diff options
Diffstat (limited to 'fs_sesmon')
| -rw-r--r-- | fs_sesmon/FS-SessionClient/Changes | 5 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/MANIFEST | 11 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/MANIFEST.SKIP | 1 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/Makefile.PL | 10 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/SessionClient.pm | 122 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/bin/freeside-login | 36 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/bin/freeside-logout | 36 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/cgi/login.cgi | 108 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/cgi/logout.cgi | 83 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/fs_sessiond | 65 | ||||
| -rw-r--r-- | fs_sesmon/FS-SessionClient/test.pl | 21 | ||||
| -rw-r--r-- | fs_sesmon/fs_session_server | 140 |
12 files changed, 638 insertions, 0 deletions
diff --git a/fs_sesmon/FS-SessionClient/Changes b/fs_sesmon/FS-SessionClient/Changes new file mode 100644 index 0000000..390a7b9 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/Changes @@ -0,0 +1,5 @@ +Revision history for Perl extension FS::SessionClient + +0.01 Wed Oct 18 16:34:36 1999 + - original version; created by ivan 1.0 + diff --git a/fs_sesmon/FS-SessionClient/MANIFEST b/fs_sesmon/FS-SessionClient/MANIFEST new file mode 100644 index 0000000..162d4e4 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/MANIFEST @@ -0,0 +1,11 @@ +Changes +MANIFEST +MANIFEST.SKIP +Makefile.PL +SessionClient.pm +test.pl +fs_sessiond +cgi/login.cgi +cgi/logout.cgi +bin/freeside-login +bin/freeside-logout diff --git a/fs_sesmon/FS-SessionClient/MANIFEST.SKIP b/fs_sesmon/FS-SessionClient/MANIFEST.SKIP new file mode 100644 index 0000000..ae335e7 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/MANIFEST.SKIP @@ -0,0 +1 @@ +CVS/ diff --git a/fs_sesmon/FS-SessionClient/Makefile.PL b/fs_sesmon/FS-SessionClient/Makefile.PL new file mode 100644 index 0000000..137b6b8 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/Makefile.PL @@ -0,0 +1,10 @@ +use ExtUtils::MakeMaker; +# See lib/ExtUtils/MakeMaker.pm for details of how to influence +# the contents of the Makefile that is written. +WriteMakefile( + 'NAME' => 'FS::SessionClient', + 'VERSION_FROM' => 'SessionClient.pm', # finds $VERSION + 'EXE_FILES' => [ qw(fs_sessiond bin/freeside-login bin/freeside-logout) ], + 'INSTALLSCRIPT' => '/usr/local/sbin', + 'PERM_RWX' => '750', +); diff --git a/fs_sesmon/FS-SessionClient/SessionClient.pm b/fs_sesmon/FS-SessionClient/SessionClient.pm new file mode 100644 index 0000000..8a0ff70 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/SessionClient.pm @@ -0,0 +1,122 @@ +package FS::SessionClient; + +use strict; +use vars qw($AUTOLOAD $VERSION @ISA @EXPORT_OK $fs_sessiond_socket); +use Exporter; +use Socket; +use FileHandle; +use IO::Handle; + +$VERSION = '0.01'; + +@ISA = qw( Exporter ); +@EXPORT_OK = qw( login logout portnum ); + +$fs_sessiond_socket = "/usr/local/freeside/fs_sessiond_socket"; + +$ENV{'PATH'} ='/usr/bin:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +my $freeside_uid = scalar(getpwnam('freeside')); +die "not running as the freeside user\n" if $> != $freeside_uid; + +=head1 NAME + +FS::SessionClient - Freeside session client API + +=head1 SYNOPSIS + + use FS::SessionClient qw( login portnum logout ); + + $error = login ( { + 'username' => $username, + 'password' => $password, + 'login' => $timestamp, + 'portnum' => $portnum, + } ); + + $portnum = portnum( { 'ip' => $ip } ) or die "unknown ip!" + $portnum = portnum( { 'nasnum' => $nasnum, 'nasport' => $nasport } ) + or die "unknown nasnum/nasport"; + + $error = logout ( { + 'username' => $username, + 'password' => $password, + 'logout' => $timestamp, + 