Opengate Source Repository
Révision | b909783a6ecf8aa1bf8d95334efb889d95943ead (tree) |
---|---|
l'heure | 2013-06-26 13:17:22 |
Auteur | watanaby <watanaby@user...> |
Commiter | watanaby |
Modified code for auth recheck when extraset exists
@@ -761,6 +761,11 @@ Opengate History</H3> | ||
761 | 761 | </DT><DD> |
762 | 762 | Added code to remove cookie at deny [contributed by M.Tagawa]. |
763 | 763 | </DD> |
764 | + <DT> | |
765 | + Ver.1.5.31 at 2013.6.26 | |
766 | + </DT><DD> | |
767 | + Modified code for authentication recheck when extraset exists. | |
768 | + </DD> | |
764 | 769 | </DL> |
765 | 770 | <P> |
766 | 771 | <B>Please see CVS on SourceForge.net to check the differences between |
@@ -1,212 +1,212 @@ | ||
1 | -<html> | |
2 | -<head> | |
3 | -<title>Opengate Q & A</title> | |
4 | -</head> | |
5 | - | |
6 | - | |
7 | -<body bgcolor=#fafff0> | |
8 | - | |
9 | -<H3>Opengate Q & A</H3> | |
10 | - | |
11 | -Concept | |
12 | -<UL> | |
13 | -<LI> | |
14 | -Why is the authentication needed? | |
15 | - | |
16 | -<BLOCKQUOTE> | |
17 | -There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network | |
18 | -</BLOCKQUOTE> | |
19 | - | |
20 | -<LI>Why don't you use the authentication function inherent in the terminal? | |
21 | - | |
22 | -<BLOCKQUOTE> | |
23 | -Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC. | |
24 | -</BLOCKQUOTE> | |
25 | - | |
26 | -<LI> | |
27 | -Why do you try to authenticate at client site? Is the authentication at server site essential? | |
28 | - | |
29 | -<BLOCKQUOTE> | |
30 | -Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required. | |
31 | -</BLOCKQUOTE> | |
32 | - | |
33 | -<LI> | |
34 | -Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software. | |
35 | - | |
36 | -<BLOCKQUOTE> | |
37 | -It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control. | |
38 | -</BLOCKQUOTE> | |
39 | - | |
40 | -<LI> | |
41 | -Why don't you use the log obtained at gateway or firewall? | |
42 | - | |
43 | -<BLOCKQUOTE> | |
44 | -The log does not include user identification. | |
45 | -</BLOCKQUOTE> | |
46 | - | |
47 | -<LI> | |
48 | -What is the merit compared with the identification by MAC address. | |
49 | - | |
50 | -<BLOCKQUOTE> | |
51 | -The cost might be large to maitain the matching between user and MAC | |
52 | -address. <br> As a supplement system for Opengate, we released a MAC | |
53 | -address based user authentication system OpengateM, in which we take some | |
54 | -measures about MAC address registration/updating cost, router | |
55 | -insertion, and MAC address spoofing. </BLOCKQUOTE> | |
56 | - | |
57 | -<LI> | |
58 | -What is the merit compared with various authentication systems for network usage proposed recently. | |
59 | -<BLOCKQUOTE> | |
60 | -The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. IPv4/IPv6 dual stack support. | |
61 | -</BLOCKQUOTE> | |
62 | - | |
63 | -<LI> | |
64 | -Is there any other application of the system? | |
65 | -<BLOCKQUOTE> | |
66 | -For example, it might be used as the gateway from intra-net to extra-net or the contrary. | |
67 | -</BLOCKQUOTE> | |
68 | - | |
69 | -<LI> | |
70 | -What to do for No Java terminals? | |
71 | -<BLOCKQUOTE> | |
72 | -The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page. | |
73 | -From Version 1.4, JavaScript is used instead of Java. | |
74 | -</BLOCKQUOTE></LI> | |
75 | - | |
76 | - | |
77 | -</UL> | |
78 | - | |
79 | - | |
80 | -Usage | |
81 | -<UL> | |
82 | -<LI> | |
83 | -Is the system compatible with wireless LAN? | |
84 | - | |
85 | -<BLOCKQUOTE> | |
86 | -Yes. But do not use the host station having NAT. | |
87 | -</BLOCKQUOTE> | |
88 | - | |
89 | -<LI> | |
90 | -Can the system coexists with NAT or DHCP. | |
91 | - | |
92 | -<BLOCKQUOTE> | |
93 | -Yes. But do not insert NAT between the server and client. | |
94 | -</BLOCKQUOTE> | |
95 | - | |
96 | -<LI> | |
97 | -Can the MAC address be obtained? | |
98 | -<BLOCKQUOTE> | |
99 | -Yes. But the address is restricted to the one aquired from server on ethernet. | |
100 | -</BLOCKQUOTE> | |
101 | - | |
102 | -<LI> | |
103 | -I want to supply some services without authentication, or I do not want to supply some services even after authentication. | |
104 | - | |
105 | -<BLOCKQUOTE> | |
106 | -The both can be realized by firewall rule set. | |
107 | -</BLOCKQUOTE> | |
108 | - | |
109 | -<LI> | |
110 | -I want to separate the commission range by the user rank. | |
111 | - | |
112 | -<BLOCKQUOTE> | |
113 | -Use ExrtaSet in configuration file. The paremeter in ExtraSet overrides the default setting, if ExtraSet attribute is matched. | |
114 | -Or enable perl script to open firewall and edit the script. | |
115 | -</BLOCKQUOTE> | |
116 | - | |
117 | -<LI> | |
118 | -I want manage temporal users. | |
119 | - | |
120 | -<BLOCKQUOTE> | |
121 | -It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it. | |
122 | -</BLOCKQUOTE> | |
123 | - | |
124 | -<LI> | |
125 | -Can the password secret be maintained? | |
126 | - | |
127 | -<BLOCKQUOTE> | |
128 | -Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, ftps, radius, and pam(which supports many secure protocols). | |
129 | -</BLOCKQUOTE> | |
130 | - | |
131 | -<LI> | |
132 | -How are the scalability and performance? | |
133 | - | |
134 | -<BLOCKQUOTE> | |
135 | -We are using the system in environments including active 50 or above terminals. | |
136 | -</BLOCKQUOTE></LI> | |
137 | - | |
138 | -<LI> | |
139 | -Can I use protocols other than Web? | |
140 | -<BLOCKQUOTE> | |
141 | -Yes. You should authenticate by Web browser, and stay it on desktop (can iconize). Other protocols than Web can also be used until the browser is closed. If you insert firewall rules previous to opengate rules, any protocols can be fixed to deny or allow mode. | |
142 | -</BLOCKQUOTE></LI> | |
143 | -<LI> | |
144 | -Can I view the usage of many terminals. | |
145 | -<BLOCKQUOTE> | |
146 | -Log is stored in /var/log/opengate.log via syslog. A terminal is watched by a process. By entering 'ps -axww | grep opengate', you can view process id, userid, IP address, and firewall rule number corresponding to every process. If you kill a opengate process, corresponding firewall rules are removed. The firewall rules are shown by 'ipfw list' or 'ip6fw list'. | |
147 | -</BLOCKQUOTE></LI> | |
148 | -</UL> | |
149 | -Installation and Development | |
150 | -<UL> | |
151 | -<LI> | |
152 | -I meet bugs on installation. | |
153 | - | |
154 | -<BLOCKQUOTE> | |
155 | -See other document. | |
156 | -</BLOCKQUOTE> | |
157 | - | |
158 | -<LI> | |
159 | -Am I permited to use, modify or distribute the program? | |
160 | - | |
161 | -<BLOCKQUOTE> | |
162 | -Yes it is permitted under GPL. | |
163 | -</BLOCKQUOTE> | |
164 | - | |
165 | -<LI> | |
166 | -Can I modify the web page design. | |
167 | - | |
168 | -<BLOCKQUOTE> | |
169 | -As the web pages are described in html files, it is easy to modify the design. | |
170 | -</BLOCKQUOTE> | |
171 | - | |
172 | -<LI> | |
173 | -Can I display web pages with other language. | |
174 | - | |
175 | -<BLOCKQUOTE> | |
176 | -Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. | |
177 | -</BLOCKQUOTE> | |
178 | - | |
179 | -<LI> | |
180 | -Can I avoid atacks such as IP spoofing or DoS(Denial of Service)? | |
181 | - | |
182 | -<BLOCKQUOTE> | |
183 | -IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system. | |
184 | -</BLOCKQUOTE> | |
185 | - | |
186 | - | |
187 | -<LI> | |
188 | -Can the server run on other OSs than FreeBSD. | |
189 | - | |
190 | -<BLOCKQUOTE> | |
191 | -No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf. | |
192 | -</BLOCKQUOTE> | |
193 | - | |
194 | -<LI> | |
195 | -It is not smart that many processes resident. Can these be integrated to one process? | |
