1 /**************************************************
2 OpengateM - a MAC address authentication system
5 Copyright (C) 2011 Opengate Project Team
6 Written by Yoshiaki Watanabe
8 This program is free software; you can redistribute it and/or
9 modify it under the terms of the GNU General Public License
10 as published by the Free Software Foundation; either version 2
11 of the License, or (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 Email: watanaby@is.saga-u.ac.jp
23 **************************************************/
25 #include <sys/types.h>
39 #include <sys/select.h>
42 #include <sys/ioctl.h>
43 #include <sys/filio.h>
44 #include <sys/sockio.h>
46 #include <sys/socket.h>
50 #include <sys/signal.h>
52 #include <sys/socket.h>
54 #include <net/ethernet.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/in.h>
57 #include <arpa/inet.h>
58 #include <netinet/ip.h>
59 #include <netinet/ip6.h>
62 #include <net/if_dl.h>
64 #include <sys/utsname.h>
67 typedef void Sigfunc(int); /* for signal handlers */
70 /***************** constants ***********************/
72 /* Configuration file for opengate */
73 #define CONFIGFILE "/etc/opengate/opengatemd.conf"
75 #define ADDRMAXLN 128 /* maximum address string length */
76 #define USERMAXLN 128 /* maximum userid string length */
77 #define BUFFMAXLN 1024 /* maximum buffer string length */
78 #define WORDMAXLN 64 /* maximum word length */
79 #define FILTERMAXLN 128 /* pcap filter max length */
95 #define AVOID_OVERLAP 0
96 #define ALLOW_OVERLAP 1
100 /**********prototypes***************************************/
103 void ShowHelp(char* procName);
104 int LockDaemonLockFile(void);
105 void Daemonize(void);
106 void KillDaemon(void);
107 void ReloadDaemon(void);
108 void terminateProg(int ret);
111 int OpenClientGate(char *macAddress, char* userId, char* extraId);
112 int GetRuleNumber(char *macAddress);
113 void CloseClientGate(int ruleMumber);
114 int GetPacketCount(int ruleNumber);
115 int CountRuleNumber(int ruleNumber);
116 int GetRuleTableFromIpfw(DB* ruleTable);
117 int IsMacAddressFoundInIpfw(char* macAddress);
122 FILE *Popenl(int rootPriv, const char *type, const char *path, ...);
123 int Systeml(int roorPriv, const char *path, ...);
124 int Pclose(FILE *stream);
125 int isNull(const char *pStr);
126 int Open(const char *pathname, int oflag, mode_t mode);
130 Sigfunc * Signal(int signo, Sigfunc *func);
131 void * Malloc(size_t size);
134 void err_ret(const char *fmt, ...);
135 void err_sys(const char *fmt, ...);
136 void err_dump(const char *fmt, ...);
137 void err_msg(const char *fmt, ...);
138 void err_quit(const char *fmt, ...);
139 void errToSyslog(int i);
142 int OpenConfFile(void);
143 void CloseConfFile(void);
144 void SetupConfExtra(char *userId, char *extraId);
145 char *GetConfValue(char *name);
146 char *GetConfValueExtra(char *name);
147 char *GetConfAuthServer(char *name);
148 int SelectNextAuthServer(void);
150 int RegExMatch(const char *inStr, const char *regEx);
151 void ResetAuthServerPointer(void);
152 char *GetFirstConfValue(char* name);
153 char *GetNextConfValue(void);
157 int GetNextPacketFromPcap(unsigned char* macAndIpAddressRaw, int* pAddrLen, int* pTtl);
158 void ClosePcap(void);
159 int GetMyMacAddress(char* macAddress);
160 void ConvertIpFromRawToDisplay(unsigned char* ipAddressRaw, int ipAddrLen, char* ipAddress);
161 void ConvertMacFromRawToDisplay(unsigned char* macAddressRaw, char* macAddress);
164 void InitCache(void);
165 int IsRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen);
166 void FreeCache(void);
167 int DelCacheItem(char* macAddress, char* ipAddress);
168 int DelOldestCacheItem(void);
169 int ReFormatMacAddr(char* macAddr);
173 int QueryMacFromMngDb(char* macAddress, char* userid, char* extraid);
174 void CloseMngDb(void);
175 int PutCloseToMngDb(char* macAddress);
176 int PutOpenToMngDb(char* macAddress);
177 int PutMacIpPairToMngDb(char* macAddress, char* ipAddress);
180 int SetupSqliteBusyTimeoutValue(void);
181 int InitWorkDb(void);
182 int FinalizeWorkDb(void);
183 int InsertSessionToWorkDb(char* macAddress, char* userId, char* extraId,
185 int DelSessionFromWorkDb(char* macAddress);
186 int GetSessionFromWorkDb(char* macAddress, char* userId, char* extraId,
187 int* openTime, int* checkTime, int* ruleNumber);
188 int UpdateCheckTimeInWorkDb(char* macAddress);
189 int DelUselessSessionsInWorkDb(int delayed);
190 int GetSessionTableFromWorkDb(DB* sessionTable);
191 int PutMacInfoToWorkDb(char* macAddress, int ttl, int isNat);
192 int GetMacInfoFromWorkDb(char* macAddress, char* detectTimeStr, int* pTtl);
193 int IsActiveRuleInWorkDb(int ruleNumber);
194 int IsFoundMacIpPairInWorkDb(char* macAddress, char* ipAddress);
195 int PutMacIpPairToWorkDb(char* macAddress, char* ipAddress);
196 int DelMacIpPairsInWorkDb(char* macAddress);
199 int AddSession(char* macAddress, char* userId, char* extraId);
200 void DelSession(char* macAddress);
201 void RenewSession(char* macAddress);
202 void DelUselessSessions(void);
203 void DelAllSessions(void);
204 int CloseSession(void* pParam, int argc, char *argv[], char* colName[]);
205 int IsMatchedSessionFound(char* macAddress);
206 void CloseUnmatchSessions(void);
207 void WriteOpenToSyslog(char* userId, char* extraId, char* macAddress);
208 void WriteCloseToSyslog(char* userId, char* extraId, char* macAddress, int openTime);
209 void WriteSessionInfoToSyslog(char* userId, char* extraId, char* macAddress, int ruleNumber);
210 void RemoveSessionUnmatchedToIpfwRule(DB* ruleTable, DB* sessionTable);
211 void RemoveIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable);
212 int IsProcessFoundForTheRule(int ruleNumber);
213 void SetMacIpPair(char* macAddress, char* ipAddress, char* userId, char* extraId);
214 void ResetMacIpPairs(char* macAddress);
217 int InitTtlCheck(void);
218 int IsSentViaNatOrRouter(char* ipAddress, char* macAddress, int ttl);
219 void PutLogAtNatOrRouter(int isNatOrRouter, char* ipAddress, char* macAddress, int ttl);
222 int PrepareUdpPort(void (*handler)(int));
223 int GetDataFromUdpPort(char* buf, int bufLen, char* clientIpAddress);
224 int IsUdpClientTrusted(char* clientIpAddress);
225 int IsMyIpAddress(char* ipAddress);
226 int EnableAsyncIo(int sockfd, void (*handler)(int));
229 void InitMacCache(void);
230 void FreeMacCache(void);
231 int QueryMacFromMacCache(char* macAddress, char* userId, char* extraId);
232 int DelMacCacheItem(char* macAddress);
233 int AddMacCacheItem(char* macAddress, char* userId, char* extraId, int found);