OpengateM Source Repository
| リビジョン | 58e834ab25ec26ee89066574c5b82c46d2546179 (tree) |
|---|---|
| 日時 | 2016-06-26 11:31:34 |
| 作者 | watanaby <watanaby@user...> |
| コミッター | watanaby |
removed flag for log option
conf/opengatemd.conf.sample (diff) conf/opengatemmng.conf.sample (diff)
html/en/macauthadmin.html (diff) html/en/macchk.html (diff) html/ja/macauthadmin.html (diff) html/ja/macchk.html (diff)
mdsrc/managementdb.c (diff)
mdsrc/opengatemd.h (diff) mngsrc/auth.c (diff) mngsrc/managementdb.c (diff) mngsrc/opengatemmng.h (diff)| @@ -92,9 +92,6 @@ | ||
| 92 | 92 | <!-- SQLite busy timeout (milli-seconds) --> |
| 93 | 93 | <SqliteBusyTimeout>100</SqliteBusyTimeout> |
| 94 | 94 | |
| 95 | - <!-- Save Log of session to Management DB (1:YES/0:NO) --> | |
| 96 | - <SaveLogToMngDb>1</SaveLogToMngDb> | |
| 97 | - | |
| 98 | 95 | <!-- SQLite database file --> |
| 99 | 96 | <!-- for opengatemd work --> |
| 100 | 97 | <SqliteDbMd>/tmp/opengatemd.db</SqliteDbMd> |
| @@ -23,16 +23,17 @@ | ||
| 23 | 23 | <Device>fxp0</Device> |
| 24 | 24 | |
| 25 | 25 | <!-- ### MUST BE MODIFIED ## --> |
| 26 | - <!-- auth server setting for administrators(watanaby,admin1,admin2) --> | |
| 26 | + <!-- auth server setting for Aadministrators(user1 user2) --> | |
| 27 | 27 | <AuthServer> |
| 28 | 28 | <UserType>admin</UserType> |
| 29 | 29 | <Protocol>pop3s</Protocol> |
| 30 | 30 | <Address>192.168.0.2</Address> |
| 31 | - <AcceptUsers>watanaby admin1 admin2</AcceptUsers> | |
| 31 | + <MailDomain>opengate.example.com</MailDomain> | |
| 32 | + <AcceptUsers>user1 user2</AcceptUsers> | |
| 32 | 33 | </AuthServer> |
| 33 | 34 | |
| 34 | 35 | <!-- ### MUST BE MODIFIED ## --> |
| 35 | - <!-- auth server setting for normal(not admin) users --> | |
| 36 | + <!-- auth server setting for Normal(not admin) users --> | |
| 36 | 37 | <AuthServer> |
| 37 | 38 | <Protocol>shibboleth</Protocol> |
| 38 | 39 | <UidAttribute>uid</UidAttribute> |
| @@ -0,0 +1,55 @@ | ||
| 1 | +<html> | |
| 2 | +<head> | |
| 3 | +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> | |
| 4 | +<title></title> | |
| 5 | +</head> | |
| 6 | +<body bgcolor="#EEFFEE"> | |
| 7 | +<center> | |
| 8 | + | |
| 9 | +<h2>Management of MAC Address Registration</h2> | |
| 10 | + | |
| 11 | +<p><a href="%%CGINAME%%?lang=ja&redirectedurl=%%REDIRECTEDURL%%">Japanese Page</a></p> | |
| 12 | + | |
| 13 | +<P><font size=+1>This is the page to manage MAC address of your | |
| 14 | +terminals. If you register this terminal, you can use the network | |
| 15 | +without password entry.</font></P> | |
| 16 | + | |
| 17 | +<P><font size=+1>To proceed, you are requested to be authenticated. | |
| 18 | +</font></P> | |
| 19 | + | |
| 20 | +<P><font size=+1>You will be authenticated with your user ID and | |
| 21 | +password. If you do not know your user ID and/or password, please consult CNC. | |
| 22 | +</font></P> | |
