summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgnhb <gnoahb@gmail.com>2010-05-29 10:51:00 +0700
committergnhb <gnoahb@gmail.com>2010-05-29 10:51:00 +0700
commitfda6084959b0cbd010e97330daeccf63b3533902 (patch)
treea9e0115124c32cc9ab5413e40be7156dfb5a1d69
parent3a13f094d51e40b299c461833c2d3691947b77e3 (diff)
parent12fa7ea105a69183ba5b97c3ff7de62f97f30dc0 (diff)
downloadpfsense-fda6084959b0cbd010e97330daeccf63b3533902.zip
pfsense-fda6084959b0cbd010e97330daeccf63b3533902.tar.gz
Merge branch 'master' of rcs.pfsense.org:pfsense/mainline
-rw-r--r--etc/inc/captiveportal.inc58
-rw-r--r--etc/inc/vpn.inc9
-rwxr-xr-xetc/rc5
-rwxr-xr-xusr/local/captiveportal/index.php78
-rwxr-xr-xusr/local/www/diag_dhcp_leases.php6
-rwxr-xr-xusr/local/www/services_captiveportal.php31
-rwxr-xr-xusr/local/www/services_captiveportal_filemanager.php1
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php1
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php12
-rw-r--r--usr/local/www/services_captiveportal_vouchers.php1
-rw-r--r--usr/local/www/system_usermanager.php8
-rw-r--r--usr/local/www/vpn_ipsec_keys.php25
-rw-r--r--usr/local/www/vpn_ipsec_keys_edit.php11
13 files changed, 194 insertions, 52 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 48f9dba..885040b 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -155,7 +155,7 @@ function captiveportal_configure() {
<body>
<center>
<h2>{$g['product_name']} captive portal</h2>
-Welcome to the {$g['product_name']} Captive Portal! This is the default page since a custom page has not been defined.
+Welcome to the {$g['product_name']} Captive Portal!
<p>
<form method="post" action="\$PORTAL_ACTION\$">
<input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$">
@@ -230,6 +230,50 @@ EOD;
fclose($fd);
}
+ /* write error page */
+ if ($config['captiveportal']['page']['logouttext'])
+ $logouttext = base64_decode($config['captiveportal']['page']['logouttext']);
+ else {
+ /* example page */
+ $logouttext = <<<EOD
+<HTML>
+<HEAD><TITLE>Redirecting...</TITLE></HEAD>
+<BODY>
+<SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
+<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B>
+</SPAN>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
+if (LogoutWin) {
+ LogoutWin.document.write('<HTML>');
+ LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
+ LogoutWin.document.write('<BODY BGCOLOR="#435370">');
+ LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
+ LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
+ LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
+ LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
+ LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
+ LogoutWin.document.write('</FORM>');
+ LogoutWin.document.write('</DIV></BODY>');
+ LogoutWin.document.write('</HTML>');
+ LogoutWin.document.close();
+}
+
+document.location.href="{$my_redirurl}";
+-->
+</SCRIPT>
+</BODY>
+</HTML>
+
+EOD;
+ }
+
+ $fd = @fopen("{$g['varetc_path']}/captiveportal-logout.html", "w");
+ if ($fd) {
+ fwrite($fd, $logouttext);
+ fclose($fd);
+ }
/* write elements */
captiveportal_write_elements();
@@ -785,6 +829,18 @@ function captiveportal_passthrumac_configure($lock = false) {
return $rules;
}
+function captiveportal_passthrumac_findbyname($username) {
+ global $config;
+
+ if (is_array($config['captiveportal']['passthrumac'])) {
+ foreach ($config['captiveportal']['passthrumac'] as $macent) {
+ if ($macent['username'] == $username)
+ return $macent;
+ }
+ }
+ return NULL;
+}
+
/*
* table (3=IN)/(4=OUT) hold allowed ip's without bw limits
* table (5=IN)/(6=OUT) hold allowed ip's with bw limit.
