OSDN > Developer > ycjing90 > Chambre > opengate > Commit

opengate
Fork

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Révision	12d35f62dd919a1c29a0cbb7acaa61a70fbb1e81 (tree)
l'heure	2013-04-01 10:13:58
Auteur	watanaby <>
Commiter	watanaby <>

Message de Log

Ver1.5.30 Added code to remove cookie at deny.

Change Summary

modified: opengate/conf/opengatesrv.conf.sample (diff)
modified: opengate/doc/Changes.html (diff)
modified: opengate/opengatesrv/comm-auth.c (diff)
modified: opengate/opengatesrv/comm-cgi.c (diff)
modified: opengate/opengatesrv/get-param.c (diff)
modified: opengate/opengatesrv/opengatesrv.h (diff)

Modification

--- a/opengate/conf/opengatesrv.conf.sample

+++ b/opengate/conf/opengatesrv.conf.sample

		@@ -224,19 +224,26 @@
224	224	entered as [userID@extraID] in userID field on auth page.
225	225
226	226	Each <ExtraSet> has conditions such as <.. ExtraId="aaa"> or
227		- <.. UserIdPattern="bbb">.
	227	+ <.. UserIdPattern="bbb">, or etc.
228	228	The conditions is compared with the string entered in
229	229	userID field.
230	230
231	231	When you set the condition as <.. ExtraId="aaa">,
232		- the string [any_user@aaa] is matched and the ExtraSet is used.
	232	+ [extraId] equal to [aaa] is matched (eg, xx@aaa).
233	233
234	234	When you set the condition as <.. UserIdPattern="bbb">,
235		- the string [any_bbb_any] is matched.
236		- UserIdPattern has the form of "POSIX Extended Regular Expression".
	235	+ [userId] including [bbb] is matched (eg, xbbbx@xx).
	236	+
	237	+ When you set the condition as <.. UserExtraPattern="bbb">,
	238	+ [userId@extraId] including [bbb] is matched (eg, xbbbx@xx, aa@xbbbx).
	239	+
	240	+ When you set the condition as <.. UserExtraPatternNot="bbb">,
	241	+ string NOT including [bbb] is matched.
	242	+
	243	+ Pattern has the form of "POSIX Extended Regular Expression".
237	244	Matching is insensitive to upper/lower case.
238	245
239		- The <ExtraSet> having both conditions is used when both are true.
	246	+ The <ExtraSet> having multi-conditions is used when both are true.
240	247	Omitted condition matched to every string.
241	248
242	249	The first matched <ExtraSet> is used, at existing many matched set.

