diff options
| author | Ermal <eri@pfsense.org> | 2013-01-23 16:24:17 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2013-01-23 16:24:17 +0000 |
| commit | 287f7e26199a323f0f4cd08f9e0a94073b7d5112 (patch) | |
| tree | b7673e61252a842ab7a589dea9b0ae53ac85e538 | |
| parent | fa7b825f901c24d6de91ce980a651eddb5f15abb (diff) | |
| download | pfsense-287f7e26199a323f0f4cd08f9e0a94073b7d5112.zip pfsense-287f7e26199a323f0f4cd08f9e0a94073b7d5112.tar.gz | |
Convert all captiveportal code to not use ipfw_set_context since its not needed anymore. Also add code to validate cpzone on webgui pages before being used
| -rw-r--r-- | etc/inc/captiveportal.inc | 31 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 6 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_hostname.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_hostname_edit.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_ip.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 6 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_mac.php | 12 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_mac_edit.php | 5 | ||||
| -rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 2 | ||||
| -rw-r--r-- | usr/local/www/services_captiveportal_vouchers_edit.php | 2 |
10 files changed, 27 insertions, 50 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 7e7a355..e7afdf7 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -185,10 +185,6 @@ function captiveportal_configure() { mwexec("/sbin/sysctl net.link.ether.ipfw=0"); } -function captiveportal_ipfw_set_context($cpzone) { - mwexec("/usr/local/sbin/ipfw_context -s {$cpzone}", true); -} - function captiveportal_configure_zone($cpcfg) { global $config, $g, $cpzone; @@ -445,7 +441,6 @@ function captiveportal_init_rules($reinit = false) { captiveportal_load_modules(); mwexec("/usr/local/sbin/ipfw_context -a {$cpzone}", true); - captiveportal_ipfw_set_context($cpzone); $cpips = array(); $ifaces = get_configured_interface_list(); @@ -563,8 +558,7 @@ EOD; /* load rules */ $cprules = "flush\n{$cprules}"; file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules); - captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true); + mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true); //@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules"); unset($cprules, $tmprules); @@ -697,7 +691,6 @@ function captiveportal_prune_old() { $cpentry[2], // clientip $cpentry[3], // clientmac 10); // NAS Request - captiveportal_ipfw_set_context($cpzone); pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 1, $cpentry[2]); pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ZERO_ENTRY_STATS, 2, $cpentry[2]); RADIUS_ACCOUNTING_START($cpentry[1], // ruleno @@ -803,7 +796,7 @@ function captiveportal_prune_old_automac() { if (!empty($macrules)) { @file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules); unset($macrules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.prunerules.tmp"); + mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry.prunerules.tmp"); } if ($writecfg === true) write_config("Prune session for auto-added macs"); @@ -831,7 +824,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t } if (is_ipaddr($dbent[2])) { - captiveportal_ipfw_set_context($cpzone); /* Delete client's ip entry from tables 1 and 2. */ pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 1, $dbent[2]); pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_DEL, 2, $dbent[2]); @@ -1047,7 +1039,6 @@ function captiveportal_allowedip_configure() { function captiveportal_get_last_activity($ip) { global $cpzone; - captiveportal_ipfw_set_context($cpzone); $ipfwoutput = pfSense_ipfw_getTablestats($cpzone, 1, $ip); /* Reading only from one of the tables is enough of approximation. */ if (is_array($ipfwoutput)) { @@ -1378,8 +1369,7 @@ function captiveportal_get_dn_passthru_ruleno($value) { $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); - captiveportal_ipfw_set_context($cpzone); - $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`); + $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`); if ($rules[$ruleno]) { unlock($cpruleslck); return $ruleno; @@ -1458,8 +1448,7 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { $cpruleslck = lock("captiveportalrules{$cpzone}", LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")); - captiveportal_ipfw_set_context($cpzone); - $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); + $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); if ($rules[$ruleno]) { unlock($cpruleslck); return $ruleno; @@ -1488,7 +1477,6 @@ function getVolume($ip) { // Initialize vars properly, since we don't want NULL vars $volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ; - captiveportal_ipfw_set_context($cpzone); $ipfw = pfSense_ipfw_getTablestats($cpzone, 1, $ip); if (is_array($ipfw)) { $volume['input_pkts'] = $ipfw['packets']; @@ -1735,8 +1723,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $config['captiveportal'][$cpzone]['passthrumac'][] = $mac; $macrules .= captiveportal_passthrumac_configure_entry($mac); file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules); - captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); + mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); $writecfg = true; $sessionid = true; break; @@ -1835,8 +1822,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut unlock($cpdblck); $macrules = captiveportal_passthrumac_configure_entry($mac); file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules); - captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); + mwexec("/sbin/ipfw -x {$cpzone}-q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); $writecfg = true; } else { /* See if a pipeno is passed, if not start sessions because this means there isn't one atm */ @@ -1863,16 +1849,15 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut pfSense_pipe_action("pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100 buckets 16"); $clientsn = (is_ipaddrv6($clientip)) ? 