'portnum' => $portnum, + } ); + +=head1 DESCRIPTION + +This modules provides an API for a remote session application. + +It needs to be run as the freeside user. Because of this, the program which +calls these subroutines should be written very carefully. + +=head1 SUBROUTINES + +=over 4 + +=item login HASHREF + +HASHREF should have the following keys: username, password, login and portnum. +login is a UNIX timestamp; if not specified, will default to the current time. +Starts a new session for the specified user and portnum. The password is +optional, but must be correct if specified. + +Returns a scalar error message, or the empty string for success. + +=item portnum + +HASHREF should contain a single key: ip, or the two keys: nasnum and nasport. +Returns a portnum suitable for the login and logout subroutines, or false +on error. + +=item logout HASHREF + +HASHREF should have the following keys: usrename, password, logout and portnum. +logout is a UNIX timestamp; if not specified, will default to the current time. +Starts a new session for the specified user and portnum. The password is +optional, but must be correct if specified. + +Returns a scalar error message, or the empty string for success. + +=cut + +sub AUTOLOAD { + my $hashref = shift; + my $method = $AUTOLOAD; + $method =~ s/^.*:://; + socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!"; + connect(SOCK, sockaddr_un($fs_sessiond_socket)) or die "connect: $!"; + print SOCK "$method\n"; + + print SOCK join("\n", %{$hashref}, 'END' ), "\n"; + SOCK->flush; + + chomp( my $r = <SOCK> ); + $r; +} + +=back + +=head1 VERSION + +$Id: SessionClient.pm,v 1.3 2000-12-03 20:25:20 ivan Exp $ + +=head1 BUGS + +=head1 SEE ALSO + +L<fs_sessiond> + +=cut + +1; + + + diff --git a/fs_sesmon/FS-SessionClient/bin/freeside-login b/fs_sesmon/FS-SessionClient/bin/freeside-login new file mode 100644 index 0000000..a6d4751 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/bin/freeside-login @@ -0,0 +1,36 @@ +#!/usr/bin/perl -Tw + +#false-laziness hack w freeside-logout + +use strict; +use FS::SessionClient qw( login portnum ); + +my $username = shift; + +my $portnum; +if ( scalar(@ARGV) == 1 ) { + my $arg = shift; + if ( $arg =~ /^(\d+)$/ ) { + $portnum = $1; + } elsif ( $arg =~ /^([\d\.]+)$/ ) { + $portnum = portnum( { 'ip' => $1 } ) or die "unknown ip!" + } else { + &usage; + } +} elsif ( scalar(@ARGV) == 2 ) { + $portnum = portnum( { 'nasnum' => shift, 'nasport' => shift } ) + or die "unknown nasnum/nasport"; +} else { + &usage; +} + +my $error = login ( { + 'username' => $username, + 'portnum' => $portnum, +} ); + +warn $error if $error; + +sub usage { + die "Usage:\n\n freeside-login username ( portnum | ip | nasnum nasport )"; +} diff --git a/fs_sesmon/FS-SessionClient/bin/freeside-logout b/fs_sesmon/FS-SessionClient/bin/freeside-logout new file mode 100644 index 0000000..9b4ecfe --- /dev/null +++ b/fs_sesmon/FS-SessionClient/bin/freeside-logout @@ -0,0 +1,36 @@ +#!/usr/bin/perl -Tw + +#false-laziness hack w freeside-login + +use strict; +use FS::SessionClient qw( logout portnum ); + +my $username = shift; + +my $portnum; +if ( scalar(@ARGV) == 1 ) { + my $arg = shift; + if ( $arg =~ /^(\d+)$/ ) { + $portnum = $1; + } elsif ( $arg =~ /^([\d\.]+)$/ ) { + $portnum = portnum( { 'ip' => $1 } ) or die "unknown ip!" + } else { + &usage; + } +} elsif ( scalar(@ARGV) == 2 ) { + $portnum = portnum( { 'nasnum' => shift, 'nasport' => shift } ) + or die "unknown nasnum/nasport"; +} else { + &usage; +} + +my $error = logout ( { + 'username' => $username, + 'portnum' => $portnum, +} ); + +warn $error if $error; + +sub usage { + die "Usage:\n\n freeside-logout username ( portnum | ip | nasnum nasport )"; +} diff --git a/fs_sesmon/FS-SessionClient/cgi/login.cgi b/fs_sesmon/FS-SessionClient/cgi/login.cgi new file mode 100644 index 0000000..0307c5a --- /dev/null +++ b/fs_sesmon/FS-SessionClient/cgi/login.cgi @@ -0,0 +1,108 @@ +#!