From 5e5e6c2f27e6a2df58f1771c4dc1993f416cdf98 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Thu, 15 Oct 2015 23:37:28 +0200 Subject: [PATCH] captive portal: bye bye my love The captive portal is being replaced! This hooks up the new page into the services section while ditching most of the old code. There'll be no migration, if you use package `opnsense-devel' and the captive portal you'll have to switch to `opnsense' or migrate to the new code. Beware that the new captive portal is going to be a huge step forward but features will trickle in week after week until it is stable enough to merge it. Latest release date is going to be 16.1. --- src/Makefile | 2 +- src/captiveportal/index.php | 268 ---- src/etc/config.xml.sample | 2 +- src/etc/inc/captiveportal.CHAP.inc | 463 ------ src/etc/inc/captiveportal.inc | 1427 ----------------- .../inc/captiveportal.radius_accounting.inc | 303 ---- .../captiveportal.radius_authentication.inc | 181 --- src/etc/inc/certs.inc | 20 +- src/etc/inc/interfaces.inc | 22 +- src/etc/inc/ipsec.auth-user.php | 15 - src/etc/inc/openvpn.auth-user.php | 15 - src/etc/inc/radius.inc | 15 +- src/etc/inc/rrd.inc | 89 - src/etc/inc/system.inc | 67 +- src/etc/inc/util.inc | 33 +- src/etc/inc/voucher.inc | 521 ------ src/etc/rc.backup_captiveportal | 45 - src/etc/rc.bootup | 8 - src/etc/rc.filter_synchronize | 4 - src/etc/rc.initial.setports | 1 - src/etc/rc.linkup | 1 - src/etc/rc.prunecaptiveportal | 63 - src/etc/rc.reload_all | 1 - src/etc/rc.reload_interfaces | 3 - src/etc/rc.restart_webgui | 2 - .../app/models/OPNsense/Base/Menu/Menu.xml | 13 +- .../OPNsense/CaptivePortal/CPClient.php | 824 ---------- .../OPNsense/Core/ACL_Legacy_Page_Map.json | 123 -- src/opnsense/mvc/script/test.php | 39 - src/sbin/captiveportal_gather_stats.php | 114 -- src/www/crash_reporter.php | 1 - src/www/diag_authentication.php | 4 +- src/www/diag_backup.php | 11 - src/www/diag_logs_auth.php | 1 - src/www/fbegin.inc | 12 - src/www/interfaces.php | 1 - src/www/interfaces_assign.php | 1 - src/www/reboot.php | 2 +- src/www/services_captiveportal.php | 1081 ------------- .../services_captiveportal_filemanager.php | 261 --- src/www/services_captiveportal_ip.php | 172 -- src/www/services_captiveportal_ip_edit.php | 253 --- src/www/services_captiveportal_mac.php | 229 --- src/www/services_captiveportal_mac_edit.php | 282 ---- src/www/services_captiveportal_vouchers.php | 588 ------- .../services_captiveportal_vouchers_edit.php | 245 --- src/www/services_captiveportal_zones.php | 144 -- src/www/services_captiveportal_zones_edit.php | 135 -- src/www/services_dhcp.php | 19 - src/www/shortcuts.inc | 63 +- src/www/status.php | 4 +- src/www/status_captiveportal.php | 227 --- src/www/status_captiveportal_expire.php | 126 -- src/www/status_captiveportal_test.php | 130 -- .../status_captiveportal_voucher_rolls.php | 164 -- src/www/status_captiveportal_vouchers.php | 160 -- src/www/status_services.php | 12 - src/www/system_certmanager.php | 5 - src/www/system_hasync.php | 14 +- src/www/widgets/include/captiveportal.inc | 3 - src/www/widgets/javascript/cpu_graphs.js | 245 --- .../widgets/captive_portal_status.widget.php | 115 -- .../widgets/services_status.widget.php | 1 - 63 files changed, 70 insertions(+), 9325 deletions(-) delete mode 100644 src/captiveportal/index.php delete mode 100644 src/etc/inc/captiveportal.CHAP.inc delete mode 100644 src/etc/inc/captiveportal.inc delete mode 100644 src/etc/inc/captiveportal.radius_accounting.inc delete mode 100644 src/etc/inc/captiveportal.radius_authentication.inc delete mode 100644 src/etc/inc/voucher.inc delete mode 100755 src/etc/rc.backup_captiveportal delete mode 100755 src/etc/rc.prunecaptiveportal delete mode 100644 src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php delete mode 100644 src/opnsense/mvc/script/test.php delete mode 100644 src/sbin/captiveportal_gather_stats.php delete mode 100644 src/www/services_captiveportal.php delete mode 100644 src/www/services_captiveportal_filemanager.php delete mode 100644 src/www/services_captiveportal_ip.php delete mode 100644 src/www/services_captiveportal_ip_edit.php delete mode 100644 src/www/services_captiveportal_mac.php delete mode 100644 src/www/services_captiveportal_mac_edit.php delete mode 100644 src/www/services_captiveportal_vouchers.php delete mode 100644 src/www/services_captiveportal_vouchers_edit.php delete mode 100644 src/www/services_captiveportal_zones.php delete mode 100644 src/www/services_captiveportal_zones_edit.php delete mode 100644 src/www/status_captiveportal.php delete mode 100644 src/www/status_captiveportal_expire.php delete mode 100644 src/www/status_captiveportal_test.php delete mode 100644 src/www/status_captiveportal_voucher_rolls.php delete mode 100644 src/www/status_captiveportal_vouchers.php delete mode 100644 src/www/widgets/include/captiveportal.inc delete mode 100644 src/www/widgets/javascript/cpu_graphs.js delete mode 100644 src/www/widgets/widgets/captive_portal_status.widget.php diff --git a/src/Makefile b/src/Makefile index f61ba65b3..3723af25a 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,4 +1,4 @@ ROOT= /usr/local -TREES= captiveportal etc opnsense pkg sbin wizard www +TREES= etc opnsense pkg sbin wizard www .include "../Mk/tree.mk" diff --git a/src/captiveportal/index.php b/src/captiveportal/index.php deleted file mode 100644 index 637d60868..000000000 --- a/src/captiveportal/index.php +++ /dev/null @@ -1,268 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("auth.inc"); -require_once("interfaces.inc"); -require_once("captiveportal.inc"); -require_once("util.inc"); - -$errormsg = "Invalid credentials specified."; - -header("Expires: 0"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); -header("Connection: close"); - -global $cpzone, $cpzoneid; - -$cpzone = $_REQUEST['zone']; -$cpcfg = $config['captiveportal'][$cpzone]; -if (empty($cpcfg)) { - log_error("Submission to captiveportal with unkown parameter zone: " . htmlspecialchars($cpzone)); - portal_reply_page($redirurl, "error", $errormsg); - ob_flush(); - return; -} - -$cpzoneid = $cpcfg['zoneid']; - -$orig_host = $_SERVER['HTTP_HOST']; -/* NOTE: IE 8/9 is buggy and that is why this is needed */ -$orig_request = trim($_REQUEST['redirurl'], " /"); -$clientip = $_SERVER['REMOTE_ADDR']; - -if (!$clientip) { - /* not good - bail out */ - log_error("Zone: {$cpzone} - Captive portal could not determine client's IP address."); - $error_message = "An error occurred. Please check the system logs for more information."; - portal_reply_page($redirurl, "error", $errormsg); - ob_flush(); - return; -} - -$ourhostname = portal_hostname_from_client_ip($clientip); -if ($orig_host != $ourhostname) { - /* the client thinks it's connected to the desired web server, but instead - it's connected to us. Issue a redirect... */ - $protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://'; - header("Location: {$protocol}{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}/{$orig_request}")); - - ob_flush(); - return; -} - -if (!empty($cpcfg['redirurl'])) { - $redirurl = $cpcfg['redirurl']; -} elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) { - $redirurl = urldecode($matches[1]); -} elseif ($_REQUEST['redirurl']) { - $redirurl = $_REQUEST['redirurl']; -} - -$macfilter = !isset($cpcfg['nomacfilter']); -$passthrumac = isset($cpcfg['passthrumacadd']); - -function ip_to_mac($addr) -{ - $cmd = '/usr/sbin/arp -n ' . $addr; - $ret = false; - - exec($cmd, $out, $ret); - if ($ret) { - log_error('The command `' . $cmd . '\' failed to execute'); - } else { - $mac = explode(' ', $out[0]); - if (isset($mac[3])) { - $ret = $mac[3]; - } - } - - return $ret; -} - -/* find MAC address for client */ -if ($macfilter || $passthrumac) { - $tmpres = ip_to_mac($clientip); - if (!$tmpres) { - /* unable to find MAC address - shouldn't happen! - bail out */ - captiveportal_logportalauth("unauthenticated", "noclientmac", $clientip, "ERROR"); - echo "An error occurred. Please check the system logs for more information."; - log_error("Zone: {$cpzone} - Captive portal could not determine client's MAC address. Disable MAC address filtering in captive portal if you do not need this functionality."); - ob_flush(); - return; - } - $clientmac = $tmpres; - unset($tmpres); -} - -/* find out if we need RADIUS + RADIUSMAC or not */ -if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) { - $radius_enable = true; - if (isset($cpcfg['radmac_enable'])) { - $radmac_enable = true; - } -} - -/* find radius context */ -$radiusctx = 'first'; -if ($_POST['auth_user2']) { - $radiusctx = 'second'; -} - -if ($_POST['logout_id']) { - echo << -Disconnecting... - - -You have been disconnected. - - - - - -EOD; - captiveportal_disconnect_client($_POST['logout_id']); - -} elseif ($macfilter && $clientmac && captiveportal_blocked_mac($clientmac)) { - captiveportal_logportalauth($clientmac, $clientmac, $clientip, "Blocked MAC address"); - if (!empty($cpcfg['blockedmacsurl'])) { - portal_reply_page($cpcfg['blockedmacsurl'], "redir"); - } else { - portal_reply_page($redirurl, "error", "This MAC address has been blocked"); - } - -} elseif ($clientmac && $radmac_enable && portal_mac_radius($clientmac, $clientip, $radiusctx)) { - /* radius functions handle everything so we exit here since we're done */ - -} elseif (portal_consume_passthrough_credit($clientmac)) { - /* allow the client through if it had a pass-through credit for its MAC */ - captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT"); - portal_allow($clientip, $clientmac, "unauthenticated"); - -} elseif (isset($config['voucher'][$cpzone]['enable']) && $_POST['accept'] && $_POST['auth_voucher']) { - $voucher = trim($_POST['auth_voucher']); - $timecredit = voucher_auth($voucher); - // $timecredit contains either a credit in minutes or an error message - if ($timecredit > 0) { // voucher is valid. Remaining minutes returned - // if multiple vouchers given, use the first as username - $a_vouchers = preg_split("/[\t\n\r ]+/s", $voucher); - $voucher = $a_vouchers[0]; - $attr = array( 'voucher' => 1, - 'session_timeout' => $timecredit*60, - 'session_terminate_time' => 0); - if (portal_allow($clientip, $clientmac, $voucher, null, $attr)) { - // YES: user is good for $timecredit minutes. - captiveportal_logportalauth($voucher, $clientmac, $clientip, "Voucher login good for $timecredit min."); - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } else { - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); - } - } elseif (-1 == $timecredit) { // valid but expired - captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE", "voucher expired"); - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); - } else { - captiveportal_logportalauth($voucher, $clientmac, $clientip, "FAILURE"); - portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgnoaccess'] ? $config['voucher'][$cpzone]['msgnoaccess'] : $errormsg); - } - -} elseif ($_POST['accept'] && $radius_enable) { - if (($_POST['auth_user'] && isset($_POST['auth_pass'])) || ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) { - if (!empty($_POST['auth_user'])) { - $user = $_POST['auth_user']; - $paswd = $_POST['auth_pass']; - } elseif (!empty($_POST['auth_user2'])) { - $user = $_POST['auth_user2']; - $paswd = $_POST['auth_pass2']; - } - $auth_list = radius($user, $paswd, $clientip, $clientmac, "USER LOGIN", $radiusctx); - $type = "error"; - if (!empty($auth_list['url_redirection'])) { - $redirurl = $auth_list['url_redirection']; - $type = "redir"; - } - - if ($auth_list['auth_val'] == 1) { - captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR", $auth_list['error']); - portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg); - } elseif ($auth_list['auth_val'] == 3) { - captiveportal_logportalauth($user, $clientmac, $clientip, "FAILURE", $auth_list['reply_message']); - portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg); - } else { - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } - } else { - if (!empty($_POST['auth_user'])) { - $user = $_POST['auth_user']; - } elseif (!empty($_POST['auth_user2'])) { - $user = $_POST['auth_user2']; - } else { - $user = 'unknown'; - } - captiveportal_logportalauth($user, $clientmac, $clientip, "ERROR"); - portal_reply_page($redirurl, "error", $errormsg); - } - -} elseif ($_POST['accept'] && $cpcfg['auth_method'] == "local") { - if ($_POST['auth_user'] && $_POST['auth_pass']) { - //check against local user manager - $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); - - if ($loginok && isset($cpcfg['localauth_priv'])) { - $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login"); - } - - if ($loginok) { - captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "LOGIN"); - portal_allow($clientip, $clientmac, $_POST['auth_user']); - portal_reply_page($redirurl, "redir", "Just redirect the user."); - } else { - captiveportal_logportalauth($_POST['auth_user'], $clientmac, $clientip, "FAILURE"); - portal_reply_page($redirurl, "error", $errormsg); - } - } else { - portal_reply_page($redirurl, "error", $errormsg); - } - -} elseif ($_POST['accept'] && $clientip && $cpcfg['auth_method'] == "none") { - captiveportal_logportalauth("unauthenticated", $clientmac, $clientip, "ACCEPT"); - portal_allow($clientip, $clientmac, "unauthenticated"); - -} else { - /* display captive portal page */ - portal_reply_page($redirurl, "login", null, $clientmac, $clientip); -} - -ob_flush(); diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample index 0d386ee18..37e14a4cb 100644 --- a/src/etc/config.xml.sample +++ b/src/etc/config.xml.sample @@ -457,6 +457,6 @@ - system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close + system_information-container:col1:show,carp_status-container:col1:close,gateways-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close diff --git a/src/etc/inc/captiveportal.CHAP.inc b/src/etc/inc/captiveportal.CHAP.inc deleted file mode 100644 index 7c3c6dd73..000000000 --- a/src/etc/inc/captiveportal.CHAP.inc +++ /dev/null @@ -1,463 +0,0 @@ - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -This code cannot simply be copied and put under the GNU Public License or -any other GPL-like (LGPL, GPL2) License. - - $Id: CHAP.php 302857 2010-08-28 21:12:59Z mbretter $ -*/ - -require_once 'PEAR.inc'; - -/** -* Classes for generating packets for various CHAP Protocols: -* CHAP-MD5: RFC1994 -* MS-CHAPv1: RFC2433 -* MS-CHAPv2: RFC2759 -* -* @package Crypt_CHAP -* @author Michael Bretterklieber -* @access public -* @version $Revision: 302857 $ -*/ - -/** - * class Crypt_CHAP - * - * Abstract base class for CHAP - * - * @package Crypt_CHAP - */ -class Crypt_CHAP extends PEAR -{ - /** - * Random binary challenge - * @var string - */ - var $challenge = null; - - /** - * Binary response - * @var string - */ - var $response = null; - - /** - * User password - * @var string - */ - var $password = null; - - /** - * Id of the authentication request. Should incremented after every request. - * @var integer - */ - var $chapid = 1; - - /** - * Constructor - * - * Generates a random challenge - * @return void - */ - function Crypt_CHAP() - { - $this->PEAR(); - $this->generateChallenge(); - } - - /** - * Generates a random binary challenge - * - * @param string $varname Name of the property - * @param integer $size Size of the challenge in Bytes - * @return void - */ - function generateChallenge($varname = 'challenge', $size = 8) - { - $this->$varname = ''; - for ($i = 0; $i < $size; $i++) { - $this->$varname .= pack('C', 1 + mt_rand() % 255); - } - return $this->$varname; - } - - /** - * Generates the response. Overwrite this. - * - * @return void - */ - function challengeResponse() - { - } - -} - -/** - * class Crypt_CHAP_MD5 - * - * Generate CHAP-MD5 Packets - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MD5 extends Crypt_CHAP -{ - - /** - * Generates the response. - * - * CHAP-MD5 uses MD5-Hash for generating the response. The Hash consists - * of the chapid, the plaintext password and the challenge. - * - * @return string - */ - function challengeResponse() - { - return pack('H*', md5(pack('C', $this->chapid) . $this->password . $this->challenge)); - } -} - -/** - * class Crypt_CHAP_MSv1 - * - * Generate MS-CHAPv1 Packets. MS-CHAP doesen't use the plaintext password, it uses the - * NT-HASH wich is stored in the SAM-Database or in the smbpasswd, if you are using samba. - * The NT-HASH is MD4(str2unicode(plaintextpass)). - * You need the hash extension for this class. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv1 extends Crypt_CHAP -{ - /** - * Wether using deprecated LM-Responses or not. - * 0 = use LM-Response, 1 = use NT-Response - * @var bool - */ - var $flags = 1; - - /** - * Constructor - * - * Loads the hash extension - * @return void - */ - function Crypt_CHAP_MSv1() - { - $this->Crypt_CHAP(); - self::loadExtension('hash'); - } - - /** - * Generates the NT-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function ntPasswordHash($password = null) - { - if (isset($password)) { - return pack('H*',hash('md4', $this->str2unicode($password))); - } else { - return pack('H*',hash('md4', $this->str2unicode($this->password))); - } - } - - /** - * Converts ascii to unicode. - * - * @access public - * @return string - */ - function str2unicode($str) - { - $uni = ''; - $str = (string) $str; - for ($i = 0; $i < strlen($str); $i++) { - $a = ord($str{$i}) << 8; - $uni .= sprintf("%X", $a); - } - return pack('H*', $uni); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function challengeResponse() - { - return $this->_challengeResponse(); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function ntChallengeResponse() - { - return $this->_challengeResponse(false); - } - - /** - * Generates the LAN-Manager-Response. - * - * @access public - * @return string - */ - function lmChallengeResponse() - { - return $this->_challengeResponse(true); - } - - /** - * Generates the response. - * - * Generates the response using DES. - * - * @param bool $lm wether generating LAN-Manager-Response - * @access private - * @return string - */ - function _challengeResponse($lm = false) - { - if ($lm) { - $hash = $this->lmPasswordHash(); - } else { - $hash = $this->ntPasswordHash(); - } - - while (strlen($hash) < 21) { - $hash .= "\0"; - } - - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - $key = $this->_desAddParity(substr($hash, 0, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp1 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 7, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp2 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 14, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp3 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - - return $resp1 . $resp2 . $resp3; - } - - /** - * Generates the LAN-Manager-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function lmPasswordHash($password = null) - { - $plain = isset($password) ? $password : $this->password; - - $plain = substr(strtoupper($plain), 0, 14); - while (strlen($plain) < 14) { - $plain .= "\0"; - } - - return $this->_desHash(substr($plain, 0, 7)) . $this->_desHash(substr($plain, 7, 7)); - } - - /** - * Generates an irreversible HASH. - * - * @access private - * @return string - */ - function _desHash($plain) - { - $key = $this->_desAddParity($plain); - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - mcrypt_generic_init($td, $key, $iv); - $hash = mcrypt_generic($td, 'KGS!@#$%'); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - return $hash; - } - - /** - * Adds the parity bit to the given DES key. - * - * @access private - * @param string $key 7-Bytes Key without parity - * @return string - */ - function _desAddParity($key) - { - static $odd_parity = array( - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, - 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, - 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, - 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, - 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, - 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, - 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, - 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, - 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, - 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254); - - $bin = ''; - for ($i = 0; $i < strlen($key); $i++) { - $bin .= sprintf('%08s', decbin(ord($key{$i}))); - } - - $str1 = explode('-', substr(chunk_split($bin, 7, '-'), 0, -1)); - $x = ''; - foreach($str1 as $s) { - $x .= sprintf('%02s', dechex($odd_parity[bindec($s . '0')])); - } - - return pack('H*', $x); - - } - - /** - * Generates the response-packet. - * - * @param bool $lm wether including LAN-Manager-Response - * @access private - * @return string - */ - function response($lm = false) - { - $ntresp = $this->ntChallengeResponse(); - if ($lm) { - $lmresp = $this->lmChallengeResponse(); - } else { - $lmresp = str_repeat ("\0", 24); - } - - // Response: LM Response, NT Response, flags (0 = use LM Response, 1 = use NT Response) - return $lmresp . $ntresp . pack('C', !$lm); - } -} - -/** - * class Crypt_CHAP_MSv2 - * - * Generate MS-CHAPv2 Packets. This version of MS-CHAP uses a 16 Bytes authenticator - * challenge and a 16 Bytes peer Challenge. LAN-Manager responses no longer exists - * in this version. The challenge is already a SHA1 challenge hash of both challenges - * and of the username. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv2 extends Crypt_CHAP_MSv1 -{ - /** - * The username - * @var string - */ - var $username = null; - - /** - * The 16 Bytes random binary peer challenge - * @var string - */ - var $peerChallenge = null; - - /** - * The 16 Bytes random binary authenticator challenge - * @var string - */ - var $authChallenge = null; - - /** - * Constructor - * - * Generates the 16 Bytes peer and authentication challenge - * @return void - */ - function Crypt_CHAP_MSv2() - { - $this->Crypt_CHAP_MSv1(); - $this->generateChallenge('peerChallenge', 16); - $this->generateChallenge('authChallenge', 16); - } - - /** - * Generates a hash from the NT-HASH. - * - * @access public - * @param string $nthash The NT-HASH - * @return string - */ - function ntPasswordHashHash($nthash) - { - return pack('H*',hash('md4', $nthash)); - } - - /** - * Generates the challenge hash from the peer and the authenticator challenge and - * the username. SHA1 is used for this, but only the first 8 Bytes are used. - * - * @access public - * @return string - */ - function challengeHash() - { - return substr(pack('H*',hash('sha1', $this->peerChallenge . $this->authChallenge . $this->username)), 0, 8); - } - - /** - * Generates the response. - * - * @access public - * @return string - */ - function challengeResponse() - { - $this->challenge = $this->challengeHash(); - return $this->_challengeResponse(); - } -} - - -?> diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc deleted file mode 100644 index 0ede93ecf..000000000 --- a/src/etc/inc/captiveportal.inc +++ /dev/null @@ -1,1427 +0,0 @@ - - Copyright (C) 2009-2012 Ermal Luçi - Copyright (C) 2003-2006 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - This version of captiveportal.inc has been modified by Rob Parker - to include changes for per-user bandwidth management - via returned RADIUS attributes. This page has been modified to delete any - added rules which may have been created by other per-user code (index.php, etc). - These changes are (c) 2004 Keycom PLC. -*/ - -/* include all configuration functions */ -require_once("radius.inc"); -require_once("captiveportal.radius_accounting.inc"); -require_once("captiveportal.radius_authentication.inc"); -require_once("voucher.inc"); - -function get_include_contents($filename) { - if (is_file($filename)) { - ob_start(); - include $filename; - $contents = ob_get_contents(); - ob_end_clean(); - return $contents; - } - return false; -} - - - -// -// TODO : restructure code / gui, for now we try to maintain gui compatibility by not breaking the old callbacks -// -function captiveportal_passthrumac_configure_entry($macent) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_passthrumac_delete_entry($macent) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_passthrumac_configure($lock = false) { - return captiveportal_passthrumac_delete_entry(null) ; -} - -function captiveportal_allowedip_configure_entry($ipent, $ishostname = false) { - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->update(); - - return "" ; -} - -function captiveportal_allowedip_configure() { - return captiveportal_allowedip_configure_entry(null); -} - -/* remove a single client by sessionid */ -function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { - global $cpzone; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->disconnect($cpzone,$sessionid); -} - -function captiveportal_remove_entries($remove) { - global $cpzone ; - - if (!is_array($remove) || empty($remove)) - return; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->disconnect($cpzone,$remove); -} - -function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $pipeno = null, $radiusctx = null) { - global $config, $cpzone ,$type,$g; - - $cpc = new OPNsense\CaptivePortal\CPClient(); - - // Ensure we create an array if we are missing attributes - if (!is_array($attributes)) { - $attributes = array(); - } - - if ($attributes['voucher']) { - $remaining_time = $attributes['session_timeout']; - } - - // handle - $dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0; - $dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0; - $bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up; - $bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down; - $interim_interval = (!empty($attributes['interim_interval'])) ? $attributes['interim_interval'] : 'NULL'; - - $session_timeout = 0 ; - if ( array_key_exists("session_timeout",$attributes ) ){ - $session_timeout = $attributes['session_timeout'] ; - } - elseif ( is_numeric($config['captiveportal'][$cpzone]["timeout"]) ){ - // calculate to seconds for timeout parameters ( config in minutes ) - $session_timeout = $config['captiveportal'][$cpzone]["timeout"] * 60 ; - } - - $idle_timeout = 0 ; - if ( array_key_exists("idle_timeout",$attributes ) ){ - $idle_timeout = $attributes['idle_timeout'] ; - } - elseif ( is_numeric($config['captiveportal'][$cpzone]["idletimeout"]) ){ - // calculate to seconds for timeout parameters ( config in minutes ) - $idle_timeout = $config['captiveportal'][$cpzone]["idletimeout"] * 60 ; - } - - - $session_terminate_time = 0; - if ( array_key_exists("session_timeout",$attributes ) ) { - $session_terminate_time = $attributes['session_terminate_time'] ; - } - - - - if ($attributes['voucher']) { - $db = new OPNsense\CaptivePortal\DB($cpzone); - $clients = $db->listClients(array("username"=>$username), null, null); - foreach ($clients as $client) { - // user is already connected, disconnect old session - $cpc->disconnect($cpzone, $client->sessionid); - - // calculate new session end time for this voucher ( session connection time + timeout - now, correct with 1 second to trap exact cleanup hit) - $session_terminate_time = $client->allow_time + $client->session_timeout - time() - 1; - } - - if ($session_terminate_time < 0) { - // no time left for voucher - return 0; - } - - unset($db); - } - - - if (is_null($radiusctx)) { - $radiusctx = 'first'; - } - - - $sessionid = $cpc->portalAllow($cpzone,$clientip,$clientmac,$username,$password,$bw_up,$bw_down,$radiusctx,$session_timeout,$idle_timeout,$session_terminate_time,$interim_interval); - - if (isset($config['captiveportal'][$cpzone]['radacct_enable']) && !empty($radiusservers[$radiusctx])) { - $acct_val = RADIUS_ACCOUNTING_START($pipeno, $username, $sessionid, $radiusservers[$radiusctx], $clientip, $clientmac); - if ($acct_val == 1) - captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); - } - - // TODO: error handling -// /* if the pool is empty, return appropriate message and exit */ -// if (is_null($pipeno)) { -// portal_reply_page($redirurl, "error", "System reached maximum login capacity"); -// log_error("Zone: {$cpzone} - WARNING! Captive portal has reached maximum login capacity"); -// unlock($cpdblck); -// return; -// } - - /* redirect user to desired destination */ - if (!empty($attributes['url_redirection'])) - $my_redirurl = $attributes['url_redirection']; - else if (!empty($redirurl)) - $my_redirurl = $redirurl; - else if (!empty($config['captiveportal'][$cpzone]['redirurl'])) - $my_redirurl = $config['captiveportal'][$cpzone]['redirurl']; - - if(isset($config['captiveportal'][$cpzone]['logoutwin_enable']) ) { - $ourhostname = portal_hostname_from_client_ip($clientip); - $protocol = (isset($config['captiveportal'][$cpzone]['httpslogin'])) ? 'https://' : 'http://'; - $logouturl = "{$protocol}{$ourhostname}/"; - - if (isset($attributes['reply_message'])) - $message = $attributes['reply_message']; - else - $message = 0; - - include("/var/etc/captiveportal-{$cpzone}-logout.html"); - } - - return $sessionid; -} - -// -// -// - -/* reinit will disconnect all users, be careful! */ -function captiveportal_init_rules($reinit = false) -{ - $cpc = new OPNsense\CaptivePortal\CPClient(); - $cpc->reconfigure(); - unset($cpc); -} - - -// Unchanged - - -function get_default_captive_portal_html() { - global $config, $g, $cpzone; - - $htmltext = << - -
- - -
- - - - - - - -
- - - {$g['product_name']} captive portal - - -
-
-
- - - - -
-
-
-
- - - - -
-
-
-
- - - \$PORTAL_MESSAGE\$ - - -
-
-
- - - - - - - -EOD; - - if(isset($config['voucher'][$cpzone]['enable'])) { - $htmltext .= << - - - - -EOD; - } - - $htmltext .= << - - -
Welcome to the {$g['product_name']} Captive Portal!
 
