Changeset 136

Timestamp:

12/18/06 12:45:33 (2 years ago)

Author:

syrus

Message:

rajout d un niveau member-users

Files:

• wifidog/wifidog-1.1.3_beta4/config.h (added)
• wifidog/wifidog-1.1.3_beta4/src/auth.c (modified) (1 diff)
• wifidog/wifidog-1.1.3_beta4/src/auth.h (modified) (1 diff)
• wifidog/wifidog-1.1.3_beta4/src/conf.c (modified) (1 diff)
• wifidog/wifidog-1.1.3_beta4/src/firewall.h (modified) (1 diff)
• wifidog/wifidog-1.1.3_beta4/src/fw_iptables.c (modified) (9 diffs)
• wifidog/wifidog-1.1.3_beta4/wifidog.conf (modified) (1 diff)

wifidog/wifidog-1.1.3_beta4/src/auth.c

@@ -232 +232 @@
-            break;
-
+    case AUTH_MEMBER:
+                /* Logged in successfully as a member account */
+                debug(LOG_INFO, "Got MEMBER from central server authenticating token %s from %s at %s - adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
+                client->fw_connection_state = FW_MARK_MEMBER;
+                fw_allow(client->ip, client->mac, FW_MARK_MEMBER);
+        served_this_session++;
+                safe_asprintf(&newlocation, "Location: %s://%s:%d%sportal/?gw_id=%s",
+                        protocol,
+                        auth_server->authserv_hostname,
+                        port,
+                        auth_server->authserv_path,
+                        config->gw_id
+                );
+                httpdSetResponse(r, "307 Redirect to portal\n");
+                httpdAddHeader(r, newlocation);
+                free(newlocation);
+                http_wifidog_header(r, "Redirection to portal");
+                httpdPrintf(r, "Please <a href='%s://%s:%d%sportal/?gw_id=%s'>click here</a> for the portal.",
+                        protocol,
+                        auth_server->authserv_hostname,
+                        port,
+                        auth_server->authserv_path,
+                        config->gw_id
+                );
+                http_wifidog_footer(r);
+            break;
+
-    case AUTH_VALIDATION_FAILED:
-                 /* Client had X minutes to validate account by email and didn't = too late */

wifidog/wifidog-1.1.3_beta4/src/auth.h

@@ -38 +38 @@
-    AUTH_DENIED = 0, /**< Client was denied by the auth server */
-    AUTH_ALLOWED = 1, /**< Client was granted access by the auth server */
+    AUTH_MEMBER = 2, /**< Client was granted access as a member by the auth server */
-    AUTH_VALIDATION = 5, /**< A misnomer.  Client is in 15 min probation to validate his new account */
-    AUTH_VALIDATION_FAILED = 6, /**< @todo DOCUMENT ME */

wifidog/wifidog-1.1.3_beta4/src/conf.c

@@ -91 +91 @@
-        oLon,
-        oTinyproxyPort,
+        oProxyHost,
-} OpCodes;
-

wifidog/wifidog-1.1.3_beta4/src/firewall.h

@@ -33 +33 @@
-                            @todo: VERIFY THAT THIS IS ACCURATE*/
-    FW_MARK_KNOWN = 2,  /**< @brief The client is known to the firewall */ 
+    FW_MARK_MEMBER = 3, /**< @brief The client is a member */ 
-    FW_MARK_LOCKED = 254 /**< @brief The client has been locked out */
-} t_fw_marks;

