From ec6b8a072a991a65058639f99bdcd894abfdea37 Mon Sep 17 00:00:00 2001
From: watanaby <>
Date: Fri, 30 Sep 2011 00:44:50 +0000
Subject: [PATCH] Ver.1.5.14: Added NAT/Router detection using opengatemd.

---
 opengate/conf/opengatesrv.conf.sample |  3 ++
 opengate/doc/Changes.html             |  4 ++
 opengate/opengatesrv/Makefile         |  2 +-
 opengate/opengatesrv/comm-userdb.c    | 71 ++++++++++++++++++++++++++++++++++-
 opengate/opengatesrv/main.c           |  3 ++
 opengate/opengatesrv/opengatesrv.h    |  5 +--
 6 files changed, 83 insertions(+), 5 deletions(-)

diff --git a/opengate/conf/opengatesrv.conf.sample b/opengate/conf/opengatesrv.conf.sample
index ddb5da2..ed8680c 100644
--- a/opengate/conf/opengatesrv.conf.sample
+++ b/opengate/conf/opengatesrv.conf.sample
@@ -45,6 +45,9 @@
 	<!-- SQLite database file -->
 	<SqliteDb>/tmp/opengate.db</SqliteDb>
 
+	<!-- SQLite database file used by opengateMd (optional) -->
+	<SqliteDbMd>/tmp/opengatemd.db</SqliteDbMd>
+
 	<!-- Allowable duration for users to use network(seconds) -->
 	<!-- If no connection with http, network is closed after this. -->
 	<Duration>
diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html
index 24ff663..54e0592 100644
--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -687,6 +687,10 @@ Opengate History</H3>
 	Ver.1.5.13 at 2011.9.29
 	</DT><DD>
         Added Shibboleth/HttpBasic authentication.
+	</DD><DT>
+	Ver.1.5.14 at 2011.9.30
+	</DT><DD>
+	Added detection of NAT/Router using opengatemd(not yet released)
 	</DD>
 	</DL>
 <P>
diff --git a/opengate/opengatesrv/Makefile b/opengate/opengatesrv/Makefile
index 57d86a8..7a1c65b 100644
--- a/opengate/opengatesrv/Makefile
+++ b/opengate/opengatesrv/Makefile
@@ -26,7 +26,7 @@ LIBSQLITE = -lsqlite3 -lpthread
 LIBS = -lssl -lcrypto -lradius -lpam -lezxml ${LIBLDAP} ${LIBSQLITE} -L../ezxml -L/usr/local/lib
 
 
-OBJS = utilities.o comm-auth.o comm-cgi.o watch-client.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o auth-ldap.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o ctrl-alarms.o
+OBJS = utilities.o comm-auth.o comm-cgi.o watch-client.o comm-ipfw.o comm-ip6fw.c comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o auth-ftps.o auth-ldap.o htmltemplate.o addr-convert.o get-mac.o ctrl-firewall.o ctrl-alarms.o 
 MAINPROGO = main.o
 HDRS = opengatesrv.h
 MAINPROG = opengatesrv
diff --git a/opengate/opengatesrv/comm-userdb.c b/opengate/opengatesrv/comm-userdb.c
index 3ac8bcf..bc92d5c 100644
--- a/opengate/opengatesrv/comm-userdb.c
+++ b/opengate/opengatesrv/comm-userdb.c
@@ -191,6 +191,68 @@ int getSessionInfoFromDb(char* cookie, char* userid,
 }
 
