// Stop all hubs in Cedar
void StopAllHub(CEDAR *c)
{
HUB **hubs;
UINT i, num;
// Validate arguments
if (c == NULL)
{
return;
}
LockHubList(c);
{
hubs = ToArray(c->HubList);
num = LIST_NUM(c->HubList);
DeleteAll(c->HubList);
}
UnlockHubList(c);
for (i = 0;i < num;i++)
{
StopHub(hubs[i]);
ReleaseHub(hubs[i]);
}
Free(hubs);
}
// Bridging thread
void BrBridgeThread(THREAD *thread, void *param)
{
BRIDGE *b;
CONNECTION *c;
SESSION *s;
HUB *h;
char name[MAX_SIZE];
// Validate arguments
if (thread == NULL || param == NULL)
{
return;
}
b = (BRIDGE *)param;
// Create a connection object
c = NewServerConnection(b->Cedar, NULL, thread);
c->Protocol = CONNECTION_HUB_BRIDGE;
// Create a session object
s = NewServerSession(b->Cedar, c, b->Hub, BRIDGE_USER_NAME, b->Policy);
HLog(b->Hub, "LH_START_BRIDGE", b->Name, s->Name);
StrCpy(name, sizeof(name), b->Name);
h = b->Hub;
AddRef(h->ref);
s->BridgeMode = true;
s->Bridge = b;
c->Session = s;
ReleaseConnection(c);
// Dummy user name for local-bridge
s->Username = CopyStr(BRIDGE_USER_NAME_PRINT);
b->Session = s;
AddRef(s->ref);
// Notify completion
NoticeThreadInit(thread);
// Main procedure of the session
Debug("Bridge %s Start.\n", b->Name);
SessionMain(s);
Debug("Bridge %s Stop.\n", b->Name);
HLog(h, "LH_STOP_BRIDGE", name);
ReleaseHub(h);
ReleaseSession(s);
}
// Release all Layer-3 interfaces
void L3FreeAllInterfaces(L3SW *s)
{
UINT i;
// Validate arguments
if (s == NULL)
{
return;
}
for (i = 0;i < LIST_NUM(s->IfList);i++)
{
L3IF *f = LIST_DATA(s->IfList, i);
ReleaseHub(f->Hub);
f->Hub = NULL;
ReleaseSession(f->Session);
f->Session = NULL;
L3FreeInterface(f);
}
}
void DelHubEx(CEDAR *c, HUB *h, bool no_lock)
{
// Validate arguments
if (c == NULL || h == NULL)
{
return;
}
if (no_lock == false)
{
LockHubList(c);
}
if (Delete(c->HubList, h))
{
ReleaseHub(h);
}
if (no_lock == false)
{
UnlockHubList(c);
}
}
// Layer-3 switch thread
void L3SwThread(THREAD *t, void *param)
{
L3SW *s;
bool shutdown_now = false;
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
s = (L3SW *)param;
s->Active = true;
NoticeThreadInit(t);
// Operation start
SLog(s->Cedar, "L3_SWITCH_START", s->Name);
while (s->Halt == false)
{
if (s->Online == false)
{
// Because the L3 switch is off-line now,
// attempt to make it on-line periodically
LockList(s->Cedar->HubList);
{
Lock(s->lock);
{
UINT i;
UINT n = 0;
bool all_exists = true;
if (LIST_NUM(s->IfList) == 0)
{
// Don't operate if there is no interface
all_exists = false;
}
for (i = 0;i < LIST_NUM(s->IfList);i++)
{
L3IF *f = LIST_DATA(s->IfList, i);
HUB *h = GetHub(s->Cedar, f->HubName);
if (h != NULL)
{
if (h->Offline || h->Type == HUB_TYPE_FARM_DYNAMIC)
{
all_exists = false;
}
else
{
n++;
}
ReleaseHub(h);
}
else
{
all_exists = false;
}
}
if (all_exists && n >= 1)
{
// Start the operation because all Virtual HUBs for
// interfaces are enabled
SLog(s->Cedar, "L3_SWITCH_ONLINE", s->Name);
L3InitAllInterfaces(s);
s->Online = true;
}
}
Unlock(s->lock);
}
UnlockList(s->Cedar->HubList);
}
else
{
// Examine periodically whether all sessions terminated
UINT i;
bool any_halted = false;
LIST *o = NULL;
SHUTDOWN:
Lock(s->lock);
{
for (i = 0;i < LIST_NUM(s->IfList);i++)
{
L3IF *f = LIST_DATA(s->IfList, i);
if (f->Session->Halt || f->Hub->Offline != false)
{
any_halted = true;
break;
}
}
if (shutdown_now)
{
any_halted = true;
}
if (any_halted)
{
SLog(s->Cedar, "L3_SWITCH_OFFLINE", s->Name);
o = NewListFast(NULL);
// If there is any terminated session, terminate all sessions
for (i = 0;i < LIST_NUM(s->IfList);i++)
{
L3IF *f = LIST_DATA(s->IfList, i);
