static void wdctl_reset(int fd, char *arg) { t_client *node; debug(LOG_DEBUG, "Entering wdctl_reset..."); LOCK_CLIENT_LIST(); debug(LOG_DEBUG, "Argument: %s (@%x)", arg, arg); /* We get the node or return... */ if ((node = client_list_find_by_ip(arg)) != NULL); else if ((node = client_list_find_by_mac(arg)) != NULL); else { debug(LOG_DEBUG, "Client not found."); UNLOCK_CLIENT_LIST(); write(fd, "No", 2); return; } debug(LOG_DEBUG, "Got node %x.", node); /* deny.... */ /* TODO: maybe just deleting the connection is not best... But this * is a manual command, I don't anticipate it'll be that useful. */ fw_deny(node->ip, node->mac, node->fw_connection_state); client_list_delete(node); UNLOCK_CLIENT_LIST(); write(fd, "Yes", 3); debug(LOG_DEBUG, "Exiting wdctl_reset..."); }
/** Ping clients to see if they are still active, * refresh their traffic counters, * remove and deny them if timed out */ void fw_refresh_client_list(void) { t_client *cp1, *cp2; time_t now, added_time, last_updated; s_config *config = config_get_config(); /* Update all the counters */ if (-1 == iptables_fw_counters_update()) { debug(LOG_ERR, "Could not get counters from firewall!"); return; } LOCK_CLIENT_LIST(); for (cp1 = cp2 = client_get_first_client(); NULL != cp1; cp1 = cp2) { cp2 = cp1->next; if (!(cp1 = client_list_find(cp1->ip, cp1->mac))) { debug(LOG_ERR, "Node %s was freed while being re-validated!", cp1->ip); } else { now = time(NULL); last_updated = cp1->counters.last_updated; added_time = cp1->added_time; if (last_updated + (config->checkinterval * config->clienttimeout) <= now) { /* Timing out inactive user */ debug(LOG_NOTICE, "%s %s inactive %d secs. kB in: %llu kB out: %llu", cp1->ip, cp1->mac, config->checkinterval * config->clienttimeout, cp1->counters.incoming/1000, cp1->counters.outgoing/1000); if (cp1->fw_connection_state == FW_MARK_AUTHENTICATED) { iptables_fw_access(AUTH_MAKE_DEAUTHENTICATED, cp1); } client_list_delete(cp1); } else if (added_time + (config->checkinterval * config->clientforceout) <= now) { /* Forcing out user */ debug(LOG_NOTICE, "%s %s connected %d secs. kB in: %llu kB out: %llu", cp1->ip, cp1->mac, config->checkinterval * config->clientforceout, cp1->counters.incoming/1000, cp1->counters.outgoing/1000); if (cp1->fw_connection_state == FW_MARK_AUTHENTICATED) { iptables_fw_access(AUTH_MAKE_DEAUTHENTICATED, cp1); } client_list_delete(cp1); } } } UNLOCK_CLIENT_LIST(); }
/** See if they are still active, * refresh their traffic counters, * remove and deny them if timed out */ static void fw_refresh_client_list(void) { t_client *cp1, *cp2; s_config *config = config_get_config(); const int preauth_idle_timeout_secs = 60 * config->preauth_idle_timeout; const int auth_idle_timeout_secs = 60 * config->auth_idle_timeout; const time_t now = time(NULL); /* Update all the counters */ if (-1 == iptables_fw_counters_update()) { debug(LOG_ERR, "Could not get counters from firewall!"); return; } LOCK_CLIENT_LIST(); for (cp1 = cp2 = client_get_first_client(); NULL != cp1; cp1 = cp2) { cp2 = cp1->next; if (!