void mark_auth_offline() {
int before;
int after;
before = is_auth_online();
time(&last_auth_offline_time);
after = is_auth_online();
if (before != after) {
debug(LOG_INFO, "AUTH_ONLINE status became %s", (after ? "ON" : "OFF"));
}
}
void mark_auth_online() {
int before;
int after;
before = is_auth_online();
time(&last_auth_online_time);
after = is_auth_online();
if (before != after) {
debug(LOG_INFO, "AUTH_ONLINE status became %s", (after ? "ON" : "OFF"));
}
/* If auth server is online it means we're definately online */
mark_online();
}
/** The 404 handler is also responsible for redirecting to the auth server */
void
http_callback_404(httpd * webserver, request * r, int error_code)
{
char tmp_url[MAX_BUF], *url, *mac;
s_config *config = config_get_config();
t_auth_serv *auth_server = get_auth_server();
memset(tmp_url, 0, sizeof(tmp_url));
/*
* XXX Note the code below assumes that the client's request is a plain
* http request to a standard port. At any rate, this handler is called only
* if the internet/auth server is down so it's not a huge loss, but still.
*/
snprintf(tmp_url, (sizeof(tmp_url) - 1), "http://%s%s%s%s",
r->request.host, r->request.path, r->request.query[0] ? "?" : "", r->request.query);
url = httpdUrlEncode(tmp_url);
if (!is_online()) {
/* The internet connection is down at the moment - apologize and do not redirect anywhere */
char *buf;
safe_asprintf(&buf,
"<p>We apologize, but it seems that the internet connection that powers this hotspot is temporarily unavailable.</p>"
"<p>If at all possible, please notify the owners of this hotspot that the internet connection is out of service.</p>"
"<p>The maintainers of this network are aware of this disruption. We hope that this situation will be resolved soon.</p>"
"<p>In a while please <a href='%s'>click here</a> to try your request again.</p>", tmp_url);
send_http_page(r, "Uh oh! Internet access unavailable!", buf);
free(buf);
debug(LOG_INFO, "Sent %s an apology since I am not online - no point sending them to auth server",
r->clientAddr);
} else if (!is_auth_online()) {
/* The auth server is down at the moment - apologize and do not redirect anywhere */
char *buf;
safe_asprintf(&buf,
"<p>We apologize, but it seems that we are currently unable to re-direct you to the login screen.</p>"
"<p>The maintainers of this network are aware of this disruption. We hope that this situation will be resolved soon.</p>"
"<p>In a couple of minutes please <a href='%s'>click here</a> to try your request again.</p>",
tmp_url);
send_http_page(r, "Uh oh! Login screen unavailable!", buf);
free(buf);
debug(LOG_INFO, "Sent %s an apology since auth server not online - no point sending them to auth server",
r->clientAddr);
} else {
/* Re-direct them to auth server */
char *urlFragment;
if (!(mac = arp_get(r->clientAddr))) {
/* We could not get their MAC address */
debug(LOG_INFO, "Failed to retrieve MAC address for ip %s, so not putting in the login request",
r->clientAddr);
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&ip=%s&url=%s",
auth_server->authserv_login_script_path_fragment, config->gw_address, config->gw_port,
config->gw_id, r->clientAddr, url);
} else {
debug(LOG_INFO, "Got client MAC address for ip %s: %s", r->clientAddr, mac);
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&ip=%s&mac=%s&url=%s",
auth_server->authserv_login_script_path_fragment,
config->gw_address, config->gw_port, config->gw_id, r->clientAddr, mac, url);
free(mac);
}
// if host is not in whitelist, maybe not in conf or domain'IP changed, it will go to here.
debug(LOG_INFO, "Check host %s is in whitelist or not", r->request.host); // e.g. www.example.com
t_firewall_rule *rule;
//e.g. example.com is in whitelist
// if request http://www.example.com/, it's not equal example.com.
