/* Initialise MYSQL Connection , execute queries
to get fields and records and convert this to
json i.e. field-name, field-value pairs. */
void init_conn(httpd *server)
{
httpVar *var1,*var2,*var3,*var4;
var1 = httpdGetVariableByName(server,"server");
var2 = httpdGetVariableByName(server,"user");
var3 = httpdGetVariableByName(server,"pass");
var4 = httpdGetVariableByName(server,"db");
if(var1!=NULL && var2!=NULL && var3!=NULL && var4!=NULL)
{
char *serv = var1->value;
char *user = var2->value;
char *password = var3->value;
char *database = var4->value;
char *error = (char*)malloc(MAX_VALUE_LENGTH);
conn = mysql_init(NULL);
/* Connect to datababase */
if (!mysql_real_connect(conn, serv, user, password, database, 0, NULL, 0))
{
httpdPrintf(server,"%s",mysql_error(conn));
}
else
{
httpdPrintf(server,"Connection Successful");
mysql_query(conn,"ALTER TABLE details ADD COLUMN num INT AUTO_INCREMENT UNIQUE");
init_json();
}
}
return;
}
void
http_callback_auth(httpd * webserver, request * r)
{
t_client *client;
httpVar *token;
char *mac;
httpVar *logout = httpdGetVariableByName(r, "logout");
const s_config *config = config_get_config();
if ((token = httpdGetVariableByName(r, "token"))) {
/* They supplied variable "token" */
if (!(mac = arp_get(r->clientAddr))) {
/* We could not get their MAC address */
debug(LOG_ERR, "Failed to retrieve MAC address for ip %s", r->clientAddr);
send_http_page(r, "WiFiDog Error", "Failed to retrieve your MAC address");
} else {
t_redir_node *node;
int index = 0;
LOCK_REDIR();
node = redir_list_find(mac);
if (node) {
index = node->wlindex;
}
UNLOCK_REDIR();
/* We have their MAC address */
LOCK_CLIENT_LIST();
if ((client = client_list_find(r->clientAddr, mac)) == NULL) {
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
client = client_list_add(r->clientAddr, mac, token->value);
client->fw_connection_state = FW_MARK_REDIR;
client->counters.active_duration = config->sessiontimeout[index-1];
} else if (logout) {
logout_client(client);
} else {
debug(LOG_DEBUG, "Client for %s is already in the client list", client->ip);
}
UNLOCK_CLIENT_LIST();
if (!logout) { /* applies for case 1 and 3 from above if */
authenticate_client(r);
}
free(mac);
}
} else {
/* They did not supply variable "token" */
send_http_page(r, "WiFiDog error", "Invalid token");
}
}
void
http_callback_auth(httpd *webserver, request *r)
{
t_client *client;
httpVar * token;
char *mac;
if ((token = httpdGetVariableByName(r, "token"))) {
/* They supplied variable "token" */
if (!(mac = arp_get(r->clientAddr))) {
/* We could not get their MAC address */
debug(LOG_ERR, "Failed to retrieve MAC address for ip %s", r->clientAddr);
send_http_page(r, "WiFiDog Error", "Failed to retrieve your MAC address");
} else {
/* We have their MAC address */
LOCK_CLIENT_LIST();
if ((client = client_list_find(r->clientAddr, mac)) == NULL) {
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
client_list_append(r->clientAddr, mac, token->value);
} else {
debug(LOG_DEBUG, "Client for %s is already in the client list", client->ip);
}
UNLOCK_CLIENT_LIST();
authenticate_client(r);
free(mac);
}
} else {
/* They did not supply variable "token" */
send_http_page(r, "WiFiDog error", "Invalid token");
}
}
/** Respond to attempted access from a preauthenticated client.
* Add the client to the client list and serves the splash page.