Insert(o, f->Session);
}
// Restore to the offline
s->Online = false;
}
}
Unlock(s->lock);
if (o != NULL)
{
UINT i;
for (i = 0;i < LIST_NUM(o);i++)
{
SESSION *s = LIST_DATA(o, i);
StopSession(s);
}
L3FreeAllInterfaces(s);
ReleaseList(o);
o = NULL;
}
}
SleepThread(50);
}
if (s->Online != false)
{
shutdown_now = true;
goto SHUTDOWN;
}
// Stop the operation
SLog(s->Cedar, "L3_SWITCH_STOP", s->Name);
}
// Add a local-bridge
void AddLocalBridge(CEDAR *c, char *hubname, char *devicename, bool local, bool monitor, bool tapmode, char *tapaddr, bool limit_broadcast)
{
UINT i;
HUB *h = NULL;
LOCALBRIDGE *br = NULL;
// Validate arguments
if (c == NULL || hubname == NULL || devicename == NULL)
{
return;
}
if (OS_IS_UNIX(GetOsInfo()->OsType) == false)
{
tapmode = false;
}
LockList(c->HubList);
{
LockList(c->LocalBridgeList);
{
bool exists = false;
// Ensure that the same configuration local-bridge doesn't exist already
for (i = 0;i < LIST_NUM(c->LocalBridgeList);i++)
{
LOCALBRIDGE *br = LIST_DATA(c->LocalBridgeList, i);
if (StrCmpi(br->DeviceName, devicename) == 0)
{
if (StrCmpi(br->HubName, hubname) == 0)
{
if (br->TapMode == tapmode)
{
exists = true;
}
}
}
}
if (exists == false)
{
// Add configuration
br = ZeroMalloc(sizeof(LOCALBRIDGE));
StrCpy(br->HubName, sizeof(br->HubName), hubname);
StrCpy(br->DeviceName, sizeof(br->DeviceName), devicename);
br->Bridge = NULL;
br->Local = local;
br->TapMode = tapmode;
br->LimitBroadcast = limit_broadcast;
br->Monitor = monitor;
if (br->TapMode)
{
if (tapaddr != NULL && IsZero(tapaddr, 6) == false)
{
Copy(br->TapMacAddress, tapaddr, 6);
}
else
{
GenMacAddress(br->TapMacAddress);
}
}
Add(c->LocalBridgeList, br);
// Find the hub
for (i = 0;i < LIST_NUM(c->HubList);i++)
{
HUB *hub = LIST_DATA(c->HubList, i);
if (StrCmpi(hub->Name, br->HubName) == 0)
{
h = hub;
AddRef(h->ref);
break;
}
}
}
}
UnlockList(c->LocalBridgeList);
}
UnlockList(c->HubList);
// Start the local-bridge immediately
if (h != NULL && br != NULL && h->Type != HUB_TYPE_FARM_DYNAMIC)
{
Lock(h->lock_online);
{
if (h->Offline == false)
{
LockList(c->LocalBridgeList);
{
if (IsInList(c->LocalBridgeList, br))
{
if (br->Bridge == NULL)
{
br->Bridge = BrNewBridge(h, br->DeviceName, NULL, br->Local, br->Monitor, br->TapMode, br->TapMacAddress, br->LimitBroadcast, br);
}
}
}
UnlockList(c->LocalBridgeList);
}
}
Unlock(h->lock_online);
}
ReleaseHub(h);
}
// Plaintext password authentication of user
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt)
{
bool b = false;
wchar_t *name = NULL;
bool auth_by_nt = false;
HUB *h;
// Validate arguments
if (hub == NULL || c == NULL || username == NULL)
{
return false;
}
if (GetGlobalServerFlag(GSF_DISABLE_RADIUS_AUTH) != 0)
{
return false;
}
h = hub;
AddRef(h->ref);
// Get the user name on authentication system
AcLock(hub);
{
USER *u;
u = AcGetUser(hub, ast == false ? username : "******");
if (u)
{
Lock(u->lock);
{
if (u->AuthType == AUTHTYPE_RADIUS)
{
// Radius authentication
AUTHRADIUS *auth = (AUTHRADIUS *)u->AuthData;
if (ast || auth->RadiusUsername == NULL || UniStrLen(auth->RadiusUsername) == 0)
{
name = CopyStrToUni(username);
}
else
{
name = CopyUniStr(auth->RadiusUsername);
}
auth_by_nt = false;
}
else if (u->AuthType == AUTHTYPE_NT)
{
// NT authentication
AUTHNT *auth = (AUTHNT *)u->AuthData;
if (ast || auth->NtUsername == NULL || UniStrLen(auth->NtUsername) == 0)
{
name = CopyStrToUni(username);
}
else
{
name = CopyUniStr(auth->NtUsername);
}
auth_by_nt = true;
}
}
Unlock(u->lock);
ReleaseUser(u);
}
}
AcUnlock(hub);
if (name != NULL)
{
if (auth_by_nt == false)
{