--- a/opengate/doc/Changes.html

+++ b/opengate/doc/Changes.html

		@@ -737,752 +737,6 @@ Opengate History</H3>
737	737	Ver.1.5.25 at 2012.12.14
738	738	</DT><DD>
739	739	Fixed small bugs in http header and parameter[contributed by M.Tagawa].
740		- </DD>
741		-
742		- Ver.1.5.26 at 2012.12.19
743		- </DT><DD>
744		- Added sqlite3_busy_timeout to reduce db-lock error. Added
745		- error checks.
746		- </DD>
747		-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
748		-<HTML>
749		-<HEAD>
750		- <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
751		- <TITLE></TITLE>
752		-</HEAD>
753		-<BODY LANG="en-US" BGCOLOR="#fafff0" DIR="LTR">
754		-
755		-<H3>
756		-Opengate History</H3>
757		-<DL>
758		- <DT>Ver.0.10 at 1999.8.30
759		- </DT><DD>
760		- Initial Version. In this version, the Java applet is sent first and
761		- the applet accepts the password.
762		- </DD><DT>
763		- Ver.0.11 at 1999.9.19
764		- </DT><DD>
765		- Stable Version. Reformed program.
766		- </DD><DT>
767		- Ver.0.12 at 1999.11.2
768		- </DT><DD>
769		- Support firewalls IPF and IPFW.
770		- </DD><DT>
771		- Ver.0.20 at 1999.9.16
772		- </DT><DD>
773		- Abandoned version.
774		- </DD><DT>
775		- Ver.0.30 at 1999.10.16
776		- </DT><DD>
777		- Changed to accept password with CGI. IPF support is discarded.
778		- </DD><DT>
779		- Ver.0.31 at 1999.10.26
780		- </DT><DD>
781		- Reformed User Interface. Java applet shows own window.
782		- </DD><DT>
783		- Ver.0.32 at 1999.11.1
784		- </DT><DD>
785		- Support for IPF.
786		- </DD><DT>
787		- Ver.0.33 at 2000.6.17
788		- </DT><DD>
789		- Support for IP forwarding. Discarded IPF support.
790		- </DD><DT>
791		- Ver.0.40 at 2000.6.19
792		- </DT><DD>
793		- Support for multiple authentication servers.
794		- </DD><DT>
795		- Ver.0.41 at 2000.6.23
796		- </DT><DD>
797		- Added function to close firewall when no packets were passed for a
798		- set timespan.
799		- </DD><DT>
800		- Ver.0.42 at 2000.6.28
801		- </DT><DD>
802		- Added function to close firewall on abnormal server termination.
803		- </DD><DT>
804		- Ver.0.50 at 2000.12.11
805		- </DT><DD>
806		- Added function to exchange hello message with terminal. Firewall is
807		- closed, when the client does not reply. Java output is included in
808		- html window.
809		- </DD><DT>
810		- Ver.0.51 at 2000.12.22
811		- </DT><DD>
812		- Support for POP3 authentication.
813		- </DD><DT>
814		- Ver.0.52a at 2001.1.19
815		- </DT><DD>
816		- Exclusive execution of ipfw command. Deny multiple authentication
817		- requests from a terminal. Change the method to get Java connection
818		- address. Modified string sizes in the program. Many small
819		- modifications.
820		- </DD><DT>
821		- Ver.0.52b at 2001.1.24
822		- </DT><DD>
823		- Reformed UNP library.
824		- </DD><DT>
825		- Ver.0.52c at 2001.1.26
826		- </DT><DD>
827		- Added DEBUG flag. Modified Directory setting.
828		- </DD><DT>
829		- Ver.0.52d at 2001.1.30
830		- </DT><DD>
831		- Modified no packet time setting.
832		- </DD><DT>
833		- Ver.0.52e at 2001.2.5
834		- </DT><DD>
835		- Corrected wrong comment.
836		- </DD><DT>
837		- Ver.0.53a at 2001.2.7
838		- </DT><DD>
839		- Directory setting integrated in Makefile. Support for logging MAC
840		- address.
841		- </DD><DT>
842		- Ver.0.53b at 2001.2.8
843		- </DT><DD>
844		- Added check for empty userID or password.
845		- </DD><DT>
846		- Ver.0.53c at 2001.2.10
847		- </DT><DD>
848		- Replaced one accept window to two overlapping windows.
849		- </DD><DT>
850		- Ver.0.53d at 2001.2.13
851		- </DT><DD>
852		- Small modification on MAC address acquisition.
853		- </DD><DT>
854		- Ver.0.54a at 2001.2.15
855		- </DT><DD>
856		- Serious error (Ports destroyed during long execution) found and
857		- fixed.
858		- </DD><DT>
859		- Ver.0.55a at 2001.3.19
860		- </DT><DD>
861		- Show messages in JavaApplet field.
862		- </DD><DT>
863		- Ver.0.56a at 2001.3.29
864		- </DT><DD>
865		- Detached UNP library (Many modifications to source)
866		- </DD><DT>
867		- Ver.0.56b at 2001.4.14
868		- </DT><DD>
869		- Modified document. (No modification to source)
870		- </DD><DT>
871		- Ver.0.56c at 2001.4.24
872		- </DT><DD>
873		- Reformed HTML to improve authentication response time. (Modification
874		- to accept.html)
875		- </DD><DT>
876		- Ver.0.56d at 2001.4.29
877		- </DT><DD>
878		- Declaration of GPL. Added English documentation. (No modification to
879		- source)
880		- </DD><DT>
881		- Ver.0.57a at 2001.5.10
882		- </DT><DD>
883		- Removed loop in ipfw-delete. (Modification to comm-ipfw.c)
884		- </DD><DT>
885		- Ver.0.57b at 2001.5.11
886		- </DT><DD>
887		- Changed Lockout time for ipfw exec. (Modification to opengatesrv.h)
888		- </DD><DT>
889		- Ver.0.57c at 2001.5.25
890		- </DT><DD>
891		- Display message when Java/JavaScript is disabled. (Modification to
892		- accept.html)
893		- </DD><DT>
894		- Ver.0.57d at 2001.11.21
895		- </DT><DD>
896		- Changed timeout values (Modification to opengatesrv.h)
897		- </DD><DT>
898		- Ver.0.57e at 2002.2.13
899		- </DT><DD>
