer[64];
! 1699: redir_chartohex(conn->s_state.redir.uamchal, buffer);
! 1700: log_dbg("challenge: %s", buffer);
! 1701: }/**/
! 1702:
! 1703: if (redir->secret && *redir->secret) {
! 1704: MD5Init(&context);
! 1705: MD5Update(&context, (uint8_t*)conn->s_state.redir.uamchal, REDIR_MD5LEN);
! 1706: MD5Update(&context, (uint8_t*)redir->secret, strlen(redir->secret));
! 1707: MD5Final(chap_challenge, &context);
! 1708: }
! 1709: else {
! 1710: memcpy(chap_challenge, conn->s_state.redir.uamchal, REDIR_MD5LEN);
! 1711: }
! 1712:
! 1713: if (options.debug) {/*debug*/
! 1714: char buffer[64];
! 1715: redir_chartohex(chap_challenge, buffer);
! 1716: log_dbg("chap challenge: %s", buffer);
! 1717: }/**/
! 1718:
! 1719: if (conn->chap == 0) {
! 1720: int n;
! 1721: for (n=0; n < REDIR_MD5LEN; n++)
! 1722: user_password[n] = conn->password[n] ^ chap_challenge[n];
! 1723: }
! 1724: else if (conn->chap == 1) {
! 1725: memcpy(user_password, conn->chappassword, REDIR_MD5LEN);
! 1726: }
! 1727:
! 1728: user_password[REDIR_MD5LEN] = 0;
! 1729:
! 1730: log_dbg("looking for %s", conn->s_state.redir.username);
! 1731: usernamelen = strlen(conn->s_state.redir.username);
! 1732:
! 1733: line=(char*)malloc(sz);
! 1734: while ((len = getline(&line, &sz, f)) > 0) {
! 1735: if (len > 3 && len < sizeof(u) && line[0] != '#') {
! 1736: char *pl=line, /* pointer to current line */
! 1737: *pu=u, /* pointer to username */
! 1738: *pp=p; /* pointer to password */
! 1739:
! 1740: /* username until the first ':' */
! 1741: while (*pl && *pl != ':') *pu++ = *pl++;
! 1742:
! 1743: /* skip over ':' otherwise error */
! 1744: if (*pl == ':') pl++;
! 1745: else {
! 1746: log_warn(0, "not a valid localusers line: %s", line);
! 1747: continue;
! 1748: }
! 1749:
! 1750: /* password until the next ':' */
! 1751: while (*pl && *pl != ':' && *pl != '\n') *pp++ = *pl++;
! 1752:
! 1753: *pu = 0; /* null terminate */
! 1754: *pp = 0;
! 1755:
! 1756: if (usernamelen == strlen(u) &&
! 1757: !strncmp(conn->s_state.redir.username, u, usernamelen)) {
! 1758:
! 1759: log_dbg("found %s, checking password", u);
! 1760:
! 1761: if (conn->chap == 0) {
! 1762: int n;
! 1763: for (n=0; n < REDIR_MD5LEN; n++)
! 1764: tmp[n] = p[n] ^ chap_challenge[n];
! 1765: }
! 1766: else if (conn->chap == 1) {
! 1767: MD5Init(&context);
! 1768: MD5Update(&context, (uint8_t*)&conn->chap_ident, 1);
! 1769: MD5Update(&context, (uint8_t*)p, strlen(p));
! 1770: MD5Update(&context, chap_challenge, REDIR_MD5LEN);
! 1771: MD5Final(tmp, &context);
! 1772: }
! 1773:
! 1774: tmp[REDIR_MD5LEN] = 0;
! 1775:
! 1776: if (!memcmp(user_password, tmp, REDIR_MD5LEN))
! 1777: match = 1;
! 1778:
! 1779: break;
! 1780: }
! 1781: }
! 1782: }
! 1783:
! 1784: log_dbg("user %s %s", conn->s_state.redir.username, match ? "found" : "not found");
! 1785:
! 1786: fclose(f);
! 1787: free(line);
! 1788: return match;
! 1789: }
! 1790:
! 1791:
! 1792: /* redir_accept() does the following:
! 1793: 1) forks a child process
! 1794: 2) Accepts the tcp connection
! 1795: 3) Analyses a HTTP get request
! 1796: 4) GET request can be one of the following:
! 1797: a) Logon request with username and challenge response
! 1798: - Does a radius request
! 1799: - If OK send result to parent and redirect to welcome page
! 1800: - Else redirect to error login page
! 1801: b) Logoff request
! 1802: - Send logoff request to parent
! 1803: - Redirect to login page?
