Index: /branches/rel_ag_9_4_5/uproxy/http_proxy/smanager/sec_misc.c
===================================================================
--- /branches/rel_ag_9_4_5/uproxy/http_proxy/smanager/sec_misc.c (revision 20501)
+++ /branches/rel_ag_9_4_5/uproxy/http_proxy/smanager/sec_misc.c (working copy)
@@ -52,26 +52,28 @@
#define COOKIE_FOR_PORTAL_ERROR_MESSAGE "_AN_msgID=-1;path=/prx/000/http/;expires=Thu, 01-Jan-1970 00:00:01 GMT;secure;samesite=None;"
#define COOKIE_FOR_PORTAL_ERROR_MESSAGE_STR "_AN_msgStr=\"\";path=/prx/000/http/;expires=Thu, 01-Jan-1970 00:00:01 GMT;secure;samesite=None;"
-
-
#define QUICKLINK_STR "/quicklink_set?resource_id="
#define QUICKLINK_STR_LEN strlen(QUICKLINK_STR)
#define QUICKLINK_STR2 "&url="
#define QUICKLINK_STR2_LEN strlen(QUICKLINK_STR2)
+#define FAVICON_STR "/favicon.ico"
+#define FAVICON_STR_LEN (sizeof(FAVICON_STR) - 1)
-#define FAVICON_STR "/favicon.ico"
-#define FAVICON_STR_LEN (sizeof(FAVICON_STR) - 1)
+#define SETUPXML_FILE_PATH "/tmp/setup.xml"
-typedef struct post_field {
- char *name;
- int32_t name_len;
- char *value;
- int32_t value_len;
- STAILQ_ENTRY(post_field) next_field;
+typedef struct post_field
+{
+ char *name;
+ int32_t name_len;
+ char *value;
+ int32_t value_len;
+ STAILQ_ENTRY(post_field)
+ next_field;
} post_field_t;
-typedef struct auth_params {
+typedef struct auth_params
+{
uint32_t pin;
uint8_t cancel;
char uname[USERNAME_LEN + 1];
@@ -84,21 +86,21 @@
char authmethod[AAA_MED_ID_LEN + 1];
char validcode[MAX_VALIDCODE_LEN + 1];
char extra_params[AAA_EXT_AUTH_PARAM_MAX_COUNT][AAA_EXT_AUTH_PARAM_MAX_SIZE];
- char secret[SEC_ENCODED_SECRET_LEN+1];
- char cus_def_vars[AAA_CUSTOM_VAR_LEN+1];
+ char secret[SEC_ENCODED_SECRET_LEN + 1];
+ char cus_def_vars[AAA_CUSTOM_VAR_LEN + 1];
} auth_params_t;
extern patricia_tree_t *content_tree;
-typedef STAILQ_HEAD( , post_field) post_field_list_t;
+typedef STAILQ_HEAD(, post_field) post_field_list_t;
static post_field_list_t post_field_list;
static char escaped_validcode[(MAX_VALIDCODE_LEN * ESCAPE_EXFACTOR) + 1];
void sec_generate_choose_site_redirect(smanager_data_t *sec_data, const sec_vsite_t *vsite);
static int sec_generate_ai_login_js_response(smanager_data_t *sec_data);
static int sec_generate_ai_cs_js_response(smanager_data_t *sec_data);
-static int sec_generate_login_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor,
- const char *err_message, const char *info_message, uint8_t register_flag, int32_t msg_id);
+static int sec_generate_login_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor,
+ const char *err_message, const char *info_message, uint8_t register_flag, int32_t msg_id);
static int sec_generate_cs_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor);
static int sec_generate_ai_logout_js_response(smanager_data_t *sec_data);
static int sec_generate_ai_dd_js_response(smanager_data_t *sec_data);
@@ -109,44 +111,44 @@
static int sec_generate_bookmark_add_response(smanager_data_t *sec_data);
static int sec_generate_bookmark_edit_response(smanager_data_t *sec_data);
static int sec_generate_nonhtml_response(smanager_data_t *sec_data);
-static void sec_generate_fshare_auth_response(smanager_data_t *sec_data, uint8_t *req_url, int32_t req_url_len,char *message);
+static void sec_generate_fshare_auth_response(smanager_data_t *sec_data, uint8_t *req_url, int32_t req_url_len, char *message);
static struct frame *create_304_response(BOOL conn_close, char *last_modified);
-static __inline char* http_code_to_str(int32_t code);
+static __inline char *http_code_to_str(int32_t code);
static int32_t sec_process_login_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
-static int32_t sec_process_navigate_post(smanager_data_t *sec_data,
- sec_vsite_t *site, struct frame *cur_request_p,
- length_t content_len, length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
+static int32_t sec_process_navigate_post(smanager_data_t *sec_data,
+ sec_vsite_t *site, struct frame *cur_request_p,
+ length_t content_len, length_t headers_len);
static int32_t sec_process_passchange_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
static int32_t sec_process_passchange_ldap_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
static int32_t sec_process_fshare_auth_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
static int32_t extract_username_password(smanager_data_t *sec_data, sec_vsite_t *vsite, struct frame *frame_p,
- length_t header_len, length_t content_len, auth_params_t *params);
+ length_t header_len, length_t content_len, auth_params_t *params);
static int32_t extract_new_password(sec_vsite_t *vsite, struct frame *frame_p,
- length_t header_len, length_t content_len, uint8_t *password,
- uint8_t *password2, uint32_t *cancel);
+ length_t header_len, length_t content_len, uint8_t *password,
+ uint8_t *password2, uint32_t *cancel);
static uint8_t extract_post_fields(struct frame *frame_p, length_t header_len,
- length_t content_len, char *content_out);
-static post_field_t *extract_field(uint8_t **data_p, struct frame **frame_p,
- int32_t *remaining_len, uint8_t *last_field);
+ length_t content_len, char *content_out);
+static post_field_t *extract_field(uint8_t **data_p, struct frame **frame_p,
+ int32_t *remaining_len, uint8_t *last_field);
static void post_field_dtor(post_field_t *field);
static void post_field_list_dtor(void);
static int32_t issue_changepass_request(void *client_conn_p, char *vsite_name, char *username,
- char *newpasswd, uint64_t aaa_request_id, char *log_id);
+ char *newpasswd, uint64_t aaa_request_id, char *log_id);
static int32_t issue_changepass_ldap_request(void *client_conn_p, char *vsite_name, char *username,
- char *newpasswd, uint64_t aaa_request_id,
- struct sesssion_ldap_pwd_policy_info *ldap_pwd_policy, char *current_ldap_server, char *log_id);
+ char *newpasswd, uint64_t aaa_request_id,
+ struct sesssion_ldap_pwd_policy_info *ldap_pwd_policy, char *current_ldap_server, char *log_id);
static int32_t url_classify(url_policy_tree_t *tree, char *url, int32_t url_len);
extern void sec_fproxy_list_init(fproxy_list_t *list);
extern int no_need_login_page(sec_vsite_t *vsite, struct aaa_method **rt_method, smanager_data_t *sec_data);
@@ -157,30 +159,30 @@
static void snprint_session_cookie(uint8_t *session_cookie_buffer, smanager_data_t *sec_data, uint32_t buf_size);
static void sprint_session_cookie_for_quicklink(uint8_t *session_cookie_buffer, smanager_data_t *sec_data);
static int32_t sec_process_sms_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
static int32_t extract_sms_verification_code(sec_vsite_t *vsite, struct frame *frame_p,
- length_t header_len, length_t content_len, uint8_t *vcode, int *resend, int *cancel);
-static int32_t issue_sms_resend_request(void *client_conn_p, char *vsite_name, char *username, char *med_id,
- char *phone, char *email);
+ length_t header_len, length_t content_len, uint8_t *vcode, int *resend, int *cancel);
+static int32_t issue_sms_resend_request(void *client_conn_p, char *vsite_name, char *username, char *med_id,
+ char *phone, char *email);
static int32_t sec_process_smx_post(smanager_data_t *sec_data, sec_session_t *session,
- sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
- length_t headers_len);
+ sec_vsite_t *site, struct frame *cur_request_p, length_t content_len,
+ length_t headers_len);
int sec_get_smx_info_from_url(smanager_data_t *sec_data);
uint8_t issue_smx_auth_resp(smanager_data_t *sec_data, char *vsite_name, char *username,
- char *passwd, char *passwd1, char *passwd2, uint8_t request_type, unsigned long step);
+ char *passwd, char *passwd1, char *passwd2, uint8_t request_type, unsigned long step);
static uint8_t language_compare(uint8_t *str, int32_t len, sec_vsite_t *site, int32_t msg_id);
static int32_t sec_redirect_client_security(smanager_data_t *sec_data, uint8_t *cookie_p, length_t cookie_len);
static void sec_generate_userresourcelinks_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor);
+ struct frame **out_frame, uint8_t **cursor);
extern int n_unescape(char *in, char *out, int in_len, int out_buff_len, int *out_len);
-extern sec_session_t * get_session_by_id(smanager_data_t *sec_data, uint32_t session_id);
+extern sec_session_t *get_session_by_id(smanager_data_t *sec_data, uint32_t session_id);
static int32_t
base64_encode(uint8_t *clear_string, int32_t clear_len,
- uint8_t *base64_output, int32_t max_out_len);
+ uint8_t *base64_output, int32_t max_out_len);
static int
array_des3_encrypt(uint8_t *key, uint32_t key_len, uint8_t *in, uint32_t in_len, uint8_t *out, uint32_t *out_len);
static int32_t issue_hwid_regist_request(void *client_conn_p, char *vsite_name, char *verify_code);
@@ -193,43 +195,41 @@
static char domain_buffer[SEC_MAX_URL_LEN];
static char domain_logout_buffer[SEC_MAX_URL_LEN];
-#define USER_PASS_OK 0
-#define USER_PASS_USER_FAIL 1
-#define USER_PASS_CRED_TOO_LONG 2
-#define USER_PASS_PASSWORD_FAIL 3
-#define USER_PASS_PIN_TOO_LONG 4
-#define USER_PASS_PIN_READ_FAIL 5
-#define USER_PASS_USER_UNESCAPE_FAIL 6
-#define USER_PASS_PASS_UNESCAPE_FAIL 7
-#define USER_PASS_PASSWORD2_FAIL 8
-#define USER_PASS_CID_TOO_LONG 9
-#define USER_PASS_CID_UNESCAPE_FAIL 10
+#define USER_PASS_OK 0
+#define USER_PASS_USER_FAIL 1
+#define USER_PASS_CRED_TOO_LONG 2
+#define USER_PASS_PASSWORD_FAIL 3
+#define USER_PASS_PIN_TOO_LONG 4
+#define USER_PASS_PIN_READ_FAIL 5
+#define USER_PASS_USER_UNESCAPE_FAIL 6
+#define USER_PASS_PASS_UNESCAPE_FAIL 7
+#define USER_PASS_PASSWORD2_FAIL 8
+#define USER_PASS_CID_TOO_LONG 9
+#define USER_PASS_CID_UNESCAPE_FAIL 10
#define USER_AUTHMEHTOD_UNESCAPE_FAIL 11
-#define USER_AUTHMETHOD_TOO_LONG 12
-#define EXT_PARAM_TOO_LONG 13
-#define EXT_PARAM_UNESCAPE_FAIL 14
-#define USER_PASS_DEVICEID_TOO_LONG 15
-#define USER_PASS_DEVICEID_UNESCAPE_FAIL 16
+#define USER_AUTHMETHOD_TOO_LONG 12
+#define EXT_PARAM_TOO_LONG 13
+#define EXT_PARAM_UNESCAPE_FAIL 14
+#define USER_PASS_DEVICEID_TOO_LONG 15
+#define USER_PASS_DEVICEID_UNESCAPE_FAIL 16
#define USER_PASS_DEVICE_NAME_UNESCAPE_FAIL 17
#define USER_PASS_SECRET_LEN_INVALID 18
#define USER_PASS_SECRET_UNESCAPE_FAIL 19
-#define USER_PASS_CUSTOM_VAR_FAIL 20
+#define USER_PASS_CUSTOM_VAR_FAIL 20
#define USER_PASS_CUSTOM_VAR_PROF_ERR 21
#define USER_PASS_CLIENT_HOSTNAME_TOO_LONG 22
#define USER_PASS_CLIENT_HOSTNAME_UNESCAPE_FAIL 23
#define USER_PASS_CLIENT_CPUID_TOO_LONG 24
#define USER_PASS_CLIENT_CPUID_UNESCAPE_FAIL 25
-#define USER_PASS_LOGID_TOO_LONG 26
+#define USER_PASS_LOGID_TOO_LONG 26
#define USER_PASS_LOGID_UNESCAPE_FAIL 27
#define USER_PASS_SQL_INJECTION 28
+#define CHANGE_PASS_OK 0
+#define CHANGE_PASS_EMPTYPASS 1
+#define CHANGE_PASS_INCONSISTENT 2
-#define CHANGE_PASS_OK 0
-#define CHANGE_PASS_EMPTYPASS 1
-#define CHANGE_PASS_INCONSISTENT 2
-
-void
-uproxy_local_log(char *file_path, const char *format, ...)
+void uproxy_local_log(char *file_path, const char *format, ...)
{
char *file_mode = "a";
time_t now;
@@ -238,7 +238,8 @@
va_list ap;
stat(file_path, &buf);
- if( buf.st_size > 100*1024*1024) {
+ if (buf.st_size > 100 * 1024 * 1024)
+ {
/*
* If file length is greater than 100M
* truncate it to zero
@@ -250,7 +251,8 @@
/* add info handle in case we meet
* with file permission problem
*/
- if (!fp) {
+ if (!fp)
+ {
return;
}
@@ -263,112 +265,118 @@
va_end(ap);
fputs("\n", fp);
fclose(fp);
-
- return;
+ return;
}
#define uproxy_sec_log(format, args...) uproxy_local_log("/var/crash/uproxy_sec.log", format, ##args)
-void xor_with_salt(uint8_t *data, const uint8_t *salt, size_t data_length, size_t salt_length) {
+void xor_with_salt(uint8_t *data, const uint8_t *salt, size_t data_length, size_t salt_length)
+{
size_t i = 0;
- for (i = 0; i < data_length; i++) {
- data[i] ^= salt[i % salt_length];
- }
+ for (i = 0; i < data_length; i++)
+ {
+ data[i] ^= salt[i % salt_length];
+ }
}
static int32_t
-portal_message_convert_for_document_write(char * pin, char * pout)
+portal_message_convert_for_document_write(char *pin, char *pout)
{
- char * pt = &pout[0];
-
- while(*pin != '\0') {
- switch (*pin) {
- case '<' :
- *pt++ = '&';
- *pt++ = 'l';
- *pt++ = 't';
- *pt++ = ';';
+ char *pt = &pout[0];
- break;
- case '>' :
- *pt++ = '&';
- *pt++ = 'g';
- *pt++ = 't';
- *pt++ = ';';
- break;
- case '\\' :
- *pt++ = '\\';
- *pt++ = '\\';
- break;
- default:
- *pt++ = *pin;
+ while (*pin != '\0')
+ {
+ switch (*pin)
+ {
+ case '<':
+ *pt++ = '&';
+ *pt++ = 'l';
+ *pt++ = 't';
+ *pt++ = ';';
+
+ break;
+ case '>':
+ *pt++ = '&';
+ *pt++ = 'g';
+ *pt++ = 't';
+ *pt++ = ';';
+ break;
+ case '\\':
+ *pt++ = '\\';
+ *pt++ = '\\';
+ break;
+ default:
+ *pt++ = *pin;
}
-
+
++pin;
}
-
+
*pt = '\0';
-
+
return (pt - &pout[0]);
}
static __inline char *
http_code_to_str(int32_t code)
{
- switch (code) {
- case OK:
- return "OK";
- case BAD_REQUEST:
- return "Bad Request";
- case UNAUTHORIZED:
- return "Access Denied";
- case FORBIDDEN:
- return "Access Denied";
- case SERVICE_UNAVAIL:
- return "Service Unavailable";
- case SERVER_ERROR:
- return "Internal Server Error";
- case NOT_FOUND:
- return "Not Found";
- default:
- return "OK";
- }
+ switch (code)
+ {
+ case OK:
+ return "OK";
+ case BAD_REQUEST:
+ return "Bad Request";
+ case UNAUTHORIZED:
+ return "Access Denied";
+ case FORBIDDEN:
+ return "Access Denied";
+ case SERVICE_UNAVAIL:
+ return "Service Unavailable";
+ case SERVER_ERROR:
+ return "Internal Server Error";
+ case NOT_FOUND:
+ return "Not Found";
+ default:
+ return "OK";
+ }
}
-static uint32_t convert_char_for_http_show(char * pin, char * pout)
+static uint32_t convert_char_for_http_show(char *pin, char *pout)
{
- char * p = pout;
-
- if(pin && pout) {
- while(*pin != '\0') {
- switch(*pin) {
- case '\\':
- *p++ = '\\';
- *p++ = '\\';
- break;
- case '&':
- *p++ = '&';
- *p++ = 'a';
- *p++ = 'm';
- *p++ = 'p';
- *p++ = ';';
- break;
- case '<':
- *p++ = '&';
- *p++ = 'l';
- *p++ = 't';
- *p++ = ';';
- break;
- case '>':
- *p++ = '&';
- *p++ = 'g';
- *p++ = 't';
- *p++ = ';';
- break;
+ char *p = pout;
- default:
- *p++ = *pin;
+ if (pin && pout)
+ {
+ while (*pin != '\0')
+ {
+ switch (*pin)
+ {
+ case '\\':
+ *p++ = '\\';
+ *p++ = '\\';
+ break;
+ case '&':
+ *p++ = '&';
+ *p++ = 'a';
+ *p++ = 'm';
+ *p++ = 'p';
+ *p++ = ';';
+ break;
+ case '<':
+ *p++ = '&';
+ *p++ = 'l';
+ *p++ = 't';
+ *p++ = ';';
+ break;
+ case '>':
+ *p++ = '&';
+ *p++ = 'g';
+ *p++ = 't';
+ *p++ = ';';
+ break;
+ default:
+ *p++ = *pin;
}
++pin;
}
@@ -378,8 +386,7 @@
return p - pout;
}
-int
-smanager_data_init(smanager_data_t *sec_data, void *client_conn)
+int smanager_data_init(smanager_data_t *sec_data, void *client_conn)
{
bzero(sec_data, sizeof(struct smanager_data));
@@ -392,12 +399,11 @@
return 0;
}
-void
-smanager_data_cleanup(smanager_data_t *sec_data)
+void smanager_data_cleanup(smanager_data_t *sec_data)
{
/* For sso post, reset session->sso_post_steps */
- if (SEC_ISSET(sec_data->flags, SDAT_SSO_POST) && sec_data->session != NULL
- && sec_data->session->sso_post_steps != SSO_POST_INVALID_STEP) {
+ if (SEC_ISSET(sec_data->flags, SDAT_SSO_POST) && sec_data->session != NULL && sec_data->session->sso_post_steps != SSO_POST_INVALID_STEP)
+ {
sec_data->session->sso_post_steps = SSO_POST_INVALID_STEP;
sso_post_sec_session_dtor(sec_data->session);
}
@@ -435,28 +441,33 @@
sec_data->clientid_len = 0;
sec_fproxy_list_init(&sec_data->forward_proxies);
-
- if (sec_data->save_req_body != NULL) {
+
+ if (sec_data->save_req_body != NULL)
+ {
parser_frame_chain_free(sec_data->save_req_body);
sec_data->save_req_body = NULL;
}
- if (sec_data->response != NULL) {
+ if (sec_data->response != NULL)
+ {
parser_frame_chain_free(sec_data->response);
sec_data->response = NULL;
}
- if (sec_data->tmp_frame_for_split_p != NULL) {
+ if (sec_data->tmp_frame_for_split_p != NULL)
+ {
parser_frame_chain_free(sec_data->tmp_frame_for_split_p);
sec_data->tmp_frame_for_split_p = NULL;
}
- if (sec_data->req_body != NULL) {
+ if (sec_data->req_body != NULL)
+ {
parser_frame_chain_free(sec_data->req_body);
sec_data->req_body = NULL;
}
- if (sec_data->krb5_node != NULL) {
+ if (sec_data->krb5_node != NULL)
+ {
release_krb5_node(sec_data->krb5_node);
sec_data->krb5_node = NULL;
}
@@ -468,46 +479,52 @@
{
size_t len;
static sec_language_t *languages_ptr = NULL;
-
- if (languages_ptr != NULL) {
+
+ if (languages_ptr != NULL)
+ {
return languages_ptr;
}
len = sizeof(languages_ptr);
if (sysctlbyname("net.inet.clicktcp.languages_ptr",
- &languages_ptr, &len, NULL, 0) < 0) {
+ &languages_ptr, &len, NULL, 0) < 0)
+ {
return NULL;
}
return languages_ptr;
}
-char *
+char *
sec_portal_language_id_to_name(int32_t lang_id)
{
- sec_language_t * planguages = NULL;
- planguages = get_portal_language_table();
-
- if(NULL != planguages){
- if (lang_id < 0 || lang_id > MAX_LANGUAGES - 1) {
- return planguages[LANGUAGE_INITIAL].name;
- } else {
+ sec_language_t *planguages = NULL;
+ planguages = get_portal_language_table();
+
+ if (NULL != planguages)
+ {
+ if (lang_id < 0 || lang_id > MAX_LANGUAGES - 1)
+ {
+ return planguages[LANGUAGE_INITIAL].name;
+ }
+ else
+ {
return planguages[lang_id].name;
}
- }
+ }
- return "english";
+ return "english";
}
struct frame *
create_http_response_with_bookmark(int32_t response_code,
- struct frame *response_content,
- uint32_t flags, uint8_t *session_cookie,
- uint8_t *nav_cookie, uint8_t *content_type,
- char *last_modified,
- smanager_data_t *sec_data,
- uint8_t *bookmark_cookie, uint32_t bookmark_cookie_len,
- uint8_t clean_pcookie)
+ struct frame *response_content,
+ uint32_t flags, uint8_t *session_cookie,
+ uint8_t *nav_cookie, uint8_t *content_type,
+ char *last_modified,
+ smanager_data_t *sec_data,
+ uint8_t *bookmark_cookie, uint32_t bookmark_cookie_len,
+ uint8_t clean_pcookie)
{
struct frame *header_chain;
struct frame *header_frame;
@@ -517,35 +534,37 @@
sec_language_t *languages_ptr = NULL;
sec_vsite_t *vsite = sec_data->vsite_p;
- char content_security_str[CONT_SEC_MAX_LEN] = {'\0'}; /* Content-Security-Policy header */
- char x_content_type_options_str[X_CONT_TYPE_OPT_LEN+1] = {'\0'}; /* X-Content-Type-Options header */
- char x_xss_protection_str[X_XSS_PROT_LEN+1] = {'\0'}; /* X-XSS-Protection header */
- char x_strict_transport_security_str[X_STRICT_TRANSPORT_SECURITY_LEN+1] = {'\0'}; /* X-Strict-Transport-Security header */
- char x_content_security_policy_str[X_CONTENT_SECURITY_POLICY_STR_LEN+1] = {'\0'}; /* X-Content-Security-Policy header */
- char x_webkit_csp_str[X_WEBKIT_CSP_STR_LEN+1] = {'\0'}; /* X-WebKit-CSP header */
- char referrer_policy_str[REFERRER_POLICY_STR_LEN+1] = {'\0'}; /* Referrer-Policy header */
- char x_permitted_cross_domain_policies_str[X_PERMITTED_CROSS_DOMAIN_POLICIES_STR_LEN+3] = {'\0'}; /* X-Permitted-Cross-Domain-Policies header with \r\n */
- char x_download_options_str[X_DOWNLOAD_OPTIONS_STR_LEN+1] = {'\0'}; /* X-Download-Options header */
+ char content_security_str[CONT_SEC_MAX_LEN] = {'\0'}; /* Content-Security-Policy header */
+ char x_content_type_options_str[X_CONT_TYPE_OPT_LEN + 1] = {'\0'}; /* X-Content-Type-Options header */
+ char x_xss_protection_str[X_XSS_PROT_LEN + 1] = {'\0'}; /* X-XSS-Protection header */
+ char x_strict_transport_security_str[X_STRICT_TRANSPORT_SECURITY_LEN + 1] = {'\0'}; /* X-Strict-Transport-Security header */
+ char x_content_security_policy_str[X_CONTENT_SECURITY_POLICY_STR_LEN + 1] = {'\0'}; /* X-Content-Security-Policy header */
+ char x_webkit_csp_str[X_WEBKIT_CSP_STR_LEN + 1] = {'\0'}; /* X-WebKit-CSP header */
+ char referrer_policy_str[REFERRER_POLICY_STR_LEN + 1] = {'\0'}; /* Referrer-Policy header */
+ char x_permitted_cross_domain_policies_str[X_PERMITTED_CROSS_DOMAIN_POLICIES_STR_LEN + 3] = {'\0'}; /* X-Permitted-Cross-Domain-Policies header with \r\n */
+ char x_download_options_str[X_DOWNLOAD_OPTIONS_STR_LEN + 1] = {'\0'}; /* X-Download-Options header */
snprintf(content_security_str, CONT_SEC_MAX_LEN,
- "%sframe-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'", CONT_SEC_PREFIX_STR);
- snprintf(x_content_type_options_str, X_CONT_TYPE_OPT_LEN+1, X_CONT_TYPE_OPT_STR);
- snprintf(x_xss_protection_str, X_XSS_PROT_LEN+1, X_XSS_PROT_STR);
- snprintf(x_strict_transport_security_str, X_STRICT_TRANSPORT_SECURITY_LEN+1, X_STRICT_TRANSPORT_SECURITY_STR);
- snprintf(x_content_security_policy_str, X_CONTENT_SECURITY_POLICY_STR_LEN+1, X_CONTENT_SECURITY_POLICY_STR);
- snprintf(x_webkit_csp_str, X_WEBKIT_CSP_STR_LEN+1, X_WEBKIT_CSP_STR);
- snprintf(referrer_policy_str, REFERRER_POLICY_STR_LEN+1, REFERRER_POLICY_STR);
- snprintf(x_download_options_str, X_DOWNLOAD_OPTIONS_STR_LEN+1, X_DOWNLOAD_OPTIONS_STR);
- if (!SEC_ISSET(vsite->common_flags, SEC_PERMIT_CROSSDOMAIN)) {
+ "%sframe-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'", CONT_SEC_PREFIX_STR);
+ snprintf(x_content_type_options_str, X_CONT_TYPE_OPT_LEN + 1, X_CONT_TYPE_OPT_STR);
+ snprintf(x_xss_protection_str, X_XSS_PROT_LEN + 1, X_XSS_PROT_STR);
+ snprintf(x_strict_transport_security_str, X_STRICT_TRANSPORT_SECURITY_LEN + 1, X_STRICT_TRANSPORT_SECURITY_STR);
+ snprintf(x_content_security_policy_str, X_CONTENT_SECURITY_POLICY_STR_LEN + 1, X_CONTENT_SECURITY_POLICY_STR);
+ snprintf(x_webkit_csp_str, X_WEBKIT_CSP_STR_LEN + 1, X_WEBKIT_CSP_STR);
+ snprintf(referrer_policy_str, REFERRER_POLICY_STR_LEN + 1, REFERRER_POLICY_STR);
+ snprintf(x_download_options_str, X_DOWNLOAD_OPTIONS_STR_LEN + 1, X_DOWNLOAD_OPTIONS_STR);
+ if (!SEC_ISSET(vsite->common_flags, SEC_PERMIT_CROSSDOMAIN))
+ {
snprintf(x_permitted_cross_domain_policies_str, sizeof(x_permitted_cross_domain_policies_str), "%s\r\n", X_PERMITTED_CROSS_DOMAIN_POLICIES_STR);
}
/* Create the response headers */
header_chain = parser_frame_alloc();
- if (header_chain == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
- "Failed to allocate a header frame in create_http_response");
- return NULL;
+ if (header_chain == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
+ "Failed to allocate a header frame in create_http_response");
+ return NULL;
}
header_frame = header_chain;
@@ -553,217 +572,255 @@
data_p = header_frame->f_data;
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
- "HTTP/1.1 %d %s\r\nX-Frame-Options: SAMEORIGIN\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s%s\r\nContent-Length: %d\r\n",
- response_code, http_code_to_str(response_code), content_security_str,
- x_content_type_options_str, x_xss_protection_str, x_strict_transport_security_str,
- x_content_security_policy_str, x_webkit_csp_str,
- referrer_policy_str, x_permitted_cross_domain_policies_str, x_download_options_str,
- parser_frame_chain_length(response_content));
+ "HTTP/1.1 %d %s\r\nX-Frame-Options: SAMEORIGIN\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s%s\r\nContent-Length: %d\r\n",
+ response_code, http_code_to_str(response_code), content_security_str,
+ x_content_type_options_str, x_xss_protection_str, x_strict_transport_security_str,
+ x_content_security_policy_str, x_webkit_csp_str,
+ referrer_policy_str, x_permitted_cross_domain_policies_str, x_download_options_str,
+ parser_frame_chain_length(response_content));
if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ &header_frame) != HTTP_SUCCESS)
{
- parser_frame_chain_free(header_chain);
- return NULL;
+ parser_frame_chain_free(header_chain);
+ return NULL;
}
- if (vsite != NULL) {
+ if (vsite != NULL)
+ {
languages_ptr = get_portal_language_table();
- if (languages_ptr != NULL) {
+ if (languages_ptr != NULL)
+ {
language = languages_ptr[vsite->language].encoding;
}
- if (language != NULL) {
+ if (language != NULL)
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
- "Content-Language: %s\r\n", language);
+ "Content-Language: %s\r\n", language);
if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
- } else {
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
- "Content-Language: utf-8\r\n");
+ "Content-Language: utf-8\r\n");
if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
}
- } else {
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
- "Content-Language: utf-8\r\n");
+ "Content-Language: utf-8\r\n");
if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
}
- if (last_modified != NULL) {
- if (write_data(LAST_MODIFIED, &data_p, SLEN(LAST_MODIFIED),
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (write_data(last_modified, &data_p, strlen(last_modified),
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS) {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
+ if (last_modified != NULL)
+ {
+ if (write_data(LAST_MODIFIED, &data_p, SLEN(LAST_MODIFIED),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ if (write_data(last_modified, &data_p, strlen(last_modified),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
}
/* Bug 28924 enable portal charset */
- if (content_type != NULL) {
- if (vsite != NULL && !strncmp(content_type, "text/", SLEN("text/"))) {
+ if (content_type != NULL)
+ {
+ if (vsite != NULL && !strncmp(content_type, "text/", SLEN("text/")))
+ {
languages_ptr = get_portal_language_table();
- if (languages_ptr != NULL) {
+ if (languages_ptr != NULL)
+ {
lang_charset = languages_ptr[vsite->language].charset;
- }
+ }
- if (vsite->charset != NULL) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
+ if (vsite->charset != NULL)
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
"Content-Type: %s; charset=%s\r\n", content_type,
vsite->charset);
- } else if (lang_charset != NULL) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
+ }
+ else if (lang_charset != NULL)
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
"Content-Type: %s; charset=%s\r\n", content_type,
lang_charset);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE,
"Content-Type: %s\r\n", content_type);
}
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Content-Type: %s\r\n",
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Content-Type: %s\r\n",
content_type);
- }
- } else {
+ }
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Content-Type: text/html\r\n");
}
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ if ((flags & HTTP_NOCACHE) || (response_code != OK))
+ {
+ if (write_data("Cache-Control: no-cache\r\n", &data_p,
+ SLEN("Cache-Control: no-cache\r\n"), &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+ }
+
+ if (write_data(CONNECTION_KALIVE, &data_p, CONNECTION_KALIVE_LEN,
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
-
- if ((flags & HTTP_NOCACHE) || (response_code != OK)) {
- if (write_data("Cache-Control: no-cache\r\n", &data_p,
- SLEN("Cache-Control: no-cache\r\n"), &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
- }
-
- if (write_data(CONNECTION_KALIVE, &data_p, CONNECTION_KALIVE_LEN,
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (session_cookie != NULL) {
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
- session_cookie);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
- session_cookie);
- }
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
- }
-
- if (nav_cookie != NULL) {
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
- nav_cookie);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
- nav_cookie);
- }
+
+ if (session_cookie != NULL)
+ {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
+ session_cookie);
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
+ session_cookie);
+ }
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+ }
+
+ if (nav_cookie != NULL)
+ {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
+ nav_cookie);
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
+ nav_cookie);
+ }
if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
}
- if (bookmark_cookie != NULL) {
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
- bookmark_cookie);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
- bookmark_cookie);
- }
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
- {
+ if (bookmark_cookie != NULL)
+ {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s;HttpOnly\r\n",
+ bookmark_cookie);
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "Set-Cookie: %s\r\n",
+ bookmark_cookie);
+ }
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
parser_frame_chain_free(header_chain);
return NULL;
- }
+ }
}
/* check if the persistent cookie used by Sygate OnDemand should be removed */
- if (clean_pcookie == CLEAN_CLIENTSEC_COOKIE) {
+ if (clean_pcookie == CLEAN_CLIENTSEC_COOKIE)
+ {
write_clean_cookie(portal_temp_string, sec_data);
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
- {
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
parser_frame_chain_free(header_chain);
return NULL;
}
write_clean_clientsec_java_cookie(portal_temp_string, sec_data);
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
- {
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
parser_frame_chain_free(header_chain);
return NULL;
}
- } else if (sec_data && SEC_ISSET(sec_data->flags, SDAT_CLIENTSEC_PERSIST_COOKIE)) {
+ }
+ else if (sec_data && SEC_ISSET(sec_data->flags, SDAT_CLIENTSEC_PERSIST_COOKIE))
+ {
write_clientsec_persist_cookie(portal_temp_string, sec_data);
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
{
parser_frame_chain_free(header_chain);
return NULL;
}
-
- /*
+
+ /*
* we do not need clientsec sec java cookie anymore
* we are passed clientsec check already
*/
write_clean_clientsec_java_cookie(portal_temp_string, sec_data);
- if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
- &header_frame) != HTTP_SUCCESS)
- {
+ if (write_data(portal_temp_string, &data_p, strlen(portal_temp_string),
+ &header_frame) != HTTP_SUCCESS)
+ {
parser_frame_chain_free(header_chain);
return NULL;
}
}
- if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS) {
- parser_frame_chain_free(header_chain);
- return NULL;
+ if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
}
/* Link the response headers to the response */
@@ -778,90 +835,100 @@
create_304_response(BOOL conn_close, char *last_modified)
{
#define NOT_MOD_STR "HTTP/1.1 304 Not Modified\r\nLast-Modified: "
- struct frame *header_chain;
- struct frame *header_frame;
- uint8_t *data_p;
-
- header_chain = parser_frame_alloc();
- if (header_chain == NULL) {
- ulog_error_no_conn(AMP_ULOG_SMANAGER, "Failed to allocate a header frame in "
- "create_304_response");
- return NULL;
- }
-
- header_frame = header_chain;
- header_frame->f_datalen = 0;
- data_p = header_frame->f_data;
-
- if (write_data(NOT_MOD_STR, &data_p, SLEN(NOT_MOD_STR),
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (write_data(last_modified, &data_p, strlen(last_modified),
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS) {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
-
- if (conn_close) {
- if (write_data(CONNECTION_CLOSE, &data_p, CONNECTION_CLOSE_LEN,
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
- } else {
- if (write_data(CONNECTION_KALIVE, &data_p, CONNECTION_KALIVE_LEN,
- &header_frame) != HTTP_SUCCESS)
- {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
- }
-
- if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS) {
- parser_frame_chain_free(header_chain);
- return NULL;
- }
+ struct frame *header_chain;
+ struct frame *header_frame;
+ uint8_t *data_p;
+
+ header_chain = parser_frame_alloc();
+ if (header_chain == NULL)
+ {
+ ulog_error_no_conn(AMP_ULOG_SMANAGER, "Failed to allocate a header frame in "
+ "create_304_response");
+ return NULL;
+ }
+
+ header_frame = header_chain;
+ header_frame->f_datalen = 0;
+ data_p = header_frame->f_data;
+
+ if (write_data(NOT_MOD_STR, &data_p, SLEN(NOT_MOD_STR),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ if (write_data(last_modified, &data_p, strlen(last_modified),
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
- return header_chain;
+ if (conn_close)
+ {
+ if (write_data(CONNECTION_CLOSE, &data_p, CONNECTION_CLOSE_LEN,
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+ }
+ else
+ {
+ if (write_data(CONNECTION_KALIVE, &data_p, CONNECTION_KALIVE_LEN,
+ &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+ }
+
+ if (write_data("\r\n", &data_p, 2, &header_frame) != HTTP_SUCCESS)
+ {
+ parser_frame_chain_free(header_chain);
+ return NULL;
+ }
+
+ return header_chain;
}
-void
-get_cert_showid(char *showid_str, struct server_cert *cert_server, smanager_data_t *sec_data)
+void get_cert_showid(char *showid_str, struct server_cert *cert_server, smanager_data_t *sec_data)
{
struct cert_rdn_val *cert_val = NULL;
char *attr_str = NULL;
int curr_len = strlen(showid_str);
-
+
cert_val = (struct cert_rdn_val *)sec_data->auth_cert_val;
- switch (cert_server->auth_server) {
- case CERT_LDB:
- attr_str = cert_server->ldb_auth_attr;
- break;
- case CERT_LDAP:
- attr_str = cert_server->ldap_cert_field;
- break;
- default:
- break;
- }
-
- while(attr_str && cert_val != NULL) {
+ switch (cert_server->auth_server)
+ {
+ case CERT_LDB:
+ attr_str = cert_server->ldb_auth_attr;
+ break;
+ case CERT_LDAP:
+ attr_str = cert_server->ldap_cert_field;
+ break;
+ default:
+ break;
+ }
+
+ while (attr_str && cert_val != NULL)
+ {
- if (strcasecmp(attr_str, cert_val->name) == 0 && cert_val->val[0] != 0 ) {
- if ((cert_val->val_len + curr_len + 1) > CLIENTCERT_MAX_LEN - 1) {
+ if (strcasecmp(attr_str, cert_val->name) == 0 && cert_val->val[0] != 0)
+ {
+ if ((cert_val->val_len + curr_len + 1) > CLIENTCERT_MAX_LEN - 1)
+ {
break;
}
- if (cert_val->val_len > CLIENTCERT_MAX_FIELDSLEN - 1) {
+ if (cert_val->val_len > CLIENTCERT_MAX_FIELDSLEN - 1)
+ {
break;
}
@@ -875,13 +942,14 @@
return;
}
-
+
static int
deviceid_need_bind_username(struct server_index *index)
{
struct server_deviceid *server = NULL;
- if (index->type != TYPE_DEVICEID) {
+ if (index->type != TYPE_DEVICEID)
+ {
return 0;
}
@@ -890,163 +958,200 @@
return server->bind_username ? 1 : 0;
}
-enum {
+enum
+{
OTP_VERSION = 1,
};
static int
oauth_wechat_configured(struct oauth_server_t *config)
{
- if (config->oauth_token_url[0] &&
- config->oauth_register_id[0] &&
- config->oauth_register_secret[0] &&
- config->oauth_redirect_url[0] &&
- config->oauth_authenticator_url[0] &&
- config->oauth_resource_url[0])
- return 1;
+ if (config->oauth_token_url[0] &&
+ config->oauth_register_id[0] &&
+ config->oauth_register_secret[0] &&
+ config->oauth_redirect_url[0] &&
+ config->oauth_authenticator_url[0] &&
+ config->oauth_resource_url[0])
+ return 1;
- return 0;
+ return 0;
}
static int
oauth_wechat_qy_configured(struct oauth_server_t *config)
{
- if (config->oauth_wechat_qy_authenticator_url[0] &&
- config->oauth_wechat_qy_redirect_url[0] &&
- config->oauth_wechat_qy_token_url[0] &&
- config->oauth_wechat_qy_resource_url[0] &&
- config->oauth_wechat_qy_corpid[0] &&
- config->oauth_wechat_qy_agentid[0] &&
- config->oauth_wechat_qy_corpsecret[0])
- return 1;
+ if (config->oauth_wechat_qy_authenticator_url[0] &&
+ config->oauth_wechat_qy_redirect_url[0] &&
+ config->oauth_wechat_qy_token_url[0] &&
+ config->oauth_wechat_qy_resource_url[0] &&
+ config->oauth_wechat_qy_corpid[0] &&
+ config->oauth_wechat_qy_agentid[0] &&
+ config->oauth_wechat_qy_corpsecret[0])
+ return 1;
- return 0;
+ return 0;
}
void sec_generate_aaa_conf(sec_vsite_t *vsite, struct frame **out_frame,
- uint8_t **cursor, smanager_data_t *sec_data, uint8_t register_flag)
+ uint8_t **cursor, smanager_data_t *sec_data, uint8_t register_flag)
{
- struct aaa_conf *aaaconf = vsite->aaa_configure;
+ struct aaa_conf *aaaconf = vsite->aaa_configure;
struct aaa_method *method = NULL;
struct rank_method *rank = &aaaconf->rankmethod[0];
int method_idx = -1, current_rank = -1, counter = 0;
int vhostdataLen = 0;
- struct ssl_vhost_data *vhost = NULL;
+ struct ssl_vhost_data *vhost = NULL;
static char showid_str[CLIENTCERT_MAX_LEN] = {0};
- struct server_cert * cert_server = NULL;
+ struct server_cert *cert_server = NULL;
uint8_t showid_flag = 0;
-
+
char tmp[128] = {'\0'};
char *lang_string = NULL;
int i = 0, hasdata = 0, k = 0, rankcount = 0;
int action;
struct server_index *server_index = NULL;
- struct server_cert *certserver= NULL;
+ struct server_cert *certserver = NULL;
method = aaaconf->loginmethod;
#define METHOD_MAX 5
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
- // What an ugly recognition! Forgive me ...
