along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-Email: watanaby@is.saga-u.ac.jp
-support page: http://www.cc.saga-u.ac.jp/opengate/index-e.html
+Email:
+ watanaby@is.saga-u.ac.jp
+ watanaby@users.osdn.jp
+support page:
+ http://www.cc.saga-u.ac.jp/opengate/index-e.html
+ http://opengate.osdn.jp/index.html.en
+
-----------------------------------------------------
install documentation is in doc
doc/ Documentation files
Changes.html Change log
GPL.txt GNU General Public License
- progflow.html Program flow
- protocol.txt Protocol between related applications
-
- en/ & ja/ documentation for each language
- install.html Instruction for installation
- qa.html Questions and answers(not up to date)
- errcheck.html Error checking list(not up to date)
javahtml/ Client Java Applet and HTML files
index.html.var Document selector placed in DocumentRoot
<!-- #########################################################
## Opengate gateway server hostname(FQDN or IP address)## -->
- <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
+ <OpengateServerName>opengate.example.com</OpengateServerName>
<!-- #######################################################
## Authentication servers (can set multiple servers) ##
$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
### Allow from / to myself
-$fwcmd add pass all from ${iip} to any via ${iif}
-$fwcmd add pass all from ${oip} to any via ${oif}
-$fwcmd add pass all from any to ${iip} via ${iif}
-$fwcmd add pass all from any to ${oip} via ${oif}
-$fwcmd add pass all from ${iip6} to any via ${iif}
-$fwcmd add pass all from ${oip6} to any via ${oif}
-$fwcmd add pass all from any to ${iip6} via ${iif}
-$fwcmd add pass all from any to ${oip6} via ${oif}
+$fwcmd add pass all from me to any
+$fwcmd add pass all from any to me
### Allow DNS queries out in the world
### (if DNS is on localhost, delete passDNS)
$fwcmd add pass udp from fe80::/10 521 to fe80::/10 521
############Taggged rules############################
-## Opengate add following rules after authentication
-## count tag <TagNo> ip from any to <ClientAddr>
-## count tag <TagNo> ip from <ClientAddr> to any
-## <TagNo> : IpfwTagNumber in opengatesrv.conf
-## <ClientAddr> :IP address of authenticated client
+## Opengate add following rules after authentication (at Layer2 check)
+## (Need 'net.link.ether.ipfw=1' in /etc/sysctl.conf to enable L2 check)
+## count tag 123 ip from any to any MAC any <CliMac> keep-state via ..
+## count tag 123 ip from any to any MAC <CliMac> any keep-state via ..
+## 123 : Can be set as IpfwTagNumber of opengatesrv.conf
+## <CliMac> :MAC address of authenticated client
$fwcmd add 60000 allow ip from any to any tagged 123
################################################
+## At L2 check, throw all packets to L3 check after tagged
+$fwcmd add 60010 pass ip from any to any MAC any any
+
### Forwarding IPv4 http connection from unauth client
$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 80
$fwcmd add 60100 fwd localhost tcp from ${inet}:${imask} to any 443
Added checking of null language string.
Changed strncpy/strncat to strlcpy/strlcat.
</DD>
+ <DT>
+ Ver.1.5.34 at 2015.6.10
+ </DT><DD>
+ Fixed CLang warning messages. Modified ipfw rules.Moved some documents to Web.