*/
void
http_nodogsplash_custom_request(httpd *webserver, request *r)
{
debug(LOG_NOTICE, "Processing custom request... %s:%s", r->request.path, r->clientAddr);
httpdAddVariable(r,"test","default");
httpdAddVariable(r,"hidden","default");
httpdAddVariable(r,"survey_results","");
httpVar *var;
var = httpdGetVariableByName(r,"test");
if(var && var->value) {
debug(LOG_NOTICE, "Var test is : %s", var->value);
}
char message[] = "HIIIIII\n";
httpdSetResponse(r, "200 OK");
//httpdPrintf(r, message);
sendfile(r, "post.html");
httpdDumpVariables(r);
debug(LOG_NOTICE, "Custom request requested. Query: %s", r->request.query);
}
// liudf added 20160421
void
http_callback_temporary_pass(httpd * webserver, request * r)
{
const s_config *config = config_get_config();
httpVar *mac = httpdGetVariableByName(r, "mac");
if (config->httpdusername &&
(strcmp(config->httpdusername, r->request.authUser) ||
strcmp(config->httpdpassword, r->request.authPassword))) {
debug(LOG_INFO, "Disconnect requested, forcing authentication");
httpdForceAuthenticate(r, config->httpdrealm);
return;
}
if(mac) {
debug(LOG_INFO, "Temporary passed %s", mac->value);
fw_set_mac_temporary(mac->value, 0);
httpdOutput(r, "startWeChatAuth();");
} else {
debug(LOG_INFO, "Temporary pass called without MAC given");
httpdOutput(r, "MAC need to be specified");
return;
}
return;
}
void table_data_html(httpd *server)
{
TableMetaData *tableData = new TableMetaData[10]; //currently hard coded
int tableCount=0;
if (!strcmp(httpdRequestMethodName(server), "GET"))
{
std::string getTableDataString;
get_tableData(tableData, &tableCount);
if(tableData==NULL)
return;
JsonSerializer::serialize(tableData, getTableDataString);
httpdPrintf(server, "%s\n", getTableDataString.c_str());
/*
for (int i=0; i<tableCount; i++)
{
std::string eachTable;
JsonSerializer::serialize(tableData+i, eachTable);
getTableDataString+=eachTable;
if(i<tableCount-1)
getTableDataString+=",";
}
std::string output ="[";
output+=getTableDataString;
output+="]";
std::cout<<output<<std::endl;
httpdPrintf(server, "%s\n", output.c_str());
*/
}
else if (!strcmp(httpdRequestMethodName(server), "POST"))
{
httpVar *updateString;
updateString = httpdGetVariableByName(server, "tablemetadata");
char *updateTableDataString = updateString->value;
if (updateTableDataString == NULL)
{
httpdPrintf(server,"Missing table meta data information");
}
std::string updateTableData;
updateTableData.copy(updateTableDataString, strlen(updateTableDataString));
if(!JsonSerializer::deserialize(tableData, updateTableData))
{
httpdPrintf(server,"Problem with updating Table Meta Data");
}
else
{ //to be implemented
//set_tableData(tableData, 0);
}
}
tableCount=0;
delete [] tableData;
return;
}
void
http_callback_disconnect(httpd * webserver, request * r)
{
const s_config *config = config_get_config();
/* XXX How do you change the status code for the response?? */
httpVar *token = httpdGetVariableByName(r, "token");
httpVar *mac = httpdGetVariableByName(r, "mac");
if (config->httpdusername &&
(strcmp(config->httpdusername, r->request.authUser) ||
strcmp(config->httpdpassword, r->request.authPassword))) {
debug(LOG_INFO, "Disconnect requested, forcing authentication");
httpdForceAuthenticate(r, config->httpdrealm);
return;
}
if (token && mac) {
t_client *client;
LOCK_CLIENT_LIST();
client = client_list_find_by_mac(mac->value);
if (!client || strcmp(client->token, token->value)) {
UNLOCK_CLIENT_LIST();
debug(LOG_INFO, "Disconnect %s with incorrect token %s", mac->value, token->value);
httpdOutput(r, "Invalid token for MAC");
return;
}
/* TODO: get current firewall counters */
logout_client(client);
UNLOCK_CLIENT_LIST();
} else {
debug(LOG_INFO, "Disconnect called without both token and MAC given");
httpdOutput(r, "Both the token and MAC need to be specified");
return;
}
return;
}
void
httpsOutput(request * r, const char *msg)
{
const char *src;
char buf[HTTP_MAX_LEN], varName[80], *dest;
int count;
src = msg;
dest = buf;
count = 0;
memset(buf, 0, HTTP_MAX_LEN);
while (*src && count < HTTP_MAX_LEN) {
if (*src == '$') {
const char *tmp;
char *cp;
int count2;
httpVar *curVar;
tmp = src + 1;
cp = varName;
count2 = 0;
while (*tmp && (isalnum((unsigned char)*tmp) || *tmp == '_') && count2 < 80) {
*cp++ = *tmp++;
count2++;
}
*cp = 0;
curVar = httpdGetVariableByName(r, varName);
if (curVar && ((count + strlen(curVar->value)) < HTTP_MAX_LEN)) {
strcpy(dest, curVar->value);
dest = dest + strlen(dest);
count += strlen(dest);
src = src + strlen(varName) + 1;
continue;
} else {
*dest++ = *src++;
count++;
continue;
}
}
*dest++ = *src++;
count++;
}
*dest = 0;
r->response.responseLength += strlen(buf);
if (r->response.headersSent == 0)
httpsSendHeaders(r);
_https_net_write(r->ssl_conn, buf, strlen(buf));
}
void query_html(httpd *server)
{
char* query_op;
httpVar *variable;
/*
** Grab the symbol table entry to see if the variable exists
*/
variable = httpdGetVariableByName(server, "query");
if (variable == NULL)
{
httpdPrintf(server,"Missing form data!");
return;
}
char *query =variable->value;
queralyzer(query, &query_op);
httpdPrintf(server, "%s\n", query_op);
return;
}
/**
* Allocate and return a pointer to a t_auth_target struct
* encoding information needed to authenticate a client.
