--- /dev/null
+This archive contains OPENGATE sources & documentations
+
+Copyright (C) 1999-2005 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+
+
+-----------------------------------------------------
+install documentation is in doc/install.txt
+-----------------------------------------------------
+
+Content of this archive
+
+README This file
+
+conf/ Configuration files
+ opengatefw.conf Script of initial firewall configuration
+ opengatefw.pl Perl script executed by opengate
+ opengatesrv.conf Configuration of authentication servers
+
+doc/ Documentation files
+ Changes.html Change log
+ GPL.txt GNU General Public License
+ install.html Instruction of installation(Japanese)
+ install-e.html Instruction of installation
+ qa.html Questions and answers(Japanese)
+ qa-e.html Questions and answers
+ errcheck.html Error checking list(Japanese)
+ errcheck-e.html Error checking list
+ progflow.html Program flow
+
+javahtml/ Client Java Applet and HTML files
+ Opengate.class Java Applet main executable file
+ Opengate.jar Java Applet archive file
+ Opengate.java Java Applet source file
+ OpengateClient.class Java Applet sub executable file
+
+ en/ HTML files in English
+ accept.html First accept message page(for Applet)
+ accept2.html Second accept message page(for potal)
+ deny.html Deny message page
+ index-ssl.html Authentication request page(in SSL)
+ index.html Authentication request page
+ topindex.html Top page displayed at firewall forward
+
+ ja/ HTML files in Japanese
+ accept.html First accept message page(for Applet)
+ accept2.html Second accept message page(for potal)
+ deny.html Deny message page
+ index-ssl.html Authentication request page(in SSL)
+ index.html Authentication request page
+ topindex.html Top page displayed at firewall forward
+
+opengatesrv/ Opengate server program source files
+ Makefile make file
+ auth-pam.c Authentication by PAM
+ auth-pop3s.c Authentication by POP3S
+ auth-rad.c Authentication by RADIUS
+ comm-arp.c Communication with ARP
+ comm-auth.c Communication with authentication systems
+ comm-cgi.c Communication with Web server via CGI
+ comm-ipfw.c Communication with IPFW
+ comm-java.c Communication with Java Applet
+ comm-userdb.c Communication with user database
+ error.c Error routines
+ main.c Main routine
+ opengatesrv.h Common header file
+ utilities.c Utilities
+ signal.c Functions of TCP/IP (By W. Richard Stevens)
+ sock_ntop_host.c Functions of TCP/IP (By W. Richard Stevens)
+ tcp_connect.c Functions of TCP/IP (By W. Richard Stevens)
+ wrapper.c Functions of TCP/IP (By W. Richard Stevens)
+
--- /dev/null
+ # set these to your outside interface network and netmask and ip
+ oif="fxp0"
+ onet="133.49.20.0"
+ omask="255.255.252.0"
+ oip="133.49.22.5"
+
+ # set these to your inside interface network and netmask and ip
+ iif="fxp1"
+ inet="192.168.0.0"
+ imask="255.255.255.0"
+ iip="192.168.0.1"
+
+ fwcmd="/sbin/ipfw"
+
+ # divert packet to NATD ################################
+ $fwcmd add 1 divert natd ip from any to any via ${oif}
+
+ # Stop spoofing
+ $fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
+ $fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
+
+ # Allow from / to myself
+ $fwcmd add pass all from ${iip} to any via ${iif}
+ $fwcmd add pass all from ${oip} to any via ${oif}
+ $fwcmd add pass all from any to ${iip} via ${iif}
+ $fwcmd add pass all from any to ${oip} via ${oif}
+
+ # Allow DNS queries out in the world
+ # (if DNS is on localhost, delete passDNS)
+ $fwcmd add pass udp from any 53 to any
+ $fwcmd add pass udp from any to any 53
+
+ # Forwarding http connection from unauth client ###############
+ $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any http
+ $fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any https
+
+ # Allow TCP through if setup succeeded ########################
+ $fwcmd add 60100 pass tcp from any to any established
--- /dev/null
+#!/usr/bin/perl
+
+### Firewall control perl script drived by opengatesrv.cgi ###
+
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty)=@ARGV;
+close STDOUT; close STDERR; close STDIN;
+
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","$clientaddr","to","any";
+
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","any","to","$clientaddr";
+
+
+exit 0;
+__END__
+########### Above line is the end of interpreting#############
+
+ PARAMETERS
+
+ $ipfwpath = path to ipfw command
+ $rulenumber= ipfw rule number. one number for one client
+ $clientaddr= client machine's IP address
+ $userid = user's ID. Auth server ID is attached, if entered.
+ $macaddr = MAC address for the client machine
+ $userproperty = user property acquired from user database
+ (Need to edit comm-userdb.c to use this option).
+
+ CAUTIONS
+
+*Be care to execute quickly and without delay.
+ This script runs in EXCLUSIVE mode.
+
+*Be care to add least rule set.
+ The rules are added PER each client.
+
+*Be care to eliminate bug and security hole.
+ At modification, debug it perfectly in stand along mode.
+
+*If possible, the rule should be written in rc.firewall.
+ Following can be written in rc.firewall
+ Deny some protocol though authentication passed.
+ Allow to access some server without authentication.
+
+*Following might be written in this script.
+ Deny guest users to access internal network.
+ Deny a client having specific MAC address.
+ Forward some service to proxy server after authentication.
+ (Last one might be written in rc.firewall as the rule of other
+ side interface which is not used by opengate)
+
+ SIMPLE SCRIPT
+
+If you are confused, return to the following default script.
+=====================================================
+#!/usr/bin/perl
+
+# get parameters
+($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr)=@ARGV;
+
+# close web server I/O
+close STDOUT; close STDERR; close STDIN;
+
+# allow all packets incomming to the client.
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","any","to","$clientaddr";
+
+# allow all packets outgoing from the client.
+system "$ipfwpath","-q","add","$rulenumber",
+ "allow","ip","from","$clientaddr","to","any";
+
+exit 0;
+__END__
+======================================================
+
--- /dev/null
+###### authentication servers
+
+default:tc=pam
+
+cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3:
+
+pam:protocol=pam:
+
+rad:protocol=radius:
+
+ps:protocol=pop3s:address=133.49.50.3:
+
+
+# <ID>:protocol=ftp:address={<hostname>|<hostaddr>}:[port=<portno>:]
+# <ID>:protocol=pop3:address={<hostname>|<hostaddr>}:[port=<portno>:]
+# <ID>:protocol=pop3s:address={<hostname>|<hostaddr>}:[port=<portno>:]
+# <ID>:protocol=pam:[servicename=<servicename_in_pam.conf>:]
+# <ID>:protocol=radius:[conffile=<path_to_radius.conf>:]
+#
+### examples ###
+# cc:address=192.168.0.1:protocol=ftp:
+# AuthOK, if ftp request is accepted by the server.
+# Default port defined in /etc/services is used.
+#
+# cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3:
+# AuthOK, if pop3 request is accepted by the server.
+# Default port defined in /etc/services is used.
+#
+# hi:address=himiko.cc.saga-u.ac.jp:protocol=ftp:port=1111:
+# AuthOK, if ftp request is accepted by the server.
+# Specific port is used.
+#
+# ps:protocol=pop3s:address=192.168.0.10:
+# AuthOK, if pop3s (SSLed pop3) request is accepted by the server.
+# Default port defined in /etc/services is used.
+#
+# pam:protocol=pam
+# Authentication request is send to some authentication proc
+# via PAM (Pluggable Authentication Modules).
+# The configuration is described in /etc/pam.conf
+# The default servicename "openagte" is used in pam.conf.
+#
+# pmf:protocol=pam:servicename=authfirst
+# Authentication request is sent to some authentication proc
+# via PAM. The configuration is described in /etc/pam.conf
+# Specific servicename "authfirst" is used in pam.conf.
+#
+# rad:protocol=radius:
+# Authentication request is sent to RADIUS servers directly
+# (RADIUS servers can also be used via PAM).
+# The configuration is described in default config file
+# /etc/radius.conf.
+#
+# rad1:protocol=radius:conffile=/usr/local/etc/radius1.conf:
+# Authentication request is sent to RADIUS servers.
+# The coonfiguration is described in specific config file
+# /usr/local/etc/radius1.conf
--- /dev/null
+<HTML>
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Opengate History</H3>
+
+<DL>
+<DT>Ver.0.10 at 1999.8.30
+<DD>
+Scratch Version. In this version, Java applet is sent first, and the applet accept password.
+<DT>
+Ver.0.11 at 1999.9.19
+<DD>
+Stable Version. Reform program.
+<DT>
+Ver.0.12 at 1999.11.2
+<DD>
+Support firewalls IPF and ipfw.
+<DT>
+Ver.0.20 at 1999.9.16
+<DD>
+Abandoned version.
+<DT>
+Ver.0.30 at 1999.10.16
+<DD>
+Change to accept password with CGI. IPF support is disarded.
+<DT>
+Ver.0.31 at 1999.10.26
+<DD>
+Reform User Interface. Java applet shows own window.
+<DT>
+Ver.0.32 at 1999.11.1
+<DD>
+Support IPF.
+<DT>
+Ver.0.33 at 2000.6.17
+<DD>
+Support IP forwarding. Discard IPF support.
+<DT>
+Ver.0.40 at 2000.6.19
+<DD>
+Support multiple authentication servers.
+<DT>
+Ver.0.41 at 2000.6.23
+<DD>
+Add fuction to close firewall, when no packet passed for a while.
+<DT>
+Ver.0.42 at 2000.6.28
+<DD>
+Add function to close firewall at abnormal server termination.
+<DT>
+Ver.0.50 at 2000.12.11
+<DD>
+Add fuction to exchange hello message with terminal. Firewall is closed, when the client does not reply. Java output is included in html window.
+<DT>
+Ver.0.51 at 2000.12.22
+<DD>
+Support pop3 authentication.
+<DT>
+Ver.0.52a at 2001.1.19
+<DD>
+Exclusive execution of ipfw command.
+Deny multiple authentication requests from a terminal.
+Change the method to get Java connection address.
+Modify string sizes in the program.
+Many small modifications.
+<DT>
+Ver.0.52b at 2001.1.24
+<DD>
+Reform unp library.
+<DT>
+Ver.0.52c at 2001.1.26
+<DD>
+Add DEBUG flag. Modify Directory setting.
+<DT>
+Ver.0.52d at 2001.1.30
+<DD>
+Modify no packet time setting.
+<DT>
+Ver.0.52e at 2001.2.5
+<DD>
+Correct mistake comment.
+<DT>
+Ver.0.53a at 2001.2.7
+<DD>
+Directory setting is integrated in Makefile.
+Support logging MAC address.
+<DT>
+Ver.0.53b at 2001.2.8
+<DD>
+Add the check of null userID or password.
+<DT>
+Ver.0.53c at 2001.2.10
+<DD>
+Replace one accept window to two overlapped windows.
+<DT>
+Ver.0.53d at 2001.2.13
+<DD>
+Small modification on MAC address acquisition.
+<DT>
+Ver.0.54a at 2001.2.15
+<DD>
+Serious error(Ports are wasted in long execution) found and fixed.
+<DT>
+Ver.0.55a at 2001.3.19
+<DD>
+Show messages on JavaApplet field.
+<DT>
+Ver.0.56a at 2001.3.29
+<DD>
+Detach unp library (Many modifications in source)
+<DT>
+Ver.0.56b at 2001.4.14
+<DD>
+Modify document.(No modification in source)
+<DT>
+Ver.0.56c at 2001.4.24
+<DD>
+Reform HTML to improve authentication response time.(Modification in accept.html)
+<DT>
+Ver.0.56d at 2001.4.29
+<DD>
+Declaration of GPL. Add English documentations.(No modification in source)
+<DT>
+Ver.0.57a at 2001.5.10
+<DD>
+Remove loop at ipfw-delete. (Modification in comm-ipfw.c)
+<DT>
+Ver.0.57b at 2001.5.11
+<DD>
+Change Lockout time for ipfw exec. (Modification in opengatesrv.h)
+<DT>
+Ver.0.57c at 2001.5.25
+<DD>
+Put out message at Java/JavaScript disabled. (Modification in accept.html)
+<DT>
+Ver.0.57d at 2001.11.21
+<DD>
+Change timeout values (Modification in opengatesrv.h)
+<DT>
+Ver.0.57e at 2002.2.13
+<DD>
+Care for redirect error on IE (Modification in topindex.html)
+<DT>
+Ver.0.60a at 2002.6.17
+<DD>
+Add authentication protocols - RADIUS,PAM,POP3S (Modifications: Makefile, comm-auth.c, utilities.c, opengatesrv.h, opengatesrv.conf. Additions: auth-pam.c, auth-pop3s.c, auth-rad.c)
+<DT>
+Ver.0.60b at 2002.6.18
+<DD>
+Add comments.
+<DT>
+Ver.0.70a at 2002.6.19
+<DD>
+Modify to control multi-language environment (Modifications: Makefile, comm-cgi.c *.html Opengate.java)
+<DT>
+Ver.0.71a at 2002.6.24
+<DD>
+Refine installation procedure (Modifications: Makefile, comm-cgi.c *.html)
+<DT>
+Ver.0.72a at 2002.7.1
+<DD>
+Messages are terminated with CR and LF (Modifications: comm-cgi.c Opengate.java)
+<DT>
+Ver.0.73a at 2002.7.4
+<DD>
+Add jar(java archive) file, modify some documents (Modifications: comm-cgi.c Makefile Add: Opengate.jar)
+<DT>
+Ver.0.73b at 2002.7.10
+<DD>
+Recover error messages added in Ver.0.57c but forgotten in Ver.0.70a (Modifications: accept.html)
+<DT>
+Ver.0.73c at 2002.7.12
+<DD>
+Changes in some documents
+<DT>
+Ver.0.73d at 2002.7.15
+<DD>
+More careful detaching from web server. (Modifications: main.c comm-cgi.c)
+<DT>
+Ver.0.73e at 2002.8.7
+<DD>
+Fix a serious bug in java applet entered at Ver.0.70a. The applet did not return hello to hello request in english message mode.(Modifications: Opengate.java)
+Save index.html created at web server installation. (Modifications: Makefile)
+<DT>
+Ver.0.80a at 2002.8.19
+<DD>
+Add perl script for more flexible firewall control(Modifications: main.c comm-ipfw.c opengatesrv.h Makefile, Additions: conf/opengatefw.pl)
+Fix a small mistake at debug mode (Modifications: auth-pam.c)
+Modify installation procecure. Opengate directory can be set in Makefile(Modifications: Makefile, *.html). Add document to describe the system flow (Additions: doc/progflow.html).
+<DT>
+Ver.0.80b at 2002.8.26
+<DD>
+Fix a bug at checking overlapped request (Modifications: comm-ipfw.c)
+<DT>
+Ver.0.81a at 2002.8.26
+<DD>
+Add link to close network available at No-java mode (Modifications: accept.html, Makefile, comm-cgi.c, comm-java.c, main.c ,opengatesrv.h)
+<DT>
+Ver.0.81b at 2002.8.27
+<DD>
+Remove userid from terminate link string (Modifications: comm-cgi.c, comm-java.c), Modify accept page design (Modifications: accept.html)
+<DT>
+Ver.0.81c at 2002.9.5
+<DD>
+Version up is mistaked. Removed.
+<DT>
+Ver.0.81d at 2002.9.9
+<DD>
+Fix a mistake about URL string in a HTML file. (Modifications: ja/accept.html)
+Remove reference HTML document from archive. Add description about maxuser=0 in installation document.
+<DT>
+Ver.0.81e at 2002.9.10
+<DD>
+Add checking for execl failure (Modifications: comm-ipfw.c, comm-arp.c, main.c)
+<DT>
+Ver.0.82a at 2002.9.25
+<DD>
+Add skeleton routine to get user property (Modifications: opengatesrv.h, Makefile, main.c, comm-ipfw.c, opengatefw.pl, Additions: comm-userdb.c)
+<DT>
+Ver.0.83a at 2002.10.7
+<DD>
+Permit no reply to hello more than one time (Modifications: comm-java.c, opengatesrv.h)
+<DT>
+Ver.0.83b at 2003.1.6
+<DD>
+Add documentation about maximum number of TCP connections (Modifications: install.html, install-e.html)
+<DT>
+Ver.0.90a at 2003.5.6
+<DD>
+Add duration input field in auth page for the demand of long usage without java. To cope with hijacking and notting, mac-address and packet-count are checked periodically. (Modifications: index.html, index-ssl.html, accept.html, comm-cgi.c comm-java.c, comm-arp.c, main.c, opengatesrv.h)
+<DT>
+Ver.0.90b at 2003.5.7
+<DD>
+Reset the DEBUG option. It was misset in the previous version.(Modification: opengatesrv.h)
+<DT>
+Ver.0.90c at 2003.5.15
+<DD>
+Simplify the logic.(Modification: comm-java.c)
+<DT>
+Ver.0.90d at 2003.8.27
+<DD>
+Change message in auth page.(Modification: index.html, index-ssl.html)
+<DT>
+Ver.0.90e at 2003.9.24
+<DD>
+Display (firewall-rule-Number,userID,IPaddress) in process title.(Modification: main.c)
+<DT>
+Ver.0.90f at 2003.9.25
+<DD>
+Add documentation(Modification: errcheck.html,errcheck-e.html)
+<DT>
+Ver.0.90g at 2003.11.28
+<DD>
+Fix PAM-include error occured on FreeBSD 5 (Modification: auth-pam.c)
+<DT>
+Ver.0.90h at 2003.12.8
+<DD>
+Fix Applet-NoReply error occured on some browsers at removing applet page. Modify install document (Modification: Opengate.java and the compiled files, install.html,install-e.html)
+<DT>
+Ver.0.90i at 2003.12.16
+<DD>
+Modify parameters and documentations (Modification: opengatesrv.h, makefile, index.html, index-ssl.html, accept.html, accept2.html, install.html, install-e.html, qa.html, qa-e.html, errcheck.html, errcheck-e.html)
+<DT>
+Ver.0.90j at 2004.9.21
+<DD>
+Fix communication error occured in some pop3/pop3s server (Modification: comm-auth.c, auth-pop3s.c)
+<DT>
+Ver.0.90k at 2005.2.3
+<DD>
+Add links in accept.html to cope with popup-blocked and java-optional browser (Modification: accept.html)
+<DT>
+Ver.0.90l at 2005.2.4
+<DD>
+Fix communication error with ftpserver sent back multi-line greeting. Add error reporting code at fork/exec (Modification:comm-auth.c, comm-ipfw.c)
+<DT>
+Ver.0.90m at 2005.2.7
+<DD>
+Add error check code for ipfw response (Modification:comm-ipfw.c)
+<DT>
+Ver.0.90n at 2005.3.21
+<DD>
+Add no-cache option in authentication pages (Modification:index.html, index-ssl.html)
+<DT>
+Ver.1.0.0 at 2005.5.21
+<DD>
+Stable version is released (Modification;README)
+</DL>
+</BODY>
+</HTML>
--- /dev/null
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+\f
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+\f
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+\f
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+\f
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+\f
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
+
--- /dev/null
+<HTML>\r
+<head>\r
+<title>Opengate Error Check</title>\r
+</head>\r
+\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3>Opengate Error Check</H3>\r
+\r
+<P>\r
+As opengate interacts with many software, it is diffcult to recognize the behavior. Then this memo is prepared to assist debug.\r
+<P>\r
+When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little. \r
+<P>\r
+Opengate uses following files, where the directorys are default. Is these files correctly settled.\r
+\r
+<PRE>\r
+ /usr/local/www/cgi-bin/opengate/opengatesrv.cgi\r
+ /usr/local/www/data/index.html.*\r
+ /usr/local/www/data/opengate/Opengate.class\r
+ /usr/local/www/data/opengate/OpengateClient.class\r
+ /usr/local/www/data/opengate/*/index.html\r
+ /usr/local/www/data/opengate/*/index-ssl.html\r
+ /usr/local/www/data/opengate/*/accept.html\r
+ /usr/local/www/data/opengate/*/accept2.html\r
+ /usr/local/www/data/opengate/*/deny.html\r
+ /etc/opengatesrv.conf\r
+ /etc/opengatefw.pl\r
+ /var/log/opengate.log\r
+</PRE>\r
+And Opengate creates a lock file [/tmp/opengate.lock] at execution. \r
+It can be removed.\r
+<P>\r
+Please understand the basic flow of the system by reading <A HREF=progflow.html>the description of system flow</A>. \r
+<P>\r
+\r
+Following are the checking list for debugging. \r
+<UL>\r
+<LI>Japanese characters in html and java files cannot be understood.\r
+<P>\r
+<UL>\r
+<LI>Html sample files in English are saved in sub directory. Java messages are described in program comments.\r
+</UL>\r
+<P>\r
+<LI>Compiler tells the lack of librarys or headers.\r
+<P>\r
+<UL>\r
+<LI>Opengate after Ver.0.56 can be compiled on FreeBSD Ver.4.1.\r
+</UL>\r
+<P>\r
+\r
+<LI>Cannot redirect web access to gateway machine.\r
+<P>\r
+<UL>\r
+<LI>Opengatesrv.cgi is not yet loaded in this moment.\r
+\r
+<LI>Try to access opengate URL directly. If no response is returned, check the setting of Apache and HTML document directory. Check the Apache access log and Apache error log.\r
+\r
+<LI>Check default directory of Apache document. It may be different to this document.\r
+\r
+<LI>Check ipfw setting. Rule number of foward command must be larger than opengate rule numbers.\r
+\r
+<LI>If error occurs only when accessing sub page(not top page), [PageNotFound] setting in Apache httpd.conf may not be correct. \r
+\r
+<LI> In Microsoft Internet Explorer 5 or later, redirection to a page at [PageNotFound] cannot be done, when the size of the page is less than 512Bytes. Try to increase the size of the top page file larger than 512Bytes by adding space chacters. Reference <a href=http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155</a>.\r
+\r
+<LI>Does the web access pass through the gateway? Only the packet passing through the gateway is redirected.\r
+\r
+<LI>Try to access by IP address. If domain name is not recognized, check the DNS setting.\r
+\r
+<LI>The top page cannot be settled under SSL.\r
+</UL>\r
+<P>\r
+\r
+<LI>Cannot jump to authentication page.\r
+<P>\r
+<UL>\r
+<LI>Many ADDRESS descriptions in HTML files must be changed to your site.\r
+\r
+<LI>Try manual jump. If sccess, check jump description of html.\r
+\r
+<LI>Try non SSL setting. If success, check about SSL.\r
+\r
+<LI>URL in authentication page must be described with full/absolute pass.\r
+</UL>\r
+\r
+<P>\r
+<LI>No reply or error reply to posting userID and password.\r
+<P>\r
+<UL>\r
+<LI>At this moment, [opengatesrv.cgi] is loaded. \r
+ \r
+<LI>The authentication page cannot be the top page. Set up some top page from which authentication page is jumped.\r
+\r
+<LI>Check processes by [ps ax]. If [opengatesrv.cgi] is not loaded, check the directory of CGI and URL description in html file. Check Apache setting about CGI enable and CGI directory.\r
+\r
+<LI>If [opengatesrv.cgi] is loaded, check [/var/log/opengate.log]. Set [#define DEBUG 1] in [opengatesrv.h] for debug output to syslog.\r
+\r
+<LI>Check the firewall rule for the accessed terminal by entering [ipfw list]. Ipfw command requires root permission. Check [opengatesrv.cgi] has root permission.\r
+\r
+<LI>Check [opengatesrv.h] and [Makefile]. Does the settings match to the positions of files?\r
+\r
+<LI>Check applet insertion mark in [accept.html]. Does it match to the [#DEFINE] in [opengatesrv.h]?\r
+\r
+<LI>Check setting of web browser. Is Java Enabled?\r
+\r
+<LI>Check with other web browsers or other OSs. Error may be caused by browser's bug.\r
+\r
+<LI>Check the directory of Java Applet. Does it recognized by web server? Does the Java Applet run normally.\r
+\r
+<LI>Change the host description in [opengatesrv.conf] from domain name to IP address. If success, an error may occur in the name resolution.\r
+</UL>\r
+\r
+<P>\r
+<LI>Access is rejected, even though I send correct password.\r
+<P>\r
+<UL>\r
+<LI>Check [/var/log/opengate.log].\r
+\r
+<LI>Check [opengatesrv.conf]. Is the setting correct? The file must ended with return key.\r
+\r
+<LI>Try to access from gateway console to the authentication server. Does the server reply normally?\r
+\r
+<LI>Opengate assumes that the welcome message of FTP server is only one line. If the server puts out multiple lines, change the server setting or the routine in opengatesrv. Opengate(Ver.0.90l) is modeified to communicate such servers.\r
+\r
+<LI>If the client is already opened, the request form same client is rejected. Check the firewall state by accessing outside. At mulfunction of JavaApplet, the server side program waits for Java Applet connection, and closes firewall after fixed duration. \r
+</UL>\r
+\r
+<P>\r
+<LI>The accept page is displayed and the network is opened. But the network is closed after a while.\r
+<P>\r
+<UL>\r
+<LI>If userID is not shown in the yellow frame layouted in the page, Java Applet loading might be failed. Check the setting relating Java. Standard instalation of Netscape6 and InternetExplorer6 does not include JavaVM. At accessing Java page, download of JavaVM is requested. Please follow the messages. If it does not work, try other browser or other version. Some browser in some version cannot run Java Applet well. It might work after installation of SunJava2.\r
+<LI>If userID is shown, check message displayed by Java Applet. It might be caused by following.\r
+(1)No connection request comes from Java Applet. (2)No reply to hello message comes from Java Applet. (3)No packet from/to the terminal is passed through the gateway for a while. (4) Java Applet is terminated by unknown cause. (5)Server process is terminated by unknown cause.\r
+<LI>At no connection from Java Applet, the network is closed in the following cases. (1)The duration entered in auth page is passed. (2)No packet from/to the terminal is passed through the gateway for a while. (3)Arp command replys the different MAC address. (4)The TERMINATE link in accept page is clicked.\r
+\r
+<LI>\r
+If internet connection firewall(ICF) in WindowsXP is enabled, the connection is closed in some condition, but we cannot identify the condition. If occured, disable the firewall.\r
+\r
+<LI>\r
+In some browser, the connection was closed when the java applet page is removed. The behavior is dissolved in version 0.90h.\r
+\r
+<LI>Check [/var/log/opengate.log].\r
+\r
+<LI> Check above notes relating Java. Check network state with [netstat] or other tools. Check message displayed on web browser.\r
+\r
+<LI>If address translation system such as NAT or Proxy is inserted between the terminal and the gateway, opengate cannot work normally.\r
+</UL>\r
+\r
+<P>\r
+<LI>Accept page may be not normal.\r
+<P>\r
+<UL>\r
+<LI>In normal state, 2pages are displayed. In the first page, java Applet layouts yellow frame and shows user ID. In the second page, some links and cautions are displayed. \r
+<LI>If the yellow frame is not shown, Java Applet might not work normally. Check the items above.\r