! 1804: c) Request for another server
! 1805: - Redirect to login server.
! 1806:
! 1807: Incoming requests are identified only by their IP address. No MAC
! 1808: address information is obtained. The main security problem is denial
! 1809: of service attacks by malicious hosts sending logoff requests for
! 1810: clients. This can be prevented by checking incoming packets for
! 1811: matching MAC and src IP addresses.
! 1812: */
! 1813:
! 1814: int redir_accept(struct redir_t *redir, int idx) {
! 1815: int status;
! 1816: int new_socket;
! 1817: struct sockaddr_in address;
! 1818: socklen_t addrlen;
! 1819:
! 1820: addrlen = sizeof(struct sockaddr_in);
! 1821:
! 1822: if ((new_socket = accept(redir->fd[idx], (struct sockaddr *)&address, &addrlen)) < 0) {
! 1823: if (errno != ECONNABORTED)
! 1824: log_err(errno, "accept() failed!");
! 1825: return 0;
! 1826: }
! 1827:
! 1828: /* This forks a new process. The child really should close all
! 1829: unused file descriptors and free memory allocated. This however
! 1830: is performed when the process exits, so currently we don't
! 1831: care */
! 1832:
! 1833: redir_radius_id++;
! 1834:
! 1835: if ((status = fork()) < 0) {
! 1836: log_err(errno, "fork() returned -1!");
! 1837: close(new_socket);
! 1838: return 0;
! 1839: }
! 1840:
! 1841: if (status > 0) { /* Parent */
! 1842: close(new_socket);
! 1843: return 0;
! 1844: }
! 1845:
! 1846:
! 1847: #if defined(F_DUPFD)
! 1848: if (fcntl(new_socket,F_GETFL,0) == -1) return -1;
! 1849: close(0);
! 1850: if (fcntl(new_socket,F_DUPFD,0) == -1) return -1;
! 1851: if (fcntl(new_socket,F_GETFL,1) == -1) return -1;
! 1852: close(1);
! 1853: if (fcntl(new_socket,F_DUPFD,1) == -1) return -1;
! 1854: #else
! 1855: if (dup2(new_socket,0) == -1) return -1;
! 1856: if (dup2(new_socket,1) == -1) return -1;
! 1857: #endif
! 1858:
! 1859: if (idx == 1 && options.uamui) {
! 1860: char *binqqargs[2] = { options.uamui, 0 } ;
! 1861: char buffer[128];
! 1862:
! 1863: snprintf(buffer,sizeof(buffer)-1,"%s",inet_ntoa(address.sin_addr));
! 1864: setenv("TCPREMOTEIP",buffer,1);
! 1865: setenv("REMOTE_ADDR",buffer,1);
! 1866: snprintf(buffer,sizeof(buffer)-1,"%d",ntohs(address.sin_port));
! 1867: setenv("TCPREMOTEPORT",buffer,1);
! 1868: setenv("REMOTE_PORT",buffer,1);
! 1869:
! 1870: execv(*binqqargs, binqqargs);
! 1871:
! 1872: } else {
! 1873: return redir_main(redir, 0, 1, &address, idx);
! 1874: }
! 1875:
! 1876: return 0;
! 1877: }
! 1878:
! 1879: static void redir_close(int infd, int outfd) {
! 1880: char b[128];
! 1881:
! 1882: /* Close of socket */
! 1883: if (shutdown(outfd, SHUT_WR) != 0)
! 1884: log_dbg("shutdown socket for writing");
! 1885:
! 1886: if (!set_nonblocking(infd))
! 1887: while(read(infd, b, sizeof(b)) > 0);
! 1888:
! 1889: if (shutdown(infd, SHUT_RD) != 0)
! 1890: log_dbg("shutdown socket for reading");
! 1891:
! 1892: close(outfd);
! 1893: close(infd);
! 1894: exit(0);
! 1895: }
! 1896:
! 1897:
! 1898: int redir_main(struct redir_t *redir, int infd, int outfd, struct sockaddr_in *address, int isui) {
! 1899: char hexchal[1+(2*REDIR_MD5LEN)];
! 1900: unsigned char challenge[REDIR_MD5LEN];
! 1901: size_t bufsize = REDIR_MAXBUFFER;
! 1902: char buffer[bufsize+1];
! 1903: char qs[REDIR_USERURLSIZE];