900		- Fixed redirect error in IE (Modification to topindex.html)
901		- </DD><DT>
902		- Ver.0.60a at 2002.6.17
903		- </DT><DD>
904		- Added authentication protocols: RADIUS, PAM, POP3S (Modifications:
905		- Makefile, comm-auth.c, utilities.c, opengatesrv.h, opengatesrv.conf.
906		- Additions: auth-pam.c, auth-pop3s.c, auth-rad.c)
907		- </DD><DT>
908		- Ver.0.60b at 2002.6.18
909		- </DT><DD>
910		- Added comments.
911		- </DD><DT>
912		- Ver.0.70a at 2002.6.19
913		- </DT><DD>
914		- Modified to control multi-language environment (Modifications:
915		- Makefile, comm-cgi.c *.html Opengate.java)
916		- </DD><DT>
917		- Ver.0.71a at 2002.6.24
918		- </DT><DD>
919		- Refined installation procedure (Modifications: Makefile, comm-cgi.c
920		- *.html)
921		- </DD><DT>
922		- Ver.0.72a at 2002.7.1
923		- </DT><DD>
924		- Messages are terminated with CR and LF (Modifications: comm-cgi.c
925		- Opengate.java)
926		- </DD><DT>
927		- Ver.0.73a at 2002.7.4
928		- </DT><DD>
929		- Added jar (java archive) file, modified some documents
930		- (Modifications: comm-cgi.c Makefile Add: Opengate.jar)
931		- </DD><DT>
932		- Ver.0.73b at 2002.7.10
933		- </DT><DD>
934		- Recovery of error messages added in Ver.0.57c but forgotten in
935		- Ver.0.70a (Modifications: accept.html)
936		- </DD><DT>
937		- Ver.0.73c at 2002.7.12
938		- </DT><DD>
939		- Changed some documents
940		- </DD><DT>
941		- Ver.0.73d at 2002.7.15
942		- </DT><DD>
943		- More careful detaching from web server. (Modifications: main.c
944		- comm-cgi.c)
945		- </DD><DT>
946		- Ver.0.73e at 2002.8.7
947		- </DT><DD>
948		- Fixed a serious bug in java applet introduced in Ver.0.70a. The
949		- applet did not return hello to hello request in English message
950		- mode.(Modifications: Opengate.java) Save index.html created during
951		- web server installation. (Modifications: Makefile)
952		- </DD><DT>
953		- Ver.0.80a at 2002.8.19
954		- </DT><DD>
955		- Added Perl script for more flexible firewall control (Modifications:
956		- main.c comm-ipfw.c opengatesrv.h Makefile, Additions:
957		- conf/opengatefw.pl) Fixed a small mistake in debug mode
958		- (Modifications: auth-pam.c) Modified installation procedure.
959		- Opengate directory can be set in Makefile (Modifications: Makefile,
960		- *.html). Added document to describe the system flow (Additions:
961		- doc/progflow.html).
962		- </DD><DT>
963		- Ver.0.80b at 2002.8.26
964		- </DT><DD>
965		- Fixed a bug for checking overlapping requests (Modifications:
966		- comm-ipfw.c)
967		- </DD><DT>
968		- Ver.0.81a at 2002.8.26
969		- </DT><DD>
970		- Added link to close network in No-java mode (Modifications:
971		- accept.html, Makefile, comm-cgi.c, comm-java.c, main.c
972		- ,opengatesrv.h)
973		- </DD><DT>
974		- Ver.0.81b at 2002.8.27
975		- </DT><DD>
976		- Removed userid from terminate link string (Modifications:
977		- comm-cgi.c, comm-java.c), Modified accept page design
978		- (Modifications: accept.html)
979		- </DD><DT>
980		- Ver.0.81c at 2002.9.5
981		- </DT><DD>
982		- Faulted Version. Removed.
983		- </DD><DT>
984		- Ver.0.81d at 2002.9.9
985		- </DT><DD>
986		- Fixed a mistake in URL string in HTML file. (Modifications:
987		- ja/accept.html) Removed reference HTML document from archive. Added
988		- description for maxuser=0 in installation document.
989		- </DD><DT>
990		- Ver.0.81e at 2002.9.10
991		- </DT><DD>
992		- Added checking for execl failure (Modifications: comm-ipfw.c,
993		- comm-arp.c, main.c)
994		- </DD><DT>
995		- Ver.0.82a at 2002.9.25
996		- </DT><DD>
997		- Added skeleton routine to get user properties (Modifications:
998		- opengatesrv.h, Makefile, main.c, comm-ipfw.c, opengatefw.pl,
999		- Additions: comm-userdb.c)
1000		- </DD><DT>
1001		- Ver.0.83a at 2002.10.7
1002		- </DT><DD>
1003		- Do not permit reply to hello more than once (Modifications:
1004		- comm-java.c, opengatesrv.h)
1005		- </DD><DT>
1006		- Ver.0.83b at 2003.1.6
1007		- </DT><DD>
1008		- Add documentation about maximum number of TCP connections
1009		- (Modifications: install.html, install-e.html)
1010		- </DD><DT>
1011		- Ver.0.90a at 2003.5.6
1012		- </DT><DD>
1013		- Added duration input field in auth page, allowing prolonged usage
1014		- without java. To cope with hijacking and notting, mac-address and
1015		- packet-count are checked periodically. (Modifications: index.html,
1016		- index-ssl.html, accept.html, comm-cgi.c comm-java.c, comm-arp.c,
1017		- main.c, opengatesrv.h)
1018		- </DD><DT>
1019		- Ver.0.90b at 2003.5.7
1020		- </DT><DD>
1021		- Reset the DEBUG option. It was left out in the previous
1022		- version.(Modification: opengatesrv.h)
1023		- </DD><DT>
1024		- Ver.0.90c at 2003.5.15
1025		- </DT><DD>
1026		- Simplified the logic. (Modification: comm-java.c)
1027		- </DD><DT>
1028		- Ver.0.90d at 2003.8.27
1029		- </DT><DD>
1030		- Changed message in auth page. (Modification: index.html,
1031		- index-ssl.html)
1032		- </DD><DT>
1033		- Ver.0.90e at 2003.9.24
1034		- </DT><DD>
1035		- Display (firewall-rule-Number,userID,IPaddress) in process
