* util.c: Fix while loop initialisation bug

	* conf.h:  Forgot to change the value of NUM_EXT_INTERFACE_DETECT_RETRY to actually make it wait forever.
	* Remove hardcoded authserver paths.  Can now be defined in the config file (auth server section).
	* Centralise browser redirect code to simplify code
	* Add manual logout URL, based in part on work by David Bird
	* Release 1.1.3 final

ChangeLog

@@ -1,4 +1,12 @@
 # $Id$
+2007-06-27 Benoit Gr�goire  <[email protected]>
+	* util.c:  Fix while loop initialisation bug
+	* conf.h:  Forgot to change the value of NUM_EXT_INTERFACE_DETECT_RETRY to actually make it wait forever.
+	* Remove hardcoded authserver paths.  Can now be defined in the config file (auth server section).
+	* Centralise browser redirect code to simplify code
+	* Add manual logout URL, based in part on work by David Bird
+	* Release 1.1.3 final
+
 2007-06-24 Benoit Gr�goire  <[email protected]>
 	* Close #321:  Make the Gateway retry forever if it cannot find it's interface.  You never know when someone may finally replug the network cable or something...
 	* Close #332:  Apply patch from Laurent Marchal. biguphpc<AT>gmail<DOT>com

configure.in

@@ -20,7 +20,7 @@ AC_SUBST(BUILDROOT)
 
 WIFIDOG_MAJOR_VERSION=1
 WIFIDOG_MINOR_VERSION=1
-WIFIDOG_MICRO_VERSION=3_rc1
+WIFIDOG_MICRO_VERSION=3
 WIFIDOG_VERSION=$WIFIDOG_MAJOR_VERSION.$WIFIDOG_MINOR_VERSION.$WIFIDOG_MICRO_VERSION
 
 AC_SUBST(WIFIDOG_MAJOR_VERSION)

contrib/build-openwrt-ipk/wifidog/Makefile

@@ -6,7 +6,7 @@ endif
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wifidog
-PKG_VERSION:=1.1.3_rc1
+PKG_VERSION:=1.1.3
 PKG_RELEASE:=1
 PKG_MD5SUM:=842b21e1b02d0a90677b289d794e0e21
 PKG_SOURCE_URL:= @SF/$(PKG_NAME)

src/auth.c

@@ -98,11 +98,9 @@ authenticate_client(request *r)
 	char	*ip,
 		*mac,
 		*token;
-	char *newlocation = NULL;
-	char *protocol = NULL;
+	char *urlFragment = NULL;
 	s_config	*config = NULL;
 	t_auth_serv	*auth_server = NULL;
-	int port = 80;
 
 	LOCK_CLIENT_LIST();
 
@@ -146,14 +144,6 @@ authenticate_client(request *r)
 	config = config_get_config();
 	auth_server = get_auth_server();
 
-	if (auth_server->authserv_use_ssl) {
-		protocol = "https";
-		port = auth_server->authserv_ssl_port;
-	} else {
-		protocol = "http";
-		port = auth_server->authserv_http_port;
-	}
-
 	switch(auth_response.authcode) {
 
 	case AUTH_ERROR:
@@ -167,23 +157,12 @@ authenticate_client(request *r)
 	case AUTH_DENIED:
 		/* Central server said invalid token */
 		debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - redirecting them to denied message", client->token, client->ip, client->mac);
-		safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=denied",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
-		);
-		httpdSetResponse(r, "307 Redirect to denied message\n");
-		httpdAddHeader(r, newlocation);
-		free(newlocation);
-		http_wifidog_header(r, "Redirection to message");
-		httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=denied'>click here</a>.",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
+		safe_asprintf(&urlFragment, "%smessage=%s",
+			auth_server->authserv_msg_script_path_fragment,
+			GATEWAY_MESSAGE_DENIED
 		);
-		http_wifidog_footer(r);
+		http_send_redirect_to_auth(r, urlFragment, "Redirect to denied message");
+		free(urlFragment);
 		break;
 
