phpsrc PHP sources
rc.d Sample script for rc.d
sqlscript Scripts to access SQL
+---------------------------
+conf
+ ipfwctrlmd.pl.sample sample perl script for ipfw control
+ opengatemd.conf.sample sample conf file for opengatem daemon program
+ opengatemmng.conf.sample sample conf file for opengatem management programs
+ rc.firewall.sample sample firewall script
+ warningmail.sample sample mail for expiration warning (japanese)
+ warningmail.sample.en sample mail for expiration warning (english)
+
+html
+ editstring.js Javascript for editting fields in updating page
+ index.html.var top var file for document root
+ macchk.js JavaScript for UI in mac checking page
+ showlog.js Javascript for showing log in updating page
+ en
+ macauth.html template of page for authentication request
+ macchk.html template of page for checking mac address
+ macdeny.html template of page for showing deny message
+ macfwd.html template of page for forwarding to auth
+ macreg.html template of page for mac registration
+ macreturn.html template of page for error return
+ macupdate.html template of page for mac updating page
+ warning.php PHP script to show message at jumping from opengate to opengatem
+ ja
+ same as en
+
+mdsrc
+ error.c control syslog output
+ getparam.c get parameter value from conf file
+ ipfw.c control firewall
+ macdbcache.c control cache of mac address table in MySQL
+ Makefile make file
+ managementdb.c control management DB (MySQL)
+ opengatemd.c main routine of opengatem daemon
+ opengatemd.h header file
+ packetcache.c control cache of captured packet
+ pcap.c control of PCAP library
+ session.c control the session for using devices
+ ttlcheck.c check TTL(time to live) of packet
+ udpserv.c control UDP server for update reporting
+ util.c misc utilities
+ watchlistcache.c control cache of watchlist table in MySQL (specific reporting is needed)
+ workdb.c control work DB (SQLite)
+
+mngsrc
+ alarms.c control of signal alarms
+ auth-ftps.c control authenticaion with FTPS
+ auth-ldap.c control authenticaion with LDAP
+ auth-pam.c control authenticaion with PAM
+ auth-pop3s.c control authenticaion with POP3S
+ auth-rad.c control authenticaion with RADIUS
+ auth.c entry routine for authenticaion
+ cgi.c control CGI
+ error.c control syslog output
+ getmac.c get mac address from arp
+ getparam.c get parameter values from conf file
+ ipfw.c control firewall
+ Makefile make file
+ managementdb.c control management DB (MySQL)
+ messages.c manage messages in english and japanese
+ opengatemchk.c main routine for CGI of mac check page
+ opengatemfwd.c main routine for CGI of forwarding page
+ opengatemmail.c main routine to send warning mail
+ opengatemmng.h header file for management programs
+ opengatemown.c main routine for CGI of own-control page (register/update by oneself)
+ opengatemreg.c main routine for CGI of registration page
+ opengatemup.c main routine for CGI of updating page
+ proc.c coltrol of child process used in mac check page
+ queue.c control address queue
+ udpcli.c UDP client to send update info to daemon
+ util.c misc utilities
+ workdb.c control work DB (SQLite)
+ ** caution: though same name exist in mdsrc and mngsrc, do not merge these files. These are independent.
+phpsrc
+ sendreportmail.php script to send report at detecting a packet for the device in watchlist. co-opetare with syslog
+ showlog.php page for showing use log
+ showtable.php page for showing content of tables in MySQL
+ updatemactable.php page for editing mac address table
+ updatevendortable.php script to insert vendor list into vendor table in MySQL
+
+sqlscript
+ createtablescript script to creat tables in MySQL at initialization
+ insertmacscript script to insert mac address into mac table in MySQL
+ updatescript1 sample script for management of mac address table
+ updatescript2 sample script for management of mac address table
+ updatescript3 sample script for management of mac address table
+ updatescript4 sample script for management of mac address table
<ReturnDoc>macreturn.html</ReturnDoc>
<!-- timeout for above return jump -->
- <ReturnWaitTime>10</ReturnWaitTime>
+ <ReturnWaitTime>3</ReturnWaitTime>
<!-- Related command path -->
<ArpPath>/usr/sbin/arp</ArpPath>
[<MailAttribute>-env-vars-for-mail-address-</MailAttribute>]
[<MailDomain>-mail-address-after-@-</MainDomain>]
</AuthServer>
-
# Auth by Shibboleth
# 'UidAttiribute' means the environment variable having UserId
<Protocol>httpbasic</Protocol>
[<MailDomain>-mail-address-after-@-</MainDomain>]
</AuthServer>
-
# Auth by http-basic
# Set 'opengatemXXX.cgi' as 'Basic' in .htaccess
# <FILES opengateXXX.cgi>
# </FILES>
# environment variable REMOTE_USER is used for userid
# ***Only one Httpbasic setting is permitted in conf***
+
+ #### TYPE 8 (Splash Page Only) ####
+ <AuthServer>
+ <Protocol>splash</Protocol>
+ </AuthServer>
+ # No authentication. Splash page only management.