! 1904: struct redir_msg_t msg;
! 1905: ssize_t buflen;
! 1906:
! 1907: /**
! 1908: * connection state
! 1909: * 0 == un-authenticated
! 1910: * 1 == authenticated
! 1911: */
! 1912: int state = 0;
! 1913:
! 1914: /**
! 1915: * require splash or not
! 1916: */
! 1917: int splash = 0;
! 1918:
! 1919: struct redir_conn_t conn;
! 1920: struct sigaction act, oldact;
! 1921: struct itimerval itval;
! 1922: struct redir_socket socket;
! 1923: int ispost = isui;
! 1924: size_t clen = 0;
! 1925:
! 1926:
! 1927: #define redir_memcopy(msgtype) \
! 1928: redir_challenge(challenge); \
! 1929: redir_chartohex(challenge, hexchal); \
! 1930: msg.mtype = msgtype; \
! 1931: memcpy(conn.s_state.redir.uamchal, challenge, REDIR_MD5LEN); \
! 1932: if (options.debug) { \
! 1933: log_dbg("---->>> resetting challenge: %s", hexchal); \
! 1934: }
! 1935:
! 1936:
! 1937: #define redir_msg_send(msgopt) \
! 1938: msg.mdata.opt = msgopt; \
! 1939: msg.mdata.addr = address->sin_addr; \
! 1940: memcpy(&msg.mdata.params, &conn.s_params, sizeof(msg.mdata.params)); \
! 1941: memcpy(&msg.mdata.redir, &conn.s_state.redir, sizeof(msg.mdata.redir)); \
! 1942: if (msgsnd(redir->msgid, (struct msgbuf *)&msg, sizeof(msg.mdata), 0) < 0) { \
! 1943: log_err(errno, "msgsnd() failed!"); \
! 1944: redir_close(infd, outfd); \
! 1945: }
! 1946:
! 1947: /*
! 1948: * Initializations
! 1949: */
! 1950: memset(&socket,0,sizeof(socket));
! 1951: memset(hexchal, 0, sizeof(hexchal));
! 1952: memset(&conn, 0, sizeof(conn));
! 1953: memset(&msg, 0, sizeof(msg));
! 1954: memset(&act, 0, sizeof(act));
! 1955: memset(qs, 0, sizeof(qs));
! 1956:
! 1957: socket.fd[0] = infd;
! 1958: socket.fd[1] = outfd;
! 1959:
! 1960: redir->starttime = time(NULL);
! 1961:
! 1962: if (set_nonblocking(socket.fd[0])) {
! 1963: log_err(errno, "fcntl() failed");
! 1964: redir_close(infd, outfd);
! 1965: }
! 1966:
! 1967: act.sa_handler = redir_termination;
! 1968: sigaction(SIGTERM, &act, &oldact);
! 1969: sigaction(SIGINT, &act, &oldact);
! 1970: act.sa_handler = redir_alarm;
! 1971: sigaction(SIGALRM, &act, &oldact);
! 1972:
! 1973: memset(&itval, 0, sizeof(itval));
! 1974: itval.it_interval.tv_sec = REDIR_MAXTIME;
! 1975: itval.it_interval.tv_usec = 0;
! 1976: itval.it_value.tv_sec = REDIR_MAXTIME;
! 1977: itval.it_value.tv_usec = 0;
! 1978:
! 1979: if (setitimer(ITIMER_REAL, &itval, NULL)) {
! 1980: log_err(errno, "setitimer() failed!");
! 1981: }
! 1982:
! 1983: if (optionsdebug)
! 1984: log_dbg("Calling redir_getstate()");
! 1985:
! 1986: /*
! 1987: * Fetch the state of the client
! 1988: */
! 1989:
! 1990: termstate = REDIR_TERM_GETSTATE;
! 1991:
! 1992: if (!redir->cb_getstate) {
! 1993: log_err(0, "No cb_getstate() defined!");
! 1994: redir_close(infd, outfd);
! 1995: }
! 1996:
! 1997: /* get_state returns 0 for unauth'ed and 1 for auth'ed */
! 1998: state = redir->cb_getstate(redir, &address->sin_addr, &conn);
! 1999: if (state == -1) {
! 2000: redir_close(infd, outfd);
! 2001: }
! 2002:
! 2003: splash = (conn.s_params.flags & REQUIRE_UAM_SPLASH) == REQUIRE_UAM_SPLASH;
! 2004:
! 2005:
! 2006: /*
! 2007: * Parse the request, updating the status
! 2008: */
! 2009: if (optionsdebug)
! 2010: log_dbg("Get HTTP Request");
! 2011:
! 2012: termstate = REDIR_TERM_GETREQ;
! 2013: if (redir_getreq(redir, &socket, &conn, &ispost, &clen, qs, sizeof(qs))) {
! 2014: log_dbg("Error calling get_req. Terminating\n");
! 2015: redir_close(infd, outfd);
! 2016: }
! 2017:
! 2018: if (optionsdebug)
! 2019: log_dbg("Process HTTP Request");
! 2020:
! 2021: if (conn.type == REDIR_WWW) {
! 2022: int fd = -1;
! 2023: if (options.wwwdir && conn.wwwfile && *conn.wwwfile) {
! 2024: char *ctype = "text/plain";
! 2025: char *filename = conn.wwwfile;
! 2026: size_t namelen = strlen(filename);
! 2027: int parse = 0;
! 2028:
! 2029: /* check filename */
! 2030: { char *p;
! 2031: for (p=filename; *p; p++) {
! 2032: if (*p >= 'a' && *p <= 'z') continue;
! 2033: if (*p >= 'A' && *p <= 'Z') continue;
! 2034: if (*p >= '0' && *p <= '9') continue;
! 2035: if (*p == '.' || *p == '_') continue;
! 2036: /* invalid file name! */
! 2037: log_err(0, "invalid www request [%s]!", filename);
! 2038: redir_close(infd, outfd);
! 2039: }
! 2040: }
! 2041:
! 2042: /* serve the local content */
! 2043:
! 2044: if (!strcmp(filename + (namelen - 5), ".html")) ctype = "text/html";
! 2045: else if (!strcmp(filename + (namelen - 4), ".gif")) ctype = "image/gif";
! 2046: else if (!strcmp(filename + (namelen - 3), ".js")) ctype = "text/javascript";
! 2047: else if (!strcmp(filename + (namelen - 4), ".css")) ctype = "text/css";
! 2048: else if (!strcmp(filename + (namelen - 4), ".jpg")) ctype = "image/jpeg";
! 2049: else if (!strcmp(filename + (namelen - 4), ".dat")) ctype = "application/x-ns-proxy-autoconfig";
! 2050: else if (!strcmp(filename + (namelen - 4), ".png")) ctype = "image/png";
! 2051: else if (!strcmp(filename + (namelen - 4), ".swf")) ctype = "application/x-shockwave-flash";
! 2052: else if (!strcmp(filename + (namelen - 4), ".chi")){ ctype = "text/html"; parse = 1; }
! 2053: else {
! 2054: /* we do not serve it! */
! 2055: log_err(0, "invalid file extension! [%s]", filename);
! 2056: redir_close(infd, outfd);
! 2057: }
! 2058:
! 2059: if (parse) {
! 2060: if (!options.wwwbin) {
! 2061: log_err(0, "the 'wwwbin' setting must be configured for CGI use");
! 2062: redir_close(infd, outfd);
! 2063: }
! 2064:
! 2065: if (clear_nonblocking(socket.fd[0])) {
! 2066: log_err(errno, "fcntl() failed");
! 2067: }
! 2068:
! 2069: /* XXX: Todo: look for malicious content! */
! 2070:
! 2071: sprintf(buffer,"%d", clen > 0 ? clen : 0);
! 2072: setenv("CONTENT_LENGTH", buffer, 1);
! 2073: setenv("REQUEST_METHOD", ispost ? "POST" : "GET", 1);
! 2074: setenv("QUERY_STRING", qs, 1);
! 2075:
! 2076: log_dbg("Running: %s %s/%s",options.wwwbin, options.wwwdir, filename);
! 2077: sprintf(buffer, "%s/%s", options.wwwdir, filename);
! 2078:
! 2079: {
! 2080: char *binqqargs[3] = { options.wwwbin, buffer, 0 } ;
! 2081: int status;
! 2082:
! 2083: if ((status = fork()) < 0) {
! 2084: log_err(errno, "fork() returned -1!");
! 2085: /* lets just execv and ignore the extra crlf problem */
! 2086: execv(*binqqargs, binqqargs);
! 2087: }
! 2088:
! 2089: if (status > 0) { /* Parent */
! 2090: /* now wait for the child (the cgi-prog) to finish
! 2091: * and let redir_close remove unwanted data
! 2092: * (for instance) extra crlf from ie7 in POSTs)
! 2093: * to avoid a tcp-reset.
