747708973076ccfeabfec0a4519d9be72c091e00
10 int __plugin_api_version
= 1;
11 static struct pluginfuncs
*p
= 0;
13 static int iam_master
= 0; // We're all slaves! Slaves I tell you!
15 char *up_commands
[] = {
16 "iptables -t nat -N garden >/dev/null 2>&1", // Create a chain that all gardened users will go through
17 "iptables -t nat -F garden",
18 ". " PLUGINCONF
"/build-garden", // Populate with site-specific DNAT rules
19 "iptables -t nat -N garden_users >/dev/null 2>&1",// Empty chain, users added/removed by garden_session
20 "iptables -t nat -F garden_users",
21 "iptables -t nat -A PREROUTING -j garden_users", // DNAT any users on the garden_users chain
25 char *down_commands
[] = {
26 "iptables -t nat -F PREROUTING",
27 "iptables -t nat -F garden_users",
28 "iptables -t nat -X garden_users",
29 "iptables -t nat -F garden",
30 "iptables -t nat -X garden",
31 "rmmod iptable_nat ip_conntrack",
35 int garden_session(sessiont
*s
, int flag
);
37 int plugin_post_auth(struct param_post_auth
*data
)
39 // Ignore if user authentication was successful
40 if (data
->auth_allowed
) return PLUGIN_RET_OK
;
42 p
->log(3, 0, 0, 0, "Walled Garden allowing login\n");
43 data
->auth_allowed
= 1;
44 data
->s
->walled_garden
= 1;
48 int plugin_new_session(struct param_new_session
*data
)
51 return PLUGIN_RET_OK
; // Slaves don't do walled garden processing.
53 if (data
->s
->walled_garden
)
54 garden_session(data
->s
, 1);
59 int plugin_kill_session(struct param_new_session
*data
)
62 return PLUGIN_RET_OK
; // Slaves don't do walled garden processing.
64 if (data
->s
->walled_garden
)
65 garden_session(data
->s
, 0);
70 int plugin_control(struct param_control
*data
)
75 if (!iam_master
) // All garden processing happens on the master.
78 if (data
->type
!= PKT_GARDEN
&& data
->type
!= PKT_UNGARDEN
)
81 if (!data
->data
&& data
->data_length
)
84 session
= atoi((char*)(data
->data
));
88 data
->send_response
= 1;
89 s
= p
->get_session_by_id(session
);
92 char *errormsg
= "Session not connected";
93 *(short *)(data
->response
+ 2) = ntohs(PKT_RESP_ERROR
);
94 sprintf((data
->response
+ data
->response_length
), "%s", errormsg
);
95 data
->response_length
+= strlen(errormsg
) + 1;
97 p
->log(3, 0, 0, 0, "Unknown session %d\n", session
);
98 return PLUGIN_RET_STOP
;
100 *(short *)(data
->response
+ 2) = ntohs(PKT_RESP_OK
);
102 if (!(garden_session(s
, (data
->type
== PKT_GARDEN
))))
104 char *errormsg
= "User not connected";
105 *(short *)(data
->response
+ 2) = ntohs(PKT_RESP_ERROR
);
106 sprintf((data
->response
+ data
->response_length
), "%s", errormsg
);
107 data
->response_length
+= strlen(errormsg
) + 1;
110 return PLUGIN_RET_STOP
;
113 int plugin_become_master(void)
116 iam_master
= 1; // We just became the master. Wow!
118 for (i
= 0; up_commands
[i
] && *up_commands
[i
]; i
++)
120 p
->log(3, 0, 0, 0, "Running %s\n", up_commands
[i
]);
121 system(up_commands
[i
]);
124 return PLUGIN_RET_OK
;
127 // Called for each active session after becoming master
128 int plugin_new_session_master(sessiont
* s
)
130 if (s
->walled_garden
)
131 garden_session(s
, 1);
133 return PLUGIN_RET_OK
;
136 int garden_session(sessiont
*s
, int flag
)
141 if (!s
->opened
) return 0;
145 p
->log(2, 0, 0, s
->tunnel
, "Garden user %s (%s)\n", s
->user
, p
->inet_toa(htonl(s
->ip
)));
146 snprintf(cmd
, 2048, "iptables -t nat -A garden_users -s %s -j garden", p
->inet_toa(htonl(s
->ip
)));
147 p
->log(3, 0, 0, s
->tunnel
, "%s\n", cmd
);
149 s
->walled_garden
= 1;
157 p
->log(2, 0, 0, s
->tunnel
, "Un-Garden user %s (%s)\n", s
->user
, p
->inet_toa(htonl(s
->ip
)));
158 // Kick off any duplicate usernames
159 // but make sure not to kick off ourself
160 if (s
->ip
&& !s
->die
&& (other
= p
->get_session_by_username(s
->user
)) && s
!= p
->get_session_by_id(other
)) {
161 p
->sessionkill(other
, "Duplicate session when user released from walled garden");
163 /* Clean up counters */
164 s
->cin
= s
->cout
= 0;
165 s
->pin
= s
->pout
= 0;
167 snprintf(cmd
, 2048, "iptables -t nat -D garden_users -s %s -j garden", p
->inet_toa(htonl(s
->ip
)));
168 p
->log(3, 0, 0, s
->tunnel
, "%s\n", cmd
);
171 int status
= system(cmd
);
172 if (WEXITSTATUS(status
) != 0) break;
175 s
->walled_garden
= 0;
179 u16 r
= p
->radiusnew(p
->get_id_by_session(s
));
180 p
->radiussend(r
, RADIUSSTART
);
183 s
->walled_garden
= flag
;
187 int plugin_init(struct pluginfuncs
*funcs
)
197 if ((tables
= fopen("/proc/net/ip_tables_names", "r")))
200 while (fgets(buf
, sizeof(buf
), tables
) && !found_nat
)
201 found_nat
= !strcmp(buf
, "nat\n");
206 /* master killed/crashed? */
210 for (i
= 0; down_commands
[i
] && *down_commands
[i
]; i
++)
212 p
->log(3, 0, 0, 0, "Running %s\n", down_commands
[i
]);
213 system(down_commands
[i
]);
224 if (!iam_master
) // Never became master. nothing to do.
227 for (i
= 0; down_commands
[i
] && *down_commands
[i
]; i
++)
229 p
->log(3, 0, 0, 0, "Running %s\n", down_commands
[i
]);
230 system(down_commands
[i
]);