     case AUTH_VALIDATION:
@@ -193,23 +172,12 @@ authenticate_client(request *r)
 				client->ip, client->mac);
 		client->fw_connection_state = FW_MARK_PROBATION;
 		fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
-		safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=activate",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
-		);
-		httpdSetResponse(r, "307 Redirect to activate message\n");
-		httpdAddHeader(r, newlocation);
-		free(newlocation);
-		http_wifidog_header(r, "Redirection to message");
-		httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=activate'>click here</a>.",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
+		safe_asprintf(&urlFragment, "%smessage=%s",
+			auth_server->authserv_msg_script_path_fragment,
+			GATEWAY_MESSAGE_ACTIVATE_ACCOUNT
 		);
-		http_wifidog_footer(r);
+		http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message");
+		free(urlFragment);
 	    break;
 
     case AUTH_ALLOWED:
@@ -219,48 +187,24 @@ authenticate_client(request *r)
 		client->fw_connection_state = FW_MARK_KNOWN;
 		fw_allow(client->ip, client->mac, FW_MARK_KNOWN);
         served_this_session++;
-		safe_asprintf(&newlocation, "Location: %s://%s:%d%sportal/?gw_id=%s",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path,
+		safe_asprintf(&urlFragment, "%sgw_id=%s",
+			auth_server->authserv_portal_script_path_fragment,
 			config->gw_id
 		);
-		httpdSetResponse(r, "307 Redirect to portal\n");
-		httpdAddHeader(r, newlocation);
-		free(newlocation);
-		http_wifidog_header(r, "Redirection to portal");
-		httpdPrintf(r, "Please <a href='%s://%s:%d%sportal/?gw_id=%s'>click here</a> for the portal.",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path,
-			config->gw_id
-		);
-		http_wifidog_footer(r);
+		http_send_redirect_to_auth(r, urlFragment, "Redirect to portal");
+		free(urlFragment);
 	    break;
 
     case AUTH_VALIDATION_FAILED:
 		 /* Client had X minutes to validate account by email and didn't = too late */
 		debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s "
 				"- redirecting them to failed_validation message", client->token, client->ip, client->mac);
-		safe_asprintf(&newlocation, "Location: %s://%s:%d%sgw_message.php?message=failed_validation",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
+		safe_asprintf(&urlFragment, "%smessage=%s",
+			auth_server->authserv_msg_script_path_fragment,
+			GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED
 		);
-		httpdSetResponse(r, "307 Redirect to failed validation message\n");
-		httpdAddHeader(r, newlocation);
-		free(newlocation);
-		http_wifidog_header(r, "Redirection to message");
-		httpdPrintf(r, "Please <a href='%s://%s:%d%sgw_message.php?message=failed_validation'>click here</a>.",
-			protocol,
-			auth_server->authserv_hostname,
-			port,
-			auth_server->authserv_path
-		);
-		http_wifidog_footer(r);
+		http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message");
+		free(urlFragment);
 	    break;
 
     default:

src/centralserver.c

@@ -69,7 +69,9 @@ auth_server_request(t_authresponse *authresponse, char *request_type, char *ip,
 	int done, nfds;
 	fd_set			readfds;
 	struct timeval		timeout;
-
+	t_auth_serv	*auth_server = NULL;
+	auth_server = get_auth_server();
+
 	/* Blanket default is error. */
 	authresponse->authcode = AUTH_ERROR;
 
