diff --git a/src/Makefile b/src/Makefile index f61ba65b3..3723af25a 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,4 +1,4 @@ ROOT= /usr/local -TREES= captiveportal etc opnsense pkg sbin wizard www +TREES= etc opnsense pkg sbin wizard www .include "../Mk/tree.mk" diff --git a/src/captiveportal/index.php b/src/captiveportal/index.php deleted file mode 100644 index 637d60868..000000000 --- a/src/captiveportal/index.php +++ /dev/null @@ -1,268 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("auth.inc"); -require_once("interfaces.inc"); -require_once("captiveportal.inc"); -require_once("util.inc"); - -$errormsg = "Invalid credentials specified."; - -header("Expires: 0"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); -header("Connection: close"); - -global $cpzone, $cpzoneid; - -$cpzone = $_REQUEST['zone']; -$cpcfg = $config['captiveportal'][$cpzone]; -if (empty($cpcfg)) { - log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone)); - portal_reply_page($redirurl, "error", $errormsg); - ob_flush(); - return; -} - -$cpzoneid = $cpcfg['zoneid']; - -$orig_host = $_SERVER['HTTP_HOST']; -/* NOTE: IE 8/9 is buggy and that is why this is needed */ -$orig_request = trim($_REQUEST['redirurl'], " /"); -$clientip = $_SERVER['REMOTE_ADDR']; - -if (!$clientip) { - /* not good - bail out */ - log_error("Zone: {$cpzone} - Captive portal could not determine client's IP address."); - $error_message = "An error occurred. Please check the system logs for more information."; - portal_reply_page($redirurl, "error", $errormsg); - ob_flush(); - return; -} - -$ourhostname = portal_hostname_from_client_ip($clientip); -if ($orig_host != $ourhostname) { - /* the client thinks it's connected to the desired web server, but instead - it's connected to us. Issue a redirect... */ - $protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://'; - header("Location: {$protocol}{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}/{$orig_request}")); - - ob_flush(); - return; -} - -if (!empty($cpcfg['redirurl'])) { - $redirurl = $cpcfg['redirurl']; -} elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) { - $redirurl = urldecode($matches[1]); -} elseif ($_REQUEST['redirurl']) { - $redirurl = $_REQUEST['redirurl']; -} - -$macfilter = !isset($cpcfg['nomacfilter']); -$passthrumac = isset($cpcfg['passthrumacadd']); - -function ip_to_mac($addr) -{ - $cmd = '/usr/sbin/arp -n ' . $addr; - $ret = false; - - exec($cmd, $out, $ret); - if ($ret) { - log_error('The command `' . $cmd . '\' failed to execute'); - } else { - $mac = explode(' ', $out[0]); - if (isset($mac[3])) { - $ret = $mac[3]; - } - } - - return $ret; -} - -/* find MAC address for client */ -if ($macfilter || $passthrumac) { - $tmpres = ip_to_mac($clientip); - if (!$tmpres) { - /* unable to find MAC address - shouldn't happen! - bail out */ - captiveportal_logportalauth("unauthenticated", "noclientmac", $clientip, "ERROR"); - echo "An error occurred. Please check the system logs for more information."; - log_error("Zone: {$cpzone} - Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality."); - ob_flush(); - return; - } - $clientmac = $tmpres; - unset($tmpres); -} - -/* find out if we need RADIUS + RADIUSMAC or not */ -if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) { - $radius_enable = true; - if (isset($cpcfg['radmac_enable'])) { - $radmac_enable = true; - } -} - -/* find radius context */ -$radiusctx = 'first'; -if ($_POST['auth_user2']) { - $radiusctx = 'second'; -} - -if ($_POST['logout_id']) { - echo << -Disconnecting... - - -You have been disconnected. - - - - - -EOD; - captiveportal_disconnect_client($_POST['logout_id']); - -} elseif ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) { - captiveportal_logportalauth($clientmac, $clientmac, $clientip, "Blocked MAC address"); - if (!empty($cpcfg['blockedmacsurl'])) { - portal_reply_page($cpcfg['blockedmacsurl'], "redir"); - } else { - portal_reply_page($redirurl, "error", "This MAC address has been blocked"); - } - -} elseif ($clientmac && $radmac_enable && portal_mac_radius($clientmac, $clientip, $radiusctx)) { - /* radius functions handle everything so we exit here since we're done */ - -} elseif (portal_consume_passthrough_credit($clientmac)) { - /* allow the client through if it had a pass-through credit for its MAC */ - captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT"); - portal_allow($clientip, $clientmac, "unauthenticated"); - -} elseif (isset($config['voucher'][$cpzone]['enable']) && $_POST['accept'] && $_POST['auth_voucher']) { - $voucher = trim($_POST['auth_voucher']); - $timecredit = voucher_auth($voucher); - // $timecredit contains either a credit in minutes or an error message - if ($timecredit > 0) { // voucher is valid. Remaining minutes returned - // if multiple vouchers given, use the first as username - $a_vouchers = preg_split("/[\t\n\r ]+/s", $voucher); - $voucher = $a_vouchers[0]; - $attr = array( 'voucher' => 1, - 'session_timeout' => $timecredit*60, - 'session_terminate_time' => 0); - if (portal_allow($clientip, $clientmac, $voucher, null, $attr)) { - // YES: user is good for $timecredit minutes. - captiveportal_logportalauth($voucher, $clientmac, $clientip, "Voucher login good for $timecredit min."); - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } else { - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); - } - } elseif (-1 == $timecredit) { // valid but expired - captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE", "voucher expired"); - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); - } else { - captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE"); - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgnoaccess'] ? $config['voucher'][$cpzone]['msgnoaccess'] : $errormsg); - } - -} elseif ($_POST['accept'] && $radius_enable) { - if (($_POST['auth_user'] && isset($_POST['auth_pass'])) || ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) { - if (!empty($_POST['auth_user'])) { - $user = $_POST['auth_user']; - $paswd = $_POST['auth_pass']; - } elseif (!empty($_POST['auth_user2'])) { - $user = $_POST['auth_user2']; - $paswd = $_POST['auth_pass2']; - } - $auth_list = radius($user, $paswd, $clientip, $clientmac, "USER LOGIN", $radiusctx); - $type = "error"; - if (!empty($auth_list['url_redirection'])) { - $redirurl = $auth_list['url_redirection']; - $type = "redir"; - } - - if ($auth_list['auth_val'] == 1) { - captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR", $auth_list['error']); - portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg); - } elseif ($auth_list['auth_val'] == 3) { - captiveportal_logportalauth($user, $clientmac, $clientip, "FAILURE", $auth_list['reply_message']); - portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg); - } else { - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } - } else { - if (!empty($_POST['auth_user'])) { - $user = $_POST['auth_user']; - } elseif (!empty($_POST['auth_user2'])) { - $user = $_POST['auth_user2']; - } else { - $user = 'unknown'; - } - captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR"); - portal_reply_page($redirurl, "error", $errormsg); - } - -} elseif ($_POST['accept'] && $cpcfg['auth_method'] == "local") { - if ($_POST['auth_user'] && $_POST['auth_pass']) { - //check against local user manager - $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); - - if ($loginok && isset($cpcfg['localauth_priv'])) { - $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login"); - } - - if ($loginok) { - captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN"); - portal_allow($clientip, $clientmac, $_POST['auth_user']); - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } else { - captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE"); - portal_reply_page($redirurl, "error", $errormsg); - } - } else { - portal_reply_page($redirurl, "error", $errormsg); - } - -} elseif ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") { - captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT"); - portal_allow($clientip, $clientmac, "unauthenticated"); - -} else { - /* display captive portal page */ - portal_reply_page($redirurl, "login", null, $clientmac, $clientip); -} - -ob_flush(); diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample index 0d386ee18..37e14a4cb 100644 --- a/src/etc/config.xml.sample +++ b/src/etc/config.xml.sample @@ -457,6 +457,6 @@ - system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close + system_information-container:col1:show,carp_status-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close diff --git a/src/etc/inc/captiveportal.CHAP.inc b/src/etc/inc/captiveportal.CHAP.inc deleted file mode 100644 index 7c3c6dd73..000000000 --- a/src/etc/inc/captiveportal.CHAP.inc +++ /dev/null @@ -1,463 +0,0 @@ - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -This code cannot simply be copied and put under the GNU Public License or -any other GPL-like (LGPL, GPL2) License. - - $Id: CHAP.php 302857 2010-08-28 21:12:59Z mbretter $ -*/ - -require_once 'PEAR.inc'; - -/** -* Classes for generating packets for various CHAP Protocols: -* CHAP-MD5: RFC1994 -* MS-CHAPv1: RFC2433 -* MS-CHAPv2: RFC2759 -* -* @package Crypt_CHAP -* @author Michael Bretterklieber -* @access public -* @version $Revision: 302857 $ -*/ - -/** - * class Crypt_CHAP - * - * Abstract base class for CHAP - * - * @package Crypt_CHAP - */ -class Crypt_CHAP extends PEAR -{ - /** - * Random binary challenge - * @var string - */ - var $challenge = null; - - /** - * Binary response - * @var string - */ - var $response = null; - - /** - * User password - * @var string - */ - var $password = null; - - /** - * Id of the authentication request. Should incremented after every request. - * @var integer - */ - var $chapid = 1; - - /** - * Constructor - * - * Generates a random challenge - * @return void - */ - function Crypt_CHAP() - { - $this->PEAR(); - $this->generateChallenge(); - } - - /** - * Generates a random binary challenge - * - * @param string $varname Name of the property - * @param integer $size Size of the challenge in Bytes - * @return void - */ - function generateChallenge($varname = 'challenge', $size = 8) - { - $this->$varname = ''; - for ($i = 0; $i < $size; $i++) { - $this->$varname .= pack('C', 1 + mt_rand() % 255); - } - return $this->$varname; - } - - /** - * Generates the response. Overwrite this. - * - * @return void - */ - function challengeResponse() - { - } - -} - -/** - * class Crypt_CHAP_MD5 - * - * Generate CHAP-MD5 Packets - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MD5 extends Crypt_CHAP -{ - - /** - * Generates the response. - * - * CHAP-MD5 uses MD5-Hash for generating the response. The Hash consists - * of the chapid, the plaintext password and the challenge. - * - * @return string - */ - function challengeResponse() - { - return pack('H*', md5(pack('C', $this->chapid) . $this->password . $this->challenge)); - } -} - -/** - * class Crypt_CHAP_MSv1 - * - * Generate MS-CHAPv1 Packets. MS-CHAP doesen't use the plaintext password, it uses the - * NT-HASH wich is stored in the SAM-Database or in the smbpasswd, if you are using samba. - * The NT-HASH is MD4(str2unicode(plaintextpass)). - * You need the hash extension for this class. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv1 extends Crypt_CHAP -{ - /** - * Wether using deprecated LM-Responses or not. - * 0 = use LM-Response, 1 = use NT-Response - * @var bool - */ - var $flags = 1; - - /** - * Constructor - * - * Loads the hash extension - * @return void - */ - function Crypt_CHAP_MSv1() - { - $this->Crypt_CHAP(); - self::loadExtension('hash'); - } - - /** - * Generates the NT-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function ntPasswordHash($password = null) - { - if (isset($password)) { - return pack('H*',hash('md4', $this->str2unicode($password))); - } else { - return pack('H*',hash('md4', $this->str2unicode($this->password))); - } - } - - /** - * Converts ascii to unicode. - * - * @access public - * @return string - */ - function str2unicode($str) - { - $uni = ''; - $str = (string) $str; - for ($i = 0; $i < strlen($str); $i++) { - $a = ord($str{$i}) << 8; - $uni .= sprintf("%X", $a); - } - return pack('H*', $uni); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function challengeResponse() - { - return $this->_challengeResponse(); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function ntChallengeResponse() - { - return $this->_challengeResponse(false); - } - - /** - * Generates the LAN-Manager-Response. - * - * @access public - * @return string - */ - function lmChallengeResponse() - { - return $this->_challengeResponse(true); - } - - /** - * Generates the response. - * - * Generates the response using DES. - * - * @param bool $lm wether generating LAN-Manager-Response - * @access private - * @return string - */ - function _challengeResponse($lm = false) - { - if ($lm) { - $hash = $this->lmPasswordHash(); - } else { - $hash = $this->ntPasswordHash(); - } - - while (strlen($hash) < 21) { - $hash .= "\0"; - } - - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - $key = $this->_desAddParity(substr($hash, 0, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp1 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 7, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp2 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 14, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp3 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - - return $resp1 . $resp2 . $resp3; - } - - /** - * Generates the LAN-Manager-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function lmPasswordHash($password = null) - { - $plain = isset($password) ? $password : $this->password; - - $plain = substr(strtoupper($plain), 0, 14); - while (strlen($plain) < 14) { - $plain .= "\0"; - } - - return $this->_desHash(substr($plain, 0, 7)) . $this->_desHash(substr($plain, 7, 7)); - } - - /** - * Generates an irreversible HASH. - * - * @access private - * @return string - */ - function _desHash($plain) - { - $key = $this->_desAddParity($plain); - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - mcrypt_generic_init($td, $key, $iv); - $hash = mcrypt_generic($td, 'KGS!@#$%'); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - return $hash; - } - - /** - * Adds the parity bit to the given DES key. - * - * @access private - * @param string $key 7-Bytes Key without parity - * @return string - */ - function _desAddParity($key) - { - static $odd_parity = array( - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, - 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, - 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, - 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, - 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, - 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, - 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, - 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, - 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, - 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254); - - $bin = ''; - for ($i = 0; $i < strlen($key); $i++) { - $bin .= sprintf('%08s', decbin(ord($key{$i}))); - } - - $str1 = explode('-', substr(chunk_split($bin, 7, '-'), 0, -1)); - $x = ''; - foreach($str1 as $s) { - $x .= sprintf('%02s', dechex($odd_parity[bindec($s . '0')])); - } - - return pack('H*', $x); - - } - - /** - * Generates the response-packet. - * - * @param bool $lm wether including LAN-Manager-Response - * @access private - * @return string - */ - function response($lm = false) - { - $ntresp = $this->ntChallengeResponse(); - if ($lm) { - $lmresp = $this->lmChallengeResponse(); - } else { - $lmresp = str_repeat ("\0", 24); - } - - // Response: LM Response, NT Response, flags (0 = use LM Response, 1 = use NT Response) - return $lmresp . $ntresp . pack('C', !$lm); - } -} - -/** - * class Crypt_CHAP_MSv2 - * - * Generate MS-CHAPv2 Packets. This version of MS-CHAP uses a 16 Bytes authenticator - * challenge and a 16 Bytes peer Challenge. LAN-Manager responses no longer exists - * in this version. The challenge is already a SHA1 challenge hash of both challenges - * and of the username. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv2 extends Crypt_CHAP_MSv1 -{ - /** - * The username - * @var string - */ - var $username = null; - - /** - * The 16 Bytes random binary peer challenge - * @var string - */ - var $peerChallenge = null; - - /** - * The 16 Bytes random binary authenticator challenge - * @var string - */ - var $authChallenge = null; - - /** - * Constructor - * - * Generates the 16 Bytes peer and authentication challenge - * @return void - */ - function Crypt_CHAP_MSv2() - { - $this->Crypt_CHAP_MSv1(); - $this->generateChallenge('peerChallenge', 16); - $this->generateChallenge('authChallenge', 16); - } - - /** - * Generates a hash from the NT-HASH. - * - * @access public - * @param string $nthash The NT-HASH - * @return string - */ - function ntPasswordHashHash($nthash) - { - return pack('H*',hash('md4', $nthash)); - } - - /** - * Generates the challenge hash from the peer and the authenticator challenge and - * the username. SHA1 is used for this, but only the first 8 Bytes are used. - * - * @access public - * @return string - */ - function challengeHash() - { - return substr(pack('H*',hash('sha1', $this->peerChallenge . $this->authChallenge . $this->username)), 0, 8); - } - - /** - * Generates the response. - * - * @access public - * @return string - */ - function challengeResponse() - { - $this->challenge = $this->challengeHash(); - return $this->_challengeResponse(); - } -} - - -?> diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc deleted file mode 100644 index 0ede93ecf..000000000 --- a/src/etc/inc/captiveportal.inc +++ /dev/null @@ -1,1427 +0,0 @@ - - Copyright (C) 2009-2012 Ermal Luçi - Copyright (C) 2003-2006 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - This version of captiveportal.inc has been modified by Rob Parker - to include changes for per-user bandwidth management - via returned RADIUS attributes. This page has been modified to delete any - added rules which may have been created by other per-user code (index.php, etc). - These changes are (c) 2004 Keycom PLC. -*/ - -/* include all configuration functions */ -require_once("radius.inc"); -require_once("captiveportal.radius_accounting.inc"); -require_once("captiveportal.radius_authentication.inc"); -require_once("voucher.inc"); - -function get_include_contents($filename) { - if (is_file($filename)) { - ob_start(); - include $filename; - $contents = ob_get_contents(); - ob_end_clean(); - return $contents; - } - return false; -} - - - -// -// TODO : restructure code / gui, for now we try to maintain gui compatibility by not breaking the old callbacks -// -function captiveportal_passthrumac_configure_entry($macent) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_passthrumac_delete_entry($macent) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_passthrumac_configure($lock = false) { - return captiveportal_passthrumac_delete_entry(null) ; -} - -function captiveportal_allowedip_configure_entry($ipent, $ishostname = false) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_allowedip_configure() { - return captiveportal_allowedip_configure_entry(null); -} - -/* remove a single client by sessionid */ -function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { - global $cpzone; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->disconnect($cpzone,$sessionid); -} - -function captiveportal_remove_entries($remove) { - global $cpzone ; - - if (!is_array($remove) || empty($remove)) - return; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->disconnect($cpzone,$remove); -} - -function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $pipeno = null, $radiusctx = null) { - global $config, $cpzone ,$type,$g; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - - // Ensure we create an array if we are missing attributes - if (!is_array($attributes)) { - $attributes = array(); - } - - if ($attributes['voucher']) { - $remaining_time = $attributes['session_timeout']; - } - - // handle - $dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0; - $dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0; - $bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up; - $bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down; - $interim_interval = (!empty($attributes['interim_interval'])) ? $attributes['interim_interval'] : 'NULL'; - - $session_timeout = 0 ; - if ( array_key_exists("session_timeout",$attributes ) ){ - $session_timeout = $attributes['session_timeout'] ; - } - elseif ( is_numeric($config['captiveportal'][$cpzone]["timeout"]) ){ - // calculate to seconds for timeout parameters ( config in minutes ) - $session_timeout = $config['captiveportal'][$cpzone]["timeout"] * 60 ; - } - - $idle_timeout = 0 ; - if ( array_key_exists("idle_timeout",$attributes ) ){ - $idle_timeout = $attributes['idle_timeout'] ; - } - elseif ( is_numeric($config['captiveportal'][$cpzone]["idletimeout"]) ){ - // calculate to seconds for timeout parameters ( config in minutes ) - $idle_timeout = $config['captiveportal'][$cpzone]["idletimeout"] * 60 ; - } - - - $session_terminate_time = 0; - if ( array_key_exists("session_timeout",$attributes ) ) { - $session_terminate_time = $attributes['session_terminate_time'] ; - } - - - - if ($attributes['voucher']) { - $db = new OPNsense\CaptivePortal\DB($cpzone); - $clients = $db->listClients(array("username"=>$username), null, null); - foreach ($clients as $client) { - // user is already connected, disconnect old session - $cpc->disconnect($cpzone, $client->sessionid); - - // calculate new session end time for this voucher ( session connection time + timeout - now, correct with 1 second to trap exact cleanup hit) - $session_terminate_time = $client->allow_time + $client->session_timeout - time() - 1; - } - - if ($session_terminate_time < 0) { - // no time left for voucher - return 0; - } - - unset($db); - } - - - if (is_null($radiusctx)) { - $radiusctx = 'first'; - } - - - $sessionid = $cpc->portalAllow($cpzone,$clientip,$clientmac,$username,$password,$bw_up,$bw_down,$radiusctx,$session_timeout,$idle_timeout,$session_terminate_time,$interim_interval); - - if (isset($config['captiveportal'][$cpzone]['radacct_enable']) && !empty($radiusservers[$radiusctx])) { - $acct_val = RADIUS_ACCOUNTING_START($pipeno, $username, $sessionid, $radiusservers[$radiusctx], $clientip, $clientmac); - if ($acct_val == 1) - captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); - } - - // TODO: error handling -// /* if the pool is empty, return appropriate message and exit */ -// if (is_null($pipeno)) { -// portal_reply_page($redirurl, "error", "System reached maximum login capacity"); -// log_error("Zone: {$cpzone} - WARNING! Captive portal has reached maximum login capacity"); -// unlock($cpdblck); -// return; -// } - - /* redirect user to desired destination */ - if (!empty($attributes['url_redirection'])) - $my_redirurl = $attributes['url_redirection']; - else if (!empty($redirurl)) - $my_redirurl = $redirurl; - else if (!empty($config['captiveportal'][$cpzone]['redirurl'])) - $my_redirurl = $config['captiveportal'][$cpzone]['redirurl']; - - if(isset($config['captiveportal'][$cpzone]['logoutwin_enable']) ) { - $ourhostname = portal_hostname_from_client_ip($clientip); - $protocol = (isset($config['captiveportal'][$cpzone]['httpslogin'])) ? 'https://' : 'http://'; - $logouturl = "{$protocol}{$ourhostname}/"; - - if (isset($attributes['reply_message'])) - $message = $attributes['reply_message']; - else - $message = 0; - - include("/var/etc/captiveportal-{$cpzone}-logout.html"); - } - - return $sessionid; -} - -// -// -// - -/* reinit will disconnect all users, be careful! */ -function captiveportal_init_rules($reinit = false) -{ - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->reconfigure(); - unset($cpc); -} - - -// Unchanged - - -function get_default_captive_portal_html() { - global $config, $g, $cpzone; - - $htmltext = << - -
- - -
- - - - - - - -
- - - {$g['product_name']} captive portal - - -
-
-
- - - - -
-
-
-
- - - - -
-
-
-
- - - \$PORTAL_MESSAGE\$ - - -
-
-
- - - - - - - -EOD; - - if(isset($config['voucher'][$cpzone]['enable'])) { - $htmltext .= << - - - - -EOD; - } - - $htmltext .= << - - -
Welcome to the {$g['product_name']} Captive Portal!
 