196 | - | |
197 | -<BLOCKQUOTE> | |
198 | -Yes. But in the present version, we take priority on simplicity of program. | |
199 | -</BLOCKQUOTE> | |
200 | - | |
201 | - | |
202 | -<LI> | |
203 | -Is the system compatible with IPv6? | |
204 | - | |
205 | -<BLOCKQUOTE> | |
206 | - | |
207 | -Yes. IPv6 support is added in Version 1.2.0. | |
208 | -</BLOCKQUOTE></LI> | |
209 | - | |
210 | -</UL> | |
211 | -</body> | |
212 | -</HTML> | |
1 | +<html> | |
2 | +<head> | |
3 | +<title>Opengate Q & A</title> | |
4 | +</head> | |
5 | + | |
6 | + | |
7 | +<body bgcolor=#fafff0> | |
8 | + | |
9 | +<H3>Opengate Q & A</H3> | |
10 | + | |
11 | +Concept | |
12 | +<UL> | |
13 | +<LI> | |
14 | +Why is the authentication needed? | |
15 | + | |
16 | +<BLOCKQUOTE> | |
17 | +There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network | |
18 | +</BLOCKQUOTE> | |
19 | + | |
20 | +<LI>Why don't you use the authentication function inherent in the terminal? | |
21 | + | |
22 | +<BLOCKQUOTE> | |
23 | +Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC. | |
24 | +</BLOCKQUOTE> | |
25 | + | |
26 | +<LI> | |
27 | +Why do you try to authenticate at client site? Is the authentication at server site essential? | |
28 | + | |
29 | +<BLOCKQUOTE> | |
30 | +Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required. | |
31 | +</BLOCKQUOTE> | |
32 | + | |
33 | +<LI> | |
34 | +Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software. | |
35 | + | |
36 | +<BLOCKQUOTE> | |
37 | +It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control. | |
38 | +</BLOCKQUOTE> | |
39 | + | |
40 | +<LI> | |
41 | +Why don't you use the log obtained at gateway or firewall? | |
42 | + | |
43 | +<BLOCKQUOTE> | |
44 | +The log does not include user identification. | |
45 | +</BLOCKQUOTE> | |
46 | + | |
47 | +<LI> | |
48 | +What is the merit compared with the identification by MAC address. | |
49 | + | |
50 | +<BLOCKQUOTE> | |
51 | +The cost might be large to maitain the matching between user and MAC | |
52 | +address. <br> As a supplement system for Opengate, we released a MAC | |
53 | +address based user authentication system OpengateM, in which we take some | |
54 | +measures about MAC address registration/updating cost, router | |
55 | +insertion, and MAC address spoofing. </BLOCKQUOTE> | |
56 | + | |
57 | +<LI> | |
58 | +What is the merit compared with various authentication systems for network usage proposed recently. | |
59 | +<BLOCKQUOTE> | |
60 | +The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. IPv4/IPv6 dual stack support. | |
61 | +</BLOCKQUOTE> | |
62 | + | |
63 | +<LI> | |
64 | +Is there any other application of the system? | |
65 | +<BLOCKQUOTE> | |
66 | +For example, it might be used as the gateway from intra-net to extra-net or the contrary. | |
67 | +</BLOCKQUOTE> | |
68 | + | |
69 | +<LI> | |
70 | +What to do for No Java terminals? | |
71 | +<BLOCKQUOTE> | |
72 | +The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page. | |
73 | +From Version 1.4, JavaScript is used instead of Java. | |
74 | +</BLOCKQUOTE></LI> | |
75 | + | |
76 | + | |
77 | +</UL> | |
78 | + | |
79 | + | |
80 | +Usage | |
81 | +<UL> | |
82 | +<LI> | |
83 | +Is the system compatible with wireless LAN? | |
84 | + | |
85 | +<BLOCKQUOTE> | |
86 | +Yes. But do not use the host station having NAT. | |
87 | +</BLOCKQUOTE> | |
88 | + | |
89 | +<LI> | |
90 | +Can the system coexists with NAT or DHCP. | |
91 | + | |
92 | +<BLOCKQUOTE> | |
93 | +Yes. But do not insert NAT between the server and client. | |
94 | +</BLOCKQUOTE> | |
95 | + | |
96 | +<LI> | |
97 | +Can the MAC address be obtained? | |
98 | +<BLOCKQUOTE> | |
99 | +Yes. But the address is restricted to the one aquired from server on ethernet. | |
100 | +</BLOCKQUOTE> | |
101 | + | |
102 | +<LI> | |
103 | +I want to supply some services without authentication, or I do not want to supply some services even after authentication. | |
104 | + | |
105 | +<BLOCKQUOTE> | |
106 | +The both can be realized by firewall rule set. | |
107 | +</BLOCKQUOTE> | |
108 | + | |
109 | +<LI> | |
110 | +I want to separate the commission range by the user rank. | |
111 | + | |
112 | +<BLOCKQUOTE> | |
113 | +Use ExrtaSet in configuration file. The paremeter in ExtraSet overrides the default setting, if ExtraSet attribute is matched. | |
114 | +Or enable perl script to open firewall and edit the script. | |
115 | +</BLOCKQUOTE> | |
116 | + | |
117 | +<LI> | |
118 | +I want manage temporal users. | |
119 | + | |
120 | +<BLOCKQUOTE> | |
121 | +It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it. | |
122 | +</BLOCKQUOTE> | |
123 | + | |
124 | +<LI> | |
125 | +Can the password secret be maintained? | |
126 | + | |
127 | +<BLOCKQUOTE> | |
128 | +Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, ftps, radius, and pam(which supports many secure protocols). | |
129 | +</BLOCKQUOTE> | |
130 | + | |
131 | +<LI> | |
132 | +How are the scalability and performance? | |
133 | + | |
134 | +<BLOCKQUOTE> | |
135 | +We are using the system in environments including active 50 or above terminals. | |
136 | +</BLOCKQUOTE></LI> | |
137 | + | |
138 | +<LI> | |
139 | +Can I use protocols other than Web? | |
140 | +<BLOCKQUOTE> | |
141 | +Yes. You should authenticate by Web browser, and stay it on desktop (can iconize). Other protocols than Web can also be used until the browser is closed. If you insert firewall rules previous to opengate rules, any protocols can be fixed to deny or allow mode. | |
142 | +</BLOCKQUOTE></LI> | |
143 | +<LI> | |
144 | +Can I view the usage of many terminals. | |
145 | +<BLOCKQUOTE> | |
146 | +Log is stored in /var/log/opengate.log via syslog. A terminal is watched by a process. By entering 'ps -axww | grep opengate', you can view process id, userid, IP address, and firewall rule number corresponding to every process. If you kill a opengate process, corresponding firewall rules are removed. The firewall rules are shown by 'ipfw list' or 'ip6fw list'. | |
147 | +</BLOCKQUOTE></LI> | |
148 | +</UL> | |
149 | +Installation and Development | |
150 | +<UL> | |
151 | +<LI> | |
152 | +I meet bugs on installation. | |
153 | + | |
154 | +<BLOCKQUOTE> | |
155 | +See other document. | |
156 | +</BLOCKQUOTE> | |
157 | + | |
158 | +<LI> | |
159 | +Am I permited to use, modify or distribute the program? | |
160 | + | |
161 | +<BLOCKQUOTE> | |
162 | +Yes it is permitted under GPL. | |
163 | +</BLOCKQUOTE> | |
164 | + | |
165 | +<LI> | |
166 | +Can I modify the web page design. | |
167 | + | |
168 | +<BLOCKQUOTE> | |
169 | +As the web pages are described in html files, it is easy to modify the design. | |
170 | +</BLOCKQUOTE> | |
171 | + | |
172 | +<LI> | |
173 | +Can I display web pages with other language. | |
174 | + | |
175 | +<BLOCKQUOTE> | |
176 | +Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. | |
177 | +</BLOCKQUOTE> | |
178 | + | |
179 | +<LI> | |
180 | +Can I avoid atacks such as IP spoofing or DoS(Denial of Service)? | |
181 | + | |
182 | +<BLOCKQUOTE> | |
183 | +IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system. | |
184 | +</BLOCKQUOTE> | |
185 | + | |
186 | + | |
187 | +<LI> | |
188 | +Can the server run on other OSs than FreeBSD. | |
189 | + | |
190 | +<BLOCKQUOTE> | |
191 | +No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf. | |
192 | +</BLOCKQUOTE> | |
193 | + | |
194 | +<LI> | |
195 | +It is not smart that many processes resident. Can these be integrated to one process? | |
196 | + | |
197 | +<BLOCKQUOTE> | |
198 | +Yes. But in the present version, we take priority on simplicity of program. | |
199 | +</BLOCKQUOTE> | |
200 | + | |
201 | + | |
202 | +<LI> | |
203 | +Is the system compatible with IPv6? | |
204 | + | |
205 | +<BLOCKQUOTE> | |
206 | + | |
