Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

various enhancement + some fix

  • Loading branch information...
commit 34c04db782fb270d479c9c4b4bc2cd17927f429f 1 parent 62b2743
@stefanocasazza authored
Showing with 2,923 additions and 2,371 deletions.
  1. +3 −0  Makefile.am
  2. +3 −0  Makefile.in
  3. +1 −1  configure
  4. +1 −1  configure.in
  5. +1 −11 examples/IR/IR.cpp
  6. +4 −3 examples/PEC_log/PEC_report.cpp
  7. +350 −189 examples/WiAuth/wi_auth.cpp
  8. +350 −189 examples/WiAuth/wi_auth.usp
  9. +1 −1  examples/form_completion/main.cpp
  10. +19 −15 include/ulib/base/base.h
  11. +23 −16 include/ulib/base/macro.h
  12. +3 −3 include/ulib/base/utility.h
  13. +19 −40 include/ulib/file.h
  14. +3 −3 include/ulib/internal/chttp.h
  15. +2 −2 include/ulib/net/server/plugin/mod_nocat.h
  16. +12 −10 include/ulib/net/server/server.h
  17. +1 −9 include/ulib/utility/dir_walk.h
  18. +0 −2  include/ulib/utility/escape.h
  19. +1 −1  include/ulib/utility/services.h
  20. +22 −7 include/ulib/utility/uhttp.h
  21. +2 −2 openwrt/package/nodog/Makefile
  22. +73 −79 src/ulib/base/base.c
  23. +5 −4 src/ulib/base/base_trace.c
  24. +27 −30 src/ulib/base/coder/cescape.c
  25. +28 −18 src/ulib/base/utility.c
  26. +49 −23 src/ulib/file.cpp
  27. +6 −7 src/ulib/file_config.cpp
  28. +0 −4 src/ulib/internal/memory_pool.cpp
  29. +1 −1  src/ulib/net/client/http.cpp
  30. +1 −1  src/ulib/net/server/plugin/mod_fcgi.cpp
  31. +2 −2 src/ulib/net/server/plugin/mod_geoip/mod_geoip.cpp
  32. +31 −7 src/ulib/net/server/plugin/mod_http.cpp
  33. +79 −75 src/ulib/net/server/plugin/mod_nocat.cpp
  34. +1 −1  src/ulib/net/server/plugin/mod_proxy.cpp
  35. +1 −1  src/ulib/net/server/plugin/mod_scgi.cpp
  36. +1 −1  src/ulib/net/server/plugin/mod_shib/mod_shib.cpp
  37. +1 −1  src/ulib/net/server/plugin/mod_soap.cpp
  38. +1 −1  src/ulib/net/server/plugin/mod_socket.cpp
  39. +17 −8 src/ulib/net/server/plugin/mod_ssi.cpp
  40. +1 −1  src/ulib/net/server/plugin/mod_stream.cpp
  41. +1 −1  src/ulib/net/server/plugin/mod_tsa.cpp
  42. +1 −1  src/ulib/net/server/plugin/php/Makefile.am
  43. +1 −1  src/ulib/net/server/plugin/php/Makefile.in
  44. +37 −25 src/ulib/net/server/server.cpp
  45. +3 −3 src/ulib/ssl/net/ssl_session.cpp
  46. +0 −2  src/ulib/utility/base64.cpp
  47. +17 −1 src/ulib/utility/dir_walk.cpp
  48. +13 −9 src/ulib/utility/services.cpp
  49. +746 −650 src/ulib/utility/uhttp.cpp
  50. +1 −1  tests/.function
  51. +1 −1  tests/debug/objectIO.test
  52. +26 −1 tests/debug/ok/simerr.ok
  53. +1 −1  tests/examples/TSA/CA/tsaserial
  54. +8 −6 tests/examples/inp/http/all4.inp
  55. +3 −3 tests/examples/nocat.cfg
  56. +2 −2 tests/examples/nocat.sh
  57. +0 −1  tests/examples/nocat/.htdigest
  58. +0 −1  tests/examples/nocat/.htpasswd
  59. +380 −358 tests/examples/ok/web_server.ok
  60. +287 −283 tests/examples/ok/web_server_multiclient.ok
  61. +222 −228 tests/examples/ok/web_server_ssl.ok
  62. +4 −1 tests/examples/web_server.cfg
  63. +1 −1  tests/examples/web_server.sh
  64. +7 −7 tests/examples/web_server.test
  65. +6 −6 tests/examples/web_server_ssl.test
  66. +3 −2 tests/examples/web_socket.test
  67. BIN  tests/ulib/inp/test.db
  68. +6 −5 tests/ulib/ok/curl.ok
View
3  Makefile.am
@@ -41,6 +41,9 @@ dist-hook:
$(distdir)/tests/examples/RSIGN/log \
$(distdir)/tests/examples/WAGSM/log \
$(distdir)/tests/examples/CApath/*.*0 \
+ $(distdir)/tests/examples/nocat/.ht* \
+ $(distdir)/tests/examples/nocat/image \
+ $(distdir)/tests/examples/nocat/webif* \
$(distdir)/tests/examples/TSA/log \
$(distdir)/tests/examples/TSA/TSA/.rnd \
$(distdir)/tests/examples/TSA/response/* \
View
3  Makefile.in
@@ -943,6 +943,9 @@ dist-hook:
$(distdir)/tests/examples/RSIGN/log \
$(distdir)/tests/examples/WAGSM/log \
$(distdir)/tests/examples/CApath/*.*0 \
+ $(distdir)/tests/examples/nocat/.ht* \
+ $(distdir)/tests/examples/nocat/image \
+ $(distdir)/tests/examples/nocat/webif* \
$(distdir)/tests/examples/TSA/log \
$(distdir)/tests/examples/TSA/TSA/.rnd \
$(distdir)/tests/examples/TSA/response/* \
View
2  configure
@@ -21783,7 +21783,7 @@ fi
if test -z "${PHPCONFIGLDFLAGS}"; then
PHPCONFIGLDFLAGS=`$PHPCONFIG --ldflags`
- PHPCONFIGLDFLAGS="${PHPCONFIGLDFLAGS} -L`$PHPCONFIG --prefix`/lib"
+ PHPCONFIGLDFLAGS="${PHPCONFIGLDFLAGS} -L`$PHPCONFIG --prefix`/lib -L`$PHPCONFIG --prefix`/lib32 -L`$PHPCONFIG --prefix`/lib64"
fi
View
2  configure.in
@@ -507,7 +507,7 @@ if test "$use_php" = "yes" ; then
[PHPCONFIGLDFLAGS=""])
if test -z "${PHPCONFIGLDFLAGS}"; then
PHPCONFIGLDFLAGS=`$PHPCONFIG --ldflags`
- PHPCONFIGLDFLAGS="${PHPCONFIGLDFLAGS} -L`$PHPCONFIG --prefix`/lib"
+ PHPCONFIGLDFLAGS="${PHPCONFIGLDFLAGS} -L`$PHPCONFIG --prefix`/lib -L`$PHPCONFIG --prefix`/lib32 -L`$PHPCONFIG --prefix`/lib64"
fi
AC_SUBST(PHPCONFIGLDFLAGS)
View
12 examples/IR/IR.cpp
@@ -92,17 +92,7 @@ void IR::parse()
UPosting::file->setPath(*UPosting::filename);
uint32_t i;
- UString suffix;
- const char* ptr = UPosting::file->getSuffix();
-
- if (ptr)
- {
- U_INTERNAL_ASSERT_EQUALS(ptr[0], '.')