1036		- title.(Modification: main.c)
1037		- </DD><DT>
1038		- Ver.0.90f at 2003.9.25
1039		- </DT><DD>
1040		- Added documentation (Modification: errcheck.html,errcheck-e.html)
1041		- </DD><DT>
1042		- Ver.0.90g at 2003.11.28
1043		- </DT><DD>
1044		- Fixed PAM-include error occurred on FreeBSD 5 (Modification:
1045		- auth-pam.c)
1046		- </DD><DT>
1047		- Ver.0.90h at 2003.12.8
1048		- </DT><DD>
1049		- Fixed Applet-NoReply error occurring in some browsers when removing
1050		- applet page. Modified install document (Modification: Opengate.java
1051		- and the compiled files, install.html,install-e.html)
1052		- </DD><DT>
1053		- Ver.0.90i at 2003.12.16
1054		- </DT><DD>
1055		- Modified parameters and documentation (Modification: opengatesrv.h,
1056		- makefile, index.html, index-ssl.html, accept.html, accept2.html,
1057		- install.html, install-e.html, qa.html, qa-e.html, errcheck.html,
1058		- errcheck-e.html)
1059		- </DD><DT>
1060		- Ver.0.90j at 2004.9.21
1061		- </DT><DD>
1062		- Fixed communication error occurring on some pop3/pop3s servers
1063		- (Modification: comm-auth.c, auth-pop3s.c)
1064		- </DD><DT>
1065		- Ver.0.90k at 2005.2.3
1066		- </DT><DD>
1067		- Added links to accept.html to cope with pop-up-blocked and
1068		- java-optional browser (Modification: accept.html)
1069		- </DD><DT>
1070		- Ver.0.90l at 2005.2.4
1071		- </DT><DD>
1072		- Fixed communication error with ftpserver sending back multi-line
1073		- greeting. Added error reporting code for fork/exec
1074		- (Modification:comm-auth.c, comm-ipfw.c)
1075		- </DD><DT>
1076		- Ver.0.90m at 2005.2.7
1077		- </DT><DD>
1078		- Added error check code for ipfw response (Modification:comm-ipfw.c)
1079		- </DD><DT>
1080		- Ver.0.90n at 2005.3.21
1081		- </DT><DD>
1082		- Added no-cache option to authentication pages
1083		- (Modification:index.html, index-ssl.html)
1084		- </DD><DT>
1085		- Ver.1.0.0 at 2005.5.21
1086		- </DT><DD>
1087		- Stable version is released (Modification: README)
1088		- </DD><DT>
1089		- Ver.1.1.0 at 2005.5.27
1090		- </DT><DD>
1091		- Added many parameters in conf file. Added test-programs. (Addition:
1092		- get-param.c,test-get-param.c,test-comm-auth.c,test-comm-ipfw.c,test-comm-java.c,test-console.sh
1093		- Modification:
1094		- README,main.c,comm-auth.c,comm-ipwf.c,comm-java.c,Makefile)
1095		- </DD><DT>
1096		- Ver.1.1.1 and 1.0.1 at 2005.5.30
1097		- </DT><DD>
1098		- Recompiled Java Applet with option '-target 1.1' to be compatible
1099		- with MicrosoftVM (Modification: Opengate.class,
1100		- OpengateClient.class, Opengate.jar)
1101		- </DD><DT>
1102		- Ver.1.1.2 at 2005.7.13
1103		- </DT><DD>
1104		- Commented out server parameter setting in config file
1105		- (modification:opengatesrv.conf)
1106		- </DD><DT>
1107		- Ver.1.1.3 at 2005.12.1
1108		- </DT><DD>
1109		- Fixed error when executing the child process. Thanks to K.Eguchi and
1110		- S.Uematsu (modification:comm-java.c, opengatefw.pl)
1111		- </DD><DT>
1112		- Ver.1.2.0 at 2005.12.2
1113		- </DT><DD>
1114		- Added IPv6 support [contributed by K.Eguchi]
1115		- </DD><DT>
1116		- Ver.1.2.1 at 2005.12.15
1117		- </DT><DD>
1118		- Changed NDP command option to be recognized by new NDP [contributed
1119		- by K.Eguchi]
1120		- </DD><DT>
1121		- Ver.1.2.2 at 2006.1.6
1122		- </DT><DD>
1123		- Fixed error occurring when a cgi has no argument. Added MRTG
1124		- function [contributed by K.Eguchi]
1125		- </DD><DT>
1126		- Ver.1.1.4 and Ver.1.2.3 at 2006.2.2
1127		- </DT><DD>
1128		- Added FTPS authentication.
1129		- </DD><DT>
1130		- Ver.1.2.4 at 2006.3.14
1131		- </DT><DD>
1132		- Modified documentation and comments.
1133		- </DD><DT>
1134		- Ver.1.3.0 at 2006.3.22
1135		- </DT><DD>
1136		- Changed address acquisition method for IPv4/IPv6 dual stack and
1137		- others.
1138		- </DD><DT>
1139		- Ver.1.3.1 at 2006.3.27
1140		- </DT><DD>
1141		- Simplified logic. Modified rulechk script.
1142		- </DD><DT>
1143		- Ver.1.3.2 at 2006.4.3
1144		- </DT><DD>
1145		- Changed Config file to XML form. Almost all parameters can now be
1146		- set in the file.
1147		- </DD><DT>
1148		- Ver.1.3.3 at 2006.4.7
1149		- </DT><DD>
1150		- Put back syslog setting to fixed value, and some bugs were fixed.
1151		- </DD><DT>
1152		- Ver.1.3.4 at 2006.4.11
1153		- </DT><DD>
1154		- Changed accept page description.
1155		- </DD><DT>
1156		- Ver.1.3.5 at 2006.4.13
1157		- </DT><DD>
1158		- Modified the errcheck and qa documentation. Added time information
1159		- in address encoding. Added retry information page.
1160		- </DD><DT>
1161		- Ver.1.3.6 at 2006.4.14
1162		- </DT><DD>
1163		- Changed syslog setting to config file, and some bugs were fixed.
1164		- </DD><DT>
1165		- Ver.1.3.7 at 2006.4.20
1166		- </DT><DD>
1167		- Added code and info to cope with abnormal actions, and some bugs
1168		- were fixed.
1169		- </DD><DT>
1170		- Ver.1.3.8 at 2006.4.26
1171		- </DT><DD>
1172		- Added code to remove overlapping rules and processes.
1173		- </DD><DT>
1174		- Ver.1.3.9 at 2006.4.27
1175		- </DT><DD>
1176		- Modified Java Applet to display long message.