(cp1 = client_list_find_by_id(cp1->id))) { debug(LOG_ERR, "Client was freed while being re-validated!"); continue; } int conn_state = cp1->fw_connection_state; int last_updated = cp1->counters.last_updated; if (cp1->session_end > 0 && cp1->session_end <= now) { /* Session ended (only > 0 for FW_MARK_AUTHENTICATED by binauth) */ debug(LOG_NOTICE, "Force out user: %s %s, connected: %ds, in: %llukB, out: %llukB", cp1->ip, cp1->mac, now - cp1->session_end, cp1->counters.incoming / 1000, cp1->counters.outgoing / 1000); auth_change_state(cp1, FW_MARK_PREAUTHENTICATED, "timeout_deauth"); } else if (preauth_idle_timeout_secs > 0 && conn_state == FW_MARK_PREAUTHENTICATED && (last_updated + preauth_idle_timeout_secs) <= now) { /* Timeout inactive preauthenticated user */ debug(LOG_NOTICE, "Timeout preauthenticated idle user: %s %s, inactive: %ds, in: %llukB, out: %llukB", cp1->ip, cp1->mac, now - last_updated, cp1->counters.incoming / 1000, cp1->counters.outgoing / 1000); client_list_delete(cp1); } else if (auth_idle_timeout_secs > 0 && conn_state == FW_MARK_AUTHENTICATED && (last_updated + auth_idle_timeout_secs) <= now) { /* Timeout inactive user */ debug(LOG_NOTICE, "Timeout authenticated idle user: %s %s, inactive: %ds, in: %llukB, out: %llukB", cp1->ip, cp1->mac, now - last_updated, cp1->counters.incoming / 1000, cp1->counters.outgoing / 1000); auth_change_state(cp1, FW_MARK_PREAUTHENTICATED, "idle_deauth"); } } UNLOCK_CLIENT_LIST(); }
void http_callback_logout(httpd *webserver, request *r) { t_client *client; s_config *config = config_get_config(); LOCK_CLIENT_LIST(); client = client_list_find_by_ip(r->clientAddr); /* Send logout to auth server if client is logged in */ if (client != NULL) { t_authresponse authresponse; char *ip = strdup(client->ip); char *mac = strdup(client->mac); char *token = strdup(client->token); unsigned long long incoming = client->counters.incoming; unsigned long long outgoing = client->counters.outgoing; debug(LOG_INFO, "Got manual logout from client ip %s, mac %s, token %s", client->ip, client->mac, client->token); fw_deny(client->ip, client->mac, client->fw_connection_state); client_list_delete(client); /* Unlock client list here since auth_server_request may take a while */ UNLOCK_CLIENT_LIST(); /* Advertise the logout if we have an auth server */ if (config->auth_servers != NULL) { auth_server_request(&authresponse, REQUEST_TYPE_LOGOUT, ip, mac, token, incoming, outgoing); } free(ip); free(mac); free(token); } else { /* Do nothing if the client is not in the client list (i.e. not logged in) */ debug(LOG_INFO, "Got manual logout from client %s, but client not in list", r->clientAddr); UNLOCK_CLIENT_LIST(); } if (config->auth_servers != NULL) { /* Re-direct them to auth server */ char *urlFragment = NULL; t_auth_serv *auth_server = get_auth_server(); safe_asprintf(&urlFragment, "%smessage=%s", auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACCOUNT_LOGGED_OUT ); http_send_redirect_to_auth(r, urlFragment, "Redirect to logout message"); free(urlFragment); } }
/** Take action on a client. * Alter the firewall rules and client list accordingly. */ void auth_client_action(const char ip[], const char mac[], t_authaction action) { t_client *client; LOCK_CLIENT_LIST(); client = client_list_find(ip,mac); /* Client should already have hit the server and be on the client list */ if (client == NULL) { debug(LOG_ERR, "Client %s %s action %d is not on client list", ip, mac, action); UNLOCK_CLIENT_LIST(); return; } switch(action) { case AUTH_MAKE_AUTHENTICATED: if(client->fw_connection_state != FW_MARK_AUTHENTICATED) { client->fw_connection_state = FW_MARK_AUTHENTICATED; iptables_fw_access(AUTH_MAKE_AUTHENTICATED, client); authenticated_since_start++; } else { debug(LOG_INFO, "Nothing to do, %s %s already authenticated", client->ip, client->mac); } break; case AUTH_MAKE_DEAUTHENTICATED: if(client->fw_connection_state == FW_MARK_AUTHENTICATED) { iptables_fw_access(AUTH_MAKE_DEAUTHENTICATED, client); } client_list_delete(client); break; default: debug(LOG_ERR, "Unknown auth action: %d",action); } UNLOCK_CLIENT_LIST(); return; }