// Radius authentication
char radius_server_addr[MAX_SIZE];
UINT radius_server_port;
char radius_secret[MAX_SIZE];
char suffix_filter[MAX_SIZE];
wchar_t suffix_filter_w[MAX_SIZE];
UINT interval;
Zero(suffix_filter, sizeof(suffix_filter));
Zero(suffix_filter_w, sizeof(suffix_filter_w));
// Get the Radius server information
if (GetRadiusServerEx2(hub, radius_server_addr, sizeof(radius_server_addr), &radius_server_port, radius_secret, sizeof(radius_secret), &interval, suffix_filter, sizeof(suffix_filter)))
{
Unlock(hub->lock);
StrToUni(suffix_filter_w, sizeof(suffix_filter_w), suffix_filter);
if (UniIsEmptyStr(suffix_filter_w) || UniEndWith(name, suffix_filter_w))
{
// Attempt to login
b = RadiusLogin(c, radius_server_addr, radius_server_port,
radius_secret, StrLen(radius_secret),
name, password, interval, mschap_v2_server_response_20, opt);
}
Lock(hub->lock);
}
else
{
HLog(hub, "LH_NO_RADIUS_SETTING", name);
}
}
else
{
// NT authentication (Not available for non-Win32)
#ifdef OS_WIN32
IPC_MSCHAP_V2_AUTHINFO mschap;
Unlock(hub->lock);
if (ParseAndExtractMsChapV2InfoFromPassword(&mschap, password) == false)
{
// Plaintext password authentication
b = MsCheckLogon(name, password);
}
else
{
UCHAR challenge8[8];
UCHAR nt_pw_hash_hash[16];
char nt_name[MAX_SIZE];
UniToStr(nt_name, sizeof(nt_name), name);
// MS-CHAPv2 authentication
MsChapV2_GenerateChallenge8(challenge8, mschap.MsChapV2_ClientChallenge,
mschap.MsChapV2_ServerChallenge,
mschap.MsChapV2_PPPUsername);
Debug("MsChapV2_PPPUsername = %s, nt_name = %s\n", mschap.MsChapV2_PPPUsername, nt_name);
b = MsPerformMsChapV2AuthByLsa(nt_name, challenge8, mschap.MsChapV2_ClientResponse, nt_pw_hash_hash);
if (b)
{
if (mschap_v2_server_response_20 != NULL)
{
MsChapV2Server_GenerateResponse(mschap_v2_server_response_20, nt_pw_hash_hash,
mschap.MsChapV2_ClientResponse, challenge8);
}
}
}
Lock(hub->lock);
#else // OS_WIN32
// Nothing to do other than Win32
#endif // OS_WIN32
}
// Memory release
Free(name);
}
ReleaseHub(h);
return b;
}
// SecureNAT server-side thread
void SnSecureNATThread(THREAD *t, void *param)
{
SNAT *s;
CONNECTION *c;
SESSION *se;
POLICY *policy;
HUB *h;
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
s = (SNAT *)param;
// Create a server connection
c = NewServerConnection(s->Cedar, NULL, t);
c->Protocol = CONNECTION_HUB_SECURE_NAT;
// Apply the default policy
policy = ClonePolicy(GetDefaultPolicy());
// Not to limit the number of broadcast
policy->NoBroadcastLimiter = true;
h = s->Hub;
AddRef(h->ref);
// create a server session
se = NewServerSession(s->Cedar, c, s->Hub, SNAT_USER_NAME, policy);
se->SecureNATMode = true;
se->SecureNAT = s;
c->Session = se;
ReleaseConnection(c);
HLog(se->Hub, "LH_NAT_START", se->Name);
// User name
se->Username = CopyStr(SNAT_USER_NAME_PRINT);
s->Session = se;
AddRef(se->ref);
// Notification initialization completion
NoticeThreadInit(t);
ReleaseCancel(s->Nat->Virtual->Cancel);
s->Nat->Virtual->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
if (s->Nat->Virtual->NativeNat != NULL)
{
CANCEL *old_cancel = NULL;
Lock(s->Nat->Virtual->NativeNat->CancelLock);
{
if (s->Nat->Virtual->NativeNat->Cancel != NULL)
{
old_cancel = s->Nat->Virtual->NativeNat->Cancel;
s->Nat->Virtual->NativeNat->Cancel = se->Cancel1;
AddRef(se->Cancel1->ref);
}
}
Unlock(s->Nat->Virtual->NativeNat->CancelLock);
if (old_cancel != NULL)
{
ReleaseCancel(old_cancel);
}
}
// Main function of the session
Debug("SecureNAT Start.\n");
SessionMain(se);
Debug("SecureNAT Stop.\n");
HLog(se->Hub, "LH_NAT_STOP");
ReleaseHub(h);
ReleaseSession(se);
}