accept.html First accept message page(for Applet)
accept2.html Second accept message page(for start browsing)
deny.html Deny message page
- retry.html Retry message page(in SSL)
+ retry.html Retry message page
index-ssl.html Authentication request page(in SSL)
index.html Authentication request page
topindex.html Top page displayed at firewall forward
<DD>\r
Change syslog setting to config file, and some bugs are fixed.\r
</DD>\r
+<DT>\r
+Ver.1.3.7 at 2006.4.20</DT>\r
+<DD>\r
+Add code and info to cope with abnormal actions, and some bugs are fixed.\r
+</DD>\r
</DL>\r
<b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
</BODY>\r
<LI>Java Applet does not run. Set up Java VM.</LI>\r
<LI>If ClassNotFound message is displayed, check the directory of Java-class/jar files and applet description in the page.</LI>\r
<LI>In no-Java mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>\r
+<LI>If you want to be compatible with Microsoft VM, the applet should be compiled as "javac -target 1.1 Opengate.java". In some environment, additional option "-source 1.2" or "-source 1.3" might be needed.</LI>\r
</UL>\r
</UL>\r
<P></P>\r
<LI>JavaApplet\82ª\93®\8dì\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\83u\83\89\83E\83U\82ÅJavaVM\82ª\93®\8dì\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
<LI>ClassNotFound\82Ì\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\82Í\81AJava\82Ìclass\83t\83@\83C\83\8b\82Ü\82½\82Íjar\83t\83@\83C\83\8b\82Ì\88Ê\92u\8ew\92è\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
<LI>\82±\82Ì\8fê\8d\87\82à\81A\82µ\82Î\82ç\82\82Í\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\95Â\8d½\82Í\88È\89º\82Ì\8e\9e\82É\8bN\82«\82Ü\82·\81B\81u\8ew\92è\8e\9e\8aÔ\82ª\8co\89ß\81v\81u\8fI\97¹\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\81v\81uIP\83A\83h\83\8c\83X\82É\91Î\82·\82éMAC\83A\83h\83\8c\83X\82ª\95Ï\89»\81v\81u\88ê\92è\8e\9e\8aÔ\83p\83P\83b\83g\82ª\92Ê\82ç\82È\82¢\81v\81B</LI>\r
+<LI>Java Applet\82ª\81AJava Runtime 1.1\8cü\82¯\82É\83R\83\93\83p\83C\83\8b\82µ\82Ä\82¢\82È\82¢\82Æ\81AMicrosoft VM\82Å\93®\82«\82Ü\82¹\82ñ\81B\91Î\89\9e\82·\82é\82É\82Í\81A\81ujavac -target 1.1 Opengate.java\81v\82Æ\82µ\82Ä\83R\83\93\83p\83C\83\8b\89º\82³\82¢\81B\8aÂ\8b«\82É\82æ\82Á\82Ä\82Í\81u-source 1.2\81v\82Ü\82½\82Í\81u-source 1.3\81v\82ª\95K\97v\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B</LI>\r
+\r
</UL>\r
</UL>\r
<P></P>\r
<HR>
<table border="1">
<tr><td>
-<P>If yellow bar is not displayed between above two lines:</P>
+<P>If <B>yellow bar is not displayed</B> between above two lines:</P>
<UL>
<LI>It indicates that the browser does not run Java.</LI>
<LI>The network is opened for a while and closed. </LI>
<table border="1">
<tr><td>
-If your browser denies to open the working window, click below link to open.
+If <B>another working window is not popped up</B>, click below link to open.
<a href="%%STARTURL%%" target="_blank"><h3>[Start Page]</h3></a>
</td></tr>
</table>
Your authentication is valid until you quit your browser.
Do not forget to stop your WEB brower when you finish to use the network.
</P>
-<P>
-If you are using user terminals in University Library, please close
-all windows by "CLOSE" in "FILE" menu at the upper left corner of the
-window.