Username:
Password:
 
Enter Voucher Code:
-
-
-
-
-
-
-
-
-
-
-
-
-
- - - -EOD; - - return $htmltext; -} - - -function captiveportal_configure() { - global $config, $cpzone, $cpzoneid; - - /* init ipfw rules */ - captiveportal_init_rules(true); - - $cpc = new OPNsense\CaptivePortal\CPClient(); - if ($cpc->isEnabled()) { - $cpc->reconfigure(); - } - - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - $cpzone = $cpkey; - $cpzoneid = $cp['zoneid']; - captiveportal_configure_zone($cp); - } - } -} - -function captiveportal_configure_zone($cpcfg) { - global $config, $g, $cpzone, $cpzoneid; - - $captiveportallck = lock("captiveportal{$cpzone}", LOCK_EX); - - if (isset($cpcfg['enable'])) { - - if (file_exists("/var/run/booting")) { - echo "Starting captive portal({$cpcfg['zone']})... "; - - /* remove old information */ - @unlink("/var/db/captiveportal{$cpzone}.db"); - } else - captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); - /* kill any running minicron */ - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - - /* initialize minicron interval value */ - $croninterval = isset($cpcfg['croninterval']) && !empty($cpcfg['croninterval']) ? $cpcfg['croninterval'] : 60; - - /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) - $croninterval = 60; - - /* write portal page */ - if (isset($cpcfg['page']['htmltext']) && $cpcfg['page']['htmltext']) - $htmltext = base64_decode($cpcfg['page']['htmltext']); - else { - /* example/template page */ - $htmltext = get_default_captive_portal_html(); - } - - $fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w"); - if ($fd) { - // Special case handling. Convert so that we can pass this page - // through the PHP interpreter later without clobbering the vars. - $htmltext = str_replace("\$PORTAL_ZONE\$", "#PORTAL_ZONE#", $htmltext); - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "#PORTAL_REDIRURL#", $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", "#PORTAL_MESSAGE#", $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", "#CLIENT_MAC#", $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", "#CLIENT_IP#", $htmltext); - $htmltext = str_replace("\$ORIGINAL_PORTAL_IP\$", "#ORIGINAL_PORTAL_IP#", $htmltext); - $htmltext = str_replace("\$PORTAL_ACTION\$", "#PORTAL_ACTION#", $htmltext); - if($cpcfg['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $htmltext); - } - fwrite($fd, $htmltext); - fclose($fd); - } - unset($htmltext); - - /* write error page */ - if (isset($cpcfg['page']['errtext']) && $cpcfg['page']['errtext']) - $errtext = base64_decode($cpcfg['page']['errtext']); - else { - /* example page */ - $errtext = get_default_captive_portal_html(); - } - - $fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w"); - if ($fd) { - // Special case handling. Convert so that we can pass this page - // through the PHP interpreter later without clobbering the vars. - $errtext = str_replace("\$PORTAL_ZONE\$", "#PORTAL_ZONE#", $errtext); - $errtext = str_replace("\$PORTAL_REDIRURL\$", "#PORTAL_REDIRURL#", $errtext); - $errtext = str_replace("\$PORTAL_MESSAGE\$", "#PORTAL_MESSAGE#", $errtext); - $errtext = str_replace("\$CLIENT_MAC\$", "#CLIENT_MAC#", $errtext); - $errtext = str_replace("\$CLIENT_IP\$", "#CLIENT_IP#", $errtext); - $errtext = str_replace("\$ORIGINAL_PORTAL_IP\$", "#ORIGINAL_PORTAL_IP#", $errtext); - $errtext = str_replace("\$PORTAL_ACTION\$", "#PORTAL_ACTION#", $errtext); - if($cpcfg['preauthurl']) { - $errtext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $errtext); - $errtext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $errtext); - } - fwrite($fd, $errtext); - fclose($fd); - } - unset($errtext); - - /* write logout page */ - if (isset($cpcfg['page']['logouttext']) && $cpcfg['page']['logouttext']) - $logouttext = base64_decode($cpcfg['page']['logouttext']); - else { - /* example page */ - $logouttext = << -Redirecting... - - -Redirecting to ... - - - - - -EOD; - } - - $fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w"); - if ($fd) { - fwrite($fd, $logouttext); - fclose($fd); - } - unset($logouttext); - - /* write elements */ - captiveportal_write_elements(); - - /* kill any running mini_httpd */ - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - - /* start up the webserving daemon */ - captiveportal_init_webgui_zone($cpcfg); - - /* Kill any existing prunecaptiveportal processes */ - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - - /* start pruning process (interval defaults to 60 seconds) */ - mwexecf( - '/usr/local/bin/minicron %s %s %s %s', - array($croninterval, - "/var/run/cp_prunedb_{$cpzone}.pid", - '/usr/local/etc/rc.prunecaptiveportal', - $cpzone) - ); - - /* generate radius server database */ - @unlink("/var/db/captiveportal_radius_{$cpzone}.db"); - captiveportal_init_radius_servers(); - - if (file_exists("/var/run/booting")) { - /* send Accounting-On to server */ - captiveportal_send_server_accounting(); - echo "done\n"; - } - - } else { - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - @unlink("/var/etc/captiveportal_{$cpzone}.html"); - @unlink("/var/etc/captiveportal-{$cpzone}-error.html"); - @unlink("/var/etc/captiveportal-{$cpzone}-logout.html"); - - captiveportal_radius_stop_all(); - - /* send Accounting-Off to server */ - if (!file_exists("/var/run/booting")) { - captiveportal_send_server_accounting(true); - } - - /* remove old information */ - @unlink("/var/db/captiveportal{$cpzone}.db"); - @unlink("/var/db/captiveportal_radius_{$cpzone}.db"); - @unlink("/var/db/captiveportal_{$cpzone}.rules"); - /* Release allocated pipes for this zone */ - captiveportal_free_dnrules(); - - if (empty($config['captiveportal'])) - set_single_sysctl("net.link.ether.ipfw", "0"); - else { - /* Deactivate ipfw(4) if not needed */ - $cpactive = false; - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - if (isset($cp['enable'])) { - $cpactive = true; - break; - } - } - } - if ($cpactive === false) - set_single_sysctl("net.link.ether.ipfw", "0"); - - } - } - - unlock($captiveportallck); - - return 0; -} - -function captiveportal_init_webgui() { - global $config, $cpzone; - - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - $cpzone = $cpkey; - captiveportal_init_webgui_zone($cp); - } - } -} - -function captiveportal_init_webgui_zonename($zone) { - global $config, $cpzone; - - if (isset($config['captiveportal'][$zone])) { - $cpzone = $zone; - captiveportal_init_webgui_zone($config['captiveportal'][$zone]); - } -} - -function captiveportal_init_webgui_zone($cpcfg) -{ - global $g, $config, $cpzone; - - if (!isset($cpcfg['enable'])) { - return; - } - - if (isset($cpcfg['httpslogin'])) { - $cert = lookup_cert($cpcfg['certref']); - $crt = base64_decode($cert['crt']); - $key = base64_decode($cert['prv']); - $ca = ca_chain($cert); - - /* generate lighttpd configuration */ - if (!empty($cpcfg['listenporthttps'])) { - $listenporthttps = $cpcfg['listenporthttps']; - } else { - $listenporthttps = 8001 + $cpcfg['zoneid']; - } - - system_generate_lighty_config( - "/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf", - $crt, - $key, - $ca, - "lighty-{$cpzone}-CaptivePortal-SSL.pid", - $listenporthttps, - "/usr/local/captiveportal", - "cert-{$cpzone}-portal.pem", - "ca-{$cpzone}-portal.pem", - $cpzone - ); - } - - /* generate lighttpd configuration */ - if (!empty($cpcfg['listenporthttp'])) { - $listenporthttp = $cpcfg['listenporthttp']; - } else { - $listenporthttp = 8000 + $cpcfg['zoneid']; - } - - system_generate_lighty_config( - "/var/etc/lighty-{$cpzone}-CaptivePortal.conf", - "", - "", - "", - "lighty-{$cpzone}-CaptivePortal.pid", - $listenporthttp, - "/usr/local/captiveportal", - "", - "", - $cpzone - ); - - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid"); - /* attempt to start lighttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf"); - - /* fire up https instance */ - if (isset($cpcfg['httpslogin'])) { - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf"); - } -} - - -/* - * Remove clients that have been around for longer than the specified amount of time - * db file structure: - * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time,interim_interval - * (password is in Base64 and only saved when reauthentication is enabled) - */ -function captiveportal_prune_old() -{ - global $g, $config, $cpzone, $cpzoneid; - - if (empty($cpzone)) { - return; - } - - $cpc = new OPNsense\CaptivePortal\CPClient(); - - $cpcfg = $config['captiveportal'][$cpzone]; - if ( !isset($cpcfg['radacct_enable'])) { - // cleanup session (default) - $cpc->portalCleanupSessions($cpzone); - }else{ - // cleanup sessions if radius accounting is enable - // TODO: this code needs a rewrite, probably the easiest thing todo is update the zone administration and run - // the normal cleanup (portalCleanupSessions) to detach both processes - // - $vcpcfg = $config['voucher'][$cpzone]; - - /* check for expired entries */ - $idletimeout = 0; - $timeout = 0; - if (!empty($cpcfg['timeout']) && is_numeric($cpcfg['timeout'])) - $timeout = $cpcfg['timeout'] * 60; - - if (!empty($cpcfg['idletimeout']) && is_numeric($cpcfg['idletimeout'])) - $idletimeout = $cpcfg['idletimeout'] * 60; - - /* Is there any job to do? */ - if (!$timeout && !$idletimeout && !isset($cpcfg['reauthenticate']) && - !isset($cpcfg['radiussession_timeout']) && !isset($vcpcfg['enable'])) - return; - - $radiussrvs = captiveportal_get_radius_servers(); - - /* Read database */ - /* NOTE: while this can be simplified in non radius case keep as is for now */ - $cpdb = array(); // captiveportal_read_db(); - - $unsetindexes = array(); - - /* - * Snapshot the time here to use for calculation to speed up the process. - * If something is missed next run will catch it! - */ - $pruning_time = time(); - $stop_time = $pruning_time; - foreach ($cpdb as $cpentry) { - - $timedout = false; - $term_cause = 1; - if (empty($cpentry[11])) - $cpentry[11] = 'first'; - $radiusservers = $radiussrvs[$cpentry[11]]; - - /* hard timeout? */ - if ($timeout) { - if (($pruning_time - $cpentry[0]) >= $timeout) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - /* Session-Terminate-Time */ - if (!$timedout && !empty($cpentry[9])) { - if ($pruning_time >= $cpentry[9]) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - - /* if vouchers are configured, activate session timeouts */ - if (!$timedout && isset($vcpcfg['enable']) && !empty($cpentry[7])) { - if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { - $timedout = true; - $term_cause = 5; // Session-Timeout - $voucher_needs_sync = true; - } - } - - /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ - if (!$timedout && isset($cpcfg['radiussession_timeout']) && !empty($cpentry[7])) { - if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - if ($timedout) { - captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT"); - $unsetindexes[] = $cpentry[5]; - } - - /* do periodic RADIUS reauthentication? */ - if (!$timedout && !empty($radiusservers)) { - if (isset($cpcfg['radacct_enable'])) { - if ($cpcfg['reauthenticateacct'] == "stopstart") { - /* stop and restart accounting */ - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 10); // NAS Request - - // todo, zero counters - - RADIUS_ACCOUNTING_START($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac); // clientmac - } else if ($cpcfg['reauthenticateacct'] == "interimupdate") { - $session_time = $pruning_time - $cpentry[0]; - if (!empty($cpentry[10]) && $cpentry[10] > 60) - $interval = $cpentry[10]; - else - $interval = 0; - $past_interval_min = ($session_time > $interval); - if ($interval != 0) - $within_interval = ($session_time % $interval >= 0 && $session_time % $interval <= 59); - if ($interval === 0 || ($interval > 0 && $past_interval_min && $within_interval)) { - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 10, // NAS Request - true); // Interim Updates - } - } - } - - /* check this user against RADIUS again */ - if (isset($cpcfg['reauthenticate'])) { - $auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username - base64_decode($cpentry->bpassword), // password - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - $cpentry->pipeno_in); // ruleno - if ($auth_list['auth_val'] == 3) { - $cpc->disconnect($cpzone, $cpentry->sessionid); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[] = $cpentry[5]; - } else if ($auth_list['auth_val'] == 2) - //captiveportal_reapply_attributes($cpentry, $auth_list); - null; - } - } - } - } - - unset($cpdb); -} - -/* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all() { - global $config, $cpzone; - - if (!isset($config['captiveportal'][$cpzone]['radacct_enable'])) - return; - - $radiusservers = captiveportal_get_radius_servers(); - if (!empty($radiusservers)) { - $cpdb = new OPNsense\CaptivePortal\DB($cpzone); - - $clients = $cpdb->listClients(array()); - - foreach ($clients as $cpentry) { - if (empty($cpentry->radiusctx)) - $cpentry->radiusctx = 'first'; - if (!empty($radiusservers[$cpentry->radiusctx])) { - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers[$cpentry->radiusctx], - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 7); // Admin Reboot - } - } - - unset($cpdb); - } -} - - -function captiveportal_passthrumac_findbyname($username) { - global $config, $cpzone; - - if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) { - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) { - if ($macent['username'] == $username) - return $macent; - } - } - return NULL; -} - - - -function captiveportal_init_radius_servers() { - global $config, $g, $cpzone; - - /* generate radius server database */ - if ($config['captiveportal'][$cpzone]['radiusip'] && (!isset($config['captiveportal'][$cpzone]['auth_method']) || - ($config['captiveportal'][$cpzone]['auth_method'] == "radius"))) { - $radiusip = $config['captiveportal'][$cpzone]['radiusip']; - $radiusip2 = ($config['captiveportal'][$cpzone]['radiusip2']) ? $config['captiveportal'][$cpzone]['radiusip2'] : null; - $radiusip3 = ($config['captiveportal'][$cpzone]['radiusip3']) ? $config['captiveportal'][$cpzone]['radiusip3'] : null; - $radiusip4 = ($config['captiveportal'][$cpzone]['radiusip4']) ? $config['captiveportal'][$cpzone]['radiusip4'] : null; - - if ($config['captiveportal'][$cpzone]['radiusport']) - $radiusport = $config['captiveportal'][$cpzone]['radiusport']; - else - $radiusport = 1812; - if ($config['captiveportal'][$cpzone]['radiusacctport']) - $radiusacctport = $config['captiveportal'][$cpzone]['radiusacctport']; - else - $radiusacctport = 1813; - if ($config['captiveportal'][$cpzone]['radiusport2']) - $radiusport2 = $config['captiveportal'][$cpzone]['radiusport2']; - else - $radiusport2 = 1812; - if ($config['captiveportal'][$cpzone]['radiusport3']) - $radiusport3 = $config['captiveportal'][$cpzone]['radiusport3']; - else - $radiusport3 = 1812; - if ($config['captiveportal'][$cpzone]['radiusport4']) - $radiusport4 = $config['captiveportal'][$cpzone]['radiusport4']; - else - $radiusport4 = 1812; - - $radiuskey = $config['captiveportal'][$cpzone]['radiuskey']; - $radiuskey2 = $config['captiveportal'][$cpzone]['radiuskey2']; - $radiuskey3 = $config['captiveportal'][$cpzone]['radiuskey3']; - $radiuskey4 = $config['captiveportal'][$cpzone]['radiuskey4']; - - $cprdsrvlck = lock("captiveportalradius{$cpzone}", LOCK_EX); - $fd = @fopen("/var/db/captiveportal_radius_{$cpzone}.db", "w"); - if (!$fd) { - captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n"); - unlock($cprdsrvlck); - return 1; - } - if (isset($radiusip)) - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . ",first"); - if (isset($radiusip2)) - fwrite($fd,"\n" . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2 . ",first"); - if (isset($radiusip3)) - fwrite($fd,"\n" . $radiusip3 . "," . $radiusport3 . "," . $radiusacctport . "," . $radiuskey3 . ",second"); - if (isset($radiusip4)) - fwrite($fd,"\n" . $radiusip4 . "," . $radiusport4 . "," . $radiusacctport . "," . $radiuskey4 . ",second"); - - - fclose($fd); - unlock($cprdsrvlck); - } -} - -/* read RADIUS servers into array */ -function captiveportal_get_radius_servers() { - global $g, $cpzone; - - $cprdsrvlck = lock("captiveportalradius{$cpzone}"); - if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) { - $radiusservers = array(); - $cpradiusdb = file("/var/db/captiveportal_radius_{$cpzone}.db", - FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if ($cpradiusdb) { - foreach($cpradiusdb as $cpradiusentry) { - $line = trim($cpradiusentry); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key'], $context) = explode(",",$line); - } - if (empty($context)) { - if (!is_array($radiusservers['first'])) - $radiusservers['first'] = array(); - $radiusservers['first'] = $radsrv; - } else { - if (!is_array($radiusservers[$context])) - $radiusservers[$context] = array(); - $radiusservers[$context][] = $radsrv; - } - } - } - unlock($cprdsrvlck); - return $radiusservers; - } - - unlock($cprdsrvlck); - return false; -} - -/* log successful captive portal authentication to syslog */ -/* part of this code from php.net */ -function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { - // Log it - if (!$message) - $message = "{$status}: {$user}, {$mac}, {$ip}"; - else { - $message = trim($message); - $message = "{$status}: {$user}, {$mac}, {$ip}, {$message}"; - } - captiveportal_syslog($message); -} - -/* log simple messages to syslog */ -function captiveportal_syslog($message) { - global $cpzone; - - $message = trim($message); - $message .= "Zone: {$cpzone} - {$message}"; - openlog("logportalauth", LOG_PID, LOG_LOCAL4); - // Log it - syslog(LOG_INFO, $message); - closelog(); -} - -function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = null) { - global $g, $config, $cpzoneid; - - $pipeno = captiveportal_get_next_dn_ruleno(); - - /* If the pool is empty, return appropriate message and fail authentication */ - if (empty($pipeno)) { - $auth_list = array(); - $auth_list['auth_val'] = 1; - $auth_list['error'] = "System reached maximum login capacity"; - return $auth_list; - } - - $radiusservers = captiveportal_get_radius_servers(); - - if (is_null($radiusctx)) - $radiusctx = 'first'; - - $auth_list = RADIUS_AUTHENTICATION($username, - $password, - $radiusservers[$radiusctx], - $clientip, - $clientmac, - $pipeno); - - if ($auth_list['auth_val'] == 2) { - captiveportal_logportalauth($username,$clientmac,$clientip,$type); - $sessionid = portal_allow($clientip, - $clientmac, - $username, - $password, - $auth_list, - $pipeno, - $radiusctx); - } else { - captiveportal_free_dn_ruleno($pipeno); - } - - return $auth_list; -} - - -function captiveportal_write_elements() -{ - global $g, $config, $cpzone; - - $cpcfg = $config['captiveportal'][$cpzone]; - - @mkdir('/var/db/cpelements'); - - if (isset($cpcfg['element']) && is_array($cpcfg['element'])) { - foreach ($cpcfg['element'] as $data) { - if (!@file_put_contents("/var/db/cpelements/{$data['name']}", base64_decode($data['content']))) { - printf(gettext("Error: cannot open '%s' in captiveportal_write_elements()%s"), $data['name'], "\n"); - return 1; - } - if (!file_exists("/usr/local/captiveportal/{$data['name']}")) { - @symlink("/var/db/cpelements/{$data['name']}", "/usr/local/captiveportal/{$data['name']}"); - } - } - } - - return 0; -} - -function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max = 64500) { - global $cpzone; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $ridx = $rulenos_start; - while ($ridx < $rulenos_range_max) { - if ($rules[$ridx] == $cpzone) { - $rules[$ridx] = false; - $ridx++; - $rules[$ridx] = false; - $ridx++; - } else - $ridx += 2; - } - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unset($rules); - } - unlock($cpruleslck); -} - -function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_max = 64500) { - global $config, $g, $cpzone; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - $ruleno = 0; - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $ridx = $rulenos_start; - while ($ridx < $rulenos_range_max) { - if (empty($rules[$ridx])) { - $ruleno = $ridx; - $rules[$ridx] = $cpzone; - $ridx++; - $rules[$ridx] = $cpzone; - break; - } else { - $ridx += 2; - } - } - } else { - $rules = array_pad(array(), $rulenos_range_max, false); - $ruleno = $rulenos_start; - $rules[$rulenos_start] = $cpzone; - $rulenos_start++; - $rules[$rulenos_start] = $cpzone; - } - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unlock($cpruleslck); - unset($rules); - - return $ruleno; -} - -function captiveportal_free_dn_ruleno($ruleno) { - global $config, $g; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $rules[$ruleno] = false; - $ruleno++; - $rules[$ruleno] = false; - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unset($rules); - } - unlock($cpruleslck); -} - - -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ - -function getNasIP() -{ - global $config, $cpzone; - - if (empty($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) { - $nasIp = get_interface_ip(); - } else { - if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) - $nasIp = $config['captiveportal'][$cpzone]['radiussrcip_attribute']; - else - $nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']); - } - - if(!is_ipaddr($nasIp)) - $nasIp = "0.0.0.0"; - - return $nasIp; -} - -function portal_ip_from_client_ip($cliip) { - global $config, $cpzone; - - $isipv6 = is_ipaddrv6($cliip); - $interfaces = explode(",", $config['captiveportal'][$cpzone]['interface']); - foreach ($interfaces as $cpif) { - if ($isipv6) { - $ip = get_interface_ipv6($cpif); - $sn = get_interface_subnetv6($cpif); - } else { - $ip = get_interface_ip($cpif); - $sn = get_interface_subnet($cpif); - } - if (ip_in_subnet($cliip, "{$ip}/{$sn}")) - return $ip; - } - - $inet = ($isipv6) ? '-inet6' : '-inet'; - $iface = exec_command("/sbin/route -n get {$inet} {$cliip} | /usr/bin/awk '/interface/ { print \$2; };'"); - $iface = trim($iface, "\n"); - if (!empty($iface)) { - $ip = ($isipv6) ? find_interface_ipv6($iface) : find_interface_ip($iface); - if (is_ipaddr($ip)) - return $ip; - } - - // doesn't match up to any particular interface - // so let's set the portal IP to what PHP says - // the server IP issuing the request is. - // allows same behavior as 1.2.x where IP isn't - // in the subnet of any CP interface (static routes, etc.) - // rather than forcing to DNS hostname resolution - $ip = $_SERVER['SERVER_ADDR']; - if (is_ipaddr($ip)) - return $ip; - - return false; -} - -function portal_hostname_from_client_ip($cliip) { - global $config, $cpzone; - - $cpcfg = $config['captiveportal'][$cpzone]; - - if (isset($cpcfg['httpslogin'])) { - $listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 8001); - $ourhostname = $cpcfg['httpsname']; - - if ($listenporthttps != 443) - $ourhostname .= ":" . $listenporthttps; - } else { - $listenporthttp = $cpcfg['listenporthttp'] ? $cpcfg['listenporthttp'] : ($cpcfg['zoneid'] + 8000); - $ifip = portal_ip_from_client_ip($cliip); - if (!$ifip) - $ourhostname = "{$config['system']['hostname']}.{$config['system']['domain']}"; - else - $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}"; - - if ($listenporthttp != 80) - $ourhostname .