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index c874a83..f38a0ff 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -291,10 +291,17 @@ function vpn_ipsec_configure($ipchg = false)
}
}
+ /* Add user PSKs */
+ foreach ($config['system']['user'] as $user) {
+ if (!empty($user['ipsecpsk'])) {
+ $pskconf .= "{$user['name']}\t{$user['ipsecpsk']}\n";
+ }
+ }
+
/* add PSKs for mobile clients */
if (is_array($ipseccfg['mobilekey'])) {
foreach ($ipseccfg['mobilekey'] as $key) {
- $pskconf .= "{$key['ident']} {$key['pre-shared-key']}\n";
+ $pskconf .= "{$key['ident']}\t{$key['pre-shared-key']}\n";
}
}
diff --git a/etc/rc b/etc/rc
index fa18488..57a5902 100755
--- a/etc/rc
+++ b/etc/rc
@@ -171,6 +171,7 @@ if [ ! -h /tmp/tmp ]; then
fi
# Make sure our /tmp is 777 + Sticky
+rm -rf /tmp/*
chmod 1777 /tmp
if [ ! "$PLATFORM" = "cdrom" ] ; then
@@ -202,10 +203,6 @@ if [ ! -d /cf/conf/backup/ ]; then
mkdir -p /cf/conf/backup/
fi
-if [ ! -f /var/db/ez-ipupdate.cache ]; then
- touch /var/db/ez-ipupdate.cache
-fi
-
# OpenVPN storage
if [ ! -d /var/etc/openvpn ]; then
mkdir -p /var/etc/openvpn
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 03bd01a..5990ec1 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -43,7 +43,7 @@ header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$orig_host = $_ENV['HTTP_HOST'];
-$orig_request = $_GET['redirurl'];
+$orig_request = $_REQUEST['redirurl'];
$clientip = $_SERVER['REMOTE_ADDR'];
if (!$clientip) {
@@ -170,7 +170,7 @@ exit;
}
} else {
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
- portal_reply_page($redirurl, "error");
+ portal_reply_page($redirurl, "error", "Invalid username/password specified.");
}
} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
@@ -194,11 +194,11 @@ exit;
exit;
-function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null) {
+function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) {
global $g, $config;
/* Get captive portal layout */
- if ($type = "redir") {
+ if ($type == "redir") {
header("Location: {$redirurl}");
return;
} else if ($type == "login")
@@ -232,6 +232,8 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
$htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext);
$htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext);
$htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext);
+ $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext);
+ $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext);
echo $htmltext;
}
@@ -254,7 +256,7 @@ function portal_mac_radius($clientmac,$clientip) {
function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) {
- global $redirurl, $g, $config, $type, $passthrumac;
+ global $redirurl, $g, $config, $type, $passthrumac, $_POST;
/* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */
$captiveshouldunlock = false;
@@ -285,8 +287,37 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
if ($attributes['voucher'])
$remaining_time = $attributes['session_timeout'];
+ $writecfg = false;
/* Find an existing session */
- for ($i = 0; $i < count($cpdb); $i++) {
+ if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
+ if (isset($config['captiveportal']['passthrumacadd'])) {
+ $mac = captiveportal_passthrumac_findbyname($username);
+ if (!empty($mac)) {
+ if ($_POST['replacemacpassthru']) {
+ foreach ($a_passthrumacs as $idx => $macent) {
+ if ($macent['mac'] == $mac['mac']) {
+ unset($config['captiveportal']['passthrumac'][$idx]);
+ $mac['mac'] = $clientmac;
+ $config['captiveportal']['passthrumac'][] = $mac;
+ $macrules = captiveportal_passthrumac_configure_entry($mac);
+ file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
+ mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
+ $writecfg = true;
+ $sessionid = true;
+ break;
+ }
+ }
+ } else {
+ portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.",
+ $clientmac, $clientip, $username, $password);
+ exit;
+ }
+ }
+ }
+ }
+
+ $nousers = count($cpdb);
+ for ($i = 0; $i < $nousers; $i++) {
/* on the same ip */
if($cpdb[$i][2] == $clientip) {
captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION");
@@ -323,7 +354,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
return 0; // voucher already used and no time left
}
- $writecfg = false;
if (!isset($sessionid)) {
/* generate unique session ID */
@@ -342,6 +372,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
if ($passthrumac) {
$mac = array();
$mac['mac'] = $clientmac;
+ if (isset($config['captiveportal']['passthrumacaddusername']))
+ $mac['username'] = $username;
$mac['descr'] = "Auto added pass-through MAC for user {$username}";
if (!empty($bw_up))
$mac['bw_up'] = $bw_up;
@@ -435,38 +467,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$logouturl = "http://{$ourhostname}/";
}
- echo <<<EOD
-<HTML>
-<HEAD><TITLE>Redirecting...</TITLE></HEAD>
-<BODY>
-<SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
-<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B>
-</SPAN>
-<SCRIPT LANGUAGE="JavaScript">
-<!--
-LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
-if (LogoutWin) {
- LogoutWin.document.write('<HTML>');
- LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
- LogoutWin.document.write('<BODY BGCOLOR="#435370">');
- LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
- LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
- LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
- LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
- LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
- LogoutWin.document.write('</FORM>');
- LogoutWin.document.write('</DIV></BODY>');
- LogoutWin.document.write('</HTML>');
- LogoutWin.document.close();
-}
-
-document.location.href="{$my_redirurl}";
--->
-</SCRIPT>
-</BODY>
-</HTML>
+ include("{$g['varetc_path']}/captiveportal-logout.html");
-EOD;
} else {
if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) {
header ('HTTP/1.1 301 Moved Permanently');
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 58e8351..e8e9409 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -354,7 +354,7 @@ foreach ($leases as $data) {
echo "<tr>\n";
echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane}&nbsp;</td>\n";
if ($data['online'] != "online") {
- echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on Lan packet to mac\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
+ echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"send Wake on LAN packet to this MAC address\">{$data['mac']}</a>{$fspane}&nbsp;</td>\n";
} else {
echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane}&nbsp;</td>\n";
}
@@ -378,12 +378,12 @@ foreach ($leases as $data) {
}
echo "<td valign=\"middle\"><a href=\"services_wol_edit.php?if={$data['if']}&mac={$data['mac']}&descr={$data['hostname']}\">";
- echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"add a Wake on Lan mapping for this MAC address\"></a></td>\n";
+ echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_wol_all.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"add a Wake on LAN mapping for this MAC address\"></a></td>\n";
/* Only show the button for offline dynamic leases */
if (($data['type'] == "dynamic") && ($data['online'] != "online")) {
echo "<td class=\"list\" valign=\"middle\"><a href=\"diag_dhcp_leases.php?deleteip={$data['ip']}&all={$_GET['all']}\">";
- echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete this dhcp lease\"></a></td>\n";
+ echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"delete this DHCP lease\"></a></td>\n";
}
echo "</tr>\n";
}
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 6b024d3..331708a 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -57,6 +57,9 @@ if ($_GET['act'] == "viewhtml") {
} else if ($_GET['act'] == "viewerrhtml") {
echo base64_decode($config['captiveportal']['page']['errtext']);
exit;
+} else if ($_GET['act'] == "viewlogouthtml") {
+ echo base64_decode($config['captiveportal']['page']['logouttext']);
+ exit;
}
$pconfig['cinterface'] = $config['captiveportal']['interface'];
@@ -93,6 +96,7 @@ $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
$pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']);
+$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']);
$pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
if ($_POST) {
@@ -194,6 +198,7 @@ if ($_POST) {
$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
$config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false;
+ $config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
/* file upload? */
@@ -201,6 +206,8 @@ if ($_POST) {
$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
if (is_uploaded_file($_FILES['errfile']['tmp_name']))
$config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
+ if (is_uploaded_file($_FILES['logoutfile']['tmp_name']))
+ $config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name']));
write_config();
@@ -255,6 +262,7 @@ function enable_change(enable_change) {
document.iform.radiussession_timeout.disabled = radius_endis;
document.iform.htmlfile.disabled = endis;
document.iform.errfile.disabled = endis;
+ document.iform.logoutfile.disabled = endis;
document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;
@@ -280,6 +288,7 @@ function enable_change(enable_change) {
$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
display_top_tabs($tab_array);
?> </td></tr>
<tr>
@@ -370,7 +379,13 @@ to access after they've authenticated.</td>
<strong>Enable Pass-through MAC automatic additions</strong><br>
If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again.
To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
- If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td>
+ If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.
+ <br/><br/>
+ <input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>>
+ <strong>Enable Pass-through MAC automatic addition with username</strong><br>
+ If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved.
+ To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it.
+ </td>
</tr>
<tr>
<td valign="top" class="vncell">Per-user bandwidth restriction</td>
@@ -636,6 +651,20 @@ The contents of the HTML/PHP file that you upload here are displayed when an aut
You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Logout<br>
+ page<br>
+ contents</td>
+ <td class="vtable">
+ <input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br>
+ <?php if ($config['captiveportal']['page']['logouttext']): ?>
+ <a href="?act=viewlogouthtml" target="_blank">View current page</a>
+ <br>
+ <br>
+ <?php endif; ?>
+The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs.