for (rule = get_ruleset("global"); rule != NULL; rule = rule->next) {
debug(LOG_INFO, "rule mask %s", rule->mask);
if (strstr(r->request.host, rule->mask) == NULL) {
debug(LOG_INFO, "host %s is not in %s, continue", r->request.host, rule->mask);
continue;
}
int host_length = strlen(r->request.host);
int mask_length = strlen(rule->mask);
if (host_length != mask_length) {
char prefix[1024] = { 0 };
// must be *.example.com, if not have ".", maybe Phishing. e.g. phishingexample.com
strncpy(prefix, r->request.host, host_length - mask_length - 1); // e.g. www
strcat(prefix, "."); // www.
strcat(prefix, rule->mask); // www.example.com
if (strcasecmp(r->request.host, prefix) == 0) {
debug(LOG_INFO, "allow subdomain");
fw_allow_host(r->request.host);
http_send_redirect(r, tmp_url, "allow subdomain");
free(url);
free(urlFragment);
return;
}
} else {
// e.g. "example.com" is in conf, so it had been parse to IP and added into "iptables allow" when wifidog start. but then its' A record(IP) changed, it will go to here.
debug(LOG_INFO, "allow domain again, because IP changed");
fw_allow_host(r->request.host);
http_send_redirect(r, tmp_url, "allow domain");
free(url);
free(urlFragment);
return;
}
}
debug(LOG_INFO, "Captured %s requesting [%s] and re-directing them to login page", r->clientAddr, url);
http_send_redirect_to_auth(r, urlFragment, "Redirect to login page");
free(urlFragment);
}
free(url);
}
/** The 404 handler is also responsible for redirecting to the auth server */
void
http_callback_404(httpd *webserver, request *r)
{
char tmp_url[MAX_BUF],
*url,
*mac;
s_config *config = config_get_config();
t_auth_serv *auth_server = get_auth_server();
memset(tmp_url, 0, sizeof(tmp_url));
/*
* XXX Note the code below assumes that the client's request is a plain
* http request to a standard port. At any rate, this handler is called only
* if the internet/auth server is down so it's not a huge loss, but still.
*/
snprintf(tmp_url, (sizeof(tmp_url) - 1), "http://%s%s%s%s",
r->request.host,
r->request.path,
r->request.query[0] ? "?" : "",
r->request.query);
url = httpdUrlEncode(tmp_url);
if (!is_online()) {
/* The internet connection is down at the moment - apologize and do not redirect anywhere */
char * buf;
safe_asprintf(&buf,
"<p>We apologize, but it seems that the internet connection that powers this hotspot is temporarily unavailable.</p>"
"<p>If at all possible, please notify the owners of this hotspot that the internet connection is out of service.</p>"
"<p>The maintainers of this network are aware of this disruption. We hope that this situation will be resolved soon.</p>"
"<p>In a while please <a href='%s'>click here</a> to try your request again.</p>", tmp_url);
send_http_page(r, "Uh oh! Internet access unavailable!", buf);
free(buf);
debug(LOG_INFO, "Sent %s an apology since I am not online - no point sending them to auth server", r->clientAddr);
}
else if (!is_auth_online()) {
/* The auth server is down at the moment - apologize and do not redirect anywhere */
char * buf;
safe_asprintf(&buf,
"<p>We apologize, but it seems that we are currently unable to re-direct you to the login screen.</p>"
"<p>The maintainers of this network are aware of this disruption. We hope that this situation will be resolved soon.</p>"
"<p>In a couple of minutes please <a href='%s'>click here</a> to try your request again.</p>", tmp_url);
send_http_page(r, "Uh oh! Login screen unavailable!", buf);
free(buf);
debug(LOG_INFO, "Sent %s an apology since auth server not online - no point sending them to auth server", r->clientAddr);
}