= ":" . $listenporthttp; - } - - return $ourhostname; -} - -/* functions move from index.php */ - -function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { - global $g, $config, $cpzone; - - /* Get captive portal layout */ - if ($type == "redir") { - header("Location: {$redirurl}"); - return; - } else if ($type == "login") - $htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html"); - else - $htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html"); - - $cpcfg = $config['captiveportal'][$cpzone]; - - /* substitute the PORTAL_REDIRURL variable */ - if ($cpcfg['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $htmltext); - } - - /* substitute other variables */ - $ourhostname = portal_hostname_from_client_ip($clientip); - $protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://'; - $htmltext = str_replace("\$PORTAL_ACTION\$", "{$protocol}{$ourhostname}/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "{$protocol}{$ourhostname}/", $htmltext); - - $htmltext = str_replace("\$PORTAL_ZONE\$", htmlspecialchars($cpzone), $htmltext); - $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); - - // Special handling case for captive portal master page so that it can be ran - // through the PHP interpreter using the include method above. We convert the - // $VARIABLE$ case to #VARIABLE# in /usr/local/etc/inc/captiveportal.inc before writing out. - $htmltext = str_replace("#PORTAL_ZONE#", htmlspecialchars($cpzone), $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); - $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); - $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); - - echo $htmltext; -} - -function portal_mac_radius($clientmac,$clientip) { - global $config, $cpzone; - - $radmac_secret = $config['captiveportal'][$cpzone]['radmac_secret']; - - /* authentication against the radius server */ - $username = mac_format($clientmac); - $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); - if ($auth_list['auth_val'] == 2) - return TRUE; - - if (!empty($auth_list['url_redirection'])) - portal_reply_page($auth_list['url_redirection'], "redir"); - - return FALSE; -} - - - -/* - * Used for when pass-through credits are enabled. - * Returns true when there was at least one free login to deduct for the MAC. - * Expired entries are removed as they are seen. - * Active entries are updated according to the configuration. - */ -function portal_consume_passthrough_credit($clientmac) { - global $config, $cpzone; - - if (!empty($config['captiveportal'][$cpzone]['freelogins_count']) && is_numeric($config['captiveportal'][$cpzone]['freelogins_count'])) - $freeloginscount = $config['captiveportal'][$cpzone]['freelogins_count']; - else - return false; - - if (!empty($config['captiveportal'][$cpzone]['freelogins_resettimeout']) && is_numeric($config['captiveportal'][$cpzone]['freelogins_resettimeout'])) - $resettimeout = $config['captiveportal'][$cpzone]['freelogins_resettimeout']; - else - return false; - - if ($freeloginscount < 1 || $resettimeout <= 0 || !$clientmac) - return false; - - $updatetimeouts = isset($config['captiveportal'][$cpzone]['freelogins_updatetimeouts']); - - /* - * Read database of used MACs. Lines are a comma-separated list - * of the time, MAC, then the count of pass-through credits remaining. - */ - $usedmacs = captiveportal_read_usedmacs_db(); - - $currenttime = time(); - $found = false; - foreach ($usedmacs as $key => $usedmac) { - $usedmac = explode(",", $usedmac); - - if ($usedmac[1] == $clientmac) { - if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { - if ($usedmac[2] < 1) { - if ($updatetimeouts) { - $usedmac[0] = $currenttime; - unset($usedmacs[$key]); - $usedmacs[] = implode(",", $usedmac); - captiveportal_write_usedmacs_db($usedmacs); - } - - return false; - } else { - $usedmac[2] -= 1; - $usedmacs[$key] = implode(",", $usedmac); - } - - $found = true; - } else - unset($usedmacs[$key]); - - break; - } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) - unset($usedmacs[$key]); - } - - if (!$found) { - $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); - $usedmacs[] = implode(",", $usedmac); - } - - captiveportal_write_usedmacs_db($usedmacs); - return true; -} - -function captiveportal_read_usedmacs_db() { - global $g, $cpzone; - - $cpumaclck = lock("captiveusedmacs{$cpzone}"); - if (file_exists("/var/db/captiveportal_usedmacs_{$cpzone}.db")) { - $usedmacs = file("/var/db/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if (!$usedmacs) - $usedmacs = array(); - } else - $usedmacs = array(); - - unlock($cpumaclck); - return $usedmacs; -} - -function captiveportal_write_usedmacs_db($usedmacs) { - global $g, $cpzone; - - $cpumaclck = lock("captiveusedmacs{$cpzone}", LOCK_EX); - @file_put_contents("/var/db/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs)); - unlock($cpumaclck); -} - -function captiveportal_blocked_mac($mac) { - global $config, $g, $cpzone; - - if (empty($mac) || !is_macaddr($mac)) - return false; - - if (!is_array($config['captiveportal'][$cpzone]['passthrumac'])) - return false; - - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $passthrumac) - if (($passthrumac['action'] == 'block') && - ($passthrumac['mac'] == strtolower($mac))) - return true; - - return false; - -} - -function captiveportal_send_server_accounting($off = false) { - global $cpzone, $config; - - if (!isset($config['captiveportal'][$cpzone]['radacct_enable'])) { - return; - } - if ($off) { - $racct = new Auth_RADIUS_Acct_Off; - } else { - $racct = new Auth_RADIUS_Acct_On; - } - $radiusservers = captiveportal_get_radius_servers(); - if (empty($radiusservers)) { - return; - } - foreach ($radiusservers['first'] as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - // Send request - $result = $racct->send(); - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - } else { - $retvalue['acct_val'] = 1 ; - } - - $racct->close(); - return $retvalue; -} diff --git a/src/etc/inc/captiveportal.radius_accounting.inc b/src/etc/inc/captiveportal.radius_accounting.inc deleted file mode 100644 index 03617cdcc..000000000 --- a/src/etc/inc/captiveportal.radius_accounting.inc +++ /dev/null @@ -1,303 +0,0 @@ - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY - OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - This code cannot simply be copied and put under the GNU Public License or - any other GPL-like (LGPL, GPL2) License. - - This code is made possible thx to samples made by Michael Bretterklieber - author of the PHP PECL Radius package -*/ - -define('GIGAWORDS_RIGHT_OPERAND', '4294967296'); // 2^32 - -/* -RADIUS ACCOUNTING START ------------------------ -*/ - -PEAR::loadExtension('bcmath'); - -function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac) { - - global $config, $cpzone; - - $retvalue = array(); - $nas_mac = mac_format(get_interface_mac("wan")); - $clientmac = mac_format($clientmac); - $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance - $racct = new Auth_RADIUS_Acct_Start; - - /* Different Authentication options - * - * Its possible todo other authentication methods but still do radius accounting - * - * RADIUS_AUTH_RADIUS => authenticated via Radius - * RADIUS_AUTH_LOCAL => authenticated local - * RADIUS_AUTH_REMOTE => authenticated remote - * - */ - $racct->authentic = RADIUS_AUTH_RADIUS; - - // Construct data package - $racct->username = $username; - /* - Add support for more then one radiusserver. - At most 10 servers may be specified. - When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - - /* - * NAS_PORT_TYPE, int => RADIUS_ETHERNET (15), RADIUS_WIRELESS_OTHER (18), RADIUS_WIRELESS_IEEE_802_11 (19) - */ - - // Default attributes - $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - - // Extra data to identify the client and nas - $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr"); - $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Send request - $result = $racct->send(); - - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - - } else { - $retvalue['acct_val'] = 1 ; - - } - - // close OO RADIUS_ACCOUNTING - $racct->close(); - unset($racct); - - return $retvalue ; - -} - -/* -RADIUS ACCOUNTING STOP/UPDATE ------------------------------ -*/ - -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { - - global $config, $cpzone; - - $retvalue = array(); - $nas_mac = mac_format(get_interface_mac("wan")); - $clientmac = mac_format($clientmac); - $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - $stop_time = (empty($stop_time)) ? time() : $stop_time; - $session_time = $stop_time - $start_time; - $volume['input_bytes_radius'] = remainder(0); - $volume['input_gigawords'] = gigawords(0); - $volume['output_bytes_radius'] = remainder(0); - $volume['output_gigawords'] = gigawords(0); - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance, see if we should use Accounting Interim Updates or Accounting STOP messages - if ($interimupdate) - $racct = new Auth_RADIUS_Acct_Update; - else - $racct = new Auth_RADIUS_Acct_Stop; - - /* - Add support for more then one radiusserver. - At most 10 servers may be specified. - When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - - // See RADIUS_ACCOUNTING_START for info - $racct->authentic = RADIUS_AUTH_RADIUS; - - // Construct data package - $racct->username = $username; - // Set session_time - $racct->session_time = $session_time; - - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - - // The RADIUS PECL Package doesn't have this vars so we create them ourself - define("RADIUS_ACCT_INPUT_GIGAWORDS", "52"); - define("RADIUS_ACCT_OUTPUT_GIGAWORDS", "53"); - - // Default attributes - $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - - // Extra data to identify the client and nas - $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr"); - $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Volume stuff: Ingress - $racct->putAttribute(RADIUS_ACCT_INPUT_PACKETS, $volume['input_pkts'], "integer"); - $racct->putAttribute(RADIUS_ACCT_INPUT_OCTETS, $volume['input_bytes_radius'], "integer"); - $racct->putAttribute(RADIUS_ACCT_INPUT_GIGAWORDS, $volume['input_gigawords'], "integer"); - // Volume stuff: Outgress - $racct->putAttribute(RADIUS_ACCT_OUTPUT_PACKETS, $volume['output_pkts'], "integer"); - $racct->putAttribute(RADIUS_ACCT_OUTPUT_OCTETS, $volume['output_bytes_radius'], "integer"); - $racct->putAttribute(RADIUS_ACCT_OUTPUT_GIGAWORDS, $volume['output_gigawords'], "integer"); - $racct->putAttribute(RADIUS_ACCT_SESSION_TIME, $session_time, "integer"); - - if (!$interimupdate) - $racct->putAttribute(RADIUS_ACCT_TERMINATE_CAUSE, $term_cause); - - // Send request - $result = $racct->send(); - - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - - } else { - $retvalue['acct_val'] = 1 ; - - } - - // close OO RADIUS_ACCOUNTING - $racct->close(); - - return $retvalue; - -} - - -/** - * Radius Volume Helpers - * - */ - -function gigawords($bytes) { - - - /* - * RFC2866 Specifies a 32bit unsigned integer, which is a max of 4294967295 - * Currently there is a fault in the PECL radius_put_int function which can handle only 32bit signed integer. - */ - - // We use BCMath functions since normal integers don't work with so large numbers - $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , GIGAWORDS_RIGHT_OPERAND) ; - - // We need to manually set this to a zero instead of NULL for put_int() safety - if (is_null($gigawords)) { - $gigawords = 0; - } - - return $gigawords; - -} - -function remainder($bytes) { - - // Calculate the bytes we are going to send to the radius - $bytes = bcmod($bytes, GIGAWORDS_RIGHT_OPERAND); - - if (is_null($bytes)) { - $bytes = 0; - } - - - return $bytes; - -} - -?> diff --git a/src/etc/inc/captiveportal.radius_authentication.inc b/src/etc/inc/captiveportal.radius_authentication.inc deleted file mode 100644 index dc146762e..000000000 --- a/src/etc/inc/captiveportal.radius_authentication.inc +++ /dev/null @@ -1,181 +0,0 @@ - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY - OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - This code cannot simply be copied and put under the GNU Public License or - any other GPL-like (LGPL, GPL2) License. - - This code is made possible thx to samples made by Michael Bretterklieber - author of the PHP PECL Radius package - -*/ - -/* -RADIUS AUTHENTICATION ---------------------- -*/ - -require_once("captiveportal.CHAP.inc"); - -function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { - - global $config, $cpzone; - - $retvalue = array(); - $clientmac = mac_format($clientmac); - $nas_port = $ruleno; - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - $radius_protocol = $config['captiveportal'][$cpzone]['radius_protocol']; - // Do we even need to set it to NULL? - $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = null; - $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = $retvalue['interim_interval'] = null; - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance - $classname = 'Auth_RADIUS_' . $radius_protocol; - $rauth = new $classname($username, $password); - - /* - * Add support for more then one radiusserver. - * At most 10 servers may be specified. - * When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - - } - - // Construct data package - $rauth->username = $username; - switch ($radius_protocol) { - case 'CHAP_MD5': - case 'MSCHAPv1': - $classname = $radius_protocol == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5'; - $crpt = new $classname; - $crpt->username = $username; - $crpt->password = $password; - $rauth->challenge = $crpt->challenge; - $rauth->chapid = $crpt->chapid; - $rauth->response = $crpt->challengeResponse(); - $rauth->flags = 1; - // If you must use deprecated and weak LAN-Manager-Responses use this: - //$rauth->lmResponse = $crpt->lmChallengeResponse(); - //$rauth->flags = 0; - break; - - case 'MSCHAPv2': - // Construct data package - $crpt = new Crypt_CHAP_MSv2; - $crpt->username = $username; - $crpt->password = $password; - $rauth->challenge = $crpt->authChallenge; - $rauth->peerChallenge = $crpt->peerChallenge; - $rauth->chapid = $crpt->chapid; - $rauth->response = $crpt->challengeResponse(); - break; - - default: - $rauth->password = $password; - break; - } - - if (PEAR::isError($rauth->start())) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $rauth->getError(); - - // If we encounter an error immediately stop this function and go back - $rauth->close(); - return $retvalue; - } - - // Default attributes - $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); - $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - - // Extra data to identify the client and nas - $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr); - $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Send request - $result = $rauth->send(); - - // Evaluation of the response - // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius - // 2 -> Access-Accept - // 3 -> Access-Reject - // See RFC2865 for this. - if (PEAR::isError($result)) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['auth_val'] = 2; - - } else { - $retvalue['auth_val'] = 3; - - } - - // Get attributes, even if auth failed. - // We will push the results in the retvalue array - if (!$rauth->getAttributes()) { - $retvalue['error'] = $rauth->getError(); - - } else { - $retvalue = array_merge($retvalue,$rauth->listAttributes()); - - // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller - if (!empty($retvalue['session_terminate_time'])) { - $stt = &$retvalue['session_terminate_time']; - $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt))); - } - } - - // close OO RADIUS_AUTHENTICATION - $rauth->close(); - unset($rauth); - - return $retvalue; - -} - -?> diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index e28a2fbe0..d46612873 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -475,30 +475,12 @@ function is_webgui_cert($certref) $config['system']['webgui']['protocol'] != 'http'; } -function is_captiveportal_cert($certref) -{ - global $config; - - if (!isset($config['captiveportal'])) { - return; - } - - foreach ($config['captiveportal'] as $portal) { - if (isset($portal['enable']) && isset($portal['httpslogin']) && ($portal['certref'] == $certref)) { - return true; - } - } - - return false; -} - function cert_in_use($certref) { return (is_webgui_cert($certref) || is_user_cert($certref) || is_openvpn_server_cert($certref) || is_openvpn_client_cert($certref) || - is_ipsec_cert($certref) || - is_captiveportal_cert($certref)); + is_ipsec_cert($certref)); } function crl_update(& $crl) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index eaa8181f7..5ce39f349 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -3120,10 +3120,6 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven /* update dyndns */ configd_run("dyndns reload {$interface}"); - - /* XXX: which CPZONE? Needed? */ - /* reload captive portal */ - captiveportal_init_rules(); } } @@ -5412,3 +5408,21 @@ function get_ppp_uptime($port){ return $total_time; } } + +/** + * Get the NAS-IP-Address based on the current wan address + * + * Use functions in interfaces.inc to find this out + * + */ + +function getNasIP() +{ + $nasIp = get_interface_ip(); + + if (!is_ipaddr($nasIp)) { + $nasIp = '0.0.0.0'; + } + + return $nasIp; +} diff --git a/src/etc/inc/ipsec.auth-user.php b/src/etc/inc/ipsec.auth-user.php index a23a4fdff..cd5e74a96 100755 --- a/src/etc/inc/ipsec.auth-user.php +++ b/src/etc/inc/ipsec.auth-user.php @@ -201,21 +201,6 @@ if (!function_exists("getNasID")) { } } -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ -if (!function_exists("getNasIP")) { - function getNasIP() - { - $nasIp = get_interface_ip(); - if(!$nasIp) - $nasIp = "0.0.0.0"; - return $nasIp; - } -} /* setup syslog logging */ openlog("charon", LOG_ODELAY, LOG_AUTH); diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index b3495ef79..f27863276 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -198,21 +198,6 @@ function getNasID() } } -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ -if (!function_exists("getNasIP")) { -function getNasIP() -{ - $nasIp = get_interface_ip(); - if(!$nasIp) - $nasIp = "0.0.0.0"; - return $nasIp; -} -} /* setup syslog logging */ openlog("openvpn", LOG_ODELAY, LOG_AUTH); diff --git a/src/etc/inc/radius.inc b/src/etc/inc/radius.inc index 8352f1fc1..e6ab0e610 100644 --- a/src/etc/inc/radius.inc +++ b/src/etc/inc/radius.inc @@ -288,22 +288,15 @@ class Auth_RADIUS extends PEAR { */ function putStandardAttributes() { - global $config, $cpzone; + global $config; + + $ipaddr = getNasIP(); - if (!function_exists("getNasIp")) { - $ipaddr = "0.0.0.0"; - } else { - $ipaddr = getNasIP(); - } // Add support for sending NAS-IP-Address, set this explicitly as an ip_addr $this->putAttribute(RADIUS_NAS_IP_ADDRESS, $ipaddr, "addr"); // Add support for sending NAS-Identifier - if (empty($config["captiveportal"][$cpzone]["radiusnasid"])) { - $nasId = php_uname("n"); - } else { - $nasId = $config["captiveportal"][$cpzone]["radiusnasid"]; - } + $nasId = php_uname("n"); $this->putAttribute(RADIUS_NAS_IDENTIFIER, $nasId); } diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 030bbb99c..377f302b2 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -97,8 +97,6 @@ function enable_rrd_graphing() $mbuf = "-mbuf.rrd"; $cellular = "-cellular.rrd"; $vpnusers = "-vpnusers.rrd"; - $captiveportalconcurrent = "-concurrent.rrd"; - $captiveportalloggedin = "-loggedin.rrd"; $ntpd = "ntpd.rrd"; $rrdtool = "/usr/local/bin/rrdtool"; @@ -110,7 +108,6 @@ function enable_rrd_graphing() $php = "/usr/local/bin/php"; $cpustats = "/usr/local/sbin/cpustats"; $ifconfig = "/sbin/ifconfig"; - $captiveportal_gather = "/usr/local/sbin/captiveportal_gather_stats.php"; $ntpq = "/usr/local/sbin/ntpq"; $rrdtrafficinterval = 60; @@ -123,7 +120,6 @@ function enable_rrd_graphing() $rrdmbufinterval = 60; $rrdcellularinterval = 60; $rrdvpninterval = 60; - $rrdcaptiveportalinterval = 60; $rrdntpdinterval = 60; $trafficvalid = $rrdtrafficinterval * 2; @@ -136,7 +132,6 @@ function enable_rrd_graphing() $mbufvalid = $rrdmbufinterval * 2; $cellularvalid = $rrdcellularinterval * 2; $vpnvalid = $rrdvpninterval * 2; - $captiveportalvalid = $rrdcaptiveportalinterval * 2; $ntpdvalid = $rrdntpdinterval * 2; /* Assume 2*10GigE for now */ @@ -486,94 +481,10 @@ function enable_rrd_graphing() $rrdupdatesh .= "MBUF=`$netstat -m | "; $rrdupdatesh .= " $awk '/mbuf clusters in use/ { gsub(/\//, \":\", $1); print $1; }'`\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mbuf N:\${MBUF}\n"; - /* End mbuf statistics */ /* End System statistics */ - /* Captive Portal statistics, set up the rrd file */ - if(is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - if (!isset($cp['enable'])) - continue; - - $ifname= "captiveportal"; - $concurrent_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalconcurrent; - if (!file_exists("$concurrent_filename")) { - $rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; - $rrdcreate .= "RRA:MIN:0.5:1:1200 "; - $rrdcreate .= "RRA:MIN:0.5:5:720 "; - $rrdcreate .= "RRA:MIN:0.5:60:1860 "; - $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; - $rrdcreate .= "RRA:MAX:0.5:1:1200 "; - $rrdcreate .= "RRA:MAX:0.5:5:720 "; - $rrdcreate .= "RRA:MAX:0.5:60:1860 "; - $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; - $rrdcreate .= "RRA:LAST:0.5:1:1200 "; - $rrdcreate .= "RRA:LAST:0.5:5:720 "; - $rrdcreate .= "RRA:LAST:0.5:60:1860 "; - $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; - - create_new_rrd($rrdcreate); - unset($rrdcreate); - } - - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if(file_exists("/var/run/booting")) { - mwexec("$rrdtool update $concurrent_filename N:U"); - } - - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'concurrent'`\n"; - $rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n"; - - $loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin; - if (!file_exists("$loggedin_filename")) { - $rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; - $rrdcreate .= "RRA:MIN:0.5:1:1200 "; - $rrdcreate .= "RRA:MIN:0.5:5:720 "; - $rrdcreate .= "RRA:MIN:0.5:60:1860 "; - $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; - $rrdcreate .= "RRA:MAX:0.5:1:1200 "; - $rrdcreate .= "RRA:MAX:0.5:5:720 "; - $rrdcreate .= "RRA:MAX:0.5:60:1860 "; - $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; - $rrdcreate .= "RRA:LAST:0.5:1:1200 "; - $rrdcreate .= "RRA:LAST:0.5:5:720 "; - $rrdcreate .= "RRA:LAST:0.5:60:1860 "; - $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; - - create_new_rrd($rrdcreate); - unset($rrdcreate); - } - - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if(file_exists("/var/run/booting")) { - mwexec("$rrdtool update $loggedin_filename N:U"); - } - - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; - $rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'loggedin'`\n"; - $rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n"; - - } - } - /* End Captive Portal statistics */ - /* NTP, set up the ntpd rrd file */ if (isset($config['ntpd']['statsgraph'])) { /* set up the ntpd rrd file */ diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index d79b82de8..7148870e4 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1025,32 +1025,13 @@ function system_generate_lighty_config( $port = 80, $document_root = '/usr/local/www/', $cert_location = 'cert.pem', - $ca_location = 'ca.pem', - $captive_portal = false) + $ca_location = 'ca.pem') { global $config; @mkdir('/tmp/lighttpdcompress'); - if ($captive_portal !