128 : 32; - captiveportal_ipfw_set_context($cpzone); if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, $clientmac, $bw_up_pipeno); else pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 1, $clientip, $clientsn, NULL, $bw_up_pipeno); if (!isset($config['captiveportal'][$cpzone]['nomacfilter'])) - pfSense_ipfw_Tableaction("", IP_FW_TABLE_ADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, $clientmac, $bw_down_pipeno); else - pfSense_ipfw_Tableaction("", IP_FW_TABLE_ADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno); + pfSense_ipfw_Tableaction($cpzone, IP_FW_TABLE_ADD, 2, $clientip, $clientsn, NULL, $bw_down_pipeno); if ($attributes['voucher']) $attributes['session_timeout'] = $remaining_time; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 8a47911..42362d8 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -48,9 +48,9 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { + header("Location: services_captiveportal_zones.php"); + exit; } if (!is_array($config['captiveportal'])) diff --git a/usr/local/www/services_captiveportal_hostname.php b/usr/local/www/services_captiveportal_hostname.php index 679e562..6a09522 100755 --- a/usr/local/www/services_captiveportal_hostname.php +++ b/usr/local/www/services_captiveportal_hostname.php @@ -51,9 +51,9 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { - header("Location: services_captiveportal_zones.php"); - exit; +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { + header("Location: services_captiveportal_zones.php"); + exit; } if (!is_array($config['captiveportal'])) @@ -73,8 +73,6 @@ if ($_GET['act'] == "del" && !empty($cpzone)) { $ipent['ip'] .= "/{$ipent['sn']}"; $ip = gethostbyname($ipent['ip']); if(is_ipaddr($ip)) { - captiveportal_ipfw_set_context($zone); - $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ip); if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}"); diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index 1d3fa50..5be6aa1 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -63,7 +63,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 4aadde5..053d118 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -49,7 +49,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } @@ -72,7 +72,6 @@ if ($_GET['act'] == "del") { $ipent['ip'] .= "/{$ipent['sn']}"; } else $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $ipent['ip']); - captiveportal_ipfw_set_context($cpzone); if (is_array($ipfw)) { captiveportal_free_dn_ruleno($ipfw['dnpipe']); pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}"); diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 0130e35..fa2f1ff 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -64,7 +64,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } @@ -145,7 +145,6 @@ if ($_POST) { write_config(); if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) { - captiveportal_ipfw_set_context($cpzone); if (is_ipaddr($oldip)) { if (!empty($oldmask)) $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask); @@ -162,8 +161,7 @@ if ($_POST) { $rules .= captiveportal_allowedip_configure_entry($ip); $uniqid = uniqid("{$cpzone}_allowed"); @file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); } diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index be4edae..69bd76f 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -48,7 +48,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } @@ -108,11 +108,10 @@ if ($_POST) { $pipeno = captiveportal_get_dn_passthru_ruleno($_POST['delmac']); if ($pipeno) captiveportal_free_dn_ruleno($pipeno); - captiveportal_ipfw_set_context($cpzone); if (!empty($pipeno)) - mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno)); + mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno)); else - mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno); + mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno); } unset($a_passthrumacs[$idx]); write_config(); @@ -133,11 +132,10 @@ if ($_GET['act'] == "del") { $pipeno = captiveportal_get_dn_passthru_ruleno($a_passthrumacs[$_GET['id']]['mac']); if ($pipeno) captiveportal_free_dn_ruleno($pipeno); - captiveportal_ipfw_set_context($cpzone); if (!empty($pipeno)) - mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno)); + mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno . "; /sbin/ipfw -q pipe delete {$pipeno}; /sbin/ipfw -q pipe delete " . (++$pipeno)); else - mwexec("/sbin/ipfw -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno); + mwexec("/sbin/ipfw -x {$cpzone} -q delete {$ruleno}; /sbin/ipfw -q delete " . ++$ruleno); } unset($a_passthrumacs[$_GET['id']]); write_config(); diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index b0e1ebb..d87408e 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -61,7 +61,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } @@ -158,8 +158,7 @@ if ($_POST) { $rules .= captiveportal_passthrumac_configure_entry($mac); $uniqid = uniqid("{$cpzone}_macedit"); file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - captiveportal_ipfw_set_context($cpzone); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); } diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 15624b0..8139017 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -40,7 +40,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } diff --git a/usr/local/www/services_captiveportal_vouchers_edit.php b/usr/local/www/services_captiveportal_vouchers_edit.php index a0ca08b..851d57c 100644 --- a/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/usr/local/www/services_captiveportal_vouchers_edit.php @@ -49,7 +49,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; -if (empty($cpzone)) { +if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); exit; } |