! 2094: */
! 2095: wait(NULL);
! 2096: }
! 2097: else {
! 2098: /* Child */
! 2099: execv(*binqqargs, binqqargs);
! 2100: }
! 2101: }
! 2102:
! 2103: redir_close(infd, outfd);
! 2104: }
! 2105:
! 2106: if (!chroot(options.wwwdir) && !chdir("/")) {
! 2107:
! 2108: fd = open(filename, O_RDONLY);
! 2109:
! 2110: if (fd > 0) {
! 2111:
! 2112: if (clear_nonblocking(socket.fd[0])) {
! 2113: log_err(errno, "fcntl() failed");
! 2114: }
! 2115:
! 2116: buflen = snprintf(buffer, bufsize,
! 2117: "HTTP/1.0 200 OK\r\nContent-type: %s\r\n\r\n", ctype);
! 2118:
! 2119: if (tcp_write(&socket, buffer, (size_t) buflen) < 0) {
! 2120: log_err(errno, "tcp_write() failed!");
! 2121: }
! 2122:
! 2123: while ((buflen = read(fd, buffer, bufsize)) > 0)
! 2124: if (tcp_write(&socket, buffer, (size_t) buflen) < 0)
! 2125: log_err(errno, "tcp_write() failed!");
! 2126:
! 2127: close(fd);
! 2128: redir_close(infd, outfd); /* which exits */
! 2129: }
! 2130: else log_err(0, "could not open local content file %s!", filename);
! 2131: }
! 2132: else log_err(0, "chroot to %s was not successful\n", options.wwwdir);
! 2133: }
! 2134: else log_err(0, "Required: 'wwwdir' (in chilli.conf) and 'file' query-string param\n");
! 2135:
! 2136: redir_close(infd, outfd);
! 2137: }
! 2138:
! 2139: termstate = REDIR_TERM_PROCESS;
! 2140: if (optionsdebug) log_dbg("Processing received request");
! 2141:
! 2142: /* default hexchal for use in replies */
! 2143: redir_chartohex(conn.s_state.redir.uamchal, hexchal);
! 2144:
! 2145: switch (conn.type) {
! 2146:
! 2147: case REDIR_LOGIN: {
! 2148: char reauth = 0;
! 2149:
! 2150: /* Was client was already logged on? */
! 2151: if (state == 1) {
! 2152: if (splash) {
! 2153: log_dbg("redir_accept: SPLASH reauth");
! 2154: reauth = 1;
! 2155: } else {
! 2156: log_dbg("redir_accept: already logged on");
! 2157: redir_reply(redir, &socket, &conn, REDIR_ALREADY, NULL, 0,
! 2158: NULL, NULL, conn.s_state.redir.userurl, NULL,
! 2159: NULL, conn.hismac, &conn.hisip, qs);
! 2160: redir_close(infd, outfd);
! 2161: }
! 2162: }
! 2163:
! 2164: /* Did the challenge expire? */
! 2165: if ((conn.s_state.uamtime + REDIR_CHALLENGETIMEOUT2) < time(NULL)) {
! 2166: log_dbg("redir_accept: challenge expired: %d : %d", conn.s_state.uamtime, time(NULL));
! 2167:
! 2168: redir_memcopy(REDIR_CHALLENGE);
! 2169: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2170:
! 2171: redir_reply(redir, &socket, &conn, REDIR_FAILED_OTHER, NULL,
! 2172: 0, hexchal, NULL, NULL, NULL,
! 2173: NULL, conn.hismac, &conn.hisip, qs);
! 2174:
! 2175: redir_close(infd, outfd);
! 2176: }
! 2177:
! 2178: if (is_local_user(redir, &conn)) {
! 2179: conn.response = REDIR_SUCCESS;
! 2180: }
! 2181: else {
! 2182: termstate = REDIR_TERM_RADIUS;
! 2183:
! 2184: if (optionsdebug)
! 2185: log_dbg("redir_accept: Sending radius request\n");
! 2186:
