认证流程【5】-authenticate_client()函数
来源:互联网 发布:批量复制软件 编辑:程序博客网 时间:2024/06/05 11:31
void authenticate_client(request *r)
{
t_client *client;
t_authresponse auth_response;
auth_response.ext = NULL;
char *mac,
*token;
char *urlFragment = NULL;
s_config *config = NULL;
t_auth_serv *auth_server = NULL;
LOCK_CLIENT_LIST();
t_client *client;
t_authresponse auth_response;
auth_response.ext = NULL;
char *mac,
*token;
char *urlFragment = NULL;
s_config *config = NULL;
t_auth_serv *auth_server = NULL;
LOCK_CLIENT_LIST();
/* 之前已经把这个客户端追加到链表里了,所以首先去客户端链表里找*/
client = client_list_find_by_ip(r->clientAddr);
if (client == NULL) {
debug(LOG_ERR, "authenticate_client(): Could not find client for %s", r->clientAddr);
UNLOCK_CLIENT_LIST();
return;
}
mac = safe_strdup(client->mac);
token = safe_strdup(client->token);
if (client == NULL) {
debug(LOG_ERR, "authenticate_client(): Could not find client for %s", r->clientAddr);
UNLOCK_CLIENT_LIST();
return;
}
mac = safe_strdup(client->mac);
token = safe_strdup(client->token);
/*************************************************************************/
UNLOCK_CLIENT_LIST();
/*
* At this point we've released the lock while we do an HTTP request since it could
* take multiple seconds to do and the gateway would effectively be frozen if we
* kept the lock.
/*
* At this point we've released the lock while we do an HTTP request since it could
* take multiple seconds to do and the gateway would effectively be frozen if we
* kept the lock.
*/
/* 网关将此客户端的mac、ip、token发送个login 请求到认证服务器
验证此token 和之前认证服务器给客户端的token 是否一致*/
auth_server_request(&auth_response, REQUEST_TYPE_LOGIN, r->clientAddr, mac, token, 0, 0);
LOCK_CLIENT_LIST();
/* can't trust the client to still exist after n seconds have passed */
client = client_list_find(r->clientAddr, mac);
if (client == NULL) {
debug(LOG_ERR, "authenticate_client(): Could not find client node for %s (%s)", r->clientAddr, mac);
UNLOCK_CLIENT_LIST();
free(token);
free(mac);
return;
}
free(token);
free(mac);
/* Prepare some variables we'll need below */
config = config_get_config();
auth_server = get_auth_server();
LOCK_CLIENT_LIST();
/* can't trust the client to still exist after n seconds have passed */
client = client_list_find(r->clientAddr, mac);
if (client == NULL) {
debug(LOG_ERR, "authenticate_client(): Could not find client node for %s (%s)", r->clientAddr, mac);
UNLOCK_CLIENT_LIST();
free(token);
free(mac);
return;
}
free(token);
free(mac);
/* Prepare some variables we'll need below */
config = config_get_config();
auth_server = get_auth_server();
/*认证服务器返回一个auth code*/
switch(auth_response.authcode) {
case AUTH_ERROR:
/* Error talking to central server */
debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac);
send_http_page(r, "Error!", "Error: We did not get a valid answer from the central server");
break;
case AUTH_DENIED:
/* Central server said invalid token */
debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - deleting from firewall and redirecting them to denied message", client->token, client->ip, client->mac);
fw_deny(client->ip, client->mac, FW_MARK_KNOWN);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_DENIED
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to denied message");
free(urlFragment);
break;
case AUTH_VALIDATION:
/* They just got validated for X minutes to check their email */
debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s"
"- adding to firewall and redirecting them to activate message", client->token,
client->ip, client->mac);
client->fw_connection_state = FW_MARK_PROBATION;
fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_ACTIVATE_ACCOUNT
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message");
free(urlFragment);
break;
case AUTH_ERROR:
/* Error talking to central server */
debug(LOG_ERR, "Got %d from central server authenticating token %s from %s at %s", auth_response, client->token, client->ip, client->mac);
send_http_page(r, "Error!", "Error: We did not get a valid answer from the central server");
break;
case AUTH_DENIED:
/* Central server said invalid token */
debug(LOG_INFO, "Got DENIED from central server authenticating token %s from %s at %s - deleting from firewall and redirecting them to denied message", client->token, client->ip, client->mac);
fw_deny(client->ip, client->mac, FW_MARK_KNOWN);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_DENIED
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to denied message");
free(urlFragment);
break;
case AUTH_VALIDATION:
/* They just got validated for X minutes to check their email */
