1 /**************************************************
2 OpengateM - a MAC address authentication system
5 Copyright (C) 2011 Opengate Project Team
6 Written by Yoshiaki Watanabe
8 This program is free software; you can redistribute it and/or
9 modify it under the terms of the GNU General Public License
10 as published by the Free Software Foundation; either version 2
11 of the License, or (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 Email: watanaby@is.saga-u.ac.jp
23 **************************************************/
25 #include <sys/types.h>
39 #include <sys/select.h>
42 #include <sys/ioctl.h>
43 #include <sys/filio.h>
44 #include <sys/sockio.h>
46 #include <sys/socket.h>
50 #include <sys/signal.h>
52 #include <sys/socket.h>
54 #include <net/ethernet.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/in.h>
57 #include <arpa/inet.h>
58 #include <netinet/ip.h>
59 #include <netinet/ip6.h>
62 #include <net/if_dl.h>
64 #include <sys/utsname.h>
67 typedef void Sigfunc(int); /* for signal handlers */
70 /***************** constants ***********************/
72 /* Configuration file for opengate */
73 #define CONFIGFILE "/etc/opengate/opengatemd.conf"
75 #define ADDRMAXLN 128 /* maximum address string length */
76 #define USERMAXLN 128 /* maximum userid string length */
77 #define BUFFMAXLN 1024 /* maximum buffer string length */
78 #define WORDMAXLN 64 /* maximum word length */
79 #define FILTERMAXLN 128 /* pcap filter max length */
95 #define AVOID_OVERLAP 0
96 #define ALLOW_OVERLAP 1
98 extern int debug; /* debug status read from conf file */
100 /**********prototypes***************************************/
103 void ShowHelp(char* procName);
104 int LockDaemonLockFile(void);
105 void Daemonize(void);
106 void KillDaemon(void);
107 void ReloadDaemon(void);
108 void terminateProg(int ret);
111 int OpenClientGate(char *macAddress, char* userId, char* extraId);
112 int GetRuleNumber(char *macAddress);
113 void CloseClientGate(int ruleMumber);
114 int GetPacketCount(int ruleNumber);
115 int CountRuleNumber(int ruleNumber);
116 int GetRuleTableFromIpfw(DB* ruleTable);
117 int IsMacAddressFoundInIpfw(char* macAddress);
122 FILE *Popenl(int rootPriv, const char *type, const char *path, ...);
123 int Systeml(int roorPriv, const char *path, ...);
124 int Pclose(FILE *stream);
125 int isNull(const char *pStr);
126 int Open(const char *pathname, int oflag, mode_t mode);
130 Sigfunc * Signal(int signo, Sigfunc *func);
131 void * Malloc(size_t size);
134 void err_ret(const char *fmt, ...);
135 void err_sys(const char *fmt, ...);
136 void err_dump(const char *fmt, ...);
137 void err_msg(const char *fmt, ...);
138 void err_msg_warn(const char *fmt, ...);
139 void err_quit(const char *fmt, ...);
140 void errToSyslog(int i);
143 int OpenConfFile(void);
144 void CloseConfFile(void);
145 void SetupConfExtra(char *userId, char *extraId);
146 char *GetConfValue(char *name);
147 char *GetConfValueExtra(char *name);
148 char *GetConfAuthServer(char *name);
149 int SelectNextAuthServer(void);
151 int RegExMatch(const char *inStr, const char *regEx);
152 void ResetAuthServerPointer(void);
153 char *GetFirstConfValue(char* name);
154 char *GetNextConfValue(void);
158 int GetNextPacketFromPcap(unsigned char* macAndIpAddressRaw, int* pAddrLen, int* pTtl);
159 void ClosePcap(void);
160 int GetMyMacAddress(char* macAddress);
161 void ConvertIpFromRawToDisplay(unsigned char* ipAddressRaw, int ipAddrLen, char* ipAddress);