== false) { - $captiveportal = ',"mod_evasive"'; - $http_rewrite_rules = "url.rewrite-once = ( \"(.*captiveportal.*)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n"; - - if (!isset($config['captiveportal'][$captive_portal]['maxprocperip']) || empty($config['captiveportal'][$captive_portal]['maxprocperip'])) { - $maxprocperip = 10; - } else { - $maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip']; - } - - $captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}"; - - $server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n"; - @mkdir('/tmp/captiveportal', 0555); - $server_max_request_size = "server.max-request-size = 384"; - $cgi_config = ""; - } else { - $captiveportal = ",\"mod_cgi\""; - $http_rewrite_rules = << "/usr/local/opnsense/www/" ) alias.url += ( "/api/" => "/usr/local/opnsense/www/" ) @@ -1059,11 +1040,9 @@ url.rewrite-if-not-file = ( "^/ui/(.*)$" => "/ui/index.php?_url=/$1" , ) EOD; - $captive_portal_mod_evasive = ""; - $server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n"; - $server_max_request_size = "server.max-request-size = 2097152"; - $cgi_config = "cgi.assign = ( \".cgi\" => \"\" )"; - } + $server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n"; + $server_max_request_size = "server.max-request-size = 2097152"; + $cgi_config = "cgi.assign = ( \".cgi\" => \"\" )"; if (empty($port)) $lighty_port = "80"; @@ -1079,26 +1058,10 @@ EOD; else $max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; - // Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM - if ($captive_portal !== false) { - if ($realmem > 135 and $realmem < 256) { - $max_procs += 1; // 2 worker processes - } else if ($realmem > 255 and $realmem < 513) { - $max_procs += 2; // 3 worker processes - } else if ($realmem > 512) { - $max_procs += 4; // 6 worker processes - } - if ($max_procs > 1) - $max_php_children = intval($max_procs/2); - else - $max_php_children = 1; - - } else { - if ($realmem < 78) - $max_php_children = 0; - else - $max_php_children = 1; - } + if ($realmem < 78) + $max_php_children = 0; + else + $max_php_children = 1; if(!isset($config['syslog']['nologlighttpd'])) { $lighty_use_syslog = << "access 50 hours", ) @@ -1337,7 +1294,7 @@ EOD; } // Add HTTP to HTTPS redirect - if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) { + if ($config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) { if($lighty_port != "443") { $redirectport = ":{$lighty_port}"; } else { diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index bfb2b59cc..60ccff353 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1059,36 +1059,11 @@ function ip_in_subnet($addr,$subnet) { } } - - -function mac_format($clientmac) { - global $config, $cpzone; - - $mac = explode(":", $clientmac); - $mac_format = $cpzone ? $config['captiveportal'][$cpzone]['radmac_format'] : false; - - switch($mac_format) { - case 'singledash': - return "$mac[0]$mac[1]$mac[2]-$mac[3]$mac[4]$mac[5]"; - - case 'ietf': - return "$mac[0]-$mac[1]-$mac[2]-$mac[3]-$mac[4]-$mac[5]"; - - case 'cisco': - return "$mac[0]$mac[1].$mac[2]$mac[3].$mac[4]$mac[5]"; - - case 'unformatted': - return "$mac[0]$mac[1]$mac[2]$mac[3]$mac[4]$mac[5]"; - - default: - return $clientmac; - } -} - -function resolve_retry($hostname, $retries = 5) { - - if (is_ipaddr($hostname)) +function resolve_retry($hostname, $retries = 5) +{ + if (is_ipaddr($hostname)) { return $hostname; + } for ($i = 0; $i < $retries; $i++) { // FIXME: gethostbyname does not work for AAAA hostnames, boo, hiss diff --git a/src/etc/inc/voucher.inc b/src/etc/inc/voucher.inc deleted file mode 100644 index a39c16bd9..000000000 --- a/src/etc/inc/voucher.inc +++ /dev/null @@ -1,521 +0,0 @@ - - Copyright (C) 2010 Scott Ullrich - Copyright (C) 2007 Marcel Wiget - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -function voucher_expire($voucher_received) { - global $g, $config, $cpzone; - - $cpdb = new OPNsense\CaptivePortal\DB($cpzone); - $cpc = new OPNsense\CaptivePortal\CPClient(); - - // read rolls into assoc array with rollid as key and minutes as value - $tickets_per_roll = array(); - $minutes_per_roll = array(); - if (is_array($config['voucher'][$cpzone]['roll'])) { - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $tickets_per_roll[$rollent['number']] = $rollent['count']; - $minutes_per_roll[$rollent['number']] = $rollent['minutes']; - } - } - - // split into an array. Useful for multiple vouchers given - $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); - $active_dirty = false; - - // go through all received vouchers, check their valid and extract - // Roll# and Ticket# using the external readvoucher binary - foreach ($a_vouchers_received as $voucher) { - $v = escapeshellarg($voucher); - if (strlen($voucher) < 3) - continue; // seems too short to be a voucher! - - unset($output); - $_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output); - list($status, $roll, $nr) = explode(" ", $output[0]); - if ($status == "OK") { - // check if we have this ticket on a registered roll for this ticket - if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { - // voucher is from a registered roll. - if (!isset($active_vouchers[$roll])) - $active_vouchers[$roll] = voucher_read_active_db($roll); - // valid voucher. Store roll# and ticket# - if (!empty($active_vouchers[$roll][$voucher])) { - $active_dirty = true; - unset($active_vouchers[$roll][$voucher]); - } - // check if voucher already marked as used - if (!isset($bitstring[$roll])) - $bitstring[$roll] = voucher_read_used_db($roll); - $pos = $nr >> 3; // divide by 8 -> octet - $mask = 1 << ($nr % 8); - // mark bit for this voucher as used - if (!(ord($bitstring[$roll][$pos]) & $mask)) - $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); - captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); - - /* Check if this voucher has any active sessions */ - $clients = $cpdb->listClients(array("username"=>$voucher),null, null); - foreach($clients as $client ){ - $cpc->disconnect($cpzone,$client->sessionid); - } - - } else - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); - } else - // hmm, thats weird ... not what I expected - captiveportal_syslog("$voucher invalid: {$output[0]}!!"); - } - - // Refresh active DBs - if ($active_dirty == true) { - foreach ($active_vouchers as $roll => $active) { - voucher_write_active_db($roll, $active); - } - unset($active_vouchers); - - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - } - - // Write back the used DB's - if (is_array($bitstring)) { - foreach ($bitstring as $roll => $used) { - if(is_array($used)) { - foreach($used as $u) - voucher_write_used_db($roll, base64_encode($u)); - } else { - voucher_write_used_db($roll, base64_encode($used)); - } - } - unset($bitstring); - } - - unset($cpdb); - unset($cpc); - - - return true; -} - -/* - * Authenticate a voucher and return the remaining time credit in minutes - * if $test is set, don't mark the voucher as used nor add it to the list - * of active vouchers - * If $test is set, simply test the voucher. Don't change anything - * but return a more verbose error and result message back - */ -function voucher_auth($voucher_received, $test = 0) { - global $g, $config, $cpzone, $dbc; - - if (!isset($config['voucher'][$cpzone]['enable'])) - return 0; - - // read rolls into assoc array with rollid as key and minutes as value - $tickets_per_roll = array(); - $minutes_per_roll = array(); - if (is_array($config['voucher'][$cpzone]['roll'])) { - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $tickets_per_roll[$rollent['number']] = $rollent['count']; - $minutes_per_roll[$rollent['number']] = $rollent['minutes']; - } - } - - // split into an array. Useful for multiple vouchers given - $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); - $error = 0; - $test_result = array(); // used to display for voucher test option in GUI - $total_minutes = 0; - $first_voucher = ""; - $first_voucher_roll = 0; - - // go through all received vouchers, check their valid and extract - // Roll# and Ticket# using the external readvoucher binary - foreach ($a_vouchers_received as $voucher) { - $v = escapeshellarg($voucher); - if (strlen($voucher) < 3) - continue; // seems too short to be a voucher! - - $result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v"); - list($status, $roll, $nr) = explode(" ", $result); - if ($status == "OK") { - if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit - $first_voucher = $voucher; - $first_voucher_roll = $roll; - } - // check if we have this ticket on a registered roll for this ticket - if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { - // voucher is from a registered roll. - if (!isset($active_vouchers[$roll])) - $active_vouchers[$roll] = voucher_read_active_db($roll); - // valid voucher. Store roll# and ticket# - if (!empty($active_vouchers[$roll][$voucher])) { - list($timestamp,$minutes) = explode(",", $active_vouchers[$roll][$voucher]); - // we have an already active voucher here. - $remaining = intval((($timestamp + (60*$minutes)) - time())/60); - $test_result[] = sprintf(gettext('%1$s (%2$s/%3$s) active and good for %4$d Minutes'), $voucher, $roll, $nr, $remaining); - $total_minutes += $remaining; - } else { - // voucher not used. Check if ticket Id is on the roll (not too high) - // and if the ticket is marked used. - // check if voucher already marked as used - if (!isset($bitstring[$roll])) - $bitstring[$roll] = voucher_read_used_db($roll); - $pos = $nr >> 3; // divide by 8 -> octet - $mask = 1 << ($nr % 8); - if (ord($bitstring[$roll][$pos]) & $mask) { - $test_result[] = "$voucher ($roll/$nr) already used and expired"; - captiveportal_syslog("$voucher ($roll/$nr) already used and expired"); - $total_minutes = -1; // voucher expired - $error++; - } else { - // mark bit for this voucher as used - $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); - $test_result[] = "$voucher ($roll/$nr) good for {$minutes_per_roll[$roll]} Minutes"; - $total_minutes += $minutes_per_roll[$roll]; - } - } - } else { - $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); - } - } else { - // hmm, thats weird ... not what I expected - $test_result[] = "$voucher invalid: $result !!"; - captiveportal_syslog("$voucher invalid: $result !!"); - $error++; - } - } - - // if this was a test call, we're done. Return the result. - if ($test) { - if ($error) { - $test_result[] = gettext("Access denied!"); - } else { - $test_result[] = sprintf(gettext("Access granted for %d Minutes in total."),$total_minutes); - } - - return $test_result; - } - - // if we had an error (one of the vouchers is invalid), return 0. - // Discussion: we could return the time remaining for good vouchers, but then - // the user wouldn't know that he used at least one invalid voucher. - if ($error) { - if ($total_minutes > 0) // probably not needed, but want to make sure - $total_minutes = 0; // we only report -1 (expired) or 0 (no access) - return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS - } - - // All given vouchers were valid and this isn't simply a test. - // Write back the used DB's - if (is_array($bitstring)) { - foreach ($bitstring as $roll => $used) { - if(is_array($used)) { - foreach($used as $u) - voucher_write_used_db($roll, base64_encode($u)); - } else { - voucher_write_used_db($roll, base64_encode($used)); - } - } - } - - // Active DB: we only add the first voucher if multiple given - // and give that one all the time credit. This allows the user to logout and - // log in later using just the first voucher. It also keeps username limited - // to one voucher and that voucher shows the correct time credit in 'active vouchers' - if (!empty($active_vouchers[$first_voucher_roll][$first_voucher])) { - list($timestamp, $minutes) = explode(",", $active_vouchers[$first_voucher_roll][$first_voucher]); - } else { - $timestamp = time(); // new voucher - $minutes = $total_minutes; - } - - $active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes"; - voucher_write_active_db($first_voucher_roll, $active_vouchers[$first_voucher_roll]); - - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - - return $total_minutes; -} - -function voucher_configure($sync = false) -{ - global $config, $cpzone; - - $ret = true; - - if (!isset($config['voucher']) || !is_array($config['voucher'])) { - return $ret; - } - - foreach ($config['voucher'] as $voucherzone => $vcfg) { - $cpzone = $voucherzone; - $error = voucher_configure_zone($sync); - if ($error) { - $ret = false; - } - } - - return $ret; -} - -function voucher_configure_zone($sync = false) -{ - global $config, $g, $cpzone; - - if (!isset($config['voucher'][$cpzone]['enable'])) { - return 0; - } - - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - /* write public key used to verify vouchers */ - $pubkey = base64_decode($config['voucher'][$cpzone]['publickey']); - $fd = fopen("/var/etc/voucher_{$cpzone}.public", "w"); - if (!$fd) { - captiveportal_syslog("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); - return 1; - } - fwrite($fd, $pubkey); - fclose($fd); - @chmod("/var/etc/voucher_{$cpzone}.public", 0600); - - /* write config file used by voucher binary to decode vouchers */ - $fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w"); - if (!$fd) { - captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n"); - unlock($voucherlck); - return 1; - } - fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n"); - fclose($fd); - @chmod("/var/etc/voucher_{$cpzone}.cfg", 0600); - unlock($voucherlck); - - if (!$sync) { - return 0; - } - - captiveportal_syslog('Writing voucher db from sync data...'); - - if (isset($config['voucher'][$cpzone]['roll'])) { - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - // create active and used DB per roll on ramdisk from config - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $roll = $rollent['number']; - voucher_write_used_db($roll, $rollent['used']); - $minutes = $rollent['minutes']; - $active_vouchers = array(); - $a_active = &$rollent['active']; - if (is_array($a_active)) { - foreach ($a_active as $activent) { - $voucher = $activent['voucher']; - $timestamp = $activent['timestamp']; - $minutes = $activent['minutes']; - // its tempting to check for expired timestamps, but during - // bootup, we most likely don't have the correct time time. - $active_vouchers[$voucher] = "$timestamp,$minutes"; - } - } - - voucher_write_active_db($roll, $active_vouchers); - } - - unlock($voucherlck); - } - - return 0; -} - -/* write bitstring of used vouchers to ramdisk. - * Bitstring must already be base64_encoded! - */ -function voucher_write_used_db($roll, $vdb) -{ - global $cpzone; - - $fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db"; - - $fd = fopen($fn, 'w'); - if ($fd) { - fwrite($fd, $vdb . "\n"); - fclose($fd); - } else { - voucher_log(LOG_ERR, sprintf(gettext('Can\'t write %s'), $fn)); - } -} - -/* return assoc array of active vouchers with activation timestamp - * voucher is index. - */ -function voucher_read_active_db($roll) { - global $g, $cpzone; - - $active = array(); - $dirty = 0; - $file = "/var/db/voucher_{$cpzone}_active_{$roll}.db"; - if (file_exists($file)) { - $fd = fopen($file, "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - list($voucher,$timestamp,$minutes) = explode(",", $line); // voucher,timestamp - if ((($timestamp + (60*$minutes)) - time()) > 0) - $active[$voucher] = "$timestamp,$minutes"; - else - $dirty=1; - } - } - fclose($fd); - if ($dirty) { - /* if we found expired entries, lets save our snapshot */ - voucher_write_active_db($roll, $active); - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - } - } - } - return $active; -} - -/* store array of active vouchers back to DB */ -function voucher_write_active_db($roll, $active) { - global $g, $cpzone; - - if (!is_array($active)) - return; - $fd = fopen("/var/db/voucher_{$cpzone}_active_{$roll}.db", "w"); - if ($fd) { - foreach($active as $voucher => $value) - fwrite($fd, "$voucher,$value\n"); - fclose($fd); - } -} - -function voucher_read_used_db($roll) -{ - global $cpzone; - - $fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db"; - $vdb = ''; - - $fd = fopen($fn, 'r'); - if ($fd) { - $vdb = trim(fgets($fd)); - fclose($fd); - } else { - voucher_log(LOG_ERR, sprintf(gettext('Can\'t read %s'), $fn)); - } - - return base64_decode($vdb); -} - - -/* we share the log with captiveportal for now */ -function voucher_log($priority, $message) -{ - $message = trim($message); - openlog("logportalauth", LOG_PID, LOG_LOCAL4); - syslog($priority, sprintf(gettext("Voucher: %s"),$message)); - closelog(); -} - -/* - * Save active and used voucher DB into XML config and write it to config - * Called during reboot and every active voucher change - */ -function voucher_save_db_to_config() -{ - global $config, $cpzone; - - if (!isset($config['voucher'])) { - return; - } - - $needs_write = 0; - - foreach ($config['voucher'] as $voucherzone => $vcfg) { - $cpzone = $voucherzone; - $needs_write += voucher_save_db_to_config_zone(); - } - - if ($needs_write) { - write_config("Backing up vouchers"); - } -} - -function voucher_save_db_to_config_zone() -{ - global $config, $cpzone; - - if (!isset($config['voucher'][$cpzone]['enable'])) { - // no vouchers or don't want to save DB's - return 0; - } - - if (!isset($config['voucher'][$cpzone]['roll'])) { - return 0; - } - - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - // walk all active rolls and save runtime DBs - $a_roll = &$config['voucher'][$cpzone]['roll']; - while (list($key, $value) = each($a_roll)) { - $rollent = &$a_roll[$key]; - $roll = $rollent['number']; - $bitmask = voucher_read_used_db($roll); - $rollent['used'] = base64_encode($bitmask); - $active_vouchers = voucher_read_active_db($roll); - $db = array(); - $dbi = 1; - - foreach($active_vouchers as $voucher => $line) { - list($timestamp, $minutes) = explode(',', $line); - $activent['voucher'] = $voucher; - $activent['timestamp'] = $timestamp; - $activent['minutes'] = $minutes; - $db["v{$dbi}"] = $activent; - $dbi++; - } - - $rollent['active'] = $db; - unset($active_vouchers); - } - - unlock($voucherlck); - - return 1; -} diff --git a/src/etc/rc.backup_captiveportal b/src/etc/rc.backup_captiveportal deleted file mode 100755 index 4807597e2..000000000 --- a/src/etc/rc.backup_captiveportal +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("interfaces.inc"); -require_once("util.inc"); -require_once("filter.inc"); -require_once("captiveportal.inc"); - -global $config, $cpzone; - -if (isset($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpzone => $cp) { - captiveportal_radius_stop_all(); - captiveportal_send_server_accounting(true); - } -} - -voucher_save_db_to_config(); diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 059d3b91a..a7a195b00 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -137,8 +137,6 @@ require_once("vpn.inc"); echo "."; require_once("openvpn.inc"); echo "."; -require_once("captiveportal.inc"); -echo "."; require_once("rrd.inc"); echo "."; echo " done.\n"; @@ -306,12 +304,6 @@ filter_configure_sync(); /* setup pppoe and pptp */ vpn_setup(); -/* start the captive portal */ -captiveportal_configure(); - -/* start Voucher support */ -echo 'Enabling voucher support...' . (voucher_configure(true) ? 'done.' : 'failed.') . PHP_EOL; - /* start IPsec tunnels */ $ipsec_dynamic_hosts = vpn_ipsec_configure(); diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize index b70ff8ab8..5e6f05d64 100755 --- a/src/etc/rc.filter_synchronize +++ b/src/etc/rc.filter_synchronize @@ -355,10 +355,6 @@ if (is_array($config['hasync'])) { $config['schedules'] = array(); $sections[] = 'schedules'; } - if (isset($hasync['synchronizecaptiveportal']) && isset($config['captiveportal']) && is_array($config['captiveportal'])) - $sections[] = 'captiveportal'; - if (isset($hasync['synchronizecaptiveportal']) && isset($config['vouchers']) && is_array($config['vouchers'])) - $sections[] = 'vouchers'; if (count($sections) <= 0) { log_error("Nothing has been configured to be synched. Skipping...."); diff --git a/src/etc/rc.initial.setports b/src/etc/rc.initial.setports index ebac30196..82dafe157 100755 --- a/src/etc/rc.initial.setports +++ b/src/etc/rc.initial.setports @@ -33,7 +33,6 @@ require_once("config.console.inc"); require_once("filter.inc"); require_once("util.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("services.inc"); diff --git a/src/etc/rc.linkup b/src/etc/rc.linkup index 2c244510a..bac7a950d 100755 --- a/src/etc/rc.linkup +++ b/src/etc/rc.linkup @@ -85,7 +85,6 @@ function handle_argument_group($iface, $argument2) { log_error("DEVD Ethernet attached event for {$iface}"); log_error("HOTPLUG: Configuring interface {$iface}"); require_once("vpn.inc"); - require_once("captiveportal.inc"); // Do not try to readd to bridge otherwise em(4) has problems interface_configure($iface, true, true); break; diff --git a/src/etc/rc.prunecaptiveportal b/src/etc/rc.prunecaptiveportal deleted file mode 100755 index 06efd7375..000000000 --- a/src/etc/rc.prunecaptiveportal +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("interfaces.inc"); -require_once("filter.inc"); -require_once("captiveportal.inc"); -require_once("util.inc"); - -global $g; -global $cpzone; -global $cpzoneid; - -$cpzone = str_replace("\n", "", $argv[1]); - -if (!is_array($config['captiveportal'][$cpzone])) { - log_error("{$cpzone} is not a valid zone in the configuration!"); - return; -} - -$cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; - -if (file_exists('/tmp/.rc.prunecaptiveportal.running')) { - $stat = stat('/tmp/.rc.prunecaptiveportal.running'); - if (time() - $stat['mtime'] >= 120) { - @unlink('/tmp/.rc.prunecaptiveportal.running'); - } else { - log_error("Skipping CP prunning process because previous/another instance is already running"); - return; - } -} - -@file_put_contents('/tmp/.rc.prunecaptiveportal.running', ''); - -captiveportal_prune_old(); - -@unlink('/tmp/.rc.prunecaptiveportal.running'); diff --git a/src/etc/rc.reload_all b/src/etc/rc.reload_all index e020f132b..67361b0c3 100755 --- a/src/etc/rc.reload_all +++ b/src/etc/rc.reload_all @@ -32,7 +32,6 @@ require_once("interfaces.inc"); require_once("openvpn.inc"); require_once("filter.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("util.inc"); require_once("system.inc"); require_once("pfsense-utils.inc"); diff --git a/src/etc/rc.reload_interfaces b/src/etc/rc.reload_interfaces index d4f93d15f..0f4a6f3a5 100755 --- a/src/etc/rc.reload_interfaces +++ b/src/etc/rc.reload_interfaces @@ -32,7 +32,6 @@ require_once("filter.inc"); require_once("util.inc"); require_once("openvpn.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("system.inc"); require_once("interfaces.inc"); require_once("openvpn.inc"); @@ -43,5 +42,3 @@ require_once("unbound.inc"); system_routing_enable(); interfaces_configure(); filter_configure_sync(); -/* XXX: needs fixing */ -//ovpn_config_server("pfreload"); diff --git a/src/etc/rc.restart_webgui b/src/etc/rc.restart_webgui index 9d40073f9..0092854a9 100755 --- a/src/etc/rc.restart_webgui +++ b/src/etc/rc.restart_webgui @@ -3,7 +3,6 @@ require_once('config.inc'); require_once('interfaces.inc'); -require_once('captiveportal.inc'); require_once('rrd.inc'); require_once('util.inc'); require_once('system.inc'); @@ -31,7 +30,6 @@ while (is_process_running('lighttpd')) { } system_webgui_start(); -captiveportal_init_webgui(); enable_rrd_graphing(); echo 'done.' . PHP_EOL; diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml index eaffe48f5..bdccd5945 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml @@ -168,15 +168,7 @@ - - - - - - - - - + @@ -279,9 +271,6 @@ - - - diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php deleted file mode 100644 index 772612f60..