From 436486d38bf8907995fe525904890c946360fdf6 Mon Sep 17 00:00:00 2001
From: watanaby <>
Date: Thu, 19 Oct 2006 03:17:54 +0000
Subject: [PATCH] Ver.1.4.2: Ignore Http watch mode on HTTP/1.0 browsers.

---
 opengate/conf/ipfwctrl.pl       | 75 -----------------------------------------
 opengate/doc/Changes.html       |  5 +++
 opengate/opengatesrv/comm-cgi.c | 32 +++++++++++++-----
 3 files changed, 28 insertions(+), 84 deletions(-)
 delete mode 100644 opengate/conf/ipfwctrl.pl

diff --git a/opengate/conf/ipfwctrl.pl b/opengate/conf/ipfwctrl.pl
deleted file mode 100644
index c0de513..0000000
--- a/opengate/conf/ipfwctrl.pl
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/usr/bin/perl -U
-
-### Firewall control perl script drived by opengatesrv.cgi ###
-
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr,$userproperty)=@ARGV;
-close STDOUT; close STDERR; close STDIN;
-
-system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","$clientaddr","to","any";
-
-system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","any","to","$clientaddr";
-
-
-exit 0;
-__END__
-########### Above line is the end of interpreting#############
-
-                  PARAMETERS
-
- $ipfwpath  = path to ipfw command
- $rulenumber= ipfw rule number. one number for one client
- $clientaddr= client machine's IP address
- $userid    = user's ID.  Auth server ID is attached, if entered.
- $macaddr   = MAC address for the client machine
- $userproperty = user property acquired from user database
-                   (Need to edit comm-userdb.c to use this option).
-
-                   CAUTIONS
-
-*Be care to execute quickly and without delay. 
- This script runs in EXCLUSIVE mode. 
-
-*Be care to add least rule set. 
- The rules are added PER each client. 
-
-*Be care to eliminate bug and security hole.
- At modification, debug it perfectly in stand along mode.
-
-*If possible, the rule should be written in rc.firewall.
- Following can be written in rc.firewall
-  Deny some protocol though authentication passed.
-  Allow to access some server without authentication.
-
-*Following might be written in this script.
-  Deny guest users to access internal network.
-  Deny a client having specific MAC address.
-  Forward some service to proxy server after authentication.
-  (Last one might be written in rc.firewall as the rule of other 
-   side interface which is not used by opengate)
-
-                SIMPLE SCRIPT
-
-If you are confused, return to the following default script.
-=====================================================
-#!/usr/bin/perl
-
-# get parameters
-($ipfwpath,$rulenumber,$clientaddr,$userid,$macaddr)=@ARGV;
-
-# close web server I/O
-close STDOUT; close STDERR; close STDIN;
-
-# allow all packets incomming to the client.
-system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","any","to","$clientaddr";
-
-# allow all packets outgoing from the client.
-system "$ipfwpath","-q","add","$rulenumber",
-    "allow","ip","from","$clientaddr","to","any";
-
-exit 0;
-__END__
-======================================================
-
diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html
index 26b92bf..cee202e 100644
--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -488,6 +488,11 @@ Ver.1.4.1 at 2006.10.18</DT>
 <DD>
 Change JavaScript to run on some systems.
 </DD>
+<DT>
+Ver.1.4.2 at 2006.10.19</DT>
+<DD>
+Ingore Http watch mode on HTTP/1.0 browser.
+</DD>
 
 </DL>
 <b>Please see CVS in SourceForge.net to check the file difference between versions.</b>
diff --git a/opengate/opengatesrv/comm-cgi.c b/opengate/opengatesrv/comm-cgi.c
index 44bd860..b2e95b5 100644
--- a/opengate/opengatesrv/comm-cgi.c
+++ b/opengate/opengatesrv/comm-cgi.c
@@ -265,31 +265,45 @@ void putClientAccept(char *userid, int port, int pid, char *clientAddr4, char *c
   char terminateurl[BUFFMAXLN];
   char httpkeepUrl[BUFFMAXLN];
   char portStr[WORDMAXLN];
+  char *acceptDoc;
 
   char *startPageUrl=GetConfValue("StartPage/Url");
   int startPageType=atoi(GetConfValue("StartPage/Type"));
   char *opengateDir=GetConfValue("OpengateDir");
 
-  /* create path to acceptdoc */
+  /* select proper accept doc */
   switch(watchMode[0]){
+
+    /* HTTP watch mode */
   case 'H':
-    snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	  GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocHttp"));
+    /* HTTP Keep-Alive is not standard in http/1.0 */
+    if(strcmp(getenv("SERVER_PROTOCOL"),"HTTP/1.0")!=0){
+      acceptDoc=GetConfValue("AcceptDocHttp");
+    } else {
+      acceptDoc=GetConfValue("AcceptDocJava");
+    }
     break;
+
+    /* JAVA watch mode */
   case 'J':
-    snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	 GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocJava"));
+    acceptDoc=GetConfValue("AcceptDocJava");
     break;
+
+    /* TIMEOUT watch mode */
   case 'T':
-    snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	 GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocTime"));
+    acceptDoc=GetConfValue("AcceptDocTime");
     break;
+
   default:
     err_msg("ERR at %s#%d: Unknown watch mode [%s]",__FILE__,__LINE__,watchMode); 
-    snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
-	 GetConfValue("OpengateDir"),language,GetConfValue("AcceptDocJava"));
+    acceptDoc=GetConfValue("AcceptDocJava");
   }
 
+  /* create path to acceptdoc */
+  snprintf(acceptdoc, BUFFMAXLN, "%s%s/%s/%s",GetConfValue("DocumentRoot"),
+	 GetConfValue("OpengateDir"),language,acceptDoc);
+
+
   snprintf(acceptdoc2url, BUFFMAXLN, 
 	  "http://%s%s/%s/%s",GetConfValue("OpengateServerName"),
 	  GetConfValue("OpengateDir"),language,GetConfValue("AcceptDoc2"));
-- 
2.11.0