<DD>\r
Remove close-error message. Modify QA document.\r
</DD>\r
+<DT>\r
+Ver.1.3.15 at 2006.10.14</DT>\r
+<DD>\r
+Fix browser's long waiting after sending accept page. And other small bugs.\r
+</DD>\r
</DL>\r
<b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
</BODY>\r
<UL>\r
<LI>\r
When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little. \r
-</LI><P></P>\r
+</LI>\r
\r
<LI>\r
Opengate uses following files, where the directorys are default. Is these files correctly settled.\r
/var/log/opengate.log<br>\r
And Opengate creates a lock file [/tmp/opengate.lock] at execution. \r
It can be removed.\r
-</LI><P></P>\r
+</LI>\r
\r
<LI>\r
Please understand the basic flow of the system by reading <A href="../progflow.html" >the description of system flow</A> and <A href="../protocol.txt">Protocol between applications</A>.\r
-</LI><P></P>\r
+</LI>\r
\r
<LI>\r
-Test programs are prepared as opengatesrv/test-*. </LI><P></P>\r
+Test programs are prepared as opengatesrv/test-*. </LI>\r
\r
<LI>\r
Opengate put out info and error log to /var/log/opengate.log.\r
At error, see the log file. If you set Debug switch to 1 in /etc/opengate/opengatesrv.conf, many debug info is dumped to the log file. See also the Apache log and system log.\r
-</LI><P></P>\r
+</LI>\r
+\r
+<LI>Configuration file is /etc/opengate/opengatesrv.conf. Processing of 'make install' creates /etc/opengate/opengatesrv.conf.sample. Copy this to opengatesrv.conf. As the configuration parameters are changed between versions, do not use the file of different version.</LI>\r
</UL>\r
<hr>\r
Following is the list of errors and the descriptions at each execution step in the form as;\r
<h4>F.4 Setup of ipfw<A class=anchor href="#opengate4" name=opengate4>\81õ</A></h4>\r
\r
<p>Write ipfw rules for for Opengate. This is example "rc.firewall".</p>\r
+<p>From FreeBSD6.1, IPFW supports IPv6. The IPFW rule used in Opengate is affected by this change. See <a href="http://www.cc.saga-u.ac.jp/opengate/newipfw-e.html>Setting of IPFW on FreeBSD6.1 or Later</a> for detail.</p>\r
\r
<table><tr><td><pre>\r
### set these to your outside interface network and netmask and ip\r
<!-- ************ 5 ************** -->\r
<h4>F.5 Setup of ip6fw<A class=anchor href="#opengate5" name=opengate5>\81õ</A></h4>\r
\r
-<p>Write ipfw rules for for Opengate. This is example "rc.firewall6". \r
-</p>\r
+<p>Write ipfw rules for for Opengate. This is example "rc.firewall6". </p>\r
+<p>From FreeBSD6.1, IPFW supports IPv6. The IPFW rule used in Opengate is affected by this change. See <a href="http://www.cc.saga-u.ac.jp/opengate/newipfw-e.html>Setting of IPFW on FreeBSD6.1 or Later</a> for detail.</p>\r
\r
<table><tr><td><pre>\r
### set these to your outside interface network and prefixlen and ip\r
</LI><P></P>\r
\r
<LI>\r
-\95Ê\82É\81A<A href="../progflow.html" >\83v\83\8d\83O\83\89\83\80\83t\83\8d\81[\89ð\90à</A>\82Æ<A href="../protocol.txt" >\8aÖ\98A\83\\83t\83g\8aÔ\82Ì\83v\83\8d\83g\83R\83\8b</A>\82ð\97p\88Ó\82µ\82Ä\82¢\82Ü\82·\81B\83v\83\8d\83O\83\89\83\80\82Ì\8aî\96{\93I\82È\93®\82«\82ð\94c\88¬\82µ\82Ä\82\82¾\82³\82¢\81B</LI><P></P>\r
+\95Ê\82É\81A<A href="../progflow.html" >\83v\83\8d\83O\83\89\83\80\83t\83\8d\81[\89ð\90à</A>\82Æ<A href="../protocol.txt" >\8aÖ\98A\83\\83t\83g\8aÔ\82Ì\83v\83\8d\83g\83R\83\8b</A>\82ð\97p\88Ó\82µ\82Ä\82¢\82Ü\82·\81B\83v\83\8d\83O\83\89\83\80\82Ì\8aî\96{\93I\82È\93®\82«\82ð\94c\88¬\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