207 | +Yes. IPv6 support is added in Version 1.2.0. | |
208 | +</BLOCKQUOTE></LI> | |
209 | + | |
210 | +</UL> | |
211 | +</body> | |
212 | +</HTML> |
@@ -1,215 +1,215 @@ | ||
1 | -<html LANG="jp"> | |
2 | -<head> | |
3 | -<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS"> | |
4 | - | |
5 | -<title>Opengate Q & A</title> | |
6 | -</head> | |
7 | - | |
8 | - | |
9 | -<body bgcolor=#fafff0> | |
10 | - | |
11 | -<H3>Opengate Q & A</H3> | |
12 | - | |
13 | -Ó` | |
14 | -<UL> | |
15 | -<LI> | |
16 | -»à»à½ÌFØÈǪKvÈÌÅ·©BNÅàlbg[Nªg¦ÄÇ¢ÅÍȢŷ©B | |
17 | - | |
18 | -<BLOCKQUOTE> | |
19 | -elbg[NÍA»ÌÝuï|ÆoïSÉ]Á½pªßçêÜ·BµÄ©RpªOñÅÍ èܹñB³çÉAC^[lbgãÅÍAîæâ¼\As³A^bN̽ÐïIs®ª¶µÄ¢Ü·BgDƵÄÍ»Ìæ¤Ès®ð\¬õÉN±µÄ~µ èܹñBe©ªÓCðÁÄs®µÄ¢½¾½ßÌêÂÌû@ƵÄ{VXeª èÜ·B | |
20 | -</BLOCKQUOTE> | |
21 | - | |
22 | -<LI> | |
23 | -[ÌOSÉt·éFØðp·éÌÅÍ_ÈÌÅ·©B | |
24 | - | |
25 | -<BLOCKQUOTE> | |
26 | -êµ½PC«Ì\zÆÛªÂ\ÈVXeÌêÉÍA[OSÌFØVXeðpµ½ûªÇ¢Æv¢Ü·Bµ©µsÁ轪sÁè@íðÚ±·éæ¤È«ÅÍ@\µÜ¹ñB | |
27 | -</BLOCKQUOTE> | |
28 | - | |
29 | -<LI> | |
30 | -ANZX³êé¤ÌT[oªe©ÅíQðó¯È¢æ¤ÉAFػ̼ÌZL eBÛðs¤±Æª{ÅÍȢŷ©B | |
31 | - | |
32 | -<BLOCKQUOTE> | |
33 | -»êàKvŵå¤Bµ©µåwÌæ¤É½Ì½lÈlÔªärI©RÉpÅ«élbg[N«ðñµÄ¢égDÅÍAOÉεÄlXÈguðN±µêîªñ¹çêéÂ\«ªÈèÜ·B»ÌÓCÍgu´öðìÁ½{lÉæÁÄ¢½¾Kvª èÜ·BܽAlbg[NpÉÍA»ÌÚIÉÁ½pÒ̧Àª é±ÆªÊí¾Æv¢Ü·BæÁÄANZX·é¤ÅÌFØàKvÆl¦Ü·B | |
34 | -</BLOCKQUOTE> | |
35 | - | |
36 | -<LI> | |
37 | - | |
38 | -½ÌAöJÅè[ÆîñRZg̼ûðÎÛÆ·éKvª éÌÅ·©BöJÅè[Í[OSÌFتÂ\ÅÍȢŷ©B | |
39 | - | |
40 | -<BLOCKQUOTE> | |
41 | -SÄÌöJÅè[ðlbg[NÇåªêIÉzuµA»Ìn[hEFAðs³ì©ççêéóµªÂ\Å êλêÅàÇ¢Æv¢Ü·Bµ©µ»ÀIÉÍgUµ½öJêÖ½zu·é±Æª½AlXȢ諸¢Ü·BܽùÉzu³ê½FØ@\̳¢[âs\ªÈǺÌ[ª½ èÜ·B±êçÉàηéKvª èÜ·B | |
42 | -</BLOCKQUOTE> | |
43 | - | |
44 | -<LI> | |
45 | -[^ât@CAEI[AÊß_ÅÌL^æ¾ÅÍ¢¯È¢ÌÅ·©B | |
46 | -<BLOCKQUOTE> | |
47 | -±ÌL^ÅÍIPAhXͪ©èÜ·Bµ©µsÁ轪oüè·éêÌêÍNªpµ½Ì©ª©èܹñBpÒªÁèÅ«é®ÌêͱÌæ¤ÈL^ÅàǢŵå¤B | |
48 | -</BLOCKQUOTE> | |
49 | - | |
50 | -<LI> | |
51 | -MACAhXÅÂl¯Êð·éû®à éæ¤Å·ªB | |
52 | -<BLOCKQUOTE> | |
53 | -OpengateÍÂl¯Êð[UIDÆpX[hÅsÁĢܷB±ÌFØüÍÌãíèÉMACAhXðg¤±ÆÍÂ\ŵå¤B<BR> | |
54 | -µ©µMACAhXðp·éû®ÍAMACAhXÆ»ÌLÒÆÌÖWðOàÁÄo^·éKvª èÜ·Bܽ@í÷nEpüÌÛÉo^ÁA@íXVÌÛÉo^XVðs¤Kvª èÜ·ªApÒÉo^Áðãs³¹éÌÍïµ¢ÆvíêÜ·B±êçÌ^pãÌâè_ððµÈ¯êÎÈèܹñBܽMACAhXÍC[TlbgÚ±[ÌÝɶݷé_A[^ð´¦Ä`íçÈ¢_AUªÂ\Å é_ÈÇàï_ƾ¦Ü·B<BR> | |
55 | -ÇLFOpengateÌpª¢ïÈ[ÉεÄAMACAhXÅÂl¯Ê·éOpengateâ®FØVXeOpengateMðöJµÜµ½B±ÌVXeÅÍAMACAhXo^^XV^[^}ü^UÉ¢ÄêèÌl¶ðsÁĢܷB | |
56 | -</BLOCKQUOTE> | |
57 | - | |
58 | -<LI> | |
59 | -ÅßA³Ü´ÜÈlbg[NFØVXeª\³êÄ¢éæ¤Å·ªB | |
60 | -<BLOCKQUOTE> | |
61 | -OpengateÍȺÌ_ð½µÄ¢é_ªÁ¥Æl¦Ü·B[Éηé\tgAn[hAÝu`ÔAÚ±û@ÈÇ̧ÀªÈ¢BpÒÌw±âǪŬÀÅÏÞBêÊIÈ\tg/n[hÅ\¬³êĨèAù¶lbg[NÖ̱üªeÕÅ éBpJn/I¹É۵ĦÀÉlbg[NÌJú/½ªsíêéBIPv4ÆIPv6̼ûÌÊMð¯ÉJú½ūé±ÆB | |
62 | -</BLOCKQUOTE> | |
63 | - | |
64 | -<LI> | |
65 | -¼ÌprÉÍpÅ«Ü·©B | |
66 | -<BLOCKQUOTE> | |
67 | -{VXeÍA[UIDÆpX[hðWeboRÅó¯t¯A»ÌIPAhXÆÌpPbgÌÊßð·éVXeÅ·B»ÌggÝÌ«ŠêÎpÅ«éÆv¢Ü·Bá¦ÎAGNXglbg©çCglbgÉεÄANZX·é½ßÌoCpXûðÝu·é±ÆÉàpÅ«éŵå¤BRȪçÉßÄxÈZL eBxðKvÆ·élbg[NÅÈ¢êÅ·ªB | |
68 | -</BLOCKQUOTE> | |
69 | - | |
70 | -<LI> | |
71 | -Javaª®©È¢[à èÜ·ªB | |
72 | -<BLOCKQUOTE> | |
73 | -Javaª®©È¢àµÍCXg[³êĢȢ[ÅàApÒªFØy[Wɨ¢Ävµ½Ú±p±Ô¾¯lbg[NðJúµÜ·B½¾µAæÁæèâúuÉηé½ßAêèÔÔuÅAARPR}hÆt@CAEH[ÊßpPbgÅ`FbNµÜ·BܽAÂy[WÌpfÌNðNbN·é±ÆÅlbg[Nð½ūܷB1.4Å©çJavaðp¢¸JavaScriptðp¢éæ¤ÉµÜµ½B | |
74 | -</BLOCKQUOTE></LI> | |
75 | - | |
76 | - | |
77 | -</UL> | |
78 | - | |
79 | - | |
80 | -p | |
81 | -<UL> | |
82 | -<LI> | |
83 | -³üLANÅg¦Ü·©B | |
84 | - | |
85 | -<BLOCKQUOTE> | |
86 | -g¦Ü·B½¾µAeÇàÅNATÉæéIPAhXÏ·ªÈ³êĢȢ±ÆªKvÅ·B | |
87 | -</BLOCKQUOTE> | |
88 | - | |
89 | -<LI> | |
90 | -DHCPâNATÆ̤pÍÅ«Ü·©B | |
91 | - | |
92 | -<BLOCKQUOTE> | |
93 | -Å«Ü·B»Ìæ¤Èg¢ûª½¢Æv¢Ü·B½¾µNATͯêQ[gEFC}VãÅ®©·êÅ·B{Q[gEFCÆ[QÆÌÔÉNATuð²Þ±ÆÍūܹñB¯¶IPAhXð½lªgp·é`ÉÈé½ßÅ·B | |
94 | -</BLOCKQUOTE> | |
95 | - | |
96 | -<LI> | |
97 | -MACAhXÍæ¾Å«Ü·©B | |
98 | -<BLOCKQUOTE> | |
99 | -Ver0.53ÉÄεܵ½B½¾µAT[o¤ÅARP©çæ¾·é½ßAT[o¤©ç©¦éAhXÌÝÅ·BãARPª éÆ»ÌpAhXÆÈèÜ·BܽARȪçAC[TlbgÅÌÝLøÅ·B | |
100 | -</BLOCKQUOTE> | |
101 | - | |
102 | -<LI> | |
103 | -êÌT[rXÍFسµÉµ½¢ÌÅ·ªBàµÍFØãàêÌT[rXð§Àµ½¢ÌÅ·ªB | |
104 | - | |
105 | -<BLOCKQUOTE> | |
106 | -úóÔÌt@CAEI[[ÉKvÈàÌðÇÁ·êÎÂ\Å·BOpengateͱÌúóÔÉ[ð}üEíµÜ·BæÁÄAÇÁÊuðHv·êÎlXȧäªÂ\Å·Bá¦ÎAÁèÌTCgðANZXÂàµÍsÂÉÅè·é±ÆàÅ«Ü·B | |
107 | -</BLOCKQUOTE> | |
108 | - | |
109 | -<LI> | |
110 | -pÒÌxÉæÁÄT[rXð§Àµ½¢ÌÅ·ªB | |
111 | - | |
112 | -<BLOCKQUOTE> | |
113 | -Ýèt@Cɨ¢ÄExtraSetÌÝèðµÄ¾³¢BExtraSetÌðɤ[UÍExtraSetÅwèµ½Ýèlð㫵ܷB | |
114 | -ܽÍPerlXNvgÌgpðLøɵÄAXNvgŧ侳¢B | |
115 | -</BLOCKQUOTE> | |
116 | - | |
117 | -<LI> | |
118 | -êIpÒÖÌÎÍǤµÜ·©B | |
119 | - | |
120 | -<BLOCKQUOTE> | |
121 | -FØT[oÖÌêIÈpÒo^ªKvÅ·BOpengateÍA¡ÌFØT[oÉ[UðU誯éæ¤ÉwèÅ«Ü·ÌÅAÊrÉêpÒ̽ßÌFØT[oðÝu·é±ÆàÅ«Ü·BftpT[oª®¯ÎÇ¢ÌÅWindowsÈÇÌÈÕT[oÅàÂ\Æl¦Ü·B | |
122 | -<BR> | |
123 | -åwÅÍA»ÝÌƱëA}ÙOpÒâwïQÁÒÈÇÌêIpÒÉεÄȺÌ^pðsÁĢܷBêpÒpÌFØT[oðpÓ·éBKvÌpÒIDðpúÀt«Åo^µA¯ÉpÒIDÆpX[h¨æÑpãÌÓð¢½pðpÒIDÉóü·éBpó]ÒªK·êÎAg³ðmFµÄpð1n·BRȪç{pÒIDÍwàÌT[oÖÌOCÉÍpūܹñB | |
124 | -</BLOCKQUOTE> | |
125 | - | |
126 | -<LI> | |
127 | -pX[hÌçéÍÛÄÜ·©B | |
128 | - | |
129 | -<BLOCKQUOTE> | |
130 | -[ÆQ[gEFCÔÍWebÊMÅpX[hðèÜ·BæÁÄWebT[oðSSL»·êÎçéªÛÄÜ·BQ[gEFCÆFØT[oÌÔÍAçé@\Ì éFØvgRÉæêÎÂ\Å·BOpengateÍApop3s,ftps,Radius,PAMÉεĢܷBPAMͽÌFØvgRðT|[gµÜ·B | |
131 | -</BLOCKQUOTE> | |
132 | - | |
133 | -<LI> | |
134 | -XP[reBÍǤŷ©BptH[}XÍǤŷ©B | |
135 | - | |
136 | -<BLOCKQUOTE> | |
137 | -\äÌgpÅÍâè³g¦Ä¢Ü·BNXCöxÌpÍÅ«éÆv¢Ü·B{VXeÍAt@CAEI[\tgÌpPbgtB^OK¥ðÇÁEí·éû®Å èAeNCAg©çÌpJnvðÊÉ·êÎwÇ×ÆÈèܹñBpÌptH[}XÍApPbgtB^OâpPbg]Ì\ÍÉ˶·éÆv¢Ü·BȨÊIȧÀƵÄÍApNCAgÉPvZXªí·é±Æª èÜ·Bµ©µvZXÌÅålÍJ[lŲ®Å«Ü·µANXCöxɪµÄVXe^p·éûªQ[gEFCɨ¯épPbgtB^OÌ\Í©ç·éÆ»ÀIŵå¤B | |
138 | -</BLOCKQUOTE></LI> | |
139 | - | |
140 | -<LI> | |
141 | -WebÈOÌpÉÍεܷ©B | |
142 | -<BLOCKQUOTE> | |
143 | -ܸWebuEUÅFØðó¯ÄA»ÌuEUðŬ»µÄ©çg¢Ü·BȨAt@CAEH[[Xgɨ¢ÄAOpengateª}ü·é[ÔæèOÉ[ðÝè·êÎAêvgRÉηé³ðÛâ³ðÂàÝèÂ\Å·B | |
144 | -</BLOCKQUOTE></LI> | |
145 | - | |
146 | -<LI> | |
147 | -[ÌÚ±óµð²×é±ÆÍÅ«Ü·©B | |
148 | -<BLOCKQUOTE> | |
149 | -JúƽÌðÍAsyslogoRÅ/var/log/opengate.logÉÛ¶³êÜ·B[²ÆÉêÂÌvZXÅĵĨèA»ÝÚ±Ì[óµÍAups -axww | grep opengatevÅ©é±ÆªoÜ·B±ÌPSR}hÍvZXIDA[UIDAIPAhXAt@CAEH[[Ôð\¦µÜ·BàµA éOpengateÌvZXðkill·êÎAÎt@CAEH[[àí³êÜ·Bt@CAEH[ÌJúóµÍuipfw listvÆuip6fw listvÅ©é±ÆªoÜ·B | |
150 | -</BLOCKQUOTE></LI> | |
151 | - | |
152 | -</UL> | |
153 | -±üEJ | |
154 | -<UL> | |
155 | -<LI> | |
156 | -CXg[µ½ª®«Ü¹ñB | |
157 | - | |
158 | -<BLOCKQUOTE> | |
159 | -½Ì\tgEFAÌîð·éVXeÅ·ÌÅfobOÍÊ|¾Æv¢Ü·BÊrÉpÓµ½`FbNÚLqÌt@Cð©Ä¾³¢B | |
160 | -</BLOCKQUOTE> | |
161 | - | |
162 | -<LI> | |
163 | -pEüÏEzzÍÂ\Å·©B | |
164 | - | |
165 | -<BLOCKQUOTE> | |
166 | -GPLºÅÂ\Å·B¡ãÌJ̽ßÉAJÒÜÅA¸¯êÎK¢Å·BoOEv]EüÏñð½}µÜ·B | |
167 | -</BLOCKQUOTE> | |
168 | - | |
169 | -<LI> | |
170 | -FØWeby[WÌfUCðϦ½¢ÌÅ·ªB | |
171 | - | |
172 | -<BLOCKQUOTE> | |
173 | -eWeby[WÍHTMLt@CƵÄƧµÄ¢Ü·B±ê𫩦é±ÆÅÈPÉÅ«Ü·B | |
174 | -</BLOCKQUOTE> | |
175 | - | |
176 | -<LI> | |
177 | -pêAú{êÈOÌ\¦Éµ½¢ÌÅ·ªB | |
178 | - | |
179 | -<BLOCKQUOTE> | |
180 | -en,jaÌfBNgªApêÆú{êÌLqÅ·B±êðQlɵį¶fBNg\¬ÅHTMLt@Cð쬵ľ³¢B³çÉAÝèt@C̾êÝèÆindex.html.varðÇÁÏXµÄ¾³¢B | |
181 | -</BLOCKQUOTE> | |
182 | - | |
183 | -<LI> | |
184 | -IPAhXÉæèèðmFµÄ¢éæ¤Å·ªAIPXv[tBOÍâèÅÍȢŷ©BܽT[rXWQUÉÍÎÅ«Ü·©B»Ì¼ÌA^bNÉεÄÍǤŷ©B | |
185 | - | |
186 | -<BLOCKQUOTE> | |
187 | -IPXv[tBOÍt@CAEI[ÌûÌÝèÅð¯çêéÆv¢Ü·BܽOpengateÍA³µ¢pX[hðÁÄ«½AhXÉεÄðJ¯éÌÅAIPAhXðUÁÄà Üè¾ÉÍÈèܹñB¼ªFØðó¯ÄgÁĢ鯶IPAhXð¼ÌµÄpPbg𬷱ÆÍÂ\ŵ太A»ÀIÈpÍïµ¢ÆvÁĢܷBT[rXWQÉ¢ÄÍAeIPAhXÉεÄÆ©Ì|[gÔðêÂè¯ðM·é`ÔÅ·ÌÅð¯çêéÆv¢Ü·BWQð®SÉ·é±ÆÍﵢŷªAZL eBz[ª ê⳦º³¢B«ÓðÁ½pÉεÄÍAÎôƵÄl¦çêÄ¢é@\ÈÇðgÝí¹é±ÆàÂ\Å ë¤Æv¢Ü·B | |
188 | -</BLOCKQUOTE> | |
189 | - | |
190 | - | |
191 | -<LI> | |
192 | -T[oÍFreeBSDÈOÅ®«Ü·©B | |
193 | - | |
194 | -<BLOCKQUOTE> | |
195 | -»óÅÍAFreeBSDêpÌt@CAEI[c[ipfwðpµÄ¢éÌÅA¼ÌOSÅÍ®«Ü¹ñB¯Ì@\ðÂt@CAEI[c[ª êÎAηéæ¤É«©¦é±ÆÍÂ\Å·Bá¦ÎLinuxÌipchainsÉ«·¦é±ÆÍÂ\Å·B | |
196 | -</BLOCKQUOTE> | |
197 | - | |
198 | -<LI> | |
199 | -[ÉvZXª¶¬³êÄåÊÉíµC¿Ç èܹñBêÂÉÜÆÜèܹñ©B | |
200 | - | |
201 | -<BLOCKQUOTE> | |
202 | -ASYðÈPÉ·é½ßÉ¡Ìû®ðæèܵ½BÄvZXðêÂÉÜÆßé±ÆàÂ\ŵ太A½ÌÔÒ¿ÆANZXÒ¿ð§ä·éÌÍAT[rXWQ»Ì¼Ìl¶_à èA©ÈèÊ|Å·BOðð¨Ä·éÆêÂÉÜÆßéÙ}xªá¢Æl¦ÄãñµÉµÄ¢Ü·B | |
