mirror of
https://github.com/openNDS/openNDS.git
synced 2026-01-10 04:17:55 -05:00
Add - support for mesh11sd meshnodes and reimplement auth_restore to not use ndsctl
Signed-off-by: Rob White <rob@blue-wave.net>
This commit is contained in:
Rob White
225
src/auth.c
225
src/auth.c
@@ -57,6 +57,210 @@ extern pthread_mutex_t config_mutex;
|
||||
// Count number of authentications
|
||||
unsigned int authenticated_since_start = 0;
|
||||
|
||||
static void
|
||||
client_auth(char *arg)
|
||||
{
|
||||
s_config *config = config_get_config();
|
||||
t_client *client;
|
||||
unsigned id;
|
||||
int rc = -1;
|
||||
int seconds = 60 * config->session_timeout;
|
||||
int custom_seconds;
|
||||
int uploadrate = config->upload_rate;
|
||||
int downloadrate = config->download_rate;
|
||||
unsigned long long int uploadquota = config->upload_quota;
|
||||
unsigned long long int downloadquota = config->download_quota;
|
||||
char *libcmd;
|
||||
char *msg;
|
||||
char *customdata;
|
||||
char *argcopy;
|
||||
const char *arg2;
|
||||
const char *arg3;
|
||||
const char *arg4;
|
||||
const char *arg5;
|
||||
const char *arg6;
|
||||
const char *arg7;
|
||||
const char *arg8;
|
||||
char *ptr;
|
||||
const char *ipclient;
|
||||
const char *macclient;
|
||||
time_t now = time(NULL);
|
||||
|
||||
debug(LOG_DEBUG, "Entering client_auth [%s]", arg);
|
||||
|
||||
argcopy=strdup(arg);
|
||||
|
||||
// arg2 = ip|mac|tok
|
||||
arg2 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg2 [%s]", arg2);
|
||||
|
||||
// arg3 = scheduled duration (minutes) until deauth
|
||||
arg3 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg3 [%s]", arg3);
|
||||
|
||||
if (arg3 != NULL) {
|
||||
custom_seconds = 60 * strtol(arg3, &ptr, 10);
|
||||
if (custom_seconds > 0) {
|
||||
seconds = custom_seconds;
|
||||
}
|
||||
}
|
||||
debug(LOG_DEBUG, "Client session duration [%d] seconds", seconds);
|
||||
|
||||
// arg4 = upload rate (kb/s)
|
||||
arg4 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg4 [%s]", arg4);
|
||||
|
||||
if (arg4 != NULL) {
|
||||
uploadrate = strtol(arg4, &ptr, 10);
|
||||
}
|
||||
|
||||
// arg5 = download rate (kb/s)
|
||||
arg5 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg5 [%s]", arg5);
|
||||
|
||||
if (arg5 != NULL) {
|
||||
downloadrate = strtol(arg5, &ptr, 10);
|
||||
}
|
||||
|
||||
// arg6 = upload quota (kB)
|
||||
arg6 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg6 [%s]", arg6);
|
||||
|
||||
if (arg6 != NULL) {
|
||||
uploadquota = strtoll(arg6, &ptr, 10);
|
||||
}
|
||||
|
||||
// arg7 = download quota (kB)
|
||||
arg7 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg7 [%s]", arg7);
|
||||
|
||||
if (arg7 != NULL) {
|
||||
downloadquota = strtoll(arg7, &ptr, 10);
|
||||
}
|
||||
|
||||
// arg8 = custom data string - max 256 characters
|
||||
arg8 = strsep(&argcopy, ",");
|
||||
debug(LOG_DEBUG, "arg8 [%s]", arg8);
|
||||
|
||||
customdata = safe_calloc(CUSTOM_ENC);
|
||||
|
||||
if (arg8 != NULL) {
|
||||
snprintf(customdata, CUSTOM_ENC, "%s", arg8);
|
||||
debug(LOG_DEBUG, "customdata [%s]", customdata);
|
||||
}
|
||||
|
||||
LOCK_CLIENT_LIST();
|
||||
debug(LOG_DEBUG, "find in client list - arg2: [%s]", arg2);
|
||||
client = client_list_find_by_any(arg2, arg2, arg2);
|
||||
id = client ? client->id : 0;
|
||||
debug(LOG_DEBUG, "client id: [%d]", id);
|
||||
|
||||
if (!id && config->allow_preemptive_authentication == 1) {
|
||||
// Client is neither preauthenticated nor authenticated
|
||||
// If Preemptive authentication is enabled we should try to auth by mac
|
||||
debug(LOG_DEBUG, "Client is not in client list.");
|
||||
// Build command to get client mac and ip
|
||||
libcmd = safe_calloc(SMALL_BUF);
|
||||
safe_snprintf(libcmd, SMALL_BUF, "/usr/lib/opennds/libopennds.sh clientaddress \"%s\"", arg2 );
|
||||
|
||||
msg = safe_calloc(64);
|
||||
rc = execute_ret_url_encoded(msg, 64 - 1, libcmd);
|
||||
free(libcmd);
|
||||
|
||||
if (rc == 0) {
|
||||
debug(LOG_DEBUG, "Client ip/mac: %s", msg);
|
||||
|
||||
if (strcmp(msg, "-") == 0) {
|
||||