-</P>
<HR>
<P>Saga university related sites</P>
<A HREF="http://job.admin.saga-u.ac.jp/">Job Consultant</A>
</P>
<HR>
-<P>Search</P>
-<a href="http://jp.excite.com/">Exite Japan</a>
+<P>Search Engines and Potal sites</P>
+<a href="http://www.yahoo.co.jp/">Yahoo! Japan</a>
+<a href="http://www.google.com/">Google</a>
+<a href="http://www.excite.co.jp/">Exite Japan</a>
<a href="http://www.goo.ne.jp/">Goo</a>
<a href="http://www.infoseek.co.jp/">Infoseek</a>
-<a href="http://navi.ocn.ne.jp/">NTT Directory</a>
-<a href="http://www.lycos.co.jp/">Lycos</a>
-<a href="http://www.msn.co.jp/home.htm">MSN</a>
+<a href="http://www.ocn.ne.jp/">OCN</a>
+<a href="http://www.msn.co.jp/">MSN</a>
<a href="http://www.fresheye.com/">Fresheye</a>
-<BR>
-<a href="http://odin.ingrid.org/">ODIN</a>
-<a href="http://www.jp.opentext.com/indexb.html">Open Text Index</a>
+<a href="http://www.livedoor.com/">Livedoor</a>
<a href="http://www.isize.com/">ISIZE</a>
-<a href="http://www.csj.co.jp/">CSJ</a>
-<a href="http://www.inetg.com/">iNET</a>
-<a href="http://www.wave.co.jp/wave/">Wave Navi</a>
-<a href="http://www.yahoo.co.jp/">Yahoo Japan</a>
-<BR>
-<a href="http://www.altavista.com/">Altavista</a>
-<a href="http://www.google.com/">Google</a>
+
</BODY>
</HEAD>
<BODY>
<P>
-The system cannot acquire client information. Please use as follows.
+The system cannot acquire client IPv4 address. Please use as follows.
<UL>
<LI>Do not access by pointing this site manually.</LI>
<LI>Do not access by the saved URL of this site.</LI>
<P>
<A HREF=%%EXTERNALURL%%><H3>Retry from external site</H3></A>
</P>
+<HR>
+<SMALL>
+<P>If you do not need IPv4 address, enter from one of following pages.
+</P>
+<P>
+<a href="https://%%AUTHCGIURL%%?0-0-0&en">Network Authentication</a>
+<a href="http://%%AUTHCGIURL%%?0-0-0&en">Network Authentication(Unuse SSL)</a>
+</P>
+</SMALL>
</BODY>
</HTML>
<table border="1">
<tr><td>
-<P>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K2+?'$$%P!<$,I=<($5$l$J$$>l9g\e(B</P>
+<P>\e$B>e$N\e(B2\e$BK\$N@~$N4V$K\e(B<B>\e$B2+?'$$%P!<$,I=<($5$l$J$$>l9g\e(B</B></P>
<UL>
<LI>Java\e$B$,M-8z$K$J$C$F$$$^$;$s!#\e(B</LI>
<LI>\e$B%M%C%H%o!<%/$O0lDj;~4V3+J|8e$KJD:?$H$J$j$^$9!#\e(B</LI>
<table border="1">
<tr><td>
-\e$B$b$&0l$D$N:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B
+\e$B$b$&0l$D$N\e(B<B>\e$B:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g\e(B</B>\e$B$K$O!"2<$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B
<a href="%%STARTURL%%" target="_blank"><h3>[\e$B%9%?!<%H%Z!<%8\e(B]</h3></a>
</td></tr>
</table>
<P>
Web\e$B%V%i%&%6$,=*N;$7$?$H$-$K!"%M%C%H%o!<%/MxMQ5v2D$b<+F0E*$K<h$j>C$5$l$^$9!#0-MQ$5$l$J$$$?$a$K!"MxMQ$,=*$C$?$iI,$:\e(BWeb\e$B%V%i%&%6$r=*N;$7$F$/$@$5$$!#\e(B
</P>
-<P>
-\e$B?^=q4[$N@lMQC<Kv$G=*N;$9$k$K$O!"2hLL:8>eC<$N\e(BFile\e$B%a%K%e!<$+$i!VJD$8$k!W$rA*$s$GA4$F$N%&%$%s%I%&$rJD$8$F$/$@$5$$!#\e(B
-</P>
<HR>
<P>\e$B:42lBg3X4X78%5%$%H\e(B</P>
<A HREF="http://www.saga-u.ac.jp/">\e$BBg3X8x<0%Z!<%8\e(B</A>
-<A HREF="http://www.cc.saga-u.ac.jp/">\e$B3X=Q>pJs=hM}%;%s%?!<$N%Z!<%8\e(B</A>
+<A HREF="http://www.cc.saga-u.ac.jp/">\e$BAm9g>pJs4pHW%;%s%?!<$N%Z!<%8\e(B</A>