203 | -</BLOCKQUOTE> | |
204 | - | |
205 | -<LI> | |
206 | -IPv6ÉÎÅ«Ü·©B | |
207 | - | |
208 | -<BLOCKQUOTE> | |
209 | -Version | |
210 | -1.2.0ɨ¢Äεܵ½B | |
211 | -</BLOCKQUOTE></LI> | |
212 | - | |
213 | -</UL> | |
214 | -</body> | |
215 | -</HTML> | |
1 | +<html LANG="jp"> | |
2 | +<head> | |
3 | +<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS"> | |
4 | + | |
5 | +<title>Opengate Q & A</title> | |
6 | +</head> | |
7 | + | |
8 | + | |
9 | +<body bgcolor=#fafff0> | |
10 | + | |
11 | +<H3>Opengate Q & A</H3> | |
12 | + | |
13 | +Ó` | |
14 | +<UL> | |
15 | +<LI> | |
16 | +»à»à½ÌFØÈǪKvÈÌÅ·©BNÅàlbg[Nªg¦ÄÇ¢ÅÍȢŷ©B | |
17 | + | |
18 | +<BLOCKQUOTE> | |
19 | +elbg[NÍA»ÌÝuï|ÆoïSÉ]Á½pªßçêÜ·BµÄ©RpªOñÅÍ èܹñB³çÉAC^[lbgãÅÍAîæâ¼\As³A^bN̽ÐïIs®ª¶µÄ¢Ü·BgDƵÄÍ»Ìæ¤Ès®ð\¬õÉN±µÄ~µ èܹñBe©ªÓCðÁÄs®µÄ¢½¾½ßÌêÂÌû@ƵÄ{VXeª èÜ·B | |
20 | +</BLOCKQUOTE> | |
21 | + | |
22 | +<LI> | |
23 | +[ÌOSÉt·éFØðp·éÌÅÍ_ÈÌÅ·©B | |
24 | + | |
25 | +<BLOCKQUOTE> | |
26 | +êµ½PC«Ì\zÆÛªÂ\ÈVXeÌêÉÍA[OSÌFØVXeðpµ½ûªÇ¢Æv¢Ü·Bµ©µsÁ轪sÁè@íðÚ±·éæ¤È«ÅÍ@\µÜ¹ñB | |
27 | +</BLOCKQUOTE> | |
28 | + | |
29 | +<LI> | |
30 | +ANZX³êé¤ÌT[oªe©ÅíQðó¯È¢æ¤ÉAFػ̼ÌZL eBÛðs¤±Æª{ÅÍȢŷ©B | |
31 | + | |
32 | +<BLOCKQUOTE> | |
33 | +»êàKvŵå¤Bµ©µåwÌæ¤É½Ì½lÈlÔªärI©RÉpÅ«élbg[N«ðñµÄ¢égDÅÍAOÉεÄlXÈguðN±µêîªñ¹çêéÂ\«ªÈèÜ·B»ÌÓCÍgu´öðìÁ½{lÉæÁÄ¢½¾Kvª èÜ·BܽAlbg[NpÉÍA»ÌÚIÉÁ½pÒ̧Àª é±ÆªÊí¾Æv¢Ü·BæÁÄANZX·é¤ÅÌFØàKvÆl¦Ü·B | |
34 | +</BLOCKQUOTE> | |
35 | + | |
36 | +<LI> | |
37 | + | |
38 | +½ÌAöJÅè[ÆîñRZg̼ûðÎÛÆ·éKvª éÌÅ·©BöJÅè[Í[OSÌFتÂ\ÅÍȢŷ©B | |
39 | + | |
40 | +<BLOCKQUOTE> | |
41 | +SÄÌöJÅè[ðlbg[NÇåªêIÉzuµA»Ìn[hEFAðs³ì©ççêéóµªÂ\Å êλêÅàÇ¢Æv¢Ü·Bµ©µ»ÀIÉÍgUµ½öJêÖ½zu·é±Æª½AlXȢ諸¢Ü·BܽùÉzu³ê½FØ@\̳¢[âs\ªÈǺÌ[ª½ èÜ·B±êçÉàηéKvª èÜ·B | |
42 | +</BLOCKQUOTE> | |
43 | + | |
44 | +<LI> | |
45 | +[^ât@CAEI[AÊß_ÅÌL^æ¾ÅÍ¢¯È¢ÌÅ·©B | |
46 | +<BLOCKQUOTE> | |
47 | +±ÌL^ÅÍIPAhXͪ©èÜ·Bµ©µsÁ轪oüè·éêÌêÍNªpµ½Ì©ª©èܹñBpÒªÁèÅ«é®ÌêͱÌæ¤ÈL^ÅàǢŵå¤B | |
48 | +</BLOCKQUOTE> | |
49 | + | |
50 | +<LI> | |
51 | +MACAhXÅÂl¯Êð·éû®à éæ¤Å·ªB | |
52 | +<BLOCKQUOTE> | |
53 | +OpengateÍÂl¯Êð[UIDÆpX[hÅsÁĢܷB±ÌFØüÍÌãíèÉMACAhXðg¤±ÆÍÂ\ŵå¤B<BR> | |
54 | +µ©µMACAhXðp·éû®ÍAMACAhXÆ»ÌLÒÆÌÖWðOàÁÄo^·éKvª èÜ·Bܽ@í÷nEpüÌÛÉo^ÁA@íXVÌÛÉo^XVðs¤Kvª èÜ·ªApÒÉo^Áðãs³¹éÌÍïµ¢ÆvíêÜ·B±êçÌ^pãÌâè_ððµÈ¯êÎÈèܹñBܽMACAhXÍC[TlbgÚ±[ÌÝɶݷé_A[^ð´¦Ä`íçÈ¢_AUªÂ\Å é_ÈÇàï_ƾ¦Ü·B<BR> | |
55 | +ÇLFOpengateÌpª¢ïÈ[ÉεÄAMACAhXÅÂl¯Ê·éOpengateâ®FØVXeOpengateMðöJµÜµ½B±ÌVXeÅÍAMACAhXo^^XV^[^}ü^UÉ¢ÄêèÌl¶ðsÁĢܷB | |
56 | +</BLOCKQUOTE> | |
57 | + | |
58 | +<LI> | |
59 | +ÅßA³Ü´ÜÈlbg[NFØVXeª\³êÄ¢éæ¤Å·ªB | |
60 | +<BLOCKQUOTE> | |
61 | +OpengateÍȺÌ_ð½µÄ¢é_ªÁ¥Æl¦Ü·B[Éηé\tgAn[hAÝu`ÔAÚ±û@ÈÇ̧ÀªÈ¢BpÒÌw±âǪŬÀÅÏÞBêÊIÈ\tg/n[hÅ\¬³êĨèAù¶lbg[NÖ̱üªeÕÅ éBpJn/I¹É۵ĦÀÉlbg[NÌJú/½ªsíêéBIPv4ÆIPv6̼ûÌÊMð¯ÉJú½ūé±ÆB | |
62 | +</BLOCKQUOTE> | |
63 | + | |
64 | +<LI> | |
65 | +¼ÌprÉÍpÅ«Ü·©B | |
66 | +<BLOCKQUOTE> | |
67 | +{VXeÍA[UIDÆpX[hðWeboRÅó¯t¯A»ÌIPAhXÆÌpPbgÌÊßð·éVXeÅ·B»ÌggÝÌ«ŠêÎpÅ«éÆv¢Ü·Bá¦ÎAGNXglbg©çCglbgÉεÄANZX·é½ßÌoCpXûðÝu·é±ÆÉàpÅ«éŵå¤BRȪçÉßÄxÈZL eBxðKvÆ·élbg[NÅÈ¢êÅ·ªB | |
68 | +</BLOCKQUOTE> | |
69 | + | |
70 | +<LI> | |
71 | +Javaª®©È¢[à èÜ·ªB | |
72 | +<BLOCKQUOTE> | |
73 | +Javaª®©È¢àµÍCXg[³êĢȢ[ÅàApÒªFØy[Wɨ¢Ävµ½Ú±p±Ô¾¯lbg[NðJúµÜ·B½¾µAæÁæèâúuÉηé½ßAêèÔÔuÅAARPR}hÆt@CAEH[ÊßpPbgÅ`FbNµÜ·BܽAÂy[WÌpfÌNðNbN·é±ÆÅlbg[Nð½ūܷB1.4Å©çJavaðp¢¸JavaScriptðp¢éæ¤ÉµÜµ½B | |
74 | +</BLOCKQUOTE></LI> | |
75 | + | |
76 | + | |
77 | +</UL> | |
78 | + | |
79 | + | |
80 | +p | |
81 | +<UL> | |
82 | +<LI> | |
83 | +³üLANÅg¦Ü·©B | |
84 | + | |
85 | +<BLOCKQUOTE> | |
86 | +g¦Ü·B½¾µAeÇàÅNATÉæéIPAhXÏ·ªÈ³êĢȢ±ÆªKvÅ·B | |
87 | +</BLOCKQUOTE> | |
88 | + | |
89 | +<LI> | |
90 | +DHCPâNATÆ̤pÍÅ«Ü·©B | |
91 | + | |
92 | +<BLOCKQUOTE> | |
93 | +Å«Ü·B»Ìæ¤Èg¢ûª½¢Æv¢Ü·B½¾µNATͯêQ[gEFC}VãÅ®©·êÅ·B{Q[gEFCÆ[QÆÌÔÉNATuð²Þ±ÆÍūܹñB¯¶IPAhXð½lªgp·é`ÉÈé½ßÅ·B | |
94 | +</BLOCKQUOTE> | |
95 | + | |
96 | +<LI> | |
97 | +MACAhXÍæ¾Å«Ü·©B | |
98 | +<BLOCKQUOTE> | |
99 | +Ver0.53ÉÄεܵ½B½¾µAT[o¤ÅARP©çæ¾·é½ßAT[o¤©ç©¦éAhXÌÝÅ·BãARPª éÆ»ÌpAhXÆÈèÜ·BܽARȪçAC[TlbgÅÌÝLøÅ·B | |
100 | +</BLOCKQUOTE> | |
101 | + | |
102 | +<LI> | |
103 | +êÌT[rXÍFسµÉµ½¢ÌÅ·ªBàµÍFØãàêÌT[rXð§Àµ½¢ÌÅ·ªB | |
104 | + | |
105 | +<BLOCKQUOTE> | |
106 | +úóÔÌt@CAEI[[ÉKvÈàÌðÇÁ·êÎÂ\Å·BOpengateͱÌúóÔÉ[ð}üEíµÜ·BæÁÄAÇÁÊuðHv·êÎlXȧäªÂ\Å·Bá¦ÎAÁèÌTCgðANZXÂàµÍsÂÉÅè·é±ÆàÅ«Ü·B | |
107 | +</BLOCKQUOTE> | |
108 | + | |
109 | +<LI> | |
110 | +pÒÌxÉæÁÄT[rXð§Àµ½¢ÌÅ·ªB | |
111 | + | |
112 | +<BLOCKQUOTE> | |
113 | +Ýèt@Cɨ¢ÄExtraSetÌÝèðµÄ¾³¢BExtraSetÌðɤ[UÍExtraSetÅwèµ½Ýèlð㫵ܷB | |
114 | +ܽÍPerlXNvgÌgpðLøɵÄAXNvgŧ侳¢B | |
115 | +</BLOCKQUOTE> | |
116 | + | |
117 | +<LI> | |
118 | +êIpÒÖÌÎÍǤµÜ·©B | |
119 | + | |
120 | +<BLOCKQUOTE> | |
121 | +FØT[oÖÌêIÈpÒo^ªKvÅ·BOpengateÍA¡ÌFØT[oÉ[UðU誯éæ¤ÉwèÅ«Ü·ÌÅAÊrÉêpÒ̽ßÌFØT[oðÝu·é±ÆàÅ«Ü·BftpT[oª®¯ÎÇ¢ÌÅWindowsÈÇÌÈÕT[oÅàÂ\Æl¦Ü·B | |
122 | +<BR> | |
123 | +åwÅÍA»ÝÌƱëA}ÙOpÒâwïQÁÒÈÇÌêIpÒÉεÄȺÌ^pðsÁĢܷBêpÒpÌFØT[oðpÓ·éBKvÌpÒIDðpúÀt«Åo^µA¯ÉpÒIDÆpX[h¨æÑpãÌÓð¢½pðpÒIDÉóü·éBpó]ÒªK·êÎAg³ðmFµÄpð1n·BRȪç{pÒIDÍwàÌT[oÖÌOCÉÍpūܹñB | |
124 | +</BLOCKQUOTE> | |
125 | + | |
126 | +<LI> | |
127 | +pX[hÌçéÍÛÄÜ·©B | |
128 | + | |
129 | +<BLOCKQUOTE> | |
130 | +[ÆQ[gEFCÔÍWebÊMÅpX[hðèÜ·BæÁÄWebT[oðSSL»·êÎçéªÛÄÜ·BQ[gEFCÆFØT[oÌÔÍAçé@\Ì éFØvgRÉæêÎÂ\Å·BOpengateÍApop3s,ftps,Radius,PAMÉεĢܷBPAMͽÌFØvgRðT|[gµÜ·B | |
131 | +</BLOCKQUOTE> | |
132 | + | |
133 | +<LI> | |
134 | +XP[reBÍǤŷ©BptH[}XÍǤŷ©B | |
135 | + | |
136 | +<BLOCKQUOTE> | |
137 | +\äÌgpÅÍâè³g¦Ä¢Ü·BNXCöxÌpÍÅ«éÆv¢Ü·B{VXeÍAt@CAEI[\tgÌpPbgtB^OK¥ðÇÁEí·éû®Å èAeNCAg©çÌpJnvðÊÉ·êÎwÇ×ÆÈèܹñBpÌptH[}XÍApPbgtB^OâpPbg]Ì\ÍÉ˶·éÆv¢Ü·BȨÊIȧÀƵÄÍApNCAgÉPvZXªí·é±Æª èÜ·Bµ©µvZXÌÅålÍJ[lŲ®Å«Ü·µANXCöxɪµÄVXe^p·éûªQ[gEFCɨ¯épPbgtB^OÌ\Í©ç·éÆ»ÀIŵå¤B | |
138 | +</BLOCKQUOTE></LI> | |
139 | + | |
140 | +<LI> | |
141 | +WebÈOÌpÉÍεܷ©B | |
142 | +<BLOCKQUOTE> | |
143 | +ܸWebuEUÅFØðó¯ÄA»ÌuEUðŬ»µÄ©çg¢Ü·BȨAt@CAEH[[Xgɨ¢ÄAOpengateª}ü·é[ÔæèOÉ[ðÝè·êÎAêvgRÉηé³ðÛâ³ðÂàÝèÂ\Å·B | |
144 | +</BLOCKQUOTE></LI> | |
145 | + | |
146 | +<LI> | |
147 | +[ÌÚ±óµð²×é±ÆÍÅ«Ü·©B | |
148 | +<BLOCKQUOTE> | |
149 | +JúƽÌðÍAsyslogoRÅ/var/log/opengate.logÉÛ¶³êÜ·B[²ÆÉêÂÌvZXÅĵĨèA»ÝÚ±Ì[óµÍAups -axww | grep opengatevÅ©é±ÆªoÜ·B±ÌPSR}hÍvZXIDA[UIDAIPAhXAt@CAEH[[Ôð\¦µÜ·BàµA éOpengateÌvZXðkill·êÎAÎt@CAEH[[àí³êÜ·Bt@CAEH[ÌJúóµÍuipfw listvÆuip6fw listvÅ©é±ÆªoÜ·B | |
150 | +</BLOCKQUOTE></LI> | |
151 | + | |
152 | +</UL> | |
153 | +±üEJ | |
154 | +<UL> | |
155 | +<LI> | |
156 | +CXg[µ½ª®«Ü¹ñB | |
157 | + | |
158 | +<BLOCKQUOTE> | |
159 | +½Ì\tgEFAÌîð·éVXeÅ·ÌÅfobOÍÊ|¾Æv¢Ü·BÊrÉpÓµ½`FbNÚLqÌt@Cð©Ä¾³¢B | |
160 | +</BLOCKQUOTE> | |
161 | + | |
162 | +<LI> | |
163 | +pEüÏEzzÍÂ\Å·©B | |
164 | + | |
165 | +<BLOCKQUOTE> | |
166 | +GPLºÅÂ\Å·B¡ãÌJ̽ßÉAJÒÜÅA¸¯êÎK¢Å·BoOEv]EüÏñð½}µÜ·B | |
167 | +</BLOCKQUOTE> | |
168 | + | |
169 | +<LI> | |
170 | +FØWeby[WÌfUCðϦ½¢ÌÅ·ªB | |
171 | + | |
172 | +<BLOCKQUOTE> | |
173 | +eWeby[WÍHTMLt@CƵÄƧµÄ¢Ü·B±ê𫩦é±ÆÅÈPÉÅ«Ü·B | |
174 | +</BLOCKQUOTE> | |
175 | + | |
176 | +<LI> | |
177 | +pêAú{êÈOÌ\¦Éµ½¢ÌÅ·ªB | |
178 | + | |
179 | +<BLOCKQUOTE> | |
180 | +en,jaÌfBNgªApêÆú{êÌLqÅ·B±êðQlɵį¶fBNg\¬ÅHTMLt@Cð쬵ľ³¢B³çÉAÝèt@C̾êÝèÆindex.html.varðÇÁÏXµÄ¾³¢B | |
181 | +</BLOCKQUOTE> | |
182 | + | |
183 | +<LI> | |
184 | +IPAhXÉæèèðmFµÄ¢éæ¤Å·ªAIPXv[tBOÍâèÅÍȢŷ©BܽT[rXWQUÉÍÎÅ«Ü·©B»Ì¼ÌA^bNÉεÄÍǤŷ©B | |
185 | + | |
186 | +<BLOCKQUOTE> | |
187 | +IPXv[tBOÍt@CAEI[ÌûÌÝèÅð¯çêéÆv¢Ü·BܽOpengateÍA³µ¢pX[hðÁÄ«½AhXÉεÄðJ¯éÌÅAIPAhXðUÁÄà Üè¾ÉÍÈèܹñB¼ªFØðó¯ÄgÁĢ鯶IPAhXð¼ÌµÄpPbg𬷱ÆÍÂ\ŵ太A»ÀIÈpÍïµ¢ÆvÁĢܷBT[rXWQÉ¢ÄÍAeIPAhXÉεÄÆ©Ì|[gÔðêÂè¯ðM·é`ÔÅ·ÌÅð¯çêéÆv¢Ü·BWQð®SÉ·é±ÆÍﵢŷªAZL eBz[ª ê⳦º³¢B«ÓðÁ½pÉεÄÍAÎôƵÄl¦çêÄ¢é@\ÈÇðgÝí¹é±ÆàÂ\Å ë¤Æv¢Ü·B | |
188 | +</BLOCKQUOTE> | |
189 | + | |
190 | + | |
191 | +<LI> | |
192 | +T[oÍFreeBSDÈOÅ®«Ü·©B | |
193 | + | |
194 | +<BLOCKQUOTE> | |
195 | +»óÅÍAFreeBSDêpÌt@CAEI[c[ipfwðpµÄ¢éÌÅA¼ÌOSÅÍ®«Ü¹ñB¯Ì@\ðÂt@CAEI[c[ª êÎAηéæ¤É«©¦é±ÆÍÂ\Å·Bá¦ÎLinuxÌipchainsÉ«·¦é±ÆÍÂ\Å·B | |
196 | +</BLOCKQUOTE> | |
197 | + | |
198 | +<LI> | |
199 | +[ÉvZXª¶¬³êÄåÊÉíµC¿Ç èܹñBêÂÉÜÆÜèܹñ©B | |
200 | + | |
201 | +<BLOCKQUOTE> | |