+<LI>Second page is started by JavaScript. Check the javaScript setting at mulfunction. The second page exists only for convenience and is not needed for network control. If the window.open is denied only by Internet Explorer, the setting of the browser might corrupt. Reffer <A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A> It is occured in IE6 also.\r
+</UL>\r
+\r
+<P>\r
+<LI>The network is opened without authentication.\r
+<P>\r
+<UL>\r
+<LI>Check the application in client(terminal) machine. Is the web browser really terminated? For example,in MacOS, application can be resident in hidden state. In some OS, the application is resident forever. In this case, Java Applet is needed to modify such as adding close button. \r
+\r
+<LI>When the network is cut off or the terminal system is suddenly terminated, TCP close signal cannot be sent to gateway. Thus detection is delayed until next message exchange. \r
+ \r
+<LI>When ipfw rule is failed to be removed, permanently open state is occured. In such case, remove the rule manually or reboot the system. After Ver.0.90e, a <A HREF=rulechk.txt>script</A> can remove the rules failed to remove at terminating the process.\r
+</UL>\r
+<P>\r
+\r
+<LI>Accept page is displayed, but the network is closed.\r
+<P>\r
+<UL>\r
+<LI>Check ipfw rule with command [ipfw list]. Is the rule sequence correct? \r
+\r
+<LI>Check [/var/log/opengate.log].\r
+\r
+<LI>If redirect page does not include [NoCache] setting, the cached page is loaded responding to the another access. For example, if yahoo access is redirected to the opengate page, another yahoo access loads the cached opengate page, even if the network is opened.\r
+</UL>\r
+\r
+<P>\r
+<LI>I sent correct password, but denied.\r
+<P>\r
+<UL>\r
+<LI>Check the authentication server by sending request from console.\r
+<LI>Check the description in opengatesrv.conf, radius.conf and pam.conf.\r
+<LI>Check [/var/log/opengate.log].\r
+</UL>\r
+\r
+<P>\r
+<LI>Displayed page is not my desired language.\r
+<P>\r
+<UL>\r
+<LI>Check index.html, its directory and Makefile. These language IDs must be same The ID is case sensitive and is two bytes length.\r
+<LI>If you want to add new language, add new directory and files. Then add its ID in makefile. \r
+</UL>\r
+\r
+<P>\r
+<LI>Network troubles increased after the installation of this soft.\r
+<P>\r
+<UL>\r
+Please use latter versions. Do not use before Ver.0.54 which includes a serious bug.\r
+</UL>\r
+\r
+<P>\r
+<LI>Sometimes, there are very long response time (60sec or more) for authentication request.\r
+<P>\r
+<UL>\r
+Please discover the part waisting long time. We experienced following case. The setting "HostnameLookups" in httpd.conf is "On", and DNS servers do not have sufficient informations about clients. Then, very long time is wasted in name lookup. The trouble is canceled by setting the above switch "Off".\r
+</UL>\r
+<P>\r
+<LI>All is checked. I cannot know what to do.\r
+<P>\r
+<UL>\r
+<LI>Set [#define DEBUG 1] in [opengatesrv.h]. Program tracing is put out in syslog.\r
+<LI>Insert [err_msg()] in proper place in the program to get debug print. The function put out message to syslog. The sample usage exists in the program. Format is same as [printf()].\r
+<P>\r
+</UL>\r
+</UL>\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<html LANG="jp">\r
+<head>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
+\r
+<title>Opengate Error Check</title>\r
+</head>\r
+\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3>Opengate \83G\83\89\81[\83`\83F\83b\83N\8d\80\96Ú</H3>\r
+\r
+<P>\r
+Opengate \82Í\91½\82\82Ì\83\\83t\83g\83E\83F\83A\82Ì\8aÔ\82Ì\92\87\89î\82ð\8ds\82¤\82à\82Ì\82Å\82·\82Ì\82Å\81A\89½\82ª\8bN\82«\82Ä\82¢\82é\82Ì\82©\94»\92f\82ª\93ï\82µ\82¢\82Å\82·\81B\82Ü\82½\8c»\8fó\82Å\82Í\83f\83o\83b\83O\82Ì\82½\82ß\82É\90ê\97p\82Ì\8b@\94\\82Í\90Ý\92è\82µ\82Ä\82 \82è\82Ü\82¹\82ñ\81B\82»\82±\82Å\81A\82±\82Ì\83\81\83\82\82Í\81A\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82à Opengate \82ª\93®\82©\82È\82¢\8e\9e\82Ì\8eQ\8dl\82Ì\82½\82ß\82É\8bL\82µ\82Ü\82·\81B\r
+<P>\r
+\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\93Á\82É ipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B\r
+<P>\r
+Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\r
+\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B\r
+<PRE>\r
+ /usr/local/www/cgi-bin/opengate/opengatesrv.cgi\r
+ /usr/local/www/data/index.html.*\r
+ /usr/local/www/data/opengate/Opengate.class\r
+ /usr/local/www/data/opengate/OpengateClient.class\r
+ /usr/local/www/data/opengate/*/index.html\r
+ /usr/local/www/data/opengate/*/index-ssl.html\r
+ /usr/local/www/data/opengate/*/accept.html\r
+ /usr/local/www/data/opengate/*/accept2.html\r
+ /usr/local/www/data/opengate/*/deny.html\r
+ /etc/opengatesrv.conf\r
+ /etc/opengatefw.pl\r
+ /var/log/opengate.log\r
+</PRE>\r
+\82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä /tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\r
+\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B\r
+<P>\r
+
\95Ê
\82É
\81A<A HREF=progflow.html>
\83v
\83\8d\83O
\83\89\83\80\83t
\83\8d\81[
\89ð
\90à</A>
\82ð
\97p
\88Ó
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\83v
\83\8d\83O
\83\89\83\80\82Ì
\8aî
\96{
\93I
\82È
\93®
\82«
\82ð
\94c
\88¬
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81B
\r+<P>\r
+\r
+\r
+\88È\89º\81A\8fÇ\8fó\96\88\82É\97ñ\8b\93\82µ\82Ü\82·\81B\r
+<UL>\r
+<LI>\83\89\83C\83u\83\89\83\8a\93\99\82ª\95s\91«\82µ\82Ä\82¢\82é\82Æ\82Ì\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\8fo\82Ü\82·\81B\r
+<P>\r
+<UL>\r
+<LI>Ver.0.56\88È\8d~\82Í\81AFreeBSDv4\82É\82Ä\93®\8dì\8am\94F\82µ\82Ä\82¢\82Ü\82·\81BFreeBSD3\82Å\82Í\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\94\90¶\82µ\82Ü\82·\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\83Q\81[\83g\83E\83F\83C\82Ì\83z\81[\83\80\83y\81[\83W\82Ö\83\8a\83_\83C\83\8c\83N\83g\82µ\82È\82¢\81B\r
+<P>\r
+<UL>\r
+<LI>\82±\82Ì\92i\8aK\82Å\82ÍOpengatesrv.cgi\82Ì\96{\91Ì\82Í\96³\8aÖ\8cW\82Å\82·\81B\r
+\r
+<LI>\93\96\83z\81[\83\80\83y\81[\83W\82ð\8ew\92è\82µ\82½\82Æ\82«\82Í\90³\8fí\82É\95\\8e¦\82³\82ê\82Ü\82·\82©\81B\82»\82¤\82Å\82È\82¢\82Æ\82«\82Í Apache \82Ì\90Ý\92è\82Ü\82½\82Í\83h\83L\83\85\83\81\83\93\83g\83t\83@\83C\83\8b\82Ì\88Ê\92u\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½Apache\82Ì\83A\83N\83Z\83X\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8am\94F\89º\82³\82¢\81B\r
+\r
+<LI>Apache\82Í\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\83f\83B\83\8c\83N\83g\83\8a\82Ì\88Ê\92u\82ª\95Ï\82í\82Á\82Ä\82¢\82Ü\82·\81B\83C\83\93\83X\83g\81[\83\8b\83\81\83\82\82Æ\82Í\88Ù\82È\82é\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B\r
+\r
+<LI>ipfw \82Ì\90Ý\92è\82Í\90³\82µ\82¢\82Å\82·\82©\81B\93Á\82Éfwd\82Ì\88Ê\92u\82ª\92Ç\89Á\83\8b\81[\83\8b\82æ\82è\97D\90æ\8f\87\88Ê\82ª\92á\82\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\82Ì\82ª\83T\83C\83g\82Ì\83g\83b\83v\83y\81[\83W\88È\8aO\82Ì\8fê\8d\87\81A\83g\83b\83v\83y\81[\83W\82Å\8e\8e\82µ\82Ä\82\82¾\82³\82¢\81B\82±\82ê\82Å\82¤\82Ü\82\82¢\82\82Ì\82Å\82 \82ê\82Î\81AApache httpd.conf\82É\82¨\82¢\82Ä PageNotFound \83G\83\89\81[\82Ì\82Æ\82«\82É\83g\83b\83v\83y\81[\83W\82ð\95\\8e¦\82·\82é\82æ\82¤\90Ý\92è\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>Microsoft Internet Explorer 5
\88È
\8d~
\82Í
\81A
\83\8a\83_
\83C
\83\8c\83N
\83g
\90æ
\82Ì
\83y
\81[
\83W
\82ª512
\83o
\83C
\83g
\88È
\8fã
\82Å
\82È
\82¢
\82Æ
\81APageNotFound
\8e\9e\82Ì
\83\8a\83_
\83C
\83\8c\83N
\83g
\95\
\8e¦
\82ª
\82¤
\82Ü
\82
\82¢
\82«
\82Ü
\82¹
\82ñ
\81B
\83g
\83b
\83v
\83y
\81[
\83W
\82É
\8bó
\94\92\82ð
\90\94\95S
\83o
\83C
\83g
\92Ç
\89Á
\82µ
\82Ä
\82Ý
\82Ä
\82
\82¾
\82³
\82¢
\81B
\8eQ
\8dl
\8fî
\95ñ
\82Í<a href=http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp>http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp</a>
\82Å
\82·
\81B
\r+\r
+<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\83T\83C\83g\82Í\93\96\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82Á\82½\90æ\82É\90Ý\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82é\92Ê\90M\82µ\82©\83\8a\83_\83C\83\8c\83N\83g\82Å\82«\82Ü\82¹\82ñ\81B\r
+\r
+<LI>\96¼\91O\82ª\89ð\8eß\82Å\82«\82È\82¢\82Ì\82È\82ç\81ADNS\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\8dÅ\8f\89\82Ì\89æ\96Ê\82ÍSSL\89»\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Ì\93ü\97Í\89æ\96Ê\82Ö\88Ú\8ds\82µ\82È\82¢\81B\r
+<P>\r
+<UL>\r
+<LI>HTML\83t\83@\83C\83\8b\82Ì\82 \82¿\82±\82¿\82É\83A\83h\83\8c\83X\82ª\8f\91\82©\82ê\82Ä\82¢\82Ü\82·\81B\82à\82ê\82È\82\8e©\95ª\82Ì\82Æ\82±\82ë\82Ì\83A\83h\83\8c\83X\82É\8f\91\82«\8a·\82¦\82Ä\82\82¾\82³\82¢\81B\r
+\r
+<LI>\8e©\93®\88Ú\93®\82ð\90Ý\92è\82µ\82Ä\82¢\82é\8fê\8d\87\82Í\8eè\93®\88Ú\93®\82Å\82Í\82Ç\82¤\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\82r\82r\82k\89»\82µ\82Ä\82 \82ê\82Î\81A\82Ü\82¸\82Í\82r\82r\82k\96³\82µ\82Å\93®\82\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\88Ú\8ds\90æ\83A\83h\83\8c\83X\82Ì\8bL\8fq\82Í\81A\91\8a\91Î\83p\83X\82Å\82Í\82È\82\83t\83\8b\83p\83X\82Å\8ew\92è\82\82¾\82³\82¢\81B\r
+</UL>\r
+<P>\r
+<LI>\83\86\81[\83U ID \82Æ\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82à\95Ô\8e\96\82ª\82È\82¢\81B\82Ü\82½\82Í\81AWeb \82ª\83G\83\89\81[\82ð\8bA\82·\81B\r
+<P>\r
+<UL>\r
+<LI>\82±\82Ì\92i\8aK\82Å Opengatesrv.cgi \83v\83\8d\83O\83\89\83\80\82ª\8bN\93®\82µ\82Ü\82·\81B\82æ\82Á\82Ä\97l\81X\82È\83G\83\89\81[\82Ì\89Â\94\\90«\82ª\82 \82è\82Ü\82·\81B\r
+\r
+<LI>\83g\83b\83v\83y\81[\83W\82ð\8fÈ\97ª\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\82Ö\83\8a\83_\83C\83\8c\83N\83g\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\82Æ\93®\82«\82Ü\82¹\82ñ\81B\95K\82¸\82P\83y\81[\83W\8co\97R\82µ\82Ä\82\82¾\82³\82¢\81B\r
+\r
+<LI>\81ups ax\81v\82É\82Ä\83v\83\8d\83Z\83X\8fó\8bµ\82ð\8am\94F\82\82¾\82³\82¢\81Bopengatesrv.cgi \82ª\8bN\93®\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\8bN\93®\82³\82ê\82Ä\82¢\82È\82¢\82È\82ç\81Acgi \82Ì\92u\82«\8fê\8f\8a\82ª\81A\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\93à\82Ì\8ew\92è\82Æ\8b¶\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\82³\82ç\82É Apache \82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81Acgi \82Ì\8fê\8f\8a\82â\89Ò\93®\8b\96\89Â\82Ì\90Ý\92è\82ª\8aÔ\88á\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>opengatesrv.cgi \82Ì\83v\83\8d\83Z\83X\82ª\8bN\93®\82³\82ê\82Ä\82¢\82é\82È\82ç /var/log/opengate.log \82ð\8am\94F\82\82¾\82³\82¢\81B\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82É\91Î\89\9e\82\82¾\82³\82¢\81B\82Ü\82½\81Aopengatesrv.h\92\86\82Å\81u#define DEBUG 1\81v\82ð\8ew\92è\82·\82é\82Æ\81A\8dì\90¬\8aÖ\90\94\8aÔ\82Ì\8cÄ\82Ñ\8fo\82µ\82ªlog\82É\8bL\98^\82³\82ê\82Ü\82·\82Ì\82Å\81A\96â\91è\82Ì\90Ø\82è\95ª\82¯\82É\97\98\97p\82Å\82«\82Ü\82·\81B\r
+\r
+<LI>\81uipfw list\81v\82É\82Ä\81A\83A\83N\83Z\83X\82µ\82½\92[\96\96\82É\91Î\82·\82é\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81Bipfw \82Í root \8c \8cÀ\82ª\95K\97v\82Å\82·\81B\82à\82µ\92Ç\89Á\82³\82ê\82Ä\82¢\82È\82¢\8fê\8d\87\82É\82Í\81Aopengatesrv.cgi \82ª root \8c \8cÀ\82Å\93®\82\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\83w\83b\83_\81[\83t\83@\83C\83\8b opengatesrv.h \81AMakefile\93à\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82»\82ê\82Æ Web \83h\83L\83\85\83\81\83\93\83g\93\99\82Ì\83t\83@\83C\83\8b\88Ê\92u\82Í\8d\87\92v\82µ\82Ä\82¢\82Ü\82·\82©\81B\r
+\r
+<LI>accept.html \82Ì\92\86\82É\81AApplet \91}\93ü\88Ê\92u\8ew\92è\82ª\90³\82µ\82\8ew\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\r
+\r
+<LI>Web\83u\83\89\83E\83U\82ÍJava\82ª\89Ò\93®\89Â\94\\82Ì\90Ý\92è\82É\82È\82Á\82Ä\82¢\82Ü\82·\82©\81B\r
+\r
+<LI>\91¼\82ÌWeb\83u\83\89\83E\83U\82âOS\82Å\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>Java \82Í\90³\82µ\82¢\88Ê\92u\82É\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\82©\81B\82»\82Ì Java \82Í\90³\8fí\82É\93®\82\83v\83\8d\83O\83\89\83\80\82Å\82·\82©\81B\r
+\r
+<LI>conf\83t\83@\83C\83\8b\92\86\82Ì\83T\81[\83o\83A\83h\83\8c\83X\82ð\96¼\91O\82Å\82Í\82È\82\81A\90\94\8e\9a\95\\8bL\82É\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\r
+</UL>\r
+<P>\r
+<LI>\90³\82µ\82\83p\83X\83\8f\81[\83h\82ð\93ü\82ê\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B\r
+<P>\r
+<UL>\r
+<LI>/var/log/opengate.log\82ð\92²\82×\82Ä\82\82¾\82³\82¢\81B\r
+\r
+<LI>server\96¼\82ªconf\83t\83@\83C\83\8b\82É\82 \82é\82Ì\82É\96³\82¢\82Ælog\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\81Aconf\83t\83@\83C\83\8b\82Ì\96\96\94ö\82É\89ü\8ds\82ª\94²\82¯\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\81B\r
+\r
+<LI>\83R\83\93\83\\81[\83\8b\82©\82ç\94F\8fØ\83T\81[\83o\82Ö\83A\83N\83Z\83X\82µ\82Ä\82Ý\82Ä\90³\82µ\82\93®\82\82©\8am\94F\89º\82³\82¢\81B\r
+\r
+<LI>FTP\83T\81[\83o\82É\82æ\82Á\82Ä\82Í\81AWelcome\83\81\83b\83Z\81[\83W\82È\82Ç\82ª\95¡\90\94\8ds\82É\82È\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\82ª\81AOpengate\82Í\88ê\8ds\82ð\89¼\92è\82µ\82Ä\93®\8dì\82µ\82Ü\82·\81BFTP\83T\81[\83o\82Ì\90Ý\92è\82ð\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\r
+\95Ï\8dX\95s\89Â\82È\82çOpengate\82Ì\89ï\98b\95\94\95ª\83\\81[\83X\82Ì\95Ï\8dX\82Å\91Î\89\9e\89º\82³\82¢\81BVer.0.90l\82Å\95¡\90\94\8ds\82É\91Î\89\9e\82µ\82Ü\82µ\82½\81B\r
+\r
+<LI>\8aJ\95ú\8dÏ\82Ì\92[\96\96\82©\82ç\8fd\95¡\82µ\82Ä\97v\8b\81\82ª\97\88\82é\82Æ\8b\91\94Û\82µ\82Ü\82·\81B\82»\82Ì\82Ü\82Ü\8aO\82Ì\83T\83C\83g\82ª\8c©\82¦\82é\82È\82ç\8aJ\95ú\82³\82ê\82Ä\82¢\82Ü\82·\81BJavaApplet\82ª\8bN\93®\82É\8e¸\94s\82µ\82½\8fê\8d\87\82Í\81A\83T\81[\83o\91¤\83v\83\8d\83Z\83X\82ÍJavaApplet\82ª\90Ú\91±\82µ\82Ä\82\82é\82Ì\82ðfirewall\82ð\8aJ\95ú\82µ\82Ä\88ê\92è\8e\9e\8aÔ\91Ò\82¿\81A\95Â\8d½\82µ\82Ä\8fI\97¹\82µ\82Ü\82·\81B\r
+\r
+</UL>\r
+\r
+<P>\r
+<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82ª\82µ\82Î\82ç\82\8co\82Â\82Æ\83l\83b\83g\83\8f\81[\83N\82ª\90Ø\92f\82³\82ê\82é\81B\r
+<P>\r
+<UL>\r
+<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82É\81A\89©\90F\82¢\83t\83\8c\81[\83\80\82Å\83\86\81[\83U\96¼\95\\8e¦\82ª\8fo\82Ä\82¢\82Ü\82·\82©\81B\8fo\82Ä\82¢\82È\82¯\82ê\82Î\81AJava\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82æ\82¤\82Å\82·\81BJava\8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82È\82¨Netscape6\81AInternetExplorer6\82Í\81A\95W\8f\80\83C\83\93\83X\83g\81[\83\8b\82Å\82ÍJava\82ª\93ü\82è\82Ü\82¹\82ñ\81B\8dÅ\8f\89\82ÌJava\83y\81[\83W\83A\83N\83Z\83X\8e\9e\82É\83_\83E\83\93\83\8d\81[\83h\82ª\97v\8b\81\82³\82ê\82Ü\82·\82Ì\82Å\83\81\83b\83Z\81[\83W\82É\8f]\82Á\82Ä\93±\93ü\82\82¾\82³\82¢\81B\82»\82ê\82Å\82à\93®\8dì\82ª\82¨\82©\82µ\82¢\8fê\8d\87\82Í\95Ê\82Ì\83u\83\89\83E\83U\82ð\8eg\82Á\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\82ÍJava\82ª\93®\82©\82È\82¢\8e\96\82ª\82 \82è\82Ü\82·\81BSunJava2\82ð\93±\93ü\82µ\82Ä\8c©\82Ä\82\82¾\82³\82¢\81B\r
+<LI>\8fo\82Ä\82¢\82ê\82Î\81AJavaApplet\82Ì\8fo\82·\83\81\83b\83Z\81[\83W\82ð\8am\94F\82\82¾\82³\82¢\81B\88È\89º\82Ì\8c´\88ö\82ª\8dl\82¦\82ç\82ê\82Ü\82·\81B(1)\83_\83E\83\93\83\8d\81[\83h\82µ\82½Java\82©\82ç\83T\81[\83o\82É\91Î\82µ\82Ä\83R\83l\83N\83g\82µ\82Ä\82±\82È\82¢\81B(2)Java\82ª\92è\8aú\92Ê\90M\82É\89\9e\93\9a\82µ\82È\82¢\81B(3)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(4)Java\8fI\97¹\82È\82Ç\82ÅTCP\83R\83l\83N\83V\83\87\83\93\82ª\95Â\82¶\82½\81B(5)\83T\81[\83o\83v\83\8d\83O\83\89\83\80\82ª\89½\82ç\82©\82Ì\8c´\88ö\82Å\8fI\97¹\82µ\82½\81B\r
+<LI>Java\82ª\83R\83l\83N\83g\82µ\82Ä\97\88\82È\82¢\8e\9e\82Í\81A\88È\89º\82Ì\8fê\8d\87\82É\95Â\8d½\82µ\82Ü\82·\81B(1)\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8e\9e\8aÔ\82ª\8co\89ß\82µ\82½\81B(2)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(3)\94F\8fØ\8e\9e\82Æ\88Ù\82È\82éMAC\83A\83h\83\8c\83X\82ª\8c\9f\8fo\82³\82ê\82½\81B(4)\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\83\8a\83\93\83N\82ª\89\9f\82³\82ê\82½\81B\r
+<LI>WindowsXP\82Ì\83C\83\93\83^\81[\83l\83b\83g\90Ú\91±\83t\83@\83C\83A\83E\83H\81[\83\8b(ICF)\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\8fê\8d\87\82É\81A\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\81A\82Ç\82Ì\82æ\82¤\82È\8fð\8c\8f\89º\82Å\94\90¶\82·\82é\82©\82Í\94c\88¬\82Å\82«\82Ä\82¢\82Ü\82¹\82ñ\81B\94\90¶\82·\82é\8fê\8d\87\82Í\8aO\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\r
+<LI>\r
+\83u\83\89\83E\83U\82É\82æ\82Á\82Ä\82Í\81AJavaApplet\95\\8e¦\83y\81[\83W\82©\82ç\83y\81[\83W\82ð\88Ú\93®\82·\82é\82Æ\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\82ª\81AVer0.90h\82Å\89ð\8fÁ\82µ\82Ü\82µ\82½\81B\r
+\r
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
+\r
+<LI>\8fã\8bL\8d\80\96Ú\82Ì Java \8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½ netstat \93\99\82Å\83l\83b\83g\83\8f\81[\83N\8fó\8bµ\82ð\94c\88¬\82\82¾\82³\82¢\81BWeb\83u\83\89\83E\83U\89º\95\94\82Ì\83\81\83b\83Z\81[\83W\8ds\82É\89½\82©\8fo\82Ä\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É\83L\83\83\83b\83V\83\85\83T\81[\83o\82âNAT\81CProxy\82È\82Ç\82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\82»\82Ì\83T\81[\83o\82Ì IP \83A\83h\83\8c\83X\82ð\92[\96\96\83A\83h\83\8c\83X\82Æ\8cë\89ð\82·\82é\82½\82ß\81AApplet \82ª\90³\8fí\93®\8dì\82µ\82Ü\82¹\82ñ\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B\r
+\r
+</UL>\r
+<P>\r
+<LI>\97\98\97p\8b\96\89Â\83y\81[\83W\82Ì\95\\8e¦\82ª\82¨\82©\82µ\82¢\81B\r
+<P>\r
+<UL>\r
+<LI>\90³\8fí\82Å\82 \82ê\82Î\81A2\96\87\82Ì\83y\81[\83W\82ª\8fd\82È\82Á\82Ä\95\\8e¦\82³\82ê\82Ü\82·\81B\91æ1\83y\81[\83W\82É\82Í\81AJavaApplet\82ª\89©\90F\82Ì\98g\82Ì\92\86\82É\83\86\81[\83UID\93\99\82ð\95\\8e¦\82µ\82Ü\82·\81B\91æ2\83y\81[\83W\82É\82Í\81A\8ae\8eí\83\8a\83\93\83N\82Æ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ª\92u\82©\82ê\82Ü\82·\81B\r
+<LI>\91æ1\83y\81[\83W\82É\89©\90F\82¢\98g\82ª\8fo\82È\82¢\8fê\8d\87\82Í\81AJavaApplet\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82Æ\8dl\82¦\82ç\82ê\82Ü\82·\81B\8fã\8bL\82Ì\8d\80\96Ú\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B\r
+<LI>
\91æ2
\83y
\81[
\83W
\82ÍJavaScript
\82Å
\8fo
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\8fo
\82È
\82¢
\8fê
\8d\87\82ÍJavaScript
\8aÖ
\98A
\82ª
\8b^
\82í
\82µ
\82¢
\82Å
\82·
\81B
\82½
\82¾
\82µ
\81A
\83y
\81[
\83W
\82ª
\8fo
\82È
\82
\82Ä
\82à
\97\98\97p
\82É
\8ex
\8fá
\82Í
\82 \82è
\82Ü
\82¹
\82ñ
\81B
\82È
\82¨
\81AInterner Explorer
\82Ì
\8fê
\8d\87\82Ì
\82Ý
\8bN
\82±
\82é
\82Ì
\82Å
\82 \82ê
\82Î
\81A
\83u
\83\89\83E
\83U
\82Ì
\90Ý
\92è
\82ª
\89ó
\82ê
\82Ä
\82¢
\82é
\82½
\82ß
\82©
\82à
\92m
\82ê
\82Ü
\82¹
\82ñ
\81B
\91¼
\82Ì
\83y
\81[
\83W
\82Å
\82à
\93¯
\8c»
\8fÛ
\82ª
\82 \82ê
\82Î
\88È
\89º
\82ð
\8c©
\82Ä
\82
\82¾
\82³
\82¢
\81B<A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A>
\81BIE6
\82Å
\82à
\8bN
\82«
\82Ü
\82µ
\82½
\81B
\r+</UL>\r
+\r
+<P>\r
+<LI>\97\98\97p\94F\8fØ\82ð\92Ê\82ç\82È\82\82Ä\82à\8dÅ\8f\89\82©\82ç\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82é\81B\r
+<P>\r
+<UL>\r
+<LI>\83N\83\89\83C\83A\83\93\83g\83}\83V\83\93\82ÉWeb\83u\83\89\83E\83U\82ª\8fí\92\93\82µ\82Ä\82¢\82Ü\82¹\82ñ\82©\81BMacintosh\82Å\82Í\81A\89æ\96Ê\8fã\82É\96³\82\82Ä\82à\89E\8fã\92[\82Ì\83A\83v\83\8a\83P\81[\83V\83\87\83\93\83\81\83j\83\85\81[\82É\8ec\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\82 \82é\8eí\82ÌOS\82Å\82Í\8fI\97¹\82Ì\8aT\94O\82Ì\82È\82¢\82à\82Ì\82ª\82 \82è\82Ü\82·\81B\82±\82Ì\8fê\8d\87\82Í\81Ajava\82É\8fI\97¹\83{\83^\83\93\82ð\95t\89Á\82·\82é\82È\82Ç\82Ì\83v\83\8d\83O\83\89\83\80\95Ï\8dX\82ª\95K\97v\82Å\82·\81B\r
+\r
+<LI>\83V\83X\83e\83\80\82Ì\93Ë\91R\92â\8e~\82â\83l\83b\83g\83\8f\81[\83N\82Ì\90Ø\92f\82Ì\82Æ\82«\82É\82Í\81A\83R\83l\83N\83V\83\87\83\93\82Ì\8fI\97¹\82ª\83T\81[\83o\82É\91Î\82µ\82Ä\91¦\8e\9e\82É\93`\82í\82è\82Ü\82¹\82ñ\81Bopengatesrv \82Í\81A\8e\9f\82Ì\92è\8aú\98A\97\8d\82Ì\8e\9e\82É\82»\82ê\82ð\8c\9f\8fo\82µ\82Ü\82·\82Ì\82Å\81A\82µ\82Î\82ç\82\91Ò\82Ä\82Î\95Â\8d½\82³\82ê\82é\82Í\82¸\82Å\82·\81B\r
+\r
+<LI>
\82¢
\82Â
\82Ü
\82Å
\82à
\95Â
\8d½
\82³
\82ê
\82È
\82¢
\8fê
\8d\87\82Í
\81A
\89½
\93\99\82©
\82Ì
\8c´
\88ö
\82Å ipfw
\82Ì
\83\8b\81[
\83\8b\82ª
\90¶
\82«
\8ec
\82Á
\82Ä
\82µ
\82Ü
\82Á
\82½
\82à
\82Ì
\82Æ
\8ev
\82í
\82ê
\82Ü
\82·
\81B
\8eè
\93®
\82Å
\8dí
\8f\9c\82·
\82é
\82©
\83V
\83X
\83e
\83\80\82ð
\83\8a\83u
\81[
\83g
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81BVer.0.90e
\88È
\8d~
\82Å
\82 \82ê
\82Î
\81A
\83v
\83\8d\83Z
\83X
\82Ì
\88Ù
\8fí
\8fI
\97¹
\8e\9e\82É
\90¶
\82«
\8ec
\82Á
\82½
\83\8b\81[
\83\8b\82ð
\92T
\82µ
\82Ä
\8dí
\8f\9c\82·
\82é<A HREF=rulechk.txt>
\83X
\83N
\83\8a\83v
\83g</A>
\82ª
\97\98\97p
\82Å
\82«
\82Ü
\82·
\81B
\r+\r
+<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É NAT \82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\93¯\88ê\83A\83h\83\8c\83X\82ð\8b¤\97L\82·\82é\82±\82Æ\82É\82È\82è\82Ü\82·\82Ì\82Å\81A\88ê\90l\82ª\8aJ\82¯\82ê\82Î\8b¤\97L\82³\82ê\82Ü\82·\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\97\98\97p\8b\96\89Â\82ð\92Ê\82Á\82½\82Ì\82É\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82È\82¢\81B\r
+<P>\r
+<UL>\r
+<LI>\81uipfw list\81v\82Å ipfw \82Ì\83\8b\81[\83\8b\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83\8b\82Ì\97D\90æ\8f\87\93\99\82Å\96µ\8f\82\82Í\82È\82¢\82Å\82·\82©\81B\83u\81[\83g\8e\9e\82Éipfw \8bN\93®\83G\83\89\81[\83\81\83b\83Z\81[\83W\82Í\8fo\82Ä\82È\82¢\82Å\82µ\82å\82¤\82©\81B\r
+\r
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
+\r
+<LI>Redirect\82³\82ê\82étoppage\82ª\81uNoCache\81v\82Ì\90Ý\92è\82ð\8e\9d\82Á\82Ä\82¢\82È\82¢\82Æ\81A\8dÄ\93x\82Ì\83A\83N\83Z\83X\82Å\82Í\83L\83\83\83b\83V\83\85\82ª\8eg\82í\82ê\82é\81B\97á\82¦\82Î\81AYahoo\83A\83N\83Z\83X\82ªOpengate\82ÖRedirect\82³\82ê\82½\82Æ\82«\82Í\81A\97á\82¦\83l\83b\83g\83\8f\81[\83N\82ª\8aJ\82¢\82Ä\82¢\82Ä\82à\81AYahoo\83A\83N\83Z\83X\82É\91Î\82µ\82ÄOpengate\82Ì\83y\81[\83W\82ª\83L\83\83\83b\83V\83\85\82©\82ç\8eæ\82è\8fo\82³\82ê\82é\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B\r
+<P>\r
+<UL>\r
+<LI>\97\98\97p\82µ\82Ä\82¢\82é\94F\8fØ\83T\81[\83o\82É\91Î\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\94F\8fØ\83T\81[\83o\82Ì\8fó\91Ô\82ð\8am\94F\82\82¾\82³\82¢\81B\r
+\r
+<LI>/etc/opengatesrv.conf, radius.conf, pam.conf \82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82ª\82¨\82©\82µ\82\82È\82¢\82Å\82·\82©\81B\r
+\r
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
+</UL> \r
+\r
+<P>\r
+<LI>\83y\81[\83W\82ª\96]\82Þ\8c¾\8cê\88È\8aO\82Å\95\\8e¦\82³\82ê\82é\81B\r
+<P>\r
+<UL>\r
+<LI>index.html\93à\82Ì\8bL\8fq\81A \82»\82Ì\83f\83B\83\8c\83N\83g\83\8a\96¼\81A makefile\93à\82Ì\8bL\8fq\82ð\8am\82©\82ß\82Ä\82\82¾\82³\82¢\81B\8c¾\8cê\8ew\92è\82ÌID\82Í\88ê\92v\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81BID\82Í\91å\95¶\8e\9a\81A\8f¬\95¶\8e\9a\82à\8bæ\95Ê\82µ\82Ü\82·\81BID\82Í2\95¶\8e\9a\82ð\8eg\97p\82µ\82Ü\82·\81B\r
+<LI>\90V\82µ\82¢\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8e\9e\82Í\81A\93¯\97l\82È\8c`\8e®\82Å\83f\83B\83\8c\83N\83g\83\8a\82É\83t\83@\83C\83\8b\82ð\94z\92u\82µ\81AMakefile\82ÉID\82ð\92Ç\89Á\82\82¾\82³\82¢\81B\r
+</UL>\r
+\r
+<P>\r
+<LI>\93±\93ü\88È\8d~\81A\83T\81[\83o\82Ì\83l\83b\83g\83\8f\81[\83N\83g\83\89\83u\83\8b\82ª\91½\82¢\82æ\82¤\82¾\81B\r
+<P>\r
+<UL>\r
+<LI>\r
+\82Å\82«\82é\82¾\82¯\90V\82µ\82¢\82à\82Ì\82ð\97\98\97p\89º\82³\82¢\81B\93Á\82ÉVer.0.54\88È\91O\82É\82Í\81C\92·\8aú\89^\97p\82É\8dÛ\82µ\82Ä\92v\96½\93I\82È\83G\83\89\81[\82ð\8bN\82±\82·\83v\83\8d\83O\83\89\83\80\83~\83X\82ð\8aÜ\82ñ\82Å\82¢\82Ü\82µ\82½\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\94F\8fØ\92Ê\89ß\82É1\95ª\88È\8fã\82à\8a|\82©\82é\82±\82Æ\82ª\82 \82é\81B\r
+<P>\r
+<UL>\r
+<LI>\r
+\82Ü\82¸\82Í\82Ç\82±\82Å\8e\9e\8aÔ\82ð\97v\82µ\82Ä\82¢\82é\82©\82ð\90Ø\82è\95ª\82¯\82Ä\89º\82³\82¢\81B\93\96\95û\82Å\82Í\81AApache\82Ìhttpd.conf\82É\82¨\82¢\82Ä"HostnameLookups On"\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82½\82½\82ß\81A\96¼\91O\89ð\8c\88\82É\8e\9e\8aÔ\82ð\97v\82µ\82½\82±\82Æ\82ª\82 \82è\82Ü\82·\81BOff\82É\90Ý\92è\82µ\82Ä\89ð\8c\88\82µ\82Ü\82µ\82½\81B\r
+</UL>\r
+<P>\r
+\r
+<LI>\82Ç\82¤\82µ\82æ\82¤\82à\82È\82\82È\82Á\82½\82Æ\82«\r
+<P>\r
+<UL>\r
+<LI>\r
+opengatesrv/opengatesrv.h\92\86\82É\81u#define DEBUG\81v\82Ì\92è\8b`\82ª\82 \82è\82Ü\82·\81B\82±\82ê\82ð\81u1\81v\82É\90Ý\92è\82·\82é\82Æ\81Aopengate.log\82É\83f\83o\83b\83O\8fo\97Í\82ª\8fo\82Ü\82·\81B\82Ü\82½\81Aerr_msg()\8aÖ\90\94\82Í\81A\8fo\97Í\82ðopengate.log\82É\8fo\82µ\82Ü\82·\81B\93K\93\96\82È\88Ê\92u\82É\91}\93ü\82µ\82Ä\89º\82³\82¢\81B\8eg\82¢\95û\82Í\81A\83v\83\8d\83O\83\89\83\80\92\86\82Ì\97á\82ð\8c©\82ê\82Î\95ª\82©\82é\82Æ\8ev\82¢\82Ü\82·\82ª\81Aprintf()\8aÖ\90\94\82Æ\93¯\82¶\95¶\96@\82Å\82·\81B\r
+</UL>\r
+</UL>\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<HTML>\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3>Opengate Install Procedure</H3>\r
+\r
+<UL>\r
+<LI>Machines and Networks\r
+\r
+<UL>\r
+<LI>Gateway Machine<BR>\r
+FreeBSD Ver4.x or 5.x, Having Two EtherBoard\r
+<P>\r
+<LI>Authentication Server<BR>\r
+Need POP3 server, POP3S server, FTP server, RADIUS server ,or some auth methods via PAM.\r
+<P>\r
+<LI>Network to which Client Terminals are connected<BR>\r
+Don't insert any address conversion system such as NAT or Proxy between gateway and client.\r
+</UL>\r
+<P>\r
+<LI>Prepare kernel having ipfw function<BR>\r
+<PRE>\r
+cd /usr/src/sys/i386/conf\r
+cp GENERIC MYKERNEL\r
+edit MYKERNEL\r
+ insert following 3 lines\r
+ options IPFIREWALL\r
+ options IPFIREWALL_FORWARD\r
+ options IPDIVERT\r
+\r
+config MYKERNEL\r
+cd ../compile/MYKERNEL\r
+make depend\r
+make\r
+make install\r
+</PRE>\r
+\r
+<LI>Tuning of network setting<BR>\r
+\r
+This section is needed when you apply this software to an environment \r
+where many clients are connected.\r