+ # Use this when you don't want to identify user,
+ # but only want to show an agreement or usage policy page.
+ # The message should be described in macfwd.html.
+ # If accept response is required, remove the Refresh setting.
+
-->
<!-- ######## Examples of Auth Server Setting ##############
</DT><DD>
Fixed CLang warning messages, Modified PHP scripts (opengatem-all).
</DD>
+ <DT>Ver.0.9.7 at 2015.7.24
+ </DT><DD>
+ Added splash page only management (opengatemown).
+ </DD>
</DL>
</BODY>
</HTML>
}else if(strcmp(proto, "accept")==0){
/* accept all request */
authResult=ACCEPT;
+
+ }else if(strcmp(proto, "splash")==0){
+ /* accept all request */
+ authResult=ACCEPT;
+
}else{
err_msg("ERR at %s#%d: Unknown protocol:%s",__FILE__,__LINE__,proto);
authResult=DENY;
return FALSE;
}
+/**********************************
+is AuthServer setting for normal user 'splash'
+**********************************/
+int isSplashOnlyManagement(void){
+ int splash=FALSE;
+
+ /* search AuthServer setting having Protocol=splash and UserType!=admin */
+ ResetAuthServerPointer();
+ while(SelectNextAuthServer()){
+ if((strcmp(GetConfValue("AuthServer/Protocol"), "splash")==0)&&
+ (strcmp(GetConfValue("AuthServer/UserType"), "admin")!=0) ){
+ splash=TRUE;
+ break;
+ }
+ }
+ ResetAuthServerPointer();
+ return splash;
+}
+
/**********************************/
/**********************************/
int GetUserId(char* requestStr, char* userId, char* extraId, char* language, int userType, char* cgiName, char* mailDefault, char* redirectedUrl){
return ret;
}
+
+int IsSplashOnlyManagement(void){
+ int ret;
+
+ if(debug>1) err_msg("DEBUG:=>isSplashOnlyManagement()");
+ ret=isSplashOnlyManagement();
+ if(debug>1) err_msg("DEBUG:(%d)<=isSplashOnlyManagement",ret);
+
+ return ret;
+}
char *next[1];
char *ptr;
+ /* if null request, return */
+ if(isNull(content)) return FALSE;
+
/* set default */
*macAddress='\0';
*deviceName='\0';
return TRUE;
}
+
/*********************************************/
/* put mac list the client */
/*********************************************/
/******************************************
The count of mac address modification in last 24 hours
******************************************/
-int countMacModifyPerDayInMngDb(char* userId, char* extraId){
+int countMacModifyPerDayInMngDb(char* userId, char* extraId, char* macAddress){
MYSQL_RES *res=NULL;
MYSQL_ROW row;
int count=10000;
/* prepare query string */
- snprintf(queryStr, BUFFMAXLN,
+ /* count for one macAddress if not null, elsecount for one userID)*/
+ if(!isNull(macAddress)){
+ snprintf(queryStr, BUFFMAXLN,
+ "select count(*) from macmodify "
+ " where macAddress='%s' and "
+ " modifyDate > adddate(now(), interval -1 day) ",
+ macAddress);
+ }else{
+ snprintf(queryStr, BUFFMAXLN,
"select count(*) from macmodify "
" where userId='%s' and extraId='%s' and "
" modifyDate > adddate(now(), interval -1 day) ",
userId, extraId);
-
+ }
+
/* send SQL query */
if (mysql_query(&mysql, queryStr)){
err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__,
return TRUE;
}
+/********************************************
+Register or Update MacAddress which is unlinked to user
+********************************************/
+int regOrUpNobodyMacAddr(char* macAddress){
+ int modified=FALSE;
+
+ /* macAddress in inactive status cannot be modified */
+ if(IsMacAddrStatusInactiveInMngDb(macAddress)) return FALSE;
+
+ /* if mac is already registered, update it */
+ if(IsMacAddrFoundInMngDb(macAddress)){