@@ -85,13 +87,20 @@ auth_server_request(t_authresponse *authresponse, char *request_type, char *ip,
 	 */
 	memset(buf, 0, sizeof(buf));
 	snprintf(buf, (sizeof(buf) - 1),
-		"GET %sauth/?stage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu HTTP/1.0\r\n"
+		"GET %s%sstage=%s&ip=%s&mac=%s&token=%s&incoming=%llu&outgoing=%llu HTTP/1.0\r\n"
 		"User-Agent: WiFiDog %s\r\n"
 		"Host: %s\r\n"
 		"\r\n",
-		config_get_config()->auth_servers->authserv_path, request_type, ip, mac, token, incoming, outgoing,
-		VERSION, 
-		config_get_config()->auth_servers->authserv_hostname
+		auth_server->authserv_path,
+		auth_server->authserv_auth_script_path_fragment,
+		request_type,
+		ip,
+		mac,
+		token,
+		incoming,
+		outgoing,
+		VERSION,
+		auth_server->authserv_hostname
 	);
 
 	debug(LOG_DEBUG, "Sending HTTP request to auth server: [%s]\n", buf);

src/centralserver.h

@@ -34,6 +34,15 @@
 /** @brief Update the central server's traffic counters */
 #define REQUEST_TYPE_COUNTERS  "counters"
 
+/** @brief Sent when the user's token is denied by the central server */
+#define GATEWAY_MESSAGE_DENIED     "denied"
+/** @brief Sent when the user's token is accepted, but user is on probation  */
+#define GATEWAY_MESSAGE_ACTIVATE_ACCOUNT     "activate"
+/** @brief  Sent when the user's token is denied by the central server because the probation period is over */
+#define GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED     "failed_validation"
+/** @brief Sent after the user performed a manual log-out on the gateway  */
+#define GATEWAY_MESSAGE_ACCOUNT_LOGGED_OUT     "logged-out"
+
 /** @brief Initiates a transaction with the auth server */
 t_authcode auth_server_request(t_authresponse *authresponse, char *request_type, char *ip, char *mac, char *token, unsigned long long int incoming, unsigned long long int outgoing);
 

src/conf.c

@@ -22,6 +22,7 @@
 /** @file conf.c
   @brief Config file parsing
   @author Copyright (C) 2004 Philippe April <[email protected]>
+  @author Copyright (C) 2007 Benoit Grégoire, Technologies Coeus inc.
  */
 
 #define _GNU_SOURCE
@@ -76,6 +77,11 @@ typedef enum {
 	oAuthServSSLPort,
 	oAuthServHTTPPort,
 	oAuthServPath,
+	oAuthServLoginScriptPathFragment,
+	oAuthServPortalScriptPathFragment,
+	oAuthServMsgScriptPathFragment,
+	oAuthServPingScriptPathFragment,
+	oAuthServAuthScriptPathFragment,
 	oHTTPDMaxConn,
 	oHTTPDName,
 	oClientTimeout,
@@ -113,6 +119,11 @@ static const struct {
 	{ "sslport",		    oAuthServSSLPort },
 	{ "httpport",		    oAuthServHTTPPort },
 	{ "path",		        oAuthServPath },
+	{ "loginscriptpathfragment",	oAuthServLoginScriptPathFragment },
+	{ "portalscriptpathfragment",	oAuthServPortalScriptPathFragment },
+	{ "msgscriptpathfragment",		oAuthServMsgScriptPathFragment },
+	{ "pingscriptpathfragment",		oAuthServPingScriptPathFragment },
+	{ "authscriptpathfragment",		oAuthServAuthScriptPathFragment },
 	{ "firewallruleset",	oFirewallRuleSet },
 	{ "firewallrule",	    oFirewallRule },
 	{ "trustedmaclist",	    oTrustedMACList },
@@ -190,6 +201,11 @@ parse_auth_server(FILE *file, char *filename, int *linenum)
 {
 	char		*host = NULL,
 			*path = NULL,
+			*loginscriptpathfragment = NULL,
+			*portalscriptpathfragment = NULL,
+			*msgscriptpathfragment = NULL,
+			*pingscriptpathfragment = NULL,
+			*authscriptpathfragment = NULL,
 			line[MAX_BUF],
 			*p1,
 			*p2;
@@ -202,6 +218,11 @@ parse_auth_server(FILE *file, char *filename, int *linenum)
 
