zoukankan      html  css  js  c++  java
  • wifidog 源码初分析(2)-转

    上一篇分析了接入设备的首次浏览器访问请求如何通过 防火墙过滤规则 重定向到 wifidog 的 HTTP 服务中,本篇主要分析了 wifidog 在接收到 接入设备的 HTTP 访问请求后,如何将此 HTTP 请求重定向到 认证服务器(auth-server) 上。

    通过上面的防火墙规则,会将通过上面的防火墙规则,会将HTTP请求的外部IP地址和端口通过NAT方式重定向至本地wifidog内嵌HTTP服务器的地址和端口上,并由内嵌HTTP服务器进行服务,而内嵌HTTP服务器的路径和回调处理如下:

    [cpp] view plaincopy在CODE上查看代码片派生到我的代码片

    1. if ((webserver = httpdCreate(config->gw_address, config->gw_port)) == NULL) {  
    2.     debug(LOG_ERR, "Could not create web server: %s", strerror(errno));  
    3.     exit(1);  
    4. }  
    5. debug(LOG_DEBUG, "Assigning callbacks to web server");  
    6. httpdAddCContent(webserver, "/", "wifidog", 0, NULL, http_callback_wifidog);  
    7. httpdAddCContent(webserver, "/wifidog", "", 0, NULL, http_callback_wifidog);  
    8. httpdAddCContent(webserver, "/wifidog", "about", 0, NULL, http_callback_about);  
    9. httpdAddCContent(webserver, "/wifidog", "status", 0, NULL, http_callback_status);  
    10. httpdAddCContent(webserver, "/wifidog", "auth", 0, NULL, http_callback_auth);  
    11. httpdAddC404Content(webserver, http_callback_404); 

    客户端首次访问时回调客户端首次访问时回调http_callback_404函数,在该函数中根据获取的客户端信息来配置重定向的URL fragment,如下:

    [cpp] view plaincopy在CODE上查看代码片派生到我的代码片

    1. void
    2. http_callback_404(httpd *webserver, request *r)  
    3. {  
    4. char tmp_url[MAX_BUF],  
    5.             *url,  
    6.             *mac;  
    7.     s_config    *config = config_get_config();  
    8.     t_auth_serv *auth_server = get_auth_server();  
    9.     memset(tmp_url, 0, sizeof(tmp_url));  
    10. /*
    11.      * XXX Note the code below assumes that the client's request is a plain
    12.      * http request to a standard port. At any rate, this handler is called only
    13.      * if the internet/auth server is down so it's not a huge loss, but still.
    14.      */ /* 用户需要访问的URL */
    15.         snprintf(tmp_url, (sizeof(tmp_url) - 1), "http://%s%s%s%s",  
    16.                         r->request.host,  
    17.                         r->request.path,  
    18.                         r->request.query[0] ? "?" : "",  
    19.                         r->request.query);  
    20.     url = httpdUrlEncode(tmp_url);  
    21. if (!is_online()) {  
    22. /* 路由器都接入不到 internet */
    23. char * buf;  
    24.         send_http_page(r, "Uh oh! Internet access unavailable!", buf);  
    25.         free(buf);  
    26.     }  
    27. else if (!is_auth_online()) {  
    28. /* auth server 挂起 */
    29. char * buf;  
    30.         send_http_page(r, "Uh oh! Login screen unavailable!", buf);  
    31.         free(buf);  
    32.     }  
    33. else {  
    34. /* 配置重定向到 auth server 的 url 参数 */
    35. char *urlFragment;  
    36. if (!(mac = arp_get(r->clientAddr))) {  
    37. /* We could not get their MAC address */
    38.             debug(LOG_INFO, "Failed to retrieve MAC address for ip %s, so not putting in the login request", r->clientAddr);  
    39.             safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&url=%s",  
    40.                 auth_server->authserv_login_script_path_fragment,  
    41.                 config->gw_address,  
    42.                 config->gw_port,  
    43.                 config->gw_id,  
    44.                 url);  
    45.         } else {            
    46.             debug(LOG_INFO, "Got client MAC address for ip %s: %s", r->clientAddr, mac);  
    47.             safe_asprintf(&urlFragment, "%sgw_address=%s&gw_port=%d&gw_id=%s&mac=%s&url=%s",  
    48.                 auth_server->authserv_login_script_path_fragment,  
    49.                 config->gw_address,  
    50.                 config->gw_port,  
    51.                 config->gw_id,  
    52.                 mac,  
    53.                 url);  
    54.         }  
    55. /* 调用该函数将用户请求重定向到 auth server 的登录页面 */
    56.         http_send_redirect_to_auth(r, urlFragment, "Redirect to login page");  
    57.         free(urlFragment);  
    58.     }  
    59.     free(url);  

    上面代码基本不用解释,具体重定向至auth server的消息在下面的 http_send_redirect_to_auth 函数中实现:

    [cpp] view plaincopy在CODE上查看代码片派生到我的代码片

    1. void http_send_redirect_to_auth(request *r, char *urlFragment, char *text)  
    2. {  
    3. char *protocol = NULL;  
    4. int port = 80;  
    5.     t_auth_serv *auth_server = get_auth_server();  
    6. if (auth_server->authserv_use_ssl) {  
    7.         protocol = "https";  
    8.         port = auth_server->authserv_ssl_port;  
    9.     } else {  
    10.         protocol = "http";  
    11.         port = auth_server->authserv_http_port;  
    12.     }  
    13. char *url = NULL;  
    14.     safe_asprintf(&url, "%s://%s:%d%s%s",  
    15.         protocol,  
    16.         auth_server->authserv_hostname,  
    17.         port,  
    18.         auth_server->authserv_path,  
    19.         urlFragment  
    20.     );  
    21.     http_send_redirect(r, url, text);  
    22.     free(url);  

    具体的重定向URL给个实例:

    POST /login/?gw_address=192.168.1.1&gw_port=2060&gw_id=default&mac=44:94:fc:ef:28:40&url=http%3A//www.baidu.com/ HTTP/1.1

    可以看到这里有这几个参数信息:

    2gw_address,路由器的LAN地址

    2gw_port:为wifidog的监听端口

    2gw_id:路由器的标识名

    2mac:客户端设备的MAC地址

    2url:为客户端访问的原URL(以便于重定向)

  • 相关阅读:
    二进制编译http
    http服务
    FTP服务
    DAY01
    直流电机调速作业
    机械大楼电梯控制项目
    仿真作业
    第六周作业
    第五周作业
    第四周仿真作业
  • 原文地址:https://www.cnblogs.com/xmphoenix/p/3806834.html
Copyright © 2011-2022 走看看