! 2187: redir_radius(redir, &address->sin_addr, &conn, reauth);
! 2188: termstate = REDIR_TERM_REPLY;
! 2189:
! 2190: if (optionsdebug)
! 2191: log_dbg("Received radius reply\n");
! 2192: }
! 2193:
! 2194: if (options.defsessiontimeout && !conn.s_params.sessiontimeout)
! 2195: conn.s_params.sessiontimeout = options.defsessiontimeout;
! 2196:
! 2197: if (options.defidletimeout && !conn.s_params.idletimeout)
! 2198: conn.s_params.idletimeout = options.defidletimeout;
! 2199:
! 2200: if (options.defbandwidthmaxdown && !conn.s_params.bandwidthmaxdown)
! 2201: conn.s_params.bandwidthmaxdown = options.defbandwidthmaxdown;
! 2202:
! 2203: if (options.defbandwidthmaxup && !conn.s_params.bandwidthmaxup)
! 2204: conn.s_params.bandwidthmaxup = options.defbandwidthmaxup;
! 2205:
! 2206: if (options.definteriminterval && !conn.s_params.interim_interval)
! 2207: conn.s_params.interim_interval = options.definteriminterval;
! 2208:
! 2209: if (conn.response == REDIR_SUCCESS) { /* Radius-Accept */
! 2210: bstring besturl = bfromcstr((char*)conn.s_params.url);
! 2211:
! 2212: conn.s_params.flags &= ~REQUIRE_UAM_SPLASH;
! 2213:
! 2214: if (reauth) {
! 2215: conn.s_params.flags |= IS_UAM_REAUTH;
! 2216: }
! 2217:
! 2218: msg.mtype = REDIR_LOGIN;
! 2219:
! 2220: if (! (besturl && besturl->slen))
! 2221: bassigncstr(besturl, conn.s_state.redir.userurl);
! 2222:
! 2223: if (redir->no_uamsuccess && besturl && besturl->slen)
! 2224: redir_reply(redir, &socket, &conn, REDIR_SUCCESS, besturl, conn.s_params.sessiontimeout,
! 2225: NULL, conn.s_state.redir.username, conn.s_state.redir.userurl, conn.reply,
! 2226: (char *)conn.s_params.url, conn.hismac, &conn.hisip, qs);
! 2227: else
! 2228: redir_reply(redir, &socket, &conn, REDIR_SUCCESS, NULL, conn.s_params.sessiontimeout,
! 2229: NULL, conn.s_state.redir.username, conn.s_state.redir.userurl, conn.reply,
! 2230: (char *)conn.s_params.url, conn.hismac, &conn.hisip, qs);
! 2231:
! 2232: bdestroy(besturl);
! 2233: }
! 2234: else {
! 2235: bstring besturl = bfromcstr((char *)conn.s_params.url);
! 2236: int hasnexturl = (besturl && besturl->slen > 5);
! 2237:
! 2238: if (!hasnexturl) {
! 2239: redir_memcopy(REDIR_CHALLENGE);
! 2240: } else {
! 2241: msg.mtype = REDIR_NOTYET;
! 2242: }
! 2243:
! 2244: redir_reply(redir, &socket, &conn, REDIR_FAILED_REJECT,
! 2245: hasnexturl ? besturl : NULL,
! 2246: 0, hexchal, NULL, conn.s_state.redir.userurl, conn.reply,
! 2247: (char *)conn.s_params.url, conn.hismac, &conn.hisip, qs);
! 2248:
! 2249: bdestroy(besturl);
! 2250: }
! 2251:
! 2252: if (optionsdebug) log_dbg("-->> Msg userurl=[%s]\n",conn.s_state.redir.userurl);
! 2253: redir_msg_send(REDIR_MSG_OPT_REDIR | REDIR_MSG_OPT_PARAMS);
! 2254:
! 2255: redir_close(infd, outfd);
! 2256: }
! 2257:
! 2258: case REDIR_LOGOUT:
! 2259: {
! 2260: bstring besturl = bfromcstr((char *)conn.s_params.url);
! 2261:
! 2262: redir_memcopy(REDIR_LOGOUT);
