Changeset 18

Timestamp:

03/13/04 00:18:22 (9 years ago)

Author:

aprilp

Message:

* Modified the way firewall scripts are called so we can configure
them in the config file (a bit more modular than it was)
* Added simple linked list to keep track of clients and to
keep a counter of the utilization and send it to the auth
server
* Fixed CRLF/formatting in phpauth/auth/index.php
* Hacked phpauth/auth/index.php to handle very basic utilization tracking

Location:

trunk/wifidog

Files:

• ChangeLog (modified) (1 diff)
• src/common.h (modified) (2 diffs)
• src/conf.c (modified) (4 diffs)
• src/conf.h (modified) (1 diff)
• src/firewall.c (modified) (5 diffs)
• src/firewall.h (modified) (2 diffs)
• src/gateway.c (modified) (2 diffs)
• src/http.c (modified) (4 diffs)

trunk/wifidog/ChangeLog

@@ -1 +1 @@
 # $Header$
+
+2004-03-13  Philippe April <papril777@yahoo.com>
+    * Modified the way firewall scripts are called so we can configure
+    them in the config file (a bit more modular than it was)
+    * Added simple linked list to keep track of clients and to
+    keep a counter of the utilization and send it to the auth
+    server
+    * Fixed CRLF/formatting in phpauth/auth/index.php
+    * Hacked phpauth/auth/index.php to handle very basic utilization tracking
 
 2004-03-12  Philippe April <papril777@yahoo.com>

trunk/wifidog/src/common.h

@@ -32 +32 @@
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -53 +54 @@
 #define MAX_BUF 4096
 
+#define SCRIPT_FWINIT       "fw.init"
+#define SCRIPT_FWACCESS     "fw.access"
+#define SCRIPT_FWDESTROY    "fw.destroy"
+#define SCRIPT_FWCOUNTERS   "fw.counters"
+
 #endif /* _COMMON_H_ */

trunk/wifidog/src/conf.c

@@ -36 +36 @@
 #define DEFAULT_CLIENTTIMEOUT 5
 #define DEFAULT_CHECKINTERVAL 5
+#define DEFAULT_FWSCRIPTS_PATH "."
+#define DEFAULT_FWTYPE "."
 
 s_config config;
@@ -56 +58 @@
     oClientTimeout,
     oCheckInterval,
+    oFWScriptsPath,
+    oFWType,
 } OpCodes;
 
@@ -77 +81 @@
         { "clienttimeout",      oClientTimeout },
     { "checkinterval",      oCheckInterval },
+    { "fwscriptspath",      oFWScriptsPath },
+    { "fwtype",             oFWType },
     { NULL,                 oBadOption },
 };
@@ -100 +106 @@
     config.clienttimeout = DEFAULT_CLIENTTIMEOUT;
     config.checkinterval = DEFAULT_CHECKINTERVAL;
+    config.fwscripts_path = DEFAULT_FWSCRIPTS_PATH;
+    config.fwtype = DEFAULT_FWTYPE;
 }
 

trunk/wifidog/src/conf.h

@@ -51 +51 @@
     int clienttimeout;
     int checkinterval;
+    char *fwscripts_path;
+    char *fwtype;
 } s_config;
 

trunk/wifidog/src/firewall.c

@@ -30 +30 @@
 extern s_config config;
 
+t_node list;
+t_node *firstnode;
+t_node *curnode;
+
 int
 fw_allow(char *ip, char *mac, int profile)
 {
-    char buf[MAX_BUF];
-    char *command[] = {"./fw.access", "allow", ip, mac, buf, NULL};
-
-    sprintf(buf, "%d", profile);
+    char s_profile[16];
+    char script[MAX_BUF];
+    struct stat st;
+    char *command[] = {script, "allow", ip, mac, s_profile, NULL};
+
+    sprintf(s_profile, "%-10d", profile);
+    sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype, SCRIPT_FWACCESS);
+
+    if (-1 == (stat(script, &st))) {
+        debug(D_LOG_ERR, "Could not find %s: %s", script, strerror(errno));
+        return(1);
+    }
 