-
- (void) suffix.assign(ptr+1, UPosting::file->getSuffixLen(ptr));
-
- U_INTERNAL_DUMP("suffix = %.*S", U_STRING_TO_TRACE(suffix))
- }
+ UString suffix = UPosting::file->getSuffix();
if (filter_ext &&
(i = filter_ext->find(suffix), i != U_NOT_FOUND))
View
7 examples/PEC_log/PEC_report.cpp
@@ -818,16 +818,17 @@ bool PEC_report::setLine()
U_TRACE(5, "PEC_report::setLine()")
int nfault = 0;
- const char* ptr;
- const char* end;
loop1:
if (t->next(*line, '\n'))
{
+ const char* end;
+
if (mese2) mese1 = mese2;
else
{
- ptr = line->data();
+ const char* ptr = line->data();
+
mese1 = u_getMonth(ptr);
U_INTERNAL_DUMP("mese1 = %d", mese1)
View
539 examples/WiAuth/wi_auth.cpp
@@ -31,6 +31,7 @@
static UString* empty_list;
static UString* dir_policy;
static UString* nodog_conf;
+ static UString* cookie_auth;
static UString* request_uri;
static UString* environment;
static UString* auth_domain;
@@ -39,6 +40,7 @@
static UString* virtual_name;
static UString* account_auth;
static UString* title_default;
+ static UString* policy_traffic;
static UString* client_address;
static UString* ldap_card_param;
static UString* ldap_user_param;
@@ -46,6 +48,7 @@
static UString* registrazione_url;
static UString* allowed_web_hosts;
static UString* historical_log_dir;
+ static UString* ldap_session_param;
static UString* wiauth_card_basedn;
static UString* wiauth_user_basedn;
static UString* max_time_no_traffic;
@@ -53,6 +56,8 @@
static UString* content_policy_daily;
static UString* message_page_template;
static UString* status_nodog_template;
+ static UString* wiauth_session_basedn;
+ static UString* content_policy_traffic;
static UString* status_network_template;
static UString* help_url;
@@ -218,7 +223,7 @@
if (result)
{
- U_SRV_LOG("Store with flag %d on db %.*S failed with error %d", op, U_FILE_TO_TRACE(*db), result);
+ U_SRV_LOG("WARNING: store with flag %d on db %.*S failed with error %d", op, U_FILE_TO_TRACE(*db), result);
U_RETURN(false);
}
@@ -1391,7 +1396,8 @@
{
callForAllAP(countAP, 0);
- U_SRV_LOG("DB initialization of wi-auth access point WiAuthAccessPoint.cdb %s: num_ap %u", result ? "success" : "FAILED", num_ap);
+ U_SRV_LOG("%sdb initialization of wi-auth access point WiAuthAccessPoint.cdb %s: num_ap %u",
+ (result ? "" : "WARNING: "), (result ? "success" : "failed"), num_ap);
UFile::writeToTmpl("/tmp/WiAuthAccessPoint.init", db_ap->print());
@@ -1410,7 +1416,8 @@
callForAllUsers(countUsers);
- U_SRV_LOG("DB initialization of wi-auth users WiAuthUser.cdb %s: num_user %u connected %u", result ? "success" : "FAILED", num_user, users_connected);
+ U_SRV_LOG("%sdb initialization of wi-auth users WiAuthUser.cdb %s: num_user %u connected %u",
+ (result ? "" : "WARNING: "), (result ? "success" : "failed"), num_user, users_connected);
UFile::writeToTmpl("/tmp/WiAuthUser.init", db_user->print());
@@ -1441,6 +1448,7 @@
empty_list = U_NEW(U_STRING_FROM_CONSTANT("()"));
request_uri = U_NEW(UString);
auth_domain = U_NEW(UString);
+ cookie_auth = U_NEW(U_STRING_FROM_CONSTANT("COOKIE_AUTH"));
account_auth = U_NEW(U_STRING_FROM_CONSTANT("ACCOUNT_AUTH"));
client_address = U_NEW(UString);
allowed_web_hosts = U_NEW(UString);
@@ -1481,6 +1489,12 @@
ldap_user_param = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp1, environment)));
wiauth_user_basedn = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp2, environment)));
+ tmp1 = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("LDAP_SESSION_PARAM"), environment),
+ tmp2 = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("WIAUTH_SESSION_BASEDN"), environment);
+
+ ldap_session_param = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp1, environment)));
+ wiauth_session_basedn = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp2, environment)));
+
UString content = UFile::contentOf("$DIR_ROOT/etc/AllowedWebHosts.txt", O_RDONLY, false, environment);
vec = U_NEW(UVector<UString>);
@@ -1570,8 +1584,9 @@
(void) UServer_Base::addLog(file_WARNING);
(void) UServer_Base::addLog(file_RECOVERY, O_CREAT | O_RDWR | O_APPEND);
- policy_flat = U_NEW(U_STRING_FROM_CONSTANT("FLAT"));
- policy_daily = U_NEW(U_STRING_FROM_CONSTANT("DAILY"));
+ policy_flat = U_NEW(U_STRING_FROM_CONSTANT("FLAT"));
+ policy_daily = U_NEW(U_STRING_FROM_CONSTANT("DAILY"));
+ policy_traffic = U_NEW(U_STRING_FROM_CONSTANT("TRAFFIC"));
max_time_no_traffic = U_NEW(UString);
@@ -1584,6 +1599,10 @@
pathname.snprintf("%.*s/DAILY", U_STRING_TO_TRACE(*dir_policy));
content_policy_daily = U_NEW(UString(UFile::contentOf(pathname)));
+
+ pathname.snprintf("%.*s/TRAFFIC", U_STRING_TO_TRACE(*dir_policy));
+
+ content_policy_traffic = U_NEW(UString(UFile::contentOf(pathname)));
}
static void usp_end()
@@ -1618,6 +1637,7 @@
delete nodog_conf;
delete dir_policy;
delete empty_list;
+ delete cookie_auth;
delete request_uri;
delete auth_domain;
delete environment;
@@ -1626,18 +1646,22 @@
delete account_auth;
delete virtual_name;
delete title_default;
+ delete policy_traffic;
delete client_address;
delete ldap_user_param;
delete ldap_card_param;
delete allowed_web_hosts;
+ delete ldap_session_param;
delete wiauth_card_basedn;
delete wiauth_user_basedn;
delete historical_log_dir;
delete max_time_no_traffic;
delete content_policy_flat;
delete content_policy_daily;
+ delete wiauth_session_basedn;
delete message_page_template;
delete status_nodog_template;
+ delete content_policy_traffic;
delete status_network_template;
delete _time_chunk;
@@ -1777,6 +1801,8 @@
user_exist = false;
+ U_INTERNAL_DUMP("uid = %.*S", U_STRING_TO_TRACE(*uid))
+
if (uid->empty() == false) user_rec->setValue();
else
{
@@ -2121,12 +2147,15 @@
if ((u_now->tv_sec - nodog_rec->last_info) > (16L * 60L)) UCDB::addEntryToVector();
}
- static bool setAccessPointAddress()
+ static bool setAccessPointAddress(bool reset)
{
- U_TRACE(5, "::setAccessPointAddress()")
+ U_TRACE(5, "::setAccessPointAddress(%b)", reset)
- label->clear();
- address->clear();
+ if (reset)
+ {
+ label->clear();
+ address->clear();
+ }
if (ap->empty()) U_RETURN(false);
@@ -2151,7 +2180,8 @@
const char* _ptr;
- if (ap->empty()) ap_ref->snprintf("default", 0);
+ if (ap->empty()) ap_ref->snprintf("default", 0);
+ else if (ap->equal(U_CONSTANT_TO_PARAM("151.11.47.120"))) ap_ref->snprintf("Xunifi", 0);
else
{
uint32_t certid = 0;
@@ -2160,7 +2190,7 @@
{
_ptr = address->data();
- // Ex: 10.8.1.2
+ // Ex: 10.8.1.2 (vpn)
for (uint32_t i = 0, dot_count = 0; dot_count < 3; ++i)
{
@@ -2325,7 +2355,7 @@
"Si prega di riprovare, se il problema persiste contattare: %.*s", U_STRING_TO_TRACE(*telefono));
}
- static bool askToLDAP(UString* pinput, const char* title_txt, const char* message, const char* fmt, ...)
+ static int askToLDAP(UString* pinput, const char* title_txt, const char* message, const char* fmt, ...)
{
U_TRACE(5, "::askToLDAP(%p,%S,%S,%S)", pinput, title_txt, message, fmt)
@@ -2366,35 +2396,26 @@
}
if (title_txt && message) USSIPlugIn::setMessagePage(*message_page_template, title_txt, message);
-
- U_RETURN(false);
}
- U_RETURN(true);
+ U_RETURN(result);
}
- static bool runAuthCmd(const char* _uid, const char* password)
+ static bool runAuthCmd(const char* _uid, const char* password, const char* realm)
{
- U_TRACE(5, "::runAuthCmd(%S,%S)", _uid, password)
+ U_TRACE(5, "::runAuthCmd(%S,%S,%S)", _uid, password, realm)
- if (fmt_auth_cmd->empty())
- {
- output->clear();
+ U_INTERNAL_ASSERT(*fmt_auth_cmd)
- UCommand::exit_value = 1;
- }
- else
- {
- static int fd_stderr = UServices::getDevNull("/tmp/auth_cmd.err");
+ static int fd_stderr = UServices::getDevNull("/tmp/auth_cmd.err");
- UString cmd(U_CAPACITY);
+ UString cmd(U_CAPACITY);
- cmd.snprintf(fmt_auth_cmd->data(), _uid, password);
+ cmd.snprintf(fmt_auth_cmd->data(), _uid, password, realm);
- *output = UCommand::outputCommand(cmd, 0, -1, fd_stderr);
+ *output = UCommand::outputCommand(cmd, 0, -1, fd_stderr);
- UServer_Base::logCommandMsgError(cmd.data(), true);
- }
+ UServer_Base::logCommandMsgError(cmd.data(), true);
if (UCommand::exit_value ||
output->empty())
@@ -2402,7 +2423,7 @@
U_LOGGER("*** AUTH_CMD fail EXIT_VALUE=%d RESPONSE=%.*S ***", UCommand::exit_value, U_STRING_TO_TRACE(*output));
if (UCommand::exit_value == 1) USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
- else USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Richiesta autorizzazione ha esito errato");
+ else USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Richiesta autorizzazione ha avuto esito errato");
U_RETURN(false);
}
@@ -2463,49 +2484,69 @@
U_RETURN(result);
}
- static bool checkLoginRequest(uint32_t end)
+ static bool checkLoginRequest(uint32_t end, int tolerance, bool bempty)
{
- U_TRACE(5, "::checkLoginRequest(%u)", end)
+ U_TRACE(5, "::checkLoginRequest(%u,%d,%b)", end, tolerance, bempty)
ap->clear();
ip->clear();
uid->clear();
mac->clear();
+ label->clear();
+ address->clear();
gateway->clear();
- hostname->clear();
+ hostname->clear();
user_exist = false;
- if (end == (UHTTP::form_name_value->empty() ? UHTTP::processForm()
- : UHTTP::form_name_value->size()))
- {
- UHTTP::getFormValue(*ip, U_CONSTANT_TO_PARAM("ip"), 0, 3, end);
- UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
+ uint32_t n = (UHTTP::form_name_value->empty() ? UHTTP::processForm()
+ : UHTTP::form_name_value->size());
+
+ U_INTERNAL_DUMP("n = %u end = %u diff = %d", n, end, n - end)
- if (end == 24) U_RETURN(true);
+ if (n != end)
+ {
+ int diff = (n - end);
- if (setAccessPointAddress())
+ if (diff != tolerance)
{
- // ----------------------------------------------------------------------------------------
- // NB: *** the params CAN be empty ***
- // ----------------------------------------------------------------------------------------
- // $1 -> mac
- // $2 -> ip
- // $3 -> redirect
- // $4 -> gateway
- // $5 -> timeout
- // $6 -> token
- // $7 -> ap (with localization => '@')
- // ----------------------------------------------------------------------------------------
-
- U_INTERNAL_ASSERT_EQUALS(end, 14)
-
- UHTTP::getFormValue(*mac, U_CONSTANT_TO_PARAM("mac"), 0, 1, 14);
+ int a = end - tolerance,
+ b = end + tolerance;
- U_RETURN(true);
+ if ((int)n < a ||
+ (int)n > b)
+ {
+ U_LOGGER("*** FORM ELEMENT(%u) DIFFERENT FROM EXPECTED(%u:%d) ***", n, end, tolerance);
+
+ U_RETURN(false);
+ }
}
}
+ // ----------------------------------------------------------------------------------------
+ // NB: *** the params CAN be empty ***
+ // ----------------------------------------------------------------------------------------
+ // $1 -> mac
+ // $2 -> ip
+ // $3 -> redirect
+ // $4 -> gateway
+ // $5 -> timeout
+ // $6 -> token
+ // $7 -> ap (with localization => '@')
+ // ----------------------------------------------------------------------------------------
+
+ UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
+
+ if (ap->empty()) U_RETURN(bempty);
+
+ if (setAccessPointAddress(false))
+ {
+ UHTTP::getFormValue(*ip, U_CONSTANT_TO_PARAM("ip"), 0, 3, end);
+ UHTTP::getFormValue(*mac, U_CONSTANT_TO_PARAM("mac"), 0, 1, end);
+
+ U_RETURN(true);
+ }
+
U_RETURN(false);
}
@@ -2598,8 +2639,9 @@
{
UString content;
- if (name == *policy_flat) content = *content_policy_flat;
- else if (name == *policy_daily) content = *content_policy_daily;
+ if (name == *policy_flat) content = *content_policy_flat;
+ else if (name == *policy_daily) content = *content_policy_daily;
+ else if (name == *policy_traffic) content = *content_policy_traffic;
else
{
UString pathname(U_CAPACITY);
@@ -2628,10 +2670,38 @@
table->clear();
}
+ static void sendLoginValidate()
+ {
+ U_TRACE(5, "::sendLoginValidate()")
+
+ loadPolicy(*policy);
+
+ // NB: _time_available e _traffic_available sono valorizzati da loadPolicy()...