| 23 | + | |
| 24 | +<P> | |
| 25 | +Please enter <font color=red>Administrator's user ID and password</font> in the box below, then press SEND. | |
| 26 | +</P> | |
| 27 | + | |
| 28 | +<p><font color="red"> | |
| 29 | +%%ERRORLIST%% | |
| 30 | +</font></p> | |
| 31 | + | |
| 32 | +<P> | |
| 33 | +<form method="POST" action="%%CGINAME%%?lang=en&redirectedurl=%%REDIRECTEDURL%%"> | |
| 34 | +<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%"> | |
| 35 | + | |
| 36 | +<TABLE BORDER=0> | |
| 37 | +<TR NOWRAP> | |
| 38 | +<TD><strong>Administrator's User ID: </strong></TD><TD><INPUT TYPE="TEXT" SIZE=20 NAME="userid"></TD> | |
| 39 | +</TR><TR NOWRAP> | |
| 40 | +<TD><strong>Password: </strong></TD><TD><INPUT TYPE="PASSWORD" SIZE=20 NAME="password"></TD> | |
| 41 | +</TR><TR NOWRAP> | |
| 42 | +<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD> | |
| 43 | +</TR> | |
| 44 | +</TABLE> | |
| 45 | +</form> | |
| 46 | +</P> | |
| 47 | + | |
| 48 | +<p><font size=+1>If you have any questions, | |
| 49 | +please contact network administrator. | |
| 50 | +</center> | |
| 51 | + | |
| 52 | +<div align=right>Saga University</div> | |
| 53 | +</body> | |
| 54 | +</html> | |
| 55 | + |
| @@ -58,7 +58,7 @@ | ||
| 58 | 58 | try network access to confirm that the network for the terminal is closed. |
| 59 | 59 | </p></li> |
| 60 | 60 | <li><p> |
| 61 | - Load this page. If you already loaded, reload it. | |
| 61 | + Reload this page. | |
| 62 | 62 | </p></li> |
| 63 | 63 | <li><p> |
| 64 | 64 | The above is the list of addresses using this access point recently. |
| @@ -0,0 +1,55 @@ | ||
| 1 | +<html> | |
| 2 | +<head> | |
| 3 | +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | |
| 4 | +<title></title> | |
| 5 | +</head> | |
| 6 | +<body bgcolor="#EEFFEE"> | |
| 7 | +<center> | |
| 8 | + | |
| 9 | +<h2>利用者端末MACアドレス登録管理</h2> | |
| 10 | + | |
| 11 | +<p><a href="%%CGINAME%%?lang=en&redirectedurl=%%REDIRECTEDURL%%">English Page</a></p> | |
| 12 | + | |
| 13 | + | |
| 14 | +<P><font size=+1>ここは利用者端末のMACアドレスを登録管理するページです。 | |
| 15 | +端末を登録するとパスワード入力なしでネットワークを利用できます。 | |
| 16 | +</font></P> | |
| 17 | + | |
| 18 | +<P><font size=+1>登録管理に進むために利用資格の確認を行ってください。</font></P> | |
| 19 | + | |
| 20 | +<P><font size=+1>利用資格の確認には、ユーザ名とパスワードが必要です。自分のユーザ名やパスワードが解らない場合は、総合情報基盤センターに尋ねてください。</font></P> | |
| 21 | + | |
| 22 | +<P> | |
| 23 | +下の入力欄に、<font color=red>管理担当者のユーザIDとパスワード</font>を入力して、「送信」ボタンを押して下さい。 | |
| 24 | +</P> | |
| 25 | + | |
| 26 | + | |
| 27 | +<p><font color="red"> | |
| 28 | +%%ERRORLIST%% | |
| 29 | +</font></p> | |
| 30 | + | |
| 31 | +<P> | |
| 32 | +<form method="POST" action="%%CGINAME%%?lang=ja&redirectedurl=%%REDIRECTEDURL%%"> | |
| 33 | +<INPUT TYPE="HIDDEN" NAME="redirected_url" VALUE="%%REDIRECTEDURL%%"> | |
| 34 | + | |
| 35 | +<TABLE BORDER=0> | |
| 36 | +<TR NOWRAP> | |