debug(LOG_DEBUG, "Client [%s] is not connected", arg2);
|
||||
} else {
|
||||
ipclient = strtok(msg, " ");
|
||||
macclient = strtok(NULL, " ");
|
||||
debug(LOG_DEBUG, "Client ip [%s], mac [%s]", ipclient, macclient);
|
||||
|
||||
// check if client ip is on our subnet
|
||||
safe_asprintf(&libcmd, "/usr/lib/opennds/libopennds.sh get_interface_by_ip \"%s\"", ipclient);
|
||||
msg = safe_calloc(64);
|
||||
rc = execute_ret_url_encoded(msg, 64 - 1, libcmd);
|
||||
free(libcmd);
|
||||
|
||||
if (rc == 0) {
|
||||
|
||||
if (strcmp(config->gw_interface, msg) == 0) {
|
||||
debug(LOG_DEBUG, "Pre-emptive Authentication: Client [%s] is on our subnet using interface [%s]", ipclient, msg);
|
||||
|
||||
client = client_list_add_client(macclient, ipclient);
|
||||
|
||||
if (client) {
|
||||
id = client ? client->id : 0;
|
||||
debug(LOG_DEBUG, "client id: [%d]", id);
|
||||
client->client_type = "preemptive";
|
||||
|
||||
// log the preemptive authentication
|
||||
safe_asprintf(&libcmd,
|
||||
"/usr/lib/opennds/libopennds.sh write_log \"mac=%s, ip=%s, client_type=%s\"",
|
||||
macclient,
|
||||
ipclient,
|
||||
client->client_type
|
||||
);
|
||||
|
||||
msg = safe_calloc(64);
|
||||
rc = execute_ret_url_encoded(msg, 64 - 1, libcmd);
|
||||
free(libcmd);
|
||||
}
|
||||
|
||||
} else {
|
||||
debug(LOG_NOTICE, "Pre-emptive Authentication: Client ip address [%s] is NOT on our subnet", ipclient);
|
||||
id = 0;
|
||||
}
|
||||
} else {
|
||||
debug(LOG_DEBUG, "ip subnet test failed: Continuing...");
|
||||
}
|
||||
}
|
||||
free(msg);
|
||||
|
||||
} else {
|
||||
debug(LOG_DEBUG, "Client connection not found: Continuing...");
|
||||
rc = -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (id) {
|
||||
|
||||
if (strcmp(fw_connection_state_as_string(client->fw_connection_state), "Preauthenticated") == 0) {
|
||||
// set client values
|
||||
client->session_start = now;
|
||||
|
||||
if (seconds > 0) {
|
||||
client->session_end = now + seconds;
|
||||
} else {
|
||||
client->session_end = 0;
|
||||
}
|
||||
|
||||
client->upload_rate = uploadrate;
|
||||
client->download_rate = downloadrate;
|
||||
client->upload_quota = uploadquota;
|
||||
client->download_quota = downloadquota;
|
||||
|
||||
debug(LOG_DEBUG, "auth_client: client session start time [ %lu ], end time [ %lu ]", now, client->session_end);
|
||||
|
||||
rc = auth_client_auth_nolock(id, "preemptive_auth", customdata);
|
||||
}
|
||||
|
||||
free(argcopy);
|
||||
|
||||
} else {
|
||||
// Client is neither preauthenticated nor authenticated
|
||||
// If Preemptive authentication is enabled we should have tried to auth by mac
|
||||
debug(LOG_DEBUG, "Client is not in client list.");
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
UNLOCK_CLIENT_LIST();
|
||||
|
||||
free(customdata);
|
||||
debug(LOG_DEBUG, "Exiting client_auth...");
|
||||
}
|
||||
|
||||
|
||||
static void binauth_action(t_client *client, const char *reason, const char *customdata)
|
||||
{
|
||||
@@ -294,6 +498,7 @@ fw_refresh_client_list(void)
|
||||
char *dnscmd;
|
||||
char *pmaccmd;
|
||||
char msg[MID_BUF];
|
||||
char *gnpa;
|
||||
|
||||
// Check if router is online
|
||||
int watchdog = 1;
|
||||
@@ -702,6 +907,26 @@ fw_refresh_client_list(void)
|
||||
}
|
||||
free(pmaccmd);
|
||||
}
|
||||
|
||||
// Poll preemprive_auth files for clients to auth:
|
||||
|
||||
// Loop through database files
|
||||
pmaccmd = safe_calloc(STATUS_BUF);
|
||||
safe_snprintf(pmaccmd, STATUS_BUF, "/usr/lib/opennds/libopennds.sh get_next_preemptive_auth");
|
||||
|
||||
gnpa = safe_calloc(SMALL_BUF);
|
||||
|
||||
while (execute_ret_url_encoded(gnpa, STATUS_BUF - 1, "/usr/lib/opennds/libopennds.sh get_next_preemptive_auth") == 0) {
|
||||
debug(LOG_DEBUG, "auth string [ %s ]", gnpa);
|
||||
client_auth(gnpa);
|
||||
free(gnpa);
|
||||
gnpa = safe_calloc(SMALL_BUF);
|
||||
}
|
||||
|
||||
debug(LOG_DEBUG, "done with preemprive_auth checks");
|
||||
free(gnpa);
|
||||
free(pmaccmd);
|
||||
// done authing
|
||||
}
|
||||
|
||||
/** Launched in its own thread.
|
||||
|
||||
Reference in New Issue
Block a user