/usr/bin/perl -Tw + +#false-laziness hack w logout.cgi + +use strict; +use vars qw( $cgi $username $password $error $ip $portnum ); +use CGI; +use CGI::Carp qw(fatalsToBrowser); +use FS::SessionClient qw( login portnum ); + +$cgi = new CGI; + +if ( defined $cgi->param('magic') ) { + $cgi->param('username') =~ /^\s*(\w{1,255})\s*$/ or do { + $error = "Illegal username"; + &print_form; + exit; + }; + $username = $1; + $cgi->param('password') =~ /^([^\n]{0,255})$/ or die "guru meditation #420"; + $password = $1; + #$ip = $cgi->remote_host; + $ip = $ENV{REMOTE_ADDR}; + $ip =~ /^([\d\.]+)$/ or die "illegal ip: $ip"; + $ip = $1; + $portnum = portnum( { 'ip' => $1 } ) or do { + $error = "You appear to be coming from an unknown IP address. Verify ". + "that your computer is set to obtain an IP address automatically ". + "via DHCP."; + &print_form; + exit; + }; + + ( $error = login ( { + 'username' => $username, + 'portnum' => $portnum, + 'password' => $password, + } ) ) + ? &print_form() + : &print_okay(); + +} else { + $username = ''; + $password = ''; + $error = ''; + &print_form; +} + +sub print_form { + my $self_url = $cgi->self_url; + + print $cgi->header( '-expires' => 'now' ), <<END; +<HTML><HEAD><TITLE>login</TITLE></HEAD> +<BODY BGCOLOR="#FFFFFF"> +END + +print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: $error</FONT>! if $error; + +print <<END; +<FORM ACTION="$self_url" METHOD="POST"> +<INPUT TYPE="hidden" NAME="magic" VALUE="process"> +<TABLE BORDER="0" CELLSPACING="0" CELLPADDING="4" ALIGN="center"> +<TR> + <TD ALIGN="center" COLSPAN="2"> + <STRONG>Welcome</STRONG> + </TD> +</TR> +<TR> + <TD ALIGN="right"> + Username + </TD> + <TD ALIGN="left"> + <INPUT TYPE="text" NAME="username" VALUE="$username"> + </TD> +</TR> +<TR> + <TD ALIGN="right"> + Password + </TD> + <TD ALIGN="left"> + <INPUT TYPE="password" NAME="password"> + </TD> +</TR> +<TR> + <TD ALIGN="center" COLSPAN="2"> + <INPUT TYPE="submit" VALUE=" Login "> + </TD> +</TR> +</TABLE> +</FORM> +</BODY> +</HTML> +END + +} + +sub print_okay { + print $cgi->header( '-expires' => 'now' ), <<END; +<HTML><HEAD><TITLE>login sucessful</TITLE></HEAD> +<BODY>login successful, etc. +</BODY> +</HTML> +END +} + +sub usage { + die "Usage:\n\n freeside-login username ( portnum | ip | nasnum nasport )"; +} diff --git a/fs_sesmon/FS-SessionClient/cgi/logout.cgi b/fs_sesmon/FS-SessionClient/cgi/logout.cgi new file mode 100644 index 0000000..95cef98 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/cgi/logout.cgi @@ -0,0 +1,83 @@ +#!/usr/bin/perl -Tw + +#false-laziness hack w login.cgi + +use strict; +use vars qw( $cgi $username $password $error $ip $portnum ); +use CGI; +use CGI::Carp qw(fatalsToBrowser); +use FS::SessionClient qw( logout portnum ); + +$cgi = new CGI; + +if ( defined $cgi->param('magic') ) { + $cgi->param('username') =~ /^\s*(\w{1,255})\s*$/ or do { + $error = "Illegal username"; + &print_form; + exit; + }; + $username = $1; + $cgi->param('password') =~ /^([^\n]{0,255})$/ or die "guru meditation #420"; + $password = $1; + #$ip = $cgi->remote_host; + $ip = $ENV{REMOTE_ADDR}; + $ip =~ /^([\d\.]+)$/ or die "illegal ip: $ip"; + $ip = $1; + $portnum = portnum( { 'ip' => $1 } ) or do { + $error = "You appear to be coming from an unknown IP address. Verify ". + "that your computer is set to obtain an IP address automatically ". + "via DHCP."; + &print_form; + exit; + }; + + ( $error = logout ( { + 'username' => $username, + 'portnum' => $portnum, + 'password' => $password, + } ) ) + ? &print_form() + : &print_okay(); + +} else { + $username = ''; + $password = ''; + $error = ''; + &print_form; +} + +sub print_form { + my $self_url = $cgi->self_url; + + print $cgi->header( '-expires' => 'now' ), <<END; +<HTML><HEAD><TITLE>logout</TITLE></HEAD> +<BODY> +END + +print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: $error</FONT>! if $error; + +print <<END; +<FORM ACTION="$self_url" METHOD=POST> +<INPUT TYPE="hidden" NAME="magic" VALUE="process"> +Username <INPUT TYPE="text" NAME="username" VALUE="$username"><BR> +Password <INPUT TYPE="password" NAME="password"><BR> +<INPUT TYPE="submit"> +</FORM> +</BODY> +</HTML> +END + +} + +sub print_okay { + print $cgi->header( '-expires' => 'now' ), <<END; +<HTML><HEAD><TITLE>logout sucessful</TITLE></HEAD> +<BODY>logout successful, etc. +</BODY> +</HTML> +END +} + +sub usage { + die "Usage:\n\n freeside-logout username ( portnum | ip | nasnum nasport )"; +} diff --git a/fs_sesmon/FS-SessionClient/fs_sessiond b/fs_sesmon/FS-SessionClient/fs_sessiond new file mode 100644 index 0000000..bfdb20a --- /dev/null +++ b/fs_sesmon/FS-SessionClient/fs_sessiond @@ -0,0 +1,65 @@ +#!/usr/bin/perl -Tw +# +# fs_sessiond +# +# This is run REMOTELY over ssh by fs_session_server +# + +use strict; +use Socket; + +use vars qw( $Debug ); + +$Debug = 1; + +my $fs_sessiond_socket = "/usr/local/freeside/fs_sessiond_socket"; + +$ENV{'PATH'} ='/usr/local/bin:/usr/bin:/usr/ucb:/bin'; +$ENV{'SHELL'} = '/bin/sh'; +$ENV{'IFS'} = " \t\n"; +$ENV{'CDPATH'} = ''; +$ENV{'ENV'} = ''; +$ENV{'BASH_ENV'} = ''; + +$|=1; + +my $me = "[fs_sessiond]"; + +warn "$me starting\n" if $Debug; +#nothing to read from server + +warn "$me creating $fs_sessiond_socket\n" if $Debug; +my $uaddr = sockaddr_un($fs_sessiond_socket); +my $proto = getprotobyname('tcp'); +socket(Server,PF_UNIX,SOCK_STREAM,0) or die "socket: $!"; +unlink($fs_sessiond_socket); +bind(Server, $uaddr) or die "bind: $!"; +listen(Server,SOMAXCONN) or die "listen: $!"; + +warn "$me entering main loop\n" if $Debug; +my $paddr; +for ( ; $paddr = accept(Client,Server); close Client) { + + chomp( my $command = <Client> ); + + if ( $command eq 'login' || $command eq 'logout' || $command eq 'portnum' ) { + warn "$me reading data from local client\n" if $Debug; + my @data; + my $dos = 0; + push @data, scalar(<Client>) until $dos++ == 99 || $data[$#data] eq "END\n"; + if ( $dos == 99 ) { + warn "$me WARNING: DoS attempt!" + } else { + warn "$me sending data to remote server\n" if $Debug; + print "$command\n", @data; + warn "$me reading result from remote server\n" if $Debug; + my $error = <STDIN>; + warn "$me sending error to local client\n" if $Debug; + print Client $error; + } + } else { + warn "$me WARNING: unexpected command from client: $command"; + } + +} + diff --git a/fs_sesmon/FS-SessionClient/test.pl b/fs_sesmon/FS-SessionClient/test.pl new file mode 100644 index 0000000..4b9ae17 --- /dev/null +++ b/fs_sesmon/FS-SessionClient/test.pl @@ -0,0 +1,21 @@ +# Before `make install' is performed this script should be runnable with +# `make test'. After `make install' it should work as `perl test.pl' + +######################### We start with some black magic to print on failure. + +# Change 1..1 below to 1..last_test_to_print . +# (It may become useful if the test is moved to ./t subdirectory.) + +BEGIN { $| = 1; print "1..1\n"; } +END {print "not ok 1\n" unless $loaded;} +#use FS::SessionClient; +#sigh, "not running as the freeside user" +$loaded = 1; +print "ok 1\n"; + +######################### End of black magic. + +# Insert your test code below (better if it prints "ok 13" +# (correspondingly "not ok 13") depending on the success of chunk 13 +# of the test code): + diff --git a/fs_sesmon/fs_session_server b/fs_sesmon/fs_session_server new file mode 100644 index 0000000..00229f8 --- /dev/null +++ b/fs_sesmon/fs_session_server @@ -0,0 +1,140 @@ +#!