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php +++ /dev/null @@ -1,824 +0,0 @@ -(6*($zoneid-1) )+1,"out"=>(6*($zoneid-1) )+2); - } - - /** - * get ipfw tables for authenticated hosts ( in/out ) - * @param int $zoneid zoneid (number) - * @return array - */ - public function getAuthIPTables($zoneid) - { - return array("in"=>(6*($zoneid-1) )+3,"out"=>(6*($zoneid-1) )+4); - } - - /** - * get ipfw tables used for authenticated physical addresses - * @param int $zoneid zoneid (number) - * @return array - */ - public function getAuthMACTables($zoneid) - { - return array("in"=>(6*($zoneid-1) )+5,"out"=>(6*($zoneid-1) )+6); - } - - /** - * Constructor - */ - public function __construct() - { - // Request handle to configuration - $this->config = Core\Config::getInstance(); - // keep a link to the shell object - $this->shell = new Core\Shell(); - } - - /** - * reset traffic counters - * - * @param string|null $rulenum - */ - public function zeroCounters($rulenum = null) - { - if ($rulenum != null and is_numeric($rulenum)) { - $this->shell->exec("/sbin/ipfw zero " . $rulenum); - } elseif ($rulenum == null) { - $this->shell->exec("/sbin/ipfw zero "); - } - - } - - /** - * Reconfigure zones ( generate and load ruleset ) - */ - public function reconfigure() - { - $backend = new Backend(); - if ($this->isEnabled()) { - $response = $backend->configdRun("template reload OPNsense.IPFW"); - - if (trim($response) == "OK") { - // load ruleset when ruleset is successfully loaded - $this->shell->exec("/etc/rc.d/ipfw start"); - } - - // update tables - $this->update(); - - // after reinit all accounting rules are vanished, reapply them for active sessions - $this->loadAccounting(); - } else { - // captiveportal is disabled, create new config and reload ipfw - $response = $backend->configdRun("template reload OPNsense.IPFW"); - $this->shell->exec("/etc/rc.d/ipfw start"); - } - } - - /** - * check if captiveportal is enabled (traverse zones, if none active return false ) - * @return bool - */ - public function isEnabled() - { - $enabled_zones = 0 ; - $conf = $this->config->object(); - if (isset($conf->captiveportal)) { - foreach ($conf->captiveportal->children() as $cpzonename => $zone) { - if (isset($zone->enable)) { - $enabled_zones++; - } - } - } - - if ($enabled_zones > 0) { - return true; - } else { - return false ; - } - } - - /** - * update zone(s) with new configuration data - * @param string|null $zone - */ - public function update($zone = null) - { - $this->refreshAllowedIPs($zone); - $this->refreshAllowedMACs($zone); - } - - /** - * refresh allowed ip's for defined zone ( null for all zones ) - * @param string|null $cpzone - */ - public function refreshAllowedIPs($cpzone = null) - { - $handled_addresses = array(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - // search requested zone (id) - if ($cpzonename == $cpzone || $zone->zoneid == $cpzone || $cpzone == null) { - $db = new DB($cpzonename); - $db_iplist = $db->listFixedIPs(); - - // calculate table numbers for this zone - $ipfw_tables = $this->getAuthIPTables($zone->zoneid); - - foreach ($zone->children() as $tagname => $tagcontent) { - $ip = $tagcontent->ip->__toString(); - if ($tagname == 'allowedip') { - $handled_addresses[$ip] = array(); - $handled_addresses[$ip]["bw_up"] = $tagcontent->bw_up->__toString() ; - $handled_addresses[$ip]["bw_down"] = $tagcontent->bw_down->__toString() ; - - if (!array_key_exists($ip, $db_iplist)) { - // only insert new values - $pipeno_in = $this->newIPFWpipeno() ; - $pipeno_out = $this->newIPFWpipeno() ; - - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] ." add " . - $ip . "/" . $tagcontent->sn->__toString() . " " . $pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] ." add " . - $ip . "/" . $tagcontent->sn->__toString() . " " . $pipeno_out, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // update administration - $db->upsertFixedIP($ip, $pipeno_in, $pipeno_out); - // save bandwidth data - $handled_addresses[$ip]["pipeno_in"] = $pipeno_in ; - $handled_addresses[$ip]["pipeno_out"] = $pipeno_out ; - } else { - // - $handled_addresses[$ip]["pipeno_in"] = $db_iplist[$ip]->pipeno_in ; - $handled_addresses[$ip]["pipeno_out"] = $db_iplist[$ip]->pipeno_out ; - } - } - - } - - - // Cleanup deleted addresses - foreach ($db_iplist as $ip => $record) { - if (!array_key_exists($ip, $handled_addresses)) { - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " del " . $ip . "/" . $tagcontent->sn->__toString() , - "/sbin/ipfw table ". $ipfw_tables["out"] . - " del " . $ip . "/" . $tagcontent->sn->__toString() , - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // TODO : cleanup $record->pipeno_in, $record->pipeno_out ; - $db->dropFixedIP($ip); - } - } - - // reset bandwidth, - foreach ($handled_addresses as $mac => $record) { - if (array_key_exists("pipeno_in", $record)) { - $this->resetBandwidth($record["pipeno_in"], $record["bw_down"]); - $this->resetBandwidth($record["pipeno_out"], $record["bw_up"]); - } - } - - unset($db); - } - } - - } - - /** - * Request new pipeno - * @return int - */ - private function newIPFWpipeno() - { - // TODO: implement global pipe number assigment - return 999; - } - - /** - * reset bandwidth, if the current bandwidth is unchanged, do nothing - * @param int $pipeno system pipeno - * @param int $bw bandwidth in Kbit/s - * @return status - */ - private function resetBandwidth($pipeno, $bw) - { - //TODO : setup bandwidth for sessions ( check changed ) - //#pipe 2000 config bw 2000Kbit/s - return false; - } - - /** - * To be able to grant access to physical pc's, we need to do some administration. - * Our captive portal database keeps a list of every used address and last know mac address - * - * @param string|null $cpzone zone name or number - */ - public function refreshAllowedMACs($cpzone = null) - { - - // read ARP table - $arp= new ARP(); - $arp_maclist = $arp->getMACs(); - - // keep a list of handled addresses, so we can cleanup the rest and keep track of needed bandwidth restrictions - $handled_mac_addresses = array(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - if ($cpzonename == $cpzone || $zone->zoneid == $cpzone || $cpzone == null) { - // open administrative database for this zone - $db = new DB($cpzonename); - $db_maclist = $db->listPassthruMacs(); - $ipfw_tables = $this->getAuthMACTables($zone->zoneid); - - foreach ($zone->children() as $tagname => $tagcontent) { - $mac = trim(strtolower($tagcontent->mac)); - if ($tagname == 'passthrumac') { - // only accept valid macaddresses - if (preg_match('/^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$/', $mac)) { - if ($tagcontent->action == "pass") { - $handled_mac_addresses[$mac] = array("action"=>"skipped" ); - $handled_mac_addresses[$mac]["bw_up"] = $tagcontent->bw_up ; - $handled_mac_addresses[$mac]["bw_down"] = $tagcontent->bw_down ; - - // only handle addresses we know of - if (array_key_exists($mac, $arp_maclist)) { - // if the address is already in our database, check if it has changed - if (array_key_exists($mac, $db_maclist)) { - // save pipe numbers for bandwidth restriction - $handled_mac_addresses[$mac]["pipeno_in"] = $db_maclist[$mac]->pipeno_in ; - $handled_mac_addresses[$mac]["pipeno_out"] = $db_maclist[$mac]->pipeno_out ; - - if ($db_maclist[$mac]->ip != $arp_maclist[$mac]['ip']) { - // handle changed ip, - $handled_mac_addresses[$mac]["action"] = "changed ip"; - $exec_commands = array( - # delete old ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " delete ". $db_maclist[$mac]->ip, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " delete ". $db_maclist[$mac]->ip, - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " add " . $arp_maclist[$mac]['ip']. " " . $db_maclist[$mac]->pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " add " . $arp_maclist[$mac]['ip']. " " . $db_maclist[$mac]->pipeno_out, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // update administration - $db->upsertPassthruMAC( - $tagcontent->mac, - $arp_maclist[$mac]['ip'], - $db_maclist[$mac]->pipeno_in, - $db_maclist[$mac]->pipeno_out - ); // new ip according to arp table - } - } else { - // new host, not seen it yet - $handled_mac_addresses[$mac]["action"] = "new"; - $pipeno_in = $this->newIPFWpipeno() ; - $pipeno_out = $this->newIPFWpipeno() ; - - // execute all ipfw actions - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " add " . $arp_maclist[$mac]['ip']. " " . $pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " add " . $arp_maclist[$mac]['ip']. " " . $pipeno_out, - ); - $this->shell->exec($exec_commands); - - $db->upsertPassthruMAC( - $tagcontent->mac, - $arp_maclist[$mac]['ip'], - $pipeno_in, - $pipeno_out - ); - // save pipe numbers for bandwidth restriction - $handled_mac_addresses[$mac]["pipeno_in"] = $pipeno_in ; - $handled_mac_addresses[$mac]["pipeno_out"] = $pipeno_out ; - } - } - } - } - } - } - - // - // cleanup old addresses - // - foreach ($db_maclist as $mac => $record) { - if (!array_key_exists($mac, $handled_mac_addresses)) { - # delete old ip address, execute all actions - $exec_commands = array( - "/sbin/ipfw table ". $ipfw_tables["in"] . - " delete ". $db_maclist[$mac]->ip, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " delete ". $db_maclist[$mac]->ip, - ); - $this->shell->exec($exec_commands); - // TODO : cleanup $record->pipeno_in, $record->pipeno_out ; - $db->dropPassthruMAC($mac); - } - } - - // reset bandwidth - foreach ($handled_mac_addresses as $mac => $record) { - if (array_key_exists("pipeno_in", $record)) { - $this->resetBandwidth($record["pipeno_in"], $record["bw_down"]); - $this->resetBandwidth($record["pipeno_out"], $record["bw_up"]); - } - } - - unset($db); - - } - } - - } - - /** - * load accounting rules into ruleset, used for reinitialisation of the ruleset. - * triggers addAccounting() for all active clients in all zones - */ - private function loadAccounting() - { - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - $db = new DB($cpzonename); - foreach ($db->listClients(array()) as $client) { - $this->addAccounting($zone->zoneid, $client->ip) ; - } - unset($db); - } - } - - /** - * add accounting rules for ip - * @param int $zoneid zone - * @param string $ip ip address - */ - public function addAccounting($zoneid, $ip) - { - // TODO: check processing speed, this might need some improvement - // check if our ip is already in the list and collect first free rule number to place it there if necessary - $shell_output=array(); - $this->shell->exec('/sbin/ipfw show', false, $shell_output); - $prev_id = 0; - $new_id = null; - foreach ($shell_output as $line) { - // only trigger on counter rules and last item in the list - if (strpos($line, " count ") !== false || strpos($line, "65535 ") !== false) { - if (strpos($line, " ".$ip." ") !== false) { - // already in table... exit - return; - } - - $this_line_id = (int)(explode(" ", $line)[0]) ; - if ($this_line_id > 30000 and ($this_line_id -1) > $prev_id and $new_id == null) { - // new id found - if ($this_line_id == 65535) { - $new_id = $prev_id+1; - } else { - $new_id = $this_line_id-1; - } - } - - $prev_id = $this_line_id; - } - } - - if ($new_id != null) { - $exec_commands = array( - "/sbin/ipfw add " . $new_id . " set " . $zoneid . " count ip from " . $ip . " to any ", - "/sbin/ipfw add " . $new_id . " set " . $zoneid . " count ip from any to " . $ip, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - } - } - - /** - * unlock host for captiveportal use - * @param string $cpzonename - * @param string $clientip - * @param string $clientmac - * @param string $username - * @param string|null $password - * @param string|null $bw_up - * @param string|null $bw_down - * @param string|null $radiusctx - * @param int|null $session_timeout - * @param int|null $idle_timeout - * @param int|null $session_terminate_time - * @param int|null $interim_interval - * @return bool|string - */ - public function portalAllow( - $cpzonename, - $clientip, - $clientmac, - $username, - $password = null, - $bw_up = null, - $bw_down = null, - $radiusctx = null, - $session_timeout = null, - $idle_timeout = null, - $session_terminate_time = null, - $interim_interval = null - ) { - // defines - $exec_commands = array() ; - $db = new DB($cpzonename); - $arp= new ARP(); - - // find zoneid for this named zone - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zone => $zoneobj) { - if ($zone == $cpzonename) { - $zoneid = $zoneobj->zoneid; - } - } - - if ($zoneid == -1) { - return false; // not a valid zone, bailout - } - - - // grap needed data to generate our rules - $ipfw_tables = $this->getAuthUsersTables($zoneid); - $cp_table = $db->listClients(array("mac"=>$clientmac, "ip"=>$clientip), "or"); - if (sizeof($cp_table) > 0 && ($cp_table[0]->ip == $clientip && $cp_table[0]->mac == $clientmac)) { - // nothing (important) changed here... move on - return $cp_table[0]->sessionid; - } elseif (sizeof($cp_table) > 0) { - // something changed... - // prevent additional sessions to popup, - // one MAC should have only one active session, remove the rest (if any) - $cnt = 0; - $remove_sessions = array(); - foreach ($cp_table as $record) { - if ($cnt >0) { - $remove_sessions[] = $record->sessionid; - } else { - $current_session = $record; - } - $cnt++; - // prepare removal for all ip addresses belonging to this host - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["in"] ." delete ". $record->ip; - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["out"] ." delete ". $record->ip; - // TODO: if for some strange reason there is more than one session, we are failing to drop the pipes - $exec_commands[] = "/usr/sbin/arp -d ".trim($record->ip); // drop static arp entry (prevent MAC change) - } - if (sizeof($remove_sessions)) { - $db->removeSession($remove_sessions); - } - - // collect pipe numbers for dummynet - $pipeno_in = $current_session->pipeno_in; - $pipeno_out = $current_session->pipeno_out; - - $db->updateSession($current_session->sessionid, array("ip"=>$clientip, "mac"=>$clientmac)); - - // preserve session for response - $sessionid = $current_session->sessionid; - } else { - // new session, allocate new dummynet pipes and generate a unique id - $pipeno_in = $this->newIPFWpipeno(); - $pipeno_out = $this->newIPFWpipeno(); - - // construct session data - $session_data=array(); - $session_data["ip"]=$clientip; - $session_data["mac"]=$clientmac; - $session_data["pipeno_in"] = $pipeno_in; - $session_data["pipeno_out"] = $pipeno_out; - $session_data["username"]=\SQLite3::escapeString($username); - $session_data["bpassword"] = base64_encode($password); - $session_data["session_timeout"] = $session_timeout; - $session_data["idle_timeout"] = $idle_timeout; - $session_data["session_terminate_time"] = $session_terminate_time; - $session_data["interim_interval"] = $interim_interval; - $session_data["radiusctx"] = $radiusctx; - $session_data["allow_time"] = time(); // allow time is actual starting time of this session - $sessionid = uniqid() ; - - $db->insertSession($sessionid, $session_data); - - } - - // add commands for access tables, and execute all collected - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["in"] ." add ". $clientip . " ".$pipeno_in; - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["out"] ." add ". $clientip . " ".$pipeno_out; - $this->shell->exec($exec_commands); - - // lock the user/ip to it's MAC address using arp - $arp->setStatic($clientip, $clientmac); - - // add accounting rule - $this->addAccounting($zoneid, $clientip); - - // set bandwidth restrictions - $this->resetBandwidth($pipeno_in, $bw_up); - $this->resetBandwidth($pipeno_in, $bw_down); - - // log - $this->logportalauth($cpzonename, $username, $clientmac, $clientip, $status = "LOGIN"); - - // cleanup - unset($db); - - return $sessionid; - } - - /** - * send message to syslog - * @param string $cpzonename - * @param string $user - * @param string $mac - * @param string $ip - * @param string $status - * @param string $message - */ - private function logportalauth($cpzonename, $user, $mac, $ip, $status, $message = "") - { - $message = trim($message); - $message = "Zone : {$cpzonename} {$status}: {$user}, {$mac}, {$ip}, {$message}"; - - $logger = new Syslog("logportalauth", array( - 'option' => LOG_PID, - 'facility' => LOG_LOCAL4 - )); - $logger->info($message); - } - - /** - * flush zone (null flushes all zones) - * @param string|null $zone zone name or id - */ - public function flush($zone = null) - { - if ($zone == null) { - $shell = new Core\Shell(); - $shell->exec("/sbin/ipfw -f table all flush"); - } else { - // find zoneid for this named zone - if (preg_match("/^[0-9]{1,2}$/", trim($zone))) { - $zoneid = $zone; - } else { - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zonenm => $zoneobj) { - if ($zonenm == $zone) { - $zoneid = $zoneobj->zoneid; - } - } - } - - if ($zoneid != -1) { - $exec_commands= array( - "/sbin/ipfw -f table ".$this->getAuthUsersTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthUsersTables($zoneid)["out"]." flush", - "/sbin/ipfw -f table ".$this->getAuthIPTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthIPTables($zoneid)["out"]." flush", - "/sbin/ipfw -f table ".$this->getAuthMACTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthMACTables($zoneid)["out"]." flush", - "/sbin/ipfw delete set ".$zoneid, - ); - $this->shell->exec($exec_commands); - } - } - } - - /** - * cleanup portal sessions - * @param $cpzone|null zone name - */ - public function portalCleanupSessions($cpzone = null) - { - $acc_list = $this->listAccounting(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zoneobj) { - if ($cpzone == null || $cpzone == $cpzonename) { - $db = new DB($cpzonename); - - $clients = $db->listClients(array(), null, null); - - foreach ($clients as $client) { - $idle_time = 0; - if (array_key_exists($client->ip, $acc_list)) { - $idle_time = $acc_list[$client->ip]['idle_time']; - } - - // if session timeout is reached, disconnect - if (is_numeric($client->session_timeout) && $client->session_timeout > 0) { - if (((time() - $client->allow_time) ) > $client->session_timeout) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "SESSION TIMEOUT" - ); - continue; - } - } - - // disconnect session if idle timeout is reached - if (is_numeric($client->idle_timeout) && $client->idle_timeout > 0 && $idle_time > 0) { - if ($idle_time > $client->idle_timeout) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "IDLE TIMEOUT" - ); - continue; - } - } - - // disconnect on session terminate time - if (is_numeric($client->session_terminate_time) && - $client->session_terminate_time > 0 && - $client->session_terminate_time < time()) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "TERMINATE TIME REACHED" - ); - continue; - } - } - - unset($db); - } - } - - unset($acc_list); - } - - /** - * list (ipfw) accounting information - * @param string|null $ipaddr ip address - * @return array (key = hosts ip) - */ - public function listAccounting($ipaddr = null) - { - $filter_cmd = ""; - $result = array(); - $shell_output = array(); - if ($ipaddr != null) { - $filter_cmd =" | /usr/bin/grep ' " . $ipaddr ." '" ; - } - - if ($this->shell->exec("/sbin/ipfw -aT list ".$filter_cmd, false, $shell_output) == 0) { - foreach ($shell_output as $line) { - if (strpos($line, ' count ip from') !