+In such case, modification is recommended about the following two values.\r
+<PRE>\r
+kern.ipc.somaxconn\r
+ Maximum number of TCP connections(default=128).\r
+ As Opengate server keeps TCP connection with each terminal, \r
+ the number must be set larger than the number of terminals.\r
+\r
+kern.ipc.nmbclusters\r
+ Maximum number of mbuf clusters (1cluster=2KB). It needs "send/recv \r
+ buffer size(default=32KB)" x "number of connections". \r
+ The usage statistics is shown by "netstat -m".\r
+</PRE>\r
+For example, these values are set as follows. \r
+Be care about the memory size for mbuf (following setting needs 128MB).\r
+<PRE>\r
+Add two lines in the file "/etc/sysctl.conf".\r
+ kern.ipc.somaxconn=4096\r
+ kern.ipc.nmbclusters=65536\r
+</PRE>\r
+\r
+<LI>Prepare related softwares<BR>\r
+<PRE>\r
+ Essential: Apache, ipfw\r
+ Optional: NATD, DHCP, SSL, Perl etc\r
+</PRE>\r
+ * Check the installation carefully and be familiar with these softwares. \r
+Debugging is confused, if these softwares are incomplete.\r
+<P>\r
+\r
+<LI>Setup related softwares\r
+\r
+<UL>\r
+<LI>Modify /etc/rc.conf\r
+<PRE>\r
+gateway_enable="YES" <==If NATD is not used\r
+firewall_enable="YES"\r
+firewall_type="simple"\r
+natd_enable="YES" <==If NATD is used\r
+natd_interface="fxp0" <== ", the name must be matched to your interface.\r
+</PRE>\r
+\r
+<LI>Modify /etc/rc.firewall\r
+<BR>\r
+The file /etc/rc.firewall is the default firewall script.\r
+The script file can be changed as [firewall_script="/etc/xxxx"] in rc.conf.\r
+<BR>\r
+When [firewall_type="simple"], the firewall rules matched to [simple] is loaded. \r
+<P>\r
+\r
+Example description in /etc/rc.firewall.<BR> \r
+Be care that rules matched to [simple] are distributed in the file.\r
+Check the real setting by the command [ipfw list].\r
+The sample setting is not the ideal. \r
+Refer to the default rc.firewall and edit it properly.\r
+<PRE>\r
+[Ss][Ii][Mm][Pp][Ll][Ee])\r
+ # set these to your outside interface network and netmask and ip\r
+ oif="fxp0"\r
+ onet="133.49.20.0"\r
+ omask="255.255.252.0"\r
+ oip="133.49.22.5"\r
+\r
+ # set these to your inside interface network and netmask and ip\r
+ iif="fxp1"\r
+ inet="192.168.0.0"\r
+ imask="255.255.255.0"\r
+ iip="192.168.0.1"\r
+\r
+ # divert packet to NATD ################################\r
+ $fwcmd add 1 divert natd ip from any to any via ${oif}\r
+\r
+ # Stop spoofing\r
+ $fwcmd add deny all from ${inet}:${imask} to any in via ${oif}\r
+ $fwcmd add deny all from ${onet}:${omask} to any in via ${iif}\r
+\r
+ # Allow from / to myself\r
+ $fwcmd add pass all from ${iip} to any via ${iif}\r
+ $fwcmd add pass all from ${oip} to any via ${oif}\r
+ $fwcmd add pass all from any to ${iip} via ${iif}\r
+ $fwcmd add pass all from any to ${oip} via ${oif}\r
+\r
+ # Allow DNS queries out in the world \r
+ # (if DNS is on localhost, delete passDNS)\r
+ $fwcmd add pass udp from any 53 to any\r
+ $fwcmd add pass udp from any to any 53\r
+\r
+ # Forwarding http connection from unauth client ###############\r
+ $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any http\r
+\r
+ # Allow TCP through if setup succeeded ########################\r
+ $fwcmd add 60100 pass tcp from any to any established\r
+ </PRE>\r
+\r
+Caution\r
+<BR>\r
+Rule number for [forward] Command must be larger than the rule numbers used \r
+in opengate(10000-40000).\r
+<BR>\r
+Rule number for [divert to natd] must be smaller than most rules.\r
+<P>\r
+The file [conf/opengatefw.conf] is the script describing the above rules.\r
+You can edit and use this script instead of rc.firewall. \r
+<P>\r
+<LI>Check the action of ipfw<BR>\r
+\r
+Check the firewall state by the command "ipfw list".<BR>\r
+By using ipfw command, add / delete the pass rules for a client(xx.xx.xx.xx) and check the network open / close for the client. \r
+\r
+<PRE>\r
+ ipfw add 10000 allow ip from xx.xx.xx.xx to any <===Open outgoing\r
+ ipfw add 10000 allow ip from any to xx.xx.xx.xx <===Open incoming\r
+\r
+ ipfw del 10000 <===Close\r
+</PRE>\r
+Be falimiar with ipfw command. \r
+Opengate is a software to send out the ipfw command like above one.\r
+<P>\r
+<LI>Modify /usr/local/etc/apache/httpd.conf\r
+<P>\r
+Web access control\r
+<PRE>\r
+order deny,allow\r
+deny from all\r
+allow from 133.49.0.0/255.255.0.0 (Example, need to change address)\r
+allow from 192.168.0.0/255.255.0.0\r
+</PRE>\r
+\r
+CGI enable\r
+<PRE>\r
+#ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"\r
+|\r
+V\r
+ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"\r
+</PRE>\r
+\r
+Jump to Top at Page NotFound\r
+<PRE>\r
+#ErrorDocument 404 /missing.html\r
+|\r
+V\r
+ErrorDocument 404 /index.html\r
+</PRE>\r
+\r
+<LI>Modify /etc/syslog.conf to add opengate.log\r
+\r
+<PRE>\r
+local1.* /var/log/opengate.log\r
+ --Separated by TAB key\r
+</PRE>\r
+\r
+<LI>Make log file.\r
+<PRE>\r
+touch /var/log/opengate.log\r
+</PRE>\r
+</UL>\r
+\r
+<LI>Expand the archive file: opengatexxx.tar.gz<BR>\r
+<PRE>\r
+ tar zxvf opengatexxx.tar.gz\r
+ (where xxx is the version. Use latest one) \r
+</PRE>\r
+Then, the following directorys are created. Check the files.\r
+Change the setting if you want(Most setting can be modified after installation).\r
+<PRE>\r
+ doc: Documentations\r
+ conf: configuration file sample, firewall control perl script sample\r
+ javahtml: Client Java Programs and HTML files.\r
+ opengatesrv: Server CGI program\r
+</PRE>\r
+\r
+<LI>Java setup: compile javahtml/Opengate.java, if jar file is not found.\r
+<PRE>\r
+ javac Opengate.java\r
+ jar cvf Opengate.jar *.class\r
+</PRE>\r
+<LI>Make Opengateserver\r
+ <PRE>\r
+ cd opengatesrv : Move to opengatesrv directory\r
+ edit Makefile : Modify Makefile (parameters are described below)\r
+ **HOSTADDR must be changed to IP address of your \r
+ machine's client side interface.**\r
+ edit opengatesrv.h : Modify header file(parameters are described below)\r
+ make : Compile\r
+ su : Change to Root\r
+ make install : Install\r
+ </PRE>\r
+<LI>Modify /etc/opengatesrv.conf\r
+\r
+Authentication server is indexed by opengatesrv.conf. \r
+The format is one of the following. Multiple servers can be set.\r
+("[..]" means optional, "|" means OR.)\r
+\r
+<PRE>\r
+ID:address=hostname|hostaddr:[port=portno:]protocol=ftp|pop3|pop3s:\r
+ID:protocol=radius:[conffile=filepath:]\r
+ID:protocol=pam:[servicename=name:]\r
+</PRE>\r
+where each term indicates following.\r
+\r
+<PRE>\r
+ID:Identification keyword for the authentication server.\r
+address: IP address(or domain name) of the authentication server.\r
+protocol: protocol for authentication, \r
+ At present, ftp,pop3,pop3s,radius,pam are available.\r
+port: port number for authentication. If ignored, follows to /etc/services.\r
+conffile: path to config file at RADIUS. default is "/etc/radius.conf".\r
+servicename: service name at PAM. default is "opengate". \r
+</PRE>\r
+Examples of opengatesrv.conf\r
+<P>\r
+*This is a simple example. \r
+<BR>\r
+In this case, the user is checked by FTP accessing to the address xx.xx.xx.xx.\r
+At first, check the basic installation by the setting like this.\r
+<PRE>\r
+ default:tc=as\r
+ as:address=xx.xx.xx.xx:protocol=ftp:\r
+ (FTP access to address xx.xx.xx.xx must be checked in advance)\r
+</PRE>\r
+\r
+\r
+*Following example sets four authentication servers. <BR>\r
+If the user entered as [userID] in userID field, authentication is turned to [default(=cs)] server. \r
+If entered as [userID@cc], authentication turned to [cc] server.\r
+If entered as [userID@pam], authentication turned to [pam] server.\r
+If entered as [userID@rad], authentication turned to [rad] server.\r
+\r
+<PRE>\r
+ default:tc=cs\r
+ cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3:\r
+ cc:address=himiko.cc.saga-u.ac.jp:protocol=ftp:port=21:\r
+ pam:protocol=pam:\r
+ rad:protocol=radius:\r
+</PRE>\r
+*If protocol=pam is defined, you must setup [/etc/pam.conf] or [/etc/pam.d/opengate].\r
+Opengate checks auth and account.\r
+<BR>\r
+Following is an example setting in /etc/pam.conf. \r
+<PRE>\r
+opengate auth required pam_radius.so \r
+opengate account required pam_permit.so\r
+</PRE>\r
+Following is an example of /etc/pam.d/opengate \r
+<PRE>\r
+auth required pam_radius.so \r
+account required pam_permit.so\r
+</PRE>\r
+<P>\r
+*If protocol=radius is defined, you must setup [/etc/radius.conf]. \r
+Following is an example of radius.conf. \r
+\r
+<PRE>\r
+auth radius1.foo.bar "password1" 5 6\r
+auth radius2.foo.bar "password2" 5 6\r
+</PRE>\r
+\r
+<LI>Opengate action check<BR>\r
+1)Access to some external URL from client web browser.<BR>\r
+2)If authentication page is displayed, \r
+enter userid and password registered in auth server.<BR>\r
+3)If accept page is displayed, access external URL.<BR>\r
+4)If the external page is displayed, terminate the browser.<BR>\r
+5)Reload browser and access to external URL.<BR>\r
+6)If the authentication page is displayed, you complete the basic installation.<BR>\r
+\r
+Errors <BR>\r
+At 2) Try to access the Opengate server URL. \r
+If success, check ipfw fwd rule. \r
+If not, check www/data directory setting.<BR>\r
+At 3) Try authentication server access(eg. ftp xx.xx.xx.xx) from command line.\r
+If success, check opengatesrv.conf.\r
+If not, check access control and user registration in auth server.<BR>\r
+At 4)Check firewall setting with ipfw command.<BR>\r
+At 6)Try other URLs. \r
+If success, the first page is loaded from browser's cache.\r
+If not, check the firewall setting.<BR>\r
+*More debuging documentation exists in other file.\r
+<P>\r
+<LI>Html setup: change javahtml/++/*.html, if you want to modify message.\r
+ Html documents are prepared for each languages (eg; ja en)\r
+ <PRE>\r
+ topindex.html : first html which describe the auto-jump to Authentication page.\r
+ index.html : Authentication page\r
+ deny.html : page sent at authentication denyed.\r
+ accept.html,accept2.html : pages sent at authntication accepted.\r
+ Don't remove mark "**OpengateAppletHere**", where\r
+ Java Applet description is inserted.\r
+ %%HOSTADDR%% is replaced with address at installation.\r
+ %%OPENGATEDIR%% is replaced with install directory.\r
+ </PRE>\r
+<LI>Firewall control script\r
+<P>\r
+If USEFWSCRIPT=0, CGI execs ipfw command directly. In this case, the\r
+all packets from/to the authenticated client is allowed. If 1, perl\r
+script controls the ipfw command. By editting opengatefw.pl, flexible\r
+control can be done. Be care to maintain it simple for better\r
+performance and security. The script runs under exclusive mode. \r
+Insertion of time comsuming logics may result in less performance.\r
+<P>\r
+If you want to control firewall state with some user property in a\r
+database, edit the skeleton routine comm-userdb.c to send property to this script.\r
+<P>\r
+<LI>Parameteres in Makefile\r
+<BR>\r
+<PRE>\r
+HOSTADDR = IP address of gateway interfaced to client network.\r
+HTMLTOP1 = Web top directory \r
+HTMLTOP2 = Web top directort (for SSL)\r
+OPENGATEDIR = Opengate install directory (from Web top)\r
+CGIPATH = CGI directory\r
+CGIPROG = CGi program name\r
+CONFIGFILE = Configuration file name\r
+USEFWSCRIPT= Enable(1) or disable(0) Perl script to control firewall open\r
+FWSCRIPT = Firewall control Perl script name\r
+FWSCRIPTPATH = Perl script path\r
+LOCKFILE= Lock file for exclusive execution\r
+HTMLDOCS= HTML files listing\r
+DENYDOC = HTML file sent at denying\r
+ACCEPTDOC = HTML file sent at accepting\r
+HTMLLANGS= Languages of HTML files\r
+ARPPATH= Path to arp command\r
+IPFWPATH= Path to ipfw command\r
+</PRE>\r
+<P>\r
+<LI>Parameters in opengatesrv.h\r
+<BR>\r
+<PRE>\r
+ DEBUG : If set to 1, function call trace log is put out to syslog.\r
+\r
+ DURATIONDEFAULT : Default time duration to wait for Java Applet connect.(second)\r
+ If no connection in the duration, the network is closed. \r
+ The duration can be changed in auth page by the user.\r
+\r
+ DURATIONMAX : Maximum duration to wait for Java Applet connect. (second)\r
+ Under this value, the Applet waiting duration (= duration of\r
+ network open without Java Applet) can be specified by the user \r
+ on the authentication page.\r
+ If user specified duration is not agreeable, set it the same \r
+ value as DURATIONDEFAULT and remove the field in auth page.\r
+\r
+ ACTIVECHECKINTERVAL : Time interval of checking the terminal.(second)\r
+ In no java mode, check by MAC address and packet count for the\r
+ terminal's IP address.\r
+ In java mode, check by HELLO exchange and packet count.\r
+\r
+ COMMWAITTIMEOUT : Server waiting time for communication reply.(second)\r
+\r
+ NOREPLYMAX : Permitted count of no reply to HELLO. If the client does not \r
+ send back HELLO more than NOREPLYMAX times, then the network\r
+ is closed.\r
+\r
+ NOPACKETINTERVAL : If no packet is passed for this time interval, then \r
+ the network is closed.(second)\r
+\r
+ LOCKTIMEOUT : Maximum locking time for exclusive ipfw action.(second)\r
+\r
+ IPFWMIN : Minimum ipfw rule number used by opengate.\r
+ IPFWMAX : Maximum ipfw rule number used by opengate.\r
+ IPFWINTERVAL : Rule number interval used by opengate.\r
+ The maximum terminals/processes can be controled by these value.\r
+\r
+ PORTMIN : minimum port value used by opengate.\r
+ PORTMAX : maximum port value used by opengate.\r
+ Set unused port range.\r
+ \r
+ FACILITY : syslog facility\r
+\r
+ PAMSERVICENAME : default service name at PAM.\r
+ RADIUSCONF : default path to radius.conf.\r
+\r
+</PRE>\r
+</UL>\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<html LANG="jp">\r
+<head>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
+\r
+<title>Opengate INSTALL</title>\r
+</head>\r
+\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3> \83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</H3>\r
+\r
+<UL>\r
+<LI>\91O\92ñ\8fð\8c\8f\r
+\r
+<UL>\r
+<LI>\83Q\81[\83g\83E\83F\83C\83}\83V\83\93<BR>\r
+FreeBSD Ver4.x\82Ü\82½\82Í5.x\81AEtherBoard2\96\87\95t\r
+<P>\r
+<LI>\94F\8fØ\83T\81[\83o<BR>\r
+\8e\9f\82Ì\82à\82Ì\82É\91Î\89\9e\81B\r
+POP3\83T\81[\83o\81APOP3S\83T\81[\83o\81AFTP\83T\81[\83o\81ARADIUS\83T\81[\83o\81APAM\91Î\89\9e\95û\8e®\r
+\r
+<P>\r
+<LI>\83N\83\89\83C\83A\83\93\83g\91¤\83l\83b\83g\83\8f\81[\83N<BR>\r
+\83N\83\89\83C\83A\83\93\83g\82Æ\82Ì\8aÔ\82É\81AIP\83A\83h\83\8c\83X\82Ì\95Ï\8a·\82ð\8ds\82¤NAT\82âProxy\82È\82Ç\82ª\91¶\8dÝ\82µ\82È\82¢\82±\82Æ\81B\r
+</UL>\r
+<P>\r
+<LI>ipfw\95t\82«\82Ì\83J\81[\83l\83\8b\82ð\8dì\90¬\82·\82é\81B<BR>\r
+\r
+<PRE>\r
+cd /usr/src/sys/i386/conf\r
+cp GENERIC MYKERNEL\r
+edit MYKERNEL\r
+\81@\8e\9f\82Ì3\8ds\82ð\92Ç\89Á\82·\82é\81B\r
+ options IPFIREWALL\r
+ options IPFIREWALL_FORWARD\r
+ options IPDIVERT\r
+\r
+config MYKERNEL\r
+cd ../compile/MYKERNEL\r
+make depend\r
+make\r
+make install\r
+</PRE>\r
+\r
+<LI>\83l\83b\83g\83\8f\81[\83N\83`\83\85\81[\83j\83\93\83O\r
+<BR>\r
+\82±\82Ì\8d\80\82Í\91å\8bK\96Í\89^\97p\82Ì\82Æ\82«\82É\8eQ\8fÆ\82·\82é\8e\96\81B\r
+\r
+<PRE>\r
+kern.ipc.somaxconn\r
+ \81@\8eó\82¯\95t\82¯\82éTCP\90Ú\91±\82Ì\8dÅ\91å\92l\81idefault=128\81j\81B\97\98\97p\92[\96\96\96\88\82ÉTCP\90Ú\91±\82ª\88Û\8e\9d\82³\82ê\r
+ \82é\82Ì\82Å\81A\92[\96\96\90\94\82É\94ä\82×\82Ä\8f\\95ª\82É\91å\82«\82\82·\82é\95K\97v\82ª\82 \82é\81B\r
+\r
+kern.ipc.nmbclusters\r
+\81@mbuf\81i1cluster2KB\81j\82Ì\8dÅ\91å\90\94\81B\91\97\8eó\90M\83o\83b\83t\83@\83T\83C\83Y(default=32KB)x\90Ú\91±\90\94\r
+\81@\95ª\82ª\95K\97v\81B"netstat -m"\82Å\97\98\97p\8fó\8bµ\8am\94F\89Â\94\\81B\r
+</PRE>\r
+\r
+\82±\82ê\82ç\82Ì\90Ý\92è\95Ï\8dX\82Í\88È\89º\82Å\8ds\82¤\81B\88È\89º\82Ì\97á\82Å\82Ímbuf\97Ì\88æ\82Í128MB\82Æ\82È\82é\81B\95K\97v\82È\83\81\r
+\83\82\83\8a\97e\97Ê\82É\82à\92\8d\88Ó\82ð\82·\82é\82±\82Æ\81B\r
+<PRE>\r
+\81@/etc/sysctl.conf \82É\88È\89º\82ð\92Ç\89Á\r
+\81@\81@kern.ipc.somaxconn=4096\r
+\81@\81@kern.ipc.nmbclusters=65536\r
+</PRE>\r
+\r
+<LI>\8ae\8eí\83\\83t\83g\82Ì\83C\83\93\83X\83g\81[\83\8b\82Æ\93®\8dì\8am\94F\82ð\8ds\82¤\81B\r
+\r
+<PRE>\r
+ \95K\90{\81FApache\81Aipfw\r
+ \94C\88Ó\81FNATD\81ADHCP\81ASSL\81Aperl\82È\82Ç\r
+</PRE>\r
+\r
+ \81\96\92\8d\88Ó\90[\82\83C\83\93\83X\83g\81[\83\8b\82Ì\83`\83F\83b\83N\82ð\8ds\82¢\81A\8ae\83\\83t\83g\82Ì\93®\8dì\82É\8fK\8fn\82·\82é\82±\82Æ\81B\r
+\82±\82ê\82ç\82Ì\83\\83t\83g\82Ì\8b\93\93®\82ª\8f\\95ª\94c\88¬\82³\82ê\82Ä\82¢\82È\82¢\82Æ\8cã\82Ì\83f\83o\83b\83O\82ª\8bê\98J\82·\82é\81B\r
+<P>\r
+<LI>\8aÖ\98A\83\\83t\83g\83E\83F\83A\82Ì\90Ý\92è\r
+\r
+<UL>\r
+<LI>/etc/rc.conf\82É\88È\89º\82ð\92Ç\89Á\82·\82é\81B\r
+<PRE>\r
+gateway_enable="YES" <==NATD\97\98\97p\8e\9e\95s\97v\r
+firewall_enable="YES"\r
+firewall_type="simple"\r
+natd_enable="YES" <==NATD\97\98\97p\8e\9e\r
+natd_interface="fxp0" <==\81@\81h\81A\96¼\91O\82Í\83C\83\93\83^\81[\83t\83F\81[\83X\82É\8d\87\82í\82¹\82é\82±\82Æ\81B\r
+</PRE>\r
+\r
+<LI>/etc/rc.firewall\82ð\95Ò\8fW\82·\82é\81B\r
+<BR>\r
+/etc/rc.firewall\82Ídefault\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83X\83N\83\8a\83v\83g\82Å\82 \82é\81B\r
+\82±\82ê\82Írc.conf \82Å [firewall_script="/etc/xxxx"]\82Æ\82µ\82Ä\95Ï\8dX\89Â\94\\81B <BR>\r
+\82Ü\82½rc.conf \82Å [firewall_type="simple"]\82Æ\82È\82Á\82Ä\82¢\82ê\82Î\81A \r
+\83X\83N\83\8a\83v\83g\92\86\82Å [simple]\82É\83}\83b\83`\82·\82é\83\8b\81[\83\8b\82ª\90Ý\92è\82³\82ê\82é\81B \r
+<P>\r
+/etc/rc.firewall\90Ý\92è\97á<BR> rc.firewall\92\86\82Å[simple]\82É\83}\83b\83`\82·\82é\83\8b\81[\83\8b\82Í\81A\r
+\95ª\8eU\82µ\82Ä\91¶\8dÝ\82·\82é\81B\8eÀ\8dÛ\82Ì\90Ý\92è\82Í\81A\81uipfw list\81v\83R\83}\83\93\83h\82Å\8am\94F\82·\82é\82±\82Æ\81B\r
+\89º\82Ì\83T\83\93\83v\83\8b\82Í\97\9d\91z\93I\82È\90Ý\92è\82ð\8e¦\82µ\82½\82à\82Ì\82Å\82Í\82È\82¢\81B\95W\8f\80\82Ìrc.firewall\82ð\8eQ\r
+\8dl\82É\82µ\82Ä\93K\90Ø\82É\95Ò\8fW\82·\82é\82±\82Æ\81B\r
+\r
+<BR>\r
+<PRE>\r
+[Ss][Ii][Mm][Pp][Ll][Ee])\r
+ # set these to your outside interface network and netmask and ip\r
+ oif="fxp0"\r
+ onet="133.49.20.0"\r
+ omask="255.255.252.0"\r
+ oip="133.49.22.5"\r
+\r
+ # set these to your inside interface network and netmask and ip\r
+ iif="fxp1"\r
+ inet="192.168.0.0"\r
+ imask="255.255.255.0"\r
+ iip="192.168.0.1"\r
+\r
+ # divert packet to NATD ################################\r
+ $fwcmd add 1 divert natd ip from any to any via ${oif}\r
+\r
+ # Stop spoofing\r
+ $fwcmd add deny all from ${inet}:${imask} to any in via ${oif}\r
+ $fwcmd add deny all from ${onet}:${omask} to any in via ${iif}\r
+\r
+ # Allow from / to myself\r
+ $fwcmd add pass all from ${iip} to any via ${iif}\r
+ $fwcmd add pass all from ${oip} to any via ${oif}\r
+ $fwcmd add pass all from any to ${iip} via ${iif}\r
+ $fwcmd add pass all from any to ${oip} via ${oif}\r
+\r
+ # Allow DNS queries out in the world \r
+ # (if DNS is on localhost, delete pass DNS)\r
+ $fwcmd add pass udp from any 53 to any\r
+ $fwcmd add pass udp from any to any 53\r
+\r
+ # Forwarding http connection from unauth client ###############\r
+ $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any http\r
+ $fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any https\r
+\r
+ # Allow TCP through if setup succeeded ########################\r
+ $fwcmd add 60100 pass tcp from any to any established\r
+ </PRE>\r
+\r
+\90Ý\92è\8fã\82Ì\92\8d\88Ó\r
+<BR>\r
+opengate\82ª\91}\93ü\82·\82é\83\8b\81[\83\8b\94Ô\8d\86(10000\81`40000)\82æ\82è\8cã\82ë\82Éforward\96½\97ß\82ð\93ü\82ê\82é\81B\r
+Gate\82ª\8aJ\82¢\82½\8fê\8d\87\82É\82Í\81Aforward\82³\82¹\82È\82¢\82½\82ß\81B\r
+<BR>\r
+forward\96½\97ß\82Æ\8a±\8fÂ\82·\82é\96½\97ß\82Í\81A\97D\90æ\8f\87\88Ê\82É\92\8d\88Ó\82·\82é\81B\r
+\97á\82¦\82Îestablished\95t\82«\96½\97ß\82Í\81Aforward\96½\97ß\82Ì\8cã\82É\82µ\82È\82¢\82Æ\81A1\94Ô\96Ú\82Ì\83p\83P\83b\83g\r
+\82¾\82¯\82ªforward\82³\82ê\82é\82±\82Æ\82É\82È\82é\81B\r
+<BR>\r
+natd\82ð\8eg\82¤\82É\82Í\81A\8dÅ\8f\89\82Ì\83\8b\81[\83\8b\82Æ\82µ\82Änatd\82Ö\82ÌDIVERT\83\8b\81[\83\8b\82ð\93ü\82ê\82é\81B\r
+<P>\r
+\8fã\82Ì\90Ý\92è\82ð\94²\82«\82¾\82µ\82½Opengate\90ê\97p\82Ì\83X\83N\83\8a\83v\83g\82ðconf/opengatefw.conf\82É\r
+\97p\88Ó\82µ\82½\81B\82±\82ê\82ð\95Ò\8fW\82µ\82Ä\97\98\97p\82·\82é\82±\82Æ\82à\89Â\94\\82Å\82 \82é\81B\r
+<P>\r
+<LI>ipfw\82Ì\83`\83F\83b\83N\r
+\r
+\83t\83@\83C\83A\83E\83I\81[\83\8b\83\8b\81[\83\8b\82Í\81@"ipfw list"\82Å\83`\83F\83b\83N\82Å\82«\82é\81B\r
+ipfw\83R\83}\83\93\83h\82ð\8eg\82Á\82Ä\81A\82 \82é\92[\96\96(xx.xx.xx.xx)\82É\91Î\82·\82é\83\8b\81[\83\8b\82ð\92Ç\89Á\81A\8dí\8f\9c\82µ\82Ä\81A\r
+\82»\82Ì\82Æ\82«\82É\92[\96\96\82Ì\83l\83b\83g\83\8f\81[\83N\97\98\97p\82ª\8aJ\95ú\81A\95Â\8d½\82³\82ê\82é\82±\82Æ\82ð\8am\94F\82¹\82æ\81B\r
+\r
+<PRE>\r
+ ipfw add 10000 allow ip from xx.xx.xx.xx to any <===\94\90M\8aJ\95ú\r
+ ipfw add 10000 allow ip from any to xx.xx.xx.xx <===\8eó\90M\8aJ\95ú\r
+ \r
+ ipfw del 10000 <===\95Â\8d½\r
+</PRE>\r
+ipfw\83R\83}\83\93\83h\82É\82Í\8f\\95ª\82É\90¸\92Ê\82·\82é\82±\82Æ\81B\r
+Opengate\82Í\81A\8fã\8bL\82Ì\82æ\82¤\82È\83R\83}\83\93\83h\82Ì\94\8ds\82ð\8ds\82¤\83\\83t\83g\82Å\82 \82é\81B\r
+<P>\r
+<LI>/usr/local/etc/apache/httpd.conf\82Ì\95Ï\8dX\r
+<BR>\r
+Web\8aO\95\94\83A\83N\83Z\83X\90§\8cÀ\81i\8aÂ\8b«\82É\8d\87\82í\82¹\82Ä\93K\90Ø\82È\90§\8cÀ\82ð\8ds\82¤\82±\82Æ)\r
+<PRE>\r
+order deny,allow\r
+deny from all\r
+allow from 133.49.0.0/255.255.0.0 (Example\81F\83A\83h\83\8c\83X\82Í\95Ï\8dX\97v)\r
+allow from 192.168.0.0/255.255.0.0\r
+</PRE>\r
+\r
+CGI\89Ò\93\82ð\97L\8cø\82É\r
+<PRE>\r
+#ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"\r
+\81«\r
+ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"\r
+</PRE>\r
+\r
+FileNotFound\8e\9e\82Étop\83y\81[\83W\82Ö\r
+<PRE>\r
+#ErrorDocument 404 /missing.html\r
+\81«\r
+ErrorDocument 404 /index.html\r
+</PRE>\r
+\r
+<LI>/etc/syslog.conf\82ÖOpengate\83\8d\83O\82Ì\92Ç\89Á\r
+\r
+<PRE>\r
+local1.* /var/log/opengate.log\r
+ \81ª \82±\82±\82ÍTAB\82Å\8bæ\90Ø\82é\82±\82Æ\81B\r
+</PRE>\r
+\r
+<LI>\91Î\89\9e\82µ\82½\83\8d\83O\83t\83@\83C\83\8b\82ð\8dì\82é\81B\r
+<PRE>\r
+touch /var/log/opengate.log\r
+</PRE>\r
+</UL>\r
+<LI>opengatexxx.tar.gz\82ð\93K\93\96\82È\83f\83B\83\8c\83N\83g\83\8a\82Å\93W\8aJ\82·\82é\81B\r
+<PRE>\r
+ tar zxvf opengatexxx.tar.gz\r
+\81@\81ixxx\82Í\83o\81[\83W\83\87\83\93\82ð\8e¦\82·\81B\8dÅ\90V\82Ì\82à\82Ì\82ð\97\98\97p\82·\82é\82±\82Æ\81j\r
+</PRE>\r
+\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\8fo\97\88\82é\82Ì\82Å\81A\93à\97e\82ð\8am\94F\82·\82é\81B\r
+\82±\82±\82Å\90Ý\92è\82ð\95Ï\8dX\82·\82é\82±\82Æ\82à\82Å\82«\82é\82ª\83C\83\93\83X\83g\81[\83\8b\8cã\82Å\82à\97Ç\82¢\81B\r
+\r
+<PRE>\r
+ doc: \8ae\8eí\95¶\8f\91\r
+ conf: configuration file sample, firewall control perl script sample\r
+ javahtml: \83N\83\89\83C\83A\83\93\83g java\82Æhtml\83t\83@\83C\83\8b\r
+ opengatesrv: \83T\81[\83o CGI\83v\83\8d\83O\83\89\83\80\r
+</PRE>\r
+\r
+<LI>javahtml\82Ì\89º\82Éjar\83t\83@\83C\83\8b\82ª\82È\82¯\82ê\82Î\81AOpengate.java\82ð\83R\83\93\83p\83C\83\8b\82·\82é\81B\r
+<PRE>\r
+ javac Opengate.java\r
+ jar cvf Opengate.jar *.class\r
+</PRE>\r
+\r
+<LI>Opengate\83T\81[\83o\82ð\8dì\82é\81B\r
+ <PRE>\r
+ opengatesrv\82É\88Ú\93®\82·\82é\81B\r
+\81@\81@opengatesrv\89º\82ÌMakefile\82Æopengatesrv.h\82Ì\93à\97e\82ð\8am\94F\82µ\81A\r
+ \83f\83B\83\8c\83N\83g\83\8a,\83A\83h\83\8c\83X\90Ý\92è\93\99\82ð\90Ý\92u\8aÂ\8b«\82É\82 \82í\82¹\82Ä\95Ï\8dX\82·\82é\81i\8fÚ\8d×\82Í\89º\8bL\81j\81B\r
+ \81\96\81\96\82Æ\82\82ÉHOSTADDR\82Í\81A\83C\83\93\83X\83g\81[\83\8b\83}\83V\83\93\82Ì\92[\96\96\91¤\83C\83\93\83^\81[\83t\83F\81[\83X\82É\r
+ \8d\87\82í\82¹\82é\82±\82Æ\82ð\96Y\82ê\82È\82¢\82±\82Æ\81B\81\96\81\96\r
+ make\81@\83R\83\93\83p\83C\83\8b\82·\82é\81B\r
+\81@\81@su\81@\81@\83\8b\81[\83g\82É\82È\82é\81B\r
+\81@\81@make install\81@\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B\r
+ </PRE>\r
+\r
+<LI>\94F\8fØ\83T\81[\83o\82Ì\90Ý\92è<BR>\r
+\94F\8fØ\83T\81[\83o\82Í\81Aopengatesrv.conf\82É\82Ä\90Ý\92è\82·\82é\81B\83t\83H\81[\83}\83b\83g\82Í\88È\89º\82Ì\82¢\82¸\82ê\82©\82Ì\8c`\8e®\81B\r
+\95¡\90\94\8ds\82ð\8ew\92è\82·\82é\82±\82Æ\82à\89Â\94\\81B\81i"[..]"\82Í\8fÈ\97ª\89Â\94\\81A"|"\82ÍOR\82ð\88Ó\96¡\82·\82é\81j\r
+<PRE>\r
+ID:address=hostname|hostaddr:[port=portno:]protocol=ftp|pop3|pop3s:\r
+ID:protocol=radius:[conffile=filepath:]\r
+ID:protocol=pam:[servicename=name:]\r
+</PRE>\r
+\8ae\8d\80\96Ú\82Í\88È\89º\82ð\88Ó\96¡\82·\82é\81B\r
+\r
+<PRE>\r
+ID\81F\94F\8fØ\83T\81[\83o\82Ì\8e¯\95Ê\8eq\81B\94C\88Ó\92·\95¶\8e\9a\97ñ\82Å\82·\82ª\97\98\95Ö\90«\82ð\8dl\82¦\82é\82Æ\81A1\81`3\95¶\8e\9a\92ö\93x\82ª\93K\93\96\82¾\82ë\82¤\81B\r
+address: \94F\8fØ\83T\81[\83o\82ÌIPaddress\82Ü\82½\82Í\83h\83\81\83C\83\93\96¼\81B\96¼\91O\89ð\8c\88\82ª\82Å\82«\82È\82¢\82Æ\82«\82Í\81A\r
+ IPaddress\82Å\8e\8e\82·\82±\82Æ\81B\r
+port: \94F\8fØ\83\8a\83N\83G\83X\83g\82ð\91\97\82é\90æ\82Ì\83|\81[\83g\94Ô\8d\86\81B\8fÈ\97ª\8e\9e\82Í/etc/services\93o\98^\83|\81[\83g\94Ô\8d\86\81B\r
+protocol: \94F\8fØ\82É\97p\82¢\82é\83v\83\8d\83g\83R\83\8b\81B\r
+ \8c»\8dÝ\81Apop3,ftp,pop3s,pam,radius\82ð\83T\83|\81[\83g\81B\r
+conffile:RADIUS\8e\9e\82É\90Ý\92èfile \82Ì\83p\83X\82ð\8ew\92è\81B\r
+ \8fÈ\97ª\82·\82é\82Æ\81u/etc/radius.conf\81v\81B\r
+servicename:PAM\8e\9e\82Éservicename\82ð\8ew\92è\81B/etc/pam.conf\82É\82¨\82¯\82é\8e¯\95Ê\8eq\82Å\82 \82é\81B\r
+ \8fÈ\97ª\82·\82é\82Æ\81uopengate\81v\81B\r
+</PRE>\r
+\r
+\88È\89º\82Íopengatesrv.conf\82Ì\97á\81B\r
+<P>\r
+\81\96\82±\82Ì\97á\82Å\82Í\81A\83A\83h\83\8c\83Xxx.xx.xx.xx\82Ö\82Ìftp\82ª\89Â\94\\82©\94Û\82©\82Å\94F\8fØ\82ð\8ds\82¤\81B\8dÅ\8f\89\82Í\81A\82±\82Ì\82æ\82¤\82È\r