+ if(RenewMacAddrInMngDb(macAddress)){
+ PutMacModifyLogToMngDb("?", "", macAddress, 'E'); /*(userId,extraId,.)*/
+ modified=TRUE;
+ }
+ }
+
+ /* if mac is not yet registered, register it */
+ else{
+ if(RegistMacAddrToMngDb(macAddress,"?","?","","")){ /*(dev,user,ext,mail) */
+ PutMacModifyLogToMngDb("?","", macAddress, 'R'); /* (userId,extraId,.) */
+ modified=TRUE;
+ }
+ }
+ return modified;
+}
+
+/******************************************
+ Is the macAddr in INACTIVE('I') status
+******************************************/
+int isMacAddrStatusInactiveInMngDb(char* macAddr){
+
+ MYSQL_RES *res=NULL;
+ MYSQL_ROW row;
+ char queryStr[BUFFMAXLN];
+ int ret;
+
+ /* prepare query string */
+ snprintf(queryStr, BUFFMAXLN,
+ "select * from macaddrs "
+ " where macAddress='%s' and status='I'",
+ macAddr);
+
+ /* send SQL query */
+ if (mysql_query(&mysql, queryStr)){
+ err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__,
+ mysql_error(&mysql));
+ return FALSE;
+ }
+
+ /* store result */
+ res = mysql_store_result(&mysql);
+
+ /* output table name */
+ row = mysql_fetch_row(res);
+
+ /* if found, return true */
+ if(row!=NULL) ret=TRUE;
+
+ /* if not found, return false */
+ else ret=FALSE;
+
+ mysql_free_result(res);
+ return ret;
+}
/********************************************
routines for debugging output
}
-int CountMacModifyPerDayInMngDb(char* userId, char* extraId){
+int CountMacModifyPerDayInMngDb(char* userId, char* extraId, char* macAddress){
int ret;
- if(debug>1) err_msg("DEBUG:=>countMacModifyPerDayInMngDb(%s,%s)",
- userId,extraId);
- ret=countMacModifyPerDayInMngDb(userId,extraId);
+ if(debug>1) err_msg("DEBUG:=>countMacModifyPerDayInMngDb(%s,%s,%s)",
+ userId,extraId,macAddress);
+ ret=countMacModifyPerDayInMngDb(userId,extraId,macAddress);
if(debug>1) err_msg("DEBUG:(%d)<=countMacModifyPerDayInMngDb( )",ret);
return ret;
}
if(debug>1) err_msg("DEBUG:(%d)<=renameMailAddressInMngDb()",ret);
return ret;
}
+
+int RegOrUpNobodyMacAddr(char* macAddress){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>regOrUpNobodyMacAddr(%s)",macAddress);
+ ret=regOrUpNobodyMacAddr(macAddress);
+ if(debug>1) err_msg("DEBUG:(%d)<=regOrUpNobodyMacAddr()",ret);
+ return ret;
+}
+
+
+int IsMacAddrStatusInactiveInMngDb(char* macAddress){
+ int ret;
+ if(debug>1) err_msg("DEBUG:=>isMacAddrStatusInactiveInMngDb(%s)",macAddress);
+ ret=isMacAddrStatusInactiveInMngDb(macAddress);
+ if(debug>1) err_msg("DEBUG:(%d)<=isMacAddrStatusInactiveInMngDb()",ret);
+ return ret;
+}
int CountMacAddrsForUserInMngDb(char* userId, char* extraId);
int PutMacModifyLogToMngDb(char* userId, char* extraId, char* macAddr, char modifyType);
int GetNicVendorFromMngDb(char* macAddress, char* vendor, int bufferLength);
-int CountMacModifyPerDayInMngDb(char* userId, char* extraId);
+int CountMacModifyPerDayInMngDb(char* userId, char* extraId, char* macAddress);
int DelMacAddrFromMngDb(char* macAddr);
int RenewMacAddrInMngDb(char* macAddr);
int PauseMacAddrInMngDb(char* macAddr);
int GetTimeRangeToShowLog(char* beginTime, char* endTime, int* dateCount);
int RenameDeviceNameInMngDb(char* macAddr, char* nameStr);
int RenameMailAddressInMngDb(char* macAddr, char* mailStr);
+int RegOrUpNobodyMacAddr(char* macAddress);
+int IsMacAddrStatusInactiveInMngDb(char* macAddress);
/* workdb.c */
int SetupSqliteBusyTimeoutValue(void);
int IsUserIdFoundInAcceptUsersList(char* userId);
int IsShibOrBasicAuthDuplicated(void);
int MakeMailDefault(char* userId, char* extraId, char* mailDefault);