+
+ UString signed_data = UDES3::signData("uid=%.*s&policy=%.*s&auth_domain=%.*s&account=%.*s&"
+ "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
+ U_STRING_TO_TRACE(*uid),
+ U_STRING_TO_TRACE(*policy),
+ U_STRING_TO_TRACE(*auth_domain),
+ U_STRING_TO_TRACE(*account),
+ U_STRING_TO_TRACE(*_time_available),
+ U_STRING_TO_TRACE(*_traffic_available),
+ U_STRING_TO_TRACE(*user_DownloadRate),
+ U_STRING_TO_TRACE(*user_UploadRate));
+
+ // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+
+ USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+ }
+
/*******************************
#define U_MANAGED_BY_MAIN_BASH 1
********************************/
+ // -------------------------------------------------------------------------------------------------
+ // NB: se il portatile non mostra la login page controllare in /etc/hosts se e' valorizzato wifi-...
+ // -------------------------------------------------------------------------------------------------
+
static void GET_admin()
{
U_TRACE(5, "::GET_admin()")
@@ -2897,7 +2967,7 @@
UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), i, i+7, end);
UHTTP::getFormValue(*uid, U_CONSTANT_TO_PARAM("User"), i, i+9, end);
- if (setAccessPointAddress() == false ||
+ if (setAccessPointAddress(true) == false ||
checkIfUserConnected() == false ||
user_rec->setNodogReference() == false)
{
@@ -2979,47 +3049,42 @@
long serial = UCertificate::getSerialNumber(x509);
UString issuer = UCertificate::getIssuer(x509);
- if (askToLDAP(0, 0, 0,
- "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waUser)(&(waIssuer=%.*s)(waSerial=%ld)(waActive=TRUE)))",
- U_STRING_TO_TRACE(*wiauth_user_basedn),
- U_STRING_TO_TRACE(*ldap_user_param),
- U_STRING_TO_TRACE(issuer), serial))
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waUser)(&(waIssuer=%.*s)(waSerial=%ld)(waActive=TRUE)))",
+ U_STRING_TO_TRACE(*wiauth_user_basedn), U_STRING_TO_TRACE(*ldap_user_param), U_STRING_TO_TRACE(issuer), serial) == 1)
{
- *uid = (*table)["waUid"];
- *auth_domain = *cert_auth;
+ *uid = (*table)["waUid"];
table->clear();
- goto next;
+ *policy = *policy_flat;
+ *auth_domain = *cert_auth;
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+
+ (void) account->snprintf("%.*s:", U_STRING_TO_TRACE(*uid));
+
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+
+ return;
}
}
}
- if (checkLoginRequest(14) &&
- mac->empty() == false &&
- nodog_rec->setValue(*address) &&
+ if (checkLoginRequest(14, 0, true) &&
+ mac->empty() == false &&
+ nodog_rec->setValue(*address) &&
nodog_rec->findMAC())
{
- *uid = *mac;
- *auth_domain = *mac_auth;
- next:
- loadPolicy(*policy_flat);
+ *uid = *mac;
+ *policy = *policy_flat;
+ *auth_domain = *mac_auth;
*user_DownloadRate = U_STRING_FROM_CONSTANT("0");
*user_UploadRate = U_STRING_FROM_CONSTANT("0");
- UString signed_data = UDES3::signData("uid=%.*s&policy=FLAT&auth_domain=%.*s&account=null&"
- "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
- U_STRING_TO_TRACE(*uid),
- U_STRING_TO_TRACE(*auth_domain),
- U_STRING_TO_TRACE(*_time_available),
- U_STRING_TO_TRACE(*_traffic_available),
- U_STRING_TO_TRACE(*user_DownloadRate),
- U_STRING_TO_TRACE(*user_UploadRate));
-
- // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+ (void) account->snprintf("%.*s:", U_STRING_TO_TRACE(*uid));
- USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
return;
}
@@ -3028,7 +3093,7 @@
UString request(U_CAPACITY);
- request.snprintf("/login_request?%.*s", U_HTTP_QUERY_TO_TRACE);
+ request.snprintf("https://%s/login_request?%.*s", virtual_name->data(), U_HTTP_QUERY_TO_TRACE);
if (UStringExt::startsWith(*title_default, U_CONSTANT_TO_PARAM("Firenze ")))
{
@@ -3081,7 +3146,66 @@
UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
}
- // CHECK COOKIE
+ #ifndef U_MANAGED_BY_MAIN_BASH
+ if (UServer_Base::bssl)
+ {
+ // CHECK COOKIE
+
+ UString http_cookie = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("HTTP_COOKIE"), UClientImage_Base::environment);
+
+ if (http_cookie.empty() == false)
+ {
+ uint32_t pos = U_STRING_FIND(http_cookie, 0, "WCID=");
+
+ if (pos != U_NOT_FOUND)
+ {
+ pos += U_CONSTANT_SIZE("WCID=");
+
+ const char* start = http_cookie.c_pointer(pos);
+ const char* ptr = start;
+
+ while (u__isspace(*ptr) == false) ++ptr;
+
+ UString cookie_value = http_cookie.substr(pos, ptr - start);
+
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waSession)(&(waCookieId=%.*s)))",
+ U_STRING_TO_TRACE(*wiauth_session_basedn), U_STRING_TO_TRACE(*ldap_session_param), U_STRING_TO_TRACE(cookie_value)) == 1)
+ {
+ UString value = (*table)["waFederatedUserId"]; // Ex: 3343793489@all
+
+ pos = value.find('@');
+
+ *uid = (pos == U_NOT_FOUND ? value
+ : value.substr(0U, pos).copy());
+
+ (void) checkIfUserConnected();
+
+ table->clear();
+
+ if (user_exist)
+ {
+ *policy = user_rec->_policy;
+ *auth_domain = *cookie_auth;
+ *user_DownloadRate = UStringExt::numberToString(user_rec->DownloadRate);
+ *user_UploadRate = UStringExt::numberToString(user_rec->UploadRate);
+
+ sendLoginValidate();
+
+ return;
+ }
+
+ U_LOGGER("*** ERROR: COOKIE(%.*s) waFederatedUserId(%.*s) ***", U_STRING_TO_TRACE(cookie_value), U_STRING_TO_TRACE(value));
+
+ UString cookie(100U);
+
+ cookie.snprintf("WCID=; expires=%#12D", u_now->tv_sec - U_ONE_DAY_IN_SECOND);
+
+ UHTTP::addSetCookie(cookie);
+ }
+ }
+ }
+ }
+ #endif
USSIPlugIn::setAlternativeInclude(cache->getContent(U_CONSTANT_TO_PARAM("login_request.tmpl")), false,
title_default->data(), 0, 0,
@@ -3116,7 +3240,7 @@
// ---------------------------------------------------------------------------------------------------
#ifndef U_MANAGED_BY_MAIN_BASH
- if (checkLoginRequest(14) == false)
+ if (checkLoginRequest(14, 0, false) == false)
{
error:
loginWithProblem();
@@ -3124,15 +3248,23 @@
return;
}
+ UString _address(*address);
+
if (isUserConnected(true))
{
// Check if change of connection context for user id (RENEW)
if ((*ip == user_rec->_ip) &&
(*mac == user_rec->_mac) &&
- (*address == user_rec->nodog))
+ (_address == user_rec->nodog))
{
- USSIPlugIn::setMessagePage(*message_page_template, "Login", "Sei già loggato! (login_request)");
+ U_LOGGER("*** ALREADY LOGGED IN: UID(%.*s) IP(%.*s) MAC(%.*s) AP(%.*s@%.*s) ***",
+ U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*mac),
+ U_STRING_TO_TRACE(*label), U_STRING_TO_TRACE(_address));
+
+ USSIPlugIn::setAlternativeRedirect("http://www.google.com", 0);
+
+ // USSIPlugIn::setMessagePage(*message_page_template, "Login", "Sei già loggato! (login_request)");
return;
}
@@ -3141,11 +3273,11 @@
U_STRING_TO_TRACE(*uid),
U_STRING_TO_TRACE(user_rec->_ip), U_STRING_TO_TRACE(*ip),
U_STRING_TO_TRACE(user_rec->_mac), U_STRING_TO_TRACE(*mac),
- U_STRING_TO_TRACE(user_rec->nodog), U_STRING_TO_TRACE(*address));
+ U_STRING_TO_TRACE(user_rec->nodog), U_STRING_TO_TRACE(_address));
if (askNodogToLogoutUser() == false) goto error;
- user_rec->nodog = *address;
+ *address = _address;
}
if (user_rec->setRecord() == false) goto error;
@@ -3266,7 +3398,7 @@
return;
}
- if (checkLoginRequest(14) == false) goto error;
+ if (checkLoginRequest(14, 0, false) == false) goto error;
if (isUserConnected(false)) goto error;
@@ -3330,7 +3462,7 @@
int result = db_user->remove(*uid);
- if (result) U_SRV_LOG("Remove of user %.*s on db WiAuthUser failed with error %d", U_STRING_TO_TRACE(*uid), result);
+ if (result) U_SRV_LOG("WARNING: remove of user %.*s on db WiAuthUser failed with error %d", U_STRING_TO_TRACE(*uid), result);
USSIPlugIn::setAlternativeResponse(UString::getStringNull());
}
@@ -3536,6 +3668,7 @@
}
}
+ /*
static void GET_unifi()
{
U_TRACE(5, "::GET_unifi()")
@@ -3554,6 +3687,7 @@
title_default->data(), 0, 0,
0);
}
+ */
static void GET_view_user()
{
@@ -3575,11 +3709,8 @@
UHTTP::getFormValue(*uid, U_CONSTANT_TO_PARAM("uid"), 0, 1, end);
UHTTP::getFormValue(outfile, U_CONSTANT_TO_PARAM("outfile"), 0, 3, end);
- if (askToLDAP(0, "utente non registrato", "utente non registrato",
- "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
- U_STRING_TO_TRACE(*wiauth_card_basedn),
- U_STRING_TO_TRACE(*ldap_card_param),
- U_STRING_TO_TRACE(*uid)) == false)
+ if (askToLDAP(0, "utente non registrato", "utente non registrato", "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
+ U_STRING_TO_TRACE(*wiauth_card_basedn), U_STRING_TO_TRACE(*ldap_card_param), U_STRING_TO_TRACE(*uid)) <= 0)
{
return;
}
@@ -3729,8 +3860,10 @@
GET_ENTRY(status_ap),
GET_ENTRY(status_network),
GET_ENTRY(status_nodog),
+ /*
GET_ENTRY(unifi),
GET_ENTRY(unifi_login_request),
+ */
GET_ENTRY(view_user),
GET_ENTRY(webif_ap)
};
@@ -3812,10 +3945,11 @@
// $10 -> password
// $11 -> submit.x
// $12 -> submit.y - if it came from main.bash...