! 2263: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2264:
! 2265: conn.s_state.authenticated=0;
! 2266:
! 2267: if (! (besturl && besturl->slen))
! 2268: bassigncstr(besturl, conn.s_state.redir.userurl);
! 2269:
! 2270: if (redir->no_uamsuccess && besturl && besturl->slen)
! 2271: redir_reply(redir, &socket, &conn, REDIR_LOGOFF, besturl, 0,
! 2272: hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2273: NULL, conn.hismac, &conn.hisip, qs);
! 2274: else
! 2275: redir_reply(redir, &socket, &conn, REDIR_LOGOFF, NULL, 0,
! 2276: hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2277: NULL, conn.hismac, &conn.hisip, qs);
! 2278:
! 2279: bdestroy(besturl);
! 2280:
! 2281: redir_close(infd, outfd);
! 2282: }
! 2283:
! 2284: case REDIR_PRELOGIN:
! 2285:
! 2286: /* Did the challenge expire? */
! 2287: if ((conn.s_state.uamtime + REDIR_CHALLENGETIMEOUT1) < time(NULL)) {
! 2288: redir_memcopy(REDIR_CHALLENGE);
! 2289: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2290: }
! 2291:
! 2292: if (state == 1) {
! 2293: redir_reply(redir, &socket, &conn, REDIR_ALREADY,
! 2294: NULL, 0, NULL, NULL, conn.s_state.redir.userurl, NULL,
! 2295: NULL, conn.hismac, &conn.hisip, qs);
! 2296: }
! 2297: else {
! 2298: redir_reply(redir, &socket, &conn, REDIR_NOTYET,
! 2299: NULL, 0, hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2300: NULL, conn.hismac, &conn.hisip, qs);
! 2301: }
! 2302: redir_close(infd, outfd);
! 2303:
! 2304: case REDIR_ABORT:
! 2305:
! 2306: if (state == 1) {
! 2307: redir_reply(redir, &socket, &conn, REDIR_ABORT_NAK,
! 2308: NULL, 0, NULL, NULL, conn.s_state.redir.userurl, NULL,
! 2309: NULL, conn.hismac, &conn.hisip, qs);
! 2310: }
! 2311: else {
! 2312: redir_memcopy(REDIR_ABORT);
! 2313: redir_msg_send(0);
! 2314:
! 2315: redir_reply(redir, &socket, &conn, REDIR_ABORT_ACK,
! 2316: NULL, 0, hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2317: NULL, conn.hismac, &conn.hisip, qs);
! 2318: }
! 2319: redir_close(infd, outfd);
! 2320:
! 2321: case REDIR_ABOUT:
! 2322: redir_reply(redir, &socket, &conn, REDIR_ABOUT, NULL,
! 2323: 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, qs);
! 2324: redir_close(infd, outfd);
! 2325:
! 2326: case REDIR_STATUS:
! 2327: {
! 2328: uint32_t sessiontime;
! 2329: uint32_t timeleft;
! 2330: time_t timenow = time(0);
! 2331:
! 2332: /* Did the challenge expire? */
! 2333: if ((conn.s_state.uamtime + REDIR_CHALLENGETIMEOUT1) < time(NULL)) {
! 2334: redir_memcopy(REDIR_CHALLENGE);
! 2335: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2336: }
! 2337:
! 2338: sessiontime = timenow - conn.s_state.start_time;
! 2339:
! 2340: if (conn.s_params.sessiontimeout)
! 2341: timeleft = conn.s_params.sessiontimeout - sessiontime;
! 2342: else
! 2343: timeleft = 0;
! 2344:
! 2345: redir_reply(redir, &socket, &conn, REDIR_STATUS, NULL, timeleft,