1177		- </DD><DT>
1178		- Ver.1.3.10 at 2006.5.1
1179		- </DT><DD>
1180		- Added userID pattern-match function. Fixed bug when checking
1181		- parameters.
1182		- </DD><DT>
1183		- Ver.1.3.11 at 2006.5.3
1184		- </DT><DD>
1185		- Added code to match the duration max value in conf file with auth
1186		- page.
1187		- </DD><DT>
1188		- Ver.1.3.12 at 2006.5.12
1189		- </DT><DD>
1190		- Changed link in deny page from external site to auth page.
1191		- </DD><DT>
1192		- Ver.1.3.13 at 2006.5.17
1193		- </DT><DD>
1194		- Use FILE and LINE macro in error message. Fixed abnormal termination
1195		- bugs.
1196		- </DD><DT>
1197		- Ver.1.3.14 at 2006.5.23
1198		- </DT><DD>
1199		- Removed close-error message. Modified QA document.
1200		- </DD><DT>
1201		- Ver.1.3.15 at 2006.10.14
1202		- </DT><DD>
1203		- Fixed browser's long waiting after sending accept page and other
1204		- small bugs.
1205		- </DD><DT>
1206		- Ver.1.4.0 at 2006.10.16
1207		- </DT><DD>
1208		- Added client watch to http keep-alive, which is the alternative to
1209		- the watch with java applet. Use carefully, as this is a preliminary
1210		- release.
1211		- </DD><DT>
1212		- Ver.1.4.1 at 2006.10.18
1213		- </DT><DD>
1214		- Changed JavaScript to run on some systems.
1215		- </DD><DT>
1216		- Ver.1.4.2 at 2006.10.19
1217		- </DT><DD>
1218		- Ignore Http watch mode on HTTP/1.0 browser.
1219		- </DD><DT>
1220		- Ver.1.4.3 at 2006.10.20
1221		- </DT><DD>
1222		- Moved JavaScript from html-file to external js-file. Modified some
1223		- messages.
1224		- </DD><DT>
1225		- Ver.1.4.4 at 2006.10.25
1226		- </DT><DD>
1227		- Added automatic start of java applet on failing http keep-alive.
1228		- Modified http-get format. Added session-id. Fixed read bug.
1229		- </DD><DT>
1230		- Ver.1.4.5 at 2006.10.28
1231		- </DT><DD>
1232		- Added function to indicate disable clients for http/java watch.
1233		- </DD><DT>
1234		- Ver.1.4.6 at 2006.11.11
1235		- </DT><DD>
1236		- Changed dir mode to install properly. Added mac check. Fixed small
1237		- bugs.
1238		- </DD><DT>
1239		- Ver.1.4.7 at 2006.11.18
1240		- </DT><DD>
1241		- Fixed small bugs and modified pages. Added processing time
1242		- measurement for research.
1243		- </DD><DT>
1244		- Ver.1.4.8 at 2006.11.19
1245		- </DT><DD>
1246		- Fixed small bugs and modified pages and measurement items.
1247		- </DD><DT>
1248		- Ver.1.4.9 at 2006.12.20
1249		- </DT><DD>
1250		- Changed hello timing control from client side to server side.
1251		- </DD><DT>
1252		- Ver.1.4.10 at 2006.12.26
1253		- </DT><DD>
1254		- Changed parameter's name and value in config file.
1255		- </DD><DT>
1256		- Ver.1.4.11 at 2007.2.2
1257		- </DT><DD>
1258		- Added ldap/ldaps authentication. Fixed malfunction in exceptional
1259		- terminals.
1260		- </DD><DT>
1261		- Ver.1.4.12 at 2007.2.4
1262		- </DT><DD>
1263		- Removed watch-mode selection in authentication page.
1264		- </DD><DT>
1265		- Ver.1.4.13 at 2007.2.17
1266		- </DT><DD>
1267		- Added change to select time watch mode when the duration value is
1268		- entered.
1269		- </DD><DT>
1270		- Ver.1.4.14 at 2007.3.2
1271		- </DT><DD>
1272		- Fixed bug when IPv6 disabled. Shortened the default duration for
1273		- time watch mode.
1274		- </DD><DT>
1275		- Ver.1.4.15 at 2007.3.22
1276		- </DT><DD>
1277		- Fixed bug when dumping micro-second time information.
1278		- </DD><DT>
1279		- Ver.1.4.16 at 2007.4.16
1280		- </DT><DD>
1281		- Fixed bug for delayed favicon.ico request, occurring on IE7.
1282		- </DD><DT>
1283		- Ver.1.4.17 at 2007.4.18
1284		- </DT><DD>
1285		- Refined the bug fix of favicon.ico error.
1286		- </DD><DT>
1287		- Ver.1.4.18 at 2007.4.23
1288		- </DT><DD>
1289		- Added favicon.ico installation.
1290		- </DD><DT>
1291		- Ver.1.4.19 at 2007.5.24
1292		- </DT><DD>
1293		- Modified control of favicon.ico.
1294		- </DD><DT>
1295		- Ver.1.4.20 at 2007.6.1
1296		- </DT><DD>
1297		- Modified web pages to guide the users in the right direction.
1298		- </DD><DT>
1299		- Ver.1.4.21 at 2007.6.14
1300		- </DT><DD>
1301		- Modified Makefile and install document. Abort when unloading the
1302		- httpkeep page.
1303		- </DD><DT>
1304		- Ver.1.4.22 at 2007.6.26
1305		- </DT><DD>
1306		- Removed ipfw pass rule for established packets.
1307		- </DD><DT>
1308		- Ver.1.4.23 at 2007.7.2
1309		- </DT><DD>
1310		- Added config setting for multiple auth servers and auth server
1311		- timeout.
1312		- </DD><DT>
1313		- Ver.1.4.24 at 2007.11.28
1314		- </DT><DD>
1315		- Added seteuid control. Show auto time setting in auth page.
1316		- </DD><DT>
1317		- Ver.1.4.25 at 2007.12.21
1318		- </DT><DD>
1319		- Fixed typo in Makefile (change from Lockfile to LockFile).
1320		- </DD><DT>
1321		- Ver.1.4.26 at 2008.2.29
1322		- </DT><DD>
1323		- Fixed error on 64 bit machine.
1324		- </DD><DT>
1325		- Ver.1.4.27 at 2008.3.3
1326		- </DT><DD>
1327		- Fixed error when setting the default pam service name. Fixed
1328		- previous fix.
1329		- </DD><DT>
1330		- Ver.1.4.28 at 2008.3.8
1331		- </DT><DD>
1332		- Fixed error in pam authentication.