- if (strcmp(vsite->desc, "(motionPro_dedicated)")) {
- write_data_str("\nvar _AN_oauth_on = ");
- if (SEC_ISSET(vsite->common_flags, SEC_AAA_OAUTH_ENABLED)) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
-
- if (SEC_ISSET(vsite->common_flags, SEC_AAA_OAUTH_ENABLED)) {
- for (i = 0; i < MAX_OAUTH_SERVER; i++) {
- if (!strcmp(aaaconf->oauth_server[i].id, "google")) {
- write_data_str("var _AN_oauth_vendor_google = true;\n");
- } else if (!strcmp(aaaconf->oauth_server[i].id, "wechat")) {
- if (oauth_wechat_configured(aaaconf->oauth_server + i)) {
- write_data_str("var _AN_oauth_vendor_wechat = true;\n");
- }
- if (oauth_wechat_qy_configured(aaaconf->oauth_server + i)) {
- write_data_str("var _AN_oauth_vendor_wechat_qy = true;\n");
- }
- } else if (!strcmp(aaaconf->oauth_server[i].id, "generic")) {
- write_data_str("var _AN_oauth_vendor_generic = true;\n");
- }
- }
- }
- }
-
- if (register_flag) {
- /*
- * 1: device ID register.
- * 2: OAuth uid bind.
- */
- write_data_str("\nvar _AN_oauth_uid_bind = ");
- if (register_flag == 2) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
- }
-
- /* aaa hardwareid login */
- write_data_str("\nvar _AN_hardwareid_on = ");
- if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_ON)) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
-
- write_data_str("var _AN_hardwareid_java = ");
- if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_INITMODE_JAVA)) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
-
- write_data_str("var _AN_hardwareid_autoswitch = ");
- if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_INITMODE_AUTOSWITCH)) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
-
- /* aaa rank */
- write_data_str("\nvar _AN_aaa_rank_on = ");
- if (aaaconf->rankon) {
- lang_string = "true";
- } else {
- lang_string = "false";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str(";\n");
+ // What an ugly recognition! Forgive me ...
+ if (strcmp(vsite->desc, "(motionPro_dedicated)"))
+ {
+ write_data_str("\nvar _AN_oauth_on = ");
+ if (SEC_ISSET(vsite->common_flags, SEC_AAA_OAUTH_ENABLED))
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
+
+ if (SEC_ISSET(vsite->common_flags, SEC_AAA_OAUTH_ENABLED))
+ {
+ for (i = 0; i < MAX_OAUTH_SERVER; i++)
+ {
+ if (!strcmp(aaaconf->oauth_server[i].id, "google"))
+ {
+ write_data_str("var _AN_oauth_vendor_google = true;\n");
+ }
+ else if (!strcmp(aaaconf->oauth_server[i].id, "wechat"))
+ {
+ if (oauth_wechat_configured(aaaconf->oauth_server + i))
+ {
+ write_data_str("var _AN_oauth_vendor_wechat = true;\n");
+ }
+ if (oauth_wechat_qy_configured(aaaconf->oauth_server + i))
+ {
+ write_data_str("var _AN_oauth_vendor_wechat_qy = true;\n");
+ }
+ }
+ else if (!strcmp(aaaconf->oauth_server[i].id, "generic"))
+ {
+ write_data_str("var _AN_oauth_vendor_generic = true;\n");
+ }
+ }
+ }
+ }
+
+ if (register_flag)
+ {
+ /*
+ * 1: device ID register.
+ * 2: OAuth uid bind.
+ */
+ write_data_str("\nvar _AN_oauth_uid_bind = ");
+ if (register_flag == 2)
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
+ }
+
+ /* aaa hardwareid login */
+ write_data_str("\nvar _AN_hardwareid_on = ");
+ if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_ON))
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
+
+ write_data_str("var _AN_hardwareid_java = ");
+ if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_INITMODE_JAVA))
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
+
+ write_data_str("var _AN_hardwareid_autoswitch = ");
+ if (FLAG_ISSET(aaaconf->hardwareid_flags, AAA_FLAG_HARDWAREID_INITMODE_AUTOSWITCH))
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
+
+ /* aaa rank */
+ write_data_str("\nvar _AN_aaa_rank_on = ");
+ if (aaaconf->rankon)
+ {
+ lang_string = "true";
+ }
+ else
+ {
+ lang_string = "false";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str(";\n");
counter = 0;
/* when rank on, if only one rank is included, we should just show the included method instead */
- if (aaaconf->rankon) {
- for (i = 0; i < RANK_MAX; i++) {
- if (rank[i].method_id[0] != 0) {
+ if (aaaconf->rankon)
+ {
+ for (i = 0; i < RANK_MAX; i++)
+ {
+ if (rank[i].method_id[0] != 0)
+ {
current_rank = i;
rankcount++;
}
}
- if (rankcount == 1) {
- for (i = 0; i < METHOD_MAX; i++) {
- if (method[i].id[0] != 0 && method[i].authenticateServer.pointer != NULL) {
- if (strncmp(method[i].id, rank[current_rank].method_id, AAA_MED_ID_LEN) == 0) {
- /*
- * identify to ai_login.js response,
- * method index only indicates the ones that had binded servers
+ if (rankcount == 1)
+ {
+ for (i = 0; i < METHOD_MAX; i++)
+ {
+ if (method[i].id[0] != 0 && method[i].authenticateServer.pointer != NULL)
+ {
+ if (strncmp(method[i].id, rank[current_rank].method_id, AAA_MED_ID_LEN) == 0)
+ {
+ /*
+ * identify to ai_login.js response,
+ * method index only indicates the ones that had binded servers
*/
method_idx = counter;
break;
@@ -1055,7 +1160,7 @@
}
}
}
-
+
write_data_str("var _AN_aaa_rank_method_idx = ");
sprintf(tmp, "%d", method_idx);
write_data(tmp, cursor, strlen(tmp), out_frame);
@@ -1064,7 +1169,7 @@
write_data_str("var _AN_aaa_defmethod_idx = 0;\n");
- lang_string="var _AN_str_aaa_nomethod=\"No aaa method.\";\n";
+ lang_string = "var _AN_str_aaa_nomethod=\"No aaa method.\";\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("var _AN_aaa_otp_version = ");
@@ -1076,37 +1181,43 @@
method_idx = -1;
counter = 0;
- for (i = 0; i < METHOD_MAX; i++) {
- if (method[i].id[0] == '\0') {
+ for (i = 0; i < METHOD_MAX; i++)
+ {
+ if (method[i].id[0] == '\0')
+ {
continue;
}
if ((method[i].register_method && !register_flag) ||
- (!method[i].register_method && register_flag)) {
+ (!method[i].register_method && register_flag))
+ {
continue;
}
- if (!strcmp(method[i].id, OAUTH_METHOD)) {
+ if (!strcmp(method[i].id, OAUTH_METHOD))
+ {
/* OAuth method should NOT be displayed in select box. */
continue;
}
- server_index = (struct server_index *) &method[i].authenticateServer;
- if (server_index->pointer == NULL) { /* not assign server for the method */
- continue;
- }
- if (hasdata == 1) { /* not the first item */
- write_data_str(",\n");
- }
+ server_index = (struct server_index *)&method[i].authenticateServer;
+ if (server_index->pointer == NULL)
+ { /* not assign server for the method */
+ continue;
+ }
+ if (hasdata == 1)
+ { /* not the first item */
+ write_data_str(",\n");
+ }
hasdata = 1;
- /*
- * when rank off, but there's only one method configured,
- * we should also show this configured method only
+ /*
+ * when rank off, but there's only one method configured,
+ * we should also show this configured method only
*/
method_idx = counter;
counter++;
-
+
/* method name */
write_data_str(" {\n \"name\": \"");
write_data(method[i].id, cursor, strlen(method[i].id), out_frame);
@@ -1114,10 +1225,10 @@
/* display name of method */
write_data_str(" \"method_disp\": \"");
- write_data(method[i].disp, cursor, strlen(method[i].disp), out_frame);
- write_data_str("\",\n");
+ write_data(method[i].disp, cursor, strlen(method[i].disp), out_frame);
+ write_data_str("\",\n");
write_data_str(" \"authserver\": \"");
- lang_string=method[i].authenticateServer.id;
+ lang_string = method[i].authenticateServer.id;
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\",\n");
@@ -1130,72 +1241,90 @@
/* display name of server */
write_data_str(" \"server_disp\": \"");
- switch (method[i].authenticateServer.type) {
- case TYPE_LDAP:
- lang_string = ((struct server_ldap *)server_index->pointer)->disp;
- break;
- case TYPE_LOCALDB:
- lang_string = ((struct server_ldb *)server_index->pointer)->disp;
- break;
- case TYPE_RADIUS:
- lang_string = ((struct server_radius *)server_index->pointer)->disp;
- break;
- case TYPE_CERTIFICATION:
- cert_server = (struct server_cert *)server_index->pointer;
- lang_string = cert_server->disp;
- /*
- * clientauth must be set 1, or after choosable certificate method's renegoation
- * also could get cert field value which is not espected
- */
- if (cert_server->auth_id == CERT_SHOWID && sec_data->auth_cert_val != NULL) {
- get_cert_showid(showid_str, cert_server, sec_data);
- DBG_PRINTF("showid str %s method %s index %d", showid_str, method[i].id,i);
- ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO651, method[i].methodtype, i, 0,0,0,0,0);
- showid_flag = 1;
- }
- break;
- case TYPE_HTTP:
- lang_string = ((struct server_http *)server_index->pointer)->disp;
- break;
- default:
- lang_string = method[i].id;
+ switch (method[i].authenticateServer.type)
+ {
+ case TYPE_LDAP:
+ lang_string = ((struct server_ldap *)server_index->pointer)->disp;
+ break;
+ case TYPE_LOCALDB:
+ lang_string = ((struct server_ldb *)server_index->pointer)->disp;
+ break;
+ case TYPE_RADIUS:
+ lang_string = ((struct server_radius *)server_index->pointer)->disp;
+ break;
+ case TYPE_CERTIFICATION:
+ cert_server = (struct server_cert *)server_index->pointer;
+ lang_string = cert_server->disp;
+ /*
+ * clientauth must be set 1, or after choosable certificate method's renegoation
+ * also could get cert field value which is not espected
+ */
+ if (cert_server->auth_id == CERT_SHOWID && sec_data->auth_cert_val != NULL)
+ {
+ get_cert_showid(showid_str, cert_server, sec_data);
+ DBG_PRINTF("showid str %s method %s index %d", showid_str, method[i].id, i);
+ ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
+ ULOG_NO651, method[i].methodtype, i, 0, 0, 0, 0, 0);
+ showid_flag = 1;
+ }
+ break;
+ case TYPE_HTTP:
+ lang_string = ((struct server_http *)server_index->pointer)->disp;
+ break;
+ default:
+ lang_string = method[i].id;
}
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str("\",\n");
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str("\",\n");
write_data_str(" \"cert_id_type\": \"");
- if (method[i].authenticateServer.type == TYPE_CERTIFICATION) {
+ if (method[i].authenticateServer.type == TYPE_CERTIFICATION)
+ {
cert_server = (struct server_cert *)server_index->pointer;
- if (cert_server->auth_id == CERT_SHOWID && sec_data->auth_cert_val != NULL) {
+ if (cert_server->auth_id == CERT_SHOWID && sec_data->auth_cert_val != NULL)
+ {
write_data("showid", cursor, 6, out_frame);
- } else if (cert_server->auth_id == CERT_GETID) {
+ }
+ else if (cert_server->auth_id == CERT_GETID)
+ {
write_data("getid", cursor, 5, out_frame);
- } else {
+ }
+ else
+ {
write_data("0", cursor, 1, out_frame);
}
- } else {
+ }
+ else
+ {
write_data("0", cursor, 1, out_frame);
}
write_data_str("\",\n");
write_data_str(" \"cert_id_value\": \"");
- if (showid_str[0] != 0) {
+ if (showid_str[0] != 0)
+ {
write_data(showid_str, cursor, strlen(showid_str), out_frame);
- } else {
+ }
+ else
+ {
write_data("0", cursor, 1, out_frame);
}
write_data_str("\",\n");
-
+
/* authenticate action, challenge or anonymous, whether getid(with username) */
write_data_str(" \"authaction\": ");
- if (deviceid_need_bind_username(&method[i].authenticateServer)) {
+ if (deviceid_need_bind_username(&method[i].authenticateServer))
+ {
action = 2;
- } else if (method[i].authenticateServer.action <= CERT_CHALLENGE_LDB_AUTHENTICATE_ONLY ||
- (method[i].authenticateServer.action <= CERT_CHALLENGE_LDB_AUTHENTICATE_PHONE &&
- method[i].authenticateServer.action >= CERT_CHALLENGE_LDAP_AUTHENTICATE_PHONE_AUTHORIZE)) {
+ }
+ else if (method[i].authenticateServer.action <= CERT_CHALLENGE_LDB_AUTHENTICATE_ONLY ||
+ (method[i].authenticateServer.action <= CERT_CHALLENGE_LDB_AUTHENTICATE_PHONE &&
+ method[i].authenticateServer.action >= CERT_CHALLENGE_LDAP_AUTHENTICATE_PHONE_AUTHORIZE))
+ {
action = 1;
- } else {
+ }
+ else
+ {
action = 0; /* anonymous, no need password */
}
sprintf(tmp, "%d", action);
@@ -1203,7 +1332,8 @@
write_data_str(",\n");
/* is multistep */
- if (method[i].multistep_switch == MULTSTEP_ON) {
+ if (method[i].multistep_switch == MULTSTEP_ON)
+ {
write_data_str(" \"multiauth\": true,\n");
write_data_str(" \"multistep\": ");
sprintf(tmp, "%d", method[i].multistep_step);
@@ -1212,9 +1342,12 @@
/* multi server */
write_data_str(" \"multisteps\": [\n");
- for (k = 0; k < MULTI_NUM; k++) {
- if (method[i].multistepServer[k].id[0] != 0) {
- if (k > 0) {
+ for (k = 0; k < MULTI_NUM; k++)
+ {
+ if (method[i].multistepServer[k].id[0] != 0)
+ {
+ if (k > 0)
+ {
write_data_str(",\n");
}
write_data_str(" {\n");
@@ -1229,52 +1362,60 @@
/* certificate actions: anonymous/challenge */
write_data_str(" \"action\": ");
- if (deviceid_need_bind_username(&method[i].multistepServer[k])) {
+ if (deviceid_need_bind_username(&method[i].multistepServer[k]))
+ {
action = 2;
- } else if (method[i].multistepServer[k].action <= CERT_CHALLENGE_LDB_AUTHENTICATE_ONLY ||
- (method[i].multistepServer[k].action <= CERT_CHALLENGE_LDB_AUTHENTICATE_PHONE &&
- method[i].multistepServer[k].action >= CERT_CHALLENGE_LDAP_AUTHENTICATE_PHONE_AUTHORIZE)) {
+ }
+ else if (method[i].multistepServer[k].action <= CERT_CHALLENGE_LDB_AUTHENTICATE_ONLY ||
+ (method[i].multistepServer[k].action <= CERT_CHALLENGE_LDB_AUTHENTICATE_PHONE &&
+ method[i].multistepServer[k].action >= CERT_CHALLENGE_LDAP_AUTHENTICATE_PHONE_AUTHORIZE))
+ {
/* certificate challenge */
action = 1;
- } else {
+ }
+ else
+ {
/* certificate anonymous */
action = 0;
}
-
+
sprintf(tmp, "%d", action);
write_data(tmp, cursor, strlen(tmp), out_frame);
write_data_str(",\n");
-
+
/* display name of server */
write_data_str(" \"server_disp\": \"");
- server_index = (struct server_index *) &method[i].multistepServer[k];
- switch (method[i].multistepServer[k].type) {
- case TYPE_LDAP:
- lang_string = ((struct server_ldap *)server_index->pointer)->disp;
- break;
- case TYPE_LOCALDB:
- lang_string = ((struct server_ldb *)server_index->pointer)->disp;
- break;
- case TYPE_RADIUS:
- lang_string = ((struct server_radius *)server_index->pointer)->disp;
- break;
- case TYPE_CERTIFICATION:
- lang_string = ((struct server_cert *)server_index->pointer)->disp;
- break;
- case TYPE_HTTP:
- lang_string = ((struct server_http *)server_index->pointer)->disp;
- break;
- default:
- lang_string = method[i].id;
+ server_index = (struct server_index *)&method[i].multistepServer[k];
+ switch (method[i].multistepServer[k].type)
+ {
+ case TYPE_LDAP:
+ lang_string = ((struct server_ldap *)server_index->pointer)->disp;
+ break;
+ case TYPE_LOCALDB:
+ lang_string = ((struct server_ldb *)server_index->pointer)->disp;
+ break;
+ case TYPE_RADIUS:
+ lang_string = ((struct server_radius *)server_index->pointer)->disp;
+ break;
+ case TYPE_CERTIFICATION:
+ lang_string = ((struct server_cert *)server_index->pointer)->disp;
+ break;
+ case TYPE_HTTP:
+ lang_string = ((struct server_http *)server_index->pointer)->disp;
+ break;
+ default:
+ lang_string = method[i].id;
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\"\n }");
}
}
write_data_str("\n ]\n");
- } else {
+ }
+ else
+ {
write_data_str(" \"multiauth\": false\n");
- }
+ }
write_data_str(" }");
}
write_data_str("\n];\n");
@@ -1285,79 +1426,88 @@
write_data(tmp, cursor, strlen(tmp), out_frame);
write_data_str(";\n");
- if (hasdata == 0) { /* no any valid method (no server assigned) */
- /*lang_string = sec_language_get_and_unescape_msg(vsite->language, 999, &lang_str_len); */
+ if (hasdata == 0)
+ { /* no any valid method (no server assigned) */
+ /*lang_string = sec_language_get_and_unescape_msg(vsite->language, 999, &lang_str_len); */
lang_string = "No server assigned for methods.";
- write_data_str("var _AN_str_method_error = \"");
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- /*write_data(lang_string, cursor, lang_str_len, out_frame);*/
- write_data_str("\";\n");
- } else {
- write_data_str("var _AN_str_method_error = \"\";\n");
+ write_data_str("var _AN_str_method_error = \"");
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ /*write_data(lang_string, cursor, lang_str_len, out_frame);*/
+ write_data_str("\";\n");
+ }
+ else
+ {
+ write_data_str("var _AN_str_method_error = \"\";\n");
}
#undef write_data_str
}
-int sec_generate_ai_login_js_response(smanager_data_t *sec_data) {
- struct frame *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
- int32_t ret = SEC_FAIL;
-
- in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
- return SEC_FAIL;
- }
- cursor = in_frame->f_data;
- in_frame->f_datalen = 0;
- out_frame = in_frame;
-
- ret = sec_generate_login_js_response(sec_data, &out_frame, &cursor, NULL, NULL, 0, 0);
-
- sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- HTTP_NOCACHE, COOKIE_FOR_PORTAL_ERROR_MESSAGE_STR, COOKIE_FOR_PORTAL_ERROR_MESSAGE,
- "text/javascript", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create login response to Client failed");
- parser_frame_chain_free(in_frame);
- return SEC_FAIL;
- }
- return ret;
-}
-
-int sec_generate_ai_cs_js_response(smanager_data_t *sec_data) {
- struct frame *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
- int32_t ret = SEC_FAIL;
-
- in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in sec_generate_ai_cs_js_response");
- return SEC_FAIL;
- }
- cursor = in_frame->f_data;
- in_frame->f_datalen = 0;
- out_frame = in_frame;
-
- ret = sec_generate_cs_js_response(sec_data, &out_frame, &cursor);
-
- sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- HTTP_NOCACHE, COOKIE_FOR_PORTAL_ERROR_MESSAGE_STR, COOKIE_FOR_PORTAL_ERROR_MESSAGE,
- "text/javascript", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create client security response to Client failed");
- parser_frame_chain_free(in_frame);
- return SEC_FAIL;
- }
- return ret;
-}
-
-int sec_generate_login_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor,
- const char *err_message, const char *info_message, uint8_t register_flag,
- int32_t msg_id)
+int sec_generate_ai_login_js_response(smanager_data_t *sec_data)
+{
+ struct frame *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+ int32_t ret = SEC_FAIL;
+
+ in_frame = parser_frame_alloc();
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
+ return SEC_FAIL;
+ }
+ cursor = in_frame->f_data;
+ in_frame->f_datalen = 0;
+ out_frame = in_frame;
+
+ ret = sec_generate_login_js_response(sec_data, &out_frame, &cursor, NULL, NULL, 0, 0);
+
+ sec_data->response = create_http_response_with_bookmark(OK, in_frame,
+ HTTP_NOCACHE, COOKIE_FOR_PORTAL_ERROR_MESSAGE_STR, COOKIE_FOR_PORTAL_ERROR_MESSAGE,
+ "text/javascript", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create login response to Client failed");
+ parser_frame_chain_free(in_frame);
+ return SEC_FAIL;
+ }
+ return ret;
+}
+
+int sec_generate_ai_cs_js_response(smanager_data_t *sec_data)
+{
+ struct frame *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+ int32_t ret = SEC_FAIL;
+
+ in_frame = parser_frame_alloc();
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in sec_generate_ai_cs_js_response");
+ return SEC_FAIL;
+ }
+ cursor = in_frame->f_data;
+ in_frame->f_datalen = 0;
+ out_frame = in_frame;
+
+ ret = sec_generate_cs_js_response(sec_data, &out_frame, &cursor);
+
+ sec_data->response = create_http_response_with_bookmark(OK, in_frame,
+ HTTP_NOCACHE, COOKIE_FOR_PORTAL_ERROR_MESSAGE_STR, COOKIE_FOR_PORTAL_ERROR_MESSAGE,
+ "text/javascript", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create client security response to Client failed");
+ parser_frame_chain_free(in_frame);
+ return SEC_FAIL;
+ }
+ return ret;
+}
+
+int sec_generate_login_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor,
+ const char *err_message, const char *info_message, uint8_t register_flag,
+ int32_t msg_id)
{
int32_t lang_str_len;
char *lang_string;
@@ -1370,74 +1520,85 @@
char msg_id_str[32] = {0};
char mp_flag_str[32] = {0};
char mp_hardwareid_type_str[32] = {0};
-
+
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
/*write_data_str("// " ARRAY_COMPINFO_BRAND " Inc.\n\n");*/
write_data_str("\n// array Inc.\n\n");
- /* whether is MotionPro site */
- write_data_str("var _AN_is_motionPro_site = ");
- if(strstr(vsite->desc, "motionPro_dedicated")){
+ /* whether is MotionPro site */
+ write_data_str("var _AN_is_motionPro_site = ");
+ if (strstr(vsite->desc, "motionPro_dedicated"))
+ {
write_data_str("true");
write_data_str(";\n");
write_data_str("var _AN_str_motionPro_access_warning = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 753, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
write_data_str("false");
write_data_str(";\n");
}
/* whether is alis site */
write_data_str("var _AN_is_alias_site = ");
- if(vsite->vsite_type == SITE_ALIAS){
+ if (vsite->vsite_type == SITE_ALIAS)
+ {
write_data_str("true");
write_data_str(";\n");
- } else {
+ }
+ else
+ {
write_data_str("false");
write_data_str(";\n");
}
- /* Certificate ID field */
+ /* Certificate ID field */
write_data_str("var _AN_str_certificateID = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 612, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- /* Password for server field */
+ /* Password for server field */
write_data_str("var _AN_str_passwordServer = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 613, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
/* Page title */
- if (register_flag == 1) { // DeviceID
+ if (register_flag == 1)
+ { // DeviceID
lang_string = sec_language_get_and_unescape_msg(vsite->language, 648, &lang_str_len);
- } else if (register_flag == 2) { // OAuth
+ }
+ else if (register_flag == 2)
+ { // OAuth
lang_string = sec_language_get_and_unescape_msg(vsite->language, 803, &lang_str_len);
- } else {
+ }
+ else
+ {
lang_string = sec_language_get_and_unescape_msg(vsite->language, 219, &lang_str_len);
}
write_data_str("var _AN_str_title_login = \"");
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- write_data_str("var _AN_str_h5_vpn_pls = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 782, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_install = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 783, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_download = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 784, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("var _AN_str_h5_vpn_pls = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 782, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_install = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 783, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_download = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 784, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
/* Help link */
write_data_str("var _AN_str_help = \"");
@@ -1466,142 +1627,179 @@
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- /* Autocomplete */
- if (SEC_ISSET(vsite->common_flags, SEC_AUTOCOMPLETE)) {
- write_data_str("var _AN_autocomplete = true;\n");
- } else {
- write_data_str("var _AN_autocomplete = false;\n");
+ /* Autocomplete */
+ if (SEC_ISSET(vsite->common_flags, SEC_AUTOCOMPLETE))
+ {
+ write_data_str("var _AN_autocomplete = true;\n");
+ }
+ else
+ {
+ write_data_str("var _AN_autocomplete = false;\n");
}
/*client security on */
- if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC))
+ {
write_data_str("var _AN_clientsecurity_on = true;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_clientsecurity_on = false;\n");
- }
+ }
/* kill session legacy */
- if (SEC_ISSET(vsite->common_flags, SEC_SESS_KILL_LEGACY)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_SESS_KILL_LEGACY))
+ {
write_data_str("var _AN_session_kill_legacy = true;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_session_kill_legacy = false;\n");
}
/* H5theme check Motionpro in longin/welcome page */
- if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_MOTIONPRO_DETECT_PRELOGIN)) {
+ if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_MOTIONPRO_DETECT_PRELOGIN))
+ {
lang_string = "var _AN_motionpro_detect_prelogin = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_motionpro_detect_prelogin = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
-
- /* Submit button */
- write_data_str("var _AN_str_login = \"");
- if (register_flag) {
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 649, &lang_str_len);
- } else {
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 332, &lang_str_len);
+ /* Submit button */
+ write_data_str("var _AN_str_login = \"");
+ if (register_flag)
+ {
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 649, &lang_str_len);
+ }
+ else
+ {
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 332, &lang_str_len);
}
- write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- /* ChangePass button */
- write_data_str("var _AN_str_changepass = \"");
+ /* ChangePass button */
+ write_data_str("var _AN_str_changepass = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
+
cookie_node_t *node_p = NULL;
- struct cookie_list_head * cookie_list_p = (struct cookie_list_head *)&(sec_data->proxy_p->cookie_list);
-
- /* vsite name */
- write_data_str("var _AN_vsite_name = \"");
- lang_string = vsite->name;
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str("\";\n");
+ struct cookie_list_head *cookie_list_p = (struct cookie_list_head *)&(sec_data->proxy_p->cookie_list);
+
+ /* vsite name */
+ write_data_str("var _AN_vsite_name = \"");
+ lang_string = vsite->name;
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data_str("\";\n");
/* Error message */
- if(sec_data->ai_msg_id > -1) { // for portal theme error message
+ if (sec_data->ai_msg_id > -1)
+ { // for portal theme error message
char str[1024] = {'\0'};
- if (sec_data->ai_msg_id == 560) { //lockout seconds
+ if (sec_data->ai_msg_id == 560)
+ { // lockout seconds
sprintf(str, sec_language_get_msg_ex(sec_data, sec_data->ai_msg_id), vsite->lock_loginfail_left == 0 ? 99999999 : vsite->lock_loginfail_left);
err_message = str;
- } else {
+ }
+ else
+ {
err_message = sec_language_get_msg_ex(sec_data, sec_data->ai_msg_id);
}
- if (vsite->err_authsvr[0] != '\0') {
- if (err_message != NULL) {
+ if (vsite->err_authsvr[0] != '\0')
+ {
+ if (err_message != NULL)
+ {
snprintf(str, sizeof(str), "%s (%s)", err_message, vsite->err_authsvr);
err_message = str;
}
memset(vsite->err_authsvr, 0, sizeof(vsite->err_authsvr));
}
- } else if (sec_data->ai_msg_str[0] != '\0') {
+ }
+ else if (sec_data->ai_msg_str[0] != '\0')
+ {
err_message = sec_data->ai_msg_str;
}
- if (err_message == NULL && info_message != NULL) {
+ if (err_message == NULL && info_message != NULL)
+ {
err_message = info_message;
}
- if (err_message != NULL) {
- /* Replace \n or \r with space char. */
+ if (err_message != NULL)
+ {
+ /* Replace \n or \r with space char. */
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", err_message);
lang_str_len = language_unescape(portal_temp_string);
int i = 0;
- for (i=0; i < lang_str_len; i++) {
- if ((portal_temp_string[i] == '\r') || (portal_temp_string[i] == '\n') || (portal_temp_string[i] == '\"')) {
- portal_temp_string[i] = ' ';
- }
+ for (i = 0; i < lang_str_len; i++)
+ {
+ if ((portal_temp_string[i] == '\r') || (portal_temp_string[i] == '\n') || (portal_temp_string[i] == '\"'))
+ {
+ portal_temp_string[i] = ' ';
+ }
}
- write_data_str("var _AN_str_errormsg_login = \"");
+ write_data_str("var _AN_str_errormsg_login = \"");
write_data(portal_temp_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
- } else {
- write_data_str("var _AN_str_errormsg_login = \"\";\n");
- }
+ write_data_str("\";\n");
+ }
+ else
+ {
+ write_data_str("var _AN_str_errormsg_login = \"\";\n");
+ }
/* for portal message login */
- if (!register_flag && vsite->login_message != NULL) {
+ if (!register_flag && vsite->login_message != NULL)
+ {
write_data_str("var _AN_str_msg_login = \"");
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
int32_t msg_len;
char *msg;
msg = strhtml2binary(vsite->login_message, &msg_len);
lang_string = msg;
- } else {
+ }
+ else
+ {
lang_string = vsite->login_message;
}
-
+
/*char clang[PORTAL_MESSAGE_LEN * 4 + 1] = {0};
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
*/
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- write_data_str("\";\n");
- } else {
+ write_data_str("\";\n");
+ }
+ else
+ {
write_data_str("var _AN_str_msg_login = \"\";\n");
- }
+ }
lang_string = sec_language_get_and_unescape_msg(vsite->language, 604, &lang_str_len);
write_data_str("var _AN_str_info_login = \"");
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 605, &lang_str_len);
write_data_str("var _AN_str_info_method = \"");
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
- write_data_str("var _AN_aaa_nouser = false;\n");
+ write_data_str("var _AN_aaa_nouser = false;\n");
- /* LDAP */
- if (SEC_ISSET(vsite->common_flags, SEC_SECURID_LDAP)) {
- write_data_str("var _AN_secuid_ldap = true;\n");
- } else {
- write_data_str("var _AN_secuid_ldap = false;\n");
- }
- write_data_str("var _AN_cert_field_vars = \"\";\n");
+ /* LDAP */
+ if (SEC_ISSET(vsite->common_flags, SEC_SECURID_LDAP))
+ {
+ write_data_str("var _AN_secuid_ldap = true;\n");
+ }
+ else
+ {
+ write_data_str("var _AN_secuid_ldap = false;\n");
+ }
+ write_data_str("var _AN_cert_field_vars = \"\";\n");
write_data_str("var _AN_str_localcheck_errmsg = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 609, &lang_str_len);
@@ -1611,12 +1809,12 @@
lang_string = sec_language_get_and_unescape_msg(vsite->language, 627, &lang_str_len);
write_data_str("var _AN_str_launch_CliSec = \"");
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 628, &lang_str_len);
write_data_str("var _AN_str_start_CliSec_fail = \"");
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 629, &lang_str_len);
write_data_str("var _AN_str_launch_CliSec_fail = \"");
@@ -1628,9 +1826,12 @@
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\";\n");
- if (SEC_ISSET(vsite->common_flags, SEC_FAVORITE_ENABLE)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_FAVORITE_ENABLE))
+ {
write_data_str("var _AN_favorite_enable = true;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_favorite_enable = false;\n");
}
@@ -1663,9 +1864,12 @@
write_data(mp_hardwareid_type_str, cursor, strlen(mp_hardwareid_type_str), out_frame);
write_data_str(";\n");
- if (vsite->mp_client_devid_flag == 1) {
+ if (vsite->mp_client_devid_flag == 1)
+ {
write_data_str("var _AN_mp_senddevid = 1;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_mp_senddevid = 0;\n");
}
@@ -1682,54 +1886,60 @@
write_data(mp_flag_str, cursor, strlen(mp_flag_str), out_frame);
write_data_str(";\n");
- if (vsite->mp_client_certverify == 1) {
+ if (vsite->mp_client_certverify == 1)
+ {
write_data_str("var _AN_mp_client_certverify = 1;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_mp_client_certverify = 0;\n");
}
- if (!SEC_ISSET(sec_data->flags, SDAT_URL_STANDALONE_REQ) && sec_data->appid == NULL) { /* not standalone request */
- /* user resource links */
- sec_generate_userresourcelinks_response(sec_data, out_frame, cursor);
+ if (!SEC_ISSET(sec_data->flags, SDAT_URL_STANDALONE_REQ) && sec_data->appid == NULL)
+ { /* not standalone request */
+ /* user resource links */
+ sec_generate_userresourcelinks_response(sec_data, out_frame, cursor);
}
#undef write_data_str
-
+
return SEC_SUCCESS;
}
-int
-sec_generate_ai_logout_js_response(smanager_data_t *sec_data)
+int sec_generate_ai_logout_js_response(smanager_data_t *sec_data)
{
- struct frame *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
+ struct frame *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+
+ in_frame = parser_frame_alloc();
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create logout js failed, alloc failed");
+ return 0;
+ }
+
+ cursor = in_frame->f_data;
+ in_frame->f_datalen = 0;
+ out_frame = in_frame;
+
+ sec_generate_logout_js_response(sec_data, &out_frame, &cursor);
- in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create logout js failed, alloc failed");
- return 0;
- }
-
- cursor = in_frame->f_data;
- in_frame->f_datalen = 0;
- out_frame = in_frame;
-
- sec_generate_logout_js_response(sec_data, &out_frame, &cursor);
-
- sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- HTTP_NOCACHE, NULL, NULL,
- "text/javascript", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create logout response to Client failed");
- parser_frame_chain_free(in_frame);
- return SEC_FAIL;
- }
+ sec_data->response = create_http_response_with_bookmark(OK, in_frame,
+ HTTP_NOCACHE, NULL, NULL,
+ "text/javascript", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create logout response to Client failed");
+ parser_frame_chain_free(in_frame);
+ return SEC_FAIL;
+ }
- return SEC_SUCCESS;
+ return SEC_SUCCESS;
}
-int sec_generate_cs_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor) {
+int sec_generate_cs_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor)
+{
int32_t lang_str_len;
char *lang_string, *modified_str = DEFAULT_LAST_MODIFIED;
sec_vsite_t *vsite = sec_data->vsite_p;
@@ -1740,16 +1950,19 @@
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
write_data_str("var _AN_cs_location = \"");
/* original client security host check page url */
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/http/localh/%s/%s/",
- TWINGO_PATH, vsite->name);
- } else {
+ TWINGO_PATH, vsite->name);
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s/%s/",
- SEC_REWRITTEN_PREFIX, TWINGO_PATH, vsite->name);
+ SEC_REWRITTEN_PREFIX, TWINGO_PATH, vsite->name);
}
write_data(portal_temp_string, cursor, strlen(portal_temp_string), out_frame);
write_data_str("\";\n");
-
+
write_data_str("var _AN_cs_errmsg = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 630, &lang_str_len);
write_data(lang_string, cursor, strlen(lang_string), out_frame);
@@ -1758,37 +1971,44 @@
/* write the current time in hex */
write_data_str("var _AN_cs_timestamp = \"");
tv = get_curtime();
- hours = tv /3600; /*convert from seconds to hours */
+ hours = tv / 3600; /*convert from seconds to hours */
/* throw away microseconds - we don't need that granularity */
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%0x", (int)hours);
write_data(portal_temp_string, cursor, strlen(portal_temp_string), out_frame);
write_data_str("\";\n");
-
+
write_data_str("var _AN_cs_expiry = \"");
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%0x",
- vsite->client_sec_sd_timeout);
+ vsite->client_sec_sd_timeout);
write_data(portal_temp_string, cursor, strlen(portal_temp_string), out_frame);
write_data_str("\";\n");
#undef write_data_str
- return SEC_SUCCESS;
+ return SEC_SUCCESS;
}
-int sec_generate_logout_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor) {
+int sec_generate_logout_js_response(smanager_data_t *sec_data, struct frame **out_frame, uint8_t **cursor)
+{
int32_t lang_str_len;
char *lang_string, *modified_str = DEFAULT_LAST_MODIFIED;
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *session = sec_data->session;
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
- if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC))
+ {
write_data_str("var _AN_client_sec = true;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_client_sec = false;\n");
}
- if (SEC_ISSET(vsite->common_flags, SESS_CACHE_CLEANED)){
+ if (SEC_ISSET(vsite->common_flags, SESS_CACHE_CLEANED))
+ {
write_data_str("var _AN_cache_cleaned = true;\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_cache_cleaned = false;\n");
}
@@ -1797,13 +2017,16 @@
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\";\n");
-//NEW_AI_IMP: here, session is invalid, the reserved code is kept for future modify.