debug(LOG_INFO, "Got VALIDATION from central server authenticating token %s from %s at %s"
"- adding to firewall and redirecting them to activate message", client->token,
client->ip, client->mac);
client->fw_connection_state = FW_MARK_PROBATION;
fw_allow(client->ip, client->mac, FW_MARK_PROBATION);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_ACTIVATE_ACCOUNT
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to activate message");
free(urlFragment);
break;
case AUTH_ALLOWED:
/* 如果一致会返回一个auth code=auth_allowed 给网关,通知网关对此客户端放通*/
/* Logged in successfully as a regular account */
debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - "
"adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
if (connected_to_rj_mcp == 0) {
if(auth_response.ext){
debug(LOG_INFO, "EXT:[%s]", auth_response.ext);
sscanf(auth_response.ext, "%u %u %llu %llu %lu %lu", &client->bw_up, &client->bw_down,
&client->max_bw_up, &client->max_bw_down, &client->idletimeout, &client->forcetimeout);
free(auth_response.ext);
}
}
debug(LOG_INFO, "Got ALLOWED from central server authenticating token %s from %s at %s - "
"adding to firewall and redirecting them to portal", client->token, client->ip, client->mac);
if (connected_to_rj_mcp == 0) {
if(auth_response.ext){
debug(LOG_INFO, "EXT:[%s]", auth_response.ext);
sscanf(auth_response.ext, "%u %u %llu %llu %lu %lu", &client->bw_up, &client->bw_down,
&client->max_bw_up, &client->max_bw_down, &client->idletimeout, &client->forcetimeout);
free(auth_response.ext);
}
}
client->fw_connection_state = FW_MARK_KNOWN;
/* 网关收到后会将此客户端加入上网白名单(设置iptables 规则允许上网,客户端不再看到访问www.baidu.com 弹出非百度窗口)*/
fw_allow(client->ip, client->mac, FW_MARK_KNOWN);
if (connected_to_rj_mcp == 0) {
client->login_time = time(NULL);
qos_add_user(client);
served_this_session++;
safe_asprintf(&urlFragment, "%sgw_id=%s&token=%s",
auth_server->authserv_portal_script_path_fragment,
config->gw_id,
client->token);
} else {
served_this_session++;
safe_asprintf(&urlFragment, "%sgw_id=%s",
auth_server->authserv_portal_script_path_fragment,
config->gw_id);
if (connected_to_rj_mcp == 0) {
client->login_time = time(NULL);
qos_add_user(client);
served_this_session++;
safe_asprintf(&urlFragment, "%sgw_id=%s&token=%s",
auth_server->authserv_portal_script_path_fragment,
config->gw_id,
client->token);
} else {
served_this_session++;
safe_asprintf(&urlFragment, "%sgw_id=%s",
auth_server->authserv_portal_script_path_fragment,
config->gw_id);
}
/* 客户端重定向到http://auth_server/portal/?gw_id=xxx*/
http_send_redirect_to_auth(r, urlFragment, "Redirect to portal");
free(urlFragment);
break;
case AUTH_VALIDATION_FAILED:
/* Client had X minutes to validate account by email and didn't = too late */
debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s "
"- redirecting them to failed_validation message", client->token, client->ip, client->mac);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message");
free(urlFragment);
break;
default:
debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac);
send_http_page(r, "Internal Error", "We can not validate your request at this time");
break;
}
UNLOCK_CLIENT_LIST();
return;
free(urlFragment);
break;
case AUTH_VALIDATION_FAILED:
/* Client had X minutes to validate account by email and didn't = too late */
debug(LOG_INFO, "Got VALIDATION_FAILED from central server authenticating token %s from %s at %s "
"- redirecting them to failed_validation message", client->token, client->ip, client->mac);
safe_asprintf(&urlFragment, "%smessage=%s",
auth_server->authserv_msg_script_path_fragment,
GATEWAY_MESSAGE_ACCOUNT_VALIDATION_FAILED
);
http_send_redirect_to_auth(r, urlFragment, "Redirect to failed validation message");
free(urlFragment);
break;
default:
debug(LOG_WARNING, "I don't know what the validation code %d means for token %s from %s at %s - sending error message", auth_response.authcode, client->token, client->ip, client->mac);
send_http_page(r, "Internal Error", "We can not validate your request at this time");
break;
}
UNLOCK_CLIENT_LIST();
return;
}
0 0
- 认证流程【5】-authenticate_client()函数
- 认证流程【1】-main函数
- 认证流程【2】-main_loop函数
- 认证流程【3】-http_callback_404函数
- 认证流程【4】-http_callback_auth()函数
- 认证流程
- Oauth2 认证流程
- 苹果MFI认证流程
- OAUTH认证授权流程
- ISO13485认证流程
- ISO14000认证流程
- Oauth认证流程
- OCP认证流程详解
- Kerberos认证流程详解
- cas 认证流程
- wifidog认证流程
- CAS客户端认证流程
- OAuth认证流程
- JavaWeb工程师面试(一)
- 第2周项目3-体验复杂度(2)
- CLRS 10.2链表
- Qt绘图控件QCustomPlot安装
- 第二周项目一
- 认证流程【5】-authenticate_client()函数
- Metasploit使用后门程序渗透Windows
- Android ADB命令
- (第二周项目2)程序的多文件组织
- 2015-9-11 项目3 - 体验复杂度
- 第二周—程序的多文件组织的小试验
- 第二周项目3-体验复杂度(1)
- 启动android 虚拟机提示内存错误的解决办法
- 第2周项目1 C/C++语言中函数参数传递的三种方式