Changeset 935

Show
Ignore:
Timestamp:
01/31/06 22:22:04 (8 years ago)
Author:
benoitg
Message:
  • src/fw_iptables.c: Add the global ruleset to the nat table to fix #65. Add the table parameter to iptables_load_ruleset() and iptables_compile
  • libhttpd/protocol.c: Fix pointer type mismatch
  • src/conf.c,h: Remove deprecated option AuthServMaxTries? (which was already ignored anyway.
Location:
trunk/wifidog
Files:
17 modified

Legend:

Unmodified
Added
Removed
  • trunk/wifidog/ChangeLog

    r923 r935  
    11# $Id$ 
     22006-01-31 Benoit Gr�goire  <bock@step.polymtl.ca> 
     3        * src/fw_iptables.c:  Add the global ruleset to the nat table to fix #65. 
     4        Add the table parameter to iptables_load_ruleset() and iptables_compile 
     5        * libhttpd/protocol.c:  Fix pointer type mismatch 
     6    * src/conf.c,h:  Remove deprecated option AuthServMaxTries (which was already ignored anyway.        
     7         
    282006-01-23 Benoit Gr�goire  <bock@step.polymtl.ca> 
    3         src/conf.h:  Fix the value of DEFAULT_AUTHSERVPATH and completely wrong code comment.  Not the default indicated in the config file and the define are in sync. 
     9        * src/conf.h:  Fix the value of DEFAULT_AUTHSERVPATH and completely wrong code comment.  Not the default indicated in the config file and the define are in sync. 
    410 
    5112006-01-17 Mina Naguib <mina@ilesansfil.org> 
  • trunk/wifidog/Makefile.am

    r901 r935  
    3939        rpmbuild -ta ${builddir}wifidog-@VERSION@.tar.gz 
    4040         
    41 clean-local: 
    42         echo "clean-local: " && pwd 
    43         rm -f /usr/src/RPM/SPECS/wifidog.spec 
    44         rm -f /usr/src/RPM/SOURCES/wifidog-@VERSION@.tar.gz 
     41#clean-local: 
     42#       echo "clean-local: " && pwd 
     43#       rm -f /usr/src/RPM/SPECS/wifidog.spec 
     44#       rm -f /usr/src/RPM/SOURCES/wifidog-@VERSION@.tar.gz 
  • trunk/wifidog/README

    r901 r935  
    88 
    99The project's homepage is: 
    10         http://www.ilesansfil.org/wiki/WiFiDog 
    11  
    12 SourceForge project page: 
    13         http://sourceforge.net/projects/wifidog/ 
     10        http://dev.wifidog.org/ 
    1411 
    1512Mailing list interface: 
    1613        http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog 
    1714 
    18  
    1915The project's software is released under the GPL license and is copyright it's respective owners. 
    2016 
  • trunk/wifidog/configure.in

    r901 r935  
    2121WIFIDOG_MAJOR_VERSION=1 
    2222WIFIDOG_MINOR_VERSION=1 
    23 WIFIDOG_MICRO_VERSION=3_beta1 
     23WIFIDOG_MICRO_VERSION=3_pre1 
    2424WIFIDOG_VERSION=$WIFIDOG_MAJOR_VERSION.$WIFIDOG_MINOR_VERSION.$WIFIDOG_MICRO_VERSION 
    2525 
  • trunk/wifidog/libhttpd/protocol.c

    r786 r935  
    221221        int nbytesdecoded, j; 
    222222        register char *bufin = bufcoded; 
    223         register unsigned char *bufout = bufplain; 
     223        register char *bufout = bufplain; 
    224224        register int nprbytes; 
    225225 
     
    256256        while (nprbytes > 0)  
    257257        { 
    258                 *(bufout++)=(unsigned char)(DEC(*bufin)<<2|DEC(bufin[1])>>4); 
    259                 *(bufout++)=(unsigned char)(DEC(bufin[1])<<4|DEC(bufin[2])>>2); 
    260                 *(bufout++)=(unsigned char)(DEC(bufin[2])<<6|DEC(bufin[3])); 
     258                *(bufout++)=(DEC(*bufin)<<2|DEC(bufin[1])>>4); 
     259                *(bufout++)=(DEC(bufin[1])<<4|DEC(bufin[2])>>2); 
     260                *(bufout++)=(DEC(bufin[2])<<6|DEC(bufin[3])); 
    261261                bufin += 4; 
    262262                nprbytes -= 4; 
  • trunk/wifidog/src/auth.c

    r901 r935  
    8383                debug(LOG_DEBUG, "Running fw_counter()"); 
    8484         
    85                 fw_counter(); 
     85                fw_sync_with_authserver(); 
    8686        } 
    8787} 
  • trunk/wifidog/src/centralserver.c

    r901 r935  
    333333        } 
    334334} 
    335  
    336 /* config->authserv_maxtries */ 
  • trunk/wifidog/src/commandline.c

    r901 r935  
    4848 * 0 means normally, otherwise it will be populated by the PID of the parent 
    4949 */ 
    50 pid_t restarted = 0; 
     50pid_t restart_orig_pid = 0; 
    5151 
    5252/** @internal 
     
