WifiDog: auth.c Source File

00001 /********************************************************************\
00002  * This program is free software; you can redistribute it and/or    *
00003  * modify it under the terms of the GNU General Public License as   *
00004  * published by the Free Software Foundation; either version 2 of   *
00005  * the License, or (at your option) any later version.              *
00006  *                                                                  *
00007  * This program is distributed in the hope that it will be useful,  *
00008  * but WITHOUT ANY WARRANTY; without even the implied warranty of   *
00009  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    *
00010  * GNU General Public License for more details.                     *
00011  *                                                                  *
00012  * You should have received a copy of the GNU General Public License*
00013  * along with this program; if not, contact:                        *
00014  *                                                                  *
00015  * Free Software Foundation           Voice:  +1-617-542-5942       *
00016  * 59 Temple Place - Suite 330        Fax:    +1-617-542-2652       *
00017  * Boston, MA  02111-1307,  USA       gnu@gnu.org                   *
00018  *                                                                  *
00019 \********************************************************************/
00020 
00021 /* $Header: /cvsroot/wifidog/wifidog/src/auth.c,v 1.36 2005/03/07 19:19:27 minaguib Exp $ */
00027 #define _GNU_SOURCE
00028 
00029 #include <stdio.h>
00030 #include <stdlib.h>
00031 #include <pthread.h>
00032 #include <string.h>
00033 #include <stdarg.h>
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <unistd.h>
00037 #include <syslog.h>
00038 
00039 #include "httpd.h"
00040 #include "http.h"
00041 #include "safe.h"
00042 #include "conf.h"
00043 #include "debug.h"
00044 #include "auth.h"
00045 #include "centralserver.h"
00046 #include "fw_iptables.h"
00047 #include "firewall.h"
00048 #include "client_list.h"
00049 
00050 /* Defined in clientlist.c */
00051 extern  pthread_mutex_t client_list_mutex;
00052 
00058 void
00059 thread_client_timeout_check(void *arg)
00060 {
00061         pthread_cond_t          cond = PTHREAD_COND_INITIALIZER;
00062         pthread_mutex_t         cond_mutex = PTHREAD_MUTEX_INITIALIZER;
00063         struct  timespec        timeout;
00064         
00065         while (1) {
00066                 /* Sleep for config.checkinterval seconds... */
00067           timeout.tv_sec = time(NULL) + config_get_config()->checkinterval;
00068                 timeout.tv_nsec = 0;
00069 
00070                 /* Mutex must be locked for pthread_cond_timedwait... */
00071                 pthread_mutex_lock(&cond_mutex);
00072                 
00073                 /* Thread safe "sleep" */
00074                 pthread_cond_timedwait(&cond, &cond_mutex, &timeout);
00075 
00076                 /* No longer needs to be locked */
00077                 pthread_mutex_unlock(&cond_mutex);
00078         
00079                 debug(LOG_DEBUG, "Running fw_counter()");
00080         
00081                 fw_counter();
00082         }
00083 }
00084 
00088 void
00089 authenticate_client(request *r)
00090 {
00091         t_client        *client;
00092         t_authresponse  auth_response;
00093         char    *ip,
00094                 *mac,
00095                 *token;
00096         char *newlocation = NULL;
00097         char *protocol = NULL;
00098         s_config        *config = NULL;
00099         t_auth_serv     *auth_server = NULL;
00100         int port = 80;
00101 
00102         LOCK_CLIENT_LIST();
00103 
00104         client = client_list_find_by_ip(r->clientAddr);
00105 
00106         if (client == NULL) {
00107                 debug(LOG_ERR, "Could not find client for %s", ip);
00108                 UNLOCK_CLIENT_LIST();
00109                 return;
00110         }
00111         
00112         mac = safe_strdup(client->mac);
00113         token = safe_strdup(client->token);
00114         
00115         UNLOCK_CLIENT_LIST();
00116                 
00117         auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, r->clientAddr, mac, token, 0, 0);
00118         
00119         LOCK_CLIENT_LIST();
00120         
00121         /* can't trust the client to still exist */
00122         client = client_list_find(r->clientAddr, mac);
00123         
00124         if (client == NULL) {
00125                 debug(LOG_ERR, "Could not find client node for %s (%s)", r->clientAddr, mac);
00126                 UNLOCK_CLIENT_LIST();
00127                 free(token);
00128                 free(mac);
00129                 return;
00130         }
00131         
00132         free(token);
00133         free(mac);
00134 
00135         /* Prepare some variables we'll need below */
00136         config = config_get_config();
00137         auth_server = get_auth_server();
00138 
00139         if (auth_server->authserv_use_ssl) {
00140                 protocol = "https";
00141                 port = auth_server->authserv_ssl_port;
00142         } else {
00143                 protocol = "http";
00144                 port = auth_server->authserv_http_port;
00145         }
00146 
00147         switch(auth_response.authcode) {
00148 
00149         case AUTH_ERROR:
00150                 /* Error talking to central server */
00151                 debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac);
00152                 http_wifidog_header(r, "Error!");
00153                 httpdOutput(r, "Error: We did not get a valid answer from the central server");