202 | +ASYðÈPÉ·é½ßÉ¡Ìû®ðæèܵ½BÄvZXðêÂÉÜÆßé±ÆàÂ\ŵ太A½ÌÔÒ¿ÆANZXÒ¿ð§ä·éÌÍAT[rXWQ»Ì¼Ìl¶_à èA©ÈèÊ|Å·BOðð¨Ä·éÆêÂÉÜÆßéÙ}xªá¢Æl¦ÄãñµÉµÄ¢Ü·B | |
203 | +</BLOCKQUOTE> | |
204 | + | |
205 | +<LI> | |
206 | +IPv6ÉÎÅ«Ü·©B | |
207 | + | |
208 | +<BLOCKQUOTE> | |
209 | +Version | |
210 | +1.2.0ɨ¢Äεܵ½B | |
211 | +</BLOCKQUOTE></LI> | |
212 | + | |
213 | +</UL> | |
214 | +</body> | |
215 | +</HTML> |
@@ -1,400 +1,400 @@ | ||
1 | -/************************************************** | |
2 | -opengate server | |
3 | - module for Controling ipfw for IPv6 address | |
4 | - | |
5 | -Copyright (C) 2005 Opengate Project Team | |
6 | -Written by Katsuhiko Eguchi, 2005 | |
7 | - | |
8 | -This program is free software; you can redistribute it and/or | |
9 | -modify it under the terms of the GNU General Public License | |
10 | -as published by the Free Software Foundation; either version 2 | |
11 | -of the License, or (at your option) any later version. | |
12 | - | |
13 | -This program is distributed in the hope that it will be useful, | |
14 | -but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | -GNU General Public License for more details. | |
17 | - | |
18 | -You should have received a copy of the GNU General Public License | |
19 | -along with this program; if not, write to the Free Software | |
20 | -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
21 | - | |
22 | -Email: watanaby@is.saga-u.ac.jp | |
23 | -**************************************************/ | |
24 | - | |
25 | -#include "opengatesrv.h" | |
26 | - | |
27 | -char ruleNumber6[WORDMAXLN]; /* ipfw rule number in string form */ | |
28 | - | |
29 | -int getRuleNumber6(char *clientAddr6); | |
30 | -int GetRuleNumber6(char *clientAddr6); | |
31 | - | |
32 | -static void sigFunc(int signo); | |
33 | - | |
34 | -/******************************************************************/ | |
35 | -/* open gate for clientAddr6 (nnnn:nnnn::nnnn:nnnn) */ | |
36 | -/******************************************************************/ | |
37 | -int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty) | |
38 | -{ | |
39 | - int fd; | |
40 | - int ret=0; | |
41 | - int retNum; | |
42 | - | |
43 | - Sigfunc *defaultSigFunc; | |
44 | - | |
45 | - /* exclusive exec of ipfw to avoid duplicated rule number */ | |
46 | - | |
47 | - /**** prepare ****/ | |
48 | - /* open lockfile */ | |
49 | - fd=open(GetConfValue("LockFile"), O_RDWR|O_CREAT, | |
50 | - S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); | |
51 | - if(fd==-1){ | |
52 | - err_msg("ERR at %s#%d: lockfile open error",__FILE__,__LINE__); | |
53 | - return 1; | |
54 | - } | |
55 | - | |
56 | - /* set timeout */ | |
57 | - if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1; | |
58 | - alarm(atoi(GetConfValue("LockTimeout"))); | |
59 | - | |
60 | - /* lock */ | |
61 | - if(Lock(fd)<0){ | |
62 | - err_msg("ERR at %s#%d: lock error",__FILE__,__LINE__); | |
63 | - return 1; | |
64 | - } | |
65 | - | |
66 | - /* reset timeout */ | |
67 | - Signal(SIGALRM, defaultSigFunc); | |
68 | - alarm(0); | |
69 | - | |
70 | - /**** read rules ****/ | |
71 | - if((retNum=GetRuleNumber6(clientAddr6))<0){ | |
72 | - Unlock(fd); | |
73 | - Close(fd); | |
74 | - return retNum; | |
75 | - } | |
76 | - | |
77 | - /**** write rules ****/ | |
78 | - if(atoi(GetConfValue("IpfwScript/Enable"))){ | |
79 | - /********** use perl script to control firewall ************/ | |
80 | - | |
81 | - if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"), | |
82 | - ruleNumber6,clientAddr6, | |
83 | - userid,macAddr6,userProperty, | |
84 | - GetConfValue("IpfwTagNumber"),(char *)0) != 0){ | |
85 | - err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__); | |
86 | - ret=1; /* abmormal */ | |
87 | - } | |
88 | - } | |
89 | - else{ | |
90 | - /********** direct control of firewall **********************/ | |
91 | - /********** add outgoing ipfw rule for the client *************/ | |
92 | - if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6, | |
93 | - "count","tag",GetConfValue("IpfwTagNumber"), | |
94 | - "ip","from",clientAddr6,"to","any", | |
95 | - "//", userid, (char *)0) != 0){ | |
96 | - err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__); | |
97 | - ret=1; | |
98 | - } | |
99 | - | |
100 | - /********** add incoming ipfw rule for the client *************/ | |
101 | - if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6, | |
102 | - "count","tag",GetConfValue("IpfwTagNumber"), | |
103 | - "ip","from","any","to",clientAddr6, | |
104 | - "//", userid, (char *)0) != 0){ | |
105 | - err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__); | |
106 | - ret=1; /* abnormal */ | |
107 | - } | |
108 | - } | |
109 | - | |
110 | - /* uplock */ | |
111 | - Unlock(fd); | |
112 | - Close(fd); | |
113 | - | |
114 | - return ret; | |
115 | -} | |
116 | - | |
117 | - | |
118 | -/******************************************************************/ | |
119 | -/* close gate for clientAddr (nnnn:nnnn:nnnn::nnnn:nnnn:nnnn) */ | |
120 | -/******************************************************************/ | |
121 | -void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6) | |
122 | -{ | |
123 | - double time_l; | |
124 | - int hour, min, sec; | |
125 | - time_t timeOut; | |
126 | - | |
127 | - /********** del ipfw rule for the client *************/ | |
128 | - DelIp6fwRule(pClientAddr->ruleNumber); | |
129 | - | |
130 | - timeOut = time(NULL); | |
131 | - time_l=difftime(timeOut,pClientAddr->timeIn); | |
132 | - hour=time_l/60/60; | |
133 | - min=(time_l-hour*60*60)/60; | |
134 | - sec=(time_l-hour*60*60-min*60); | |
135 | - err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )", | |
136 | - userid, pClientAddr->ipAddr, macAddr6, hour,min,sec); | |
137 | - | |
138 | - /* send message to opengatemd server to renew the info in md cache */ | |
139 | - PutMacAddressToOpengateMd(macAddr6); | |
140 | - | |
141 | - return; | |
142 | -} | |
143 | - | |
144 | - | |
145 | -/***********************************************/ | |
146 | -/* delete ipfw rule */ | |
147 | -/***********************************************/ | |
148 | -void delIp6fwRule(char *ruleNumber) | |
149 | -{ | |
150 | - int ruleCount; | |
151 | - | |
152 | - /* get rule count */ | |
153 | - ruleCount = CountRuleNumber6(ruleNumber); | |
154 | - | |
155 | - /* delete rule */ | |
156 | - if(ruleCount>0){ | |
157 | - if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){ | |
158 | - err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__); | |
159 | - } | |
160 | - } | |
161 | -} | |
162 | - | |
163 | -/**************************************/ | |
164 | -/* get unused ipfw rule number */ | |
165 | -/* error if addr is already in rules */ | |
166 | -/* return value ret>0: acquired rule number that can be used */ | |
167 | -/* ret=-1: no rule number available */ | |
168 | -/* ret=-2: some system error occured */ | |
169 | -/* ret=-num: the ip address is already registered in rule 'num' */ | |
170 | -/**************************************/ | |
171 | -int getRuleNumber6(char *clientAddr6) | |
172 | -{ | |
173 | - FILE *fpipe; | |
174 | - char buf[BUFFMAXLN]; | |
175 | - int num,newNum,readinNum; | |
176 | - char *p; | |
177 | - int ip6fwmin; | |
178 | - int ip6fwmax; | |
179 | - int ip6fwinterval; | |
180 | - int portStatus; | |
181 | - int fileStatus; | |
182 | - enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUP}; | |
183 | - | |
184 | - if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){ | |
185 | - err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__); | |
186 | - } | |
187 | - | |
188 | - /* search unused rule number in the list read from pipe */ | |
189 | - /* check duplication of clientAddr to existing rules */ | |
190 | - | |
191 | - newNum=-1; | |
192 | - readinNum=0; | |
193 | - portStatus=NOTFOUND; | |