/usr/bin/perl -Tw +# +# fs_session_server +# + +use strict; +use vars qw( $opt $Debug ); +use IO::Handle; +use Net::SSH qw(sshopen2); +use FS::UID qw(adminsuidsetup dbh); +use FS::Record qw( qsearchs ); #qsearch ); +#use FS::cust_main_county; +#use FS::cust_main; +use FS::session; +use FS::port; +use FS::svc_acct; + +#require "configfile"; +$Debug = 1; + +my $user = shift or die &usage; +&adminsuidsetup( $user ); + +my $machine = shift or die &usage; + +my $fs_sessiond = "/usr/local/sbin/fs_sessiond"; + +my $me = "[fs_session_server]"; + +while (1) { + my($reader, $writer) = (new IO::Handle, new IO::Handle); + $writer->autoflush(1); + warn "$me Connecting to $machine\n" if $Debug; + sshopen2($machine,$reader,$writer,$fs_sessiond); + + warn "$me Entering main loop\n" if $Debug; + while (1) { + warn "$me Reading (waiting for) data\n" if $Debug; + my $command = scalar(<$reader>); + chomp $command; + #DoS protection here too, to protect against a compromised client? *sigh* + my %hash; + while ( ( my $key = scalar(<$reader>) ) ne "END\n" ) { + chomp $key; + chomp( $hash{$key} = scalar(<$reader>) ); + } + + if ( $command eq 'login' ) { + my $error = &login(\%hash); + print $writer "$error\n"; + } elsif ( $command eq 'logout' ) { + my $error = &logout(\%hash); + print $writer "$error\n"; + } elsif ( $command eq 'portnum' ) { + my $port; + if ( exists $hash{'ip'} ) { + $hash{'ip'} =~ /^([\d\.]+)$/ or $1='nomatch'; + $port = qsearchs('port', { 'ip' => $1 } ); + } else { + $hash{'nasnum'} =~ /^(\d+)$/ and my $nasnum = $1; + $hash{'nasport'} =~ /^(\d+)$/ and my $nasport = $1; + $port = qsearchs('port', { 'nasnum'=>$nasnum, 'nasport'=>$nasport } ); + } + print $writer ( $port ? $port->portnum : '' ), "\n"; + } else { + warn "$me WARNING: unrecognized command: $command"; + } + } + #won't ever reach without code above to throw out of loop, but... + close $writer; + close $reader; + warn "connection to $machine lost!\n"; + sleep 5; + warn "reconnecting...\n"; +} + +sub login { + my $href = shift; + $href->{'username'} =~ /^([a-z0-9_\-\.]+)$/ or return "Illegal username"; + my $username = $1; + my $svc_acct = qsearchs('svc_acct', { 'username' => $username } ) + or return "Unknown user"; + return "Incorrect password" + if exists($href->{'password'}) + && $href->{'password'} ne $svc_acct->_password; + return "Time limit exceeded" unless $svc_acct->seconds; + my $session = new FS::session { + 'portnum' => $href->{'portnum'}, + 'svcnum' => $svc_acct->svcnum, + 'login' => $href->{'login'}, + }; + $session->insert; +} + +sub logout { + my $href = shift; + $href->{'username'} =~ /^([a-z0-9_\-\.]+)$/ or return "Illegal username"; + my $username = $1; + local $FS::UID::AutoCommit = 0; + my $dbh = dbh; + my $svc_acct = + qsearchs('svc_acct', { 'username' => $username }, '', 'FOR UPDATE' ) + or return "Unknown user"; + return "Incorrect password" + if exists($href->{'password'}) + && $href->{'password'} ne $svc_acct->_password; + my $session = qsearchs( 'session', { + 'portnum' => $href->{'portnum'}, + 'svcnum' => $svc_acct->svcnum, + 'logout' => '', + }, + '', 'FOR UPDATE' + ); + unless ( $session ) { + $dbh->rollback; + return "No currently open sessions found for that user/port!"; + } + my $nsession = new FS::session ( { $session->hash } ); + warn "$nsession replacing $session"; + my $error = $nsession->replace($session); + if ( $error ) { + $dbh->rollback; + return "can't logout: $error"; + } + my $time = $nsession->logout - $nsession->login; + my $new_svc_acct = new FS::svc_acct ( { $svc_acct->hash } ); + my $seconds = $new_svc_acct->seconds; + $seconds -= $time; + $seconds = 0 if $seconds < 0; + $new_svc_acct->seconds( $seconds ); + $error = $new_svc_acct->replace( $svc_acct ); + warn "can't debit time: $error\n"; #don't want to rollback, though + $dbh->commit or die $dbh->errstr; + '' +} + +sub usage { + die "Usage:\n\n fs_session_server user machine\n"; +} + |