\r
<LI>\r
-\82Ü\82½\81A\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\82ª\81A\8eg\82¢\95û\82Í\83\\81[\83X\82ð\8c©\82Ä\82\82¾\82³\82¢\81B</LI><P></P>\r
+\82Ü\82½\81A\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\82ª\81A\8eg\82¢\95û\82Í\83\\81[\83X\82ð\8c©\82Ä\82\82¾\82³\82¢\81B</LI>\r
\r
<LI>\r
-/var/log/opengate.log\82É\8aJ\95ú\81A\95Â\8d½\82Ì\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8fo\97Í\82µ\82Ü\82·\81B\83G\83\89\81[\82Ì\8fê\8d\87\82Í\82±\82Ì\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B/etc/opengate/opengatesrv.conf\93à\82ÌDebug\82ð1\82É\82·\82é\82Æ\81A\83f\83o\83b\83O\82Ì\82½\82ß\82Ì\8fî\95ñ\82ð\91å\97Ê\82É\8fo\82·\82æ\82¤\82É\82È\82è\82Ü\82·\81B\82Ü\82½\81AApache\82Ì\83\8d\83O\82â\83V\83X\83e\83\80\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B</LI><P></P>\r
+/var/log/opengate.log\82É\8aJ\95ú\81A\95Â\8d½\82Ì\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8fo\97Í\82µ\82Ü\82·\81B\83G\83\89\81[\82Ì\8fê\8d\87\82Í\82±\82Ì\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B/etc/opengate/opengatesrv.conf\93à\82ÌDebug\82ð1\82É\82·\82é\82Æ\81A\83f\83o\83b\83O\82Ì\82½\82ß\82Ì\8fî\95ñ\82ð\91å\97Ê\82É\8fo\82·\82æ\82¤\82É\82È\82è\82Ü\82·\81B\82Ü\82½\81AApache\82Ì\83\8d\83O\82â\83V\83X\83e\83\80\83\8d\83O\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+\r
+<LI>/etc/opengate/opengatesrv.conf\82ª\90Ý\92è\83t\83@\83C\83\8b\82Å\82·\81Bmake install\82Å\82Í\81A/etc/opengate/opengatesrv.conf.sample\82ª\8dì\82ç\82ê\82Ü\82·\82Ì\82Å\81A\82±\82ê\82ðopengatesrv.conf\82É\83R\83s\81[\82µ\82Ä\82\82¾\82³\82¢\81B\90Ý\92è\83t\83@\83C\83\8b\82Í\81A\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\90Ý\92è\8d\80\96Ú\82Ì\91\9d\8c¸\82ª\82 \82è\82Ü\82·\82Ì\82Å\81A\91Î\89\9e\82·\82é\83o\81[\83W\83\87\83\93\82Ì\82à\82Ì\82ð\8eg\82Á\82Ä\82\82¾\82³\82¢\81B</LI>\r
+\r
</UL>\r
<hr>\r
\88È\89º\81A\8ae\93®\8dì\82É\82Â\82¢\82Ä\81A\82»\82Ì\8e\9e\82Ì\83G\83\89\81[\8fó\8bµ\82Æ\91Î\89\9e\82ð\97ñ\8b\93\82µ\82Ü\82·\81B\r
</UL>\r
\r
</UL>\r
-<P></P>\r
+\r
<!-- ******************** -->\r
\r
<LI>\8e\9f\82Éopengateauth.cgi\82ª\93®\8dì\82µ\82Ä\81Aindex.html\82Ìkeyword\82ð\92u\82«\8a·\82¦\82½<a href=../pict/auth.jpg>\94F\8fØ\97v\8b\81\83y\81[\83W</a>\82ð\91\97\82è\8fo\82·\81B\82±\82Ì\83y\81[\83W\82Í\94F\8fØ\97v\8b\81\82ð\95\\8e¦\82·\82é\81B</LI>\r
\r
<p>\r
Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\88È\89º\82É\8bL\8fq\82·\82é\83\8b\81[\83\8b\82Ì\97á\82ð\8e¦\82·\81B</p>\r
+<p>\92\8d\88Ó\81FFreeBSD6.1\82©\82çipfw\82ªIPv6\82É\91Î\89\9e\82µ\82½\94Å\82É\82È\82Á\82½\82½\82ß\81AOpengate\82Ìipfw\83\8b\81[\83\8b\82à\89e\8b¿\82ð\8eó\82¯\82é\81B<a href="http://www.cc.saga-u.ac.jp/opengate/newipfw.html">FreeBSD6.1\88È\8d~\82Å\82Ìipfw\90Ý\92è</a>\82ð\8eQ\8fÆ\82Ì\82±\82Æ\81B</p>\r
\r
<table><tr><td><pre>\r
### set these to your outside interface network and netmask and ip\r
\r
<p>\r
\82±\82ê\82ÍIPv6\83p\83P\83b\83g\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\90Ý\92è\82Å\82 \82è\81AIPv6\8b@\94\\82ð\97\98\97p\82µ\82È\82¢\8fê\8d\87\82Í\95s\97v\82Å\82 \82é\81BOpengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\88È\89º\82É\8bL\8fq\82·\82×\82«\83\8b\81[\83\8b\82Ì\97á\81i/etc/rc.firewall6\81j\82ð\8e¦\82·\81B</p>\r
