conf/ Configuration files
rc.firewall.sample Script of sample IPv4 firewall configuration
rc.firewall6.sample Script of initail IPv6 firewall configuration
- ipfwctl.pl Perl script executed by opengate
+ ipfwctl.pl.sample Perl script executed by opengate(not use in default)
opengatesrv.conf.sample Sample file for Opengate configuration
doc/ Documentation files
index.html.var Document selector placed in DocumentRoot
en/ & ja/ HTML files for each language
- accept.html First accept message page(for Applet)
+ accept-java.html Accept message page for java mode
+ accept-http.html Accept message page for http mode
+ accept-time.html Accept message page for timeout mode
accept2.html Second accept message page(for start browsing)
deny.html Deny message page
deny-ssl.html Deny message page(in SSL)
retry.html Retry message page
+ httpkeep.html Page for HTTP Keep-Alive
index-ssl.html Authentication request page(in SSL)
index.html Authentication request page
topindex.html Top page displayed at firewall forward
comm-cgi.c Communication with Web server via CGI
comm-ipfw.c Communication with IPFW
comm-ip6fw.c Communication with IP6FW
- comm-java.c Communication with Java Applet
comm-userdb.c Communication with user database
ctrl-firewall.c Control firewalls
+ ctrl-alarms.c Control named alarms
error.c Error routines
get-mac.c Get MAC address from arp or ndp
get-param.c Get parameters from config file
opengatefwd.c Forward CGI
test-comm-auth.c Test program to debug comm-auth.c
test-comm-ipfw.c Test program to debug comm-ipfw.c
- test-comm-java.c Test program to debug comm-java.c
+ test-comm-client.c Test program to debug comm-client.c
test-console.sh Test script to debug cgi on console
test-get-param.c Test program to debug get-param.c
test-cgi.c Test program to debug cgi function
signal.c Functions of TCP/IP (By W. Richard Stevens)
sock_ntop_host.c Functions of TCP/IP (By W. Richard Stevens)
tcp_connect.c Functions of TCP/IP (By W. Richard Stevens)
+ watch-client.c Watching the client
wrapper.c Functions of TCP/IP (By W. Richard Stevens)
tools/ Related tools
--- /dev/null
+#!/usr/bin/perl -U
+
+### Firewall control perl script drived by opengatesrv.cgi ###
+### (In default this script is disabled. See opengatesrv.conf.)
+### (Consider setting by ipfw rule or opengatesrv.conf before use this)
+
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty)=@ARGV;
+close STDOUT; close STDERR; close STDIN;
+
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","$clientaddr","to","any";
+
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","any","to","$clientaddr";
+
+
+exit 0;
+__END__
+########### Above line is the end of interpreting#############
+
+ PARAMETERS
+
+ $ipfwpath = path to ipfw command
+ $rulenumber= ipfw rule number. one number for one client
+ $clientaddr= client machine's IP address
+ $userid = user's ID. Auth server ID is attached, if entered.
+ $macaddr = MAC address for the client machine
+ $userproperty = user property acquired from user database
+ (Need to edit comm-userdb.c to use this option).
+
+ CAUTIONS
+
+*Be care to execute quickly and without delay.
+ This script runs in EXCLUSIVE mode.
+
+*Be care to add least rule set.
+ The rules are added PER each client.
+
+*Be care to eliminate bug and security hole.
+ At modification, debug it perfectly in stand along mode.
+
+*If possible, the rule should be written in rc.firewall.
+ Following can be written in rc.firewall
+ Deny some protocol though authentication passed.
+ Allow to access some server without authentication.
+
+*Following might be written in this script.
+ Deny guest users to access internal network.
+ Deny a client having specific MAC address.
+ Forward some service to proxy server after authentication.
+ (Last one might be written in rc.firewall as the rule of other
+ side interface which is not used by opengate)
+
+ SIMPLE SCRIPT
+
+If you are confused, return to the following default script.
+=====================================================
+#!/usr/bin/perl
+
+# get parameters
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr)=@ARGV;
+
+# close web server I/O
+close STDOUT; close STDERR; close STDIN;
+
+# allow all packets incomming to the client.
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","any","to","$clientaddr";
+
+# allow all packets outgoing from the client.
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","$clientaddr","to","any";
+
+exit 0;
+__END__
+======================================================
+
<?xml version="1.0"?>\r
-<Opengate>\r
+<Opengate version="1.4">\r
\r
<!-- ################################################# \r
- ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->\r
+# ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->\r
\r
<!-- opengate gateway server hostname(FQDN or IP address) -->\r
\r
<OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>\r
\r
<!-- Authentication server -->\r
- <!-- The AuthServer format is documented at the bottom of this file -->\r
+ <!-- The AuthServer format is documented at the end of this file -->\r
\r
<AuthServer>\r
<Address>192.168.0.2</Address>\r
<Protocol>pop3s</Protocol>\r
</AuthServer>\r
\r
-<!-- ###################################################\r
- if you want to switch parameters with userID or extraID\r
- (which is entered by user as [userID@extraID]),\r
- see the information in ExtraSet below\r
- ################################################### --> \r
+<!-- ########################################################## \r
+# #### usually, need not to modify following parameters #### -->\r
\r
-<!-- #### usually, need not to modify following parameters #### -->\r
+<!-- ###################################################\r
+# if you want to switch parameters with userID or extraID\r
+# (entered by user as [userID@extraID] in auth page),\r
+# see the information of ExtraSet at the end of this file.\r
+# ################################################### --> \r
\r
<!-- Set 1 to write many information to syslog -->\r
- <!-- Set 0 to write only error message to syslog -->\r
+ <!-- Set 0 to write only open/close and error messages to syslog -->\r
<Debug>0</Debug>\r
\r
- <!-- Syslog -->\r
+ <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->\r
+ <WatchMode>Java</WatchMode>\r
+ \r
+ <!-- Syslog (local0, local1, .., local7)-->\r
<Syslog>\r
<Enable>1</Enable>\r
<Facility>local1</Facility>\r
</Syslog>\r
+\r
+ <!-- Allowable duration for users to use network(seconds) -->\r
+ <!-- If no connection with java/http, network is closed after this. -->\r
+ <Duration>\r
+ <Default>1200</Default>\r
+ <Max>10800</Max>\r
+ </Duration>\r
+ \r
+ <!-- Client Live Check (seconds) -->\r
+ <!-- In JAVA connection, send HELLO and get reply. -->\r
+ <!-- In HTTP connection, existance of HELLO request. -->\r
+ <!-- In no connection, check mac address mismatch and no packet. -->\r
+ <ActiveCheck>\r
+ <Interval>600</Interval>\r
+ <NoPacketInterval>5400</NoPacketInterval>\r
+ </ActiveCheck>\r
+\r
+ <!-- HTTP 'HELLO' request interval(ms) to Keep-Alive -->\r
+ <!-- this must be smaller than the keep-alive time of browsers -->\r
+ <HttpHelloInterval>50000</HttpHelloInterval>\r
+\r
+ <!-- IPFW rule number range used by opengate -->\r
+ <IpfwRule>\r
+ <Min>10000</Min>\r
+ <Max>40000</Max>\r
+ <Interval>2</Interval>\r
+ </IpfwRule>\r
+\r
+ <!-- IP6FW rule number range used by opengate -->\r
+ <Ip6fwRule>\r
+ <Min>10000</Min>\r
+ <Max>40000</Max>\r
+ <Interval>2</Interval>\r
+ </Ip6fwRule>\r
+ \r
+ <!-- Port number range used by opengate -->\r
+ <ListenPort>\r
+ <Min>30000</Min>\r
+ <Max>60000</Max>\r
+ </ListenPort>\r
\r
<!-- Available HTML languages (first lang is used as default) -->\r
<HtmlLangs>en ja</HtmlLangs>\r
<!-- HTML Documents -->\r
<DenyDoc>deny.html</DenyDoc>\r
<DenyDocSsl>deny-ssl.html</DenyDocSsl>\r
- <AcceptDoc>accept.html</AcceptDoc>\r
+ <AcceptDocHttp>accept-http.html</AcceptDocHttp>\r
+ <AcceptDocJava>accept-java.html</AcceptDocJava>\r
+ <AcceptDocTime>accept-time.html</AcceptDocTime>\r
<AcceptDoc2>accept2.html</AcceptDoc2>\r
<AuthDoc>index.html</AuthDoc>\r
<AuthDocSsl>index-ssl.html</AuthDocSsl>\r
<FwdDoc>topindex.html</FwdDoc>\r
<RetryDoc>retry.html</RetryDoc>\r
+ <HttpKeepDoc>httpkeep.html</HttpKeepDoc>\r
\r
<!-- CGI programs -->\r
<AuthCgi>opengateauth.cgi</AuthCgi>\r
<Path>/etc/opengate/ipfwctrl.pl</Path>\r
</Ip6fwScript>\r
\r
- <!-- Allowable duration for users to use network(seconds) -->\r
- <Duration>\r
- <Default>1200</Default>\r
- <Max>10800</Max>\r
- </Duration>\r
- \r
- <!-- Live Check by sending 'HELLO' and counting packet (seconds) -->\r
- <ActiveCheck>\r
- <Interval>600</Interval>\r
- <NoReplyMaxCount>3</NoReplyMaxCount>\r
- <NoPacketInterval>5400</NoPacketInterval>\r
- </ActiveCheck>\r
-\r
- <!-- IPFW rule range used by opengate -->\r
- <IpfwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </IpfwRule>\r
-\r
- <!-- IP6FW rule range used by opengate -->\r
- <Ip6fwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </Ip6fwRule>\r
- \r
- <!-- Port range used by opengate -->\r
- <ListenPort>\r
- <Min>30000</Min>\r
- <Max>60000</Max>\r
- </ListenPort>\r
- \r
<!-- Lock file for exclusive exec to prevent overlapped rule number -->\r
<LockFile>/tmp/opengate.lock</LockFile>\r
\r
<UserIdSeparator>@</UserIdSeparator>\r
\r
<!-- ########################################################## \r
- #### ExtraSet overwritten on default settings ####\r
-\r
- If you want to switch parameter values\r
- by userID and extraID entered as [userID@extraID],\r
- set following. \r
-\r
- If entered as [userID], above default parameters are used.\r
- If entered as [iserID@extraID] and matched set exists,\r
- the paremeters in the set is overwriten on the above default.\r
- The first matched extra set is used.\r
- \r
- Examples:\r
- First ExtraSet is used when user entered as [anyuser@guest],\r
- where "anyuser" is every userID.\r
- Second ExtraSet is used when [anyuser@admin].\r
- Third ExtraSet is used when [user1] or [user2].\r
- \r
- UserIdPattern is the "POSIX Extended Regular Expression".\r
- Matching is insensitive to upper/lower case.\r
-\r
- Word "default" is set to extraID, when extraID is not entered.\r
- ####################################################### -->\r
+# #### ExtraSet overwritten on default settings ####\r
+#\r
+# If you want to switch parameter values\r
+# by userID and extraID entered as [userID@extraID],\r
+# set following. \r
+#\r
+# If entered as [userID], above default parameters are used.\r
+# If entered as [iserID@extraID] and matched set exists,\r
+# the paremeters in the set is overwriten on the above default.\r
+# The first matched extra set is used.\r
+# \r
+# Examples:\r
+# First ExtraSet is used when user entered as [anyuser@guest],\r
+# where "anyuser" is every userID.\r
+# Second ExtraSet is used when [anyuser@admin].\r
+# Third ExtraSet is used when [user1] or [user2].\r
+# \r
+# UserIdPattern is the "POSIX Extended Regular Expression".\r
+# Matching is insensitive to upper/lower case.\r
+#\r
+# Word "default" is set to extraID, when extraID is not entered.\r
+# ####################################################### \r
+-->\r
\r
<!--\r
- <ExtraSet ExtraId="guest">\r
- <AuthServer>\r
- <Address>192.168.0.1</Address>\r
- <Protocol>pop3s</Protocol>\r
- </AuthServer>\r
- <Duration>\r
- <Default>1200</Default>\r
- <Max>1200</Max>\r
- </Duration>\r
- </ExtraSet>\r
+# <ExtraSet ExtraId="guest">\r
+# <AuthServer>\r
+# <Address>192.168.0.1</Address>\r
+# <Protocol>pop3s</Protocol>\r
+# </AuthServer>\r
+# <Duration>\r
+# <Default>1200</Default>\r
+# <Max>1200</Max>\r
+# </Duration>\r
+# </ExtraSet>\r
-->\r
<!--\r
- <ExtraSet ExtraId="admin">\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- </AuthServer>\r
- </ExtraSet>\r
+# <ExtraSet ExtraId="admin">\r
+# <AuthServer>\r
+# <Protocol>pam</Protocol>\r
+# </AuthServer>\r
+# </ExtraSet>\r
-->\r
<!--\r
- <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$"> \r
- <Syslog>\r
- <Enable>1</Enable>\r
- <Facility>local2</Facility>\r
- </Syslog>\r
- </ExtraSet>\r
+# <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$"> \r
+# <Syslog>\r
+# <Enable>1</Enable>\r
+# <Facility>local2</Facility>\r
+# </Syslog>\r
+# </ExtraSet>\r
-->\r
</Opengate> \r
\r
\r
\r
<!-- ###################################################\r
- ######Documentation about AuthServer setting ######\r
- \r
- ########### Format ############# \r
- where {a|b}: a or b , [ x ]: x is optional, -x-: x is value\r
- \r
- #### TYPE 1 (POP or FTP) ####\r
- <AuthServer>\r
- <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>\r
- <Address>{-hostname-|-ip_address-}</Address>\r
- [ <Port>-portno-</Port> ]\r
- </AuthServer>\r
- # AuthOK, if request by <Protocol> is accepted by <Address>.\r
- # Address is FQDN or IP address \r
- # If <Port> is not defined, port number in /etc/services is used.\r
- # pop3s is SSLed pop3\r
- # ftpse is SSLed ftp run in Explicit mode. \r
- # ftpsi is SSLed ftp run in Implicit mode.\r
-\r
- #### TYPE 2 (PAM) ####\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]\r
- </AuthServer>\r
- # Auth by PAM\r
- # If not define <ServiceName>, "opengate" is used in "pam.conf".\r
-\r
- #### TYPE 3 (RADIUS) ####\r
- <AuthServer>\r
- <Protocol>radius</Protocol>\r
- [ <ConfFile>-path_to_radius_conf-</ConfFile> ]\r
- </AuthServer>\r
- # Auth by RADIUS\r
- # If not define <ConfigFile>, "/etc/radius.conf" is used.\r
- \r
- #### TYPE 4 (ACCEPT or DENY) ####\r
- <AuthServer>\r
- <Protocol>{accept|deny}</Protocol>\r
- </AuthServer>\r
- # The user is accepted or denied without inquiry.\r
- # This setting is prepared for debugging.\r
- \r
- ############# Examples ##############\r
- <AuthServer>\r
- <Address>pop.saga-u.ac.jp</Address>\r
- <Protocol>pop3s</Protocol>\r
- <Port>10000</Port>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Address>192.168.0.1</Address>\r
- <Protocol>ftpsi</Protocol>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Protocol>radius</Protocol>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- </AuthServer>\r
- ###################################### -->\r
+# ######Documentation about AuthServer setting ######\r
+# \r
+# ########### Format ############# \r
+# where {a|b}: a or b , [ x ]: x is optional, -x-: x is value\r
+# \r
+# #### TYPE 1 (POP or FTP) ####\r
+# <AuthServer>\r
+# <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>\r
+# <Address>{-hostname-|-ip_address-}</Address>\r
+# [ <Port>-portno-</Port> ]\r
+# </AuthServer>\r
+# # AuthOK, if request by <Protocol> is accepted by <Address>.\r
+# # Address is FQDN or IP address \r
+# # If <Port> is not defined, port number in /etc/services is used.\r
+# # pop3s is SSLed pop3\r
+# # ftpse is SSLed ftp run in Explicit mode. \r
+# # ftpsi is SSLed ftp run in Implicit mode.\r
+#\r
+# #### TYPE 2 (PAM) ####\r
+# <AuthServer>\r
+# <Protocol>pam</Protocol>\r
+# [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]\r
+# </AuthServer>\r
+# # Auth by PAM\r
+# # If not define <ServiceName>, "opengate" is used in "pam.conf".\r
+#\r
+# #### TYPE 3 (RADIUS) ####\r
+# <AuthServer>\r
+# <Protocol>radius</Protocol>\r
+# [ <ConfFile>-path_to_radius_conf-</ConfFile> ]\r
+# </AuthServer>\r
+# # Auth by RADIUS\r
+# # If not define <ConfigFile>, "/etc/radius.conf" is used.\r
+# \r
+# #### TYPE 4 (ACCEPT or DENY) ####\r
+# <AuthServer>\r
+# <Protocol>{accept|deny}</Protocol>\r
+# </AuthServer>\r
+# # The user is accepted or denied without inquiry.\r
+# # This setting is prepared for debugging.\r
+# \r
+# ############# Examples ##############\r
+# <AuthServer>\r
+# <Address>pop.saga-u.ac.jp</Address>\r
+# <Protocol>pop3s</Protocol>\r
+# <Port>10000</Port>\r
+# </AuthServer>\r
+#\r
+# <AuthServer>\r
+# <Address>192.168.0.1</Address>\r
+# <Protocol>ftpsi</Protocol>\r
+# </AuthServer>\r
+#\r
+# <AuthServer>\r
+# <Protocol>radius</Protocol>\r
+# </AuthServer>\r
+#\r
+# <AuthServer>\r
+# <Protocol>pam</Protocol>\r
+# </AuthServer>\r
+# ###################################### \r
+-->\r
<DD>\r
Fix browser's long waiting after sending accept page. And other small bugs.\r
</DD>\r
+<DT>\r
+Ver.1.4.0 at 2006.10.16</DT>\r
+<DD>\r
+Add client watch with http keep-alive, which is the alternate to the watch with java applet. Use carefully, as this is a preliminary release.\r
+</DD>\r
+\r
</DL>\r