void http_callback_auth(httpd *webserver, request *r) { t_client *client; httpVar * token; char *mac; httpVar *logout = httpdGetVariableByName(r, "logout"); if ((token = httpdGetVariableByName(r, "token"))) { /* They supplied variable "token" */ if (!(mac = arp_get(r->clientAddr))) { /* We could not get their MAC address */ debug(LOG_ERR, "Failed to retrieve MAC address for ip %s", r->clientAddr); send_http_page(r, "WiFiDog Error", "Failed to retrieve your MAC address"); } else { /* We have their MAC address */ LOCK_CLIENT_LIST(); if ((client = client_list_find(r->clientAddr, mac)) == NULL) { debug(LOG_DEBUG, "New client for %s", r->clientAddr); client_list_append(r->clientAddr, mac, token->value); } else if (logout) { t_authresponse authresponse; s_config *config = config_get_config(); unsigned long long incoming = client->counters.incoming; unsigned long long outgoing = client->counters.outgoing; char *ip = safe_strdup(client->ip); char *urlFragment = NULL; t_auth_serv *auth_server = get_auth_server(); fw_deny(client->ip, client->mac, client->fw_connection_state); client_list_delete(client); debug(LOG_DEBUG, "Got logout from %s", client->ip); /* Advertise the logout if we have an auth server */ if (config->auth_servers != NULL) { UNLOCK_CLIENT_LIST(); auth_server_request(&authresponse, REQUEST_TYPE_LOGOUT, ip, mac, token->value, incoming, outgoing); LOCK_CLIENT_LIST(); /* Re-direct them to auth server */ debug(LOG_INFO, "Got manual logout from client ip %s, mac %s, token %s" "- redirecting them to logout message", client->ip, client->mac, client->token); safe_asprintf(&urlFragment, "%smessage=%s", auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACCOUNT_LOGGED_OUT ); http_send_redirect_to_auth(r, urlFragment, "Redirect to logout message"); free(urlFragment); } free(ip); } else { debug(LOG_DEBUG, "Client for %s is already in the client list", client->ip); } UNLOCK_CLIENT_LIST(); if (!logout) { authenticate_client(r); } free(mac); } } else { /* They did not supply variable "token" */ send_http_page(r, "WiFiDog error", "Invalid token"); } }
/**Probably a misnomer, this function actually refreshes the entire client list's traffic counter, re-authenticates every client with the central server and update's the central servers traffic counters and notifies it if a client has logged-out. * @todo Make this function smaller and use sub-fonctions */ void fw_sync_with_authserver(void) { t_authresponse authresponse; t_client *p1, *p2, *worklist, *tmp; s_config *config = config_get_config(); if (-1 == iptables_fw_counters_update()) { debug(LOG_ERR, "Could not get counters from firewall!"); return; } LOCK_CLIENT_LIST(); /* XXX Ideally, from a thread safety PoV, this function should build a list of client pointers, * iterate over the list and have an explicit "client still valid" check while list is locked. * That way clients can disappear during the cycle with no risk of trashing the heap or getting * a SIGSEGV. */ client_list_dup(&worklist); UNLOCK_CLIENT_LIST(); for (p1 = p2 = worklist; NULL != p1; p1 = p2) { p2 = p1->next; /* Ping the client, if he responds it'll keep activity on the link. * However, if the firewall blocks it, it will not help. The suggested * way to deal witht his is to keep the DHCP lease time extremely * short: Shorter than config->checkinterval * config->clienttimeout */ icmp_ping(p1->ip); /* Update the counters on the remote server only if we have an auth server */ if (config->auth_servers != NULL) { auth_server_request(&authresponse, REQUEST_TYPE_COUNTERS, p1->ip, p1->mac, p1->token, p1->counters.incoming, p1->counters.outgoing, p1->counters.incoming_delta, p1->counters.outgoing_delta); } time_t current_time = time(NULL); debug(LOG_INFO, "Checking client %s for timeout: Last updated %ld (%ld seconds ago), timeout delay %ld seconds, current time %ld, ", p1->ip, p1->counters.last_updated, current_time - p1->counters.last_updated, config->checkinterval * config->clienttimeout, current_time); if (p1->counters.last_updated + (config->checkinterval * config->clienttimeout) <= current_time) { /* Timing out user */ debug(LOG_INFO, "%s - Inactive for more than %ld seconds, removing client and denying in firewall", p1->ip, config->checkinterval * config->clienttimeout); LOCK_CLIENT_LIST(); tmp = client_list_find_by_client(p1); if (NULL != tmp) { logout_client(tmp); } else { debug(LOG_NOTICE, "Client was already removed. Not logging out."); } UNLOCK_CLIENT_LIST(); } else { /* * This handles any change in * the status this allows us * to change the status of a * user while he's connected * * Only run if we have an auth server * configured! */ LOCK_CLIENT_LIST(); tmp = client_list_find_by_client(p1); if (NULL == tmp) { UNLOCK_CLIENT_LIST(); debug(LOG_NOTICE, "Client was already removed. Skipping auth processing"); continue; /* Next client please */ } if (config->auth_servers != NULL) { switch (authresponse.authcode) { case AUTH_DENIED: debug(LOG_NOTICE, "%s - Denied. Removing client and firewall rules", tmp->ip); fw_deny(tmp); client_list_delete(tmp); break; case AUTH_VALIDATION_FAILED: debug(LOG_NOTICE, "%s - Validation timeout, now denied. Removing client and firewall rules", tmp->ip); fw_deny(tmp); client_list_delete(tmp); break; case AUTH_ALLOWED: if (tmp->fw_connection_state != FW_MARK_KNOWN) { debug(LOG_INFO, "%s - Access has changed to allowed, refreshing firewall and clearing counters", tmp->ip); //WHY did we deny, then allow!?!? benoitg 2007-06-21 //fw_deny(tmp->ip, tmp->mac, tmp->fw_connection_state); /* XXX this was possibly to avoid dupes. */ if (tmp->fw_connection_state != FW_MARK_PROBATION) { tmp->counters.incoming_delta = tmp->counters.outgoing_delta = tmp->counters.incoming = tmp->counters.outgoing = 0; } else { //We don't want to clear counters if the user was in validation, it probably already transmitted data.. debug(LOG_INFO, "%s - Skipped clearing counters after all, the user was previously in validation", tmp->ip); } fw_allow(tmp, FW_MARK_KNOWN); } break; case AUTH_VALIDATION: /* * Do nothing, user * is in validation * period */ debug(LOG_INFO, "%s - User in validation period", tmp->ip); break; case AUTH_ERROR: debug(LOG_WARNING, "Error communicating with auth server - leaving %s as-is for now", tmp->ip); break; default: debug(LOG_ERR, "I do not know about authentication code %d", authresponse.authcode); break; } } UNLOCK_CLIENT_LIST(); } } client_list_destroy(worklist); }