| 37 | + <TD><strong>管理ユーザID:</strong></TD><TD><INPUT TYPE="TEXT" SIZE=20 NAME="userid"></TD> | |
| 38 | +</TR><TR NOWRAP> | |
| 39 | +<TD><strong>パスワード:</strong></TD><TD><INPUT TYPE="PASSWORD" SIZE=20 NAME="password"></TD> | |
| 40 | +</TR><TR NOWRAP> | |
| 41 | +<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" 送 信 "></TD> | |
| 42 | +</TR> | |
| 43 | +</TABLE> | |
| 44 | +</form> | |
| 45 | +</P> | |
| 46 | +<p> | |
| 47 | +<font size=+1>不明な点などがありましたら、ネットワーク管理者にお尋ねく | |
| 48 | +ださい。</font></p> | |
| 49 | +</center> | |
| 50 | + | |
| 51 | + | |
| 52 | +<div align=right>佐賀大学</div> | |
| 53 | + | |
| 54 | +</body> | |
| 55 | +</html> |
| @@ -57,7 +57,7 @@ | ||
| 57 | 57 | 登録を希望する端末で、この端末と同じアクセスポイントに接続して、ネットワークアクセスを試み、ネットワークが閉鎖していることを確認する。 |
| 58 | 58 | </p></li> |
| 59 | 59 | <li><p> |
| 60 | - このページを表示する。確認前に表示しているときはリロードを行う。 | |
| 60 | + このページをリロードする。 | |
| 61 | 61 | </p></li> |
| 62 | 62 | <li><p> |
| 63 | 63 | 上記の表は、同一アクセスポイントを最近利用した端末のアドレス一覧である。リストの先頭が最も最近に検出した端末である。 |
| @@ -29,7 +29,7 @@ Email: watanaby@is.saga-u.ac.jp | ||
| 29 | 29 | #include <mysql.h> |
| 30 | 30 | |
| 31 | 31 | static MYSQL mysql; |
| 32 | -static int saveLogToMngDb=0; | |
| 32 | +static int isSessionTableFoundInMngDb=TRUE; | |
| 33 | 33 | |
| 34 | 34 | /****************************************** |
| 35 | 35 | initialize management db |
| @@ -42,7 +42,6 @@ int initMngDb(void){ | ||
| 42 | 42 | char *password = GetConfValue("MySqlDb/Password"); |
| 43 | 43 | char *database = GetConfValue("MySqlDb/Database"); |
| 44 | 44 | my_bool reconnect; |
| 45 | - char *confStr; | |
| 46 | 45 | |
| 47 | 46 | /* initialize mysql */ |
| 48 | 47 | mysql_library_init(-1,NULL,NULL); |
| @@ -64,13 +63,9 @@ int initMngDb(void){ | ||
| 64 | 63 | reconnect = TRUE; |
| 65 | 64 | mysql_options(&mysql, MYSQL_OPT_RECONNECT, &reconnect); |
| 66 | 65 | |
| 67 | - /* read logmode flag from conf file and hold in a variable */ | |
| 68 | - confStr = GetConfValue("SaveLogToMngDb"); | |
| 69 | - if(isNull(confStr)) saveLogToMngDb = 0; /* no conf means no-log */ | |
| 70 | - else saveLogToMngDb = strtol(confStr, NULL, 2); | |
| 71 | - | |
| 72 | - /* adjust relation of logmode in conf and logtable in mngdb */ | |
| 73 | - AdjustLogModeAndLogTable(); | |
| 66 | + /* check existence of session table in management db(not work db) */ | |
| 67 | + /* if it is FALSE, writing/reading log is skipped */ | |
| 68 | + isSessionTableFoundInMngDb = IsTableFoundInMngDb("sessionmd"); | |
| 74 | 69 | |
| 75 | 70 | return TRUE; |
| 76 | 71 | } |
| @@ -137,8 +132,8 @@ int putOpenToMngDb(char* macAddress){ | ||
| 137 | 132 | char queryStr[BUFFMAXLN]; |
| 138 | 133 | struct utsname uts; |
| 139 | 134 | |
| 140 | - /* if session log table is not used, return */ | |
| 141 | - if(!saveLogToMngDb) return FALSE; | |
| 135 | + /* if session log table is not found, return */ | |
| 136 | + if(!isSessionTableFoundInMngDb) return FALSE; | |
