diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-25 08:08:24 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-25 14:49:54 -0300 |
commit | 46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch) | |
tree | 32d18dda436ec739c67c489ceb771e8629cd926f /src/usr/local/pkg | |
parent | 4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff) | |
download | pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz |
Move main pfSense content to src/
Diffstat (limited to 'src/usr/local/pkg')
-rw-r--r-- | src/usr/local/pkg/miniupnpd.inc | 297 | ||||
-rw-r--r-- | src/usr/local/pkg/miniupnpd.xml | 135 |
2 files changed, 432 insertions, 0 deletions
diff --git a/src/usr/local/pkg/miniupnpd.inc b/src/usr/local/pkg/miniupnpd.inc new file mode 100644 index 0000000..4ea768c --- /dev/null +++ b/src/usr/local/pkg/miniupnpd.inc @@ -0,0 +1,297 @@ +<?php + require_once("util.inc"); + require_once("config.inc"); + require_once("functions.inc"); + require_once("shaper.inc"); + + $shortcut_section = "upnp"; + + /* MiniUPnPd */ + + function upnp_notice($msg) { + log_error("miniupnpd: {$msg}"); + } + + function upnp_warn($msg) { + log_error("miniupnpd: {$msg}"); + } + + function upnp_running () { + if ((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) { + return true; + } + return false; + } + + function upnp_write_config($file, $text) { + $handle = fopen($file, 'w'); + if (!$handle) { + upnp_warn("Could not open {$file} for writing."); + return; + } + fwrite($handle, $text); + fclose($handle); + } + + function upnp_uuid() { + /* md5 hash of wan mac */ + $uuid = md5(get_interface_mac(get_real_interface("wan"))); + /* put uuid in correct format 8-4-4-4-12 */ + return substr($uuid, 0, 8) . '-' . substr($uuid, 9, 4) . '-' . substr($uuid, 13, 4) . '-' . substr($uuid, 17, 4) . '-' . substr($uuid, 21, 12); + } + + function upnp_validate_queue($qname) { + read_altq_config(); + $qlist = get_altq_name_list(); + if (is_array($qlist)) { + return in_array($qname, $qlist); + } else { + return false; + } + } + + function upnp_validate_ip($ip, $check_cdir) { + /* validate cidr */ + $ip_array = array(); + if ($check_cdir) { + $ip_array = explode('/', $ip); + if (count($ip_array) == 2) { + if ($ip_array[1] < 1 || $ip_array[1] > 32) { + return false; + } + } else { + if (count($ip_array) != 1) { + return false; + } + } + } else { + $ip_array[] = $ip; + } + + /* validate ip */ + if (!is_ipaddr($ip_array[0])) { + return false; + } + return true; + } + + function upnp_validate_port($port) { + foreach (explode('-', $port) as $sub) { + if ($sub < 0 || $sub > 65535) { + return false; + } + } + return true; + } + + function before_form_miniupnpd(&$pkg) { + global $config; + + } + + function validate_form_miniupnpd($post, &$input_errors) { + if ($post['enable'] && (!$post['enable_upnp'] && !$post['enable_natpmp'])) { + $input_errors[] = 'At least one of \'UPnP\' or \'NAT-PMP\' must be allowed'; + } + if ($post['iface_array']) { + foreach ($post['iface_array'] as $iface) { + if ($iface == 'wan') { + $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; + } elseif ($iface == $post['ext_iface']) { + $input_errors[] = 'You cannot select the external interface as an internal interface.'; + } + } + } + if ($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'], false)) { + $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; + } + if (($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) { + $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; + } + if ($post['download'] && $post['download'] <= 0) { + $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; + } + if ($post['upload'] && $post['upload'] <= 0) { + $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; + } + if ($post['upnpqueue'] && !upnp_validate_queue($post['upnpqueue'])) { + $input_errors[] = 'You must specify a valid traffic shaping queue.'; + } + + /* user permissions validation */ + $j = substr_count(implode(array_keys($post)), "permuser"); + for ($i = 0; $i < $j; $i++) { + if ($post["permuser{$i}"]) { + $perm = explode(' ', $post["permuser{$i}"]); + /* should explode to 4 args */ + if (count($perm) != 4) { + $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; + } else { + /* must with allow or deny */ + if (!