time_t timeIn, timeOut;
int ipStatus; /* flag for IPV4ONLY,IPV6ONLY or IPV46DUAL */
int connectionMode; /* client connect mode */
-char *mode[3]={"NONE","HTTP","TIME"};
+char *mode[4]={"NONE","HTTP","TIME", "NONE"};
/* variable to measuring processing time (in msec) */
struct timeval timeBeginCgi, timeBeginWait, timeConnect, timeDisconnect;
int durationEntered=0; /* the duration value is entered or not */
int authResult=DENY;
int authNum=1; /* present authserver number to check user */
- int cookieAuth=FALSE; /* Auth with HTTP-Cookie is enabled */
+ int cookieAuth=FALSE; /* Auth with HTTP-Cookie is passed */
+ int isUidInEnv=FALSE; /* userid is included in environment (shibb/basic) */
+ char closeTime[WORDMAXLN]; /* session closing time ('-'=not close) */
/* drop root privilege */
seteuid(getuid());
+ /* if this is executed in shell with '-v' option, show make dir */
+ if(argc>1 && strcmp(argv[1],"-v")==0){
+ printf("makedir: %s\n", MAKEDIR);
+ exit(0);
+ }
+
/* get time at the cgi starting (in msec) */
gettimeofday(&timeBeginCgi, NULL) ;
/* get default language at the top of lang list */
sscanf(GetConfValue("HtmlLangs"), "%s", language);
- /* check referer */
+ /* check referer (Disabled)
if(CheckReferer()==FALSE){
PutClientRetry(language);
return 0;
- }
+ } */
/* get POST data from HTTP request */
if(GetPostData(userid, password, clientAddr4,
return 0;
}
- /* Try to authentication with cookie data */
- cookieAuth=GetCookieData(userid, clientAddr4,
- &duration,&durationEntered,language);
+ /* get userid from environment var(available on shbboleth or httpbasic) */
+ isUidInEnv=GetUserIdFromEnv(userid);
+
+ /* try to authentication with cookie data, */
+ /* if cookie auth is enabled. */
+ if( (*GetConfValue("EnableCookieAuth")!='0') ){
+ cookieAuth=GetCookieData(userid, clientAddr4,
+ &duration,&durationEntered,language,closeTime);
+ }
+
+ /* if already opened, exit */
+ if(cookieAuth && closeTime[0]=='-'){
+ PutClientMsg("Already opened. Please close this page and retry.");
+ return 0;
+ }
/* split user@server to user and server */
SplitId(userid, useridshort, extraId);
/* setup pointer to ExtraSet in config file */
SetupConfExtra(useridshort, extraId);
+ /* setup static variable value for SqLite3_busy_timeout from conf */
+ SetupSqliteBusyTimeoutValue();
+
/* get address of client from getenv. it might be IPv4 or IPv6. */
GetClientAddr(clientAddr6);
/* check enable IP versions */
if((ipStatus=CheckIpVersions(clientAddr4, clientAddr6))==0){
- PutClientMsg("Error: Please contact to the administrator");
+ PutClientMsg("Error: Please contact the administrator(1)");
return 0;
}
GetMacAddr(clientAddr4, macAddr4, clientAddr6, macAddr6,ipStatus);
/* check user by authenticate servers */
- if(cookieAuth) authResult=ACCEPT;
+ if(cookieAuth||isUidInEnv) authResult=ACCEPT;
else{
+ ResetAuthServerPointer();
while(SelectNextAuthServer()){
/* authenticate the user with authentication servers */
/* clear password */
bzero(password, PASSMAXLN);
+ /* check nat insertion. if found, put info to log */
+ CheckNatInsertion(macAddr4, macAddr6, userid);
+
/* get user property from user database (if you edit comm-userdb.c) */
if(!GetUserProperty(userid, userProperty)){
PutClientMsg("Error: You are denied.");
/* set terminate signal handler */
if(Signal(SIGTERM, closeExit)==SIG_ERR){
- PutClientMsg("Error: Please contact to the administrator");