static int client_thread(SceSize args, void *argp) { char cmd[16]; cmd_dispatch_func dispatch_func; ClientInfo *client = (ClientInfo *)argp; DEBUG("Client thread %i started!\n", client->num); client_send_ctrl_msg(client, "220 FTPVita Server ready.\n"); while (1) { memset(client->recv_buffer, 0, sizeof(client->recv_buffer)); client->n_recv = sceNetRecv(client->ctrl_sockfd, client->recv_buffer, sizeof(client->recv_buffer), 0); if (client->n_recv > 0) { DEBUG("Received %i bytes from client number %i:\n", client->n_recv, client->num); INFO("\t%i> %s", client->num, client->recv_buffer); /* The command are the first chars until the first space */ sscanf(client->recv_buffer, "%s", cmd); /* Wait 1 ms before sending any data */ sceKernelDelayThread(1*1000); if ((dispatch_func = get_dispatch_func(cmd))) { dispatch_func(client); } else { client_send_ctrl_msg(client, "502 Sorry, command not implemented. :(\n"); } } else if (client->n_recv == 0) { /* Value 0 means connection closed by the remote peer */ INFO("Connection closed by the client %i.\n", client->num); /* Delete itself from the client list */ client_list_delete(client); break; } else if (client->n_recv == PSP2_NET_ERROR_ECANCELED) { /* PSP2_NET_ERROR_ECANCELED means socket shutdown */ DEBUG("Client %i socket shutdown\n", client->num); break; } else { /* Other errors */ INFO("Socket error client %i.\n", client->num); client_list_delete(client); break; } } /* Close the client's socket */ sceNetSocketClose(client->ctrl_sockfd); /* If there's an open data connection, close it */ if (client->data_con_type != FTP_DATA_CONNECTION_NONE) { sceNetSocketClose(client->data_sockfd); if (client->data_con_type == FTP_DATA_CONNECTION_PASSIVE) { sceNetSocketClose(client->pasv_sockfd); } } DEBUG("Client thread %i exiting!\n", client->num); /* Temporary newlib thread malloc bug fix */ // free(client); sceKernelExitDeleteThread(0); return 0; }
/** Authenticates a single client against the central server and returns when done * Alters the firewall rules depending on what the auth server says @param r httpd request struct */ void authenticate_client(request *r, char *gw_id) { t_client *client; t_authresponse auth_response; char *mac, *token; char *urlFragment = NULL; s_config *config = NULL; t_auth_serv *auth_server = NULL; LOCK_CLIENT_LIST(); client = client_list_find_by_ip(r->clientAddr); if (client == NULL) { debug(LOG_ERR, "Could not find client for %s", r->clientAddr); UNLOCK_CLIENT_LIST(); return; } mac = safe_strdup(client->mac); token = safe_strdup(client->token); UNLOCK_CLIENT_LIST(); /* * At this point we've released the lock while we do an HTTP request since it could * take multiple seconds to do and the gateway would effectively be frozen if we * kept the lock. */ auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, r->clientAddr, mac, token, 0, 0, gw_id); LOCK_CLIENT_LIST(); /* can't trust the client to still exist after n seconds have passed */ client = client_list_find(r->clientAddr, mac); if (client == NULL) { debug(LOG_ERR, "Could not find client node for %s (%s)", r->clientAddr, mac); UNLOCK_CLIENT_LIST(); free(token); free(mac); return; } free(token); free(mac); /* Prepare some variables we'll need below */ config = config_get_config(); auth_server = get_auth_server(); switch(auth_response.authcode) { case AUTH_ERROR: /* Error talking to central server */ debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac); send_http_page(r, "Error!", "Error: We did not get a valid answer from the central server"); break; case AUTH_DENIED: /* Central server said invalid token */ debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac); safe_asprintf(&urlFragment, "%smessage=%s", auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_DENIED ); http_send_redirect_to_auth(r, urlFragment, "Redirect to portal", gw_id); //set