<b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
</BODY>\r
</LI>\r
\r
<LI>Configuration file is /etc/opengate/opengatesrv.conf. Processing of 'make install' creates /etc/opengate/opengatesrv.conf.sample. Copy this to opengatesrv.conf. As the configuration parameters are changed between versions, do not use the file of different version.</LI>\r
+\r
</UL>\r
<hr>\r
Following is the list of errors and the descriptions at each execution step in the form as;\r
--- /dev/null
+<html>\r
+\r
+<BODY bgColor=#fafff0>\r
+<P>\r
+Components of Opengate System</P>\r
+<P>\r
+ \r
+<table border=1>\r
+<tr><td>Client Machine</td><td>User terminal. </td></tr>\r
+<tr><td>Gateway Machine</td><td>Control of network usage. A CGI program (main component of Opengate) opengatesrv.cgi authenticates user and control the firewall ipfw. Web server to controll CGI program are also set.</td></tr>\r
+<tr><td>Authentication Server</td><td>Hold user information and reply to the authentication request.</td></tr>\r
+<tr><td>Log Server</td><td>Receive date, time, userid, and ip-address for usage via syslog.</td></tr>\r
+\r
+\r
+</table></P>\r
+<P>\r
+Requirement of Client Machine</P>\r
+<P>\r
+ \r
+<table border=1>\r
+<tr><td>Necessity</td><td>Web browser can run on the client. Ajax or JavaVM is desired.</td></tr>\r
+<tr><td>Condition to open network</td><td> \r
+Reply correct userID and password to the authentication page</td></tr>\r
+<tr><td>Condition to close network</td>\r
+<td>When (Ajax or JavaVM) is enabled and the usage duration is not entered.<BR>\r
+- Close Web browser or OS<BR>\r
+- Fail periodic live check<BR>\r
+Other cases<BR>\r
+- A fixed time length passes.<BR>\r
+- No packet passed from/to the client for a long time<BR>\r
+- ARP command returns the different MAC address<BR>\r
+- The user clicks the termination link in accept response page.</td></tr>\r
+<tr><td>Applied network</td><td>TCP/IP communication, Wire/wireless LAN.<BR>\r
+No address translation between gateway and client.</td></tr>\r
+<tr><td>Applied machines</td><td>Mobile PC/desktop PC, Service terminal\r
+ settled by the organization/Note PC\r
+ carried in by users.\r
+</td></tr>\r
+</table></P>\r
+<P>\r
+Requirement of Gateway Machine</P>\r
+<P>\r
+ \r
+<table border=1>\r
+<tr><td>OS</td><td>FreeBSD newer than 4.0</td></tr>\r
+<tr><td>hardware</td><td>PC which can runs FreeBSD, Two EtherBoard</td></tr>\r
+<tr><td>required software</td><td>Apache, ipfw</td></tr>\r
+<tr><td>recommended software</td><td>natd, DHCP, SSL, perl, BIND</td></tr>\r
+</table></P>\r
+<P>\r
+Requirement of Authentication Server</P>\r
+<P>\r
+ \r
+<table border=1>\r
+<tr><td>Protocols</td><td>POP3, POP3S, FTP, FTPS, RADIUS, or PAM</td></tr>\r
+<tr><td>Configuration</td><td>The serverID and its configuration are set in opengatesrv.conf.</td></tr>\r
+<tr><td>Choosing Servers</td><td>In case of entering [user] only, authentication \r
+ request is sent to the default server. In case of \r
+ entering [user@serv], request is sent to the server set for extraID [serv].</td></tr>\r
+</table>\r
+<P>\r
+Merits of Opengate \r
+<P>\r
+ \r
+<table border=1>\r
+<tr><td>Wide compatibility</td><td>It only requires web browser for\r
+ the client. It can be compatible with clients having various OS and\r
+ connecttion form.\r
+</td></tr>\r
+<tr><td>Easy management</td><td>It can use existing autheitication\r
+ servers. Only the gateway system should be\r
+ maintained. No installation and user\r
+ guidance are required.\r
+ </td></tr>\r
+<tr><td>Easy interface</td><td>It has the friendly interface for web\r
+ users. The network is opened by replying\r
+ userid and password to the automatic-send\r
+ authentication page. The netowrk is closed\r
+ at the termination of\r
+ the web browser. </td></tr>\r
+<tr><td>Quick response</td><td>It opens and closes the network with very\r
+ short time delay after user action.</td></tr>\r
+<tr><td>Wide applicability</td><td>It does not depend specific\r
+ software and hardware. It can be\r
+ inserted to the existing network easily.\r
+ It can control both of IPv4 and IPv6.</td></tr>\r
+<tr><td>High flexibility</td><td>The network control depends on ipfw rules.\r
+ Simple perl script is used to add rules.</td></tr>\r
+<tr><td>Low cost</td><td>It can be used under GPL. It uses no specific hardware\r
+ or software. The gateway machine is a simple PC\r
+ in which FreeBSD works.</td></tr>\r
+</table></P>\r
+</BODY>\r
+</html>\r
+\r
<UL>\r
<LI>\r
\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\r
-\8e\9e\82É\81Aipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B</LI><P></P>\r
+\8e\9e\82É\81Aipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B</LI>\r
<LI>\r
Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B<br>\r
/usr/local/www/data/index.html.var<br>\r
/etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): *.sample\82©\82ç\83R\83s\81[\81B<br>\r
/var/log/opengate.log<br>\r
\82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä/tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B\r
- </LI><P></P>\r
+ </LI>\r
\r
<LI>\r
\95Ê\82É\81A<A href="../progflow.html" >\83v\83\8d\83O\83\89\83\80\83t\83\8d\81[\89ð\90à</A>\82Æ<A href="../protocol.txt" >\8aÖ\98A\83\\83t\83g\8aÔ\82Ì\83v\83\8d\83g\83R\83\8b</A>\82ð\97p\88Ó\82µ\82Ä\82¢\82Ü\82·\81B\83v\83\8d\83O\83\89\83\80\82Ì\8aî\96{\93I\82È\93®\82«\82ð\94c\88¬\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
\82Ü\82½\81A\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\82ª\81A\8eg\82¢\95û\82Í\83\\81[\83X\82ð\8c©\82Ä\82\82¾\82³\82¢\81B</LI>\r
\r
<LI>\r
-/var/log/opengate.log\82É\8aJ\95ú\81A\95Â\8d½\82Ì\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8fo\97Í\82µ\82Ü\82·\81B\83G\83\89\81[\82Ì\8fê\8d\87\82Í\82±\82Ì\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B/etc/opengate/opengatesrv.conf\93à\82ÌDebug\82ð1\82É\82·\82é\82Æ\81A\83f\83o\83b\83O\82Ì\82½\82ß\82Ì\8fî\95ñ\82ð\91å\97Ê\82É\8fo\82·\82æ\82¤\82É\82È\82è\82Ü\82·\81B\82Ü\82½\81AApache\82Ì\83\8d\83O\82â\83V\83X\83e\83\80\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+/var/log/opengate.log\82É\8aJ\95ú\81A\95Â\8d½\82Ì\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8fo\97Í\82µ\82Ü\82·\81B\83G\83\89\81[\82Ì\8fê\8d\87\82Í\82±\82Ì\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B/etc/opengate/opengatesrv.conf\93à\82ÌDebug\82ð1\82É\82·\82é\82Æ\81A\83f\83o\83b\83O\82Ì\82½\82ß\82Ì\8fî\95ñ\82ð\91å\97Ê\82É\8fo\82·\82æ\82¤\82É\82È\82è\82Ü\82·\81B\82Ü\82½\81AApache\82Ì\83\8d\83O\82â\83V\83X\83e\83\80\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B</LI><P></P>\r
+\r
\r
<LI>/etc/opengate/opengatesrv.conf\82ª\90Ý\92è\83t\83@\83C\83\8b\82Å\82·\81Bmake install\82Å\82Í\81A/etc/opengate/opengatesrv.conf.sample\82ª\8dì\82ç\82ê\82Ü\82·\82Ì\82Å\81A\82±\82ê\82ðopengatesrv.conf\82É\83R\83s\81[\82µ\82Ä\82\82¾\82³\82¢\81B\90Ý\92è\83t\83@\83C\83\8b\82Í\81A\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\90Ý\92è\8d\80\96Ú\82Ì\91\9d\8c¸\82ª\82 \82è\82Ü\82·\82Ì\82Å\81A\91Î\89\9e\82·\82é\83o\81[\83W\83\87\83\93\82Ì\82à\82Ì\82ð\8eg\82Á\82Ä\82\82¾\82³\82¢\81B</LI>\r
\r
</UL>\r
\r
</UL>\r
-\r
+<P></P>\r
<!-- ******************** -->\r
\r
<LI>\8e\9f\82Éopengateauth.cgi\82ª\93®\8dì\82µ\82Ä\81Aindex.html\82Ìkeyword\82ð\92u\82«\8a·\82¦\82½<a href=../pict/auth.jpg>\94F\8fØ\97v\8b\81\83y\81[\83W</a>\82ð\91\97\82è\8fo\82·\81B\82±\82Ì\83y\81[\83W\82Í\94F\8fØ\97v\8b\81\82ð\95\\8e¦\82·\82é\81B</LI>\r
--- /dev/null
+<html LANG="jp">\r
+<head>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
+</head>\r
+<BODY bgColor=#fafff0>\r
+<P>\r
+Opengate\83V\83X\83e\83\80\82Ì\8d\\90¬\97v\91f</P>\r
+<P>\r
+\r
+<table border=1>\r
+ \r
+ <TR><td>\83N\83\89\83C\83A\83\93\83g</td><td>\97\98\97p\8eÒ\82ª\97\98\97p\82·\82é\92[\96\96\81B</td></TR>\r
+ <TR><td>\83Q\81[\83g\83E\83F\83C</td><td>\92Ê\90M\82Ì\90§\8cä\81BCGI\83v\83\8d\83O\83\89\83\80opengatesrv.cgi\82ª\94F\8fØ\82ð\8ds\82¢\83t\83@\83C\83A\83E\83H\81[\83\8bipfw\82ð\8aJ\95ú\81E\95Â\8d½\81BCGI\90§\8cä\82ÌWeb\83T\81[\83o\82à\90Ý\92è</td></TR>\r
+ <TR><td>\94F\8fØ\83T\81[\83o</td><td>\97\98\97p\8eÒ\8fî\95ñ\82Ì\95Û\8e\9d\82Æ\94F\8fØ\89\9e\93\9a</td></TR>\r
+ <TR><td>\97\98\97p\8bL\98^\83T\81[\83o</td><td>\97\98\97p\8aJ\8en\8e\9e\82Æ\97\98\97p\8fI\97¹\8e\9e\82É\81A\93ú\8e\9e\81E\83\86\81[\83U\96¼\81EIP\83A\83h\83\8c\83X\93\99\82ðsyslog\8co\97R\82Å\8eó\82¯\8eæ\82è</td></TR>\r
+\r
+</table></P>\r
+<P>\r
+\83N\83\89\83C\83A\83\93\83g\83}\83V\83\93\82Ì\8ed\97l</P>\r
+<P>\r
+\r
+<table border=1>\r
+<tr><td>\95K\97v\8fð\8c\8f</td><td>Web\83u\83\89\83E\83U\82ª\89Ò\93®\82·\82é\82±\82Æ\81BAjax\82Ü\82½\82ÍJavaVM\82Ì\89Ò\93®\82ª\96]\82Ü\82µ\82¢\81B</td></tr>\r
+<tr><td>\83l\83b\83g\83\8f\81[\83N\8aJ\95ú\8fð\8c\8f</td><td>\94C\88Ó\82ÌURL\82Ö\83A\83N\83Z\83X\82·\82é\82Æ\95Ô\82³\82ê\82é\94F\8fØ\83y\81[\83W\82Ì\97\98\97p\8eÒID\82Æ\83p\83X\83\8f\81[\83h\82ª\94F\8fØ\82ð\92Ê\89ß</td></tr>\r
+<tr>\r
+<td>\83l\83b\83g\83\8f\81[\83N\95Â\8d½\8fð\8c\8f</td>\r
+<td>Ajax\82Ü\82½\82ÍJavaVM\82ª\89Ò\93®\82µ\82Ä\82¨\82è\81A\97\98\97p\8eÒ\82É\82æ\82é\97\98\97p\8e\9e\8aÔ\8ew\92è\82ª\82È\82¢\8fê\8d\87<BR>\r
+\81@\81EWeb\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82½<BR>\r
+\81@\81E\92è\8aú\90¶\91¶\83`\83F\83b\83N\82ª\8e¸\94s\82µ\82½<BR>\r
+\8fã\8bL\88È\8aO\82Ì\8fê\8d\87<BR>\r
+\81@\81E\8aJ\95ú\8cã\81A\97\98\97p\8eÒ\82ª\8ew\92è\82µ\82½\8e\9e\8aÔ\82ª\89ß\82¬\82½<BR>\r
+\81@\81E\88ê\92è\8e\9e\8aÔ\81A\83N\83\89\83C\83A\83\93\83g\82ª\92Ê\90M\82ð\8ds\82í\82È\82©\82Á\82½<BR>\r
+\81@\81EARP\83R\83}\83\93\83h\82É\91Î\82µ\82Ä\88Ù\82È\82éMAC\83A\83h\83\8c\83X\82ª\95Ô\82³\82ê\82½<BR>\r
+\81@\81E\95Â\8d½\8ew\8e¦\82Ì\83\8a\83\93\83N\82ð\97\98\97p\8eÒ\82ª\83N\83\8a\83b\83N\82µ\82½</td></tr>\r
+<tr><td>\83N\83\89\83C\83A\83\93\83g\90Ú\91±\8fð\8c\8f</td><td>TCP/IP\82É\82æ\82é\90Ú\91±\81A\96³\90üLAN/\97L\90üLAN\89Â\94\<BR>\r
+\83Q\81[\83g\83E\83F\83C\82Æ\83N\83\89\83C\83A\83\93\83g\82Ì\8aÔ\82É\83A\83h\83\8c\83X\95Ï\8a·\8b@\8aí\82ª\96³\82¢\82±\82Æ</td></tr>\r
+<tr><td>\83N\83\89\83C\83A\83\93\83g\90Ý\92u\8fð\8c\8f</td><td>\8cÂ\90l\8e\9d\8eQ\82ÌPC/\8cÅ\92è\90Ý\92u\92[\96\96\8b¤\82É\89Â\94\\81A\83\82\83o\83C\83\8bPC/\83f\83X\83N\83g\83b\83vPC\8b¤\82É\89Â\94\\r
+</td></tr>\r
+</table></P>\r
+<P>\r
+\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\82Ì\8ed\97l</P>\r
+<P>\r
+\r
+<table border=1>\r
+<tr><td>OS</td><td>FreeBSD4.0\88È\8d~</td></tr>\r
+<tr><td>\83n\81[\83h\83E\83F\83A</td><td>\8fã\8bL\82ª\89Ò\93®\89Â\94\\82È\82à\82Ì\81AEtherBoard2\96\87\88È\8fã</td></tr>\r
+<tr><td>\95K\90{\83\\83t\83g\83E\83F\83A</td><td>Apache\81Aipfw</td></tr>\r
+<tr><td>\94C\88Ó\91I\91ð\83\\83t\83g\83E\83F\83A</td><td>natd\81ADHCP\81ASSL\81Aperl\81ABIND</td></tr>\r
+</table>\r
+<P>\r
+\94F\8fØ\83T\81[\83o\82Ì\8ed\97l</P>\r
+\r
+<table border=1>\r
+ \r
+ <TR><td>\91Î\89\9e\83v\83\8d\83g\83R\83\8b\81@</td><td>POP3\81APOP3S\81AFTP\81AFTPS\81ARADIUS\81APAM</td></TR>\r
+ <TR><td>\90Ý\92è\83t\83@\83C\83\8b</td><td>opengatesrv.conf\82É\81A\98A\8cg\82·\82é\94F\8fØ\83T\81[\83o\82ÌID\82Æ\82»\82Ì\8fÚ\8d×\82ð\90Ý\92è\82·\82é\81B</td></TR>\r
+ <TR><td>\83T\81[\83o\82Ì\91I\91ð</td><td>\r
+ <P>\97\98\97p\8eÒID\82Ì\82Ý\93ü\97Í[user]\82Å\95W\8f\80\83T\81[\83o\82Ö\81AextraID\82ð\89Á\82¦\82Ä\93ü\97Í[user@serv]\82·\82é\82ÆextraID[serv]\82É\90Ý\92è\82³\82ê\82½\83T\81[\83o\82Ö\81A[user]\82Ì\94F\8fØ\97v\8b\81\82ð\93n\82·\81B</P></td></TR>\r
+</table>\r
+<P>Opengate\82Ì\93Á\92· </P>\r
+<P>\r
+\r
+<table border=1>\r
+<tr><td>\92[\96\96\8cÝ\8a·\90«</td><td> Web\83u\83\89\83E\83U\82Ì\82Ý\82ð\97v\8b\81\82µ\81AOS (Windows,\r
+ MacOS,\r
+ Linux\93\99\81j\82â\90Ý\92u\8c`\91Ô\81i\83\82\83o\83C\83\8b\81E\8cÅ\92è\90Ý\92u\81j\81A\90Ú\91±\r
+ \8c`\91Ô\81i\97L\90ü\81E\96³\90ü\81j\82É\82æ\82ç\82¸\97\98\97p\82Å\82«\82é\81B\93Á\8eê\82È\83V\83X\83e\83\80\8b@\94\\82Í\97\98\97p\82µ\82È\82¢\81B</td></tr>\r
+<tr><td>\8aÇ\97\9d\97e\88Õ\90«</td><td>\97l\81X\82È\94F\8fØ\95û\8e®\82É\91Î\89\9e\82µ\82Ä\82¨\82è\81A\8aù\91¶\82Ì\97\98\97p\8eÒ\8fî\95ñ\82ð\97¬\97p\89Â\94\\82Å\82 \82é\81B\83l\83b\r
+ \83g\83\8f\81[\83N\8b@\8aí\82â\92[\96\96\82ð\8aÇ\97\9d\82·\82é\95K\97v\82ª\82È\82\81A\83Q\81[\83g\83E\83F\r
+ \83C\8b@\82Ì\82Ý\82ð\8aÇ\97\9d\82·\82ê\82Î\82æ\82¢\81B\97\98\97p\82Ì\83K\83C\83h\82ª\8aÈ\92P\82Å\82 \r
+ \82é\81B\92[\96\96\82Ö\82Ì\93Á\8eê\83\\83t\83g\93±\93ü\82â\90Ý\92è\82ª\95s\97v\82Å\82 \82é\81B\r
+ </td></tr>\r
+<tr><td>\97\98\97p\97e\88Õ\90«</td><td>Web\97\98\97p\8eÒ\82É\82Æ\82Á\82Ä\92¼\8a´\93I\82È\83\86\81[\83U\83C\83\93\83^\81[\83t\83F\81[\83X\82Å\82 \82é\81BWeb\83u\83\89\83E\83U\82Å\94C\88Ó\83T\83C\83g\82Ö\83A\83N\83Z\83X\82·\82é\82Æ\94F\8fØ\83y\81[\r
+ \83W\82ª\95\\8e¦\81B\83p\83X\83\8f\81[\83h\82Æ\97\98\97p\8eÒID\82ð\93\9a\82¦\82é\82±\82Æ\82Å\83l\83b\r
+ \83g\97\98\97p\89Â\94\\82Æ\82È\82é\81BWeb\83u\83\89\83E\83U\82ð\8fI\82í\82ê\82Î\95Â\8d½\82·\82é\81B</td></tr>\r
+<tr><td>\91¦\8e\9e\90«</td><td>\94F\8fØ\82ª\92Ê\82ê\82Î\81A\82Ù\82Ú\91¦\8e\9e\82É\97\98\97p\8aJ\8en\82Å\82«\82é\81BWeb\83u\83\89\83E\83U\r
+ \82ð\8fI\82í\82ê\82Î\81A\82Ù\82Ú\91¦\8e\9e\82É\95Â\8d½\82·\82é\81B</td></tr>\r
+<tr><td>\94Ä\97p\90«</td><td>\94Ä\97p\82Ì\8b@\8aí\82¨\82æ\82Ñ\83\\83t\83g\83E\83F\83A\82ð\91O\92ñ\82Æ\82µ\82Ä\82¨\82è\81A\83l\83b\r
+ \83g\83\8f\81[\83N\8d\\90¬\93\99\82Ì\90§\8cÀ\82à\82Ù\82Æ\82ñ\82Ç\82È\82¢\81B\8aù\91¶\83l\83b\83g\83\8f\81[\83N\r
+ \82Ö\82Ì\91}\93ü\82à\97e\88Õ\82Å\82 \82é\81BIPv4\81AIPv6\82Ì\97¼\95û\82É\91Î\89\9e\82·\82é\81B</td></tr>\r
+<tr><td>\8f_\93î\90«</td><td>\83l\83b\83g\83\8f\81[\83N\8aJ\95ú\90§\8cä\82Í\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\83\8b\81[\83\8b\82É\r
+ \82æ\82é\82½\82ß\81A\8f_\93î\82È\90§\8cä\82ª\89Â\94\\81B\82³\82ç\82ÉPerl\83X\83N\83\8a\83v\83g\82ð\95Ï\r
+ \8dX\82·\82é\82±\82Æ\82Å\82æ\82è\95¡\8eG\82È\90§\8cä\82à\89Â\94\\81B</td></tr>\r
+<tr><td>\92á\97õ\90«</td><td>GPL\89º\82Å\82Ì\97\98\97p\82ª\82Å\82«\82é\81B\91O\92ñ\82Æ\82È\82é\83V\83X\83e\83\80\82à\88ê\94Ê\93I\r
+ \82ÈPC\82ÉFreeBSD\82ð\93±\93ü\82µ\82½\82à\82Ì\82Å\82æ\82¢\81B\93Á\8eê\82È\83l\83b\83g\83\8f\81[\r
+ \83N\8b@\8aí\82ð\8eg\97p\82µ\82È\82¢\81B</td></tr>\r
+</table></P>\r
+</BODY>\r
+</html>\r
+\r
\r
<body bgcolor=#fafff0>\r
\r
-<H3>Flow of Opengate</H3>Following is the flow of the \r
-Opengate system.\r
+<H3>Flow of Opengate</H3>Following is the flow of the Opengate system.\r
\r
<OL>\r
\r
</LI>\r
\r
<LI>\r
-The CGI gets the userid[eg., user1 or user1@id1], password, encoded IPv4 address[eg., 333333333-3] , and language from POST data. The CGI also gets IPv6 address[eg., 2001:e38:10::111] from [REMOTE_ADDR]. \r
+The CGI gets the userid[eg., user1 or user1@id1], password, encoded IPv4 address[eg., 333333333-3] , language and watchmode[J or H or T] from POST data. The CGI also gets IPv6 address[eg., 2001:e38:10::111] from [REMOTE_ADDR]. \r
CGI gets MAC address from NDP or ARP.\r
</LI>\r
\r
</LI>\r
\r
<LI>\r
-After passing the authentication, CGI inserts IPv4 firewall rule [ipfw add 10000 allow ip from 192.168.1.111 to any] and [ipfw add 10000 allow ip from any to 192.168.1.111], and inserts IPv6 firewall rule [ip6fw add 10000 allow ipv6 from 2001:e38:10::111 to any] and [ip6fw add 10000 allow ipv6 from any to 2001:e38:10::111]. The rules indicate the pass of packet to/from the client. The perl script can be used for more flexible ipfw control.\r
+After passing the authentication, CGI inserts IPv4 firewall rule [ipfw add 10000 allow ip from 192.168.1.111 to any] and [ipfw add 10000 allow ip from any to 192.168.1.111], and inserts IPv6 firewall rule [ip6fw add 10000 allow ipv6 from 2001:e38:10::111 to any] and [ip6fw add 10000 allow ipv6 from any to 2001:e38:10::111]. The rules indicate the pass of packet to/from the client. \r
</LI>\r
\r
<LI>\r
</LI>\r
\r
<LI>\r
-CGI reads reply page file [accept.html], replaces keywords, and sends it to the client. </LI>\r
+Depending on watchmode, CGI reads one of accept reply page files [accept-http.html/accept-java.html/accept-time.html], replaces keywords, and sends it to the client. ([<a href=http://www.cc.saga-u.ac.jp/opengate/pict/accept-java.jpg>accept-java.html</a>] or [<a href=http://www.cc.saga-u.ac.jp/opengate/pict/accept-http.jpg>accept-http.html</a>].)</LI>\r
\r
-<LI>The browser receives the page [<a href=http://www.cc.saga-u.ac.jp/opengate/pict/accept.jpg>accept.html</a>] describing the dowloading of java applet [applet code='Opengate.class'...] and the opening of second page\r
-[window.open("http://.../accept2.html")].\r