+ // NEW_AI_IMP: here, session is invalid, the reserved code is kept for future modify.
write_data_str("var _AN_str_title_cacheclean = \"");
#ifdef NEW_AI_IMP
if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC) &&
- !SEC_ISSET(sec_data->session->flags, SESS_CACHE_CLEANED)) {
- write_data_str(CACHE_CLEAN_TITLE);
- } else {
+ !SEC_ISSET(sec_data->session->flags, SESS_CACHE_CLEANED))
+ {
+ write_data_str(CACHE_CLEAN_TITLE);
+ }
+ else
+ {
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
#else
@@ -1842,11 +2065,11 @@
#undef write_data_str
- return SEC_SUCCESS;
+ return SEC_SUCCESS;
}
/*
- * Function is used to generate login page response.
+ * Function is used to generate login page response.
* If the response page was local, generate the page, save it in the sec_data->response
* The response will send out to client by the client state machine.
*
@@ -1857,11 +2080,10 @@
* when set this message, need to set msg_id to -1
* Return:
* SEC_SUCCESS - generate page success.
- * SEC_FAIL - generate page failed. Log and statistics was handled inside
+ * SEC_FAIL - generate page failed. Log and statistics was handled inside
*/
-int
-sec_generate_login_response(smanager_data_t *sec_data,
- const char *info_message,int32_t type_code, int32_t msg_id)
+int sec_generate_login_response(smanager_data_t *sec_data,
+ const char *info_message, int32_t type_code, int32_t msg_id)
{
struct frame *final_page, *out_frame = NULL, *in_frame;
uint8_t *cursor = NULL;
@@ -1871,65 +2093,82 @@
struct ai_page *login_page;
char msgID[SESSION_COOKIE_SIZE] = {0};
- if(msg_id > -1) {
- if (msg_id == 639 && info_message!=NULL) {
- strcpy(msgID, info_message);
- } else {
- snprintf(msgID, SESSION_COOKIE_SIZE, "_AN_msgID=%d;path=/prx/000/http/;secure;samesite=None;", msg_id);
- }
- } else if (info_message != NULL){
+ if (msg_id > -1)
+ {
+ if (msg_id == 639 && info_message != NULL)
+ {
+ strcpy(msgID, info_message);
+ }
+ else
+ {
+ snprintf(msgID, SESSION_COOKIE_SIZE, "_AN_msgID=%d;path=/prx/000/http/;secure;samesite=None;", msg_id);
+ }
+ }
+ else if (info_message != NULL)
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", info_message);
int i = 0;
- for (i=0; i < strlen(info_message); i++) {
- if ((portal_temp_string[i] == '\r') || (portal_temp_string[i] == '\n')) {
+ for (i = 0; i < strlen(info_message); i++)
+ {
+ if ((portal_temp_string[i] == '\r') || (portal_temp_string[i] == '\n'))
+ {
portal_temp_string[i] = ' ';
}
- if (portal_temp_string[i] == ';') {
- portal_temp_string[i] = ',';
- }
+ if (portal_temp_string[i] == ';')
+ {
+ portal_temp_string[i] = ',';
+ }
}
snprintf(msgID, SESSION_COOKIE_SIZE, "_AN_msgStr=\"%s\";path=/prx/000/http/;secure;samesite=None;", portal_temp_string);
}
if (type_code < SEC_PORTAL_ERROR_URLS &&
- redirect_customized_error_page(vsite, sec_data, type_code)) {
+ redirect_customized_error_page(vsite, sec_data, type_code))
+ {
/* redirect to error pages */
sec_generate_rewrite_redirect(sec_data, sec_data->redirect_url, strlen(sec_data->redirect_url));
return SEC_SUCCESS;
- }
+ }
- if (!SEC_ISSET(sec_data->flags, SDAT_URL_STANDALONE_REQ)) { /* not standalone request */
- if(vsite->cus_contents[SEC_CUSTOM_PAGE_LOGIN] != NULL) {
- char *cus_url = vsite->cus_contents[SEC_CUSTOM_PAGE_LOGIN]->content_url;
- sec_generate_rewrite_redirect_with_bookmark(sec_data, cus_url, strlen(cus_url), msgID, strlen(msgID));
- return SEC_SUCCESS;
- } else if(vsite->ai_active_theme != NULL &&
- (login_page = vsite->ai_active_theme->ai_page_index[AI_PAGE_LOGIN]) != NULL )
- {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
- login_page->id, login_page->ai_url + login_page->path_pos +
- (login_page->ai_url[login_page->path_pos] == '/' ? 1 : 0));
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
- login_page->id, login_page->ai_url + login_page->path_pos +
- (login_page->ai_url[login_page->path_pos] == '/' ? 1 : 0));
+ if (!SEC_ISSET(sec_data->flags, SDAT_URL_STANDALONE_REQ))
+ { /* not standalone request */
+ if (vsite->cus_contents[SEC_CUSTOM_PAGE_LOGIN] != NULL)
+ {
+ char *cus_url = vsite->cus_contents[SEC_CUSTOM_PAGE_LOGIN]->content_url;
+ sec_generate_rewrite_redirect_with_bookmark(sec_data, cus_url, strlen(cus_url), msgID, strlen(msgID));
+ return SEC_SUCCESS;
}
- sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- NULL, 0, NULL, 0, msgID, strlen(msgID),
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
- return SEC_SUCCESS;
+ else if (vsite->ai_active_theme != NULL &&
+ (login_page = vsite->ai_active_theme->ai_page_index[AI_PAGE_LOGIN]) != NULL)
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
+ HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
+ login_page->id, login_page->ai_url + login_page->path_pos + (login_page->ai_url[login_page->path_pos] == '/' ? 1 : 0));
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
+ HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
+ login_page->id, login_page->ai_url + login_page->path_pos + (login_page->ai_url[login_page->path_pos] == '/' ? 1 : 0));
+ }
+ sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
+ portal_temp_string, strlen(portal_temp_string),
+ NULL, 0, NULL, 0, msgID, strlen(msgID),
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ return SEC_SUCCESS;
+ }
+ }
+ else
+ {
+ ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
+ ULOG_NO671, 0, 0, 0, 0, 0, 0, 0);
}
- } else {
- ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO671, 0,0,0,0,0,0,0);
- }
in_frame = id_to_frame_chain(LOGIN_ID, vsite->default_theme);
- if (in_frame == NULL) {
+ if (in_frame == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
/* customized error page url */
redirect_customized_error_page(vsite, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -1937,36 +2176,43 @@
}
final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- const char * err_message = NULL;
- if(msg_id > -1) {
+ const char *err_message = NULL;
+ if (msg_id > -1)
+ {
err_message = sec_language_get_msg_ex(sec_data, msg_id);
}
- if (msg_id == 560) {
+ if (msg_id == 560)
+ {
snprintf(msgID, sizeof(msgID), err_message, vsite->lock_loginfail_left == 0 ? 99999999 : vsite->lock_loginfail_left);
err_message = msgID;
}
- if (vsite->err_authsvr[0] != '\0') {
- if (err_message != NULL) {
+ if (vsite->err_authsvr[0] != '\0')
+ {
+ if (err_message != NULL)
+ {
snprintf(msgID, sizeof(msgID), "%s (%s)", err_message, vsite->err_authsvr);
err_message = msgID;
}
memset(vsite->err_authsvr, 0, sizeof(vsite->err_authsvr));
}
- if (msg_id == 639) {
- err_message = info_message;
- }
+ if (msg_id == 639)
+ {
+ err_message = info_message;
+ }
sec_generate_login_js_response(sec_data, &out_frame, &cursor, err_message, info_message, 0, msg_id);
write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
+ if (final_page != NULL)
+ {
sec_data->response = create_http_response_with_bookmark(OK, final_page,
- 0, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
+ 0, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
parser_frame_chain_free(final_page);
/* customized error page url */
@@ -1979,22 +2225,22 @@
int *aa_clustered = NULL;
-/*
+/*
* this string can be used to expire cookie;
* this is the longest string that could be added to the cookie name value,
* so its length can be used to calc the longest posible cookie length
- * 2 is added to account for =, a quote in front of the cookie value
+ * 2 is added to account for =, a quote in front of the cookie value
* /0 is not taken into account
* we include url components (scheme, site name, prefix) because the same
* cookie value will be used as url in the redirect request, so we want to make
- * sure that it fits in the buffer that used to generate redirect url
+ * sure that it fits in the buffer that used to generate redirect url
*/
-#define SEC_BOOKMARK_URL_COMPONENTS_LEN (SLEN(HTTPS_SCHEME) + SLB_NAME_MAX_LEN + SEC_MAX_PORT_NCHAR + SLEN(SEC_PREFIX_DEFAULT))
+#define SEC_BOOKMARK_URL_COMPONENTS_LEN (SLEN(HTTPS_SCHEME) + SLB_NAME_MAX_LEN + SEC_MAX_PORT_NCHAR + SLEN(SEC_PREFIX_DEFAULT))
/* for sending output through app_printf */
uint8_t bookmark_cookie_buffer[MAX_APP_PRINT_SIZE + SEC_BOOKMARK_URL_COMPONENTS_LEN];
static char session_cookie_buffer[SESSION_COOKIE_SIZE];
-static char nav_cookie_buffer[SESSION_COOKIE_SIZE*2];/* we need more room for 2 cookies in dual sp logout resp*/
+static char nav_cookie_buffer[SESSION_COOKIE_SIZE * 2]; /* we need more room for 2 cookies in dual sp logout resp*/
static char session_error_buffer[256];
uint32_t rr_refresh = 2;
@@ -2004,13 +2250,14 @@
static uint8_t *
sprint_bookmark_cookie(struct smanager_data *sec_data, sec_vsite_t *site,
- url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule,
- uint32_t *bookmark_cookie_len)
+ url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule,
+ uint32_t *bookmark_cookie_len)
{
int buf_len = url_host_p->host_len + url_host_p->url_len + 1;
- if (bookmark_cookie_buffer[0] != '\0') {
- /*
+ if (bookmark_cookie_buffer[0] != '\0')
+ {
+ /*
* in case of fileshare operation like upload, move etc..
* the bookmark cookie will be created by the referrer parser,
* so by the time we get here it will in the buffer if we need
@@ -2020,21 +2267,23 @@
return bookmark_cookie_buffer;
}
- if (buf_len < MAX_APP_PRINT_SIZE) {
+ if (buf_len < MAX_APP_PRINT_SIZE)
+ {
/*
* Make sure that url will fit into the buffer when later we use it to
* generate redirect response.
* Note: url and host are in continues buffers but they are not null terminated;
* url also can contain multibyte chars, so we must use bcopy
* in both cases wrm on and off we print the cookie in the same format
- */
- *bookmark_cookie_len = sprintf(bookmark_cookie_buffer, "%s=\"%s/",
- SEC_AN_BOOKMARK_COOKIE_NAME,
- scheme_to_string(sec_data->scheme_type));
+ */
+ *bookmark_cookie_len = sprintf(bookmark_cookie_buffer, "%s=\"%s/",
+ SEC_AN_BOOKMARK_COOKIE_NAME,
+ scheme_to_string(sec_data->scheme_type));
bcopy(url_host_p->host_p, bookmark_cookie_buffer + *bookmark_cookie_len, url_host_p->host_len);
*bookmark_cookie_len += url_host_p->host_len;
- if (redirect_app_rule != NULL) {
+ if (redirect_app_rule != NULL)
+ {
/*
* redirect_app_rule was found and app_id was removed from the url, put it in the bookmark url
* so we can identify there app_server when requiest gets back to us
@@ -2044,33 +2293,32 @@
bcopy(url_host_p->url_p, bookmark_cookie_buffer + *bookmark_cookie_len, url_host_p->url_len);
*bookmark_cookie_len += url_host_p->url_len;
-
+
bcopy(SEC_AN_COOKIE_PATH, bookmark_cookie_buffer + *bookmark_cookie_len, SLEN(SEC_AN_COOKIE_PATH));
*bookmark_cookie_len += SLEN(SEC_AN_COOKIE_PATH);
bcopy(SEC_AN_COOKIE_SECURE, bookmark_cookie_buffer + *bookmark_cookie_len, SLEN(SEC_AN_COOKIE_SECURE));
*bookmark_cookie_len += SLEN(SEC_AN_COOKIE_SECURE);
bookmark_cookie_buffer[*bookmark_cookie_len] = '\0';
-
- DBG_PRINTF("bookmark cookie: %s cookie_len: %d",
- bookmark_cookie_buffer, *bookmark_cookie_len);
+
+ DBG_PRINTF("bookmark cookie: %s cookie_len: %d",
+ bookmark_cookie_buffer, *bookmark_cookie_len);
ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO652, *bookmark_cookie_len, 0,0,0,0,0,0);
+ ULOG_NO652, *bookmark_cookie_len, 0, 0, 0, 0, 0, 0);
return bookmark_cookie_buffer;
-
- } else {
+ }
+ else
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
- "bookmark cookie url is too long(url: %d bytes, limit %d bytes)",
- buf_len, MAX_APP_PRINT_SIZE);
+ "bookmark cookie url is too long(url: %d bytes, limit %d bytes)",
+ buf_len, MAX_APP_PRINT_SIZE);
*bookmark_cookie_len = 0;
return NULL;
}
-
}
-void
-sec_redirect_saml_request(struct smanager_data *sec_data, url_host_t *url_host_p)
+void sec_redirect_saml_request(struct smanager_data *sec_data, url_host_t *url_host_p)
{
char relay_url[SEC_MAX_COMMON_URL_LEN] = {0};
int relay_url_len = 0;
@@ -2078,47 +2326,53 @@
int encoded_relay_len = 0;
char redirect_url[SEC_MAX_COMMON_URL_LEN] = {0};
- if (url_host_p == NULL) {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
- "https://%s%s/http/localh/welcome", sec_data->req_domain,
- SEC_PREFIX_DEFAULT);
- } else {
- relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
- "https://%s%s/http/localhost/welcome", sec_data->req_domain,
- SEC_PREFIX_DEFAULT);
+ if (url_host_p == NULL)
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
+ "https://%s%s/http/localh/welcome", sec_data->req_domain,
+ SEC_PREFIX_DEFAULT);
}
- } else {
- relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
- "https://%s%s/%s/", sec_data->req_domain,
- SEC_PREFIX_DEFAULT, scheme_to_string(sec_data->scheme_type));
- bcopy(url_host_p->host_p, relay_url+relay_url_len, url_host_p->host_len);
+ else
+ {
+ relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
+ "https://%s%s/http/localhost/welcome", sec_data->req_domain,
+ SEC_PREFIX_DEFAULT);
+ }
+ }
+ else
+ {
+ relay_url_len = snprintf(relay_url, SEC_MAX_COMMON_URL_LEN,
+ "https://%s%s/%s/", sec_data->req_domain,
+ SEC_PREFIX_DEFAULT, scheme_to_string(sec_data->scheme_type));
+ bcopy(url_host_p->host_p, relay_url + relay_url_len, url_host_p->host_len);
relay_url_len += url_host_p->host_len;
- bcopy(url_host_p->url_p, relay_url+relay_url_len, url_host_p->url_len);
+ bcopy(url_host_p->url_p, relay_url + relay_url_len, url_host_p->url_len);
relay_url_len += url_host_p->url_len;
relay_url[relay_url_len] = '\0';
}
if (!n_escape(relay_url, encoded_relay_url, relay_url_len,
- SEC_MAX_COMMON_URL_LEN - 1, &encoded_relay_len)) {
+ SEC_MAX_COMMON_URL_LEN - 1, &encoded_relay_len))
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
- "encode request url failed, redirect to cookie_redirect_url\n");
+ "encode request url failed, redirect to cookie_redirect_url\n");
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
return;
}
- snprintf(redirect_url, SEC_MAX_COMMON_URL_LEN,
- "https://%s%s/http/%s%s/%s%s?as=%s&RelayState=%s",
- sec_data->req_domain, SEC_PREFIX_DEFAULT, SAML_SERVER_NAME, AAA_SAML_PATH,
- sec_data->vsite_p->name, SAML_SERVER_AUTH_PATH, sec_data->vsite_p->name,
- encoded_relay_url);
+ snprintf(redirect_url, SEC_MAX_COMMON_URL_LEN,
+ "https://%s%s/http/%s%s/%s%s?as=%s&RelayState=%s",
+ sec_data->req_domain, SEC_PREFIX_DEFAULT, SAML_SERVER_NAME, AAA_SAML_PATH,
+ sec_data->vsite_p->name, SAML_SERVER_AUTH_PATH, sec_data->vsite_p->name,
+ encoded_relay_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "saml redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- redirect_url, strlen(redirect_url),
- NULL, 0,
- NULL, 0, NULL, 0,
- 0, 0);
-
+ redirect_url, strlen(redirect_url),
+ NULL, 0,
+ NULL, 0, NULL, 0,
+ 0, 0);
}
static int
@@ -2130,20 +2384,24 @@
int index = 0;
struct oauth_server_t *server = NULL;
- for ( ; index < MAX_OAUTH_SERVER; index++) {
- if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "google")) {
+ for (; index < MAX_OAUTH_SERVER; index++)
+ {
+ if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "google"))
+ {
server = vsite->aaa_configure->oauth_server + index;
break;
}
}
- if (!server) {
+ if (!server)
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No Google OAuth configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, -1);
}
if (!server->oauth_authenticator_url[0] ||
!server->oauth_redirect_url[0] ||
- !server->oauth_register_id[0]) {
+ !server->oauth_register_id[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No OAuth item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 809);
}
@@ -2151,23 +2409,22 @@
escape_string(server->oauth_redirect_url, encoded_register_redirect_url, sizeof(encoded_register_redirect_url));
snprintf(redirect_url, sizeof(redirect_url),
- "%s?response_type=code&scope=openid%%20email&client_id=%s&redirect_uri=%s",
- server->oauth_authenticator_url, server->oauth_register_id, encoded_register_redirect_url);
+ "%s?response_type=code&scope=openid%%20email&client_id=%s&redirect_uri=%s",
+ server->oauth_authenticator_url, server->oauth_register_id, encoded_register_redirect_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth url: %s\n", server->oauth_authenticator_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth id: %s\n", server->oauth_register_id);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- redirect_url,
- strlen(redirect_url),
- NULL, 0,
- NULL, 0, NULL, 0,
- 0, 0);
+ redirect_url,
+ strlen(redirect_url),
+ NULL, 0,
+ NULL, 0, NULL, 0,
+ 0, 0);
return SEC_SUCCESS;
}
-int
-from_wechat_inner_browser(const struct proxy_type *proxy_p)
+int from_wechat_inner_browser(const struct proxy_type *proxy_p)
{
char *user_agent = NULL;
const char *browser_in_wechat_str = " NetType/";
@@ -2176,9 +2433,10 @@
user_agent = calloc(proxy_p->user_agent_info.len + 1, sizeof(char));
parser_frame_chain_to_string(user_agent, proxy_p->user_agent_info.str,
- proxy_p->user_agent_info.len, proxy_p->user_agent_info.frame_p);
+ proxy_p->user_agent_info.len, proxy_p->user_agent_info.frame_p);
- if (strstr(user_agent, browser_in_wechat_str)) {
+ if (strstr(user_agent, browser_in_wechat_str))
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "request from browser in wechat.\n");
ret = 1;
}
@@ -2196,29 +2454,37 @@
int index = 0;
struct oauth_server_t *server = NULL;
- for ( ; index < MAX_OAUTH_SERVER; index++) {
- if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat")) {
+ for (; index < MAX_OAUTH_SERVER; index++)
+ {
+ if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat"))
+ {
server = vsite->aaa_configure->oauth_server + index;
break;
}
}
- if (!server) {
+ if (!server)
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No Wechat OAuth configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, -1);
}
- if (from_wechat_inner_browser(sec_data->proxy_p)) {
+ if (from_wechat_inner_browser(sec_data->proxy_p))
+ {
if (!server->oauth_wechat_service_authenticator_url[0] ||
!server->oauth_redirect_url[0] ||
- !server->oauth_wechat_service_register_id[0]) {
+ !server->oauth_wechat_service_register_id[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No OAuth item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 809);
}
- } else {
+ }
+ else
+ {
if (!server->oauth_authenticator_url[0] ||
!server->oauth_redirect_url[0] ||
- !server->oauth_register_id[0]) {
+ !server->oauth_register_id[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No OAuth item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 809);
}
@@ -2226,57 +2492,63 @@
escape_string(server->oauth_redirect_url, encoded_register_redirect_url, sizeof(encoded_register_redirect_url));
- if (from_wechat_inner_browser(sec_data->proxy_p)) {
+ if (from_wechat_inner_browser(sec_data->proxy_p))
+ {
snprintf(redirect_url, sizeof(redirect_url),
- "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_userinfo#wechat_redirect",
- server->oauth_wechat_service_authenticator_url,
- server->oauth_wechat_service_register_id, encoded_register_redirect_url);
+ "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_userinfo#wechat_redirect",
+ server->oauth_wechat_service_authenticator_url,
+ server->oauth_wechat_service_register_id, encoded_register_redirect_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth url: %s\n",
- server->oauth_wechat_service_authenticator_url);
+ server->oauth_wechat_service_authenticator_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth wechat appid: %s\n",
- server->oauth_wechat_service_register_id);
- } else {
+ server->oauth_wechat_service_register_id);
+ }
+ else
+ {
snprintf(redirect_url, sizeof(redirect_url),
- "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_login#wechat_redirect",
- server->oauth_authenticator_url, server->oauth_register_id,
- encoded_register_redirect_url);
+ "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_login#wechat_redirect",
+ server->oauth_authenticator_url, server->oauth_register_id,
+ encoded_register_redirect_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth url: %s\n",
- server->oauth_authenticator_url);
+ server->oauth_authenticator_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth wechat appid: %s\n",
- server->oauth_register_id);
+ server->oauth_register_id);
}
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- redirect_url,
- strlen(redirect_url),
- NULL, 0,
- NULL, 0, NULL, 0,
- 0, 0);
+ redirect_url,
+ strlen(redirect_url),
+ NULL, 0,
+ NULL, 0, NULL, 0,
+ 0, 0);
return SEC_SUCCESS;
}
-int
-sec_oauth_auto_redirect(struct smanager_data *sec_data, sec_vsite_t *vsite)
+int sec_oauth_auto_redirect(struct smanager_data *sec_data, sec_vsite_t *vsite)
{
char redirect_url[SEC_MAX_COMMON_URL_LEN] = {0};
char encoded_register_redirect_url[SEC_MAX_COMMON_URL_LEN] = {0};
int index = 0;
struct oauth_server_t *server = NULL;
- for ( ; index < MAX_OAUTH_SERVER; index++) {
- if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat")) {
+ for (; index < MAX_OAUTH_SERVER; index++)
+ {
+ if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat"))
+ {
server = vsite->aaa_configure->oauth_server + index;
break;
}
}
- if (!server) {
+ if (!server)
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No Wechat OAuth configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, -1);
}
- if (!server->oauth_wechat_qy_app_authenticator_url[0] || !server->oauth_wechat_qy_app_redirect_url[0] || !server->oauth_wechat_qy_corpid[0]) {
+ if (!server->oauth_wechat_qy_app_authenticator_url[0] || !server->oauth_wechat_qy_app_redirect_url[0] || !server->oauth_wechat_qy_corpid[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No OAuth item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 809);
}
@@ -2284,12 +2556,12 @@
escape_string(server->oauth_wechat_qy_app_redirect_url, encoded_register_redirect_url, sizeof(encoded_register_redirect_url));
snprintf(redirect_url, sizeof(redirect_url),
- "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_base#wechat_redirect",
- server->oauth_wechat_qy_app_authenticator_url, server->oauth_wechat_qy_corpid, encoded_register_redirect_url);
+ "%s?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_base#wechat_redirect",
+ server->oauth_wechat_qy_app_authenticator_url, server->oauth_wechat_qy_corpid, encoded_register_redirect_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"), redirect_url, strlen(redirect_url),
- NULL, 0, NULL, 0, NULL, 0, 0, 0);
+ NULL, 0, NULL, 0, NULL, 0, 0, 0);
return SEC_SUCCESS;
}
@@ -2302,22 +2574,26 @@
int index = 0;
struct oauth_server_t *server = NULL;
- for ( ; index < MAX_OAUTH_SERVER; index++) {
- if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat")) {
+ for (; index < MAX_OAUTH_SERVER; index++)
+ {
+ if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "wechat"))
+ {
server = vsite->aaa_configure->oauth_server + index;
break;
}
}
- if (!server) {
+ if (!server)
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No Wechat OAuth configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, -1);
}
if (!server->oauth_wechat_qy_authenticator_url[0] ||
- !server->oauth_wechat_qy_redirect_url[0] ||
- !server->oauth_wechat_qy_corpid[0] ||
- !server->oauth_wechat_qy_agentid[0]) {
+ !server->oauth_wechat_qy_redirect_url[0] ||
+ !server->oauth_wechat_qy_corpid[0] ||
+ !server->oauth_wechat_qy_agentid[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No OAuth enterprise item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 810);
}
@@ -2325,14 +2601,14 @@
escape_string(server->oauth_wechat_qy_redirect_url, encoded_register_redirect_url, sizeof(encoded_register_redirect_url));
snprintf(redirect_url, sizeof(redirect_url), "%s?appid=%s&agentid=%s&redirect_uri=%s",
- server->oauth_wechat_qy_authenticator_url,
- server->oauth_wechat_qy_corpid,
- server->oauth_wechat_qy_agentid,
- encoded_register_redirect_url);
+ server->oauth_wechat_qy_authenticator_url,
+ server->oauth_wechat_qy_corpid,
+ server->oauth_wechat_qy_agentid,
+ encoded_register_redirect_url);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"), redirect_url, strlen(redirect_url),
- NULL, 0, NULL, 0, NULL, 0, 0, 0);
+ NULL, 0, NULL, 0, NULL, 0, 0, 0);
return SEC_SUCCESS;
}
@@ -2346,19 +2622,23 @@
struct oauth_server_t *server = NULL;
static int state = 100000;
- for ( ; index < MAX_OAUTH_SERVER; index++) {
- if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "generic")) {
+ for (; index < MAX_OAUTH_SERVER; index++)
+ {
+ if (!strcmp(vsite->aaa_configure->oauth_server[index].id, "generic"))
+ {
server = vsite->aaa_configure->oauth_server + index;
break;
}
}
- if (!server) {
+ if (!server)
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No generic OAuth configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, -1);
}
- if (!server->oauth_authenticator_url[0]) {
+ if (!server->oauth_authenticator_url[0])
+ {
ulog_error_no_conn(AMP_ULOG_SMANAGER, "No generic OAuth item configured.\n");
return sec_generate_login_response(sec_data, NULL, SEC_PORTAL_ERROR_URLS, 810);
}
@@ -2367,158 +2647,172 @@
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"), redirect_url, strlen(redirect_url),
- NULL, 0, NULL, 0, NULL, 0, 0, 0);
+ NULL, 0, NULL, 0, NULL, 0, 0, 0);
return SEC_SUCCESS;
}
-int
-sec_redirect_oauth_logout(struct smanager_data *sec_data, int msg_id)
+int sec_redirect_oauth_logout(struct smanager_data *sec_data, int msg_id)
{
char redirect_url[SEC_MAX_COMMON_URL_LEN] = {0};
char msgID[SESSION_COOKIE_SIZE] = {0};
- if (msg_id > -1) {
+ if (msg_id > -1)
+ {
snprintf(msgID, SESSION_COOKIE_SIZE, "_AN_msgID=%d;path=/prx/000/http/;secure;samesite=None;", msg_id);
}
snprintf(redirect_url, sizeof(redirect_url),
- "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://%s",
- sec_data->req_domain);
+ "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=https://%s",
+ sec_data->req_domain);
ulog_error_no_conn(AMP_ULOG_SMANAGER, "OAuth redirect: %s\n", redirect_url);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- redirect_url,
- strlen(redirect_url),
- NULL, 0,
- NULL, 0, msgID, strlen(msgID),
- 0, 0);
+ redirect_url,
+ strlen(redirect_url),
+ NULL, 0,
+ NULL, 0, msgID, strlen(msgID),
+ 0, 0);
return SEC_SUCCESS;
}
-void
-sec_generate_cookietest_redirect(struct smanager_data *sec_data, sec_vsite_t *vsite,
- url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule)
-{
- uint32_t bookmark_cookie_len = 0;
- uint8_t *bookmark_cookie = NULL;
-
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/http/localh%s",
- COOKIETEST_PATH);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s", SEC_REWRITTEN_PREFIX,
- COOKIETEST_PATH);
- }
- if (*aa_clustered == 0) {
- snprintf(session_cookie_buffer, SESSION_COOKIE_SIZE,
- "%s=%s; path=/%s; secure; samesite=None", sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data));
- } else {
- snprintf(session_cookie_buffer, SESSION_COOKIE_SIZE,
- "%s=%s; path=/%s; secure; samesite=None", ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data));
- }
-
- /* if we have a url to bookmark, set a bookmark cookie */
- if (url_host_p && strncasecmp(url_host_p->url_p, FAVICON_STR, FAVICON_STR_LEN) != 0) {
- /* init bookmark buffer so sprint_bookmark_cookie creates a new cookie */
- bookmark_cookie_buffer[0] = '\0';
- bookmark_cookie = sprint_bookmark_cookie(sec_data, vsite, url_host_p, redirect_app_rule, &bookmark_cookie_len);
- } else {
- bookmark_cookie_len = 0;
- bookmark_cookie = NULL;
- }
-
- sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- session_cookie_buffer, strlen(session_cookie_buffer),
- NULL, 0, bookmark_cookie, bookmark_cookie_len,
- 0, 0);
+void sec_generate_cookietest_redirect(struct smanager_data *sec_data, sec_vsite_t *vsite,
+ url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule)
+{
+ uint32_t bookmark_cookie_len = 0;
+ uint8_t *bookmark_cookie = NULL;
+
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/http/localh%s",
+ COOKIETEST_PATH);
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s", SEC_REWRITTEN_PREFIX,
+ COOKIETEST_PATH);
+ }
+ if (*aa_clustered == 0)
+ {
+ snprintf(session_cookie_buffer, SESSION_COOKIE_SIZE,
+ "%s=%s; path=/%s; secure; samesite=None", sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ }
+ else
+ {
+ snprintf(session_cookie_buffer, SESSION_COOKIE_SIZE,
+ "%s=%s; path=/%s; secure; samesite=None", ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ }
+
+ /* if we have a url to bookmark, set a bookmark cookie */
+ if (url_host_p && strncasecmp(url_host_p->url_p, FAVICON_STR, FAVICON_STR_LEN) != 0)
+ {
+ /* init bookmark buffer so sprint_bookmark_cookie creates a new cookie */
+ bookmark_cookie_buffer[0] = '\0';
+ bookmark_cookie = sprint_bookmark_cookie(sec_data, vsite, url_host_p, redirect_app_rule, &bookmark_cookie_len);
+ }
+ else
+ {
+ bookmark_cookie_len = 0;
+ bookmark_cookie = NULL;
+ }
+
+ sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
+ portal_temp_string, strlen(portal_temp_string),
+ session_cookie_buffer, strlen(session_cookie_buffer),
+ NULL, 0, bookmark_cookie, bookmark_cookie_len,
+ 0, 0);
}
/* used when vsite flag SEC_COOKIE_REDIRECT is set */
static void
sec_generate_nocookie_redirect(struct smanager_data *sec_data, sec_vsite_t *vsite, url_host_t *url_host_p)
{
- if (vsite->login_return_url_field == NULL || vsite->login_return_url_field[0] == '\0' ||
- url_host_p == NULL || url_host_p->host_p == NULL || url_host_p->host_len <= 0 ||
- url_host_p->url_p == NULL || url_host_p->url_len <= 0) {
- DBG_PRINTF("http redirect nocookie is set, redirect to url: %s\n",
- vsite->cookie_redirect_url);
- sec_generate_redirect(sec_data, "301 Moved Permanently",
- SLEN("301 Moved Permanently"),
- vsite->cookie_redirect_url,
- strlen(vsite->cookie_redirect_url),
- NULL, 0, NULL, 0, NULL, 0, IGNORE_CLIENTSEC_COOKIE,
- SEC_GENERATE_REDIR_NOFLAGS);
- } else {
- char req_url[SEC_MAX_COMMON_URL_LEN];
- int req_url_len = 0;
-
- switch (sec_data->scheme_type) {
- case SM_SCHEME_HTTP:
- req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "http://");
- break;
- case SM_SCHEME_HTTPS:
- req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "https://");
- break;
- case SM_SCHEME_FTP:
- req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "ftp://");
- break;
- case SM_SCHEME_UNKNOWN:
- default:
- DBG_PRINTF("scheme type is unknown, redirect without login_return_url\n");
- sec_generate_nocookie_redirect(sec_data, vsite, NULL);
- return;
- }
-
- if (req_url_len + url_host_p->host_len + url_host_p->url_len >= SEC_MAX_COMMON_URL_LEN) {
- DBG_PRINTF("request url is too long, redirect to cookie_redirect_url\n");
- sec_generate_nocookie_redirect(sec_data, vsite, NULL);
- return;
- }
-
- bcopy(url_host_p->host_p, &req_url[req_url_len], url_host_p->host_len);
- req_url_len += url_host_p->host_len;
- bcopy(url_host_p->url_p, &req_url[req_url_len], url_host_p->url_len);
- req_url_len += url_host_p->url_len;
- req_url[req_url_len] = '\0';
-
- char encode_req_url[SEC_MAX_COMMON_URL_LEN];
- int encode_req_url_len;
- char redirect_url[SEC_MAX_COMMON_URL_LEN];
-
- if (!n_escape(req_url, encode_req_url, req_url_len,
- SEC_MAX_COMMON_URL_LEN - 1, &encode_req_url_len)) {
- DBG_PRINTF("encode request url failed, redirect to cookie_redirect_url\n");
- sec_generate_nocookie_redirect(sec_data, vsite, NULL);
- return;
- }
- encode_req_url[encode_req_url_len] = '\0';
-
- if (snprintf(redirect_url, SEC_MAX_COMMON_URL_LEN, "%s?%s=%s", vsite->cookie_redirect_url,
- vsite->login_return_url_field, encode_req_url) >= SEC_MAX_COMMON_URL_LEN) {
- DBG_PRINTF("redirect url with login_return_url is too long, redirect to cookie_redirect_url\n");
- sec_generate_nocookie_redirect(sec_data, vsite, NULL);
- return;
- }
- DBG_PRINTF("http redirect nocookie is set, redirect to url: %s\n", redirect_url);
- sec_generate_redirect(sec_data, "301 Moved Permanently",
- SLEN("301 Moved Permanently"),
- redirect_url,
- strlen(redirect_url),
- NULL, 0, NULL, 0, NULL, 0, IGNORE_CLIENTSEC_COOKIE,
- SEC_GENERATE_REDIR_NOFLAGS);
- }
-}
-
-void
-sec_generate_login_redirect_with_bookmark(struct smanager_data *sec_data, sec_vsite_t *vsite,
- url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule)
-{
- uint32_t privileges;
- uint32_t bookmark_cookie_len;
- uint8_t *bookmark_cookie;
- uint8_t *data_p = NULL;
+ if (vsite->login_return_url_field == NULL || vsite->login_return_url_field[0] == '\0' ||
+ url_host_p == NULL || url_host_p->host_p == NULL || url_host_p->host_len <= 0 ||
+ url_host_p->url_p == NULL || url_host_p->url_len <= 0)
+ {
+ DBG_PRINTF("http redirect nocookie is set, redirect to url: %s\n",
+ vsite->cookie_redirect_url);
+ sec_generate_redirect(sec_data, "301 Moved Permanently",
+ SLEN("301 Moved Permanently"),
+ vsite->cookie_redirect_url,
+ strlen(vsite->cookie_redirect_url),
+ NULL, 0, NULL, 0, NULL, 0, IGNORE_CLIENTSEC_COOKIE,
+ SEC_GENERATE_REDIR_NOFLAGS);
+ }
+ else
+ {
+ char req_url[SEC_MAX_COMMON_URL_LEN];
+ int req_url_len = 0;
+
+ switch (sec_data->scheme_type)
+ {
+ case SM_SCHEME_HTTP:
+ req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "http://");
+ break;
+ case SM_SCHEME_HTTPS:
+ req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "https://");
+ break;
+ case SM_SCHEME_FTP:
+ req_url_len += snprintf(req_url, SEC_MAX_COMMON_URL_LEN, "%s", "ftp://");
+ break;
+ case SM_SCHEME_UNKNOWN:
+ default:
+ DBG_PRINTF("scheme type is unknown, redirect without login_return_url\n");
+ sec_generate_nocookie_redirect(sec_data, vsite, NULL);
+ return;
+ }
+
+ if (req_url_len + url_host_p->host_len + url_host_p->url_len >= SEC_MAX_COMMON_URL_LEN)
+ {
+ DBG_PRINTF("request url is too long, redirect to cookie_redirect_url\n");
+ sec_generate_nocookie_redirect(sec_data, vsite, NULL);
+ return;
+ }
+
+ bcopy(url_host_p->host_p, &req_url[req_url_len], url_host_p->host_len);
+ req_url_len += url_host_p->host_len;
+ bcopy(url_host_p->url_p, &req_url[req_url_len], url_host_p->url_len);
+ req_url_len += url_host_p->url_len;
+ req_url[req_url_len] = '\0';
+
+ char encode_req_url[SEC_MAX_COMMON_URL_LEN];
+ int encode_req_url_len;
+ char redirect_url[SEC_MAX_COMMON_URL_LEN];
+
+ if (!n_escape(req_url, encode_req_url, req_url_len,
+ SEC_MAX_COMMON_URL_LEN - 1, &encode_req_url_len))
+ {
+ DBG_PRINTF("encode request url failed, redirect to cookie_redirect_url\n");
+ sec_generate_nocookie_redirect(sec_data, vsite, NULL);
+ return;
+ }
+ encode_req_url[encode_req_url_len] = '\0';
+
+ if (snprintf(redirect_url, SEC_MAX_COMMON_URL_LEN, "%s?%s=%s", vsite->cookie_redirect_url,
+ vsite->login_return_url_field, encode_req_url) >= SEC_MAX_COMMON_URL_LEN)
+ {
+ DBG_PRINTF("redirect url with login_return_url is too long, redirect to cookie_redirect_url\n");
+ sec_generate_nocookie_redirect(sec_data, vsite, NULL);
+ return;
+ }
+ DBG_PRINTF("http redirect nocookie is set, redirect to url: %s\n", redirect_url);
+ sec_generate_redirect(sec_data, "301 Moved Permanently",
+ SLEN("301 Moved Permanently"),
+ redirect_url,
+ strlen(redirect_url),
+ NULL, 0, NULL, 0, NULL, 0, IGNORE_CLIENTSEC_COOKIE,
+ SEC_GENERATE_REDIR_NOFLAGS);
+ }
+}
+
+void sec_generate_login_redirect_with_bookmark(struct smanager_data *sec_data, sec_vsite_t *vsite,
+ url_host_t *url_host_p, http_redirect_app_rule_t *redirect_app_rule)
+{
+ uint32_t privileges;
+ uint32_t bookmark_cookie_len;
+ uint8_t *bookmark_cookie;
+ uint8_t *data_p = NULL;
/* By default, SPX will respond to any request that
* does not have a valid session cookie with a redirect
@@ -2526,135 +2820,168 @@
* is set, redirect to the specific URL.