connection logged out (xperimental) //snprintf(,client->token, client->ip, client->mac) /*{ char mysqlCmd[256]; sprintf(mysqlCmd,"echo \"DELETE FROM connections WHERE token='%s';\"|mysql -uauthpuppy -pauthpuppydev authpuppy > /tmp/wifidog_deauth_mysql_result",client->token); debug(LOG_WARNING,"issuing this would help: %s",mysqlCmd); //system(mysqlCmd);//kills wifidog somehow *g }*/ free(urlFragment); //for race conditions, remove from firewall fw_deny(client->ip, client->mac, client->fw_connection_state); //experimental delete client from list client_list_delete(client); break; case AUTH_VALIDATION: /* They just got validated for X minutes to check their email */ debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s" "- adding to firewall and redirecting them to activate message", client->token, client->ip, client->mac); client->fw_connection_state = FW_MARK_PROBATION; fw_allow(client->ip, client->mac, FW_MARK_PROBATION); safe_asprintf(&urlFragment, "%smessage=%s", auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACTIVATE_ACCOUNT ); http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message", gw_id); free(urlFragment); break; case AUTH_ALLOWED: /* Logged in successfully as a regular account */ debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - " "adding to firewall and redirecting them to portal", client->token, client->ip, client->mac); client->fw_connection_state = FW_MARK_KNOWN; fw_allow(client->ip, client->mac, FW_MARK_KNOWN); served_this_session++; safe_asprintf(&urlFragment, "%sgw_id=%s", auth_server->authserv_portal_script_path_fragment, gw_id ); http_send_redirect_to_auth(r, urlFragment, "Redirect to portal", gw_id); free(urlFragment); break; case AUTH_VALIDATION_FAILED: /* Client had X minutes to validate account by email and didn't = too late */ debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s " "- redirecting them to failed_validation message", client->token, client->ip, client->mac); safe_asprintf(&urlFragment, "%smessage=%s", auth_server->authserv_msg_script_path_fragment, GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED ); http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message", gw_id); free(urlFragment); break; default: debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac); send_http_page(r, "Internal Error", "We can not validate your request at this time"); break; } UNLOCK_CLIENT_LIST(); return; }
void notify_client_disconnect(char *mac, char *ifname) { t_client *client; t_redir_node *node; FILE *output; char *script, ip[16], rc; unsigned long long int counter; struct in_addr tempaddr; int ifIndex = get_ifIndex(ifname); // printf("Client Disconnected\n"); LOCK_REDIR(); node = redir_list_find(mac); if (node && node->redir_pending) { UNLOCK_REDIR(); safe_asprintf(&script, "%s %s", "iptables", "-v -n -x -t mangle -L " CHAIN_OUTGOING); iptables_insert_gateway_id(&script); output = popen(script, "r"); free(script); if (!output) { debug(LOG_ERR, "popen(): %s", strerror(errno)); return -1; } /* skip the first two lines */ while (('\n' != fgetc(output)) && !feof(output)) ; while (('\n' != fgetc(output)) && !feof(output)) ; while (output && !