    134134                                skiponrestart = 1; 
    135135                                if (optarg) { 
    136                                         restarted = atoi(optarg); 
     136                                        restart_orig_pid = atoi(optarg); 
    137137                                } 
    138138                                else { 
  • trunk/wifidog/src/conf.c

    r901 r935  
    7777        oAuthServHTTPPort, 
    7878        oAuthServPath, 
    79         oAuthServMaxTries, 
    8079        oHTTPDMaxConn, 
    8180        oHTTPDName, 
     
    104103        { "gatewayport",        oGatewayPort }, 
    105104        { "authserver",         oAuthServer }, 
    106         { "authservmaxtries",   oAuthServMaxTries }, 
    107105        { "httpdmaxconn",       oHTTPDMaxConn }, 
    108106        { "httpdname",          oHTTPDName }, 
     
    147145        config.gw_port = DEFAULT_GATEWAYPORT; 
    148146        config.auth_servers = NULL; 
    149         config.authserv_maxtries = DEFAULT_AUTHSERVMAXTRIES; 
    150147        config.httpdname = NULL; 
    151148        config.clienttimeout = DEFAULT_CLIENTTIMEOUT; 
     
    390387                        switch (opcode) { 
    391388                                case oFirewallRule: 
    392                                         parse_firewall_rule(ruleset, p2); 
     389                                        _parse_firewall_rule(ruleset, p2); 
    393390                                        break; 
    394391 
     
    413410} 
    414411 
     412/** @internal 
     413Helper for parse_firewall_ruleset.  Parses a single rule in a ruleset 
     414*/ 
    415415static int 
    416 parse_firewall_rule(char *ruleset, char *leftover) 
     416_parse_firewall_rule(char *ruleset, char *leftover) 
    417417{ 
    418418        int i; 
     
    652652                                        sscanf(p1, "%d", &config.httpdmaxconn); 
    653653                                        break; 
    654                                 case oAuthServMaxTries: 
    655                                         sscanf(p1, "%d", &config.authserv_maxtries); 
    656                                         break; 
    657654                                case oBadOption: 
    658655                                        debug(LOG_ERR, "Bad option on line %d " 
  • trunk/wifidog/src/conf.h

    r922 r935  
    4949/** Note:  The path must be prefixed by /, and must be suffixed /.  Put / for the server root.*/ 
    5050#define DEFAULT_AUTHSERVPATH "/wifidog/" 
    51 #define DEFAULT_AUTHSERVMAXTRIES 1 
    5251/*@}*/  
    5352 
     
    113112    int gw_port;                /**< @brief Port the webserver will run on */ 
    114113     
    115     int authserv_maxtries;      /**< @brief Maximum number of auth server 
    116                                      connection attempts before abandoning */ 
    117114    t_auth_serv *auth_servers;  /**< @brief Auth servers list */ 
    118115    char *httpdname;            /**< @brief Name the web server will return when 
     
    158155static int parse_boolean_value(char *); 
    159156static void parse_auth_server(FILE *, char *, int *); 
    160 static int parse_firewall_rule(char *ruleset, char *leftover); 
     157static int _parse_firewall_rule(char *ruleset, char *leftover); 
    161158static void parse_firewall_ruleset(char *, FILE *, char *, int *); 
    162159void parse_trusted_mac_list(char *); 
  • trunk/wifidog/src/firewall.c

    r901 r935  
    7070 
    7171/* from commandline.c */ 
    72 extern pid_t restarted; 
     72extern pid_t restart_orig_pid; 
    7373 
    7474int icmp_fd = 0; 
     
    162162    result = iptables_fw_init(); 
    163163 
    164          if (restarted) { 
     164         if (restart_orig_pid) { 
    165165                 debug(LOG_INFO, "Restoring firewall rules for clients inherited from parent"); 
    166166                 LOCK_CLIENT_LIST(); 
     
    176176} 
    177177 
    178 /** Clear the authserver rules 
     178/** Remove all auth server firewall whitelist rules 
    179179 */ 
    180180void 
     
    185185} 
    186186 
    187 /** Set the authservers rules 
     187/** Add the necessary firewall rules to whitelist the authservers 
    188188 */ 
    189189void 
     