== false) { - $parts = preg_split('/\s+/', $line); - if (count($parts) > 8 && $parts[7] != 'any' and strlen($parts[7]) > 5) { - $result[$parts[7]] = array( - "rulenum" => $parts[0], - "last_accessed" => (int)$parts[3], - "idle_time" => time() - (int)$parts[3], - "out_packets" => (int)$parts[1], - "in_packets" => (int)$parts[2] - ); - } - } - } - } - - return $result; - - } - - /** - * disconnect a session or a list of sessions depending on the parameter - * @param string $cpzonename zone name or id - * @param string $sessionid session id - */ - public function disconnect($cpzonename, $sessionid) - { - if (is_array($sessionid)) { - foreach ($sessionid as $sessid) { - $this->disconnectSession($cpzonename, $sessid); - } - } else { - $this->disconnectSession($cpzonename, $sessionid); - } - } - - /** - * @param string $cpzonename zone name - * @param string $sessionid session id - * @return boolean false for invalid request - */ - private function disconnectSession($cpzonename, $sessionid) - { - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zone => $zoneobj) { - if ($zone == $cpzonename) { - $zoneid = $zoneobj->zoneid; - } - } - - if ($zoneid == -1) { - // not a valid zone - return false; - } - - $db = new DB($cpzonename); - $db_clients = $db->listClients(array("sessionid"=>$sessionid)); - - $ipfw_tables = $this->getAuthUsersTables($zoneid); - if (sizeof($db_clients) > 0) { - if ($db_clients[0]->ip != null) { - // only handle disconnect if we can find a client in our database - $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["in"] . " delete " . $db_clients[0]->ip; - $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["out"] . " delete " . $db_clients[0]->ip; - $this->shell->exec($exec_commands); - // TODO: cleanup dummynet pipes $db_clients[0]->pipeno_in/out - // TODO: log removal - // ( was : captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT");) - } - $db->removeSession($sessionid); - } - return true; - } -} diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json index 794239cc6..d08b95556 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json +++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json @@ -3,10 +3,6 @@ "name": "User - Config - Deny Config Write", "descr": "If present, ignores requests from this user to write config.xml." }, - "user-services-captiveportal-login": { - "name": "User - Services - Captive portal login", - "descr": "Indicates whether the user is able to login on the captive portal." - }, "user-shell-access": { "name": "User - System - Shell account access", "descr": "Indicates whether the user is able to login for example via SSH." @@ -639,90 +635,6 @@ "wizard.php*" ] }, - "page-services-captiveportal": { - "name": "WebCfg - Services: Captive portal page", - "descr": "Allow access to the 'Services: Captive portal' page.", - "match": [ - "services_captiveportal.php*" - ] - }, - "page-services-captiveportal-allowedhostnames": { - "name": "WebCfg - Services: Captive portal: Allowed Hostnames page", - "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.", - "match": [ - "services_captiveportal_hostname.php*" - ] - }, - "page-services-captiveportal-allowedips": { - "name": "WebCfg - Services: Captive portal: Allowed IPs page", - "descr": "Allow access to the 'Services: Captive portal: Allowed IPs' page.", - "match": [ - "services_captiveportal_ip.php*" - ] - }, - "page-services-captiveportal-editallowedhostnames": { - "name": "WebCfg - Services: Captive portal: Edit Allowed Hostnames page", - "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.", - "match": [ - "services_captiveportal_hostname_edit.php*" - ] - }, - "page-services-captiveportal-editallowedips": { - "name": "WebCfg - Services: Captive portal: Edit Allowed IPs page", - "descr": "Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.", - "match": [ - "services_captiveportal_ip_edit.php*" - ] - }, - "page-services-captiveportal-editmacaddresses": { - "name": "WebCfg - Services: Captive portal: Edit MAC Addresses page", - "descr": "Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.", - "match": [ - "services_captiveportal_mac_edit.php*" - ] - }, - "page-services-captiveportal-voucher-edit": { - "name": "WebCfg - Services: Captive portal: Edit Voucher Rolls page", - "descr": "Allow access to the 'Services: Captive portal: Edit Voucher Rolls' page.", - "match": [ - "services_captiveportal_vouchers_edit.php*" - ] - }, - "page-services-captiveportal-editzones": { - "name": "WebCfg - Services: Captive portal: Edit Zones page", - "descr": "Allow access to the 'Services: Captive portal: Edit Zones' page.", - "match": [ - "services_captiveportal_zones_edit.php*" - ] - }, - "page-services-captiveportal-filemanager": { - "name": "WebCfg - Services: Captive portal: File Manager page", - "descr": "Allow access to the 'Services: Captive portal: File Manager' page.", - "match": [ - "services_captiveportal_filemanager.php*" - ] - }, - "page-services-captiveportal-macaddresses": { - "name": "WebCfg - Services: Captive portal: Mac Addresses page", - "descr": "Allow access to the 'Services: Captive portal: Mac Addresses' page.", - "match": [ - "services_captiveportal_mac.php*" - ] - }, - "page-services-captiveportal-vouchers": { - "name": "WebCfg - Services: Captive portal: Vouchers page", - "descr": "Allow access to the 'Services: Captive portal: Vouchers' page.", - "match": [ - "services_captiveportal_vouchers.php*" - ] - }, - "page-services-captiveportal-zones": { - "name": "WebCfg - Services: Captive portal: Zones page", - "descr": "Allow access to the 'Services: Captive portal: Zones' page.", - "match": [ - "services_captiveportal_zones.php*" - ] - }, "page-services-dhcprelay": { "name": "WebCfg - Services: DHCP Relay page", "descr": "Allow access to the 'Services: DHCP Relay' page.", @@ -975,41 +887,6 @@ "services_wol_edit.php*" ] }, - "page-status-captiveportal": { - "name": "WebCfg - Status: Captive portal page", - "descr": "Allow access to the 'Status: Captive portal' page.", - "match": [ - "status_captiveportal.php*" - ] - }, - "page-status-captiveportal-expire": { - "name": "WebCfg - Status: Captive portal: Expire Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Expire Vouchers' page.", - "match": [ - "status_captiveportal_expire.php*" - ] - }, - "page-status-captiveportal-test": { - "name": "WebCfg - Status: Captive portal: Test Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Test Vouchers' page.", - "match": [ - "status_captiveportal_test.php*" - ] - }, - "page-status-captiveportal-voucher-rolls": { - "name": "WebCfg - Status: Captive portal: Voucher Rolls page", - "descr": "Allow access to the 'Status: Captive portal: Voucher Rolls' page.", - "match": [ - "status_captiveportal_voucher_rolls.php*" - ] - }, - "page-status-captiveportal-vouchers": { - "name": "WebCfg - Status: Captive portal: Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Vouchers' page.", - "match": [ - "status_captiveportal_vouchers.php*" - ] - }, "page-status-carp": { "name": "WebCfg - Status: CARP page", "descr": "Allow access to the 'Status: CARP' page.", diff --git a/src/opnsense/mvc/script/test.php b/src/opnsense/mvc/script/test.php deleted file mode 100644 index 302ad0c0f..000000000 --- a/src/opnsense/mvc/script/test.php +++ /dev/null @@ -1,39 +0,0 @@ -list_accounting(); - -print_r($acc_list); - -//$cpc->portal_allow("test","10.211.55.101","00:1C:42:49:B7:B2","Fritsx"); - -//$cpc->disconnect("test",array("5489714eba263","gdsajhgadsjhg")); - -//$cpc->reconfigure(); -//$cpc->refresh_allowed_mac(); -//$cpc->refresh_allowed_ips(); - - -//$db = new Captiveportal\DB("test"); -//$db->remove_session("XXX"); -//$db->insert_session(100,1,"10.211.55.101","00:1C:42:49:B7:B2","frits","XXX","aksjdhaskjh", -// null,null, null,null, null); -// -//$clients = $db->listClients( array("sessionid" => "XXX") ); -// -//foreach($clients as $client ){ -// print($client->pipeno) ; -//} - -//$arp = new \Captiveportal\ARP(); -//$arp->setStatic("172.20.0.1",'00:1c:42:49:b7:b1'); -//$arp->dropStatic("172.20.0.1"); - -//$config = \Core\Core\Config::getInstance(); - -//$config->dump(); -//print_r($config->xpath('//opnsense/interfaces/*') ); - -//$rules= new \Core\Captiveportal\Rules(); diff --git a/src/sbin/captiveportal_gather_stats.php b/src/sbin/captiveportal_gather_stats.php deleted file mode 100644 index 6e5f062be..000000000 --- a/src/sbin/captiveportal_gather_stats.php +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/local/bin/php - $previous_user_timestamp) { - $current_user_count = $current_user_count + 1; - } - } - - // Write out the latest timestamp but not if it is empty - if (!empty($timestamp)) { - $fd = @fopen($tmpfile, "w"); - if ($fd) { - fwrite($fd, $timestamp); - } - @fclose($fd); - } - - /* If $timestamp is less than or equal to previous_user_timestamp return 0, - * as we only want the 'X' number of users logged in since last RRD poll. - */ - if ($timestamp <= $previous_user_timestamp) { - $result = 0; - } else { - $result = $current_user_count; - } -} elseif ($type == "concurrent") - $result = $no_users; - -echo "$result"; diff --git a/src/www/crash_reporter.php b/src/www/crash_reporter.php index 05f96383e..fd3317a15 100644 --- a/src/www/crash_reporter.php +++ b/src/www/crash_reporter.php @@ -29,7 +29,6 @@ */ require_once("guiconfig.inc"); -require_once("captiveportal.inc"); function upload_crash_report($files, $agent) { diff --git a/src/www/diag_authentication.php b/src/www/diag_authentication.php index 4e3090448..ce8062998 100644 --- a/src/www/diag_authentication.php +++ b/src/www/diag_authentication.php @@ -1,6 +1,7 @@ gettext("Aliases"), - "captiveportal" => gettext("Captive Portal"), - "voucher" => gettext("Captive Portal Vouchers"), "dnsmasq" => gettext("DNS Forwarder"), "dhcpd" => gettext("DHCP Server"), "dhcpdv6" => gettext("DHCPv6 Server"), @@ -445,15 +443,6 @@ if ($_POST) { $savemsg = gettext("The m0n0wall configuration has been restored and upgraded to OPNsense."); mark_subsystem_dirty("restore"); } - if(is_array($config['captiveportal'])) { - foreach($config['captiveportal'] as $cp) { - if (isset($cp['enable'])) { - /* for some reason ipfw doesn't init correctly except on bootup sequence */ - mark_subsystem_dirty("restore"); - break; - } - } - } setup_serial_port(); } else { $input_errors[] = gettext("The configuration could not be restored."); diff --git a/src/www/diag_logs_auth.php b/src/www/diag_logs_auth.php index 1ee0b5996..5c7de3510 100644 --- a/src/www/diag_logs_auth.php +++ b/src/www/diag_logs_auth.php @@ -45,7 +45,6 @@ if ($_POST['clear']) { } $pgtitle = array(gettext("Status"),gettext("System logs"),gettext("Portal Auth")); -$shortcut_section = "captiveportal"; include("head.inc"); ?> diff --git a/src/www/fbegin.inc b/src/www/fbegin.inc index 697ea8a75..280e07370 100644 --- a/src/www/fbegin.inc +++ b/src/www/fbegin.inc @@ -38,15 +38,6 @@ function find_service_by_name($name) { return array(); } -function find_service_by_cp_zone($zone) { - $services = get_services(); - foreach ($services as $service) - if (($service["name"] == "captiveportal") && isset($service["zone"]) && ($service["zone"] == $zone)) - return $service; - return array(); -} - - /* Determine automated help URL. Should output the page name and parameters separately */ $uri_split = ""; @@ -243,9 +234,6 @@ if($need_alert_display == true) { case "openvpn": $ssvc = find_service_by_openvpn_vpnid($vpnid); break; - case "captiveportal": - $ssvc = find_service_by_cp_zone($cpzone); - break; default: $ssvc = find_service_by_name($shortcuts[$shortcut_section]['service']); diff --git a/src/www/interfaces.php b/src/www/interfaces.php index 5bfb919b8..9ae885540 100644 --- a/src/www/interfaces.php +++ b/src/www/interfaces.php @@ -33,7 +33,6 @@ require_once("guiconfig.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("filter.inc"); require_once("rrd.inc"); require_once("vpn.inc"); diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php index 37ada3d8d..3c110d65f 100644 --- a/src/www/interfaces_assign.php +++ b/src/www/interfaces_assign.php @@ -33,7 +33,6 @@ $pgtitle = array(gettext("Interfaces"),gettext("Assign network ports")); require_once("guiconfig.inc"); require_once("filter.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("interfaces.inc"); diff --git a/src/www/reboot.php b/src/www/reboot.php index c2e9678c4..6809e9029 100644 --- a/src/www/reboot.php +++ b/src/www/reboot.php @@ -1,4 +1,5 @@ . @@ -27,7 +28,6 @@ */ require_once("guiconfig.inc"); -require_once("captiveportal.inc"); require_once("system.inc"); $pgtitle = array(gettext("Diagnostics"),gettext("Reboot System")); diff --git a/src/www/services_captiveportal.php b/src/www/services_captiveportal.php deleted file mode 100644 index 800631722..000000000 --- a/src/www/services_captiveportal.php +++ /dev/null @@ -1,1081 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("interfaces.inc"); -require_once("captiveportal.inc"); -require_once("filter.inc"); -require_once("services.inc"); -require_once("system.inc"); - -if (substr($_GET['act'], 0, 3) == "get") - $nocsrf = true; - - -global $cpzone; -global $cpzoneid; - -$cpzoneid = 1; /* Just a default */ -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_GET['act'] == "viewhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) - echo base64_decode($a_cp[$cpzone]['page']['htmltext']); - exit; -} else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=portal.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { - unset($a_cp[$cpzone]['page']['htmltext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default portal page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} else if ($_GET['act'] == "viewerrhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) - echo base64_decode($a_cp[$cpzone]['page']['errtext']); - exit; -} else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['errtext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=err.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { - unset($a_cp[$cpzone]['page']['errtext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default error page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} else if ($_GET['act'] == "viewlogouthtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) - echo base64_decode($a_cp[$cpzone]['page']['logouttext']); - exit; -} else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=logout.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { - unset($a_cp[$cpzone]['page']['logouttext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default logout page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} - -if (!is_array($config['ca'])) - $config['ca'] = array(); - -$a_ca =& $config['ca']; - -if (!is_array($config['cert'])) - $config['cert'] = array(); - -$a_cert =& $config['cert']; - -if ($a_cp[$cpzone]) { - $cpzoneid = $pconfig['zoneid'] = $a_cp[$cpzone]['zoneid']; - $pconfig['cinterface'] = $a_cp[$cpzone]['interface']; - $pconfig['maxproc'] = $a_cp[$cpzone]['maxproc']; - $pconfig['maxprocperip'] = $a_cp[$cpzone]['maxprocperip']; - $pconfig['timeout'] = $a_cp[$cpzone]['timeout']; - $pconfig['idletimeout'] = $a_cp[$cpzone]['idletimeout']; - $pconfig['freelogins_count'] = $a_cp[$cpzone]['freelogins_count']; - $pconfig['freelogins_resettimeout'] = $a_cp[$cpzone]['freelogins_resettimeout']; - $pconfig['freelogins_updatetimeouts'] = isset($a_cp[$cpzone]['freelogins_updatetimeouts']); - $pconfig['enable'] = isset($a_cp[$cpzone]['enable']); - $pconfig['auth_method'] = $a_cp[$cpzone]['auth_method']; - $pconfig['localauth_priv'] = isset($a_cp[$cpzone]['localauth_priv']); - $pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']); - $pconfig['radmac_enable'] = isset($a_cp[$cpzone]['radmac_enable']); - $pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret']; - $pconfig['reauthenticate'] = isset($a_cp[$cpzone]['reauthenticate']); - $pconfig['reauthenticateacct'] = $a_cp[$cpzone]['reauthenticateacct']; - $pconfig['httpslogin_enable'] = isset($a_cp[$cpzone]['httpslogin']); - $pconfig['httpsname'] = $a_cp[$cpzone]['httpsname']; - $pconfig['preauthurl'] = strtolower($a_cp[$cpzone]['preauthurl']); - $pconfig['blockedmacsurl'] = strtolower($a_cp[$cpzone]['blockedmacsurl']); - $pconfig['certref'] = $a_cp[$cpzone]['certref']; - $pconfig['nohttpsforwards'] = isset($a_cp[$cpzone]['nohttpsforwards']); - $pconfig['logoutwin_enable'] = isset($a_cp[$cpzone]['logoutwin_enable']); - $pconfig['peruserbw'] = isset($a_cp[$cpzone]['peruserbw']); - $pconfig['bwdefaultdn'] = $a_cp[$cpzone]['bwdefaultdn']; - $pconfig['bwdefaultup'] = $a_cp[$cpzone]['bwdefaultup']; - $pconfig['nomacfilter'] = isset($a_cp[$cpzone]['nomacfilter']); - $pconfig['noconcurrentlogins'] = isset($a_cp[$cpzone]['noconcurrentlogins']); - $pconfig['radius_protocol'] = $a_cp[$cpzone]['radius_protocol']; - $pconfig['redirurl'] = $a_cp[$cpzone]['redirurl']; - $pconfig['radiusip'] = $a_cp[$cpzone]['radiusip']; - $pconfig['radiusip2'] = $a_cp[$cpzone]['radiusip2']; - $pconfig['radiusip3'] = $a_cp[$cpzone]['radiusip3']; - $pconfig['radiusip4'] = $a_cp[$cpzone]['radiusip4']; - $pconfig['radiusport'] = $a_cp[$cpzone]['radiusport']; - $pconfig['radiusport2'] = $a_cp[$cpzone]['radiusport2']; - $pconfig['radiusport3'] = $a_cp[$cpzone]['radiusport3']; - $pconfig['radiusport4'] = $a_cp[$cpzone]['radiusport4']; - $pconfig['radiusacctport'] = $a_cp[$cpzone]['radiusacctport']; - $pconfig['radiuskey'] = $a_cp[$cpzone]['radiuskey']; - $pconfig['radiuskey2'] = $a_cp[$cpzone]['radiuskey2']; - $pconfig['radiuskey3'] = $a_cp[$cpzone]['radiuskey3']; - $pconfig['radiuskey4'] = $a_cp[$cpzone]['radiuskey4']; - $pconfig['radiusvendor'] = $a_cp[$cpzone]['radiusvendor']; - $pconfig['radiussession_timeout'] = isset($a_cp[$cpzone]['radiussession_timeout']); - $pconfig['radiussrcip_attribute'] = $a_cp[$cpzone]['radiussrcip_attribute']; - $pconfig['passthrumacadd'] = isset($a_cp[$cpzone]['passthrumacadd']); - $pconfig['passthrumacaddusername'] = isset($a_cp[$cpzone]['passthrumacaddusername']); - $pconfig['radmac_format'] = $a_cp[$cpzone]['radmac_format']; - $pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']); - $pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid']; - $pconfig['page'] = array(); - if ($a_cp[$cpzone]['page']['htmltext']) - $pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext']; - if ($a_cp[$cpzone]['page']['errtext']) - $pconfig['page']['errtext'] = $a_cp[$cpzone]['page']['errtext']; - if ($a_cp[$cpzone]['page']['logouttext']) - $pconfig['page']['logouttext'] = $a_cp[$cpzone]['page']['logouttext']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable']) { - $reqdfields = explode(" ", "zone cinterface"); - $reqdfieldsn = array(gettext("Zone name"), gettext("Interface")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - /* make sure no interfaces are bridged or used on other zones */ - if (is_array($_POST['cinterface'])) { - foreach ($pconfig['cinterface'] as $cpbrif) { - if (link_interface_to_bridge($cpbrif)) - $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif); - foreach ($a_cp as $cpkey => $cp) { - if ($cpkey != $cpzone || empty($cpzone)) { - if (in_array($cpbrif, explode(",", $cp['interface']))) - $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is used already on %s instance."), $cpbrif, $cp['zone']); - } - } - } - } - - if ($_POST['httpslogin_enable']) { - if (!$_POST['certref']) { - $input_errors[] = gettext("Certificate must be specified for HTTPS login."); - } - if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { - $input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login."); - } - } - } - - if ($_POST['timeout']) { - if (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1)) - $input_errors[] = gettext("The timeout must be at least 1 minute."); - else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) { - foreach ($config['dhcpd'] as $dhcpd_if => $dhcpd_data) { - if (!isset($dhcpd_data['enable'])) - continue; - if (!is_array($_POST['cinterface']) || !in_array($dhcpd_if, $_POST['cinterface'])) - continue; - - $deftime = 7200; // Default lease time - if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime'])) - $deftime = $dhcpd_data['defaultleasetime']; - - if ($_POST['timeout'] > $deftime) - $input_errors[] = gettext("Hard timeout must be less or equal Default lease time set on DHCP Server"); - } - } - } - if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { - $input_errors[] = gettext("The idle timeout must be at least 1 minute."); - } - if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) { - $input_errors[] = gettext("The pass-through credit count must be a number or left blank."); - } else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) { - if (empty($_POST['freelogins_resettimeout']) || !is_numeric($_POST['freelogins_resettimeout']) || ($_POST['freelogins_resettimeout'] <= 0)) { - $input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours."); - } - } - if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']); - } - if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']); - } - if (($_POST['radiusip3'] && !is_ipaddr($_POST['radiusip3']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip3']); - } - if (($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']); - } - if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']); - } - if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']); - } - if (($_POST['radiusport3'] && !is_port($_POST['radiusport3']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']); - } - if (($_POST['radiusport4'] && !is_port($_POST['radiusport4']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']); - } - if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']); - } - if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { - $input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum."); - } - if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[\x21-\x7e]{3,253}$/i", trim($_POST['radiusnasid']))) { - $input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters."); - } - - if (!$input_errors) { - $newcp =& $a_cp[$cpzone]; - //$newcp['zoneid'] = $a_cp[$cpzone]['zoneid']; - if (empty($newcp['zoneid'])) { - $newcp['zoneid'] = 2; - foreach ($a_cp as $keycpzone => $cp) { - if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) - $newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */ - } - $cpzoneid = $newcp['zoneid']; - } - $oldifaces = explode(",", $newcp['interface']); - if (is_array($_POST['cinterface'])) - $newcp['interface'] = implode(",", $_POST['cinterface']); - $newcp['maxproc'] = $_POST['maxproc']; - $newcp['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; - $newcp['timeout'] = $_POST['timeout']; - $newcp['idletimeout'] = $_POST['idletimeout']; - $newcp['freelogins_count'] = $_POST['freelogins_count']; - $newcp['freelogins_resettimeout'] = $_POST['freelogins_resettimeout']; - $newcp['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false; - if ($_POST['enable']) - $newcp['enable'] = true; - else - unset($newcp['enable']); - $newcp['auth_method'] = $_POST['auth_method']; - $newcp['localauth_priv'] = isset($_POST['localauth_priv']); - $newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false; - $newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false; - $newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false; - $newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; - $newcp['reauthenticateacct'] = $_POST['reauthenticateacct']; - if ($_POST['httpslogin_enable']) - $newcp['httpslogin'] = true; - else - unset($newcp['httpslogin']); - $newcp['httpsname'] = $_POST['httpsname']; - $newcp['preauthurl'] = $_POST['preauthurl']; - $newcp['blockedmacsurl'] = $_POST['blockedmacsurl']; - $newcp['peruserbw'] = $_POST['peruserbw'] ? true : false; - $newcp['bwdefaultdn'] = $_POST['bwdefaultdn']; - $newcp['bwdefaultup'] = $_POST['bwdefaultup']; - $newcp['certref'] = $_POST['certref']; - $newcp['nohttpsforwards'] = $_POST['nohttpsforwards'] ? true : false; - $newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; - $newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false; - $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; - $newcp['radius_protocol'] = $_POST['radius_protocol']; - $newcp['redirurl'] = $_POST['redirurl']; - if (isset($_POST['radiusip'])) - $newcp['radiusip'] = $_POST['radiusip']; - else - unset($newcp['radiusip']); - if (isset($_POST['radiusip2'])) - $newcp['radiusip2'] = $_POST['radiusip2']; - else - unset($newcp['radiusip2']); - if (isset($_POST['radiusip3'])) - $newcp['radiusip3'] = $_POST['radiusip3']; - else - unset($newcp['radiusip3']); - if (isset($_POST['radiusip4'])) - $newcp['radiusip4'] = $_POST['radiusip4']; - else - unset($newcp['radiusip4']); - $newcp['radiusport'] = $_POST['radiusport']; - $newcp['radiusport2'] = $_POST['radiusport2']; - if (isset($_POST['radiusport3'])) - $newcp['radiusport3'] = $_POST['radiusport3']; - if (isset($_POST['radiusport4'])) - $newcp['radiusport4'] = $_POST['radiusport4']; - $newcp['radiusacctport'] = $_POST['radiusacctport']; - $newcp['radiuskey'] = $_POST['radiuskey']; - $newcp['radiuskey2'] = $_POST['radiuskey2']; - $newcp['radiuskey3'] = $_POST['radiuskey3']; - $newcp['radiuskey4'] = $_POST['radiuskey4']; - $newcp['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; - $newcp['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; - $newcp['radiussrcip_attribute'] = $_POST['radiussrcip_attribute']; - $newcp['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false; - $newcp['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; - $newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; - $newcp['reverseacct'] = $_POST['reverseacct'] ? true : false; - $newcp['radiusnasid'] = trim($_POST['radiusnasid']); - if (!is_array($newcp['page'])) - $newcp['page'] = array(); - - /* file upload? */ - if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) - $newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); - if (is_uploaded_file($_FILES['errfile']['tmp_name'])) - $newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); - if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) - $newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name'])); - - write_config(); - captiveportal_configure(); - unset($newcp); - filter_configure(); - header("Location: services_captiveportal_zones.php"); - exit; - } else { - if (is_array($_POST['cinterface'])) - $pconfig['cinterface'] = implode(",", $_POST['cinterface']); - } -} -$closehead = false; -include("head.inc"); -?> - - - - - - -
-
-
- - - 0) print_input_errors($input_errors); ?> - - -
- - - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - onclick="enable_change(false)" /> -
-
-
- - - - -
-
- -
-
- -
-
- /> -
-
-
- -
- -
-
- /> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
/> -
/> - /
  