+ // $13 -> submit - if it came from some mobile device...
// ---------------------------------------------------------------------------------------------------
#ifndef U_MANAGED_BY_MAIN_BASH
- if (checkLoginRequest(24) == false)
+ if (checkLoginRequest(24, 2, true) == false)
{
loginWithProblem();
@@ -3826,10 +3960,9 @@
UHTTP::getFormValue(realm, U_CONSTANT_TO_PARAM("realm"), 0, 15, 22);
- if (realm != "10_piazze" &&
- realm != "auth_service")
+ if (realm.empty())
{
- USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Errore Autorizzazione - dominio sconosciuto");
+ USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Errore Autorizzazione - dominio vuoto");
return;
}
@@ -3847,144 +3980,172 @@
return;
}
- if (askToLDAP(0, "Utente e/o Password errato/i", "Credenziali errate!",
- "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
- U_STRING_TO_TRACE(*wiauth_card_basedn),
- U_STRING_TO_TRACE(*ldap_card_param),
- U_STRING_TO_TRACE(*uid)) == false)
- {
- return;
- }
-
- UString password_on_ldap = (*table)["waPassword"]; // waPassword: {MD5}ciwjVccK0u68vqupEXFukQ==
+ U_INTERNAL_DUMP("realm = %.*S", U_STRING_TO_TRACE(realm))
- if (U_STRNEQ(password_on_ldap.data(), "{MD5}") == false)
+ if (realm.equal(U_CONSTANT_TO_PARAM("all")) == false)
{
- // if realm is 'auth_service' and not MD5 password check credential by AUTH command...
-
- if (realm == "10_piazze")
+ if (fmt_auth_cmd->empty() ||
+ runAuthCmd(uid->c_str(), password.c_str(), realm.c_str()) == false)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
-
return;
}
- if (runAuthCmd(uid->c_str(), password.c_str()) == false) return;
+ *policy = *(realm.equal(U_CONSTANT_TO_PARAM("firenzecard"))
+ ? policy_traffic
+ : policy_daily);
- *policy = *policy_daily;
*auth_domain = U_STRING_FROM_CONSTANT("AUTH_") + UStringExt::trim(*output);
+
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
}
else
{
- UString passwd(33U);
-
- // Check 1: Wrong user and/or password
-
- UServices::generateDigest(U_HASH_MD5, 0, (unsigned char*)U_STRING_TO_PARAM(password), passwd, true);
-
- if (strncmp(password_on_ldap.c_pointer(U_CONSTANT_SIZE("{MD5}")), U_STRING_TO_PARAM(passwd)))
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
+ U_STRING_TO_TRACE(*wiauth_card_basedn), U_STRING_TO_TRACE(*ldap_card_param), U_STRING_TO_TRACE(*uid)) == -1)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
-
return;
}
- // Check 2: Activation required
+ UString password_on_ldap = (*table)["waPassword"]; // waPassword: {MD5}ciwjVccK0u68vqupEXFukQ==
- if ((*table)["waUsedBy"].empty()) // waUsedBy: 3343793489
+ if (U_STRNEQ(password_on_ldap.data(), "{MD5}") == false)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Attivazione non effettuata", "Per utilizzare il servizio e' richiesta l'attivazione");
+ // NB: realm is 'all' and we not have a MD5 password so we check credential by AUTH command...
- return;
- }
+ if (fmt_auth_cmd->empty() ||
+ runAuthCmd(uid->c_str(), password.c_str(), realm.c_str()) == false)
+ {
+ return;
+ }
- // Check 3: Card revoked
+ *policy = *policy_daily;
+ *auth_domain = U_STRING_FROM_CONSTANT("AUTH_") + UStringExt::trim(*output);
- if ((*table)["waRevoked"] != "FALSE") // waRevoked: FALSE
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ }
+ else
{
- USSIPlugIn::setMessagePage(*message_page_template, "Carta revocata", "La tua carta e' revocata!");
+ UString passwd(33U);
- return;
- }
+ // Check 1: Wrong user and/or password
- UString NOT_AFTER = (*table)["waNotAfter"]; // waNotAfter: 20371231235959Z
+ UServices::generateDigest(U_HASH_MD5, 0, (unsigned char*)U_STRING_TO_PARAM(password), passwd, true);
- if (NOT_AFTER.empty() == false)
- {
- // Check 4: Expired validity
+ if (strncmp(password_on_ldap.c_pointer(U_CONSTANT_SIZE("{MD5}")), U_STRING_TO_PARAM(passwd)))
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
+
+ return;
+ }
+
+ // Check 2: Activation required
- if (UTimeDate::getSecondFromTime(NOT_AFTER.data(), true, "%4u%2u%2u%2u%2u%2uZ") <= u_now->tv_sec)
+ if ((*table)["waUsedBy"].empty()) // waUsedBy: 3343793489
{
- USSIPlugIn::setMessagePage(*message_page_template, "Validita' scaduta", "La tua validita' e' scaduta!");
+ USSIPlugIn::setMessagePage(*message_page_template, "Attivazione non effettuata", "Per utilizzare il servizio e' richiesta l'attivazione");
return;
}
- *auth_domain = U_STRING_FROM_CONSTANT("PASS_AUTH");
- }
- else
- {
- *auth_domain = U_STRING_FROM_CONSTANT("FIRST_PASS_AUTH");
+ // Check 3: Card revoked
- // Update card with a new generated waNotAfter
+ if ((*table)["waRevoked"] != "FALSE") // waRevoked: FALSE
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Carta revocata", "La tua carta e' revocata!");
- UString DN = (*table)["dn"], // dn: waCid=80e415bc-4be0-4385-85ee-970aa1f52ef6,ou=cards,o=unwired-portal
- VALIDITY = (*table)["waValidity"]; // waValidity: 0
+ return;
+ }
- if (VALIDITY == "0") NOT_AFTER = U_STRING_FROM_CONSTANT("20371231235959Z");
- else
+ UString NOT_AFTER = (*table)["waNotAfter"]; // waNotAfter: 20371231235959Z
+
+ if (NOT_AFTER.empty() == false)
{
- UTimeDate t;
+ // Check 4: Expired validity
+
+ if (UTimeDate::getSecondFromTime(NOT_AFTER.data(), true, "%4u%2u%2u%2u%2u%2uZ") <= u_now->tv_sec)
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Validita' scaduta", "La tua validita' e' scaduta!");
- t.addDays(VALIDITY.strtol());
+ return;
+ }
- NOT_AFTER = t.strftime("%Y%m%d%H%M%SZ");
+ *auth_domain = U_STRING_FROM_CONSTANT("PASS_AUTH");
}
+ else
+ {
+ *auth_domain = U_STRING_FROM_CONSTANT("FIRST_PASS_AUTH");
- UString input(U_CAPACITY);
+ // Update card with a new generated waNotAfter
- input.snprintf("dn: %.*s\n"
- "changetype: modify\n"
- "add: waNotAfter\n"
- "waNotAfter: %.*s\n"
- "-",
- U_STRING_TO_TRACE(DN),
- U_STRING_TO_TRACE(NOT_AFTER));
+ UString DN = (*table)["dn"], // dn: waCid=80e415bc-4be0-4385-85ee-970aa1f52ef6,ou=cards,o=unwired-portal
+ VALIDITY = (*table)["waValidity"]; // waValidity: 0
- if (askToLDAP(&input, "Errore", "LDAP error", "ldapmodify -c %.*s", U_STRING_TO_TRACE(*ldap_card_param)) == false) return;
- }
+ if (VALIDITY == "0") NOT_AFTER = U_STRING_FROM_CONSTANT("20371231235959Z");
+ else
+ {
+ UTimeDate t;
- *policy = (*table)["waPolicy"]; // waPolicy: DAILY
+ t.addDays(VALIDITY.strtol());
- *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
- *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ NOT_AFTER = t.strftime("%Y%m%d%H%M%SZ");
+ }
+
+ UString input(U_CAPACITY);
+
+ input.snprintf("dn: %.*s\n"
+ "changetype: modify\n"
+ "add: waNotAfter\n"
+ "waNotAfter: %.*s\n"
+ "-",
+ U_STRING_TO_TRACE(DN),
+ U_STRING_TO_TRACE(NOT_AFTER));
+
+ if (askToLDAP(&input, "Errore", "LDAP error", "ldapmodify -c %.*s", U_STRING_TO_TRACE(*ldap_card_param)) <= 0) return;
+ }
+
+ *policy = (*table)["waPolicy"]; // waPolicy: DAILY
+
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ }
}
if ( ip->empty() == false &&
- *ip != *client_address)
+ *ip != *client_address)
{
U_LOGGER("*** PARAM IP(%.*s) FROM AP(%.*s) IS DIFFERENT FROM CLIENT ADDRESS(%.*s) ***",
- U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*ap), U_STRING_TO_TRACE(*client_address));
+ U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*ap), U_STRING_TO_TRACE(*client_address));
}
- loadPolicy(*policy);
+ if (UServer_Base::bssl)
+ {
+ UString input(U_CAPACITY);
+ unsigned char key[16], hexdump[33];
- account->snprintf("%.*s:%.*s", U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(password));
+ UServices::generateKey(key, hexdump);
- UString signed_data = UDES3::signData("uid=%.*s&policy=%.*s&auth_domain=%.*s&account=%.*s&"
- "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
- U_STRING_TO_TRACE(*uid),
- U_STRING_TO_TRACE(*policy),