1333		- </DD><DT>
1334		- Ver.1.4.29 at 2008.3.17
1335		- </DT><DD>
1336		- Added code to perl script to prevent multiple logins.
1337		- </DD><DT>
1338		- Ver.1.4.30 at 2008.3.18
1339		- </DT><DD>
1340		- Fixed error in tools/mrtg.
1341		- </DD><DT>
1342		- Ver.1.4.31 at 2008.4.10
1343		- </DT><DD>
1344		- Modified ReconnectTimeout value in conf to fix disconnection issue
1345		- in some browsers.
1346		- </DD><DT>
1347		- Ver.1.4.32 at 2008.5.22
1348		- </DT><DD>
1349		- Fixed segmentation-fault in opengatefwd.
1350		- </DD><DT>
1351		- Ver.1.4.33 at 2008.5.29
1352		- </DT><DD>
1353		- Fixed install documentation.
1354		- </DD><DT>
1355		- Ver.1.4.34 at 2008.6.27
1356		- </DT><DD>
1357		- Removed ip6fw from default.
1358		- </DD><DT>
1359		- Ver.1.4.35 at 2008.7.9
1360		- </DT><DD>
1361		- Fixed browser's hangup on closing.
1362		- </DD><DT>
1363		- Ver.1.4.36 at 2008.7.17
1364		- </DT><DD>
1365		- Changed value of ActiveCheckInterval. Modified install.html.
1366		- </DD><DT>
1367		- Ver.1.4.37 at 2009.8.18
1368		- </DT><DD>
1369		- Fixed Radius error.
1370		- </DD><DT>
1371		- Ver.1.4.38 at 2009.8.28
1372		- </DT><DD>
1373		- Modified english document.(No modification to source) [Contiributed by M. Hawk]
1374		- </DD><DT>
1375		- Ver.1.5.0 at 2009.9.11
1376		- </DT><DD>
1377		- Removed JavaApplet mode. Removed ip6fw command.
1378		- Added firewall tag rule. Added Sqlite3 database.
1379		- Added cookie authentication.
1380		- Added function to return to requested url.
1381		- Use carefully, as this is a preliminary release.
1382		- </DD><DT>
1383		- Ver.1.5.1 at 2009.9.15
1384		- </DT><DD>
1385		- Modified english document. Removed disabled item in conf file.
1386		- </DD><DT>
1387		- Ver.1.5.2 at 2009.10.4
1388		- </DT><DD>
1389		- Fixed malfunctions caused by remaining cookie and null http_host.
1390		- </DD><DT>
1391		- Ver.1.5.3 at 2009.10.19
1392		- </DT><DD>
1393		- Fixed mutex error in sqlite3.
1394		- </DD><DT>
1395		- Ver.1.5.4 at 2009.10.20
1396		- </DT><DD>
1397		- Fixed error in perl script parameter.
1398		- </DD><DT>
1399		- Ver.1.5.5 at 2010.4.1
1400		- </DT><DD>
1401		- Fixed error in ldap on AMD machine [contributed by K.Iwao].
1402		- Modified install.html.
1403		- </DD><DT>
1404		- Ver.1.5.6 at 2011.4.1
1405		- </DT><DD>
1406		- Fixed error in pop3s and ftps.
1407		- Changed Japanese char-code from jis to utf-8.
1408		- </DD><DT>
1409		- Ver.1.5.7 at 2011.4.20
1410		- </DT><DD>
1411		- Fixed error in tools/rulechk [contributed by S.Horikawa].
1412		- </DD><DT>
1413		- Ver.1.5.8 at 2011.5.9
1414		- </DT><DD>
1415		- Fixed error on arp entry expiring [contributed by S.Horikawa].
1416		- </DD><DT>
1417		- Ver.1.5.9 at 2011.5.13
1418		- </DT><DD>
1419		- Fixed errors at including many cookies and in retry.html [contributed by S.Horikawa].
1420		- </DD><DT>
1421		- Ver.1.5.10 at 2011.5.25
1422		- </DT><DD>
1423		- Fixed error on needless connections [contributed by S.Horikawa].
1424		- </DD><DT>
1425		- Ver.1.5.11 at 2011.5.27
1426		- </DT><DD>
1427		- Fixed error on requesting favicon [contributed by S.Horikawa].
1428		- </DD><DT>
1429		- Ver.1.5.12 at 2011.6.16
1430		- </DT><DD>
1431		- Fixed error on reconnecting [contributed by S.Horikawa].
1432		- </DD><DT>
1433		- Ver.1.5.13 at 2011.9.29
1434		- </DT><DD>
1435		- Added Shibboleth/HttpBasic authentication.
1436		- </DD><DT>
1437		- Ver.1.5.14 at 2011.10.4
1438		- </DT><DD>
1439		- Added detection of NAT/Router using opengatemd
1440		- </DD><DT>
1441		- Ver.1.5.15 at 2011.12.23
1442		- </DT><DD>
1443		- Modified Shibboleth authentication to get IdP info.
1444		- </DD><DT>
1445		- Ver.1.5.16 at 2012.1.18
1446		- </DT><DD>
1447		- Added retry on accidental disconnection.
1448		- Added userid as comment on ipfw rule
1449		- </DD><DT>
1450		- Ver.1.5.17 at 2012.2.13
1451		- </DT><DD>
1452		- Removed 2 error messages.
1453		- </DD><DT>
1454		- Ver.1.5.18 at 2012.2.28
1455		- </DT><DD>
1456		- Modified treatment of overlapped sessions. Fixed bugs.
1457		- </DD><DT>
1458		- Ver.1.5.19 at 2012.3.19
1459		- </DT><DD>
1460		- Added version display (at execution with -v in shell). Added client
1461		- address in INFO log.
1462		- </DD><DT>
1463		- Ver.1.5.20 at 2012.4.6
1464		- </DT><DD>
1465		- Added replacing the parameter redirectedurl in some html files.
1466		- </DD><DT>
1467		- Ver.1.5.21 at 2012.4.11
1468		- </DT><DD>
1469		- Added message to avoid popup blocking in httpkeep page.
1470		- </DD><DT>
1471		- Ver.1.5.22 at 2012.7.17
1472		- </DT><DD>
1473		- Modified a variable name to avoid misunderstanding.
1474		- </DD><DT>
1475		- Ver.1.5.23 at 2012.11.21
1476		- </DT><DD>
1477		- Fixed error at loading httpkeep page.
1478		- </DD><DT>
1479		- Ver.1.5.24 at 2012.11.29
1480		- </DT><DD>
1481		- Modified string at address conversion error in opengatefwd.
1482		- </DD><DT>
1483		- Ver.1.5.25 at 2012.12.14
1484		- </DT><DD>
1485		- Fixed small bugs in http header and parameter[contributed by M.Tagawa].
1486	740	</DD><DT>
1487	741	Ver.1.5.27 at 2013.2.27
1488	742	</DT><DD>