(<A HREF="http://webmailer.cc.saga-u.ac.jp/">\e$B%&%'%V%a%$%i!<\e(B</A>)
-<A HREF="http://www.domino.lib.saga-u.ac.jp/">\e$BBg3XIUB0?^=q4[$N%Z!<%8\e(B</A>
+<A HREF="http://www.lib.saga-u.ac.jp/">\e$BBg3XImB0?^=q4[$N%Z!<%8\e(B</A>
<A HREF="http://job.admin.saga-u.ac.jp/">\e$BBg3X="?&AjCL<<$N%Z!<%8\e(B</A>
+<A HREF="http://www.sagadirect.net/index.php/">SAGA\e$B%@%$%l%/%H\e(B</A>
</P>
<HR>
-<P>\e$B8!:w%(%s%8%s\e(B</P>
-<a href="http://jp.excite.com/">Exite Japan</a>
+<P>\e$B8!:w%(%s%8%s\e(B&\e$B%]!<%?%k%5%$%H\e(B</P>
+<a href="http://www.yahoo.co.jp/">Yahoo! Japan</a>
+<a href="http://www.google.com/">Google</a>
+<a href="http://www.excite.co.jp/">Exite Japan</a>
<a href="http://www.goo.ne.jp/">Goo</a>
<a href="http://www.infoseek.co.jp/">Infoseek</a>
-<a href="http://navi.ocn.ne.jp/">NTT Directory</a>
-<a href="http://www.lycos.co.jp/">Lycos</a>
-<a href="http://www.msn.co.jp/home.htm">MSN</a>
+<a href="http://www.ocn.ne.jp/">OCN</a>
+<a href="http://www.msn.co.jp/">MSN</a>
<a href="http://www.fresheye.com/">Fresheye</a>
-<BR>
-<a href="http://odin.ingrid.org/">ODIN</a>
-<a href="http://www.jp.opentext.com/indexb.html">Open Text Index</a>
+<a href="http://www.livedoor.com/">Livedoor</a>
<a href="http://www.isize.com/">ISIZE</a>
-<a href="http://www.csj.co.jp/">CSJ</a>
-<a href="http://www.inetg.com/">iNET</a>
-<a href="http://www.wave.co.jp/wave/">Wave Navi</a>
-<a href="http://www.yahoo.co.jp/">Yahoo Japan</a>
-<BR>
-<a href="http://www.altavista.com/">Altavista</a>
-<a href="http://www.google.com/">Google</a>
+
</BODY>
<BODY>
-<H1 align=center>\e$B%M%C%H%o!<%/MxMQG'>Z\e(B</H1>
+<H1 align=center>\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</H1>
<hr>
[<a href="http://%%AUTHCGIURL%%?%%ADDR4%%&en">English version</a>]
<hr>
</HEAD>
<BODY>
<P>
-\e$B>pJs$N<hF@$K<:GT$7$^$7$?!#\e(B
+IPv4\e$B%"%I%l%9>pJs$N<hF@$K<:GT$7$^$7$?!#\e(B
\e$B0J2<$r9T$o$J$$$G$/$@$5$$!#\e(B
<UL>
<LI>\e$B%V%i%&%6$KK\%5%$%H$N\e(BURL\e$B$r<jF~NO$7$F%"%/%;%9$9$k!#\e(B</LI>
<P>
<A HREF=%%EXTERNALURL%%><H3>\e$B30It%5%$%H$+$i:F3+\e(B</H3></A>
</P>
+<HR>
+<SMALL>
+<P>
+IPv4\e$B%"%I%l%9$,ITMW$N>l9g$O0J2<$rMxMQ2<$5$$!#\e(B
+</P>
+<P>
+<a href="https://%%AUTHCGIURL%%?0-0-0&ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</a> <a href="http://%%AUTHCGIURL%%?0-0-0&ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z!J\e(BSSL\e$BHsBP1~!K\e(B</a>
+</P>
+</SMALL>
</BODY>
</HTML>
char durationStr[WORDMAXLN];
char langList[BUFFMAXLN];
char encodeAddr4[ADDRMAXLN];
+ char accessAddr[ADDRMAXLN];
+ int ret;
/* get content sent from web input */
if(getenv("CONTENT_LENGTH")==NULL)return FALSE;
}
/* convert duration string to interger and minutes to seconds */
- *durationPtr = atoi(durationStr)*60;
+ *durationPtr = atoi(durationStr)*60;
+
+ /* encoded address starting as "0-0-0" means no addr info */
+ /* it indicates needless to get dual stack addresses */
+ /* and only use getenv("REMOTE_ADDR") address */
+ if(strnstr(encodeAddr4, "0-0-0", ADDRMAXLN)==encodeAddr4){
+ clientAddr4[0]='\0';
+ }
/* decode client address to dot separated form */
- if(AddrDecode(clientAddr4, encodeAddr4)==1){