- U_STRING_TO_TRACE(*auth_domain),
- U_STRING_TO_TRACE(*account),
- U_STRING_TO_TRACE(*_time_available),
- U_STRING_TO_TRACE(*_traffic_available),
- U_STRING_TO_TRACE(*user_DownloadRate),
- U_STRING_TO_TRACE(*user_UploadRate));
+ input.snprintf("dn: waCookieId=%s, o=sessions\n"
+ "waCookieId: %s\n"
+ "objectClass: waSession\n"
+ "waFederatedUserId: %.*s@%.*s\n", // Ex: 3343793489@all
+ hexdump, hexdump, U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(realm));
- // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+ if (askToLDAP(&input, "Errore", "LDAP error", "ldapadd -c %.*s", U_STRING_TO_TRACE(*ldap_session_param)) == 1)
+ {
+ UString cookie(200U);
- USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+ cookie.snprintf("WCID=%s; expires=%#12D; path=/login_request; domain=%.*s; secure;",
+ hexdump, u_now->tv_sec + (30L * U_ONE_DAY_IN_SECOND), U_STRING_TO_TRACE(*virtual_name));
+
+ UHTTP::addSetCookie(cookie);
+ }
+ }
+
+ account->snprintf("%.*s:%.*s", U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(password));
+
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
#endif
}
View
539 examples/WiAuth/wi_auth.usp
@@ -28,6 +28,7 @@ static UString* empty_str;
static UString* empty_list;
static UString* dir_policy;
static UString* nodog_conf;
+static UString* cookie_auth;
static UString* request_uri;
static UString* environment;
static UString* auth_domain;
@@ -36,6 +37,7 @@ static UString* policy_daily;
static UString* virtual_name;
static UString* account_auth;
static UString* title_default;
+static UString* policy_traffic;
static UString* client_address;
static UString* ldap_card_param;
static UString* ldap_user_param;
@@ -43,6 +45,7 @@ static UString* redirect_default;
static UString* registrazione_url;
static UString* allowed_web_hosts;
static UString* historical_log_dir;
+static UString* ldap_session_param;
static UString* wiauth_card_basedn;
static UString* wiauth_user_basedn;
static UString* max_time_no_traffic;
@@ -50,6 +53,8 @@ static UString* content_policy_flat;
static UString* content_policy_daily;
static UString* message_page_template;
static UString* status_nodog_template;
+static UString* wiauth_session_basedn;
+static UString* content_policy_traffic;
static UString* status_network_template;
static UString* help_url;
@@ -215,7 +220,7 @@ static bool db_store(URDB* db, int op, const UString& key, const UString& new_re
if (result)
{
- U_SRV_LOG("Store with flag %d on db %.*S failed with error %d", op, U_FILE_TO_TRACE(*db), result);
+ U_SRV_LOG("WARNING: store with flag %d on db %.*S failed with error %d", op, U_FILE_TO_TRACE(*db), result);
U_RETURN(false);
}
@@ -1388,7 +1393,8 @@ static void usp_init()
{
callForAllAP(countAP, 0);
- U_SRV_LOG("DB initialization of wi-auth access point WiAuthAccessPoint.cdb %s: num_ap %u", result ? "success" : "FAILED", num_ap);
+ U_SRV_LOG("%sdb initialization of wi-auth access point WiAuthAccessPoint.cdb %s: num_ap %u",
+ (result ? "" : "WARNING: "), (result ? "success" : "failed"), num_ap);
UFile::writeToTmpl("/tmp/WiAuthAccessPoint.init", db_ap->print());
@@ -1407,7 +1413,8 @@ static void usp_init()
callForAllUsers(countUsers);
- U_SRV_LOG("DB initialization of wi-auth users WiAuthUser.cdb %s: num_user %u connected %u", result ? "success" : "FAILED", num_user, users_connected);
+ U_SRV_LOG("%sdb initialization of wi-auth users WiAuthUser.cdb %s: num_user %u connected %u",
+ (result ? "" : "WARNING: "), (result ? "success" : "failed"), num_user, users_connected);
UFile::writeToTmpl("/tmp/WiAuthUser.init", db_user->print());
@@ -1438,6 +1445,7 @@ static void usp_init()
empty_list = U_NEW(U_STRING_FROM_CONSTANT("()"));
request_uri = U_NEW(UString);
auth_domain = U_NEW(UString);
+ cookie_auth = U_NEW(U_STRING_FROM_CONSTANT("COOKIE_AUTH"));
account_auth = U_NEW(U_STRING_FROM_CONSTANT("ACCOUNT_AUTH"));
client_address = U_NEW(UString);
allowed_web_hosts = U_NEW(UString);
@@ -1478,6 +1486,12 @@ static void usp_init()
ldap_user_param = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp1, environment)));
wiauth_user_basedn = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp2, environment)));
+ tmp1 = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("LDAP_SESSION_PARAM"), environment),
+ tmp2 = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("WIAUTH_SESSION_BASEDN"), environment);
+
+ ldap_session_param = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp1, environment)));
+ wiauth_session_basedn = U_NEW(UString(UStringExt::expandEnvironmentVar(tmp2, environment)));
+
UString content = UFile::contentOf("$DIR_ROOT/etc/AllowedWebHosts.txt", O_RDONLY, false, environment);
vec = U_NEW(UVector<UString>);
@@ -1567,8 +1581,9 @@ static void usp_init()
(void) UServer_Base::addLog(file_WARNING);
(void) UServer_Base::addLog(file_RECOVERY, O_CREAT | O_RDWR | O_APPEND);
- policy_flat = U_NEW(U_STRING_FROM_CONSTANT("FLAT"));
- policy_daily = U_NEW(U_STRING_FROM_CONSTANT("DAILY"));
+ policy_flat = U_NEW(U_STRING_FROM_CONSTANT("FLAT"));
+ policy_daily = U_NEW(U_STRING_FROM_CONSTANT("DAILY"));
+ policy_traffic = U_NEW(U_STRING_FROM_CONSTANT("TRAFFIC"));
max_time_no_traffic = U_NEW(UString);
@@ -1581,6 +1596,10 @@ static void usp_init()
pathname.snprintf("%.*s/DAILY", U_STRING_TO_TRACE(*dir_policy));
content_policy_daily = U_NEW(UString(UFile::contentOf(pathname)));
+
+ pathname.snprintf("%.*s/TRAFFIC", U_STRING_TO_TRACE(*dir_policy));
+
+ content_policy_traffic = U_NEW(UString(UFile::contentOf(pathname)));
}
static void usp_end()
@@ -1615,6 +1634,7 @@ static void usp_end()
delete nodog_conf;
delete dir_policy;
delete empty_list;
+ delete cookie_auth;
delete request_uri;
delete auth_domain;
delete environment;
@@ -1623,18 +1643,22 @@ static void usp_end()
delete account_auth;
delete virtual_name;
delete title_default;
+ delete policy_traffic;
delete client_address;
delete ldap_user_param;
delete ldap_card_param;
delete allowed_web_hosts;
+ delete ldap_session_param;
delete wiauth_card_basedn;
delete wiauth_user_basedn;
delete historical_log_dir;
delete max_time_no_traffic;
delete content_policy_flat;
delete content_policy_daily;
+ delete wiauth_session_basedn;
delete message_page_template;
delete status_nodog_template;
+ delete content_policy_traffic;
delete status_network_template;
delete _time_chunk;
@@ -1774,6 +1798,8 @@ static bool checkIfUserConnected()
user_exist = false;
+ U_INTERNAL_DUMP("uid = %.*S", U_STRING_TO_TRACE(*uid))
+
if (uid->empty() == false) user_rec->setValue();
else
{
@@ -2118,12 +2144,15 @@ static void checkAccessPoint(UStringRep* key, UStringRep* data)
if ((u_now->tv_sec - nodog_rec->last_info) > (16L * 60L)) UCDB::addEntryToVector();
}
-static bool setAccessPointAddress()
+static bool setAccessPointAddress(bool reset)
{
- U_TRACE(5, "::setAccessPointAddress()")
+ U_TRACE(5, "::setAccessPointAddress(%b)", reset)
- label->clear();
- address->clear();
+ if (reset)
+ {
+ label->clear();
+ address->clear();
+ }
if (ap->empty()) U_RETURN(false);
@@ -2148,7 +2177,8 @@ static void setAccessPointReference()
const char* _ptr;
- if (ap->empty()) ap_ref->snprintf("default", 0);
+ if (ap->empty()) ap_ref->snprintf("default", 0);
+ else if (ap->equal(U_CONSTANT_TO_PARAM("151.11.47.120"))) ap_ref->snprintf("Xunifi", 0);
else
{
uint32_t certid = 0;
@@ -2157,7 +2187,7 @@ static void setAccessPointReference()
{
_ptr = address->data();
- // Ex: 10.8.1.2
+ // Ex: 10.8.1.2 (vpn)
for (uint32_t i = 0, dot_count = 0; dot_count < 3; ++i)
{
@@ -2322,7 +2352,7 @@ static void loginWithProblem()
"Si prega di riprovare, se il problema persiste contattare: %.*s", U_STRING_TO_TRACE(*telefono));
}
-static bool askToLDAP(UString* pinput, const char* title_txt, const char* message, const char* fmt, ...)