     return(execute(command));
@@ -44 +56 @@
 fw_deny(char *ip, char *mac, int profile)
 {
-    char buf[MAX_BUF];
-    char *command[] = {"./fw.access", "deny", ip, mac, buf, NULL};
-
-    sprintf(buf, "%d", profile);
+    char s_profile[16];
+    char script[MAX_BUF];
+    struct stat st;
+    char *command[] = {script, "deny", ip, mac, s_profile, NULL};
+
+    sprintf(s_profile, "%-10d", profile);
+    sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype, SCRIPT_FWACCESS);
+
+    if (-1 == (stat(script, &st))) {
+        debug(D_LOG_ERR, "Could not find %s: %s", script, strerror(errno));
+        return(1);
+    }
 
     return(execute(command));
@@ -104 +124 @@
 fw_init(void)
 {
-    char port[255];
-    char *command[] = {"./fw.init", config.gw_interface, config.gw_address, port, config.authserv_hostname, NULL};
-
-    sprintf(port, "%d", config.gw_port);
-
+    char port[16];
+    char script[MAX_BUF];
+    int rc;
+    struct stat st;
+    char *command[] = {script, config.gw_interface, config.gw_address, port, config.authserv_hostname, NULL};
+
+    sprintf(port, "%-5d", config.gw_port);
+    sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype, SCRIPT_FWINIT);
+
+    if (-1 == (stat(script, &st))) {
+        debug(D_LOG_ERR, "Could not find %s: %s", script, strerror(errno));
+        debug(D_LOG_ERR, "Exiting...");
+        exit(1);
+    }
 
     debug(D_LOG_INFO, "Setting firewall rules");
 
-    if (execute(command) != 0) {
+    if ((rc = execute(command)) != 0) {
         debug(D_LOG_ERR, "Could not setup firewall, exiting...");
         exit(1);
     }
 
-    return(0);
+    return(rc);
 }
 
@@ -123 +152 @@
 fw_destroy(void)
 {
-    char *command[] = {"./fw.destroy", NULL};
+    char script[MAX_BUF];
+    struct stat st;
+    char *command[] = {script, NULL};
+
+    sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype, SCRIPT_FWDESTROY);
+
+    if (-1 == (stat(script, &st))) {
+        debug(D_LOG_ERR, "Could not find %s: %s", script, strerror(errno));
+        return(1);
+    }
 
     debug(D_LOG_INFO, "Flushing firewall rules");
-    execute(command);
-
-    return(0);
+
+    return(execute(command));
 }
 
@@ -138 +175 @@
     int profile, rc;
     char ip[255], mac[255];
-
-    if (!(output = popen("./fw.counters", "r"))) {
+    char script[MAX_BUF];
+    t_node *p1;
+
+    sprintf(script, "%s/%s/%s", config.fwscripts_path, config.fwtype, SCRIPT_FWCOUNTERS);
+
+    if (!(output = popen(script, "r"))) {
         debug(D_LOG_ERR, "popen(): %s", strerror(errno));
-    }
-    while (!(feof(output)) && output) {
-        rc = fscanf(output, "%ld %s %s %d", &counter, ip, mac, &profile);
-        if (rc == 4 && rc != EOF) {
-
-            /* TODO Update the counter onthe auth server */
-            /* but to do that we will need to keep track of the */
-            /* token to associate it with the session */
-            
-            /* TODO If the client is not active for x seconds */
-            /* timeout the client and destroy token */
-            debug(D_LOG_DEBUG, "Counter for %s: %ld bytes", ip, counter);
+    } else {
+        while (!(feof(output)) && output) {
+            rc = fscanf(output, "%ld %s %s %d", &counter, ip, mac, &profile);
+            if (rc == 4 && rc != EOF) {
+
+                /* TODO If the client is not active for x seconds
+                 * timeout the client and destroy token.
+                 * Maybe this should be done on the auth server*/
+
+                p1 = node_find_by_ip(ip);
+                if (!(p1)) {
+                    debug(D_LOG_DEBUG, "Client %s not found in linked list", ip);
+                } else {
+                    p1->counter = counter;
+                    if ((profile = auth(p1->ip, p1->mac, p1->token, p1->counter)) == -1) {
+                        /* User has to be kicked out */
+                    }
+                    debug(D_LOG_DEBUG, "Updated client %s counter to %ld bytes", ip, counter);
+                }
+            }
         }
-    }
-    pclose(output);
-}
-
+        pclose(output);
+    }
+}
+
+void
+node_init(void)
+{
+    firstnode = curnode = &list;
+    firstnode->next = NULL;
+}
+
+t_node *
+node_add(char *ip, char *mac, char *token, long int counter)
+{
+    void *ptr;
+
+    ptr = curnode;
+
+    strcpy(curnode->ip, ip);
+    strcpy(curnode->mac, mac);
+    strcpy(curnode->token, token);
+    curnode->counter = 0;
+
+    curnode->next = (t_node *)malloc(sizeof(t_node));
+    curnode = curnode->next;
+
+    debug(D_LOG_DEBUG, "Added a new node to linked list: IP: %s Token: %s", ip, token);
+
+    return ptr;
+}
+
+t_node *
+node_find_by_ip(char *ip)
+{
+    t_node *ptr;
+
+    ptr = firstnode;
+    while (NULL != ptr->next) {
+        if (0 == strcmp(ptr->ip, ip))
+            return ptr;
+        ptr = ptr->next;
+    } 
+
+    return NULL;
+}
+
+t_node *
+node_find_by_token(char *token)
+{
+    t_node *ptr;
+
+    ptr = firstnode;
+    while (NULL != ptr->next) {
+        if (0 == strcmp(ptr->token, token))
+            return ptr;
+        ptr = ptr->next;
+    } 
+
+    return NULL;
+}
+