+<LI>Case of accept-http, the page gets the http-keep page from the opengate port. The http-keep page includes the script to execute periodic XMLHttpRequest to the opengate port. The periodic request keeps a TCP connection with a watch process. \r
</LI>\r
-<li>The browser opens the second page [<a href=http://www.cc.saga-u.ac.jp/opengate/pict/accept2.jpg>accept2.html</a>] for browsing.\r
+\r
+<LI>Case of accept-java, the description to dowload java applet [applet code='Opengate.class'...] is executed. The java applet keeps connection with a watch process.\r
</LI>\r
-<LI>\r
-CGI generates a watch process and exits. \r
+\r
+<LI>Case of accept-time, the link to terminate usage is displayed. \r
</LI>\r
\r
<LI>\r
-The watch process waits for the java applet to connect.\r
+CGI generates a watch process and exits. \r
</LI>\r
\r
<LI>\r
-If no connection in DURATIONDEFAULT seconds, CGI removes the firewall rule {ipfw del 10000] and terminates. If duration is entered in auth page, the time is extended to the time. To cope with hijacking and notting, periodical execution of arp check and firewall packet inquiry.\r
+The watch process waits for the java applet or http-keep script to connect.\r
</LI>\r
\r
<LI>\r
-If connected, the watch process watchs the TCP connection linked to the client. When the TCP connection is closed, the watch process removes the firewall rule and terminates.\r
+If no connection in duration seconds, CGI removes the firewall rule [ipfw del 10000] and terminates.\r
+To cope with hijacking and notting, the watch process executes periodic arp check and firewall packet inquiry between waiting. \r
+(The watch process gets number of passed packets matched to the inserted rule from IPv4 and IPv6 firewall [ipfw -a list 10000], [ip6fw -a list 10000] every ActiveCheckInterval seconds. \r
+If the packet count does not increase in NoPacketInterval seconds, the watch process removes the firewall rule and terminates. \r
+The watch process also gets the list of mac and ip address by arp command every ActiveCheckInterval seconds, \r
+and if the relation is changed, the watch process removes the firewall rule and terminates.)\r
</LI>\r
\r
<LI>\r
-The watch process sends 'hello' to the client every ACTIVECHECKINTERVAL seconds. If no reply in HELLOWAITTIMEOUT seconds, the watch process removes the firewall rule and terminates.\r
+If java applet or http-keep script is connected, the watch process watchs the TCP connection linked to the client. \r
+When the TCP connection is closed, the watch process removes the firewall rule and terminates.\r
</LI>\r
\r
<LI>\r
-The watch process gets number of passed packets matched to the inserted rule from IPv4 and IPv6 firewall\r
-[ipfw -a list 10000], [ip6fw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet count does not increase in NOPACKETINTERVAL seconds, the watch process removes the firewall rule and terminates.\r
+In java applet connection, the watch process sends 'hello' to the client every ActiveCheck/Interval seconds. \r
+When no reply to hello, the watch process removes the firewall rule and terminates. \r
+In http-keep script connection, the watch process reads 'GET /hello' and sends 'hello'. \r
+When no hello-request during ActiveCheckInterval, the watch process removes the firewall rule and terminates.\r
</LI>\r
\r
<LI>\r
At termination, the watch process reports the filewall close to syslog [Jun 16 22:11:55 ... CLOS: user user1 from 192.168.0.111...], [Jun 16 22:11:55 ... CLOS: user user1 from 2001:e38:10::111...] and [Jun 16 22:11:55 ... END: user user1 at 00:00:00:00:00:00].\r
</LI>\r
\r
-\r
</OL>\r
\r
-\r
-\r
</body>\r
</HTML>\r
\r
User--|--userTerminal--|------GatewayMachine --------------------------|Authentication|
server
- (WWWbrowser) (ipfw) (ip6fw)
- AnyURL IPv6 HTTP Timeout
- ------->|-----------------------------------------------------|------->|
+ (WWWbrowser) (ipfw) (ip6fw)
+ AnyURL IPv6 HTTP
+ ------->|-----------------------------------------------------|-------X|
| IPv4 HTTP (Retry) | |
|---------------------------------------------------->| |
| (WWWserver) | |
|<----------------------| FwdCGI<---------------------| |
- | WebPage | IP Forward : :
+ | WebPage | IP Forward : :
| HTML Refresh(IPv4) |
--------|---------------------->| AuthCGI
| IPv4 Address in | put IPv4 address in hidden tag
SendBtn |---------------------->|
|<userID>,<passwd> | (SrvCGI)
|<IPv4 address>(hidden) |------------->| request (arp or ndp)
- | | <userID>|--------->|
+ |<watchmode> | <userID>|--------->|
| | <passwd>|<---------|
- | | <MAC address>| reply :
+ | | <MAC address>| reply :
| |<IPv6 address>|IPv6 address form "REMOTE_ADDR"
| |<IPv4 address>|IPv4 address form POST data
| | | (Auth server)
| | |(set timer) | |
| | |(listen) | |
|<----------------------|<-------------| | | |
- | WebPage (include JavaApplet) # | | |
- | : | | |
+ | WebPage(content depends on watchmode)# | | |
+ | | | |
+ [watchmode=Time or before connecting Java/Http]
+ | | | |
+ | |----------->| | ^
+ | |<-----------| | |
+ | |packet count| | |
+ | | | | |
+ | | (arp) | | |
+ | |------>| | | |
+ | |<------| | | | (Check Loop
+ | | mac/ip | | | in basic mode)
+ | | (ndp) | | |
+ | IPv6 address check |---->| | | |
+ | |<----| | | |
+ | Add new IPv6 address|-------------------->| |
+ | | add rule | | |
+ | Del expired IPv6 address|-------------------->| |
+ | | del rule | | v
+ | | | |
+ | (No packet||Mac/Ip mismatch||Timeout | | |
+ | ||Click terminate link), Close firewall|----------->| |
+ | | del rule | |
+ | |-------------------->|
+ | | del rule | |
+ | # : :
+ |
+ [watchmode=Java]
| (Applet) | | |
|--->| <userID> | | |
: |---------------------------------->| | |
|<----------------------------------| | |
| "accept" | | |
| | | |
- | "hello" | request log| |
- Network |<--------------------------------- |----------->| |
- Use | (Priodec Check) | | |
- |---------------------------------->|<-----------| |
- | "hello" | log list | |
- | | (ndp) | |
- | IPv6 address check |---->| | |
- | |<----| | |
- | Add new IPv6 address|-------------------->|
- | | add rule | |
- | Del expired IPv6 address|-------------------->|
+ | "hello" | | | ^
+ |<--------------------------------- | | | |
+ |---------------------------------->| | | |
+ | "hello" | | | |
+ | | (ndp) | | | (Check Loop
+ | IPv6 address check |---->| | | | in java mode)
+ | |<----| | | |
+ | Add new IPv6 address|-------------------->| |
+ | | add rule | | |
+ | Del expired IPv6 address|-------------------->| |
+ | | del rule | | v
+ | (If no reply, close firewall)| | |
+ | (If close TCP, close firewall)| | |
+ ---------->|---------------------------------->|----------->| |
+ Kill Web | close | del rule | |
+ | |-------------------->|
| | del rule | |
+ # # : :
+
+ [watchmode=Http]
+ | "GET /httpkeep-<userid>" | | |
+ |--------------------------------------->| | |
+ |<---------------------------------------| | |
+ | Web page (include JavaScript) | | |
+ | | | |
+ | (JavaScript) | | |
+ |--->| "GET /hello" | | |
+ | |---------------------------------->| | |
+ | |<----------------------------------| | |
+ | | | | |
+ | | "GET /hello" | | | ^
+ : |---------------------------------->| | | |
+ |<----------------------------------| | | |
+ | "hello" | | | |
+ | | (ndp) | | | (Check Loop
+ | IPv6 address check |---->| | | | in http mode)
+ | |<----| | | |
+ | Add new IPv6 address|-------------------->| |
+ | | add rule | | |
+ | Del expired IPv6 address|-------------------->| |
+ | | del rule | | v
+ | (If no request, close firewall)| | |
+ | (If close TCP, close firewall)| | |
---------->|---------------------------------->|----------->| |
Kill Web | close | del rule | |
| |-------------------->|
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<meta http-equiv="Pragma" content="no-cache">
+<meta http-equiv="Refresh" content="0; URL=%%HTTPKEEPURL%%">
+
+<title>Opengatemain</title>
+</head>
+<body>
+
+<p>You can use the network.
+If you cannot move to a new page automatically,
+click <a href="%%HTTPKEEPURL%%">Jump</a>.
+</p>
+
+</body>
+</html>
+
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<title>Opengatemain</title>
+</head>
+<body>
+
+<p>You can use the network.
+
+<p>When you finish to use the network, stop your WEB browser.
+You will be disconnected from the network automatically.</p>
+
+<script language="JavaScript">
+<!--
+if(!navigator.javaEnabled()){
+ document.write("<p><b>Java is disabled.</b></p>");
+}
+//-->
+</script>
+<noscript>
+<p><b>JavaScript is disabled. Change it.</b></p>
+</noscript>
+
+<hr />
+<div align="center">
+ <applet code="Opengate.class" archive="Opengate.jar"
+ codebase="%%OPENGATEDIR%%" width="600" height="30" >
+ <param name=port value="%%OPENGATEPORT%%">
+ <param name=user value="%%USERID%%">
+ <param name=lang value="%%LANGUAGE%%">
+ </applet>
+</div>
+
+<hr />
+
+<p>If yellow bar is not displayed between above two lines, Java does not run.
+Please click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>,
+ close your browser, and try to select HTTP in authentication page.
+Java will run, if you download JavaPlugIn from <a href=http://java.com/ja/index.jsp><b>java.com</b></a>.</p>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</SCRIPT>
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+Please leave this window as it is (or minimized), and work on another window.
+If another working window is not popped up,
+click <a href="%%STARTURL%%" target="_blank"><h3>[Start Page]</h3></a>
+ to open.
+</td></tr>
+</table>
+
+</BODY>
+</HTML>
+
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<title>Opengatemain</title>
+</head>
+<body>
+
+<p>You can use the network. Network will be closed after duration entered.</p>
+<p>When you finish to use the network, click the link:
+<a href="%%TERMINATEURL%%"></a> for security.</p>
+<p>Please use this method only when other methods are failed.</p>
+
+<script language="JavaScript">
+<!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</script>
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+Please leave this window as it is (or minimized), and work on another window.
+If another working window is not popped up,
+click <a href="%%STARTURL%%" target="_blank"><h3>[Start Page]</h3></a>
+ to open.
+</td></tr>
+</table>
+
+
+</BODY>
+</HTML>
+
+++ /dev/null
-<HTML>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
-<HEAD>
-<TITLE>Opengatemain</TITLE>
-</HEAD>
-<BODY>
-
-<P>You can use the network. You can minimize this page but do not close.</P>
-<P>When you stop your WEB browser, you will be disconnected from the network. Do not forget to stop your WEB brower when you finish to use the network.</P>
-
-<HR>
-<DIV ALIGN=CENTER>
-%%OPENGATEAPPLET%%
-</DIV>
-<HR>
-<table border="1">
-<tr><td>
-<P>If <B>yellow bar is not displayed</B> between above two lines:</P>
-<UL>
-<LI>It indicates that the browser does not run Java.</LI>
-<LI>The network is opened for a while and closed. </LI>
-<LI>You should click <a href="%%TERMINATEURL%%"><B>TERMINATE</B></a> link, if you want to close the network immediately. The network is also closed at re-authentication .</LI>
-<LI>Please access to <a href=http://java.com/en/index.jsp><B>java.com</B></a> for downloading Java VM, if your computer does not have it.
-</LI>
-</td></tr>
-</table>
-
-
-<SCRIPT LANGUAGE="JavaScript">
-<!--
-if(!navigator.javaEnabled()) {
-}
-w=window.open("%%STARTURL%%","window1");
-//-->
-</SCRIPT>
-<NOSCRIPT>
-Cannot run JavaScript. Check setting.
-</NOSCRIPT>
-
-<table border="1">
-<tr><td>
-If <B>another working window is not popped up</B>, click below link to open.
-<a href="%%STARTURL%%" target="_blank"><h3>[Start Page]</h3></a>
-</td></tr>
-</table>
-
-
-</BODY>
-</HTML>
-
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<title>Http Keep-Alive</title>
+
+<script type="text/javascript">
+
+//<!--
+function createXMLHttpRequest() {
+ try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {}
+ try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {}
+ try { return new XMLHttpRequest(); } catch(e) {}
+ alert("XMLHttpRequest not supported");
+ return null;
+}
+
+function onTimeout()
+{
+ if(httpObj.readyState!=4){
+ document.getElementById("dispmsg").innerHTML = 'ERROR-01';
+ connect=0;
+ }
+
+ if(connect==1){
+ sendHello();
+ setTimeout('onTimeout()', timeInterval);
+ }
+}
+
+function sendHello(){
+
+ // http communication object
+ httpObj=createXMLHttpRequest();
+ httpObj.onreadystatechange = displayResponse;
+
+ try{
+ httpObj.open("GET","%%HTTPHELLOURL%%"+Math.random(),true);
+ }catch(e){
+ document.getElementById("dispmsg").innerHTML = 'ERROR-02';
+ connect=0;
+ }
+
+ httpObj.send(null);
+}
+
+function displayResponse()
+{
+ if(httpObj.readyState==4){
+ if(httpObj.responseText=="hello"){
+ today=new Date;
+ hh=today.getHours(); mm=today.getMinutes();
+ if(hh<10)hh='0'+hh; if(mm<10)mm='0'+mm;
+ document.getElementById("dispmsg").innerHTML = hh+':'+mm;
+ }
+ else{
+ document.getElementById("dispmsg").innerHTML = 'ERROR-03';
+ connect=0;
+ }
+ }
+}
+
+function init()
+{
+ connect=1;
+ sendHello();
+
+ // http request after timeInterval(ms)
+ timeInterval =%%HTTPHELLOINTERVAL%%;
+
+ // get next text after some delay
+ setTimeout('onTimeout()', timeInterval);
+}
+//-->
+</script>
+
+</head>
+
+<body>
+
+<script language="JavaScript">
+<!--
+ init();
+//-->
+</script>
+<noscript>
+<p><b>JavaScript is disabled. Change it.</b></p>
+</noscript>
+
+<p>You can use the network.</p>
+<p>When you finish to use the network, stop your WEB browser.
+You will be disconnected from the network automatically.</p>
+
+<hr />
+<p>
+<div align="center">
+<table width="60%" bgcolor="yellow" >
+<tr>
+<td align='center'>Authenticated for networt use </td>
+<td align='center'>User name %%USERID%%</td>
+<td align='center'>Confirmation </td>
+<td align='center'><div id="dispmsg">Starting...</div> </td>
+</tr>
+</table>
+</div>
+</p>
+<hr />
+
+
+<p>If ERROR is shown at the rightside of above bar,
+click <a href="%%TERMINATEURL%%"><b>TERMINATE</b></a>,
+ close your browser, and try to select JAVA in authentication page.</p>
+
+<script language="JavaScript">
+!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</script>
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+Please leave this window as it is (or minimized), and work on another window.
+If another working window is not popped up,
+click <a href="%%STARTURL%%" target="_blank"><h3>[Start Page]</h3></a>
+ to open.
+</td></tr>
+</table>
+
+</body>
+</html>
</TR>
</TABLE>
-<hr>
-Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max %%DURATIONMAX%%minutes).
-The value is used only when Java is not active.
-Click the TERMINATE link in the accept page at the end of usage.
-
-</FORM>
-</P>
-<hr WIDTH="100%">
+<hr>
+Watch dog (Only change when default is mulfunctioned)<br />
+<input type="radio" name="watchmode" value="H" %%CHECKHTTP%% >HTTP
+<input type="radio" name="watchmode" value="J" %%CHECKJAVA%% >JAVA
+<input type="radio" name="watchmode" value="T" %%CHECKTIME%% >
+TIMEOUT <input type="text" name="duration" size="4"
+value="%%DURATIONDEFAULT%%" > minutes (less than %%DURATIONMAX%% minutes)
+<hr>
+</form>
+</p>
</center>
<p><font size=+1>If you have some questions, please contact CNC.
-<div align=right>July 2005
-
-<br>Saga University</div>
+<div align=right>Saga University</div>
</BODY>
<BODY>
<center>
-<H1 align=center>Network User Authentication</H1>
+<H2 align=center>Network User Authentication</H2>
<hr>
[<a href="http://%%AUTHCGIURL%%?%%ADDR4%%&ja">Japanese version</a>]
</TABLE>
<hr>
-Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max %%DURATIONMAX%%minutes).
-The value is used only when Java is not active.
-Click the TERMINATE link in the accept page at the end of usage.
-
-</FORM>
-</P>
+Watch dog (Only change when the system is mulfunctioned)<br />
+<input type="radio" name="watchmode" value="H" %%CHECKHTTP%% >HTTP
+<input type="radio" name="watchmode" value="J" %%CHECKJAVA%% >JAVA
+<input type="radio" name="watchmode" value="T" %%CHECKTIME%% >
+TIMEOUT <input type="text" name="duration" size="4"
+value="%%DURATIONDEFAULT%%" > minutes (less than %%DURATIONMAX%% minutes)
+<hr>
+</form>
+</p>
-</div>
</center>
-<hr>
<p><font size=+1>If you have some questions, please contact network administrator.