| 142 | 137 | |
| 143 | 138 | /* get domain name */ |
| 144 | 139 | uname(&uts); |
| @@ -167,8 +162,8 @@ int putCloseToMngDb(char* macAddress){ | ||
| 167 | 162 | |
| 168 | 163 | char queryStr[BUFFMAXLN]; |
| 169 | 164 | |
| 170 | - /* if session log table is not used, return */ | |
| 171 | - if(!saveLogToMngDb) return FALSE; | |
| 165 | + /* if session log table is not found, return */ | |
| 166 | + if(!isSessionTableFoundInMngDb) return FALSE; | |
| 172 | 167 | |
| 173 | 168 | /* prepare query string */ |
| 174 | 169 | snprintf(queryStr, BUFFMAXLN, |
| @@ -193,8 +188,8 @@ int delOldSessionLogInMngDb(void){ | ||
| 193 | 188 | |
| 194 | 189 | char* queryStr="delete from sessionmd where closeTime>0 and closeTime<adddate(now(),interval -1 month)"; |
| 195 | 190 | |
| 196 | - /* if session log table is not used, return */ | |
| 197 | - if(!saveLogToMngDb) return FALSE; | |
| 191 | + /* if session log table is not found, return */ | |
| 192 | + if(!isSessionTableFoundInMngDb) return FALSE; | |
| 198 | 193 | |
| 199 | 194 | /* send SQL query */ |
| 200 | 195 | if (mysql_query(&mysql, queryStr)){ |
| @@ -330,45 +325,6 @@ int isTableFoundInMngDb(char* table){ | ||
| 330 | 325 | return found; |
| 331 | 326 | } |
| 332 | 327 | |
| 333 | -/****************************************** | |
| 334 | -set closeTime to unclosed sessions in mngdb | |
| 335 | -return value: 1=success, 0=error | |
| 336 | -******************************************/ | |
| 337 | -int updateCloseTimeToUnclosedSessionInMngDb(void){ | |
| 338 | - | |
| 339 | - char* queryStr="update sessionmd set closeTime=now() where closeTime=0"; | |
| 340 | - | |
| 341 | - /* send SQL query */ | |
| 342 | - if (mysql_query(&mysql, queryStr)){ | |
| 343 | - err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__, | |
| 344 | - mysql_error(&mysql)); | |
| 345 | - return FALSE; | |
| 346 | - } | |
| 347 | - | |
| 348 | - return TRUE; | |
| 349 | -} | |
| 350 | - | |
| 351 | -/********************************************************** | |
| 352 | -adjust the relation of logmode(SaveLogToMngDb) in conf file | |
| 353 | -and logtable(sessionmd) in management db | |
| 354 | -***********************************************************/ | |
| 355 | -void adjustLogModeAndLogTable(void){ | |
| 356 | - | |
| 357 | - /* check the existence of table sessionmd in management.db */ | |
| 358 | - int isSessionTableFoundInMngDb = IsTableFoundInMngDb("sessionmd"); | |
| 359 | - | |
| 360 | - /* if logmode=off and session table exists, cleanup all sessions */ | |
| 361 | - if(!saveLogToMngDb && isSessionTableFoundInMngDb){ | |
| 362 | - UpdateCloseTimeToUnclosedSessionInMngDb(); | |
| 363 | - } | |
| 364 | - | |
| 365 | - /* if logmode=on and session table does not exist, write error */ | |
| 366 | - if(saveLogToMngDb && !isSessionTableFoundInMngDb){ | |