+ PutClientMsg("Error: Please contact the administrator(2)");
return 0;
}
/* open firewall for the client */
if(OpenClientGate(clientAddr4,macAddr4,clientAddr6,macAddr6,
- userid,userProperty,ipStatus)==FALSE) return 0;
+ userid,userProperty,ipStatus)==FALSE){
+ PutClientMsg("Error: Close this browser and retry");
+ return 0;
+ }
timeIn=time(NULL);
/* set (ruleNumber,userid,clientAddr) in process title */
port=GetListenPort();
if(port<0){
err_msg("ERR at %s#%d: cannot get unused listen port",__FILE__,__LINE__);
- PutClientMsg("Error: Please contact to the administrator");
+ PutClientMsg("Error: Please contact the administrator(3)");
closeExit(1);
}
/* fork */
if((pid=Fork())==-1){
err_msg("ERR at %s#%d: fork error",__FILE__,__LINE__);
- PutClientMsg("Error: Please contact to the administrator");
+ PutClientMsg("Error: Please contact the administrator(4)");
closeExit(1);
}
return 0;
}
-
/*******************************************/
/* calc connection duration and put it out */
/*******************************************/
hour=time/60/60;
min=(time-hour*60*60)/60;
sec=(time-hour*60*60-min*60);
- //err_msg("STOP: user %s at %s ( %02d:%02d:%02d )", userid, macAddr4, hour,min,sec);
+ // err_msg("STOP: user %s at %s ( %02d:%02d:%02d )", userid, macAddr4, hour,min,sec);
return;
}
/*****************************/
void closeExit(int signo)
{
- /* save the connect mode */
- logConnectMode();
-
/* write closing information to database */
PutSessionEndToDb(cookie, mode[connectionMode]);
/* signal is disabled */
Signal(SIGTERM, SIG_DFL);
- /* close firewalls */
- while(pClientAddr!=NULL){
+ /* ignore redundant process */
+ if(connectionMode!=DUPLICATED){
+
+ /* save the connect mode */
+ logConnectMode();
- if(pClientAddr->ipType==IPV4){
- CloseClientGate4(pClientAddr,userid,macAddr4);
- }else{
- CloseClientGate6(pClientAddr,userid,macAddr6);
- DeleteNdpEntry(pClientAddr->ipAddr);
+ /* close firewalls */
+ while(pClientAddr!=NULL){
+
+ if(pClientAddr->ipType==IPV4){
+
+ CloseClientGate4(pClientAddr,userid,macAddr4);
+ }else{
+
+ CloseClientGate6(pClientAddr,userid,macAddr6);
+ DeleteNdpEntry(pClientAddr->ipAddr);
+ }
+ pClientAddr = pClientAddr->next;
}
- pClientAddr = pClientAddr->next;
+
+ /* put out time */
+ timeOut=time(NULL);
+ PutCloseMsg(timeOut,timeIn);
}
- /* put out time */
- timeOut=time(NULL);
- PutCloseMsg(timeOut,timeIn);
if(debug>1) err_msg("DEBUG:terminated");
exit(1);
{
long time1sec,time2sec,time3sec;
long time1usec,time2usec,time3usec;
+ int conMode=0;
/* set value on failure */
- if(connectionMode<0 || connectionMode>2) connectionMode=NOCONNECT;
- if(connectionMode==NOCONNECT){
+ conMode=connectionMode;
+ if(connectionMode<0 || connectionMode>2) conMode=NOCONNECT;
+ if(conMode==NOCONNECT){
gettimeofday(&timeBeginWait, NULL) ;
gettimeofday(&timeConnect, NULL) ;
}
time3usec += 1000000; time3sec--;
}
- if(debug>0) err_msg("INFO: user=%s watchmode=%s procsec=%ld.%06ld,%ld.%06ld,%ld.%06ld ipversion=%d useragent=%s",
- userid, mode[connectionMode],
+ if(debug>0) err_msg("INFO: user=%s watchmode=%s procsec=%ld.%06ld,%ld.%06ld,%ld.%06ld ipversion=%d ipaddr=%s,%s macaddr=%s ipfwrule=%s,%s useragent=%s",
+ userid, mode[conMode],
time1sec,time1usec,
time2sec,time2usec,
time3sec,time3usec,
- ipStatus, getenv("HTTP_USER_AGENT"));
+ ipStatus,
+ clientAddr4,clientAddr6,macAddr4,
+ ruleNumber4, ruleNumber6,
+ getenv("HTTP_USER_AGENT"));
}
OSDN Git Service