-<div align=right>July 2005
-
-<br>Saga University</div>
+<div align=right>Saga University</div>
</BODY>
<HTML>
+<HEAD>
+
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?%%ADDR4%%&en">
-<HEAD>
<TITLE>OpengateStart</TITLE>
</HEAD>
<BODY>
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<meta http-equiv="Pragma" content="no-cache">
+<meta http-equiv="Refresh" content="0; URL=%%HTTPKEEPURL%%">
+
+<title>Opengatemain</title>
+</head>
+<body>
+<p>
+\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#$3$N%Z!<%8$+$i<+F00\F0$7$J$$J}$O\e(B
+<a href="%%HTTPKEEPURL%%">\e$B<!$X\e(B</a>\e$B$r%/%j%C%/$7$F2<$5$$!#\e(B
+</p>
+
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<title>Opengatemain</title>
+</head>
+<body>
+
+<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</p>
+<p>\e$BMxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
+</p>
+
+<script language="JavaScript">
+<!--
+if(!navigator.javaEnabled()){
+ document.write("<p><b>Java\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ992<$5$$!#\e(B</b></p>");
+}
+//-->
+</script>
+<noscript>
+<p><b>JavaScript\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#JQ992<$5$$!#\e(B</b></p>
+</noscript>
+
+<hr />
+<div align="center">
+ <applet code="Opengate.class" archive="Opengate.jar"
+ codebase="%%OPENGATEDIR%%" width="600" height="30" >
+ <param name=port value="%%OPENGATEPORT%%">
+ <param name=user value="%%USERID%%">
+ <param name=lang value="%%LANGUAGE%%">
+ </applet>
+</div>
+<hr />
+
+<p>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K2+?'$N%P!<$,I=<($5$l$J$$>l9g!"\e(BJava\e$B$,F0$$$F$$$^$;$s!#\e(B
+<a href="%%TERMINATEURL%%"><b>\e$BMxMQCfCG\e(B</b></a>\e$B$r%/%j%C%/$7$F\e(B
+\e$B%V%i%&%6$r=*N;$7$?8e!"G'>Z%Z!<%8$K$*$$$F\e(BHTTP\e$BJ}<0$rA*Br$7$F$/$@$5$$!#\e(B
+\e$B$^$?$O!"\e(B<a href=http://java.com/ja/index.jsp><b>java.com</b></a>
+\e$B$+$i\e(BJavaPlugIn\e$B$r%@%&%s%m!<%I$9$l$P!"\e(BJava\e$B$rF0$+$9$3$H$,$G$-$^$9!#\e(B
+
+<script language="JavaScript">
+<!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</script>
+
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+<b>\e$B$3$N%Z!<%8$O$3$N$^$^$K!JKt$O:G>/2=!K$7$F!"JL$N%&%$%s%I%&$G:n6H$7$F$/$@$5$$!#\e(B</b>
+\e$B:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"\e(B<a href="%%STARTURL%%" target="_blank"><h3>[\e$B%9%?!<%H%Z!<%8\e(B]</h3></a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B
+
+</td></tr>
+</table>
+
+</body>
+</html>
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<title>Opengatemain</title>
+</head>
+<body>
+
+<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B
+\e$B%M%C%H%o!<%/$O;XDj;~4V8e$KJD:?$H$J$j$^$9!#\e(B</p>
+<p>\e$B0BA4$N$?$a$K!"MxMQ=*N;;~$K$O!"\e(B<a href="%%TERMINATEURL%%">
+<b>\e$BMxMQCfCG\e(B</b></a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B</p>
+<p>\e$B$3$NJ}K!$O!"B>$NJ}K!$,<:GT$9$k>l9g$K$N$_MxMQ$7$F2<$5$$!#\e(B</p>
+
+<script language="JavaScript">
+<!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</script>
+
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+<b>\e$B$3$N%Z!<%8$O$3$N$^$^$K!JKt$O:G>/2=!K$7$F!"JL$N%&%$%s%I%&$G:n6H$7$F$/$@$5$$!#\e(B</b>
+\e$B:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"\e(B
+<a href="%%STARTURL%%" target="_blank"><h3>[\e$B%9%?!<%H%Z!<%8\e(B]</h3></a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B
+
+</td></tr>
+</table>
+
+</body>
+</html>
+++ /dev/null
-<HTML>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
-<HEAD>
-<TITLE>Opengatemain</TITLE>
-</HEAD>
-<BODY>
-
-<P>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#$3$N%Z!<%8$O:G>/2=$7$F$b$h$$$G$9$,!"JD$8$J$$$G2<$5$$!#\e(B</P>
-<P>Web\e$B%V%i%&%6$,=*N;$7$?$H$-$K!"%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
-\e$B0-MQ$5$l$J$$$?$a$K!"MxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
-</P>
-
-<HR>
-<DIV ALIGN=CENTER>
-%%OPENGATEAPPLET%%
-</DIV>
-<HR>
-
-<table border="1">
-<tr><td>
-<P>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K\e(B<B>\e$B2+?'$$%P!<$,I=<($5$l$J$$>l9g\e(B</B></P>
-<UL>
-<LI>Java\e$B$,M-8z$K$J$C$F$$$^$;$s!#\e(B</LI>
-<LI>\e$B%M%C%H%o!<%/$O0lDj;~4V3+J|8e$KJD:?$H$J$j$^$9!#\e(B</LI>
-<LI>\e$BB(;~$K%M%C%H%o!<%/$rJD$8$k$K$O!"\e(B<a href="%%TERMINATEURL%%"><B>\e$BMxMQCfCG\e(B</B></a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#$^$?!":FEYG'>Z$rDL$k$HJD$8$^$9!#\e(B</LI>
-<LI>\e$B$*;H$$$N%3%s%T%e!<%?$K\e(BJava\e$B$N<B9T4D6-$,L5$$>l9g$K$O!"\e(B<a href=http://java.com/ja/index.jsp><B>java.com</B></a>\e$B$+$i%@%&%s%m!<%I$7$F$/$@$5$$!#\e(B</LI>
-</UL>
-</td></tr>
-</table>
-
-
-<SCRIPT LANGUAGE="JavaScript">
-<!--
-if(navigator.javaEnabled()){
- w=window.open("%%STARTURL%%","window1");
-}
-//-->
-</SCRIPT>
-<NOSCRIPT>
-JavaScript\e$B$,M-8z$K$J$C$F$$$^$;$s!#@_Dj$r3NG'2<$5$$!#\e(B
-</NOSCRIPT>
-
-<table border="1">
-<tr><td>
-\e$B$b$&0l$D$N\e(B<B>\e$B:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g\e(B</B>\e$B$K$O!"2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B
-<a href="%%STARTURL%%" target="_blank"><h3>[\e$B%9%?!<%H%Z!<%8\e(B]</h3></a>
-</td></tr>
-</table>
-
-</BODY>
-</HTML>
-
--- /dev/null
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<title>Http Keep-Alive</title>
+
+<script type="text/javascript">
+
+//<!--
+function createXMLHttpRequest() {
+ try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {}
+ try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {}
+ try { return new XMLHttpRequest(); } catch(e) {}
+ alert("XMLHttpRequest not supported");
+ return null;
+}
+
+function onTimeout()
+{
+ if(httpObj.readyState!=4){
+ document.getElementById("dispmsg").innerHTML = 'ERROR-01';
+ connect=0;
+ }
+
+ if(connect==1){
+ sendHello();
+ setTimeout('onTimeout()', timeInterval);
+ }
+}
+
+function sendHello(){
+
+ // http communication object
+ httpObj=createXMLHttpRequest();
+ httpObj.onreadystatechange = displayResponse;
+
+ try{
+ httpObj.open("GET","%%HTTPHELLOURL%%"+Math.random(),true);
+ }catch(e){
+ document.getElementById("dispmsg").innerHTML = 'ERROR-02';
+ connect=0;
+ }
+
+ httpObj.send(null);
+}
+
+function displayResponse()
+{
+ if(httpObj.readyState==4){
+ if(httpObj.responseText=="hello"){
+ today=new Date;
+ hh=today.getHours(); mm=today.getMinutes();
+ if(hh<10)hh='0'+hh; if(mm<10)mm='0'+mm;
+ document.getElementById("dispmsg").innerHTML = hh+':'+mm;
+ }
+ else{
+ document.getElementById("dispmsg").innerHTML = 'ERROR-03';
+ connect=0;
+ }
+ }
+}
+
+function init()
+{
+ connect=1;
+ sendHello();
+
+ // http request after timeInterval(ms)
+ timeInterval =%%HTTPHELLOINTERVAL%%;
+
+ // get next text after some delay
+ setTimeout('onTimeout()', timeInterval);
+}
+//-->
+</script>
+
+</head>
+
+<body>
+
+<script language="JavaScript">
+<!--
+ init();
+//-->
+</script>
+<noscript>
+<p><b>JavaScript\e$B$,L58z$K@_Dj$5$l$F$$$^$9!#3NG'2<$5$$!#\e(B</b></p>
+</noscript>
+
+<p>\e$B%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</p>
+<p>\e$BMxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
+</p>
+<hr />
+<p>
+<div align="center">
+<table width="60%" bgcolor="yellow" >
+<tr>
+<td align='center'>\e$B%M%C%H%o!<%/MxMQ5v2D\e(B</td>
+<td align='center'>\e$B%f!<%6L>\e(B %%USERID%%</td>
+<td align='center'>\e$B@\B33NG'\e(B</td>
+<td align='center'><div id="dispmsg">\e$B3+;OCf\e(B...</div> </td>
+</tr>
+</table>
+</div>
+</p>
+<hr />
+
+<p>\e$B>e$N%P!<1&C<$K\e(BERROR\e$B$,I=<($5$l$k$H$-$O!"\e(B
+<a href="%%TERMINATEURL%%"><b>\e$BMxMQCfCG\e(B</b></a>\e$B$r%/%j%C%/$7$F\e(B
+\e$B%V%i%&%6$r=*N;$7$?8e!"G'>Z%Z!<%8$K$*$$$F\e(BJAVA\e$BJ}<0$rA*Br$7$F$/$@$5$$!#\e(B
+
+<script language="JavaScript">
+!--
+ window.open("%%STARTURL%%","window1");
+//-->
+</script>
+
+<table bgcolor="lightyellow" border="1">
+<tr><td>
+<b>\e$B$3$N%Z!<%8$O$3$N$^$^$K!JKt$O:G>/2=!K$7$F!"JL$N%&%$%s%I%&$G:n6H$7$F$/$@$5$$!#\e(B</b>
+\e$B:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"\e(B
+<a href="%%STARTURL%%" target="_blank"><h3>[\e$B%9%?!<%H%Z!<%8\e(B]</h3></a>
+\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B
+
+</td></tr>
+</table>
+
+
+</body>
+</html>
-<HTML>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<HEAD>
-<TITLE>OpengateStart</TITLE>
-</HEAD>
-
-<BODY bgcolor="#FFFFCC">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<meta http-equiv="Pragma" content="no-cache">
+
+<title>OpengateStart</title>
+</head>
+
+<body bgcolor="#FFFFCC">
<center>
<H2>\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</H2>
\e$B2<$NF~NOMs$K!"%f!<%6\e(BID\e$B$H%Q%9%o!<%I$rF~NO$7$F!"!VAw?.!W%\%?%s$r2!$7$F2<$5$$!#\e(B
</P>
-<P>
-<FORM METHOD="POST" ACTION="https://%%CGIURL%%">
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
-<INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%ADDR4%%">
-
-<TABLE BORDER=0>
-<TR NOWRAP>
-<TD>\e$B%f!<%6\e(BID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>
-</TR><TR NOWRAP>
-<TD>\e$B%Q%9%o!<%I\e(B:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
-</TR><TR NOWRAP>
-<TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
-</TR>
-</TABLE>
-
+<p>
+<form method="POST" action="https://%%CGIURL%%">
+<input type="HIDDEN" name="language" value="ja">
+<input type="HIDDEN" name="remote_addr" value="%%ADDR4%%">
+
+<table border=0>
+<tr nowrap>
+<td>\e$B%f!<%6\e(BID:</td><td><input type="TEXT" size=15 name="userid"></td>
+</tr>
+<tr nowrap>
+<td>\e$B%Q%9%o!<%I\e(B:</td><td><input type="PASSWORD" size=15 name="password"></td>
+</tr>
+<tr nowrap>
+<td></td><td><input type="SUBMIT" value=" \e$BAw\e(B \e$B?.\e(B "></td>
+</tr>
+</table>
<hr>
-\e$BI,MW$H$9$kMxMQ7QB3;~4V!'\e(B <INPUT TYPE="TEXT" SIZE=3 NAME="duration">\e$BJ,\e(B
-(\e$B:GBg\e(B%%DURATIONMAX%%\e$BJ,\e(B)\e$B!#\e(BJava\e$B$,F0$/%V%i%&%6$G$O@_DjITMW$G$9!#\e(B
-\e$B$J$*!";XDj;~4V$h$jAa4|$KMxMQ$r=*$k;~$K$O!"\e(B
-\e$B5v2D%Z!<%8$K$"$k!VMxMQCfCG!W$N%j%s%/$r%/%j%C%/$7$F2<$5$$!#\e(B
-
-</FORM>
-</P>
-
+\e$B3+J|4F;k!JDL>o$O$3$N$^$^$G7k9=$G$9!#F0:n$,$*$+$7$$$H$-$KJQ99$7$F$/$@$5$$!#!K\e(B<br />
+<input type="radio" name="watchmode" value="H" %%CHECKHTTP%% >HTTP
+<input type="radio" name="watchmode" value="J" %%CHECKJAVA%% >JAVA
+<input type="radio" name="watchmode" value="T" %%CHECKTIME%% >
+<input type="text" name="duration" size="4" value="%%DURATIONDEFAULT%%" >\e$BJ,4V3+J|!J\e(B%%DURATIONMAX%%\e$BJ,0J2<!K\e(B
<hr>
+</form>
+
+</p>
</center>
<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"%M%C%H%o!<%/4IM}<T$K$*?R$M$/$@$5$$!#\e(B
-<div align=right>2005\e$BG/\e(B7\e$B7n\e(B
-
-<br>\e$B:42lBg3X\e(B</div>
-
-</BODY>
-
-</HTML>
-
-
-
-
-
-
+<div align=right>\e$B:42lBg3X\e(B</div>
+</body>
+</html>
-<HTML>
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
-<HEAD>
-<TITLE>OpengateStart</TITLE>
-</HEAD>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html;charset=iso-2022-jp">
+<meta http-equiv="Pragma" content="no-cache">
-<BODY>
+<title>OpengateStart</title>
+</head>
-<H1 align=center>\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</H1>
+<body>
+<center>
+
+<H2>\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</H2>
<hr>
[<a href="http://%%AUTHCGIURL%%?%%ADDR4%%&en">English version</a>]
<hr>
</TABLE>
<hr>
-\e$BI,MW$H$9$kMxMQ7QB3;~4V!'\e(B <INPUT TYPE="TEXT" SIZE=3 NAME="duration">\e$BJ,\e(B
-(\e$B:GBg\e(B%%DURATIONMAX%%\e$BJ,\e(B)\e$B!#\e(BJava\e$B$,F0$/%V%i%&%6$G$O@_DjITMW$G$9!#\e(B
-\e$B$J$*!";XDj;~4V$h$jAa4|$KMxMQ$r=*$k;~$K$O!"\e(B
-\e$B5v2D%Z!<%8$K$"$k!VMxMQCfCG!W$N%j%s%/$r%/%j%C%/$7$F2<$5$$!#\e(B
-</FORM>
-</P>
+\e$B3+J|4F;k!JDL>o$O$3$N$^$^$G7k9=$G$9!#F0:n$,$*$+$7$$$H$-$KJQ99$7$F$/$@$5$$!#!K\e(B<br />
+<input type="radio" name="watchmode" value="H" %%CHECKHTTP%% >HTTP
+<input type="radio" name="watchmode" value="J" %%CHECKJAVA%% >JAVA
+<input type="radio" name="watchmode" value="T" %%CHECKTIME%% >
+<input type="text" name="duration" size="4" value="%%DURATIONDEFAULT%%" >\e$BJ,4V3+J|!J\e(B%%DURATIONMAX%%\e$BJ,0J2<!K\e(B
+<hr>
+</form>
-</div>
+</p>
-<hr>
+</center>
<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"%M%C%H%o!<%/4IM}<T$K$*?R$M$/$@$5$$!#\e(B
-<div align=right>2005\e$BG/\e(B7\e$B7n\e(B
-
-<br>\e$B:42lBg3X\e(B</div>
+<div align=right>\e$B:42lBg3X\e(B</div>
</BODY>
<HTML>
+<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?%%ADDR4%%&ja">
-<HEAD>
+
<TITLE>OpengateStart</TITLE>
</HEAD>
<BODY>
CFLAGS= -O4 -Wall
LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml
-OBJS = utilities.o comm-auth.o comm-cgi.o comm-java.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o
+OBJS = utilities.o comm-auth.o comm-cgi.o watch-client.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o ctrl-alarms.o
MAINPROGO = main.o
HDRS = opengatesrv.h
MAINPROG = opengatesrv
AUTHPROG = opengateauth
FWDPROGO = opengatefwd.o
FWDPROG = opengatefwd
-FWSCRIPT = ipfectrl.pl
LIBOPT = ezxml
-TESTPROGS = test-get-param test-comm-auth test-comm-ipfw test-comm-java test-cgi
+TESTPROGS = test-get-param test-comm-auth test-comm-ipfw test-watch-client test-cgi
CLEANFILES = *.o *~ *.core
all: ${MAINPROG} ${AUTHPROG} ${FWDPROG} ${TESTPROGS} ${LIBOPT}
test-comm-ipfw: ${OBJS} test-comm-ipfw.o ${LIBOPT}
${CC} ${CFLAGS} -o $@ ${OBJS} test-comm-ipfw.o ${LIBS}
-test-comm-java: ${OBJS} test-comm-java.o ${LIBOPT}
- ${CC} ${CFLAGS} -o $@ ${OBJS} test-comm-java.o ${LIBS}
+test-watch-client: ${OBJS} test-watch-client.o ${LIBOPT}
+ ${CC} ${CFLAGS} -o $@ ${OBJS} test-watch-client.o ${LIBS}
test-cgi: ${OBJS} test-cgi.o ${LIBOPT}
${CC} ${CFLAGS} -o $@ ${OBJS} test-cgi.o ${LIBS}
rm -f ${MAINPROG} ${AUTHPROG} ${FWDPROG} ${TESTPROGS} ${CLEANFILES}
${MAKE} clean -C ../ezxml
-install: install-cgi install-html install-conf install-fwscript
+install: install-cgi install-html install-conf
install-cgi: ${MAINPROG} ${AUTHPROG} ${FWDPROG}
.endif
install-conf:
- ## Copy CGI program ##
+ ## Copy Config files ##
.if !exists(${CONFIGPATH})
mkdir ${CONFIGPATH}
.endif
cp ../conf/opengatesrv.conf.sample ${CONFIGPATH}
cp ../conf/rc.firewall.sample ${CONFIGPATH}
cp ../conf/rc.firewall6.sample ${CONFIGPATH}
+ cp ../conf/ipfwctrl.pl.sample ${CONFIGPATH}
#
-
-
-install-fwscript:
- ## Copy firewall control script
- cp ../conf/ipfwctrl.pl ${CONFIGPATH}
- #
+ #------------------------------------------------------#
+ # Rename above x.sample, if you need to enable these. #
+ # Eg. 'cp opengatesrv.conf.sample opengatesrv.conf' #
+ #------------------------------------------------------#
main.o: ${HDRS}
comm-cgi.o: ${HDRS}
-comm-java.o: ${HDRS}
+watch-client.o: ${HDRS}
comm-arp.o: ${HDRS}
ctrl-firewall.o: ${HDRS}
+ctrl-alarms.o: ${HDRS}
+
auth-pam.o: ${HDRS}
auth-rad.o: ${HDRS}
test-comm-ipfw.o: ${HDRS}
-test-comm-java.o: ${HDRS}
+test-watch-client.o: ${HDRS}
test-cgi.o: ${HDRS}
/**************************************************
-opengate server
+Opengate server
module for Communication through CGI
Copyright (C) 1999 Opengate Project Team
/********************************************/
/* get Post data from the client */
/********************************************/
-int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr)
+int getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, char *watchMode)
{
int contentLen;
char content[BUFFMAXLN];
char accessAddr[ADDRMAXLN];
/* get content sent from web input */
- if(getenv("CONTENT_LENGTH")==NULL)return FALSE;
+ if(getenv("CONTENT_LENGTH")==NULL){
+ err_msg("ERR at %s#%d: CONTENT_LENGTH is not defined",__FILE__,__LINE__);
+ return FALSE;
+ }
contentLen=atoi(getenv("CONTENT_LENGTH"));
- if(contentLen==0)return FALSE;
+ if(contentLen==0){
+ err_msg("ERR at %s#%d: CONTENT_LENGTH is zero",__FILE__,__LINE__);
+ return FALSE;
+ }
contentLen++; /* for terminate ch */
if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
strncpy(language, value[0], WORDMAXLN);
}else if(strstr(name[0], "duration")!=NULL){
strncpy(durationStr, value[0], WORDMAXLN);
+ }else if(strstr(name[0], "watchmode")!=NULL){
+ strncpy(watchMode, value[0], WORDMAXLN);
}
ptr=next[0];
}
decode(encodeAddr4);
decode(language);
decode(durationStr);
+ decode(watchMode);
/* if not available language, use first lang */
strncpy(langList, GetConfValue("HtmlLangs"), BUFFMAXLN); /* list of available languages */
/* convert duration string to interger and minutes to seconds */
*durationPtr = atoi(durationStr)*60;
-
+
+ /* usage duration is restricted to permitted range */
+ if(*durationPtr <= 0){
+ *durationPtr=atoi(GetConfValue("Duration/Default"));
+ }else{
+ int durmax=atoi(GetConfValue("Duration/Max"));
+ if(*durationPtr > durmax) *durationPtr=durmax;
+ }
+
/* encoded address starting as "0-0-0" means no addr info */
/* it indicates needless to get dual stack addresses */
/* and only use getenv("REMOTE_ADDR") address */
/* decode client address to dot separated form */
else if(AddrDecode(clientAddr4, encodeAddr4)==1){
/* if can't decode, retry */
+ err_msg("ERR at %s#%d: Cannot decode client address",__FILE__,__LINE__);
return FALSE;
}