*/
if (SEC_ISSET(vsite->common_flags, SEC_COOKIE_REDIRECT) &&
- vsite->cookie_redirect_url != NULL) {
+ vsite->cookie_redirect_url != NULL)
+ {
ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO653, 0,0,0,0,0,0,0);
+ ULOG_NO653, 0, 0, 0, 0, 0, 0, 0);
sec_generate_nocookie_redirect(sec_data, vsite, url_host_p);
return;
}
- if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC) &&
- !SEC_ISSET(sec_data->flags, SDAT_REQ_CLIENTSEC_COOKIE)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC) &&
+ !SEC_ISSET(sec_data->flags, SDAT_REQ_CLIENTSEC_COOKIE))
+ {
/*
- * clientsec will not happen in case of bookmark redirect
- * because client sec should be running on the client machine
- * if failover happens or session expires
- */
- if (!SEC_ISSET(sec_data->flags, SDAT_PREINSTALL_DONE) &&
- SEC_ISSET(vsite->common_flags, SEC_ATP_ENABLE) &&
- SEC_ISSET(vsite->common_flags, SEC_VPN_PREINSTALL_ON))
+ * clientsec will not happen in case of bookmark redirect
+ * because client sec should be running on the client machine
+ * if failover happens or session expires
+ */
+ if (!SEC_ISSET(sec_data->flags, SDAT_PREINSTALL_DONE) &&
+ SEC_ISSET(vsite->common_flags, SEC_ATP_ENABLE) &&
+ SEC_ISSET(vsite->common_flags, SEC_VPN_PREINSTALL_ON))
{
#ifdef SM_ISREADY
sec_generate_atp_install_redirect(conn, site);
#endif
- } else {
+ }
+ else
+ {
sec_generate_clientsec_redirect(sec_data);
}
return;
}
- if (!sec_get_client_privileges(sec_data, &privileges)) {
+ if (!sec_get_client_privileges(sec_data, &privileges))
+ {
/* TODO: Here need to integrate the implement of sec_generate_redirect */
return;
- }
+ }
/* SAML enabled, so auth with saml idp, redirect to the saml sp url */
- if (SEC_ISSET(vsite->common_flags, SEC_AAA_SAML_ENABLED)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_AAA_SAML_ENABLED))
+ {
sec_redirect_saml_request(sec_data, url_host_p);
return;
}
- /* if we have a url to bookmark, set a bookmark cookie */
- if (url_host_p && strncasecmp(url_host_p->url_p, FAVICON_STR, FAVICON_STR_LEN) != 0) {
+ /* if we have a url to bookmark, set a bookmark cookie */
+ if (url_host_p && strncasecmp(url_host_p->url_p, FAVICON_STR, FAVICON_STR_LEN) != 0)
+ {
bookmark_cookie_buffer[0] = '\0';
bookmark_cookie = sprint_bookmark_cookie(sec_data, vsite, url_host_p, redirect_app_rule, &bookmark_cookie_len);
- } else {
+ }
+ else
+ {
bookmark_cookie_len = 0;
bookmark_cookie = NULL;
}
DBG_PRINTF("url_host's host_p is %s", sec_data->req_domain);
- if(sec_data->quicklink_conn && sec_data->sp_host && sec_data->sp_host[0]) {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (sec_data->quicklink_conn && sec_data->sp_host && sec_data->sp_host[0])
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- HTTPS_SCHEME, sec_data->sp_host, "/prx/000/http/localh",
- LOGIN_PATH);
- } else {
+ HTTPS_SCHEME, sec_data->sp_host, "/prx/000/http/localh",
+ LOGIN_PATH);
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- HTTPS_SCHEME, sec_data->sp_host, SEC_REWRITTEN_PREFIX,
- LOGIN_PATH);
+ HTTPS_SCHEME, sec_data->sp_host, SEC_REWRITTEN_PREFIX,
+ LOGIN_PATH);
}
- } else {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ }
+ else
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
- LOGIN_PATH);
- } else {
+ HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
+ LOGIN_PATH);
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
- LOGIN_PATH);
+ HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
+ LOGIN_PATH);
}
}
data_p = session_cookie_buffer;
- if (vsite->vsite_type == SITE_EXCLUSIVE) {
- if (*aa_clustered == 0) {
+ if (vsite->vsite_type == SITE_EXCLUSIVE)
+ {
+ if (*aa_clustered == 0)
+ {
data_p += sprintf(data_p, "%s=%s; path=/%s;expires=Thu, 01-Jan-1970 00:00:01 GMT;secure; samesite=None", sec_cookie_session_name,
- vsite->name, sec_get_domain_for_sp_cookie(sec_data));
- } else {
+ vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ }
+ else
+ {
data_p += sprintf(data_p, "%s=%s; path=/%s;expires=Thu, 01-Jan-1970 00:00:01 GMT;secure; samesite=None", ha_cookie_session_name,
- vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ vsite->name, sec_get_domain_for_sp_cookie(sec_data));
}
- } else { // SITE_ALIAS need this cookie to identify which alias-site customer has chosen
- if (*aa_clustered == 0) {
+ }
+ else
+ { // SITE_ALIAS need this cookie to identify which alias-site customer has chosen
+ if (*aa_clustered == 0)
+ {
data_p += sprintf(data_p, "%s=%s; path=/%s; secure; samesite=None", sec_cookie_session_name,
- vsite->name, sec_get_domain_for_sp_cookie(sec_data));
- } else {
+ vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ }
+ else
+ {
data_p += sprintf(data_p, "%s=%s; path=/%s; secure; samesite=None", ha_cookie_session_name,
- vsite->name, sec_get_domain_for_sp_cookie(sec_data));
+ vsite->name, sec_get_domain_for_sp_cookie(sec_data));
}
}
- if (sec_data->req_domain && vsite->vsite_type == SITE_EXCLUSIVE) {
+ if (sec_data->req_domain && vsite->vsite_type == SITE_EXCLUSIVE)
+ {
static char domain[SEC_MAX_URL_LEN] = {0};
char *p = NULL;
snprintf(domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
p = strchr(domain, ':');
- if (p) {
+ if (p)
+ {
*p = 0;
}
- if (!strchr(domain, '[') && !is_ip_address(domain, strlen(domain))) {
+ if (!strchr(domain, '[') && !is_ip_address(domain, strlen(domain)))
+ {
data_p += sprintf(data_p, "\r\nSet-Cookie: ");
- if (*aa_clustered == 0) {
+ if (*aa_clustered == 0)
+ {
data_p += sprintf(data_p, "%s=%s;", sec_cookie_session_name,
- vsite->name);
- } else {
+ vsite->name);
+ }
+ else
+ {
data_p += sprintf(data_p, "%s=%s;", ha_cookie_session_name,
- vsite->name);
+ vsite->name);
}
/*if (SEC_ISSET(vsite->common_flags, SEC_COOKIE_EXPIRE)) {
data_p += sprintf(data_p, "expires=%s;", get_GMT_time(vsite->idle_timeout));
}*/
- data_p += sprintf(data_p, "path=/;domain=%s;expires=Thu, 01-Jan-1971 00:00:01 GMT",strstr(domain,".")== NULL?domain: strstr(domain,".") );
+ data_p += sprintf(data_p, "path=/;domain=%s;expires=Thu, 01-Jan-1971 00:00:01 GMT", strstr(domain, ".") == NULL ? domain : strstr(domain, "."));
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
data_p += sprintf(data_p, ";HttpOnly");
}
}
}
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- session_cookie_buffer, strlen(session_cookie_buffer),
- NULL, 0, bookmark_cookie, bookmark_cookie_len,
- 0, SEC_GENERATE_REDIR_NOFLAGS);
+ portal_temp_string, strlen(portal_temp_string),
+ session_cookie_buffer, strlen(session_cookie_buffer),
+ NULL, 0, bookmark_cookie, bookmark_cookie_len,
+ 0, SEC_GENERATE_REDIR_NOFLAGS);
}
-void
-sec_generate_login_redirect(struct smanager_data *sec_data, sec_vsite_t *site)
+void sec_generate_login_redirect(struct smanager_data *sec_data, sec_vsite_t *site)
{
return (sec_generate_login_redirect_with_bookmark(sec_data, site, NULL, NULL));
}
@@ -2662,22 +2989,22 @@
/*
* Function is used to generate help page response. Send different help page according to
* portal language setting.
- *
+ *
* Input:
* sec_data: The smanager data hold the current request information.
* Return:
* SEC_SUCCESS - generate page success.
* SEC_FAIL - generate page failed. Log and statistics was handled inside
*/
-int
-sec_generate_help_response(smanager_data_t *sec_data)
+int sec_generate_help_response(smanager_data_t *sec_data)
{
struct frame *final_page, *out_frame = NULL, *in_frame;
uint8_t *cursor = NULL;
- uint8_t itype = sec_data->vsite_p->language;
- in_frame = id_to_frame_chain(HELP_ID, itype);
+ uint8_t itype = sec_data->vsite_p->language;
+ in_frame = id_to_frame_chain(HELP_ID, itype);
/* Note that if the order in sp_lang_filenames.txt is changed, the order in sec_shared.c must be changed too! */
- if (in_frame == NULL) {
+ if (in_frame == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
/* customized error page url */
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -2685,12 +3012,14 @@
}
final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
+ if (final_page != NULL)
+ {
sec_data->response = create_http_response_with_bookmark(OK, final_page,
- 0, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
+ 0, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
parser_frame_chain_free(final_page);
/* customized error page url */
@@ -2701,13 +3030,13 @@
return SEC_SUCCESS;
}
-int
-sec_generate_dd_portal_response(smanager_data_t *sec_data)
+int sec_generate_dd_portal_response(smanager_data_t *sec_data)
{
struct frame *final_page, *out_frame = NULL, *in_frame;
uint8_t *cursor = NULL;
- in_frame = id_to_frame_chain(DD_PORTAL_ID, 0);
- if (in_frame == NULL) {
+ in_frame = id_to_frame_chain(DD_PORTAL_ID, 0);
+ if (in_frame == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
/* customized error page url */
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -2715,12 +3044,14 @@
}
final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
+ if (final_page != NULL)
+ {
sec_data->response = create_http_response_with_bookmark(OK, final_page,
- 0, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
+ 0, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
parser_frame_chain_free(final_page);
/* customized error page url */
@@ -2731,66 +3062,70 @@
return SEC_SUCCESS;
}
-int
-sec_generate_bookmark_add_response(smanager_data_t *sec_data)
+int sec_generate_bookmark_add_response(smanager_data_t *sec_data)
{
- struct frame *final_page, *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
- in_frame = id_to_frame_chain(BOOKMARK_ADD_ID, 0);
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
- /* customized error page url */
- redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
- return SEC_FAIL;
- }
-
- final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
- sec_data->response = create_http_response_with_bookmark(OK, final_page,
- 0, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
- parser_frame_chain_free(final_page);
- /* customized error page url */
- redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
- return SEC_FAIL;
- }
- }
- return SEC_SUCCESS;
-}
-int
-sec_generate_bookmark_edit_response(smanager_data_t *sec_data)
-{
- struct frame *final_page, *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
- in_frame = id_to_frame_chain(BOOKMARK_EDIT_ID, 0);
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
- /* customized error page url */
- redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
- return SEC_FAIL;
- }
-
- final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
- sec_data->response = create_http_response_with_bookmark(OK, final_page,
- 0, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
- parser_frame_chain_free(final_page);
- /* customized error page url */
- redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
- return SEC_FAIL;
- }
- }
- return SEC_SUCCESS;
+ struct frame *final_page, *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+ in_frame = id_to_frame_chain(BOOKMARK_ADD_ID, 0);
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
+ /* customized error page url */
+ redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
+ return SEC_FAIL;
+ }
+
+ final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
+ if (final_page != NULL)
+ {
+ sec_data->response = create_http_response_with_bookmark(OK, final_page,
+ 0, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
+ parser_frame_chain_free(final_page);
+ /* customized error page url */
+ redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
+ return SEC_FAIL;
+ }
+ }
+ return SEC_SUCCESS;
+}
+int sec_generate_bookmark_edit_response(smanager_data_t *sec_data)
+{
+ struct frame *final_page, *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+ in_frame = id_to_frame_chain(BOOKMARK_EDIT_ID, 0);
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "The content of login node is empty.");
+ /* customized error page url */
+ redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
+ return SEC_FAIL;
+ }
+
+ final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
+ if (final_page != NULL)
+ {
+ sec_data->response = create_http_response_with_bookmark(OK, final_page,
+ 0, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create response to Client failed");
+ parser_frame_chain_free(final_page);
+ /* customized error page url */
+ redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
+ return SEC_FAIL;
+ }
+ }
+ return SEC_SUCCESS;
}
/* sec_generate_nonhtml_response()
- * Generate a nonhtml response page and save it in the smanager_data->response,
+ * Generate a nonhtml response page and save it in the smanager_data->response,
* waiting client proxy state to send it out to Client.
* If the requested resource is not changed since last access, return 304 not modify,
* or return the content from local.
@@ -2800,11 +3135,10 @@
* SEC_SUCCESS: Got the requested resource and hold it in sec_data->response
* SEC_FAIL: Something wrong when get the resource, and the response will set to NULL
*/
-int
-sec_generate_nonhtml_response(smanager_data_t *sec_data)
+int sec_generate_nonhtml_response(smanager_data_t *sec_data)
{
- struct frame *curr_frame = NULL, *new_chain;
- uint8_t *cursor = NULL;
+ struct frame *curr_frame = NULL, *new_chain;
+ uint8_t *cursor = NULL;
content_node_t *content = sec_data->content;
struct frame *content_chain = id_to_frame_chain(content->id, 0);
time_t modif_date = id_to_last_modified(content->id);
@@ -2812,27 +3146,31 @@
char *modified_str = id_to_modified_str(content->id);
char *content_type = id_to_content_type(content->id);
- if (if_modif_date != -1 && if_modif_date == modif_date &&
- modified_str != NULL)
- {
- ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO654, 0,0,0,0,0,0,0);
- sec_data->response = create_304_response(
- FALSE,
- modified_str);
- } else {
- new_chain = write_frame_chunk(&curr_frame, &cursor, &content_chain);
- if (new_chain == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
- return SEC_FAIL;
- }
-
- sec_data->response = create_http_response_with_bookmark(OK, new_chain,
- 0, NULL, NULL,
- content_type, modified_str, sec_data, NULL, 0, 0);
+ if (if_modif_date != -1 && if_modif_date == modif_date &&
+ modified_str != NULL)
+ {
+ ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
+ ULOG_NO654, 0, 0, 0, 0, 0, 0, 0);
+ sec_data->response = create_304_response(
+ FALSE,
+ modified_str);
}
+ else
+ {
+ new_chain = write_frame_chunk(&curr_frame, &cursor, &content_chain);
+ if (new_chain == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
+ return SEC_FAIL;
+ }
- if (sec_data->response == NULL) {
+ sec_data->response = create_http_response_with_bookmark(OK, new_chain,
+ 0, NULL, NULL,
+ content_type, modified_str, sec_data, NULL, 0, 0);
+ }
+
+ if (sec_data->response == NULL)
+ {
parser_frame_chain_free(new_chain);
/* customized error page url */
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -2842,57 +3180,67 @@
return SEC_SUCCESS;
}
-int
-sec_generate_quicklink_get_response(smanager_data_t *sec_data)
+int sec_generate_quicklink_get_response(smanager_data_t *sec_data)
{
int32_t len, url_len, sess_len, sphost_len, ret;
- static char base64_buffer[SESSION_COOKIE_SIZE*2];
+ static char base64_buffer[SESSION_COOKIE_SIZE * 2];
static char sphost_buffer[SESSION_COOKIE_SIZE];
- uint8_t *url_p = NULL, *sphost_p=NULL, *session_p = NULL, *end;
+ uint8_t *url_p = NULL, *sphost_p = NULL, *session_p = NULL, *end;
#define QUICKLINK_GET_STR "/quicklink_get?"
#define QUICKLINK_GET_LEN strlen(QUICKLINK_GET_STR)
- if(sec_data->req_parser_info.url_host.url_len > QUICKLINK_GET_LEN
- && strncmp(QUICKLINK_GET_STR, sec_data->req_parser_info.url_host.url_p, QUICKLINK_GET_LEN)==0) {
+ if (sec_data->req_parser_info.url_host.url_len > QUICKLINK_GET_LEN && strncmp(QUICKLINK_GET_STR, sec_data->req_parser_info.url_host.url_p, QUICKLINK_GET_LEN) == 0)
+ {
/* see if the module id matches a configured module name */
- if((url_p = strstr(sec_data->req_parser_info.url_host.url_p, "url=")) == NULL ||
+ if ((url_p = strstr(sec_data->req_parser_info.url_host.url_p, "url=")) == NULL ||
strstr(sec_data->req_parser_info.url_host.url_p, "%0a") != NULL ||
- strstr(sec_data->req_parser_info.url_host.url_p, "%0A") != NULL) {
+ strstr(sec_data->req_parser_info.url_host.url_p, "%0A") != NULL)
+ {
return SEC_FAIL;
}
url_p += 4;
/*must contain &AN_sphost*/
- if(end=strstr(url_p, SEC_AN_SPHOST_NAME)) {
- url_len = end - url_p -1;
- } else {
+ if (end = strstr(url_p, SEC_AN_SPHOST_NAME))
+ {
+ url_len = end - url_p - 1;
+ }
+ else
+ {
return SEC_FAIL;
}
DBG_PRINTF("get url(%d)(%s)\n", url_len, url_p);
- if((sphost_p = strstr(end, SEC_AN_SPHOST_NAME)) == NULL) {
+ if ((sphost_p = strstr(end, SEC_AN_SPHOST_NAME)) == NULL)
+ {
return SEC_FAIL;
}
sphost_p += SEC_AN_SPHOST_NAME_LEN + 1;
- if(end=strchr(sphost_p, '&')) {
+ if (end = strchr(sphost_p, '&'))
+ {
sphost_len = end - sphost_p;
- } else {
+ }
+ else
+ {
return SEC_FAIL;
}
- if(sphost_len<=0) {
+ if (sphost_len <= 0)
+ {
return SEC_FAIL;
}
bcopy(sphost_p, portal_temp_string, sphost_len);
portal_temp_string[sphost_len] = '\0';
sprintf(sphost_buffer, "%s=%s;path=/;secure; samesite=None", SEC_AN_SPHOST_NAME, portal_temp_string);
- if((session_p = strstr(end, "session=")) == NULL) {
+ if ((session_p = strstr(end, "session=")) == NULL)
+ {
return SEC_FAIL;
}
session_p += 8;
sess_len = (sec_data->req_parser_info.url_host.url_p +
- sec_data->req_parser_info.url_host.url_len - session_p);
- if (' ' == session_p[sess_len-1]) {
+ sec_data->req_parser_info.url_host.url_len - session_p);
+ if (' ' == session_p[sess_len - 1])
+ {
/* the url is ended with a blank space, strip it */
sess_len--;
}
@@ -2900,14 +3248,14 @@
bzero(portal_temp_string, MAX_APP_PRINT_SIZE);
unescape_string(url_p, url_len, portal_temp_string, &len, SEC_MAX_URL_LEN);
bcopy(session_p, base64_buffer, sess_len);
- session_p=base64_buffer;
+ session_p = base64_buffer;
sprintf(session_p + sess_len, "%s;secure", sec_get_domain_for_sp_cookie(sec_data));
DBG_PRINTF("quicklink_get session(%s)\n", base64_buffer);
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- base64_buffer, strlen(base64_buffer),
- sphost_buffer, strlen(sphost_buffer), NULL, 0,
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ portal_temp_string, strlen(portal_temp_string),
+ base64_buffer, strlen(base64_buffer),
+ sphost_buffer, strlen(sphost_buffer), NULL, 0,
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
return SEC_SUCCESS;
}
}
@@ -2922,137 +3270,165 @@
char *colon_pos = NULL;
char url_prefix[SEC_MAX_URL_LEN] = {0};
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- strncpy(url_prefix, "/prx/000/http/localh", SEC_MAX_URL_LEN-1);
- } else {
- strncpy(url_prefix, SEC_REWRITTEN_PREFIX, SEC_MAX_URL_LEN-1);
- }
- if ((sec_data->scheme_type == SEC_SCHEME_HTTP &&
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ strncpy(url_prefix, "/prx/000/http/localh", SEC_MAX_URL_LEN - 1);
+ }
+ else
+ {
+ strncpy(url_prefix, SEC_REWRITTEN_PREFIX, SEC_MAX_URL_LEN - 1);
+ }
+ if ((sec_data->scheme_type == SEC_SCHEME_HTTP &&
sec_data->port != SEC_DEFAULT_HTTP_PORT) ||
(sec_data->scheme_type == SEC_SCHEME_HTTPS &&
- sec_data->port != SEC_DEFAULT_HTTPS_PORT)) {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s:%d",
- sec_data->servername, sec_data->port);
- } else {
- snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", sec_data->servername);
- }
- DBG_PRINTF("enter backend:(%s)", portal_temp_string);
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_QUICKLINK_ENABLED) &&
- SEC_ISSET(sec_data->flags, SDAT_REQ_WITH_PRX))
- {
- TAILQ_FOREACH(quicklink_detail, &sec_data->vsite_p->quicklink_detail_list, next_info) {
- if (strlen(portal_temp_string) == quicklink_detail->host_with_port_len &&
- strncasecmp(quicklink_detail->hostname,
- portal_temp_string, quicklink_detail->host_with_port_len) == 0)
- {
- break;
- }
- }
- }
- if (quicklink_detail) {
- DBG_PRINTF("enter quicklink_detail (%d).", quicklink_detail->quicklink_id);
- snprintf(sec_data->session->sp_host, VSITE_DOMAIN_LEN, sec_data->req_domain);
- quicklink_info = quicklink_detail->quicklink_id;
- portal_temp_string[0] = 0;
+ sec_data->port != SEC_DEFAULT_HTTPS_PORT))
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s:%d",
+ sec_data->servername, sec_data->port);
+ }
+ else
+ {
+ snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", sec_data->servername);
+ }
+ DBG_PRINTF("enter backend:(%s)", portal_temp_string);
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_QUICKLINK_ENABLED) &&
+ SEC_ISSET(sec_data->flags, SDAT_REQ_WITH_PRX))
+ {
+ TAILQ_FOREACH(quicklink_detail, &sec_data->vsite_p->quicklink_detail_list, next_info)
+ {
+ if (strlen(portal_temp_string) == quicklink_detail->host_with_port_len &&
+ strncasecmp(quicklink_detail->hostname,
+ portal_temp_string, quicklink_detail->host_with_port_len) == 0)
+ {
+ break;
+ }
+ }
+ }
+ if (quicklink_detail)
+ {
+ DBG_PRINTF("enter quicklink_detail (%d).", quicklink_detail->quicklink_id);
+ snprintf(sec_data->session->sp_host, VSITE_DOMAIN_LEN, sec_data->req_domain);
+ quicklink_info = quicklink_detail->quicklink_id;
+ portal_temp_string[0] = 0;
snprintf(req_domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
- if (DOMAIN_IS_IPV6_ADDRESS(req_domain)) {
+ if (DOMAIN_IS_IPV6_ADDRESS(req_domain))
+ {
colon_pos = strchr(req_domain, ']');
- if (colon_pos) {
+ if (colon_pos)
+ {
colon_pos = strchr(colon_pos, ':');
}
- } else {
+ }
+ else
+ {
colon_pos = strchr(req_domain, ':');
}
- if (colon_pos != NULL) {
+ if (colon_pos != NULL)
+ {
*colon_pos = '\0';
}
- if (' ' == sec_data->req_parser_info.url_host.url_p[sec_data->req_parser_info.url_host.url_len-1]) {
- /* the url is ended with a blank space, strip it */
- sec_data->req_parser_info.url_host.url_len--;
- }
- escape_multibyte(sec_data->req_parser_info.url_host.url_p, sec_data->req_parser_info.url_host.url_len, quicklink_url_buffer, SEC_MAX_URL_LEN);
- sprint_session_cookie_for_quicklink(session_cookie_buffer, sec_data);
- if (quicklink_info->port) {
-
- sprintf(portal_temp_string, "%s://%s:%d%s%s?url=%s&%s=%s&session=%s",
- "https", req_domain, quicklink_info->port, url_prefix,
- AN_QUICKLINK_GET_PATH,
- quicklink_url_buffer,
- SEC_AN_SPHOST_NAME, sec_data->req_domain,
- session_cookie_buffer);
- } else if (quicklink_info->hostname[0]){
- if(!sec_data->req_port){
- sprintf(portal_temp_string, "%s://%s%s%s?url=%s&%s=%s&session=%s",
- "https", quicklink_info->hostname, url_prefix,
- AN_QUICKLINK_GET_PATH,
- quicklink_url_buffer,
- SEC_AN_SPHOST_NAME, sec_data->req_domain,
- session_cookie_buffer);
- } else {
- sprintf(portal_temp_string, "%s://%s:%d%s%s?url=%s&%s=%s&session=%s",
- "https", quicklink_info->hostname, sec_data->req_port, url_prefix,
- AN_QUICKLINK_GET_PATH,
- quicklink_url_buffer,
- SEC_AN_SPHOST_NAME, sec_data->req_domain,
- session_cookie_buffer);
- }
- } else if (quicklink_info->pathname[0]) {
+ if (' ' == sec_data->req_parser_info.url_host.url_p[sec_data->req_parser_info.url_host.url_len - 1])
+ {
+ /* the url is ended with a blank space, strip it */
+ sec_data->req_parser_info.url_host.url_len--;
+ }
+ escape_multibyte(sec_data->req_parser_info.url_host.url_p, sec_data->req_parser_info.url_host.url_len, quicklink_url_buffer, SEC_MAX_URL_LEN);
+ sprint_session_cookie_for_quicklink(session_cookie_buffer, sec_data);
+ if (quicklink_info->port)
+ {
+
+ sprintf(portal_temp_string, "%s://%s:%d%s%s?url=%s&%s=%s&session=%s",
+ "https", req_domain, quicklink_info->port, url_prefix,
+ AN_QUICKLINK_GET_PATH,
+ quicklink_url_buffer,
+ SEC_AN_SPHOST_NAME, sec_data->req_domain,
+ session_cookie_buffer);
+ }
+ else if (quicklink_info->hostname[0])
+ {
+ if (!sec_data->req_port)
+ {
+ sprintf(portal_temp_string, "%s://%s%s%s?url=%s&%s=%s&session=%s",
+ "https", quicklink_info->hostname, url_prefix,
+ AN_QUICKLINK_GET_PATH,
+ quicklink_url_buffer,
+ SEC_AN_SPHOST_NAME, sec_data->req_domain,
+ session_cookie_buffer);
+ }
+ else
+ {
+ sprintf(portal_temp_string, "%s://%s:%d%s%s?url=%s&%s=%s&session=%s",
+ "https", quicklink_info->hostname, sec_data->req_port, url_prefix,
+ AN_QUICKLINK_GET_PATH,
+ quicklink_url_buffer,
+ SEC_AN_SPHOST_NAME, sec_data->req_domain,
+ session_cookie_buffer);
+ }
+ }
+ else if (quicklink_info->pathname[0])
+ {
sprintf(portal_temp_string, "%s://%s/%s%s",
- "https", sec_data->req_domain, quicklink_info->pathname,
- quicklink_url_buffer);
+ "https", sec_data->req_domain, quicklink_info->pathname,
+ quicklink_url_buffer);
+ }
+ DBG_PRINTF("redirect to (%s)\n", portal_temp_string);
+ sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
+ portal_temp_string, strlen(portal_temp_string),
+ NULL, 0,
+ NULL, 0, NULL, 0,
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+
+ return SEC_REQ_QUICKLINK_REDIRECT;
+ }
+ return SEC_REQ_PROXY;
+}
+
+int sec_generate_empty_response(smanager_data_t *sec_data)
+{
+ struct frame *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+
+ in_frame = parser_frame_alloc();
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
+ return SEC_FAIL;
}
- DBG_PRINTF("redirect to (%s)\n",portal_temp_string);
- sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- NULL, 0,
- NULL, 0, NULL, 0,
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
-
- return SEC_REQ_QUICKLINK_REDIRECT;
- }
- return SEC_REQ_PROXY;
-}
-
-int sec_generate_empty_response(smanager_data_t *sec_data) {
- struct frame *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
-
- in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
- return SEC_FAIL;
- }
- cursor = in_frame->f_data;
- in_frame->f_datalen = 0;
- out_frame = in_frame;
-
- write_data("", &cursor, sizeof("") - 1, &out_frame);
-
- sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- HTTP_NOCACHE, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create empty response failed");
- parser_frame_chain_free(in_frame);
- /* customized error page url */
- redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
- return SEC_FAIL;
- }
- return SEC_SUCCESS;
+ cursor = in_frame->f_data;
+ in_frame->f_datalen = 0;
+ out_frame = in_frame;
+
+ write_data("", &cursor, sizeof("") - 1, &out_frame);
+
+ sec_data->response = create_http_response_with_bookmark(OK, in_frame,
+ HTTP_NOCACHE, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create empty response failed");
+ parser_frame_chain_free(in_frame);
+ /* customized error page url */
+ redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
+ return SEC_FAIL;
+ }
+ return SEC_SUCCESS;
}
-int sec_generate_given_response(smanager_data_t *sec_data, char *input, int len) {
+int sec_generate_given_response(smanager_data_t *sec_data, char *input, int len)
+{
struct frame *out_frame = NULL, *in_frame;
uint8_t *cursor = NULL;
- if (input == NULL || len <= 0) {
+ if (input == NULL || len <= 0)
+ {
return sec_generate_empty_response(sec_data);
}
in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
+ if (in_frame == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame for given response");
return SEC_FAIL;
}
@@ -3063,10 +3439,11 @@
write_data(input, &cursor, len, &out_frame);
sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- HTTP_NOCACHE, NULL, NULL,
- "text/html", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
+ HTTP_NOCACHE, NULL, NULL,
+ "text/html", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Create given response failed");
parser_frame_chain_free(in_frame);
/* customized error page url */
@@ -3084,7 +3461,8 @@
char buffer[128] = {0};
in_frame = parser_frame_alloc();
- if (!in_frame) {
+ if (!in_frame)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "frame allocation failed.");
return SEC_FAIL;
}
@@ -3097,7 +3475,8 @@
write_data(buffer, &cursor, strlen(buffer), &out_frame);
sec_data->response = create_http_response_with_bookmark(OK, in_frame, HTTP_NOCACHE, NULL, NULL, "text/html", NULL, sec_data, NULL, 0, 0);
- if (!sec_data->response) {
+ if (!sec_data->response)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "create HTTP response failed.");
parser_frame_chain_free(in_frame);
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -3110,17 +3489,18 @@
static int
sec_generate_nonhtml_response_winadmin(smanager_data_t *sec_data, int win64)
{
- struct frame *curr_frame = NULL, *new_chain;
- uint8_t *cursor = NULL;
+ struct frame *curr_frame = NULL, *new_chain;
+ uint8_t *cursor = NULL;
content_node_t *content = sec_data->content;
sec_vsite_t *vsite = sec_data->vsite_p;
struct frame *content_chain = NULL;
char *content_type = "application/zip";
- char np_name[VPN_NAME_MAX_LEN + 1] ={0};
+ char np_name[VPN_NAME_MAX_LEN + 1] = {0};
char zip_path[MAX_FILE_PATH_LEN] = {0};
void *temp_chain = NULL;
-
- if (vpn_netpool_winadmin_available(sec_data->vsite_p, sec_data->session->vpn_netpools) != 0) {
+
+ if (vpn_netpool_winadmin_available(sec_data->vsite_p, sec_data->session->vpn_netpools) != 0)
+ {
sec_data->response == NULL;
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
return SEC_FAIL;
@@ -3128,28 +3508,33 @@
vpn_get_netpool_name(sec_data->vsite_p, sec_data->session->vpn_netpools, np_name);
- if (win64 == 1) {
+ if (win64 == 1)
+ {
snprintf(zip_path, MAX_FILE_PATH_LEN,
- "/ca/fileshare/htdocs/client_sec/l3vpn/%s_%s_WinadminSetup_win64.zip",
- vsite->name, np_name);
- } else {
+ "/ca/fileshare/htdocs/client_sec/l3vpn/%s_%s_WinadminSetup_win64.zip",
+ vsite->name, np_name);
+ }
+ else
+ {
snprintf(zip_path, MAX_FILE_PATH_LEN,
- "/ca/fileshare/htdocs/client_sec/l3vpn/%s_%s_WinadminSetup_win32.zip",
- vsite->name, np_name);
+ "/ca/fileshare/htdocs/client_sec/l3vpn/%s_%s_WinadminSetup_win32.zip",
+ vsite->name, np_name);
}
content_chain = sec_load_dynamic_content(zip_path);
new_chain = write_frame_chunk(&curr_frame, &cursor, &content_chain);
- if (new_chain == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
- return SEC_FAIL;
+ if (new_chain == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
+ return SEC_FAIL;
}
sec_data->response = create_http_response_with_bookmark(OK, new_chain,
- 0, NULL, NULL,
- content_type, NULL, sec_data, NULL, 0, 0);
+ 0, NULL, NULL,
+ content_type, NULL, sec_data, NULL, 0, 0);
- if (sec_data->response == NULL) {
+ if (sec_data->response == NULL)
+ {
parser_frame_chain_free(new_chain);
/* customized error page url */
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -3162,8 +3547,8 @@
static int
sec_generate_nonhtml_response_logo(smanager_data_t *sec_data)
{
- struct frame *curr_frame = NULL, *new_chain;
- uint8_t *cursor = NULL;
+ struct frame *curr_frame = NULL, *new_chain;
+ uint8_t *cursor = NULL;
content_node_t *content = sec_data->content;
sec_vsite_t *vsite = sec_data->vsite_p;
struct frame *content_chain = id_to_frame_chain(content->id, 0);
@@ -3171,34 +3556,39 @@
time_t if_modif_date = sec_data->req_parser_info.if_modif_date;
char *modified_str = id_to_modified_str(content->id);
char *content_type = id_to_content_type(content->id);
- if (vsite != NULL && vsite->logo != NULL) {
+ if (vsite != NULL && vsite->logo != NULL)
+ {
content_chain = vsite->logo;
content_type = "image/gif";
modif_date = vsite->logo_last_modified;
modified_str = vsite->logo_modified_str;
}
- if (if_modif_date != -1 && if_modif_date == modif_date &&
- modified_str != NULL)
- {
- ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
- ULOG_NO655, 0,0,0,0,0,0,0);
- sec_data->response = create_304_response(
- FALSE,
- modified_str);
- } else {
- new_chain = write_frame_chunk(&curr_frame, &cursor, &content_chain);
- if (new_chain == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
- return SEC_FAIL;
- }
-
- sec_data->response = create_http_response_with_bookmark(OK, new_chain,
- 0, NULL, NULL,
- content_type, modified_str, sec_data, NULL, 0, 0);
+ if (if_modif_date != -1 && if_modif_date == modif_date &&
+ modified_str != NULL)
+ {
+ ulog_info_default(PROXY_CONN_LOGIDX(sec_data->client_conn), AMP_ULOGF_MODULE_SMANAGER,
+ ULOG_NO655, 0, 0, 0, 0, 0, 0, 0);
+ sec_data->response = create_304_response(
+ FALSE,
+ modified_str);
+ }
+ else
+ {
+ new_chain = write_frame_chunk(&curr_frame, &cursor, &content_chain);
+ if (new_chain == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "get contain failed, id %d", content->id);
+ return SEC_FAIL;
+ }
+
+ sec_data->response = create_http_response_with_bookmark(OK, new_chain,
+ 0, NULL, NULL,
+ content_type, modified_str, sec_data, NULL, 0, 0);
}
- if (sec_data->response == NULL) {
+ if (sec_data->response == NULL)
+ {
parser_frame_chain_free(new_chain);
/* customized error page url */
redirect_customized_error_page(sec_data->vsite_p, sec_data, SEC_CUSTOM_ERR_REQ);
@@ -3216,24 +3606,25 @@
char *p;
domain_buffer[0] = '\0';
- if(!sec_data->req_domain)
+ if (!sec_data->req_domain)
return domain_buffer;
snprintf(domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
p = strchr(domain, ':');
- if(p) {
+ if (p)
+ {
*p = '\0';
}
if ((SEC_ISSET(vsite->common_flags, SEC_QUICKLINK_ENABLED) ||
!SEC_ISSET(vsite->common_flags, SEC_WRM)) &&
- INADDR_NONE == inet_addr(domain)) {
+ INADDR_NONE == inet_addr(domain))
+ {
p = strchr(domain, '.');
- if(p)
+ if (p)
snprintf(domain_buffer, SEC_MAX_URL_LEN, ";domain=%s", p);
- }
+ }
return domain_buffer;
-
}
char *
@@ -3244,45 +3635,55 @@
char *p;
domain_logout_buffer[0] = '\0';
- if(!sec_data->req_domain)
+ if (!sec_data->req_domain)
return domain_logout_buffer;
snprintf(domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
p = strchr(domain, ':');
- if(p) {
+ if (p)
+ {
*p = '\0';
}
if ((SEC_ISSET(vsite->common_flags, SEC_QUICKLINK_ENABLED) ||
!SEC_ISSET(vsite->common_flags, SEC_WRM)) &&
- INADDR_NONE == inet_addr(domain)) {
+ INADDR_NONE == inet_addr(domain))
+ {