! 2346: hexchal, conn.s_state.redir.username, conn.s_state.redir.userurl, conn.reply,
! 2347: (char *)conn.s_params.url, conn.hismac, &conn.hisip, qs);
! 2348:
! 2349: redir_close(infd, outfd);
! 2350: }
! 2351:
! 2352: case REDIR_MSDOWNLOAD:
! 2353: buflen = snprintf(buffer, bufsize, "HTTP/1.0 403 Forbidden\r\n\r\n");
! 2354: tcp_write(&socket, buffer, buflen);
! 2355: redir_close(infd, outfd);
! 2356: }
! 2357:
! 2358: /* It was not a request for a known path. It must be an original request */
! 2359: if (optionsdebug)
! 2360: log_dbg("redir_accept: Original request");
! 2361:
! 2362:
! 2363: /* Did the challenge expire? */
! 2364: if ((conn.s_state.uamtime + REDIR_CHALLENGETIMEOUT1) < time(NULL)) {
! 2365: redir_memcopy(REDIR_CHALLENGE);
! 2366: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2367: }
! 2368: else {
! 2369: redir_chartohex(conn.s_state.redir.uamchal, hexchal);
! 2370: /*
! 2371: redir_memcopy(REDIR_CHALLENGE);
! 2372: redir_msg_send(REDIR_MSG_OPT_REDIR);
! 2373: */
! 2374: }
! 2375:
! 2376: if (redir->homepage) {
! 2377: bstring url = bfromcstralloc(1024,"");
! 2378: bstring urlenc = bfromcstralloc(1024,"");
! 2379:
! 2380: char *resp = splash ? "splash" : "notyet";
! 2381: if (redir_buildurl(&conn, url, redir, resp, 0, hexchal, NULL,
! 2382: conn.s_state.redir.userurl, NULL, NULL, conn.hismac, &conn.hisip) == -1) {
! 2383: log_err(errno, "redir_buildurl failed!");
! 2384: redir_close(infd, outfd);
! 2385: }
! 2386:
! 2387: redir_urlencode(url, urlenc);
! 2388:
! 2389: bassignformat(url, "%s%cloginurl=",
! 2390: redir->homepage, strchr(redir->homepage, '?') ? '&' : '?');
! 2391: bconcat(url, urlenc);
! 2392:
! 2393: redir_reply(redir, &socket, &conn, splash ? REDIR_SPLASH : REDIR_NOTYET, url,
! 2394: 0, hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2395: NULL, conn.hismac, &conn.hisip, qs);
! 2396: }
! 2397: else if (state == 1) {
! 2398: redir_reply(redir, &socket, &conn, splash ? REDIR_SPLASH : REDIR_ALREADY, NULL, 0,
! 2399: splash ? hexchal : NULL, NULL, conn.s_state.redir.userurl, NULL,
! 2400: NULL, conn.hismac, &conn.hisip, qs);
! 2401: }
! 2402: else {
! 2403: redir_reply(redir, &socket, &conn, splash ? REDIR_SPLASH : REDIR_NOTYET, NULL,
! 2404: 0, hexchal, NULL, conn.s_state.redir.userurl, NULL,
! 2405: NULL, conn.hismac, &conn.hisip, qs);
! 2406: }
! 2407:
! 2408: redir_close(infd, outfd);
! 2409: return -1; /* never gets here */
! 2410: }
! 2411:
! 2412:
! 2413: /* Set callback to determine state information for the connection */
! 2414: int redir_set_cb_getstate(struct redir_t *redir,
! 2415: int (*cb_getstate) (struct redir_t *redir, struct in_addr *addr,
! 2416: struct redir_conn_t *conn)) {
! 2417: redir->cb_getstate = cb_getstate;
! 2418: return 0;
! 2419: }
! 2420:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to redir.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / coova-chilli / src