wifidog/wifidog-1.1.3_beta4/src/fw_iptables.c

@@ -192 +192 @@
-     t_trusted_mac *p;
-     int tinyproxy_port;
-
+
-    fw_quiet = 0;
-
@@ -236 +236 @@
-                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_WIFI_TO_ROUTER);
-                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_GLOBAL);
-                        iptables_do_command("-t nat -N " TABLE_WIFIDOG_UNKNOWN);
@@ -252 +251 @@
-                          debug(LOG_INFO,"Tinyproxy port set, setting tinyproxy rule");
-                          iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -p tcp --dport 80 -m mark --mark 0x%u -j REDIRECT --to-port %u", FW_MARK_KNOWN, tinyproxy_port);
-_FOR_MEMBERS " -p tcp --dport 80 -m mark --mark 0x%u -j REDIRECT --to-port %u", FW_MARK_KNOWN
+ " -p tcp --dport 80 -m mark --mark 0x%u -j REDIRECT --to-port %u", FW_MARK_MEMBER
-                        } else {
-                          iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j ACCEPT", FW_MARK_KNOWN);
-_FOR_MEMBERS " -m mark --mark 0x%u -j ACCEPT", FW_MARK_KNOWN
+ " -m mark --mark 0x%u -j ACCEPT", FW_MARK_MEMBER
-                        }
-
-                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j ACCEPT", FW_MARK_PROBATION);
-                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
-
-                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS " -m mark --mark 0x%u -j ACCEPT", FW_MARK_PROBATION);
-                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS " -j " TABLE_WIFIDOG_UNKNOWN);
-
-                        iptables_do_command("-t nat -A " TABLE_WIFIDOG_UNKNOWN " -j " TABLE_WIFIDOG_AUTHSERVERS);
@@ -277 +273 @@
-                        /* Create new chains */
-                        iptables_do_command("-t filter -N " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-                        iptables_do_command("-t filter -N " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-                        iptables_do_command("-t filter -N " TABLE_WIFIDOG_AUTHSERVERS);
-                        iptables_do_command("-t filter -N " TABLE_WIFIDOG_LOCKED);
@@ -321 +316 @@
-                        iptables_do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -j " TABLE_WIFIDOG_UNKNOWN);
-
-load_ruleset("filter", "members-users", TABLE_WIFIDOG_MEMBERS); 
-do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS " -j " TABLE_WIFIDOG_UNKNOWN);
+do_command("-t filter -A " TABLE_WIFIDOG_WIFI_TO_INTERNET " -m mark --mark 0x%u -j " TABLE_WIFIDOG_MEMBERS, FW_MARK_MEMBER);
+load_ruleset("filter", "member-users", TABLE_WIFIDOG_MEMBERS); 
-
-                        iptables_load_ruleset("filter", "unknown-users", TABLE_WIFIDOG_UNKNOWN);
@@ -371 +366 @@
-    iptables_do_command("-t nat -F " TABLE_WIFIDOG_WIFI_TO_ROUTER);
-    iptables_do_command("-t nat -F " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-    iptables_do_command("-t nat -F " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-    iptables_do_command("-t nat -F " TABLE_WIFIDOG_GLOBAL);
-    iptables_do_command("-t nat -F " TABLE_WIFIDOG_UNKNOWN);
@@ -378 +372 @@
-    iptables_do_command("-t nat -X " TABLE_WIFIDOG_WIFI_TO_ROUTER);
-    iptables_do_command("-t nat -X " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-    iptables_do_command("-t nat -X " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-    iptables_do_command("-t nat -X " TABLE_WIFIDOG_GLOBAL);
-    iptables_do_command("-t nat -X " TABLE_WIFIDOG_UNKNOWN);
@@ -390 +383 @@
-         iptables_fw_destroy_mention("filter", "FORWARD", TABLE_WIFIDOG_WIFI_TO_INTERNET);
-         iptables_do_command("-t filter -F " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-         iptables_do_command("-t filter -F " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-         iptables_do_command("-t filter -F " TABLE_WIFIDOG_AUTHSERVERS);
-         iptables_do_command("-t filter -F " TABLE_WIFIDOG_LOCKED);
@@ -399 +391 @@
-         iptables_do_command("-t filter -F " TABLE_WIFIDOG_UNKNOWN);
-         iptables_do_command("-t filter -X " TABLE_WIFIDOG_WIFI_TO_INTERNET);
-         iptables_do_command("-t filter -X " TABLE_WIFIDOG_WIFI_TO_INTERNET_FOR_MEMBERS);
-         iptables_do_command("-t filter -X " TABLE_WIFIDOG_AUTHSERVERS);
-         iptables_do_command("-t filter -X " TABLE_WIFIDOG_LOCKED);

wifidog/wifidog-1.1.3_beta4/wifidog.conf

@@ -212 +212 @@
-}
-
+# Rule Set: member-users
+#
+# Used for member validated users.
+FirewallRuleSet member-users {
+FirewallRule allow to 0.0.0.0/0
+}
+
+
+
-# Rule Set: unknown-users
-#