snprintf(domain_logout_buffer, SEC_MAX_URL_LEN, ";domain=.%s", domain);
- }
+ }
return domain_logout_buffer;
}
-void
-sec_clear_cookie_for_logout_response(smanager_data_t *sec_data, sec_vsite_t *vsite)
+void sec_clear_cookie_for_logout_response(smanager_data_t *sec_data, sec_vsite_t *vsite)
{
- if (*aa_clustered == 0) {
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;HttpOnly;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
- sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
- sec_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
- } else {
- snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
- sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
- sec_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
+ if (*aa_clustered == 0)
+ {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;HttpOnly;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
+ sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
+ sec_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
}
- } else {
- if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;HttpOnly;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
- ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
- ha_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
- } else {
- snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
- ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
- ha_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
+ else
+ {
+ snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
+ sec_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
+ sec_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
+ }
+ }
+ else
+ {
+ if (SEC_ISSET(vsite->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;HttpOnly;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
+ ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
+ ha_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
+ }
+ else
+ {
+ snprintf(session_cookie_buffer, SLEN(session_cookie_buffer), "%s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s;secure\r\nSet-Cookie: %s=%s; path=/;expires=Thu, 01-Jan-1970 00:00:01 GMT%s",
+ ha_cookie_session_name, vsite->name, sec_get_domain_for_sp_cookie(sec_data),
+ ha_cookie_session_name, vsite->name, sec_get_current_domain_for_logout_cookie(sec_data));
}
}
}
@@ -3293,121 +3694,137 @@
int url_len = sec_data->req_parser_info.url_host.url_len;
char *url_p = malloc(url_len + 1);
- if (url_p == NULL) {
+ if (url_p == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "allocate memory for external url failed");
return -1;
}
bzero(url_p, url_len + 1);
strncpy(url_p, sec_data->req_parser_info.url_host.url_p, url_len);
- if (sec_data->port != SEC_DEFAULT_HTTP_PORT) {
- snprintf(portal_temp_string, SLEN(portal_temp_string), "%s://%s:%d%s",
- scheme_to_string(sec_data->scheme_type),
- sec_data->servername, sec_data->port, url_p);
- } else {
- snprintf(portal_temp_string, SLEN(portal_temp_string), "%s://%s%s",
- scheme_to_string(sec_data->scheme_type),
- sec_data->servername, url_p);
- }
-
- sec_generate_redirect(sec_data, "301 Moved Permanently",
- SLEN("301 Moved Permanently"), portal_temp_string,
- strlen(portal_temp_string), NULL, 0, NULL, 0,
- NULL, 0, IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ if (sec_data->port != SEC_DEFAULT_HTTP_PORT)
+ {
+ snprintf(portal_temp_string, SLEN(portal_temp_string), "%s://%s:%d%s",
+ scheme_to_string(sec_data->scheme_type),
+ sec_data->servername, sec_data->port, url_p);
+ }
+ else
+ {
+ snprintf(portal_temp_string, SLEN(portal_temp_string), "%s://%s%s",
+ scheme_to_string(sec_data->scheme_type),
+ sec_data->servername, url_p);
+ }
+
+ sec_generate_redirect(sec_data, "301 Moved Permanently",
+ SLEN("301 Moved Permanently"), portal_temp_string,
+ strlen(portal_temp_string), NULL, 0, NULL, 0,
+ NULL, 0, IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
free(url_p);
}
-#define CLISEC_PREFIX_SIZE 64
+#define CLISEC_PREFIX_SIZE 64
/* function to erase a persistent cookie used for Sygate On Demand */
-int
-write_clean_cookie(char *out_buf, smanager_data_t *sec_data)
+int write_clean_cookie(char *out_buf, smanager_data_t *sec_data)
{
char cookie_string[CLISEC_PREFIX_SIZE] = {0};
char cookie_escape[CLISEC_PREFIX_SIZE] = {0};
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localh;/;%s;secure;samesite=None",
- CLIENTSEC_COOKIE);
- } else {
+ CLIENTSEC_COOKIE);
+ }
+ else
+ {
snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localhost;/;%s;secure;samesite=None",
- CLIENTSEC_COOKIE);
+ CLIENTSEC_COOKIE);
}
escape_string(cookie_string, cookie_escape, CLISEC_PREFIX_SIZE);
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;HttpOnly;samesite=None\r\n", cookie_escape,
- EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
- } else {
- snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;samesite=None\r\n", cookie_escape,
- EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE,
+ "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;HttpOnly;samesite=None\r\n", cookie_escape,
+ EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
}
-
- return TRUE;
+ else
+ {
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE,
+ "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;samesite=None\r\n", cookie_escape,
+ EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
+ }
+
+ return TRUE;
}
-/*
- * function to erase a clientsec cookie that indicates type of java
- * configured on the browser
+/*
+ * function to erase a clientsec cookie that indicates type of java
+ * configured on the browser
*/
-int
-write_clean_clientsec_java_cookie(char *out_buf, smanager_data_t *sec_data)
+int write_clean_clientsec_java_cookie(char *out_buf, smanager_data_t *sec_data)
{
char cookie_string[CLISEC_PREFIX_SIZE] = {0};
char cookie_escape[CLISEC_PREFIX_SIZE] = {0};
int len;
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localh;/;%s;secure;samesite=None",
- CLIENTSEC_JAVA_COOKIE);
- } else {
- snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localhost;/;%s;secure;samesite=None",
- CLIENTSEC_JAVA_COOKIE);
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localh;/;%s;secure;samesite=None",
+ CLIENTSEC_JAVA_COOKIE);
+ }
+ else
+ {
+ snprintf(cookie_string, CLISEC_PREFIX_SIZE, "NSCOOKIE;localhost;/;%s;secure;samesite=None",
+ CLIENTSEC_JAVA_COOKIE);
}
escape_string(cookie_string, cookie_escape, CLISEC_PREFIX_SIZE);
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;HttpOnly;samesite=None\r\n", cookie_escape,
- EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
- } else {
- snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;samesite=None\r\n", cookie_escape,
- EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE,
+ "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;HttpOnly;samesite=None\r\n", cookie_escape,
+ EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
+ }
+ else
+ {
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE,
+ "Set-Cookie: %s=erase;expires=%s; path=/%s;secure;samesite=None\r\n", cookie_escape,
+ EXPIRE_CLIENTSEC_COOKIE, sec_get_domain_for_sp_cookie(sec_data));
}
- return TRUE;
+ return TRUE;
}
-/*
- * function to insert a 2stage cookie, which indicates that
+/*
+ * function to insert a 2stage cookie, which indicates that
* stage 2 of the clientsec has been envoked
*/
-static int
+static int
write_clientsec_stage2_cookie(char *out_buf, smanager_data_t *sec_data)
{
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=2; path=/%s;secure;HttpOnly;samesite=None\r\n",
- SEC_AN_CLIENTSEC_STAGE_COOKIE_NAME, sec_get_domain_for_sp_cookie(sec_data));
- } else {
- snprintf(out_buf, MAX_SET_COOKIE_SIZE,
- "Set-Cookie: %s=2; path=/%s;secure;samesite=None\r\n",
- SEC_AN_CLIENTSEC_STAGE_COOKIE_NAME, sec_get_domain_for_sp_cookie(sec_data));
+ "Set-Cookie: %s=2; path=/%s;secure;HttpOnly;samesite=None\r\n",
+ SEC_AN_CLIENTSEC_STAGE_COOKIE_NAME, sec_get_domain_for_sp_cookie(sec_data));
+ }
+ else
+ {
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE,
+ "Set-Cookie: %s=2; path=/%s;secure;samesite=None\r\n",
+ SEC_AN_CLIENTSEC_STAGE_COOKIE_NAME, sec_get_domain_for_sp_cookie(sec_data));
}
-
- return TRUE;
+
+ return TRUE;
}
-int
-write_clientsec_persist_cookie(char *out_buf, smanager_data_t *sec_data)
+int write_clientsec_persist_cookie(char *out_buf, smanager_data_t *sec_data)
{
- char *value = sec_data->client_sec_info;
- snprintf(out_buf, MAX_SET_COOKIE_SIZE*2,
- "%s%s; path=/%s; secure;samesite=None\r\n", CLIENTSEC_SETCOOKIE_PREFIX,
- value, sec_get_domain_for_sp_cookie(sec_data));
+ char *value = sec_data->client_sec_info;
+ snprintf(out_buf, MAX_SET_COOKIE_SIZE * 2,
+ "%s%s; path=/%s; secure;samesite=None\r\n", CLIENTSEC_SETCOOKIE_PREFIX,
+ value, sec_get_domain_for_sp_cookie(sec_data));
- return TRUE;
+ return TRUE;
}
static int32_t
@@ -3415,9 +3832,12 @@
{
int32_t i;
- for (i = 0; i < url_len; i++) {
- if (url[i] == ':' && i + 2 < url_len) {
- if (url[i+1] == '/' && url[i+2] == '/') {
+ for (i = 0; i < url_len; i++)
+ {
+ if (url[i] == ':' && i + 2 < url_len)
+ {
+ if (url[i + 1] == '/' && url[i + 2] == '/')
+ {
break;
}
}
@@ -3426,10 +3846,9 @@
return i;
}
-void
-sec_generate_rewrite_redirect_with_bookmark(struct smanager_data *sec_data,
- uint8_t *url_p, length_t url_len,
- uint8_t *bookmark_cookie, length_t bookmark_cookie_len)
+void sec_generate_rewrite_redirect_with_bookmark(struct smanager_data *sec_data,
+ uint8_t *url_p, length_t url_len,
+ uint8_t *bookmark_cookie, length_t bookmark_cookie_len)
{
int32_t host_offset, result_len = 0;
uint8_t *cur_pos, non_local = TRUE;
@@ -3438,16 +3857,17 @@
sec_flags_t rewrite_flags;
SEC_FLAGS_INIT(rewrite_flags);
- if (site != NULL) {
+ if (site != NULL)
+ {
SEC_FLAGS_COPY(site->common_flags, rewrite_flags);
}
- if (SEC_GET_PREFIX_LEN(rewrite_flags) + GET_MASKED_SIZE(url_len) >=
- MAX_PORTAL_STRING_SIZE)
+ if (SEC_GET_PREFIX_LEN(rewrite_flags) + GET_MASKED_SIZE(url_len) >=
+ MAX_PORTAL_STRING_SIZE)
{
sec_generate_error_response(sec_data, FALSE, SERVER_ERROR,
- SEC_CUSTOM_ERR_INTERNAL,
- sec_language_get_msg_ex(sec_data, 224));
+ SEC_CUSTOM_ERR_INTERNAL,
+ sec_language_get_msg_ex(sec_data, 224));
return;
}
@@ -3456,107 +3876,123 @@
host_offset = sec_get_host_offset(url_p, url_len);
bcopy(SEC_GET_PREFIX(rewrite_flags), cur_pos,
- SEC_GET_PREFIX_LEN(rewrite_flags));
+ SEC_GET_PREFIX_LEN(rewrite_flags));
cur_pos += SEC_GET_PREFIX_LEN(rewrite_flags);
result_len = SEC_GET_PREFIX_LEN(rewrite_flags);
- if (url_len - host_offset > 0) {
+ if (url_len - host_offset > 0)
+ {
/* We found '://', copy in everything except for the ':/' */
bcopy(url_p, cur_pos, host_offset);
bcopy(url_p + host_offset + 2, cur_pos + host_offset,
- url_len - (host_offset + 2));
+ url_len - (host_offset + 2));
url_len = (host_offset + (url_len - (host_offset + 2)));
result_len += url_len;
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- if( strncasecmp(url_p + host_offset + 3, "localh/",
- strlen("localh/")) == 0 ) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ if (strncasecmp(url_p + host_offset + 3, "localh/",
+ strlen("localh/")) == 0)
+ {
non_local = FALSE;
}
- } else {
- if( strncasecmp(url_p + host_offset + 3, DNS_LOCAL_HOST"/",
- strlen(DNS_LOCAL_HOST"/")) == 0 ) {
+ }
+ else
+ {
+ if (strncasecmp(url_p + host_offset + 3, DNS_LOCAL_HOST "/",
+ strlen(DNS_LOCAL_HOST "/")) == 0)
+ {
non_local = FALSE;
}
}
- } else {
+ }
+ else
+ {
/* We didn't find '://', so hope for the best. the AI case will */
/* enter here so add http/ which is a pretty good guess anyway. */
/* We also enter here from req_decode when the request URL does */
/* not have a path, i.e. 'http://www.google.com'. In this case, */
/* URL will be 'http/www.google.com/' so don't prepend 'http/'. */
- if (url_len > 5 && strncmp(url_p, "http", 4) != 0) {
+ if (url_len > 5 && strncmp(url_p, "http", 4) != 0)
+ {
bcopy("http/", cur_pos, 5);
- bcopy(url_p, cur_pos+5, url_len);
+ bcopy(url_p, cur_pos + 5, url_len);
url_len += 5;
result_len += url_len;
- }else{
+ }
+ else
+ {
bcopy(url_p, cur_pos, url_len);
result_len += url_len;
}
}
- if (non_local && SEC_ISSET(rewrite_flags, SEC_MASK_URLS)) {
+ if (non_local && SEC_ISSET(rewrite_flags, SEC_MASK_URLS))
+ {
uint8_t *masked_url;
int32_t masked_url_len = 0;
uint32_t session_id = INVALID_SESSION_ID;
- if(sec_data->session) {
+ if (sec_data->session)
+ {
session_id = sec_data->session->session_id;
- }else{
+ }
+ else
+ {
session_id = sec_data->session_id_in_url;
- }
+ }
masked_url = malloc(GET_MASKED_SIZE(url_len));
- if (masked_url != NULL) {
+ if (masked_url != NULL)
+ {
masked_url_len = rewrite_api_get_url_encoding(cur_pos, url_len,
- masked_url, GET_MASKED_SIZE(url_len), rewrite_flags, session_id);
- if (masked_url_len > 0) {
+ masked_url, GET_MASKED_SIZE(url_len), rewrite_flags, session_id);
+ if (masked_url_len > 0)
+ {
bcopy(masked_url, cur_pos, masked_url_len);
result_len = SEC_GET_PREFIX_LEN(rewrite_flags) + masked_url_len;
}
free(masked_url);
}
- }
+ }
sec_generate_redirect(sec_data, "301 Moved Permanently",
- SLEN("301 Moved Permanently"), portal_url_string,
- result_len, NULL, 0, NULL, 0,
- bookmark_cookie, bookmark_cookie_len,
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ SLEN("301 Moved Permanently"), portal_url_string,
+ result_len, NULL, 0, NULL, 0,
+ bookmark_cookie, bookmark_cookie_len,
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
}
-void
-sec_generate_rewrite_redirect(struct smanager_data *sec_data,
- uint8_t *url_p, length_t url_len)
+void sec_generate_rewrite_redirect(struct smanager_data *sec_data,
+ uint8_t *url_p, length_t url_len)
{
- return (sec_generate_rewrite_redirect_with_bookmark(sec_data, url_p, url_len, NULL, 0));
+ return (sec_generate_rewrite_redirect_with_bookmark(sec_data, url_p, url_len, NULL, 0));
}
-/*
+/*
* get the current time in GMT format
- *
+ *
* e.g., "Fri, 20-Sep-2002 14:14:00 GMT"
*/
char *
get_GMT_time(long offset)
{
- static char time_str[30];
- time_t cur_time;
- struct tm *tmp;
- /* long timezone_offset; */
- static char *dow[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
- static char *month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
-
- cur_time = get_curtime();
- cur_time += offset;
- tmp = gmtime(&cur_time); /* get the time in GMT */
-
- snprintf(time_str, 30, "%s, %02d-%s-%04d %02d:%02d:%02d GMT",
- dow[tmp->tm_wday], tmp->tm_mday, month[tmp->tm_mon],
- tmp->tm_year + 1900, tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+ static char time_str[30];
+ time_t cur_time;
+ struct tm *tmp;
+ /* long timezone_offset; */
+ static char *dow[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+ static char *month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+
+ cur_time = get_curtime();
+ cur_time += offset;
+ tmp = gmtime(&cur_time); /* get the time in GMT */
+
+ snprintf(time_str, 30, "%s, %02d-%s-%04d %02d:%02d:%02d GMT",
+ dow[tmp->tm_wday], tmp->tm_mday, month[tmp->tm_mon],
+ tmp->tm_year + 1900, tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
- return time_str;
+ return time_str;
}
static void
@@ -3566,66 +4002,71 @@
sec_session_t *sec_session = sec_data->session;
sec_vsite_t *site = sec_data->vsite_p;
data_p = session_cookie_buffer;
- if (*aa_clustered == 0) {
+ if (*aa_clustered == 0)
+ {
data_p += sprintf(data_p, "%s=%s+%08x_%s;", sec_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
- } else {
+ site->name, sec_session->session_id, sec_session->signature);
+ }
+ else
+ {
data_p += sprintf(data_p, "%s=%s+%08x_%s;", ha_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
+ site->name, sec_session->session_id, sec_session->signature);
}
- if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE)) {
+ if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE))
+ {
data_p += sprintf(data_p, "expires=%s;", get_GMT_time(site->idle_timeout));
}
data_p += sprintf(data_p, "path=/;secure;samesite=None");
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- data_p += sprintf(data_p, ";HttpOnly");
- }
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ data_p += sprintf(data_p, ";HttpOnly");
+ }
return;
}
-char* genRandomString(int length)
-{
- int flag, i;
- char* string;
- srand((unsigned) time(NULL ));
- if ((string = (char*) malloc(length + 1)) == NULL )
- {
- ulog_error_no_conn(AMP_ULOG_HTTP_PROXY, "%s: failed to malloc\n", __func__);
- return NULL ;
- }
-
- for (i = 0; i < length; i++)
- {
- flag = rand() % 3;
- switch (flag)
- {
- case 0:
- string[i] = 'A' + rand() % 26;
- break;
- case 1:
- string[i] = 'a' + rand() % 26;
- break;
- case 2:
- string[i] = '0' + rand() % 10;
- break;
- default:
- string[i] = 'x';
- break;
- }
- }
- if (length > 45) {/* for hardware_id string */
- string[32] = '|';
- string[45] = ';';
- }
- string[length] = '\0';
- return string;
-}
-
-void
-snprint_session_cookie(uint8_t *session_cookie_buffer, smanager_data_t *sec_data, uint32_t buf_size)
-{
+char *genRandomString(int length)
+{
+ int flag, i;
+ char *string;
+ srand((unsigned)time(NULL));
+ if ((string = (char *)malloc(length + 1)) == NULL)
+ {
+ ulog_error_no_conn(AMP_ULOG_HTTP_PROXY, "%s: failed to malloc\n", __func__);
+ return NULL;
+ }
+
+ for (i = 0; i < length; i++)
+ {
+ flag = rand() % 3;
+ switch (flag)
+ {
+ case 0:
+ string[i] = 'A' + rand() % 26;
+ break;
+ case 1:
+ string[i] = 'a' + rand() % 26;
+ break;
+ case 2:
+ string[i] = '0' + rand() % 10;
+ break;
+ default:
+ string[i] = 'x';
+ break;
+ }
+ }
+ if (length > 45)
+ { /* for hardware_id string */
+ string[32] = '|';
+ string[45] = ';';
+ }
+ string[length] = '\0';
+ return string;
+}
+
+void snprint_session_cookie(uint8_t *session_cookie_buffer, smanager_data_t *sec_data, uint32_t buf_size)
+{
uint8_t *data_p;
sec_session_t *sec_session = sec_data->session;
sec_vsite_t *site = sec_data->vsite_p;
@@ -3634,92 +4075,124 @@
uint32_t len = 0;
data_p = session_cookie_buffer;
- if (*aa_clustered == 0) {
- len += snprintf(data_p, buf_size, "%s=%s+%08x_%s;", sec_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
- } else {
- len += snprintf(data_p, buf_size, "%s=%s+%08x_%s;", ha_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
+ if (*aa_clustered == 0)
+ {
+ len += snprintf(data_p, buf_size, "%s=%s+%08x_%s;", sec_cookie_session_name,
+ site->name, sec_session->session_id, sec_session->signature);
}
- if (len >= buf_size) return;
+ else
+ {
+ len += snprintf(data_p, buf_size, "%s=%s+%08x_%s;", ha_cookie_session_name,
+ site->name, sec_session->session_id, sec_session->signature);
+ }
+ if (len >= buf_size)
+ return;
- if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE)) {
- len += snprintf(data_p+len, buf_size-len, "expires=%s;", get_GMT_time(site->idle_timeout));
- if (len >= buf_size) return;
+ if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE))
+ {
+ len += snprintf(data_p + len, buf_size - len, "expires=%s;", get_GMT_time(site->idle_timeout));
+ if (len >= buf_size)
+ return;
}
- len += snprintf(data_p+len, buf_size-len, "path=/%s; secure; samesite=None", sec_get_domain_for_sp_cookie(sec_data));
- if (len >= buf_size) return;
+ len += snprintf(data_p + len, buf_size - len, "path=/%s; secure; samesite=None", sec_get_domain_for_sp_cookie(sec_data));
+ if (len >= buf_size)
+ return;
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
}
- if (sec_data->req_domain != NULL) {
+ if (sec_data->req_domain != NULL)
+ {
snprintf(domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
p = strchr(domain, ':');
- if(p) {
+ if (p)
+ {
*p = '\0';
}
/* domain is not IPv6 or IPv4 */
- if (strchr(domain, '[') == NULL && !is_ip_address(domain, strlen(domain))) {
- len += snprintf(data_p+len, buf_size-len, "\r\nSet-Cookie: ");
- if (len >= buf_size) return;
+ if (strchr(domain, '[') == NULL && !is_ip_address(domain, strlen(domain)))
+ {
+ len += snprintf(data_p + len, buf_size - len, "\r\nSet-Cookie: ");
+ if (len >= buf_size)
+ return;
- if (*aa_clustered == 0) {
- len += snprintf(data_p+len, buf_size-len, "%s=%s+%08x_%s;", sec_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
- } else {
- len += snprintf(data_p+len, buf_size-len, "%s=%s+%08x_%s;", ha_cookie_session_name,
- site->name, sec_session->session_id, sec_session->signature);
+ if (*aa_clustered == 0)
+ {
+ len += snprintf(data_p + len, buf_size - len, "%s=%s+%08x_%s;", sec_cookie_session_name,
+ site->name, sec_session->session_id, sec_session->signature);
}
- if (len >= buf_size) return;
+ else
+ {
+ len += snprintf(data_p + len, buf_size - len, "%s=%s+%08x_%s;", ha_cookie_session_name,
+ site->name, sec_session->session_id, sec_session->signature);
+ }
+ if (len >= buf_size)
+ return;
- if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE)) {
- len += snprintf(data_p+len, buf_size-len, "expires=%s;", get_GMT_time(site->idle_timeout));
- if (len >= buf_size) return;
+ if (SEC_ISSET(site->common_flags, SEC_COOKIE_EXPIRE))
+ {
+ len += snprintf(data_p + len, buf_size - len, "expires=%s;", get_GMT_time(site->idle_timeout));
+ if (len >= buf_size)
+ return;
}
- len += snprintf(data_p+len, buf_size-len, "path=/;domain=.%s;secure;samesite=None", domain);
- if (len >= buf_size) return;
+ len += snprintf(data_p + len, buf_size - len, "path=/;domain=.%s;secure;samesite=None", domain);
+ if (len >= buf_size)
+ return;
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
}
}
}
- if (sec_session->username[0]) {
- len += snprintf(data_p+len, buf_size-len,
- "\r\nSet-Cookie: username=%s;path=/;secure;samesite=None", sec_session->username);
- if (len >= buf_size) return;
+ if (sec_session->username[0])
+ {
+ len += snprintf(data_p + len, buf_size - len,
+ "\r\nSet-Cookie: username=%s;path=/;secure;samesite=None", sec_session->username);
+ if (len >= buf_size)
+ return;
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
}
}
/*for bug 73932*/
ulog_error_no_conn(AMP_ULOG_HTTP_PROXY, "prt_sess_cookie: pwdinsess: %s\n", sec_session->password);
- if (sec_session->password[0]) {
- char masked_pwd[GET_MASKED_SIZE(SESSMGR_PWORD_BUF_SIZE + 1)] ;
+ if (sec_session->password[0])
+ {
+ char masked_pwd[GET_MASKED_SIZE(SESSMGR_PWORD_BUF_SIZE + 1)];
int32_t mask_len = GET_MASKED_SIZE(SESSMGR_PWORD_BUF_SIZE + 1), masked_len;
sec_flags_t common_flags;
char escaped_hw_id[SEC_HARDWAREID_LEN * 3 + 1] = {'\0'};
- if (sec_session->hardware_id[0]) {
- char* hostname = strstr(sec_session->hardware_id, "hostname=");
- if (hostname != NULL && hostname != &sec_session->hardware_id[0]) {
+ if (sec_session->hardware_id[0])
+ {
+ char *hostname = strstr(sec_session->hardware_id, "hostname=");
+ if (hostname != NULL && hostname != &sec_session->hardware_id[0])
+ {
*(hostname - 1) = '\0';
- }
- escape_string(sec_session->hardware_id, escaped_hw_id, sizeof(escaped_hw_id)-1);
- } else { /* aaa hardwareid off */
- char *tmp =genRandomString(46);
- if (NULL != tmp) {
- escape_string(tmp, escaped_hw_id, sizeof(escaped_hw_id)-1);
+ }
+ escape_string(sec_session->hardware_id, escaped_hw_id, sizeof(escaped_hw_id) - 1);
+ }
+ else
+ { /* aaa hardwareid off */
+ char *tmp = genRandomString(46);
+ if (NULL != tmp)
+ {
+ escape_string(tmp, escaped_hw_id, sizeof(escaped_hw_id) - 1);
free(tmp);
}
}
@@ -3729,40 +4202,49 @@
SEC_SET(common_flags, SEC_MASK_DYNAMIC);
SEC_SET(common_flags, SEC_MASK_FILENAME);
masked_len = rewrite_api_get_url_encoding(sec_session->password, strlen(sec_session->password),
- (uint8_t *)masked_pwd, mask_len, common_flags,
- sec_session->session_id);
+ (uint8_t *)masked_pwd, mask_len, common_flags,
+ sec_session->session_id);
ulog_error_no_conn(AMP_ULOG_HTTP_PROXY, "prt_sess_cookie: masklen: %d, %s\n", masked_len, escaped_hw_id);
if ((masked_len > 0) && (escaped_hw_id[0]))
{
- len += snprintf(data_p+len, buf_size-len,
- "\r\nSet-Cookie: role_xid=%s_%s;path=/;secure;samesite=None;",escaped_hw_id, masked_pwd+8);
- if (len >= buf_size) return;
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
- }
- }
- }
-
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_APP_SSO_DESKTOPDIRECT)
- && sec_session->app_sso_info.sso_account[0])
- {
- len += snprintf(data_p+len, buf_size-len, "\r\nSet-Cookie: sso_uname=%s;path=/;secure;samesite=None",
- sec_session->app_sso_info.sso_account);
- if (len >= buf_size) return;
-
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
+ len += snprintf(data_p + len, buf_size - len,
+ "\r\nSet-Cookie: role_xid=%s_%s;path=/;secure;samesite=None;", escaped_hw_id, masked_pwd + 8);
+ if (len >= buf_size)
+ return;
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
+ }
+ }
+ }
+
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_APP_SSO_DESKTOPDIRECT) && sec_session->app_sso_info.sso_account[0])
+ {
+ len += snprintf(data_p + len, buf_size - len, "\r\nSet-Cookie: sso_uname=%s;path=/;secure;samesite=None",
+ sec_session->app_sso_info.sso_account);
+ if (len >= buf_size)
+ return;
+
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
}
}
- if (sec_data->role_names[0]) {
- len += snprintf(data_p+len, buf_size-len, "\r\nSet-Cookie: role_names=%s;path=/;secure;samesite=None", sec_data->role_names);
- if (len >= buf_size) return;
- if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- len += snprintf(data_p+len, buf_size-len, ";HttpOnly");
- if (len >= buf_size) return;
+ if (sec_data->role_names[0])
+ {
+ len += snprintf(data_p + len, buf_size - len, "\r\nSet-Cookie: role_names=%s;path=/;secure;samesite=None", sec_data->role_names);
+ if (len >= buf_size)
+ return;
+ if (SEC_ISSET(site->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ len += snprintf(data_p + len, buf_size - len, ";HttpOnly");
+ if (len >= buf_size)
+ return;
}
}
@@ -3774,89 +4256,98 @@
static int8_t
get_sessid_bounds(uint8_t *cookie, uint8_t **sessid_start, uint8_t **right_side)
{
- int16_t cookie_len;
+ int16_t cookie_len;
+
+ cookie_len = strlen(cookie);
+ *sessid_start = strstr(cookie, AN_NAV_SESSID_CODE);
+
+ if (NULL == *sessid_start)
+ {
+ *sessid_start = strstr(cookie, AN_NAV_SESSID_CODE_UPPER);
+ }
- cookie_len = strlen(cookie);
- *sessid_start = strstr(cookie, AN_NAV_SESSID_CODE);
+ if (*sessid_start)
+ {
+ *right_side = *sessid_start + (sizeof(AN_NAV_SESSID_CODE) - 1) +
+ AN_NAV_SESSID_LEN;
- if (NULL == *sessid_start) {
- *sessid_start = strstr(cookie, AN_NAV_SESSID_CODE_UPPER);
- }
-
- if (*sessid_start) {
- *right_side = *sessid_start + (sizeof(AN_NAV_SESSID_CODE)-1) +
- AN_NAV_SESSID_LEN;
-
- if (*right_side > (cookie + cookie_len)) {
- /* client must have given us a bum cookie */
- *right_side = NULL;
- *sessid_start = NULL;
- return 1;
- }
- }
+ if (*right_side > (cookie + cookie_len))
+ {
+ /* client must have given us a bum cookie */
+ *right_side = NULL;
+ *sessid_start = NULL;
+ return 1;
+ }
+ }
- return 0;
+ return 0;
}
static void
sprint_nav_cookie(char *buffer, smanager_data_t *sec_data)
-{
- struct proxy_conn_data *conn_data = sec_data->client_conn;
- sec_vsite_t *site = sec_data->vsite_p;
+{
+ struct proxy_conn_data *conn_data = sec_data->client_conn;
+ sec_vsite_t *site = sec_data->vsite_p;
uint32_t session_id = sec_data->session_id;
- char *nav_cookie_name;
+ char *nav_cookie_name;
- uint8_t *buffer_p, *session_id_start, *rightside_start;
- int16_t nav_conf_len;
- int8_t rc;
-
- session_id_start = NULL;
-
- if (sec_data->nav_cookie) {
- /* Client already has AN_NAV cookie; look for a session id parameter */
- rc = get_sessid_bounds(sec_data->nav_cookie, &session_id_start,
- &rightside_start);
- if (!rc && NULL == session_id_start) {
- /*
- * the cookie looks valid but doesn't have a session ID; set the
- * start and end pointers to the end-of-cookie marker
- */
- session_id_start = strstr(sec_data->nav_cookie, AN_NAV_COOKIE_END);
- rightside_start = session_id_start;
- /*
- * if strstr() returns NULL, the client sent a corrupt nav
- * cookie, so we'll just set the default one
- */
- }
- }
+ uint8_t *buffer_p, *session_id_start, *rightside_start;
+ int16_t nav_conf_len;
+ int8_t rc;
+
+ session_id_start = NULL;
+
+ if (sec_data->nav_cookie)
+ {
+ /* Client already has AN_NAV cookie; look for a session id parameter */
+ rc = get_sessid_bounds(sec_data->nav_cookie, &session_id_start,
+ &rightside_start);
+ if (!rc && NULL == session_id_start)
+ {
+ /*
+ * the cookie looks valid but doesn't have a session ID; set the
+ * start and end pointers to the end-of-cookie marker
+ */
+ session_id_start = strstr(sec_data->nav_cookie, AN_NAV_COOKIE_END);
+ rightside_start = session_id_start;
+ /*
+ * if strstr() returns NULL, the client sent a corrupt nav
+ * cookie, so we'll just set the default one
+ */
+ }
+ }
nav_cookie_name = AN_NAV_COOKIE;
- buffer_p = buffer;
+ buffer_p = buffer;
+
+ if (session_id_start)
+ {
+ /* copy the client's navtool configuration parameters */
+ nav_conf_len = session_id_start - sec_data->nav_cookie;
- if (session_id_start) {
- /* copy the client's navtool configuration parameters */
- nav_conf_len = session_id_start - sec_data->nav_cookie;
-
- buffer_p += sprintf(buffer_p, "%s=", nav_cookie_name);
-
- bcopy(sec_data->nav_cookie, buffer_p, nav_conf_len);
- buffer_p += nav_conf_len;
-
- buffer_p += sprintf(buffer_p, "%s%08x%s", AN_NAV_SESSID_CODE,
- session_id, rightside_start);
- } else {
- /* set default navtool cookie */
- buffer_p += sprintf(buffer_p, "%s=%s%s%08x%s", nav_cookie_name,
- AN_NAV_COOKIE_DEFAULT, AN_NAV_SESSID_CODE,
- session_id, AN_NAV_COOKIE_END);
- }
-
- buffer_p += sprintf(buffer_p, ";expires=%s;path=/; secure;samesite=None",
- get_GMT_time(31536000));
- if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY)) {
- buffer_p += sprintf(buffer_p, ";HttpOnly");
- }
+ buffer_p += sprintf(buffer_p, "%s=", nav_cookie_name);
+
+ bcopy(sec_data->nav_cookie, buffer_p, nav_conf_len);
+ buffer_p += nav_conf_len;
+
+ buffer_p += sprintf(buffer_p, "%s%08x%s", AN_NAV_SESSID_CODE,
+ session_id, rightside_start);
+ }
+ else
+ {
+ /* set default navtool cookie */
+ buffer_p += sprintf(buffer_p, "%s=%s%s%08x%s", nav_cookie_name,
+ AN_NAV_COOKIE_DEFAULT, AN_NAV_SESSID_CODE,
+ session_id, AN_NAV_COOKIE_END);
+ }
+
+ buffer_p += sprintf(buffer_p, ";expires=%s;path=/; secure;samesite=None",
+ get_GMT_time(31536000));
+ if (SEC_ISSET(sec_data->vsite_p->common_flags, SEC_SETCOOKIE_HTTPONLY))
+ {
+ buffer_p += sprintf(buffer_p, ";HttpOnly");
+ }
DBG_PRINTF("nav cookie: %s", buffer);
}
@@ -3865,17 +4356,20 @@
{
uint8_t *session_id_start, *rightside_start;
uint32_t session_id = INVALID_SESSION_ID;
- static uint8_t session_id_string[AN_NAV_SESSID_LEN+1];
+ static uint8_t session_id_string[AN_NAV_SESSID_LEN + 1];
int8_t rc;
session_id_start = NULL;
- if (sec_data && sec_data->nav_cookie) {
+ if (sec_data && sec_data->nav_cookie)
+ {
rc = get_sessid_bounds(sec_data->nav_cookie, &session_id_start,
- &rightside_start);
- if (!rc && session_id_start) {
- session_id_start += (sizeof(AN_NAV_SESSID_CODE)-1);
- if ((rightside_start - session_id_start) == AN_NAV_SESSID_LEN) {
+ &rightside_start);
+ if (!rc && session_id_start)
+ {
+ session_id_start += (sizeof(AN_NAV_SESSID_CODE) - 1);
+ if ((rightside_start - session_id_start) == AN_NAV_SESSID_LEN)
+ {
bcopy(session_id_start, session_id_string, AN_NAV_SESSID_LEN);
session_id_string[AN_NAV_SESSID_LEN] = '\0';
@@ -3889,206 +4383,244 @@
static void
sec_generate_portal_theme_redirect(smanager_data_t *sec_data,
- sec_vsite_t *vsite, ai_page_t *page)
+ sec_vsite_t *vsite, ai_page_t *page)
{
uint32_t bookmark_cookie_len = 0;
- uint8_t *bookmark_cookie = NULL;
+ uint8_t *bookmark_cookie = NULL;
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
- page->id, page->ai_url + page->path_pos +
- (page->ai_url[page->path_pos] == '/' ? 1 : 0));
- } else {
+ HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
+ page->id, page->ai_url + page->path_pos + (page->ai_url[page->path_pos] == '/' ? 1 : 0));
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
- page->id, page->ai_url + page->path_pos +
- (page->ai_url[page->path_pos] == '/' ? 1 : 0));
+ HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
+ page->id, page->ai_url + page->path_pos + (page->ai_url[page->path_pos] == '/' ? 1 : 0));
}
snprint_session_cookie(session_cookie_buffer, sec_data, sizeof(session_cookie_buffer));
- sprint_nav_cookie(nav_cookie_buffer, sec_data);
- if (sec_data->bookmark_cookie) {
- bookmark_cookie = SEC_AN_BOOKMARK_COOKIE_EXPIRES;
- bookmark_cookie_len = SLEN(SEC_AN_BOOKMARK_COOKIE_EXPIRES);
- } else {
- bookmark_cookie = NULL;
- bookmark_cookie_len = 0;
- }
-
+ sprint_nav_cookie(nav_cookie_buffer, sec_data);
+ if (sec_data->bookmark_cookie)
+ {
+ bookmark_cookie = SEC_AN_BOOKMARK_COOKIE_EXPIRES;
+ bookmark_cookie_len = SLEN(SEC_AN_BOOKMARK_COOKIE_EXPIRES);
+ }
+ else
+ {
+ bookmark_cookie = NULL;
+ bookmark_cookie_len = 0;
+ }
+
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- session_cookie_buffer, strlen(session_cookie_buffer),
- nav_cookie_buffer, strlen(nav_cookie_buffer),
- bookmark_cookie, bookmark_cookie_len,
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ portal_temp_string, strlen(portal_temp_string),
+ session_cookie_buffer, strlen(session_cookie_buffer),
+ nav_cookie_buffer, strlen(nav_cookie_buffer),
+ bookmark_cookie, bookmark_cookie_len,
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
}
static void
sec_generate_portal_theme_logout_redirect(smanager_data_t *sec_data,
- sec_vsite_t *vsite, ai_page_t *page, sec_session_t *session)
+ sec_vsite_t *vsite, ai_page_t *page, sec_session_t *session)
{
uint32_t bookmark_cookie_len = 0;
uint8_t *bookmark_cookie = NULL;
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
- page->id, page->ai_url + page->path_pos +
- (page->ai_url[page->path_pos] == '/' ? 1 : 0));
- } else {
+ HTTPS_SCHEME, sec_data->req_domain, "/prx/000/http/localh",