/* make path to the denydoc for ssl or non-ssl */
if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0){
- sprintf(denydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),language,GetConfValue("DenyDocSsl"));
}else{
- sprintf(denydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ snprintf(denydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
}
GetConfValue("AuthCgi"));
/* make read in path to the retry document */
- sprintf(retrydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ snprintf(retrydoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),lang,GetConfValue("RetryDoc"));
/* replace keyword and send out the file */
/*********************************************/
/* put accept message and java to the client */
/*********************************************/
-void putJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus)
+void putClientAccept(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, char *watchMode)
{
FILE *fp;
char buff[BUFFMAXLN];
- int markfound=0;
char acceptdoc[BUFFMAXLN];
char acceptdoc2url[BUFFMAXLN];
char terminateurl[BUFFMAXLN];
+ char httpkeepUrl[BUFFMAXLN];
+ char portStr[WORDMAXLN];
char *startPageUrl=GetConfValue("StartPage/Url");
int startPageType=atoi(GetConfValue("StartPage/Type"));
char *opengateDir=GetConfValue("OpengateDir");
/* create path to acceptdoc */
- sprintf(acceptdoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
- GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc"));
- sprintf(acceptdoc2url,
+ switch(watchMode[0]){
+ case 'H':
+ snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocHttp"));
+ break;
+ case 'J':
+ snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocJava"));
+ break;
+ case 'T':
+ snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocTime"));
+ break;
+ default:
+ err_msg("ERR at %s#%d: Unknown watch mode [%s]",__FILE__,__LINE__,watchMode);
+ snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocJava"));
+ }
+
+ snprintf(acceptdoc2url, BUFFMAXLN,
"http://%s%s/%s/%s",GetConfValue("OpengateServerName"),
GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc2"));
/* create terminate url [http://<servaddr>:<port>/terminate<pid>] */
- sprintf(terminateurl, "http://%s:%d/terminate%d",
+ snprintf(terminateurl, BUFFMAXLN, "http://%s:%d/terminate%d",
GetConfValue("OpengateServerName"), port, pid);
+ /* create httpkeep page url
+ ['http://<servaddr>:<port>/httpkeep-<userid>'] */
+ snprintf(httpkeepUrl, BUFFMAXLN,
+ "'http://%s:%d/httpkeep-%s'",
+ GetConfValue("OpengateServerName"), port, userid);
+
+ /* create port string */
+ snprintf(portStr, WORDMAXLN, "%d", port);
+
/* open acceptdoc */
if((fp=fopen(acceptdoc, "r"))==NULL){
err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,acceptdoc);
printf("Content-type: text/html\r\n\r\n\r\n");
while(fgets(buff, BUFFMAXLN, fp)!=NULL){
- /* search insert mark and replace it */
-
- if(strstr(buff,"%%OPENGATEAPPLET%%")!=NULL){
- /* applet insert mark found */
-
- markfound=1;
- printf("<applet code='Opengate.class' archive='Opengate.jar' ");
- printf("codebase='%s' width=600 height=30 > \r\n", opengateDir );
- printf("<param name=port value='%d'>\r\n", port );
- printf("<param name=user value='%s'>\r\n", userid );
- printf("<param name=lang value='%s'>\r\n", language );
- printf("</applet> \r\n");
-
- if(ipStatus==IPV4ONLY){
- printf("<table border=0>\r\n");
- printf("<tr><td>\r\n");
- printf("IPv4 address : [%s]\r\n",clientAddr4);
- printf("</td></tr>\r\n");
- printf("</table>\r\n");
- }else if(ipStatus==IPV46DUAL){
- printf("<table border=0>\r\n");
- printf("<tr><td>\r\n");
- printf("IPv4 address : [%s]\r\n",clientAddr4);
- printf("</td></tr>\r\n");
- printf("<tr><td>\r\n");
- printf("IPv6 address : [%s]\r\n",clientAddr6);
- printf("</td></tr>\r\n");
- printf("</table>\r\n");
- }else if(ipStatus==IPV6ONLY){
- printf("<table border=0>\r\n");
- printf("<tr><td>\r\n");
- printf("IPv6 address : [%s]\r\n",clientAddr6);
- printf("</td></tr>\r\n");
- printf("</table>\r\n");
- }
-
+ /* replace mark */
+ htmlReplace(buff, "%%OPENGATEDIR%%", opengateDir);
+ htmlReplace(buff, "%%OPENGATEPORT%%", portStr);
+ htmlReplace(buff, "%%USERID%%", userid);
+ htmlReplace(buff, "%%LANGUAGE%%", language);
+
+ htmlReplace(buff, "%%TERMINATEURL%%", terminateurl);
+ htmlReplace(buff, "%%HTTPKEEPURL%%", httpkeepUrl);
+
+ /* replace information url mark */
+ if( startPageType==1 ){
+ htmlReplace(buff, "%%STARTURL%%", startPageUrl);
}else{
- /* replace terminate url mark */
- htmlReplace(buff, "%%TERMINATEURL%%", terminateurl);
-
- /* replace information url mark */
- if( startPageType==1 ){
- htmlReplace(buff, "%%STARTURL%%", startPageUrl);
- }else{
- htmlReplace(buff, "%%STARTURL%%", acceptdoc2url);
- }
-
- printf("%s",buff);
+ htmlReplace(buff, "%%STARTURL%%", acceptdoc2url);
}
+
+ /* write out */
+ printf("%s",buff);
}
+ /* write end */
fputs("\r\n\r\n",stdout);
fclose(fp);
- if(markfound==0){
- err_msg("ERR at %s#%d: cannot find applet insert mark in %s",
- __FILE__,__LINE__,acceptdoc);
- PutClientMsg("Cannot find applet mark");
- }
-
return;
}
}
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr)
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, char *watchMode)
{
int ret;
if(debug) err_msg("DEBUG:=>getPostData( )");
- ret=getPostData(userid,password,clientAddr4,durationPtr);
- if(debug) err_msg("DEBUG:%d<=getPostData(%s,passwd,%s,%d)",ret,userid,clientAddr4,*durationPtr);
+ ret=getPostData(userid,password,clientAddr4,durationPtr, watchMode);
+ if(debug) err_msg("DEBUG:%d<=getPostData(%s,passwd,%s,%d,%s)",ret,userid,clientAddr4,*durationPtr,watchMode);
return ret;
}
-void PutJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus)
+void PutClientAccept(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, char *watchMode)
{
- if(debug) err_msg("DEBUG:=>putJavaApplet(%s,%d,%d,%s,%s,%d)",userid,port,pid,clientAddr4,clientAddr6,ipStatus);
- putJavaApplet(userid,port,pid,clientAddr4,clientAddr6,ipStatus);
- if(debug) err_msg("DEBUG:<=putJavaApplet( )");
+ if(debug) err_msg("DEBUG:=>putClientAccept(%s,%d,%d,%s,%s,%d,%d,%s)",userid,port,pid,clientAddr4,clientAddr6,ipStatus, duration, watchMode);
+ putClientAccept(userid,port,pid,clientAddr4,clientAddr6,ipStatus,duration,watchMode);
+ if(debug) err_msg("DEBUG:<=putClientAccept( )");
}
void PutClientDeny(char *clientAddr4)
+++ /dev/null
-/*************************************************
-opengate server
- module for communication with java
-
-Copyright (C) 1999 Opengate Project Team
-Written by Yoshiaki Watanabe
-Modified Katsuhiko Eguchi, 2005
-
-This program is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation; either version 2
-of the License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-Email: watanaby@is.saga-u.ac.jp
-**************************************************/
-
-#include "opengatesrv.h"
-
-static void intervalAlarm(int signo);
-static void timeoutAlarm(int signo);
-static void delayAlarm(int signo);
-void getPeerAddr(int sockfd, char *peerAddr);
-void GetPeerAddr(int sockfd, char *peerAddr);
-void sendTerminateReply(void);
-void SendTerminateReply(void);
-
-extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
-extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
-
-int listenfd[2]; /* file descriptor for listen port */
-int connfd; /* file descriptor for connection port */
-int intervalAlarmRinged=0; /* interval alarm ringed */
-int timeoutAlarmRinged=0; /* timeout alarm ringed */
-int delayAlarmRinged=0; /* delay alarm ringed */
-
-/***************************************/
-/* get temp listen port of this server */
-/***************************************/
-int getListenPort(void)
-{
- struct sockaddr_in servaddr4;
- struct sockaddr_in6 servaddr6;
- extern const struct in6_addr in6addr_any;
-
- int portNo;
- int portmin;
- int portmax;
-
- bzero(&servaddr4, sizeof(servaddr4));
- bzero(&servaddr6, sizeof(servaddr6));
-
- servaddr4.sin_family=AF_INET;
- servaddr4.sin_addr.s_addr=htonl(INADDR_ANY);
-
- servaddr6.sin6_family=AF_INET6;
- servaddr6.sin6_addr=in6addr_any;
-
- /* get port range from config file */
- portmin=atoi(GetConfValue("ListenPort/Min"));
- portmax=atoi(GetConfValue("ListenPort/Max"));
-
- /* search unused port between PORTMIN and PORTMAX */
- for(portNo=portmin; portNo<=portmax; portNo++){
- servaddr4.sin_port=htons(portNo);
- servaddr6.sin6_port=htons(portNo);
-
- listenfd[0]=Socket(AF_INET, SOCK_STREAM, 0);
- listenfd[1]=Socket(AF_INET6, SOCK_STREAM, 0);
-
- if(listenfd[0]<0 || listenfd[1]<0){ /* if error, return */
- return -1;
- }
-
- if(listenfd[0]>=FD_SETSIZE && listenfd[1]>=FD_SETSIZE){
- return -1;
- }
-
- if((bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0) &&
- (bind(listenfd[1], (SA *)&servaddr6, sizeof(servaddr6))==0) ){
- break;
- }
-
- Close(listenfd[0]);
- Close(listenfd[1]);
- }
-
- if(portNo>portmax) return -1; /* cannot get unused port */
-
- if(Listen(listenfd[0], LISTENQ)<0) return -1; /* if error, return */
- if(Listen(listenfd[1], LISTENQ)<0) return -1;
-
- return portNo;
-}
-
-/************************************/
-/* wait applet connection */
-/************************************/
-int waitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int ipStatus, struct clientAddr *pClientAddr)
-{
- socklen_t len;
- fd_set rfd0; /* fd_set for select */
- int n; /* counter */
- int smax; /* select max descliptor */
- int ipType=IPV4; /* using IP type */
- struct sockaddr_storage cliaddr; /* client IP adddress */
- char buff[BUFFMAXLN]; /* read in buffer */
- Sigfunc *sigfunc; /* signal function save */
- int connect=0; /* java cconnect success(1) or not */
- char connectAddr[ADDRMAXLN]; /* connected client address */
- char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
- int checkInterval; /* terminal check interval */
- char macAddrNow[ADDRMAXLN]; /* MAC address at now */
- int packetCountPrev=0; /* packet count at previous check */
- int packetCountNow=0; /* packet count at now */
- int noPacketPeriod=0; /* no packet period count in check loop */
- time_t endTime; /* the absolute time to exit */
- int leftTime; /* the left time length to exit */
- int noPacketInterval=atoi(GetConfValue("ActiveCheck/NoPacketInterval"));
-
- checkInterval=atoi(GetConfValue("ActiveCheck/Interval"));
-
- /* get the time to exit */
- endTime=time(NULL)+duration;
-
- /* loop until accepting correct user */
- len=sizeof(cliaddr);
- while(1){
- /* alarm setting */
- /* recalculate left time */
- leftTime = endTime - time(NULL);
- if(leftTime <= 0) leftTime=1;
- /* shorter time is set */
- if(leftTime < checkInterval){
- sigfunc=Signal(SIGALRM, timeoutAlarm);
- alarm(leftTime);
- }else{
- sigfunc=Signal(SIGALRM, intervalAlarm);
- alarm(checkInterval);
- }
- if(sigfunc==SIG_ERR){
- connect=0;
- break;
- }
- connfd = -1;
-
- /* select socket */
- FD_ZERO(&rfd0);
- FD_SET(listenfd[0], &rfd0);
- FD_SET(listenfd[1], &rfd0);
-
- if(listenfd[0]>listenfd[1]) smax=listenfd[0]+1;
- else smax=listenfd[1]+1;
-
- //if((n = select(smax, &rfd0, NULL, NULL, &timeout)) > 0){
- if((n = select(smax, &rfd0, NULL, NULL, NULL)) > 0){
- /* wait connection */
- if(FD_ISSET(listenfd[0], &rfd0)){
- if((connfd=accept(listenfd[0], (struct sockaddr *)&cliaddr, &len)) >= 0){
- /* connect by ipv4 */
- ipType=IPV4;
- }
- }
- if(FD_ISSET(listenfd[1], &rfd0)){
- if((connfd=accept(listenfd[1], (struct sockaddr *)&cliaddr, &len)) >= 0){
- /* connect by ipv6 */
- ipType=IPV6;
- }
- }
- }
-
- if(connfd < 0){
- /* if usage timeout is reached, end the process */
- if(timeoutAlarmRinged){
- timeoutAlarmRinged=FALSE;
- err_msg("ERR at %s#%d: no connection from applet",__FILE__,__LINE__);
- connect=0;
- break;
- }
-
- /* if check interval is reached, do some checking */
- if(intervalAlarmRinged){
- intervalAlarmRinged=FALSE;
-
- /* packet flow check */
- packetCountNow=GetPacketCount(pClientAddr);
- if(packetCountNow==packetCountPrev){ /* no packet between checks */
- noPacketPeriod++;
- }else{
- noPacketPeriod=0;
- packetCountPrev=packetCountNow;
- }
-
- if(noPacketPeriod*checkInterval >= noPacketInterval){
- err_msg("ERR at %s#%d: no packet passed for the client",
- __FILE__,__LINE__);
- connect=0;
- break;
- }
-
- /* mac address check */
- if(ipStatus!=IPV6ONLY){
- GetMacAddrFromArp(clientAddr4, macAddrNow);
- if(strcmp(macAddr4, macAddrNow)!=0){
- err_msg("ERR at %s#%d: mac address is changed",__FILE__,__LINE__);
- connect=0;
- break;
- }
- }
- }
- /* return to connection wait */
- continue;
- }
-
- /* someone is connected */
-
- /* reset alarm */
- alarm(0);
- Signal(SIGALRM, sigfunc);
-
- /* is it from the correct client addr */
- /* the check is skipped for IPv6 */
- if(ipType==IPV4 && ipStatus!=IPV6ONLY){
- GetPeerAddr(connfd, connectAddr);
- if(isNull(connectAddr)||strcmp(connectAddr, clientAddr4)!=0){
- Close(connfd);
- continue;
- }
- }
-
- /* set short delay alarm for read in */
- sigfunc=Signal(SIGALRM, delayAlarm);
- if(sigfunc==SIG_ERR){
- connect=0;
- break;
- }
-
- alarm(COMMWAITTIMEOUT);
- /* get strinxg from connection */
- if(readln(connfd, buff, BUFFMAXLN) <=0){
- if(delayAlarmRinged)delayAlarmRinged=FALSE;
- err_msg("ERR at %s#%d: cannot get userid from applet",__FILE__,__LINE__);
- connect=0;
- break;
- }
- /* some text is read */
- /* reset timeout signal */
- alarm(0);
- Signal(SIGALRM, sigfunc);
-
- /* is it the correct userid from java applet */
- if(strcmp(buff, userid)==0){
- connect=1;
- break;
- }
-
- /* is it the terminate request from accept.html */
- /* the request is [GET /terminate<pid> ....] */
- snprintf(httpStr, BUFFMAXLN, "GET /terminate%d", getpid());
- if(strstr(buff, httpStr)==buff){
- /* terminate request found */
- sendTerminateReply();
- connect=0;
- break;
- }
-
- err_msg("ERR at %s#%d: unknown user or address send from applet",
- __FILE__,__LINE__);
-
- /* wait new connection */
- Close(connfd);
- }
-
- /* reset timeout signal */
- alarm(0);
- Signal(SIGALRM, sigfunc);
-
- Close(listenfd[0]);
- Close(listenfd[1]);
-
- return connect;
-}
-
-/***************************************/
-/* get addr of connected remote site */
-/***************************************/
-void getPeerAddr(int sockfd, char *peerAddr)
-{
- struct sockaddr *cliaddr;
- socklen_t len;
- char *pAddr;
-
- *peerAddr='\0'; /* set null string */
-
- if((cliaddr=Malloc(ADDRMAXLN))==NULL) return; /* if error, return */
-
- len=ADDRMAXLN;
- if(Getpeername(sockfd, cliaddr, &len)<0) return; /* if error, return */
-
- pAddr=Sock_ntop_host(cliaddr, len);
- if(pAddr!=NULL) strncpy(peerAddr, pAddr, ADDRMAXLN);
-
- free(cliaddr);
-
- return;
-}
-
-/***************************************************/
-/* wait for close connection */
-/***************************************************/
-void waitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int sipStatus)
-{
- char buff[BUFFMAXLN];
- Sigfunc *defaultSigfunc;
- int savePacketCount=0;
- int helloWait=FALSE;
- int noPacketPeriod=0;
- int noReplyCount=0;
- int checkInterval=atoi(GetConfValue("ActiveCheck/Interval"));
- int noPacketInterval=atoi(GetConfValue("ActiveCheck/NoPacketInterval"));
- int noReplyMaxCount=atoi(GetConfValue("ActiveCheck/NoReplyMaxCount"));
-
- Writefmt(connfd,"accept\r\n");
-
- /* set interval alarm */
- if((defaultSigfunc=Signal(SIGALRM, intervalAlarm))==SIG_ERR) return;
- alarm(checkInterval);
-
- /* TCP read/write loop */
- /* this loop implement following logic */
- /* repeat until receiving 'quit' or EOF from client */
- /* say 'hello' to client */
- /* receive 'hello' from client. if no reply, then quit. */
- /* get packet count for client after short delay. */
- /* long interval */
- /* get packet count again. if no packet, then quit. */
-
- while(1){
-
- if(readln(connfd, buff, BUFFMAXLN)>0){
- /* normal read */
-
- /* read quit, then quit */
- if(strstr(buff,"quit") != NULL){
- break;
-
- /* read hello, then wait a while for packet log writing */
- }else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
- helloWait=FALSE;
- noReplyCount=0;
- Signal(SIGALRM, delayAlarm);
- alarm(PACKETLOGDELAY);
-
- /* read any other strings, then do nothing */
- }else{
- }
-
- }else{
- /* abnormal read */
-
- /* Periodical client check */
- if(intervalAlarmRinged){
- intervalAlarmRinged=FALSE;
-
- ScanNdpEntry(pClientAddr,userid,macAddr6,userProperty);
-
- /* if no packet is passed in long time, then quit */
- if(GetPacketCount(pClientAddr)==savePacketCount){
- noPacketPeriod++;
-
- if(noPacketPeriod*checkInterval >= noPacketInterval){
- err_msg("ERR at %s#%d: no packet passed for the client",
- __FILE__,__LINE__);
- break;
- }
- }else{
- noPacketPeriod=0;
- }
-
- /* send hello and wait reply */
- Writefmt(connfd,"hello\r\n");
- helloWait=TRUE;
- Signal(SIGALRM, timeoutAlarm);