  /> -
/> -
  
- - - - - - - - - - - - - - - - -
/> -
/> -
/> -
/> -
  
-
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Primary Authentication Source

-

-
  
-

-
  
Secondary Authentication Source

-
  

-
  
  /> -
-

-
- />
- />
- /> -
/> -
-
- />
-
-
- -
/>
-

-
/>
-

-
-
- -
- 00:11:22:33:44:55
- 001122-334455
- 00-11-22-33-44-55
- 0011.2233.4455
- 001122334455 -
-
- /> -
-
-
-
- - - -
Create one under System: Certificates. - -
- /> -
-
-
- - - -
- -
- - - -
-
- - -
-
- <form method="post" action="$PORTAL_ACTION$">
-    <input name="auth_user" type="text">
-    <input name="auth_pass" type="password">
-    <input name="auth_voucher" type="text">
-    <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
-    <input name="accept" type="submit" value="Continue">
- </form>

-
- 		-
- - -
- -
- - - -
-
- - "$PORTAL_MESSAGE$",

-
- 		-
- - -
- -
- - - -
-
- -
  - "; ?> - " onclick="enable_change(true)" /> - " onclick="enable_change(true)" /> -
 
-
-
-
-
-
-
-
-
-
- - - diff --git a/src/www/services_captiveportal_filemanager.php b/src/www/services_captiveportal_filemanager.php deleted file mode 100644 index c35b10d7d..000000000 --- a/src/www/services_captiveportal_filemanager.php +++ /dev/null @@ -1,261 +0,0 @@ - $captiveportal_element_sizelimit) { - $input_errors[] = gettext("The total size of all files uploaded may not exceed ") . - format_bytes($captiveportal_element_sizelimit) . "."; - } - - if (!$input_errors) { - $element = array(); - $element['name'] = $name; - $element['size'] = $size; - $element['content'] = base64_encode(file_get_contents($_FILES['new']['tmp_name'])); - - $a_element[] = $element; - cpelements_sort(); - - write_config(); - captiveportal_write_elements(); - header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); - exit; - } - } -} elseif (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) { - @unlink("/var/db/cpelements/" . $a_element[$_GET['id']]['name']); - @unlink("/usr/local/captiveportal/" . $a_element[$_GET['id']]['name']); - unset($a_element[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); - exit; -} - -include("head.inc"); - -$main_buttons = array( - array('label'=>gettext('add file'), 'href'=>'services_captiveportal_filemanager.php?zone='.$cpzone.'&act=add'), -); - - -?> - - - - - -
-
-
- - 0) { - print_input_errors($input_errors); -} ?> - -
- - - -
- -
- -
- - - - -
- - - - - - - - - -
Upload file
" /> - Cancel - -
-
-
- - - - - -
- - - - - - - - - - - - - - - 0) : -?> - - - - - - - -
- -
- ')"> - "> -
-
- - -
- -

- <img src="captiveportal-test.jpg" width=... height=...> -

- -

- <a href="/captiveportal-aup.php?zone=$PORTAL_ZONE$&redirurl=$PORTAL_REDIRURL$"></a> -

- - -
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_GET['act'] == "del") { - $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; - if ($a_allowedips[$_GET['id']]) { - $ipent = $a_allowedips[$_GET['id']]; - unset($a_allowedips[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_ip.php?zone={$cpzone}"); - exit; - } -} - - -include("head.inc"); - -$main_buttons = array( - array('label'=>'Add IP address', 'href'=>'services_captiveportal_ip_edit.php?zone='.$cpzone), -); - - -?> - - - - - -
-
-
- - - -
- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - -
- -
- "; - } - if ($ip['dir'] == "both") { - echo " "; - } - echo strtolower($ip['ip']); - if ($ip['sn'] != "32" && is_numeric($ip['sn'])) { - $sn = $ip['sn']; - echo "/$sn"; - } - if ($ip['dir'] == "from") { - echo " any"; - } - - ?> - -   - - ')" class="btn btn-default btn-xs">

-
- -

- 		 
-
-
-
-
-
-
-
-
- - - Copyright (C) 2004 Dinesh Nair - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -function allowedipscmp($a, $b) -{ - return strcmp($a['ip'], $b['ip']); -} - -function allowedips_sort() -{ - global $g, $config, $cpzone; - - usort($config['captiveportal'][$cpzone]['allowedip'], "allowedipscmp"); -} - -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit allowed IP address")); -$shortcut_section = "captiveportal"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) { - $config['captiveportal'][$cpzone]['allowedip'] = array(); -} -$a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; - -if (isset($id) && $a_allowedips[$id]) { - $pconfig['ip'] = $a_allowedips[$id]['ip']; - $pconfig['sn'] = $a_allowedips[$id]['sn']; - $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; - $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; - $pconfig['descr'] = $a_allowedips[$id]['descr']; -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "ip sn"); - $reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']); - } - - if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32))) { - $input_errors[] = gettext("A valid subnet mask must be specified"); - } - - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { - $input_errors[] = gettext("Upload speed needs to be an integer"); - } - - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { - $input_errors[] = gettext("Download speed needs to be an integer"); - } - - foreach ($a_allowedips as $ipent) { - if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) { - continue; - } - - if ($ipent['ip'] == $_POST['ip']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['ip'], gettext("already allowed")) ; - break ; - } - } - - if (!$input_errors) { - $ip = array(); - $ip['ip'] = $_POST['ip']; - $ip['sn'] = $_POST['sn']; - $ip['descr'] = $_POST['descr']; - if ($_POST['bw_up']) { - $ip['bw_up'] = $_POST['bw_up']; - } - if ($_POST['bw_down']) { - $ip['bw_down'] = $_POST['bw_down']; - } - if (isset($id) && $a_allowedips[$id]) { - $oldip = $a_allowedips[$id]['ip']; - if (!empty($a_allowedips[$id]['sn'])) { - $oldmask = $a_allowedips[$id]['sn']; - } else { - $oldmask = 32; - } - $a_allowedips[$id] = $ip; - } else { - $a_allowedips[] = $ip; - } - allowedips_sort(); - - write_config(); - - if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) { - $rules = ""; - $cpzoneid = $a_cp[$cpzone]['zoneid']; - unset($ipfw); - captiveportal_allowedip_configure_entry($ip); - $uniqid = uniqid("{$cpzone}_allowed"); - } - - header("Location: services_captiveportal_ip.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); - -?> - - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
- -
- -
- - - - - - - - - - - - - - - - - -
- - / -
- . -
- -
. -
  - " /> - - - - -
-
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -global $cpzone; -global $cpzoneid; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_POST) { - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - - $rules = captiveportal_passthrumac_configure(); - $savemsg = get_std_save_message(); - if ($retval == 0) { - clear_subsystem_dirty('passthrumac'); - } - } - - if ($_POST['postafterlogin']) { - if (!is_array($a_passthrumacs)) { - echo gettext("No entry exists yet!") ."\n"; - exit; - } - if (empty($_POST['zone'])) { - echo gettext("Please set the zone on which the operation should be allowed"); - exit; - } - if (!is_array($a_cp[$cpzone]['passthrumac'])) { - $a_cp[$cpzone]['passthrumac'] = array(); - } - $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; - - if ($_POST['username']) { - $mac = captiveportal_passthrumac_findbyname($_POST['username']); - if (!empty($mac)) { - $_POST['delmac'] = $mac['mac']; - } else { - echo gettext("No entry exists for this username:") . " " . $_POST['username'] . "\n"; - } - } - if ($_POST['delmac']) { - $found = false; - foreach ($a_passthrumacs as $idx => $macent) { - if ($macent['mac'] == $_POST['delmac']) { - $found = true; - break; - } - } - if ($found == true) { - $cpzoneid = $a_cp[$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($a_passthrumacs[$idx]); - unset($a_passthrumacs[$idx]); - write_config(); - echo gettext("The entry was sucessfully deleted") . "\n"; - } else { - echo gettext("No entry exists for this mac address:") . " " . $_POST['delmac'] . "\n"; - } - } - exit; - } -} - -if ($_GET['act'] == "del") { - $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; - if ($a_passthrumacs[$_GET['id']]) { - $cpzoneid = $a_cp[$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($a_passthrumacs[$_GET['id']]); - unset($a_passthrumacs[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_mac.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); - -$main_buttons = array( - array('label'=>gettext("add host"), 'href'=>'services_captiveportal_mac_edit.php?zone='.$cpzone), -); -?> - - - - -
-
-
- - -

- You must apply the changes in order for them to take effect."));?>
- - -

- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - - - -
- icon - - - -   - - -   - ')" class="btn btn-default btn-xs"> -
- -
- - - 		 
-
-
-
-
-
- -
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -function passthrumacscmp($a, $b) -{ - return strcmp($a['mac'], $b['mac']); -} - -function passthrumacs_sort() -{ - global $config, $cpzone; - - usort($config['captiveportal'][$cpzone]['passthrumac'], "passthrumacscmp"); -} - -global $cpzone; -global $cpzoneid; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit MAC address rules")); -$shortcut_section = "captiveportal"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (!is_array($a_cp[$cpzone]['passthrumac'])) { - $a_cp[$cpzone]['passthrumac'] = array(); -} -$a_passthrumacs = &$a_cp[$cpzone]['passthrumac']; - -if (isset($id) && $a_passthrumacs[$id]) { - $pconfig['action'] = $a_passthrumacs[$id]['action']; - $pconfig['mac'] = $a_passthrumacs[$id]['mac']; - $pconfig['bw_up'] = $a_passthrumacs[$id]['bw_up']; - $pconfig['bw_down'] = $a_passthrumacs[$id]['bw_down']; - $pconfig['descr'] = $a_passthrumacs[$id]['descr']; - $pconfig['username'] = $a_passthrumacs[$id]['username']; -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "action mac"); - $reqdfieldsn = array(gettext("Action"), gettext("MAC address")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); - - if ($_POST['mac']) { - if (is_macaddr($_POST['mac'])) { - $iflist = get_interface_list(); - foreach ($iflist as $if) { - if ($_POST['mac'] == strtolower($if['mac'])) { - $input_errors[] = sprintf(gettext("The MAC address %s belongs to a local interface, you cannot use it here."), $_POST['mac']); - break; - } - } - } else { - $input_errors[] = sprintf("%s. [%s]", gettext("A valid MAC address must be specified"), $_POST['mac']); - } - } - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { - $input_errors[] = gettext("Upload speed needs to be an integer"); - } - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { - $input_errors[] = gettext("Download speed needs to be an integer"); - } - - foreach ($a_passthrumacs as $macent) { - if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent)) { - continue; - } - - if ($macent['mac'] == $_POST['mac']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['mac'], gettext("already exists")); - break; - } - } - - if (!$input_errors) { - $mac = array(); - $mac['action'] = $_POST['action']; - $mac['mac'] = $_POST['mac']; - if ($_POST['bw_up']) { - $mac['bw_up'] = $_POST['bw_up']; - } - if ($_POST['bw_down']) { - $mac['bw_down'] = $_POST['bw_down']; - } - if ($_POST['username']) { - $mac['username'] = $_POST['username']; - } - - $mac['descr'] = $_POST['descr']; - - if (isset($id) && $a_passthrumacs[$id]) { - $oldmac = $a_passthrumacs[$id]; - $a_passthrumacs[$id] = $mac; - } else { - $oldmac = $mac; - $a_passthrumacs[] = $mac; - } - passthrumacs_sort(); - - write_config(); - - if (isset($config['captiveportal'][$cpzone]['enable'])) { - $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($oldmac); - captiveportal_passthrumac_configure_entry($mac); - unset($cpzoneid); - } - - header("Location: services_captiveportal_mac.php?zone={$cpzone}"); - exit; - } -} -include("head.inc"); -?> - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - -
- -
- . -
- - - -
-
- -
- . -
  - " /> - - - - - - - -
-
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -if ($_POST['postafterlogin']) { - $nocsrf = true; -} - -require_once('guiconfig.inc'); -require_once('interfaces.inc'); -require_once('captiveportal.inc'); -require_once("services.inc"); -require_once("pfsense-utils.inc"); - -function voucher_unlink_db($roll) -{ - global $cpzone; - - @unlink("/var/db/voucher_{$cpzone}_used_{$roll}.db"); - @unlink("/var/db/voucher_{$cpzone}_active_{$roll}.db"); -} - - -$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_captiveportal_vouchers.php'); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -function generatekey($exponent) -{ - $ret = array(); - - /* generate a random 64 bit RSA key pair using the voucher binary */ - $fd = popen(sprintf('/usr/local/bin/voucher -g 64 -e %s', $exponent), 'r'); - if ($fd !== false) { - $output = fread($fd, 16384); - pclose($fd); - list($privkey, $pubkey) = explode("\0", $output); - $ret['priv'] = $privkey; - $ret['pub'] = $pubkey; - } - - return $ret; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (!is_array($config['voucher'])) { - $config['voucher'] = array(); -} - -if (empty($a_cp[$cpzone])) { - log_error("Submission on captiveportal page with unknown zone parameter: " . htmlspecialchars($cpzone)); - header("Location: services_captiveportal_zones.php"); - exit; -} - - -$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -if (!isset($config['voucher'][$cpzone]['charset'])) { - $config['voucher'][$cpzone]['charset'] = '2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'; -} -if (!isset($config['voucher'][$cpzone]['rollbits'])) { - $config['voucher'][$cpzone]['rollbits'] = 16; -} -if (!isset($config['voucher'][$cpzone]['ticketbits'])) { - $config['voucher'][$cpzone]['ticketbits'] = 10; -} -if (!isset($config['voucher'][$cpzone]['checksumbits'])) { - $config['voucher'][$cpzone]['checksumbits'] = 5; -} -if (!isset($config['voucher'][$cpzone]['magic'])) { - $config['voucher'][$cpzone]['magic'] = rand(); // anything slightly random will do -}if (!isset($config['voucher'][$cpzone]['exponent'])) { - while (true) { - while (($exponent = rand()) % 30000 < 5000) { - continue; - } - $exponent = ($exponent * 2) + 1; // Make it odd number - if ($exponent <= 65537) { - break; - } - } - $config['voucher'][$cpzone]['exponent'] = $exponent; - unset($exponent); -} - -if ($_REQUEST['generatekey']) { - $key = generatekey($config['voucher'][$cpzone]['exponent']); - - $alertmessage = gettext( - 'You will need to recreate any existing Voucher Rolls due ' . - 'to the public and private key changes. Click cancel if you ' . - 'do not wish to recreate the vouchers.' - ); - - echo json_encode(array( - 'alertmessage' => $alertmessage, - 'privatekey' => $key['priv'], - 'publickey' => $key['pub'], - )); - - exit; -} - -if (!isset($config['voucher'][$cpzone]['publickey'])) { - $key = generatekey($config['voucher'][$cpzone]['exponent']); - $config['voucher'][$cpzone]['publickey'] = base64_encode($key['pub']); - $config['voucher'][$cpzone]['privatekey'] = base64_encode($key['priv']); -} - -// Check for invalid or expired vouchers -if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) { - $config['voucher'][$cpzone]['descrmsgnoaccess'] = gettext("Voucher invalid"); -} -if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) { - $config['voucher'][$cpzone]['descrmsgexpired'] = gettext("Voucher expired"); -} - -$a_roll = &$config['voucher'][$cpzone]['roll']; - -if ($_GET['act'] == "del") { - $id = $_GET['id']; - if ($a_roll[$id]) { - $roll = $a_roll[$id]['number']; - $voucherlck = lock("voucher{$cpzone}"); - unset($a_roll[$id]); - voucher_unlink_db($roll); - unlock($voucherlck); - write_config(); - } - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; -} /* print all vouchers of the selected roll */ -elseif ($_GET['act'] == "csv") { - $privkey = base64_decode($config['voucher'][$cpzone]['privatekey']); - if (strstr($privkey, "BEGIN RSA PRIVATE KEY")) { - $fd = fopen("/var/etc/voucher_{$cpzone}.private", "w"); - if (!$fd) { - $input_errors[] = gettext("Cannot write private key file") . ".\n"; - } else { - chmod("/var/etc/voucher_{$cpzone}.private", 0600); - fwrite($fd, $privkey); - fclose($fd); - $a_voucher = &$config['voucher'][$cpzone]['roll']; - $id = $_GET['id']; - if (isset($id) && $a_voucher[$id]) { - $number = $a_voucher[$id]['number']; - $count = $a_voucher[$id]['count']; - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename=vouchers_{$cpzone}_roll{$number}.csv"); - if (file_exists("/var/etc/voucher_{$cpzone}.cfg")) { - system("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -p /var/etc/voucher_{$cpzone}.private $number $count"); - } - @unlink("/var/etc/voucher_{$cpzone}.private"); - } else { - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - } - exit; - } - } else { - $input_errors[] = gettext("Need private RSA key to print vouchers") . "\n"; - } -} - -$pconfig['enable'] = isset($config['voucher'][$cpzone]['enable']); -$pconfig['charset'] = $config['voucher'][$cpzone]['charset']; -$pconfig['rollbits'] = $config['voucher'][$cpzone]['rollbits']; -$pconfig['ticketbits'] = $config['voucher'][$cpzone]['ticketbits']; -$pconfig['checksumbits'] = $config['voucher'][$cpzone]['checksumbits']; -$pconfig['magic'] = $config['voucher'][$cpzone]['magic']; -$pconfig['exponent'] = $config['voucher'][$cpzone]['exponent']; -$pconfig['publickey'] = base64_decode($config['voucher'][$cpzone]['publickey']); -$pconfig['privatekey'] = base64_decode($config['voucher'][$cpzone]['privatekey']); -$pconfig['msgnoaccess'] = $config['voucher'][$cpzone]['descrmsgnoaccess']; -$pconfig['msgexpired'] = $config['voucher'][$cpzone]['descrmsgexpired']; - -if ($_POST) { - unset($input_errors); - - if ($_POST['postafterlogin']) { - voucher_expire($_POST['voucher_expire']); - exit; - } - - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable'] == "yes") { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - } - - // Check for form errors - if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) { - $input_errors[] = gettext("Need at least 2 characters to create vouchers."); - } - if ($_POST['charset'] && (strpos($_POST['charset'], "\"")>0)) { - $input_errors[] = gettext("Double quotes aren't allowed."); - } - if ($_POST['charset'] && (strpos($_POST['charset'], ",")>0)) { - $input_errors[] = "',' " . gettext("aren't allowed."); - } - if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) { - $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); - } - if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) { - $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); - } - if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) { - $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - } - if ($_POST['publickey'] && (!strstr($_POST['publickey'], "BEGIN PUBLIC KEY"))) { - $input_errors[] = gettext("This doesn't look like an RSA Public key."); - } - if ($_POST['privatekey'] && (!strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY"))) { - $input_errors[] = gettext("This doesn't look like an RSA Private key."); - } - if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) { - $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); - } - - if (!$input_errors) { - if (empty($config['voucher'][$cpzone])) { - $newvoucher = array(); - } else { - $newvoucher = $config['voucher'][$cpzone]; - } - if ($_POST['enable'] == "yes") { - $newvoucher['enable'] = true; - } else { - unset($newvoucher['enable']); - } - - $newvoucher['charset'] = $_POST['charset']; - $newvoucher['rollbits'] = $_POST['rollbits']; - $newvoucher['ticketbits'] = $_POST['ticketbits']; - $newvoucher['checksumbits'] = $_POST['checksumbits']; - $newvoucher['magic'] = $_POST['magic']; - $newvoucher['exponent'] = $_POST['exponent']; - $newvoucher['publickey'] = base64_encode($_POST['publickey']); - $newvoucher['privatekey'] = base64_encode($_POST['privatekey']); - $newvoucher['descrmsgnoaccess'] = $_POST['msgnoaccess']; - $newvoucher['descrmsgexpired'] = $_POST['msgexpired']; - $config['voucher'][$cpzone] = $newvoucher; - write_config(); - voucher_configure_zone(); - - if (!$input_errors) { - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; - } - } -} -$closehead = false; -include("head.inc"); - -if ($pconfig['enable']) { - $main_buttons = array( - array('label'=>gettext("add voucher"), 'href'=>'services_captiveportal_vouchers_edit.php?zone='.$cpzone), - ); -} - -?> - - - - - - - -
-
-
- - 0) { - print_input_errors($input_errors); -} ?> - - -
- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - onclick="enable_change(false)" /> - -
- - - - - - - - - - - - - - - - - - - - -
##
-   - -   - -   - -   - - -
- - - - - -
- - - -
- .
- -
- .
- -
- -
# - -
- -
# - -
- -
# - -
- -
- -
- -
- -
($PORTAL_MESSAGE$). -
- -
($PORTAL_MESSAGE$). -
  -   -
  - - - " onclick="enable_change(true); before_save();" /> - " onclick="window.location.href=''" /> -