Username:
Password:
 
Enter Voucher Code:
-
-
-
-
-
-
-
-
-
-
-
-
-
- - - -EOD; - - return $htmltext; -} - - -function captiveportal_configure() { - global $config, $cpzone, $cpzoneid; - - /* init ipfw rules */ - captiveportal_init_rules(true); - - $cpc = new OPNsense\CaptivePortal\CPClient(); - if ($cpc->isEnabled()) { - $cpc->reconfigure(); - } - - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - $cpzone = $cpkey; - $cpzoneid = $cp['zoneid']; - captiveportal_configure_zone($cp); - } - } -} - -function captiveportal_configure_zone($cpcfg) { - global $config, $g, $cpzone, $cpzoneid; - - $captiveportallck = lock("captiveportal{$cpzone}", LOCK_EX); - - if (isset($cpcfg['enable'])) { - - if (file_exists("/var/run/booting")) { - echo "Starting captive portal({$cpcfg['zone']})... "; - - /* remove old information */ - @unlink("/var/db/captiveportal{$cpzone}.db"); - } else - captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']})."); - /* kill any running minicron */ - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - - /* initialize minicron interval value */ - $croninterval = isset($cpcfg['croninterval']) && !empty($cpcfg['croninterval']) ? $cpcfg['croninterval'] : 60; - - /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) - $croninterval = 60; - - /* write portal page */ - if (isset($cpcfg['page']['htmltext']) && $cpcfg['page']['htmltext']) - $htmltext = base64_decode($cpcfg['page']['htmltext']); - else { - /* example/template page */ - $htmltext = get_default_captive_portal_html(); - } - - $fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w"); - if ($fd) { - // Special case handling. Convert so that we can pass this page - // through the PHP interpreter later without clobbering the vars. - $htmltext = str_replace("\$PORTAL_ZONE\$", "#PORTAL_ZONE#", $htmltext); - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "#PORTAL_REDIRURL#", $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", "#PORTAL_MESSAGE#", $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", "#CLIENT_MAC#", $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", "#CLIENT_IP#", $htmltext); - $htmltext = str_replace("\$ORIGINAL_PORTAL_IP\$", "#ORIGINAL_PORTAL_IP#", $htmltext); - $htmltext = str_replace("\$PORTAL_ACTION\$", "#PORTAL_ACTION#", $htmltext); - if($cpcfg['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $htmltext); - } - fwrite($fd, $htmltext); - fclose($fd); - } - unset($htmltext); - - /* write error page */ - if (isset($cpcfg['page']['errtext']) && $cpcfg['page']['errtext']) - $errtext = base64_decode($cpcfg['page']['errtext']); - else { - /* example page */ - $errtext = get_default_captive_portal_html(); - } - - $fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w"); - if ($fd) { - // Special case handling. Convert so that we can pass this page - // through the PHP interpreter later without clobbering the vars. - $errtext = str_replace("\$PORTAL_ZONE\$", "#PORTAL_ZONE#", $errtext); - $errtext = str_replace("\$PORTAL_REDIRURL\$", "#PORTAL_REDIRURL#", $errtext); - $errtext = str_replace("\$PORTAL_MESSAGE\$", "#PORTAL_MESSAGE#", $errtext); - $errtext = str_replace("\$CLIENT_MAC\$", "#CLIENT_MAC#", $errtext); - $errtext = str_replace("\$CLIENT_IP\$", "#CLIENT_IP#", $errtext); - $errtext = str_replace("\$ORIGINAL_PORTAL_IP\$", "#ORIGINAL_PORTAL_IP#", $errtext); - $errtext = str_replace("\$PORTAL_ACTION\$", "#PORTAL_ACTION#", $errtext); - if($cpcfg['preauthurl']) { - $errtext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $errtext); - $errtext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $errtext); - } - fwrite($fd, $errtext); - fclose($fd); - } - unset($errtext); - - /* write logout page */ - if (isset($cpcfg['page']['logouttext']) && $cpcfg['page']['logouttext']) - $logouttext = base64_decode($cpcfg['page']['logouttext']); - else { - /* example page */ - $logouttext = << -Redirecting... - - -Redirecting to ... - - - - - -EOD; - } - - $fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w"); - if ($fd) { - fwrite($fd, $logouttext); - fclose($fd); - } - unset($logouttext); - - /* write elements */ - captiveportal_write_elements(); - - /* kill any running mini_httpd */ - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - - /* start up the webserving daemon */ - captiveportal_init_webgui_zone($cpcfg); - - /* Kill any existing prunecaptiveportal processes */ - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - - /* start pruning process (interval defaults to 60 seconds) */ - mwexecf( - '/usr/local/bin/minicron %s %s %s %s', - array($croninterval, - "/var/run/cp_prunedb_{$cpzone}.pid", - '/usr/local/etc/rc.prunecaptiveportal', - $cpzone) - ); - - /* generate radius server database */ - @unlink("/var/db/captiveportal_radius_{$cpzone}.db"); - captiveportal_init_radius_servers(); - - if (file_exists("/var/run/booting")) { - /* send Accounting-On to server */ - captiveportal_send_server_accounting(); - echo "done\n"; - } - - } else { - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid"); - killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - killbypid("/var/run/cp_prunedb_{$cpzone}.pid"); - @unlink("/var/etc/captiveportal_{$cpzone}.html"); - @unlink("/var/etc/captiveportal-{$cpzone}-error.html"); - @unlink("/var/etc/captiveportal-{$cpzone}-logout.html"); - - captiveportal_radius_stop_all(); - - /* send Accounting-Off to server */ - if (!file_exists("/var/run/booting")) { - captiveportal_send_server_accounting(true); - } - - /* remove old information */ - @unlink("/var/db/captiveportal{$cpzone}.db"); - @unlink("/var/db/captiveportal_radius_{$cpzone}.db"); - @unlink("/var/db/captiveportal_{$cpzone}.rules"); - /* Release allocated pipes for this zone */ - captiveportal_free_dnrules(); - - if (empty($config['captiveportal'])) - set_single_sysctl("net.link.ether.ipfw", "0"); - else { - /* Deactivate ipfw(4) if not needed */ - $cpactive = false; - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - if (isset($cp['enable'])) { - $cpactive = true; - break; - } - } - } - if ($cpactive === false) - set_single_sysctl("net.link.ether.ipfw", "0"); - - } - } - - unlock($captiveportallck); - - return 0; -} - -function captiveportal_init_webgui() { - global $config, $cpzone; - - if (is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - $cpzone = $cpkey; - captiveportal_init_webgui_zone($cp); - } - } -} - -function captiveportal_init_webgui_zonename($zone) { - global $config, $cpzone; - - if (isset($config['captiveportal'][$zone])) { - $cpzone = $zone; - captiveportal_init_webgui_zone($config['captiveportal'][$zone]); - } -} - -function captiveportal_init_webgui_zone($cpcfg) -{ - global $g, $config, $cpzone; - - if (!isset($cpcfg['enable'])) { - return; - } - - if (isset($cpcfg['httpslogin'])) { - $cert = lookup_cert($cpcfg['certref']); - $crt = base64_decode($cert['crt']); - $key = base64_decode($cert['prv']); - $ca = ca_chain($cert); - - /* generate lighttpd configuration */ - if (!empty($cpcfg['listenporthttps'])) { - $listenporthttps = $cpcfg['listenporthttps']; - } else { - $listenporthttps = 8001 + $cpcfg['zoneid']; - } - - system_generate_lighty_config( - "/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf", - $crt, - $key, - $ca, - "lighty-{$cpzone}-CaptivePortal-SSL.pid", - $listenporthttps, - "/usr/local/captiveportal", - "cert-{$cpzone}-portal.pem", - "ca-{$cpzone}-portal.pem", - $cpzone - ); - } - - /* generate lighttpd configuration */ - if (!empty($cpcfg['listenporthttp'])) { - $listenporthttp = $cpcfg['listenporthttp']; - } else { - $listenporthttp = 8000 + $cpcfg['zoneid']; - } - - system_generate_lighty_config( - "/var/etc/lighty-{$cpzone}-CaptivePortal.conf", - "", - "", - "", - "lighty-{$cpzone}-CaptivePortal.pid", - $listenporthttp, - "/usr/local/captiveportal", - "", - "", - $cpzone - ); - - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid"); - /* attempt to start lighttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf"); - - /* fire up https instance */ - if (isset($cpcfg['httpslogin'])) { - @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid"); - $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf"); - } -} - - -/* - * Remove clients that have been around for longer than the specified amount of time - * db file structure: - * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time,interim_interval - * (password is in Base64 and only saved when reauthentication is enabled) - */ -function captiveportal_prune_old() -{ - global $g, $config, $cpzone, $cpzoneid; - - if (empty($cpzone)) { - return; - } - - $cpc = new OPNsense\CaptivePortal\CPClient(); - - $cpcfg = $config['captiveportal'][$cpzone]; - if ( !isset($cpcfg['radacct_enable'])) { - // cleanup session (default) - $cpc->portalCleanupSessions($cpzone); - }else{ - // cleanup sessions if radius accounting is enable - // TODO: this code needs a rewrite, probably the easiest thing todo is update the zone administration and run - // the normal cleanup (portalCleanupSessions) to detach both processes - // - $vcpcfg = $config['voucher'][$cpzone]; - - /* check for expired entries */ - $idletimeout = 0; - $timeout = 0; - if (!empty($cpcfg['timeout']) && is_numeric($cpcfg['timeout'])) - $timeout = $cpcfg['timeout'] * 60; - - if (!empty($cpcfg['idletimeout']) && is_numeric($cpcfg['idletimeout'])) - $idletimeout = $cpcfg['idletimeout'] * 60; - - /* Is there any job to do? */ - if (!$timeout && !$idletimeout && !isset($cpcfg['reauthenticate']) && - !isset($cpcfg['radiussession_timeout']) && !isset($vcpcfg['enable'])) - return; - - $radiussrvs = captiveportal_get_radius_servers(); - - /* Read database */ - /* NOTE: while this can be simplified in non radius case keep as is for now */ - $cpdb = array(); // captiveportal_read_db(); - - $unsetindexes = array(); - - /* - * Snapshot the time here to use for calculation to speed up the process. - * If something is missed next run will catch it! - */ - $pruning_time = time(); - $stop_time = $pruning_time; - foreach ($cpdb as $cpentry) { - - $timedout = false; - $term_cause = 1; - if (empty($cpentry[11])) - $cpentry[11] = 'first'; - $radiusservers = $radiussrvs[$cpentry[11]]; - - /* hard timeout? */ - if ($timeout) { - if (($pruning_time - $cpentry[0]) >= $timeout) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - /* Session-Terminate-Time */ - if (!$timedout && !empty($cpentry[9])) { - if ($pruning_time >= $cpentry[9]) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - - /* if vouchers are configured, activate session timeouts */ - if (!$timedout && isset($vcpcfg['enable']) && !empty($cpentry[7])) { - if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { - $timedout = true; - $term_cause = 5; // Session-Timeout - $voucher_needs_sync = true; - } - } - - /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ - if (!$timedout && isset($cpcfg['radiussession_timeout']) && !empty($cpentry[7])) { - if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } - - if ($timedout) { - captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT"); - $unsetindexes[] = $cpentry[5]; - } - - /* do periodic RADIUS reauthentication? */ - if (!$timedout && !empty($radiusservers)) { - if (isset($cpcfg['radacct_enable'])) { - if ($cpcfg['reauthenticateacct'] == "stopstart") { - /* stop and restart accounting */ - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 10); // NAS Request - - // todo, zero counters - - RADIUS_ACCOUNTING_START($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac); // clientmac - } else if ($cpcfg['reauthenticateacct'] == "interimupdate") { - $session_time = $pruning_time - $cpentry[0]; - if (!empty($cpentry[10]) && $cpentry[10] > 60) - $interval = $cpentry[10]; - else - $interval = 0; - $past_interval_min = ($session_time > $interval); - if ($interval != 0) - $within_interval = ($session_time % $interval >= 0 && $session_time % $interval <= 59); - if ($interval === 0 || ($interval > 0 && $past_interval_min && $within_interval)) { - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 10, // NAS Request - true); // Interim Updates - } - } - } - - /* check this user against RADIUS again */ - if (isset($cpcfg['reauthenticate'])) { - $auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username - base64_decode($cpentry->bpassword), // password - $radiusservers, - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - $cpentry->pipeno_in); // ruleno - if ($auth_list['auth_val'] == 3) { - $cpc->disconnect($cpzone, $cpentry->sessionid); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[] = $cpentry[5]; - } else if ($auth_list['auth_val'] == 2) - //captiveportal_reapply_attributes($cpentry, $auth_list); - null; - } - } - } - } - - unset($cpdb); -} - -/* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all() { - global $config, $cpzone; - - if (!isset($config['captiveportal'][$cpzone]['radacct_enable'])) - return; - - $radiusservers = captiveportal_get_radius_servers(); - if (!empty($radiusservers)) { - $cpdb = new OPNsense\CaptivePortal\DB($cpzone); - - $clients = $cpdb->listClients(array()); - - foreach ($clients as $cpentry) { - if (empty($cpentry->radiusctx)) - $cpentry->radiusctx = 'first'; - if (!empty($radiusservers[$cpentry->radiusctx])) { - RADIUS_ACCOUNTING_STOP($cpentry->pipeno_in, // ruleno - $cpentry->username, // username - $cpentry->sessionid, // sessionid - $cpentry->allow_time, // start time - $radiusservers[$cpentry->radiusctx], - $cpentry->ip, // clientip - $cpentry->mac, // clientmac - 7); // Admin Reboot - } - } - - unset($cpdb); - } -} - - -function captiveportal_passthrumac_findbyname($username) { - global $config, $cpzone; - - if (is_array($config['captiveportal'][$cpzone]['passthrumac'])) { - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $macent) { - if ($macent['username'] == $username) - return $macent; - } - } - return NULL; -} - - - -function captiveportal_init_radius_servers() { - global $config, $g, $cpzone; - - /* generate radius server database */ - if ($config['captiveportal'][$cpzone]['radiusip'] && (!isset($config['captiveportal'][$cpzone]['auth_method']) || - ($config['captiveportal'][$cpzone]['auth_method'] == "radius"))) { - $radiusip = $config['captiveportal'][$cpzone]['radiusip']; - $radiusip2 = ($config['captiveportal'][$cpzone]['radiusip2']) ? $config['captiveportal'][$cpzone]['radiusip2'] : null; - $radiusip3 = ($config['captiveportal'][$cpzone]['radiusip3']) ? $config['captiveportal'][$cpzone]['radiusip3'] : null; - $radiusip4 = ($config['captiveportal'][$cpzone]['radiusip4']) ? $config['captiveportal'][$cpzone]['radiusip4'] : null; - - if ($config['captiveportal'][$cpzone]['radiusport']) - $radiusport = $config['captiveportal'][$cpzone]['radiusport']; - else - $radiusport = 1812; - if ($config['captiveportal'][$cpzone]['radiusacctport']) - $radiusacctport = $config['captiveportal'][$cpzone]['radiusacctport']; - else - $radiusacctport = 1813; - if ($config['captiveportal'][$cpzone]['radiusport2']) - $radiusport2 = $config['captiveportal'][$cpzone]['radiusport2']; - else - $radiusport2 = 1812; - if ($config['captiveportal'][$cpzone]['radiusport3']) - $radiusport3 = $config['captiveportal'][$cpzone]['radiusport3']; - else - $radiusport3 = 1812; - if ($config['captiveportal'][$cpzone]['radiusport4']) - $radiusport4 = $config['captiveportal'][$cpzone]['radiusport4']; - else - $radiusport4 = 1812; - - $radiuskey = $config['captiveportal'][$cpzone]['radiuskey']; - $radiuskey2 = $config['captiveportal'][$cpzone]['radiuskey2']; - $radiuskey3 = $config['captiveportal'][$cpzone]['radiuskey3']; - $radiuskey4 = $config['captiveportal'][$cpzone]['radiuskey4']; - - $cprdsrvlck = lock("captiveportalradius{$cpzone}", LOCK_EX); - $fd = @fopen("/var/db/captiveportal_radius_{$cpzone}.db", "w"); - if (!$fd) { - captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n"); - unlock($cprdsrvlck); - return 1; - } - if (isset($radiusip)) - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . ",first"); - if (isset($radiusip2)) - fwrite($fd,"\n" . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2 . ",first"); - if (isset($radiusip3)) - fwrite($fd,"\n" . $radiusip3 . "," . $radiusport3 . "," . $radiusacctport . "," . $radiuskey3 . ",second"); - if (isset($radiusip4)) - fwrite($fd,"\n" . $radiusip4 . "," . $radiusport4 . "," . $radiusacctport . "," . $radiuskey4 . ",second"); - - - fclose($fd); - unlock($cprdsrvlck); - } -} - -/* read RADIUS servers into array */ -function captiveportal_get_radius_servers() { - global $g, $cpzone; - - $cprdsrvlck = lock("captiveportalradius{$cpzone}"); - if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) { - $radiusservers = array(); - $cpradiusdb = file("/var/db/captiveportal_radius_{$cpzone}.db", - FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if ($cpradiusdb) { - foreach($cpradiusdb as $cpradiusentry) { - $line = trim($cpradiusentry); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key'], $context) = explode(",",$line); - } - if (empty($context)) { - if (!is_array($radiusservers['first'])) - $radiusservers['first'] = array(); - $radiusservers['first'] = $radsrv; - } else { - if (!is_array($radiusservers[$context])) - $radiusservers[$context] = array(); - $radiusservers[$context][] = $radsrv; - } - } - } - unlock($cprdsrvlck); - return $radiusservers; - } - - unlock($cprdsrvlck); - return false; -} - -/* log successful captive portal authentication to syslog */ -/* part of this code from php.net */ -function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { - // Log it - if (!$message) - $message = "{$status}: {$user}, {$mac}, {$ip}"; - else { - $message = trim($message); - $message = "{$status}: {$user}, {$mac}, {$ip}, {$message}"; - } - captiveportal_syslog($message); -} - -/* log simple messages to syslog */ -function captiveportal_syslog($message) { - global $cpzone; - - $message = trim($message); - $message .= "Zone: {$cpzone} - {$message}"; - openlog("logportalauth", LOG_PID, LOG_LOCAL4); - // Log it - syslog(LOG_INFO, $message); - closelog(); -} - -function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = null) { - global $g, $config, $cpzoneid; - - $pipeno = captiveportal_get_next_dn_ruleno(); - - /* If the pool is empty, return appropriate message and fail authentication */ - if (empty($pipeno)) { - $auth_list = array(); - $auth_list['auth_val'] = 1; - $auth_list['error'] = "System reached maximum login capacity"; - return $auth_list; - } - - $radiusservers = captiveportal_get_radius_servers(); - - if (is_null($radiusctx)) - $radiusctx = 'first'; - - $auth_list = RADIUS_AUTHENTICATION($username, - $password, - $radiusservers[$radiusctx], - $clientip, - $clientmac, - $pipeno); - - if ($auth_list['auth_val'] == 2) { - captiveportal_logportalauth($username,$clientmac,$clientip,$type); - $sessionid = portal_allow($clientip, - $clientmac, - $username, - $password, - $auth_list, - $pipeno, - $radiusctx); - } else { - captiveportal_free_dn_ruleno($pipeno); - } - - return $auth_list; -} - - -function captiveportal_write_elements() -{ - global $g, $config, $cpzone; - - $cpcfg = $config['captiveportal'][$cpzone]; - - @mkdir('/var/db/cpelements'); - - if (isset($cpcfg['element']) && is_array($cpcfg['element'])) { - foreach ($cpcfg['element'] as $data) { - if (!@file_put_contents("/var/db/cpelements/{$data['name']}", base64_decode($data['content']))) { - printf(gettext("Error: cannot open '%s' in captiveportal_write_elements()%s"), $data['name'], "\n"); - return 1; - } - if (!file_exists("/usr/local/captiveportal/{$data['name']}")) { - @symlink("/var/db/cpelements/{$data['name']}", "/usr/local/captiveportal/{$data['name']}"); - } - } - } - - return 0; -} - -function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max = 64500) { - global $cpzone; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $ridx = $rulenos_start; - while ($ridx < $rulenos_range_max) { - if ($rules[$ridx] == $cpzone) { - $rules[$ridx] = false; - $ridx++; - $rules[$ridx] = false; - $ridx++; - } else - $ridx += 2; - } - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unset($rules); - } - unlock($cpruleslck); -} - -function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_max = 64500) { - global $config, $g, $cpzone; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - $ruleno = 0; - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $ridx = $rulenos_start; - while ($ridx < $rulenos_range_max) { - if (empty($rules[$ridx])) { - $ruleno = $ridx; - $rules[$ridx] = $cpzone; - $ridx++; - $rules[$ridx] = $cpzone; - break; - } else { - $ridx += 2; - } - } - } else { - $rules = array_pad(array(), $rulenos_range_max, false); - $ruleno = $rulenos_start; - $rules[$rulenos_start] = $cpzone; - $rulenos_start++; - $rules[$rulenos_start] = $cpzone; - } - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unlock($cpruleslck); - unset($rules); - - return $ruleno; -} - -function captiveportal_free_dn_ruleno($ruleno) { - global $config, $g; - - $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - if (file_exists("/var/db/captiveportaldn.rules")) { - $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules")); - $rules[$ruleno] = false; - $ruleno++; - $rules[$ruleno] = false; - file_put_contents("/var/db/captiveportaldn.rules", serialize($rules)); - unset($rules); - } - unlock($cpruleslck); -} - - -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ - -function getNasIP() -{ - global $config, $cpzone; - - if (empty($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) { - $nasIp = get_interface_ip(); - } else { - if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) - $nasIp = $config['captiveportal'][$cpzone]['radiussrcip_attribute']; - else - $nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']); - } - - if(!is_ipaddr($nasIp)) - $nasIp = "0.0.0.0"; - - return $nasIp; -} - -function portal_ip_from_client_ip($cliip) { - global $config, $cpzone; - - $isipv6 = is_ipaddrv6($cliip); - $interfaces = explode(",", $config['captiveportal'][$cpzone]['interface']); - foreach ($interfaces as $cpif) { - if ($isipv6) { - $ip = get_interface_ipv6($cpif); - $sn = get_interface_subnetv6($cpif); - } else { - $ip = get_interface_ip($cpif); - $sn = get_interface_subnet($cpif); - } - if (ip_in_subnet($cliip, "{$ip}/{$sn}")) - return $ip; - } - - $inet = ($isipv6) ? '-inet6' : '-inet'; - $iface = exec_command("/sbin/route -n get {$inet} {$cliip} | /usr/bin/awk '/interface/ { print \$2; };'"); - $iface = trim($iface, "\n"); - if (!empty($iface)) { - $ip = ($isipv6) ? find_interface_ipv6($iface) : find_interface_ip($iface); - if (is_ipaddr($ip)) - return $ip; - } - - // doesn't match up to any particular interface - // so let's set the portal IP to what PHP says - // the server IP issuing the request is. - // allows same behavior as 1.2.x where IP isn't - // in the subnet of any CP interface (static routes, etc.) - // rather than forcing to DNS hostname resolution - $ip = $_SERVER['SERVER_ADDR']; - if (is_ipaddr($ip)) - return $ip; - - return false; -} - -function portal_hostname_from_client_ip($cliip) { - global $config, $cpzone; - - $cpcfg = $config['captiveportal'][$cpzone]; - - if (isset($cpcfg['httpslogin'])) { - $listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 8001); - $ourhostname = $cpcfg['httpsname']; - - if ($listenporthttps != 443) - $ourhostname .= ":" . $listenporthttps; - } else { - $listenporthttp = $cpcfg['listenporthttp'] ? $cpcfg['listenporthttp'] : ($cpcfg['zoneid'] + 8000); - $ifip = portal_ip_from_client_ip($cliip); - if (!$ifip) - $ourhostname = "{$config['system']['hostname']}.{$config['system']['domain']}"; - else - $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}"; - - if ($listenporthttp != 80) - $ourhostname .