($perm[0] == 'allow' || $perm[0] == 'deny')) { + $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; + } + /* verify port or port range */ + if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) { + $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified permissions {$i}' field"; + } + /* verify ip address */ + if (!upnp_validate_ip($perm[2], true)) { + $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; + } + } + } + } + } + + function sync_package_miniupnpd() { + global $g, $config; + global $input_errors; + + $upnp_config = $config['installedpackages']['miniupnpd']['config'][0]; + $config_file = '/var/etc/miniupnpd.conf'; + + if (!isset($upnp_config['ext_iface']) || empty($upnp_config['ext_iface'])) { + $ext_ifname = get_real_interface(); + } else { + $if = convert_friendly_interface_to_real_interface_name($upnp_config['ext_iface']); + if ($if != $upnp_config['ext_iface']) { + $ext_ifname = $if; + } else { + $ext_ifname = get_real_interface(); + upnp_warn("Could not resolve real interface for {$upnp_config['ext_iface']}, defaulting to WAN"); + } + } + + $config_text = "ext_ifname={$ext_ifname}\n"; + $config_text .= "port=2189\n"; + + $ifaces_active = ''; + + /* since config is written before this file is invoked we don't need to read post data */ + if ($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { + $iface_array = explode(',', $upnp_config['iface_array']); + + foreach ($iface_array as $iface) { + /* Setting the same internal and external interface is not allowed. */ + if ($iface == $upnp_config['ext_iface']) { + continue; + } + $if = convert_friendly_interface_to_real_interface_name($iface); + /* above function returns iface if fail */ + if ($if != $iface) { + $addr = find_interface_ip($if); + $bits = find_interface_subnet($if); + /* check that the interface has an ip address before adding parameters */ + if (is_ipaddr($addr)) { + $config_text .= "listening_ip={$if}\n"; + if (!$ifaces_active) { + $webgui_ip = $addr; + $ifaces_active = $iface; + } else { + $ifaces_active .= ", {$iface}"; + } + } else { + upnp_warn("Interface {$iface} has no ip address, ignoring"); + } + } else { + upnp_warn("Could not resolve real interface for {$iface}"); + } + } + + if (!empty($ifaces_active)) { + /* override wan ip address, common for carp, etc */ + if ($upnp_config['overridewanip']) { + $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; + } + + $download = $upnp_config['download']*1000; + $upload = $upnp_config['upload']*1000; + + /* set upload and download bitrates */ + if (!empty($download) && !empty($upload)) { + $config_text .= "bitrate_down={$download}\n"; + $config_text .= "bitrate_up={$upload}\n"; + } + + /* enable logging of packets handled by miniupnpd rules */ + if ($upnp_config['logpackets']) { + $config_text .= "packet_log=yes\n"; + } + + /* enable system uptime instead of miniupnpd uptime */ + if ($upnp_config['sysuptime']) { + $config_text .= "system_uptime=yes\n"; + } + + /* set webgui url */ + if (!empty($config['system']['webgui']['protocol'])) { + $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; + if (!empty($config['system']['webgui']['port'])) { + $config_text .= ":{$config['system']['webgui']['port']}"; + } + $config_text .= "/\n"; + } + + /* set uuid and serial */ + $config_text .= "uuid=".upnp_uuid()."\n"; + $config_text .= "serial=".strtoupper(substr(upnp_uuid(), 0, 8))."\n"; + + /* set model number */ + $config_text .= "model_number=" . $g['product_version'] . "\n"; + + /* upnp access restrictions */ + foreach ($upnp_config['row'] as $row) { + if ($row['permuser']) { + $config_text .= "{$row["permuser"]}\n"; + } + } + + if ($upnp_config['permdefault']) { + $config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n"; + } + + /* Recheck if queue is valid */ + if (!upnp_validate_queue($upnp_config['upnpqueue'])) { + unset($upnp_config['upnpqueue']); + } + + /* Add shaper queue */ + if ($upnp_config['upnpqueue']) { + $config_text .= "queue={$upnp_config['upnpqueue']}\n"; + } + + /* Allow UPnP or NAT-PMP as requested */ + $config_text .= "enable_upnp=" . ($upnp_config['enable_upnp'] ? "yes\n" : "no\n"); + $config_text .= "enable_natpmp=" . ($upnp_config['enable_natpmp'] ? "yes\n" : "no\n"); + + /* write out the configuration */ + upnp_write_config($config_file, $config_text); + + /* if miniupnpd not running start it */ + if (!upnp_running()) { + upnp_notice("Starting service on interface: {$ifaces_active}"); + upnp_action('start'); + } else { + /* restart miniupnpd if settings were changed */ + upnp_notice("Restarting service on interface: {$ifaces_active}"); + upnp_action('restart'); + } + } + } else { + /* user does not want miniupnpd running */ + /* lets stop the service and remove the rc file */ + + if (file_exists($config_file)) { + if (!