+ page->id, page->ai_url + page->path_pos + (page->ai_url[page->path_pos] == '/' ? 1 : 0));
+ }
+ else
+ {
snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s/%s/%s",
- HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
- page->id, page->ai_url + page->path_pos +
- (page->ai_url[page->path_pos] == '/' ? 1 : 0));
+ HTTPS_SCHEME, sec_data->req_domain, SEC_REWRITTEN_PREFIX,
+ page->id, page->ai_url + page->path_pos + (page->ai_url[page->path_pos] == '/' ? 1 : 0));
}
sec_clear_cookie_for_logout_response(sec_data, vsite);
sprint_nav_cookie(nav_cookie_buffer, sec_data);
- if (sec_data->bookmark_cookie) {
+ if (sec_data->bookmark_cookie)
+ {
bookmark_cookie = SEC_AN_BOOKMARK_COOKIE_EXPIRES;
bookmark_cookie_len = SLEN(SEC_AN_BOOKMARK_COOKIE_EXPIRES);
- } else {
+ }
+ else
+ {
bookmark_cookie = NULL;
bookmark_cookie_len = 0;
}
sec_generate_redirect(sec_data, "302 Redirect", SLEN("302 Redirect"),
- portal_temp_string, strlen(portal_temp_string),
- session_cookie_buffer, strlen(session_cookie_buffer),
- nav_cookie_buffer, strlen(nav_cookie_buffer),
- bookmark_cookie, bookmark_cookie_len,
- IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
+ portal_temp_string, strlen(portal_temp_string),
+ session_cookie_buffer, strlen(session_cookie_buffer),
+ nav_cookie_buffer, strlen(nav_cookie_buffer),
+ bookmark_cookie, bookmark_cookie_len,
+ IGNORE_CLIENTSEC_COOKIE, SEC_GENERATE_REDIR_NOFLAGS);
}
static void
-sec_generate_logout_response(struct smanager_data *sec_data,
- sec_session_t *session, sec_vsite_t *site, uint8_t clean_pcookie)
+sec_generate_logout_response(struct smanager_data *sec_data,
+ sec_session_t *session, sec_vsite_t *site, uint8_t clean_pcookie)
{
- struct frame *final_page, *out_frame = NULL, *in_frame;
- uint8_t *cursor = NULL;
- uint8_t version = 0;
- char *lang_string;
- int32_t lang_str_len;
- uint8_t *nav_cookie_p = NULL;
-
- version = site->default_theme;
- in_frame = id_to_frame_chain(LOGOUT_ID, version);
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
- "Static logout content is not available");
- sec_generate_error_response(sec_data, FALSE, SERVER_ERROR,
- SEC_CUSTOM_ERR_INTERNAL,
- sec_language_get_msg_ex(sec_data, 234));
- return;
- }
-
- final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
- sec_generate_logout_js_response(sec_data, &out_frame, &cursor);
-
- if (sec_data && sec_data->nav_cookie) {
- sprint_nav_cookie(nav_cookie_buffer, sec_data);
- /*
- * set a value for nav_cookie_p; if the request had not included a
- * cookie, nav_cookie_p would remain NULL
- */
- nav_cookie_p = nav_cookie_buffer;
- }
+ struct frame *final_page, *out_frame = NULL, *in_frame;
+ uint8_t *cursor = NULL;
+ uint8_t version = 0;
+ char *lang_string;
+ int32_t lang_str_len;
+ uint8_t *nav_cookie_p = NULL;
+
+ version = site->default_theme;
+ in_frame = id_to_frame_chain(LOGOUT_ID, version);
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
+ "Static logout content is not available");
+ sec_generate_error_response(sec_data, FALSE, SERVER_ERROR,
+ SEC_CUSTOM_ERR_INTERNAL,
+ sec_language_get_msg_ex(sec_data, 234));
+ return;
+ }
+
+ final_page = write_frame_chunk(&out_frame, &cursor, &in_frame);
+ sec_generate_logout_js_response(sec_data, &out_frame, &cursor);
+
+ if (sec_data && sec_data->nav_cookie)
+ {
+ sprint_nav_cookie(nav_cookie_buffer, sec_data);
+ /*
+ * set a value for nav_cookie_p; if the request had not included a
+ * cookie, nav_cookie_p would remain NULL
+ */
+ nav_cookie_p = nav_cookie_buffer;
+ }
sec_clear_cookie_for_logout_response(sec_data, site);
write_frame_chunk(&out_frame, &cursor, &in_frame);
- if (final_page != NULL) {
+ if (final_page != NULL)
+ {
sec_data->response = create_http_response_with_bookmark(OK, final_page,
- HTTP_NOCACHE, session_cookie_buffer, nav_cookie_p,
- "text/html", NULL, sec_data,
- NULL, 0,
- clean_pcookie);
- if (sec_data->response != NULL) {
+ HTTP_NOCACHE, session_cookie_buffer, nav_cookie_p,
+ "text/html", NULL, sec_data,
+ NULL, 0,
+ clean_pcookie);
+ if (sec_data->response != NULL)
+ {
HTTP_FLAG_SET(sec_data->response->f_flags, HTTP_PFRAME_FREE_IN_CALLBACK);
return;
- } else {
+ }
+ else
+ {
parser_frame_chain_free(final_page);
}
}
sec_generate_error_response(sec_data, FALSE, SERVER_ERROR,
- SEC_CUSTOM_ERR_INTERNAL,
- sec_language_get_msg_ex(sec_data, 234));
+ SEC_CUSTOM_ERR_INTERNAL,
+ sec_language_get_msg_ex(sec_data, 234));
return;
}
static void
sec_generate_filelinks_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
role_resource_display_head_t *resource_list = NULL;
role_resource_display_item_t *tmp_item;
sec_session_t *session = sec_data->session;
sec_vsite_t *vsite = sec_data->vsite_p;
- char* url = NULL;
+ char *url = NULL;
int32_t url_len = 0;
int link_count = 0;
int32_t counter = 0;
-#define write_data_str_p(str) write_data(str, cursor, sizeof(str)-1, out_frame)
+#define write_data_str_p(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
write_data_str_p("var _AN_filelinks_list = [\n");
-
+
link_count = sec_get_available_resource(session, &resource_list, ROLE_RES_CIFS);
- if (link_count > 0 ){
- SLIST_FOREACH(tmp_item, resource_list, next) {
- if (counter > 0) {
+ if (link_count > 0)
+ {
+ SLIST_FOREACH(tmp_item, resource_list, next)
+ {
+ if (counter > 0)
+ {
write_data_str_p(",\n");
}
-
+
/* Prefix, backend scheme, hostname, and path (perhaps masked) */
url = tmp_item->role_resource->resource;
write_data_str_p(" { \"href\" : \"");
uint32_t i = 2;
uint32_t url_len = strlen(url);
- while (i < url_len && url[i] != '/') {
+ while (i < url_len && url[i] != '/')
+ {
i++;
}
i++;
- while (i < url_len && url[i] != '/') {
+ while (i < url_len && url[i] != '/')
+ {
i++;
}
- if(i != url_len) {
- if(strcmp(url+i, "/username") == 0){
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- write_data_str_p("/prx/000/http/localh/cifs?path=/");
- } else {
- write_data_str_p("/prx/000/http/localhost/cifs?path=/");
+ if (i != url_len)
+ {
+ if (strcmp(url + i, "/username") == 0)
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ write_data_str_p("/prx/000/http/localh/cifs?path=/");
+ }
+ else
+ {
+ write_data_str_p("/prx/000/http/localhost/cifs?path=/");
+ }
+ if (SEC_ISSET(vsite->common_flags, SEC_APP_SSO_FILESHARE) && session->app_sso_info.sso_account[0])
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", session->app_sso_info.sso_account);
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", session->username);
+ }
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ write_data_str_p("/&service=");
+ write_data(url, cursor, strlen(url) - strlen("/username"), out_frame);
}
- if (SEC_ISSET(vsite->common_flags, SEC_APP_SSO_FILESHARE) && session->app_sso_info.sso_account[0]) {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", session->app_sso_info.sso_account);
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", session->username);
+ else
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ write_data_str_p("/prx/000/http/localh/cifs?path=");
+ }
+ else
+ {
+ write_data_str_p("/prx/000/http/localhost/cifs?path=");
+ }
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", url + i);
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ write_data_str_p("/&service=");
+ write_data(url, cursor, i, out_frame);
}
- write_data(portal_temp_string, cursor, url_len, out_frame);
- write_data_str_p("/&service=");
- write_data(url, cursor, strlen(url)-strlen("/username"), out_frame);
- } else {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- write_data_str_p("/prx/000/http/localh/cifs?path=");
- } else {
- write_data_str_p("/prx/000/http/localhost/cifs?path=");
- }
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", url + i);
- write_data(portal_temp_string, cursor, url_len, out_frame);
- write_data_str_p("/&service=");
- write_data(url, cursor, i, out_frame);
- }
- } else {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ }
+ else
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
write_data_str_p("/prx/000/http/localh/cifs?path=/&service=");
- } else {
+ }
+ else
+ {
write_data_str_p("/prx/000/http/localhost/cifs?path=/&service=");
}
write_data(url, cursor, strlen(url), out_frame);
}
write_data_str_p("&workgroup=");
- if (vsite->default_smb_workgroup != NULL) {
+ if (vsite->default_smb_workgroup != NULL)
+ {
write_data(vsite->default_smb_workgroup, cursor, strlen(vsite->default_smb_workgroup), out_frame);
}
write_data_str_p("\",\n");
@@ -4098,10 +4630,10 @@
/* Link type*/
write_data_str_p("\",\n");
write_data_str_p(" \"type\" : \"");
- write_data("cifs_link", cursor, sizeof("cifs_link") -1, out_frame);
+ write_data("cifs_link", cursor, sizeof("cifs_link") - 1, out_frame);
write_data_str_p("\"\n");
write_data_str_p(" }");
- counter ++;
+ counter++;
}
}
sec_free_resourcelist(&resource_list);
@@ -4111,79 +4643,88 @@
static void
sec_generate_userresourcelinks_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
- sec_vsite_t *vsite = sec_data->vsite_p;
+ sec_vsite_t *vsite = sec_data->vsite_p;
-#define write_data_str_p(str) write_data(str, cursor, sizeof(str)-1, out_frame)
+#define write_data_str_p(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
/* read desc file */
FILE *fp = NULL;
char buf[256] = {0};
- char descfile[MAXPATHLEN+1] = {0};
- char *str, *token;
- char *saveptr;
- int32_t j;
+ char descfile[MAXPATHLEN + 1] = {0};
+ char *str, *token;
+ char *saveptr;
+ int32_t j;
int32_t counter = 0;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing user resource links, vsite is null");
- return ;
+ return;
}
-
+
snprintf(descfile, MAXPATHLEN, "/ca/fileshare/htdocs/client_sec/userresource/%s/list.desc", vsite->name);
fp = fopen(descfile, "r");
- if (!fp) {
+ if (!fp)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing user resource links, list.desc doesn't exist");
return;
}
write_data_str_p("var _AN_userresourcelinks_list = [\n");
- while (fgets(buf, 256, fp) != NULL) {
- if (counter > 0) {
+ while (fgets(buf, 256, fp) != NULL)
+ {
+ if (counter > 0)
+ {
write_data_str_p(",\n");
}
- for (j = 1, str = buf;;j++, str = NULL) {
+ for (j = 1, str = buf;; j++, str = NULL)
+ {
token = strtok_r(str, "|", &saveptr);
if (token == NULL)
break;
- if (j == 1) {
+ if (j == 1)
+ {
write_data_str_p(" { \"href\" : \"");
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
write_data_str_p("/prx/000/http/localh/client_sec/userresource/");
- } else {
+ }
+ else
+ {
write_data_str_p("/prx/000/http/localhost/client_sec/userresource/");
}
write_data(vsite->name, cursor, strlen(vsite->name), out_frame);
write_data_str_p("/");
- write_data(token, cursor, strlen(token), out_frame);
+ write_data(token, cursor, strlen(token), out_frame);
write_data_str_p("\",\n");
}
- if (j == 2) {
+ if (j == 2)
+ {
write_data_str_p(" \"description\" : \"");
write_data(token, cursor, strlen(token), out_frame);
write_data_str_p("\"\n");
write_data_str_p(" }");
}
}
- counter ++;
+ counter++;
}
write_data_str_p("\n ];\n");
#undef write_data_str_p
fclose(fp);
}
-
static void
sec_generate_weblinks_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
role_resource_display_head_t *resource_list = NULL;
role_resource_display_item_t *tmp_item;
sec_session_t *session = sec_data->session;
sec_vsite_t *vsite = sec_data->vsite_p;
- char* url = NULL;
+ char *url = NULL;
int url_len;
char escaped_url[SEC_MAX_URL_LEN * 3] = {0};
/*sec_frontlink_t *frontlink;
@@ -4192,170 +4733,215 @@
int32_t counter = 0;
/*char quick_link_url[SEC_MAX_URL_LEN];*/
char sso_url_prefix[SEC_MAX_URL_LEN] = {0};
-
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- strncpy(sso_url_prefix, "/prx/000/http/localh/sso.html?ssourl=", SEC_MAX_URL_LEN-1);
- } else {
- strncpy(sso_url_prefix, "/prx/000/http/localhost/sso.html?ssourl=", SEC_MAX_URL_LEN-1);
+
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ strncpy(sso_url_prefix, "/prx/000/http/localh/sso.html?ssourl=", SEC_MAX_URL_LEN - 1);
+ }
+ else
+ {
+ strncpy(sso_url_prefix, "/prx/000/http/localhost/sso.html?ssourl=", SEC_MAX_URL_LEN - 1);
}
-#define write_data_str_p(str) write_data(str, cursor, sizeof(str)-1, out_frame)
+#define write_data_str_p(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
write_data_str_p("var _AN_weblinks_list = [\n");
/*link_count = sec_generate_homepage_links_list(vsite, sec_session);*/
link_count = sec_get_available_resource(session, &resource_list, ROLE_RES_WEB);
- if (link_count > 0 ){
- SLIST_FOREACH(tmp_item, resource_list, next) {
- role_resource_web_t* tmp_resource = (role_resource_web_t*)tmp_item->role_resource;
- if (counter > 0) {
- write_data_str_p(",\n");
- }
+ if (link_count > 0)
+ {
+ SLIST_FOREACH(tmp_item, resource_list, next)
+ {
+ role_resource_web_t *tmp_resource = (role_resource_web_t *)tmp_item->role_resource;
+ if (counter > 0)
+ {
+ write_data_str_p(",\n");
+ }
- /* Prefix, backend scheme, hostname, and path (perhaps masked) */
- url = tmp_item->role_resource->resource;
- escape_string(url, escaped_url, SEC_MAX_URL_LEN * 3);
- write_data_str_p(" { \"href\" : \"");
-
- if (SEC_ISSET(vsite->common_flags, SEC_WRM)) {
- char* encoded_url = NULL;
- int encoded_url_len = 0;
-
- /* check if it is L3 direct link */
-
- if (tmp_resource->is_l3_link == 1) {
- /* check front-end sso flag */
- if (tmp_resource->is_front_end_sso == 1) {
- if (tmp_resource->dev_str[0] == '\0') {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
- sso_url_prefix, escaped_url, "&format=innerlink");
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- sso_url_prefix, escaped_url, "&format=innerlink&hwid_str=", tmp_resource->dev_str);
- }
- write_data(portal_temp_string, cursor, url_len, out_frame);
- } else {
- write_data(url, cursor, strlen(url), out_frame);
- }
- } else {
- encoded_url_len = encode_url(url, strlen(url), vsite->common_flags, &encoded_url, session->session_id);
- if (encoded_url_len) {
- if (tmp_resource->is_front_end_sso == 1) {
- char escaped_wrm_url[SEC_MAX_URL_LEN * 3] = {0};
- if(strncasecmp("https", url, strlen("https")) == 0 ) {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/%s%s",
- "https", url + strlen("https:/"));
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/%s%s",
- "http", url + strlen("http:/"));
- }
- portal_temp_string[url_len] = '\0';
- escape_string(portal_temp_string, escaped_wrm_url, SEC_MAX_URL_LEN * 3);
- if (tmp_resource->dev_str[0] == '\0') {
+ /* Prefix, backend scheme, hostname, and path (perhaps masked) */
+ url = tmp_item->role_resource->resource;
+ escape_string(url, escaped_url, SEC_MAX_URL_LEN * 3);
+ write_data_str_p(" { \"href\" : \"");
+
+ if (SEC_ISSET(vsite->common_flags, SEC_WRM))
+ {
+ char *encoded_url = NULL;
+ int encoded_url_len = 0;
+
+ /* check if it is L3 direct link */
+
+ if (tmp_resource->is_l3_link == 1)
+ {
+ /* check front-end sso flag */
+ if (tmp_resource->is_front_end_sso == 1)
+ {
+ if (tmp_resource->dev_str[0] == '\0')
+ {
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
- sso_url_prefix, escaped_wrm_url, "&format=web");
- } else {
+ sso_url_prefix, escaped_url, "&format=innerlink");
+ }
+ else
+ {
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- sso_url_prefix, escaped_wrm_url, "&format=web&hwid_str=", tmp_resource->dev_str);
+ sso_url_prefix, escaped_url, "&format=innerlink&hwid_str=", tmp_resource->dev_str);
}
write_data(portal_temp_string, cursor, url_len, out_frame);
- } else {
- write_data(encoded_url, cursor, encoded_url_len, out_frame);
}
-
- free(encoded_url);
+ else
+ {
+ write_data(url, cursor, strlen(url), out_frame);
+ }
}
- else {
- if (tmp_resource->is_front_end_sso == 1) {
- if (tmp_resource->dev_str[0] == '\0') {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
- sso_url_prefix, escaped_url, "&format=web");
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- sso_url_prefix, escaped_url, "&format=web&hwid_str=", tmp_resource->dev_str);
+ else
+ {
+ encoded_url_len = encode_url(url, strlen(url), vsite->common_flags, &encoded_url, session->session_id);
+ if (encoded_url_len)
+ {
+ if (tmp_resource->is_front_end_sso == 1)
+ {
+ char escaped_wrm_url[SEC_MAX_URL_LEN * 3] = {0};
+ if (strncasecmp("https", url, strlen("https")) == 0)
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/%s%s",
+ "https", url + strlen("https:/"));
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "/prx/000/%s%s",
+ "http", url + strlen("http:/"));
+ }
+ portal_temp_string[url_len] = '\0';
+ escape_string(portal_temp_string, escaped_wrm_url, SEC_MAX_URL_LEN * 3);
+ if (tmp_resource->dev_str[0] == '\0')
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
+ sso_url_prefix, escaped_wrm_url, "&format=web");
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
+ sso_url_prefix, escaped_wrm_url, "&format=web&hwid_str=", tmp_resource->dev_str);
+ }
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ }
+ else
+ {
+ write_data(encoded_url, cursor, encoded_url_len, out_frame);
+ }
+
+ free(encoded_url);
+ }
+ else
+ {
+ if (tmp_resource->is_front_end_sso == 1)
+ {
+ if (tmp_resource->dev_str[0] == '\0')
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
+ sso_url_prefix, escaped_url, "&format=web");
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
+ sso_url_prefix, escaped_url, "&format=web&hwid_str=", tmp_resource->dev_str);
+ }
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ }
+ else
+ {
+ write_data(url, cursor, strlen(url), out_frame);
}
- write_data(portal_temp_string, cursor, url_len, out_frame);
- } else {
- write_data(url, cursor, strlen(url), out_frame);
}
}
}
- } else {
- /* check front-end sso flag */
- if (tmp_resource->is_front_end_sso == 1) {
- if (tmp_resource->dev_str[0] == '\0') {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
- sso_url_prefix, escaped_url, "&format=innerlink");
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- sso_url_prefix, escaped_url, "&format=innerlink&hwid_str=", tmp_resource->dev_str);
+ else
+ {
+ /* check front-end sso flag */
+ if (tmp_resource->is_front_end_sso == 1)
+ {
+ if (tmp_resource->dev_str[0] == '\0')
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
+ sso_url_prefix, escaped_url, "&format=innerlink");
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
+ sso_url_prefix, escaped_url, "&format=innerlink&hwid_str=", tmp_resource->dev_str);
+ }
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ }
+ else
+ {
+ write_data(url, cursor, strlen(url), out_frame);
}
- write_data(portal_temp_string, cursor, url_len, out_frame);
- } else {
- write_data(url, cursor, strlen(url), out_frame);
}
- }
- write_data_str_p("\",\n");
- write_data_str_p(" \"description\" : \"");
+ write_data_str_p("\",\n");
+ write_data_str_p(" \"description\" : \"");
- /* Link description */
- /*if (vsite->input_enc == HTML2BINARY) {
- int32_t desc_len;
- char *new_desc = strhtml2binary(frontlink->desc, &desc_len);
- write_data(new_desc, cursor, desc_len, out_frame);
- } else {
- if(portal_link_buffer[counter].type == WEB_QUICKLINK_TYPE){
- write_data(quicklink->text, cursor, strlen(quicklink->text), out_frame);
- } else {
- write_data(frontlink->desc, cursor, strlen(frontlink->desc), out_frame);
- }
- }*/
- url = tmp_item->role_resource->name;
- write_data(url, cursor, strlen(url), out_frame);
+ /* Link description */
+ /*if (vsite->input_enc == HTML2BINARY) {
+ int32_t desc_len;
+ char *new_desc = strhtml2binary(frontlink->desc, &desc_len);
+ write_data(new_desc, cursor, desc_len, out_frame);
+ } else {
+ if(portal_link_buffer[counter].type == WEB_QUICKLINK_TYPE){
+ write_data(quicklink->text, cursor, strlen(quicklink->text), out_frame);
+ } else {
+ write_data(frontlink->desc, cursor, strlen(frontlink->desc), out_frame);
+ }
+ }*/
+ url = tmp_item->role_resource->name;
+ write_data(url, cursor, strlen(url), out_frame);
- /* Link type*/
- write_data_str_p("\",\n");
- write_data_str_p(" \"type\" : \"");
- /*switch(portal_link_buffer[counter].type){
- case WEB_LINK_TYPE:
- write_data("portal_link", cursor, sizeof("portal_link") -1, out_frame);
- break;
- case WEB_LINKDIRECT_TYPE:
- write_data("linkdirect_link", cursor, sizeof("linkdirect_link") -1, out_frame);
- break;
- case WEB_QUICKLINK_TYPE:
- write_data("quick_link", cursor, sizeof("quick_link") -1, out_frame);
- break;
- default:
- break;
- }*/
- write_data("portal_link", cursor, sizeof("portal_link") -1, out_frame);
+ /* Link type*/
+ write_data_str_p("\",\n");
+ write_data_str_p(" \"type\" : \"");
+ /*switch(portal_link_buffer[counter].type){
+ case WEB_LINK_TYPE:
+ write_data("portal_link", cursor, sizeof("portal_link") -1, out_frame);
+ break;
+ case WEB_LINKDIRECT_TYPE:
+ write_data("linkdirect_link", cursor, sizeof("linkdirect_link") -1, out_frame);
+ break;
+ case WEB_QUICKLINK_TYPE:
+ write_data("quick_link", cursor, sizeof("quick_link") -1, out_frame);
+ break;
+ default:
+ break;
+ }*/
+ write_data("portal_link", cursor, sizeof("portal_link") - 1, out_frame);
- write_data_str_p("\",\n");
+ write_data_str_p("\",\n");
- write_data_str_p(" \"position\" : ");
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%d", tmp_resource->position);
- write_data(portal_temp_string, cursor, url_len, out_frame);
- write_data_str_p("\n");
-
- write_data_str_p(" }");
- counter ++;
- }
+ write_data_str_p(" \"position\" : ");
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%d", tmp_resource->position);
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ write_data_str_p("\n");
+
+ write_data_str_p(" }");
+ counter++;
+ }
}
sec_free_resourcelist(&resource_list);
/* Deal with ROLE_RES_APROXY resource */
link_count = sec_get_available_resource(session, &resource_list, ROLE_RES_APROXY);
- if (link_count > 0) {
- SLIST_FOREACH(tmp_item, resource_list, next) {
+ if (link_count > 0)
+ {
+ SLIST_FOREACH(tmp_item, resource_list, next)
+ {
int cur = 0;
role_resource_aproxy_t *tmp_resource = (role_resource_aproxy_t *)tmp_item->role_resource;
- if (counter > 0) {
+ if (counter > 0)
+ {
write_data_str_p(",\n");
}
/* construct url according to scheme, hostname and path */
url = (char *)malloc(strlen("http://") + tmp_resource->hostname_len + tmp_resource->path_len + 1);
- if (url == NULL) {
+ if (url == NULL)
+ {
ulog_error_no_conn(AMP_ULOG_HTTP_PROXY, "%s: failed to malloc\n", __func__);
return;
}
@@ -4366,21 +4952,27 @@
cur += tmp_resource->hostname_len;
snprintf(url + cur, tmp_resource->path_len + 1, "%s", tmp_resource->path);
- escape_string(url, escaped_url, SEC_MAX_URL_LEN * 3);
+ escape_string(url, escaped_url, SEC_MAX_URL_LEN * 3);
write_data_str_p(" { \"href\" : \"");
- if (SEC_ISSET(vsite->common_flags, SEC_WRM)) {
- char* encoded_url = NULL;
- int encoded_url_len = 0;
-
- encoded_url_len = encode_url(url, strlen(url), vsite->common_flags, &encoded_url, session->session_id);
- if (encoded_url_len) {
+ if (SEC_ISSET(vsite->common_flags, SEC_WRM))
+ {
+ char *encoded_url = NULL;
+ int encoded_url_len = 0;
+
+ encoded_url_len = encode_url(url, strlen(url), vsite->common_flags, &encoded_url, session->session_id);
+ if (encoded_url_len)
+ {
write_data(encoded_url, cursor, encoded_url_len, out_frame);
free(encoded_url);
- } else {
+ }
+ else
+ {
write_data(url, cursor, strlen(url), out_frame);
}
- } else {
+ }
+ else
+ {
write_data(url, cursor, strlen(url), out_frame);
}
write_data_str_p("\",\n");
@@ -4393,92 +4985,106 @@
/* Link type*/
write_data_str_p("\",\n");
write_data_str_p(" \"type\" : \"");
- write_data("proxy_link", cursor, sizeof("aproxy_link") -1, out_frame);
+ write_data("proxy_link", cursor, sizeof("aproxy_link") - 1, out_frame);
write_data_str_p("\",\n");
write_data_str_p(" \"position\" : ");
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%d", tmp_resource->position);
write_data(portal_temp_string, cursor, url_len, out_frame);
- write_data_str_p("\n");
+ write_data_str_p("\n");
write_data_str_p(" }");
- counter ++;
+ counter++;
}
}
sec_free_resourcelist(&resource_list);
/* Deal with ROLE_RES_QUICKLINK resource */
link_count = sec_get_available_resource(session, &resource_list, ROLE_RES_QUICKLINK);
- if (link_count > 0 ){
- SLIST_FOREACH(tmp_item, resource_list, next) {
- role_resource_quicklink_t* tmp_resource = (role_resource_quicklink_t*)tmp_item->role_resource;
- if (counter > 0) {
- write_data_str_p(",\n");
- }
+ if (link_count > 0)
+ {
+ SLIST_FOREACH(tmp_item, resource_list, next)
+ {
+ role_resource_quicklink_t *tmp_resource = (role_resource_quicklink_t *)tmp_item->role_resource;
+ if (counter > 0)
+ {
+ write_data_str_p(",\n");
+ }
- /* Prefix, backend scheme, hostname, and path (perhaps masked) */
- url = tmp_item->role_resource->resource;
- write_data_str_p(" { \"href\" : \"");
-
- /* check front-end sso flag */
- if (tmp_resource->is_front_end_sso == 1) {
- char quicklink_url[SEC_MAX_URL_LEN] = {0};
- char escaped_quicklink_url[SEC_MAX_URL_LEN * 3] = {0};
-
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- snprintf(quicklink_url, SEC_MAX_URL_LEN, "%s%s%s%s%s",
- "/prx/000/http/localh", QUICKLINK_STR, url,
- QUICKLINK_STR2, ((role_resource_quicklink_t *)(tmp_item->role_resource))->path);
- } else {
- snprintf(quicklink_url, SEC_MAX_URL_LEN, "%s%s%s%s%s",
- "/prx/000/http/localhost", QUICKLINK_STR, url,
- QUICKLINK_STR2, ((role_resource_quicklink_t *)(tmp_item->role_resource))->path);
- }
- escape_string(quicklink_url, escaped_quicklink_url, SEC_MAX_URL_LEN * 3);
- if (tmp_resource->dev_str[0] == '\0') {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
- sso_url_prefix, escaped_quicklink_url, "&format=quicklink");
- } else {
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
- sso_url_prefix, escaped_quicklink_url, "&format=quicklink&hwid_str=",
- tmp_resource->dev_str);
+ /* Prefix, backend scheme, hostname, and path (perhaps masked) */
+ url = tmp_item->role_resource->resource;
+ write_data_str_p(" { \"href\" : \"");
+
+ /* check front-end sso flag */
+ if (tmp_resource->is_front_end_sso == 1)
+ {
+ char quicklink_url[SEC_MAX_URL_LEN] = {0};
+ char escaped_quicklink_url[SEC_MAX_URL_LEN * 3] = {0};
+
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ snprintf(quicklink_url, SEC_MAX_URL_LEN, "%s%s%s%s%s",
+ "/prx/000/http/localh", QUICKLINK_STR, url,
+ QUICKLINK_STR2, ((role_resource_quicklink_t *)(tmp_item->role_resource))->path);
+ }
+ else
+ {
+ snprintf(quicklink_url, SEC_MAX_URL_LEN, "%s%s%s%s%s",
+ "/prx/000/http/localhost", QUICKLINK_STR, url,
+ QUICKLINK_STR2, ((role_resource_quicklink_t *)(tmp_item->role_resource))->path);
+ }
+ escape_string(quicklink_url, escaped_quicklink_url, SEC_MAX_URL_LEN * 3);
+ if (tmp_resource->dev_str[0] == '\0')
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s",
+ sso_url_prefix, escaped_quicklink_url, "&format=quicklink");
+ }
+ else
+ {
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s%s%s%s",
+ sso_url_prefix, escaped_quicklink_url, "&format=quicklink&hwid_str=",
+ tmp_resource->dev_str);
+ }
+ write_data(portal_temp_string, cursor, url_len, out_frame);
}
- write_data(portal_temp_string, cursor, url_len, out_frame);
+ else
+ {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ write_data_str_p("/prx/000/http/localh");
+ }
+ else
+ {
+ write_data_str_p("/prx/000/http/localhost");
+ }
+ write_data_str_p(QUICKLINK_STR);
+ write_data(url, cursor, strlen(url), out_frame);
- } else {
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- write_data_str_p("/prx/000/http/localh");
- } else {
- write_data_str_p("/prx/000/http/localhost");
+ url = ((role_resource_quicklink_t *)(tmp_item->role_resource))->path;
+ write_data_str_p(QUICKLINK_STR2);
+ write_data(url, cursor, strlen(url), out_frame);
}
- write_data_str_p(QUICKLINK_STR);
- write_data(url, cursor, strlen(url), out_frame);
+ write_data_str_p("\",\n");
+ write_data_str_p(" \"description\" : \"");
- url = ((role_resource_quicklink_t *)(tmp_item->role_resource))->path;
- write_data_str_p(QUICKLINK_STR2);
+ url = tmp_item->role_resource->name;
write_data(url, cursor, strlen(url), out_frame);
- }
- write_data_str_p("\",\n");
- write_data_str_p(" \"description\" : \"");
- url = tmp_item->role_resource->name;
- write_data(url, cursor, strlen(url), out_frame);
+ /* Link type*/
+ write_data_str_p("\",\n");
+ write_data_str_p(" \"type\" : \"");
+
+ write_data("quick_link", cursor, sizeof("quick_link") - 1, out_frame);
- /* Link type*/
- write_data_str_p("\",\n");
- write_data_str_p(" \"type\" : \"");
-
- write_data("quick_link", cursor, sizeof("quick_link") -1, out_frame);
-
- write_data_str_p("\",\n");
-
- write_data_str_p(" \"position\" : ");
- url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%d", tmp_resource->position);
- write_data(portal_temp_string, cursor, url_len, out_frame);
- write_data_str_p("\n");
- write_data_str_p(" }");
- counter ++;
- }
+ write_data_str_p("\",\n");
+
+ write_data_str_p(" \"position\" : ");
+ url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%d", tmp_resource->position);
+ write_data(portal_temp_string, cursor, url_len, out_frame);
+ write_data_str_p("\n");
+ write_data_str_p(" }");
+ counter++;
+ }
}
sec_free_resourcelist(&resource_list);
@@ -4488,13 +5094,13 @@
static void
sec_generate_networkresource_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
role_resource_display_head_t *resource_list = NULL;
role_resource_display_item_t *tmp_item;
sec_session_t *session = sec_data->session;
- char* url = NULL;
+ char *url = NULL;
int url_len;
int link_count = 0;
int32_t counter = 0;
@@ -4502,10 +5108,13 @@
write_data_str_p("var _AN_networkresource_list = [\n");
link_count = sec_get_available_resource(session, &resource_list, ROLE_RES_NETWORK);
- if (link_count > 0 ){
- SLIST_FOREACH(tmp_item, resource_list, next) {
+ if (link_count > 0)
+ {
+ SLIST_FOREACH(tmp_item, resource_list, next)
+ {
- if (counter > 0) {
+ if (counter > 0)
+ {
write_data_str_p(",\n");
}
write_data_str_p(" { \"href\" : \"");
@@ -4547,11 +5156,11 @@
* default:
* break;
* }*/
- write_data("network_resource", cursor, sizeof("network_resource") -1, out_frame);
+ write_data("network_resource", cursor, sizeof("network_resource") - 1, out_frame);
write_data_str_p("\"\n");
write_data_str_p(" }");
- counter ++;
+ counter++;
}
}
@@ -4572,44 +5181,49 @@
static int
need_logout_link(sec_session_t *sec_session, sec_vsite_t *vsite)
{
- if (sec_session == NULL || SEC_ISSET(sec_session->flags, SESS_ANONYMOUS)) {
+ if (sec_session == NULL || SEC_ISSET(sec_session->flags, SESS_ANONYMOUS))
+ {
return FALSE;
}
-
+
return TRUE;
}
static int
sec_generate_mobile_username_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *sec_session = sec_data->session;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing mobile username,vsite is null");
}
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
write_data(sec_session->username, cursor, strlen(sec_session->username), out_frame);
#undef write_data_str
- return 1;
+ return 1;
}
static int
sec_generate_mobile_hostname_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *sec_session = sec_data->session;
char *port = NULL;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing mobile hostname,vsite is null");
}
port = strchr(sec_data->req_domain, ':');
- if (port) {
+ if (port)
+ {
*port = '\0';
}
write_data(sec_data->req_domain, cursor, strlen(sec_data->req_domain), out_frame);
- if (port) {
+ if (port)
+ {
*port = ':';
}
return 1;
@@ -4617,11 +5231,12 @@
static int
sec_generate_mobile_device_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing vod device id, vsite is null");
}
write_data(sec_data->device_id, cursor, strlen(sec_data->device_id), out_frame);
@@ -4630,191 +5245,221 @@
static int
sec_generate_mobile_password_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
char *default_passwd = "XXXXXX";
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing vod password,vsite is null");
}
write_data(default_passwd, cursor, strlen(default_passwd), out_frame);
return 1;
}
-#define IPSEC_PROFILENAME_DEFAULT ARRAY_COMPINFO_BRAND" VPN"
+#define IPSEC_PROFILENAME_DEFAULT ARRAY_COMPINFO_BRAND " VPN"
static int
sec_generate_mobile_profilename_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *sec_session = sec_data->session;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing mobile profilename,vsite is null");
}
- if (*(vsite->ipsec_config.profile_name) == '\0') {
+ if (*(vsite->ipsec_config.profile_name) == '\0')
+ {
write_data(IPSEC_PROFILENAME_DEFAULT, cursor, strlen(IPSEC_PROFILENAME_DEFAULT), out_frame);
- } else {
+ }
+ else
+ {
write_data(vsite->ipsec_config.profile_name, cursor, strlen(vsite->ipsec_config.profile_name), out_frame);
}
return 1;
}
-static uint8_t map[] =
+static uint8_t map[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static int32_t
base64_encode(uint8_t *clear_string, int32_t clear_len,
- uint8_t *base64_output, int32_t max_out_len)
+ uint8_t *base64_output, int32_t max_out_len)
{
- int32_t grp, out_idx = 0;
+ int32_t grp, out_idx = 0;
+
+ for (grp = 0; grp < clear_len; grp += 3)
+ {
+ uint8_t c1, c2, c3;
+
+ if (out_idx + 3 >= max_out_len)
+ {
+ return 0;
+ }
- for (grp = 0; grp < clear_len; grp += 3) {
- uint8_t c1, c2, c3;
+ c1 = clear_string[grp];
- if (out_idx + 3 >= max_out_len) {
- return 0;
- }
-
- c1 = clear_string[grp];
-
- if (grp + 3 > clear_len) {
- c3 = 0; /* We are short at least one byte */
- if (grp + 2 > clear_len) {
- c2 = 0; /* We are short two bytes */
- } else {
- c2 = clear_string[grp+1];
- }
- } else {
- c2 = clear_string[grp+1];
- c3 = clear_string[grp+2];
- }
-
- /* The high 6 bits of the first byte */
- base64_output[out_idx++] = map[c1 >> 2];
-
- /*
- * The low 2 bits of the first byte plus the high 4 bits of the
- * second byte.