- alarm(COMMWAITTIMEOUT);
-
- /* hello reply timeout */
- }else if(timeoutAlarmRinged){
- timeoutAlarmRinged=FALSE;
-
- /* is the reply ignored many times */
- noReplyCount++;
- if(noReplyCount>=noReplyMaxCount){
- /* many times, then quit */
- err_msg("ERR at %s#%d: no reply to hello",__FILE__,__LINE__);
- break;
- }else{
- /* not so many times, then continue */
- helloWait=FALSE;
- savePacketCount=GetPacketCount(pClientAddr);
- Signal(SIGALRM, intervalAlarm);
- alarm(checkInterval);
- }
-
- /* pass the delay for firewall log renewal */
- }else if(delayAlarmRinged){
- delayAlarmRinged=FALSE;
- savePacketCount=GetPacketCount(pClientAddr);
- Signal(SIGALRM, intervalAlarm);
- alarm(checkInterval);
-
- /* other abnormal read, then quit */
- }else{
- break;
- }
- }
- }
- /* reset alarm */
- Signal(SIGALRM, defaultSigfunc);
- alarm(0);
- SendQuitClient();
-
- return;
-}
-
-
-/***************************************************/
-/* send reply to terminate access via connfd(not stdout) */
-/***************************************************/
-void sendTerminateReply(void)
-{
- Writefmt(connfd,"<META HTTP-EQUIV=Pragma CONTENT=no-cache>");
- Writefmt(connfd,"<HTML><BODY> Network is closed. </BODY></HTML> \r\n\r\n");
- Close(connfd);
-}
-
-/***************************************************/
-/* send quit to client and close connection */
-/***************************************************/
-void sendQuitClient(void)
-{
- Writefmt(connfd,"quit\r\n");
- Close(connfd);
-}
-
-/***************************************************/
-/* function called from interval alarm */
-/***************************************************/
-static void intervalAlarm(int signo)
-{
- intervalAlarmRinged=TRUE;
- return;
-}
-
-/***************************************************/
-/* function called from timeout alarm */
-/***************************************************/
-static void timeoutAlarm(int signo)
-{
- timeoutAlarmRinged=TRUE;
- return;
-}
-
-/***************************************************/
-/* function called from time delay alarm */
-/***************************************************/
-static void delayAlarm(int signo)
-{
- delayAlarmRinged=TRUE;
- return;
-}
-
-/***************************************************/
-/***************************************************/
-void GetPeerAddr(int sockfd, char *peerAddr)
-{
- if(debug) err_msg("DEBUG:=>getPeerAddr( )");
- getPeerAddr(sockfd,peerAddr);
- if(debug) err_msg("DEBUG:<=getPeerAddr(,%s)",peerAddr);
-}
-
-
-int GetListenPort(void)
-{
- int ret;
-
- if(debug) err_msg("DEBUG:=>getListenPort( )");
- ret=getListenPort();
- if(debug) err_msg("DEBUG:(%d)<=getListenPort( )",ret);
-
- return ret;
-}
-
-int WaitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int ipStatus, struct clientAddr *pClientAddr)
-{
- int ret;
-
- if(debug) err_msg("DEBUG:=>waitAppletConnect(%s,%s,%s,%d,%s,%d)",userid,clientAddr4,clientAddr6,duration,macAddr4,ipStatus);
- ret=waitAppletConnect(userid,clientAddr4,clientAddr6,duration,macAddr4,ipStatus,pClientAddr);
- if(debug) err_msg("DEBUG:(%d)<=waitAppletConnect( )",ret);
-
- return ret;
-}
-
-void WaitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus)
-{
- if(debug) err_msg("DEBUG:=>waitClientClose(%p,%s,%s,userProperty,%d)",pClientAddr,userid,macAddr6,ipStatus);
- waitClientClose(pClientAddr,userid,userProperty,macAddr6,ipStatus);
- if(debug) err_msg("DEBUG:<=waitClientClose( )");
-}
-
-void SendQuitClient(void)
-{
- if(debug) err_msg("DEBUG:=>sendQuitClient( )");
- sendQuitClient();
- if(debug) err_msg("DEBUG:<=sendQuitClient( )");
-}
-
-void SendTerminateReply(void)
-{
- if(debug) err_msg("DEBUG:=>sendTerminateReply( )");
- sendTerminateReply();
- if(debug) err_msg("DEBUG:<=sendTerminateReply( )");
-}
void ScanNdpEntry(struct clientAddr *pClientAddr, char *userid, char *macAddr6, char *userProperty)
{
- if(debug) err_msg("DEBUG:=>scanNdpEntry(%p,%s,%s,userProperty)",pClientAddr,userid,macAddr6);
+ if(debug) err_msg("DEBUG:=>scanNdpEntry(%p,%s,%s,%s)",pClientAddr,userid,macAddr6, userProperty);
scanNdpEntry(pClientAddr,userid,macAddr6,userProperty);
if(debug) err_msg("DEBUG:<=scanNdpEntry( )");
}
--- /dev/null
+/*************************************************
+opengate server
+ module for multi-alarms
+
+Copyright (C) 2006 Opengate Project Team
+Written by Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+typedef struct alarm{ /* an item in the alarm list */
+ char name[WORDMAXLN]; /* the alarm name */
+ int timeout; /* the duration(sec) to timeout */
+ int unixtime; /* the unix time to timeout */
+ int preceding; /* if true, precede to other alarms */
+ Sigfunc *func; /* function to call at timeout */
+ struct alarm *next; /* the next item in list */
+} Alarm;
+
+int addAlarm(char *name, int timeout, int preceding, Sigfunc *func);
+int removeAlarm(char *name);
+int delAlarmListItem(Alarm *pDel);
+int enableAlarm(void);
+int disableAlarm(void);
+void alarmSigFunc(int signo);
+
+static Sigfunc *defaultSigfunc;
+static Alarm *pRunningAlarm=NULL;
+static Alarm *pAlarmTop=NULL;
+
+/*** alarms example ****
+This case, the alarms are ringed after 5 and 8 seconds
+
+int main(void)
+{
+ AddAlarm("alarm1", 8, FALSE, func1);
+ AddAlarm("alarm2", 5, FALSE, func2);
+ EnableAlarm();
+ }
+void func1(int signo){
+ printf("func1 is called at %d\n",time(NULL));
+}
+void func2(int signo){
+ printf("func2 is called at %d\n",time(NULL));
+}
+**********/
+
+/***************************************************
+Add a new alarm named <name>, which calls
+function <func> after <timeout> seconds
+If <preceding> is TRUE, the alarm precedes to other alarms
+(the alarm has first priority. other alarms are delayed after the alarm)
+Multiple alarms can be registered in the alarm list
+At timeout, the alarm is removed from the alarm list
+after the calling addAlarm, alarms are disabled
+***************************************************/
+int addAlarm(char *name, int timeout, int preceding, Sigfunc *func)
+{
+ Alarm *pNew;
+ Alarm *p;
+ Alarm *pPrev;
+
+ /* disable Alarm */
+ disableAlarm();
+
+ /* memory allocate for the alarm list item */
+ if((pNew = (Alarm *) malloc(sizeof(Alarm))) == NULL){
+ // err_msg("ERR at %s#%d: malloc error",__FILE__,__LINE__);
+ return -1;
+ }
+
+ /* set the item info */
+ strncpy(pNew->name, name, WORDMAXLN);
+ pNew->timeout = timeout;
+ pNew->unixtime = time(NULL) + timeout;
+ pNew->preceding = preceding;
+ pNew->func = func;
+
+ /* if list is null, add as first item */
+ if(pAlarmTop ==NULL){
+ pAlarmTop = pNew;
+ pNew->next =NULL;
+ }
+
+ /* if preceding alarm, insert it at the top */
+ else if(preceding==TRUE){
+ pNew->next =pAlarmTop;
+ pAlarmTop = pNew;
+ }
+
+ /* if list is not null, search the item later than the new alarm
+ and not a preceding alarm */
+ else{
+ p = pPrev = pAlarmTop;
+ while(p!=NULL){
+ if(p->unixtime >= pNew->unixtime && (p->preceding)==FALSE) break;
+ pPrev = p;
+ p = p->next;
+ }
+
+ /* insert new item before the item */
+ if(p==pAlarmTop) pAlarmTop = pNew;
+ else pPrev->next = pNew;
+ pNew->next = p;
+ }
+
+ return 0;
+}
+
+/***************************************************
+Remove alarm named <name> from the alarm list
+after the calling removeAlarm, alarms are disabled
+***************************************************/
+int removeAlarm(char *name)
+{
+ Alarm *p, *pPrev, *pDel;
+
+
+ /* disable alarm */
+ disableAlarm();
+
+ p=pAlarmTop;
+
+ if(name==NULL){
+ /* if name is NULL, all items are removed */
+ while(p!=NULL){
+ pDel = p;
+ p = p->next;
+ free(pDel);
+ }
+ pAlarmTop=NULL;
+ }
+
+ else{
+ /* scan alarm list to search name and delete it */
+ while(p!=NULL){
+
+ /* if name is matched */
+ if(strncmp(name, p->name, WORDMAXLN)==0){
+
+ /* delete the item */
+ delAlarmListItem(p);
+
+ /* exit (only the first match item is deleted) */
+ break;
+ }
+
+ /* if not matched, move to next item */
+ else{
+ pPrev = p;
+ p = p->next;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/***************************************************
+Enable alarm interupt
+Delayed alarms by preceding alarm or by disable-mode
+are executed in this timing
+***************************************************/
+int enableAlarm(void)
+{
+ Alarm *p, *pDel;
+ int alarmemain=0;
+ int alarmSet=FALSE;
+
+ p=pAlarmTop;
+
+ /* scan all list */
+ while(p!=NULL){
+
+ /* time remain to the timeout */
+ alarmemain = p->unixtime - time(NULL);
+
+ /* if the time is the past */
+ if(alarmemain<=0){
+
+ /* execute the function and save item for deletion */
+ p->func(0);
+ pDel = p;
+
+ /* move to next item */
+ p = p->next;
+
+ /* delete the list item */
+ delAlarmListItem(pDel);
+ }
+
+ /* if the time is the future */
+ else{
+ /* save the alarm info */
+ pRunningAlarm = p;
+
+ /* set signal alarm */
+ if(defaultSigfunc==NULL)defaultSigfunc=signal(SIGALRM, alarmSigFunc);
+ else signal(SIGALRM, alarmSigFunc);
+ alarm(alarmemain);
+ alarmSet=TRUE;
+
+ /* exit */
+ break;
+ }
+ }
+ return 0;
+}
+
+
+/***************************************************
+Disable alarm interupt
+Time count is not stoped in disable mode
+***************************************************/
+int disableAlarm(void)
+{
+ /* reset alarm */
+ signal(SIGALRM, defaultSigfunc);
+ alarm(0);
+
+ return 0;
+}
+
+/***************************************************
+Signal function for alarm signal
+***************************************************/
+void alarmSigFunc(int signo)
+{
+ /* some alarm must run at this point, but check it */
+ if(pRunningAlarm != NULL){
+
+ /* execute the function */
+ (pRunningAlarm->func)(signo);
+
+ /* remove the alarm */
+ delAlarmListItem(pRunningAlarm);
+ }
+
+ /* restart alarm */
+ enableAlarm();
+}
+
+/***************************************************
+delete an item pointed by <p> in linked list
+***************************************************/
+int delAlarmListItem(Alarm *pDel){
+ Alarm *p;
+ Alarm *pPrev;
+
+ /* if the item is none, no proc */
+ if(pDel==NULL){
+ /* no proc */
+ }
+
+ /* if the item is top, change top to the next */
+ else if(pDel==pAlarmTop){
+ pAlarmTop = pDel->next;
+ free(pDel);
+ }
+
+ /* if the item is not top, search previous and link it to next */
+ else{
+ pPrev=pAlarmTop;
+ p=pAlarmTop->next;
+
+ while(p!=NULL){
+ if(p == pDel){
+ pPrev->next = p->next;
+ free(p);
+ break;
+ }
+ pPrev=p;
+ p=p->next;
+ }
+ }
+ return 0;
+}
+
+/***************************************************
+list up registered alarms
+upper alarm in the list has higher priority
+this is prepared for debug use
+***************************************************/
+void listAlarm(void)
+{
+ Alarm *p;
+
+ printf("TimeNow=%d\n",time(NULL));
+
+ p=pAlarmTop;
+
+ while(p!=NULL){
+ printf("name=%s timeout=%d unixtime=%d preceding=%d\n",
+ p->name, p->timeout, p->unixtime, p->preceding);
+ p=p->next;
+ }
+}
+
+int AddAlarm(char *name, int timeout, int preceding, Sigfunc *func){
+ int ret;
+
+ if(debug) err_msg("DEBUG:=>addAlarm(%s,%d, %d, %x)",
+ name, timeout, preceding, func);
+ ret=addAlarm(name, timeout, preceding, func);
+ if(debug) err_msg("DEBUG:(%d)<=addAlarm( )",ret);
+
+ return ret;
+}
+
+int RemoveAlarm(char *name){
+ int ret;
+
+ if(debug){
+ if(name==NULL) err_msg("DEBUG:=>removeAlarm(NULL)");
+ else err_msg("DEBUG:=>removeAlarm(%s)", name);
+ }
+ ret=removeAlarm(name);
+ if(debug) err_msg("DEBUG:(%d)<=removeAlarm( )",ret);
+
+ return ret;
+}
+
+int EnableAlarm(void){
+ int ret;
+
+ if(debug) err_msg("DEBUG:=>enableAlarm()");
+ ret=enableAlarm();
+ if(debug) err_msg("DEBUG:(%d)<=enableAlarm( )",ret);
+
+ return ret;
+}
+
+int DisableAlarm(void){
+ int ret;
+
+ // if(debug) err_msg("DEBUG:=>disableAlarm()");
+ ret=disableAlarm();
+ // if(debug) err_msg("DEBUG:(%d)<=disableAlarm( )",ret);
+
+ return ret;
+}
extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
struct clientAddr *pClientAddr = NULL;
+int ipStatus;
void RemoveOverlapRule(int overlapRule4, int overlapRule6);
void KillOverlapProcess(int overlapRule4, int overlapRule6,
/*****************************/
int checkIpVersions(char *clientAddr4, char *clientAddr6){
- int ipStatus;
-
if(strstr(clientAddr4,".")!=NULL){
if(strstr(clientAddr6,":")!=NULL){
ipStatus = IPV46DUAL;
**************************************************/
#include "opengatesrv.h"
#include "../ezxml/ezxml.h"
+
+#define CONFFILE_VERSION "1.4"
#define SEPARATOR "/"
int debug=0;
return -1;
}
+ /* check the config file version */
+ if(isNull(ezxml_attr(xmlRoot, "version"))||
+ (strcmp(CONFFILE_VERSION, ezxml_attr(xmlRoot, "version"))!=0)){
+ strncpy(buff, "<H3>Error: Opengate configuration file ",BUFFMAXLN);
+ strncat(buff, CONFIGFILE, BUFFMAXLN);
+ strncat(buff, " has mismatch version.<br> Please update it with ",BUFFMAXLN);
+ strncat(buff, CONFIGFILE, BUFFMAXLN);
+ strncat(buff, ".sample.",BUFFMAXLN);
+ PutClientMsg(buff);
+
+ return -1;
+ }
+
/* check the syslog */
if(atoi(GetConfValue("Syslog/Enable")) &&
atoi(GetConfValue("Syslog/Facility"))==0){
}else{
/* other parameters must be set */
- err_msg("ERR at %s#%d: cannot get %s from conf file. Is it new?",__FILE__,__LINE__,name);
+ err_msg("ERR at %s#%d: cannot get %s from conf file",__FILE__,__LINE__,name);
}
}
char clientAddr4[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
char clientAddr6[ADDRMAXLN]=""; /* client addr (nnnn:nnnn:xxxx::xxxx) 128bit */
-
extern struct clientAddr *pClientAddr;
char macAddr4[ADDRMAXLN]="?"; /* client MAC address (format for arp) */
char extraId[USERMAXLN];
char userProperty[BUFFMAXLN];
time_t timeIn, timeOut;
+int connectionMode; /* client connect mode */
void PutCloseMsg(time_t timeOut, time_t timeIn);
void SetProcessTitle(char *useridshort, char *clientAddr4, char * ruleNumber4, char *clientAddr6, char * ruleNumber6, int ipStatus);
+void logConnectMode(char *userid);
void closeExit(int signo);
/***************************************************/
int dummyfd[2];
int pid;
int duration; /* requested usage duration */
- int ipStatus; /* flag for IPv4 or IPv6 */
int authResult;
+ int ipStatus; /* flag for IPv4 or IPv6 */
+ char watchMode[WORDMAXLN]; /* client watch mode Http or Java or Timeout */
/* prepare config file */
if(OpenConfFile()==-1) return 0;
}
/* get POST data */
- if(GetPostData(userid, password, clientAddr4, &duration)==FALSE){
+ if(GetPostData(userid, password, clientAddr4, &duration, watchMode)==FALSE){
PutClientRetry(language);
return 0;
}
return 0;
}
- /* usage duration is restricted to permitted range */
- if(duration <= 0){
- duration=atoi(GetConfValue("Duration/Default"));
- }else{
- int durmax=atoi(GetConfValue("Duration/Max"));
- if(duration > durmax){
- duration=durmax;
- }
- }
-
/* set terminate signal handler */
if(Signal(SIGTERM, closeExit)==SIG_ERR){
PutClientMsg("Error: Please contact to the administrator");
if(pid!=0){
/** parent process **/
- /* send java */
- PutJavaApplet(userid, port, pid, clientAddr4, clientAddr6, ipStatus);
+ /* send accept page with java */
+ PutClientAccept(userid, port, pid, clientAddr4, clientAddr6, ipStatus, duration, watchMode);
/* detach from Web server */
return 0;
/** child process **/
/* detach from Web server */
- Close(0);Close(1); /* detach stdin and out pipe connected to Web */
- Close(2); /* detach stderr */
+ /* detach stdin and out pipe connected to Web */
+ /* detach stderr */
+ Close(0);Close(1);Close(2);
+
Pipe(dummyfd); /* connect dummy pipe for stdin and out */
- /* wait connection from the java applet */
+ /* wait connection from the client */
/* if no connection, close gate when duration is passed */
/* or ipaddr for the macAddr4 is changed */
- if(WaitAppletConnect(userid, clientAddr4, clientAddr6, duration, macAddr4, ipStatus, pClientAddr)==1){
+ connectionMode=WaitClientConnect(userid, userProperty, clientAddr4, clientAddr6, duration, macAddr4, macAddr6, ipStatus, pClientAddr, language, port);
+
+ if(connectionMode==JAVACONNECT){
- /* wait until the user quit */
+ /* wait until the java applet quit */
/* close gate when no reply to temporal hello or end of TCP connection */
/* macAddr6 is used for NDP to search addition ipaddr */
- WaitClientClose(pClientAddr, userid, userProperty, macAddr6, ipStatus);
+ WaitJavaClose(pClientAddr, userid, userProperty, macAddr6, ipStatus);
+ }
+ else if(connectionMode==HTTPCONNECT){
+
+ /* wait until the http keep alive is closed */
+ WaitHttpClose(pClientAddr, userid, userProperty, macAddr6, ipStatus);
}
+
/* close firewall and exit */
closeExit(1);
/*****************************/
void closeExit(int signo)
{
+ /* save the connect mode */
+ logConnectMode(userid);
+
/* signal is disabled */
Signal(SIGTERM, SIG_DFL);
- /* send quit message to client java */
- SendQuitClient();
-
/* close firewalls */
while(pClientAddr!=NULL){