$upnp_config['enable']) { + upnp_notice('Stopping service: miniupnpd disabled'); + } else { + upnp_notice('Stopping service: no interfaces selected'); + } + + upnp_action('stop'); + @unlink($config_file); + } + } + } +?> diff --git a/src/usr/local/pkg/miniupnpd.xml b/src/usr/local/pkg/miniupnpd.xml new file mode 100644 index 0000000..33d8ac4 --- /dev/null +++ b/src/usr/local/pkg/miniupnpd.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="utf-8" ?> +<packagegui> + <title>Services: UPnP & NAT-PMP</title> + <name>miniupnpd</name> + <version>20100712</version> + <savetext>Change</savetext> + <include_file>/usr/local/pkg/miniupnpd.inc</include_file> + <menu> + <name>UPnP & NAT-PMP</name> + <tooltiptext>Set UPnP & NAT-PMP settings such as interfaces to listen on.</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=miniupnpd.xml&id=0</url> + </menu> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/sbin/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/miniupnpd/sbin/miniupnpd</item> + </additional_files_needed> + <service> + <name>miniupnpd</name> + <rcfile>miniupnpd.sh</rcfile> + <executable>miniupnpd</executable> + </service> + <fields> + <field> + <name>UPnP & NAT-PMP Settings</name> + <type>listtopic</type> + <enablefields>enable_upnp,enable_natpmp,ext_iface,iface_array,download,upload,overridewanip,upnpqueue,logpackets,sysuptime,permdefault</enablefields> + </field> + <field> + <fielddescr>Enable UPnP & NAT-PMP</fielddescr> + <fieldname>enable</fieldname> + <type>checkbox</type> + <enablefields>enable_upnp,enable_natpmp,ext_iface,iface_array,download,upload,overridewanip,upnpqueue,logpackets,sysuptime,permdefault</enablefields> + </field> + <field> + <fielddescr>Allow UPnP Port Mapping</fielddescr> + <fieldname>enable_upnp</fieldname> + <type>checkbox</type> + <description>This protocol is often used by Microsoft-compatible systems.</description> + </field> + <field> + <fielddescr>Allow NAT-PMP Port Mapping</fielddescr> + <fieldname>enable_natpmp</fieldname> + <type>checkbox</type> + <description>This protocol is often used by Apple-compatible systems.</description> + </field> + <field> + <fielddescr>External Interface (generally WAN)</fielddescr> + <fieldname>ext_iface</fieldname> + <default_value>wan</default_value> + <type>interfaces_selection</type> + <hideinterfaceregex>loopback</hideinterfaceregex> + <description>Select only your primary WAN interface (interface with your default route). Only one interface is allowed here, not multiple.</description> + <required/> + </field> + <field> + <fielddescr>Interfaces (generally LAN)</fielddescr> + <fieldname>iface_array</fieldname> + <default_value>lan</default_value> + <type>interfaces_selection</type> + <description>You can use the CTRL or COMMAND key to select multiple interfaces.</description> + <required/> + <multiple/> + </field> + <field> + <fielddescr>Maximum Download Speed (Kbits/second)</fielddescr> + <fieldname>download</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Maximum Upload Speed (Kbits/second)</fielddescr> + <fieldname>upload</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Override WAN address</fielddescr> + <fieldname>overridewanip</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Traffic Shaping Queue</fielddescr> + <fieldname>upnpqueue</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Log packets handled by UPnP & NAT-PMP rules?</fielddescr> + <fieldname>logpackets</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>Use system uptime instead of UPnP & NAT-PMP service uptime?</fielddescr> + <fieldname>sysuptime</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>By default deny access to UPnP & NAT-PMP?</fielddescr> + <fieldname>permdefault</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>User specified permissions</fielddescr> + <fieldname>none</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/CIDR] [int port or range] + <br />Example: allow 1024-65535 192.168.0.0/24 1024-65535</description> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fieldname>permuser</fieldname> + <type>input</type> + <size>60</size> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_command_before_form> + before_form_miniupnpd($pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + validate_form_miniupnpd($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_miniupnpd(); + </custom_php_resync_config_command> +</packagegui> |