 /********************************************************/
+/* check nat insertion by reading info in opengatemd.db */ 
+/********************************************************/
+int checkNatInsertion(char* macAddr4, char* macAddr6, char* userid){
+
+  sqlite3 *db;
+  sqlite3_stmt *stmt;
+  struct stat st;
+  char* macAddress=NULL;
+ 
+  /* SQL UPDATE COMMAND, where %x is replaced in snprintf */
+  char *selectFormat="SELECT isNat FROM macinfo WHERE macAddress='%s'";
+  char *selectCmd;
+  int resultFlag;
+
+  /* find not-null mac address */
+  if(!isNull(macAddr4)) macAddress=macAddr4;
+  else if(!isNull(macAddr6)) macAddress=macAddr6;
+  else return FALSE;
+
+  /* if db is not exist, ignore */
+  if(stat(GetConfValue("SqliteDbMd"),&st)!=0) return FALSE;
+
+  /* open sqlite */
+  if(sqlite3_open(GetConfValue("SqliteDbMd"),&db)!=SQLITE_OK){
+    err_msg("ERR at %s#%d: sqlite3_open",__FILE__,__LINE__);
+    sqlite3_close(db);
+    return FALSE;
+  }
+
+  /* prepare command string */
+  selectCmd=sqlite3_mprintf(selectFormat, macAddress);
+  
+  /* compile to internal statement */
+  if(sqlite3_prepare(db, selectCmd, BUFFMAXLN, &stmt, NULL)!=SQLITE_OK){
+
+    /* finalize */
+    sqlite3_free(selectCmd);
+    sqlite3_finalize(stmt);
+    sqlite3_close(db);
+    return FALSE;
+  }
+
+  /* get first match item */
+  if(sqlite3_step(stmt)==SQLITE_ROW){
+    resultFlag=(int)sqlite3_column_int(stmt, 0);
+  }else{
+    resultFlag=FALSE;
+  }
+  
+  /* finalize */
+  sqlite3_free(selectCmd);
+  sqlite3_finalize(stmt);
+  sqlite3_close(db);
+  
+  /* if found, write to log */
+  if(resultFlag==TRUE){
+    if(debug>0)err_msg("INFO: user [%s] accesses via NAT/Router", userid);
+  }
+  return resultFlag;
+}
+
+/********************************************************/
 /* get user property from property db (NOT implemented) */
 /********************************************************/
 int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
@@ -214,7 +276,7 @@ int getUserProperty(char userid[USERMAXLN], char userProperty[BUFFMAXLN])
   return ACCEPT;           /* The User is Accepted     */
 }
 
-
+/***************************************************************/
 /* debug write routine */
 int PutSessionBeginToDb(char* cookie, char* userid, 
 			char* clientAddr4, char* clientAddr6, 
@@ -272,3 +334,10 @@ int GetUserProperty(char *userid, char *userProperty)
   return ret;
 }
 
+int CheckNatInsertion(char* macAddr4, char* macAddr6, char* userid){
+  int ret;
+  if(debug>1) err_msg("DEBUG:=>checkNatInsertion(%s,%s,%s)",macAddr4,macAddr6,userid);
+  ret=checkNatInsertion(macAddr4,macAddr6,userid);
+  if(debug>1) err_msg("DEBUG:(%d)<=checkNatInsertion( )",ret);
+  return ret;
+}
diff --git a/opengate/opengatesrv/main.c b/opengate/opengatesrv/main.c
index d15af59..79cd5bb 100644
--- a/opengate/opengatesrv/main.c
+++ b/opengate/opengatesrv/main.c
@@ -161,6 +161,9 @@ int  main(int argc, char **argv)
   /* clear password */
   bzero(password, PASSMAXLN);
 
+  /* check nat insertion. if found, put info to log */
+  CheckNatInsertion(macAddr4, macAddr6, userid);
+
   /* get user property from user database (if you edit comm-userdb.c) */
   if(!GetUserProperty(userid, userProperty)){
     PutClientMsg("Error: You are denied.");
diff --git a/opengate/opengatesrv/opengatesrv.h b/opengate/opengatesrv/opengatesrv.h
index 4e87aa1..fa5d344 100644
--- a/opengate/opengatesrv/opengatesrv.h
+++ b/opengate/opengatesrv/opengatesrv.h
@@ -153,7 +153,7 @@ void PutClientAccept(char *userid, char *sessionId, int port, int pid, char *cli
 void split(char content[], char *name[], char *value[], char *next[]);
 int GetUserIdFromEnv(char *userid);
 
-/* db interface*/
+/* comm-userdb.c */
 int PutSessionBeginToDb(char* cookie, char* userid, 
 			char* clientAddr4, char* clientAddr6, 
 			char* macAddr4, 
@@ -164,6 +164,7 @@ int PutSessionEndToDb(char* cookie, char* watchMode);
 int GetSessionInfoFromDb(char* cookie, char* userid, char* clientAddr4,
 			  char *macAddr, int *duration, int *durationEntered, char *language);
 int GetUserProperty(char *userid, char *userProperty);
+int CheckNatInsertion(char* macAddr4, char* macAddr6, char* userid);
 
 /* TCP communication with client */
 int GetListenPort(void);
@@ -238,5 +239,3 @@ int DisableAlarm(void);
 void listAlarm(void);
 
 
-
-
-- 
2.11.0