| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
The queries use Q-BRIDGE-MIB's qVlanId which is switch specific
mapping. Exception seems to be 1810G's which use the real VLAN
index.
|
| |
|
|
|
|
| |
so no captive portal, snmp or squid authentication is required.
fixes #737.
|
| |
|
|
|
|
|
|
| |
Certain switches seem to export FIB of tagged VLANs only in the
Q-BRIDGE-MIB only. Detect if switch support Q-BRIDGE-MIB during
information discovery, and prefer it over the older BRIDGE-MIB.
Q-BRIDGE-MIB should be used anyway, since it's the only reliable
way to trace MAC properly when it appears in multiple VLANs.
|
| |
|
|
|
|
| |
Instead of having separate modes (which would likely need to be
configurable on per-subnet or per-user, anyway), honour just the
squid reported username.
|
| |
|
|
| |
This reverts commit a1277ab45a9d2bab9ca28baf05f978bf8066d928.
|
| |
|
|
| |
This reverts commit a4180db79a80882f81bc8c880ec1e2db5ee9bf6d.
|
| |
|
|
|
| |
Also, make sure the categorize mode is not touching authdb
datastructures as they are invalid in that mode.
|
| | |
|
| |
|
|
| |
Relatively simple set of pages done in haserl. Fixes #448.
|
| |
|
|
|
| |
return the analysis back to squid as urlgroup. it can be then used
in squid config acl's and logging (with patch). ref #447.
|
| |
|
|
| |
Including some information where it fails.
|
| | |
|
| |
|
|
|
|
|
|
| |
* authdb: change to use squark.conf instead of filter.conf
* authdb: config option logout_timeout added (defaults to 15mins)
* auth-ip: add -r parameter to refresh login time
fixes #452
|
| |
|
|
|
| |
so we don't crash on startup if essential files are missing.
fixes #454
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
It has dot. So it's P.1 series which is buggy.
|
| |
|
|
| |
Don't enable the workaroudn if new enough firmware is detected.
|
| |
|
|
|
| |
Otherwise we might attempt to access invalid or even unreceived data
(e.g. if switch was swapped, is offline, or just did not respond to us).
|
| | |
|
| |
|
|
|
| |
properly calculate module of the hash bucket, and when cleaning up
free the correct entry (instead of the next one).
|
| |
|
|
| |
and cache the information to authdb properly.
|
| |
|
|
| |
so we can dump information from http cgi-bin scripts.
|
| |
|
|
|
|
| |
this way multiple users can access the shm areas (e.g. www-data
for captive portal, and proxy for squid). all system users needing
to use squark tools need to belong to this group.
|
| |
|
|
| |
with additional info.
|
| |
|
|
| |
and tweak the authdb a bit.
|
| |
|
|
|
|
|
| |
do not have filter process to do auto login. this is required since
squid might have stale login info in cache, and we should not honor it.
need to fix auth-snmp to record logins in authdb too (should do that
anyway to store the additional snmp information in authdb).
|
| |
|
|
| |
get rid of sscanf and use the blob api.
|
| |
|
|
| |
Implement logout function and some minor fixes.
|
| |
|
|
| |
fix also some authdb bugs, and make it actually usable.
|
| |
|
|
|
|
|
|
|
| |
Implement a shared memory based authentication cache. It's a simple
local cache indexed by IP-address, and keeps track of that IP's
auth info such as username, allowed categories and timeouts. This
provides basis for captive portal, per-user definable category
restrictions and implementation of soft blocks (block which can
be overridden by user by clicking a button on the blocked page).
|
| |
|
|
|
| |
Will implement 'captive portal' style authentication with separate
DB later.
|
| |
|
|
| |
will need authentication db later too.
|
| | |
|
| |
|
|
|
|
|
| |
Keep the modifications (which are needed for key lookup) inside the
lookup routine. This includes e.g. lower casing the URL. This way
can pass the exact original request string to our block page script.
This also changes the way 'www123.' is stripped from the request.
|
| |
|
|
|
|
| |
Ability to force reauthentication (HP ProCurve specific) for the
switch port to which we traced the IP. This works currently only with
the HP WebAuth scheme (should be possible with MAC auth scheme too).
|
| |
|
|
| |
and pass the denied url too.
|
| |
|
|
| |
properly match them against db data.
|
| |
|
|
|
| |
Properly embed the ipv4 address in database now. Teach filter
to understand the two new reserved component id's.
|
| |
|
|
|
| |
Should be faster in most cases to write two null words than to
copy them around.
|
| |
|
|
|
| |
Lower case the dns part of url. Also skip "www123" and similar
entries when determining if path components should be matched.
|
| |
|
|
|
|
|
|
|
|
| |
Implement squid redirect protocol. It implements the "concurrent"
version even though the algorithm is non-blocking. Doing this can
reduce the amount of read system calls on busy system.
Minimum command line based configuration for banning specific
categories and specifying the redirect site. Will probably have
to add some sort of config file system later.
|
| |
|
|
|
|
|
|
| |
Fixes has sub domains/paths hints to be correct. www<number> as
first domain entry matching now checks it won't remove second level
domain names.
And the filter code now looksup path components from the db.
|
| |
|
|
|
|
| |
So we don't need explicit null terminator in most cases saving
space. It will also speed up comparisons as getting string blob is
now constant time (no strlen needed).
|
| |
|
|
|
| |
Analysing of the url host part, some simple tests. Not usable as
squid filter yet.
|
| |
|
|
| |
store the names of categories to database
|
| |
|
|
| |
u_int32_t is not standard, use uint32_t from stdint.h instead.
|
| |
|
|
| |
Normalizing macro names to upper case and extending functionality.
|
| |
|
|
| |
it's useful in other binaries than squark-auth too.
|