else {
//hector add 2014/3/18
get_oauth_iplist();
fw_set_oauthservers();
//hector end
/* Re-direct them to auth server */
char *urlFragment;
if (!(mac = arp_get(r->clientAddr))) {
/* We could not get their MAC address */
debug(LOG_INFO, "Failed to retrieve MAC address for ip %s, so not putting in the login request", r->clientAddr);
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&url=%s",
auth_server->authserv_login_script_path_fragment,
config->gw_address,
config->gw_port,
config->gw_id,
url);
} else {
debug(LOG_INFO, "Got client MAC address for ip %s: %s", r->clientAddr, mac);
safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&mac=%s&url=%s",
auth_server->authserv_login_script_path_fragment,
config->gw_address,
config->gw_port,
config->gw_id,
mac,
url);
}
debug(LOG_INFO, "Captured %s requesting [%s] and re-directing them to login page", r->clientAddr, url);
http_send_redirect_to_auth(r, urlFragment, "Redirect to login page");
free(urlFragment);
}
free(url);
}
/*
* @return A string containing human-readable status text. MUST BE free()d by caller
*/
char * get_status_text() {
char buffer[STATUS_BUF_SIZ];
ssize_t len;
s_config *config;
t_auth_serv *auth_server;
t_client *first;
int count;
unsigned long int uptime = 0;
unsigned int days = 0, hours = 0, minutes = 0, seconds = 0;
t_trusted_mac *p;
len = 0;
snprintf(buffer, (sizeof(buffer) - len), "WiFiDog status\n\n");
len = strlen(buffer);
uptime = time(NULL) - started_time;
days = uptime / (24 * 60 * 60);
uptime -= days * (24 * 60 * 60);
hours = uptime / (60 * 60);
uptime -= hours * (60 * 60);
minutes = uptime / 60;
uptime -= minutes * 60;
seconds = uptime;
snprintf((buffer + len), (sizeof(buffer) - len), "Version: " VERSION "\n");
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), "Uptime: %ud %uh %um %us\n", days, hours, minutes, seconds);
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), "Has been restarted: ");
len = strlen(buffer);
if (restart_orig_pid) {
snprintf((buffer + len), (sizeof(buffer) - len), "yes (from PID %d)\n", restart_orig_pid);
len = strlen(buffer);
}
else {
snprintf((buffer + len), (sizeof(buffer) - len), "no\n");
len = strlen(buffer);
}
snprintf((buffer + len), (sizeof(buffer) - len), "Internet Connectivity: %s\n", (is_online() ? "yes" : "no"));
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), "Auth server reachable: %s\n", (is_auth_online() ? "yes" : "no"));
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), "Clients served this session: %lu\n\n", served_this_session);
len = strlen(buffer);
LOCK_CLIENT_LIST();
first = client_get_first_client();
if (first == NULL) {
count = 0;
} else {
count = 1;
while (first->next != NULL) {
first = first->next;
count++;
}
}
snprintf((buffer + len), (sizeof(buffer) - len), "%d clients "
"connected.\n", count);
len = strlen(buffer);
first = client_get_first_client();
count = 0;
while (first != NULL) {
snprintf((buffer + len), (sizeof(buffer) - len), "\nClient %d\n", count);
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), " IP: %s MAC: %s\n", first->ip, first->mac);
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), " Token: %s\n", first->token);
len = strlen(buffer);
snprintf((buffer + len), (sizeof(buffer) - len), " Downloaded: %llu\n Uploaded: %llu\n" , first->counters.incoming, first->counters.outgoing);
len = strlen(buffer);
count++;
first = first->next;
}
UNLOCK_CLIENT_LIST();
config = config_get_config();
if (config->trustedmaclist != NULL) {
snprintf((buffer + len), (sizeof(buffer) - len), "\nTrusted MAC addresses:\n");
len = strlen(buffer);