 	/* Defaults */
 	path = safe_strdup(DEFAULT_AUTHSERVPATH);
+	loginscriptpathfragment = safe_strdup(DEFAULT_AUTHSERVLOGINPATHFRAGMENT);
+	portalscriptpathfragment = safe_strdup(DEFAULT_AUTHSERVPORTALPATHFRAGMENT);
+	msgscriptpathfragment = safe_strdup(DEFAULT_AUTHSERVMSGPATHFRAGMENT);
+	pingscriptpathfragment = safe_strdup(DEFAULT_AUTHSERVPINGPATHFRAGMENT);
+	authscriptpathfragment = safe_strdup(DEFAULT_AUTHSERVAUTHPATHFRAGMENT);
 	http_port = DEFAULT_AUTHSERVPORT;
 	ssl_port = DEFAULT_AUTHSERVSSLPORT;
 	ssl_available = DEFAULT_AUTHSERVSSLAVAILABLE;
@@ -251,6 +272,26 @@ parse_auth_server(FILE *file, char *filename, int *linenum)
 					free(path);
 					path = safe_strdup(p2);
 					break;
+				case oAuthServLoginScriptPathFragment:
+					free(loginscriptpathfragment);
+					loginscriptpathfragment = safe_strdup(p2);
+					break;					
+				case oAuthServPortalScriptPathFragment:
+					free(portalscriptpathfragment);
+					portalscriptpathfragment = safe_strdup(p2);
+					break;
+				case oAuthServMsgScriptPathFragment:
+					free(msgscriptpathfragment);
+					msgscriptpathfragment = safe_strdup(p2);
+					break;
+				case oAuthServPingScriptPathFragment:
+					free(pingscriptpathfragment);
+					pingscriptpathfragment = safe_strdup(p2);
+					break;					
+				case oAuthServAuthScriptPathFragment:
+					free(authscriptpathfragment);
+					authscriptpathfragment = safe_strdup(p2);
+					break;
 				case oAuthServSSLPort:
 					ssl_port = atoi(p2);
 					break;
@@ -294,6 +335,11 @@ parse_auth_server(FILE *file, char *filename, int *linenum)
 	new->authserv_hostname = host;
 	new->authserv_use_ssl = ssl_available;
 	new->authserv_path = path;
+	new->authserv_login_script_path_fragment = loginscriptpathfragment;
+    new->authserv_portal_script_path_fragment = portalscriptpathfragment;
+    new->authserv_msg_script_path_fragment = msgscriptpathfragment;    
+    new->authserv_ping_script_path_fragment = pingscriptpathfragment;  
+    new->authserv_auth_script_path_fragment = authscriptpathfragment;  
 	new->authserv_http_port = http_port;
 	new->authserv_ssl_port = ssl_port;
 

src/conf.h

@@ -30,8 +30,8 @@
 /*@{*/ 
 /** Defines */
 /** How many times should we try detecting the interface with the default route
- * (in seconds) */
-#define NUM_EXT_INTERFACE_DETECT_RETRY 120
+ * (in seconds).  If set to 0, it will keep retrying forever */
+#define NUM_EXT_INTERFACE_DETECT_RETRY 0
 /** How often should we try to detect the interface with the default route
  *  if it isn't up yet (interval in seconds) */
 #define EXT_INTERFACE_DETECT_RETRY_INTERVAL 1
@@ -60,6 +60,11 @@
 #define DEFAULT_AUTHSERVSSLAVAILABLE 0
 /** Note:  The path must be prefixed by /, and must be suffixed /.  Put / for the server root.*/
 #define DEFAULT_AUTHSERVPATH "/wifidog/"
+#define DEFAULT_AUTHSERVLOGINPATHFRAGMENT "login/?"
+#define DEFAULT_AUTHSERVPORTALPATHFRAGMENT "portal/?"
+#define DEFAULT_AUTHSERVMSGPATHFRAGMENT "gw_message.php?"
+#define DEFAULT_AUTHSERVPINGPATHFRAGMENT "ping/?"
+#define DEFAULT_AUTHSERVAUTHPATHFRAGMENT "auth/?"
 /*@}*/ 
 