+You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
+ </tr>
+ <tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 328f293..2c8d815 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -137,6 +137,7 @@ include("head.inc");
$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
$tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
display_top_tabs($tab_array);
?> </td></tr>
<tr>
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 4bf2cf9..61e05e5 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -85,6 +85,7 @@ include("head.inc");
$tab_array[] = array("Allowed IP addresses", true, "services_captiveportal_ip.php");
$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
display_top_tabs($tab_array);
?>
</td></tr>
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 7c40b85..3e459f4 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -64,8 +64,15 @@ if ($_POST) {
clear_subsystem_dirty('passthrumac');
}
- if ($_POST['delmac'] && $_POST['postafterlogin']) {
- if (is_array($a_passthrumacs)) {
+ if ($_POST['postafterlogin']) {
+ if (!is_array($a_passthrumacs))
+ exit;
+ if ($_POST['username']) {
+ $mac = captiveportal_passthrumac_findbyname($_POST['username']);
+ if (!empty($mac))
+ $_POST['delmac'] = $mac['mac'];
+ }
+ if ($_POST['delmac']) {
$found = false;
foreach ($a_passthrumacs as $idx => $macent) {
if ($macent['mac'] == $_POST['delmac']) {
@@ -118,6 +125,7 @@ include("head.inc");
$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
$tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php");
$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
display_top_tabs($tab_array);
?>
</td></tr>
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index c43de08..de305b7 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -244,6 +244,7 @@ function enable_change(enable_change) {
$tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
$tab_array[] = array("Vouchers", true, "services_captiveportal_vouchers.php");
$tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+ $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php");
display_top_tabs($tab_array);
?>
</ul>
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 1224f6a..c3da004 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -158,6 +158,7 @@ if (isAllowedPage("system_usermanager")) {
$pconfig['uid'] = $a_user[$id]['uid'];
$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
$pconfig['priv'] = $a_user[$id]['priv'];
+ $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
$pconfig['disabled'] = isset($a_user[$id]['disabled']);
}
}
@@ -270,6 +271,7 @@ if (isAllowedPage("system_usermanager")) {
$userent['fullname'] = $_POST['fullname'];
$userent['expires'] = $_POST['expires'];
$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
+ $userent['ipsecpsk'] = $_POST['ipsecpsk'];
if($_POST['disabled'])
$userent['disabled'] = true;
@@ -728,6 +730,12 @@ function sshkeyClicked(obj) {
<?=gettext("Paste an authorized keys file here.");?>
</td>
</tr>
+ <tr id="ipsecpskrow" name="ipsecpskrow">
+ <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td>
+ <td width="78%" class="vtable">
+ <input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>">
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php
index 59bb57c..2a232f3 100644
--- a/usr/local/www/vpn_ipsec_keys.php
+++ b/usr/local/www/vpn_ipsec_keys.php
@@ -46,6 +46,18 @@ if (!is_array($config['ipsec']['mobilekey'])) {
ipsec_mobilekey_sort();
$a_secret = &$config['ipsec']['mobilekey'];
+$userkeys = array();
+foreach ($config['system']['user'] as $id => $user) {
+ if (isset($user['ipsecpsk'])) {
+ $k = array();
+ $k["ident"] = $user['name'];
+ $k["pre-shared-key"] = $user['ipsecpsk'];
+ $k["id"] = $id;
+ $userkeys[] = $k;
+ }
+}
+
+
if ($_GET['act'] == "del") {
if ($a_secret[$_GET['id']]) {
unset($a_secret[$_GET['id']]);
@@ -98,6 +110,19 @@ if (is_subsystem_dirty('ipsec'))
</table>
</td>
</tr>
+ <?php $i = 0; foreach ($userkeys as $secretent): ?>
+ <tr>
+ <td class="listlr gray">
+ <?=htmlspecialchars($secretent['ident']);?>
+ </td>
+ <td class="listr gray">
+ <?=htmlspecialchars($secretent['pre-shared-key']);?>
+ </td>
+ <td class="list" nowrap><a href="system_usermanager.php?act=edit&id=<?=$secretent['id'];?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit key" width="17" height="17" border="0"></a>
+ &nbsp;</td>
+ </tr>
+ <?php $i++; endforeach; ?>
+
<?php $i = 0; foreach ($a_secret as $secretent): ?>
<tr>
<td class="listlr">
diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php
index 6e0db5b..20ac6c0 100644
--- a/usr/local/www/vpn_ipsec_keys_edit.php
+++ b/usr/local/www/vpn_ipsec_keys_edit.php
@@ -56,6 +56,10 @@ if (isset($id) && $a_secret[$id]) {
}
if ($_POST) {
+ $userids = array();
+ foreach ($config['system']['user'] as $id => $user) {
+ $userids[$user['name']] = $id;
+ }
unset($input_errors);
$pconfig = $_POST;
@@ -68,6 +72,9 @@ if ($_POST) {
if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident']))
$input_errors[] = "The identifier contains invalid characters.";
+
+ if (array_key_exists($_POST['ident'], $userids))
+ $input_errors[] = "A user with this name already exists. Add the key to the user instead.";
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
/* make sure there are no dupes */
@@ -117,7 +124,7 @@ include("head.inc");
<tr>
<td valign="top" class="vncellreq">Identifier</td>
<td class="vtable">
- <?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>">
+ <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=$pconfig['ident'];?>">
<br>
This can be either an IP address, fully qualified domain name or an e-mail address.
</td>
@@ -125,7 +132,7 @@ This can be either an IP address, fully qualified domain name or an e-mail addre
<tr>
<td width="22%" valign="top" class="vncellreq">Pre-shared key</td>
<td width="78%" class="vtable">
- <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
+ <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>">
</td>
</tr>
<tr>
OpenPOWER on IntegriCloud