Ver1.5.28 Changed to deny duplicated open, added udp send and ohters.

[opengate/opengate.git] / opengate / opengatesrv / main.c

diff --git a/opengate/opengatesrv/main.c b/opengate/opengatesrv/main.c
index b13bb22..0fb41dc 100644 (file)
--- a/opengate/opengatesrv/main.c
+++ b/opengate/opengatesrv/main.c
@@ -42,7 +42,7 @@ char userProperty[BUFFMAXLN];
 time_t timeIn, timeOut;
 int ipStatus;              /* flag for IPV4ONLY,IPV6ONLY or IPV46DUAL */
 int connectionMode;   /* client connect mode */
-char *mode[3]={"NONE","HTTP","TIME"};
+char *mode[4]={"NONE","HTTP","TIME", "NONE"};
 
 /* variable to measuring processing time (in msec) */
 struct timeval timeBeginCgi, timeBeginWait, timeConnect, timeDisconnect;
@@ -72,10 +72,17 @@ int  main(int argc, char **argv)
   int authNum=1; /* present authserver number to check user */
   int cookieAuth=FALSE; /* Auth with HTTP-Cookie is passed */
   int isUidInEnv=FALSE; /* userid is included in environment (shibb/basic) */
+  char closeTime[WORDMAXLN]; /* session closing time ('-'=not close) */
 
   /* drop root privilege */
   seteuid(getuid());
 
+  /* if this is executed in shell with '-v' option, show make dir */  
+  if(argc>1 && strcmp(argv[1],"-v")==0){
+    printf("makedir: %s\n", MAKEDIR);
+    exit(0);
+  }
+
   /* get time at the cgi starting (in msec) */
   gettimeofday(&timeBeginCgi, NULL) ;
 
@@ -112,7 +119,13 @@ int  main(int argc, char **argv)
   /* if cookie auth is enabled. */
   if( (*GetConfValue("EnableCookieAuth")!='0') ){
     cookieAuth=GetCookieData(userid, clientAddr4,
-                          &duration,&durationEntered,language);
+                          &duration,&durationEntered,language,closeTime);
+  }
+
+  /* if already opened, exit */
+  if(cookieAuth && closeTime[0]=='-'){
+    PutClientMsg("Already opened. Please close this page and retry.");
+    return 0;
   }
 
   /* split user@server to user and server */
@@ -121,6 +134,9 @@ int  main(int argc, char **argv)
   /* setup pointer to ExtraSet in config file */
   SetupConfExtra(useridshort, extraId);
 
+  /* setup static variable value for SqLite3_busy_timeout from conf */
+  SetupSqliteBusyTimeoutValue();
+
   /* get address of client from getenv. it might be IPv4 or IPv6. */
   GetClientAddr(clientAddr6);
 
@@ -184,7 +200,10 @@ int  main(int argc, char **argv)
 
   /* open firewall for the client */
   if(OpenClientGate(clientAddr4,macAddr4,clientAddr6,macAddr6,
-                   userid,userProperty,ipStatus)==FALSE) return 0;
+                   userid,userProperty,ipStatus)==FALSE){
+    PutClientMsg("Error: Close this browser and retry");    
+    return 0;
+  }
   timeIn=time(NULL);
 
   /* set (ruleNumber,userid,clientAddr) in process title */
@@ -261,7 +280,6 @@ int  main(int argc, char **argv)
   return 0;
 }
 
-
 /*******************************************/
 /* calc connection duration and put it out */
 /*******************************************/
@@ -274,7 +292,7 @@ void putCloseMsg(time_t timeOut, time_t timeIn)
   hour=time/60/60;
   min=(time-hour*60*60)/60;
   sec=(time-hour*60*60-min*60);
-  //err_msg("STOP: user %s at %s ( %02d:%02d:%02d )", userid, macAddr4, hour,min,sec);
+  // err_msg("STOP: user %s at %s ( %02d:%02d:%02d )", userid, macAddr4, hour,min,sec);
   return;
 }
 
@@ -284,30 +302,37 @@ void putCloseMsg(time_t timeOut, time_t timeIn)
 /*****************************/
 void closeExit(int signo)
 {
-  /* save the connect mode */
-  logConnectMode();
-
   /* write closing information to database */
   PutSessionEndToDb(cookie, mode[connectionMode]);
 
   /* signal is disabled */
   Signal(SIGTERM, SIG_DFL);
 
-  /* close firewalls */
-  while(pClientAddr!=NULL){
+  /* ignore redundant process */
+  if(connectionMode!=DUPLICATED){
+
+    /* save the connect mode */
+    logConnectMode();
+
+    /* close firewalls */
+    while(pClientAddr!=NULL){
 
-    if(pClientAddr->ipType==IPV4){
-      CloseClientGate4(pClientAddr,userid,macAddr4);
-    }else{
-      CloseClientGate6(pClientAddr,userid,macAddr6);
-      DeleteNdpEntry(pClientAddr->ipAddr);
+      if(pClientAddr->ipType==IPV4){
+
+       CloseClientGate4(pClientAddr,userid,macAddr4);
+      }else{
+
+       CloseClientGate6(pClientAddr,userid,macAddr6);
+       DeleteNdpEntry(pClientAddr->ipAddr);
+      }
+      pClientAddr = pClientAddr->next;
     }
-    pClientAddr = pClientAddr->next;
+
+    /* put out time */
+    timeOut=time(NULL);
+    PutCloseMsg(timeOut,timeIn);
   }
 
-  /* put out time */
-  timeOut=time(NULL);
-  PutCloseMsg(timeOut,timeIn);
   if(debug>1) err_msg("DEBUG:terminated");
 
   exit(1);
@@ -345,10 +370,12 @@ void logConnectMode()
 {
   long time1sec,time2sec,time3sec;
   long time1usec,time2usec,time3usec;
+  int conMode=0;
 
   /* set value on failure */
-  if(connectionMode<0 || connectionMode>2) connectionMode=NOCONNECT;
-  if(connectionMode==NOCONNECT){
+  conMode=connectionMode;
+  if(connectionMode<0 || connectionMode>2) conMode=NOCONNECT;
+  if(conMode==NOCONNECT){
     gettimeofday(&timeBeginWait, NULL) ;
     gettimeofday(&timeConnect, NULL) ;
   }
@@ -374,12 +401,15 @@ void logConnectMode()
     time3usec += 1000000; time3sec--;
   }
 
-  if(debug>0) err_msg("INFO: user=%s watchmode=%s procsec=%ld.%06ld,%ld.%06ld,%ld.%06ld ipversion=%d useragent=%s",
-                     userid, mode[connectionMode], 
+  if(debug>0) err_msg("INFO: user=%s watchmode=%s procsec=%ld.%06ld,%ld.%06ld,%ld.%06ld ipversion=%d ipaddr=%s,%s macaddr=%s ipfwrule=%s,%s useragent=%s",
+                     userid, mode[conMode], 
                      time1sec,time1usec,
                      time2sec,time2usec,
                      time3sec,time3usec,
-                     ipStatus, getenv("HTTP_USER_AGENT"));
+                     ipStatus,
+                     clientAddr4,clientAddr6,macAddr4,
+                     ruleNumber4, ruleNumber6,
+                     getenv("HTTP_USER_AGENT"));
 }