+static int askToLDAP(UString* pinput, const char* title_txt, const char* message, const char* fmt, ...)
{
U_TRACE(5, "::askToLDAP(%p,%S,%S,%S)", pinput, title_txt, message, fmt)
@@ -2363,35 +2393,26 @@ static bool askToLDAP(UString* pinput, const char* title_txt, const char* messag
}
if (title_txt && message) USSIPlugIn::setMessagePage(*message_page_template, title_txt, message);
-
- U_RETURN(false);
}
- U_RETURN(true);
+ U_RETURN(result);
}
-static bool runAuthCmd(const char* _uid, const char* password)
+static bool runAuthCmd(const char* _uid, const char* password, const char* realm)
{
- U_TRACE(5, "::runAuthCmd(%S,%S)", _uid, password)
+ U_TRACE(5, "::runAuthCmd(%S,%S,%S)", _uid, password, realm)
- if (fmt_auth_cmd->empty())
- {
- output->clear();
+ U_INTERNAL_ASSERT(*fmt_auth_cmd)
- UCommand::exit_value = 1;
- }
- else
- {
- static int fd_stderr = UServices::getDevNull("/tmp/auth_cmd.err");
+ static int fd_stderr = UServices::getDevNull("/tmp/auth_cmd.err");
- UString cmd(U_CAPACITY);
+ UString cmd(U_CAPACITY);
- cmd.snprintf(fmt_auth_cmd->data(), _uid, password);
+ cmd.snprintf(fmt_auth_cmd->data(), _uid, password, realm);
- *output = UCommand::outputCommand(cmd, 0, -1, fd_stderr);
+ *output = UCommand::outputCommand(cmd, 0, -1, fd_stderr);
- UServer_Base::logCommandMsgError(cmd.data(), true);
- }
+ UServer_Base::logCommandMsgError(cmd.data(), true);
if (UCommand::exit_value ||
output->empty())
@@ -2399,7 +2420,7 @@ static bool runAuthCmd(const char* _uid, const char* password)
U_LOGGER("*** AUTH_CMD fail EXIT_VALUE=%d RESPONSE=%.*S ***", UCommand::exit_value, U_STRING_TO_TRACE(*output));
if (UCommand::exit_value == 1) USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
- else USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Richiesta autorizzazione ha esito errato");
+ else USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Richiesta autorizzazione ha avuto esito errato");
U_RETURN(false);
}
@@ -2460,49 +2481,69 @@ static bool askNodogToLogoutUser()
U_RETURN(result);
}
-static bool checkLoginRequest(uint32_t end)
+static bool checkLoginRequest(uint32_t end, int tolerance, bool bempty)
{
- U_TRACE(5, "::checkLoginRequest(%u)", end)
+ U_TRACE(5, "::checkLoginRequest(%u,%d,%b)", end, tolerance, bempty)
ap->clear();
ip->clear();
uid->clear();
mac->clear();
+ label->clear();
+ address->clear();
gateway->clear();
- hostname->clear();
+ hostname->clear();
user_exist = false;
- if (end == (UHTTP::form_name_value->empty() ? UHTTP::processForm()
- : UHTTP::form_name_value->size()))
- {
- UHTTP::getFormValue(*ip, U_CONSTANT_TO_PARAM("ip"), 0, 3, end);
- UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
+ uint32_t n = (UHTTP::form_name_value->empty() ? UHTTP::processForm()
+ : UHTTP::form_name_value->size());
+
+ U_INTERNAL_DUMP("n = %u end = %u diff = %d", n, end, n - end)
- if (end == 24) U_RETURN(true);
+ if (n != end)
+ {
+ int diff = (n - end);
- if (setAccessPointAddress())
+ if (diff != tolerance)
{
- // ----------------------------------------------------------------------------------------
- // NB: *** the params CAN be empty ***
- // ----------------------------------------------------------------------------------------
- // $1 -> mac
- // $2 -> ip
- // $3 -> redirect
- // $4 -> gateway
- // $5 -> timeout
- // $6 -> token
- // $7 -> ap (with localization => '@')
- // ----------------------------------------------------------------------------------------
-
- U_INTERNAL_ASSERT_EQUALS(end, 14)
-
- UHTTP::getFormValue(*mac, U_CONSTANT_TO_PARAM("mac"), 0, 1, 14);
+ int a = end - tolerance,
+ b = end + tolerance;
- U_RETURN(true);
+ if ((int)n < a ||
+ (int)n > b)
+ {
+ U_LOGGER("*** FORM ELEMENT(%u) DIFFERENT FROM EXPECTED(%u:%d) ***", n, end, tolerance);
+
+ U_RETURN(false);
+ }
}
}
+ // ----------------------------------------------------------------------------------------
+ // NB: *** the params CAN be empty ***
+ // ----------------------------------------------------------------------------------------
+ // $1 -> mac
+ // $2 -> ip
+ // $3 -> redirect
+ // $4 -> gateway
+ // $5 -> timeout
+ // $6 -> token
+ // $7 -> ap (with localization => '@')
+ // ----------------------------------------------------------------------------------------
+
+ UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
+
+ if (ap->empty()) U_RETURN(bempty);
+
+ if (setAccessPointAddress(false))
+ {
+ UHTTP::getFormValue(*ip, U_CONSTANT_TO_PARAM("ip"), 0, 3, end);
+ UHTTP::getFormValue(*mac, U_CONSTANT_TO_PARAM("mac"), 0, 1, end);
+
+ U_RETURN(true);
+ }
+
U_RETURN(false);
}
@@ -2595,8 +2636,9 @@ static void loadPolicy(const UString& name)
{
UString content;
- if (name == *policy_flat) content = *content_policy_flat;
- else if (name == *policy_daily) content = *content_policy_daily;
+ if (name == *policy_flat) content = *content_policy_flat;
+ else if (name == *policy_daily) content = *content_policy_daily;
+ else if (name == *policy_traffic) content = *content_policy_traffic;
else
{
UString pathname(U_CAPACITY);
@@ -2625,10 +2667,38 @@ static void loadPolicy(const UString& name)
table->clear();
}
+static void sendLoginValidate()
+{
+ U_TRACE(5, "::sendLoginValidate()")
+
+ loadPolicy(*policy);
+
+ // NB: _time_available e _traffic_available sono valorizzati da loadPolicy()...
+
+ UString signed_data = UDES3::signData("uid=%.*s&policy=%.*s&auth_domain=%.*s&account=%.*s&"
+ "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
+ U_STRING_TO_TRACE(*uid),
+ U_STRING_TO_TRACE(*policy),
+ U_STRING_TO_TRACE(*auth_domain),
+ U_STRING_TO_TRACE(*account),
+ U_STRING_TO_TRACE(*_time_available),
+ U_STRING_TO_TRACE(*_traffic_available),
+ U_STRING_TO_TRACE(*user_DownloadRate),
+ U_STRING_TO_TRACE(*user_UploadRate));
+
+ // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+
+ USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+}
+
/*******************************
#define U_MANAGED_BY_MAIN_BASH 1
********************************/
+// -------------------------------------------------------------------------------------------------
+// NB: se il portatile non mostra la login page controllare in /etc/hosts se e' valorizzato wifi-...