 /**
@@ -68,6 +73,11 @@
 typedef struct _auth_serv_t {
     char *authserv_hostname;	/**< @brief Hostname of the central server */
     char *authserv_path;	/**< @brief Path where wifidog resides */
+    char *authserv_login_script_path_fragment;	/**< @brief This is the script the user will be sent to for login. */
+    char *authserv_portal_script_path_fragment;	/**< @brief This is the script the user will be sent to after a successfull login. */
+    char *authserv_msg_script_path_fragment;	/**< @brief This is the script the user will be sent to upon error to read a readable message. */
+    char *authserv_ping_script_path_fragment;	/**< @brief This is the ping heartbeating script. */
+    char *authserv_auth_script_path_fragment;	/**< @brief This is the script that talks the wifidog gateway protocol. */
     int authserv_http_port;	/**< @brief Http port the central server
 				     listens on */
     int authserv_ssl_port;	/**< @brief Https port the central server

src/firewall.c

@@ -253,11 +253,14 @@ fw_sync_with_authserver(void)
         if (!(p1 = client_list_find(ip, mac))) {
             debug(LOG_ERR, "Node %s was freed while being re-validated!", ip);
         } else {
+        	time_t	current_time=time(NULL);
+        	debug(LOG_INFO, "Checking client %s for timeout:  Last updated %ld (%ld seconds ago), timeout delay %ld seconds, current time %ld, ",
+                        p1->ip, p1->counters.last_updated, current_time-p1->counters.last_updated, config->checkinterval * config->clienttimeout, current_time);
             if (p1->counters.last_updated +
 				(config->checkinterval * config->clienttimeout)
-				<= time(NULL)) {
+				<= current_time) {
                 /* Timing out user */
-                debug(LOG_INFO, "%s - Inactive for %ld seconds, removing client and denying in firewall",
+                debug(LOG_INFO, "%s - Inactive for more than %ld seconds, removing client and denying in firewall",
                         p1->ip, config->checkinterval * config->clienttimeout);
                 fw_deny(p1->ip, p1->mac, p1->fw_connection_state);
                 client_list_delete(p1);

src/fw_iptables.c

@@ -502,13 +502,13 @@ iptables_fw_counters_update(void)
 				  debug(LOG_WARNING, "I was supposed to read an IP address but instead got [%s] - ignoring it", ip);
 				  continue;
 			  }
-            debug(LOG_DEBUG, "Outgoing %s Bytes=%llu", ip, counter);
+            debug(LOG_DEBUG, "Read outgoing traffic for %s: Bytes=%llu", ip, counter);
 	    LOCK_CLIENT_LIST();
             if ((p1 = client_list_find_by_ip(ip))) {
                 if ((p1->counters.outgoing - p1->counters.outgoing_history) < counter) {
                     p1->counters.outgoing = p1->counters.outgoing_history + counter;
                     p1->counters.last_updated = time(NULL);
-                    debug(LOG_DEBUG, "%s - Updated counter.outgoing to %llu bytes", ip, counter);
+                    debug(LOG_DEBUG, "%s - Updated counter.outgoing to %llu bytes.  Updated last_updated to %d", ip, counter, p1->counters.last_updated);
                 }
             } else {
                 debug(LOG_ERR, "Could not find %s in client list", ip);
@@ -540,7 +540,7 @@ iptables_fw_counters_update(void)
 				  debug(LOG_WARNING, "I was supposed to read an IP address but instead got [%s] - ignoring it", ip);
 				  continue;
 			  }
-            debug(LOG_DEBUG, "Incoming %s Bytes=%llu", ip, counter);
+            debug(LOG_DEBUG, "Read incoming traffic for %s: Bytes=%llu", ip, counter);
 	    LOCK_CLIENT_LIST();
             if ((p1 = client_list_find_by_ip(ip))) {
                 if ((p1->counters.incoming - p1->counters.incoming_history) < counter) {