+\92P\8f\83\82È\90Ý\92è\82ÅOpengate\82Ì\93®\8dì\82ð\8am\94F\82·\82é\82±\82Æ\81B\r
+<PRE>\r
+default:tc=as\r
+as:address=xx.xx.xx.xx:protocol=ftp:\r
+\81@\81i\83A\83h\83\8c\83Xxx.xx.xx.xx\82Ö\82ÌFTP\83A\83N\83Z\83X\82ð\91O\82à\82Á\82Ä\8am\94F\82Ì\82±\82Æ\81j\r
+</PRE>\r
+\r
+<P>\r
+\81\96\82±\82Ì\97á\82Å\82Í\81A4\82Â\82Ì\94F\8fØ\83T\81[\83o\82ª\90Ý\92è\82³\82ê\82Ä\82¨\82è\81A\r
+cs\82ðdefault\82Æ\82µ\82Ä\82¢\82é\81B\r
+\97\98\97p\8eÒ\82ª\83\86\81[\83UID\82Ì\83t\83B\81[\83\8b\83h\82É[userID]\82Ì\82Ý\82ð\93ü\97Í\82·\82é\82Ædefault\82Ì\81ucs\81v\83T\81[\83o\82É\94F\8fØ\82É\8ds\82\81B\r
+[userID@cc]\82Ì\8c`\8e®\82Å\93ü\97Í\82·\82é\82Æ\81A\81ucc\81v\82Å\8ew\92è\82³\82ê\82½\94F\8fØ\83T\81[\83o\82Ö\94F\8fØ\82ð\89ñ\82·\81B[userID@pam] \82Æ\93ü\82ê\82é\82Æ\81upam\81v\8ew\92è\83T\81[\83o\82Ö\81A[userID@rad]\82Æ\93ü\82ê\82é\82Æ\81urad\81v\8ew\92è\82Ì\83T\81[\83o\82Ö\89ñ\82·\81B\r
+\r
+<PRE>\r
+default:tc=cs\r
+cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3:\r
+cc:address=himiko.cc.saga-u.ac.jp:protocol=ftp:port=21:\r
+pam:protocol=pam:\r
+rad:protocol=radius:\r
+</PRE>\r
+\81\96protocol=pam\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\82Æ\82«\82Í\81A/etc/pam.conf\82Ü\82½\82Í/etc/pam.d/opengate\r
+\82ð\90Ý\92è\82·\82é\95K\97v\82ª\82 \82é\81B\r
+opengate\82Íauth\82Æaccount\82Ì\83`\83F\83b\83N\82ð\8ds\82¤\81B\r
+account\82ð\97\98\97p\82µ\82È\82¢\8e\9e\82Í\81Apermit\82ð\8ew\92è\82·\82é\82±\82Æ\81B\r
+<BR>\r
+\88È\89º\82Í\81A/etc/pam.conf\82Ì\90Ý\92è\97á\r
+<PRE>\r
+opengate auth required pam_radius.so \r
+opengate account required pam_permit.so\r
+</PRE>\r
+\88È\89º\82Í\81A/etc/pam.d/opengate\82Ì\90Ý\92è\97á\r
+<PRE>\r
+auth required pam_radius.so \r
+account required pam_permit.so\r
+</PRE>\r
+<P>\r
+\81\96protocol=radius\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\82Æ\82«\82Í\81A/etc/radius.conf\82ð\90Ý\92è\82·\82é\95K\97v\82ª\82 \82é\81B\r
+\88È\89º\82Íradius.conf\82Ì\90Ý\92è\97á\81B\r
+\r
+<PRE>\r
+auth radius1.somewhere.com "password1" 5 6\r
+auth radius2.somewhere.com "password2" 5 6\r
+</PRE>\r
+\r
+<LI>Opengate\93®\8dì\83`\83F\83b\83N\r
+<P>\r
+1)\92[\96\96\82Ì\83u\83\89\83E\83U\82©\82ç\8aO\95\94URL\82Ö\83A\83N\83Z\83X\82·\82é<BR>\r
+2)\94F\8fØ\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82ç\81A\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82ð\93ü\97Í\82·\82é\81B<BR>\r
+3)\8b\96\89Â\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82ç\81A\8aO\95\94URL\82Ö\83A\83N\83Z\83X\82·\82é<BR>\r
+4)\8aO\95\94\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82ç\81A\83u\83\89\83E\83U\82ð\8fI\97¹\82·\82é\81B<BR>\r
+5)\8dÄ\93x\81A\83u\83\89\83E\83U\82ð\8bN\93®\82µ\82Ä\81A\8aO\95\94URL\82Ö\83A\83N\83Z\83X\82·\82é<BR>\r
+6)\94F\8fØ\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82ç\81A\8aî\96{\83C\83\93\83X\83g\81[\83\8b\82ª\8a®\97¹\81B<BR>\r
+\r
+\83G\83\89\81[<BR>\r
+At 2) Opengate\83T\81[\83o\82ÌURL\82ð\8ew\92è\82µ\82Ä\83A\83N\83Z\83X\82·\82é\81B\r
+\90¬\8c÷\82È\82çipfw fwd rule\82ð\8b^\82¤\81B\8e¸\94s\82È\82çwww/data\83f\83B\83\8c\83N\83g\83\8a\82Ì\90Ý\92è\82ð\8b^\82¤\81B<BR>\r
+At 3) \94F\8fØ\83T\81[\83o\83A\83N\83Z\83X\82ð\83R\83}\83\93\83h\83\89\83C\83\93\82Å\8e\8e\82·(eg. ftp xx.xx.xx.xx)\81B\r
+\90¬\8c÷\82È\82çopengatesrv.conf\82ð\8b^\82¤\81B\r
+\8e¸\94s\82È\82ç\81A\94F\8fØ\83T\81[\83o\82Ì\83A\83N\83Z\83X\90§\8cÀ\82â\83\86\81[\83U\93o\98^\82ð\8b^\82¤<BR>\r
+At 4)\83t\83@\83C\83A\83E\83I\81[\83\8b\90Ý\92è\82ð\8b^\82¤\81B<BR>\r
+At 6)\91¼\82Ì\90V\82µ\82¢\8aO\95\94URL\82ð\83A\83N\83Z\83X\82·\82é\81B\r
+\90¬\8c÷\82È\82ç\81A\83u\83\89\83E\83U\82Ì\83L\83\83\83b\83V\83\85\8cø\89Ê\82Å\82 \82é\81B\r
+\8e¸\94s\82È\82ç\81A\83t\83@\83C\83A\83E\83I\81[\83\8b\90Ý\92è\82ðipfw\82Å\83`\83F\83b\83N\82·\82é<BR>\r
+*\82æ\82è\8fÚ\8d×\82È\83f\83o\83b\83O\8bL\8fq\82ð\95Ê\83t\83@\83C\83\8b\82É\97p\88Ó\82µ\82½\81B\r
+<P>\r
+\r
+<LI>javahtml\89º\82Ìhtml\83h\83L\83\85\83\81\83\93\83g\82ð\95K\97v\82É\89\9e\82¶\82Ä\95Ï\8dX\82·\82é\81B\r
+ <PRE>\r
+ \8c¾\8cê\96\88\82É\83f\83B\83\8c\83N\83g\83\8a\82ª\82 \82é(en(english),ja(japanese)\82È\82Ç)\r
+ \82»\82Ì\92\86\82ÌHTML\82ð\95Ï\8dX\81B\r
+\81@\81@topindex.html\81i\8dÅ\8f\89\82É\91\97\82ç\82ê\82é\89æ\96Ê\81B\94F\8fØ\93ü\97Í\82Ö\8e©\93®JUMP)\r
+\81@\81@index.html\81i\94F\8fØ\93ü\97Í\89æ\96Ê\81j\r
+\81@\81@deny.html\81i\94F\8fØ\8b\91\94Û\8e\9e\82Ì\89æ\96Ê\81j\r
+\81@\81@accept.html,accept2.html\81i\94F\8fØ\8b\96\89Â\8e\9e\82Ì\89æ\96Ê\81j\r
+ \82±\82ê\82ç\82Í\81A\95K\97v\82É\89\9e\82¶\82Ä\93à\97e\82Ì\95Ï\8dX\82ð\8ds\82¤\82±\82Æ\81B\r
+ accept.html\92\86\82Ì"**OpengateAppletHere**"\82Í\8dí\8f\9c\82µ\82Ä\82Í\82È\82ç\82È\82¢\81B\r
+ \82±\82±\82ÉJavaApplet\82ª\91}\93ü\82³\82ê\82é\81B\r
+ \82Ü\82½%%HOSTADDR%%\82Í\81A\83C\83\93\83X\83g\81[\83\8b\8e\9e\82É\83A\83h\83\8c\83X\82É\92u\82«\8a·\82¦\82ç\82ê\82é\81B\r
+ %%OPENGATEDIR%%\82Í\81A\83C\83\93\83X\83g\81[\83\8b\83f\83B\83\8c\83N\83g\83\8a\82É\92u\82«\8a·\82¦\82ç\82ê\82é\81B\r
+ </PRE>\r
+\r
+<LI>Firewall\90§\8cä\83X\83N\83\8a\83v\83g\r
+<P>\r
+\r
+Makefile\82É\82¨\82¢\82ÄUSEFWSCRIPT\82ª0\82Å\82 \82ê\82Î\81ACGI\82ª\92¼\90Ú\82Éipfw\83R\83}\83\93\83h\82ð\94\8ds\r
+\82·\82é\81B\82±\82Ì\82Æ\82«\82Í\81A\8b\96\89Â\8cã\82Í\91S\82Ä\82Ì\8fo\93ü\82è\83p\83P\83b\83g\82ª\92Ê\89ß\89Â\94\\82Æ\82È\82é\81B1\82Å\82 \r
+\82ê\82Î\81Aperl\83X\83N\83\8a\83v\83g\82ð\8co\97R\82µ\82Äipfw\83R\83}\83\93\83h\82ð\94\8ds\82·\82é\81B\83t\83@\83C\83A\83E\83I\81[\83\8b\r
+\8aJ\95ú\97p\83X\83N\83\8a\83v\83gconf/opengatefw.pl\82ð\8f\91\82«\8a·\82¦\82é\8e\96\82É\82æ\82è\8ae\8eí\90§\8cä\82ª\89Â\94\\82Å\r
+\82 \82é\81B\82½\82¾\82µ\81A\83p\83t\83H\81[\83}\83\93\83X\82¨\82æ\82Ñ\83Z\83L\83\85\83\8a\83e\83B\82ð\95Û\82Â\82½\82ß\81A\89Â\94\\82È\8cÀ\82è\83V\r
+\83\93\83v\83\8b\82È\8d\\90¬\82Æ\82·\82é\8e\96\81B\82±\82Ì\83X\83N\83\8a\83v\83g\82Í\94r\91¼\90§\8cä\89º\82Å\93®\82¢\82Ä\82¢\82é\81B\8e\9e\8aÔ\82Ì\82©\r
+\82©\82é\8f\88\97\9d\82ð\93ü\82ê\82é\82Æ\83p\83t\83H\81[\83}\83\93\83X\82É\91å\82«\82\89e\8b¿\82·\82é\81B\r
+<P>\r
+\97\98\97p\8eÒ\83f\81[\83^\83x\81[\83X\82ð\97\98\97p\82µ\82Ä\83t\83@\83C\83A\83E\83H\81[\83\8b\8aJ\95ú\82Ì\92ö\93x\82ð\8c\88\92è\82µ\82½\82¢\8fê\8d\87\81A\r
+\82±\82ÌSCRIPT\82Å\8ds\82¤\8e\96\82à\89Â\94\\82Å\82 \82é\82ª\81A\95Ê\93r\97p\88Ó\82µ\82½comm-userdb.c\82Åproperty\82ð\r
+\90Ý\92è\82µ\82Ä\82±\82ÌSCRIPT\82É\91\97\82é\95û\82ª\81A\83p\83t\83H\81[\83}\83\93\83X\8fã\82©\82ç\96]\82Ü\82µ\82¢\81B\r
+\r
+<P>\r
+<LI>Makefile\90Ý\92è\r
+<P>\r
+\95K\97v\82É\89\9e\82¶\82ÄMakefile\82É\82Ä\88È\89º\82Ì\8d\80\96Ú\82ª\90Ý\92è\89Â\94\\81B\r
+<PRE>\r
+HOSTADDR = \83Q\81[\83g\83E\83F\83C\82Ì\83N\83\89\83C\83A\83\93\83g\91¤IP\83A\83h\83\8c\83X\r
+HTMLTOP1 = HTML\83t\83@\83C\83\8b\82ð\92u\82\83f\83B\83\8c\83N\83g\83\8a\82Ì\83g\83b\83v\r
+HTMLTOP2 = HTML\83t\83@\83C\83\8b\82ð\92u\82\83f\83B\83\8c\83N\83g\83\8a\82Ì\83g\83b\83v(SSL\91¤)\r
+OPENGATEDIR = Opengate\8aÖ\98A\83t\83@\83C\83\8b\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\83f\83B\83\8c\83N\83g\83\8a\81AWeb\83g\83b\83v\91\8a\91Î\r
+CGIPATH = CGI\82ð\92u\82\83f\83B\83\8c\83N\83g\83\8a\r
+CGIPROG = CGI\83v\83\8d\83O\83\89\83\80\96¼\r
+CONFIGFILE = \90Ý\92è\83t\83@\83C\83\8b\96¼\r
+USEFWSCRIPT= Perl\83X\83N\83\8a\83v\83g\90§\8cä\82©\94Û\82©\r
+FWSCRIPT = Perl\83X\83N\83\8a\83v\83g\96¼\r
+FWSCRIPTPATH = Perl\83X\83N\83\8a\83v\83g\83p\83X\r
+LOCKFILE= \83\8d\83b\83N\83t\83@\83C\83\8b\96¼\r
+HTMLDOCS= HTML\83t\83@\83C\83\8b\88ê\97\97\r
+DENYDOC = \8b\91\94Û\8e\9e\82ÌHTML\83t\83@\83C\83\8b\r
+ACCEPTDOC = \8b\96\89Â\8e\9e\82ÌHTML\83t\83@\83C\83\8b\r
+HTMLLANGS= HTML\83t\83@\83C\83\8b\82Æ\82µ\82Ä\8f\80\94õ\82µ\82½\8c¾\8cê\88ê\97\97\81A\8dÅ\8f\89\82ªdefault\r
+ARPPATH= arp\83R\83}\83\93\83h\82Ì\83p\83X\r
+IPFWPATH= ipfw\83R\83}\83\93\83h\82Ì\83p\83X\r
+</PRE>\r
+\r
+<P>\r
+<LI>opengatesrv.h\90Ý\92è\r
+<BR>\r
+\95K\97v\82É\89\9e\82¶\82Ä\83w\83b\83_\81[\83t\83@\83C\83\8b\82É\82Ä\88È\89º\82Ì\8d\80\96Ú\82ª\90Ý\92è\89Â\94\\81B\r
+<PRE>\r
+ DEBUG :\81@\81@\81@\81@\81@\81@ \81@\82P\82É\90Ý\92è\82·\82é\82Æ\83f\83o\83b\83O\83\81\83b\83Z\81[\83W\82ð\83\8d\83O\82É\8fo\97Í\r
+\81@\81@\81@\81@\81@\81@\81@\81@\81@\81@ \81@\8aÖ\90\94\8aÔ\82Ì\8cÄ\82Ñ\8fo\82µ\82Æ\82»\82Ì\8e\9e\82Ì\88ø\90\94\92l\82ª\8fo\82é\81B\r
+\r
+ DURATIONDEFAULT : java\82ð\91\97\82Á\82Ä\82©\82ç\90Ú\91±\82µ\82Ä\82\82é\82Ü\82Å\82Ì\91Ò\82¿\8e\9e\8aÔ(\95b)\r
+ default\92l\81B\89\9e\93\9a\82ª\82È\82¢\82Æ\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82·\82é\81B\r
+ \91Ò\82¿\8e\9e\8aÔ\82Í\94F\8fØ\83y\81[\83W\82Å\95Ï\8dX\89Â\94\\81B\r
+\r
+ DURATIONMAX \81F java\82ª\90Ú\91±\82µ\82Ä\97\88\82È\82¢\8e\9e\82É\82Í\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82Å\r
+ \8ew\92è\82µ\82½\97\98\97p\8cp\91±\8e\9e\8aÔ\82Ì\8aÔ\82ð\97\98\97p\89Â\94\\82Æ\82·\82é\81B\r
+ DURATIONMAX\82Í\8ew\92è\89Â\94\\82È\8dÅ\91å\92l(\95b) \r
+ \97\98\97p\8eÒ\82É\82æ\82é\8ew\92è\82ª\95s\97v\82Å\82 \82ê\82Î\81ADURATIONDEFAULT\82Æ\93¯\88ê\92l\82É\82µ\82Ä\81A\r
+ \94F\8fØ\83y\81[\83W\82©\82ç\93ü\97Í\97\93\82ð\8dí\82é\82±\82Æ\81B\r
+\r
+ ACTIVECHECKINTERVAL : \92[\96\96\82Ì\90¶\91¶\8am\94F\82Ì\82½\82ß\82Ì\83`\83F\83b\83N\8aÔ\8au(\95b)\r
+ java\96³\82µ\82Ì\82Æ\82«\82Í\81A\91Î\89\9eIP\83A\83h\83\8c\83X\82É\91Î\82·\82éMAC\83A\83h\83\8c\83X\r
+ \82¨\82æ\82Ñ\83Q\81[\83g\83E\83F\83C\92Ê\89ß\82ÌPacket\90\94\82Å\83`\83F\83b\83N\81B\r
+ java\97L\82è\82Ì\82Æ\82«\82Í\81Ajava\82Æ\82ÌHELLO\8cð\8a·\82¨\82æ\82Ñ\83Q\81[\83g\83E\83F\83C\r
+ \92Ê\89ß\82ÌPacket\90\94\82Å\83`\83F\83b\83N\81B\r
+\r
+ COMMWAITTIMEOUT :\81@ \81@\92Ê\90M\95Ô\93\9a\82Ü\82Å\82Ì\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ(\95b)\r
+\r
+ NOREPLYMAX : \8fã\8bL\81A\83\81\83b\83Z\81[\83W\8cð\8a·\82Å\82Ì\96³\95Ô\93\9a\82ð\8b\96\82·\89ñ\90\94\r
+\r
+ NOPACKETINTERVAL :\81@\81@\95ú\92u\82Æ\94»\92f\82·\82é\92Ê\90M\83p\83P\83b\83g\92Ê\89ß\96³\82µ\8e\9e\8aÔ(\95b)\81i\82½\82¾\82µ\81A\82±\82Ì\r
+\81@\81@\81@\81@\81@\81@\81@\81@\81@\81@\81@ \83`\83F\83b\83N\82Í\81AACTIVECHECKINTERVAL\82²\82Æ\82É\8ds\82¤\82Ì\82Å\81A\r
+\81@\81@\81@\81@\81@\81@\81@\81@\81@\81@\81@ \8eÀ\8dÛ\82Í\90Ø\82è\8fã\82°\82ÄACTIVECHECKINTERVAL\82Ì\90®\90\94\94{\82Æ\82È\82é\81j\r
+\r
+ LOCKTIMEOUT :\81@\81@\81@\81@ ipfw\82Ì\94r\91¼\90§\8cä\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ\81B\r
+\r
+ IPFWMIN : \81@\81@\81@\81@\81@\81@Opengate\82Ì\97\98\97p\82·\82éipfw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\r
+ IPFWMAX :\81@\81@\81@\81@\81@\81@ \8dÅ\8f¬IPFWMIN\82©\82ç\8dÅ\91åIPFWMAX\82Ü\82Å\8aÔ\8auIPFWINTERVAL\r
+ IPFWINTERVAL : \82²\82Æ\82É\97\98\97p\82·\82é\81B\82±\82ê\82ð\8eg\82¢\82«\82é\82Æ\82»\82ê\88È\8fã\93o\98^\82µ\82È\82¢\81B\r
+ \81@\81@\81@\81@\81@\81@\81@\81@\81@\81@ \82æ\82Á\82Ä\81A\83N\83\89\83C\83A\83\93\83g\90\94\90§\8cÀ\82É\97\98\97p\89Â\94\\81B\r
+\r
+ PORTMIN :\81@\81@\81@\81@\81@\81@ Opengate\83T\81[\83o\82Ì\97\98\97p\82·\82é\83|\81[\83g\94Ô\8d\86\82Ì\94Í\88Í\81i\8dÅ\8f¬\92l\81|\8dÅ\91å\92l\81j\r
+ PORTMAX :\81@\81@\81@\81@\81@ \81@\91¼\82Ì\97p\93r\82Å\97\98\97p\82µ\82È\82¢\94Í\88Í\82ð\8ew\92è\81B\93¯\8e\9e\97\98\97p\92[\96\96\90\94\88È\8fã\95K\97v\81B\r
+\r
+ FACILITY :\81@\81@\81@\81@\81@\81@syslog\82Ì\8fo\97Í\90æ\r
+</PRE>\r
+</UL>\r
+\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<HTML>
+<head>
+<title>Flow of Opengate</title>
+</head>
+
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Flow of Opengate</H3>
+
+Following is the flow of the Opengate system.
+
+<OL>
+
+<LI>
+An user on the client machine accesses to some URL such as
+ [eg., http://www.some.site/ or http://www.some.site/some/path]
+
+<LI>
+Ipfw in gateway checks the packet passing though the gateway. For
+packets from closed client, the forward rule as [ipfw add 60000 fwd
+localhost tcp from 192.168.0.0/16 to any http] is applied.
+
+<LI>
+The web server in localhost(gateway) receives the packet as [GET / or
+/some/path]
+
+<LI>
+The /index.html file is returned in both cases, because the httpd.conf
+ is set as [ErrorDocument 404 /index.html]
+
+<LI>
+The browser receives /index.html. But the browser misunderstands
+that the reply is returned from www.some.site.
+
+<LI>
+To remove the misunderstanding, the /index.html jumps to full URL
+description of gateway as [META HTTP-EQUIV="Refresh" CONTENT="0;
+URL=http://192.168.0.1/opengate/en/index.html"]
+
+<LI>
+The returned page /opengate/en/index.html is the authentication request page.
+The browser understands the site of this page correctly.
+
+<LI>
+The user enters userid and password to this page, and clicks button to
+call Opengate CGI [FORM METHOD="POST"
+ACTION="/cgi-bin/opengate/opengatesrv.cgi"].
+
+<LI>
+The CGI starts and processes the following.
+
+<LI>
+CGI gets the userid[eg., user1 or user1@id1], password, IP
+address[eg., 192.168.0.111], and MAC address.
+
+<LI>
+CGI reads configuration file[opengatesrv.conf] and gets the
+information about the authentication server[default(if @xx is not
+entered) or id1].
+
+<LI>
+CGI sends userid[user1] and password to the authentication server.
+
+<LI>
+After passing the authentication, CGI inserts firewall rule before the
+forward rule [ipfw add 10000 allow ip from 192.168.0.111 to any] and
+[ipfw add 10000 allow ip from any to 192.168.0.111]. The rules
+indicate the pass of packet to/from the client. At the insertion, CGI
+searchs an unused rule number[eg., 10000] and uses. The perl script
+can be modified, if more flexible ipfw control is desired.
+
+<LI>
+CGI reports to syslog that the firewall is opened
+[Jun 16 19:14:11 ... OPEN: user user1 from 192.168.0.111...].
+
+<LI>
+CGI reads reply page file [accept.html], inserts specific information
+[userid, server address and port] and sends it to the client. The page
+describes the dowloading of java applet [applet
+code='Opengate.class'...] and the opening of second page
+[window.open("http://.../accept2.html")].
+
+<LI>
+CGI closes STDOUT to terminates the web server process.
+
+<LI>
+CGI waits for the java applet to connect.
+
+<LI>
+If no connection in DURATIONDEFAULT seconds, CGI removes the firewall rule
+{ipfw del 10000] and terminates. (If duration is entered in auth page, the time is extended to the time. To cope with hijacking and notting, periodical execution of arp command and firewall packet inquiry.)
+
+<LI>
+If connected, CGI watchs the TCP connection linking between gateway and client.
+ If the TCP connection is closed, CGI removes the firewall rule and terminates.
+
+<LI>
+CGI sends 'hello' to the client every ACTIVECHECKINTERVAL seconds.
+ If no reply in HELLOWAITTIMEOUT seconds, CGI removes the firewall rule and terminates.
+
+<LI>
+CGI gets number of passed packets for inserted rule from firewall
+[ipfw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet
+count does not increase in NOPACKETINTERVAL seconds, CGI removes the
+firewall rule and terminates.
+
+<LI>
+At termination, CGI reports to syslog the filewall close [Jun 16
+22:11:55 ... CLOS: user user1 from 192.168.0.111...].
+
+</OL>
+
+</BODY>
+</HTML>
+
+
+
+
--- /dev/null
+Authentication Protocol
+
+
+User--|--userTerminal--|------GatewayMachine -------------------|Authentication|
+ server
+
+ (WWWbrowser) (ipfw)
+ ------->|--------------------------------------------->|
+ AnyURL | connect (WWWserver) |
+ |<----------------------|<---------------------|
+ | WebPage | IP Forward :
+ | |
+ ---->| |
+userID | |
+ ---->| |
+passwd | |
+ ---->| |
+SendBtn |---------------------->| (CGI)
+ |<userID>,<passwd> |-------->| request (arp)
+ | |<userID> |--------->|
+ | |<passwd> |<---------|
+ | |<address>| reply
+ | | | (Auth server)
+ | | | AuthRequest :
+ | | |---------------------->|
+ | | |<----------------------|
+ | | | AuthReply :
+ | | | (ipfw)
+ | | | :
+ | | |------------->|
+ | | | add rule |
+ | | (fork) |
+ | | | | |
+ | | |(set timer) |
+ | | |(listen) |
+ |<----------------------|<--------| | |
+ | WebPage (include JavaApplet) # | |
+ | : | |
+ | (Applet) | |
+ |--->| <userID> | |
+ : |----------------------------->| |
+ |<-----------------------------| |
+ | "accept" | |
+ | | |
+ | "hello" | request log|
+ Network |<---------------------------- |----------->| (Periodic Check)
+ Use |----------------------------->|<-----------|
+ | "hello" | log list |
+ | | |
+ ---------->|----------------------------->|----------->|
+ Kill Web | close | del rule |
+ # # :
+
+
--- /dev/null
+<html>\r
+<head>\r
+<title>Opengate Q & A</title>\r
+</head>\r
+\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3>Opengate Q & A</H3>\r
+\r
+Concept\r
+<UL>\r
+<LI>\r
+Why is the authentication needed?\r
+\r
+<BLOCKQUOTE>\r
+There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network\r
+</BLOCKQUOTE>\r
+\r
+<LI>Why don't you use the authentication function inherent in the terminal?\r
+\r
+<BLOCKQUOTE>\r
+Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Why do you try to authenticate at client site? Is the authentication at server site essential? \r
+\r
+<BLOCKQUOTE>\r
+Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software.\r
+\r
+<BLOCKQUOTE>\r
+It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Why don't you use the log obtained at gateway or firewall?\r
+\r
+<BLOCKQUOTE>\r
+The log does not include user identification.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+What is the merit compared with the identification by MAC address.\r
+\r
+<BLOCKQUOTE>\r
+The cost might be large to maitain the matching between user and MAC address.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+What is the merit compared with various authentication systems for network usage proposed recently.\r
+<BLOCKQUOTE>\r
+The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Is there any other application of the system?\r
+<BLOCKQUOTE>\r
+For example, it might be used as the gateway from intra-net to extra-net or the contrary.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+What to do for No Java terminals?\r
+<BLOCKQUOTE>\r
+The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.\r
+\r
+</BLOCKQUOTE>\r
+\r
+\r
+</UL>\r
+\r
+\r
+Usage\r
+<UL>\r
+<LI>\r
+Is the system compatible with wireless LAN?\r
+\r
+<BLOCKQUOTE>\r
+Yes. But do not use the host station having NAT.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Can the system coexists with NAT or DHCP.\r
+\r
+<BLOCKQUOTE>\r
+Yes. But do not insert NAT between the server and client.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Can the MAC address be obtained? \r
+<BLOCKQUOTE>\r
+Yes. But the address is restricted to the one aquired from server on ethernet.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+I want to supply some services without authentication, or I do not want to supply some services even after authentication.\r
+\r
+<BLOCKQUOTE>\r
+The both can be realized by firewall rule set.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+I want to separate the commission range by the user rank.\r
+\r
+<BLOCKQUOTE>\r
+Firewall can be controled by Perl script. If the user rank is discriminated with userID pattern, authentication server, or IP address, it might be done. The function is added in Ver.0.80.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+I want manage temporal users.\r
+\r
+<BLOCKQUOTE>\r
+It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Can the password secret be maintained?\r
+\r
+<BLOCKQUOTE>\r
+Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, radius, and pam(which supports many secure protocols). \r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+How are the scalability and performance?\r
+\r
+<BLOCKQUOTE>\r
+We are using the system in environments including active 50 or above terminals. \r
+</BLOCKQUOTE>\r
+\r
+</UL>\r
+Installation and Development\r
+<UL>\r
+<LI>\r
+I meet bugs on installation.\r
+\r
+<BLOCKQUOTE>\r
+See other document.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Am I permited to use, modify or distribute the program? \r
+\r
+<BLOCKQUOTE>\r
+Yes it is permitted under GPL.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Can I modify the web page design.\r
+\r
+<BLOCKQUOTE>\r
+As the web pages are described in html files, it is easy to modify the design.\r
+</BLOCKQUOTE>\r
+\r
+\r
+<LI>\r
+Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?\r
+\r
+<BLOCKQUOTE>\r
+IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system. \r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Why the archive file is disorder?\r
+\r
+<BLOCKQUOTE>\r
+Sorry. I am trying to order.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Can the server run on other OSs than FreeBSD.\r
+\r
+<BLOCKQUOTE>\r
+No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf.\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+It is not smart that many processes resident. Can these be integrated to one process?\r
+\r
+<BLOCKQUOTE>\r
+Yes. But in the present version, we take priority on simplicity of program. \r
+</BLOCKQUOTE>\r
+\r
+\r
+<LI>\r
+Is the system compatible with IPv6?\r
+\r
+<BLOCKQUOTE>\r
+It might be realized by controlling both ipfw and ip6fw. But, in ipv4/IPv6 dual stack state, it is not so easy to get all IP addresses for the requested terminal. Thus, it is not yet programmed.\r
+\r
+For the present, following method might be the solution, though there is a restriction. Modify the ipfw control script opengatefw.pl as to allow IPv6 packet from/to the requested terminal's MAC address. The method can be used when the gateway and the terminal stay in the same ethernet link.\r
+</BLOCKQUOTE>\r
+\r
+</UL>\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<html LANG="jp">\r
+<head>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
+\r
+<title>Opengate Q & A</title>\r
+</head>\r
+\r
+<BODY>\r
+\r
+<body bgcolor=#BBEECC>\r
+\r
+<H3>Opengate Q & A</H3>\r
+\r
+\88Ó\8b`\r
+<UL>\r
+<LI>\r
+\82»\82à\82»\82à\89½\8cÌ\94F\8fØ\82È\82Ç\82ª\95K\97v\82È\82Ì\82Å\82·\82©\81B\92N\82Å\82à\83l\83b\83g\83\8f\81[\83N\82ª\8eg\82¦\82Ä\97Ç\82¢\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\8ae\83l\83b\83g\83\8f\81[\83N\82Í\81A\82»\82Ì\90Ý\92u\8eï\8e|\82Æ\8co\94ï\95\89\92S\82É\8f]\82Á\82½\97\98\97p\82ª\8b\81\82ß\82ç\82ê\82Ü\82·\81B\8c\88\82µ\82Ä\8e©\97R\97\98\97p\82ª\91O\92ñ\82Å\82Í\82 \82è\82Ü\82¹\82ñ\81B\82³\82ç\82É\81A\83C\83\93\83^\81[\83l\83b\83g\8fã\82Å\82Í\81A\94îæ\8e\92\86\8f\9d\82â\8d¼\8b\\81A\95s\90³\83A\83^\83b\83N\93\99\82Ì\94½\8eÐ\89ï\93I\8ds\93®\82ª\94\90¶\82µ\82Ä\82¢\82Ü\82·\81B\91g\90D\82Æ\82µ\82Ä\82Í\82»\82Ì\82æ\82¤\82È\8ds\93®\82ð\8d\\90¬\88õ\82É\8bN\82±\82µ\82Ä\97~\82µ\82\82 \82è\82Ü\82¹\82ñ\81B\8ae\8e©\82ª\90Ó\94C\82ð\8e\9d\82Á\82Ä\8ds\93®\82µ\82Ä\82¢\82½\82¾\82\82½\82ß\82Ì\88ê\82Â\82Ì\95û\96@\82Æ\82µ\82Ä\96{\83V\83X\83e\83\80\82ª\82 \82è\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\92[\96\96\82ÌOS\82É\95t\90\8f\82·\82é\94F\8fØ\82ð\97\98\97p\82·\82é\82Ì\82Å\82Í\83_\83\81\82È\82Ì\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\93\9d\88ê\82µ\82½PC\8aÂ\8b«\82Ì\8d\\92z\82Æ\88Û\8e\9d\82ª\89Â\94\\82È\83V\83X\83e\83\80\82Ì\8fê\8d\87\82É\82Í\81A\92[\96\96OS\82Ì\94F\8fØ\83V\83X\83e\83\80\82ð\97\98\97p\82µ\82½\95û\82ª\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\95s\93Á\92è\8b@\8aí\82ð\90Ú\91±\82·\82é\82æ\82¤\82È\8aÂ\8b«\82Å\82Í\8b@\94\\82µ\82Ü\82¹\82ñ\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83A\83N\83Z\83X\82³\82ê\82é\91¤\82Ì\83T\81[\83o\82ª\8ae\8e©\82Å\94í\8aQ\82ð\8eó\82¯\82È\82¢\82æ\82¤\82É\81A\94F\8fØ\82»\82Ì\91¼\82Ì\83Z\83L\83\85\83\8a\83e\83B\95Û\8e\9d\82ð\8ds\82¤\82±\82Æ\82ª\96{\97\88\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\82»\82ê\82à\95K\97v\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\91å\8aw\82Ì\82æ\82¤\82É\91½\90\94\82Ì\91½\97l\82È\90l\8aÔ\82ª\94ä\8ar\93I\8e©\97R\82É\97\98\97p\82Å\82«\82é\83l\83b\83g\83\8f\81[\83N\8aÂ\8b«\82ð\92ñ\8b\9f\82µ\82Ä\82¢\82é\91g\90D\82Å\82Í\81A\8aO\95\94\82É\91Î\82µ\82Ä\97l\81X\82È\83g\83\89\83u\83\8b\82ð\8bN\82±\82µ\8bê\8fî\82ª\8añ\82¹\82ç\82ê\82é\89Â\94\\90«\82ª\8d\82\82\82È\82è\82Ü\82·\81B\82»\82Ì\90Ó\94C\82Í\83g\83\89\83u\83\8b\8c´\88ö\82ð\8dì\82Á\82½\96{\90l\82É\8eæ\82Á\82Ä\82¢\82½\82¾\82\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\83l\83b\83g\83\8f\81[\83N\97\98\97p\82É\82Í\81A\82»\82Ì\96Ú\93I\82É\8d\87\82Á\82½\97\98\97p\8eÒ\82Ì\90§\8cÀ\82ª\82 \82é\82±\82Æ\82ª\92Ê\8fí\82¾\82Æ\8ev\82¢\82Ü\82·\81B\82æ\82Á\82Ä\83A\83N\83Z\83X\82·\82é\91¤\82Å\82Ì\94F\8fØ\82à\95K\97v\82Æ\8dl\82¦\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\89½\8cÌ\81A\8cö\8aJ\8cÅ\92è\92[\96\96\82Æ\8fî\95ñ\83R\83\93\83Z\83\93\83g\82Ì\97¼\95û\82ð\91Î\8fÛ\82Æ\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\82·\82©\81B\r
+\8cö\8aJ\8cÅ\92è\92[\96\96\82Í\92[\96\96OS\82Ì\94F\8fØ\82ª\89Â\94\\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\91S\82Ä\82Ì\8cö\8aJ\8cÅ\92è\92[\96\96\82ð\83l\83b\83g\83\8f\81[\83N\8aÇ\97\9d\95\94\96å\82ª\93\9d\88ê\93I\82É\94z\92u\82µ\81A\82»\82Ì\83n\81[\83h\83E\83F\83A\82ð\95s\90³\91\80\8dì\82©\82ç\8eç\82ê\82é\8fó\8bµ\82ª\89Â\94\\82Å\82 \82ê\82Î\82»\82ê\82Å\82à\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\8c»\8eÀ\93I\82É\82Í\8ag\8eU\82µ\82½\8cö\8aJ\8fê\8f\8a\82Ö\91½\90\94\94z\92u\82·\82é\82±\82Æ\82ª\91½\82\81A\97l\81X\82È\8d¢\93ï\82ª\94º\82¢\82Ü\82·\81B\82Ü\82½\8aù\82É\94z\92u\82³\82ê\82½\94F\8fØ\8b@\94\\82Ì\96³\82¢\92[\96\96\82â\95s\8f\\95ª\82È\8aÇ\97\9d\89º\82Ì\92[\96\96\82ª\90\94\91½\82\82 \82è\82Ü\82·\81B\82±\82ê\82ç\82É\82à\91Î\89\9e\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83\8b\81[\83^\82â\83t\83@\83C\83A\83E\83I\81[\83\8b\93\99\81A\92Ê\89ß\93_\82Å\82Ì\8bL\98^\8eæ\93¾\82Å\82Í\82¢\82¯\82È\82¢\82Ì\82Å\82·\82©\81B\r