trunk/wifidog/src/firewall.h

@@ -28 +28 @@
 #define _FIREWALL_H_
 
+typedef struct {
+    void *next;
+    char ip[16];
+    char mac[32];
+    char token[33];
+    long int counter;
+} t_node;
+
 int fw_init(void);
 int fw_destroy(void);
@@ -36 +44 @@
 char *arp_get(char *req_ip);
 
+void node_init(void);
+t_node *node_add(char *ip, char *mac, char *token, long int counter);
+t_node *node_find_by_ip(char *ip);
+t_node *node_find_by_token(char *token);
+
 #endif /* _FIREWALL_H_ */

trunk/wifidog/src/gateway.c

@@ -42 +42 @@
     int fdmax, i, cnt_last_check;
 
+    /* Initialize the linked list */
+    node_init();
+
     FD_ZERO(&master);
     FD_ZERO(&read_fds);
@@ -110 +113 @@
 
     fw_init();
-    tv.tv_sec = config.checkinterval;
     last_checked = time(NULL);
 
     while(1) {
+        tv.tv_sec = config.checkinterval;
+        tv.tv_usec = 0;
         read_fds = master;
         if (select(fdmax + 1, &read_fds, NULL, NULL, &tv) == -1) {

trunk/wifidog/src/http.c

@@ -95 +95 @@
                     if ((rc = fw_allow(ip, mac, profile)) == 0) {
                         http_body(body, "You %s at %s, have been granted profile %d!", ip, mac, profile);
+
+                        /* Add client's IP and token into a linked list so we can keep
+                         * track of it on the auth server, only if he's not there already */
+                        if (!node_find_by_ip(ip)) {
+                            node_add(ip, mac, token, 0);
+                        }
                     } else {
                         http_body(body, "Authentication was succesful, but the firewall could not be modified, I got return code %d, please contact the systems administrators");
@@ -213 +219 @@
         memset(&(their_addr.sin_zero), '\0', 8);
 
+        debug(D_LOG_DEBUG, "Connecting to auth server %s on port %d", config.authserv_hostname, config.authserv_port);
+
         if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
             debug(D_LOG_ERR, "connect(): %s", strerror(errno));
@@ -218 +226 @@
         }
 
-        sprintf(buf, "GET %s?ip=%s&mac=%s&token=%s&stats=%ld\n\n", config.authserv_path, ip, mac, token, stats);
+        sprintf(buf, "GET %s?ip=%s&mac=%s&token=%s&stats=%ld HTTP/1.1\nHost: %s\n\n", config.authserv_path, ip, mac, token, stats, config.authserv_hostname);
         sock_send(sockfd, buf);
+
+        debug(D_LOG_DEBUG, "Sending HTTP request:\n#####\n%s\n#####", buf);
         
         if ((numbytes = recv(sockfd, buf, MAX_BUF - 1, 0)) == -1) {
@@ -232 +242 @@
         if ((p1 = strstr(buf, "Profile: "))) {
             if (sscanf(p1, "Profile: %d", &profile) == 1) {
+                debug(D_LOG_DEBUG, "Auth server returned profile %d", profile);
                 return(profile);
             } else {
+                debug(D_LOG_DEBUG, "Auth server did not return expected information");
                 return(-1);
             }