* See http_nodogsplash_make_authtarget().
* The struct should be freed by http_nodogsplash_free_authtarget().
*/
t_auth_target *
http_nodogsplash_decode_authtarget(request *r)
{
httpVar *var;
t_auth_target *authtarget;
char *token=NULL, *redir=NULL;
var = httpdGetVariableByName(r,"tok");
if(var && var->value) {
token = var->value;
debug(LOG_DEBUG,"Get token from authserver: %s",token);
} else {
token = "";
debug(LOG_DEBUG,"Did not get token from auth server");
}
var = httpdGetVariableByName(r,"redir");
if(var && var->value) {
redir = var->value;
debug(LOG_DEBUG,"Get redir from authserver: %s",redir);
} else {
redir = "";
debug(LOG_DEBUG,"Did not get redir from auth server");
}
authtarget = http_nodogsplash_make_authtarget(token,redir);
var = httpdGetVariableByName(r,"nodoguser");
if(var && var->value) {
authtarget->username = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"nodogpass");
if(var && var->value) {
authtarget->password = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"info");
if(var && var->value) {
authtarget->info = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"voucher");
if(var && var->value) {
authtarget->voucher = safe_strdup(var->value);
}
return authtarget;
}
/**
* Allocate and return a pointer to a t_auth_target struct
* encoding information needed to authenticate a client.
* See http_nodogsplash_make_authtarget().
* The struct should be freed by http_nodogsplash_free_authtarget().
*/
t_auth_target *
http_nodogsplash_decode_authtarget(request *r)
{
httpVar *var;
t_auth_target *authtarget;
const char *token=NULL, *redir=NULL;
var = httpdGetVariableByName(r,"tok");
if(var && var->value) {
token = var->value;
} else {
token = "";
}
var = httpdGetVariableByName(r,"redir");
if(var && var->value) {
redir = var->value;
} else {
redir = "";
}
authtarget = http_nodogsplash_make_authtarget(token,redir);
var = httpdGetVariableByName(r,"nodoguser");
if(var && var->value) {
authtarget->username = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"nodogpass");
if(var && var->value) {
authtarget->password = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"info");
if(var && var->value) {
authtarget->info = safe_strdup(var->value);
}
var = httpdGetVariableByName(r,"voucher");
if(var && var->value) {
authtarget->voucher = safe_strdup(var->value);
}
return authtarget;
}
void
http_callback_auth(httpd *webserver, request *r)
{
t_client *client;
httpVar * token;
char *mac;
httpVar *logout = httpdGetVariableByName(r, "logout");
if ((token = httpdGetVariableByName(r, "token"))) {
/* They supplied variable "token" */
if (!(mac = arp_get(r->clientAddr))) {
/* We could not get their MAC address */
debug(LOG_ERR, "Failed to retrieve MAC address for ip %s", r->clientAddr);
send_http_page(r, "WiFiDog Error", "Failed to retrieve your MAC address");
} else {
/* We have their MAC address */
LOCK_CLIENT_LIST();
if ((client = client_list_find(r->clientAddr, mac)) == NULL) {
debug(LOG_DEBUG, "New client for %s", r->clientAddr);
client_list_append(r->clientAddr, mac, token->value);
} else if (logout) {
t_authresponse authresponse;
s_config *config = config_get_config();
unsigned long long incoming = client->counters.incoming;
unsigned long long outgoing = client->counters.outgoing;
char *ip = safe_strdup(client->ip);
char *urlFragment = NULL;
t_auth_serv *auth_server = get_auth_server();
fw_deny(client->ip, client->mac, client->fw_connection_state);
client_list_delete(client);
debug(LOG_DEBUG, "Got logout from %s", client->ip);
/* Advertise the logout if we have an auth server */
if (config->auth_servers != NULL) {
UNLOCK_CLIENT_LIST();
auth_server_request(&authresponse, REQUEST_TYPE_LOGOUT, ip, mac, token->value,
incoming, outgoing);
LOCK_CLIENT_LIST();
/* Re-direct them to auth server */
debug(LOG_INFO, "Got manual logout from client ip %s, mac %s, token %s"
"- redirecting them to logout message", client->ip, client->mac, client->token);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_ACCOUNT_LOGGED_OUT
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to logout message");
free(urlFragment);
}
free(ip);
}
else {
debug(LOG_DEBUG, "Client for %s is already in the client list", client->ip);
}
UNLOCK_CLIENT_LIST();
if (!logout) {
authenticate_client(r);
}
free(mac);
}
} else {
/* They did not supply variable "token" */
send_http_page(r, "WiFiDog error", "Invalid token");
}
}