+<BLOCKQUOTE>\r
+\82±\82Ì\8bL\98^\82Å\82ÍIP\83A\83h\83\8c\83X\82Í\95ª\82©\82è\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\8fo\93ü\82è\82·\82é\8fê\8f\8a\82Ì\8fê\8d\87\82Í\92N\82ª\97\98\97p\82µ\82½\82Ì\82©\95ª\82©\82è\82Ü\82¹\82ñ\81B\97\98\97p\8eÒ\82ª\93Á\92è\82Å\82«\82é\95\94\89®\82Ì\8fê\8d\87\82Í\82±\82Ì\82æ\82¤\82È\8bL\98^\82Å\82à\97Ç\82¢\82Å\82µ\82å\82¤\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+MAC\83A\83h\83\8c\83X\82Å\8cÂ\90l\8e¯\95Ê\82ð\82·\82é\95û\8e®\82à\82 \82é\82æ\82¤\82Å\82·\82ª\81B\r
+<BLOCKQUOTE>\r
+Opengate\82Í\8cÂ\90l\8e¯\95Ê\82ð\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Å\8ds\82Á\82Ä\82¢\82Ü\82·\81B\82±\82Ì\94F\8fØ\93ü\97Í\82Ì\91ã\82í\82è\82ÉMAC\83A\83h\83\8c\83X\82ð\8eg\82¤\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\81B<BR>\r
+\82µ\82©\82µMAC\83A\83h\83\8c\83X\82ð\97\98\97p\82·\82é\95û\8e®\82Í\81AMAC\83A\83h\83\8c\83X\82Æ\82»\82Ì\8f\8a\97L\8eÒ\82Æ\82Ì\8aÖ\8cW\82ð\91O\82à\82Á\82Ä\93o\98^\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\8b@\8aí\8f÷\93n\81E\94p\8aü\82Ì\8dÛ\82É\93o\98^\8fÁ\8b\8e\81A\8b@\8aí\8dX\90V\82Ì\8dÛ\82É\93o\98^\8dX\90V\82ð\8ds\82¤\95K\97v\82ª\82 \82è\82Ü\82·\82ª\81A\97\98\97p\8eÒ\82É\93o\98^\8fÁ\8b\8e\82ð\97ã\8ds\82³\82¹\82é\82Ì\82Í\93ï\82µ\82¢\82Æ\8ev\82í\82ê\82Ü\82·\81B\82±\82ê\82ç\82Ì\89^\97p\8fã\82Ì\96â\91è\93_\82ð\89ð\8c\88\82µ\82È\82¯\82ê\82Î\82È\82è\82Ü\82¹\82ñ\81B\82Ü\82½MAC\83A\83h\83\8c\83X\82Í\83C\81[\83T\83l\83b\83g\90Ú\91±\92[\96\96\82Ì\82Ý\82É\91¶\8dÝ\82·\82é\93_\81A\83\8b\81[\83^\82ð\92´\82¦\82Ä\93`\82í\82ç\82È\82¢\93_\81A\8bU\91\95\82ª\89Â\94\\82Å\82 \82é\93_\82È\82Ç\82à\93ï\93_\82Æ\8c¾\82¦\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\8dÅ\8bß\81A\82³\82Ü\82´\82Ü\82È\83l\83b\83g\83\8f\81[\83N\94F\8fØ\83V\83X\83e\83\80\82ª\94\95\\82³\82ê\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81B\r
+<BLOCKQUOTE>\r
+Opengate\82Í\88È\89º\82Ì\93_\82ð\96\9e\82½\82µ\82Ä\82¢\82é\93_\82ª\93Á\92¥\82Æ\8dl\82¦\82Ü\82·\81B\92[\96\96\82É\91Î\82·\82é\83\\83t\83g\81A\83n\81[\83h\81A\90Ý\92u\8c`\91Ô\81A\90Ú\91±\95û\96@\82È\82Ç\82Ì\90§\8cÀ\82ª\8f\82È\82¢\8e\96\81B\97\98\97p\8eÒ\82Ì\8ew\93±\82â\8aÇ\97\9d\82ª\8dÅ\8f¬\8cÀ\82Å\8dÏ\82Þ\8e\96\81B\88ê\94Ê\93I\82È\83\\83t\83g/\83n\81[\83h\82Å\8d\\90¬\82³\82ê\82Ä\82¨\82è\81A\8aù\91¶\83l\83b\83g\83\8f\81[\83N\82Ö\82Ì\93±\93ü\82ª\97e\88Õ\82Å\82 \82é\8e\96\81B\97\98\97p\8aJ\8en/\8fI\97¹\82É\8dÛ\82µ\82Ä\91¦\8dÀ\82É\83l\83b\83g\83\8f\81[\83N\82Ì\8aJ\95ú/\95Â\8d½\82ª\8ds\82í\82ê\82é\8e\96\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\91¼\82Ì\97p\93r\82É\82Í\97\98\97p\82Å\82«\82Ü\82·\82©\81B\r
+<BLOCKQUOTE>\r
+\96{\83V\83X\83e\83\80\82Í\81A\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82ðWeb\8co\97R\82Å\8eó\82¯\95t\82¯\81A\82»\82ÌIP\83A\83h\83\8c\83X\82Æ\82Ì\83p\83P\83b\83g\82Ì\92Ê\89ß\82ð\8b\96\89Â\82·\82é\83V\83X\83e\83\80\82Å\82·\81B\82»\82Ì\98g\91g\82Ý\82Ì\8aÂ\8b«\82Å\82 \82ê\82Î\97\98\97p\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\97á\82¦\82Î\81A\83G\83N\83X\83g\83\89\83l\83b\83g\82©\82ç\83C\83\93\83g\83\89\83l\83b\83g\82É\91Î\82µ\82Ä\83A\83N\83Z\83X\82·\82é\82½\82ß\82Ì\83o\83C\83p\83X\91\8b\8cû\82ð\90Ý\92u\82·\82é\82±\82Æ\82É\82à\97\98\97p\82Å\82«\82é\82Å\82µ\82å\82¤\81B\93\96\91R\82È\82ª\82ç\8bÉ\82ß\82Ä\8d\82\93x\82È\83Z\83L\83\85\83\8a\83e\83B\83\8c\83x\83\8b\82ð\95K\97v\82Æ\82·\82é\83l\83b\83g\83\8f\81[\83N\82Å\82È\82¢\8fê\8d\87\82Å\82·\82ª\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+Java\82ª\93®\82©\82È\82¢\92[\96\96\82à\82 \82è\82Ü\82·\82ª\81B\r
+<BLOCKQUOTE>\r
+Java\82ª\93®\82©\82È\82¢\82à\82µ\82\82Í\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82Ä\82¢\82È\82¢\92[\96\96\82Å\82à\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82É\82¨\82¢\82Ä\97v\8b\81\82µ\82½\90Ú\91±\8cp\91±\8e\9e\8aÔ\82¾\82¯\83l\83b\83g\83\8f\81[\83N\82ð\8aJ\95ú\82µ\82Ü\82·\81B\82½\82¾\82µ\81A\8fæ\82Á\8eæ\82è\82â\95ú\92u\82É\91Î\89\9e\82·\82é\82½\82ß\81A\88ê\92è\8e\9e\8aÔ\8aÔ\8au\82Å\81AARP\83R\83}\83\93\83h\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\92Ê\89ß\83p\83P\83b\83g\90\94\82Å\83`\83F\83b\83N\82µ\82Ü\82·\81B\82Ü\82½\81A\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\82Ì\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\82·\82é\82±\82Æ\82Å\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82Å\82«\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+\r
+</UL>\r
+\r
+\r
+\97\98\97p\r
+<UL>\r
+<LI>\r
+\96³\90üLAN\82Å\8eg\82¦\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\8eg\82¦\82Ü\82·\81B\82½\82¾\82µ\81A\90e\8bÇ\93à\82ÅNAT\93\99\82É\82æ\82éIP\83A\83h\83\8c\83X\95Ï\8a·\82ª\82È\82³\82ê\82Ä\82¢\82È\82¢\82±\82Æ\82ª\95K\97v\82Å\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+DHCP\82âNAT\82Æ\82Ì\8b¤\97p\82Í\82Å\82«\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\82Å\82«\82Ü\82·\81B\82»\82Ì\82æ\82¤\82È\8eg\82¢\95û\82ª\91½\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82½\82¾\82µNAT\82Í\93¯\88ê\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\8fã\82Å\93®\82©\82·\8fê\8d\87\82Å\82·\81B\96{\83Q\81[\83g\83E\83F\83C\82Æ\92[\96\96\8cQ\82Æ\82Ì\8aÔ\82ÉNAT\91\95\92u\82ð\8b²\82Þ\82±\82Æ\82Í\82Å\82«\82Ü\82¹\82ñ\81B\93¯\82¶IP\83A\83h\83\8c\83X\82ð\91½\90l\90\94\82ª\8eg\97p\82·\82é\8c`\82É\82È\82é\82½\82ß\82Å\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+MAC\83A\83h\83\8c\83X\82Í\8eæ\93¾\82Å\82«\82Ü\82·\82©\81B\r
+<BLOCKQUOTE>\r
+Ver0.53\82É\82Ä\91Î\89\9e\82µ\82Ü\82µ\82½\81B\82½\82¾\82µ\81A\83T\81[\83o\91¤\82ÅARP\82©\82ç\8eæ\93¾\82·\82é\82½\82ß\81A\83T\81[\83o\91¤\82©\82ç\8c©\82¦\82é\83A\83h\83\8c\83X\82Ì\82Ý\82Å\82·\81B\91ã\97\9dARP\82ª\82 \82é\82Æ\82»\82Ì\92\86\8cp\83A\83h\83\8c\83X\82Æ\82È\82è\82Ü\82·\81B\82Ü\82½\81A\93\96\91R\82È\82ª\82ç\81A\83C\81[\83T\83l\83b\83g\82Å\82Ì\82Ý\97L\8cø\82Å\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\88ê\95\94\82Ì\83T\81[\83r\83X\82Í\94F\8fØ\96³\82µ\82É\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\82à\82µ\82\82Í\94F\8fØ\8cã\82à\88ê\95\94\82Ì\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\r
+\r
+<BLOCKQUOTE>\r
+\8f\89\8aú\8fó\91Ô\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83\8b\81[\83\8b\82É\95K\97v\82È\82à\82Ì\82ð\92Ç\89Á\82·\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\82±\82Ì\8f\89\8aú\8fó\91Ô\82É\83\8b\81[\83\8b\82ð\91}\93ü\81E\8dí\8f\9c\82µ\82Ü\82·\81B\82æ\82Á\82Ä\81A\92Ç\89Á\88Ê\92u\82ð\8dH\95v\82·\82ê\82Î\97l\81X\82È\90§\8cä\82ª\89Â\94\\82Å\82·\81B\97á\82¦\82Î\81A\93Á\92è\82Ì\83T\83C\83g\82ð\83A\83N\83Z\83X\8b\96\89Â\82à\82µ\82\82Í\95s\8b\96\89Â\82É\8cÅ\92è\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\97\98\97p\8eÒ\82Ì\83\8c\83x\83\8b\82É\82æ\82Á\82Ä\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\r
+\r
+<BLOCKQUOTE>\r
+Firewall\90§\8cä\82ÉPerl\83X\83N\83\8a\83v\83g\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\83\86\81[\83U\96¼\82â\94F\8fØ\83T\81[\83o\81AIP\83A\83h\83\8c\83X\82È\82Ç\82Å\8bæ\95Ê\82Å\82«\82é\82È\82ç\82Î\81A\83X\83N\83\8a\83v\83g\92\86\82É\8bL\8fq\89Â\94\\82Å\82·\81BVer.0.80\82Å\91Î\89\9e\82µ\82Ü\82µ\82½\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\88ê\8e\9e\93I\97\98\97p\8eÒ\82Ö\82Ì\91Î\89\9e\82Í\82Ç\82¤\82µ\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\94F\8fØ\83T\81[\83o\82Ö\82Ì\88ê\8e\9e\93I\82È\97\98\97p\8eÒ\93o\98^\82ª\95K\97v\82Å\82·\81BOpengate\82Í\81A\95¡\90\94\82Ì\94F\8fØ\83T\81[\83o\82É\83\86\81[\83U\82ð\90U\82è\95ª\82¯\82é\82æ\82¤\82É\8ew\92è\82Å\82«\82Ü\82·\82Ì\82Å\81A\95Ê\93r\82É\88ê\8e\9e\97\98\97p\8eÒ\82Ì\82½\82ß\82Ì\94F\8fØ\83T\81[\83o\82ð\90Ý\92u\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81Bftp\83T\81[\83o\82ª\93®\82¯\82Î\97Ç\82¢\82Ì\82ÅWindows\82È\82Ç\82Ì\8aÈ\88Õ\83T\81[\83o\82Å\82à\89Â\94\\82Æ\8dl\82¦\82Ü\82·\81B\r
+<BR>\r
+\93\96\91å\8aw\82Å\82Í\81A\8c»\8dÝ\82Ì\82Æ\82±\82ë\81A\90}\8f\91\8aÙ\8aO\95\94\97\98\97p\8eÒ\82â\8aw\89ï\8eQ\89Á\8eÒ\82È\82Ç\82Ì\88ê\8e\9e\93I\97\98\97p\8eÒ\82É\91Î\82µ\82Ä\88È\89º\82Ì\89^\97p\82ð\8ds\82Á\82Ä\82¢\82Ü\82·\81B\88ê\8e\9e\97\98\97p\8eÒ\97p\82Ì\94F\8fØ\83T\81[\83o\82ð\97p\88Ó\82·\82é\81B\95K\97v\90\94\82Ì\97\98\97p\8eÒID\82ð\97\98\97p\8aú\8cÀ\95t\82«\82Å\93o\98^\82µ\81A\93¯\8e\9e\82É\97\98\97p\8eÒID\82Æ\83p\83X\83\8f\81[\83h\82¨\82æ\82Ñ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ð\8f\91\82¢\82½\97p\8e\86\82ð\97\98\97p\8eÒID\96\88\82É\88ó\8dü\82·\82é\81B\97\98\97p\8aó\96]\8eÒ\82ª\97\88\96K\82·\82ê\82Î\81A\90g\8c³\82ð\8am\94F\82µ\82Ä\97p\8e\86\82ð1\96\87\93n\82·\81B\93\96\91R\82È\82ª\82ç\96{\97\98\97p\8eÒID\82Í\8aw\93à\82Ì\83T\81[\83o\82Ö\82Ì\83\8d\83O\83C\83\93\93\99\82É\82Í\97\98\97p\82Å\82«\82Ü\82¹\82ñ\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83p\83X\83\8f\81[\83h\82Ì\8eç\94é\82Í\95Û\82Ä\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\8aÔ\82ÍWeb\92Ê\90M\82Å\83p\83X\83\8f\81[\83h\82ð\91\97\82è\82Ü\82·\81B\82æ\82Á\82ÄWeb\83T\81[\83o\82ðSSL\89»\82·\82ê\82Î\8eç\94é\82ª\95Û\82Ä\82Ü\82·\81B\83Q\81[\83g\83E\83F\83C\82Æ\94F\8fØ\83T\81[\83o\82Ì\8aÔ\82Í\81A\8eç\94é\8b@\94\\82Ì\82 \82é\94F\8fØ\83v\83\8d\83g\83R\83\8b\82É\82æ\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\81Apop3s,Radius,PAM\82É\91Î\89\9e\82µ\82Ä\82¢\82Ü\82·\81BPAM\82Í\91½\82\82Ì\94F\8fØ\83v\83\8d\83g\83R\83\8b\82ð\83T\83|\81[\83g\82µ\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83X\83P\81[\83\89\83r\83\8a\83e\83B\82Í\82Ç\82¤\82Å\82·\82©\81B\83p\83t\83H\81[\83}\83\93\83X\82Í\82Ç\82¤\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\90\94\8f\\91ä\82Ì\8eg\97p\82Å\82Í\96â\91è\96³\82\8eg\82¦\82Ä\82¢\82Ü\82·\81B\83N\83\89\83XC\92ö\93x\82Ì\97\98\97p\82Í\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\96{\83V\83X\83e\83\80\82Í\81A\83t\83@\83C\83A\83E\83I\81[\83\8b\83\\83t\83g\82Ì\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\8bK\91¥\82ð\92Ç\89Á\81E\8dí\8f\9c\82·\82é\95û\8e®\82Å\82 \82è\81A\8ae\83N\83\89\83C\83A\83\93\83g\82©\82ç\82Ì\97\98\97p\8aJ\8en\97v\8b\81\8e\9e\82ð\95Ê\82É\82·\82ê\82Î\96w\82Ç\95\89\89×\82Æ\82È\82è\82Ü\82¹\82ñ\81B\97\98\97p\92\86\82Ì\83p\83t\83H\81[\83}\83\93\83X\82Í\81A\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\82â\83p\83P\83b\83g\93]\91\97\82Ì\8f\88\97\9d\94\\97Í\82É\88Ë\91¶\82·\82é\82Æ\8ev\82¢\82Ü\82·\81B\82È\82¨\97Ê\93I\82È\90§\8cÀ\82Æ\82µ\82Ä\82Í\81A\97\98\97p\83N\83\89\83C\83A\83\93\83g\96\88\82É\82P\83v\83\8d\83Z\83X\82ª\8fí\92\93\82·\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\83v\83\8d\83Z\83X\90\94\82Ì\8dÅ\91å\92l\82Í\83J\81[\83l\83\8b\82Å\92²\90®\82Å\82«\82Ü\82·\82µ\81A\83N\83\89\83XC\92ö\93x\96\88\82É\95ª\8a\84\82µ\82Ä\83V\83X\83e\83\80\89^\97p\82·\82é\95û\82ª\83Q\81[\83g\83E\83F\83C\82É\82¨\82¯\82é\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\93\99\82Ì\94\\97Í\82©\82ç\82·\82é\82Æ\8c»\8eÀ\93I\82Å\82µ\82å\82¤\81B\r
+</BLOCKQUOTE>\r
+\r
+</UL>\r
+\93±\93ü\81E\8aJ\94\r
+<UL>\r
+<LI>\r
+\83C\83\93\83X\83g\81[\83\8b\82µ\82½\82ª\93®\82«\82Ü\82¹\82ñ\81B\r
+\r
+<BLOCKQUOTE>\r
+\91½\90\94\82Ì\83\\83t\83g\83E\83F\83A\82Ì\92\87\89î\82ð\82·\82é\83V\83X\83e\83\80\82Å\82·\82Ì\82Å\83f\83o\83b\83O\82Í\96Ê\93|\82¾\82Æ\8ev\82¢\82Ü\82·\81B\95Ê\93r\82É\97p\88Ó\82µ\82½\83`\83F\83b\83N\8d\80\96Ú\8bL\8fq\82Ì\83t\83@\83C\83\8b\82ð\8c©\82Ä\82\82¾\82³\82¢\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\97\98\97p\81E\89ü\95Ï\81E\94z\95z\82Í\89Â\94\\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+GPL\89º\82Å\89Â\94\\82Å\82·\81B\8d¡\8cã\82Ì\8aJ\94\82Ì\82½\82ß\82É\81A\8aJ\94\8eÒ\82Ü\82Å\98A\97\8d\92¸\82¯\82ê\82Î\8dK\82¢\82Å\82·\81B\83o\83O\81E\97v\96]\81E\89ü\95Ï\95ñ\8d\90\82ð\8a½\8c}\82µ\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\94F\8fØWeb\83y\81[\83W\82Ì\83f\83U\83C\83\93\82ð\95Ï\82¦\82½\82¢\82Ì\82Å\82·\82ª\81B\r
+\r
+<BLOCKQUOTE>\r
+\8aeWeb\83y\81[\83W\82ÍHTML\83t\83@\83C\83\8b\82Æ\82µ\82Ä\93Æ\97§\82µ\82Ä\82¢\82Ü\82·\81B\82±\82ê\82ð\8f\91\82«\82©\82¦\82é\82±\82Æ\82Å\8aÈ\92P\82É\82Å\82«\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+\r
+<LI>\r
+IP\83A\83h\83\8c\83X\82É\82æ\82è\91\8a\8eè\82ð\8am\94F\82µ\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81AIP\83X\83v\81[\83t\83B\83\93\83O\82Í\96â\91è\82Å\82Í\82È\82¢\82Å\82·\82©\81B\82Ü\82½\83T\81[\83r\83X\96W\8aQ\8dU\8c\82\82É\82Í\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\82»\82Ì\91¼\82Ì\83A\83^\83b\83N\82É\91Î\82µ\82Ä\82Í\82Ç\82¤\82Å\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+IP\83X\83v\81[\83t\83B\83\93\83O\82Í\83t\83@\83C\83A\83E\83I\81[\83\8b\82Ì\95û\82Ì\90Ý\92è\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\82Ü\82½Opengate\82Í\81A\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82«\82½\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\8c\8a\82ð\8aJ\82¯\82é\82Ì\82Å\81AIP\83A\83h\83\8c\83X\82ð\8bU\82Á\82Ä\82à\82 \82Ü\82è\93¾\82É\82Í\82È\82è\82Ü\82¹\82ñ\81B\91¼\82ª\94F\8fØ\82ð\8eó\82¯\82Ä\8eg\82Á\82Ä\82¢\82é\93¯\82¶IP\83A\83h\83\8c\83X\82ð\8d¼\8fÌ\82µ\82Ä\83p\83P\83b\83g\82ð\97¬\82·\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\8c»\8eÀ\93I\82È\97\98\97p\82Í\93ï\82µ\82¢\82Æ\8ev\82Á\82Ä\82¢\82Ü\82·\81B\83T\81[\83r\83X\96W\8aQ\82É\82Â\82¢\82Ä\82Í\81A\8aeIP\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\93Æ\8e©\82Ì\83|\81[\83g\94Ô\8d\86\82ð\88ê\82Â\91\97\82è\82Â\82¯\8cð\90M\82·\82é\8c`\91Ô\82Å\82·\82Ì\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\96W\8aQ\82ð\8a®\91S\82É\8f\9c\8b\8e\82·\82é\82±\82Æ\82Í\93ï\82µ\82¢\82Å\82·\82ª\81A\83Z\83L\83\85\83\8a\83e\83B\83z\81[\83\8b\82ª\82 \82ê\82Î\82²\8b³\8e¦\89º\82³\82¢\81B\88«\88Ó\82ð\8e\9d\82Á\82½\97\98\97p\82É\91Î\82µ\82Ä\82Í\81A\91Î\8dô\82Æ\82µ\82Ä\8dl\82¦\82ç\82ê\82Ä\82¢\82é\8b@\94\\82È\82Ç\82ð\91g\82Ý\8d\87\82í\82¹\82é\82±\82Æ\82à\89Â\94\\82Å\82 \82ë\82¤\82Æ\8ev\82¢\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83_\83E\83\93\83\8d\81[\83h\83t\83@\83C\83\8b\82Ì\92\86\90g\82ª\97\90\8eG\82È\82Ü\82Ü\82Å\82·\82ª\81B\r
+\r
+<BLOCKQUOTE>\r
+\93Á\82É\90®\97\9d\82¹\82¸\82É\81A\93®\82\82æ\82¤\82É\82È\82Á\82½\8fó\91Ô\82ð\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\81B\96µ\8f\82\82à\82 \82é\82Æ\8ev\82¢\82Ü\82·\81B\82«\82ê\82¢\82É\90®\97\9d\82µ\82Ä\8fo\82µ\82½\82¢\82Ì\82Å\82·\82ª\97]\97T\82ª\96³\82\82Ä\8dÏ\82Ý\82Ü\82¹\82ñ\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\83T\81[\83o\82ÍFreeBSD\88È\8aO\82Å\93®\82«\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\8c»\8fó\82Å\82Í\81AFreeBSD\90ê\97p\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8bipfw\82ð\97\98\97p\82µ\82Ä\82¢\82é\82Ì\82Å\81A\91¼\82ÌOS\82Å\82Í\93®\82«\82Ü\82¹\82ñ\81B\93¯\93\99\82Ì\8b@\94\\82ð\8e\9d\82Â\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8b\82ª\82 \82ê\82Î\81A\91Î\89\9e\82·\82é\82æ\82¤\82É\8f\91\82«\82©\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B\97á\82¦\82ÎLinux\82Ìipchains\82É\8f\91\82«\8a·\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+\92[\96\96\96\88\82É\83v\83\8d\83Z\83X\82ª\90¶\90¬\82³\82ê\82Ä\91å\97Ê\82É\8fí\92\93\82µ\8bC\8e\9d\82¿\97Ç\82\82 \82è\82Ü\82¹\82ñ\81B\88ê\82Â\82É\82Ü\82Æ\82Ü\82è\82Ü\82¹\82ñ\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+\83A\83\8b\83S\83\8a\83Y\83\80\82ð\8aÈ\92P\82É\82·\82é\82½\82ß\82É\8d¡\82Ì\95û\8e®\82ð\8eæ\82è\82Ü\82µ\82½\81B\8aÄ\8e\8b\83v\83\8d\83Z\83X\82ð\88ê\82Â\82É\82Ü\82Æ\82ß\82é\82±\82Æ\82à\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\91½\90\94\82Ì\8e\9e\8aÔ\91Ò\82¿\82Æ\83A\83N\83Z\83X\91Ò\82¿\82ð\90§\8cä\82·\82é\82Ì\82Í\81A\83T\81[\83r\83X\96W\8aQ\82»\82Ì\91¼\82Ì\8dl\97¶\93_\82à\82 \82è\81A\82©\82È\82è\96Ê\93|\82Å\82·\81B\8aO\95\94\8fð\8c\8f\82ð\8a¨\88Ä\82·\82é\82Æ\88ê\82Â\82É\82Ü\82Æ\82ß\82é\8bÙ\8b}\93x\82ª\92á\82¢\82Æ\8dl\82¦\82Ä\8cã\89ñ\82µ\82É\82µ\82Ä\82¢\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+<LI>\r
+IPv6\82É\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\r
+\r
+<BLOCKQUOTE>\r
+ipfw\82Æ\82Æ\82à\82Éip6fw\82ð\90§\8cä\82·\82é\82æ\82¤\82É\82·\82ê\82Î\89Â\94\\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\81AIpv4/IPv6\83f\83\85\83A\83\8b\83X\83^\83b\83N\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82Ì\95¡\90\94IP\83A\83h\83\8c\83X\82ð\81A\91S\82Ä\94c\88¬\82µ\82Ä\93¯\8e\9e\82É\8aJ\95ú/\95Â\8d½\82·\82é\8e\96\82Í\97e\88Õ\82Å\82Í\82È\82¢\82½\82ß\81A\8c»\8fó\82Å\82Í\8eÀ\91\95\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\8c»\83v\83\8d\83O\83\89\83\80\82É\82¨\82¢\82Ä\82Í\81A\8fð\8c\8f\95t\82Å\82·\82ª\88È\89º\82Ì\95û\96@\82Å\8eÀ\8c»\82Å\82«\82Ü\82·\81B\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83gopengatefw.pl\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82ÌMAC\83A\83h\83\8c\83X\82ð\91\97\90M\8c³\82Ü\82½\82Í\91\97\90M\90æ\82Æ\82·\82éIPv6\83p\83P\83b\83g\82ð\8b\96\89Â\82·\82éipfw\83R\83}\83\93\83h\82ð\92Ç\89Á\82µ\82Ä\82\82¾\82³\82¢\81B\82½\82¾\82µ\81A\83C\81[\83T\83l\83b\83g\82Ì\93¯\88ê\83\8a\83\93\83N\93à\82É\92[\96\96\82ª\82 \82é\8fê\8d\87\82É\8cÀ\92è\82³\82ê\82Ü\82·\81B\r
+</BLOCKQUOTE>\r
+\r
+</UL>\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+#!/usr/bin/perl
+#This is a script to remove superfluous rules left bihind at the abnornmal termination of opengate process.
+
+#get opengate process information from 'ps x' output
+# and save it to $proc table.
+
+open(pspipe, "ps x|");
+while(<pspipe>){
+ if(/opengatesrv.cgi: (.*),(.*),/){
+ $rule=$1; $user=$2;
+ $proc{$rule}=$user;
+ }
+}
+close(pspipe);
+
+
+#get firewall rules from 'ipfw list' output,
+# and delete the superfluous rules that are not included in $proc table.
+
+open(ipfwpipe, "ipfw list|");
+$delcount=0;
+$rule=0;
+while(<ipfwpipe>){
+ if(/^(\d*) allow/){
+ $rulesave=$rule;
+ $rule=$1;
+ if($rule>=10000 and $rule<=40000 and $rule!=$rulesave){
+ if(!defined($proc{$rule})){
+ system "ipfw del $rule";
+ $delcount++;
+ }
+ }
+ }
+}
+close(ipfwpipe);
+
+print $delcount." rules are deleted.\n";
+
+
+
--- /dev/null
+/**************************************************/\r
+/* opengate client */\r
+/* 1999-2002 */\r
+/* Yoshiaki Watanabe, */\r
+/* Saga University, Japan, */\r
+/* E-Mail:watanaby@is.saga-u.ac.jp */\r
+/**************************************************\r
+opengate client\r
+ java applet downloaded to client machine \r
+\r
+Copyright (C) 1999-2002 Yoshiaki Watanabe\r
+\r
+This program is free software; you can redistribute it and/or\r
+modify it under the terms of the GNU General Public License\r
+as published by the Free Software Foundation; either version 2\r
+of the License, or (at your option) any later version.\r
+\r
+This program is distributed in the hope that it will be useful,\r
+but WITHOUT ANY WARRANTY; without even the implied warranty of\r
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
+GNU General Public License for more details.\r
+\r
+You should have received a copy of the GNU General Public License\r
+along with this program; if not, write to the Free Software\r
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,\r
+USA.\r
+\r
+Email: watanaby@is.saga-u.ac.jp\r
+\r
+Programmed by Yoshiaki WATANABE, Saga University\r
+Modified by Shin-ichi TADAKI, Saga University\r
+**************************************************/\r
+import java.awt.*;\r
+import java.applet.*;\r
+import java.net.*;\r
+import java.io.*;\r
+ \r
+/** Wrapper to make Applet **/\r
+public class Opengate extends Applet{\r
+\r
+ String hostname;\r
+ int port;\r
+ String userid;\r
+ String language;\r
+ int intlang=0;/* if language is japanese, set 1*/\r
+ OpengateClient client;\r
+ Label headlabel;\r
+ Label userlabel;\r
+ Label msglabel;\r
+\r
+ /* Applet initialize */\r
+ public void init(){\r
+\r
+ /* Get Applet Parameters */\r
+ port=Integer.parseInt(getParameter("port"));\r
+ userid=getParameter("user");\r
+ hostname =getCodeBase().getHost();\r
+ language = getParameter("lang");\r
+ if(language.equals("ja")) intlang=1;\r
+ if(language.equals("en")) intlang=2;\r
+\r
+ /* Panel Layout */\r
+ setLayout(new FlowLayout(FlowLayout.CENTER));\r
+ setBackground(Color.yellow);\r
+ \r
+ /* Make Label */\r
+ if(intlang ==1){\r
+ add(headlabel=new Label("\83l\83b\83g\83\8f\81[\83N\97\98\97p\8b\96\89Â"));\r
+ add(userlabel=new Label("\83\86\81[\83U\96¼="+userid));\r
+ add(msglabel=new Label("Java Applet\82ª\8bN\93®\82µ\82Ü\82µ\82½ \81@\81@\81@ \81@\81@\81@\81@\81@ "));\r
+ } else {\r
+ add(headlabel=new Label("Authenticated for network use"));\r
+ add(userlabel=new Label("User name="+userid));\r
+ add(msglabel=new Label("Java Applet is running \81@\81@\81@ \81@\81@\81@\81@\81@ "));\r
+ }\r
+\r
+ /* Connect to Server */\r
+ client=new OpengateClient(hostname, port, userid, intlang, this);\r
+ client.start();\r
+ }\r
+ public void msgout(String msg){\r
+ /* byte[] code = msg.getBytes("EUCJIS");\r
+ String msgj=new String(code,"EUCJIS");\r
+ */\r
+ msglabel.setText(msg);\r
+ repaint();\r
+ }\r
+ public void stop(){\r
+ try{\r
+ client.join();\r
+ }catch(InterruptedException e){\r
+ msgout("Error at Client Join ");\r
+ }\r
+ }\r
+}\r
+\r
+/** Class for Client to communicate with host **/\r
+class OpengateClient extends Thread{\r
+ int port; /* opengate port */\r
+ String hostname; /* java download host name */\r
+ Socket socket; /* Socket for server */\r
+ String userid;\r
+ PrintStream outStream; /* output stream to server */\r
+ BufferedReader inStream; /* input stream from server */\r
+ String currentReply; /* reserve last reply from server */\r
+ boolean onLine; /* Client is connected to server or not */\r
+ Opengate main; /* main class */\r
+ int intlang;\r
+\r
+ /* Instance Creater */\r
+ public OpengateClient(String hostname, int port, \r
+ String userid, int intlang, Opengate main){\r
+ this.hostname=hostname;\r
+ this.port=port;\r
+ this.userid=userid;\r
+ this.main=main;\r
+ this.intlang=intlang;\r
+ onLine=false;\r
+ }\r
+\r
+ /* connect to server */\r
+ boolean connect(){\r
+ try{\r
+ if(intlang==1){\r
+ main.msgout("\83z\83X\83g"+hostname+":"+Integer.toString(port)+"\82É\90Ú\91±\92\86\82Å\82·");\r
+ } else {\r
+ main.msgout("Connecting to host "+hostname+":"+Integer.toString(port));\r
+ }\r
+ socket=new Socket(hostname, port);\r
+ outStream=new PrintStream(socket.getOutputStream());\r
+ inStream=new BufferedReader(\r
+ new InputStreamReader(\r
+ socket.getInputStream()));\r
+ }catch(UnknownHostException e){\r
+ if(intlang==1)\r
+ main.msgout("SocketConnect\92\86\82ÉUnknownHost\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
+ else \r
+ main.msgout("UnknownHost exception in SocketConnect");\r
+ return false;\r
+ }catch(IOException e){\r
+ if(intlang==1)\r
+ main.msgout("SocketConnect\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
+ else\r
+ main.msgout("I/O exception in SocketConnect");\r
+ return false;\r
+ }\r
+ onLine=true;\r
+ return true;\r
+ }\r
+\r
+ /* disconnect from server */\r
+ void disconnect(){\r
+ if(onLine){\r
+ putLine("quit");\r
+ }\r
+ if(socket!=null){\r
+ try{\r
+ socket.close();\r
+ }catch(IOException e){\r
+ if(intlang==1)\r
+ main.msgout("SocketClose\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
+ else\r
+ main.msgout("I/O exception in SocketClose");\r
+ }\r
+ }\r
+ }\r
+\r
+ /* put out one line to server */\r
+ void putLine(String string){\r
+ outStream.print(string+"\r\n");\r
+ }\r
+\r
+ /* get one line from server */\r
+ String getLine(){\r
+ try{\r
+ currentReply=inStream.readLine();\r
+ }catch(IOException e){\r
+ if(intlang==1)\r
+ main.msgout("SocketRead\92\86\82ÉI/O\97á\8aO\82ª\94\90¶\82µ\82Ü\82µ\82½");\r
+ else\r
+ main.msgout("I/O exception in SocketRead");\r
+ return "";\r
+ }\r
+ return currentReply;\r
+ }\r
+\r
+ /* called back from client.start */\r
+ public void run(){\r
+ int count=0;\r
+ java.text.SimpleDateFormat formatter \r
+ =new java.text.SimpleDateFormat("H:mm") ;\r
+ if(connect()==false){\r
+ disconnect();\r
+ return;\r
+ }\r
+ putLine(userid);\r
+ if(getLine().indexOf("accept")==-1){\r
+ if(intlang==1)\r
+ main.msgout("\83T\81[\83o\82©\82çAccept\82ª\91\97\82ç\82ê\82Ä\97\88\82Ü\82¹\82ñ");\r
+ else \r
+ main.msgout("Not receive Accept from the server");\r
+ disconnect();\r
+ return;\r
+ }\r
+ if(intlang==1)\r
+ main.msgout("\90³\8fí\82É\8aJ\8en\82µ\82Ü\82µ\82½");\r
+ else\r
+ main.msgout("Start Normally");\r
+\r
+ while(getLine().indexOf("hello")!=-1){\r
+ putLine("hello");\r
+ if(intlang==1){\r
+ main.msgout("\90Ú\91±\8am\94F="+formatter.format(new java.util.Date()));\r
+ } else {\r
+ main.msgout("Confirm connection="+formatter.format(new java.util.Date())); \r
+ }\r
+ }\r
+ if(intlang==1)\r
+ main.msgout("\83l\83b\83g\83\8f\81[\83N\82Í\95Â\8d½\82³\82ê\82Ü\82µ\82½");\r
+ else \r
+ main.msgout("Connection closed");\r
+ return;\r
+ } \r
+}\r
+\r
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<HEAD>
+<TITLE>Opengatemain</TITLE>
+</HEAD>
+<BODY>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if(!navigator.javaEnabled())
+ alert("Cannot run Java. You should click TERMINATE link in another page to close the network.");
+w=window.open("http://%%HOSTADDR%%%%OPENGATEDIR%%/en/accept2.html","window1");
+//-->
+</SCRIPT>
+<NOSCRIPT>
+<H2>Cannot run JavaScript. Check setting.</H2>
+</NOSCRIPT>
+
+<P>You can use the network, if your name appears below.</P>
+<HR>
+<DIV ALIGN=CENTER>
+**OpengateAppletHere**
+</DIV>
+<HR>
+
+<table border="1">
+<tr><td><font color=red">
+If your browser denies to open the working window, click
+<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/en/accept2.html" target="_blank">
+here</a> to opne it.</font>
+</td></tr>
+<tr><td>
+If your computer does not have Java VM, access
+<a href="http://java.com/en/index.jsp">here</a> to download.