+
if(pClientAddr->ipType==IPV4){
CloseClientGate4(pClientAddr,userid,macAddr4);
}else{
err_msg("ERR at %s#%d: abnormal IP versions %d",__FILE__,__LINE__,ipStatus);
}
}
+
+
+/************************************/
+/* save connectMode to syslog */
+/************************************/
+void logConnectMode(char *userid)
+{
+ char *mode[4]={"NONE","JAVA","HTTP","TIME"};
+
+ if(connectionMode<0 || connectionMode>3) connectionMode=0;
+ err_msg("INFO: user %s is watched by [%s]",userid, mode[connectionMode]);
+}
+
+
/*****************************/
/*****************************/
void PutCloseMsg(time_t timeOut, time_t timeIn)
char authCgiUrl[BUFFMAXLN]; /* url of opengateauth.cgi */
char mainCgiUrl[BUFFMAXLN]; /* url of opengatesrv.cgi */
char durationMax[WORDMAXLN]; /* usage duration maximum */
+ char durationDefault[WORDMAXLN]; /* usage duration default */
+ char checkhttp[WORDMAXLN]=""; /* set radio button for http as checked */
+ char checkjava[WORDMAXLN]=""; /* set radio button for java as checked */
+ char checktime[WORDMAXLN]=""; /* set radio button for time as checked */
/* keyword pairs */
/* the left key is replaced by the right value */
{"%%CGIURL%%", mainCgiUrl},
{"%%ADDR4%%", clientAddr},
{"%%DURATIONMAX%%",durationMax},
+ {"%%DURATIONDEFAULT%%",durationDefault},
+ {"%%CHECKHTTP%%",checkhttp},
+ {"%%CHECKJAVA%%",checkjava},
+ {"%%CHECKTIME%%",checktime},
{"",""} /* DON'T REMOVE THIS LINE */
};
GetConfValue("OpengateDir"),
GetConfValue("MainCgi"));
- /* setup usage duration maximum (save as seconds, display as minutes */
- snprintf(durationMax,WORDMAXLN,"%d",atoi(GetConfValue("Duration/Max"))/60);
+ /* setup usage duration maximum and default (saved as seconds) */
+ snprintf(durationMax,WORDMAXLN,"%d",
+ atoi(GetConfValue("Duration/Max"))/60);
+ snprintf(durationDefault,WORDMAXLN,"%d",
+ atoi(GetConfValue("Duration/Default"))/60);
+
+ switch(toupper(*GetConfValue("WatchMode"))){
+ case 'H':
+ strncpy(checkhttp,"checked='checked'", WORDMAXLN);
+ break;
+ case 'J':
+ strncpy(checkjava,"checked='checked'", WORDMAXLN);
+ break;
+ case 'T':
+ strncpy(checktime,"checked='checked'", WORDMAXLN);
+ break;
+ }
/* if has paremeters, */
if(getenv("QUERY_STRING")!=NULL){
#define DENY 0
#define ACCEPT 1
+#define NOCONNECT 0 /* the client is not connected yet. */
+#define JAVACONNECT 1 /* the client is connected by using Java Applet */
+#define HTTPCONNECT 2 /* the client is connected by HTTP Keep-Alive */
+#define ENDCONNECT 3 /* the client is now terminating */
+
#define IPV4ONLY 4
#define IPV46DUAL 46
#define IPV6ONLY 6
/* cgi interface */
void GetClientAddr(char *clientAddr);
-int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr);
+int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr, char *watchMode);
int GetUserProperty(char *userid, char *userProperty);
void SplitId(char* userid, char* useridshort, char* extraId);
int CheckReferer(void);
void PutClientDeny(char *clientAddr4);
void PutClientRetry(char *lang);
void PutClientMsg(char *message);
+void PutClientAccept(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus, int duration, char *watchMode);
/* TCP communication with java applet */
-void WaitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus);
+void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus);
int GetListenPort(void);
-void PutJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int ipStatus);
-int WaitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int ipStatus, struct clientAddr *pClientAddr);
+int WaitClientConnect(char *userid, char *userProperty, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port);
+void WaitHttpClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus);
/* utilities */
ssize_t readln(int fd, void *ptr, size_t maxlen);
void Writefmt(int fd, const char *fmt, ...);
-ssize_t
-readlnSSL(SSL *fd, void *vptr, size_t maxlen);
+ssize_t readlnSSL(SSL *fd, void *vptr, size_t maxlen);
void WritefmtSSL(SSL *fd, const char *fmt, ...);
int Lock(int fd);
int Unlock(int fd);
char *GetConfValue(char *name);
void InitConf();
+int AddAlarm(char *name, int timeout, int preceding, Sigfunc *func);
+int RemoveAlarm(char *name);
+int EnableAlarm(void);
+int DisableAlarm(void);
+void listAlarm(void);
printf("<HTML><HEAD><TITLE>OpengateTest</TITLE></HEAD> \r\n");
printf("<BODY> \r\n");
+ printf("This is a CGI to show some web server parameters \r\n");
printf("<TABLE> \r\n");
char userID[100];
char password[100];
+ printf("This is a program to test authentication server");
+ printf(" defined in config file. \n\n");
+
/* prepare config file */
OpenConfFile();
struct clientAddr *pClientAddr;
pClientAddr = &ClientAddr;
+ printf("This is a program to test ipfw add/del rule \n\n");
+
/* prepare config file */
OpenConfFile();
int main(int argc, char **argv)
{
char name[BUFFMAXLN];
- char extraID[WORDMAXLN];
- char userID[WORDMAXLN];
+ char extraID[WORDMAXLN]="default";
+ char userID[WORDMAXLN]="user1";
+
+ printf("This is a program to test config file\n");
+ printf("If you check the setting for special user, edit the source.\n\n");
/* prepare config file */
OpenConfFile();
printf("Config file=[%s]\n",CONFIGFILE);
- printf("Enter userID=");
- scanf("%s", userID);
- printf("Enter extraID(if you do not want to use extraID, enter as [default])=");
- scanf("%s", extraID);
-
SetupConfExtra(userID, extraID);
- printf("Enter Parameter name (eg, Authserver/protocol)=");
+ printf("Enter Parameter name (eg, AuthServer/Protocol)=");
scanf("%s", name);
printf("%s\n", GetConfValue(name));
CloseConfFile();
char clientAddr4[100]="127.0.0.1";
char clientAddr6[100]="::1";
char userID[100]="user1";
+ char language[100]="ja";
char extraID[100]="default";
int duration=60;
struct clientAddr ClientAddr;
strncpy(ClientAddr.ruleNumber,"10000",WORDMAXLN);
ClientAddr.ipType=IPV4;
ClientAddr.timeIn=time(NULL);
+ int port;
+ int connMode;
+ printf("This is a program to test watch client\n\n");
/* prepare config file */
OpenConfFile();
SetupConfExtra(userID,extraID);
+ port=GetListenPort();
+
printf("Config file=[%s]\n",CONFIGFILE);
printf("UserID=[%s]\n",userID);
printf("ExtraID=[%s]\n",extraID);
/* guide for connecting */
printf("Waiting connection for %d seconds\n",duration);
printf("\n");
- printf("Try to connect from other window as\n");
- printf("> telnet %s %d\n", clientAddr4, GetListenPort());
- printf("> %s\n",userID);
- printf("\n");
- printf("When %s seconds passed, hello is received\n",
- GetConfValue("ActiveCheck/Interval"));
- printf("Reply the message as\n");
- printf("> hello\n");
- printf("\n");
- printf("To close connection, Enter as\n");
- printf("> quit\n");
+ printf(" ### Try to connect from other window as ###\n");
+ printf(" Simulate Java connection \n");
+ printf("===============================================\n");
+ printf("PUT> telnet %s %d\n", clientAddr4, port);
+ printf("PUT> %s\n",userID);
+ printf("GET> accept\n");
+ printf(" waiting ActiveCheck/Interval \n");
+ printf("GET> hello \n");
+ printf("PUT> hello \n");
+ printf("PUT> quit \n");
+ printf("===============================================\n\n");
+ printf(" Simulate Http connection \n");
+ printf("===============================================\n");
+ printf("PUT> telnet %s %d\n", clientAddr4, port);
+ printf("PUT> GET /httpkeep-%s\n",userID);
+ printf("PUT> (Enter)\n");
+ printf("GET> http reply\n");
+ printf("PUT> GET /hello\n");
+ printf("PUT> (Enter)\n");
+ printf("GET> http repry\n");
+ printf("PUT> GET /terminate\n");
printf("\n");
+ printf("===============================================\n");
+ printf("Following message is shown, because of no ipfw control. \n");
+ printf("ipfw: rule 10000 does not exist\n");
+ printf("===============================================\n\n");
/* connection wait */
- WaitAppletConnect(userID, clientAddr4,clientAddr6, duration, "",4,pClientAddr);
-
- printf("Connected (or timeout)\n");
- printf("Wait closing\n");
-
- /* close wait */
- WaitClientClose(pClientAddr,"user",NULL,NULL,4);
-
- printf("Connection closed\n");
+ connMode=WaitClientConnect(userID, "", clientAddr4,clientAddr6,
+ duration,"?","?",4,pClientAddr, language, port);
+ switch(connMode){
+
+ case JAVACONNECT:
+ WaitJavaClose(pClientAddr, userID, "", "?", 4);
+ break;
+
+ case HTTPCONNECT:
+ WaitHttpClose(pClientAddr, userID, "", "?", 4);
+ break;
+ }
return 0;
}
return;
}
+
void WritefmtSSL(SSL *fd, const char *fmt, ...)
{
char buff[BUFFMAXLN];
ptr=vptr;
- /* skip pre ctrl char */
- while(1){
+ /* pre read */
+ rc = read(fd, &c, 1);
+ if(rc <= 0) return rc;
+
+ /* skip one control char, if exist */
+ /* this is the second char of CR LF */
+ /* the first char is read as the end of previous line */
+ if(iscntrl(c)){
rc = read(fd, &c, 1);
if(rc <= 0) return rc;
- if(iscntrl(c)) continue;
- break; /* get some normal char */
}
/* get char loop */
/* open the pipe to the program */
if(debug) err_msg("DEBUG:=>popen(%s, %s)", commandLine, type);
file=popen(commandLine, type);
- if(debug) err_msg("DEBUG:<=popen( )");
+ if(debug) err_msg("DEBUG:(%x)<=popen( )",file);
return file;
}
--- /dev/null
+/*************************************************
+Opengate server
+ module for communication with client prgram (java/javascript)
+
+Copyright (C) 1999 Opengate Project Team
+Written by Yoshiaki Watanabe 1999-2006
+Modified Katsuhiko Eguchi, 2005
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+void GetPeerAddr(int sockfd, char *peerAddr);
+void SendTerminateReply(void);
+void ReadHttpHeaders(void);
+void SendReplyToGetHello(void);
+void SendHttpKeepPage(char *userid, char *language, int port);
+int SelectAccept(void);
+
+void OnUsageTimeLimitAlarm(int signo);
+void OnCheckBasicAlarm(int signo);
+void OnCheckJavaAlarm(int signo);
+void OnCheckHttpAlarm(int signo);
+void OnReadWaitAlarm(int signo);
+void OnAjaxWaitAlarm(int signo);
+
+extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
+extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
+
+int ipType=IPV4; /* using IP type */
+int listenfd[2]; /* file descriptor for listen port */
+int connfd; /* file descriptor for connection port */
+int connectMode = NOCONNECT; /* the TCP connection mode */
+
+struct AlarmArg{ /* arguments used in on-alarm functions */
+ struct clientAddr *pClientAddr;
+ char *clientAddr4;
+ char *macAddr4;
+ char *clientAddr6;
+ char *macAddr6;
+ char *userid;
+ char *userProperty;
+ int ipStatus; /* ipv4 ipv6 or dual */
+ int checkInterval;
+ int noPacketInterval;
+} alarmArg;
+
+int helloWait=FALSE; /* hello reply waiting mode */
+int readHelloTime=0; /* the time of reading hello */
+int noReplyCount=0; /* count up the no reply to hello message */
+
+
+/***************************************/
+/* get temp listen port of this server */
+/***************************************/
+int getListenPort(void)
+{
+ struct sockaddr_in servaddr4;
+ struct sockaddr_in6 servaddr6;
+ extern const struct in6_addr in6addr_any;
+
+ int portNo;
+ int portmin;
+ int portmax;
+
+ bzero(&servaddr4, sizeof(servaddr4));
+ bzero(&servaddr6, sizeof(servaddr6));
+
+ servaddr4.sin_family=AF_INET;
+ servaddr4.sin_addr.s_addr=htonl(INADDR_ANY);
+
+ servaddr6.sin6_family=AF_INET6;
+ servaddr6.sin6_addr=in6addr_any;
+
+ /* get port range from config file */
+ portmin=atoi(GetConfValue("ListenPort/Min"));
+ portmax=atoi(GetConfValue("ListenPort/Max"));
+
+ /* search unused port between PORTMIN and PORTMAX */
+ for(portNo=portmin; portNo<=portmax; portNo++){
+ servaddr4.sin_port=htons(portNo);
+ servaddr6.sin6_port=htons(portNo);
+
+ listenfd[0]=Socket(AF_INET, SOCK_STREAM, 0);
+ listenfd[1]=Socket(AF_INET6, SOCK_STREAM, 0);
+
+ if(listenfd[0]<0 || listenfd[1]<0){ /* if error, return */
+ return -1;
+ }
+
+ if(listenfd[0]>=FD_SETSIZE && listenfd[1]>=FD_SETSIZE){
+ return -1;
+ }
+
+ if((bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0) &&
+ (bind(listenfd[1], (SA *)&servaddr6, sizeof(servaddr6))==0) ){
+ break;
+ }
+
+ Close(listenfd[0]);
+ Close(listenfd[1]);
+ }
+
+ if(portNo>portmax) return -1; /* cannot get unused port */
+
+ if(Listen(listenfd[0], LISTENQ)<0) return -1; /* if error, return */
+ if(Listen(listenfd[1], LISTENQ)<0) return -1;
+
+ return portNo;
+}
+
+/************************************/
+/* wait for connection of client side program */
+/************************************/
+int waitClientConnect(char *userid, char *userProperty, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port)
+{
+ char buff[BUFFMAXLN]; /* read in buffer */
+ char connectAddr[ADDRMAXLN]; /* connected client address */
+ char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
+
+ /* set alarm function arguments */
+ alarmArg.pClientAddr=pClientAddr;
+ alarmArg.clientAddr4=clientAddr4;
+ alarmArg.clientAddr6=clientAddr6;
+ alarmArg.macAddr4=macAddr4;
+ alarmArg.macAddr6=macAddr6;
+ alarmArg.userid=userid;
+ alarmArg.userProperty=userProperty;
+ alarmArg.ipStatus=ipStatus;
+ alarmArg.checkInterval=atoi(GetConfValue("ActiveCheck/Interval"));
+ alarmArg.noPacketInterval=atoi(GetConfValue("ActiveCheck/NoPacketInterval"));
+ /* set the alarm for usage time limit */
+ AddAlarm("UsageTimeLimitAlarm",duration,FALSE,OnUsageTimeLimitAlarm);
+
+ /* set the alarm for periodic keep alive check */
+ AddAlarm("CheckBasicAlarm", alarmArg.checkInterval, FALSE, OnCheckBasicAlarm);
+ /* start the alarms */
+ EnableAlarm();
+
+
+ /* loop until accepting correct user */
+ while(1){
+
+ /* at termination, exit loop */
+ if(connectMode == ENDCONNECT) break;
+
+ /* connection wait */
+ connfd = SelectAccept();
+
+ /* some abnormal connect */
+ if(connfd < 0){
+ if(connectMode==ENDCONNECT) break;
+ else continue;
+ }
+
+ /* normal connection */
+ /* stop alarm interupt between check exec */
+ DisableAlarm();
+
+ /* is it from the correct client addr */
+ /* the check is skipped for IPv6 */
+ if(ipType==IPV4 && ipStatus!=IPV6ONLY){
+ GetPeerAddr(connfd, connectAddr);
+ if(isNull(connectAddr)||strcmp(connectAddr, clientAddr4)!=0){
+ Close(connfd);
+ continue;
+ }
+ }
+
+ /* set read wait alarm */
+ AddAlarm("ReadWaitAlarm",COMMWAITTIMEOUT, TRUE, OnReadWaitAlarm);
+ EnableAlarm();
+ /* get string from connection */
+ if(readln(connfd, buff, BUFFMAXLN) <=0){
+ /* if abnormal, exit */
+ connectMode=ENDCONNECT;
+ err_msg("ERR at %s#%d: abnormal readin ",
+ __FILE__,__LINE__);
+ break;
+ }
+ RemoveAlarm("ReadWaitAlarm");
+
+
+ /* is it the correct userid from java applet */
+ if(strcmp(buff, userid)==0){
+ connectMode=JAVACONNECT;
+ break;
+ }
+
+ /* is it the httpkeep page download request */
+ /* the request is [GET /httpkeep.html ....] */
+ snprintf(httpStr, BUFFMAXLN, "GET /httpkeep-%s", userid);
+
+ if(strstr(buff, httpStr)==buff){
+
+ /* page download request found */
+ /* read out the remained headers and send the page */
+ ReadHttpHeaders();
+ SendHttpKeepPage(userid, language, port);
+
+ /* to check the ajax ablility of the client, wait ajax request */
+ AddAlarm("AjaxWaitAlarm",COMMWAITTIMEOUT, TRUE, OnAjaxWaitAlarm);
+ EnableAlarm();
+ /* read wait for ajax request in the connection */
+ if(readln(connfd, buff, BUFFMAXLN) <=0){
+ connectMode=ENDCONNECT; /* if abnormal or timeout, exit */
+ err_msg("ERR at %s#%d: abnormal readin or timeout",
+ __FILE__,__LINE__);
+ break;
+ }
+ RemoveAlarm("AjaxWaitAlarm");
+ ReadHttpHeaders();
+ connectMode=HTTPCONNECT;
+ break;
+ }
+
+ /* is it the terminate request */
+ /* the request is [GET /terminate<pid> ....] */
+ snprintf(httpStr, BUFFMAXLN, "GET /terminate%d", getpid());
+ if(strstr(buff, httpStr)==buff){
+ /* terminate request found */
+ SendTerminateReply();
+ connectMode=ENDCONNECT;
+ break;
+ }
+
+ err_msg("ERR at %s#%d: unknown request [%s] sent from client",
+ __FILE__,__LINE__);
+ connectMode=NOCONNECT;
+
+ /* wait new connection */
+ Close(connfd);
+ EnableAlarm();
+ }
+
+ /* stop all alarms */
+ RemoveAlarm(NULL);
+
+ Close(listenfd[0]);
+ Close(listenfd[1]);
+
+ return connectMode;
+}
+
+/****************************/
+/* wait for TCP connection */
+/****************************/
+int selectAccept(void)
+{
+ int connfd = -1;
+ int smax; /* select max descliptor */
+ fd_set rfd0; /* fd_set for select */
+ int n; /* counter */
+ struct sockaddr_storage cliaddr; /* client IP adddress */
+ socklen_t len = sizeof(cliaddr);
+
+ /* select socket */
+ FD_ZERO(&rfd0);
+ FD_SET(listenfd[0], &rfd0);
+ FD_SET(listenfd[1], &rfd0);
+
+ if(listenfd[0]>listenfd[1]) smax=listenfd[0]+1;
+ else smax=listenfd[1]+1;
+
+ //if((n = select(smax, &rfd0, NULL, NULL, &timeout)) > 0){
+ if((n = select(smax, &rfd0, NULL, NULL, NULL)) > 0){
+ /* wait connection */
+ if(FD_ISSET(listenfd[0], &rfd0)){
+ if((connfd=accept(listenfd[0], (struct sockaddr *)&cliaddr, &len)) >= 0){
+ /* connect by ipv4 */