+int IsSplashOnlyManagement(void);
/* alarms.c */
int AddAlarm(char *name, int timeout, int preceding, Sigfunc *func);
int isNatOrRouter=0; /* flag for nat or router insertion (checked in md) */
char redirectedUrl[BUFFMAXLN]=""; /* url from which the page is forwarded */
int modified=FALSE; /* register or update is done */
+ int splash=FALSE; /* Splash page only management */
- /* drop root privilege (to prevent dangerous action */
+ /* drop root privilege (to prevent dangerous action) */
seteuid(getuid());
/* if this is executed in shell with '-v' option, show makedir */
exit(0);
}
- /* save program load path */
+ /* save program load path to the valiable in proc.c */
+ /* and get this program name from it */
saveLoadPath(argv[0]);
progName = getProgramName();
return 0;
}
- /* start log */
+ /* start syslog */
errToSyslog(atoi(GetConfValue("Syslog/Enable")));
openlog(progName, LOG_PID, atoi(GetConfValue("Syslog/Facility")));
if(!InitWorkDb()) return 0;
/* get language and other from query string */
+ /* redirectedUrl is the url returned after this execution */
GetLangFromQueryString(language);
GetRedirectedUrlFromQueryString(redirectedUrl);
}
/*** Get request from client ***/
- /* get post data */
+ /* get post data to requestStr */
GetPostData(requestStr, BUFFMAXLN);
- /* get cgi name defined in conf file */
- if(isNull(GetConfValue("OwnCgi"))){
- err_msg("ERR at %s#%d: OwnCgi cannot get from conf file",__FILE__,__LINE__);
- return 0;
- }
+ /*** Check the Splash only setting ***/
+ splash=IsSplashOnlyManagement();
+
+ /* exec authentication process. skip when splash only management */
+ if(!splash){
- /* get userid and other info. */
- /* if not get, send auth page and exit */
- if(!GetUserId(requestStr, userId, extraId, language, NORMALUSER,
- GetConfValue("OwnCgi"),mailDefault,redirectedUrl)){
- CloseMngDb();
- return 0;
- }
-
- /* if too many requests per one day, send error and exit */
- if(CountMacModifyPerDayInMngDb(userId,extraId)
- > atoi(GetConfValue("MaxMacModifyPerDay"))){
- SetMessage(ModifyCountOver);
- PutDenyToClient(language);
- CloseMngDb();
- return 0;
+ /* if cgi name is not defined in conf file, return */
+ if(isNull(GetConfValue("OwnCgi"))){
+ err_msg("ERR at %s#%d: OwnCgi cannot get from conf",__FILE__,__LINE__);
+ return 0;
+ }
+
+ /* get userid and other information from requestStr */
+ /* if not get these, send authentication page and exit */
+ if(!GetUserId(requestStr, userId, extraId, language, NORMALUSER,
+ GetConfValue("OwnCgi"),mailDefault,redirectedUrl)){
+ CloseMngDb();
+ return 0;
+ }
}
/*** Get client MAC address ***/
/* get nic interface name in conf */
if(isNull(dev=GetConfValue("Device"))){
- err_msg("ERR at %s#%d: Device cannot get from conf file",__FILE__,__LINE__);
- return 0;
+ err_msg("ERR at %s#%d: Device cannot get from conf file",__FILE__,__LINE__);
+ return 0;
}
- /* get IP-MAC pair list from arp or ndp on the nic */
+ /* get IP-MAC pair list from arp/ndp sent to the nic */
+ /* the list is stored in the queue controlled by queue.c */
Initqueue();
if(strchr(ipAddress,':')==NULL) GetMacAddrListFromArp(dev);
else GetMacAddrListFromNdp(dev);
- /* search mac address corresponding to the client ip address */
+ /* search the IP-MAC pairs matching to the client ip address */
+ /* and set the paired mac address as the client mac address */
while(Dequeue(macAddressInQueue, ipAddressInQueue)){
if(strcmp(ipAddress, ipAddressInQueue)==0){
strlcpy(macAddress, macAddressInQueue, ADDRMAXLN);