/** Authenticates a single client against the central server and returns when done
* Alters the firewall rules depending on what the auth server says
@param r httpd request struct
*/
void
authenticate_client(request * r)
{
t_client *client, *tmp;
t_authresponse auth_response;
char *token;
httpVar *var;
char *urlFragment = NULL;
s_config *config = NULL;
t_auth_serv *auth_server = NULL;
LOCK_CLIENT_LIST();
client = client_dup(client_list_find_by_ip(r->clientAddr));
UNLOCK_CLIENT_LIST();
if (client == NULL) {
debug(LOG_ERR, "authenticate_client(): Could not find client for %s", r->clientAddr);
return;
}
/* Users could try to log in(so there is a valid token in
* request) even after they have logged in, try to deal with
* this */
if ((var = httpdGetVariableByName(r, "token")) != NULL) {
token = safe_strdup(var->value);
} else {
token = safe_strdup(client->token);
}
/*
* At this point we've released the lock while we do an HTTP request since it could
* take multiple seconds to do and the gateway would effectively be frozen if we
* kept the lock.
*/
auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, client->ip, client->mac, token, 0, 0);
LOCK_CLIENT_LIST();
/* can't trust the client to still exist after n seconds have passed */
tmp = client_list_find_by_client(client);
if (NULL == tmp) {
debug(LOG_ERR, "authenticate_client(): Could not find client node for %s (%s)", client->ip, client->mac);
UNLOCK_CLIENT_LIST();
client_list_destroy(client); /* Free the cloned client */
free(token);
return;
}
client_list_destroy(client); /* Free the cloned client */
client = tmp;
if (strcmp(token, client->token) != 0) {
/* If token changed, save it. */
free(client->token);
client->token = token;
} else {
free(token);
}
/* Prepare some variables we'll need below */
config = config_get_config();
auth_server = get_auth_server();
switch (auth_response.authcode) {
case AUTH_ERROR:
/* Error talking to central server */
debug(LOG_ERR, "Got ERROR from central server authenticating token %s from %s at %s", client->token, client->ip,
client->mac);
send_http_page(r, "Error!", "Error: We did not get a valid answer from the central server");
break;
case AUTH_DENIED:
/* Central server said invalid token */
debug(LOG_INFO,
"Got DENIED from central server authenticating token %s from %s at %s - deleting from firewall and redirecting them to denied message",
client->token, client->ip, client->mac);
fw_deny(client);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_DENIED);
http_send_redirect_to_auth(r, urlFragment, "Redirect to denied message");
free(urlFragment);
break;
case AUTH_VALIDATION:
/* They just got validated for X minutes to check their email */
debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s"
"- adding to firewall and redirecting them to activate message", client->token, client->ip, client->mac);
fw_allow(client, FW_MARK_PROBATION);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACTIVATE_ACCOUNT);
http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message");
free(urlFragment);
break;
case AUTH_ALLOWED:
/* Logged in successfully as a regular account */
debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - "
"adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
fw_allow(client, FW_MARK_KNOWN);
// add by zp
debug(LOG_INFO,"goto fw_allow()...");
served_this_session++;
safe_asprintf(&urlFragment, "%sgw_id=%s", auth_server->authserv_portal_script_path_fragment, config->gw_id);
// modify by zp
http_send_redirect_to_auth(r, urlFragment, "Redirect to portal");
//char * text = "advertisement";
//http_send_redirect_to_advertisement(r, urlFragment, text);
free(urlFragment);
break;
case AUTH_VALIDATION_FAILED:
/* Client had X minutes to validate account by email and didn't = too late */
debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s "
"- redirecting them to failed_validation message", client->token, client->ip, client->mac);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED);
http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message");
free(urlFragment);
break;
default:
debug(LOG_WARNING,
"I don't know what the validation code %d means for token %s from %s at %s - sending error message",
auth_response.authcode, client->token, client->ip, client->mac);
send_http_page(r, "Internal Error", "We can not validate your request at this time");
break;
}
UNLOCK_CLIENT_LIST();
return;
}