+ ipType=IPV4;
+ }
+ }
+ if(FD_ISSET(listenfd[1], &rfd0)){
+ if((connfd=accept(listenfd[1], (struct sockaddr *)&cliaddr, &len)) >= 0){
+ /* connect by ipv6 */
+ ipType=IPV6;
+ }
+ }
+ }
+ return connfd;
+}
+
+/***************************************/
+/* called at usage time limit */
+/***************************************/
+void onUsageTimeLimitAlarm(int signo)
+{
+ connectMode=ENDCONNECT;
+ err_msg("ERR at %s#%d: no connection from client",__FILE__,__LINE__);
+}
+
+/***************************************/
+/* called at read wait time limit */
+/***************************************/
+void onReadWaitAlarm(int signo)
+{
+ connectMode=ENDCONNECT;
+ err_msg("ERR at %s#%d: read request timeout",__FILE__,__LINE__);
+}
+
+/***************************************/
+/* called at ajax request wait timeout */
+/***************************************/
+void onAjaxWaitAlarm(int signo)
+{
+ connectMode=NOCONNECT;
+}
+
+ /***************************************/
+/* called at periodic alive basic check */
+/***************************************/
+void onCheckBasicAlarm(int signo)
+{
+ static int packetCountPrev=0; /* packet count at previous check */
+ int packetCountNow=0; /* packet count at now */
+ static int noPacketPeriod=0; /* no packet period count in check loop */
+ char macAddrNow[ADDRMAXLN]; /* MAC address at now */
+
+ /* search new IPv6 addresses */
+ ScanNdpEntry(alarmArg.pClientAddr, alarmArg.userid,
+ alarmArg.macAddr6, alarmArg.userProperty);
+
+ /* packet flow check */
+ packetCountNow=GetPacketCount(alarmArg.pClientAddr);
+ if(packetCountNow==packetCountPrev){ /* no packet between checks */
+ noPacketPeriod++;
+ }else{
+ noPacketPeriod=0;
+ packetCountPrev=packetCountNow;
+ }
+
+ if(noPacketPeriod*alarmArg.checkInterval
+ >= alarmArg.noPacketInterval){
+ err_msg("ERR at %s#%d: no packet passed for the client",
+ __FILE__,__LINE__);
+ connectMode=ENDCONNECT;
+ return;
+ }
+
+ /* mac address check */
+ if(alarmArg.ipStatus!=IPV6ONLY){
+ GetMacAddrFromArp(alarmArg.clientAddr4, macAddrNow);
+ if(strcmp(alarmArg.macAddr4, macAddrNow)!=0){
+ err_msg("ERR at %s#%d: mac address is changed",__FILE__,__LINE__);
+ connectMode=ENDCONNECT;
+ return;
+ }
+ }
+
+ /* set the alarm for next periodic keep alive check */
+ AddAlarm("CheckBasicAlarm", alarmArg.checkInterval, FALSE, OnCheckBasicAlarm); /* EnableAlarm is called automatically in alarm function */
+}
+
+/***************************************/
+/* get addr of connected remote site */
+/***************************************/
+void getPeerAddr(int sockfd, char *peerAddr)
+{
+ struct sockaddr *cliaddr;
+ socklen_t len;
+ char *pAddr;
+
+ *peerAddr='\0'; /* set null string */
+
+ if((cliaddr=Malloc(ADDRMAXLN))==NULL) return; /* if error, return */
+
+ len=ADDRMAXLN;
+ if(Getpeername(sockfd, cliaddr, &len)<0) return; /* if error, return */
+
+ pAddr=Sock_ntop_host(cliaddr, len);
+ if(pAddr!=NULL) strncpy(peerAddr, pAddr, ADDRMAXLN);
+
+ free(cliaddr);
+
+ return;
+}
+
+/***************************************************/
+/* wait for close connection of java */
+/***************************************************/
+void waitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus)
+{
+ char buff[BUFFMAXLN];
+ int ret;
+
+ /* set alarm function arguments */
+ alarmArg.pClientAddr=pClientAddr;
+ alarmArg.macAddr6=macAddr6;
+ alarmArg.userid=userid;
+ alarmArg.userProperty=userProperty;
+ alarmArg.ipStatus=ipStatus;
+
+ Writefmt(connfd,"accept\r\n");
+
+ /* TCP read/write loop */
+ /* this loop implement following logic */
+ /* repeat until receiving 'quit' or EOF from client */
+ /* say 'hello' to client */
+ /* receive 'hello' from client. if no reply, then quit. */
+ /* get packet count for client after short delay. */
+ /* long interval */
+ /* get packet count again. if no packet, then quit. */
+
+ /* set the alarm for periodic check */
+ AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
+ EnableAlarm();
+
+ while(1){
+ /* set default to terminate */
+ connectMode=ENDCONNECT;
+ ret=readln(connfd, buff, BUFFMAXLN);
+
+ /* stop alarm */
+ DisableAlarm();
+
+ if(ret>0){
+ /* normal read */
+ connectMode=JAVACONNECT;
+ /* read quit, then quit */
+ if(strstr(buff,"quit") != NULL){
+ break;
+ }
+
+ /* read hello reply to the hello message in periodic check */
+ /* see onCheckJavaAlarm for timeout alarm setting */
+ else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
+ helloWait=FALSE;
+ RemoveAlarm("ReplyTimeoutAlarm");
+ }
+ /* read other string */
+ else{
+ }
+ }
+
+ /* connection terminated */
+ if(connectMode==ENDCONNECT) break;
+
+ /* restart alarm */
+ EnableAlarm();
+ }
+
+ /* reset alarm */
+ RemoveAlarm(NULL);
+
+ SendQuitClient();
+
+ return;
+ }
+
+
+/***************************************/
+/* called at periodic java alive check */
+/***************************************/
+void onReplyTimeoutAlarm(int signo)
+{
+ /* no reply */
+ err_msg("ERR at %s#%d: no reply to hello",__FILE__,__LINE__);
+ connectMode=ENDCONNECT;
+}
+
+/***************************************/
+/* called at periodic java alive check */
+/***************************************/
+void onCheckJavaAlarm(int signo)
+{
+ /* search new IPv6 addresses */
+ ScanNdpEntry(alarmArg.pClientAddr, alarmArg.userid,
+ alarmArg.macAddr6, alarmArg.userProperty);
+
+ /* send hello and wait the reply */
+ Writefmt(connfd,"hello\r\n");
+ helloWait=TRUE;
+
+ /* set the alarm for next periodic check */
+ AddAlarm("CheckJavaAlarm", alarmArg.checkInterval, FALSE, OnCheckJavaAlarm);
+ /* EnableAlarm is called automatically in alarm function */
+
+ connectMode=JAVACONNECT;
+ return;
+}
+
+/***************************************************/
+/* send reply to terminate access via connfd(not stdout) */
+/***************************************************/
+void sendTerminateReply(void)
+{
+ Writefmt(connfd,"<META HTTP-EQUIV=Pragma CONTENT=no-cache>");
+ Writefmt(connfd,"<HTML><BODY> Network is closed. </BODY></HTML> \r\n\r\n");
+ Close(connfd);
+}
+
+/***************************************************/
+/* send quit to client and close connection */
+/***************************************************/
+void sendQuitClient(void)
+{
+ Writefmt(connfd,"quit\r\n");
+ Close(connfd);
+}
+
+
+/***************************************************/
+/* wait for close connection of HTTP connection */
+/***************************************************/
+void waitHttpClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus)
+{
+ char buff[BUFFMAXLN];
+ int ret;
+
+ /* set alarm function arguments */
+ alarmArg.pClientAddr=pClientAddr;
+ alarmArg.macAddr6=macAddr6;
+ alarmArg.userid=userid;
+ alarmArg.userProperty=userProperty;
+ alarmArg.ipStatus=ipStatus;
+
+ /* save time to read hello */
+ readHelloTime = time(NULL);
+
+ SendReplyToGetHello();
+
+ /* TCP read/write loop */
+ /* this loop implement following logic */
+ /* repeat until receiving 'GET /terminate' or EOF from client */
+ /* wait request from client. */
+ /* if wait timeout, then quit */
+ /* if 'GET /hello' request, then send reply */
+ /* if 'GET /terminate' request, then quit */
+ /* if connection closed, then quit */
+
+ /* set the alarm for periodic client check */
+ AddAlarm("checkHttpAlarm", alarmArg.checkInterval, FALSE, OnCheckHttpAlarm);
+ EnableAlarm();
+
+ while(1){
+ /* set default to terminate */
+ connectMode=ENDCONNECT;
+
+ /* read in wait for client request */
+ ret=readln(connfd, buff, BUFFMAXLN);
+
+ /* at some request, stop alarm between readin check*/
+ DisableAlarm();
+
+ if(ret>0){
+ /* normal read */
+ connectMode=HTTPCONNECT;
+
+ /* read [GET /terminate], then quit */
+ if(strstr(buff,"GET /terminate") == buff){
+ connectMode=ENDCONNECT;
+ break;
+ }
+
+ /* read [GET /hello], then reply */
+ else if(strstr(buff,"GET /hello") == buff){
+
+ /* save time to read hello */
+ readHelloTime = time(NULL);
+
+ ReadHttpHeaders();
+ SendReplyToGetHello();
+ }
+
+ /* read other string */
+ else{
+ }
+ }
+ else{
+ /*abnormal read */
+ /* some alarm is ringed or connecion is closed */
+ if(connectMode==ENDCONNECT) break;
+ }
+
+ /* restart alarm */
+ EnableAlarm();
+ }
+
+ /* reset alarm */
+ RemoveAlarm(NULL);
+
+ /* send quit message to client */
+ SendQuitClient();
+
+ Close(connfd);
+
+ return;
+}
+
+/***************************************/
+/* called at periodic http alive check */
+/***************************************/
+void onCheckHttpAlarm(int signo)
+{
+ /* search new IPv6 addresses */
+ ScanNdpEntry(alarmArg.pClientAddr, alarmArg.userid,
+ alarmArg.macAddr6, alarmArg.userProperty);
+
+ /* if long HTTP read waiting, then quit */
+ if( (time(NULL)-readHelloTime) > alarmArg.checkInterval ){
+ connectMode = ENDCONNECT;
+ }else{
+ connectMode = HTTPCONNECT;
+ }
+
+ /* set the alarm for next periodic check */
+ AddAlarm("CheckHttpAlarm", alarmArg.checkInterval, FALSE, OnCheckHttpAlarm);
+ /* EnableAlarm is called automatically in alarm function */
+
+ return;
+}
+
+/***************************************************/
+/* read skip Http headers ended by null line */
+/***************************************************/
+void readHttpHeaders(void)
+{
+ char buff[BUFFMAXLN]; /* read in buffer */
+ int n;
+
+ /* read until null line (only CR code) */
+ while((n=readln(connfd, buff, BUFFMAXLN))>1);
+}
+
+/********************************************************/
+/* send hello to client for replying GET /hello request */
+/********************************************************/
+void sendReplyToGetHello(void)
+{
+ /* send HTTP headers */
+ Writefmt(connfd,"HTTP/1.1 200 OK\r\n");
+ Writefmt(connfd,"Transfer-Encoding: chunked\r\n");
+ Writefmt(connfd,"Keep-Alive: timeout=300\r\n");
+ Writefmt(connfd,"Connection: Keep-Alive\r\n");
+ Writefmt(connfd,"Content-Type: text/html\r\n");
+ Writefmt(connfd,"\r\n");
+
+ /* send reply to hello */
+ Writefmt(connfd,"5\r\n");
+ Writefmt(connfd,"hello\r\n");
+
+ /* send end of chunk */
+ Writefmt(connfd,"0\r\n");
+ Writefmt(connfd,"\r\n");
+}
+
+/***************************************************/
+/* send httpkeep page to client via connfd */
+/***************************************************/
+void sendHttpKeepPage(char *userid, char *language, int port)
+{
+ char buff[BUFFMAXLN]; /* read in buffer */
+ FILE *fp;
+ char httpKeepDoc[BUFFMAXLN];
+ char httpHelloInterval[WORDMAXLN];
+ char httpHelloUrl[BUFFMAXLN];
+ char terminateUrl[BUFFMAXLN];
+ char acceptDoc2Url[BUFFMAXLN];
+ char *startPageUrl=GetConfValue("StartPage/Url");
+ int startPageType=atoi(GetConfValue("StartPage/Type"));
+
+ /* create path to accept2 doc */
+ snprintf(acceptDoc2Url, BUFFMAXLN,
+ "http://%s%s/%s/%s",GetConfValue("OpengateServerName"),
+ GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc2"));
+
+ /* create terminate url [http://<servaddr>:<port>/terminate<pid>] */
+ snprintf(terminateUrl, BUFFMAXLN, "http://%s:%d/terminate%d",
+ GetConfValue("OpengateServerName"), port, getpid());
+
+ /* create httphello url [http://<servaddr>:<port>/hello-<userid>] */
+ snprintf(httpHelloUrl, BUFFMAXLN, "http://%s:%d/hello-%s",
+ GetConfValue("OpengateServerName"), port, userid);
+
+ /* create httphello interval [50000] */
+ snprintf(httpHelloInterval, WORDMAXLN, "%s", GetConfValue("HttpHelloInterval"));
+
+ /* create path to httpkeep doc */
+ snprintf(httpKeepDoc,BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),language,GetConfValue("HttpKeepDoc"));
+
+ /* open httpkeepdoc */
+ if((fp=fopen(httpKeepDoc, "r"))==NULL){
+ err_msg("ERR at %s#%d: cannot open %s",__FILE__,__LINE__,httpKeepDoc);
+ PutClientMsg("Cannot find html document");
+ return;
+ }
+
+ /* send HTTP headers */
+ Writefmt(connfd,"HTTP/1.1 200 OK\r\n");
+ Writefmt(connfd,"Transfer-Encoding: chunked\r\n");
+ Writefmt(connfd,"Keep-Alive: timeout=300\r\n");
+ Writefmt(connfd,"Connection: Keep-Alive\r\n");
+ Writefmt(connfd,"Content-Type: text/html\r\n");
+ Writefmt(connfd,"\r\n");
+
+ while(fgets(buff, BUFFMAXLN, fp)!=NULL){
+
+ /* replace mark */
+ htmlReplace(buff, "%%HTTPHELLOINTERVAL%%", httpHelloInterval);
+ htmlReplace(buff, "%%HTTPHELLOURL%%", httpHelloUrl);
+ htmlReplace(buff, "%%USERID%%", userid);
+ htmlReplace(buff, "%%TERMINATEURL%%", terminateUrl);
+
+ /* replace start url mark */
+ if( startPageType==1 ){
+ htmlReplace(buff, "%%STARTURL%%", startPageUrl);
+ }else{
+ htmlReplace(buff, "%%STARTURL%%", acceptDoc2Url);
+ }
+
+ /* length of chunk in hex */
+ Writefmt(connfd, "%x\r\n", strlen(buff));
+ /* the chunk content */
+ Writefmt(connfd, "%s\r\n", buff);
+ }
+
+ /* chunk end */
+ Writefmt(connfd,"0\r\n");
+ Writefmt(connfd,"\r\n");
+ fclose(fp);
+}
+
+/***************************************************/
+/***************************************************/
+void GetPeerAddr(int sockfd, char *peerAddr)
+{
+ if(debug) err_msg("DEBUG:=>getPeerAddr( )");
+ getPeerAddr(sockfd,peerAddr);
+ if(debug) err_msg("DEBUG:<=getPeerAddr(,%s)",peerAddr);
+}
+
+
+int GetListenPort(void)
+{
+ int ret;
+
+ if(debug) err_msg("DEBUG:=>getListenPort( )");
+ ret=getListenPort();
+ if(debug) err_msg("DEBUG:(%d)<=getListenPort( )",ret);
+
+ return ret;
+}
+
+int WaitClientConnect(char *userid, char *userProperty, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, char *macAddr6, int ipStatus, struct clientAddr *pClientAddr, char *language, int port)
+{
+ int ret;
+
+ if(debug) err_msg("DEBUG:=>waitClientConnect(%s,%s,%s,%s,%d,%s,%s,%d,%s,%d)",userid,userProperty,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,language,port);
+ ret=waitClientConnect(userid,userProperty,clientAddr4,clientAddr6,duration,macAddr4,macAddr6,ipStatus,pClientAddr,language,port);
+ if(debug) err_msg("DEBUG:(%d)<=waitClientConnect( )",ret);
+
+ return ret;
+}
+
+void WaitJavaClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus)
+{
+ if(debug) err_msg("DEBUG:=>waitJavaClose(%p,%s,%s,userProperty,%d)",pClientAddr,userid,macAddr6,ipStatus);
+ waitJavaClose(pClientAddr,userid,userProperty,macAddr6,ipStatus);
+ if(debug) err_msg("DEBUG:<=waitJavaClose( )");
+}
+
+void SendQuitClient(void)
+{
+ if(debug) err_msg("DEBUG:=>sendQuitClient( )");
+ sendQuitClient();
+ if(debug) err_msg("DEBUG:<=sendQuitClient( )");
+}
+
+void SendTerminateReply(void)
+{
+ if(debug) err_msg("DEBUG:=>sendTerminateReply( )");
+ sendTerminateReply();
+ if(debug) err_msg("DEBUG:<=sendTerminateReply( )");
+}
+
+void WaitHttpClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int ipStatus)
+{
+ if(debug) err_msg("DEBUG:=>waitHttpClose(%p,%s,%s,userProperty,%d)",pClientAddr,userid,macAddr6,ipStatus);
+ waitHttpClose(pClientAddr,userid,userProperty,macAddr6,ipStatus);
+ if(debug) err_msg("DEBUG:<=waitHttpClose( )");
+
+}
+
+void ReadHttpHeaders(void)
+{
+ if(debug) err_msg("DEBUG:=>readHttpHeaders( )");
+ readHttpHeaders();
+ if(debug) err_msg("DEBUG:<=readHttpHeaders( )");
+}
+
+void SendReplyToGetHello(void)
+{
+ if(debug) err_msg("DEBUG:=>sendReplyToGetHello( )");
+ sendReplyToGetHello();
+ if(debug) err_msg("DEBUG:<=sendReplyToGetHello( )");
+
+}
+
+void SendHttpKeepPage(char *userid, char *language, int port)
+{
+ if(debug) err_msg("DEBUG:=>sendHttpKeepPage(%s,%s,%d,%d)", userid, language, port);
+ sendHttpKeepPage(userid, language, port);
+ if(debug) err_msg("DEBUG:<=sendHttpKeepPage( )");
+
+}
+
+void OnUsageTimeLimitAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onUsageTimeLimitAlarm()");
+ onUsageTimeLimitAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onUsageTimeLimitAlarm()");
+}
+
+void OnCheckBasicAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onCheckBasicAlarm()");
+ onCheckBasicAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onCheckBasicAlarm()");
+}
+
+void OnCheckJavaAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onCheckJavaAlarm()");
+ onCheckJavaAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onCheckJavaAlarm()");
+}
+
+void OnCheckHttpAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onCheckHttpAlarm()");
+ onCheckHttpAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onCheckHttpAlarm()");
+}
+
+void OnReadWaitAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onReadWaitAlarm()");
+ onReadWaitAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onReadWaitAlarm()");
+}
+
+void OnAjaxWaitAlarm(int signo){
+
+ if(debug) err_msg("DEBUG:=>onAjaxWaitAlarm()");
+ onAjaxWaitAlarm(signo);
+ if(debug) err_msg("DEBUG:<=onAjaxWaitAlarm()");
+}
+
+int SelectAccept(void){
+ int ret;
+
+ if(debug) err_msg("DEBUG:=>selectAccept()");
+ ret=selectAccept();
+ if(debug) err_msg("DEBUG:(%d)<=selectAccept()",ret);
+
+ return ret;
+}
{
int ret;
- /* if ((ret=close(fd)) == -1)
- * err_msg("close error");
+ /*if( (ret=close(fd)) == -1)
+ * err_msg("close error");
*/
ret=close(fd);