- */
- base64_output[out_idx++] = map[(c1 & 0x3) << 4 | (c2 >> 4)];
-
- /*
- * The low 4 bits of the second byte plus the high 2 bits of the
- * third byte.
- */
- if (grp + 2 > clear_len) {
- base64_output[out_idx++] = '=';
- } else {
- base64_output[out_idx++] = map[(c2 & 0xf) << 2 | (c3 >> 6)];
- }
-
- /* The low 6 bits of the third byte */
- if (grp + 3 > clear_len) {
- base64_output[out_idx++] = '=';
- } else {
- base64_output[out_idx++] = map[(c3 & 0x3f)];
- }
- }
+ if (grp + 3 > clear_len)
+ {
+ c3 = 0; /* We are short at least one byte */
+ if (grp + 2 > clear_len)
+ {
+ c2 = 0; /* We are short two bytes */
+ }
+ else
+ {
+ c2 = clear_string[grp + 1];
+ }
+ }
+ else
+ {
+ c2 = clear_string[grp + 1];
+ c3 = clear_string[grp + 2];
+ }
- base64_output[out_idx] = 0;
+ /* The high 6 bits of the first byte */
+ base64_output[out_idx++] = map[c1 >> 2];
- return out_idx;
+ /*
+ * The low 2 bits of the first byte plus the high 4 bits of the
+ * second byte.
+ */
+ base64_output[out_idx++] = map[(c1 & 0x3) << 4 | (c2 >> 4)];
+
+ /*
+ * The low 4 bits of the second byte plus the high 2 bits of the
+ * third byte.
+ */
+ if (grp + 2 > clear_len)
+ {
+ base64_output[out_idx++] = '=';
+ }
+ else
+ {
+ base64_output[out_idx++] = map[(c2 & 0xf) << 2 | (c3 >> 6)];
+ }
+
+ /* The low 6 bits of the third byte */
+ if (grp + 3 > clear_len)
+ {
+ base64_output[out_idx++] = '=';
+ }
+ else
+ {
+ base64_output[out_idx++] = map[(c3 & 0x3f)];
+ }
+ }
+
+ base64_output[out_idx] = 0;
+
+ return out_idx;
}
static int32_t base64_encode_char(char *clear_string, int32_t clear_len,
- char *base64_output, int32_t max_out_len)
+ char *base64_output, int32_t max_out_len)
{
return base64_encode((uint8_t *)clear_string, clear_len,
- (uint8_t *)base64_output, max_out_len);
+ (uint8_t *)base64_output, max_out_len);
}
-
/*
* Decode a base64-formatted buffer
*/
static const int base64_dec_map[128] =
-{
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
- 54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
- 127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
- 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
- 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
- 25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
- 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
- 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
- 49, 50, 51, 127, 127, 127, 127, 127
-};
+ {
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
+ 54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
+ 127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
+ 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
+ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
+ 49, 50, 51, 127, 127, 127, 127, 127};
int base64_decode(unsigned char *dst, int *dlen,
- unsigned char *src, int slen)
+ unsigned char *src, int slen)
{
- int i, j, n;
- unsigned long x;
- unsigned char *p;
-
- for (i = j = n = 0; i < slen; i++) {
- if ((slen - i ) >= 2 &&
- src[i] == '\r' && src[i + 1] == '\n') {
- continue;
- }
-
- if (src[i] == '\n') {
- continue;
- }
-
- if (src[i] == '=' && ++j > 2) {
- return 0;
- }
-
- if (src[i] > 127 || base64_dec_map[src[i]] == 127) {
- return 0;
- }
-
- if (base64_dec_map[src[i]] < 64 && j != 0) {
- return 0;
- }
- n++;
- }
-
- if (n == 0) {
- return 0;
- }
-
- n = ((n * 6) + 7) >> 3;
-
- if (*dlen < n) {
- *dlen = n;
- return 0;
- }
-
- for (j = 3, n = x = 0, p = dst; i > 0; i--, src++) {
- if (*src == '\r' || *src == '\n') {
- continue;
- }
-
- j -= (base64_dec_map[*src] == 64);
- x = (x << 6) | (base64_dec_map[*src] & 0x3F);
-
- if (++n == 4) {
- n = 0;
- *p++ = (unsigned char)(x >> 16);
- if (j > 1) {
- *p++ = (unsigned char)(x >> 8);
- }
-
- if (j > 2) {
- *p++ = (unsigned char)x;
- }
- }
- }
- *dlen = p - dst;
+ int i, j, n;
+ unsigned long x;
+ unsigned char *p;
+
+ for (i = j = n = 0; i < slen; i++)
+ {
+ if ((slen - i) >= 2 &&
+ src[i] == '\r' && src[i + 1] == '\n')
+ {
+ continue;
+ }
+
+ if (src[i] == '\n')
+ {
+ continue;
+ }
+
+ if (src[i] == '=' && ++j > 2)
+ {
+ return 0;
+ }
+
+ if (src[i] > 127 || base64_dec_map[src[i]] == 127)
+ {
+ return 0;
+ }
+
+ if (base64_dec_map[src[i]] < 64 && j != 0)
+ {
+ return 0;
+ }
+ n++;
+ }
+
+ if (n == 0)
+ {
+ return 0;
+ }
+
+ n = ((n * 6) + 7) >> 3;
+
+ if (*dlen < n)
+ {
+ *dlen = n;
+ return 0;
+ }
+
+ for (j = 3, n = x = 0, p = dst; i > 0; i--, src++)
+ {
+ if (*src == '\r' || *src == '\n')
+ {
+ continue;
+ }
+
+ j -= (base64_dec_map[*src] == 64);
+ x = (x << 6) | (base64_dec_map[*src] & 0x3F);
+
+ if (++n == 4)
+ {
+ n = 0;
+ *p++ = (unsigned char)(x >> 16);
+ if (j > 1)
+ {
+ *p++ = (unsigned char)(x >> 8);
+ }
- return 0;
+ if (j > 2)
+ {
+ *p++ = (unsigned char)x;
+ }
+ }
+ }
+ *dlen = p - dst;
+
+ return 0;
}
/*
* Encrypt plaintext with des3 Algorithm with DES3_EDC mode.
@@ -4837,26 +5482,34 @@
DES_key_schedule ks[3];
int count = 0, i;
- if (key == NULL || in == NULL || in_len == 0 || out_len == NULL) {
+ if (key == NULL || in == NULL || in_len == 0 || out_len == NULL)
+ {
return -1;
}
memset(ke, 0, sizeof(ke));
memset(ks, 0, sizeof(ks));
- if (key_len >= 24) {
+ if (key_len >= 24)
+ {
memcpy(ke[0], key, 8);
- memcpy(ke[1], key+8, 8);
- memcpy(ke[2], key+16, 8);
- } else if (key_len > 16) {
+ memcpy(ke[1], key + 8, 8);
+ memcpy(ke[2], key + 16, 8);
+ }
+ else if (key_len > 16)
+ {
memcpy(ke[0], key, 8);
- memcpy(ke[1], key+8, 8);
- memcpy(ke[2], key+16, key_len-16);
- } else if (key_len > 8) {
+ memcpy(ke[1], key + 8, 8);
+ memcpy(ke[2], key + 16, key_len - 16);
+ }
+ else if (key_len > 8)
+ {
memcpy(ke[0], key, 8);
- memcpy(ke[1], key+8, key_len-8);
+ memcpy(ke[1], key + 8, key_len - 8);
memcpy(ke[2], key, 8);
- } else {
+ }
+ else
+ {
memcpy(ke[0], key, key_len);
memcpy(ke[1], key, key_len);
memcpy(ke[2], key, key_len);
@@ -4864,27 +5517,33 @@
/* Padding plaintext */
data_rest = in_len % 8;
- if (data_rest > 0) {
+ if (data_rest > 0)
+ {
len = in_len + (8 - data_rest);
ch = 8 - data_rest;
- } else {
+ }
+ else
+ {
len = in_len;
}
- if (*out_len < len || out == NULL) {
+ if (*out_len < len || out == NULL)
+ {
*out_len = len;
return -2;
}
*out_len = len;
src = (unsigned char *)malloc(len);
- if (src == NULL) {
+ if (src == NULL)
+ {
return -1;
}
memcpy(src, in, in_len);
- if (ch != '\0') {
- memset(src+in_len, ch, (8-data_rest));
+ if (ch != '\0')
+ {
+ memset(src + in_len, ch, (8 - data_rest));
}
/* Set cipher */
@@ -4895,7 +5554,7 @@
count = len / 8;
for (i = 0; i < count; i++)
{
- DES_ecb3_encrypt((const_DES_cblock*)(src+i*8), (DES_cblock*)(out+i*8), &ks[0], &ks[1], &ks[2], DES_ENCRYPT);
+ DES_ecb3_encrypt((const_DES_cblock *)(src + i * 8), (DES_cblock *)(out + i * 8), &ks[0], &ks[1], &ks[2], DES_ENCRYPT);
}
free(src);
@@ -4905,78 +5564,84 @@
static int
sec_generate_mobile_psk_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *sec_session = sec_data->session;
- char buf[IPSEC_PSK_LEN+1] = {0};
- char encrypted[IPSEC_PSK_LEN+1] = {0};
+ char buf[IPSEC_PSK_LEN + 1] = {0};
+ char encrypted[IPSEC_PSK_LEN + 1] = {0};
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing mobile psk,vsite is null");
return -1;
}
strncpy(buf, vsite->ipsec_config.psk, IPSEC_PSK_LEN);
- base64_encode_char(buf, strlen(buf), encrypted, IPSEC_PSK_LEN);
-
+ base64_encode_char(buf, strlen(buf), encrypted, IPSEC_PSK_LEN);
+
write_data(encrypted, cursor, strlen(encrypted), out_frame);
- return 1;
+ return 1;
}
/* Use vsite name and vsite ip to generate a string.
* This string will be used as the "PayloadUUID" in IOS profile.
*/
-static int
+static int
get_vsite_uuid(struct smanager_data *sec_data, char *buf, int size)
{
char tmp[VSITE_NAME_LEN + 9] = {0};
sec_vsite_t *vsite = sec_data->vsite_p;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
return -1;
}
-
+
memset(buf, 0, size);
snprintf(tmp, sizeof(tmp), "%s%x", vsite->name, sec_data->serverip);
- base64_encode_char(tmp, strlen(tmp), buf, size);
- return 1;
+ base64_encode_char(tmp, strlen(tmp), buf, size);
+ return 1;
}
static int
sec_generate_mobile_uuid_response(struct smanager_data *sec_data, char *uuid,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vsite = sec_data->vsite_p;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing mobile UUID,vsite is null");
return -1;
}
write_data(uuid, cursor, strlen(uuid), out_frame);
- return 1;
+ return 1;
}
static int
sec_generate_vod_ca_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
sec_vsite_t *vs = sec_data->vsite_p;
FILE *fp = NULL;
char buf[256] = {0};
- char cafile[MAXPATHLEN+1] = {0};
+ char cafile[MAXPATHLEN + 1] = {0};
- if (vs == NULL) {
+ if (vs == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing vod ca, vsite is null");
return -1;
}
snprintf(cafile, MAXPATHLEN, IPSEC_CLIENT_CA_FILE, vs->name);
fp = fopen(cafile, "r");
- if (!fp) {
+ if (!fp)
+ {
return -1;
}
- while (fgets(buf, 256, fp) != NULL) {
+ while (fgets(buf, 256, fp) != NULL)
+ {
write_data(buf, cursor, strlen(buf), out_frame);
}
fclose(fp);
@@ -4985,19 +5650,22 @@
static int
sec_generate_vod_domains_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor, int type)
+ struct frame **out_frame, uint8_t **cursor, int type)
{
sec_vsite_t *vs = sec_data->vsite_p;
ipsec_vod_domain_t *tmp_domain;
- char entry[COMMON_DOMAIN_LEN+20] = {0}; /* www.always.com */
+ char entry[COMMON_DOMAIN_LEN + 20] = {0}; /* www.always.com */
- if (vs == NULL) {
+ if (vs == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing vod domains always, vsite is null");
return -1;
}
- TAILQ_FOREACH(tmp_domain, &(vs->ipsec_config.vod_domain_q), next) {
- if (tmp_domain->type == type) {
+ TAILQ_FOREACH(tmp_domain, &(vs->ipsec_config.vod_domain_q), next)
+ {
+ if (tmp_domain->type == type)
+ {
snprintf(entry, sizeof(entry), "%s", tmp_domain->domain_name);
write_data(entry, cursor, strlen(entry), out_frame);
memset(entry, 0, sizeof(entry));
@@ -5009,21 +5677,21 @@
static int
sec_generate_vod_domains_always_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
return sec_generate_vod_domains_response(sec_data, out_frame, cursor, IPSEC_VOD_ALWAYS);
}
static int
sec_generate_vod_domains_never_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
- return sec_generate_vod_domains_response(sec_data, out_frame, cursor, IPSEC_VOD_NEVER);
+ return sec_generate_vod_domains_response(sec_data, out_frame, cursor, IPSEC_VOD_NEVER);
}
static int
sec_generate_vod_domains_onretry_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
return sec_generate_vod_domains_response(sec_data, out_frame, cursor, IPSEC_VOD_ONRETRY);
}
@@ -5032,7 +5700,7 @@
static int
sec_generate_welcome_js_response(struct smanager_data *sec_data,
- struct frame **out_frame, uint8_t **cursor)
+ struct frame **out_frame, uint8_t **cursor)
{
int32_t lang_str_len;
char *lang_string;
@@ -5054,167 +5722,214 @@
char clang[PORTAL_MESSAGE_LEN * 4 + 1] = {0};
sec_role_t *role_p = NULL;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing welcome js,vsite is null");
}
role_p = sec_session->role_list[0];
- if (role_p == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to get role in session");
- return SEC_FAIL;
- }
+ if (role_p == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to get role in session");
+ return SEC_FAIL;
+ }
#define write_data_str(str) write_data(str, cursor, sizeof(str) - 1, out_frame)
- if (sec_session->pic_url[0]) {
+ if (sec_session->pic_url[0])
+ {
write_data_str("var _AN_pic_url = \"");
lang_str_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", sec_session->pic_url);
write_data(portal_temp_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
}
- if (need_logout_link(sec_session, vsite)) {
+ if (need_logout_link(sec_session, vsite))
+ {
lang_string = "var _AN_needlogoutlink = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_needlogoutlink = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* nav bar */
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_ADD_NAVBAR) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_HTTP_BROWSE)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_HTTP_BROWSE))
+ {
lang_string = "var _AN_neednavbar = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_neednavbar = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
-
+
/* netpool winadmin */
- if (vpn_netpool_winadmin_available(sec_data->vsite_p, sec_data->session->vpn_netpools) == 0) {
+ if (vpn_netpool_winadmin_available(sec_data->vsite_p, sec_data->session->vpn_netpools) == 0)
+ {
lang_string = "var _AN_netpool_winadmin_available = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_netpool_winadmin_available = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
-
/* session management */
- if ((role_p->session_lifecycle_policy_p == NULL && SEC_ISSET(vsite->common_flags, SEC_SESS_EXT_ENABLED)) ||
- (role_p->session_lifecycle_policy_p != NULL && role_p->session_lifecycle_policy_p->session_ext == 1)) {
+ if ((role_p->session_lifecycle_policy_p == NULL && SEC_ISSET(vsite->common_flags, SEC_SESS_EXT_ENABLED)) ||
+ (role_p->session_lifecycle_policy_p != NULL && role_p->session_lifecycle_policy_p->session_ext == 1))
+ {
lang_string = "var _AN_enable_sess_mng = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_enable_sess_mng = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* bookmark show */
- if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_SHOW_BOOKMARK)) {
+ if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_SHOW_BOOKMARK))
+ {
lang_string = "var _AN_show_bookmark = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_show_bookmark = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* client security postlogin*/
- if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC) && vsite->client_sec_postlogin == 1) {
+ if (SEC_ISSET(vsite->common_flags, SEC_CLIENT_SEC) && vsite->client_sec_postlogin == 1)
+ {
lang_string = "var _AN_clientsecurity_postlogin_enable = true;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
lang_str_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "var _AN_clientsecurity_postlogin_interval = %d;\n", vsite->client_sec_postlogin_interval);
write_data(portal_temp_string, cursor, lang_str_len, out_frame);
- } else {
+ }
+ else
+ {
lang_string = "var _AN_clientsecurity_postlogin_enable = false;\nvar _AN_clientsecurity_postlogin_interval = 300;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
-
/* desktop show */
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_SHOW_DESKTOP) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
lang_string = "var _AN_show_desktop = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_show_desktop = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_SHOW_DESKTOP_REG) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
lang_string = "var _AN_show_desktop_reg = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_show_desktop_reg = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_MOTIONPRO_DETECT_PRELOGIN) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
- lang_string = "var _AN_motionpro_detect_prelogin = true;\n";
- } else {
- lang_string = "var _AN_motionpro_detect_prelogin = false;\n";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_MOTIONPRO_DETECT_PRELOGIN) &&
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
+ lang_string = "var _AN_motionpro_detect_prelogin = true;\n";
+ }
+ else
+ {
+ lang_string = "var _AN_motionpro_detect_prelogin = false;\n";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* desktop new window */
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_DESKTOP_NEWWINDOW) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
lang_string = "var _AN_desktop_newwindow = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_desktop_newwindow = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
-
+
/* desktop java client */
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_DESKTOP_JAVA) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
lang_string = "var _AN_desktop_java_client = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_desktop_java_client = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* desktop auto switch activex/java client */
if (SEC_ISSET(vsite->common_flags, (uint64_t)SEC_DESKTOP_AUTOSWITCH) &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS)) {
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_TCS))
+ {
lang_string = "var _AN_desktop_autoswitch = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_desktop_autoswitch = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* portal new windows */
- if (SEC_ISSET(vsite->common_flags, SEC_NEWWINDOWS)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_NEWWINDOWS))
+ {
lang_string = "var _AN_newwindows = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_newwindows = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* guacamole RDP URL */
- if (vsite->externalapp_rdp_guacamole_url[0] != 0) {
+ if (vsite->externalapp_rdp_guacamole_url[0] != 0)
+ {
write_data_str("var _AN_guacamole_url = \"");
lang_str_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", vsite->externalapp_rdp_guacamole_url);
write_data(portal_temp_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
lang_string = "var _AN_guacamole_url = \"\";\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
/* file server URL */
- if (vsite->externalapp_rdp_file_url[0] != 0) {
- write_data_str("var _AN_file_server_url = \"");
- lang_str_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", vsite->externalapp_rdp_file_url);
- write_data(portal_temp_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
- } else {
-
- lang_string = "var _AN_file_server_url = \"\";\n";
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- }
+ if (vsite->externalapp_rdp_file_url[0] != 0)
+ {
+ write_data_str("var _AN_file_server_url = \"");
+ lang_str_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", vsite->externalapp_rdp_file_url);
+ write_data(portal_temp_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+ }
+ else
+ {
+ lang_string = "var _AN_file_server_url = \"\";\n";
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ }
- /* portal new windows */
- if (SEC_ISSET(vsite->common_flags, SEC_AAA_SAMLIDP_ENABLED)) {
+ /* portal new windows */
+ if (SEC_ISSET(vsite->common_flags, SEC_AAA_SAMLIDP_ENABLED))
+ {
snprintf(str, 1024, "var _AN_logout_url = \"/prx/000/http/localhost/samlidp/%s/saml2/idp/SingleLogoutService.php?ReturnTo=/prx/000/http/localhost/logout\";\n", vsite->name);
-
- } else {
+ }
+ else
+ {
snprintf(str, 1024, "var _AN_logout_url = \"/prx/000/http/localhost/logout\";\n");
}
write_data(str, cursor, strlen(str), out_frame);
@@ -5223,10 +5938,12 @@
const char *aaa_filepath = "/var/crash/invalid_res.log";
FILE *file = fopen(aaa_filepath, "r");
- if (file == NULL) {
+ if (file == NULL)
+ {
snprintf(str, 1024, "var _AN_login_res_check = \"\";\n");
}
- else {
+ else
+ {
char buffer[1024];
size_t bytesRead = fread(buffer, 1, sizeof(buffer) - 1, file);
buffer[bytesRead] = '\0';
@@ -5237,7 +5954,8 @@
write_data(str, cursor, strlen(str), out_frame);
/* change password */
- if( vsite->aaa_configure == NULL || vsite->aaa_configure->aaa_on == AAA_IS_OFF || sec_session->method_id[0] == '\0' ) {
+ if (vsite->aaa_configure == NULL || vsite->aaa_configure->aaa_on == AAA_IS_OFF || sec_session->method_id[0] == '\0')
+ {
lang_string = "";
write_data_str("var _AN_changepassurl1 = \"\";\n");
write_data_str("var _AN_enable_changepass1 = false;\n");
@@ -5263,25 +5981,32 @@
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second3 = \"\";\n");
- } else {
+ }
+ else
+ {
/* get the aaa method */
- for( aaa_index = 0; aaa_index < METHOD_MAX; aaa_index++ ) {
- if( strcasecmp(vsite->aaa_configure->loginmethod[aaa_index].id,
- sec_session->method_id) == 0 ) {
+ for (aaa_index = 0; aaa_index < METHOD_MAX; aaa_index++)
+ {
+ if (strcasecmp(vsite->aaa_configure->loginmethod[aaa_index].id,
+ sec_session->method_id) == 0)
+ {
element = vsite->aaa_configure->loginmethod + aaa_index;
break;
}
}
-
- if (element != NULL) {
+
+ if (element != NULL)
+ {
passwd_change_page_t *pass_page = NULL;
- TAILQ_FOREACH(pass_page, &vsite->passwd_change_page_list, next_page) {
- if( strcasecmp(sec_session->method_id, pass_page->auth_method) == 0 )
+ TAILQ_FOREACH(pass_page, &vsite->passwd_change_page_list, next_page)
+ {
+ if (strcasecmp(sec_session->method_id, pass_page->auth_method) == 0)
break;
}
/* "portal custom changepassword" is set, we will only display this link and hide other links */
- if( pass_page != NULL ) {
+ if (pass_page != NULL)
+ {
sprintf(str, "var _AN_enable_changepass1 = true;\n");
write_data(str, cursor, strlen(str), out_frame);
sprintf(str, "var _AN_str_changepass1 = \"%s\";\n", sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len));
@@ -5289,18 +6014,24 @@
sprintf(str, "var _AN_changepassurl1 = \"");
write_data(str, cursor, strlen(str), out_frame);
/* check WRW and rewrite urlmask */
- if (SEC_ISSET(vsite->common_flags, SEC_WRM)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_WRM))
+ {
char *encoded_url = NULL;
int encoded_url_len = 0;
encoded_url_len = encode_url(pass_page->page_url, strlen(pass_page->page_url),
- vsite->common_flags, &encoded_url, sec_session->session_id);
- if (encoded_url_len) {
+ vsite->common_flags, &encoded_url, sec_session->session_id);
+ if (encoded_url_len)
+ {
write_data(encoded_url, cursor, encoded_url_len, out_frame);
free(encoded_url);
- } else {
+ }
+ else
+ {
write_data(pass_page->page_url, cursor, strlen(pass_page->page_url), out_frame);
}
- } else {
+ }
+ else
+ {
write_data(pass_page->page_url, cursor, strlen(pass_page->page_url), out_frame);
}
write_data_str("\";\n");
@@ -5326,294 +6057,341 @@
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second3 = \"\";\n");
- } else {
- if (element->multistep_switch == MULTSTEP_ON) {
- int i =0;
- for (i = 0; i < STEP_MAX; i++) {
- if (element->multistepServer[i].id[0] == '\0') {
- sprintf(str, "var _AN_enable_changepass%d = false;\n", i+1);
+ }
+ else
+ {
+ if (element->multistep_switch == MULTSTEP_ON)
+ {
+ int i = 0;
+ for (i = 0; i < STEP_MAX; i++)
+ {
+ if (element->multistepServer[i].id[0] == '\0')
+ {
+ sprintf(str, "var _AN_enable_changepass%d = false;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_changepass%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_changepassurl%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_changepassurl%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
continue;
}
/* case localdb changepassword*/
- if (element->multistepServer[i].type == TYPE_LOCALDB
- && SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS)) {
- sprintf(str, "var _AN_enable_changepass%d = true;\n", i+1);
+ if (element->multistepServer[i].type == TYPE_LOCALDB && SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS))
+ {
+ sprintf(str, "var _AN_enable_changepass%d = true;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"%s(%s)\";\n", i+1, sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len), ((struct server_ldb *)element->multistepServer[i].pointer)->disp);
+ sprintf(str, "var _AN_str_changepass%d = \"%s(%s)\";\n", i + 1, sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len), ((struct server_ldb *)element->multistepServer[i].pointer)->disp);
write_data(str, cursor, strlen(str), out_frame);
-
+
/* localdb default page */
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/passchange\";\n", i+1);
- } else {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/passchange\";\n", i+1);
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/passchange\";\n", i + 1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/passchange\";\n", i + 1);
}
write_data(str, cursor, strlen(str), out_frame);
-
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- } else if (element->multistepServer[i].type == TYPE_SMX) {
+ }
+ else if (element->multistepServer[i].type == TYPE_SMX)
+ {
/* case smx changepassword */
- sprintf(str, "var _AN_enable_changepass%d = true;\n", i+1);
+ sprintf(str, "var _AN_enable_changepass%d = true;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"%s(%s)\";\n", i+1, sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len), ((struct server_smx *)element->multistepServer[i].pointer)->disp);
+ sprintf(str, "var _AN_str_changepass%d = \"%s(%s)\";\n", i + 1, sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len), ((struct server_smx *)element->multistepServer[i].pointer)->disp);
write_data(str, cursor, strlen(str), out_frame);
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/smx?server=%s\";\n", i+1, element->multistepServer[i].id);
- } else {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/smx?server=%s\";\n", i+1, element->multistepServer[i].id);
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/smx?server=%s\";\n", i + 1, element->multistepServer[i].id);
+ }
+ else
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/smx?server=%s\";\n", i + 1, element->multistepServer[i].id);
}
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- } else if (element->multistepServer[i].type == TYPE_LDAP) {
+ }
+ else if (element->multistepServer[i].type == TYPE_LDAP)
+ {
/* case ldap changepassword */
- for (ldap_index = 0; ldap_index < SESSION_MAX_LDAP_HOST; ldap_index++) {
- if (sec_session->ldap_pwd_policy[ldap_index].server_id[0] != 0 &&
- strcasecmp(sec_session->ldap_pwd_policy[ldap_index].server_id, element->multistepServer[i].id) == 0) {
+ for (ldap_index = 0; ldap_index < SESSION_MAX_LDAP_HOST; ldap_index++)
+ {
+ if (sec_session->ldap_pwd_policy[ldap_index].server_id[0] != 0 &&
+ strcasecmp(sec_session->ldap_pwd_policy[ldap_index].server_id, element->multistepServer[i].id) == 0)
+ {
break;
}
}
- if (ldap_index < SESSION_MAX_LDAP_HOST) {
- time_to_expire_seconds_in_total = sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day * 86400
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour * 3600
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute * 60
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second;
- if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time) {
+ if (ldap_index < SESSION_MAX_LDAP_HOST)
+ {
+ time_to_expire_seconds_in_total = sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day * 86400 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour * 3600 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute * 60 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second;
+ if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time)
+ {
sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag = 1;
}
- if ((SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP_WARNING) && sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag == 1)
- || SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP)) {
- sprintf(str, "var _AN_enable_changepass%d = true;\n", i+1);
+ if ((SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP_WARNING) && sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag == 1) || SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP))
+ {
+ sprintf(str, "var _AN_enable_changepass%d = true;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/ldappasschange?server=%s\";\n", i+1, element->multistepServer[i].id);
- } else {
- sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/ldappasschange?server=%s\";\n", i+1, element->multistepServer[i].id);
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localh/ldappasschange?server=%s\";\n", i + 1, element->multistepServer[i].id);
+ }
+ else
+ {
+ sprintf(str, "var _AN_changepassurl%d = \"/prx/000/http/localhost/ldappasschange?server=%s\";\n", i + 1, element->multistepServer[i].id);
}
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"", i+1);
+ sprintf(str, "var _AN_str_changepass%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
lang_string = sec_language_get_msg(vsite->language, 657);
language_unescape(lang_string);
/* display server descritpion */
lang_string = strreplace(lang_string, SERVER_ID, sec_session->ldap_pwd_policy[ldap_index].server_description, NULL, 0);
-
- if (vsite->input_enc == HTML2BINARY) {
+
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
- sprintf(str, "var _AN_enable_changepass%d = false;\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_enable_changepass%d = false;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_changepass%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_changepassurl%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_changepassurl%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
- if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time) {
-
+ if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time)
+ {
+
/* "Your password for () will expire in" */
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
lang_string = sec_language_get_msg(vsite->language, 659);
language_unescape(lang_string);
/* display server descritpion */
lang_string = strreplace(lang_string, SERVER_ID, sec_session->ldap_pwd_policy[ldap_index].server_description, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
+
/* day */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0) {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"", i+1);
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0)
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 660);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 660);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_day, sizeof(time_to_expire_day), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_DAY_TAG, time_to_expire_day, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
/* hour */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0) {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"", i+1);
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0)
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 661);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 661);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_hour, sizeof(time_to_expire_hour), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_HOUR_TAG, time_to_expire_hour, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
/* minute */
if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0 ||
- sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0) {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"", i+1);
+ sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0)
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 662);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 662);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_minute, sizeof(time_to_expire_minute), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_MINUTE_TAG, time_to_expire_minute, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
/* second */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second > 0) {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"", i+1);
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second > 0)
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"", i + 1);
write_data(str, cursor, strlen(str), out_frame);
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 663);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 663);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_second, sizeof(time_to_expire_second), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_SECOND_TAG, time_to_expire_second, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
-
- } else {
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second = 0;
- } else {
- sprintf(str, "var _AN_enable_changepass%d = false;\n", i+1);
+ }
+ else
+ {
+ sprintf(str, "var _AN_enable_changepass%d = false;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_changepass%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_changepassurl%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_changepassurl%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
- } else {
+ }
+ else
+ {
/* other case, no need to change password*/
- sprintf(str, "var _AN_enable_changepass%d = false;\n", i+1);
+ sprintf(str, "var _AN_enable_changepass%d = false;\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_changepass%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_changepass%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_changepassurl%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_changepassurl%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_title%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_day%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_hour%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_minute%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
- sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i+1);
+ sprintf(str, "var _AN_str_msg_ldap_pwd_expiring_second%d = \"\";\n", i + 1);
write_data(str, cursor, strlen(str), out_frame);
}
}
- } else {
+ }
+ else
+ {
/* multi step off */
write_data_str("var _AN_changepassurl2 = \"\";\n");
write_data_str("var _AN_enable_changepass2 = false;\n");
@@ -5632,32 +6410,40 @@
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second3 = \"\";\n");
/* case localdb changepassword*/
- if (element->authenticateServer.type == TYPE_LOCALDB
- && SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS)) {
+ if (element->authenticateServer.type == TYPE_LOCALDB && SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS))
+ {
write_data_str("var _AN_enable_changepass1 = true;\n");
sprintf(str, "var _AN_str_changepass1 = \"%s\";\n", sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len));
write_data(str, cursor, strlen(str), out_frame);
/* localdb default page */
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localh/passchange\";\n");
- } else {
+ }
+ else
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localhost/passchange\";\n");
}
write_data(str, cursor, strlen(str), out_frame);
-
+
write_data_str("var _AN_str_msg_ldap_pwd_expiring_title1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_day1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second1 = \"\";\n");
- } else if (element->authenticateServer.type == TYPE_SMX) {
+ }
+ else if (element->authenticateServer.type == TYPE_SMX)
+ {
/* case smx changepassword */
write_data_str("var _AN_enable_changepass1 = true;\n");
sprintf(str, "var _AN_str_changepass1 = \"%s\";\n", sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len));
write_data(str, cursor, strlen(str), out_frame);
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localh/smx?server=%s\";\n", element->authenticateServer.id);
- } else {
+ }
+ else
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localhost/smx?server=%s\";\n", element->authenticateServer.id);
}
write_data(str, cursor, strlen(str), out_frame);
@@ -5666,145 +6452,173 @@
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second1 = \"\";\n");
- } else if (element->authenticateServer.type == TYPE_LDAP) {
+ }
+ else if (element->authenticateServer.type == TYPE_LDAP)
+ {
/* case ldap changepassword */
- for (ldap_index = 0; ldap_index < SESSION_MAX_LDAP_HOST; ldap_index++) {
- if (sec_session->ldap_pwd_policy[ldap_index].server_id[0] != 0 &&
- strcasecmp(sec_session->ldap_pwd_policy[ldap_index].server_id, element->authenticateServer.id) == 0) {
+ for (ldap_index = 0; ldap_index < SESSION_MAX_LDAP_HOST; ldap_index++)
+ {
+ if (sec_session->ldap_pwd_policy[ldap_index].server_id[0] != 0 &&
+ strcasecmp(sec_session->ldap_pwd_policy[ldap_index].server_id, element->authenticateServer.id) == 0)
+ {
break;
}
}
- if (ldap_index < SESSION_MAX_LDAP_HOST) {
- time_to_expire_seconds_in_total = sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day * 86400
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour * 3600
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute * 60
- + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second;
- if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time) {
+ if (ldap_index < SESSION_MAX_LDAP_HOST)
+ {
+ time_to_expire_seconds_in_total = sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day * 86400 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour * 3600 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute * 60 + sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second;
+ if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time)
+ {
sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag = 1;
}
- if ((SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP_WARNING) && sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag == 1)
- || SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP)) {
+ if ((SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP_WARNING) && sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_flag == 1) || SEC_ISSET(vsite->common_flags, (uint64_t)SEC_CHANGE_PASS_LDAP))
+ {
write_data_str("var _AN_enable_changepass1 = true;\n");
- if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT)) {
+ if (SEC_ISSET(sec_data->flags, SDAT_REQ_FROM_WCHAT))
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localh/ldappasschange?server=%s\";\n", element->authenticateServer.id);
- } else {
+ }
+ else
+ {
sprintf(str, "var _AN_changepassurl1 = \"/prx/000/http/localhost/ldappasschange?server=%s\";\n", element->authenticateServer.id);
}
write_data(str, cursor, strlen(str), out_frame);
sprintf(str, "var _AN_str_changepass1 = \"%s\";\n", sec_language_get_and_unescape_msg(vsite->language, 338, &lang_str_len));
write_data(str, cursor, strlen(str), out_frame);
- } else {
+ }
+ else
+ {
write_data_str("var _AN_changepassurl1 = \"\";\n");
write_data_str("var _AN_enable_changepass1 = false;\n");
write_data_str("var _AN_str_changepass1 = \"\";\n");
}
- if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time) {
+ if (time_to_expire_seconds_in_total > 0 && time_to_expire_seconds_in_total <= sec_session->ldap_pwd_policy[ldap_index].pwd_expire_warning_time)
+ {
/* "Your password will expire in" */
write_data_str("var _AN_str_msg_ldap_pwd_expiring_title1 = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 658, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
/* day */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0) {
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0)
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_day1 = \"");
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 660);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 660);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_day, sizeof(time_to_expire_day), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_DAY_TAG, time_to_expire_day, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_day1 = \"\";\n");