for (p = config->trustedmaclist; p != NULL; p = p->next) {
snprintf((buffer + len), (sizeof(buffer) - len), " %s\n", p->mac);
len = strlen(buffer);
}
}
snprintf((buffer + len), (sizeof(buffer) - len), "\nAuthentication servers:\n");
len = strlen(buffer);
LOCK_CONFIG();
for (auth_server = config->auth_servers; auth_server != NULL; auth_server = auth_server->next) {
snprintf((buffer + len), (sizeof(buffer) - len), " Host: %s (%s)\n", auth_server->authserv_hostname, auth_server->last_ip);
len = strlen(buffer);
}
UNLOCK_CONFIG();
return safe_strdup(buffer);
}
/*
* @return A string containing human-readable status text. MUST BE free()d by caller
*/
char *
get_status_text()
{
pstr_t *pstr = pstr_new();
s_config *config;
t_auth_serv *auth_server;
t_client *sublist, *current;
int count;
time_t uptime = 0;
unsigned int days = 0, hours = 0, minutes = 0, seconds = 0;
t_trusted_mac *p;
t_offline_client *oc_list;
pstr_cat(pstr, "WiFiDog status\n\n");
uptime = time(NULL) - started_time;
days = (unsigned int)uptime / (24 * 60 * 60);
uptime -= days * (24 * 60 * 60);
hours = (unsigned int)uptime / (60 * 60);
uptime -= hours * (60 * 60);
minutes = (unsigned int)uptime / 60;
uptime -= minutes * 60;
seconds = (unsigned int)uptime;
pstr_cat(pstr, "Version: " VERSION "\n");
pstr_append_sprintf(pstr, "Uptime: %ud %uh %um %us\n", days, hours, minutes, seconds);
pstr_cat(pstr, "Has been restarted: ");
if (restart_orig_pid) {
pstr_append_sprintf(pstr, "yes (from PID %d)\n", restart_orig_pid);
} else {
pstr_cat(pstr, "no\n");
}
pstr_append_sprintf(pstr, "Internet Connectivity: %s\n", (is_online()? "yes" : "no"));
pstr_append_sprintf(pstr, "Auth server reachable: %s\n", (is_auth_online()? "yes" : "no"));
pstr_append_sprintf(pstr, "Clients served this session: %lu\n\n", served_this_session);
LOCK_CLIENT_LIST();
count = client_list_dup(&sublist);
UNLOCK_CLIENT_LIST();
current = sublist;
pstr_append_sprintf(pstr, "%d clients " "connected.\n", count);
count = 1;
while (current != NULL) {
pstr_append_sprintf(pstr, "\nClient %d status [%d]\n", count, current->is_online);
pstr_append_sprintf(pstr, " IP: %s MAC: %s\n", current->ip, current->mac);
pstr_append_sprintf(pstr, " Token: %s\n", current->token);
pstr_append_sprintf(pstr, " First Login: %lld\n", (long long)current->first_login);
pstr_append_sprintf(pstr, " Name: %s\n", current->name != NULL?current->name:"null");
pstr_append_sprintf(pstr, " Downloaded: %llu\n Uploaded: %llu\n", current->counters.incoming,
current->counters.outgoing);
count++;
current = current->next;
}
client_list_destroy(sublist);
LOCK_OFFLINE_CLIENT_LIST();
pstr_append_sprintf(pstr, "%d clients " "unconnected.\n", offline_client_number());
oc_list = client_get_first_offline_client();
while(oc_list != NULL) {
pstr_append_sprintf(pstr, " IP: %s MAC: %s Last Login: %lld Hit Counts: %d Client Type: %d Temp Passed: %d\n",
oc_list->ip, oc_list->mac, (long long)oc_list->last_login,
oc_list->hit_counts, oc_list->client_type, oc_list->temp_passed);
oc_list = oc_list->next;
}
UNLOCK_OFFLINE_CLIENT_LIST();
config = config_get_config();
LOCK_CONFIG();
if (config->trustedmaclist != NULL) {
pstr_cat(pstr, "\nTrusted MAC addresses:\n");
for (p = config->trustedmaclist; p != NULL; p = p->next) {
pstr_append_sprintf(pstr, " %s\n", p->mac);
}
}
pstr_cat(pstr, "\nAuthentication servers:\n");
for (auth_server = config->auth_servers; auth_server != NULL; auth_server = auth_server->next) {
pstr_append_sprintf(pstr, " Host: %s (%s)\n", auth_server->authserv_hostname, auth_server->last_ip);
}
UNLOCK_CONFIG();
return pstr_to_string(pstr);
}