+</td></tr>
+</table>
+
+<P>
+You will be disconnected when you stop your WEB browser.
+Do not forget to stop your WEB brower when you finish to use the network.
+</P>
+<P>
+If you are using user terminals in University Library, please close
+all windows by "CLOSE" in "FILE" menu at the upper left corner of the
+window.
+</P>
+<P>
+<TABLE BORDER=1><TR><TD>
+<B>If your name does not appear</B>, short time usage is permitted. In this case, you should <A HREF=**TerminateUrlHere**>click HERE to close the network</A> (No need to click, when your name appears above).
+</TD></TR></TABLE>
+</P>
+
+</BODY>
+</HTML>
+
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<HEAD>
+<TITLE>Opengatemain</TITLE>
+</HEAD>
+<BODY>
+You are authenticated. You can use the network.
+<P>
+<P>
+Your authentication is valid until you quit your browser.
+Do not forget to stop your WEB brower when you finish to use the network.
+</P>
+<P>
+If you are using user terminals in University Library, please close
+all windows by "CLOSE" in "FILE" menu at the upper left corner of the
+window.
+</P>
+
+<HR>
+<P>Saga university related sites</P>
+<A HREF="http://www.saga-u.ac.jp/">Official Page</A>
+<A HREF="http://www.cc.saga-u.ac.jp/">Computer and Network Center</A>
+(<A HREF="http://webmailer.cc.saga-u.ac.jp/">WebMailer</A>)
+<A HREF="http://www.domino.lib.saga-u.ac.jp/">University Library</A>
+<A HREF="http://job.admin.saga-u.ac.jp/">Job Consultant</A>
+</P>
+<HR>
+<P>Search</P>
+<a href="http://jp.excite.com/">Exite Japan</a>
+<a href="http://www.goo.ne.jp/">Goo</a>
+<a href="http://www.infoseek.co.jp/">Infoseek</a>
+<a href="http://navi.ocn.ne.jp/">NTT Directory</a>
+<a href="http://www.lycos.co.jp/">Lycos</a>
+<a href="http://www.msn.co.jp/home.htm">MSN</a>
+<a href="http://www.fresheye.com/">Fresheye</a>
+<BR>
+<a href="http://odin.ingrid.org/">ODIN</a>
+<a href="http://www.jp.opentext.com/indexb.html">Open Text Index</a>
+<a href="http://www.isize.com/">ISIZE</a>
+<a href="http://www.csj.co.jp/">CSJ</a>
+<a href="http://www.inetg.com/">iNET</a>
+<a href="http://www.wave.co.jp/wave/">Wave Navi</a>
+<a href="http://www.yahoo.co.jp/">Yahoo Japan</a>
+<BR>
+<a href="http://www.altavista.com/">Altavista</a>
+<a href="http://www.google.com/">Google</a>
+</BODY>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<HEAD>
+<TITLE>Opengatedeny</TITLE>
+</HEAD>
+<BODY>
+<P>
+Network authentication failed. Please retry again.
+</P>
+<A HREF=http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html>BACK</A>
+</BODY>
+</HTML>
--- /dev/null
+<HTML>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
+<HEAD>\r
+<TITLE>OpengateStart</TITLE>\r
+</HEAD>\r
+\r
+<BODY>\r
+<center>\r
+\r
+<H2>Network Authentication</H2>\r
+\r
+<hr SIZE=4 WIDTH="100%">\r
+\r
+<P><font size=+1>You are requested to be authenticated before using network.\r
+</font></P>\r
+\r
+<P><font size=+1>You will be authenticated with your user ID and\r
+password for systems in Computer and Network Center (CNC). If you do\r
+not know your user ID and/or password, please consult CNC.\r
+</font></P>\r
+\r
+<P>\r
+Please enter your user ID and password in the box below, then press\r
+SEND.\r
+</P>\r
+\r
+<P>\r
+<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">\r
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">\r
+\r
+<TABLE BORDER=0>\r
+<TR NOWRAP>\r
+<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>\r
+</TR><TR NOWRAP>\r
+<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>\r
+</TR><TR NOWRAP>\r
+<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>\r
+</TR>\r
+</TABLE>\r
+\r
+<hr>\r
+Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage. \r
+\r
+</FORM>\r
+</P>\r
+\r
+<hr WIDTH="100%">\r
+\r
+</center>\r
+\r
+<p><font size=+1>If you have some questions, please contact CNC.\r
+\r
+<div align=right>November 2000\r
+\r
+<br>CNC (Computer and Network Center)</div>\r
+\r
+</BODY>\r
+\r
+</HTML>\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
--- /dev/null
+<HTML>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
+<HEAD>\r
+<TITLE>OpengateStart</TITLE>\r
+</HEAD>\r
+\r
+<BODY>\r
+<H1 align=center>Network Authentication</H1>\r
+\r
+<hr>\r
+[<a href="../ja/index.html">Japanese version</a>]\r
+<hr>\r
+<div align=center>\r
+<P><font size=+1>You are requested to be authenticated before using network.\r
+</font></P>\r
+\r
+<P><font size=+1>You will be authenticated with your user ID and\r
+password for systems in Computer and Network Center (CNC). If you do\r
+not know your user ID and/or password, please consult CNC.\r
+</font></P>\r
+\r
+<P>\r
+Please enter your user ID and password in the box below, then press SEND.\r
+Please use SSL Authentication as far as possible to prevent wiretapping. \r
+</P>\r
+<P><A HREF="https://%%HOSTADDR%%%%OPENGATEDIR%%/en/index-ssl.html">SSL Authentication</A></P>\r
+\r
+<P>\r
+<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">\r
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">\r
+\r
+<TABLE BORDER=0>\r
+<TR NOWRAP>\r
+<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>\r
+</TR><TR NOWRAP>\r
+<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>\r
+</TR><TR NOWRAP>\r
+<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>\r
+</TR>\r
+</TABLE>\r
+\r
+<hr>\r
+Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage. \r
+\r
+</FORM>\r
+</P>\r
+\r
+</div>\r
+<hr>\r
+\r
+<p><font size=+1>If you have some questions, please contact CNC.\r
+\r
+<div align=right>November 2000\r
+\r
+<br>CNC (Computer and Network Center)</div>\r
+\r
+</BODY>\r
+\r
+</HTML>\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
--- /dev/null
+<HTML>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
+<META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html">\r
+<HEAD>\r
+<TITLE>OpengateStart</TITLE>\r
+</HEAD>\r
+<BODY>\r
+You will automatically enter to the page for <i>Network Authentication</i>\r
+by Opengate.\r
+<P>\r
+If you can not move to the page automatically, click the following.\r
+<P>\r
+<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html">Network Authentication</a>\r
+<hr>\r
+Computer and Network Center, Saga University\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>Opengatemain</TITLE>
+</HEAD>
+<BODY>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if(!navigator.javaEnabled())
+ alert("Java\e$B$,M-8z$K$J$C$F$$$^$;$s!#%M%C%H%o!<%/$rJD$8$k$K$O!"JL%Z!<%8$KI=<($5$l$F$$$kMxMQCfCG$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B");
+w=window.open("http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/accept2.html","window1");
+//-->
+</SCRIPT>
+<NOSCRIPT>
+<H2>JavaScript\e$B$,M-8z$K$J$C$F$$$^$;$s!#@_Dj$r3NG'2<$5$$!#\e(B</H2>
+</NOSCRIPT>
+
+<P>\e$B$3$N2<$K%f!<%6L>$,I=<($5$l$?$i!"%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B</P>
+<HR>
+<DIV ALIGN=CENTER>
+**OpengateAppletHere**
+</DIV>
+<HR>
+
+<table border="1">
+<tr><td><font color=red">
+\e$B$b$&0l$D$N:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"\e(B
+<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/accept2.html"
+target="_blank">\e$B$3$A$i\e(B</a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B</font>
+</td></tr>
+<tr><td>
+\e$B$*;H$$$N%3%s%T%e!<%?$K\e(BJava\e$B$N<B9T4D6-$,L5$$>l9g$K$O!"\e(B
+<a href="http://java.com/ja/index.jsp">\e$B$3$3$+$i\e(B</a>
+\e$B%@%&%s%m!<%I$7$F$/$@$5$$!#\e(B
+</td></tr>
+</table>
+<P>
+Web\e$B%V%i%&%6$,=*N;$7$?$H$-$K!"%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#\e(B
+\e$B0-MQ$5$l$J$$$?$a$K!"MxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
+</P>
+<P>
+\e$B?^=q4[$N@lMQC<Kv$G=*N;$9$k$K$O!"2hLL:8>eC<$N\e(BFile\e$B%a%K%e!<$+$i!VJD$8$k!W$rA*$s$GA4$F$N%&%$%s%I%&$rJD$8$F$/$@$5$$!#\e(B
+</P>
+<P>
+<TABLE BORDER=1><TR><TD>
+<B>
\e$B%f!<%6L>$,I=<($5$l$J$$$H$-
\e(B</B>
\e$B$b0lDj;~4V$NMxMQ$,$G$-$^$9!#$3$N>l9g$K%M%C%H%o!<%/$rJD$8$k$K$O!"
\e(B<A HREF=**TerminateUrlHere**>
\e$BMxMQCfCG
\e(B</A>
\e$B$r%/%j%C%/$7$F$/$@$5$$!#%f!<%6L>$,I=<($5$l$F$$$l$P!"%/%j%C%/$OITMW$G$9!#
\e(B
+</TD></TR></TABLE>
+</P>
+
+</BODY>
+</HTML>
+
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>Opengatemain</TITLE>
+</HEAD>
+<BODY>
+\e$BMxMQ<TG'>Z$,DL$j$^$7$?!#%M%C%H%o!<%/$rMxMQ$G$-$^$9!#\e(B
+<P>
+<P>
+Web\e$B%V%i%&%6$,=*N;$7$?$H$-$K!"%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#0-MQ$5$l$J$$$?$a$K!"MxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
+</P>
+<P>
+\e$B?^=q4[$N@lMQC<Kv$G=*N;$9$k$K$O!"2hLL:8>eC<$N\e(BFile\e$B%a%K%e!<$+$i!VJD$8$k!W$rA*$s$GA4$F$N%&%$%s%I%&$rJD$8$F$/$@$5$$!#\e(B
+</P>
+
+<HR>
+<P>\e$B:42lBg3X4X78%5%$%H\e(B</P>
+<A HREF="http://www.saga-u.ac.jp/">\e$BBg3X8x<0%Z!<%8\e(B</A>
+<A HREF="http://www.cc.saga-u.ac.jp/">\e$B3X=Q>pJs=hM}%;%s%?!<$N%Z!<%8\e(B</A>
+(<A HREF="http://webmailer.cc.saga-u.ac.jp/">\e$B%&%'%V%a%$%i!<\e(B</A>)
+<A HREF="http://www.domino.lib.saga-u.ac.jp/">\e$BBg3XIUB0?^=q4[$N%Z!<%8\e(B</A>
+<A HREF="http://job.admin.saga-u.ac.jp/">\e$BBg3X="?&AjCL<<$N%Z!<%8\e(B</A>
+</P>
+<HR>
+<P>\e$B8!:w%(%s%8%s\e(B</P>
+<a href="http://jp.excite.com/">Exite Japan</a>
+<a href="http://www.goo.ne.jp/">Goo</a>
+<a href="http://www.infoseek.co.jp/">Infoseek</a>
+<a href="http://navi.ocn.ne.jp/">NTT Directory</a>
+<a href="http://www.lycos.co.jp/">Lycos</a>
+<a href="http://www.msn.co.jp/home.htm">MSN</a>
+<a href="http://www.fresheye.com/">Fresheye</a>
+<BR>
+<a href="http://odin.ingrid.org/">ODIN</a>
+<a href="http://www.jp.opentext.com/indexb.html">Open Text Index</a>
+<a href="http://www.isize.com/">ISIZE</a>
+<a href="http://www.csj.co.jp/">CSJ</a>
+<a href="http://www.inetg.com/">iNET</a>
+<a href="http://www.wave.co.jp/wave/">Wave Navi</a>
+<a href="http://www.yahoo.co.jp/">Yahoo Japan</a>
+<BR>
+<a href="http://www.altavista.com/">Altavista</a>
+<a href="http://www.google.com/">Google</a>
+</BODY>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>Opengatedeny</TITLE>
+</HEAD>
+<BODY>
+<P>
+\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
+</P>
+<A HREF=http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html>\e$BLa$k\e(B</A>
+</BODY>
+</HTML>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+
+<BODY>
+<center>
+
+<H2>\e$B%M%C%H%o!<%/MxMQG'>Z\e(B</H2>
+
+<hr SIZE=4 WIDTH="100%">
+
+<P><font size=+1>\e$B%M%C%H%o!<%/$NMxMQ$r;O$a$kA0$K!"\e(B \e$BMxMQ;q3J$N3NG'$r9T$C$F$/$@$5$$!#\e(B</font></P>
+
+<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"3X=Q>pJs=hM}%;%s%?!<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
+
+<P>
+\e$B2<$NF~NOMs$K!"%f!<%6\e(BID\e$B$H%Q%9%o!<%I$rF~NO$7$F!"!VAw?.!W%\%?%s$r2!$7$F2<$5$$!#\e(B
+</P>
+
+<P>
+<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
+
+<TABLE BORDER=0>
+<TR NOWRAP>
+<TD>\e$B%f!<%6\e(BID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>
+</TR><TR NOWRAP>
+<TD>\e$B%Q%9%o!<%I\e(B:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
+</TR><TR NOWRAP>
+<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
+</TR>
+</TABLE>
+
+
+<hr>
+\e$BI,MW$H$9$kMxMQ7QB3;~4V!'\e(B <INPUT TYPE="TEXT" SIZE=3 NAME="duration">\e$BJ,\e(B(\e$B:GBg\e(B3\e$B;~4V\e(B)\e$B!#\e(BJavaApplet\e$B$,F0$/%V%i%&%6$G$O@_DjITMW$G$9!#$J$*!";XDj;~4V$h$jAa4|$KMxMQ$r=*$k;~$K$O!"5v2D%Z!<%8$K$"$k!VMxMQCfCG!W$N%j%s%/$r%/%j%C%/$7$F2<$5$$!#\e(B
+
+</FORM>
+</P>
+
+<hr>
+
+</center>
+
+<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"3X=Q>pJs=hM}%;%s%?!<$K$*?R$M$/$@$5$$!#\e(B
+
+<div align=right>2000\e$BG/\e(B11\e$B7n\e(B
+
+<br>\e$B3X=Q>pJs=hM}%;%s%?!<\e(B</div>
+
+</BODY>
+
+</HTML>
+
+
+
+
+
+
+
+
+
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+
+<BODY>
+
+<H1 align=center>\e$B%M%C%H%o!<%/MxMQG'>Z\e(B</H1>
+<H2 align=center>Network Authentication</H2>
+<hr>
+[<a href="../en/index.html">English version</a>]
+<hr>
+<div align=center>
+
+<P><font size=+1>\e$B%M%C%H%o!<%/$NMxMQ$r;O$a$kA0$K!"\e(B \e$BMxMQ;q3J$N3NG'$r9T$C$F$/$@$5$$!#\e(B</font></P>
+
+<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"3X=Q>pJs=hM}%;%s%?!<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
+
+<P>
+\e$B2<$NF~NOMs$K!"%f!<%6\e(BID\e$B$H%Q%9%o!<%I$rF~NO$7$F!"!VAw?.!W%\%?%s$r2!$7$F2<$5$$!#\e(B
+\e$B%Q%9%o!<%I$NEpD0$rKI$0$?$a$K!"$G$-$k$@$1\e(BSSL\e$BBP1~G'>Z$rMxMQ$7$F2<$5$$!#\e(B
+</P>
+
+<P><A HREF="https://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index-ssl.html">SSL\e$BBP1~G'>Z\e(B</A></P>
+
+<P>
+<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
+
+<TABLE BORDER=0>
+<TR NOWRAP>
+<TD>\e$B%f!<%6\e(BID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>
+</TR><TR NOWRAP>
+<TD>\e$B%Q%9%o!<%I\e(B:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
+</TR><TR NOWRAP>
+<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
+</TR>
+</TABLE>
+
+<hr>
+\e$BI,MW$H$9$kMxMQ7QB3;~4V!'\e(B <INPUT TYPE="TEXT" SIZE=3 NAME="duration">\e$BJ,\e(B(\e$B:GBg\e(B3\e$B;~4V\e(B)\e$B!#\e(BJavaApplet\e$B$,F0$/%V%i%&%6$G$O@_DjITMW$G$9!#$J$*!";XDj;~4V$h$jAa4|$KMxMQ$r=*$k;~$K$O!"5v2D%Z!<%8$K$"$k!VMxMQCfCG!W$N%j%s%/$r%/%j%C%/$7$F2<$5$$!#\e(B
+</FORM>
+</P>
+
+</div>
+
+<hr>
+
+<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"3X=Q>pJs=hM}%;%s%?!<$K$*?R$M$/$@$5$$!#\e(B
+
+<div align=right>2000\e$BG/\e(B11\e$B7n\e(B
+
+<br>\e$B3X=Q>pJs=hM}%;%s%?!<\e(B</div>
+
+</BODY>
+
+</HTML>
+
+
+
+
+
+
+
+
+
--- /dev/null
+<HTML>\r
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">\r
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
+<META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html">\r
+<HEAD>\r
+<TITLE>OpengateStart</TITLE>\r
+</HEAD>\r
+<BODY>\r
+Opengate\e$B$K$h$k!V%M%C%H%o!<%/MxMQG'>Z!W$N%Z!<%8$X<+F00\F0$7$^$9!#\e(B\r
+<P>\r
+\e$B<+F00\F0$G$-$J$$J}$O$3$A$i$r%/%j%C%/$7$F2<$5$$!#\e(B\r
+<P>\r
+<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html">\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</a>\r
+<HR>\r
+\e$B:42lBg3X3X=Q>pJs=hM}%;%s%?!<\e(B\r
+</BODY>\r
+</HTML>\r
--- /dev/null
+##################### Change following ###################
+## must be matched to descriptions in html files ########
+## some other parameters exist in opengatesrv.h ########
+
+# Change HOSTADDR to your gateway client side IP address#
+#########################################################
+HOSTADDR = 192.168.29.138
+
+### first web access directory top entered by forwarding
+# top dir (must be *NonSSL* page top)
+HTMLTOP1 = /usr/local/www/data
+
+### subsequent web access directory and files
+# top dir (can be SSL page top)
+HTMLTOP2 = /usr/local/www/data
+
+# opengate documents directory relative to HTMLTOP2
+OPENGATEDIR = /opengate
+
+### opengate cgi program
+CGIPATH = /usr/local/www/cgi-bin${OPENGATEDIR}
+CGIPROG = opengatesrv.cgi
+
+### opengatesrv configuration file(copied from ../conf/opengatesrv.conf)
+CONFIGFILE = /etc/opengatesrv.conf
+
+### use perl script(=1) to add firewall rule or execl ipfw directly(=0)
+# 1 is for flexible control and 0 is for simple control(full open).
+USEFWSCRIPT=1
+### firewall control perl script (copied from ../conf/opengatefw.pl)
+FWSCRIPT = opengatefw.pl
+FWSCRIPTPATH = /etc/${FWSCRIPT}
+
+### lockfile for ipfw exclusive exec
+LOCKFILE=/tmp/opengate.lock
+
+### htmldocs and the languages (first one is the default language)
+# store documents in each language directory under OPENGATEDIR
+HTMLDOCS=topindex.html index.html index-ssl.html accept.html accept2.html deny.html
+DENYDOC = deny.html
+ACCEPTDOC = accept.html
+HTMLLANGS=ja en
+
+# path to arp command
+ARPPATH=/usr/sbin/arp
+# path to ipfw command
+IPFWPATH=/sbin/ipfw
+##########################################################
+
+OGPATH=${HTMLTOP2}${OPENGATEDIR}
+
+CFLAGS=-DCONFIGFILE=\"${CONFIGFILE}\" \
+ -DOPENGATEDIR=\"${OPENGATEDIR}\" \
+ -DDENYDOC=\"${DENYDOC}\" \
+ -DOGPATH=\"${OGPATH}\" \
+ -DACCEPTDOC=\"${ACCEPTDOC}\" \
+ -DIPFWPATH=\"${IPFWPATH}\" \
+ -DFWSCRIPTPATH=\"${FWSCRIPTPATH}\" \
+ -DFWSCRIPT=\"${FWSCRIPT}\" \
+ -DLOCKFILE=\"${LOCKFILE}\" \
+ -DUSEFWSCRIPT=${USEFWSCRIPT} \
+ -DARPPATH=\"${ARPPATH}\" \
+ -DHTMLLANGS="\"${HTMLLANGS}\""
+
+LIBS = -lssl -lcrypto -lradius -lpam
+OBJS = main.o utilities.o comm-auth.o comm-cgi.o comm-java.o comm-ipfw.o comm-arp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.c
+HDRS = opengatesrv.h
+PROG = opengatesrv
+CLEANFILES = *.o *~
+
+all: ${PROG}
+
+opengatesrv: ${OBJS}
+ ${CC} ${CFLAGS} -o $@ ${OBJS} ${LIBS}
+
+clean:
+ rm -f ${PROG} ${CLEANFILES}
+
+install: install-cgi install-java install-html install-conf install-fwscript
+
+
+install-cgi: ${PROG}
+ ## Copy CGI program and Set S bit ##
+.if !exists(${CGIPATH})
+ mkdir ${CGIPATH}
+.endif
+ cp ${PROG} ${CGIPATH}/${CGIPROG}
+ chmod 4755 ${CGIPATH}/${CGIPROG}
+ #
+
+
+install-java:
+ ## Copy JAVA program ##
+.if !exists(${OGPATH})
+ mkdir ${OGPATH}
+.endif
+ cp ../javahtml/*.class ${OGPATH}
+ cp ../javahtml/*.jar ${OGPATH}
+ #
+
+
+install-html:
+ ## Copy HTML documents and insert addresses ##
+.if exists(${HTMLTOP1}/index.html)
+ mv ${HTMLTOP1}/index.html ${HTMLTOP1}/index.html.original
+.endif
+.for LANG in ${HTMLLANGS}
+.if exists(../javahtml/${LANG})
+.if !exists(${OGPATH}/${LANG})
+ mkdir ${OGPATH}/${LANG}
+.endif
+.for DOC in ${HTMLDOCS}
+.if exists(../javahtml/${LANG}/${DOC})
+ sed -e 's/%%HOSTADDR%%/${HOSTADDR}/g' \
+ -e 's!%%OPENGATEDIR%%!${OPENGATEDIR}!g' \
+ <../javahtml/${LANG}/${DOC} >${OGPATH}/${LANG}/${DOC}
+.endif
+.endfor
+ mv ${OGPATH}/${LANG}/topindex.html ${HTMLTOP1}/index.html.${LANG}
+.endif
+.endfor
+
+
+install-conf:
+ ## Copy CGI program ##
+ cp ../conf/opengatesrv.conf ${CONFIGFILE}
+ #
+
+
+install-fwscript:
+ ## Copy firewall control script
+.if ${USEFWSCRIPT}
+ cp ../conf/${FWSCRIPT} ${FWSCRIPTPATH}
+.endif
+ #
+
+
+main.o: ${HDRS}
+
+utilities.o: ${HDRS}
+
+comm-auth.o: ${HDRS}
+
+comm-ipfw.o: ${HDRS}
+
+comm-cgi.o: ${HDRS}
+
+comm-java.o: ${HDRS}
+
+comm-arp.o: ${HDRS}
+
+comm-userdb.o: ${HDRS}
+
+auth-pam.o: ${HDRS}
+
+auth-rad.o: ${HDRS}
+
+auth-pop3s.o: ${HDRS}
--- /dev/null
+/**************************************************
+opengate server
+ module for Authentication by PAM
+
+Copyright (C) 2002 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+/*
+ Thanks to programs and documentations refered.
+ The Linux-PAM Application Developer's Guide by A. G. Morgan.
+ The example appilication in above doc by Shane Watts
+ Manual files about PAM.
+*/
+
+#include <security/pam_appl.h>
+#include "opengatesrv.h"
+
+int pamCallback(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr);
+
+static struct pam_conv pamConv; /* PAM conversation info */
+
+typedef struct {
+ char *userid;
+ char *password;
+} userInfo_t;
+
+/******************************/
+/* authentication by PAM */
+/* need to edit /etc/pam.conf */
+/******************************/
+int authPam(char *serviceName, char *userid, char *passwd)
+{
+ pam_handle_t *pamh=NULL;
+ int retval;
+ userInfo_t userInfo;
+
+ if(serviceName[0]=='\0'){
+ strncpy(serviceName, PAMSERVICENAME, ADDRMAXLN);
+ }
+
+ if(!userid || !passwd) return DENY;
+
+ /* set userInfo which is passed to call back function */
+ userInfo.userid=userid;
+ userInfo.password=passwd;
+
+ /* setting of call back function (its name and data) */
+ pamConv.conv=pamCallback;
+ pamConv.appdata_ptr=&userInfo;
+
+ /* PAM start */
+ retval = pam_start(serviceName, userid, &pamConv, &pamh);
+
+ /* at success, check auth */
+ if (retval == PAM_SUCCESS){
+ retval = pam_authenticate(pamh, 0); /* is user really user? */
+ }
+
+ /* at success, check account */
+ if (retval == PAM_SUCCESS){
+ retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
+ }
+
+ /* error message if not success */
+ if (retval != PAM_SUCCESS){
+ err_msg("ERR in auth-pam: %s\n", pam_strerror(pamh, retval));
+ }
+
+ /* PAM end */
+ if (pam_end(pamh,retval) != PAM_SUCCESS) {
+ pamh = NULL;
+ err_msg("ERR in auth-pam: failed to release authenticator\n");
+ }
+
+ userInfo.password = NULL;
+ return ( retval == PAM_SUCCESS ? ACCEPT:DENY ); /* indicate success */
+}
+
+/**************************************************************/
+/* Send user information to PAM. Called back from PAM module. */
+/**************************************************************/
+int pamCallback(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ userInfo_t *userInfo = (userInfo_t *)appdata_ptr;
+ struct pam_response *response=NULL;
+ int i;
+
+ /* parameter check */
+ if(!resp || !msg || !userInfo) return PAM_CONV_ERR;
+
+ /* allocate memory to store response */
+ response = (struct pam_response *)
+ malloc(num_msg * sizeof(struct pam_response));
+ if(!response) return PAM_CONV_ERR;
+
+ /* set user informations */
+ for(i=0; i<num_msg; i++){
+ response[i].resp_retcode=0;
+ response[i].resp=NULL;
+
+ switch(msg[i]->msg_style){
+ case PAM_PROMPT_ECHO_ON: /* must be requesting userid */
+ response[i].resp=(char *)strdup(userInfo->userid);
+ break;
+ case PAM_PROMPT_ECHO_OFF: /* must be requesting password */
+ response[i].resp=(char *)strdup(userInfo->password);
+ break;
+ default:
+ break;
+ }
+ }
+
+ *resp = response;
+ return PAM_SUCCESS;
+}
+
+/************ For DEBUG ********************/
+int AuthPam(char *serviceName, char *userid, char *passwd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authPam(%s,%s,passwd)",serviceName,userid);
+ ret=authPam(serviceName, userid, passwd);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authPam( )",ret);
+
+ return ret;
+}
+
+
--- /dev/null
+/**************************************************
+opengate server
+ module for Authentication by POP3S
+
+Copyright (C) 2002 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+/*
+ Thanks to programs and documentations refered.
+ Sample client application cli.cpp found in the OpenSSL site
+ (developed by Sampo Kellomaki and simplified by Wade Scholine)
+ Apache module mod_auth_pam.c by Ingo Luetkebohle
+*/
+
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "opengatesrv.h"
+
+/*************************/
+/* Authenticate by POP3S */
+/*************************/
+int authPop3s(char *serverAddr, char *port, char *userid,
+ char *passwd)
+{
+ int sockfd, n;
+ char recvline[BUFFMAXLN];
+ int authResult;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ SSL_METHOD *meth;
+
+ if(serverAddr[0]=='\0'){
+ err_msg("ERR in auth-pop3s: Missing address for POP3s server in config");
+ return DENY;
+ }
+
+ /* POP3S server connect */
+ if(port[0]=='\0'){
+ sockfd = Tcp_connect(serverAddr, "pop3s");
+ }else{
+ sockfd = Tcp_connect(serverAddr, port);
+ }
+
+ /* prepare SSL */
+ SSLeay_add_ssl_algorithms();
+ meth = SSLv2_client_method();
+ SSL_load_error_strings();
+ ctx = SSL_CTX_new (meth);
+ if( ctx == NULL ){
+ err_msg("ERR in auth-pop3s: SSL_CTX_new returns NULL");
+ return DENY;
+ }
+
+ /* ----------------------------------------------- */
+ /* start SSL negotiation. */
+
+ ssl = SSL_new (ctx);
+ if( ssl == NULL ){
+ err_msg("ERR in auth-pop3s: SSL_new returns NULL");
+ return DENY;
+ }
+
+ SSL_set_fd (ssl, sockfd);
+ if( SSL_connect (ssl) == -1 ){
+ err_msg("ERR in auth-pop3s: SSL_connect returns error");
+ return DENY;
+ }
+
+ /* --------------------------------------------------- */
+ /* DATA EXCHANGE - Send a message and receive a reply. */
+ /* pop3 message exchange */
+
+ /* get [+OK POP3 <host> <ver> server ready]*/
+ if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in auth-pop3s: Pop3 server is not normal 1");
+ authResult=DENY;
+ goto EXITPOINT;
+ }
+
+ if(strstr(recvline,"+OK")!=recvline){
+ err_msg("ERR in auth-pop3s: Pop3 server is not normal 2");
+ authResult=DENY;
+ goto EXITPOINT;
+ }
+
+ /* put [user <userid>] */
+ WritefmtSSL(ssl, "user %s\r\n", userid);
+
+ /* get [+OK User name accepted, password please] */
+ if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in auth-pop3s: Pop3 server is not normal 3");
+ authResult=DENY;
+ goto EXITPOINT;
+ }
+
+ if(strstr(recvline,"+OK")!=recvline){
+ err_msg("ERR in auth-pop3s: Pop3 server is not normal 4");
+ authResult=DENY;
+ goto EXITPOINT;
+ }
+
+ /* put [pass <password>] */
+ WritefmtSSL(ssl, "pass %s\r\n", passwd);
+
+ /* get [+OK Mailbox open, <count> messages] */
+ if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in auth-pop3s: Pop3 server is not normal 5");
+ authResult=DENY;
+ goto EXITPOINT;
+ }
+
+ if(strstr(recvline,"+OK")==recvline){
+ authResult=ACCEPT;
+ }else{
+ authResult=DENY;
+ }
+
+ /* put [quit] */
+ WritefmtSSL(ssl,"quit\r\n");
+
+EXITPOINT:
+ SSL_shutdown (ssl); /* send SSL/TLS close_notify */
+
+ /* Clean up. */
+ Close(sockfd);
+ SSL_free (ssl);
+ SSL_CTX_free (ctx);
+
+ return authResult;
+}
+
+int AuthPop3s(char *serverAddr, char *port, char *userid,
+ char *passwd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authPop3s(%s,%s,%s,passwd)",
+ serverAddr,port,userid);
+ ret=authPop3s(serverAddr,port,userid,passwd);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authPop3s( )",ret);
+
+ return ret;
+}
--- /dev/null
+/**************************************************
+opengate server
+ module for Authentication by RADIUS
+
+Copyright (C) 2002 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+/*
+ Thanks to programs and documentations refered.
+ The experimental implementation by Fuyuta Sato.
+ Manual files about RADIUS.