= ":" . $listenporthttp; - } - - return $ourhostname; -} - -/* functions move from index.php */ - -function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { - global $g, $config, $cpzone; - - /* Get captive portal layout */ - if ($type == "redir") { - header("Location: {$redirurl}"); - return; - } else if ($type == "login") - $htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html"); - else - $htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html"); - - $cpcfg = $config['captiveportal'][$cpzone]; - - /* substitute the PORTAL_REDIRURL variable */ - if ($cpcfg['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$cpcfg['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$cpcfg['preauthurl']}", $htmltext); - } - - /* substitute other variables */ - $ourhostname = portal_hostname_from_client_ip($clientip); - $protocol = (isset($cpcfg['httpslogin'])) ? 'https://' : 'http://'; - $htmltext = str_replace("\$PORTAL_ACTION\$", "{$protocol}{$ourhostname}/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "{$protocol}{$ourhostname}/", $htmltext); - - $htmltext = str_replace("\$PORTAL_ZONE\$", htmlspecialchars($cpzone), $htmltext); - $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); - - // Special handling case for captive portal master page so that it can be ran - // through the PHP interpreter using the include method above. We convert the - // $VARIABLE$ case to #VARIABLE# in /usr/local/etc/inc/captiveportal.inc before writing out. - $htmltext = str_replace("#PORTAL_ZONE#", htmlspecialchars($cpzone), $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); - $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); - $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); - - echo $htmltext; -} - -function portal_mac_radius($clientmac,$clientip) { - global $config, $cpzone; - - $radmac_secret = $config['captiveportal'][$cpzone]['radmac_secret']; - - /* authentication against the radius server */ - $username = mac_format($clientmac); - $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); - if ($auth_list['auth_val'] == 2) - return TRUE; - - if (!empty($auth_list['url_redirection'])) - portal_reply_page($auth_list['url_redirection'], "redir"); - - return FALSE; -} - - - -/* - * Used for when pass-through credits are enabled. - * Returns true when there was at least one free login to deduct for the MAC. - * Expired entries are removed as they are seen. - * Active entries are updated according to the configuration. - */ -function portal_consume_passthrough_credit($clientmac) { - global $config, $cpzone; - - if (!empty($config['captiveportal'][$cpzone]['freelogins_count']) && is_numeric($config['captiveportal'][$cpzone]['freelogins_count'])) - $freeloginscount = $config['captiveportal'][$cpzone]['freelogins_count']; - else - return false; - - if (!empty($config['captiveportal'][$cpzone]['freelogins_resettimeout']) && is_numeric($config['captiveportal'][$cpzone]['freelogins_resettimeout'])) - $resettimeout = $config['captiveportal'][$cpzone]['freelogins_resettimeout']; - else - return false; - - if ($freeloginscount < 1 || $resettimeout <= 0 || !$clientmac) - return false; - - $updatetimeouts = isset($config['captiveportal'][$cpzone]['freelogins_updatetimeouts']); - - /* - * Read database of used MACs. Lines are a comma-separated list - * of the time, MAC, then the count of pass-through credits remaining. - */ - $usedmacs = captiveportal_read_usedmacs_db(); - - $currenttime = time(); - $found = false; - foreach ($usedmacs as $key => $usedmac) { - $usedmac = explode(",", $usedmac); - - if ($usedmac[1] == $clientmac) { - if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { - if ($usedmac[2] < 1) { - if ($updatetimeouts) { - $usedmac[0] = $currenttime; - unset($usedmacs[$key]); - $usedmacs[] = implode(",", $usedmac); - captiveportal_write_usedmacs_db($usedmacs); - } - - return false; - } else { - $usedmac[2] -= 1; - $usedmacs[$key] = implode(",", $usedmac); - } - - $found = true; - } else - unset($usedmacs[$key]); - - break; - } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) - unset($usedmacs[$key]); - } - - if (!$found) { - $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); - $usedmacs[] = implode(",", $usedmac); - } - - captiveportal_write_usedmacs_db($usedmacs); - return true; -} - -function captiveportal_read_usedmacs_db() { - global $g, $cpzone; - - $cpumaclck = lock("captiveusedmacs{$cpzone}"); - if (file_exists("/var/db/captiveportal_usedmacs_{$cpzone}.db")) { - $usedmacs = file("/var/db/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if (!$usedmacs) - $usedmacs = array(); - } else - $usedmacs = array(); - - unlock($cpumaclck); - return $usedmacs; -} - -function captiveportal_write_usedmacs_db($usedmacs) { - global $g, $cpzone; - - $cpumaclck = lock("captiveusedmacs{$cpzone}", LOCK_EX); - @file_put_contents("/var/db/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs)); - unlock($cpumaclck); -} - -function captiveportal_blocked_mac($mac) { - global $config, $g, $cpzone; - - if (empty($mac) || !is_macaddr($mac)) - return false; - - if (!is_array($config['captiveportal'][$cpzone]['passthrumac'])) - return false; - - foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $passthrumac) - if (($passthrumac['action'] == 'block') && - ($passthrumac['mac'] == strtolower($mac))) - return true; - - return false; - -} - -function captiveportal_send_server_accounting($off = false) { - global $cpzone, $config; - - if (!isset($config['captiveportal'][$cpzone]['radacct_enable'])) { - return; - } - if ($off) { - $racct = new Auth_RADIUS_Acct_Off; - } else { - $racct = new Auth_RADIUS_Acct_On; - } - $radiusservers = captiveportal_get_radius_servers(); - if (empty($radiusservers)) { - return; - } - foreach ($radiusservers['first'] as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - // Send request - $result = $racct->send(); - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - } else { - $retvalue['acct_val'] = 1 ; - } - - $racct->close(); - return $retvalue; -} diff --git a/src/etc/inc/captiveportal.radius_accounting.inc b/src/etc/inc/captiveportal.radius_accounting.inc deleted file mode 100644 index 03617cdcc..000000000 --- a/src/etc/inc/captiveportal.radius_accounting.inc +++ /dev/null @@ -1,303 +0,0 @@ - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY - OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - This code cannot simply be copied and put under the GNU Public License or - any other GPL-like (LGPL, GPL2) License. - - This code is made possible thx to samples made by Michael Bretterklieber - author of the PHP PECL Radius package -*/ - -define('GIGAWORDS_RIGHT_OPERAND', '4294967296'); // 2^32 - -/* -RADIUS ACCOUNTING START ------------------------ -*/ - -PEAR::loadExtension('bcmath'); - -function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac) { - - global $config, $cpzone; - - $retvalue = array(); - $nas_mac = mac_format(get_interface_mac("wan")); - $clientmac = mac_format($clientmac); - $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance - $racct = new Auth_RADIUS_Acct_Start; - - /* Different Authentication options - * - * Its possible todo other authentication methods but still do radius accounting - * - * RADIUS_AUTH_RADIUS => authenticated via Radius - * RADIUS_AUTH_LOCAL => authenticated local - * RADIUS_AUTH_REMOTE => authenticated remote - * - */ - $racct->authentic = RADIUS_AUTH_RADIUS; - - // Construct data package - $racct->username = $username; - /* - Add support for more then one radiusserver. - At most 10 servers may be specified. - When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - - /* - * NAS_PORT_TYPE, int => RADIUS_ETHERNET (15), RADIUS_WIRELESS_OTHER (18), RADIUS_WIRELESS_IEEE_802_11 (19) - */ - - // Default attributes - $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - - // Extra data to identify the client and nas - $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr"); - $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Send request - $result = $racct->send(); - - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - - } else { - $retvalue['acct_val'] = 1 ; - - } - - // close OO RADIUS_ACCOUNTING - $racct->close(); - unset($racct); - - return $retvalue ; - -} - -/* -RADIUS ACCOUNTING STOP/UPDATE ------------------------------ -*/ - -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { - - global $config, $cpzone; - - $retvalue = array(); - $nas_mac = mac_format(get_interface_mac("wan")); - $clientmac = mac_format($clientmac); - $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - $stop_time = (empty($stop_time)) ? time() : $stop_time; - $session_time = $stop_time - $start_time; - $volume['input_bytes_radius'] = remainder(0); - $volume['input_gigawords'] = gigawords(0); - $volume['output_bytes_radius'] = remainder(0); - $volume['output_gigawords'] = gigawords(0); - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance, see if we should use Accounting Interim Updates or Accounting STOP messages - if ($interimupdate) - $racct = new Auth_RADIUS_Acct_Update; - else - $racct = new Auth_RADIUS_Acct_Stop; - - /* - Add support for more then one radiusserver. - At most 10 servers may be specified. - When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); - } - - // See RADIUS_ACCOUNTING_START for info - $racct->authentic = RADIUS_AUTH_RADIUS; - - // Construct data package - $racct->username = $username; - // Set session_time - $racct->session_time = $session_time; - - if (PEAR::isError($racct->start())) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $racct->getMessage(); - - // If we encounter an error immediately stop this function and go back - $racct->close(); - return $retvalue; - } - - // The RADIUS PECL Package doesn't have this vars so we create them ourself - define("RADIUS_ACCT_INPUT_GIGAWORDS", "52"); - define("RADIUS_ACCT_OUTPUT_GIGAWORDS", "53"); - - // Default attributes - $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - - // Extra data to identify the client and nas - $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, "addr"); - $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Volume stuff: Ingress - $racct->putAttribute(RADIUS_ACCT_INPUT_PACKETS, $volume['input_pkts'], "integer"); - $racct->putAttribute(RADIUS_ACCT_INPUT_OCTETS, $volume['input_bytes_radius'], "integer"); - $racct->putAttribute(RADIUS_ACCT_INPUT_GIGAWORDS, $volume['input_gigawords'], "integer"); - // Volume stuff: Outgress - $racct->putAttribute(RADIUS_ACCT_OUTPUT_PACKETS, $volume['output_pkts'], "integer"); - $racct->putAttribute(RADIUS_ACCT_OUTPUT_OCTETS, $volume['output_bytes_radius'], "integer"); - $racct->putAttribute(RADIUS_ACCT_OUTPUT_GIGAWORDS, $volume['output_gigawords'], "integer"); - $racct->putAttribute(RADIUS_ACCT_SESSION_TIME, $session_time, "integer"); - - if (!$interimupdate) - $racct->putAttribute(RADIUS_ACCT_TERMINATE_CAUSE, $term_cause); - - // Send request - $result = $racct->send(); - - // Evaluation of the response - // 5 -> Accounting-Response - // See RFC2866 for this. - if (PEAR::isError($result)) { - $retvalue['acct_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['acct_val'] = 5 ; - - } else { - $retvalue['acct_val'] = 1 ; - - } - - // close OO RADIUS_ACCOUNTING - $racct->close(); - - return $retvalue; - -} - - -/** - * Radius Volume Helpers - * - */ - -function gigawords($bytes) { - - - /* - * RFC2866 Specifies a 32bit unsigned integer, which is a max of 4294967295 - * Currently there is a fault in the PECL radius_put_int function which can handle only 32bit signed integer. - */ - - // We use BCMath functions since normal integers don't work with so large numbers - $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , GIGAWORDS_RIGHT_OPERAND) ; - - // We need to manually set this to a zero instead of NULL for put_int() safety - if (is_null($gigawords)) { - $gigawords = 0; - } - - return $gigawords; - -} - -function remainder($bytes) { - - // Calculate the bytes we are going to send to the radius - $bytes = bcmod($bytes, GIGAWORDS_RIGHT_OPERAND); - - if (is_null($bytes)) { - $bytes = 0; - } - - - return $bytes; - -} - -?> diff --git a/src/etc/inc/captiveportal.radius_authentication.inc b/src/etc/inc/captiveportal.radius_authentication.inc deleted file mode 100644 index dc146762e..000000000 --- a/src/etc/inc/captiveportal.radius_authentication.inc +++ /dev/null @@ -1,181 +0,0 @@ - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY - OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - This code cannot simply be copied and put under the GNU Public License or - any other GPL-like (LGPL, GPL2) License. - - This code is made possible thx to samples made by Michael Bretterklieber - author of the PHP PECL Radius package - -*/ - -/* -RADIUS AUTHENTICATION ---------------------- -*/ - -require_once("captiveportal.CHAP.inc"); - -function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { - - global $config, $cpzone; - - $retvalue = array(); - $clientmac = mac_format($clientmac); - $nas_port = $ruleno; - $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; - $radius_protocol = $config['captiveportal'][$cpzone]['radius_protocol']; - // Do we even need to set it to NULL? - $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = null; - $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = $retvalue['interim_interval'] = null; - - switch($radiusvendor) { - - case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - default: - $calledstationid = getNasIP(); - $callingstationid = $clientmac; - break; - } - - // Create our instance - $classname = 'Auth_RADIUS_' . $radius_protocol; - $rauth = new $classname($username, $password); - - /* - * Add support for more then one radiusserver. - * At most 10 servers may be specified. - * When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - - } - - // Construct data package - $rauth->username = $username; - switch ($radius_protocol) { - case 'CHAP_MD5': - case 'MSCHAPv1': - $classname = $radius_protocol == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5'; - $crpt = new $classname; - $crpt->username = $username; - $crpt->password = $password; - $rauth->challenge = $crpt->challenge; - $rauth->chapid = $crpt->chapid; - $rauth->response = $crpt->challengeResponse(); - $rauth->flags = 1; - // If you must use deprecated and weak LAN-Manager-Responses use this: - //$rauth->lmResponse = $crpt->lmChallengeResponse(); - //$rauth->flags = 0; - break; - - case 'MSCHAPv2': - // Construct data package - $crpt = new Crypt_CHAP_MSv2; - $crpt->username = $username; - $crpt->password = $password; - $rauth->challenge = $crpt->authChallenge; - $rauth->peerChallenge = $crpt->peerChallenge; - $rauth->chapid = $crpt->chapid; - $rauth->response = $crpt->challengeResponse(); - break; - - default: - $rauth->password = $password; - break; - } - - if (PEAR::isError($rauth->start())) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $rauth->getError(); - - // If we encounter an error immediately stop this function and go back - $rauth->close(); - return $retvalue; - } - - // Default attributes - $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); - $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); - - // Extra data to identify the client and nas - $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr); - $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); - $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); - - // Send request - $result = $rauth->send(); - - // Evaluation of the response - // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius - // 2 -> Access-Accept - // 3 -> Access-Reject - // See RFC2865 for this. - if (PEAR::isError($result)) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $result->getMessage(); - - } else if ($result === true) { - $retvalue['auth_val'] = 2; - - } else { - $retvalue['auth_val'] = 3; - - } - - // Get attributes, even if auth failed. - // We will push the results in the retvalue array - if (!$rauth->getAttributes()) { - $retvalue['error'] = $rauth->getError(); - - } else { - $retvalue = array_merge($retvalue,$rauth->listAttributes()); - - // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller - if (!empty($retvalue['session_terminate_time'])) { - $stt = &$retvalue['session_terminate_time']; - $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt))); - } - } - - // close OO RADIUS_AUTHENTICATION - $rauth->close(); - unset($rauth); - - return $retvalue; - -} - -?> diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index e28a2fbe0..d46612873 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -475,30 +475,12 @@ function is_webgui_cert($certref) $config['system']['webgui']['protocol'] != 'http'; } -function is_captiveportal_cert($certref) -{ - global $config; - - if (!isset($config['captiveportal'])) { - return; - } - - foreach ($config['captiveportal'] as $portal) { - if (isset($portal['enable']) && isset($portal['httpslogin']) && ($portal['certref'] == $certref)) { - return true; - } - } - - return false; -} - function cert_in_use($certref) { return (is_webgui_cert($certref) || is_user_cert($certref) || is_openvpn_server_cert($certref) || is_openvpn_client_cert($certref) || - is_ipsec_cert($certref) || - is_captiveportal_cert($certref)); + is_ipsec_cert($certref)); } function crl_update(& $crl) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index eaa8181f7..5ce39f349 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -3120,10 +3120,6 @@ function interface_configure($interface = 'wan', $reloadall = false, $linkupeven /* update dyndns */ configd_run("dyndns reload {$interface}"); - - /* XXX: which CPZONE? Needed? */ - /* reload captive portal */ - captiveportal_init_rules(); } } @@ -5412,3 +5408,21 @@ function get_ppp_uptime($port){ return $total_time; } } + +/** + * Get the NAS-IP-Address based on the current wan address + * + * Use functions in interfaces.inc to find this out + * + */ + +function getNasIP() +{ + $nasIp = get_interface_ip(); + + if (!is_ipaddr($nasIp)) { + $nasIp = '0.0.0.0'; + } + + return $nasIp; +} diff --git a/src/etc/inc/ipsec.auth-user.php b/src/etc/inc/ipsec.auth-user.php index a23a4fdff..cd5e74a96 100755 --- a/src/etc/inc/ipsec.auth-user.php +++ b/src/etc/inc/ipsec.auth-user.php @@ -201,21 +201,6 @@ if (!function_exists("getNasID")) { } } -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ -if (!function_exists("getNasIP")) { - function getNasIP() - { - $nasIp = get_interface_ip(); - if(!$nasIp) - $nasIp = "0.0.0.0"; - return $nasIp; - } -} /* setup syslog logging */ openlog("charon", LOG_ODELAY, LOG_AUTH); diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index b3495ef79..f27863276 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -198,21 +198,6 @@ function getNasID() } } -/** - * Get the NAS-IP-Address based on the current wan address - * - * Use functions in interfaces.inc to find this out - * - */ -if (!function_exists("getNasIP")) { -function getNasIP() -{ - $nasIp = get_interface_ip(); - if(!$nasIp) - $nasIp = "0.0.0.0"; - return $nasIp; -} -} /* setup syslog logging */ openlog("openvpn", LOG_ODELAY, LOG_AUTH); diff --git a/src/etc/inc/radius.inc b/src/etc/inc/radius.inc index 8352f1fc1..e6ab0e610 100644 --- a/src/etc/inc/radius.inc +++ b/src/etc/inc/radius.inc @@ -288,22 +288,15 @@ class Auth_RADIUS extends PEAR { */ function putStandardAttributes() { - global $config, $cpzone; + global $config; + + $ipaddr = getNasIP(); - if (!function_exists("getNasIp")) { - $ipaddr = "0.0.0.0"; - } else { - $ipaddr = getNasIP(); - } // Add support for sending NAS-IP-Address, set this explicitly as an ip_addr $this->putAttribute(RADIUS_NAS_IP_ADDRESS, $ipaddr, "addr"); // Add support for sending NAS-Identifier - if (empty($config["captiveportal"][$cpzone]["radiusnasid"])) { - $nasId = php_uname("n"); - } else { - $nasId = $config["captiveportal"][$cpzone]["radiusnasid"]; - } + $nasId = php_uname("n"); $this->putAttribute(RADIUS_NAS_IDENTIFIER, $nasId); } diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 030bbb99c..377f302b2 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -97,8 +97,6 @@ function enable_rrd_graphing() $mbuf = "-mbuf.rrd"; $cellular = "-cellular.rrd"; $vpnusers = "-vpnusers.rrd"; - $captiveportalconcurrent = "-concurrent.rrd"; - $captiveportalloggedin = "-loggedin.rrd"; $ntpd = "ntpd.rrd"; $rrdtool = "/usr/local/bin/rrdtool"; @@ -110,7 +108,6 @@ function enable_rrd_graphing() $php = "/usr/local/bin/php"; $cpustats = "/usr/local/sbin/cpustats"; $ifconfig = "/sbin/ifconfig"; - $captiveportal_gather = "/usr/local/sbin/captiveportal_gather_stats.php"; $ntpq = "/usr/local/sbin/ntpq"; $rrdtrafficinterval = 60; @@ -123,7 +120,6 @@ function enable_rrd_graphing() $rrdmbufinterval = 60; $rrdcellularinterval = 60; $rrdvpninterval = 60; - $rrdcaptiveportalinterval = 60; $rrdntpdinterval = 60; $trafficvalid = $rrdtrafficinterval * 2; @@ -136,7 +132,6 @@ function enable_rrd_graphing() $mbufvalid = $rrdmbufinterval * 2; $cellularvalid = $rrdcellularinterval * 2; $vpnvalid = $rrdvpninterval * 2; - $captiveportalvalid = $rrdcaptiveportalinterval * 2; $ntpdvalid = $rrdntpdinterval * 2; /* Assume 2*10GigE for now */ @@ -486,94 +481,10 @@ function enable_rrd_graphing() $rrdupdatesh .= "MBUF=`$netstat -m | "; $rrdupdatesh .= " $awk '/mbuf clusters in use/ { gsub(/\//, \":\", $1); print $1; }'`\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mbuf N:\${MBUF}\n"; - /* End mbuf statistics */ /* End System statistics */ - /* Captive Portal statistics, set up the rrd file */ - if(is_array($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpkey => $cp) { - if (!isset($cp['enable'])) - continue; - - $ifname= "captiveportal"; - $concurrent_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalconcurrent; - if (!file_exists("$concurrent_filename")) { - $rrdcreate = "$rrdtool create $concurrent_filename --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; - $rrdcreate .= "RRA:MIN:0.5:1:1200 "; - $rrdcreate .= "RRA:MIN:0.5:5:720 "; - $rrdcreate .= "RRA:MIN:0.5:60:1860 "; - $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; - $rrdcreate .= "RRA:MAX:0.5:1:1200 "; - $rrdcreate .= "RRA:MAX:0.5:5:720 "; - $rrdcreate .= "RRA:MAX:0.5:60:1860 "; - $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; - $rrdcreate .= "RRA:LAST:0.5:1:1200 "; - $rrdcreate .= "RRA:LAST:0.5:5:720 "; - $rrdcreate .= "RRA:LAST:0.5:60:1860 "; - $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; - - create_new_rrd($rrdcreate); - unset($rrdcreate); - } - - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if(file_exists("/var/run/booting")) { - mwexec("$rrdtool update $concurrent_filename N:U"); - } - - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'concurrent'`\n"; - $rrdupdatesh .= "$rrdtool update $concurrent_filename \${CP}\n"; - - $loggedin_filename = $rrddbpath . $ifname . '-' . $cpkey . $captiveportalloggedin; - if (!file_exists("$loggedin_filename")) { - $rrdcreate = "$rrdtool create $loggedin_filename --step $rrdcaptiveportalinterval "; - $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; - $rrdcreate .= "RRA:MIN:0.5:1:1200 "; - $rrdcreate .= "RRA:MIN:0.5:5:720 "; - $rrdcreate .= "RRA:MIN:0.5:60:1860 "; - $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; - $rrdcreate .= "RRA:MAX:0.5:1:1200 "; - $rrdcreate .= "RRA:MAX:0.5:5:720 "; - $rrdcreate .= "RRA:MAX:0.5:60:1860 "; - $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; - $rrdcreate .= "RRA:LAST:0.5:1:1200 "; - $rrdcreate .= "RRA:LAST:0.5:5:720 "; - $rrdcreate .= "RRA:LAST:0.5:60:1860 "; - $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; - - create_new_rrd($rrdcreate); - unset($rrdcreate); - } - - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if(file_exists("/var/run/booting")) { - mwexec("$rrdtool update $loggedin_filename N:U"); - } - - /* the Captive Portal stats gathering function. */ - $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; - $rrdupdatesh .= "CP=`${php} -q ${captiveportal_gather} '${cpkey}' 'loggedin'`\n"; - $rrdupdatesh .= "$rrdtool update $loggedin_filename \${CP}\n"; - - } - } - /* End Captive Portal statistics */ - /* NTP, set up the ntpd rrd file */ if (isset($config['ntpd']['statsgraph'])) { /* set up the ntpd rrd file */ diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index d79b82de8..7148870e4 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1025,32 +1025,13 @@ function system_generate_lighty_config( $port = 80, $document_root = '/usr/local/www/', $cert_location = 'cert.pem', - $ca_location = 'ca.pem', - $captive_portal = false) + $ca_location = 'ca.pem') { global $config; @mkdir('/tmp/lighttpdcompress'); - if ($captive_portal !