162 void ConvertMacFromRawToDisplay(unsigned char* macAddressRaw, char* macAddress);
165 void InitCache(void);
166 int IsRecentlyCheckedAddress(unsigned char* macAndIpAddressRaw, int addrLen);
167 void FreeCache(void);
168 int DelCacheItem(char* macAddress, char* ipAddress);
169 int DelOldestCacheItem(void);
170 int ReFormatMacAddr(char* macAddr);
174 int QueryMacFromMngDb(char* macAddress, char* userid, char* extraid);
175 void CloseMngDb(void);
176 int PutCloseToMngDb(char* macAddress);
177 int PutOpenToMngDb(char* macAddress);
178 int PutMacIpPairToMngDb(char* macAddress, char* ipAddress);
179 int GetNextRecordFromWatchlistTableInMngDb(char* macAddress);
180 int IsAllFoundInWatchlistTable(void);
183 int SetupSqliteBusyTimeoutValue(void);
184 int InitWorkDb(void);
185 int FinalizeWorkDb(void);
186 int InsertSessionToWorkDb(char* macAddress, char* userId, char* extraId,
188 int DelSessionFromWorkDb(char* macAddress);
189 int GetSessionFromWorkDb(char* macAddress, char* userId, char* extraId,
190 int* openTime, int* checkTime, int* ruleNumber);
191 int UpdateCheckTimeInWorkDb(char* macAddress);
192 int DelUselessSessionsInWorkDb(int delayed);
193 int GetSessionTableFromWorkDb(DB* sessionTable);
194 int PutMacInfoToWorkDb(char* macAddress, int ttl, int isNat);
195 int GetMacInfoFromWorkDb(char* macAddress, char* detectTimeStr, int* pTtl);
196 int IsActiveRuleInWorkDb(int ruleNumber);
197 int IsFoundMacIpPairInWorkDb(char* macAddress, char* ipAddress);
198 int PutMacIpPairToWorkDb(char* macAddress, char* ipAddress);
199 int DelMacIpPairsInWorkDb(char* macAddress);
202 int AddSession(char* macAddress, char* userId, char* extraId);
203 void DelSession(char* macAddress);
204 void RenewSession(char* macAddress);
205 void DelUselessSessions(void);
206 void DelAllSessions(void);
207 int CloseSession(void* pParam, int argc, char *argv[], char* colName[]);
208 int IsMatchedSessionFound(char* macAddress);
209 void CloseUnmatchSessions(void);
210 void WriteOpenToSyslog(char* userId, char* extraId, char* macAddress);
211 void WriteCloseToSyslog(char* userId, char* extraId, char* macAddress, int openTime);
212 void WriteSessionInfoToSyslog(char* userId, char* extraId, char* macAddress, int ruleNumber);
213 void RemoveSessionUnmatchedToIpfwRule(DB* ruleTable, DB* sessionTable);
214 void RemoveIpfwRuleUnmatchedToSession(DB* ruleTable, DB* sessionTable);
215 int IsProcessFoundForTheRule(int ruleNumber);
216 void SetMacIpPair(char* macAddress, char* ipAddress, char* userId, char* extraId);
217 void ResetMacIpPairs(char* macAddress);
220 int InitTtlCheck(void);
221 int IsSentViaNatOrRouter(char* ipAddress, char* macAddress, int ttl);
222 void PutLogAtNatOrRouter(int isNatOrRouter, char* ipAddress, char* macAddress, int ttl);
225 int PrepareUdpPort(void (*handler)(int));
226 int GetDataFromUdpPort(char* buf, int bufLen, char* clientIpAddress);
227 int IsUdpClientTrusted(char* clientIpAddress);
228 int IsMyIpAddress(char* ipAddress);
229 int EnableAsyncIo(int sockfd, void (*handler)(int));
232 void InitMacCache(void);
233 void FreeMacCache(void);
234 int QueryMacFromMacCache(char* macAddress, char* userId, char* extraId);
235 int DelMacCacheItem(char* macAddress);
236 int AddMacCacheItem(char* macAddress, char* userId, char* extraId, int found);
238 /* watchlistcache.c */
239 void InitWatchlistCache(void);
240 int AddWatchlistCacheItem(char* macAddress);
241 int IsFoundInWatchlistCache(char* macAddress);
242 void FreeWatchlistCache(void);