}
/* clear the ip-mac pair list */
+ /* the queue exists from above Initqueue() to this Freequeue() */
Freequeue();
+ /* if sent too many requests from one mac per day, send error and exit */
+ if(CountMacModifyPerDayInMngDb("", "", macAddress)
+ > atoi(GetConfValue("MaxMacModifyPerDay"))){
+ SetMessage(ModifyCountOver);
+ PutDenyToClient(language);
+ CloseMngDb();
+ return 0;
+ }
+
/*** Check the acquired MAC ***/
/* if accessed via nat or router, exit */
- /* if nat, check function returns 1. if router, it returns 2. */
+ /* if via nat, the function returns 1. if via router, it returns 2. */
isNatOrRouter=IsNatSuspectedInWorkDb(macAddress);
if(isNatOrRouter==NAT || isNatOrRouter==ROUTER){
SetMessage(SuspectNat);
return 0;
}
- /*** execute the client request ***/
- /* if null request, skip execution and go to sending page */
- if(!isNull(requestStr)){
-
- /* execute update requests */
- if(AnalyzeUpdateRequestAndExecute(requestStr, userId, extraId)){
- SetMessage(UpdateSuccess);
- modified=TRUE;
- }
-
- /* if no update, check registration request */
- else if(AnalyzeRegisterRequest(requestStr, macAddressReq,
- deviceName, mailAddress)){
-
- /* if registration info is found, register values to db */
- RegistMacAddrToMngDb(macAddress,deviceName,userId,extraId,mailAddress);
- PutMacModifyLogToMngDb(userId, extraId, macAddress, 'R');
+ /*** splash only management ***/
+ /* if splash page only, exec reg/up without analyzing request */
+ if(splash){
+ if(RegOrUpNobodyMacAddr(macAddress)){
PutMacAddressToServers(macAddress);
- SetMessage(RegisterSuccess);
- modified=TRUE;
+ ReturnToRedirectedPage(redirectedUrl, language);
+ }else{
+ SetMessage(NoService);
+ PutDenyToClient(language);
}
+ CloseMngDb();
+ return 0;
+ }
+
+ /*** execute the client request ***/
+ /* if requestStr includes update request, execute update */
+ if(AnalyzeUpdateRequestAndExecute(requestStr, userId, extraId)){
+ SetMessage(UpdateSuccess);
+ modified=TRUE;
+ }
+
+ /* if requestStr includes registration request, execute registration */
+ else if(AnalyzeRegisterRequest(requestStr, macAddressReq,
+ deviceName, mailAddress)){
+
+ /* registration info is found, then register values to db */
+ RegistMacAddrToMngDb(macAddress,deviceName,userId,extraId,mailAddress);
+ PutMacModifyLogToMngDb(userId, extraId, macAddress, 'R');
+ PutMacAddressToServers(macAddress);
+ SetMessage(RegisterSuccess);
+ modified=TRUE;
}
/*** Send back web page ***/
- /* if registration/Updating is done, return to redirected site */
- if(modified && !isNull(redirectedUrl)){
+ /* if registration/updating is executed, return to redirected site */
+ if(modified){
ReturnToRedirectedPage(redirectedUrl, language);
}
-
- /* else if the client is registered, send back update page */
+
+ /* if no execution and the client is registered, send back update page */
else if(IsMacAddrFoundInMngDb(macAddress)){
PutUpdatePageToClient(language, userId, extraId, OWNER, redirectedUrl);
}
-
- /* client is not-registered */
+
+ /* the client is not-registered */
/* but allowable registration device count is over the limit */
/* send back update page with overflow error message */
else if(CountMacAddrsForUserInMngDb(userId,extraId)
}
/* if many modify requests per one day, ignore the request */
- if(CountMacModifyPerDayInMngDb(userId,extraId)
+ if(CountMacModifyPerDayInMngDb(userId, extraId, "")
> atoi(GetConfValue("MaxMacModifyPerDay"))){
SetMessage(ModifyCountOver);
PutDenyToClient(language);