-
- -
- -

-
-
-
-
-
-
-
-
-
- - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit Voucher Rolls")); -$shortcut_section = "captiveportal-vouchers"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (!is_array($config['voucher'])) { - $config['voucher'] = array(); -} - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = &$config['voucher'][$cpzone]['roll']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_roll[$id]) { - $pconfig['zone'] = $a_roll[$id]['zone']; - $pconfig['number'] = $a_roll[$id]['number']; - $pconfig['count'] = $a_roll[$id]['count']; - $pconfig['minutes'] = $a_roll[$id]['minutes']; - $pconfig['descr'] = $a_roll[$id]['descr']; -} - -$maxnumber = (1<<$config['voucher'][$cpzone]['rollbits']) -1; // Highest Roll# -$maxcount = (1<<$config['voucher'][$cpzone]['ticketbits']) -1; // Highest Ticket# - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "number count minutes"); - $reqdfieldsn = array(gettext("Number"),gettext("Count"),gettext("minutes")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - // Look for duplicate roll # - foreach ($a_roll as $re) { - if ($re['number'] == $_POST['number']) { - $input_errors[] = sprintf(gettext("Roll number %s already exists."), $_POST['number']); - break; - } - } - - if (!is_numeric($_POST['number']) || $_POST['number'] >= $maxnumber) { - $input_errors[] = sprintf(gettext("Roll number must be numeric and less than %s"), $maxnumber); - } - - if (!is_numeric($_POST['count']) || $_POST['count'] < 1 || $_POST['count'] > $maxcount) { - $input_errors[] = sprintf(gettext("A roll has at least one voucher and less than %s."), $maxcount); - } - - if (!is_numeric($_POST['minutes']) || $_POST['minutes'] < 1) { - $input_errors[] = gettext("Each voucher must be good for at least 1 minute."); - } - - if (!$input_errors) { - if (isset($id) && $a_roll[$id]) { - $rollent = $a_roll[$id]; - } - - $rollent['zone'] = $_POST['zone']; - $rollent['number'] = $_POST['number']; - $rollent['minutes'] = $_POST['minutes']; - $rollent['descr'] = $_POST['descr']; - - /* New Roll or modified voucher count: create bitmask */ - $voucherlck = lock("voucher{$cpzone}"); - if ($_POST['count'] != $rollent['count']) { - $rollent['count'] = $_POST['count']; - $len = ($rollent['count']>>3) + 1; // count / 8 +1 - $rollent['used'] = base64_encode(str_repeat("\000", $len)); // 4 bitmask - $rollent['active'] = array(); - voucher_write_used_db($rollent['number'], $rollent['used']); - voucher_write_active_db($rollent['number'], array()); // create empty DB - voucher_log(LOG_INFO, sprintf(gettext('All %1$s vouchers from Roll %2$s marked unused'), $rollent['count'], $rollent['number'])); - } else { - // existing roll has been modified but without changing the count - // read active and used DB from ramdisk and store it in XML config - $rollent['used'] = base64_encode(voucher_read_used_db($rollent['number'])); - $activent = array(); - $db = array(); - $active_vouchers = voucher_read_active_db($rollent['number'], $rollent['minutes']); - foreach ($active_vouchers as $voucher => $line) { - list($timestamp, $minutes) = explode(",", $line); - $activent['voucher'] = $voucher; - $activent['timestamp'] = $timestamp; - $activent['minutes'] = $minutes; - $db[] = $activent; - } - $rollent['active'] = $db; - } - unlock($voucherlck); - - if (isset($id) && $a_roll[$id]) { - $a_roll[$id] = $rollent; - } else { - $a_roll[] = $rollent; - } - - write_config(); - - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); -?> - - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - -
# - -
- # (0..) . -
- -
- . -
- -
- (1..) . -
- -
- . -
  - " /> - - - - -
-
-
-
-
-
-
-
- -'services_captiveportal_zones_edit.php', 'label'=>gettext("add a new captiveportal instance")), -); - -?> - - - - -
-
-
- - -

- " . gettext("You must apply the changes in order for them to take effect."));?> - - -

- -
- -
- -
- - - - - - - - - - $cpitem) : - if (!is_array($cpitem)) { - continue; - } - ?> - - - - - - - - -
- -
- - - - - countClients() ; - ?> - -   - - " class="btn btn-default btn-xs"> - ')" title="" class="btn btn-default btn-xs"> -
-
-
-
-
-
-
-
- $cpent) { - if ($cpent['zone'] == $_POST['zone']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['zone'], gettext("already exists")); - break; - } - } - - if (!$input_errors) { - $cpzone = strtolower($_POST['zone']); - $a_cp[$cpzone] = array(); - $a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']); - $a_cp[$cpzone]['descr'] = $_POST['descr']; - $a_cp[$cpzone]['localauth_priv'] = true; - write_config(); - - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; - } -} -include("head.inc"); -?> - - - - -
-
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
-
-

-
- -
- -
- -
- - - - - - - - - - - - - -
- -
- -
- -
- . -
  - " /> -
-
-
-
-
-
-
-
-
- - $cpdata) { - if (!isset($cpdata['enable'])) - continue; - if (!isset($cpdata['timeout']) || !is_numeric($cpdata['timeout'])) - continue; - $cp_ifs = explode(',', $cpdata['interface']); - if (!in_array($if, $cp_ifs)) - continue; - if ($cpdata['timeout'] > $deftime) - $input_errors[] = sprintf(gettext( - "The Captive Portal zone '%s' has Hard Timeout parameter set to a value bigger than Default lease time (%s)."), $cpZone, $deftime); - } - } - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) diff --git a/src/www/shortcuts.inc b/src/www/shortcuts.inc index 10fd50ead..c6ed58207 100644 --- a/src/www/shortcuts.inc +++ b/src/www/shortcuts.inc @@ -76,12 +76,6 @@ function get_shortcut_main_link($shortcut_section, $addspace = true, $service = else $link = $shortcuts[$shortcut_section]['main']; break; - case "captiveportal": - if (!empty($service['zone'])) - $link = "services_captiveportal.php?zone={$service['zone']}"; - else - $link = $shortcuts[$shortcut_section]['main']; - break; default: $link = $shortcuts[$shortcut_section]['main']; break; @@ -94,35 +88,29 @@ function get_shortcut_main_link($shortcut_section, $addspace = true, $service = } } -function get_shortcut_status_link($shortcut_section, $addspace = true, $service = array()) { - global $g, $shortcuts, $cpzone; - if(empty($shortcut_section)) - return ""; - $space = ($addspace) ? " " : "" ; - if (!empty($cpzone)) - $zone = $cpzone; - elseif (!empty($service['zone'])) - $zone = $service['zone']; - switch ($shortcut_section) { - case "captiveportal": - if (!empty($zone)) - $link = "status_captiveportal.php?zone={$zone}"; - else - $link = $shortcuts[$shortcut_section]['status']; - break; - default: - if (isset($shortcuts[$shortcut_section]['status'])) { - $link = $shortcuts[$shortcut_section]['status']; - } else { - $link = null; - } - break; +function get_shortcut_status_link($shortcut_section, $addspace = true, $service = array()) +{ + global $g, $shortcuts; + + if (empty($shortcut_section)) { + return ''; } - if(!empty($link)) - if (strtok($_SERVER['REQUEST_URI'],'?') != "/status_services.php") + + $space = ($addspace) ? " " : "" ; + + if (isset($shortcuts[$shortcut_section]['status'])) { + $link = $shortcuts[$shortcut_section]['status']; + } else { + $link = null; + } + + if (!empty($link)) { + if (strtok($_SERVER['REQUEST_URI'],'?') != "/status_services.php") { return "{$space}Status"; - else + } else { return "{$space}"; + } + } } function get_shortcut_log_link($shortcut_section, $addspace = true) { @@ -155,17 +143,6 @@ $shortcuts['relayd-virtualservers']['log'] = "diag_logs_relayd.php"; $shortcuts['relayd-virtualservers']['status'] = "status_lb_vs.php"; $shortcuts['relayd-virtualservers']['service'] = "relayd"; -$shortcuts['captiveportal'] = array(); -$shortcuts['captiveportal']['main'] = "services_captiveportal_zones.php"; -$shortcuts['captiveportal']['log'] = "diag_logs_auth.php"; -$shortcuts['captiveportal']['status'] = "status_captiveportal.php"; -$shortcuts['captiveportal']['service'] = "captiveportal"; - -$shortcuts['captiveportal-vouchers'] = array(); -$shortcuts['captiveportal-vouchers']['log'] = "diag_logs_auth.php"; -$shortcuts['captiveportal-vouchers']['status'] = "status_captiveportal_vouchers.php"; -$shortcuts['captiveportal-vouchers']['service'] = "captiveportal"; - $shortcuts['dhcp'] = array(); $shortcuts['dhcp']['main'] = "services_dhcp.php"; $shortcuts['dhcp']['log'] = "diag_logs_dhcp.php"; diff --git a/src/www/status.php b/src/www/status.php index ff481b8f4..f1b439634 100644 --- a/src/www/status.php +++ b/src/www/status.php @@ -119,9 +119,7 @@ defCmdT("top | head -n5", "/usr/bin/top | /usr/bin/head -n5"); defCmdT("sysctl hw.physmem","/sbin/sysctl hw.physmem"); -if (isset($config['captiveportal'])) { - defCmdT("ipfw show", "/sbin/ipfw show"); -} +defCmdT("ipfw show", "/sbin/ipfw show"); defCmdT("pfctl -sn", "/sbin/pfctl -sn"); defCmdT("pfctl -sr", "/sbin/pfctl -sr"); diff --git a/src/www/status_captiveportal.php b/src/www/status_captiveportal.php deleted file mode 100644 index 658f58487..000000000 --- a/src/www/status_captiveportal.php +++ /dev/null @@ -1,227 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("pfsense-utils.inc"); -require_once("interfaces.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - -if ($_GET['act'] == "del" && !empty($cpzone)) { - captiveportal_disconnect_client($_GET['id']); - header("Location: status_captiveportal.php?zone={$cpzone}"); - exit; -} - -$pgtitle = array(gettext("Status: Captive portal")); -$shortcut_section = "captiveportal"; - -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); -$a_cp =& $config['captiveportal']; - -if (count($a_cp) == 1) - $cpzone = current(array_keys($a_cp)); - -include("head.inc"); - -?> - - -listClients(array(),"and",array($order) ) ; - if ($_GET['showact']) { - $accounting_info = $cpclient_handle->listAccounting(); - } - else { - $accounting_info = array() ; - } -} -else { - $cpdb = array() ; -} - - -// Load MAC-Manufacturer table -$mac_man = load_mac_manufacturer_table(); - -?> - - - - - - - -
-
-
- - - -
- - - - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ip,$accounting_info) ) $last_act = $accounting_info[$cpent->ip]['last_accessed'] ; - else $last_act=0; - ?> - - - - - - - -
-


- 		- 1) { ?> - - -
- - -

ip;?> - mac); - if (!empty($mac)) { - $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); - print htmlentities($mac); - if(isset($mac_man[$mac_hi])){ print "
{$mac_man[$mac_hi]}"; } - } - ?>  - 		username);?> allow_time));?> - ')" title=""> -
- -
- - -
- - - - - " /> - - - " /> - - - -
- -
-
-
-
-
-
- - - diff --git a/src/www/status_captiveportal_expire.php b/src/www/status_captiveportal_expire.php deleted file mode 100644 index a9eff6b3a..000000000 --- a/src/www/status_captiveportal_expire.php +++ /dev/null @@ -1,126 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Expire Vouchers"), $a_cp[$cpzone]['zone']); - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - -
- -
- .
  - - " /> -
- - \n"; - if ($result) { - echo "\"pass\""; - echo "Success"; - } else { - echo "\"block\""; - echo "Error"; - } - echo ""; - } - } - -?> -
-
-
-
-
-
-
-
- - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Test Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - -
- -
- .
  - - " /> -
- -
-\n"; - foreach ($test_results as $result) { - if (strpos($result, " good ") || strpos($result, " granted ")) { - echo ""; - echo "$result"; - } else { - echo ""; - echo "$result"; - } - } - echo ""; - } -} -?> -
-
-
-
-
-
-
-
- - - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -/* return how many vouchers are marked used on a roll */ -function voucher_used_count($roll) { - global $g, $cpzone; - - $bitstring = voucher_read_used_db($roll); - $max = strlen($bitstring) * 8; - $used = 0; - for ($i = 1; $i <= $max; $i++) { - // check if ticket already used or not. - $pos = $i >> 3; // divide by 8 -> octet - $mask = 1 << ($i % 8); // mask to test bit in octet - if (ord($bitstring[$pos]) & $mask) - $used++; - } - unset($bitstring); - - return $used; -} - - - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Voucher Rolls"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = &$config['voucher'][$cpzone]['roll']; - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - -
-   - -   - -   - -   - -   - -   - -   -
-
-
-
-
-
-
-
-
- -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -function clientcmp($a, $b) -{ - global $order; - return strcmp($a[$order], $b[$order]); -} - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = $config['voucher'][$cpzone]['roll']; - -$db = array(); - -foreach ($a_roll as $rollent) { - $roll = $rollent['number']; - $minutes = $rollent['minutes']; - - if (!file_exists("/var/db/voucher_{$cpzone}_active_{$roll}.db")) { - continue; - } - - $active_vouchers = file("/var/db/voucher_{$cpzone}_active_{$roll}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - foreach ($active_vouchers as $voucher => $line) { - list($voucher,$timestamp, $minutes) = explode(",", $line); - $remaining = (($timestamp + 60*$minutes) - time()); - if ($remaining > 0) { - $dbent[0] = $voucher; - $dbent[1] = $roll; - $dbent[2] = $timestamp; - $dbent[3] = intval($remaining/60); - $dbent[4] = $timestamp + 60*$minutes; // expires at - $db[] = $dbent; - } - } -} - -if ($_GET['order']) { - $order = $_GET['order']; - usort($db, "clientcmp"); -} - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
-
-
- - IPsec Tunnel
- - Captive Portal
- - - Synchronize Captive Portal - - /> - Automatically sync the Captive Portal configuration to the other HA host when changes are made. - -   diff --git a/src/www/widgets/include/captiveportal.inc b/src/www/widgets/include/captiveportal.inc deleted file mode 100644 index 9d3e068ce..000000000 --- a/src/www/widgets/include/captiveportal.inc +++ /dev/null @@ -1,3 +0,0 @@ - - ******************************************************************************/ - -/***** Global data ************************************************************/ - -var gl_graphCount = 0; // Number of graphs on the current page - -/***** Constants **************************************************************/ - -var GL_START = 0; -var GL_END = 1; -var GL_STATIC = 0; -var GL_DYNAMIC = 1; - -/***** Public functions *******************************************************/ - -/** - * Creates a graph and returns the graph data structure which can later be - * manipulated using the other graph functions. - * - * element_id - DOM element id (should be a DIV) that will contain the graph. - * width - The width of the graph in pixels. - * height - Height of the graph in pixels. - * bar_width - Width of each bar on the graph. This number should divide width - * evenly, or else width will be adjusted to meet this requirement. - * General formula to keep in mind: - * Smaller bar width = more bars = higher CPU usage on client-side. - * - * Returns graph data structure on success, false on error. - */ -function GraphInitialize(element_id, width, height, bar_width) { - // Find the page element which will contain the graph - var owner; - if((owner = jQuery('#' + element_id)) == null) { - alert("GraphLink Error: Element ID '" + element_id + "' not found."); - return false; - } - - // Make sure width is divisible by bar_width - if(width / bar_width != Math.floor(width / bar_width)) - width = Math.floor(width / bar_width) * bar_width; - - var bar_count = width / bar_width; - - // Create the graph data structure - var graph = new Array(); - graph['id'] = gl_graphCount; // ID used to separate elements of one graph from those of another - graph['width'] = width; // Graph width - graph['height'] = height; // Graph height - graph['bar_count'] = bar_count; // Number of bars on the graph - graph['scale_type'] = GL_STATIC; // How the graph is scaled - graph['scale'] = 1; // Multiplier for the bar height - graph['max'] = 0; // Largest value currently on the graph - graph['vmax'] = height; // Virtual graph maximum - graph['spans'] = new Array(bar_count); // References to all the spans for each graph - graph['vals'] = new Array(bar_count); // The height of each bar on the graph, actually it's (graph height - bar height) - gl_graphCount++; - - // Build the graph (x)html - var graph_html = ''; - graph_html += '
'; - - for(var i = 0; i < bar_count; i++) { - graph['vals'][i] = height; - graph_html += ''; - } - - graph_html += '
'; - owner.html(graph_html); - graph['element_id'] = jQuery('#GraphLinkData' + graph['id']); - - for(i = 0; i < bar_count; i++) { - graph['spans'][i] = jQuery('#GraphLinkBar' + graph['id'] + '_' + i); - graph['spans'][i].css('width',bar_width + 'px'); - graph['spans'][i].css('margin-top',height + 'px'); - } - - return graph; -} - -/** - * Adds a new value to a graph. - * - * graph - Graph object to which to add the new value. - * value - Value to add. - * where - (optional) GL_START (0) or GL_END (1), depending on where you want - * the new value to appear. GL_START will add the value on the left - * of the graph, GL_END will add it on the right (default). - */ -function GraphValue(graph, value, where) { - if(typeof(where) == 'undefined') - where = GL_END; - - var rescale = false; - var lost = 0; - - if(value < 0) - value = 0; - - if(graph['scale_type'] == GL_DYNAMIC && value > graph['max']) - rescale = true; - - if(graph['scale_type'] == GL_STATIC) { - if(value > graph['vmax']) - value = graph['vmax']; - value = Math.round(value * graph['scale']); - } - - if(where == GL_START) { - graph['vals'].unshift(graph['height'] - value); - lost = graph['vals'].pop(); - } - else { - graph['vals'].push(graph['height'] - value); - lost = graph['vals'].shift(); - } - - if(graph['scale_type'] == GL_DYNAMIC && (graph['height'] - lost) == graph['max']) - rescale = true; - - if(rescale) - GraphAdjustScale(graph) - - GraphDraw(graph); -} - -/** - * Sets a virtual maximum for the graph allowing you to have non-scaled graphs - * that can show a value greater then the graph height. This function will - * automatically set the graph to a static scale mode, meaning that no values - * above the maximum will be permitted. If you need to have a graph with no - * pre-defined maximum, make it dynamic. Also note that if you set a vmax on a - * graph that has data larger than vmax, that data will be reduced. - * - * graph - Graph object for which to set virtual max. - * vmax - The virtual maximum value for the graph. - */ -function GraphSetVMax(graph, vmax) { - graph['scale_type'] = GL_STATIC; - graph['vmax'] = vmax; - - GraphAdjustScale(graph); - GraphDraw(graph); -} - -/** - * This function instructs the graph to be scaled according to what the maximum - * value is. That value is used as the graph maximum and is reevaluated whenever - * a new value is added, or the current maximum is removed. Dynamic scaling is a - * good way of showing data for which you don't know what the maximum will be, - * but it also is a bit more resource-intensive then statically scaled graphs. - * - * graph - Graph object for which to enable dynamic scaling. - */ -function GraphDynamicScale(graph) { - graph['scale_type'] = GL_DYNAMIC; - - GraphAdjustScale(graph); - GraphDraw(graph); -} - -/***** Private functions ******************************************************/ - -/** - * Checks if the current scale of the graph is still valid, or needs to be - * adjusted. - * - * graph - Graph object for which to check the scale. - */ -function GraphAdjustScale(graph) { - var limit = graph['bar_count']; - var new_max = 0; - var new_scale = 0; - var val = 0; - - if(graph['scale_type'] == GL_STATIC) { - new_max = graph['vmax']; - new_scale = graph['height'] / new_max; - - if(new_scale == graph['scale']) - return; - } - - for(var i = 0; i < limit; i++) { - if(graph['scale_type'] == GL_STATIC) { - val = (graph['height'] - graph['vals'][i]) * graph['scale']; - val = val * new_scale; - - if(val > new_max) - val = new_max; - - graph['vals'][i] = graph['height'] - Math.round(val * new_scale); - - } - else if((graph['height'] - graph['vals'][i]) > new_max) { - new_max = graph['height'] - graph['vals'][i]; - } - } - - - if(graph['scale_type'] == GL_STATIC) { - graph['scale'] = new_scale; - } - else { - if(new_max == 0) - graph['scale'] = 1; - else - graph['scale'] = graph['height'] / new_max; - - graph['max'] = new_max; - } -} - -/** - * Redraws the graph on the screen. - * - * graph - Graph object which needs to be re-drawn. - */ -function GraphDraw(graph) { - var count = graph['bar_count']; - - if(graph['scale_type'] == GL_STATIC) - var getMargin = function(i) { - return graph['vals'][i] + 'px'; - }; - else - var getMargin = function(i) { - var h = graph['height']; - var s = graph['scale']; - var v = graph['vals'][i]; - return (h - Math.round((h - v) * s)) + 'px'; - }; - - graph['spans'][count - 1].css("display", "none"); - - for(var i = 0; i < count; i++) - graph['spans'][i].css("marginTop", getMargin(i)); - -// jQuery('#' + graph['spans'][count - 1]).fadeIn(500); -} diff --git a/src/www/widgets/widgets/captive_portal_status.widget.php b/src/www/widgets/widgets/captive_portal_status.widget.php deleted file mode 100644 index 8c368d5f2..000000000 --- a/src/www/widgets/widgets/captive_portal_status.widget.php +++ /dev/null @@ -1,115 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$nocsrf = true; - -require_once("guiconfig.inc"); -require_once("pfsense-utils.inc"); -require_once("captiveportal.inc"); - -if (($_GET['act'] == "del") && (!empty($_GET['zone']))) { - $cpzone = $_GET['zone']; - captiveportal_disconnect_client($_GET['id']); -} - -flush(); - -function clientcmp($a, $b) -{ - global $order; - return strcmp($a[$order], $b[$order]); -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$cpdb_all = array(); - -foreach ($a_cp as $cpzone => $cp) { - $cpdb_handle = new OPNsense\CaptivePortal\DB($cpzone); - - $order = ""; - if ($_GET['order']) { - if ($_GET['order'] == "ip") { - $order = "ip"; - } elseif ($_GET['order'] == "mac") { - $order = "mac"; - } elseif ($_GET['order'] == "user") { - $order = "username"; - } - } - - $cpdb = $cpdb_handle->listClients(array(), "and", array($order)) ; - $cpdb_all[$cpzone] = $cpdb; -} - -?> - - - - - - - - - - - $cpdb) : -?> - - - - - - - - - - - - - -
IP addressMAC address
ip;?>mac;?> username;?> allow_time));?>? -
diff --git a/src/www/widgets/widgets/services_status.widget.php b/src/www/widgets/widgets/services_status.widget.php index 0b9ca2000..8ec2a6e08 100644 --- a/src/www/widgets/widgets/services_status.widget.php +++ b/src/www/widgets/widgets/services_status.widget.php @@ -32,7 +32,6 @@ $nocsrf = true; require_once("guiconfig.inc"); -require_once("captiveportal.inc"); require_once("services.inc"); require_once("vpn.inc"); require_once("widgets/include/services_status.inc");