194 | - fileStatus=NORMAL; | |
195 | - | |
196 | - /* get rule range from config */ | |
197 | - ip6fwmin=atoi(GetConfValue("IpfwRule/Min")); | |
198 | - ip6fwmax=atoi(GetConfValue("IpfwRule/Max")); | |
199 | - ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval")); | |
200 | - | |
201 | - /* each port is checked whether it can be used for new rule or not */ | |
202 | - for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){ | |
203 | - | |
204 | - /* skip rules smaller than num */ | |
205 | - while(readinNum<num){ | |
206 | - if(fgets(buf, BUFFMAXLN, fpipe)==NULL){ | |
207 | - if(feof(fpipe)==1) fileStatus=EOF; | |
208 | - else fileStatus=ABNORMAL; | |
209 | - break; | |
210 | - } | |
211 | - if( sscanf(buf, "%d", &readinNum) !=1 ){ | |
212 | - err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]", | |
213 | - __FILE__,__LINE__,buf); | |
214 | - fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */ | |
215 | - break; | |
216 | - } | |
217 | - } | |
218 | - | |
219 | - if(fileStatus==ABNORMAL){ | |
220 | - /* abnormal file proc, exit external loop */ | |
221 | - break; | |
222 | - } | |
223 | - | |
224 | - if(fileStatus==EOF){ | |
225 | - /* EOF before reading a rule that is larger or equal to num */ | |
226 | - /* it means that num can be used for new client */ | |
227 | - portStatus=FOUND; | |
228 | - newNum=num; | |
229 | - break; | |
230 | - } | |
231 | - | |
232 | - /* at this point, readinNum is larger or equal to num */ | |
233 | - /* check number duplication */ | |
234 | - if(readinNum==num){ | |
235 | - | |
236 | - /* if clientAddr is found in the existing rule, then err exit. */ | |
237 | - if(((p=(char*)strstr(buf+1,clientAddr6))!=NULL) | |
238 | - && isspace(*(p-1)) | |
239 | - && !isalnum(*(p+strlen(clientAddr6)))){ | |
240 | - /* the clientAddr is found in the rule num */ | |
241 | - newNum=num; | |
242 | - portStatus=DUP; | |
243 | - break; | |
244 | - } | |
245 | - /* the num is used for other client */ | |
246 | - /* go to checking of next num */ | |
247 | - else{ | |
248 | - continue; | |
249 | - } | |
250 | - } | |
251 | - | |
252 | - /* at this point, readNum is larger than num */ | |
253 | - /* it means that num can be used for new client */ | |
254 | - newNum=num; | |
255 | - portStatus=FOUND; | |
256 | - break; | |
257 | - } | |
258 | - | |
259 | - /* close pipe */ | |
260 | - Pclose(fpipe); | |
261 | - | |
262 | - if(fileStatus==ABNORMAL){ | |
263 | - err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__); | |
264 | - return -2; | |
265 | - } | |
266 | - if(portStatus==NOTFOUND){ | |
267 | - err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__); | |
268 | - return -1; | |
269 | - } | |
270 | - if(portStatus==DUP){ | |
271 | - snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */ | |
272 | - return -newNum; | |
273 | - } | |
274 | - | |
275 | - snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */ | |
276 | - | |
277 | - return newNum; | |
278 | -} | |
279 | - | |
280 | -/*******************************/ | |
281 | -/* get packet count from ipfw */ | |
282 | -/*******************************/ | |
283 | -int getPacketCount6(char *ruleNumber) | |
284 | -{ | |
285 | - FILE *fpipe; | |
286 | - char buf[BUFFMAXLN]; | |
287 | - int rule; | |
288 | - int packets,packetsSum; | |
289 | - | |
290 | - /* exec proc */ | |
291 | - if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ | |
292 | - err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__); | |
293 | - return 0; /* abnormal */ | |
294 | - } | |
295 | - | |
296 | - /* search unused number in the list read from pipe */ | |
297 | - packetsSum=0; | |
298 | - | |
299 | - while(fgets(buf, BUFFMAXLN, fpipe)!=NULL){ | |
300 | - sscanf(buf, "%d %d", &rule, &packets); /* get packet count */ | |
301 | - packetsSum+=packets; | |
302 | - } | |
303 | - | |
304 | - /* close pipe */ | |
305 | - Pclose(fpipe); | |
306 | - | |
307 | - return packetsSum; | |
308 | -} | |
309 | - | |
310 | -/**********************************************/ | |
311 | -/* get rule count registed to a rule number */ | |
312 | -/**********************************************/ | |
313 | -int countRuleNumber6(char *ruleNumber) | |
314 | -{ | |
315 | - FILE *fpipe; | |
316 | - char buf[BUFFMAXLN]; | |
317 | - int ruleCount; | |
318 | - | |
319 | - /* exec proc */ | |
320 | - if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){ | |
321 | - err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__); | |
322 | - } | |
323 | - | |
324 | - /* count line read from pipe */ | |
325 | - ruleCount = 0; | |
326 | - while(fgets(buf, BUFFMAXLN, fpipe)!=0) ruleCount++; | |
327 | - | |
328 | - /* close pipe */ | |
329 | - Pclose(fpipe); | |
330 | - | |
331 | - return ruleCount; | |
332 | -} | |
333 | - | |
334 | -/**********************************************/ | |
335 | -/* function called by signal int */ | |
336 | -/**********************************************/ | |
337 | -static void sigFunc(int signo) | |
338 | -{ | |
339 | - return; | |
340 | -} | |
341 | - | |
342 | -/**********************************************/ | |
343 | -/**********************************************/ | |
344 | - | |
345 | -int GetRuleNumber6(char *clientAddr6) | |
346 | -{ | |
347 | - int ret; | |
348 | - | |
349 | - if(debug>1) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6); | |
350 | - ret=getRuleNumber6(clientAddr6); | |
351 | - if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret); | |
352 | - | |
353 | - return ret; | |
354 | -} | |
355 | - | |
356 | -int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty) | |
357 | -{ | |
358 | - int ret; | |
359 | - | |
360 | - if(debug>1) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty); | |
361 | - ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty); | |
362 | - if(debug>1) err_msg("DEBUG:(%d)<=openClientGate6( )",ret); | |
363 | - | |
364 | - return ret; | |
365 | -} | |
366 | - | |
367 | -void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6) | |
368 | -{ | |
369 | - if(debug>1) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6); | |
370 | - closeClientGate6(pClientAddr,userid,macAddr6); | |
371 | - if(debug>1) err_msg("DEBUG:<=closeClientGate6( )"); | |
372 | -} | |
373 | - | |
374 | -int GetPacketCount6(char *ruleNumber) | |
375 | -{ | |
376 | - int ret; | |
377 | - | |
378 | - if(debug>1) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber); | |
379 | - ret=getPacketCount6(ruleNumber); | |
380 | - if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret); | |
381 | - | |
382 | - return ret; | |
383 | -} | |
384 | - | |
385 | -int CountRuleNumber6(char *ruleNumber) | |
386 | -{ | |
387 | - int ret; | |
388 | - | |
389 | - if(debug>1) err_msg("DEBUG:=>countRuleNumber6(%s)", ruleNumber); | |
390 | - ret=countRuleNumber6(ruleNumber); | |
391 | - if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber6( )",ret); | |
392 | - | |
393 | - return ret; | |
394 | -} | |
395 | - | |
396 | -void DelIp6fwRule(char *ruleNumber){ | |
397 | - if(debug>1) err_msg("DEBUG:=>delIp6fwRule(%s)",ruleNumber); | |
398 | - delIp6fwRule(ruleNumber); | |
399 | - if(debug>1) err_msg("DEBUG:<=delIp6fwRule( )"); | |
400 | -} | |
1 | +/************************************************** | |
2 | +opengate server | |
3 | + module for Controling ipfw for IPv6 address | |
4 | + | |
5 | +Copyright (C) 2005 Opengate Project Team | |
6 | +Written by Katsuhiko Eguchi, 2005 | |
7 | + | |
8 | +This program is free software; you can redistribute it and/or | |
9 | +modify it under the terms of the GNU General Public License | |
10 | +as published by the Free Software Foundation; either version 2 | |
11 | +of the License, or (at your option) any later version. | |
12 | + | |