    214214 */ 
    215215void 
    216 fw_counter(void) 
     216fw_sync_with_authserver(void) 
    217217{ 
    218218    t_authresponse  authresponse; 
  • trunk/wifidog/src/firewall.h

    r901 r935  
    5555 
    5656/** @brief Refreshes the entire client list */ 
    57 void fw_counter(void); 
     57void fw_sync_with_authserver(void); 
    5858 
    5959/** @brief Get an IP's MAC address from the ARP cache.*/ 
  • trunk/wifidog/src/fw_iptables.c

    r901 r935  
    5050 
    5151static int iptables_do_command(char *format, ...); 
    52 static char *iptables_compile(char *, t_firewall_rule *); 
    53 static void iptables_load_ruleset(char *, char *); 
     52static char *iptables_compile(char *, char *, t_firewall_rule *); 
     53static void iptables_load_ruleset(char *, char *, char *); 
    5454 
    5555extern pthread_mutex_t  client_list_mutex; 
     
    9090 * Compiles a struct definition of a firewall rule into a valid iptables 
    9191 * command. 
     92 * @arg table Table containing the chain. 
    9293 * @arg chain Chain that the command will be (-A)ppended to. 
    9394 * @arg rule Definition of a rule into a struct, from conf.c. 
    9495 */ 
    9596static char * 
    96 iptables_compile(char *chain, t_firewall_rule *rule) 
     97iptables_compile(char * table, char *chain, t_firewall_rule *rule) 
    9798{ 
    9899    char        command[MAX_BUF], 
     
    107108    } 
    108109     
    109     snprintf(command, sizeof(command),  "-t filter -A %s ", chain); 
     110    snprintf(command, sizeof(command),  "-t %s -A %s ",table, chain); 
    110111    if (rule->mask != NULL) { 
    111112        snprintf((command + strlen(command)), (sizeof(command) -  
     
    134135 * Load all the rules in a rule set. 
    135136 * @arg ruleset Name of the ruleset 
     137 * @arg table Table containing the chain. 
    136138 * @arg chain IPTables chain the rules go into 
    137139 */ 
    138140static void 
    139 iptables_load_ruleset(char *ruleset, char *chain) 
    140 { 
    141         t_firewall_rule         *rules; 
     141iptables_load_ruleset(char * table, char *ruleset, char *chain) 
     142{ 
     143        t_firewall_rule         *rule; 
    142144        char                    *cmd; 
    143145 
    144         debug(LOG_DEBUG, "Load ruleset %s into chain %s", ruleset, chain); 
     146        debug(LOG_DEBUG, "Load ruleset %s into table %s, chain %s", ruleset, table, chain); 
    145147         
    146         for (rules = get_ruleset(ruleset); rules != NULL; rules = rules->next) { 
    147                 cmd = iptables_compile(chain, rules); 
    148                 debug(LOG_DEBUG, "Loading rule \"%s\" into %s", cmd, chain); 
     148        for (rule = get_ruleset(ruleset); rule != NULL; rule = rule->next) { 
     149                cmd = iptables_compile(table, chain, rule); 
     150                debug(LOG_DEBUG, "Loading rule \"%s\" into table %s, chain %s", cmd, table, chain); 
    149151                iptables_do_command(cmd); 
    150152                free(cmd); 
    151153        } 
    152154 
    153         debug(LOG_DEBUG, "Ruleset %s loaded into %s", ruleset, chain); 
     155        debug(LOG_DEBUG, "Ruleset %s loaded into table %s, chain %s", ruleset, table, chain); 
    154156} 
    155157 
     
    227229                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_WIFI_TO_ROUTER); 
    228230                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_WIFI_TO_INTERNET); 
     231                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_GLOBAL); 
    229232                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_UNKNOWN); 
    230233                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_AUTHSERVERS); 
     
    242245 
    243246                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j " TABLE_WIFIDOG_AUTHSERVERS); 
     247                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j " TABLE_WIFIDOG_GLOBAL); 
    244248                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -p tcp --dport 80 -j REDIRECT --to-ports %d", gw_port); 
    245249 
     