(feof(output))) { rc = fscanf(output, "%*s %llu %*s %*s %*s %*s %*s %15[0-9.] %*s %*s %17[0-9a-fA-F:] %*s %*s 0x%*u", &counter, ip, mac); if (3 == rc && EOF != rc) { /* Sanity */ if (!inet_aton(ip, &tempaddr)) { debug(LOG_WARNING, "I was supposed to read an IP address but instead got [%s] - ignoring it", ip); continue; } debug(LOG_DEBUG, "Read outgoing traffic for %s(%s): Bytes=%llu", ip, mac, counter); LOCK_CLIENT_LIST(); if ((client = client_list_find_by_ip(ip))) { client->counters.outgoing = client->counters.outgoing_history + counter; client->counters.last_updated = time(NULL); UNLOCK_CLIENT_LIST(); pclose(output); return; } } } UNLOCK_CLIENT_LIST(); pclose(output); } if(node) if(node->ifindex != ifIndex) debug(LOG_NOTICE,"%s: %s connected to idx %d, recv'd disconnect evt from idx %d\n",__func__, mac, node->ifindex, ifIndex); if (node && (node->ifindex == ifIndex)) { if (node->redir_pending) { char command[100]; char fmac[13]; formatmacaddr(mac, &fmac); node->redir_pending = 0; debug(LOG_NOTICE,"%s: recv'd disconnect evt for %s from idx %d\n",__func__, mac, node->ifindex); snprintf(command,100,"echo %s > /proc/sys/net/bridge/bridge-http-redirect-del-mac",fmac); // printf("%s",command); execute(command,0); if (node->route_added) { memset(command, 0, sizeof(command)); sprintf(command, "/bin/ip route del %s/32 src %s dev %s", node->host_ip, node->dev_ip, node->dev); //printf("\nexecuting %s\n", command); execute(command, 0); } fw_mark_mangle(mac,0); } debug(LOG_NOTICE,"%s: removing node list for %s from idx %d\n",__func__, mac, node->ifindex); redir_list_delete(node); } UNLOCK_REDIR(); LOCK_CLIENT_LIST(); client = client_list_find_by_mac(mac); if (client) { /*fw_deny_raw(client->ip, client->mac, client->fw_connection_state);*/ iptables_fw_access(FW_ACCESS_DENY, client->ip, client->mac, client->fw_connection_state); client_list_delete(client); } UNLOCK_CLIENT_LIST(); }
void notify_client_connect(char *mac, char *ifname) { t_client *client; t_redir_node *node; s_config *config = config_get_config(); int ifIndex = get_ifIndex(ifname); if( !config->status[ifIndex] ) { debug(LOG_NOTICE, "Captive Portal is not enabled for %s", ifname); return; } LOCK_REDIR(); // config_cp_auth_status(ifname, mac, 1); /* Updating the cpAuthStatus to 1 */ node = redir_list_find(mac); if (!node) { node = redir_list_append(mac); } if (!node) { UNLOCK_REDIR(); return; } debug(LOG_NOTICE,"%s recv'd association req from mac %s %p\n",__func__,mac, node); /*post_event(ifname, mac, 1 << 0); *//* BIT0 is set which is a session query notification */ node->ifindex = ifIndex; node->wlindex = config->profile[ifIndex]; if (ifname) strncpy(node->dev, ifname, sizeof(node->dev)); node->cpAuthstatus = 1; node->expiry = time(NULL); if (!node->redir_pending) { char command[100]; char fmac[13]; formatmacaddr(mac, &fmac); node->redir_pending = 1; snprintf(command,100,"echo %s > /proc/sys/net/bridge/bridge-http-redirect-add-mac",fmac); // printf("%s",command); execute(command,0); fw_mark_mangle(mac,1); } if(config->operate_mode){ if((time(NULL) - timekeeper[0].timestamp) > MAX_HOSTNAME_RESOLVE_TIMEOUT){ make_proc_entry_for_url(config->portal[0], 0); timekeeper[0].timestamp = time(NULL); } }else{ if((time(NULL) - timekeeper[ifIndex].timestamp) > MAX_HOSTNAME_RESOLVE_TIMEOUT){ make_proc_entry_for_url(config->portal[ifIndex], ifIndex); timekeeper[ifIndex].timestamp = time(NULL); } } timekeeper[ifIndex].timestamp = time(NULL); UNLOCK_REDIR(); LOCK_CLIENT_LIST(); client = client_list_find_by_mac(mac); if (client) { /*fw_deny_raw(client->ip, client->mac, client->fw_connection_state); *//*PRATIK: Commented so that it doesn't invoke the firewall*/ iptables_fw_access(FW_ACCESS_DENY, client->ip, client->mac, client->fw_connection_state); client_list_delete(client); } UNLOCK_CLIENT_LIST(); }