+ else if(AddrDecode(clientAddr4, encodeAddr4)==1){
/* if can't decode, retry */
return FALSE;
}
+ /* if the decoded IPv4 addr is not same as access IPv4 addr, use later */
+ strncpy(accessAddr, getenv("REMOTE_ADDR"), ADDRMAXLN);
+ if((strnstr(accessAddr, ".", ADDRMAXLN)!=NULL) /* access is IPv4 */
+ && strncmp(accessAddr, clientAddr4, ADDRMAXLN)!=0){ /* and not same */
+ strncpy(clientAddr4, accessAddr, ADDRMAXLN);
+ }
return TRUE;
}
+
+
/*********************************************/
/* deny message to the client */
/*********************************************/
FILE *fp;
char retrydoc[BUFFMAXLN];
char externalUrl[BUFFMAXLN];
+ char authCgiUrl[BUFFMAXLN];
/* keyword pairs */
/* the left key is replaced by the right value */
struct html_key keys[]=
{
{"%%EXTERNALURL%%", externalUrl},
+ {"%%AUTHCGIURL%%", authCgiUrl},
{"",""} /* DON'T REMOVE THIS LINE */
};
- /* create URL string */
+ /* create external URL string */
strncpy(externalUrl, GetConfValue("ExternalUrl"), sizeof(externalUrl));
- /* make path to the retry document */
+ /* create authcgi URL string */
+ snprintf(authCgiUrl, sizeof(authCgiUrl), "%s%s%s/%s",
+ GetConfValue("OpengateServerName"),
+ GetConfValue("CgiDir"),
+ GetConfValue("OpengateDir"),
+ GetConfValue("AuthCgi"));
+
+ /* make read in path to the retry document */
sprintf(retrydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),lang,GetConfValue("RetryDoc"));
/* exec ipfw del */
if(Systeml(GetConfValue("IpfwPath"),"del",pClientAddr->ruleNumber,(char *)0) != 0){
- err_quit("ERR in comm-ipfw: exec ipdw del error");
+ err_quit("ERR in comm-ipfw: exec ipfw del error");
}
timeOut = time(NULL);
Signal(SIGALRM, sigfunc);
/* is it from the correct client addr */
- GetPeerAddr(connfd, connectAddr);
- if(ipType==IPV4){
+ /* the check is skipped for IPv6 */
+ if(ipType==IPV4 && ipStatus!=IPV6ONLY){
+ GetPeerAddr(connfd, connectAddr);
if(strcmp(connectAddr, clientAddr4)!=0){
close(connfd);
continue;
}
- }else{
- if(strcmp(connectAddr, clientAddr6)!=0){
- close(connfd);
- continue;
- }
}
+
/* set short delay alarm for read in */
sigfunc=Signal(SIGALRM, delayAlarm);
alarm(COMMWAITTIMEOUT);
/* check enable IP versions */
CheckIpVersions();
+
/* get MAC address from arp and ndp */
GetMacAddr();
err_msg("OPEN: user %s from %s at %s", userid, clientAddr6, macAddr6);
/* create new address list. head and tail pointer point the same item. */
- pClientAddr = CreateAddrListItem(clientAddr4,ruleNumber4,IPV4);
+ pClientAddr = CreateAddrListItem(clientAddr6,ruleNumber6,IPV6);
pLastClientAddr = pClientAddr;
}
return TRUE;
char* pAddr4; /* pointer to addr4 string */
char authCgiUrl[BUFFMAXLN]; /* url of opengateauth.cgi */
char mainCgiUrl[BUFFMAXLN]; /* url of opengatesrv.cgi */
-
+ char remoteAddr[ADDRMAXLN]; /* remote address */
/* keyword pairs */
/* the left key is replaced by the right value */
struct html_key keys[]=
GetConfValue("OpengateDir"),
GetConfValue("MainCgi"));
- /* get default language at the top of lang list */
- sscanf(GetConfValue("HtmlLangs"), "%s", lang);
-
- /* if cannot get parameters, retry */
- if(getenv("QUERY_STRING")==NULL){
- PutClientRetry(lang);