		@@ -1491,11 +745,22 @@ Opengate History</H3>
1491	745	Added udp sending to opengatemd(need to set udp port in conf
1492	746	file).
1493	747	Added dummy html for network connectivity check of iOS.
1494		- </DD><DT>
	748	+ </DD>
	749	+ <DT>
1495	750	Ver.1.5.28 at 2013.3.1
1496	751	</DT><DD>
1497	752	Modified shibboleth setting.
1498	753	</DD>
	754	+ <DT>
	755	+ Ver.1.5.29 at 2013.3.4
	756	+ </DT><DD>
	757	+ Added patterns matching to extra set in conf.
	758	+ </DD>
	759	+ <DT>
	760	+ Ver.1.5.30 at 2013.4.1
	761	+ </DT><DD>
	762	+ Added code to remove cookie at deny [contributed by M.Tagawa].
	763	+ </DD>
1499	764	</DL>
1500	765	<P>
1501	766	<B>Please see CVS on SourceForge.net to check the differences between

--- a/opengate/opengatesrv/comm-auth.c

+++ b/opengate/opengatesrv/comm-auth.c

		@@ -329,6 +329,20 @@ int authPop3(char userid, char passwd)
329	329	return authResult;
330	330	}
331	331
	332	+/*************************
	333	+concatinate userid and extraid
	334	+*************************/
	335	+char* concatUserId(char* useridfull, char* userId, char* extraId){
	336	+
	337	+ /* set full userid */
	338	+ strncpy(useridfull, userId,USERMAXLN);
	339	+ if(!isNull(extraId)){
	340	+ strncat(useridfull, GetConfValue("UserIdSeparator"), USERMAXLN);
	341	+ strncat(useridfull, extraId, USERMAXLN);
	342	+ }
	343	+ return useridfull;
	344	+}
	345	+
332	346	/***************************************/
333	347	/* called at auth reply timeout */
334	348	/***************************************/

		@@ -379,3 +393,12 @@ void SplitId(char* userid, char* useridshort, char* extraId)
379	393	splitId(userid,useridshort,extraId);
380	394	if(debug>1) err_msg("DEBUG:<=splitId(%s,%s,%s)",userid,useridshort,extraId);
381	395	}
	396	+
	397	+char* ConcatUserId(char* useridfull, char* userId, char* extraId)
	398	+{
	399	+ char* ret;
	400	+ if(debug>1) err_msg("DEBUG:=>concatUserId(,%s,%s)",userId,extraId);
	401	+ ret=concatUserId(useridfull, userId, extraId);
	402	+ if(debug>1) err_msg("DEBUG:<=concatUserId(%s,,)",useridfull);
	403	+ return ret;
	404	+}

--- a/opengate/opengatesrv/comm-cgi.c

+++ b/opengate/opengatesrv/comm-cgi.c

		@@ -374,13 +374,23 @@ void putClientDeny(char clientAddr4, char language)
374	374	GetConfValue("OpengateDir"),language,GetConfValue("DenyDoc"));
375	375
376	376	/* replace keyword and send out the file */
377		- printf("Content-type: text/html\r\n\r\n");
	377	+ printf("Content-type: text/html\r\n");
	378	+
	379	+ /* if cookie auth is enabled, delete the cookie */
	380	+ if( (*GetConfValue("EnableCookieAuth")!='0') ){
	381	+ printf("Set-Cookie: %s=;expires=Thu, 01-Jan-1970 00:00:00 GMT;path=/;\r\n", COOKIENAME);
	382	+ }
	383	+
	384	+ /* end of html header */
	385	+ printf("\r\n");
	386	+
	387	+ /* send denydoc content */
378	388	HtmlTemplate(denydoc, keys);
379	389
380	390	return;
381	391	}
382	392	/*********************************************/
383		-/* deny message to the client */
	393	+/* put retry message to the client */
384	394	/*********************************************/
385	395	void putClientRetry(char *language)
386	396	{

		@@ -576,8 +586,9 @@ int isHttpWatchEnableClient(void)
576	586	if(strcmp(getenv("SERVER_PROTOCOL"),"HTTP/1.0")==0) return FALSE;
577	587
578	588	/* some user agent does not support long HTTP Keep-Alive */
	589	+ /* last param 0 means case insensitive */
579	590	if(RegExMatch(getenv("HTTP_USER_AGENT"),
580		- GetConfValue("HttpWatch/SkipAgentPattern"))) return FALSE;
	591	+ GetConfValue("HttpWatch/SkipAgentPattern"),0)) return FALSE;
581	592
582	593	return TRUE;
583	594	}