13 | +This program is distributed in the hope that it will be useful, | |
14 | +but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | +GNU General Public License for more details. | |
17 | + | |
18 | +You should have received a copy of the GNU General Public License | |
19 | +along with this program; if not, write to the Free Software | |
20 | +Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
21 | + | |
22 | +Email: watanaby@is.saga-u.ac.jp | |
23 | +**************************************************/ | |
24 | + | |
25 | +#include "opengatesrv.h" | |
26 | + | |
27 | +char ruleNumber6[WORDMAXLN]; /* ipfw rule number in string form */ | |
28 | + | |
29 | +int getRuleNumber6(char *clientAddr6); | |
30 | +int GetRuleNumber6(char *clientAddr6); | |
31 | + | |
32 | +static void sigFunc(int signo); | |
33 | + | |
34 | +/******************************************************************/ | |
35 | +/* open gate for clientAddr6 (nnnn:nnnn::nnnn:nnnn) */ | |
36 | +/******************************************************************/ | |
37 | +int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty) | |
38 | +{ | |
39 | + int fd; | |
40 | + int ret=0; | |
41 | + int retNum; | |
42 | + | |
43 | + Sigfunc *defaultSigFunc; | |
44 | + | |
45 | + /* exclusive exec of ipfw to avoid duplicated rule number */ | |
46 | + | |
47 | + /**** prepare ****/ | |
48 | + /* open lockfile */ | |
49 | + fd=open(GetConfValue("LockFile"), O_RDWR|O_CREAT, | |
50 | + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); | |
51 | + if(fd==-1){ | |
52 | + err_msg("ERR at %s#%d: lockfile open error",__FILE__,__LINE__); | |
53 | + return 1; | |
54 | + } | |
55 | + | |
56 | + /* set timeout */ | |
57 | + if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1; | |
58 | + alarm(atoi(GetConfValue("LockTimeout"))); | |
59 | + | |
60 | + /* lock */ | |
61 | + if(Lock(fd)<0){ | |
62 | + err_msg("ERR at %s#%d: lock error",__FILE__,__LINE__); | |
63 | + return 1; | |
64 | + } | |
65 | + | |
66 | + /* reset timeout */ | |
67 | + Signal(SIGALRM, defaultSigFunc); | |
68 | + alarm(0); | |
69 | + | |
70 | + /**** read rules ****/ | |
71 | + if((retNum=GetRuleNumber6(clientAddr6))<0){ | |
72 | + Unlock(fd); | |
73 | + Close(fd); | |
74 | + return retNum; | |
75 | + } | |
76 | + | |
77 | + /**** write rules ****/ | |
78 | + if(atoi(GetConfValue("IpfwScript/Enable"))){ | |
79 | + /********** use perl script to control firewall ************/ | |
80 | + | |
81 | + if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"), | |
82 | + ruleNumber6,clientAddr6, | |
83 | + userid,macAddr6,userProperty, | |
84 | + GetConfValue("IpfwTagNumber"),(char *)0) != 0){ | |
85 | + err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__); | |
86 | + ret=1; /* abmormal */ | |
87 | + } | |
88 | + } | |
89 | + else{ | |
90 | + /********** direct control of firewall **********************/ | |
91 | + /********** add outgoing ipfw rule for the client *************/ | |
92 | + if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6, | |
93 | + "count","tag",GetConfValue("IpfwTagNumber"), | |
94 | + "ip","from",clientAddr6,"to","any", | |
95 | + "//", userid, (char *)0) != 0){ | |
96 | + err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__); | |
97 | + ret=1; | |
98 | + } | |
99 | + | |
100 | + /********** add incoming ipfw rule for the client *************/ | |
101 | + if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6, | |
102 | + "count","tag",GetConfValue("IpfwTagNumber"), | |
103 | + "ip","from","any","to",clientAddr6, | |
104 | + "//", userid, (char *)0) != 0){ | |
105 | + err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__); | |
106 | + ret=1; /* abnormal */ | |
107 | + } | |
108 | + } | |
109 | + | |
110 | + /* uplock */ | |
111 | + Unlock(fd); | |
112 | + Close(fd); | |
113 | + | |
114 | + return ret; | |
115 | +} | |
116 | + | |
117 | + | |
118 | +/******************************************************************/ | |
119 | +/* close gate for clientAddr (nnnn:nnnn:nnnn::nnnn:nnnn:nnnn) */ | |
120 | +/******************************************************************/ | |
121 | +void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6) | |
122 | +{ | |
123 | + double time_l; | |
124 | + int hour, min, sec; | |
125 | + time_t timeOut; | |
126 | + | |
127 | + /********** del ipfw rule for the client *************/ | |
128 | + DelIp6fwRule(pClientAddr->ruleNumber); | |
129 | + | |
130 | + timeOut = time(NULL); | |
131 | + time_l=difftime(timeOut,pClientAddr->timeIn); | |
132 | + hour=time_l/60/60; | |
133 | + min=(time_l-hour*60*60)/60; | |
134 | + sec=(time_l-hour*60*60-min*60); | |
135 | + err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )", | |
136 | + userid, pClientAddr->ipAddr, macAddr6, hour,min,sec); | |
137 | + | |
138 | + /* send message to opengatemd server to renew the info in md cache */ | |
139 | + PutMacAddressToOpengateMd(macAddr6); | |
140 | + | |
141 | + return; | |
142 | +} | |
143 | + | |
144 | + | |
145 | +/***********************************************/ | |
146 | +/* delete ipfw rule */ | |
147 | +/***********************************************/ | |
148 | +void delIp6fwRule(char *ruleNumber) | |
149 | +{ | |
150 | + int ruleCount; | |
151 | + | |
152 | + /* get rule count */ | |
153 | + ruleCount = CountRuleNumber6(ruleNumber); | |
154 | + | |
155 | + /* delete rule */ | |
156 | + if(ruleCount>0){ | |
157 | + if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){ | |
158 | + err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__); | |
159 | + } | |
160 | + } | |
161 | +} | |
162 | + | |
163 | +/**************************************/ | |
164 | +/* get unused ipfw rule number */ | |
165 | +/* error if addr is already in rules */ | |
166 | +/* return value ret>0: acquired rule number that can be used */ | |
167 | +/* ret=-1: no rule number available */ | |
168 | +/* ret=-2: some system error occured */ | |
169 | +/* ret=-num: the ip address is already registered in rule 'num' */ | |
170 | +/**************************************/ | |
171 | +int getRuleNumber6(char *clientAddr6) | |
172 | +{ | |
173 | + FILE *fpipe; | |
174 | + char buf[BUFFMAXLN]; | |
175 | + int num,newNum,readinNum; | |
176 | + char *p; | |
177 | + int ip6fwmin; | |
178 | + int ip6fwmax; | |
179 | + int ip6fwinterval; | |
180 | + int portStatus; | |
181 | + int fileStatus; | |
182 | + enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUP}; | |
183 | + | |
184 | + if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){ | |
185 | + err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__); | |
186 | + } | |
187 | + | |
188 | + /* search unused rule number in the list read from pipe */ | |
189 | + /* check duplication of clientAddr to existing rules */ | |
190 | + | |
191 | + newNum=-1; | |
192 | + readinNum=0; | |
193 | + portStatus=NOTFOUND; | |
194 | + fileStatus=NORMAL; | |
195 | + | |
196 | + /* get rule range from config */ | |
197 | + ip6fwmin=atoi(GetConfValue("IpfwRule/Min")); | |
198 | + ip6fwmax=atoi(GetConfValue("IpfwRule/Max")); | |
199 | + ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval")); | |
200 | + | |
201 | + /* each port is checked whether it can be used for new rule or not */ | |
202 | + for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){ | |
203 | + | |
204 | + /* skip rules smaller than num */ | |
205 | + while(readinNum<num){ | |
206 | + if(fgets(buf, BUFFMAXLN, fpipe)==NULL){ | |
207 | + if(feof(fpipe)==1) fileStatus=EOF; | |
208 | + else fileStatus=ABNORMAL; | |
209 | + break; | |
210 | + } | |
211 | + if( sscanf(buf, "%d", &readinNum) !=1 ){ | |
212 | + err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]", | |
213 | + __FILE__,__LINE__,buf); | |