- CloseConfFile();
- return 0;
- }
- /* get html access parameter string (xx.cgi?addr4&lang) */
- strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
+ /* if has paremeters, */
+ if(getenv("QUERY_STRING")!=NULL){
+
+ /* get html access parameter string (xx.cgi?addr4&lang) */
+ strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
+
+ }else{
+ /* if not get param, set as null */
+ paramString[0]='\0';
+ }
/* split language and address */
- pAddr4 =strtok(paramString, "&");
- pLang = strtok(NULL, "&");
-
- /* if get abnormal parameters, retry */
- if(isNull(pAddr4)||isNull(pLang)){
- PutClientRetry(lang);
- CloseConfFile();
- return 0;
+ pAddr4=paramString;
+ pLang=strnstr(paramString, "&", BUFFMAXLN);
+ if(pLang!=NULL){
+ *pLang='\0';
+ pLang++;
}
/* copy clientAddr(encoded) */
- strncpy(clientAddr, pAddr4, ADDRMAXLN);
+ if(isNull(pAddr4)){
+ clientAddr[0]='\0';
+ }else{
+ strncpy(clientAddr, pAddr4, ADDRMAXLN);
+ }
/* get language and check its correctness */
- if(pLang!=NULL && strstr(GetConfValue("HtmlLangs"), pLang)!=NULL){
+ if(!isNull(pLang) && strstr(GetConfValue("HtmlLangs"), pLang)!=NULL){
/* if corrrect, set it */
strncpy(lang, pLang, WORDMAXLN);
+ }else{
+
+ /* if not correct, get default language at the top of lang list */
+ sscanf(GetConfValue("HtmlLangs"), "%s", lang);
}
/* send out header */
int main(int argc, char **argv)
{
-
char htmlFile[BUFFMAXLN]=""; /* html file */
char clientAddr[ADDRMAXLN]=""; /* client ip address */
char encodeAddr[ADDRMAXLN]=""; /* encoded ip address */
if(debug) err_msg("DEBUG: started");
- /* create URL string */
+ /* create authcgi URL string */
snprintf(authCgiUrl, sizeof(authCgiUrl), "%s%s%s/%s",
GetConfValue("OpengateServerName"),
GetConfValue("CgiDir"),
GetConfValue("OpengateDir"),
GetConfValue("AuthCgi"));
- /* get default language at the top of language list */
- sscanf(GetConfValue("HtmlLangs"), "%s", lang);
-
- /* if no parameters, retry */
- if(getenv("QUERY_STRING")==NULL){
- PutClientRetry(lang);
- CloseConfFile();
- return 0;
- }
+ /* get lang from httpd */
+ strncpy(lang, getenv("QUERY_STRING"), BUFFMAXLN);
- /* get language and check its correctness */
- if(strstr(GetConfValue("HtmlLangs"), getenv("QUERY_STRING"))!=NULL){
+ /* if not get, use default lang at the top of lang list */
+ if(isNull(lang)){
+ sscanf(GetConfValue("HtmlLangs"),"%s",lang);
+ }
- /* if corrrect, set it */
- strncpy(lang,getenv("QUERY_STRING"),WORDMAXLN);
+ /* if the lang is not registered in lang list, set the default lang */
+ else if(strstr(GetConfValue("HtmlLangs"), lang)==NULL){
+ sscanf(GetConfValue("HtmlLangs"),"%s",lang);
}
/* get client address */
strncpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
- /* encode the address */
+ /* encode the address(if IPv6 addr, fail) */
if(AddrEncode(encodeAddr, clientAddr)==1){
- /* if can't encode, retry */
- PutClientRetry(lang);
- CloseConfFile();
- return 0;
+ encodeAddr[0]='\0';
}
- /* construct html file path */
+ /* construct readin html file path */
snprintf(htmlFile,sizeof(htmlFile), "%s%s/%s/%s",
GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),