== false) { - $captiveportal = ',"mod_evasive"'; - $http_rewrite_rules = "url.rewrite-once = ( \"(.*captiveportal.*)\" => \"$1\", \"(.*)\" => \"/index.php?zone={$captive_portal}&redirurl=$1\" )\n"; - - if (!isset($config['captiveportal'][$captive_portal]['maxprocperip']) || empty($config['captiveportal'][$captive_portal]['maxprocperip'])) { - $maxprocperip = 10; - } else { - $maxprocperip = $config['captiveportal'][$captive_portal]['maxprocperip']; - } - - $captive_portal_mod_evasive = "evasive.max-conns-per-ip = {$maxprocperip}"; - - $server_upload_dirs = "server.upload-dirs = ( \"/tmp/captiveportal/\" )\n"; - @mkdir('/tmp/captiveportal', 0555); - $server_max_request_size = "server.max-request-size = 384"; - $cgi_config = ""; - } else { - $captiveportal = ",\"mod_cgi\""; - $http_rewrite_rules = << "/usr/local/opnsense/www/" ) alias.url += ( "/api/" => "/usr/local/opnsense/www/" ) @@ -1059,11 +1040,9 @@ url.rewrite-if-not-file = ( "^/ui/(.*)$" => "/ui/index.php?_url=/$1" , ) EOD; - $captive_portal_mod_evasive = ""; - $server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n"; - $server_max_request_size = "server.max-request-size = 2097152"; - $cgi_config = "cgi.assign = ( \".cgi\" => \"\" )"; - } + $server_upload_dirs = "server.upload-dirs = ( \"/root/\", \"/tmp/\", \"/var/\" )\n"; + $server_max_request_size = "server.max-request-size = 2097152"; + $cgi_config = "cgi.assign = ( \".cgi\" => \"\" )"; if (empty($port)) $lighty_port = "80"; @@ -1079,26 +1058,10 @@ EOD; else $max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; - // Ramp up captive portal max procs, assuming each PHP process can consume up to 64MB RAM - if ($captive_portal !== false) { - if ($realmem > 135 and $realmem < 256) { - $max_procs += 1; // 2 worker processes - } else if ($realmem > 255 and $realmem < 513) { - $max_procs += 2; // 3 worker processes - } else if ($realmem > 512) { - $max_procs += 4; // 6 worker processes - } - if ($max_procs > 1) - $max_php_children = intval($max_procs/2); - else - $max_php_children = 1; - - } else { - if ($realmem < 78) - $max_php_children = 0; - else - $max_php_children = 1; - } + if ($realmem < 78) + $max_php_children = 0; + else + $max_php_children = 1; if(!isset($config['syslog']['nologlighttpd'])) { $lighty_use_syslog = << "access 50 hours", ) @@ -1337,7 +1294,7 @@ EOD; } // Add HTTP to HTTPS redirect - if ($captive_portal === false && $config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) { + if ($config['system']['webgui']['protocol'] == "https" && !isset($config['system']['webgui']['disablehttpredirect'])) { if($lighty_port != "443") { $redirectport = ":{$lighty_port}"; } else { diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index bfb2b59cc..60ccff353 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1059,36 +1059,11 @@ function ip_in_subnet($addr,$subnet) { } } - - -function mac_format($clientmac) { - global $config, $cpzone; - - $mac = explode(":", $clientmac); - $mac_format = $cpzone ? $config['captiveportal'][$cpzone]['radmac_format'] : false; - - switch($mac_format) { - case 'singledash': - return "$mac[0]$mac[1]$mac[2]-$mac[3]$mac[4]$mac[5]"; - - case 'ietf': - return "$mac[0]-$mac[1]-$mac[2]-$mac[3]-$mac[4]-$mac[5]"; - - case 'cisco': - return "$mac[0]$mac[1].$mac[2]$mac[3].$mac[4]$mac[5]"; - - case 'unformatted': - return "$mac[0]$mac[1]$mac[2]$mac[3]$mac[4]$mac[5]"; - - default: - return $clientmac; - } -} - -function resolve_retry($hostname, $retries = 5) { - - if (is_ipaddr($hostname)) +function resolve_retry($hostname, $retries = 5) +{ + if (is_ipaddr($hostname)) { return $hostname; + } for ($i = 0; $i < $retries; $i++) { // FIXME: gethostbyname does not work for AAAA hostnames, boo, hiss diff --git a/src/etc/inc/voucher.inc b/src/etc/inc/voucher.inc deleted file mode 100644 index a39c16bd9..000000000 --- a/src/etc/inc/voucher.inc +++ /dev/null @@ -1,521 +0,0 @@ - - Copyright (C) 2010 Scott Ullrich - Copyright (C) 2007 Marcel Wiget - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -function voucher_expire($voucher_received) { - global $g, $config, $cpzone; - - $cpdb = new OPNsense\CaptivePortal\DB($cpzone); - $cpc = new OPNsense\CaptivePortal\CPClient(); - - // read rolls into assoc array with rollid as key and minutes as value - $tickets_per_roll = array(); - $minutes_per_roll = array(); - if (is_array($config['voucher'][$cpzone]['roll'])) { - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $tickets_per_roll[$rollent['number']] = $rollent['count']; - $minutes_per_roll[$rollent['number']] = $rollent['minutes']; - } - } - - // split into an array. Useful for multiple vouchers given - $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); - $active_dirty = false; - - // go through all received vouchers, check their valid and extract - // Roll# and Ticket# using the external readvoucher binary - foreach ($a_vouchers_received as $voucher) { - $v = escapeshellarg($voucher); - if (strlen($voucher) < 3) - continue; // seems too short to be a voucher! - - unset($output); - $_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output); - list($status, $roll, $nr) = explode(" ", $output[0]); - if ($status == "OK") { - // check if we have this ticket on a registered roll for this ticket - if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { - // voucher is from a registered roll. - if (!isset($active_vouchers[$roll])) - $active_vouchers[$roll] = voucher_read_active_db($roll); - // valid voucher. Store roll# and ticket# - if (!empty($active_vouchers[$roll][$voucher])) { - $active_dirty = true; - unset($active_vouchers[$roll][$voucher]); - } - // check if voucher already marked as used - if (!isset($bitstring[$roll])) - $bitstring[$roll] = voucher_read_used_db($roll); - $pos = $nr >> 3; // divide by 8 -> octet - $mask = 1 << ($nr % 8); - // mark bit for this voucher as used - if (!(ord($bitstring[$roll][$pos]) & $mask)) - $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); - captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); - - /* Check if this voucher has any active sessions */ - $clients = $cpdb->listClients(array("username"=>$voucher),null, null); - foreach($clients as $client ){ - $cpc->disconnect($cpzone,$client->sessionid); - } - - } else - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); - } else - // hmm, thats weird ... not what I expected - captiveportal_syslog("$voucher invalid: {$output[0]}!!"); - } - - // Refresh active DBs - if ($active_dirty == true) { - foreach ($active_vouchers as $roll => $active) { - voucher_write_active_db($roll, $active); - } - unset($active_vouchers); - - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - } - - // Write back the used DB's - if (is_array($bitstring)) { - foreach ($bitstring as $roll => $used) { - if(is_array($used)) { - foreach($used as $u) - voucher_write_used_db($roll, base64_encode($u)); - } else { - voucher_write_used_db($roll, base64_encode($used)); - } - } - unset($bitstring); - } - - unset($cpdb); - unset($cpc); - - - return true; -} - -/* - * Authenticate a voucher and return the remaining time credit in minutes - * if $test is set, don't mark the voucher as used nor add it to the list - * of active vouchers - * If $test is set, simply test the voucher. Don't change anything - * but return a more verbose error and result message back - */ -function voucher_auth($voucher_received, $test = 0) { - global $g, $config, $cpzone, $dbc; - - if (!isset($config['voucher'][$cpzone]['enable'])) - return 0; - - // read rolls into assoc array with rollid as key and minutes as value - $tickets_per_roll = array(); - $minutes_per_roll = array(); - if (is_array($config['voucher'][$cpzone]['roll'])) { - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $tickets_per_roll[$rollent['number']] = $rollent['count']; - $minutes_per_roll[$rollent['number']] = $rollent['minutes']; - } - } - - // split into an array. Useful for multiple vouchers given - $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); - $error = 0; - $test_result = array(); // used to display for voucher test option in GUI - $total_minutes = 0; - $first_voucher = ""; - $first_voucher_roll = 0; - - // go through all received vouchers, check their valid and extract - // Roll# and Ticket# using the external readvoucher binary - foreach ($a_vouchers_received as $voucher) { - $v = escapeshellarg($voucher); - if (strlen($voucher) < 3) - continue; // seems too short to be a voucher! - - $result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v"); - list($status, $roll, $nr) = explode(" ", $result); - if ($status == "OK") { - if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit - $first_voucher = $voucher; - $first_voucher_roll = $roll; - } - // check if we have this ticket on a registered roll for this ticket - if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { - // voucher is from a registered roll. - if (!isset($active_vouchers[$roll])) - $active_vouchers[$roll] = voucher_read_active_db($roll); - // valid voucher. Store roll# and ticket# - if (!empty($active_vouchers[$roll][$voucher])) { - list($timestamp,$minutes) = explode(",", $active_vouchers[$roll][$voucher]); - // we have an already active voucher here. - $remaining = intval((($timestamp + (60*$minutes)) - time())/60); - $test_result[] = sprintf(gettext('%1$s (%2$s/%3$s) active and good for %4$d Minutes'), $voucher, $roll, $nr, $remaining); - $total_minutes += $remaining; - } else { - // voucher not used. Check if ticket Id is on the roll (not too high) - // and if the ticket is marked used. - // check if voucher already marked as used - if (!isset($bitstring[$roll])) - $bitstring[$roll] = voucher_read_used_db($roll); - $pos = $nr >> 3; // divide by 8 -> octet - $mask = 1 << ($nr % 8); - if (ord($bitstring[$roll][$pos]) & $mask) { - $test_result[] = "$voucher ($roll/$nr) already used and expired"; - captiveportal_syslog("$voucher ($roll/$nr) already used and expired"); - $total_minutes = -1; // voucher expired - $error++; - } else { - // mark bit for this voucher as used - $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); - $test_result[] = "$voucher ($roll/$nr) good for {$minutes_per_roll[$roll]} Minutes"; - $total_minutes += $minutes_per_roll[$roll]; - } - } - } else { - $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); - } - } else { - // hmm, thats weird ... not what I expected - $test_result[] = "$voucher invalid: $result !!"; - captiveportal_syslog("$voucher invalid: $result !!"); - $error++; - } - } - - // if this was a test call, we're done. Return the result. - if ($test) { - if ($error) { - $test_result[] = gettext("Access denied!"); - } else { - $test_result[] = sprintf(gettext("Access granted for %d Minutes in total."),$total_minutes); - } - - return $test_result; - } - - // if we had an error (one of the vouchers is invalid), return 0. - // Discussion: we could return the time remaining for good vouchers, but then - // the user wouldn't know that he used at least one invalid voucher. - if ($error) { - if ($total_minutes > 0) // probably not needed, but want to make sure - $total_minutes = 0; // we only report -1 (expired) or 0 (no access) - return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS - } - - // All given vouchers were valid and this isn't simply a test. - // Write back the used DB's - if (is_array($bitstring)) { - foreach ($bitstring as $roll => $used) { - if(is_array($used)) { - foreach($used as $u) - voucher_write_used_db($roll, base64_encode($u)); - } else { - voucher_write_used_db($roll, base64_encode($used)); - } - } - } - - // Active DB: we only add the first voucher if multiple given - // and give that one all the time credit. This allows the user to logout and - // log in later using just the first voucher. It also keeps username limited - // to one voucher and that voucher shows the correct time credit in 'active vouchers' - if (!empty($active_vouchers[$first_voucher_roll][$first_voucher])) { - list($timestamp, $minutes) = explode(",", $active_vouchers[$first_voucher_roll][$first_voucher]); - } else { - $timestamp = time(); // new voucher - $minutes = $total_minutes; - } - - $active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes"; - voucher_write_active_db($first_voucher_roll, $active_vouchers[$first_voucher_roll]); - - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - - return $total_minutes; -} - -function voucher_configure($sync = false) -{ - global $config, $cpzone; - - $ret = true; - - if (!isset($config['voucher']) || !is_array($config['voucher'])) { - return $ret; - } - - foreach ($config['voucher'] as $voucherzone => $vcfg) { - $cpzone = $voucherzone; - $error = voucher_configure_zone($sync); - if ($error) { - $ret = false; - } - } - - return $ret; -} - -function voucher_configure_zone($sync = false) -{ - global $config, $g, $cpzone; - - if (!isset($config['voucher'][$cpzone]['enable'])) { - return 0; - } - - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - /* write public key used to verify vouchers */ - $pubkey = base64_decode($config['voucher'][$cpzone]['publickey']); - $fd = fopen("/var/etc/voucher_{$cpzone}.public", "w"); - if (!$fd) { - captiveportal_syslog("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); - return 1; - } - fwrite($fd, $pubkey); - fclose($fd); - @chmod("/var/etc/voucher_{$cpzone}.public", 0600); - - /* write config file used by voucher binary to decode vouchers */ - $fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w"); - if (!$fd) { - captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n"); - unlock($voucherlck); - return 1; - } - fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n"); - fclose($fd); - @chmod("/var/etc/voucher_{$cpzone}.cfg", 0600); - unlock($voucherlck); - - if (!$sync) { - return 0; - } - - captiveportal_syslog('Writing voucher db from sync data...'); - - if (isset($config['voucher'][$cpzone]['roll'])) { - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - // create active and used DB per roll on ramdisk from config - foreach ($config['voucher'][$cpzone]['roll'] as $rollent) { - $roll = $rollent['number']; - voucher_write_used_db($roll, $rollent['used']); - $minutes = $rollent['minutes']; - $active_vouchers = array(); - $a_active = &$rollent['active']; - if (is_array($a_active)) { - foreach ($a_active as $activent) { - $voucher = $activent['voucher']; - $timestamp = $activent['timestamp']; - $minutes = $activent['minutes']; - // its tempting to check for expired timestamps, but during - // bootup, we most likely don't have the correct time time. - $active_vouchers[$voucher] = "$timestamp,$minutes"; - } - } - - voucher_write_active_db($roll, $active_vouchers); - } - - unlock($voucherlck); - } - - return 0; -} - -/* write bitstring of used vouchers to ramdisk. - * Bitstring must already be base64_encoded! - */ -function voucher_write_used_db($roll, $vdb) -{ - global $cpzone; - - $fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db"; - - $fd = fopen($fn, 'w'); - if ($fd) { - fwrite($fd, $vdb . "\n"); - fclose($fd); - } else { - voucher_log(LOG_ERR, sprintf(gettext('Can\'t write %s'), $fn)); - } -} - -/* return assoc array of active vouchers with activation timestamp - * voucher is index. - */ -function voucher_read_active_db($roll) { - global $g, $cpzone; - - $active = array(); - $dirty = 0; - $file = "/var/db/voucher_{$cpzone}_active_{$roll}.db"; - if (file_exists($file)) { - $fd = fopen($file, "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - list($voucher,$timestamp,$minutes) = explode(",", $line); // voucher,timestamp - if ((($timestamp + (60*$minutes)) - time()) > 0) - $active[$voucher] = "$timestamp,$minutes"; - else - $dirty=1; - } - } - fclose($fd); - if ($dirty) { - /* if we found expired entries, lets save our snapshot */ - voucher_write_active_db($roll, $active); - /* trigger a sync of the vouchers on config */ - voucher_save_db_to_config(); - } - } - } - return $active; -} - -/* store array of active vouchers back to DB */ -function voucher_write_active_db($roll, $active) { - global $g, $cpzone; - - if (!is_array($active)) - return; - $fd = fopen("/var/db/voucher_{$cpzone}_active_{$roll}.db", "w"); - if ($fd) { - foreach($active as $voucher => $value) - fwrite($fd, "$voucher,$value\n"); - fclose($fd); - } -} - -function voucher_read_used_db($roll) -{ - global $cpzone; - - $fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db"; - $vdb = ''; - - $fd = fopen($fn, 'r'); - if ($fd) { - $vdb = trim(fgets($fd)); - fclose($fd); - } else { - voucher_log(LOG_ERR, sprintf(gettext('Can\'t read %s'), $fn)); - } - - return base64_decode($vdb); -} - - -/* we share the log with captiveportal for now */ -function voucher_log($priority, $message) -{ - $message = trim($message); - openlog("logportalauth", LOG_PID, LOG_LOCAL4); - syslog($priority, sprintf(gettext("Voucher: %s"),$message)); - closelog(); -} - -/* - * Save active and used voucher DB into XML config and write it to config - * Called during reboot and every active voucher change - */ -function voucher_save_db_to_config() -{ - global $config, $cpzone; - - if (!isset($config['voucher'])) { - return; - } - - $needs_write = 0; - - foreach ($config['voucher'] as $voucherzone => $vcfg) { - $cpzone = $voucherzone; - $needs_write += voucher_save_db_to_config_zone(); - } - - if ($needs_write) { - write_config("Backing up vouchers"); - } -} - -function voucher_save_db_to_config_zone() -{ - global $config, $cpzone; - - if (!isset($config['voucher'][$cpzone]['enable'])) { - // no vouchers or don't want to save DB's - return 0; - } - - if (!isset($config['voucher'][$cpzone]['roll'])) { - return 0; - } - - $voucherlck = lock("voucher{$cpzone}", LOCK_EX); - - // walk all active rolls and save runtime DBs - $a_roll = &$config['voucher'][$cpzone]['roll']; - while (list($key, $value) = each($a_roll)) { - $rollent = &$a_roll[$key]; - $roll = $rollent['number']; - $bitmask = voucher_read_used_db($roll); - $rollent['used'] = base64_encode($bitmask); - $active_vouchers = voucher_read_active_db($roll); - $db = array(); - $dbi = 1; - - foreach($active_vouchers as $voucher => $line) { - list($timestamp, $minutes) = explode(',', $line); - $activent['voucher'] = $voucher; - $activent['timestamp'] = $timestamp; - $activent['minutes'] = $minutes; - $db["v{$dbi}"] = $activent; - $dbi++; - } - - $rollent['active'] = $db; - unset($active_vouchers); - } - - unlock($voucherlck); - - return 1; -} diff --git a/src/etc/rc.backup_captiveportal b/src/etc/rc.backup_captiveportal deleted file mode 100755 index 4807597e2..000000000 --- a/src/etc/rc.backup_captiveportal +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("interfaces.inc"); -require_once("util.inc"); -require_once("filter.inc"); -require_once("captiveportal.inc"); - -global $config, $cpzone; - -if (isset($config['captiveportal'])) { - foreach ($config['captiveportal'] as $cpzone => $cp) { - captiveportal_radius_stop_all(); - captiveportal_send_server_accounting(true); - } -} - -voucher_save_db_to_config(); diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 059d3b91a..a7a195b00 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -137,8 +137,6 @@ require_once("vpn.inc"); echo "."; require_once("openvpn.inc"); echo "."; -require_once("captiveportal.inc"); -echo "."; require_once("rrd.inc"); echo "."; echo " done.\n"; @@ -306,12 +304,6 @@ filter_configure_sync(); /* setup pppoe and pptp */ vpn_setup(); -/* start the captive portal */ -captiveportal_configure(); - -/* start Voucher support */ -echo 'Enabling voucher support...' . (voucher_configure(true) ? 'done.' : 'failed.') . PHP_EOL; - /* start IPsec tunnels */ $ipsec_dynamic_hosts = vpn_ipsec_configure(); diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize index b70ff8ab8..5e6f05d64 100755 --- a/src/etc/rc.filter_synchronize +++ b/src/etc/rc.filter_synchronize @@ -355,10 +355,6 @@ if (is_array($config['hasync'])) { $config['schedules'] = array(); $sections[] = 'schedules'; } - if (isset($hasync['synchronizecaptiveportal']) && isset($config['captiveportal']) && is_array($config['captiveportal'])) - $sections[] = 'captiveportal'; - if (isset($hasync['synchronizecaptiveportal']) && isset($config['vouchers']) && is_array($config['vouchers'])) - $sections[] = 'vouchers'; if (count($sections) <= 0) { log_error("Nothing has been configured to be synched. Skipping...."); diff --git a/src/etc/rc.initial.setports b/src/etc/rc.initial.setports index ebac30196..82dafe157 100755 --- a/src/etc/rc.initial.setports +++ b/src/etc/rc.initial.setports @@ -33,7 +33,6 @@ require_once("config.console.inc"); require_once("filter.inc"); require_once("util.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("services.inc"); diff --git a/src/etc/rc.linkup b/src/etc/rc.linkup index 2c244510a..bac7a950d 100755 --- a/src/etc/rc.linkup +++ b/src/etc/rc.linkup @@ -85,7 +85,6 @@ function handle_argument_group($iface, $argument2) { log_error("DEVD Ethernet attached event for {$iface}"); log_error("HOTPLUG: Configuring interface {$iface}"); require_once("vpn.inc"); - require_once("captiveportal.inc"); // Do not try to readd to bridge otherwise em(4) has problems interface_configure($iface, true, true); break; diff --git a/src/etc/rc.prunecaptiveportal b/src/etc/rc.prunecaptiveportal deleted file mode 100755 index 06efd7375..000000000 --- a/src/etc/rc.prunecaptiveportal +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("config.inc"); -require_once("interfaces.inc"); -require_once("filter.inc"); -require_once("captiveportal.inc"); -require_once("util.inc"); - -global $g; -global $cpzone; -global $cpzoneid; - -$cpzone = str_replace("\n", "", $argv[1]); - -if (!is_array($config['captiveportal'][$cpzone])) { - log_error("{$cpzone} is not a valid zone in the configuration!"); - return; -} - -$cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; - -if (file_exists('/tmp/.rc.prunecaptiveportal.running')) { - $stat = stat('/tmp/.rc.prunecaptiveportal.running'); - if (time() - $stat['mtime'] >= 120) { - @unlink('/tmp/.rc.prunecaptiveportal.running'); - } else { - log_error("Skipping CP prunning process because previous/another instance is already running"); - return; - } -} - -@file_put_contents('/tmp/.rc.prunecaptiveportal.running', ''); - -captiveportal_prune_old(); - -@unlink('/tmp/.rc.prunecaptiveportal.running'); diff --git a/src/etc/rc.reload_all b/src/etc/rc.reload_all index e020f132b..67361b0c3 100755 --- a/src/etc/rc.reload_all +++ b/src/etc/rc.reload_all @@ -32,7 +32,6 @@ require_once("interfaces.inc"); require_once("openvpn.inc"); require_once("filter.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("util.inc"); require_once("system.inc"); require_once("pfsense-utils.inc"); diff --git a/src/etc/rc.reload_interfaces b/src/etc/rc.reload_interfaces index d4f93d15f..0f4a6f3a5 100755 --- a/src/etc/rc.reload_interfaces +++ b/src/etc/rc.reload_interfaces @@ -32,7 +32,6 @@ require_once("filter.inc"); require_once("util.inc"); require_once("openvpn.