214 | + fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */ | |
215 | + break; | |
216 | + } | |
217 | + } | |
218 | + | |
219 | + if(fileStatus==ABNORMAL){ | |
220 | + /* abnormal file proc, exit external loop */ | |
221 | + break; | |
222 | + } | |
223 | + | |
224 | + if(fileStatus==EOF){ | |
225 | + /* EOF before reading a rule that is larger or equal to num */ | |
226 | + /* it means that num can be used for new client */ | |
227 | + portStatus=FOUND; | |
228 | + newNum=num; | |
229 | + break; | |
230 | + } | |
231 | + | |
232 | + /* at this point, readinNum is larger or equal to num */ | |
233 | + /* check number duplication */ | |
234 | + if(readinNum==num){ | |
235 | + | |
236 | + /* if clientAddr is found in the existing rule, then err exit. */ | |
237 | + if(((p=(char*)strstr(buf+1,clientAddr6))!=NULL) | |
238 | + && isspace(*(p-1)) | |
239 | + && !isalnum(*(p+strlen(clientAddr6)))){ | |
240 | + /* the clientAddr is found in the rule num */ | |
241 | + newNum=num; | |
242 | + portStatus=DUP; | |
243 | + break; | |
244 | + } | |
245 | + /* the num is used for other client */ | |
246 | + /* go to checking of next num */ | |
247 | + else{ | |
248 | + continue; | |
249 | + } | |
250 | + } | |
251 | + | |
252 | + /* at this point, readNum is larger than num */ | |
253 | + /* it means that num can be used for new client */ | |
254 | + newNum=num; | |
255 | + portStatus=FOUND; | |
256 | + break; | |
257 | + } | |
258 | + | |
259 | + /* close pipe */ | |
260 | + Pclose(fpipe); | |
261 | + | |
262 | + if(fileStatus==ABNORMAL){ | |
263 | + err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__); | |
264 | + return -2; | |
265 | + } | |
266 | + if(portStatus==NOTFOUND){ | |
267 | + err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__); | |
268 | + return -1; | |
269 | + } | |
270 | + if(portStatus==DUP){ | |
271 | + snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */ | |
272 | + return -newNum; | |
273 | + } | |
274 | + | |
275 | + snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */ | |
276 | + | |
277 | + return newNum; | |
278 | +} | |
279 | + | |
280 | +/*******************************/ | |
281 | +/* get packet count from ipfw */ | |
282 | +/*******************************/ | |
283 | +int getPacketCount6(char *ruleNumber) | |
284 | +{ | |
285 | + FILE *fpipe; | |
286 | + char buf[BUFFMAXLN]; | |
287 | + int rule; | |
288 | + int packets,packetsSum; | |
289 | + | |
290 | + /* exec proc */ | |
291 | + if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){ | |
292 | + err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__); | |
293 | + return 0; /* abnormal */ | |
294 | + } | |
295 | + | |
296 | + /* search unused number in the list read from pipe */ | |
297 | + packetsSum=0; | |
298 | + | |
299 | + while(fgets(buf, BUFFMAXLN, fpipe)!=NULL){ | |
300 | + sscanf(buf, "%d %d", &rule, &packets); /* get packet count */ | |
301 | + packetsSum+=packets; | |
302 | + } | |
303 | + | |
304 | + /* close pipe */ | |
305 | + Pclose(fpipe); | |
306 | + | |
307 | + return packetsSum; | |
308 | +} | |
309 | + | |
310 | +/**********************************************/ | |
311 | +/* get rule count registed to a rule number */ | |
312 | +/**********************************************/ | |
313 | +int countRuleNumber6(char *ruleNumber) | |
314 | +{ | |
315 | + FILE *fpipe; | |
316 | + char buf[BUFFMAXLN]; | |
317 | + int ruleCount; | |
318 | + | |
319 | + /* exec proc */ | |
320 | + if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){ | |
321 | + err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__); | |
322 | + } | |
323 | + | |
324 | + /* count line read from pipe */ | |
325 | + ruleCount = 0; | |
326 | + while(fgets(buf, BUFFMAXLN, fpipe)!=0) ruleCount++; | |
327 | + | |
328 | + /* close pipe */ | |
329 | + Pclose(fpipe); | |
330 | + | |
331 | + return ruleCount; | |
332 | +} | |
333 | + | |
334 | +/**********************************************/ | |
335 | +/* function called by signal int */ | |
336 | +/**********************************************/ | |
337 | +static void sigFunc(int signo) | |
338 | +{ | |
339 | + return; | |
340 | +} | |
341 | + | |
342 | +/**********************************************/ | |
343 | +/**********************************************/ | |
344 | + | |
345 | +int GetRuleNumber6(char *clientAddr6) | |
346 | +{ | |
347 | + int ret; | |
348 | + | |
349 | + if(debug>1) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6); | |
350 | + ret=getRuleNumber6(clientAddr6); | |
351 | + if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret); | |
352 | + | |
353 | + return ret; | |
354 | +} | |
355 | + | |
356 | +int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty) | |
357 | +{ | |
358 | + int ret; | |
359 | + | |
360 | + if(debug>1) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty); | |
361 | + ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty); | |
362 | + if(debug>1) err_msg("DEBUG:(%d)<=openClientGate6( )",ret); | |
363 | + | |
364 | + return ret; | |
365 | +} | |
366 | + | |
367 | +void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6) | |
368 | +{ | |
369 | + if(debug>1) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6); | |
370 | + closeClientGate6(pClientAddr,userid,macAddr6); | |
371 | + if(debug>1) err_msg("DEBUG:<=closeClientGate6( )"); | |
372 | +} | |
373 | + | |
374 | +int GetPacketCount6(char *ruleNumber) | |
375 | +{ | |
376 | + int ret; | |
377 | + | |
378 | + if(debug>1) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber); | |
379 | + ret=getPacketCount6(ruleNumber); | |
380 | + if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret); | |
381 | + | |
382 | + return ret; | |
383 | +} | |
384 | + | |
385 | +int CountRuleNumber6(char *ruleNumber) | |
386 | +{ | |
387 | + int ret; | |
388 | + | |
389 | + if(debug>1) err_msg("DEBUG:=>countRuleNumber6(%s)", ruleNumber); | |
390 | + ret=countRuleNumber6(ruleNumber); | |
391 | + if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber6( )",ret); | |
392 | + | |
393 | + return ret; | |
394 | +} | |
395 | + | |
396 | +void DelIp6fwRule(char *ruleNumber){ | |
397 | + if(debug>1) err_msg("DEBUG:=>delIp6fwRule(%s)",ruleNumber); | |
398 | + delIp6fwRule(ruleNumber); | |
399 | + if(debug>1) err_msg("DEBUG:<=delIp6fwRule( )"); | |
400 | +} |
@@ -73,6 +73,7 @@ int main(int argc, char **argv) | ||
73 | 73 | int cookieAuth=FALSE; /* Auth with HTTP-Cookie is passed */ |
74 | 74 | int isUidInEnv=FALSE; /* userid is included in environment (shibb/basic) */ |
75 | 75 | char closeTime[WORDMAXLN]; /* session closing time ('-'=not close) */ |
76 | + char* proto=""; /* authentication protocol */ | |
76 | 77 | |
77 | 78 | /* drop root privilege */ |
78 | 79 | seteuid(getuid()); |
@@ -149,9 +150,19 @@ int main(int argc, char **argv) | ||
149 | 150 | /* get MAC address from arp and ndp */ |
150 | 151 | GetMacAddr(clientAddr4, macAddr4, clientAddr6, macAddr6,ipStatus); |
151 | 152 | |
152 | - /* check user by authenticate servers */ | |
153 | - if(cookieAuth||isUidInEnv) authResult=ACCEPT; | |
154 | - else{ | |
153 | + /* pass auth by cookie */ | |
154 | + if(cookieAuth) authResult=ACCEPT; | |
155 | + | |
156 | + /* if exist userid in environment variable (set by shibboleth/httpbasic) */ | |
157 | + /* and the protocol setting is shibboleth/httpbasic, then pass */ | |
158 | + ResetAuthServerPointer(); | |
159 | + proto=GetConfValue("AuthServer/Protocol"); | |
160 | + if( isUidInEnv && | |
161 | + (strcmp(proto,"shibboleth")==0 || strcmp(proto,"httpbasic")==0) | |
162 | + ) authResult=ACCEPT; | |
163 | + | |
164 | + /* if not pass auth, check by auth servers */ | |
165 | + if(authResult!=ACCEPT){ | |
155 | 166 | ResetAuthServerPointer(); |
156 | 167 | while(SelectNextAuthServer()){ |
157 | 168 |