+<p>\92\8d\88Ó\81FFreeBSD6.1\82©\82çipfw\82ªIPv6\82É\91Î\89\9e\82µ\82½\94Å\82É\82È\82Á\82½\82½\82ß\81AOpengate\82Ìipfw\83\8b\81[\83\8b\82à\89e\8b¿\82ð\8eó\82¯\82é\81B<a href="http://www.cc.saga-u.ac.jp/opengate/newipfw.html">FreeBSD6.1\88È\8d~\82Å\82Ìipfw\90Ý\92è</a>\82ð\8eQ\8fÆ\82Ì\82±\82Æ\81B</p>\r
\r
<table><tr><td><pre>\r
### set these to your outside interface network and prefixlen and ip\r
CGIPATH = /usr/local/www/cgi-bin/opengate
CONFIGPATH = /etc/opengate
-CFLAGS=
+CFLAGS= -O4 -Wall
LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml
OBJS = utilities.o comm-auth.o comm-cgi.o comm-java.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o
MAINPROGO = main.o
/* the string has the from as [encodeAddress-checkDigit-TimeNow] */
if(!illform){
snprintf(encodeAddr, ADDRMAXLN,
- "%u-%d-%d", address,checkDigit, time(NULL));
+ "%lu-%d-%d", address,checkDigit, time(NULL));
}else{
- snprintf(encodeAddr, ADDRMAXLN, "");
+ encodeAddr[0]='\0';
}
return illform;
time_t encodeTiming, diffTime;
/* convert string to integer */
- if(sscanf(encodeAddr, "%u-%d-%d", &address, &checkDigit, &encodeTiming)!=3){
+ if(sscanf(encodeAddr, "%lu-%d-%d", &address, &checkDigit, &encodeTiming)!=3){
illform=1;
}
if(!illform){
snprintf(dotSepAddr, ADDRMAXLN, "%d.%d.%d.%d", ad[3], ad[2], ad[1], ad[0]);
}else{
- snprintf(dotSepAddr, ADDRMAXLN, "");
+ dotSepAddr[0]='\0';
}
return illform;
Apache module mod_auth_pam.c by Ingo Luetkebohle
*/
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
#include "opengatesrv.h"
/*****************************************/
Apache module mod_auth_pam.c by Ingo Luetkebohle
*/
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
#include "opengatesrv.h"
/*************************/
char *value[1];
char *next[1];
char *ptr;
- int item;
char durationStr[WORDMAXLN];
char langList[BUFFMAXLN];
char encodeAddr4[ADDRMAXLN];
char accessAddr[ADDRMAXLN];
- int ret;
/* get content sent from web input */
if(getenv("CONTENT_LENGTH")==NULL)return FALSE;
/*********************************************/
void putClientDeny(char *clientAddr4)
{
- FILE *fp;
char denydoc[BUFFMAXLN];
char authCgiUrl[BUFFMAXLN];
char encodeAddr[ADDRMAXLN];
/*********************************************/
void putClientRetry(char *lang)
{
- FILE *fp;
char retrydoc[BUFFMAXLN];
char externalUrl[BUFFMAXLN];
char authCgiUrl[BUFFMAXLN];
int markfound=0;
char acceptdoc[BUFFMAXLN];
char acceptdoc2url[BUFFMAXLN];
- char *ptr;
char terminateurl[BUFFMAXLN];
char *startPageUrl=GetConfValue("StartPage/Url");
printf("IPv4 address : [%s]\r\n",clientAddr4);
printf("</td></tr>\r\n");
printf("</table>\r\n");
- }else if(ipStatus=IPV46DUAL){
+ }else if(ipStatus==IPV46DUAL){
printf("<table border=0>\r\n");
printf("<tr><td>\r\n");
printf("IPv4 address : [%s]\r\n",clientAddr4);
int fd;\r
int ret=0;\r
int retNum;\r
- int ruleCount;\r
- int ruleNumber;\r
\r
Sigfunc *defaultSigFunc;\r
\r
int waitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int ipStatus, struct clientAddr *pClientAddr)
{
socklen_t len;
- fd_set rfd, rfd0; /* fd_set for select */
- int n,i; /* counter */
+ fd_set rfd0; /* fd_set for select */
+ int n; /* counter */
int smax; /* select max descliptor */
- int ipType; /* using IP type */