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("system.inc"); require_once("interfaces.inc"); require_once("openvpn.inc"); @@ -43,5 +42,3 @@ require_once("unbound.inc"); system_routing_enable(); interfaces_configure(); filter_configure_sync(); -/* XXX: needs fixing */ -//ovpn_config_server("pfreload"); diff --git a/src/etc/rc.restart_webgui b/src/etc/rc.restart_webgui index 9d40073f9..0092854a9 100755 --- a/src/etc/rc.restart_webgui +++ b/src/etc/rc.restart_webgui @@ -3,7 +3,6 @@ require_once('config.inc'); require_once('interfaces.inc'); -require_once('captiveportal.inc'); require_once('rrd.inc'); require_once('util.inc'); require_once('system.inc'); @@ -31,7 +30,6 @@ while (is_process_running('lighttpd')) { } system_webgui_start(); -captiveportal_init_webgui(); enable_rrd_graphing(); echo 'done.' . PHP_EOL; diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml index eaffe48f5..bdccd5945 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml @@ -168,15 +168,7 @@ - - - - - - - - - + @@ -279,9 +271,6 @@ - - - diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php deleted file mode 100644 index 772612f60..000000000 --- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php +++ /dev/null @@ -1,824 +0,0 @@ -(6*($zoneid-1) )+1,"out"=>(6*($zoneid-1) )+2); - } - - /** - * get ipfw tables for authenticated hosts ( in/out ) - * @param int $zoneid zoneid (number) - * @return array - */ - public function getAuthIPTables($zoneid) - { - return array("in"=>(6*($zoneid-1) )+3,"out"=>(6*($zoneid-1) )+4); - } - - /** - * get ipfw tables used for authenticated physical addresses - * @param int $zoneid zoneid (number) - * @return array - */ - public function getAuthMACTables($zoneid) - { - return array("in"=>(6*($zoneid-1) )+5,"out"=>(6*($zoneid-1) )+6); - } - - /** - * Constructor - */ - public function __construct() - { - // Request handle to configuration - $this->config = Core\Config::getInstance(); - // keep a link to the shell object - $this->shell = new Core\Shell(); - } - - /** - * reset traffic counters - * - * @param string|null $rulenum - */ - public function zeroCounters($rulenum = null) - { - if ($rulenum != null and is_numeric($rulenum)) { - $this->shell->exec("/sbin/ipfw zero " . $rulenum); - } elseif ($rulenum == null) { - $this->shell->exec("/sbin/ipfw zero "); - } - - } - - /** - * Reconfigure zones ( generate and load ruleset ) - */ - public function reconfigure() - { - $backend = new Backend(); - if ($this->isEnabled()) { - $response = $backend->configdRun("template reload OPNsense.IPFW"); - - if (trim($response) == "OK") { - // load ruleset when ruleset is successfully loaded - $this->shell->exec("/etc/rc.d/ipfw start"); - } - - // update tables - $this->update(); - - // after reinit all accounting rules are vanished, reapply them for active sessions - $this->loadAccounting(); - } else { - // captiveportal is disabled, create new config and reload ipfw - $response = $backend->configdRun("template reload OPNsense.IPFW"); - $this->shell->exec("/etc/rc.d/ipfw start"); - } - } - - /** - * check if captiveportal is enabled (traverse zones, if none active return false ) - * @return bool - */ - public function isEnabled() - { - $enabled_zones = 0 ; - $conf = $this->config->object(); - if (isset($conf->captiveportal)) { - foreach ($conf->captiveportal->children() as $cpzonename => $zone) { - if (isset($zone->enable)) { - $enabled_zones++; - } - } - } - - if ($enabled_zones > 0) { - return true; - } else { - return false ; - } - } - - /** - * update zone(s) with new configuration data - * @param string|null $zone - */ - public function update($zone = null) - { - $this->refreshAllowedIPs($zone); - $this->refreshAllowedMACs($zone); - } - - /** - * refresh allowed ip's for defined zone ( null for all zones ) - * @param string|null $cpzone - */ - public function refreshAllowedIPs($cpzone = null) - { - $handled_addresses = array(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - // search requested zone (id) - if ($cpzonename == $cpzone || $zone->zoneid == $cpzone || $cpzone == null) { - $db = new DB($cpzonename); - $db_iplist = $db->listFixedIPs(); - - // calculate table numbers for this zone - $ipfw_tables = $this->getAuthIPTables($zone->zoneid); - - foreach ($zone->children() as $tagname => $tagcontent) { - $ip = $tagcontent->ip->__toString(); - if ($tagname == 'allowedip') { - $handled_addresses[$ip] = array(); - $handled_addresses[$ip]["bw_up"] = $tagcontent->bw_up->__toString() ; - $handled_addresses[$ip]["bw_down"] = $tagcontent->bw_down->__toString() ; - - if (!array_key_exists($ip, $db_iplist)) { - // only insert new values - $pipeno_in = $this->newIPFWpipeno() ; - $pipeno_out = $this->newIPFWpipeno() ; - - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] ." add " . - $ip . "/" . $tagcontent->sn->__toString() . " " . $pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] ." add " . - $ip . "/" . $tagcontent->sn->__toString() . " " . $pipeno_out, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // update administration - $db->upsertFixedIP($ip, $pipeno_in, $pipeno_out); - // save bandwidth data - $handled_addresses[$ip]["pipeno_in"] = $pipeno_in ; - $handled_addresses[$ip]["pipeno_out"] = $pipeno_out ; - } else { - // - $handled_addresses[$ip]["pipeno_in"] = $db_iplist[$ip]->pipeno_in ; - $handled_addresses[$ip]["pipeno_out"] = $db_iplist[$ip]->pipeno_out ; - } - } - - } - - - // Cleanup deleted addresses - foreach ($db_iplist as $ip => $record) { - if (!array_key_exists($ip, $handled_addresses)) { - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " del " . $ip . "/" . $tagcontent->sn->__toString() , - "/sbin/ipfw table ". $ipfw_tables["out"] . - " del " . $ip . "/" . $tagcontent->sn->__toString() , - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // TODO : cleanup $record->pipeno_in, $record->pipeno_out ; - $db->dropFixedIP($ip); - } - } - - // reset bandwidth, - foreach ($handled_addresses as $mac => $record) { - if (array_key_exists("pipeno_in", $record)) { - $this->resetBandwidth($record["pipeno_in"], $record["bw_down"]); - $this->resetBandwidth($record["pipeno_out"], $record["bw_up"]); - } - } - - unset($db); - } - } - - } - - /** - * Request new pipeno - * @return int - */ - private function newIPFWpipeno() - { - // TODO: implement global pipe number assigment - return 999; - } - - /** - * reset bandwidth, if the current bandwidth is unchanged, do nothing - * @param int $pipeno system pipeno - * @param int $bw bandwidth in Kbit/s - * @return status - */ - private function resetBandwidth($pipeno, $bw) - { - //TODO : setup bandwidth for sessions ( check changed ) - //#pipe 2000 config bw 2000Kbit/s - return false; - } - - /** - * To be able to grant access to physical pc's, we need to do some administration. - * Our captive portal database keeps a list of every used address and last know mac address - * - * @param string|null $cpzone zone name or number - */ - public function refreshAllowedMACs($cpzone = null) - { - - // read ARP table - $arp= new ARP(); - $arp_maclist = $arp->getMACs(); - - // keep a list of handled addresses, so we can cleanup the rest and keep track of needed bandwidth restrictions - $handled_mac_addresses = array(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - if ($cpzonename == $cpzone || $zone->zoneid == $cpzone || $cpzone == null) { - // open administrative database for this zone - $db = new DB($cpzonename); - $db_maclist = $db->listPassthruMacs(); - $ipfw_tables = $this->getAuthMACTables($zone->zoneid); - - foreach ($zone->children() as $tagname => $tagcontent) { - $mac = trim(strtolower($tagcontent->mac)); - if ($tagname == 'passthrumac') { - // only accept valid macaddresses - if (preg_match('/^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$/', $mac)) { - if ($tagcontent->action == "pass") { - $handled_mac_addresses[$mac] = array("action"=>"skipped" ); - $handled_mac_addresses[$mac]["bw_up"] = $tagcontent->bw_up ; - $handled_mac_addresses[$mac]["bw_down"] = $tagcontent->bw_down ; - - // only handle addresses we know of - if (array_key_exists($mac, $arp_maclist)) { - // if the address is already in our database, check if it has changed - if (array_key_exists($mac, $db_maclist)) { - // save pipe numbers for bandwidth restriction - $handled_mac_addresses[$mac]["pipeno_in"] = $db_maclist[$mac]->pipeno_in ; - $handled_mac_addresses[$mac]["pipeno_out"] = $db_maclist[$mac]->pipeno_out ; - - if ($db_maclist[$mac]->ip != $arp_maclist[$mac]['ip']) { - // handle changed ip, - $handled_mac_addresses[$mac]["action"] = "changed ip"; - $exec_commands = array( - # delete old ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " delete ". $db_maclist[$mac]->ip, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " delete ". $db_maclist[$mac]->ip, - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " add " . $arp_maclist[$mac]['ip']. " " . $db_maclist[$mac]->pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " add " . $arp_maclist[$mac]['ip']. " " . $db_maclist[$mac]->pipeno_out, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - // update administration - $db->upsertPassthruMAC( - $tagcontent->mac, - $arp_maclist[$mac]['ip'], - $db_maclist[$mac]->pipeno_in, - $db_maclist[$mac]->pipeno_out - ); // new ip according to arp table - } - } else { - // new host, not seen it yet - $handled_mac_addresses[$mac]["action"] = "new"; - $pipeno_in = $this->newIPFWpipeno() ; - $pipeno_out = $this->newIPFWpipeno() ; - - // execute all ipfw actions - $exec_commands = array( - # insert new ip address - "/sbin/ipfw table ". $ipfw_tables["in"] . - " add " . $arp_maclist[$mac]['ip']. " " . $pipeno_in, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " add " . $arp_maclist[$mac]['ip']. " " . $pipeno_out, - ); - $this->shell->exec($exec_commands); - - $db->upsertPassthruMAC( - $tagcontent->mac, - $arp_maclist[$mac]['ip'], - $pipeno_in, - $pipeno_out - ); - // save pipe numbers for bandwidth restriction - $handled_mac_addresses[$mac]["pipeno_in"] = $pipeno_in ; - $handled_mac_addresses[$mac]["pipeno_out"] = $pipeno_out ; - } - } - } - } - } - } - - // - // cleanup old addresses - // - foreach ($db_maclist as $mac => $record) { - if (!array_key_exists($mac, $handled_mac_addresses)) { - # delete old ip address, execute all actions - $exec_commands = array( - "/sbin/ipfw table ". $ipfw_tables["in"] . - " delete ". $db_maclist[$mac]->ip, - "/sbin/ipfw table ". $ipfw_tables["out"] . - " delete ". $db_maclist[$mac]->ip, - ); - $this->shell->exec($exec_commands); - // TODO : cleanup $record->pipeno_in, $record->pipeno_out ; - $db->dropPassthruMAC($mac); - } - } - - // reset bandwidth - foreach ($handled_mac_addresses as $mac => $record) { - if (array_key_exists("pipeno_in", $record)) { - $this->resetBandwidth($record["pipeno_in"], $record["bw_down"]); - $this->resetBandwidth($record["pipeno_out"], $record["bw_up"]); - } - } - - unset($db); - - } - } - - } - - /** - * load accounting rules into ruleset, used for reinitialisation of the ruleset. - * triggers addAccounting() for all active clients in all zones - */ - private function loadAccounting() - { - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone) { - $db = new DB($cpzonename); - foreach ($db->listClients(array()) as $client) { - $this->addAccounting($zone->zoneid, $client->ip) ; - } - unset($db); - } - } - - /** - * add accounting rules for ip - * @param int $zoneid zone - * @param string $ip ip address - */ - public function addAccounting($zoneid, $ip) - { - // TODO: check processing speed, this might need some improvement - // check if our ip is already in the list and collect first free rule number to place it there if necessary - $shell_output=array(); - $this->shell->exec('/sbin/ipfw show', false, $shell_output); - $prev_id = 0; - $new_id = null; - foreach ($shell_output as $line) { - // only trigger on counter rules and last item in the list - if (strpos($line, " count ") !== false || strpos($line, "65535 ") !== false) { - if (strpos($line, " ".$ip." ") !== false) { - // already in table... exit - return; - } - - $this_line_id = (int)(explode(" ", $line)[0]) ; - if ($this_line_id > 30000 and ($this_line_id -1) > $prev_id and $new_id == null) { - // new id found - if ($this_line_id == 65535) { - $new_id = $prev_id+1; - } else { - $new_id = $this_line_id-1; - } - } - - $prev_id = $this_line_id; - } - } - - if ($new_id != null) { - $exec_commands = array( - "/sbin/ipfw add " . $new_id . " set " . $zoneid . " count ip from " . $ip . " to any ", - "/sbin/ipfw add " . $new_id . " set " . $zoneid . " count ip from any to " . $ip, - ); - - // execute all ipfw actions - $this->shell->exec($exec_commands); - } - } - - /** - * unlock host for captiveportal use - * @param string $cpzonename - * @param string $clientip - * @param string $clientmac - * @param string $username - * @param string|null $password - * @param string|null $bw_up - * @param string|null $bw_down - * @param string|null $radiusctx - * @param int|null $session_timeout - * @param int|null $idle_timeout - * @param int|null $session_terminate_time - * @param int|null $interim_interval - * @return bool|string - */ - public function portalAllow( - $cpzonename, - $clientip, - $clientmac, - $username, - $password = null, - $bw_up = null, - $bw_down = null, - $radiusctx = null, - $session_timeout = null, - $idle_timeout = null, - $session_terminate_time = null, - $interim_interval = null - ) { - // defines - $exec_commands = array() ; - $db = new DB($cpzonename); - $arp= new ARP(); - - // find zoneid for this named zone - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zone => $zoneobj) { - if ($zone == $cpzonename) { - $zoneid = $zoneobj->zoneid; - } - } - - if ($zoneid == -1) { - return false; // not a valid zone, bailout - } - - - // grap needed data to generate our rules - $ipfw_tables = $this->getAuthUsersTables($zoneid); - $cp_table = $db->listClients(array("mac"=>$clientmac, "ip"=>$clientip), "or"); - if (sizeof($cp_table) > 0 && ($cp_table[0]->ip == $clientip && $cp_table[0]->mac == $clientmac)) { - // nothing (important) changed here... move on - return $cp_table[0]->sessionid; - } elseif (sizeof($cp_table) > 0) { - // something changed... - // prevent additional sessions to popup, - // one MAC should have only one active session, remove the rest (if any) - $cnt = 0; - $remove_sessions = array(); - foreach ($cp_table as $record) { - if ($cnt >0) { - $remove_sessions[] = $record->sessionid; - } else { - $current_session = $record; - } - $cnt++; - // prepare removal for all ip addresses belonging to this host - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["in"] ." delete ". $record->ip; - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["out"] ." delete ". $record->ip; - // TODO: if for some strange reason there is more than one session, we are failing to drop the pipes - $exec_commands[] = "/usr/sbin/arp -d ".trim($record->ip); // drop static arp entry (prevent MAC change) - } - if (sizeof($remove_sessions)) { - $db->removeSession($remove_sessions); - } - - // collect pipe numbers for dummynet - $pipeno_in = $current_session->pipeno_in; - $pipeno_out = $current_session->pipeno_out; - - $db->updateSession($current_session->sessionid, array("ip"=>$clientip, "mac"=>$clientmac)); - - // preserve session for response - $sessionid = $current_session->sessionid; - } else { - // new session, allocate new dummynet pipes and generate a unique id - $pipeno_in = $this->newIPFWpipeno(); - $pipeno_out = $this->newIPFWpipeno(); - - // construct session data - $session_data=array(); - $session_data["ip"]=$clientip; - $session_data["mac"]=$clientmac; - $session_data["pipeno_in"] = $pipeno_in; - $session_data["pipeno_out"] = $pipeno_out; - $session_data["username"]=\SQLite3::escapeString($username); - $session_data["bpassword"] = base64_encode($password); - $session_data["session_timeout"] = $session_timeout; - $session_data["idle_timeout"] = $idle_timeout; - $session_data["session_terminate_time"] = $session_terminate_time; - $session_data["interim_interval"] = $interim_interval; - $session_data["radiusctx"] = $radiusctx; - $session_data["allow_time"] = time(); // allow time is actual starting time of this session - $sessionid = uniqid() ; - - $db->insertSession($sessionid, $session_data); - - } - - // add commands for access tables, and execute all collected - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["in"] ." add ". $clientip . " ".$pipeno_in; - $exec_commands[] = "/sbin/ipfw table ". $ipfw_tables["out"] ." add ". $clientip . " ".$pipeno_out; - $this->shell->exec($exec_commands); - - // lock the user/ip to it's MAC address using arp - $arp->setStatic($clientip, $clientmac); - - // add accounting rule - $this->addAccounting($zoneid, $clientip); - - // set bandwidth restrictions - $this->resetBandwidth($pipeno_in, $bw_up); - $this->resetBandwidth($pipeno_in, $bw_down); - - // log - $this->logportalauth($cpzonename, $username, $clientmac, $clientip, $status = "LOGIN"); - - // cleanup - unset($db); - - return $sessionid; - } - - /** - * send message to syslog - * @param string $cpzonename - * @param string $user - * @param string $mac - * @param string $ip - * @param string $status - * @param string $message - */ - private function logportalauth($cpzonename, $user, $mac, $ip, $status, $message = "") - { - $message = trim($message); - $message = "Zone : {$cpzonename} {$status}: {$user}, {$mac}, {$ip}, {$message}"; - - $logger = new Syslog("logportalauth", array( - 'option' => LOG_PID, - 'facility' => LOG_LOCAL4 - )); - $logger->info($message); - } - - /** - * flush zone (null flushes all zones) - * @param string|null $zone zone name or id - */ - public function flush($zone = null) - { - if ($zone == null) { - $shell = new Core\Shell(); - $shell->exec("/sbin/ipfw -f table all flush"); - } else { - // find zoneid for this named zone - if (preg_match("/^[0-9]{1,2}$/", trim($zone))) { - $zoneid = $zone; - } else { - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zonenm => $zoneobj) { - if ($zonenm == $zone) { - $zoneid = $zoneobj->zoneid; - } - } - } - - if ($zoneid != -1) { - $exec_commands= array( - "/sbin/ipfw -f table ".$this->getAuthUsersTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthUsersTables($zoneid)["out"]." flush", - "/sbin/ipfw -f table ".$this->getAuthIPTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthIPTables($zoneid)["out"]." flush", - "/sbin/ipfw -f table ".$this->getAuthMACTables($zoneid)["in"]." flush", - "/sbin/ipfw -f table ".$this->getAuthMACTables($zoneid)["out"]." flush", - "/sbin/ipfw delete set ".$zoneid, - ); - $this->shell->exec($exec_commands); - } - } - } - - /** - * cleanup portal sessions - * @param $cpzone|null zone name - */ - public function portalCleanupSessions($cpzone = null) - { - $acc_list = $this->listAccounting(); - foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zoneobj) { - if ($cpzone == null || $cpzone == $cpzonename) { - $db = new DB($cpzonename); - - $clients = $db->listClients(array(), null, null); - - foreach ($clients as $client) { - $idle_time = 0; - if (array_key_exists($client->ip, $acc_list)) { - $idle_time = $acc_list[$client->ip]['idle_time']; - } - - // if session timeout is reached, disconnect - if (is_numeric($client->session_timeout) && $client->session_timeout > 0) { - if (((time() - $client->allow_time) ) > $client->session_timeout) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "SESSION TIMEOUT" - ); - continue; - } - } - - // disconnect session if idle timeout is reached - if (is_numeric($client->idle_timeout) && $client->idle_timeout > 0 && $idle_time > 0) { - if ($idle_time > $client->idle_timeout) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "IDLE TIMEOUT" - ); - continue; - } - } - - // disconnect on session terminate time - if (is_numeric($client->session_terminate_time) && - $client->session_terminate_time > 0 && - $client->session_terminate_time < time()) { - $this->disconnect($cpzonename, $client->sessionid); - $this->logportalauth( - $cpzonename, - $client->username, - $client->mac, - $client->ip, - $status = "TERMINATE TIME REACHED" - ); - continue; - } - } - - unset($db); - } - } - - unset($acc_list); - } - - /** - * list (ipfw) accounting information - * @param string|null $ipaddr ip address - * @return array (key = hosts ip) - */ - public function listAccounting($ipaddr = null) - { - $filter_cmd = ""; - $result = array(); - $shell_output = array(); - if ($ipaddr != null) { - $filter_cmd =" | /usr/bin/grep ' " . $ipaddr ." '" ; - } - - if ($this->shell->exec("/sbin/ipfw -aT list ".$filter_cmd, false, $shell_output) == 0) { - foreach ($shell_output as $line) { - if (strpos($line, ' count ip from') !== false) { - $parts = preg_split('/\s+/', $line); - if (count($parts) > 8 && $parts[7] != 'any' and strlen($parts[7]) > 5) { - $result[$parts[7]] = array( - "rulenum" => $parts[0], - "last_accessed" => (int)$parts[3], - "idle_time" => time() - (int)$parts[3], - "out_packets" => (int)$parts[1], - "in_packets" => (int)$parts[2] - ); - } - } - } - } - - return $result; - - } - - /** - * disconnect a session or a list of sessions depending on the parameter - * @param string $cpzonename zone name or id - * @param string $sessionid session id - */ - public function disconnect($cpzonename, $sessionid) - { - if (is_array($sessionid)) { - foreach ($sessionid as $sessid) { - $this->disconnectSession($cpzonename, $sessid); - } - } else { - $this->disconnectSession($cpzonename, $sessionid); - } - } - - /** - * @param string $cpzonename zone name - * @param string $sessionid session id - * @return boolean false for invalid request - */ - private function disconnectSession($cpzonename, $sessionid) - { - $zoneid = -1; - foreach ($this->config->object()->captiveportal->children() as $zone => $zoneobj) { - if ($zone == $cpzonename) { - $zoneid = $zoneobj->zoneid; - } - } - - if ($zoneid == -1) { - // not a valid zone - return false; - } - - $db = new DB($cpzonename); - $db_clients = $db->listClients(array("sessionid"=>$sessionid)); - - $ipfw_tables = $this->getAuthUsersTables($zoneid); - if (sizeof($db_clients) > 0) { - if ($db_clients[0]->ip != null) { - // only handle disconnect if we can find a client in our database - $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["in"] . " delete " . $db_clients[0]->ip; - $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["out"] . " delete " . $db_clients[0]->ip; - $this->shell->exec($exec_commands); - // TODO: cleanup dummynet pipes $db_clients[0]->pipeno_in/out - // TODO: log removal - // ( was : captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT");) - } - $db->removeSession($sessionid); - } - return true; - } -} diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json index 794239cc6..d08b95556 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json +++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json @@ -3,10 +3,6 @@ "name": "User - Config - Deny Config Write", "descr": "If present, ignores requests from this user to write config.xml." }, - "user-services-captiveportal-login": { - "name": "User - Services - Captive portal login", - "descr": "Indicates whether the user is able to login on the captive portal." - }, "user-shell-access": { "name": "User - System - Shell account access", "descr": "Indicates whether the user is able to login for example via SSH." @@ -639,90 +635,6 @@ "wizard.php*" ] }, - "page-services-captiveportal": { - "name": "WebCfg - Services: Captive portal page", - "descr": "Allow access to the 'Services: Captive portal' page.", - "match": [ - "services_captiveportal.php*" - ] - }, - "page-services-captiveportal-allowedhostnames": { - "name": "WebCfg - Services: Captive portal: Allowed Hostnames page", - "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.", - "match": [ - "services_captiveportal_hostname.php*" - ] - }, - "page-services-captiveportal-allowedips": { - "name": "WebCfg - Services: Captive portal: Allowed IPs page", - "descr": "Allow access to the 'Services: Captive portal: Allowed IPs' page.", - "match": [ - "services_captiveportal_ip.php*" - ] - }, - "page-services-captiveportal-editallowedhostnames": { - "name": "WebCfg - Services: Captive portal: Edit Allowed Hostnames page", - "descr": "Allow access to the 'Services: Captive portal: Allowed Hostnames' page.", - "match": [ - "services_captiveportal_hostname_edit.php*" - ] - }, - "page-services-captiveportal-editallowedips": { - "name": "WebCfg - Services: Captive portal: Edit Allowed IPs page", - "descr": "Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.", - "match": [ - "services_captiveportal_ip_edit.php*" - ] - }, - "page-services-captiveportal-editmacaddresses": { - "name": "WebCfg - Services: Captive portal: Edit MAC Addresses page", - "descr": "Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.", - "match": [ - "services_captiveportal_mac_edit.php*" - ] - }, - "page-services-captiveportal-voucher-edit": { - "name": "WebCfg - Services: Captive portal: Edit Voucher Rolls page", - "descr": "Allow access to the 'Services: Captive portal: Edit Voucher Rolls' page.", - "match": [ - "services_captiveportal_vouchers_edit.php*" - ] - }, - "page-services-captiveportal-editzones": { - "name": "WebCfg - Services: Captive portal: Edit Zones page", - "descr": "Allow access to the 'Services: Captive portal: Edit Zones' page.", - "match": [ - "services_captiveportal_zones_edit.php*" - ] - }, - "page-services-captiveportal-filemanager": { - "name": "WebCfg - Services: Captive portal: File Manager page", - "descr": "Allow access to the 'Services: Captive portal: File Manager' page.", - "match": [ - "services_captiveportal_filemanager.php*" - ] - }, - "page-services-captiveportal-macaddresses": { - "name": "WebCfg - Services: Captive portal: Mac Addresses page", - "descr": "Allow access to the 'Services: Captive portal: Mac Addresses' page.", - "match": [ - "services_captiveportal_mac.php*" - ] - }, - "page-services-captiveportal-vouchers": { - "name": "WebCfg - Services: Captive portal: Vouchers page", - "descr": "Allow access to the 'Services: Captive portal: Vouchers' page.", - "match": [ - "services_captiveportal_vouchers.php*" - ] - }, - "page-services-captiveportal-zones": { - "name": "WebCfg - Services: Captive portal: Zones page", - "descr": "Allow access to the 'Services: Captive portal: Zones' page.", - "match": [ - "services_captiveportal_zones.php*" - ] - }, "page-services-dhcprelay": { "name": "WebCfg - Services: DHCP Relay page", "descr": "Allow access to the 'Services: DHCP Relay' page.", @@ -975,41 +887,6 @@ "services_wol_edit.php*" ] }, - "page-status-captiveportal": { - "name": "WebCfg - Status: Captive portal page", - "descr": "Allow access to the 'Status: Captive portal' page.", - "match": [ - "status_captiveportal.php*" - ] - }, - "page-status-captiveportal-expire": { - "name": "WebCfg - Status: Captive portal: Expire Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Expire Vouchers' page.", - "match": [ - "status_captiveportal_expire.php*" - ] - }, - "page-status-captiveportal-test": { - "name": "WebCfg - Status: Captive portal: Test Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Test Vouchers' page.", - "match": [ - "status_captiveportal_test.php*" - ] - }, - "page-status-captiveportal-voucher-rolls": { - "name": "WebCfg - Status: Captive portal: Voucher Rolls page", - "descr": "Allow access to the 'Status: Captive portal: Voucher Rolls' page.", - "match": [ - "status_captiveportal_voucher_rolls.php*" - ] - }, - "page-status-captiveportal-vouchers": { - "name": "WebCfg - Status: Captive portal: Vouchers page", - "descr": "Allow access to the 'Status: Captive portal: Vouchers' page.", - "match": [ - "status_captiveportal_vouchers.php*" - ] - }, "page-status-carp": { "name": "WebCfg - Status: CARP page", "descr": "Allow access to the 'Status: CARP' page.", diff --git a/src/opnsense/mvc/script/test.php b/src/opnsense/mvc/script/test.php deleted file mode 100644 index 302ad0c0f..000000000 --- a/src/opnsense/mvc/script/test.php +++ /dev/null @@ -1,39 +0,0 @@ -list_accounting(); - -print_r($acc_list); - -//$cpc->portal_allow("test","10.211.55.101","00:1C:42:49:B7:B2","Fritsx"); - -//$cpc->disconnect("test",array("5489714eba263","gdsajhgadsjhg")); - -//$cpc->reconfigure(); -//$cpc->refresh_allowed_mac(); -//$cpc->refresh_allowed_ips(); - - -//$db = new Captiveportal\DB("test"); -//$db->remove_session("XXX"); -//$db->insert_session(100,1,"10.211.55.101","00:1C:42:49:B7:B2","frits","XXX","aksjdhaskjh", -// null,null, null,null, null); -// -//$clients = $db->listClients( array("sessionid" => "XXX") ); -// -//foreach($clients as $client ){ -// print($client->pipeno) ; -//} - -//$arp = new \Captiveportal\ARP(); -//$arp->setStatic("172.20.0.1",'00:1c:42:49:b7:b1'); -//$arp->dropStatic("172.20.0.1"); - -//$config = \Core\Core\Config::getInstance(); - -//$config->dump(); -//print_r($config->xpath('//opnsense/interfaces/*') ); - -//$rules= new \Core\Captiveportal\Rules(); diff --git a/src/sbin/captiveportal_gather_stats.php b/src/sbin/captiveportal_gather_stats.php deleted file mode 100644 index 6e5f062be..000000000 --- a/src/sbin/captiveportal_gather_stats.php +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/local/bin/php - $previous_user_timestamp) { - $current_user_count = $current_user_count + 1; - } - } - - // Write out the latest timestamp but not if it is empty - if (!empty($timestamp)) { - $fd = @fopen($tmpfile, "w"); - if ($fd) { - fwrite($fd, $timestamp); - } - @fclose($fd); - } - - /* If $timestamp is less than or equal to previous_user_timestamp return 0, - * as we only want the 'X' number of users logged in since last RRD poll. - */ - if ($timestamp <= $previous_user_timestamp) { - $result = 0; - } else { - $result = $current_user_count; - } -} elseif ($type == "concurrent") - $result = $no_users; - -echo "$result"; diff --git a/src/www/crash_reporter.php b/src/www/crash_reporter.php index 05f96383e..fd3317a15 100644 --- a/src/www/crash_reporter.php +++ b/src/www/crash_reporter.php @@ -29,7 +29,6 @@ */ require_once("guiconfig.inc"); -require_once("captiveportal.inc"); function upload_crash_report($files, $agent) { diff --git a/src/www/diag_authentication.php b/src/www/diag_authentication.php index 4e3090448..ce8062998 100644 --- a/src/www/diag_authentication.php +++ b/src/www/diag_authentication.php @@ -1,6 +1,7 @@ gettext("Aliases"), - "captiveportal" => gettext("Captive Portal"), - "voucher" => gettext("Captive Portal Vouchers"), "dnsmasq" => gettext("DNS Forwarder"), "dhcpd" => gettext("DHCP Server"), "dhcpdv6" => gettext("DHCPv6 Server"), @@ -445,15 +443,6 @@ if ($_POST) { $savemsg = gettext("The m0n0wall configuration has been restored and upgraded to OPNsense."); mark_subsystem_dirty("restore"); } - if(is_array($config['captiveportal'])) { - foreach($config['captiveportal'] as $cp) { - if (isset($cp['enable'])) { - /* for some reason ipfw doesn't init correctly except on bootup sequence */ - mark_subsystem_dirty("restore"); - break; - } - } - } setup_serial_port(); } else { $input_errors[] = gettext("The configuration could not be restored."); diff --git a/src/www/diag_logs_auth.php b/src/www/diag_logs_auth.php index 1ee0b5996..5c7de3510 100644 --- a/src/www/diag_logs_auth.php +++ b/src/www/diag_logs_auth.php @@ -45,7 +45,6 @@ if ($_POST['clear']) { } $pgtitle = array(gettext("Status"),gettext("System logs"),gettext("Portal Auth")); -$shortcut_section = "captiveportal"; include("head.inc"); ?> diff --git a/src/www/fbegin.inc b/src/www/fbegin.inc index 697ea8a75..280e07370 100644 --- a/src/www/fbegin.inc +++ b/src/www/fbegin.inc @@ -38,15 +38,6 @@ function find_service_by_name($name) { return array(); } -function find_service_by_cp_zone($zone) { - $services = get_services(); - foreach ($services as $service) - if (($service["name"] == "captiveportal") && isset($service["zone"]) && ($service["zone"] == $zone)) - return $service; - return array(); -} - - /* Determine automated help URL. Should output the page name and parameters separately */ $uri_split = ""; @@ -243,9 +234,6 @@ if($need_alert_display == true) { case "openvpn": $ssvc = find_service_by_openvpn_vpnid($vpnid); break; - case "captiveportal": - $ssvc = find_service_by_cp_zone($cpzone); - break; default: $ssvc = find_service_by_name($shortcuts[$shortcut_section]['service']); diff --git a/src/www/interfaces.php b/src/www/interfaces.php index 5bfb919b8..9ae885540 100644 --- a/src/www/interfaces.php +++ b/src/www/interfaces.php @@ -33,7 +33,6 @@ require_once("guiconfig.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("filter.inc"); require_once("rrd.inc"); require_once("vpn.inc"); diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php index 37ada3d8d..3c110d65f 100644 --- a/src/www/interfaces_assign.php +++ b/src/www/interfaces_assign.php @@ -33,7 +33,6 @@ $pgtitle = array(gettext("Interfaces"),gettext("Assign network ports")); require_once("guiconfig.inc"); require_once("filter.inc"); require_once("vpn.inc"); -require_once("captiveportal.inc"); require_once("rrd.inc"); require_once("system.inc"); require_once("interfaces.inc"); diff --git a/src/www/reboot.php b/src/www/reboot.php index c2e9678c4..6809e9029 100644 --- a/src/www/reboot.php +++ b/src/www/reboot.php @@ -1,4 +1,5 @@ . @@ -27,7 +28,6 @@ */ require_once("guiconfig.inc"); -require_once("captiveportal.inc"); require_once("system.inc"); $pgtitle = array(gettext("Diagnostics"),gettext("Reboot System")); diff --git a/src/www/services_captiveportal.php b/src/www/services_captiveportal.php deleted file mode 100644 index 800631722..000000000 --- a/src/www/services_captiveportal.php +++ /dev/null @@ -1,1081 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("interfaces.inc"); -require_once("captiveportal.inc"); -require_once("filter.inc"); -require_once("services.inc"); -require_once("system.inc"); - -if (substr($_GET['act'], 0, 3) == "get") - $nocsrf = true; - - -global $cpzone; -global $cpzoneid; - -$cpzoneid = 1; /* Just a default */ -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_GET['act'] == "viewhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) - echo base64_decode($a_cp[$cpzone]['page']['htmltext']); - exit; -} else if ($_GET['act'] == "gethtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['htmltext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=portal.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "delhtmlhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['htmltext']) { - unset($a_cp[$cpzone]['page']['htmltext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default portal page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} else if ($_GET['act'] == "viewerrhtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) - echo base64_decode($a_cp[$cpzone]['page']['errtext']); - exit; -} else if ($_GET['act'] == "geterrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['errtext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=err.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "delerrhtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['errtext']) { - unset($a_cp[$cpzone]['page']['errtext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default error page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} else if ($_GET['act'] == "viewlogouthtml") { - if ($a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) - echo base64_decode($a_cp[$cpzone]['page']['logouttext']); - exit; -} else if ($_GET['act'] == "getlogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { - $file_data = base64_decode($a_cp[$cpzone]['page']['logouttext']); - $file_size = strlen($file_data); - - header("Content-Type: text/html"); - header("Content-Disposition: attachment; filename=logout.html"); - header("Content-Length: $file_size"); - echo $file_data; - - exit; -} else if ($_GET['act'] == "dellogouthtml" && $a_cp[$cpzone] && $a_cp[$cpzone]['page']['logouttext']) { - unset($a_cp[$cpzone]['page']['logouttext']); - write_config(sprintf(gettext("Captive Portal: zone %s: Restore default logout page"), $cpzone)); - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; -} - -if (!is_array($config['ca'])) - $config['ca'] = array(); - -$a_ca =& $config['ca']; - -if (!is_array($config['cert'])) - $config['cert'] = array(); - -$a_cert =& $config['cert']; - -if ($a_cp[$cpzone]) { - $cpzoneid = $pconfig['zoneid'] = $a_cp[$cpzone]['zoneid']; - $pconfig['cinterface'] = $a_cp[$cpzone]['interface']; - $pconfig['maxproc'] = $a_cp[$cpzone]['maxproc']; - $pconfig['maxprocperip'] = $a_cp[$cpzone]['maxprocperip']; - $pconfig['timeout'] = $a_cp[$cpzone]['timeout']; - $pconfig['idletimeout'] = $a_cp[$cpzone]['idletimeout']; - $pconfig['freelogins_count'] = $a_cp[$cpzone]['freelogins_count']; - $pconfig['freelogins_resettimeout'] = $a_cp[$cpzone]['freelogins_resettimeout']; - $pconfig['freelogins_updatetimeouts'] = isset($a_cp[$cpzone]['freelogins_updatetimeouts']); - $pconfig['enable'] = isset($a_cp[$cpzone]['enable']); - $pconfig['auth_method'] = $a_cp[$cpzone]['auth_method']; - $pconfig['localauth_priv'] = isset($a_cp[$cpzone]['localauth_priv']); - $pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']); - $pconfig['radmac_enable'] = isset($a_cp[$cpzone]['radmac_enable']); - $pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret']; - $pconfig['reauthenticate'] = isset($a_cp[$cpzone]['reauthenticate']); - $pconfig['reauthenticateacct'] = $a_cp[$cpzone]['reauthenticateacct']; - $pconfig['httpslogin_enable'] = isset($a_cp[$cpzone]['httpslogin']); - $pconfig['httpsname'] = $a_cp[$cpzone]['httpsname']; - $pconfig['preauthurl'] = strtolower($a_cp[$cpzone]['preauthurl']); - $pconfig['blockedmacsurl'] = strtolower($a_cp[$cpzone]['blockedmacsurl']); - $pconfig['certref'] = $a_cp[$cpzone]['certref']; - $pconfig['nohttpsforwards'] = isset($a_cp[$cpzone]['nohttpsforwards']); - $pconfig['logoutwin_enable'] = isset($a_cp[$cpzone]['logoutwin_enable']); - $pconfig['peruserbw'] = isset($a_cp[$cpzone]['peruserbw']); - $pconfig['bwdefaultdn'] = $a_cp[$cpzone]['bwdefaultdn']; - $pconfig['bwdefaultup'] = $a_cp[$cpzone]['bwdefaultup']; - $pconfig['nomacfilter'] = isset($a_cp[$cpzone]['nomacfilter']); - $pconfig['noconcurrentlogins'] = isset($a_cp[$cpzone]['noconcurrentlogins']); - $pconfig['radius_protocol'] = $a_cp[$cpzone]['radius_protocol']; - $pconfig['redirurl'] = $a_cp[$cpzone]['redirurl']; - $pconfig['radiusip'] = $a_cp[$cpzone]['radiusip']; - $pconfig['radiusip2'] = $a_cp[$cpzone]['radiusip2']; - $pconfig['radiusip3'] = $a_cp[$cpzone]['radiusip3']; - $pconfig['radiusip4'] = $a_cp[$cpzone]['radiusip4']; - $pconfig['radiusport'] = $a_cp[$cpzone]['radiusport']; - $pconfig['radiusport2'] = $a_cp[$cpzone]['radiusport2']; - $pconfig['radiusport3'] = $a_cp[$cpzone]['radiusport3']; - $pconfig['radiusport4'] = $a_cp[$cpzone]['radiusport4']; - $pconfig['radiusacctport'] = $a_cp[$cpzone]['radiusacctport']; - $pconfig['radiuskey'] = $a_cp[$cpzone]['radiuskey']; - $pconfig['radiuskey2'] = $a_cp[$cpzone]['radiuskey2']; - $pconfig['radiuskey3'] = $a_cp[$cpzone]['radiuskey3']; - $pconfig['radiuskey4'] = $a_cp[$cpzone]['radiuskey4']; - $pconfig['radiusvendor'] = $a_cp[$cpzone]['radiusvendor']; - $pconfig['radiussession_timeout'] = isset($a_cp[$cpzone]['radiussession_timeout']); - $pconfig['radiussrcip_attribute'] = $a_cp[$cpzone]['radiussrcip_attribute']; - $pconfig['passthrumacadd'] = isset($a_cp[$cpzone]['passthrumacadd']); - $pconfig['passthrumacaddusername'] = isset($a_cp[$cpzone]['passthrumacaddusername']); - $pconfig['radmac_format'] = $a_cp[$cpzone]['radmac_format']; - $pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']); - $pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid']; - $pconfig['page'] = array(); - if ($a_cp[$cpzone]['page']['htmltext']) - $pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext']; - if ($a_cp[$cpzone]['page']['errtext']) - $pconfig['page']['errtext'] = $a_cp[$cpzone]['page']['errtext']; - if ($a_cp[$cpzone]['page']['logouttext']) - $pconfig['page']['logouttext'] = $a_cp[$cpzone]['page']['logouttext']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable']) { - $reqdfields = explode(" ", "zone cinterface"); - $reqdfieldsn = array(gettext("Zone name"), gettext("Interface")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - /* make sure no interfaces are bridged or used on other zones */ - if (is_array($_POST['cinterface'])) { - foreach ($pconfig['cinterface'] as $cpbrif) { - if (link_interface_to_bridge($cpbrif)) - $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is part of a bridge."), $cpbrif); - foreach ($a_cp as $cpkey => $cp) { - if ($cpkey != $cpzone || empty($cpzone)) { - if (in_array($cpbrif, explode(",", $cp['interface']))) - $input_errors[] = sprintf(gettext("The captive portal cannot be used on interface %s since it is used already on %s instance."), $cpbrif, $cp['zone']); - } - } - } - } - - if ($_POST['httpslogin_enable']) { - if (!$_POST['certref']) { - $input_errors[] = gettext("Certificate must be specified for HTTPS login."); - } - if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { - $input_errors[] = gettext("The HTTPS server name must be specified for HTTPS login."); - } - } - } - - if ($_POST['timeout']) { - if (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1)) - $input_errors[] = gettext("The timeout must be at least 1 minute."); - else if (isset($config['dhcpd']) && is_array($config['dhcpd'])) { - foreach ($config['dhcpd'] as $dhcpd_if => $dhcpd_data) { - if (!isset($dhcpd_data['enable'])) - continue; - if (!is_array($_POST['cinterface']) || !in_array($dhcpd_if, $_POST['cinterface'])) - continue; - - $deftime = 7200; // Default lease time - if (isset($dhcpd_data['defaultleasetime']) && is_numeric($dhcpd_data['defaultleasetime'])) - $deftime = $dhcpd_data['defaultleasetime']; - - if ($_POST['timeout'] > $deftime) - $input_errors[] = gettext("Hard timeout must be less or equal Default lease time set on DHCP Server"); - } - } - } - if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { - $input_errors[] = gettext("The idle timeout must be at least 1 minute."); - } - if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) { - $input_errors[] = gettext("The pass-through credit count must be a number or left blank."); - } else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) { - if (empty($_POST['freelogins_resettimeout']) || !is_numeric($_POST['freelogins_resettimeout']) || ($_POST['freelogins_resettimeout'] <= 0)) { - $input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours."); - } - } - if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']); - } - if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip2']); - } - if (($_POST['radiusip3'] && !is_ipaddr($_POST['radiusip3']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip3']); - } - if (($_POST['radiusip4'] && !is_ipaddr($_POST['radiusip4']))) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip4']); - } - if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport']); - } - if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport2']); - } - if (($_POST['radiusport3'] && !is_port($_POST['radiusport3']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport3']); - } - if (($_POST['radiusport4'] && !is_port($_POST['radiusport4']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusport4']); - } - if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = sprintf(gettext("A valid port number must be specified. [%s]"), $_POST['radiusacctport']); - } - if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { - $input_errors[] = gettext("The maximum number of concurrent connections per client IP address may not be larger than the global maximum."); - } - if (trim($_POST['radiusnasid']) !== "" && !preg_match("/^[\x21-\x7e]{3,253}$/i", trim($_POST['radiusnasid']))) { - $input_errors[] = gettext("The NAS-Identifier must be 3-253 characters long and should only contain ASCII characters."); - } - - if (!$input_errors) { - $newcp =& $a_cp[$cpzone]; - //$newcp['zoneid'] = $a_cp[$cpzone]['zoneid']; - if (empty($newcp['zoneid'])) { - $newcp['zoneid'] = 2; - foreach ($a_cp as $keycpzone => $cp) { - if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) - $newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */ - } - $cpzoneid = $newcp['zoneid']; - } - $oldifaces = explode(",", $newcp['interface']); - if (is_array($_POST['cinterface'])) - $newcp['interface'] = implode(",", $_POST['cinterface']); - $newcp['maxproc'] = $_POST['maxproc']; - $newcp['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; - $newcp['timeout'] = $_POST['timeout']; - $newcp['idletimeout'] = $_POST['idletimeout']; - $newcp['freelogins_count'] = $_POST['freelogins_count']; - $newcp['freelogins_resettimeout'] = $_POST['freelogins_resettimeout']; - $newcp['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false; - if ($_POST['enable']) - $newcp['enable'] = true; - else - unset($newcp['enable']); - $newcp['auth_method'] = $_POST['auth_method']; - $newcp['localauth_priv'] = isset($_POST['localauth_priv']); - $newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false; - $newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false; - $newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false; - $newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; - $newcp['reauthenticateacct'] = $_POST['reauthenticateacct']; - if ($_POST['httpslogin_enable']) - $newcp['httpslogin'] = true; - else - unset($newcp['httpslogin']); - $newcp['httpsname'] = $_POST['httpsname']; - $newcp['preauthurl'] = $_POST['preauthurl']; - $newcp['blockedmacsurl'] = $_POST['blockedmacsurl']; - $newcp['peruserbw'] = $_POST['peruserbw'] ? true : false; - $newcp['bwdefaultdn'] = $_POST['bwdefaultdn']; - $newcp['bwdefaultup'] = $_POST['bwdefaultup']; - $newcp['certref'] = $_POST['certref']; - $newcp['nohttpsforwards'] = $_POST['nohttpsforwards'] ? true : false; - $newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; - $newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false; - $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; - $newcp['radius_protocol'] = $_POST['radius_protocol']; - $newcp['redirurl'] = $_POST['redirurl']; - if (isset($_POST['radiusip'])) - $newcp['radiusip'] = $_POST['radiusip']; - else - unset($newcp['radiusip']); - if (isset($_POST['radiusip2'])) - $newcp['radiusip2'] = $_POST['radiusip2']; - else - unset($newcp['radiusip2']); - if (isset($_POST['radiusip3'])) - $newcp['radiusip3'] = $_POST['radiusip3']; - else - unset($newcp['radiusip3']); - if (isset($_POST['radiusip4'])) - $newcp['radiusip4'] = $_POST['radiusip4']; - else - unset($newcp['radiusip4']); - $newcp['radiusport'] = $_POST['radiusport']; - $newcp['radiusport2'] = $_POST['radiusport2']; - if (isset($_POST['radiusport3'])) - $newcp['radiusport3'] = $_POST['radiusport3']; - if (isset($_POST['radiusport4'])) - $newcp['radiusport4'] = $_POST['radiusport4']; - $newcp['radiusacctport'] = $_POST['radiusacctport']; - $newcp['radiuskey'] = $_POST['radiuskey']; - $newcp['radiuskey2'] = $_POST['radiuskey2']; - $newcp['radiuskey3'] = $_POST['radiuskey3']; - $newcp['radiuskey4'] = $_POST['radiuskey4']; - $newcp['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; - $newcp['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; - $newcp['radiussrcip_attribute'] = $_POST['radiussrcip_attribute']; - $newcp['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false; - $newcp['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; - $newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; - $newcp['reverseacct'] = $_POST['reverseacct'] ? true : false; - $newcp['radiusnasid'] = trim($_POST['radiusnasid']); - if (!is_array($newcp['page'])) - $newcp['page'] = array(); - - /* file upload? */ - if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) - $newcp['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); - if (is_uploaded_file($_FILES['errfile']['tmp_name'])) - $newcp['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); - if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) - $newcp['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name'])); - - write_config(); - captiveportal_configure(); - unset($newcp); - filter_configure(); - header("Location: services_captiveportal_zones.php"); - exit; - } else { - if (is_array($_POST['cinterface'])) - $pconfig['cinterface'] = implode(",", $_POST['cinterface']); - } -} -$closehead = false; -include("head.inc"); -?> - - - - - - -
-
-
- - - 0) print_input_errors($input_errors); ?> - - -
- - - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - onclick="enable_change(false)" /> -
-
-
- - - - -
-
- -
-
- -
-
- /> -
-
-
- -
- -
-
- /> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
/> -
/> - /
  