| 367 | - err_msg("ERR at %s#%d: please create mysql table. sample script is found in archive", | |
| 368 | - __FILE__,__LINE__); | |
| 369 | - } | |
| 370 | -} | |
| 371 | - | |
| 372 | 328 | |
| 373 | 329 | /******************************************** |
| 374 | 330 | routines for debugging |
| @@ -444,16 +400,3 @@ int IsTableFoundInMngDb(char* table){ | ||
| 444 | 400 | return ret; |
| 445 | 401 | } |
| 446 | 402 | |
| 447 | -int UpdateCloseTimeToUnclosedSessionInMngDb(void){ | |
| 448 | - int ret; | |
| 449 | - if(debug>1) err_msg("DEBUG:=>updateCloseTimeToUnclosedSessionInMngDb()"); | |
| 450 | - ret = updateCloseTimeToUnclosedSessionInMngDb(); | |
| 451 | - if(debug>1) err_msg("DEBUG:(%d)<=updateCloseTimeToUnclosedSessionInMngDb()", ret); | |
| 452 | - return ret; | |
| 453 | -} | |
| 454 | - | |
| 455 | -void AdjustLogModeAndLogTable(void){ | |
| 456 | - if(debug>1) err_msg("DEBUG:=>adjustLogModeAndLogTable()"); | |
| 457 | - adjustLogModeAndLogTable(); | |
| 458 | - if(debug>1) err_msg("DEBUG:<=adjustLogModeAndLogTable()"); | |
| 459 | -} |
| @@ -179,8 +179,6 @@ int GetNextRecordFromWatchlistTableInMngDb(char* macAddress); | ||
| 179 | 179 | int IsAllFoundInWatchlistTable(void); |
| 180 | 180 | int DelOldSessionLogInMngDb(void); |
| 181 | 181 | int IsTableFoundInMngDb(char* table); |
| 182 | -int UpdateCloseTimeToUnclosedSessionInMngDb(void); | |
| 183 | -void AdjustLogModeAndLogTable(void); | |
| 184 | 182 | |
| 185 | 183 | /* workdb.c */ |
| 186 | 184 | int SetupSqliteBusyTimeoutValue(void); |
| @@ -184,7 +184,8 @@ int getUserId(char* requestStr, char* userId, char* extraId, char* language, int | ||
| 184 | 184 | |
| 185 | 185 | /* if all check is failed, put error */ |
| 186 | 186 | if(authResult==DENY){ |
| 187 | - SetMessage(NoInfoInDb); | |
| 187 | + SetMessage(NoInfoInDb); | |
| 188 | + if(userType==ADMINUSER) SetMessage(RequestAdminAuth); | |
| 188 | 189 | PutDenyToClient(language); |
| 189 | 190 | err_msg("DENY: user %s", useridfull); |
| 190 | 191 | } |
| @@ -491,7 +491,10 @@ int getNextUsageLogFromMngDb(char* userId, char* extraId, char* macAddr, char* d | ||
| 491 | 491 | /* set default values */ |
| 492 | 492 | macAddr[0]=deviceName[0]=openTime[0]=gatewayName[0]='\0'; |
| 493 | 493 | |
| 494 | - /* if do not get result yet */ | |
| 494 | + /* if session table is not found in management db, return */ | |
| 495 | + if(!IsTableFoundInMngDb("sessionmd")) return FALSE; | |
| 496 | + | |
| 497 | + /* if do not get result yet (if first call) */ | |
| 495 | 498 | if(res==NULL){ |
| 496 | 499 | |
| 497 | 500 | /* prepare query string */ |
| @@ -511,7 +514,8 @@ int getNextUsageLogFromMngDb(char* userId, char* extraId, char* macAddr, char* d | ||
| 511 | 514 | if (mysql_query(&mysql, queryStr)){ |
| 512 | 515 | |
| 513 | 516 | /* query error */ |
| 514 | - /* might be caused by <SaveLogToMngDb> setting in opengatemd.conf */ | |