    266270 
    267271                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j " TABLE_WIFIDOG_LOCKED, FW_MARK_LOCKED); 
    268                         iptables_load_ruleset("locked-users", TABLE_WIFIDOG_LOCKED); 
     272                        iptables_load_ruleset("filter", "locked-users", TABLE_WIFIDOG_LOCKED); 
    269273 
    270274                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_GLOBAL); 
    271                         iptables_load_ruleset("global", TABLE_WIFIDOG_GLOBAL); 
     275                        iptables_load_ruleset("filter", "global", TABLE_WIFIDOG_GLOBAL); 
     276                        iptables_load_ruleset("nat", "global", TABLE_WIFIDOG_GLOBAL); 
    272277 
    273278                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j " TABLE_WIFIDOG_VALIDATE, FW_MARK_PROBATION); 
    274                         iptables_load_ruleset("validating-users", TABLE_WIFIDOG_VALIDATE); 
     279                        iptables_load_ruleset("filter", "validating-users", TABLE_WIFIDOG_VALIDATE); 
    275280 
    276281                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j " TABLE_WIFIDOG_KNOWN, FW_MARK_KNOWN); 
    277                         iptables_load_ruleset("known-users", TABLE_WIFIDOG_KNOWN); 
     282                        iptables_load_ruleset("filter", "known-users", TABLE_WIFIDOG_KNOWN); 
    278283     
    279284                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN); 
    280                         iptables_load_ruleset("unknown-users", TABLE_WIFIDOG_UNKNOWN); 
     285                        iptables_load_ruleset("filter", "unknown-users", TABLE_WIFIDOG_UNKNOWN); 
    281286                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_UNKNOWN " -j REJECT --reject-with icmp-port-unreachable"); 
    282287 
  • trunk/wifidog/src/gateway.c

    r901 r935  
    7373/* from commandline.c */ 
    7474extern char ** restartargv; 
    75 extern pid_t restarted; 
     75extern pid_t restart_orig_pid; 
    7676t_client *firstclient; 
    7777 
     
    9595 
    9696/* @internal 
    97  * @brief Connects to the parent via the internal socket 
     97 * @brief During gateway restart, connects to the parent process via the internal socket 
    9898 * Downloads from it the active client list 
    9999 */ 
     
    508508        init_signals(); 
    509509 
    510         if (restarted) { 
     510        if (restart_orig_pid) { 
    511511                /* 
    512512                 * We were restarted and our parent is waiting for us to talk to it over the socket 
     
    517517                 * At this point the parent will start destroying itself and the firewall. Let it finish it's job before we continue 
    518518                 */ 
    519                 while (kill(restarted, 0) != -1) { 
    520                         debug(LOG_INFO, "Waiting for parent PID %d to die before continuing loading", restarted); 
     519                while (kill(restart_orig_pid, 0) != -1) { 
     520                        debug(LOG_INFO, "Waiting for parent PID %d to die before continuing loading", restart_orig_pid); 
    521521                        sleep(1); 
    522522                } 
  • trunk/wifidog/src/http.c

    r901 r935  
    5252extern pthread_mutex_t  client_list_mutex; 
    5353 
     54/** The 404 handler is also responsable for redirecting to the auth server */ 
    5455void 
    5556http_callback_404(httpd *webserver, request *r) 
  • trunk/wifidog/src/util.c

    r901 r935  
    6868 
    6969/* Defined in commandline.c */ 
    70 extern pid_t restarted; 
     70extern pid_t restart_orig_pid; 
    7171 
    7272/* XXX Do these need to be locked ? */ 
     
    340340        snprintf((buffer + len), (sizeof(buffer) - len), "Has been restarted: "); 
    341341        len = strlen(buffer); 
    342         if (restarted) { 
    343                 snprintf((buffer + len), (sizeof(buffer) - len), "yes (from PID %d)\n", restarted); 
     342        if (restart_orig_pid) { 
     343                snprintf((buffer + len), (sizeof(buffer) - len), "yes (from PID %d)\n", restart_orig_pid); 
    344344                len = strlen(buffer); 
    345345        } 
  • trunk/wifidog/wifidog.conf

    r901 r935  
    3737# GatewayAddress 192.168.1.1 
    3838 
    39 # Parameter: AuthServMaxTries 
    40 # Default: 1 
    41 # Optional 
    42 # 
    43 # Sets the number of auth servers the gateway will attempt to contact when a request fails. 
    44 # this number should be equal to the number of AuthServer lines in this 
    45 # configuration but it should probably not exceed 3. 
    46  
    47 # AuthServMaxTries 3 
    48  
    4939# Parameter: AuthServer 
    5040# Default: NONE 
    51 # Mandatory 
     41# Mandatory, repeatable 
    5242# 
    53 # Set this to the hostname or IP of your auth server, the path where 
    54 # WiFiDog-auth resides  and optionally as a second argument, the port it 
    55 # listens on. 
     43# This allows you to configure your auth server(s).  Each one will be tried in order, untill one responds. 
     44# Set this to the hostname or IP of your auth server(s), the path where 
     45# WiFiDog-auth resides in and the port it listens on. 
    5646#AuthServer { 
    5747#       Hostname      (Mandatory; Default: NONE)