  /> -
/> -
  
- - - - - - - - - - - - - - - - -
/> -
/> -
/> -
/> -
  
-
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Primary Authentication Source

-

-
  
-

-
  
Secondary Authentication Source

-
  

-
  
  /> -
-

-
- />
- />
- /> -
/> -
-
- />
-
-
- -
/>
-

-
/>
-

-
-
- -
- 00:11:22:33:44:55
- 001122-334455
- 00-11-22-33-44-55
- 0011.2233.4455
- 001122334455 -
-
- /> -
-
-
-
- - - -
Create one under System: Certificates. - -
- /> -
-
-
- - - -
- -
- - - -
-
- - -
-
- <form method="post" action="$PORTAL_ACTION$">
-    <input name="auth_user" type="text">
-    <input name="auth_pass" type="password">
-    <input name="auth_voucher" type="text">
-    <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
-    <input name="accept" type="submit" value="Continue">
- </form>

-
- 		-
- - -
- -
- - - -
-
- - "$PORTAL_MESSAGE$",

-
- 		-
- - -
- -
- - - -
-
- -
  - "; ?> - " onclick="enable_change(true)" /> - " onclick="enable_change(true)" /> -
 
-
-
-
-
-
-
-
-
-
- - - diff --git a/src/www/services_captiveportal_filemanager.php b/src/www/services_captiveportal_filemanager.php deleted file mode 100644 index c35b10d7d..000000000 --- a/src/www/services_captiveportal_filemanager.php +++ /dev/null @@ -1,261 +0,0 @@ - $captiveportal_element_sizelimit) { - $input_errors[] = gettext("The total size of all files uploaded may not exceed ") . - format_bytes($captiveportal_element_sizelimit) . "."; - } - - if (!$input_errors) { - $element = array(); - $element['name'] = $name; - $element['size'] = $size; - $element['content'] = base64_encode(file_get_contents($_FILES['new']['tmp_name'])); - - $a_element[] = $element; - cpelements_sort(); - - write_config(); - captiveportal_write_elements(); - header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); - exit; - } - } -} elseif (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) { - @unlink("/var/db/cpelements/" . $a_element[$_GET['id']]['name']); - @unlink("/usr/local/captiveportal/" . $a_element[$_GET['id']]['name']); - unset($a_element[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_filemanager.php?zone={$cpzone}"); - exit; -} - -include("head.inc"); - -$main_buttons = array( - array('label'=>gettext('add file'), 'href'=>'services_captiveportal_filemanager.php?zone='.$cpzone.'&act=add'), -); - - -?> - - - - - -
-
-
- - 0) { - print_input_errors($input_errors); -} ?> - -
- - - -
- -
- -
- - - - -
- - - - - - - - - -
Upload file
" /> - Cancel - -
-
-
- - - - - -
- - - - - - - - - - - - - - - 0) : -?> - - - - - - - -
- -
- ')"> - "> -
-
- - -
- -

- <img src="captiveportal-test.jpg" width=... height=...> -

- -

- <a href="/captiveportal-aup.php?zone=$PORTAL_ZONE$&redirurl=$PORTAL_REDIRURL$"></a> -

- - -
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_GET['act'] == "del") { - $a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; - if ($a_allowedips[$_GET['id']]) { - $ipent = $a_allowedips[$_GET['id']]; - unset($a_allowedips[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_ip.php?zone={$cpzone}"); - exit; - } -} - - -include("head.inc"); - -$main_buttons = array( - array('label'=>'Add IP address', 'href'=>'services_captiveportal_ip_edit.php?zone='.$cpzone), -); - - -?> - - - - - -
-
-
- - - -
- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - -
- -
- "; - } - if ($ip['dir'] == "both") { - echo " "; - } - echo strtolower($ip['ip']); - if ($ip['sn'] != "32" && is_numeric($ip['sn'])) { - $sn = $ip['sn']; - echo "/$sn"; - } - if ($ip['dir'] == "from") { - echo " any"; - } - - ?> - -   - - ')" class="btn btn-default btn-xs">

-
- -

- 		 
-
-
-
-
-
-
-
-
- - - Copyright (C) 2004 Dinesh Nair - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -function allowedipscmp($a, $b) -{ - return strcmp($a['ip'], $b['ip']); -} - -function allowedips_sort() -{ - global $g, $config, $cpzone; - - usort($config['captiveportal'][$cpzone]['allowedip'], "allowedipscmp"); -} - -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit allowed IP address")); -$shortcut_section = "captiveportal"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (!is_array($config['captiveportal'][$cpzone]['allowedip'])) { - $config['captiveportal'][$cpzone]['allowedip'] = array(); -} -$a_allowedips =& $config['captiveportal'][$cpzone]['allowedip']; - -if (isset($id) && $a_allowedips[$id]) { - $pconfig['ip'] = $a_allowedips[$id]['ip']; - $pconfig['sn'] = $a_allowedips[$id]['sn']; - $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; - $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; - $pconfig['descr'] = $a_allowedips[$id]['descr']; -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "ip sn"); - $reqdfieldsn = array(gettext("Allowed IP address"), gettext("Subnet mask")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) { - $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['ip']); - } - - if ($_POST['sn'] && (!is_numeric($_POST['sn']) || ($_POST['sn'] < 1) || ($_POST['sn'] > 32))) { - $input_errors[] = gettext("A valid subnet mask must be specified"); - } - - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { - $input_errors[] = gettext("Upload speed needs to be an integer"); - } - - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { - $input_errors[] = gettext("Download speed needs to be an integer"); - } - - foreach ($a_allowedips as $ipent) { - if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) { - continue; - } - - if ($ipent['ip'] == $_POST['ip']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['ip'], gettext("already allowed")) ; - break ; - } - } - - if (!$input_errors) { - $ip = array(); - $ip['ip'] = $_POST['ip']; - $ip['sn'] = $_POST['sn']; - $ip['descr'] = $_POST['descr']; - if ($_POST['bw_up']) { - $ip['bw_up'] = $_POST['bw_up']; - } - if ($_POST['bw_down']) { - $ip['bw_down'] = $_POST['bw_down']; - } - if (isset($id) && $a_allowedips[$id]) { - $oldip = $a_allowedips[$id]['ip']; - if (!empty($a_allowedips[$id]['sn'])) { - $oldmask = $a_allowedips[$id]['sn']; - } else { - $oldmask = 32; - } - $a_allowedips[$id] = $ip; - } else { - $a_allowedips[] = $ip; - } - allowedips_sort(); - - write_config(); - - if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) { - $rules = ""; - $cpzoneid = $a_cp[$cpzone]['zoneid']; - unset($ipfw); - captiveportal_allowedip_configure_entry($ip); - $uniqid = uniqid("{$cpzone}_allowed"); - } - - header("Location: services_captiveportal_ip.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); - -?> - - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
- -
- -
- - - - - - - - - - - - - - - - - -
- - / -
- . -
- -
. -
  - " /> - - - - -
-
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -global $cpzone; -global $cpzoneid; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal"; - -if ($_POST) { - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - - $rules = captiveportal_passthrumac_configure(); - $savemsg = get_std_save_message(); - if ($retval == 0) { - clear_subsystem_dirty('passthrumac'); - } - } - - if ($_POST['postafterlogin']) { - if (!is_array($a_passthrumacs)) { - echo gettext("No entry exists yet!") ."\n"; - exit; - } - if (empty($_POST['zone'])) { - echo gettext("Please set the zone on which the operation should be allowed"); - exit; - } - if (!is_array($a_cp[$cpzone]['passthrumac'])) { - $a_cp[$cpzone]['passthrumac'] = array(); - } - $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; - - if ($_POST['username']) { - $mac = captiveportal_passthrumac_findbyname($_POST['username']); - if (!empty($mac)) { - $_POST['delmac'] = $mac['mac']; - } else { - echo gettext("No entry exists for this username:") . " " . $_POST['username'] . "\n"; - } - } - if ($_POST['delmac']) { - $found = false; - foreach ($a_passthrumacs as $idx => $macent) { - if ($macent['mac'] == $_POST['delmac']) { - $found = true; - break; - } - } - if ($found == true) { - $cpzoneid = $a_cp[$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($a_passthrumacs[$idx]); - unset($a_passthrumacs[$idx]); - write_config(); - echo gettext("The entry was sucessfully deleted") . "\n"; - } else { - echo gettext("No entry exists for this mac address:") . " " . $_POST['delmac'] . "\n"; - } - } - exit; - } -} - -if ($_GET['act'] == "del") { - $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; - if ($a_passthrumacs[$_GET['id']]) { - $cpzoneid = $a_cp[$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($a_passthrumacs[$_GET['id']]); - unset($a_passthrumacs[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_mac.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); - -$main_buttons = array( - array('label'=>gettext("add host"), 'href'=>'services_captiveportal_mac_edit.php?zone='.$cpzone), -); -?> - - - - -
-
-
- - -

- You must apply the changes in order for them to take effect."));?>
- - -

- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - - - -
- icon - - - -   - - -   - ')" class="btn btn-default btn-xs"> -
- -
- - - 		 
-
-
-
-
-
- -
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("interfaces.inc"); - -function passthrumacscmp($a, $b) -{ - return strcmp($a['mac'], $b['mac']); -} - -function passthrumacs_sort() -{ - global $config, $cpzone; - - usort($config['captiveportal'][$cpzone]['passthrumac'], "passthrumacscmp"); -} - -global $cpzone; -global $cpzoneid; - -$pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit MAC address rules")); -$shortcut_section = "captiveportal"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (!is_array($a_cp[$cpzone]['passthrumac'])) { - $a_cp[$cpzone]['passthrumac'] = array(); -} -$a_passthrumacs = &$a_cp[$cpzone]['passthrumac']; - -if (isset($id) && $a_passthrumacs[$id]) { - $pconfig['action'] = $a_passthrumacs[$id]['action']; - $pconfig['mac'] = $a_passthrumacs[$id]['mac']; - $pconfig['bw_up'] = $a_passthrumacs[$id]['bw_up']; - $pconfig['bw_down'] = $a_passthrumacs[$id]['bw_down']; - $pconfig['descr'] = $a_passthrumacs[$id]['descr']; - $pconfig['username'] = $a_passthrumacs[$id]['username']; -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "action mac"); - $reqdfieldsn = array(gettext("Action"), gettext("MAC address")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); - - if ($_POST['mac']) { - if (is_macaddr($_POST['mac'])) { - $iflist = get_interface_list(); - foreach ($iflist as $if) { - if ($_POST['mac'] == strtolower($if['mac'])) { - $input_errors[] = sprintf(gettext("The MAC address %s belongs to a local interface, you cannot use it here."), $_POST['mac']); - break; - } - } - } else { - $input_errors[] = sprintf("%s. [%s]", gettext("A valid MAC address must be specified"), $_POST['mac']); - } - } - if ($_POST['bw_up'] && !is_numeric($_POST['bw_up'])) { - $input_errors[] = gettext("Upload speed needs to be an integer"); - } - if ($_POST['bw_down'] && !is_numeric($_POST['bw_down'])) { - $input_errors[] = gettext("Download speed needs to be an integer"); - } - - foreach ($a_passthrumacs as $macent) { - if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent)) { - continue; - } - - if ($macent['mac'] == $_POST['mac']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['mac'], gettext("already exists")); - break; - } - } - - if (!$input_errors) { - $mac = array(); - $mac['action'] = $_POST['action']; - $mac['mac'] = $_POST['mac']; - if ($_POST['bw_up']) { - $mac['bw_up'] = $_POST['bw_up']; - } - if ($_POST['bw_down']) { - $mac['bw_down'] = $_POST['bw_down']; - } - if ($_POST['username']) { - $mac['username'] = $_POST['username']; - } - - $mac['descr'] = $_POST['descr']; - - if (isset($id) && $a_passthrumacs[$id]) { - $oldmac = $a_passthrumacs[$id]; - $a_passthrumacs[$id] = $mac; - } else { - $oldmac = $mac; - $a_passthrumacs[] = $mac; - } - passthrumacs_sort(); - - write_config(); - - if (isset($config['captiveportal'][$cpzone]['enable'])) { - $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; - captiveportal_passthrumac_delete_entry($oldmac); - captiveportal_passthrumac_configure_entry($mac); - unset($cpzoneid); - } - - header("Location: services_captiveportal_mac.php?zone={$cpzone}"); - exit; - } -} -include("head.inc"); -?> - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - -
- -
- . -
- - - -
-
- -
- . -
  - " /> - - - - - - - -
-
-
-
-
-
-
-
- - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -if ($_POST['postafterlogin']) { - $nocsrf = true; -} - -require_once('guiconfig.inc'); -require_once('interfaces.inc'); -require_once('captiveportal.inc'); -require_once("services.inc"); -require_once("pfsense-utils.inc"); - -function voucher_unlink_db($roll) -{ - global $cpzone; - - @unlink("/var/db/voucher_{$cpzone}_used_{$roll}.db"); - @unlink("/var/db/voucher_{$cpzone}_active_{$roll}.db"); -} - - -$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/services_captiveportal_vouchers.php'); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -function generatekey($exponent) -{ - $ret = array(); - - /* generate a random 64 bit RSA key pair using the voucher binary */ - $fd = popen(sprintf('/usr/local/bin/voucher -g 64 -e %s', $exponent), 'r'); - if ($fd !== false) { - $output = fread($fd, 16384); - pclose($fd); - list($privkey, $pubkey) = explode("\0", $output); - $ret['priv'] = $privkey; - $ret['pub'] = $pubkey; - } - - return $ret; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (!is_array($config['voucher'])) { - $config['voucher'] = array(); -} - -if (empty($a_cp[$cpzone])) { - log_error("Submission on captiveportal page with unknown zone parameter: " . htmlspecialchars($cpzone)); - header("Location: services_captiveportal_zones.php"); - exit; -} - - -$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -if (!isset($config['voucher'][$cpzone]['charset'])) { - $config['voucher'][$cpzone]['charset'] = '2345678abcdefhijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'; -} -if (!isset($config['voucher'][$cpzone]['rollbits'])) { - $config['voucher'][$cpzone]['rollbits'] = 16; -} -if (!isset($config['voucher'][$cpzone]['ticketbits'])) { - $config['voucher'][$cpzone]['ticketbits'] = 10; -} -if (!isset($config['voucher'][$cpzone]['checksumbits'])) { - $config['voucher'][$cpzone]['checksumbits'] = 5; -} -if (!isset($config['voucher'][$cpzone]['magic'])) { - $config['voucher'][$cpzone]['magic'] = rand(); // anything slightly random will do -}if (!isset($config['voucher'][$cpzone]['exponent'])) { - while (true) { - while (($exponent = rand()) % 30000 < 5000) { - continue; - } - $exponent = ($exponent * 2) + 1; // Make it odd number - if ($exponent <= 65537) { - break; - } - } - $config['voucher'][$cpzone]['exponent'] = $exponent; - unset($exponent); -} - -if ($_REQUEST['generatekey']) { - $key = generatekey($config['voucher'][$cpzone]['exponent']); - - $alertmessage = gettext( - 'You will need to recreate any existing Voucher Rolls due ' . - 'to the public and private key changes. Click cancel if you ' . - 'do not wish to recreate the vouchers.' - ); - - echo json_encode(array( - 'alertmessage' => $alertmessage, - 'privatekey' => $key['priv'], - 'publickey' => $key['pub'], - )); - - exit; -} - -if (!isset($config['voucher'][$cpzone]['publickey'])) { - $key = generatekey($config['voucher'][$cpzone]['exponent']); - $config['voucher'][$cpzone]['publickey'] = base64_encode($key['pub']); - $config['voucher'][$cpzone]['privatekey'] = base64_encode($key['priv']); -} - -// Check for invalid or expired vouchers -if (!isset($config['voucher'][$cpzone]['descrmsgnoaccess'])) { - $config['voucher'][$cpzone]['descrmsgnoaccess'] = gettext("Voucher invalid"); -} -if (!isset($config['voucher'][$cpzone]['descrmsgexpired'])) { - $config['voucher'][$cpzone]['descrmsgexpired'] = gettext("Voucher expired"); -} - -$a_roll = &$config['voucher'][$cpzone]['roll']; - -if ($_GET['act'] == "del") { - $id = $_GET['id']; - if ($a_roll[$id]) { - $roll = $a_roll[$id]['number']; - $voucherlck = lock("voucher{$cpzone}"); - unset($a_roll[$id]); - voucher_unlink_db($roll); - unlock($voucherlck); - write_config(); - } - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; -} /* print all vouchers of the selected roll */ -elseif ($_GET['act'] == "csv") { - $privkey = base64_decode($config['voucher'][$cpzone]['privatekey']); - if (strstr($privkey, "BEGIN RSA PRIVATE KEY")) { - $fd = fopen("/var/etc/voucher_{$cpzone}.private", "w"); - if (!$fd) { - $input_errors[] = gettext("Cannot write private key file") . ".\n"; - } else { - chmod("/var/etc/voucher_{$cpzone}.private", 0600); - fwrite($fd, $privkey); - fclose($fd); - $a_voucher = &$config['voucher'][$cpzone]['roll']; - $id = $_GET['id']; - if (isset($id) && $a_voucher[$id]) { - $number = $a_voucher[$id]['number']; - $count = $a_voucher[$id]['count']; - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename=vouchers_{$cpzone}_roll{$number}.csv"); - if (file_exists("/var/etc/voucher_{$cpzone}.cfg")) { - system("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -p /var/etc/voucher_{$cpzone}.private $number $count"); - } - @unlink("/var/etc/voucher_{$cpzone}.private"); - } else { - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - } - exit; - } - } else { - $input_errors[] = gettext("Need private RSA key to print vouchers") . "\n"; - } -} - -$pconfig['enable'] = isset($config['voucher'][$cpzone]['enable']); -$pconfig['charset'] = $config['voucher'][$cpzone]['charset']; -$pconfig['rollbits'] = $config['voucher'][$cpzone]['rollbits']; -$pconfig['ticketbits'] = $config['voucher'][$cpzone]['ticketbits']; -$pconfig['checksumbits'] = $config['voucher'][$cpzone]['checksumbits']; -$pconfig['magic'] = $config['voucher'][$cpzone]['magic']; -$pconfig['exponent'] = $config['voucher'][$cpzone]['exponent']; -$pconfig['publickey'] = base64_decode($config['voucher'][$cpzone]['publickey']); -$pconfig['privatekey'] = base64_decode($config['voucher'][$cpzone]['privatekey']); -$pconfig['msgnoaccess'] = $config['voucher'][$cpzone]['descrmsgnoaccess']; -$pconfig['msgexpired'] = $config['voucher'][$cpzone]['descrmsgexpired']; - -if ($_POST) { - unset($input_errors); - - if ($_POST['postafterlogin']) { - voucher_expire($_POST['voucher_expire']); - exit; - } - - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable'] == "yes") { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - } - - // Check for form errors - if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) { - $input_errors[] = gettext("Need at least 2 characters to create vouchers."); - } - if ($_POST['charset'] && (strpos($_POST['charset'], "\"")>0)) { - $input_errors[] = gettext("Double quotes aren't allowed."); - } - if ($_POST['charset'] && (strpos($_POST['charset'], ",")>0)) { - $input_errors[] = "',' " . gettext("aren't allowed."); - } - if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) { - $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); - } - if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) { - $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); - } - if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) { - $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - } - if ($_POST['publickey'] && (!strstr($_POST['publickey'], "BEGIN PUBLIC KEY"))) { - $input_errors[] = gettext("This doesn't look like an RSA Public key."); - } - if ($_POST['privatekey'] && (!strstr($_POST['privatekey'], "BEGIN RSA PRIVATE KEY"))) { - $input_errors[] = gettext("This doesn't look like an RSA Private key."); - } - if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) { - $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); - } - - if (!$input_errors) { - if (empty($config['voucher'][$cpzone])) { - $newvoucher = array(); - } else { - $newvoucher = $config['voucher'][$cpzone]; - } - if ($_POST['enable'] == "yes") { - $newvoucher['enable'] = true; - } else { - unset($newvoucher['enable']); - } - - $newvoucher['charset'] = $_POST['charset']; - $newvoucher['rollbits'] = $_POST['rollbits']; - $newvoucher['ticketbits'] = $_POST['ticketbits']; - $newvoucher['checksumbits'] = $_POST['checksumbits']; - $newvoucher['magic'] = $_POST['magic']; - $newvoucher['exponent'] = $_POST['exponent']; - $newvoucher['publickey'] = base64_encode($_POST['publickey']); - $newvoucher['privatekey'] = base64_encode($_POST['privatekey']); - $newvoucher['descrmsgnoaccess'] = $_POST['msgnoaccess']; - $newvoucher['descrmsgexpired'] = $_POST['msgexpired']; - $config['voucher'][$cpzone] = $newvoucher; - write_config(); - voucher_configure_zone(); - - if (!$input_errors) { - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; - } - } -} -$closehead = false; -include("head.inc"); - -if ($pconfig['enable']) { - $main_buttons = array( - array('label'=>gettext("add voucher"), 'href'=>'services_captiveportal_vouchers_edit.php?zone='.$cpzone), - ); -} - -?> - - - - - - - -
-
-
- - 0) { - print_input_errors($input_errors); -} ?> - - -
- - - -
- -
- -
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - onclick="enable_change(false)" /> - -
- - - - - - - - - - - - - - - - - - - - -
##
-   - -   - -   - -   - - -
- - - - - -
- - - -
- .
- -
- .
- -
- -
# - -
- -
# - -
- -
# - -
- -
- -
- -
- -
($PORTAL_MESSAGE$). -
- -
($PORTAL_MESSAGE$). -
  -   -
  - - - " onclick="enable_change(true); before_save();" /> - " onclick="window.location.href=''" /> -