}
/* hour */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0) {
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0)
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour1 = \"");
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 661);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 661);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_hour, sizeof(time_to_expire_hour), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_HOUR_TAG, time_to_expire_hour, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour1 = \"\";\n");
}
/* minute */
if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute > 0 || sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day > 0 ||
- sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0) {
+ sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour > 0)
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute1 = \"");
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 662);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 662);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_minute, sizeof(time_to_expire_minute), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_MINUTE_TAG, time_to_expire_minute, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute1 = \"\";\n");
}
/* second */
- if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second > 0) {
+ if (sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second > 0)
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second1 = \"");
/*if (vsite->message != NULL) {
lang_string = vsite->message;
} else {*/
- lang_string = sec_language_get_msg(vsite->language, 663);
- language_unescape(lang_string);
+ lang_string = sec_language_get_msg(vsite->language, 663);
+ language_unescape(lang_string);
//}
snprintf(time_to_expire_second, sizeof(time_to_expire_second), "%d", sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second);
lang_string = strreplace(lang_string, LDAP_PWD_EXPIRING_SECOND_TAG, time_to_expire_second, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
write_data(&clang[0], cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- } else {
+ }
+ else
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second1 = \"\";\n");
}
- } else {
+ }
+ else
+ {
write_data_str("var _AN_str_msg_ldap_pwd_expiring_title1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_day1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute1 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second1 = \"\";\n");
}
-
+
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_day = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_hour = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_minute = 0;
sec_session->ldap_pwd_policy[ldap_index].time_to_expire_second = 0;
}
-
- } else {
+ }
+ else
+ {
write_data_str("var _AN_changepassurl1 = \"\";\n");
write_data_str("var _AN_enable_changepass1 = false;\n");
write_data_str("var _AN_str_changepass1 = \"\";\n");
@@ -5816,7 +6630,9 @@
}
}
}
- } else {
+ }
+ else
+ {
write_data_str("var _AN_changepassurl1 = \"\";\n");
write_data_str("var _AN_enable_changepass1 = false;\n");
write_data_str("var _AN_str_changepass1 = \"\";\n");
@@ -5841,29 +6657,36 @@
write_data_str("var _AN_str_msg_ldap_pwd_expiring_hour3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_minute3 = \"\";\n");
write_data_str("var _AN_str_msg_ldap_pwd_expiring_second3 = \"\";\n");
- }
+ }
}
- if (SEC_ISSET(vsite->common_flags, SEC_FILESHARE_CIFS)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_FILESHARE_CIFS))
+ {
lang_string = "var _AN_enable_fileshare = true;\n";
- } else {
+ }
+ else
+ {
lang_string = "var _AN_enable_fileshare = false;\n";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- if (SEC_ISSET(vsite->common_flags, SEC_WRM)) {
- lang_string = "var _AN_enable_rewrite = true;\n";
- } else {
- lang_string = "var _AN_enable_rewrite = false;\n";
- }
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ if (SEC_ISSET(vsite->common_flags, SEC_WRM))
+ {
+ lang_string = "var _AN_enable_rewrite = true;\n";
+ }
+ else
+ {
+ lang_string = "var _AN_enable_rewrite = false;\n";
+ }
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("var _AN_enable_vpn = ");
lang_string = "false";
- if( vsite->vvs != NULL && vsite->vvs->vv_state == 1 &&
- /* CLI 'vpn on', then check the vpn netpool according to the role */
- vpn_get_netpool(vsite, sec_session->vpn_netpools) != NULL &&
- HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_VPN) ) {
+ if (vsite->vvs != NULL && vsite->vvs->vv_state == 1 &&
+ /* CLI 'vpn on', then check the vpn netpool according to the role */
+ vpn_get_netpool(vsite, sec_session->vpn_netpools) != NULL &&
+ HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_VPN))
+ {
lang_string = "true";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
@@ -5871,45 +6694,47 @@
write_data_str("var _AN_enable_l2tp = ");
lang_string = "false";
- if(SEC_ISSET(vsite->common_flags, SEC_IPSEC_ENABLE)) {
+ if (SEC_ISSET(vsite->common_flags, SEC_IPSEC_ENABLE))
+ {
lang_string = "true";
}
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str(";\n");
-
+
write_data_str("var _AN_user = \"");
- char * uname = malloc(strlen(sec_session->username) * 5 + 1);
- if(uname != NULL) {
- convert_char_for_http_show(sec_session->username, uname);
+ char *uname = malloc(strlen(sec_session->username) * 5 + 1);
+ if (uname != NULL)
+ {
+ convert_char_for_http_show(sec_session->username, uname);
}
lang_string = uname ? uname : sec_session->username;
- if(lang_string)
+ if (lang_string)
lang_str_len = strlen(lang_string);
else
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER,
- "user name lang_string is NULL");
+ "user name lang_string is NULL");
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- if(uname != NULL) {
+ if (uname != NULL)
+ {
free(uname);
uname = NULL;
}
-
write_data_str("var _AN_str_logout = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 330, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_bookmark_links = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 761, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_add_bookmark = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 762, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 330, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_bookmark_links = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 761, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_add_bookmark = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 762, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
write_data_str("var _AN_str_dd = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 745, &lang_str_len);
@@ -5921,146 +6746,149 @@
write_data_str("\";\n");
write_data_str("var _AN_str_help = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 329, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_add = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 775, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_edit = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 776, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_delete = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 777, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_del_bookmark = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 778, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_edit_bookmark = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 779, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_delete_bookmark = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 780, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_disconn = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 781, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_pls = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 782, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_install = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 783, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_download = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 784, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_reload = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 785, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_detecting = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 786, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_disconnect = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 787, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn1 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 788, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn2 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 789, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn3 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 790, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn4 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 791, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn5 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 792, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn6 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 793, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn7 = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 794, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_vpn_if = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 795, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_dd_vdi = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 796, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_dd_uname = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 797, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_dd_pwd = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 798, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_dd_ca = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 799, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_h5_dd_powerup = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 800, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 329, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_add = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 775, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_edit = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 776, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_delete = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 777, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_del_bookmark = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 778, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_edit_bookmark = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 779, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_delete_bookmark = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 780, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_disconn = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 781, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_pls = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 782, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_install = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 783, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_download = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 784, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_reload = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 785, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_detecting = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 786, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_disconnect = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 787, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn1 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 788, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn2 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 789, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn3 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 790, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn4 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 791, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn5 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 792, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn6 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 793, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn7 = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 794, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_vpn_if = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 795, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_dd_vdi = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 796, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_dd_uname = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 797, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_dd_pwd = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 798, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_dd_ca = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 799, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_h5_dd_powerup = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 800, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
/* title in page */
write_data_str("var _AN_str_pagetitle = \"");
- if (vsite->title != NULL) {
+ if (vsite->title != NULL)
+ {
lang_string = vsite->title;
- } else {
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 333, &lang_str_len);
+ }
+ else
+ {
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 333, &lang_str_len);
}
memset(clang, 0, PORTAL_MESSAGE_LEN * 4);
lang_str_len = portal_message_convert_for_document_write(lang_string, &clang[0]);
@@ -6069,20 +6897,25 @@
/* for portal message welcome */
write_data_str("var _AN_str_msg_welcome = \"");
- if (vsite->message != NULL) {
+ if (vsite->message != NULL)
+ {
lang_string = vsite->message;
- } else {
- lang_string = sec_language_get_msg(vsite->language, 343);
+ }
+ else
+ {
+ lang_string = sec_language_get_msg(vsite->language, 343);
language_unescape(lang_string);
}
uname = malloc(strlen(sec_session->username) * 5 + 1);
- if(uname != NULL) {
+ if (uname != NULL)
+ {
convert_char_for_http_show(sec_session->username, uname);
}
lang_string = strreplace(lang_string, USER_TAG, uname ? uname : sec_session->username, tmp_replace_buffer, 4096);
lang_string = strreplace(lang_string, PRODUCT_TAG, ARRAY_PRODINFO_NAME, NULL, 0);
- if (vsite->input_enc == HTML2BINARY) {
+ if (vsite->input_enc == HTML2BINARY)
+ {
lang_string = strhtml2binary(lang_string, &lang_str_len);
}
/*
@@ -6092,105 +6925,118 @@
*/
write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\";\n");
- if(uname != NULL) {
+ if (uname != NULL)
+ {
free(uname);
uname = NULL;
}
write_data_str("var _AN_str_title_welcome = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 333, &lang_str_len);
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 333, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
- write_data_str("var _AN_str_weblinks = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 334, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("var _AN_str_weblinks = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 334, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
write_data_str("var _AN_str_userresourcelinks = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 760, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 760, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
- write_data_str("var _AN_str_networkresource = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 337, &lang_str_len);
+ write_data_str("var _AN_str_networkresource = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 337, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
write_data_str("var _AN_str_startvpn = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 371, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- write_data_str("var _AN_str_filelinks = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 335, &lang_str_len);
+ write_data_str("var _AN_str_filelinks = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 335, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_browse = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 345, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
+
+ write_data_str("var _AN_str_go = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 121, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
- write_data_str("var _AN_str_browse = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 345, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_go = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 121, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
-
- write_data_str("var _AN_str_noweblinks = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 347, &lang_str_len);
- write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("var _AN_str_noweblinks = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 347, &lang_str_len);
+ write_data(lang_string, cursor, lang_str_len, out_frame);
+ write_data_str("\";\n");
- write_data_str("var _AN_str_nofilelinks = \"");
- lang_string = sec_language_get_and_unescape_msg(vsite->language, 132, &lang_str_len);
+ write_data_str("var _AN_str_nofilelinks = \"");
+ lang_string = sec_language_get_and_unescape_msg(vsite->language, 132, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
- write_data_str("\";\n");
+ write_data_str("\";\n");
lang_string = "var _AN_str_nonetworkresource = \"No network resources\";\n";
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
/* user resource links */
sec_generate_userresourcelinks_response(sec_data, out_frame, cursor);
/* web links */
- if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_HTTP)) {
+ if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_HTTP))
+ {
sec_generate_weblinks_response(sec_data, out_frame, cursor);
}
/* fileshare links */
- if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_FILE) &&
- SEC_ISSET(vsite->common_flags, SEC_FILESHARE_CIFS)) {
+ if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_FILE) &&
+ SEC_ISSET(vsite->common_flags, SEC_FILESHARE_CIFS))
+ {
sec_generate_filelinks_response(sec_data, out_frame, cursor);
}
/* network resource list */
- if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_VPN)) {
+ if (HTTP_FLAG_ISSET(sec_session->privileges, CLIENT_SEC_VPN))
+ {
sec_generate_networkresource_response(sec_data, out_frame, cursor);
}
netpool_flags = vpn_get_netpool_flags(vsite, sec_session->vpn_netpools);
- if ((netpool_flags & VPN_NETPOOL_JAVA) != 0) {
+ if ((netpool_flags & VPN_NETPOOL_JAVA) != 0)
+ {
lang_string = "var _AN_activex_client = 0;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
lang_string = "var _AN_java_client = 1;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- } else {
+ }
+ else
+ {
lang_string = "var _AN_activex_client = 1;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
lang_string = "var _AN_java_client = 0;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
- if ((netpool_flags & VPN_NETPOOL_AUTOSWITH) != 0) {
+ if ((netpool_flags & VPN_NETPOOL_AUTOSWITH) != 0)
+ {
lang_string = "var _AN_autoswitch = 1;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- } else {
+ }
+ else
+ {
lang_string = "var _AN_autoswitch = 0;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
-
- lang_string = "var _AN_auto = 0;\n";
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
- if ((netpool_flags & VPN_NETPOOL_AUTOLAUNCH) != 0) {
+ lang_string = "var _AN_auto = 0;\n";
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
+
+ if ((netpool_flags & VPN_NETPOOL_AUTOLAUNCH) != 0)
+ {
lang_string = "var _AN_autolaunch_enable = 1;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
- } else {
+ }
+ else
+ {
lang_string = "var _AN_autolaunch_enable = 0;\n";
write_data(lang_string, cursor, strlen(lang_string), out_frame);
}
@@ -6206,8 +7052,8 @@
write_data_str("\";\n");
write_data_str("var _AN_str_portallanguage = \"");
- lang_string = sec_portal_language_id_to_name(vsite->language);
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ lang_string = sec_portal_language_id_to_name(vsite->language);
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
write_data_str("\";\n");
write_data_str("var _AN_str_localcheck_errmsg = \"");
@@ -6215,31 +7061,31 @@
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
- //Your computer does not appear to have a Java Virtual Machine installed
+ // Your computer does not appear to have a Java Virtual Machine installed
write_data_str("var _AN_str_fail_needJVM = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 615, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
- //Failed to installJava component
+
+ // Failed to installJava component
write_data_str("var _AN_str_fail_insJAVA = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 616, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
- //ActiveX is enabled for VPN initiation and the adminstrator does not allow to switch to Java component
+
+ // ActiveX is enabled for VPN initiation and the adminstrator does not allow to switch to Java component
write_data_str("var _AN_str_fail_enActiveX = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 617, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
- //Failed to initiate VPN Java component
+
+ // Failed to initiate VPN Java component
write_data_str("var _AN_str_fail_initJAVA = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 618, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
write_data_str("\";\n");
-
- //Thisfeature is not supported with Windows 98 or Windows Me
+
+ // Thisfeature is not supported with Windows 98 or Windows Me
write_data_str("var _AN_str_fail_Win98me = \"");
lang_string = sec_language_get_and_unescape_msg(vsite->language, 619, &lang_str_len);
write_data(lang_string, cursor, lang_str_len, out_frame);
@@ -6255,7 +7101,7 @@
/*
lang_string = "var _AN_file_list = [ ];\n";
- write_data(lang_string, cursor, strlen(lang_string), out_frame);
+ write_data(lang_string, cursor, strlen(lang_string), out_frame);
*/
#undef write_data_str
return 1;
@@ -6268,9 +7114,10 @@
uint8_t *cursor = NULL;
in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
- return SEC_FAIL;
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in create_login_js_response");
+ return SEC_FAIL;
}
cursor = in_frame->f_data;
in_frame->f_datalen = 0;
@@ -6279,14 +7126,17 @@
sec_generate_welcome_js_response(sec_data, &out_frame, &cursor);
sec_data->response = create_http_response_with_bookmark(OK, in_frame,
- 0, NULL, NULL,
- "text/javascript", NULL, sec_data,
- NULL, 0, 0);
- if (sec_data->response == NULL) {
+ 0, NULL, NULL,
+ "text/javascript", NULL, sec_data,
+ NULL, 0, 0);
+ if (sec_data->response == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing ai welcome js response fail");
parser_frame_chain_free(in_frame);
return SEC_FAIL;
- } else {
+ }
+ else
+ {
HTTP_FLAG_SET(sec_data->response->f_flags, HTTP_PFRAME_FREE_IN_CALLBACK);
}
@@ -6306,70 +7156,80 @@
char unescape_sso_url[SEC_MAX_URL_LEN + 1] = {0};
int32_t url_len = 0;
char tmp_post_url[HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 16]; /* http(s)://host:port/url */
- char * tmp_url_p;
- char *url_type;/* web, quicklink or innerlink */
+ char *tmp_url_p;
+ char *url_type; /* web, quicklink or innerlink */
sec_vsite_t *vsite = sec_data->vsite_p;
sec_session_t *sec_session = sec_data->session;
- struct sso_post_list *sso_queue_p = &vsite->sso_post_rules.queue;
- patricia_tree_t *sso_tree_p = &vsite->sso_post_rules.tree;;
- patricia_node_t *patr_node_p;
- sso_post_rule_t *cur_rule_p;
- char sso_post_key[HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 2];/* the max length = hostname + '/' + url */
+ struct sso_post_list *sso_queue_p = &vsite->sso_post_rules.queue;
+ patricia_tree_t *sso_tree_p = &vsite->sso_post_rules.tree;
+ ;
+ patricia_node_t *patr_node_p;
+ sso_post_rule_t *cur_rule_p;
+ char sso_post_key[HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 2]; /* the max length = hostname + '/' + url */
#define HTTP "http"
#define HTTPS "https"
-
-
in_frame = parser_frame_alloc();
- if (in_frame == NULL) {
- ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in sec_generate_sso_response");
- return SEC_FAIL;
+ if (in_frame == NULL)
+ {
+ ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Failed to allocate a frame in sec_generate_sso_response");
+ return SEC_FAIL;
}
cursor = in_frame->f_data;
in_frame->f_datalen = 0;
out_frame = in_frame;
- if (vsite == NULL) {
+ if (vsite == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "Writing sso.html,vsite is null");
return SEC_FAIL;
}
/* validate & parse query string */
- if (sec_data->req_parser_info.url_host.url_len > SEC_MAX_URL_LEN) {
+ if (sec_data->req_parser_info.url_host.url_len > SEC_MAX_URL_LEN)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "url is too long.");
return SEC_FAIL;
}
-
- /* check whether should send HardwareID when doing sso post */
- if (strstr(sec_data->req_parser_info.url_host.url_p, "&hwid_str=") != 0) {
+ /* check whether should send HardwareID when doing sso post */
+ if (strstr(sec_data->req_parser_info.url_host.url_p, "&hwid_str=") != 0)
+ {
sendHWID = 1;
- } else {
+ }
+ else
+ {
sendHWID = 0;
}
if (strstr(sec_data->req_parser_info.url_host.url_p, "?ssourl=") != NULL &&
- strstr(sec_data->req_parser_info.url_host.url_p, "&format=") != NULL) {
+ strstr(sec_data->req_parser_info.url_host.url_p, "&format=") != NULL)
+ {
char *str1, *str2, *token, *subtoken;
char *saveptr1, *saveptr2;
- int32_t j,k;
+ int32_t j, k;
- for (j = 1, str1 = sec_data->req_parser_info.url_host.url_p; ; j++, str1 = NULL) {
+ for (j = 1, str1 = sec_data->req_parser_info.url_host.url_p;; j++, str1 = NULL)
+ {
token = strtok_r(str1, "?& ", &saveptr1);
if (token == NULL)
break;
- for (k=1, str2 = token; ; k++, str2 = NULL) {
+ for (k = 1, str2 = token;; k++, str2 = NULL)
+ {
subtoken = strtok_r(str2, "=", &saveptr2);
if (subtoken == NULL)
break;
- if(j == 2 && k ==2)sso_url = subtoken;
- if(j == 3 && k ==2){
+ if (j == 2 && k == 2)
+ sso_url = subtoken;
+ if (j == 3 && k == 2)
+ {
url_type = subtoken;
}
- if(j == 4 && k ==2){
+ if (j == 4 && k == 2)
+ {
hwid_str = subtoken;
break;
}
@@ -6378,61 +7238,79 @@
unescape_string(sso_url, strlen(sso_url), unescape_sso_url, &url_len, SEC_MAX_URL_LEN);
/* check sso config */
- if(vsite->sso_post_rules.num_rules > 0) {
- if(strncasecmp("web", url_type, strlen("web")) == 0) {//WRM
+ if (vsite->sso_post_rules.num_rules > 0)
+ {
+ if (strncasecmp("web", url_type, strlen("web")) == 0)
+ { // WRM
char *scheme = NULL;
- if(strncasecmp(HTTPS, unescape_sso_url + strlen("/prx/000/"), strlen(HTTPS)) == 0) {
- scheme = HTTPS;
- } else {
- scheme = HTTP;
+ if (strncasecmp(HTTPS, unescape_sso_url + strlen("/prx/000/"), strlen(HTTPS)) == 0)
+ {
+ scheme = HTTPS;
+ }
+ else
+ {
+ scheme = HTTP;
}
bcopy(strstr(unescape_sso_url, scheme) + strlen(scheme) + 1, sso_post_key, url_len);
- if (sso_post_key[url_len - 1] == ' ') {
+ if (sso_post_key[url_len - 1] == ' ')
+ {
sso_post_key[url_len - 1] = '\0';
- } else {
+ }
+ else
+ {
sso_post_key[url_len] = '\0';
}
patr_node_p = patricia_insearch(sso_tree_p, sso_post_key,
- strlen(sso_post_key), PATRICIA_MATCH_EXACT);
- if (patr_node_p != NULL) {/* hit sso config */
- int encoded_url_len = 0;
- char* encoded_url = NULL;
+ strlen(sso_post_key), PATRICIA_MATCH_EXACT);
+ if (patr_node_p != NULL)
+ { /* hit sso config */
+ int encoded_url_len = 0;
+ char *encoded_url = NULL;
hitSSO = 1;
-
+
/* found the URL in the vsite SSO post configuration */
cur_rule_p = (sso_post_rule_t *)patr_node_p->data;
- if (strlen(cur_rule_p->post_url) != 0) {
-
+ if (strlen(cur_rule_p->post_url) != 0)
+ {
+
tmp_url_p = cur_rule_p->post_url;
- } else {
+ }
+ else
+ {
tmp_url_p = cur_rule_p->login_url;
}
- if (tmp_url_p[0] == '/') {
+ if (tmp_url_p[0] == '/')
+ {
tmp_url_p++;
}
- if (strlen(cur_rule_p->post_host) != 0) {
+ if (strlen(cur_rule_p->post_host) != 0)
+ {
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s://%s/%s", scheme, cur_rule_p->post_host, tmp_url_p);
- } else {
+ }
+ else
+ {
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s://%s/%s", scheme, cur_rule_p->hostname, tmp_url_p);
-
}
portal_temp_string[url_len] = '\0';
- encoded_url_len = encode_url(portal_temp_string, url_len, vsite->common_flags, &encoded_url, sec_session->session_id);
- if (encoded_url_len) {
+ encoded_url_len = encode_url(portal_temp_string, url_len, vsite->common_flags, &encoded_url, sec_session->session_id);
+ if (encoded_url_len)
+ {
encoded_url[encoded_url_len] = '\0';
url_len = snprintf(tmp_post_url, HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 16, "%s", encoded_url);
-
- } else {
+ }
+ else
+ {
url_len = snprintf(tmp_post_url, HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 16, "%s", portal_temp_string);
}
tmp_post_url[url_len] = '\0';
}
-
- } else if(strncasecmp("quicklink", url_type, strlen("quicklink")) == 0) {//Quicklink
+ }
+ else if (strncasecmp("quicklink", url_type, strlen("quicklink")) == 0)
+ { // Quicklink
/* parse quicklink orignal URL */
char *str1, *str2, *token, *subtoken;
char *saveptr1, *saveptr2;
- int32_t j,k;
+ int32_t j, k;
char *resource_id = NULL;
char *url = NULL;
sec_quicklink_info_t *quicklink_info = NULL;
@@ -6440,156 +7318,207 @@
/* parse Quicklink resource_id & url */
if (strstr(unescape_sso_url, "?resource_id=") == NULL ||
- strstr(unescape_sso_url, "&url=") == NULL) {
+ strstr(unescape_sso_url, "&url=") == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to parse ssourl for quicklink.");
return SEC_FAIL;
}
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s", unescape_sso_url);
portal_temp_string[url_len] = '\0';
- for (j = 1, str1 = portal_temp_string; ; j++, str1 = NULL) {
+ for (j = 1, str1 = portal_temp_string;; j++, str1 = NULL)
+ {
token = strtok_r(str1, "?&", &saveptr1);
if (token == NULL)
break;
- for (k=1, str2 = token; ; k++, str2 = NULL) {
+ for (k = 1, str2 = token;; k++, str2 = NULL)
+ {
subtoken = strtok_r(str2, "=", &saveptr2);
if (subtoken == NULL)
break;
- if(j == 2 && k ==2)resource_id = subtoken;
- if(j == 3 && k ==2){
+ if (j == 2 && k == 2)
+ resource_id = subtoken;
+ if (j == 3 && k == 2)
+ {
url = subtoken;
break;
}
}
}
- if(resource_id == NULL || url == NULL){
+ if (resource_id == NULL || url == NULL)
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to parse ssourl for quicklink.");
return SEC_FAIL;
}
- TAILQ_FOREACH(quicklink_detail, &vsite->quicklink_detail_list, next_info) {
- if(strlen(resource_id) == strlen(quicklink_detail->quicklink_id->resource_id)
- && strncmp(quicklink_detail->quicklink_id->resource_id, resource_id, strlen(resource_id)) == 0
- && quicklink_detail->is_link) {
+ TAILQ_FOREACH(quicklink_detail, &vsite->quicklink_detail_list, next_info)
+ {
+ if (strlen(resource_id) == strlen(quicklink_detail->quicklink_id->resource_id) && strncmp(quicklink_detail->quicklink_id->resource_id, resource_id, strlen(resource_id)) == 0 && quicklink_detail->is_link)
+ {
quicklink_info = quicklink_detail->quicklink_id;
bcopy(quicklink_detail->backend_url + quicklink_detail->scheme_len + 3, sso_post_key,
- strlen(quicklink_detail->backend_url + quicklink_detail->scheme_len + 3));
+ strlen(quicklink_detail->backend_url + quicklink_detail->scheme_len + 3));
bcopy(url, sso_post_key + (strlen(quicklink_detail->backend_url + quicklink_detail->scheme_len + 3) - 1),
- strlen(url));
+ strlen(url));
sso_post_key[strlen(url) + strlen(quicklink_detail->backend_url + quicklink_detail->scheme_len + 3) - 1] = '\0';
patr_node_p = patricia_insearch(sso_tree_p, sso_post_key,
- strlen(sso_post_key), PATRICIA_MATCH_EXACT);
- if (patr_node_p != NULL) {/* hit SSO config */
+ strlen(sso_post_key), PATRICIA_MATCH_EXACT);
+ if (patr_node_p != NULL)
+ { /* hit SSO config */
char *scheme = NULL;
- int encoded_url_len = 0;
- char* encoded_url = NULL;
+ int encoded_url_len = 0;
+ char *encoded_url = NULL;
hitSSO = 1;
- if(strncasecmp(HTTPS, quicklink_detail->backend_url, strlen(HTTPS)) == 0) {
+ if (strncasecmp(HTTPS, quicklink_detail->backend_url, strlen(HTTPS)) == 0)
+ {
scheme = HTTPS;
- } else {
+ }
+ else
+ {
scheme = HTTP;
}
hitSSO = 1;
/* found the URL in the vsite SSO post configuration */
cur_rule_p = (sso_post_rule_t *)patr_node_p->data;
- if (strlen(cur_rule_p->post_url) != 0) {
+ if (strlen(cur_rule_p->post_url) != 0)
+ {
tmp_url_p = cur_rule_p->post_url;
- } else {
+ }
+ else
+ {
tmp_url_p = cur_rule_p->login_url;
}
- if (tmp_url_p[0] == '/') {
+ if (tmp_url_p[0] == '/')
+ {
tmp_url_p++;
}
if (strlen(cur_rule_p->post_host) == 0 ||
- (strlen(cur_rule_p->post_host) == strlen(cur_rule_p->hostname) &&
- strncasecmp(cur_rule_p->hostname, cur_rule_p->post_host, strlen(cur_rule_p->post_host)) == 0)) {
+ (strlen(cur_rule_p->post_host) == strlen(cur_rule_p->hostname) &&
+ strncasecmp(cur_rule_p->hostname, cur_rule_p->post_host, strlen(cur_rule_p->post_host)) == 0))
+ {
char req_domain[SEC_MAX_URL_LEN];
char *colon_pos = NULL;
snprintf(req_domain, SEC_MAX_URL_LEN, "%s", sec_data->req_domain);
- if (DOMAIN_IS_IPV6_ADDRESS(req_domain)) {
+ if (DOMAIN_IS_IPV6_ADDRESS(req_domain))
+ {
colon_pos = strchr(req_domain, ']');
- if (colon_pos) {
+ if (colon_pos)
+ {
colon_pos = strchr(colon_pos, ':');
}
- } else {
+ }
+ else
+ {
colon_pos = strchr(req_domain, ':');
}
- if (colon_pos != NULL) {
+ if (colon_pos != NULL)
+ {
*colon_pos = '\0';
}
/* sso login host equals post host */
- if (quicklink_info->port) {/*Quicklink Port mode */
+ if (quicklink_info->port)
+ { /*Quicklink Port mode */
sprintf(tmp_post_url, "https://%s:%d/%s", req_domain, quicklink_info->port, tmp_url_p);
- } else if (quicklink_info->hostname[0]) {/*Quicklink Hostname mode */
- if(!sec_data->req_port){
+ }
+ else if (quicklink_info->hostname[0])
+ { /*Quicklink Hostname mode */
+ if (!sec_data->req_port)
+ {
sprintf(tmp_post_url, "https://%s/%s", quicklink_info->hostname, tmp_url_p);
- } else {
+ }
+ else
+ {
sprintf(tmp_post_url, "https://%s:%d/%s", quicklink_info->hostname, sec_data->req_port, tmp_url_p);
}
- } else if (quicklink_info->pathname[0]) {/*Quicklink Path mode */
+ }
+ else if (quicklink_info->pathname[0])
+ { /*Quicklink Path mode */
sprintf(tmp_post_url, "https://%s/%s%s", sec_data->req_domain, quicklink_info->pathname, tmp_url_p);
- } else {
+ }
+ else
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to parse quicklink info.");
return SEC_FAIL;
}
- } else {/* sso login host is defferent from sso post host */
+ }
+ else
+ { /* sso login host is defferent from sso post host */
url_len = snprintf(portal_temp_string, MAX_APP_PRINT_SIZE, "%s://%s/%s", scheme, cur_rule_p->post_host, tmp_url_p);
portal_temp_string[url_len] = '\0';
- encoded_url_len = encode_url(portal_temp_string, url_len, vsite->common_flags, &encoded_url, sec_session->session_id);
- if (encoded_url_len) {
+ encoded_url_len = encode_url(portal_temp_string, url_len, vsite->common_flags, &encoded_url, sec_session->session_id);
+ if (encoded_url_len)
+ {
encoded_url[encoded_url_len] = '\0';
url_len = snprintf(tmp_post_url, HOST_MAX_LENGTH + SEC_MAX_URL_LEN + 16, "%s", encoded_url);
tmp_post_url[url_len] = '\0';
- } else {
+ }
+ else
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to encode wrm url.");
return SEC_FAIL;
}
-
}
-
}
}
}
-
- } else if(strncasecmp("innerlink", url_type, strlen("innerlink")) == 0) {//Direct Link
- bcopy(strstr(unescape_sso_url,"://")+3, sso_post_key, url_len);
- if (sso_post_key[url_len - 1] == ' ') {
+ }
+ else if (strncasecmp("innerlink", url_type, strlen("innerlink")) == 0)
+ { // Direct Link
+ bcopy(strstr(unescape_sso_url, "://") + 3, sso_post_key, url_len);
+ if (sso_post_key[url_len - 1] == ' ')
+ {
sso_post_key[url_len - 1] = '\0';
- } else {
+ }
+ else
+ {
sso_post_key[url_len] = '\0';
}
patr_node_p = patricia_insearch(sso_tree_p, sso_post_key,
- strlen(sso_post_key), PATRICIA_MATCH_EXACT);
- if (patr_node_p != NULL) {/* hit sso config */
+ strlen(sso_post_key), PATRICIA_MATCH_EXACT);
+ if (patr_node_p != NULL)
+ { /* hit sso config */
char *scheme = NULL;
hitSSO = 1;
- if(strncasecmp(HTTPS, unescape_sso_url, strlen(HTTPS)) == 0) {
+ if (strncasecmp(HTTPS, unescape_sso_url, strlen(HTTPS)) == 0)
+ {
scheme = HTTPS;
- } else {
+ }
+ else
+ {
scheme = HTTP;
}
/* found the URL in the vsite SSO post configuration */
cur_rule_p = (sso_post_rule_t *)patr_node_p->data;
- if (strlen(cur_rule_p->post_url) != 0) {
+ if (strlen(cur_rule_p->post_url) != 0)
+ {
tmp_url_p = cur_rule_p->post_url;
- } else {
+ }
+ else
+ {
tmp_url_p = cur_rule_p->login_url;
}
- if (tmp_url_p[0] == '/') {
+ if (tmp_url_p[0] == '/')
+ {
tmp_url_p++;
}
- if (strlen(cur_rule_p->post_host) != 0) {
+ if (strlen(cur_rule_p->post_host) != 0)
+ {
sprintf(tmp_post_url, "%s://%s/%s", scheme, cur_rule_p->post_host, tmp_url_p);
- } else {
+ }
+ else
+ {
sprintf(tmp_post_url, "%s://%s/%s", scheme, cur_rule_p->hostname, tmp_url_p);
}
}
-
- } else {
+ }
+ else
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to parse querystring: format for sso.");
return SEC_FAIL;
}
}
- } else {
+ }
+ else
+ {
ulog_error_conn(sec_data->client_conn, AMP_ULOG_SMANAGER, "fail to parse url of sso.html.");
return SEC_FAIL;
}
@@ -6601,11 +7530,14 @@
write_data_str("SSO\n");
write_data_str("\n");
write_data_str("\n");
- if (hitSSO ==1) {
+ if (hitSSO == 1)
+ {
int ret = 0;
char prefix[SEC_UNAME_LEN + 1] = {'\0'};
char postfix[SEC_UNAME_LEN + 1] = {'\0'};
char namefield[SEC_UNAME_LEN + 1] = {'\0'};
BOOL extra = FALSE;
char *ptmp = NULL;
-
+
/* extract prefix/postfix and real uname field */
- ret = sscanf(cur_rule_p->uname_id, "%[^<]<%[^>]>%s", prefix, namefield, postfix);
- if (ret == 1) { //not found <>, no prefix or postfix
- //not handle it
- } else if (ret == 0) {// only postfix, like @aaabb
- ret = sscanf(cur_rule_p->uname_id, "<%[^>]>%s", namefield, postfix);
+ ret = sscanf(cur_rule_p->uname_id, "%[^<]<%[^>]>%s", prefix, namefield, postfix);
+ if (ret == 1)
+ { // not found <>, no prefix or postfix
+ // not handle it
+ }
+ else if (ret == 0)
+ { // only postfix, like @aaabb
+ ret = sscanf(cur_rule_p->uname_id, "<%[^>]>%s", namefield, postfix);
extra = TRUE;
- } else {
+ }
+ else
+ {
extra = TRUE;
}
- if (strlen(namefield) == 0) { //should not reach here
+ if (strlen(namefield) == 0)
+ { // should not reach here
extra = FALSE;
}
/* finish extract */
@@ -6642,23 +7581,32 @@
write_data_str("