summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-01-23 16:24:17 +0000
committerErmal <eri@pfsense.org>2013-01-23 16:24:17 +0000
commit287f7e26199a323f0f4cd08f9e0a94073b7d5112 (patch)
treeb7673e61252a842ab7a589dea9b0ae53ac85e538
parentfa7b825f901c24d6de91ce980a651eddb5f15abb (diff)
downloadpfsense-287f7e26199a323f0f4cd08f9e0a94073b7d5112.zip
pfsense-287f7e26199a323f0f4cd08f9e0a94073b7d5112.tar.gz
Convert all captiveportal code to not use ipfw_set_context since its not needed anymore. Also add code to validate cpzone on webgui pages before being used
-rw-r--r--etc/inc/captiveportal.inc31
-rwxr-xr-xusr/local/www/services_captiveportal.php6
-rwxr-xr-xusr/local/www/services_captiveportal_hostname.php8
-rwxr-xr-xusr/local/www/services_captiveportal_hostname_edit.php2
-rwxr-xr-xusr/local/www/services_captiveportal_ip.php3
-rwxr-xr-xusr/local/www/services_captiveportal_ip_edit.php6
-rwxr-xr-xusr/local/www/services_captiveportal_mac.php12
-rwxr-xr-xusr/local/www/services_captiveportal_mac_edit.php5
-rw-r--r--usr/local/www/services_captiveportal_vouchers.php2
-rw-r--r--usr/local/www/services_captiveportal_vouchers_edit.php2
10 files changed, 27 insertions, 50 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 7e7a355..e7afdf7 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -185,10 +185,6 @@ function captiveportal_configure() {
mwexec("/sbin/sysctl net.link.ether.ipfw=0");
}
-function captiveportal_ipfw_set_context($cpzone) {
- mwexec("/usr/local/sbin/ipfw_context -s {$cpzone}", true);
-}
-
function captiveportal_configure_zone($cpcfg) {
global $config, $g, $cpzone;
@@ -445,7 +441,6 @@ function captiveportal_init_rules($reinit = false) {
captiveportal_load_modules();
mwexec("/usr/local/sbin/ipfw_context -a {$cpzone}", true);
- captiveportal_ipfw_set_context($cpzone);
$cpips = array();
$ifaces = get_configured_interface_list();
@@ -563,8 +558,7 @@ EOD;
/* load rules */
$cprules = "flush\n{$cprules}";
file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules);
- captiveportal_ipfw_set_context($cpzone);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true);
+ mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true);
//@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules");
unset($cprules, $tmprules);
@@ -697,7 +691,6 @@ function captiveportal_prune_old() {
$cpentry[2], // clientip
$cpentry[3], // clientmac
10); // NAS Request
- captiveportal_ipfw_set_context($cpzone);
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 1, $cpentry[2]);
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 2, $cpentry[2]);
RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
@@ -803,7 +796,7 @@ function captiveportal_prune_old_automac() {
if (!empty($macrules)) {
@file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules);
unset($macrules);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.prunerules.tmp");
+ mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry.prunerules.tmp");
}
if ($writecfg === true)
write_config("Prune session for auto-added macs");
@@ -831,7 +824,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
}
if (is_ipaddr($dbent[2])) {
- captiveportal_ipfw_set_context($cpzone);
/* Delete client's ip entry from tables 1 and 2. */
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 1, $dbent[2]);
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 2, $dbent[2]);
@@ -1047,7 +1039,6 @@ function captiveportal_allowedip_configure() {
function captiveportal_get_last_activity($ip) {
global $cpzone;
- captiveportal_ipfw_set_context($cpzone);
$ipfwoutput = pfSense_ipfw_getTablestats($cpzone, 1, $ip);
/* Reading only from one of the tables is enough of approximation. */
if (is_array($ipfwoutput)) {
@@ -1378,8 +1369,7 @@ function captiveportal_get_dn_passthru_ruleno($value) {
$cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
- captiveportal_ipfw_set_context($cpzone);
- $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`);
+ $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`);
if ($rules[$ruleno]) {
unlock($cpruleslck);
return $ruleno;
@@ -1458,8 +1448,7 @@ function captiveportal_get_ipfw_passthru_ruleno($value) {
$cpruleslck = lock("captiveportalrules{$cpzone}", LOCK_EX);
if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) {
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules"));
- captiveportal_ipfw_set_context($cpzone);
- $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`);
+ $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`);
if ($rules[$ruleno]) {
unlock($cpruleslck);
return $ruleno;
@@ -1488,7 +1477,6 @@ function getVolume($ip) {
// Initialize vars properly, since we don't want NULL vars
$volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ;
- captiveportal_ipfw_set_context($cpzone);
$ipfw = pfSense_ipfw_getTablestats($cpzone, 1, $ip);
if (is_array($ipfw)) {
$volume['input_pkts'] = $ipfw['packets'];
@@ -1735,8 +1723,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$config['captiveportal'][$cpzone]['passthrumac'][] = $mac;
$macrules .= captiveportal_passthrumac_configure_entry($mac);
file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules);
- captiveportal_ipfw_set_context($cpzone);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
+ mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
$writecfg = true;
$sessionid = true;
break;
@@ -1835,8 +1822,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
unlock($cpdblck);
$macrules = captiveportal_passthrumac_configure_entry($mac);
file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules);
- captiveportal_ipfw_set_context($cpzone);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
+ mwexec("/sbin/ipfw -x {$cpzone}-q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp");
$writecfg = true;
} else {
/* See if a pipeno is passed, if not start sessions because this means there isn't one atm */
@@ -1863,16 +1849,15 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
pfSense_pipe_action("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16");
$clientsn = (is_ipaddrv6($clientip)) ? 128 : 32;