+*/
+
+#include <radlib.h>
+#include "opengatesrv.h"
+
+/*****************************************/
+/* Authenticate by RADIUS */
+/*****************************************/
+int authRadius(char *confFile, char *userid, char *passwd)
+{
+ int authResult;
+ struct rad_handle *radh;
+ char hostname[ADDRMAXLN];
+
+ /* If not set, set default conf file path */
+ if(confFile[0]=='\0'){
+ strncpy(confFile, RADIUSCONF, ADDRMAXLN);
+ }
+
+ if( !(radh=rad_auth_open()) ){
+ err_msg("ERR in auth-rad: cannot start radius");
+ return DENY;
+ }
+
+ if(gethostname(hostname,ADDRMAXLN) < 0){
+ err_msg("ERR in auth-rad: cannot get hostname");
+ return DENY;
+ }
+
+ if(rad_config(radh,confFile) < 0){
+ err_msg("ERR in auth-rad: cannot open conffile");
+ return DENY;
+ }
+
+ if(rad_create_request(radh, RAD_ACCESS_REQUEST) < 0){
+ err_msg("ERR in auth-rad: cannot create radius request");
+ return DENY;
+ }
+
+ rad_put_string(radh,RAD_USER_NAME,userid);
+ rad_put_string(radh,RAD_USER_PASSWORD,passwd);
+ rad_put_string(radh,RAD_NAS_IDENTIFIER,hostname);
+ rad_put_int(radh,RAD_SERVICE_TYPE,RAD_LOGIN);
+
+ switch(rad_send_request(radh)){
+ case RAD_ACCESS_ACCEPT:
+ authResult=ACCEPT;
+ break;
+ case RAD_ACCESS_REJECT:
+ case RAD_ACCESS_CHALLENGE:
+ case RAD_ACCOUNTING_RESPONSE:
+ default:
+ authResult=DENY;
+ break;
+ }
+
+ return authResult;
+}
+
+int AuthRadius(char *confFile, char *userid, char *passwd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authRadius(%s,%s,passwd)",confFile,userid);
+ ret=authRadius(confFile,userid,passwd);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authRadius( )",ret);
+
+ return ret;
+}
+
+
+
+
+
+
+
+
+
+
+
--- /dev/null
+/**************************************************
+opengate server
+ module for communication with arp
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+/*******************************************************************/
+/* get MAC address for clientAddr (nnn.nnn.nnn.nnn) by arp request */
+/*******************************************************************/
+int getMacAddr(char *clientAddr, char* macAddr)
+{
+ int fd[2];
+ int piperead_fd,pipewrite_fd;
+ int stdin_fd=0,stdout_fd=1;
+ char buf[BUFFMAXLN];
+ int st;
+ char *startp;
+ char *endp;
+
+ macAddr[0]='?';
+ macAddr[1]='\0';
+
+ /* create pipe */
+ if(pipe(fd)!=0){
+ err_msg("ERR in comm-arp: Cannot create pipe for arp\n");
+ return -1;
+ }
+ piperead_fd=fd[0];
+ pipewrite_fd=fd[1];
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+
+ /* connect pipeout to stdout */
+ Close(stdout_fd);
+ dup(pipewrite_fd);
+
+ /* close other IO */
+ Close(stdin_fd);
+ Close(piperead_fd);
+ Close(pipewrite_fd);
+
+ /* exec proc */
+ if(execl(ARPPATH,"arp","-n",clientAddr,(char *)0) == -1){
+ err_quit("ERR in comm-arp: execlp error no= %d", errno);
+ }
+ exit(1);
+ }
+ /* parent proc */
+
+ /* close unuse IO */
+ Close(pipewrite_fd);
+
+ /* get arp response */
+ if(Readln(piperead_fd, buf, BUFFMAXLN-1)==0){
+ err_msg("ERR in comm-arp: readin error");
+ return -1;
+ }
+
+ /* arp response takes following format */
+ /* "? (133.49.22.1) at 8:0:20:a5:4:62 [ethernet]"*/
+ /* get MAC address from above string */
+
+ if((startp=strstr(buf," at "))==NULL) return -1;
+ startp=startp+4;
+
+ if((endp=strstr(startp, " "))==NULL) return -1;
+ *endp='\0';
+
+ strncpy(macAddr, startp, ADDRMAXLN);
+
+ Close(piperead_fd);
+
+ /* wait child end */
+ wait(&st);
+
+ return 0;
+}
+
+
+/****************************************/
+/****************************************/
+int GetMacAddr(char *clientAddr, char* macAddr)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getMacAddr(%s,)",clientAddr);
+ ret=getMacAddr(clientAddr,macAddr);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getMacAddr(,%s)",ret,macAddr);
+
+ return ret;
+}
--- /dev/null
+/**************************************************
+opengate server
+ module for Authentication of User
+
+Copyright (C) 1999-2002 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+int authFtp(char *serverAddr, char *port, char *userid, char *passwd);
+int AuthFtp(char *serverAddr, char *port, char *userid, char *passwd);
+int authPop3(char *serverAddr, char *port, char *userid, char *passwd);
+int AuthPop3(char *serverAddr, char *port, char *userid, char *passwd);
+int getAuthServer(char *serverid, char *serverAddr, char *port, char *proto, char *serviceName, char *confFile);
+int GetAuthServer(char *serverid, char *serverAddr, char *port, char *proto, char *serviceName, char *confFile);
+int authPam(char *serviceName, char *userid, char *passwd);
+int AuthPam(char *serviceName, char *userid, char *passwd);
+int authRadius(char *confFile, char *userid, char *passwd);
+int AuthRadius(char *confFile, char *userid, char *passwd);
+int authPop3s(char *serverAddr, char *port, char *userid, char *passwd);
+int AuthPop3s(char *serverAddr, char *port, char *userid, char *passwd);
+
+/*******************************************************/
+/* Authenticate user by accessing to ftp server */
+/* userid : user to auth */
+/* password : password for the user */
+/*******************************************************/
+int authenticateUser(char *userid, char *passwd)
+{
+ char serverAddr[ADDRMAXLN];
+ char serviceName[ADDRMAXLN];
+ char confFile[ADDRMAXLN];
+ char port[WORDMAXLN];
+ char proto[WORDMAXLN];
+ char *serverid=NULL;
+ char *markPnt=NULL;
+ int authResult;
+ char useridcpy[USERMAXLN];
+
+ /* if no userid or no passwd, then deny */
+ if(userid[0]=='\0')return DENY;
+ if(passwd[0]=='\0')return DENY;
+
+ strncpy(useridcpy, userid, USERMAXLN);
+
+ /* separate serverid from userid */
+ markPnt=strchr(useridcpy, '@');
+ if(markPnt==NULL){
+ /* separator mark not found */
+ serverid="default";
+ }else{
+ /* pick up serverid */
+ serverid=markPnt+1;
+ *markPnt='\0';
+ }
+
+ /* get server info from config */
+ if(GetAuthServer(serverid, serverAddr, port, proto,
+ serviceName, confFile)<0){
+ return DENY;
+ }
+
+ if(strcmp(proto, "ftp")==0){
+ /* authenticate by ftp access */
+ authResult=AuthFtp(serverAddr, port, useridcpy, passwd);
+ }else if(strcmp(proto, "pop3")==0){
+ /* authenticate by pop3 access */
+ authResult=AuthPop3(serverAddr, port, useridcpy, passwd);
+ }else if(strcmp(proto, "pam")==0){
+ /* authenticate by pam */
+ authResult=AuthPam(serviceName, useridcpy, passwd);
+ }else if(strcmp(proto, "radius")==0){
+ /* authenticate by radius */
+ authResult=AuthRadius(confFile, useridcpy, passwd);
+ }else if(strcmp(proto, "pop3s")==0){
+ /* authenticate by pop3s */
+ authResult=AuthPop3s(serverAddr, port, useridcpy, passwd);
+ }else{
+ err_msg("ERR in comm-auth: Unknown protocol:%s",proto);
+ return DENY;
+ }
+
+ return authResult;
+}
+
+/***********************/
+/* Authenticate by FTP */
+/***********************/
+int authFtp(char *serverAddr, char *port, char *userid, char *passwd)
+{
+ int sockfd, n;
+ char recvline[BUFFMAXLN];
+ int authResult;
+
+ if(serverAddr[0]=='\0'){
+ err_msg("ERR in comm-auth: Missing address for FTP server in config");
+ return DENY;
+ }
+
+ /* FTP server connect */
+ if(port[0]=='\0'){
+ sockfd = Tcp_connect(serverAddr, "ftp");
+ }else{
+ sockfd = Tcp_connect(serverAddr, port);
+ }
+
+ /* get [220 <host> FTP server ..]*/
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Ftp server is not normal 1");
+ Close(sockfd);
+ return DENY;
+ }
+ if(strstr(recvline,"220")!=recvline){
+ err_msg("ERR in comm-auth: Ftp server is not normal 2");
+ Close(sockfd);
+ return DENY;
+ }
+
+ /* put [user <userid>] */
+ Writefmt(sockfd, "user %s\r\n", userid);
+
+ /* get [331 Password required ..] */
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Ftp server is not normal 3");
+ Close(sockfd);
+ return DENY;
+ }
+
+ /* if multi-line greeting [220 ...] exist, skip them. */
+ while(strstr(recvline,"220")==recvline){
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Ftp server is not normal 3");
+ Close(sockfd);
+ return DENY;
+ }
+ }
+
+ /* check [331 Password required ..] */
+ if(strstr(recvline,"331")!=recvline){
+ err_msg("ERR in comm-auth: Ftp server is not normal 4");
+ Close(sockfd);
+ return DENY;
+ }
+
+ /* put [pass <password>] */
+ Writefmt(sockfd, "pass %s\r\n", passwd);
+
+ /* get [230 User <userid> logged in] */
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Ftp server is not normal 5");
+ Close(sockfd);
+ return DENY;
+ }
+ if(strstr(recvline,"230")==recvline){
+ authResult=ACCEPT;
+ }else{
+ authResult=DENY;
+ }
+
+ /* put [quit] */
+ Writefmt(sockfd,"quit\r\n");
+
+ Close(sockfd);
+ return authResult;
+}
+
+/************************/
+/* Authenticate by POP3 */
+/************************/
+int authPop3(char *serverAddr, char *port, char *userid, char *passwd)
+{
+ int sockfd, n;
+ char recvline[BUFFMAXLN];
+ int authResult;
+
+ if(serverAddr[0]=='\0'){
+ err_msg("ERR in comm-auth: Missing address for POP3 server in config");
+ return DENY;
+ }
+
+ /* POP3 server connect */
+ if(port[0]=='\0'){
+ sockfd = Tcp_connect(serverAddr, "pop3");
+ }else{
+ sockfd = Tcp_connect(serverAddr, port);
+ }
+
+ /* get [+OK POP3 <host> <ver> server ready]*/
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Pop3 server is not normal 1");
+ Close(sockfd);
+ return DENY;
+ }
+ if(strstr(recvline,"+OK")!=recvline){
+ err_msg("ERR in comm-auth: Pop3 server is not normal 2");
+ Close(sockfd);
+ return DENY;
+ }
+
+ /* put [user <userid>] */
+ Writefmt(sockfd, "user %s\r\n", userid);
+
+ /* get [+OK User name accepted, password please] */
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Pop3 server is not normal 3");
+ Close(sockfd);
+ return DENY;
+ }
+ if(strstr(recvline,"+OK")!=recvline){
+ err_msg("ERR in comm-auth: Pop3 server is not normal 4");
+ Close(sockfd);
+ return DENY;
+ }
+
+ /* put [pass <password>] */
+ Writefmt(sockfd, "pass %s\r\n", passwd);
+
+ /* get [+OK Mailbox open, <count> messages] */
+ if((n = readln(sockfd, recvline, BUFFMAXLN)) <= 0) {
+ err_msg("ERR in comm-auth: Pop3 server is not normal 5");
+ Close(sockfd);
+ return DENY;
+ }
+ if(strstr(recvline,"+OK")==recvline){
+ authResult=ACCEPT;
+ }else{
+ authResult=DENY;
+ }
+
+ /* put [quit] */
+ Writefmt(sockfd,"quit\r\n");
+
+ Close(sockfd);
+ return authResult;
+}
+
+/**********************************/
+/* get auth server info from conf */
+/**********************************/
+int getAuthServer(char *serverid, char *serverAddr, char *port, char *proto,
+ char *serviceName, char *confFile)
+{
+ char *dbBuffer=NULL;
+ char *dbArray[2];
+ char *mstr;
+
+ /* if no string, set default */
+ if(serverid==NULL){
+ serverid="default";
+ }
+
+ /* pickup server info from config file */
+ dbArray[0]=CONFIGFILE;
+ dbArray[1]=NULL;
+
+ if(cgetent(&dbBuffer, dbArray, serverid)<0){
+ err_msg("ERR in comm-auth: Server:%s is not found in conf", serverid);
+ return -1;
+ }
+
+ /* get address */
+ if(cgetstr(dbBuffer, "address",&mstr)<0){
+ serverAddr[0]='\0';
+ }else{
+ strncpy(serverAddr, mstr, ADDRMAXLN);
+ free(mstr);
+ }
+
+ /* get port */
+ if(cgetstr(dbBuffer, "port", &mstr)<0){
+ port[0]='\0';
+ }else{
+ strncpy(port, mstr, WORDMAXLN);
+ free(mstr);
+ }
+
+ /* get protocol */
+ if(cgetstr(dbBuffer, "protocol",&mstr)<0){
+ strncpy(proto, DEFAULTPROTO, WORDMAXLN);
+ }else{
+ strncpy(proto, mstr, WORDMAXLN);
+ free(mstr);
+ }
+
+ /* get servicename */
+ if(cgetstr(dbBuffer, "servicename",&mstr)<0){
+ serviceName[0]='\0';
+ }else{
+ strncpy(serviceName, mstr, ADDRMAXLN);
+ free(mstr);
+ }
+
+ /* get conffile */
+ if(cgetstr(dbBuffer, "conffile",&mstr)<0){
+ confFile[0]='\0';
+ }else{
+ strncpy(confFile, mstr, ADDRMAXLN);
+ free(mstr);
+ }
+
+ free(dbBuffer);
+
+ return 0;
+}
+
+/**********************************/
+/**********************************/
+
+int AuthFtp(char *serverAddr, char *port, char *userid, char *passwd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authFtp(%s,%s,%s,passwd)",serverAddr,port,userid);
+ ret=authFtp(serverAddr,port,userid,passwd);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authFtp( )",ret);
+
+ return ret;
+}
+
+
+int AuthPop3(char *serverAddr, char *port, char *userid, char *passwd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authPop3(%s,%s,%s,passwd)",serverAddr,port,userid);
+ ret=authPop3(serverAddr,port,userid,passwd);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authPop3( )",ret);
+
+ return ret;
+}
+
+int GetAuthServer(char *serverid, char *serverAddr, char *port, char *proto,
+ char *serviceName, char *confFile)
+{
+ int ret;
+ if(DEBUG) err_msg("DEBUG:=>getAuthServer(%s,,,)",serverid);
+ ret=getAuthServer(serverid,serverAddr,port,proto,serviceName,confFile);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getAuthServer(,%s,%s,%s)",ret,serverAddr,port,proto);
+ return ret;
+}
+
+int AuthenticateUser(char *userid, char *password)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>authenticateUser(%s,passwd)",userid);
+ ret=authenticateUser(userid,password);
+ if(DEBUG) err_msg("DEBUG:(%d)<=authenticateUser( )",ret);
+
+ return ret;
+}
--- /dev/null
+/**************************************************
+opengate server
+ module for Communication through CGI
+
+Copyright (C) 1999-2002 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+
+Programmed by Yoshiaki WATANABE
+Modified by Shin-ichi TADAKI
+**************************************************/
+
+#include "opengatesrv.h"
+
+/* convert two-char-hex "aa" to one-number 0Xaa */
+#define hex2num(x) ((x)>='A' ? ((x) & 0XDF) - 'A' +10 : ((x) - '0'))
+
+void split(char content[], char *name[], char *value[], char *next[]);
+void decode(char *string);
+
+static char language[WORDMAXLN]; /* message language in java applet */
+
+/*******************************/
+/* get the client addr */
+/*******************************/
+void getClientAddr(char *clientAddr)
+{
+ strncpy(clientAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
+}
+
+/********************************************/
+/* get userid and password from the client */
+/********************************************/
+void getUserInfo(char *userid, char *password, int *durationPtr)
+{
+ int contentLen;
+ char content[BUFFMAXLN];
+ char *name[1];
+ char *value[1];
+ char *next[1];
+ char *ptr;
+ int item;
+ char durationStr[WORDMAXLN];
+
+ /* get content sent from web input */
+ contentLen=atoi(getenv("CONTENT_LENGTH"));
+
+ contentLen++; /* for terminate ch */
+ if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
+ if(fgets(content, contentLen, stdin) == NULL){
+ content[0]='\0';
+ }
+
+ /* get items from string */
+ userid[0]='\0';
+ password[0]='\0';
+ language[0]='\0';
+ durationStr[0]='\0';
+
+ ptr=content;
+
+ for(item=0;item<4;item++){ /* get 4 items from string */
+ split(ptr, name, value, next);
+
+ if(strstr(name[0], "userid")!=NULL){
+ strncpy(userid, value[0], USERMAXLN);
+ }else if(strstr(name[0], "password")!=NULL){
+ strncpy(password, value[0], PASSMAXLN);
+ }else if(strstr(name[0], "language")!=NULL){
+ strncpy(language, value[0], WORDMAXLN);
+ }else if(strstr(name[0], "duration")!=NULL){
+ strncpy(durationStr, value[0], WORDMAXLN);
+ }
+ ptr=next[0];
+ }
+
+ /* decode the values */
+ decode(userid);
+ decode(password);
+ decode(language);
+ decode(durationStr);
+
+ /* language check */
+ language[2]='\0'; /* shorten to two bytes */
+ ptr=HTMLLANGS; /* list of available languages */
+ if(strstr(ptr,language)==0){ /* if not available, use first lang */
+ language[0]=*ptr; language[1]=*(ptr+1); language[2]='\0';
+ }
+
+ /* convert duration string to interger */
+ if(sscanf(durationStr,"%d",durationPtr)!=1){
+ *durationPtr=DURATIONDEFAULT;
+ }else{
+ *durationPtr *= 60; /* convert minutes to seconds */
+ }
+ if(*durationPtr <= 0){
+ *durationPtr=DURATIONDEFAULT;
+ }else if(*durationPtr > DURATIONMAX){
+ *durationPtr=DURATIONMAX;
+ }
+
+ return;
+}
+
+/*********************************************/
+/* put deny message to the client */
+/*********************************************/
+void putClientDeny(void)
+{
+ FILE *fp;
+ char buff[BUFFMAXLN];
+ char denydoc[BUFFMAXLN];
+
+ /* make path to the denydoc */
+ sprintf(denydoc,"%s/%s/%s",OGPATH,language,DENYDOC);
+
+ /* open denydoc */
+ if((fp=fopen(denydoc, "r"))==NULL){
+ err_msg("ERR in comm-cgi: cannot open %s", denydoc);
+ PutClientMsg("Cannot find html document");
+ return;
+ }
+
+ /* read html document from file and send to web */
+ printf("Content-type: text/html\r\n\r\n\r\n");
+ while(fgets(buff, BUFFMAXLN, fp)!=NULL){
+ fputs(buff,stdout);
+ }
+ fputs("\r\n\r\n",stdout);
+ fclose(fp);
+ return;
+}
+
+/*********************************************/
+/* put some message to the client */
+/*********************************************/
+void putClientMsg(char *message)
+{
+ printf("Content-type: text/html\r\n\r\n\r\n");
+ printf("<HTML><HEAD><TITLE>OpengateMsg</TITLE></HEAD> \r\n");
+ printf("<BODY> \r\n");
+ printf("%s\r\n", message);
+ printf("</BODY></HTML> \r\n\r\n");
+}
+
+/*********************************************/
+/* put accept message and java to the client */
+/*********************************************/
+void putJavaApplet(char *userid, int port, int pid)
+{
+ FILE *fp;
+ char buff[BUFFMAXLN];
+ int markfound=0;
+ char acceptdoc[BUFFMAXLN];
+ char *ptr;
+
+ /* make path to acceptdoc */
+ sprintf(acceptdoc,"%s/%s/%s",OGPATH,language,ACCEPTDOC);
+
+ /* open acceptdoc */
+ if((fp=fopen(acceptdoc, "r"))==NULL){
+ err_msg("ERR in comm-cgi: cannot open %s", acceptdoc);
+ PutClientMsg("Cannot find html document");
+ return;
+ }
+
+ /* read html document from file and send to web */
+ printf("Content-type: text/html\r\n\r\n\r\n");
+ while(fgets(buff, BUFFMAXLN, fp)!=NULL){
+
+ /* search insert mark and replace it */
+
+ if(strstr(buff,APPLETMARK)!=NULL){
+ /* applet insert mark found */
+
+ markfound=1;
+ printf("<applet code='Opengate.class' archive='Opengate.jar' ");
+ printf("codebase='%s' width=600 height=30 > \r\n", OPENGATEDIR );
+ printf("<param name=port value='%d'>\r\n", port );
+ printf("<param name=user value='%s'>\r\n", userid );
+ printf("<param name=lang value='%s'>\r\n", language );
+ printf("</applet> \r\n");
+
+ }else if((ptr=strstr(buff,TERMINATEMARK))!=NULL){
+ /* terminate URL insert mark found */
+ /* insert [http://<servaddr>:<port>/terminate<pid>] */
+
+ *ptr='\0'; printf("%s",buff);
+ printf("http://%s:%d/terminate%d",
+ getenv("SERVER_ADDR"), port, pid);
+ ptr=ptr+strlen(TERMINATEMARK); printf("%s", ptr);
+
+ }else{
+ /* normal http text */
+ fputs(buff,stdout);
+ }
+ }
+ fputs("\r\n\r\n",stdout);
+ fclose(fp);
+
+ if(markfound==0){
+ err_msg("ERR in comm-cgi: cannot find mark %s in %s",
+ APPLETMARK, acceptdoc);
+ PutClientMsg("Cannot find applet mark");
+ }
+ return;
+}
+
+/************************************/
+/* split value for indicated name */
+/* in content "name=value&..." */
+/************************************/
+void split(char content[], char *name[], char *value[], char *next[])
+{
+ char *pstr;
+
+ /* set default */
+ name[0]=content;
+ value[0]=content+strlen(content);
+ next[0]=value[0];
+
+ /* set name end */
+ if((pstr=strchr(name[0],(int)'='))==NULL) return;
+ *pstr='\0';
+
+ /* set value start */
+ pstr++;
+ value[0]=pstr;
+
+ /* set value end */
+ if((pstr=strchr(value[0],'&'))==NULL) return;
+ *pstr='\0';
+
+ /* set next start */
+ pstr++;
+ next[0]=pstr;
+
+ return;
+}
+
+/**********************************/
+/* decode text coding in web post */
+/**********************************/
+void decode(char *string)
+{
+ char *pcheck, *pinsert;
+
+ pcheck=pinsert=string;
+ while(*pcheck != '\0'){
+ if(*pcheck == '+'){
+ *pinsert = ' ';
+ }else if(*pcheck == '%'){
+ *pinsert=(char)(hex2num(*(pcheck+1))*16 + hex2num(*(pcheck+2)));
+ pcheck+=2;
+ }else{
+ *pinsert=*pcheck;
+ }
+ pcheck++;
+ pinsert++;
+ }
+ *pinsert=*pcheck;
+}
+
+/*******************************/
+/*******************************/
+void GetClientAddr(char *clientAddr)
+{
+ if(DEBUG) err_msg("DEBUG:=>getClientAddr( )");
+ getClientAddr(clientAddr);
+ if(DEBUG) err_msg("DEBUG:<=getClientAddr(%s)",clientAddr);
+}
+
+
+void GetUserInfo(char *userid, char *password, int *durationPtr)
+{
+ if(DEBUG) err_msg("DEBUG:=>getUserInfo( )");
+ getUserInfo(userid,password,durationPtr);
+ if(DEBUG) err_msg("DEBUG:<=getUserInfo(%s,passwd,%d)",userid,*durationPtr);
+}
+
+void PutJavaApplet(char *userid, int port, int pid)
+{
+ if(DEBUG) err_msg("DEBUG:=>putJavaApplet(%s,%d,%d)",userid,port,pid);
+ putJavaApplet(userid,port,pid);
+ if(DEBUG) err_msg("DEBUG:<=putJavaApplet( )");
+}
+
+void PutClientDeny(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>putClientDeny( )");
+ putClientDeny();
+ if(DEBUG) err_msg("DEBUG:<=putClientDeny( )");
+}
+
+void PutClientMsg(char *message)
+{
+ if(DEBUG) err_msg("DEBUG:=>putClientMsg( %s )",message);
+ putClientMsg(message);
+ if(DEBUG) err_msg("DEBUG:<=putClientMsg( )");
+}
+
--- /dev/null
+/**************************************************
+opengate server
+ module for Controling ipfw
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+
+#include "opengatesrv.h"
+
+char ruleNumber[WORDMAXLN]; /* ipfw rule number in string form */
+
+int getRuleNumber(char *clientAddr);
+int GetRuleNumber(char *clientAddr);
+static void sigFunc(int signo);
+
+/******************************************************************/
+/* open gate for clientAddr (nnn.nnn.nnn.nnn) */
+/******************************************************************/
+int openClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty)
+{
+ int st;
+ int fd;
+ int ret;
+ int retFork;
+ int retNum;
+
+ Sigfunc *defaultSigFunc;
+
+ /* exclusive exec of ipfw to avoid overlapped rule number */
+
+ /**** prepare ****/
+ /* open lockfile */
+ fd=Open(LOCKFILE, O_RDWR|O_CREAT,
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ /* set timeout */
+ defaultSigFunc=Signal(SIGALRM, sigFunc);
+ alarm(LOCKTIMEOUT);
+ /* lock */
+ Lock(fd);
+ /* reset timeout */
+ Signal(SIGALRM, defaultSigFunc);
+ alarm(0);
+
+ /**** read rules ****/
+ if((retNum=GetRuleNumber(clientAddr))<0){
+ /* fail then unlock */
+ Unlock(fd);
+ Close(fd);
+ if(retNum==-3) return 1; /* ipfw returns abnormal response */
+ else return -1; /* already opened or rules are full */
+ }
+
+ /**** write rules ****/
+
+ if(USEFWSCRIPT){
+ /********** use perl script to control firewall ************/
+
+ /* fork */
+ if((retFork=Fork())==0){
+ /* child proc */
+ if(execl(FWSCRIPTPATH,FWSCRIPT,IPFWPATH,ruleNumber,clientAddr,
+ userid,macAddr,userProperty,(char *)0)==-1){
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);
+ }
+ exit(1);
+ }
+
+ /* parent process */
+ if(retFork==-1){
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);
+ }
+
+ /* wait child end */
+ wait(&st);
+ if(WIFEXITED(st)){
+ ret=WEXITSTATUS(st);
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);
+ } else{
+ ret=1;
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");
+ }
+
+ Unlock(fd); /* lock is not necessary in following exec */
+ Close(fd); /* because reserved number is used */
+
+ }else{
+ /********** direct control of firewall **********************/
+ /********** add outgoing ipfw rule for the client *************/
+ /* fork */
+ if((retFork=Fork())==0){
+ /* child proc */
+ if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber,"allow","ip",
+ "from",clientAddr,"to","any",(char *)0)==-1){
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);
+ }
+ exit(1);
+ }
+
+ /* parent process */
+ if(retFork==-1){
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);
+ }
+
+ /* wait child end */
+ if(WIFEXITED(st)){
+ ret=WEXITSTATUS(st);
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);
+ } else{
+ ret=1;
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");
+ }
+
+ Unlock(fd); /* lock is not necessary in following exec */
+ Close(fd); /* because reserved number is used */
+
+ /********** add incoming ipfw rule for the client *************/
+ /* fork */
+ if((retFork=Fork())==0){
+ /* child proc */
+ if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber,"allow","ip",
+ "from","any","to",clientAddr,(char *)0)==-1){
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);
+ }
+ exit(1);
+ }
+
+ /* parent process */
+ if(retFork==-1){
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);
+ }
+
+ /* wait child end */
+ if(WIFEXITED(st)){
+ ret=WEXITSTATUS(st);
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);
+ } else{
+ ret=1;
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");
+ }
+
+ }
+ return ret;
+}
+
+/******************************************************************/
+/* close gate for clientAddr (nnn.nnn.nnn.nnn) */
+/******************************************************************/
+void closeClientGate(void)
+{
+ int st;
+
+ /********** del ipfw rule for the client *************/
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+ if(execl(IPFWPATH,"ipfw","del",ruleNumber,(char *)0)==-1){
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);
+ }
+ exit(1);
+ }
+ /* wait child end */
+ wait(&st);
+
+ return;
+}
+
+
+
+
+/**************************************/
+/* get unused ipfw rule number */
+/* error if addr is already in rules */
+/**************************************/
+int getRuleNumber(char *clientAddr)
+{
+ int fd[2];
+ int piperead_fd,pipewrite_fd;
+ int stdin_fd=0,stdout_fd=1,stderr_fd=2;
+ char buf[BUFFMAXLN];
+ int st;
+ int num,newNum,readinNum;
+ int eofFound;
+ int abnormalRes;
+ char *p;
+
+ /* create pipe */
+ if(pipe(fd)!=0){
+ err_msg("ERR in comm-ipfw: Cannot create pipe for ipfw\n");
+ return -1;
+ }
+ piperead_fd=fd[0];
+ pipewrite_fd=fd[1];
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+
+ /* connect pipeout to stdout & strerr */
+ Close(stdout_fd);
+ Close(stderr_fd);
+ dup(pipewrite_fd);
+ dup(pipewrite_fd);
+
+ /* close other IO */
+ Close(stdin_fd);
+ Close(piperead_fd);
+ Close(pipewrite_fd);
+
+ /* exec proc */
+ if(execl(IPFWPATH,"ipfw","list",(char *)0) == -1){
+ err_quit("ERR in comm-ipfw: execlp error no= %d", errno);
+ }
+ exit(1);
+ }
+ /* parent proc */
+
+ /* close unuse IO */
+ Close(pipewrite_fd);
+
+ /* search unused rule number in the list read from pipe */
+ /* check duplication of clientAddr to existing rules */
+ newNum=-1;
+ readinNum=0;
+ eofFound=0;
+ abnormalRes=0;
+
+ for(num=IPFWMIN;num<=IPFWMAX;num+=IPFWINTERVAL){
+
+ /* skip rules smaller than num */
+ while(readinNum<num){
+ if(Readln(piperead_fd, buf, BUFFMAXLN-1)==0){
+ /* EOF */
+ eofFound=1;
+ break;
+ }
+ if( sscanf(buf, "%d", &readinNum) !=1 ){
+ err_msg("ERR in comm-ipfw: abnormal ipfw response[ %s ]", buf);
+ abnormalRes=1;
+ }
+ }
+
+ /* if get abnormal response, error is returned */
+ if(abnormalRes){
+ newNum=-3;
+ break;
+ }
+
+ /* if no rules larger or equal to num, then search end */
+ if(eofFound){
+ if(newNum<0) newNum=num;
+ break;
+ }
+
+ /* if num is already used, then check dup and go to next search */
+ if(readinNum==num){
+ /* if clientAddr is found in rule, then err exit */
+ if(((p=(char*)strstr(buf+1,clientAddr))!=NULL)
+ && isspace(*(p-1))
+ && !isalnum(*(p+strlen(clientAddr)))){
+ err_msg("ERR in comm-ipfw: overlapped request from %s", clientAddr);
+ newNum=-2;
+ break;
+ }
+ continue;
+ }
+
+ /* num is not used */
+ if(newNum<0)newNum=num;
+ if(readinNum>IPFWMAX)break;
+ }
+
+ /* close pipe */
+ Close(piperead_fd);
+
+ /* wait child end */
+ wait(&st);
+
+ if(newNum==-1){
+ err_msg("ERR in comm-ipfw: cannot get unused ipfw number");
+ }
+
+ snprintf(ruleNumber, WORDMAXLN, "%d", newNum); /* to string */
+
+ return newNum;
+}
+
+/*******************************/
+/* get packet count from ipfw */
+/*******************************/
+int getPacketCount(void)
+{
+ int fd[2];
+ int piperead_fd,pipewrite_fd;
+ int stdin_fd=0,stdout_fd=1;
+ char buf[BUFFMAXLN];
+ int st;
+ int rule;
+ int packets,packetsSum;
+
+ /* create pipe */
+ if(pipe(fd)!=0){
+ err_msg("ERR in comm-ipfw: Cannot create pipe for ipfw\n");
+ return -1;
+ }
+ piperead_fd=fd[0];
+ pipewrite_fd=fd[1];
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+
+ /* connect pipeout to stdout */
+ Close(stdout_fd);
+ dup(pipewrite_fd);
+
+ /* close other IO */
+ Close(stdin_fd);
+ Close(piperead_fd);
+ Close(pipewrite_fd);
+
+ /* exec proc */
+ if(execl(IPFWPATH,"ipfw","-a","list",ruleNumber,(char *)0) == -1){
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);
+ }
+ }
+ /* parent proc */
+
+ /* close unuse IO */
+ Close(pipewrite_fd);
+
+ /* search unused number in the list read from pipe */
+
+ packetsSum=0;
+
+ while(Readln(piperead_fd, buf, BUFFMAXLN-1)!=0){
+ sscanf(buf, "%d %d", &rule, &packets); /* get packet count */
+ packetsSum+=packets;
+ }
+
+ /* close pipe */
+ Close(piperead_fd);
+
+ /* wait child end */
+ wait(&st);
+
+ return packetsSum;
+}
+
+/**********************************************/
+/* function called by signal int */
+/**********************************************/
+static void sigFunc(int signo)
+{
+ return;
+}
+
+/**********************************************/
+/**********************************************/
+int GetRuleNumber(char *clientAddr)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getRuleNumber(%s)",clientAddr);
+ ret=getRuleNumber(clientAddr);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getRuleNumber( )",ret);
+
+ return ret;
+}
+
+int OpenClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>openClientGate(%s,%s,%s,%s)",clientAddr,userid,macAddr,userProperty);
+ ret=openClientGate(clientAddr, userid, macAddr, userProperty);
+ if(DEBUG) err_msg("DEBUG:(%d)<=openClientGate( )",ret);
+
+ return ret;
+}
+
+void CloseClientGate(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>closeClientGate( )");
+ closeClientGate();
+ if(DEBUG) err_msg("DEBUG:<=closeClientGate( )");
+}
+
+
+int GetPacketCount(void)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getPacketCount( )");
+ ret=getPacketCount();
+ if(DEBUG) err_msg("DEBUG:(%d)<=getPacketCount( )",ret);
+
+ return ret;
+}
+
--- /dev/null
+/*************************************************
+opengate server
+ module for communication with java
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+static void intervalAlarm(int signo);
+static void timeoutAlarm(int signo);
+static void delayAlarm(int signo);
+void getPeerAddr(int sockfd, char *peerAddr);
+void GetPeerAddr(int sockfd, char *peerAddr);
+void sendTerminateReply(void);
+void SendTerminateReply(void);
+
+int listenfd; /* file descriptor for listen port */
+int connfd; /* file descriptor for connection port */
+int intervalAlarmRinged=0; /* interval alarm ringed */
+int timeoutAlarmRinged=0; /* timeout alarm ringed */
+int delayAlarmRinged=0; /* delay alarm ringed */
+
+/***************************************/
+/* get temp listen port of this server */
+/***************************************/
+int getListenPort(void)
+{
+ struct sockaddr_in servaddr;
+ int portNo;
+
+ listenfd=Socket(AF_INET, SOCK_STREAM, 0);
+
+ bzero(&servaddr, sizeof(servaddr));
+ servaddr.sin_family=AF_INET;
+ servaddr.sin_addr.s_addr=htonl(INADDR_ANY);
+
+ /* search unused port between PORTMIN and PORTMAX */
+ for(portNo=PORTMIN; portNo<=PORTMAX; portNo++){
+ servaddr.sin_port=htons(portNo);
+ if(bind(listenfd, (SA *)&servaddr, sizeof(servaddr))==0)break;
+ }
+ if(portNo>PORTMAX)portNo=-1; /* cannot get unused port */
+
+ Listen(listenfd, LISTENQ);
+
+ return portNo;
+}
+
+/************************************/
+/* wait applet connection */
+/************************************/
+int waitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr)
+{
+ socklen_t len;
+ struct sockaddr_in cliaddr; /* client IP adddress */
+ char buff[BUFFMAXLN]; /* read in buffer */
+ Sigfunc *sigfunc; /* signal function save */
+ int connect; /* java cconnect success(1) or not */
+ char connectAddr[ADDRMAXLN]; /* connected client address */
+ char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
+ int checkInterval=ACTIVECHECKINTERVAL; /* terminal check interval */
+ char macAddrNow[ADDRMAXLN]; /* MAC address at now */
+ int packetCountPrev=0; /* packet count at previous check */
+ int packetCountNow=0; /* packet count at now */
+ int noPacketPeriod=0; /* no packet period count in check loop */
+ time_t endTime; /* the absolute time to exit */
+ int leftTime; /* the left time length to exit */
+
+ /* get the time to exit */
+ endTime=time(NULL)+duration;
+
+ /* loop until accepting correct user */
+ len=sizeof(cliaddr);
+ while(1){
+
+ /* alarm setting */
+ /* recalculate left time */
+ leftTime = endTime - time(NULL);
+ if(leftTime <= 0) leftTime=1;
+ /* shorter time is set */
+ if(leftTime < checkInterval){
+ sigfunc=Signal(SIGALRM, timeoutAlarm);
+ alarm(leftTime);
+ }else{
+ sigfunc=Signal(SIGALRM, intervalAlarm);
+ alarm(checkInterval);
+ }
+
+ /* wait connection */
+ if((connfd=accept(listenfd, (SA *)&cliaddr, &len)) < 0){
+
+ /* if usage timeout is reached, end the process */
+ if(timeoutAlarmRinged){
+ timeoutAlarmRinged=FALSE;
+ err_msg("ERR in comm-java: no connection from applet");
+ connect=0;
+ break;
+ }
+
+ /* if check interval is reached, do some checking */
+ if(intervalAlarmRinged){
+ intervalAlarmRinged=FALSE;
+
+ /* packet flow check */
+ packetCountNow=GetPacketCount();
+ if(packetCountNow==packetCountPrev){ /* no packet between checks */
+ noPacketPeriod++;
+ }else{
+ noPacketPeriod=0;
+ packetCountPrev=packetCountNow;
+ }
+ if(noPacketPeriod*ACTIVECHECKINTERVAL >= NOPACKETINTERVAL){
+ err_msg("ERR in comm-java: no packet passed for the client");
+ connect=0;
+ break;
+ }
+
+ /* mac address check */
+ if(ENABLEMACADDR){
+ GetMacAddr(clientAddr, macAddrNow);
+ if(strcmp(macAddr, macAddrNow)!=0){
+ err_msg("ERR in comm-java: mac address is changed");
+ connect=0;
+ break;
+ }
+ }
+ /* return to connection wait */
+ continue;
+ }
+ }
+ /* someone is connected */
+
+ /* reset alarm */
+ alarm(0);
+ Signal(SIGALRM, sigfunc);
+
+ /* is it from the correct client addr */
+ GetPeerAddr(connfd, connectAddr);
+ if(strcmp(connectAddr, clientAddr)!=0){
+ close(connfd);
+ continue;
+ }
+ /* set short delay alarm for read in */
+ sigfunc=Signal(SIGALRM, delayAlarm);
+ alarm(COMMWAITTIMEOUT);
+ /* get string from connection */
+ if(readln(connfd, buff, BUFFMAXLN) <=0){
+ if(delayAlarmRinged)delayAlarmRinged=FALSE;
+ err_msg("ERR in comm-java: cannot get userid from applet");
+ connect=0;
+ break;
+ }
+ /* some text is read */
+ /* reset timeout signal */
+ alarm(0);
+ Signal(SIGALRM, sigfunc);
+
+ /* is it the correct userid from java applet */
+ if(strcmp(buff, userid)==0){
+ connect=1;
+ break;
+ }
+
+ /* is it the terminate request from accept.html */
+ /* the request is [GET /terminate<pid> ....] */
+ snprintf(httpStr, BUFFMAXLN, "GET /terminate%d", getpid());
+ if(strstr(buff, httpStr)==buff){
+ /* terminate request found */
+ sendTerminateReply();
+ connect=0;
+ break;
+ }
+
+ err_msg("ERR in comm-java: unknown user or address send from applet");
+
+ /* wait new connection */
+ close(connfd);
+ }
+ /* reset timeout signal */
+ alarm(0);
+ Signal(SIGALRM, sigfunc);
+
+ Close(listenfd);
+ return connect;
+}
+
+/***************************************/
+/* get addr of connected remote site */
+/***************************************/
+void getPeerAddr(int sockfd, char *peerAddr)
+{
+ struct sockaddr *cliaddr;
+ socklen_t len;
+
+ cliaddr=Malloc(ADDRMAXLN);
+ len=ADDRMAXLN;
+ Getpeername(sockfd, cliaddr, &len);
+ strncpy(peerAddr, Sock_ntop_host(cliaddr, len), ADDRMAXLN);
+ free(cliaddr);
+
+ return;
+}
+
+/***************************************************/
+/* wait for close connection */
+/***************************************************/
+void waitClientClose(void)
+{
+ char buff[BUFFMAXLN];
+ Sigfunc *defaultSigfunc;
+ int savePacketCount=0;
+ int helloWait=FALSE;
+ int noPacketPeriod=0;
+ int noReplyCount=0;
+
+ Writefmt(connfd,"accept\r\n");
+
+ /* set interval alarm */
+ defaultSigfunc=Signal(SIGALRM, intervalAlarm);
+ alarm(ACTIVECHECKINTERVAL);
+
+ /* TCP read/write loop */
+ /* this loop implement following logic */
+ /* repeat until receiving 'quit' or EOF from client */
+ /* say 'hello' to client */
+ /* receive 'hello' from client. if no reply, then quit. */
+ /* get packet count for client after short delay. */
+ /* long interval */
+ /* get packet count again. if no packet, then quit. */
+
+ while(1){
+ if(readln(connfd, buff, BUFFMAXLN)>0){
+ /* normal read */
+
+ /* read quit, then quit */
+ if(strstr(buff,"quit") != NULL){
+ break;
+
+ /* read hello, then wait a while for packet log writing */
+ }else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
+ helloWait=FALSE;
+ noReplyCount=0;
+ Signal(SIGALRM, delayAlarm);
+ alarm(PACKETLOGDELAY);
+
+ /* read any other strings, then do nothing */
+ }else{
+ }
+
+ }else{
+ /* abnormal read */
+
+ /* Periodical client check */
+ if(intervalAlarmRinged){
+ intervalAlarmRinged=FALSE;
+
+ /* if no packet is passed in long time, then quit */
+ if(GetPacketCount()==savePacketCount){
+ noPacketPeriod++;
+ if(noPacketPeriod*ACTIVECHECKINTERVAL >= NOPACKETINTERVAL){
+ err_msg("ERR in comm-java: no packet passed for the client");
+ break;
+ }
+ }else{
+ noPacketPeriod=0;
+ }
+ /* send hello and wait reply */
+ Writefmt(connfd,"hello\r\n");
+ helloWait=TRUE;
+ Signal(SIGALRM, timeoutAlarm);
+ alarm(COMMWAITTIMEOUT);
+
+ /* hello reply timeout */
+ }else if(timeoutAlarmRinged){
+ timeoutAlarmRinged=FALSE;
+
+ /* is the reply ignored many times */
+ noReplyCount++;
+ if(noReplyCount>=NOREPLYMAX){
+ /* many times, then quit */
+ err_msg("ERR in comm-java: no reply to hello");
+ break;
+ }else{
+ /* not so many times, then continue */
+ helloWait=FALSE;
+ savePacketCount=GetPacketCount();
+ Signal(SIGALRM, intervalAlarm);
+ alarm(ACTIVECHECKINTERVAL);
+ }
+
+ /* pass the delay for firewall log renewal */
+ }else if(delayAlarmRinged){
+ delayAlarmRinged=FALSE;
+ savePacketCount=GetPacketCount();
+ Signal(SIGALRM, intervalAlarm);
+ alarm(ACTIVECHECKINTERVAL);
+
+ /* other abnormal read, then quit */
+ }else{
+ break;
+ }
+ }
+ }
+ /* reset alarm */
+ Signal(SIGALRM, defaultSigfunc);
+ alarm(0);
+ QuitClient();
+
+ return;
+}
+
+
+/***************************************************/
+/* send reply to terminate access via connfd(not stdout) */
+/***************************************************/
+void sendTerminateReply(void)
+{
+ Writefmt(connfd,"<META HTTP-EQUIV=Pragma CONTENT=no-cache>");
+ Writefmt(connfd,"<HTML><BODY> Network is closed. </BODY></HTML> \r\n\r\n");
+ close(connfd);
+}
+
+/***************************************************/
+/* send quit to client and close connection */
+/***************************************************/
+void quitClient(void)
+{
+ Writefmt(connfd,"quit\r\n");
+ close(connfd);
+}
+
+/***************************************************/
+/* function called from interval alarm */
+/***************************************************/
+static void intervalAlarm(int signo)
+{
+ intervalAlarmRinged=TRUE;
+ return;
+}
+
+/***************************************************/
+/* function called from timeout alarm */
+/***************************************************/
+static void timeoutAlarm(int signo)
+{
+ timeoutAlarmRinged=TRUE;
+ return;
+}
+
+/***************************************************/
+/* function called from time delay alarm */
+/***************************************************/
+static void delayAlarm(int signo)
+{
+ delayAlarmRinged=TRUE;
+ return;
+}
+
+/***************************************************/
+/***************************************************/
+void GetPeerAddr(int sockfd, char *peerAddr)
+{
+ if(DEBUG) err_msg("DEBUG:=>getPeerAddr( )");
+ getPeerAddr(sockfd,peerAddr);
+ if(DEBUG) err_msg("DEBUG:<=getPeerAddr(,%s)",peerAddr);
+}
+
+
+int GetListenPort(void)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getListenPort( )");
+ ret=getListenPort();
+ if(DEBUG) err_msg("DEBUG:(%d)<=getListenPort( )",ret);
+
+ return ret;
+}
+
+int WaitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>waitAppletConnect(%s,%s,%d,%s)",userid,clientAddr,duration,macAddr);
+ ret=waitAppletConnect(userid,clientAddr,duration,macAddr);
+ if(DEBUG) err_msg("DEBUG:(%d)<=waitAppletConnect( )",ret);
+
+ return ret;
+}
+
+void WaitClientClose(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>waitClientClose( )");
+ waitClientClose();
+ if(DEBUG) err_msg("DEBUG:<=waitClientClose( )");
+}
+
+void QuitClient(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>quitClient( )");
+ quitClient();
+ if(DEBUG) err_msg("DEBUG:<=quitClient( )");
+}
+
+void SendTerminateReply(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>sendTerminateReply( )");
+ quitClient();
+ if(DEBUG) err_msg("DEBUG:<=sendTerminateReply( )");
+}
--- /dev/null
+/*************************************************
+ opengate server
+ module for Controling user DB
+
+ *** Edit this file to set user property ***
+**************************************************/
+#include "opengatesrv.h"
+
+/********************************************************/
+/* get user property from user db */
+/********************************************************/
+int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
+{
+ /*****************************************************/
+ /* user database access routine */
+ /* userid[USERMAXLN]: input: user ID to search */
+ /* Caution: "userid" if default server,*/
+ /* "userid@serverid" if not. */
+ /* userProperty[BUFFMAXLN]: output: user property */
+ /* the value goes to opengatefw.pl */
+ /* to determine permitting grade. */
+ /* return value: DENY or ACCEPT */
+ /* If DENY is returned, the user is denyed. */
+ /* If ACCEPT, the value sent to firewall open. */
+ /*****************************************************/
+
+ /* REPLACE THE FOLLOWING WITH YOUR DATABASE ACCESS ROUTINE */
+
+
+
+ userProperty[0]='\0'; /* The User has No Property */
+ return ACCEPT; /* The User is Accepted */
+
+
+
+}
+
+
+/* debug write routine */
+int GetUserProperty(char *userid, char *userProperty)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getUserProperty(%s,)",userid);
+ ret=getUserProperty(userid,userProperty);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getUserProperty(,%s)",ret, userProperty);
+
+ return ret;
+}
--- /dev/null
+/**********************************************************/
+/* output error message to syslog or stdout */
+/* from UNIX NETWORK PROGRAMMING,Vol.1,Second Edition, */
+/* By W. Richard Stevens, Published By Prentice Hall */
+/* ftp://ftp.kohala.com/pub/rstevens/unpv12e.tar.gz */
+/**********************************************************/
+
+#include "opengatesrv.h"
+#include <stdarg.h> /* ANSI C header file */
+#include <syslog.h> /* for syslog() */
+
+int daemon_proc;
+
+static void err_doit(int, int, const char *, va_list);
+
+/* Nonfatal error related to a system call.