--- a/opengate/opengatesrv/get-param.c

+++ b/opengate/opengatesrv/get-param.c

		@@ -135,6 +135,10 @@ void closeConfFile(void)
135	135	void setupConfExtra(char * userId,char *extraId)
136	136	{
137	137	ezxml_t xml;
	138	+ char useridfull[USERMAXLN]; /* userid@extraid */
	139	+
	140	+ /* setup long userid (userid@extraid) */
	141	+ ConcatUserId(useridfull, userId, extraId);
138	142
139	143	/* init as no ExtraSet */
140	144	xmlExtraSet=NULL;

		@@ -157,8 +161,30 @@ void setupConfExtra(char * userId,char *extraId)
157	161	/* if userID pattern is exist, check it */
158	162	if(!isNull(ezxml_attr(xml, "UserIdPattern"))){
159	163
160		- /* if not matched, go to next ExtraSet */
161		- if(RegExMatch(userId, ezxml_attr(xml, "UserIdPattern"))==FALSE) continue;
	164	+ /* if not matched, go to next ExtraSet. last-arg 0 means ingore-case */
	165	+ if(RegExMatch(userId,ezxml_attr(xml,"UserIdPattern"),0)==FALSE){
	166	+ continue;
	167	+ }
	168	+ }
	169	+
	170	+ /* if UserExtraPattern is exist, check it */
	171	+ /* UserExtraPattern = REGEX pattern matching to "userid@extraid" */
	172	+ if(!isNull(ezxml_attr(xml, "UserExtraPattern"))){
	173	+
	174	+ /* if not matched, go to next ExtraSet. last-arg 0 means ingore-case */
	175	+ if(RegExMatch(useridfull,ezxml_attr(xml,"UserExtraPattern"),0)==FALSE){
	176	+ continue;
	177	+ }
	178	+ }
	179	+
	180	+ /* if UserExtraPtternNot is exist, check it */
	181	+ /* UserExtraPatternNot = REGEX pattern NOT matching to "userid@extraid" */
	182	+ if(!isNull(ezxml_attr(xml, "UserExtraPatternNot"))){
	183	+
	184	+ /* if matched, go to next ExtraSet. last-arg 0 means ingore-case */
	185	+ if(RegExMatch(useridfull,ezxml_attr(xml,"UserExtraPatternNot"),0)==TRUE){
	186	+ continue;
	187	+ }
162	188	}
163	189
164	190	/* found matched ExtraSet */

		@@ -180,8 +206,9 @@ void setupConfExtra(char * userId,char *extraId)
180	206	/* regular expression matching */
181	207	/* inStr : string to match */
182	208	/* regEx : regular expression */
	209	+/* caseSensitive : 0=ignore case, 1=sensitive */
183	210	/***********************************************/
184		-int regExMatch(const char inStr, const char regEx)
	211	+int regExMatch(const char inStr, const char regEx, int caseSensitive)
185	212	{
186	213	regex_t reg;
187	214	int errcode;

		@@ -189,7 +216,14 @@ int regExMatch(const char inStr, const char regEx)
189	216	char errbuff[WORDMAXLN];
190	217
191	218	/* compile regex */
192		- if((errcode=regcomp(&reg, regEx, REG_NOSUB\|REG_EXTENDED\|REG_ICASE))!=0){
	219	+ if(caseSensitive){
	220	+ errcode=regcomp(&reg, regEx, REG_NOSUB\|REG_EXTENDED);
	221	+ }else{
	222	+ errcode=regcomp(&reg, regEx, REG_NOSUB\|REG_EXTENDED\|REG_ICASE);
	223	+ }
	224	+
	225	+ /* if error, return false */
	226	+ if(errcode!=0){
193	227	regerror(errcode, &reg, errbuff, WORDMAXLN);
194	228	err_msg("ERR at %s#%d: regex message=%s",__FILE__,__LINE__,errbuff);
195	229	match=FALSE;

		@@ -469,10 +503,10 @@ void InitConf(void){
469	503	if(debug>1) err_msg("DEBUG:<=initConf( )");
470	504	}
471	505
472		-int RegExMatch(const char inStr, const char regEx){
	506	+int RegExMatch(const char inStr, const char regEx, int caseSensitive){
473	507	int ret;
474		- if(debug>1) err_msg("DEBUG:=>regExMatch(%s,%s)", inStr, regEx);
475		- ret=regExMatch(inStr, regEx);
	508	+ if(debug>1) err_msg("DEBUG:=>regExMatch(%s,%s)",inStr,regEx,caseSensitive);
	509	+ ret=regExMatch(inStr, regEx,caseSensitive);
476	510	if(debug>1) err_msg("DEBUG:(%d)<=regExMatch( )",ret);
477	511	return ret;
478	512	}

--- a/opengate/opengatesrv/opengatesrv.h

+++ b/opengate/opengatesrv/opengatesrv.h

		@@ -116,6 +116,7 @@ extern int debug;
116	116	/********prototypes*************************************/
117	117	/* authentication */
118	118	int AuthenticateUser(char userid, char password);
	119	+char* ConcatUserId(char* useridfull, char* userId, char* extraId);
119	120
120	121	/* firewall control */
121	122	int OpenClientGate4(char clientAddr4, char userid, char macAddr4, char userProperty);

		@@ -237,7 +238,7 @@ void SetupConfExtra(char userId, char extraId);
237	238	char GetConfValue(char name);
238	239	int SelectNextAuthServer(void);
239	240	void InitConf();
240		-int RegExMatch(const char inStr, const char regEx);
	241	+int RegExMatch(const char inStr, const char regEx, int caseSensitive);
241	242	void ResetAuthServerPointer(void);
242	243
243	244	/* ctrl-alarms.c */

opengate Fork