- captiveportal_ipfw_set_context($cpzone);
if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, $clientmac, $bw_up_pipeno);
else
pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, NULL, $bw_up_pipeno);
if (!isset($config['captiveportal'][$cpzone]['nomacfilter']))
- pfSense_ipfw_Tableaction("", IP_FW_TABLE_ADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno);
+ pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno);
else
- pfSense_ipfw_Tableaction("", IP_FW_TABLE_ADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno);
+ pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno);
if ($attributes['voucher'])
$attributes['session_timeout'] = $remaining_time;
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 8a47911..42362d8 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -48,9 +48,9 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
- header("Location: services_captiveportal_zones.php");
- exit;
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
+ header("Location: services_captiveportal_zones.php");
+ exit;
}
if (!is_array($config['captiveportal']))
diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php
index 679e562..6a09522 100755
--- a/usr/local/www/services_captiveportal_hostname.php
+++ b/usr/local/www/services_captiveportal_hostname.php
@@ -51,9 +51,9 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
- header("Location: services_captiveportal_zones.php");
- exit;
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
+ header("Location: services_captiveportal_zones.php");
+ exit;
}
if (!is_array($config['captiveportal']))
@@ -73,8 +73,6 @@ if ($_GET['act'] == "del" && !empty($cpzone)) {
$ipent['ip'] .= "/{$ipent['sn']}";
$ip = gethostbyname($ipent['ip']);
if(is_ipaddr($ip)) {
- captiveportal_ipfw_set_context($zone);
- $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ip);
if (is_array($ipfw)) {
captiveportal_free_dn_ruleno($ipfw['dnpipe']);
pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}");
diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php
index 1d3fa50..5be6aa1 100755
--- a/usr/local/www/services_captiveportal_hostname_edit.php
+++ b/usr/local/www/services_captiveportal_hostname_edit.php
@@ -63,7 +63,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index 4aadde5..053d118 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -49,7 +49,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
@@ -72,7 +72,6 @@ if ($_GET['act'] == "del") {
$ipent['ip'] .= "/{$ipent['sn']}";
} else
$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip']);
- captiveportal_ipfw_set_context($cpzone);
if (is_array($ipfw)) {
captiveportal_free_dn_ruleno($ipfw['dnpipe']);
pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}");
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index 0130e35..fa2f1ff 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -64,7 +64,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
@@ -145,7 +145,6 @@ if ($_POST) {
write_config();
if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) {
- captiveportal_ipfw_set_context($cpzone);
if (is_ipaddr($oldip)) {
if (!empty($oldmask))
$ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask);
@@ -162,8 +161,7 @@ if ($_POST) {
$rules .= captiveportal_allowedip_configure_entry($ip);
$uniqid = uniqid("{$cpzone}_allowed");
@file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
- captiveportal_ipfw_set_context($cpzone);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
+ mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp");
@unlink("{$g['tmp_path']}/{$uniqid}_tmp");
}
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index be4edae..69bd76f 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -48,7 +48,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
@@ -108,11 +108,10 @@ if ($_POST) {
$pipeno = captiveportal_get_dn_passthru_ruleno($_POST['delmac']);
if ($pipeno)
captiveportal_free_dn_ruleno($pipeno);
- captiveportal_ipfw_set_context($cpzone);
if (!empty($pipeno))
- mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno));
+ mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno));
else
- mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno);
+ mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno);
}
unset($a_passthrumacs[$idx]);
write_config();
@@ -133,11 +132,10 @@ if ($_GET['act'] == "del") {
$pipeno = captiveportal_get_dn_passthru_ruleno($a_passthrumacs[$_GET['id']]['mac']);
if ($pipeno)
captiveportal_free_dn_ruleno($pipeno);
- captiveportal_ipfw_set_context($cpzone);
if (!empty($pipeno))
- mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno));
+ mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno));
else
- mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno);
+ mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno);
}
unset($a_passthrumacs[$_GET['id']]);
write_config();
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index b0e1ebb..d87408e 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -61,7 +61,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
@@ -158,8 +158,7 @@ if ($_POST) {
$rules .= captiveportal_passthrumac_configure_entry($mac);
$uniqid = uniqid("{$cpzone}_macedit");
file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules);
- captiveportal_ipfw_set_context($cpzone);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp");
+ mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp");
@unlink("{$g['tmp_path']}/{$uniqid}_tmp");
}
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index 15624b0..8139017 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -40,7 +40,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php
index a0ca08b..851d57c 100644
--- a/usr/local/www/services_captiveportal_vouchers_edit.php
+++ b/usr/local/www/services_captiveportal_vouchers_edit.php
@@ -49,7 +49,7 @@ $cpzone = $_GET['zone'];
if (isset($_POST['zone']))
$cpzone = $_POST['zone'];
-if (empty($cpzone)) {
+if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) {
header("Location: services_captiveportal_zones.php");
exit;
}
OpenPOWER on IntegriCloud