+ * Print a message and return. */
+
+
+void errToSyslog(int i)
+{
+ daemon_proc=i;
+}
+
+void
+err_ret(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(1, LOG_INFO, fmt, ap);
+ va_end(ap);
+ return;
+}
+
+/* Fatal error related to a system call.
+ * Print a message and terminate. */
+
+void
+err_sys(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(1, LOG_ERR, fmt, ap);
+ va_end(ap);
+ exit(1);
+}
+
+/* Fatal error related to a system call.
+ * Print a message, dump core, and terminate. */
+
+void
+err_dump(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(1, LOG_ERR, fmt, ap);
+ va_end(ap);
+ abort(); /* dump core and terminate */
+ exit(1); /* shouldn't get here */
+}
+
+/* Nonfatal error unrelated to a system call.
+ * Print a message and return. */
+
+void
+err_msg(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(0, LOG_INFO, fmt, ap);
+ va_end(ap);
+ return;
+}
+
+/* Fatal error unrelated to a system call.
+ * Print a message and terminate. */
+
+void
+err_quit(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ err_doit(0, LOG_ERR, fmt, ap);
+ va_end(ap);
+ exit(1);
+}
+
+/* Print a message and return to caller.
+ * Caller specifies "errnoflag" and "level". */
+
+static void
+err_doit(int errnoflag, int level, const char *fmt, va_list ap)
+{
+ int errno_save, n;
+ char buf[BUFFMAXLN];
+
+ errno_save = errno; /* value caller might want printed */
+#ifdef HAVE_VSNPRINTF
+ vsnprintf(buf, sizeof(buf), fmt, ap); /* this is safe */
+#else
+ vsprintf(buf, fmt, ap); /* this is not safe */
+#endif
+ n = strlen(buf);
+ if (errnoflag)
+ snprintf(buf+n, sizeof(buf)-n, ": %s", strerror(errno_save));
+ strcat(buf, "\n");
+
+ if (daemon_proc) {
+ syslog(level, buf);
+ } else {
+ fflush(stdout); /* in case stdout and stderr are the same */
+ fputs(buf, stderr);
+ fflush(stderr);
+ }
+ return;
+}
+
--- /dev/null
+/**************************************************
+opengate server main
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+void putCloseMsg(time_t timeOut, time_t timeIn);
+void PutCloseMsg(time_t timeOut, time_t timeIn);
+void closeExit(int signo);
+
+extern int daemon_proc; /* defined in error.c */
+extern char ruleNumber[WORDMAXLN]; /* ipfw rule number in string form */
+
+char clientAddr[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
+char macAddr[ADDRMAXLN]="?"; /* client MAC address */
+
+char userid[USERMAXLN];
+char userProperty[BUFFMAXLN];
+time_t timeIn, timeOut;
+
+/***************************************************/
+/* main routine called as cgi from Web server */
+/***************************************************/
+int main(int argc, char **argv)
+{
+ char password[PASSMAXLN];
+ int port;
+ int dummyfd[2];
+ int pid;
+ int ret;
+ int duration;
+
+ /* start log */
+ errToSyslog(1); /* direct output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
+ /* get information of client machine */
+
+ GetClientAddr(clientAddr);
+
+ if(ENABLEMACADDR) GetMacAddr(clientAddr, macAddr);
+
+ /* get userID and password */
+ GetUserInfo(userid, password, &duration);
+
+ /* authenticate the user with authentication server */
+ if(!AuthenticateUser(userid, password)){
+ PutClientDeny();
+ err_msg("DENY: user %s from %s at %s", userid, clientAddr, macAddr);
+ return 0;
+ }
+
+ /* clear password */
+ bzero(password, PASSMAXLN);
+
+ /* get user property from user database (if you edit comm-userdb.c) */
+ if(!GetUserProperty(userid, userProperty)){
+ PutClientMsg("Error: You are denied.");
+ err_msg("DENY: user %s from %s at %s (ill-property)",
+ userid, clientAddr, macAddr);
+ return 0;
+ }
+
+ /* open firewall for the client */
+ if((ret=OpenClientGate(clientAddr, userid, macAddr, userProperty))<0){
+ PutClientMsg("Error: Please End Web and Retry");
+ return 0;
+ }else if(ret>0){
+ PutClientMsg("Error: Please contact to the administrator");
+ return 0;
+ }
+
+ timeIn=time(NULL);
+ err_msg("OPEN: user %s from %s at %s", userid, clientAddr, macAddr);
+
+ /* set (ruleNumber,userid,clientAddr) in process title */
+ setproctitle("%s,%s,%s", ruleNumber, userid, clientAddr);
+
+ /* set terminate signal handler */
+ Signal(SIGTERM, closeExit);
+
+ /* get temporary port for server-listen */
+ port=GetListenPort();
+ if(port<0){
+ err_msg("ERR in main: cannot get unused listen port");
+ PutClientMsg("Error: Please Call Administrator");
+ closeExit(1);
+ }
+
+ if((pid=Fork())!=0){
+ /** parent process **/
+ /* send java */
+ PutJavaApplet(userid, port, pid);
+
+ /* detach from Web server */
+ return 0;
+ }
+ /** child process **/
+
+ /* detach from Web server */
+ Close(0);Close(1); /* detach stdin and out pipe connected to Web */
+ Close(2); /* detach stderr */
+ Pipe(dummyfd); /* connect dummy pipe for stdin and out */
+
+ /* connect to the java applet */
+ if(WaitAppletConnect(userid, clientAddr, duration, macAddr)==1){
+
+ /* wait until the user quit */
+ WaitClientClose();
+ }
+ /* close firewall and exit */
+ closeExit(1);
+
+ return 0;
+}
+
+
+/* calc connection duration and put it out */
+
+void putCloseMsg(time_t timeOut, time_t timeIn)
+{
+ double time;
+ int hour,min,sec;
+
+ time=difftime(timeOut,timeIn);
+ hour=time/60/60;
+ min=(time-hour*60*60)/60;
+ sec=(time-hour*60*60-min*60);
+ err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",
+ userid, clientAddr, macAddr, hour,min,sec);
+ return;
+}
+
+/*****************************/
+/* At termination, call this */
+/*****************************/
+void closeExit(int signo)
+{
+ Signal(SIGTERM, SIG_DFL);
+ QuitClient();
+ CloseClientGate();
+ timeOut=time(NULL);
+ PutCloseMsg(timeOut,timeIn);
+ if(DEBUG) err_msg("DEBUG:terminated");
+ exit(1);
+}
+
+/*****************************/
+/*****************************/
+void PutCloseMsg(time_t timeOut, time_t timeIn)
+{
+ if(DEBUG) err_msg("DEBUG:=>putCloseMsg( )");
+ putCloseMsg(timeOut,timeIn);
+ if(DEBUG) err_msg("DEBUG:<=putCloseMsg( )");
+}
+
--- /dev/null
+/**************************************************
+opengate server header file
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include <sys/types.h> /* basic system data types */
+#include <sys/socket.h> /* basic socket definitions */
+#include <sys/time.h> /* timeval{} for select() */
+#include <time.h> /* timespec{} for pselect() */
+#include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
+#include <arpa/inet.h> /* inet(3) functions */
+#include <errno.h>
+#include <fcntl.h> /* for nonblocking */
+#include <netdb.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h> /* for S_xxx file mode constants */
+#include <sys/uio.h> /* for iovec{} and readv/writev */
+#include <unistd.h>
+#include <sys/wait.h>
+#include <sys/un.h> /* for Unix domain sockets */
+# include <sys/select.h> /* for convenience */
+# include <poll.h> /* for convenience */
+# include <strings.h> /* for convenience */
+# include <sys/ioctl.h>
+# include <sys/filio.h>
+# include <sys/sockio.h>
+# include <pthread.h>
+#define SA struct sockaddr
+#define LISTENQ 1024 /* 2nd argument to listen() */
+typedef void Sigfunc(int); /* for signal handlers */
+
+#include <syslog.h>
+#include <ctype.h>
+#include <stdarg.h>
+#include <sys/signal.h>
+
+/***** some parameters are overrided by the value in makefile. ****/
+
+#define DEBUG 0 /* if 1, dump many message to syslog */
+
+#define APPLETMARK "**OpengateAppletHere**" /* applet insert point mark */
+#define TERMINATEMARK "**TerminateUrlHere**" /* terminate URL insert mark */
+
+#define DURATIONDEFAULT 1200 /* default timeout of java connect (second) */
+#define DURATIONMAX 10800 /* requested usage time without java */
+ /* is limitted by this value(second) */
+
+#define ACTIVECHECKINTERVAL 600 /* client check interval(second) */
+#define COMMWAITTIMEOUT 60 /* communication reply timeout(second) */
+#define NOREPLYMAX 1 /* permitted count of no reply to hello */
+#define PACKETLOGDELAY 10 /* wait log writing time(second) */
+#define NOPACKETINTERVAL 5400 /* no packet interval (second) */
+ /* to judge the user has gone */
+
+#define LOCKTIMEOUT 10 /* ipfw excusive exec lock timeout (second)*/
+
+#define IPFWMIN 10000 /* ipfw rule number minimum */
+#define IPFWMAX 40000 /* ipfw rule number maximum */
+#define IPFWINTERVAL 2 /* ipfw rule number interval */
+
+ /* listen a port between follows */
+#define PORTMIN 30000 /* minimum port number */
+#define PORTMAX 60000 /* maximum port number */
+
+#define FACILITY LOG_LOCAL1 /* syslog ID */
+
+#define DEFAULTPROTO "ftp" /* default authentication protocol */
+
+#define ADDRMAXLN 128 /* maximum address string length */
+#define PASSMAXLN 128 /* maximum password string length */
+#define USERMAXLN 32 /* maximum userid string length */
+#define BUFFMAXLN 256 /* maximum buffer string length */
+#define WORDMAXLN 16 /* maximum word length */
+#define TRUE 1
+#define FALSE 0
+#define DENY 0
+#define ACCEPT 1
+
+#define ENABLEMACADDR 1 /* if 0, ignore MAC addr routine */
+#define PAMSERVICENAME "opengate" /* service name used in PAM */
+#define RADIUSCONF "/etc/radius.conf" /* default path to radius.conf */
+
+/**********prototypes***************************************/
+
+int authenticateUser(char *userid, char *password);
+int AuthenticateUser(char *userid, char *password);
+
+int openClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty);
+int OpenClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty);
+
+void closeClientGate(void);
+void CloseClientGate(void);
+
+int getPacketCount(void);
+int GetPacketCount(void);
+
+void getClientAddr(char *clientAddr);
+void GetClientAddr(char *clientAddr);
+
+void getUserInfo(char *userid, char *password, int *durationPtr);
+void GetUserInfo(char *userid, char *password, int *durationPtr);
+
+int getUserProperty(char *userid, char *userProperty);
+int GetUserProperty(char *userid, char *userProperty);
+
+void waitClientClose(void);
+void WaitClientClose(void);
+
+void putClientDeny(void);
+void PutClientDeny(void);
+
+void putClientMsg(char *message);
+void PutClientMsg(char *message);
+
+int getListenPort(void);
+int GetListenPort(void);
+
+void putJavaApplet(char *userid, int port, int pid);
+void PutJavaApplet(char *userid, int port, int pid);
+
+int waitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr);
+int WaitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr);
+
+ssize_t readln(int fd, void *vptr, size_t maxlen);
+ssize_t Readln(int fd, void *ptr, size_t maxlen);
+
+void Writefmt(int fd, const char *fmt, ...);
+
+int lock(int fd);
+int Lock(int fd);
+
+int unlock(int fd);
+int Unlock(int fd);
+
+int getMacAddr(char *clientAddr, char* macAddr);
+int GetMacAddr(char *clientAddr, char* macAddr);
+
+void quitClient(void);
+void QuitClient(void);
+
+int tcp_connect(const char *host, const char *serv);
+int Tcp_connect(const char *host, const char *serv);
+
+void err_ret(const char *fmt, ...);
+void err_sys(const char *fmt, ...);
+void err_dump(const char *fmt, ...);
+void err_msg(const char *fmt, ...);
+void err_quit(const char *fmt, ...);
+void errToSyslog(int i);
+
+char * sock_ntop_host(const struct sockaddr *sa, socklen_t salen);
+char * Sock_ntop_host(const struct sockaddr *sa, socklen_t salen);
+
+int Open(const char *pathname, int oflag, mode_t mode);
+void Close(int fd);
+pid_t Fork(void);
+void Pipe(int *fds);
+void Getpeername(int fd, struct sockaddr *sa, socklen_t *salenptr);
+int Socket(int family, int type, int protocol);
+void Listen(int fd, int backlog);
+Sigfunc * Signal(int signo, Sigfunc *func);
+void * Malloc(size_t size);
+
+
+
--- /dev/null
+/**********************************************************/
+/* signal function */
+/* from UNIX NETWORK PROGRAMMING,Vol.1,Second Edition, */
+/* By W. Richard Stevens, Published By Prentice Hall */
+/* ftp://ftp.kohala.com/pub/rstevens/unpv12e.tar.gz */
+/**********************************************************/
+/* include signal */
+#include "opengatesrv.h"
+
+Sigfunc *
+signal(int signo, Sigfunc *func)
+{
+ struct sigaction act, oact;
+
+ act.sa_handler = func;
+ sigemptyset(&act.sa_mask);
+ act.sa_flags = 0;
+ if (signo == SIGALRM) {
+#ifdef SA_INTERRUPT
+ act.sa_flags |= SA_INTERRUPT; /* SunOS 4.x */
+#endif
+ } else {
+#ifdef SA_RESTART
+ act.sa_flags |= SA_RESTART; /* SVR4, 44BSD */
+#endif
+ }
+ if (sigaction(signo, &act, &oact) < 0)
+ return(SIG_ERR);
+ return(oact.sa_handler);
+}
+/* end signal */
+
+Sigfunc *
+Signal(int signo, Sigfunc *func) /* for our signal() function */
+{
+ Sigfunc *sigfunc;
+
+ if ( (sigfunc = signal(signo, func)) == SIG_ERR)
+ err_sys("signal error");
+ return(sigfunc);
+}
--- /dev/null
+/**********************************************************/
+/* Sock_ntop_host */
+/* from UNIX NETWORK PROGRAMMING,Vol.1,Second Edition, */
+/* By W. Richard Stevens, Published By Prentice Hall */
+/* ftp://ftp.kohala.com/pub/rstevens/unpv12e.tar.gz */
+/**********************************************************/
+
+#include "opengatesrv.h"
+
+#ifdef HAVE_SOCKADDR_DL_STRUCT
+# include <net/if_dl.h>
+#endif
+
+char *
+sock_ntop_host(const struct sockaddr *sa, socklen_t salen)
+{
+ static char str[128]; /* Unix domain is largest */
+
+ switch (sa->sa_family) {
+ case AF_INET: {
+ struct sockaddr_in *sin = (struct sockaddr_in *) sa;
+
+ if (inet_ntop(AF_INET, &sin->sin_addr, str, sizeof(str)) == NULL)
+ return(NULL);
+ return(str);
+ }
+
+#ifdef IPV6
+ case AF_INET6: {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) sa;
+
+ if (inet_ntop(AF_INET6, &sin6->sin6_addr, str, sizeof(str)) == NULL)
+ return(NULL);
+ return(str);
+ }
+#endif
+
+#ifdef AF_UNIX
+ case AF_UNIX: {
+ struct sockaddr_un *unp = (struct sockaddr_un *) sa;
+
+ /* OK to have no pathname bound to the socket: happens on
+ every connect() unless client calls bind() first. */
+ if (unp->sun_path[0] == 0)
+ strcpy(str, "(no pathname bound)");
+ else
+ snprintf(str, sizeof(str), "%s", unp->sun_path);
+ return(str);
+ }
+#endif
+
+#ifdef HAVE_SOCKADDR_DL_STRUCT
+ case AF_LINK: {
+ struct sockaddr_dl *sdl = (struct sockaddr_dl *) sa;
+
+ if (sdl->sdl_nlen > 0)
+ snprintf(str, sizeof(str), "%*s",
+ sdl->sdl_nlen, &sdl->sdl_data[0]);
+ else
+ snprintf(str, sizeof(str), "AF_LINK, index=%d", sdl->sdl_index);
+ return(str);
+ }
+#endif
+ default:
+ snprintf(str, sizeof(str), "sock_ntop_host: unknown AF_xxx: %d, len %d",
+ sa->sa_family, salen);
+ return(str);
+ }
+ return (NULL);
+}
+
+char *
+Sock_ntop_host(const struct sockaddr *sa, socklen_t salen)
+{
+ char *ptr;
+
+ if ( (ptr = sock_ntop_host(sa, salen)) == NULL)
+ err_sys("sock_ntop_host error"); /* inet_ntop() sets errno */
+ return(ptr);
+}
--- /dev/null
+/**********************************************************/
+/* TCP Connection routine */
+/* from UNIX NETWORK PROGRAMMING,Vol.1,Second Edition, */
+/* By W. Richard Stevens, Published By Prentice Hall */
+/* ftp://ftp.kohala.com/pub/rstevens/unpv12e.tar.gz */
+/**********************************************************/
+#include "opengatesrv.h"
+
+int
+tcp_connect(const char *host, const char *serv)
+{
+ int sockfd, n;
+ struct addrinfo hints, *res, *ressave;
+
+ bzero(&hints, sizeof(struct addrinfo));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+
+ if ( (n = getaddrinfo(host, serv, &hints, &res)) != 0)
+ err_quit("tcp_connect error for %s, %s: %s",
+ host, serv, gai_strerror(n));
+ ressave = res;
+
+ do {
+ sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (sockfd < 0)
+ continue; /* ignore this one */
+
+ if (connect(sockfd, res->ai_addr, res->ai_addrlen) == 0)
+ break; /* success */
+
+ Close(sockfd); /* ignore this one */
+ } while ( (res = res->ai_next) != NULL);
+
+ if (res == NULL) /* errno set from final connect() */
+ err_sys("tcp_connect error for %s, %s", host, serv);
+
+ freeaddrinfo(ressave);
+
+ return(sockfd);
+}
+/* end tcp_connect */
+
+/*
+ * We place the wrapper function here, not in wraplib.c, because some
+ * XTI programs need to include wraplib.c, and it also defines
+ * a Tcp_connect() function.
+ */
+
+int
+Tcp_connect(const char *host, const char *serv)
+{
+ return(tcp_connect(host, serv));
+}
--- /dev/null
+/**************************************************
+opengate server
+ utility routines
+
+Copyright (C) 1999-2001 Yoshiaki Watanabe
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+/*************************************************/
+/* formated write */
+/* fd : file descriptor */
+/* fmt : format to write */
+/* ... : terms to write */
+/*************************************************/
+void Writefmt(int fd, const char *fmt, ...)
+{
+ char buff[BUFFMAXLN];
+ va_list ap;
+ int nchar, nwrt;
+
+ va_start(ap, fmt);
+ vsnprintf(buff, BUFFMAXLN, fmt, ap);
+ va_end(ap);
+
+ nchar=strlen(buff);
+ nwrt=write(fd, buff, nchar);
+
+ return;
+}
+
+
+void WritefmtSSL(int fd, const char *fmt, ...)
+{
+ char buff[BUFFMAXLN];
+ va_list ap;
+ int nchar, nwrt;
+
+ va_start(ap, fmt);
+ vsnprintf(buff, BUFFMAXLN, fmt, ap);
+ va_end(ap);
+
+ nchar=strlen(buff);
+ nwrt=SSL_write(fd, buff, nchar);
+
+ return;
+}
+
+/**************************************************/
+/* Read one line */
+/* fd: file descriptor */
+/* vptr: input buffer pointer */
+/* maxlen: buffer length */
+/**************************************************/
+ssize_t
+readln(int fd, void *vptr, size_t maxlen)
+{
+ ssize_t n, rc;
+ char *ptr,c;
+
+ ptr=vptr;
+
+ /* skip pre ctrl char */
+ while(1){
+ rc = read(fd, &c, 1);
+ if(rc <= 0) return rc;
+ if(iscntrl(c)) continue;
+ break; /* get some normal char */
+ }
+
+ /* get char loop */
+ n=0;
+ while(n < maxlen-1) {
+ if ( rc == 1) { /* get some char */
+ if (iscntrl(c))break; /* cntrl char means line end */
+ *ptr++ = c;
+ n++;
+ }else if (rc == 0) { /* EOF */
+ break;
+ } else { /* ERR */
+ if (errno != EINTR) return(-1);
+ }
+ rc = read(fd, &c, 1);
+ }
+ /* null terminate string */
+ *ptr++ = 0;
+ n++;
+ return(n);
+}
+
+
+ssize_t
+readlnSSL(int fd, void *vptr, size_t maxlen)
+{
+ ssize_t n, rc;
+ char *ptr,c;
+
+ ptr=vptr;
+
+ /* skip pre ctrl char */
+ while(1){
+ rc = SSL_read(fd, &c, 1);
+ if(rc <= 0) return rc;
+ if(iscntrl(c)) continue;
+ break; /* get some normal char */
+ }
+
+ /* get char loop */
+ n=0;
+ while(n < maxlen-1) {
+ if ( rc == 1) { /* get some char */
+ if (iscntrl(c))break; /* cntrl char means line end */
+ *ptr++ = c;
+ n++;
+ }else if (rc == 0) { /* EOF */
+ break;
+ } else { /* ERR */
+ if (errno != EINTR) return(-1);
+ }
+ rc = SSL_read(fd, &c, 1);
+ }
+ /* null terminate string */
+ *ptr++ = 0;
+ n++;
+ return(n);
+}
+
+/******************************/
+/* lock functions using fcntl */
+/******************************/
+int lock(int fd)
+{
+ struct flock lck;
+
+ lck.l_type=F_WRLCK;
+ lck.l_whence=SEEK_SET;
+ lck.l_start=0;
+ lck.l_len=0;
+ return fcntl(fd, F_SETLKW, &lck);
+}
+
+/********************************/
+/* unlock functions using fcntl */
+/********************************/
+int unlock(int fd)
+{
+ struct flock lck;
+
+ lck.l_type=F_UNLCK;
+ lck.l_whence=SEEK_SET;
+ lck.l_start=0;
+ lck.l_len=0;
+ return fcntl(fd, F_SETLK, &lck);
+}
+
+/****************************************/
+/****************************************/
+
+ssize_t Readln(int fd, void *ptr, size_t maxlen)
+{
+ ssize_t n;
+
+ if(DEBUG) err_msg("DEBUG:=>readln( )");
+
+ if ( (n = readln(fd, ptr, maxlen)) < 0)
+ err_msg("ERR in utilities: readln error");
+
+ if(DEBUG) err_msg("DEBUG:(%d)<=readln( )",n);
+
+ return(n);
+}
+
+int Lock(int fd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>lock( )");
+
+ if((ret=lock(fd))<0){
+ err_sys("lock error");
+ }
+
+ if(DEBUG) err_msg("DEBUG:(%d)<=lock( )",ret);
+
+ return ret;
+}
+
+
+int Unlock(int fd)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>unlock( )");
+
+ if((ret=unlock(fd))<0){
+ err_sys("unlock error");
+ }
+
+ if(DEBUG) err_msg("DEBUG:(%d)<=unlock( )",ret);
+
+ return ret;
+}
+
--- /dev/null
+/**********************************************************/
+/* error process wrapper functions */
+/* from UNIX NETWORK PROGRAMMING,Vol.1,Second Edition, */
+/* By W. Richard Stevens, Published By Prentice Hall */
+/* ftp://ftp.kohala.com/pub/rstevens/unpv12e.tar.gz */
+/**********************************************************/
+#include "opengatesrv.h"
+
+int
+Open(const char *pathname, int oflag, mode_t mode)
+{
+ int fd;
+
+ if ( (fd = open(pathname, oflag, mode)) == -1)
+ err_sys("open error for %s", pathname);
+ return(fd);
+}
+
+void
+Close(int fd)
+{
+ if (close(fd) == -1)
+ err_sys("close error");
+}
+
+pid_t
+Fork(void)
+{
+ pid_t pid;
+
+ if ( (pid = fork()) == -1)
+ err_sys("fork error");
+ return(pid);
+}
+
+void
+Pipe(int *fds)
+{
+ if (pipe(fds) < 0)
+ err_sys("pipe error");
+}
+
+
+
+void
+Getpeername(int fd, struct sockaddr *sa, socklen_t *salenptr)
+{
+ if (getpeername(fd, sa, salenptr) < 0)
+ err_sys("getpeername error");
+}
+
+int
+Socket(int family, int type, int protocol)
+{
+ int n;
+
+ if ( (n = socket(family, type, protocol)) < 0)
+ err_sys("socket error");
+ return(n);
+}
+
+void
+Listen(int fd, int backlog)
+{
+ char *ptr;
+
+ /*4can override 2nd argument with environment variable */
+ if ( (ptr = getenv("LISTENQ")) != NULL)
+ backlog = atoi(ptr);
+
+ if (listen(fd, backlog) < 0)
+ err_sys("listen error");
+}
+
+void *
+Malloc(size_t size)
+{
+ void *ptr;
+
+ if ( (ptr = malloc(size)) == NULL)
+ err_sys("malloc error");
+ return(ptr);
+}
+
OSDN Git Service
