/* walled garden */
-char const *cvs_id = "$Id: garden.c,v 1.16 2004-11-18 06:41:03 bodea Exp $";
+char const *cvs_id = "$Id: garden.c,v 1.23 2005-06-02 11:32:30 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
static struct pluginfuncs *p = 0;
"iptables -t nat -N garden_users >/dev/null 2>&1", // Empty chain, users added/removed by garden_session
"iptables -t nat -F garden_users",
"iptables -t nat -A PREROUTING -j garden_users", // DNAT any users on the garden_users chain
- "sysctl -w net.ipv4.ip_conntrack_max=256000 >/dev/null", // lots of entries
+ "sysctl -w net.ipv4.ip_conntrack_max=512000 >/dev/null", // lots of entries
NULL,
};
NULL,
};
-int garden_session(sessiont *s, int flag);
+#define F_UNGARDEN 0
+#define F_GARDEN 1
+#define F_CLEANUP 2
+
+int garden_session(sessiont *s, int flag, char *newuser);
int plugin_post_auth(struct param_post_auth *data)
{
// Ignore if user authentication was successful
if (data->auth_allowed) return PLUGIN_RET_OK;
- p->log(3, 0, 0, 0, "Walled Garden allowing login\n");
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel, "Walled Garden allowing login\n");
data->auth_allowed = 1;
data->s->walled_garden = 1;
return PLUGIN_RET_OK;
return PLUGIN_RET_OK; // Slaves don't do walled garden processing.
if (data->s->walled_garden)
- garden_session(data->s, 1);
+ garden_session(data->s, F_GARDEN, 0);
return PLUGIN_RET_OK;
}
return PLUGIN_RET_OK; // Slaves don't do walled garden processing.
if (data->s->walled_garden)
- garden_session(data->s, 0);
+ garden_session(data->s, F_CLEANUP, 0);
return PLUGIN_RET_OK;
}
char *plugin_control_help[] = {
" garden USER|SID Put user into the walled garden",
- " ungarden SID Release session from garden",
+ " ungarden SID [USER] Release session from garden",
0
};
if (!iam_master)
return PLUGIN_RET_NOTMASTER;
- flag = data->argv[0][0] != 'u';
+ flag = data->argv[0][0] == 'g' ? F_GARDEN : F_UNGARDEN;
- if (data->argc != 2)
+ if (data->argc < 2 || data->argc > 3 || (data->argc > 2 && flag == F_GARDEN))
{
data->response = NSCTL_RES_ERR;
- data->additional = "one argument required: username or session id";
+ data->additional = flag == F_GARDEN
+ ? "requires username or session id"
+ : "requires session id and optional username";
+
return PLUGIN_RET_STOP;
}
return PLUGIN_RET_STOP;
}
- garden_session(s, flag);
+ garden_session(s, flag, data->argc > 2 ? data->argv[2] : 0);
p->session_changed(session);
data->response = NSCTL_RES_OK;
for (i = 0; up_commands[i] && *up_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", up_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", up_commands[i]);
system(up_commands[i]);
}
int plugin_new_session_master(sessiont *s)
{
if (s->walled_garden)
- {
- s->walled_garden = 0;
- garden_session(s, 1);
- }
+ garden_session(s, F_GARDEN, 0);
return PLUGIN_RET_OK;
}
-int garden_session(sessiont *s, int flag)
+int garden_session(sessiont *s, int flag, char *newuser)
{
char cmd[2048];
+ sessionidt sess;
if (!s) return 0;
if (!s->opened) return 0;
- if (flag == 1)
+ sess = p->get_id_by_session(s);
+ if (flag == F_GARDEN)
{
- p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
- snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
- p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
+ p->log(2, sess, s->tunnel, "Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0));
+ snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0));
+ p->log(3, sess, s->tunnel, "%s\n", cmd);
system(cmd);
s->walled_garden = 1;
}
int count = 40;
// Normal User
- p->log(2, 0, 0, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
+ p->log(2, sess, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0));
+ if (newuser)
+ {
+ snprintf(s->user, MAXUSER, "%s", newuser);
+ p->log(2, sess, s->tunnel, " Setting username to %s\n", s->user);
+ }
+
// Kick off any duplicate usernames
// but make sure not to kick off ourself
if (s->ip && !s->die && (other = p->get_session_by_username(s->user)) && s != p->get_session_by_id(other)) {
p->sessionkill(other, "Duplicate session when user released from walled garden");
}
/* Clean up counters */
- s->cin = s->cout = 0;
s->pin = s->pout = 0;
+ s->cin = s->cout = 0;
+ s->cin_delta = s->cout_delta = 0;
+ s->cin_wrap = s->cout_wrap = 0;
- snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
- p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
+ snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0));
+ p->log(3, sess, s->tunnel, "%s\n", cmd);
while (--count)
{
int status = system(cmd);
s->walled_garden = 0;
- if (!s->die) {
+ if (flag != F_CLEANUP)
+ {
/* OK, we're up! */
- u16 r = p->radiusnew(p->get_id_by_session(s));
- p->radiussend(r, RADIUSSTART);
+ uint16_t r = p->radiusnew(p->get_id_by_session(s));
+ if (r) p->radiussend(r, RADIUSSTART);
}
}
- s->walled_garden = flag;
+
return 1;
}
int i;
for (i = 0; down_commands[i] && *down_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", down_commands[i]);
system(down_commands[i]);
}
}
for (i = 0; down_commands[i] && *down_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", down_commands[i]);
system(down_commands[i]);
}
}