diff options
author | mgrooms <mgrooms@shrew.net> | 2009-03-15 00:31:55 +0000 |
---|---|---|
committer | mgrooms <mgrooms@shrew.net> | 2009-03-15 00:39:19 +0000 |
commit | 0092b3bd47bdfa8b3bc24e140235e4693918ee46 (patch) | |
tree | 1618c52053505a6eb015e0a683fa5e95b2e1ecfc /etc | |
parent | d1d1e96136b30e0069474d8c204feca6c9e25985 (diff) | |
download | pfsense-0092b3bd47bdfa8b3bc24e140235e4693918ee46.zip pfsense-0092b3bd47bdfa8b3bc24e140235e4693918ee46.tar.gz |
Modify captive portal to use centralized user management. The user manager has
been modified to include an account expiration option to support this service.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 20 | ||||
-rw-r--r-- | etc/inc/config.inc | 26 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rwxr-xr-x | etc/rc | 5 | ||||
-rwxr-xr-x | etc/rc.exipireaccounts | 64 |
5 files changed, 111 insertions, 6 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index ab04846..f45dbae 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -113,9 +113,21 @@ function local_backed($username, $passwd) { if (!$user)
return false;
- $passwd = crypt($passwd, $user['password']);
+ if ($user['password'])
+ {
+ $passwd = crypt($passwd, $user['password']);
+ if ($passwd == $user['password'])
+ return true;
+ }
+
+ if ($user['md5-hash'])
+ {
+ $passwd = md5($passwd);
+ if ($passwd == $user['md5-hash'])
+ return true;
+ }
- return ($passwd == $user['password']);
+ return false;
}
function local_sync_accounts() {
@@ -366,7 +378,7 @@ function local_group_set($group, $reset = false) { if($debug)
log_error("Running: {$cmd}");
- $fd = popen($cmd, "w"); + $fd = popen($cmd, "w");
fwrite($fd, $user['password']);
pclose($fd);
@@ -882,4 +894,4 @@ function session_auth($backing) { return true;
}
-?> +?>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 7c8597e..026b90f 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -2217,6 +2217,32 @@ endif; $config['version'] = "5.6"; } + /* Convert 5.6 -> 5.7 */ + if ($config['version'] <= 5.6) { + + /* migrate captivate portal to user manager */ + if (is_array($config['captiveportal']['user'])) { + foreach($config['captiveportal']['user'] as $user) { + // avoid user conflicts + if ($config['system']['user'][$user['name']]) + continue; + $user['scope'] = "user"; + if (isset($user['expirationdate'])) { + $user['expires'] = $user['expirationdate']; + unset($user['expirationdate']); + } + if (isset($user['password'])) { + $user['md5-hash'] = $user['password']; + unset($user['password']); + } + $config['system']['user'][] = $user; + } + unset($config['captiveportal']['user']); + } + + $config['version'] = "5.7"; + } + $now = date("H:i:s"); log_error("Ended Configuration upgrade at $now"); diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 66632d9..c8ae12d 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -58,7 +58,7 @@ $g = array( "product_website_footer" => "http://www.pfsense.org/?gui20", "product_email" => "coreteam@pfsense.org", "debug" => false, - "latest_config" => "5.6", + "latest_config" => "5.7", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "115", "minimum_ram_warning_text" => "128 megabytes", @@ -294,9 +294,12 @@ rm -f /tmp/filter_dirty rm -f /tmp/rc.linkup nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status 2>/dev/null & -# Start ping handler for every 240 seconds +# Start ping handler every 240 seconds minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh +# Start account expire handler every hour +minicron 3600 /var/run/expire_accounts.pid /etc/inc/rc.exipireaccounts + chmod a+rw /tmp/. echo "Bootup complete" diff --git a/etc/rc.exipireaccounts b/etc/rc.exipireaccounts new file mode 100755 index 0000000..7a37e91 --- /dev/null +++ b/etc/rc.exipireaccounts @@ -0,0 +1,64 @@ +#!/usr/local/bin/php -f +<?php +/* $Id$ */ +/* + rc.exireaccounts + part of pfSense + + Copyright (C) 2009 Shrew Soft Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + + require_once("auth.inc"); + + $removed = 0; + if (!is_array($config['system']['user'])) + return; + + $count = count($config['system']['user']); + $index = 0; + for(; $index < $count; $index++) { + $user = $config['system']['user'][$index]; + if($user['scope'] == "system") + continue; + echo "1\n"; + echo "User {$user['name']} expires {$user['expires']}\n"; + if(!$user['expires']) + continue; + echo "1\n"; + if(strtotime("-1 day") > strtotime($user['expires'])) { + echo "removing user {$user['name']} at index #{$index}\n"; + unset($config['system']['user'][$index]); + $removed++; + $count--; + $index--; + } + } + + if($removed > 0) + write_config("Expired {$removed} user accounts"); + + print_r($config); + +?> |