+ </DD>
</DL>
<P>
<B>Please see CVS on SourceForge.net to check the differences between
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-CC = gcc
+# CC = gcc
AR = ar
RM = rm -f
CFLAGS = -Wall -O2
$(CC) $(CFLAGS) -c -o $@ $<
clean:
- $(RM) $(OBJS) $(LIB) $(TEST) *~
\ No newline at end of file
+ $(RM) $(OBJS) $(LIB) $(TEST) *~
else *s = '\0'; // null terminate tag name
for (i = 0; root->attr[i] && strcmp(n, root->attr[i][0]); i++);
- while (*(n = ++s + strspn(s, EZXML_WS)) && *n != '>') {
+ while (++s, *(n = s + strspn(s, EZXML_WS)) && *n != '>') {
if (*(s = n + strcspn(n, EZXML_WS))) *s = '\0'; // attr name
else { ezxml_err(root, t, "malformed <!ATTLIST"); break; }
<div id="debug">
+<h3>If you want to register this device, please click
+<a href="https://opengate.example.com/cgi-bin/opengate/opengatemown.cgi?lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">
+here.</a></h3>
+
</body>
</html>
<div id="debug">
+<h3>この端末を利用許可登録したいならば、
+<a href="https://opengate.example.com/cgi-bin/opengate/opengatemown.cgi?lang=%%LANGUAGE%%&redirectedurl=%%REDIRECTEDURL%%">ここ</a>
+をクリックしてください。</h3>
</body>
</html>
## must be matched to descriptions in html files ########
## some other parameters exist in opengatesrv.h ########
##########################################################
-WWWTOP = /usr/local/www/apache22
+WWWTOP = /usr/local/www/apache24
DOCDIR = /data
CGIDIR = /cgi-bin
OPENGATEDIR = /opengate
INSTALLCGIPATH = ${WWWTOP}${CGIDIR}${OPENGATEDIR}
MAKEDIR != pwd
-CFLAGS= -g -O4 -Wall -I/usr/local/include
+CFLAGS= -g -O3 -Wall -I/usr/local/include
.if exists(/usr/local/include/ldap.h)
LIBLDAP = -lldap -llber
char* port; /* auth server port */
SSL_CTX *ctx;
SSL *ssl;
- SSL_METHOD *meth;
+ const SSL_METHOD *meth;
/* get auth server address */
serverAddr=GetConfValue("AuthServer/Address");
char* port; /* auth server port */
SSL_CTX *ctx;
SSL *ssl;
- SSL_METHOD *meth;
+ const SSL_METHOD *meth;
/* get auth server address */
serverAddr=GetConfValue("AuthServer/Address");
int authResult;
SSL_CTX *ctx;
SSL *ssl;
- SSL_METHOD *meth;
+ const SSL_METHOD *meth;
/* get auth server address */
serverAddr=GetConfValue("AuthServer/Address");
GetConfValue("AuthCgi"));
/* create opengate dir */
- snprintf(opengateDir, BUFFMAXLN, GetConfValue("OpengateDir"));
+ snprintf(opengateDir, BUFFMAXLN, "%s", GetConfValue("OpengateDir"));
/* create encoded addr4 */
if(AddrEncode(encodeAddr, clientAddr4)==1){
};
/* create opengate Dir */
- snprintf(opengateDir, BUFFMAXLN, GetConfValue("OpengateDir"));
+ snprintf(opengateDir, BUFFMAXLN, "%s", GetConfValue("OpengateDir"));
/* create external URL string */
strlcpy(externalUrl, GetConfValue("ExternalUrl"), BUFFMAXLN);
strcat(buf, "\n");
if (daemon_proc) {
- syslog(level, buf);
+ syslog(level, "%s", buf);
} else {
fflush(stdout); /* in case stdout and stderr are the same */
fputs(buf, stderr);
if(debug>1) err_msg("DEBUG: started");
- snprintf(opengateServerName,BUFFMAXLN,GetConfValue("OpengateServerName"));
- snprintf(opengateDir,BUFFMAXLN,GetConfValue("OpengateDir"));
+ snprintf(opengateServerName,BUFFMAXLN,"%s",GetConfValue("OpengateServerName"));
+ snprintf(opengateDir,BUFFMAXLN,"%s",GetConfValue("OpengateDir"));
/* create URL string */
snprintf(authCgiUrl, BUFFMAXLN, "%s%s%s/%s",
char str[BUFFMAXLN];
/* make Http-cookie from pid&time */
- snprintf(str, BUFFMAXLN, "%d%d", getpid(),time(NULL));
+ snprintf(str, BUFFMAXLN, "%d%ld", getpid(),time(NULL));
md5hex(cookie, SIDMAXLN, str);
}