void
http_nodogsplash_redirect_remote_auth(request *r, t_auth_target *authtarget)
{
char *remoteurl;
char *encgateway, *encauthaction, *encredir, *enctoken;
s_config *config;
config = config_get_config();
/* URL encode variables, redirect to remote auth server */
encgateway = httpdUrlEncode(config->gw_name);
encauthaction = httpdUrlEncode(authtarget->authaction);
encredir = httpdUrlEncode(authtarget->redir);
enctoken = httpdUrlEncode(authtarget->token);
safe_asprintf(&remoteurl, "%s?gateway=%s&authaction=%s&redir=%s&tok=%s",
config->remote_auth_action,
encgateway,
encauthaction,
encredir,
enctoken);
http_nodogsplash_redirect(r, remoteurl);
free(encgateway);
free(encauthaction);
free(encredir);
free(enctoken);
free(remoteurl);
}
void
http_nodogsplash_redirect_remote_auth(request *r, t_auth_target *authtarget,t_client *client)
{
char *remoteurl;
char *encgateway, *encauthaction, *encredir, *enctoken, *encmac;
s_config *config;
config = config_get_config();
/* URL encode variables, redirect to remote auth server */
//encgateway = httpdUrlEncode(config->gw_name);
encauthaction = httpdUrlEncode(authtarget->authaction);
encredir = httpdUrlEncode(authtarget->redir);
enctoken = httpdUrlEncode(authtarget->token);
encmac = httpdUrlEncode(client->mac);
safe_asprintf(&remoteurl, "%s:%d%s?uid=%d&authaction=%s&redir=%s&tok=%s&mac=%s",
config->auth_server,
config->auth_port,
config->auth_path,
config->uid,
encauthaction,
encredir,
enctoken,
encmac);
http_nodogsplash_redirect(r, remoteurl);
free(encauthaction);
free(encredir);
free(enctoken);
free(remoteurl);
}
/** The multipurpose authentication action handler
*/
void
http_nodogsplash_callback_action(request *r,
t_auth_target *authtarget,
t_authaction action)
{
t_client *client;
char *mac;
const char *ip;
char *clienttoken = NULL;
const char *requesttoken = authtarget->token;
const char *redir = authtarget->redir;
ip = r->clientAddr;
if(!requesttoken) {
debug(LOG_NOTICE, "No token in request from ip %s", ip);
return;
}
if(!redir) {
debug(LOG_NOTICE, "No redirect in request from ip %s", ip);
return;
}
if (!(mac = arp_get(ip))) {
/* We could not get their MAC address */
debug(LOG_NOTICE, "Could not arp MAC address for %s action %d", ip, action);
return;
}
/* We have their MAC address, find them on the client list */
LOCK_CLIENT_LIST();
client = client_list_find(ip,mac);
if(client && client->token) {
clienttoken = safe_strdup(client->token);
}
UNLOCK_CLIENT_LIST();
if(!client) {
debug(LOG_NOTICE, "Client %s %s action %d is not on client list",
ip, mac, action);
http_nodogsplash_serve_info(r,
"Nodogsplash Error",
"You are not on the client list.");
free(mac);
return;
}
/* We have a client */
/* Do we have a client token? */
if(!clienttoken) {
debug(LOG_NOTICE, "Client %s %s action %d does not have a token",
ip, mac, action);
free(mac);
return;
}
debug(LOG_DEBUG, "Action %d: %s %s tokens %s, %s",
action, ip, mac, clienttoken, requesttoken);
debug(LOG_DEBUG, "Redirect: %s", redir);
/* Check token match */
if (strcmp(clienttoken,requesttoken)) {
/* tokens don't match, reject */
debug(LOG_NOTICE, "Client %s %s tokens %s, %s do not match",
r->clientAddr, mac, clienttoken, requesttoken);
http_nodogsplash_serve_info(r, "Nodogsplash Error",
"Tokens do not match.");
free(mac);
free(clienttoken);
return;
}
/* Log value of info string, if any */
if(authtarget->info) {
debug(LOG_NOTICE, "Client %s %s info: %s",
ip, mac, authtarget->info);
}
/* take action */
switch(action) {
case AUTH_MAKE_AUTHENTICATED:
auth_client_action(ip,mac,action);
http_nodogsplash_redirect(r, redir);
break;
case AUTH_MAKE_DEAUTHENTICATED:
auth_client_action(ip,mac,action);
http_nodogsplash_serve_info(r, "Nodogsplash Deny",
"Authentication revoked.");
break;
default:
debug(LOG_ERR, "Unknown auth action: %d", action);
}
free(mac);
free(clienttoken);
return;
}