+ int ipType=IPV4; /* using IP type */
struct sockaddr_storage cliaddr; /* client IP adddress */
char buff[BUFFMAXLN]; /* read in buffer */
Sigfunc *sigfunc; /* signal function save */
char *startp;
char buf[BUFFMAXLN];
char tmpAddr[ADDRMAXLN]="";
- int pid;
struct clientAddr *tmp1, *tmp2, *lastAddr;
/* exec ndp */
/* get IPv6 address from above string */
/* clear active status for IPv6 address */
- tmp1=pClientAddr;
+ lastAddr=tmp1=pClientAddr;
while(tmp1!=NULL){
if(tmp1->ipType==IPV6) tmp1->activeStatus=FALSE;
lastAddr=tmp1;
FILE *fpipe;
char buf[BUFFMAXLN];
char *startp;
- char *endp;
macAddr6[0]='?';
macAddr6[1]='\0';
int openClientGate(char *clientAddr4, char *macAddr4, char *clientAddr6, char *macAddr6, char *userid, char *userProperty, int ipStatus)
{
int ret;
- struct clientAddr *pLastClientAddr;
+ struct clientAddr *pLastClientAddr=NULL;
int overlapRule4=0, overlapRule6=0;
switch(ipStatus){
}else{
/* other parameters must be set */
- err_msg("ERR at %s#%d: cannot get %s",__FILE__,__LINE__,name);
+ err_msg("ERR at %s#%d: cannot get %s from conf file. Is it new?",__FILE__,__LINE__,name);
}
}
{
char* delimPoint = strstr(str,delimStr);
const size_t delimLen = strlen(delimStr);
- size_t i;
if(delimPoint == NULL) return NULL;
else{
char htmlFile[BUFFMAXLN]=""; /* html file */
char lang[WORDMAXLN]=""; /* language */
- char referer[BUFFMAXLN]=""; /* HTTP referer */
char clientAddr[ADDRMAXLN]=""; /* client ip address */
char paramString[BUFFMAXLN]=""; /* parameters in html access */
char* pLang; /* pointer to language string */
char* pAddr4; /* pointer to addr4 string */
char authCgiUrl[BUFFMAXLN]; /* url of opengateauth.cgi */
char mainCgiUrl[BUFFMAXLN]; /* url of opengatesrv.cgi */
- char remoteAddr[ADDRMAXLN]; /* remote address */
char durationMax[WORDMAXLN]; /* usage duration maximum */
/* keyword pairs */
#include <sys/signal.h>
#include <regex.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
/***************** constants ***********************/
/* Configuration file for opengate */
/* utilities */
ssize_t readln(int fd, void *ptr, size_t maxlen);
void Writefmt(int fd, const char *fmt, ...);
+ssize_t
+readlnSSL(SSL *fd, void *vptr, size_t maxlen);
+void WritefmtSSL(SSL *fd, const char *fmt, ...);
int Lock(int fd);
int Unlock(int fd);
FILE *Popenl(const char *type, const char *path, ...);
char clientAddr6[100]="::1";
char userID[100]="user1";
char extraID[100]="default";
- char dummy[100];
int duration=60;
struct clientAddr ClientAddr;
struct clientAddr *pClientAddr;
printf("Enter extraID(if you do not want to use extraID, enter as [default])=");
scanf("%s", extraID);
- setupConfExtra(userID, extraID);
+ SetupConfExtra(userID, extraID);
printf("Enter Parameter name (eg, Authserver/protocol)=");
scanf("%s", name);
- printf("%s\n", getConfValue(name));
- closeConfFile();
+ printf("%s\n", GetConfValue(name));
+ CloseConfFile();
return 0;
}
return;
}
-
-void WritefmtSSL(int fd, const char *fmt, ...)
+void WritefmtSSL(SSL *fd, const char *fmt, ...)
{
char buff[BUFFMAXLN];
va_list ap;
ssize_t
-readlnSSL(int fd, void *vptr, size_t maxlen)
+readlnSSL(SSL *fd, void *vptr, size_t maxlen)
{
ssize_t n, rc;
char *ptr,c;
/* if ((ret=close(fd)) == -1)
* err_msg("close error");
*/
- return ret;
+
+ ret=close(fd);
+
+ return ret;
}
pid_t