00154                 http_wifidog_footer(r);
00155                 break;
00156 
00157         case AUTH_DENIED:
00158                 /* Central server said invalid token */
00159                 debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac);
00160                 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=denied",
00161                         protocol,
00162                         auth_server->authserv_hostname,
00163                         port,
00164                         auth_server->authserv_path
00165                 );
00166                 httpdSetResponse(r, "307 Redirect to denied message\n");
00167                 httpdAddHeader(r, newlocation);
00168                 free(newlocation);
00169                 http_wifidog_header(r, "Redirection to message");
00170                 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=denied'>click here</a>.",
00171                         protocol,
00172                         auth_server->authserv_hostname,
00173                         port,
00174                         auth_server->authserv_path
00175                 );
00176                 http_wifidog_footer(r);
00177                 break;
00178 
00179     case AUTH_VALIDATION:
00180                 /* They just got validated for X minutes to check their email */
00181                 debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s - adding to firewall and redirecting them to activate message", client->token, client->ip, client->mac);
00182                 client->fw_connection_state = FW_MARK_PROBATION;
00183                 fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
00184                 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=activate",
00185                         protocol,
00186                         auth_server->authserv_hostname,
00187                         port,
00188                         auth_server->authserv_path
00189                 );
00190                 httpdSetResponse(r, "307 Redirect to activate message\n");
00191                 httpdAddHeader(r, newlocation);
00192                 free(newlocation);
00193                 http_wifidog_header(r, "Redirection to message");
00194                 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=activate'>click here</a>.",
00195                         protocol,
00196                         auth_server->authserv_hostname,
00197                         port,
00198                         auth_server->authserv_path
00199                 );
00200                 http_wifidog_footer(r);
00201             break;
00202 
00203     case AUTH_ALLOWED:
00204                 /* Logged in successfully as a regular account */
00205                 debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
00206                 client->fw_connection_state = FW_MARK_KNOWN;
00207                 fw_allow(client->ip, client->mac, FW_MARK_KNOWN);
00208                 safe_asprintf(&newlocation, "Location: %s://%s:%d%sportal/?gw_id=%s",
00209                         protocol,
00210                         auth_server->authserv_hostname,
00211                         port,
00212                         auth_server->authserv_path,
00213                         config->gw_id
00214                 );
00215                 httpdSetResponse(r, "307 Redirect to portal\n");
00216                 httpdAddHeader(r, newlocation);
00217                 free(newlocation);
00218                 http_wifidog_header(r, "Redirection to portal");
00219                 httpdPrintf(r, "Please <a href='%s://%s:%d%sportal/?gw_id=%s'>click here</a> for the portal.",
00220                         protocol,
00221                         auth_server->authserv_hostname,
00222                         port,
00223                         auth_server->authserv_path,
00224                         config->gw_id
00225                 );
00226                 http_wifidog_footer(r);
00227             break;
00228 
00229     case AUTH_VALIDATION_FAILED:
00230                  /* Client had X minutes to validate account by email and didn't = too late */
00231                 debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s - redirecting them to failed_validation message", client->token, client->ip, client->mac);
00232                 safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=failed_validation",
00233                         protocol,
00234                         auth_server->authserv_hostname,
00235                         port,
00236                         auth_server->authserv_path
00237                 );
00238                 httpdSetResponse(r, "307 Redirect to failed validation message\n");
00239                 httpdAddHeader(r, newlocation);
00240                 free(newlocation);
00241                 http_wifidog_header(r, "Redirection to message");
00242                 httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=failed_validation'>click here</a>.",
00243                         protocol,
00244                         auth_server->authserv_hostname,
00245                         port,
00246                         auth_server->authserv_path
00247                 );
00248                 http_wifidog_footer(r);
00249             break;
00250 
00251     default:
00252                 debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac);
00253                 http_wifidog_header(r, "Internal error");
00254                 httpdOutput(r, "We can not validate your request at this time");
00255                 http_wifidog_footer(r);
00256             break;
00257 
00258         }
00259 
00260         UNLOCK_CLIENT_LIST();
00261         return;
00262 }
00263 
00264
wifidog-1.1.1/src/auth.c