-
- -
- -

-
-
-
-
-
-
-
-
-
- - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$pgtitle = array(gettext("Services"), gettext("Captive portal"), gettext("Edit Voucher Rolls")); -$shortcut_section = "captiveportal-vouchers"; - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -if (!is_array($config['voucher'])) { - $config['voucher'] = array(); -} - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = &$config['voucher'][$cpzone]['roll']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -if (isset($id) && $a_roll[$id]) { - $pconfig['zone'] = $a_roll[$id]['zone']; - $pconfig['number'] = $a_roll[$id]['number']; - $pconfig['count'] = $a_roll[$id]['count']; - $pconfig['minutes'] = $a_roll[$id]['minutes']; - $pconfig['descr'] = $a_roll[$id]['descr']; -} - -$maxnumber = (1<<$config['voucher'][$cpzone]['rollbits']) -1; // Highest Roll# -$maxcount = (1<<$config['voucher'][$cpzone]['ticketbits']) -1; // Highest Ticket# - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "number count minutes"); - $reqdfieldsn = array(gettext("Number"),gettext("Count"),gettext("minutes")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - // Look for duplicate roll # - foreach ($a_roll as $re) { - if ($re['number'] == $_POST['number']) { - $input_errors[] = sprintf(gettext("Roll number %s already exists."), $_POST['number']); - break; - } - } - - if (!is_numeric($_POST['number']) || $_POST['number'] >= $maxnumber) { - $input_errors[] = sprintf(gettext("Roll number must be numeric and less than %s"), $maxnumber); - } - - if (!is_numeric($_POST['count']) || $_POST['count'] < 1 || $_POST['count'] > $maxcount) { - $input_errors[] = sprintf(gettext("A roll has at least one voucher and less than %s."), $maxcount); - } - - if (!is_numeric($_POST['minutes']) || $_POST['minutes'] < 1) { - $input_errors[] = gettext("Each voucher must be good for at least 1 minute."); - } - - if (!$input_errors) { - if (isset($id) && $a_roll[$id]) { - $rollent = $a_roll[$id]; - } - - $rollent['zone'] = $_POST['zone']; - $rollent['number'] = $_POST['number']; - $rollent['minutes'] = $_POST['minutes']; - $rollent['descr'] = $_POST['descr']; - - /* New Roll or modified voucher count: create bitmask */ - $voucherlck = lock("voucher{$cpzone}"); - if ($_POST['count'] != $rollent['count']) { - $rollent['count'] = $_POST['count']; - $len = ($rollent['count']>>3) + 1; // count / 8 +1 - $rollent['used'] = base64_encode(str_repeat("\000", $len)); // 4 bitmask - $rollent['active'] = array(); - voucher_write_used_db($rollent['number'], $rollent['used']); - voucher_write_active_db($rollent['number'], array()); // create empty DB - voucher_log(LOG_INFO, sprintf(gettext('All %1$s vouchers from Roll %2$s marked unused'), $rollent['count'], $rollent['number'])); - } else { - // existing roll has been modified but without changing the count - // read active and used DB from ramdisk and store it in XML config - $rollent['used'] = base64_encode(voucher_read_used_db($rollent['number'])); - $activent = array(); - $db = array(); - $active_vouchers = voucher_read_active_db($rollent['number'], $rollent['minutes']); - foreach ($active_vouchers as $voucher => $line) { - list($timestamp, $minutes) = explode(",", $line); - $activent['voucher'] = $voucher; - $activent['timestamp'] = $timestamp; - $activent['minutes'] = $minutes; - $db[] = $activent; - } - $rollent['active'] = $db; - } - unlock($voucherlck); - - if (isset($id) && $a_roll[$id]) { - $a_roll[$id] = $rollent; - } else { - $a_roll[] = $rollent; - } - - write_config(); - - header("Location: services_captiveportal_vouchers.php?zone={$cpzone}"); - exit; - } -} - -include("head.inc"); -?> - - - - - -
- -
- -
- - 0) { - print_input_errors($input_errors); -} ?> - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - -
# - -
- # (0..) . -
- -
- . -
- -
- (1..) . -
- -
- . -
  - " /> - - - - -
-
-
-
-
-
-
-
- -'services_captiveportal_zones_edit.php', 'label'=>gettext("add a new captiveportal instance")), -); - -?> - - - - -
-
-
- - -

- " . gettext("You must apply the changes in order for them to take effect."));?> - - -

- -
- -
- -
- - - - - - - - - - $cpitem) : - if (!is_array($cpitem)) { - continue; - } - ?> - - - - - - - - -
- -
- - - - - countClients() ; - ?> - -   - - " class="btn btn-default btn-xs"> - ')" title="" class="btn btn-default btn-xs"> -
-
-
-
-
-
-
-
- $cpent) { - if ($cpent['zone'] == $_POST['zone']) { - $input_errors[] = sprintf("[%s] %s.", $_POST['zone'], gettext("already exists")); - break; - } - } - - if (!$input_errors) { - $cpzone = strtolower($_POST['zone']); - $a_cp[$cpzone] = array(); - $a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']); - $a_cp[$cpzone]['descr'] = $_POST['descr']; - $a_cp[$cpzone]['localauth_priv'] = true; - write_config(); - - header("Location: services_captiveportal.php?zone={$cpzone}"); - exit; - } -} -include("head.inc"); -?> - - - - -
-
- -
- - 0) { - print_input_errors($input_errors); -} ?> - -
- -
-
-

-
- -
- -
- -
- - - - - - - - - - - - - -
- -
- -
- -
- . -
  - " /> -
-
-
-
-
-
-
-
-
- - $cpdata) { - if (!isset($cpdata['enable'])) - continue; - if (!isset($cpdata['timeout']) || !is_numeric($cpdata['timeout'])) - continue; - $cp_ifs = explode(',', $cpdata['interface']); - if (!in_array($if, $cp_ifs)) - continue; - if ($cpdata['timeout'] > $deftime) - $input_errors[] = sprintf(gettext( - "The Captive Portal zone '%s' has Hard Timeout parameter set to a value bigger than Default lease time (%s)."), $cpZone, $deftime); - } - } - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) diff --git a/src/www/shortcuts.inc b/src/www/shortcuts.inc index 10fd50ead..c6ed58207 100644 --- a/src/www/shortcuts.inc +++ b/src/www/shortcuts.inc @@ -76,12 +76,6 @@ function get_shortcut_main_link($shortcut_section, $addspace = true, $service = else $link = $shortcuts[$shortcut_section]['main']; break; - case "captiveportal": - if (!empty($service['zone'])) - $link = "services_captiveportal.php?zone={$service['zone']}"; - else - $link = $shortcuts[$shortcut_section]['main']; - break; default: $link = $shortcuts[$shortcut_section]['main']; break; @@ -94,35 +88,29 @@ function get_shortcut_main_link($shortcut_section, $addspace = true, $service = } } -function get_shortcut_status_link($shortcut_section, $addspace = true, $service = array()) { - global $g, $shortcuts, $cpzone; - if(empty($shortcut_section)) - return ""; - $space = ($addspace) ? " " : "" ; - if (!empty($cpzone)) - $zone = $cpzone; - elseif (!empty($service['zone'])) - $zone = $service['zone']; - switch ($shortcut_section) { - case "captiveportal": - if (!empty($zone)) - $link = "status_captiveportal.php?zone={$zone}"; - else - $link = $shortcuts[$shortcut_section]['status']; - break; - default: - if (isset($shortcuts[$shortcut_section]['status'])) { - $link = $shortcuts[$shortcut_section]['status']; - } else { - $link = null; - } - break; +function get_shortcut_status_link($shortcut_section, $addspace = true, $service = array()) +{ + global $g, $shortcuts; + + if (empty($shortcut_section)) { + return ''; } - if(!empty($link)) - if (strtok($_SERVER['REQUEST_URI'],'?') != "/status_services.php") + + $space = ($addspace) ? " " : "" ; + + if (isset($shortcuts[$shortcut_section]['status'])) { + $link = $shortcuts[$shortcut_section]['status']; + } else { + $link = null; + } + + if (!empty($link)) { + if (strtok($_SERVER['REQUEST_URI'],'?') != "/status_services.php") { return "{$space}Status"; - else + } else { return "{$space}"; + } + } } function get_shortcut_log_link($shortcut_section, $addspace = true) { @@ -155,17 +143,6 @@ $shortcuts['relayd-virtualservers']['log'] = "diag_logs_relayd.php"; $shortcuts['relayd-virtualservers']['status'] = "status_lb_vs.php"; $shortcuts['relayd-virtualservers']['service'] = "relayd"; -$shortcuts['captiveportal'] = array(); -$shortcuts['captiveportal']['main'] = "services_captiveportal_zones.php"; -$shortcuts['captiveportal']['log'] = "diag_logs_auth.php"; -$shortcuts['captiveportal']['status'] = "status_captiveportal.php"; -$shortcuts['captiveportal']['service'] = "captiveportal"; - -$shortcuts['captiveportal-vouchers'] = array(); -$shortcuts['captiveportal-vouchers']['log'] = "diag_logs_auth.php"; -$shortcuts['captiveportal-vouchers']['status'] = "status_captiveportal_vouchers.php"; -$shortcuts['captiveportal-vouchers']['service'] = "captiveportal"; - $shortcuts['dhcp'] = array(); $shortcuts['dhcp']['main'] = "services_dhcp.php"; $shortcuts['dhcp']['log'] = "diag_logs_dhcp.php"; diff --git a/src/www/status.php b/src/www/status.php index ff481b8f4..f1b439634 100644 --- a/src/www/status.php +++ b/src/www/status.php @@ -119,9 +119,7 @@ defCmdT("top | head -n5", "/usr/bin/top | /usr/bin/head -n5"); defCmdT("sysctl hw.physmem","/sbin/sysctl hw.physmem"); -if (isset($config['captiveportal'])) { - defCmdT("ipfw show", "/sbin/ipfw show"); -} +defCmdT("ipfw show", "/sbin/ipfw show"); defCmdT("pfctl -sn", "/sbin/pfctl -sn"); defCmdT("pfctl -sr", "/sbin/pfctl -sr"); diff --git a/src/www/status_captiveportal.php b/src/www/status_captiveportal.php deleted file mode 100644 index 658f58487..000000000 --- a/src/www/status_captiveportal.php +++ /dev/null @@ -1,227 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); -require_once("pfsense-utils.inc"); -require_once("interfaces.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - -if ($_GET['act'] == "del" && !empty($cpzone)) { - captiveportal_disconnect_client($_GET['id']); - header("Location: status_captiveportal.php?zone={$cpzone}"); - exit; -} - -$pgtitle = array(gettext("Status: Captive portal")); -$shortcut_section = "captiveportal"; - -if (!is_array($config['captiveportal'])) - $config['captiveportal'] = array(); -$a_cp =& $config['captiveportal']; - -if (count($a_cp) == 1) - $cpzone = current(array_keys($a_cp)); - -include("head.inc"); - -?> - - -listClients(array(),"and",array($order) ) ; - if ($_GET['showact']) { - $accounting_info = $cpclient_handle->listAccounting(); - } - else { - $accounting_info = array() ; - } -} -else { - $cpdb = array() ; -} - - -// Load MAC-Manufacturer table -$mac_man = load_mac_manufacturer_table(); - -?> - - - - - - - -
-
-
- - - -
- - - - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ip,$accounting_info) ) $last_act = $accounting_info[$cpent->ip]['last_accessed'] ; - else $last_act=0; - ?> - - - - - - - -
-


- 		- 1) { ?> - - -
- - -

ip;?> - mac); - if (!empty($mac)) { - $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); - print htmlentities($mac); - if(isset($mac_man[$mac_hi])){ print "
{$mac_man[$mac_hi]}"; } - } - ?>  - 		username);?> allow_time));?> - ')" title=""> -
- -
- - -
- - - - - " /> - - - " /> - - - -
- -
-
-
-
-
-
- - - diff --git a/src/www/status_captiveportal_expire.php b/src/www/status_captiveportal_expire.php deleted file mode 100644 index a9eff6b3a..000000000 --- a/src/www/status_captiveportal_expire.php +++ /dev/null @@ -1,126 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Expire Vouchers"), $a_cp[$cpzone]['zone']); - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - -
- -
- .
  - - " /> -
- - \n"; - if ($result) { - echo "\"pass\""; - echo "Success"; - } else { - echo "\"block\""; - echo "Error"; - } - echo ""; - } - } - -?> -
-
-
-
-
-
-
-
- - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Test Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - -
- -
- .
  - - " /> -
- -
-\n"; - foreach ($test_results as $result) { - if (strpos($result, " good ") || strpos($result, " granted ")) { - echo ""; - echo "$result"; - } else { - echo ""; - echo "$result"; - } - } - echo ""; - } -} -?> -
-
-
-
-
-
-
-
- - - -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -/* return how many vouchers are marked used on a roll */ -function voucher_used_count($roll) { - global $g, $cpzone; - - $bitstring = voucher_read_used_db($roll); - $max = strlen($bitstring) * 8; - $used = 0; - for ($i = 1; $i <= $max; $i++) { - // check if ticket already used or not. - $pos = $i >> 3; // divide by 8 -> octet - $mask = 1 << ($i % 8); // mask to test bit in octet - if (ord($bitstring[$pos]) & $mask) - $used++; - } - unset($bitstring); - - return $used; -} - - - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Voucher Rolls"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = &$config['voucher'][$cpzone]['roll']; - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - -
-   - -   - -   - -   - -   - -   - -   -
-
-
-
-
-
-
-
-
- -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("captiveportal.inc"); -require_once("services.inc"); - -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) { - $cpzone = $_POST['zone']; -} - -if (empty($cpzone)) { - header("Location: status_captiveportal.php"); - exit; -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; -$pgtitle = array(gettext("Status"), gettext("Captive portal"), gettext("Vouchers"), $a_cp[$cpzone]['zone']); -$shortcut_section = "captiveportal-vouchers"; - -function clientcmp($a, $b) -{ - global $order; - return strcmp($a[$order], $b[$order]); -} - -if (!is_array($config['voucher'][$cpzone]['roll'])) { - $config['voucher'][$cpzone]['roll'] = array(); -} -$a_roll = $config['voucher'][$cpzone]['roll']; - -$db = array(); - -foreach ($a_roll as $rollent) { - $roll = $rollent['number']; - $minutes = $rollent['minutes']; - - if (!file_exists("/var/db/voucher_{$cpzone}_active_{$roll}.db")) { - continue; - } - - $active_vouchers = file("/var/db/voucher_{$cpzone}_active_{$roll}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - foreach ($active_vouchers as $voucher => $line) { - list($voucher,$timestamp, $minutes) = explode(",", $line); - $remaining = (($timestamp + 60*$minutes) - time()); - if ($remaining > 0) { - $dbent[0] = $voucher; - $dbent[1] = $roll; - $dbent[2] = $timestamp; - $dbent[3] = intval($remaining/60); - $dbent[4] = $timestamp + 60*$minutes; // expires at - $db[] = $dbent; - } - } -} - -if ($_GET['order']) { - $order = $_GET['order']; - usort($db, "clientcmp"); -} - -include("head.inc"); -?> - - - - - - -
-
-
- -
- - - -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - -
-
-
-
-
-
-
-
-
- - IPsec Tunnel
- - Captive Portal
- - - Synchronize Captive Portal - - /> - Automatically sync the Captive Portal configuration to the other HA host when changes are made. - -   diff --git a/src/www/widgets/include/captiveportal.inc b/src/www/widgets/include/captiveportal.inc deleted file mode 100644 index 9d3e068ce..000000000 --- a/src/www/widgets/include/captiveportal.inc +++ /dev/null @@ -1,3 +0,0 @@ - - ******************************************************************************/ - -/***** Global data ************************************************************/ - -var gl_graphCount = 0; // Number of graphs on the current page - -/***** Constants **************************************************************/ - -var GL_START = 0; -var GL_END = 1; -var GL_STATIC = 0; -var GL_DYNAMIC = 1; - -/***** Public functions *******************************************************/ - -/** - * Creates a graph and returns the graph data structure which can later be - * manipulated using the other graph functions. - * - * element_id - DOM element id (should be a DIV) that will contain the graph. - * width - The width of the graph in pixels. - * height - Height of the graph in pixels. - * bar_width - Width of each bar on the graph. This number should divide width - * evenly, or else width will be adjusted to meet this requirement. - * General formula to keep in mind: - * Smaller bar width = more bars = higher CPU usage on client-side. - * - * Returns graph data structure on success, false on error. - */ -function GraphInitialize(element_id, width, height, bar_width) { - // Find the page element which will contain the graph - var owner; - if((owner = jQuery('#' + element_id)) == null) { - alert("GraphLink Error: Element ID '" + element_id + "' not found."); - return false; - } - - // Make sure width is divisible by bar_width - if(width / bar_width != Math.floor(width / bar_width)) - width = Math.floor(width / bar_width) * bar_width; - - var bar_count = width / bar_width; - - // Create the graph data structure - var graph = new Array(); - graph['id'] = gl_graphCount; // ID used to separate elements of one graph from those of another - graph['width'] = width; // Graph width - graph['height'] = height; // Graph height - graph['bar_count'] = bar_count; // Number of bars on the graph - graph['scale_type'] = GL_STATIC; // How the graph is scaled - graph['scale'] = 1; // Multiplier for the bar height - graph['max'] = 0; // Largest value currently on the graph - graph['vmax'] = height; // Virtual graph maximum - graph['spans'] = new Array(bar_count); // References to all the spans for each graph - graph['vals'] = new Array(bar_count); // The height of each bar on the graph, actually it's (graph height - bar height) - gl_graphCount++; - - // Build the graph (x)html - var graph_html = ''; - graph_html += '
'; - - for(var i = 0; i < bar_count; i++) { - graph['vals'][i] = height; - graph_html += ''; - } - - graph_html += '
'; - owner.html(graph_html); - graph['element_id'] = jQuery('#GraphLinkData' + graph['id']); - - for(i = 0; i < bar_count; i++) { - graph['spans'][i] = jQuery('#GraphLinkBar' + graph['id'] + '_' + i); - graph['spans'][i].css('width',bar_width + 'px'); - graph['spans'][i].css('margin-top',height + 'px'); - } - - return graph; -} - -/** - * Adds a new value to a graph. - * - * graph - Graph object to which to add the new value. - * value - Value to add. - * where - (optional) GL_START (0) or GL_END (1), depending on where you want - * the new value to appear. GL_START will add the value on the left - * of the graph, GL_END will add it on the right (default). - */ -function GraphValue(graph, value, where) { - if(typeof(where) == 'undefined') - where = GL_END; - - var rescale = false; - var lost = 0; - - if(value < 0) - value = 0; - - if(graph['scale_type'] == GL_DYNAMIC && value > graph['max']) - rescale = true; - - if(graph['scale_type'] == GL_STATIC) { - if(value > graph['vmax']) - value = graph['vmax']; - value = Math.round(value * graph['scale']); - } - - if(where == GL_START) { - graph['vals'].unshift(graph['height'] - value); - lost = graph['vals'].pop(); - } - else { - graph['vals'].push(graph['height'] - value); - lost = graph['vals'].shift(); - } - - if(graph['scale_type'] == GL_DYNAMIC && (graph['height'] - lost) == graph['max']) - rescale = true; - - if(rescale) - GraphAdjustScale(graph) - - GraphDraw(graph); -} - -/** - * Sets a virtual maximum for the graph allowing you to have non-scaled graphs - * that can show a value greater then the graph height. This function will - * automatically set the graph to a static scale mode, meaning that no values - * above the maximum will be permitted. If you need to have a graph with no - * pre-defined maximum, make it dynamic. Also note that if you set a vmax on a - * graph that has data larger than vmax, that data will be reduced. - * - * graph - Graph object for which to set virtual max. - * vmax - The virtual maximum value for the graph. - */ -function GraphSetVMax(graph, vmax) { - graph['scale_type'] = GL_STATIC; - graph['vmax'] = vmax; - - GraphAdjustScale(graph); - GraphDraw(graph); -} - -/** - * This function instructs the graph to be scaled according to what the maximum - * value is. That value is used as the graph maximum and is reevaluated whenever - * a new value is added, or the current maximum is removed. Dynamic scaling is a - * good way of showing data for which you don't know what the maximum will be, - * but it also is a bit more resource-intensive then statically scaled graphs. - * - * graph - Graph object for which to enable dynamic scaling. - */ -function GraphDynamicScale(graph) { - graph['scale_type'] = GL_DYNAMIC; - - GraphAdjustScale(graph); - GraphDraw(graph); -} - -/***** Private functions ******************************************************/ - -/** - * Checks if the current scale of the graph is still valid, or needs to be - * adjusted. - * - * graph - Graph object for which to check the scale. - */ -function GraphAdjustScale(graph) { - var limit = graph['bar_count']; - var new_max = 0; - var new_scale = 0; - var val = 0; - - if(graph['scale_type'] == GL_STATIC) { - new_max = graph['vmax']; - new_scale = graph['height'] / new_max; - - if(new_scale == graph['scale']) - return; - } - - for(var i = 0; i < limit; i++) { - if(graph['scale_type'] == GL_STATIC) { - val = (graph['height'] - graph['vals'][i]) * graph['scale']; - val = val * new_scale; - - if(val > new_max) - val = new_max; - - graph['vals'][i] = graph['height'] - Math.round(val * new_scale); - - } - else if((graph['height'] - graph['vals'][i]) > new_max) { - new_max = graph['height'] - graph['vals'][i]; - } - } - - - if(graph['scale_type'] == GL_STATIC) { - graph['scale'] = new_scale; - } - else { - if(new_max == 0) - graph['scale'] = 1; - else - graph['scale'] = graph['height'] / new_max; - - graph['max'] = new_max; - } -} - -/** - * Redraws the graph on the screen. - * - * graph - Graph object which needs to be re-drawn. - */ -function GraphDraw(graph) { - var count = graph['bar_count']; - - if(graph['scale_type'] == GL_STATIC) - var getMargin = function(i) { - return graph['vals'][i] + 'px'; - }; - else - var getMargin = function(i) { - var h = graph['height']; - var s = graph['scale']; - var v = graph['vals'][i]; - return (h - Math.round((h - v) * s)) + 'px'; - }; - - graph['spans'][count - 1].css("display", "none"); - - for(var i = 0; i < count; i++) - graph['spans'][i].css("marginTop", getMargin(i)); - -// jQuery('#' + graph['spans'][count - 1]).fadeIn(500); -} diff --git a/src/www/widgets/widgets/captive_portal_status.widget.php b/src/www/widgets/widgets/captive_portal_status.widget.php deleted file mode 100644 index 8c368d5f2..000000000 --- a/src/www/widgets/widgets/captive_portal_status.widget.php +++ /dev/null @@ -1,115 +0,0 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$nocsrf = true; - -require_once("guiconfig.inc"); -require_once("pfsense-utils.inc"); -require_once("captiveportal.inc"); - -if (($_GET['act'] == "del") && (!empty($_GET['zone']))) { - $cpzone = $_GET['zone']; - captiveportal_disconnect_client($_GET['id']); -} - -flush(); - -function clientcmp($a, $b) -{ - global $order; - return strcmp($a[$order], $b[$order]); -} - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); -} -$a_cp =& $config['captiveportal']; - -$cpdb_all = array(); - -foreach ($a_cp as $cpzone => $cp) { - $cpdb_handle = new OPNsense\CaptivePortal\DB($cpzone); - - $order = ""; - if ($_GET['order']) { - if ($_GET['order'] == "ip") { - $order = "ip"; - } elseif ($_GET['order'] == "mac") { - $order = "mac"; - } elseif ($_GET['order'] == "user") { - $order = "username"; - } - } - - $cpdb = $cpdb_handle->listClients(array(), "and", array($order)) ; - $cpdb_all[$cpzone] = $cpdb; -} - -?> - - - - - - - - - - - $cpdb) : -?> - - - - - - - - - - - - - -
IP addressMAC address
ip;?>mac;?> username;?> allow_time));?>? -
diff --git a/src/www/widgets/widgets/services_status.widget.php b/src/www/widgets/widgets/services_status.widget.php index 0b9ca2000..8ec2a6e08 100644 --- a/src/www/widgets/widgets/services_status.widget.php +++ b/src/www/widgets/widgets/services_status.widget.php @@ -32,7 +32,6 @@ $nocsrf = true; require_once("guiconfig.inc"); -require_once("captiveportal.inc"); require_once("services.inc"); require_once("vpn.inc"); require_once("widgets/include/services_status.inc");