+// -------------------------------------------------------------------------------------------------
+
static void GET_admin()
{
U_TRACE(5, "::GET_admin()")
@@ -2894,7 +2964,7 @@ static void GET_info()
UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), i, i+7, end);
UHTTP::getFormValue(*uid, U_CONSTANT_TO_PARAM("User"), i, i+9, end);
- if (setAccessPointAddress() == false ||
+ if (setAccessPointAddress(true) == false ||
checkIfUserConnected() == false ||
user_rec->setNodogReference() == false)
{
@@ -2976,47 +3046,42 @@ static void GET_login() // MAIN PAGE
long serial = UCertificate::getSerialNumber(x509);
UString issuer = UCertificate::getIssuer(x509);
- if (askToLDAP(0, 0, 0,
- "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waUser)(&(waIssuer=%.*s)(waSerial=%ld)(waActive=TRUE)))",
- U_STRING_TO_TRACE(*wiauth_user_basedn),
- U_STRING_TO_TRACE(*ldap_user_param),
- U_STRING_TO_TRACE(issuer), serial))
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waUser)(&(waIssuer=%.*s)(waSerial=%ld)(waActive=TRUE)))",
+ U_STRING_TO_TRACE(*wiauth_user_basedn), U_STRING_TO_TRACE(*ldap_user_param), U_STRING_TO_TRACE(issuer), serial) == 1)
{
- *uid = (*table)["waUid"];
- *auth_domain = *cert_auth;
+ *uid = (*table)["waUid"];
table->clear();
- goto next;
+ *policy = *policy_flat;
+ *auth_domain = *cert_auth;
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+
+ (void) account->snprintf("%.*s:", U_STRING_TO_TRACE(*uid));
+
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+
+ return;
}
}
}
- if (checkLoginRequest(14) &&
- mac->empty() == false &&
- nodog_rec->setValue(*address) &&
+ if (checkLoginRequest(14, 0, true) &&
+ mac->empty() == false &&
+ nodog_rec->setValue(*address) &&
nodog_rec->findMAC())
{
- *uid = *mac;
- *auth_domain = *mac_auth;
-next:
- loadPolicy(*policy_flat);
+ *uid = *mac;
+ *policy = *policy_flat;
+ *auth_domain = *mac_auth;
*user_DownloadRate = U_STRING_FROM_CONSTANT("0");
*user_UploadRate = U_STRING_FROM_CONSTANT("0");
- UString signed_data = UDES3::signData("uid=%.*s&policy=FLAT&auth_domain=%.*s&account=null&"
- "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
- U_STRING_TO_TRACE(*uid),
- U_STRING_TO_TRACE(*auth_domain),
- U_STRING_TO_TRACE(*_time_available),
- U_STRING_TO_TRACE(*_traffic_available),
- U_STRING_TO_TRACE(*user_DownloadRate),
- U_STRING_TO_TRACE(*user_UploadRate));
-
- // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+ (void) account->snprintf("%.*s:", U_STRING_TO_TRACE(*uid));
- USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
return;
}
@@ -3025,7 +3090,7 @@ next:
UString request(U_CAPACITY);
- request.snprintf("/login_request?%.*s", U_HTTP_QUERY_TO_TRACE);
+ request.snprintf("https://%s/login_request?%.*s", virtual_name->data(), U_HTTP_QUERY_TO_TRACE);
if (UStringExt::startsWith(*title_default, U_CONSTANT_TO_PARAM("Firenze ")))
{
@@ -3078,7 +3143,66 @@ static void GET_login_request()
UHTTP::getFormValue(*ap, U_CONSTANT_TO_PARAM("ap"), 0, 13, end);
}
- // CHECK COOKIE
+#ifndef U_MANAGED_BY_MAIN_BASH
+ if (UServer_Base::bssl)
+ {
+ // CHECK COOKIE
+
+ UString http_cookie = UStringExt::getEnvironmentVar(U_CONSTANT_TO_PARAM("HTTP_COOKIE"), UClientImage_Base::environment);
+
+ if (http_cookie.empty() == false)
+ {
+ uint32_t pos = U_STRING_FIND(http_cookie, 0, "WCID=");
+
+ if (pos != U_NOT_FOUND)
+ {
+ pos += U_CONSTANT_SIZE("WCID=");
+
+ const char* start = http_cookie.c_pointer(pos);
+ const char* ptr = start;
+
+ while (u__isspace(*ptr) == false) ++ptr;
+
+ UString cookie_value = http_cookie.substr(pos, ptr - start);
+
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s (&(objectClass=waSession)(&(waCookieId=%.*s)))",
+ U_STRING_TO_TRACE(*wiauth_session_basedn), U_STRING_TO_TRACE(*ldap_session_param), U_STRING_TO_TRACE(cookie_value)) == 1)
+ {
+ UString value = (*table)["waFederatedUserId"]; // Ex: 3343793489@all
+
+ pos = value.find('@');
+
+ *uid = (pos == U_NOT_FOUND ? value
+ : value.substr(0U, pos).copy());
+
+ (void) checkIfUserConnected();
+
+ table->clear();
+
+ if (user_exist)
+ {
+ *policy = user_rec->_policy;
+ *auth_domain = *cookie_auth;
+ *user_DownloadRate = UStringExt::numberToString(user_rec->DownloadRate);
+ *user_UploadRate = UStringExt::numberToString(user_rec->UploadRate);
+
+ sendLoginValidate();
+
+ return;
+ }
+
+ U_LOGGER("*** ERROR: COOKIE(%.*s) waFederatedUserId(%.*s) ***", U_STRING_TO_TRACE(cookie_value), U_STRING_TO_TRACE(value));
+
+ UString cookie(100U);
+
+ cookie.snprintf("WCID=; expires=%#12D", u_now->tv_sec - U_ONE_DAY_IN_SECOND);
+
+ UHTTP::addSetCookie(cookie);
+ }
+ }
+ }
+ }
+#endif
USSIPlugIn::setAlternativeInclude(cache->getContent(U_CONSTANT_TO_PARAM("login_request.tmpl")), false,
title_default->data(), 0, 0,
@@ -3113,7 +3237,7 @@ static void GET_login_validate()
// ---------------------------------------------------------------------------------------------------
#ifndef U_MANAGED_BY_MAIN_BASH
- if (checkLoginRequest(14) == false)
+ if (checkLoginRequest(14, 0, false) == false)
{
error:
loginWithProblem();
@@ -3121,15 +3245,23 @@ error:
return;
}
+ UString _address(*address);
+
if (isUserConnected(true))
{
// Check if change of connection context for user id (RENEW)
if ((*ip == user_rec->_ip) &&
(*mac == user_rec->_mac) &&
- (*address == user_rec->nodog))
+ (_address == user_rec->nodog))
{
- USSIPlugIn::setMessagePage(*message_page_template, "Login", "Sei già loggato! (login_request)");
+ U_LOGGER("*** ALREADY LOGGED IN: UID(%.*s) IP(%.*s) MAC(%.*s) AP(%.*s@%.*s) ***",
+ U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*mac),
+ U_STRING_TO_TRACE(*label), U_STRING_TO_TRACE(_address));
+
+ USSIPlugIn::setAlternativeRedirect("http://www.google.com", 0);
+
+ // USSIPlugIn::setMessagePage(*message_page_template, "Login", "Sei già loggato! (login_request)");
return;
}
@@ -3138,11 +3270,11 @@ error:
U_STRING_TO_TRACE(*uid),
U_STRING_TO_TRACE(user_rec->_ip), U_STRING_TO_TRACE(*ip),
U_STRING_TO_TRACE(user_rec->_mac), U_STRING_TO_TRACE(*mac),
- U_STRING_TO_TRACE(user_rec->nodog), U_STRING_TO_TRACE(*address));
+ U_STRING_TO_TRACE(user_rec->nodog), U_STRING_TO_TRACE(_address));
if (askNodogToLogoutUser() == false) goto error;
- user_rec->nodog = *address;
+ *address = _address;
}
if (user_rec->setRecord() == false) goto error;
@@ -3263,7 +3395,7 @@ error:
return;
}
- if (checkLoginRequest(14) == false) goto error;
+ if (checkLoginRequest(14, 0, false) == false) goto error;
if (isUserConnected(false)) goto error;
@@ -3327,7 +3459,7 @@ static void GET_recovery()
int result = db_user->remove(*uid);
- if (result) U_SRV_LOG("Remove of user %.*s on db WiAuthUser failed with error %d", U_STRING_TO_TRACE(*uid), result);
+ if (result) U_SRV_LOG("WARNING: remove of user %.*s on db WiAuthUser failed with error %d", U_STRING_TO_TRACE(*uid), result);
USSIPlugIn::setAlternativeResponse(UString::getStringNull());
}
@@ -3533,6 +3665,7 @@ static void GET_status_nodog()
}
}
+/*
static void GET_unifi()
{
U_TRACE(5, "::GET_unifi()")
@@ -3551,6 +3684,7 @@ static void GET_unifi_login_request()
title_default->data(), 0, 0,
0);
}
+*/
static void GET_view_user()
{
@@ -3572,11 +3706,8 @@ static void GET_view_user()
UHTTP::getFormValue(*uid, U_CONSTANT_TO_PARAM("uid"), 0, 1, end);
UHTTP::getFormValue(outfile, U_CONSTANT_TO_PARAM("outfile"), 0, 3, end);
- if (askToLDAP(0, "utente non registrato", "utente non registrato",
- "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
- U_STRING_TO_TRACE(*wiauth_card_basedn),
- U_STRING_TO_TRACE(*ldap_card_param),
- U_STRING_TO_TRACE(*uid)) == false)
+ if (askToLDAP(0, "utente non registrato", "utente non registrato", "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
+ U_STRING_TO_TRACE(*wiauth_card_basedn), U_STRING_TO_TRACE(*ldap_card_param), U_STRING_TO_TRACE(*uid)) <= 0)
{
return;
}
@@ -3726,8 +3857,10 @@ static const struct UHTTP::service_info GET_table[] = {
GET_ENTRY(status_ap),
GET_ENTRY(status_network),
GET_ENTRY(status_nodog),
+ /*
GET_ENTRY(unifi),
GET_ENTRY(unifi_login_request),
+ */
GET_ENTRY(view_user),
GET_ENTRY(webif_ap)
};
@@ -3809,10 +3942,11 @@ static void POST_login_request()
// $10 -> password
// $11 -> submit.x
// $12 -> submit.y - if it came from main.bash...
+ // $13 -> submit - if it came from some mobile device...
// ---------------------------------------------------------------------------------------------------
#ifndef U_MANAGED_BY_MAIN_BASH
- if (checkLoginRequest(24) == false)
+ if (checkLoginRequest(24, 2, true) == false)
{
loginWithProblem();
@@ -3823,10 +3957,9 @@ static void POST_login_request()
UHTTP::getFormValue(realm, U_CONSTANT_TO_PARAM("realm"), 0, 15, 22);
- if (realm != "10_piazze" &&
- realm != "auth_service")
+ if (realm.empty())
{
- USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Errore Autorizzazione - dominio sconosciuto");
+ USSIPlugIn::setMessagePage(*message_page_template, "Errore", "Errore Autorizzazione - dominio vuoto");
return;
}
@@ -3844,144 +3977,172 @@ static void POST_login_request()
return;
}
- if (askToLDAP(0, "Utente e/o Password errato/i", "Credenziali errate!",
- "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
- U_STRING_TO_TRACE(*wiauth_card_basedn),
- U_STRING_TO_TRACE(*ldap_card_param),
- U_STRING_TO_TRACE(*uid)) == false)
- {
- return;
- }
-
- UString password_on_ldap = (*table)["waPassword"]; // waPassword: {MD5}ciwjVccK0u68vqupEXFukQ==
+ U_INTERNAL_DUMP("realm = %.*S", U_STRING_TO_TRACE(realm))
- if (U_STRNEQ(password_on_ldap.data(), "{MD5}") == false)
+ if (realm.equal(U_CONSTANT_TO_PARAM("all")) == false)
{
- // if realm is 'auth_service' and not MD5 password check credential by AUTH command...
