Modify captive portal to use centralized user management. The user manager has

been modified to include an account expiration option to support this service.

5 files changed, 111 insertions, 6 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index ab04846..f45dbae 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -113,9 +113,21 @@ function local_backed($username, $passwd) {
 	if (!$user)

 		return false;

 

-	$passwd = crypt($passwd, $user['password']);

+	if ($user['password'])

+	{

+		$passwd = crypt($passwd, $user['password']);

+		if ($passwd == $user['password'])

+			return true;

+	}

+

+	if ($user['md5-hash'])

+	{

+		$passwd = md5($passwd);

+		if ($passwd == $user['md5-hash'])

+			return true;

+	}

 

-	return ($passwd == $user['password']);

+	return false;

 }

 

 function local_sync_accounts() {

@@ -366,7 +378,7 @@ function local_group_set($group, $reset = false) {
 

 	if($debug)

 		log_error("Running: {$cmd}");

-	$fd = popen($cmd, "w");
+	$fd = popen($cmd, "w");

 	fwrite($fd, $user['password']);

 	pclose($fd);

 

@@ -882,4 +894,4 @@ function session_auth($backing) {
 	return true;

 }

 

-?>
+?>

diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 7c8597e..026b90f 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -2217,6 +2217,32 @@ endif;
 		$config['version'] = "5.6";
 	}
 
+	/* Convert 5.6 -> 5.7 */
+	if ($config['version'] <= 5.6) {
+
+		/* migrate captivate portal to user manager */
+		if (is_array($config['captiveportal']['user'])) {
+			foreach($config['captiveportal']['user'] as $user) {
+				// avoid user conflicts
+				if ($config['system']['user'][$user['name']])
+					continue;
+				$user['scope'] = "user";
+				if (isset($user['expirationdate'])) {
+					$user['expires'] = $user['expirationdate'];
+					unset($user['expirationdate']);
+				}
+				if (isset($user['password'])) {
+					$user['md5-hash'] = $user['password'];
+					unset($user['password']);
+				}
+				$config['system']['user'][] = $user;
+			}
+			unset($config['captiveportal']['user']);
+		}
+
+		$config['version'] = "5.7";
+	}
+
 	$now = date("H:i:s");
 	log_error("Ended Configuration upgrade at $now");
 
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 66632d9..c8ae12d 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -58,7 +58,7 @@ $g = array(
         "product_website_footer" => "http://www.pfsense.org/?gui20",
 	"product_email" => "coreteam@pfsense.org",
 	"debug" => false,
-	"latest_config" => "5.6",
+	"latest_config" => "5.7",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "115",
 	"minimum_ram_warning_text" => "128 megabytes",
diff --git a/etc/rc b/etc/rc
index bfdda55..ef9250e 100755
--- a/etc/rc
+++ b/etc/rc
@@ -294,9 +294,12 @@ rm -f /tmp/filter_dirty
 rm -f /tmp/rc.linkup
 nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status 2>/dev/null &
 
-# Start ping handler for every 240 seconds
+# Start ping handler every 240 seconds
 minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
 
+# Start account expire handler every hour
+minicron 3600 /var/run/expire_accounts.pid /etc/inc/rc.exipireaccounts
+
 chmod a+rw /tmp/.
 
 echo "Bootup complete"
diff --git a/etc/rc.exipireaccounts b/etc/rc.exipireaccounts
new file mode 100755
index 0000000..7a37e91
--- /dev/null
+++ b/etc/rc.exipireaccounts
@@ -0,0 +1,64 @@
+#!/usr/local/bin/php -f
+<?php
+/* $Id$ */
+/*
+	rc.exireaccounts
+	part of pfSense
+	
+	Copyright (C) 2009 Shrew Soft Inc.
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+	require_once("auth.inc");
+
+	$removed = 0;
+	if (!is_array($config['system']['user']))
+		return;
+
+	$count = count($config['system']['user']);
+	$index = 0;
+	for(; $index < $count; $index++) {
+		$user = $config['system']['user'][$index];
+		if($user['scope'] == "system")
+			continue;
+		echo "1\n";
+		echo "User {$user['name']} expires {$user['expires']}\n";
+		if(!$user['expires'])
+			continue;
+		echo "1\n";
+		if(strtotime("-1 day") > strtotime($user['expires'])) {
+			echo "removing user {$user['name']} at index #{$index}\n";
+			unset($config['system']['user'][$index]);
+			$removed++;
+			$count--;
+			$index--;
+		}
+	}
+
+	if($removed > 0)
+		write_config("Expired {$removed} user accounts");
+
+	print_r($config);
+
+?>