| 517 | + err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__, | |
| 518 | + mysql_error(&mysql)); | |
| 515 | 519 | return FALSE; |
| 516 | 520 | } |
| 517 | 521 |
| @@ -815,6 +819,44 @@ int doesMacAddrBelongToUser(char* macAddr, char* userId, char* extraId){ | ||
| 815 | 819 | return exists; |
| 816 | 820 | } |
| 817 | 821 | |
| 822 | +/****************************************** | |
| 823 | +is found table in management db | |
| 824 | +input=table name | |
| 825 | +return value: 1=found,0=not found or error | |
| 826 | +******************************************/ | |
| 827 | +int isTableFoundInMngDb(char* table){ | |
| 828 | + MYSQL_RES *res; | |
| 829 | + MYSQL_ROW row; | |
| 830 | + int found=FALSE; | |
| 831 | + char queryStr[BUFFMAXLN]; | |
| 832 | + | |
| 833 | + /* if no table, return false */ | |
| 834 | + if(isNull(table)) return FALSE; | |
| 835 | + | |
| 836 | + /* prepare query string */ | |
| 837 | + snprintf(queryStr, BUFFMAXLN, | |
| 838 | + "show tables like '%s'", table); | |
| 839 | + | |
| 840 | + /* send SQL query */ | |
| 841 | + if (mysql_query(&mysql, queryStr)){ | |
| 842 | + err_msg("ERR at %s#%d: mysql query: %s",__FILE__,__LINE__, | |
| 843 | + mysql_error(&mysql)); | |
| 844 | + return ERROR; | |
| 845 | + } | |
| 846 | + res = mysql_use_result(&mysql); | |
| 847 | + | |
| 848 | + /* output table row */ | |
| 849 | + row = mysql_fetch_row(res); | |
| 850 | + | |
| 851 | + /* row==NULL means getting no record */ | |
| 852 | + if(row==NULL) found=FALSE; | |
| 853 | + else found=TRUE; | |
| 854 | + | |
| 855 | + mysql_free_result(res); | |
| 856 | + return found; | |
| 857 | +} | |
| 858 | + | |
| 859 | + | |
| 818 | 860 | /******************************************** |
| 819 | 861 | routines for debugging output |
| 820 | 862 | ********************************************/ |
| @@ -990,3 +1032,12 @@ int DoesMacAddrBelongToUser(char* macAddr, char* userId, char* extraId){ | ||
| 990 | 1032 | if(debug>1) err_msg("DEBUG:(%d)<=doesMacAddrBelongToUser( )",ret); |
| 991 | 1033 | return ret; |
| 992 | 1034 | } |
| 1035 | + | |
| 1036 | +int IsTableFoundInMngDb(char* table){ | |
| 1037 | + int ret; | |
| 1038 | + if(debug>1) err_msg("DEBUG:=>isTableFoundInMngDb(%s)", table); | |
| 1039 | + ret = isTableFoundInMngDb(table); | |
| 1040 | + if(debug>1) err_msg("DEBUG:(%d)<=isTableFoundInMngDb()", ret); | |
| 1041 | + return ret; | |
| 1042 | +} | |
| 1043 | + |
| @@ -197,6 +197,7 @@ int RenameMailAddressInMngDb(char* macAddr, char* mailStr); | ||
| 197 | 197 | int RegOrUpNobodyMacAddr(char* macAddress); |
| 198 | 198 | int IsMacAddrStatusInactiveInMngDb(char* macAddress); |
| 199 | 199 | int DoesMacAddrBelongToUser(char* macAddr, char* userId, char* extraId); |
| 200 | +int IsTableFoundInMngDb(char* table); | |
| 200 | 201 | |
| 201 | 202 | /* workdb.c */ |
| 202 | 203 | int SetupSqliteBusyTimeoutValue(void); |
Fork