-
- if (realm == "10_piazze")
+ if (fmt_auth_cmd->empty() ||
+ runAuthCmd(uid->c_str(), password.c_str(), realm.c_str()) == false)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
-
return;
}
- if (runAuthCmd(uid->c_str(), password.c_str()) == false) return;
+ *policy = *(realm.equal(U_CONSTANT_TO_PARAM("firenzecard"))
+ ? policy_traffic
+ : policy_daily);
- *policy = *policy_daily;
*auth_domain = U_STRING_FROM_CONSTANT("AUTH_") + UStringExt::trim(*output);
+
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
}
else
{
- UString passwd(33U);
-
- // Check 1: Wrong user and/or password
-
- UServices::generateDigest(U_HASH_MD5, 0, (unsigned char*)U_STRING_TO_PARAM(password), passwd, true);
-
- if (strncmp(password_on_ldap.c_pointer(U_CONSTANT_SIZE("{MD5}")), U_STRING_TO_PARAM(passwd)))
+ if (askToLDAP(0, 0, 0, "ldapsearch -LLL -b %.*s %.*s waLogin=%.*s",
+ U_STRING_TO_TRACE(*wiauth_card_basedn), U_STRING_TO_TRACE(*ldap_card_param), U_STRING_TO_TRACE(*uid)) == -1)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
-
return;
}
- // Check 2: Activation required
+ UString password_on_ldap = (*table)["waPassword"]; // waPassword: {MD5}ciwjVccK0u68vqupEXFukQ==
- if ((*table)["waUsedBy"].empty()) // waUsedBy: 3343793489
+ if (U_STRNEQ(password_on_ldap.data(), "{MD5}") == false)
{
- USSIPlugIn::setMessagePage(*message_page_template, "Attivazione non effettuata", "Per utilizzare il servizio e' richiesta l'attivazione");
+ // NB: realm is 'all' and we not have a MD5 password so we check credential by AUTH command...
- return;
- }
+ if (fmt_auth_cmd->empty() ||
+ runAuthCmd(uid->c_str(), password.c_str(), realm.c_str()) == false)
+ {
+ return;
+ }
- // Check 3: Card revoked
+ *policy = *policy_daily;
+ *auth_domain = U_STRING_FROM_CONSTANT("AUTH_") + UStringExt::trim(*output);
- if ((*table)["waRevoked"] != "FALSE") // waRevoked: FALSE
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ }
+ else
{
- USSIPlugIn::setMessagePage(*message_page_template, "Carta revocata", "La tua carta e' revocata!");
+ UString passwd(33U);
- return;
- }
+ // Check 1: Wrong user and/or password
- UString NOT_AFTER = (*table)["waNotAfter"]; // waNotAfter: 20371231235959Z
+ UServices::generateDigest(U_HASH_MD5, 0, (unsigned char*)U_STRING_TO_PARAM(password), passwd, true);
- if (NOT_AFTER.empty() == false)
- {
- // Check 4: Expired validity
+ if (strncmp(password_on_ldap.c_pointer(U_CONSTANT_SIZE("{MD5}")), U_STRING_TO_PARAM(passwd)))
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Utente e/o Password errato/i", "Credenziali errate!");
+
+ return;
+ }
+
+ // Check 2: Activation required
- if (UTimeDate::getSecondFromTime(NOT_AFTER.data(), true, "%4u%2u%2u%2u%2u%2uZ") <= u_now->tv_sec)
+ if ((*table)["waUsedBy"].empty()) // waUsedBy: 3343793489
{
- USSIPlugIn::setMessagePage(*message_page_template, "Validita' scaduta", "La tua validita' e' scaduta!");
+ USSIPlugIn::setMessagePage(*message_page_template, "Attivazione non effettuata", "Per utilizzare il servizio e' richiesta l'attivazione");
return;
}
- *auth_domain = U_STRING_FROM_CONSTANT("PASS_AUTH");
- }
- else
- {
- *auth_domain = U_STRING_FROM_CONSTANT("FIRST_PASS_AUTH");
+ // Check 3: Card revoked
- // Update card with a new generated waNotAfter
+ if ((*table)["waRevoked"] != "FALSE") // waRevoked: FALSE
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Carta revocata", "La tua carta e' revocata!");
- UString DN = (*table)["dn"], // dn: waCid=80e415bc-4be0-4385-85ee-970aa1f52ef6,ou=cards,o=unwired-portal
- VALIDITY = (*table)["waValidity"]; // waValidity: 0
+ return;
+ }
- if (VALIDITY == "0") NOT_AFTER = U_STRING_FROM_CONSTANT("20371231235959Z");
- else
+ UString NOT_AFTER = (*table)["waNotAfter"]; // waNotAfter: 20371231235959Z
+
+ if (NOT_AFTER.empty() == false)
{
- UTimeDate t;
+ // Check 4: Expired validity
+
+ if (UTimeDate::getSecondFromTime(NOT_AFTER.data(), true, "%4u%2u%2u%2u%2u%2uZ") <= u_now->tv_sec)
+ {
+ USSIPlugIn::setMessagePage(*message_page_template, "Validita' scaduta", "La tua validita' e' scaduta!");
- t.addDays(VALIDITY.strtol());
+ return;
+ }
- NOT_AFTER = t.strftime("%Y%m%d%H%M%SZ");
+ *auth_domain = U_STRING_FROM_CONSTANT("PASS_AUTH");
}
+ else
+ {
+ *auth_domain = U_STRING_FROM_CONSTANT("FIRST_PASS_AUTH");
- UString input(U_CAPACITY);
+ // Update card with a new generated waNotAfter
- input.snprintf("dn: %.*s\n"
- "changetype: modify\n"
- "add: waNotAfter\n"
- "waNotAfter: %.*s\n"
- "-",
- U_STRING_TO_TRACE(DN),
- U_STRING_TO_TRACE(NOT_AFTER));
+ UString DN = (*table)["dn"], // dn: waCid=80e415bc-4be0-4385-85ee-970aa1f52ef6,ou=cards,o=unwired-portal
+ VALIDITY = (*table)["waValidity"]; // waValidity: 0
- if (askToLDAP(&input, "Errore", "LDAP error", "ldapmodify -c %.*s", U_STRING_TO_TRACE(*ldap_card_param)) == false) return;
- }
+ if (VALIDITY == "0") NOT_AFTER = U_STRING_FROM_CONSTANT("20371231235959Z");
+ else
+ {
+ UTimeDate t;
- *policy = (*table)["waPolicy"]; // waPolicy: DAILY
+ t.addDays(VALIDITY.strtol());
- *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
- *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ NOT_AFTER = t.strftime("%Y%m%d%H%M%SZ");
+ }
+
+ UString input(U_CAPACITY);
+
+ input.snprintf("dn: %.*s\n"
+ "changetype: modify\n"
+ "add: waNotAfter\n"
+ "waNotAfter: %.*s\n"
+ "-",
+ U_STRING_TO_TRACE(DN),
+ U_STRING_TO_TRACE(NOT_AFTER));
+
+ if (askToLDAP(&input, "Errore", "LDAP error", "ldapmodify -c %.*s", U_STRING_TO_TRACE(*ldap_card_param)) <= 0) return;
+ }
+
+ *policy = (*table)["waPolicy"]; // waPolicy: DAILY
+
+ *user_DownloadRate = U_STRING_FROM_CONSTANT("0");
+ *user_UploadRate = U_STRING_FROM_CONSTANT("0");
+ }
}
if ( ip->empty() == false &&
- *ip != *client_address)
+ *ip != *client_address)
{
U_LOGGER("*** PARAM IP(%.*s) FROM AP(%.*s) IS DIFFERENT FROM CLIENT ADDRESS(%.*s) ***",
- U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*ap), U_STRING_TO_TRACE(*client_address));
+ U_STRING_TO_TRACE(*ip), U_STRING_TO_TRACE(*ap), U_STRING_TO_TRACE(*client_address));
}
- loadPolicy(*policy);
+ if (UServer_Base::bssl)
+ {
+ UString input(U_CAPACITY);
+ unsigned char key[16], hexdump[33];
- account->snprintf("%.*s:%.*s", U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(password));
+ UServices::generateKey(key, hexdump);
- UString signed_data = UDES3::signData("uid=%.*s&policy=%.*s&auth_domain=%.*s&account=%.*s&"
- "max_time=%.*s&max_traffic=%.*s&UserDownloadRate=%.*s&UserUploadRate=%.*s",
- U_STRING_TO_TRACE(*uid),
- U_STRING_TO_TRACE(*policy),
- U_STRING_TO_TRACE(*auth_domain),
- U_STRING_TO_TRACE(*account),
- U_STRING_TO_TRACE(*_time_available),
- U_STRING_TO_TRACE(*_traffic_available),
- U_STRING_TO_TRACE(*user_DownloadRate),
- U_STRING_TO_TRACE(*user_UploadRate));
+ input.snprintf("dn: waCookieId=%s, o=sessions\n"
+ "waCookieId: %s\n"
+ "objectClass: waSession\n"
+ "waFederatedUserId: %.*s@%.*s\n", // Ex: 3343793489@all
+ hexdump, hexdump, U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(realm));
- // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
+ if (askToLDAP(&input, "Errore", "LDAP error", "ldapadd -c %.*s", U_STRING_TO_TRACE(*ldap_session_param)) == 1)
+ {
+ UString cookie(200U);
- USSIPlugIn::setAlternativeRedirect("http://www.google.com/login_validate?%.*s", U_STRING_TO_TRACE(signed_data));
+ cookie.snprintf("WCID=%s; expires=%#12D; path=/login_request; domain=%.*s; secure;",
+ hexdump, u_now->tv_sec + (30L * U_ONE_DAY_IN_SECOND), U_STRING_TO_TRACE(*virtual_name));
+
+ UHTTP::addSetCookie(cookie);
+ }
+ }
+
+ account->snprintf("%.*s:%.*s", U_STRING_TO_TRACE(*uid), U_STRING_TO_TRACE(password));
+
+ sendLoginValidate(); // NB: in questo modo l'utente ripassa dal firewall e NoDog lo rimanda da noi (login_validate) con i dati rinnovati...
#endif
}
View
2  examples/form_completion/main.cpp
@@ -36,7 +36,7 @@ class Application : public UApplication {
(void) cfg.open(cfg_str);
- int LDAP_port = 0;
+ int LDAP_port;
UString var_env_name, scan_form, LDAP_host, LDAP_searchbase, password