diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-14 01:57:46 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-14 01:57:46 +0000 |
commit | 33f0abb1245ac409fbe9e94884fdd531eb1c42cf (patch) | |
tree | 5711af84a800a704b60b12c0cc02239cc31dbdc9 /usr/local/captiveportal/index.php | |
parent | 12ee8fe4a25d6fcda720a171c102f48d9bcceb5c (diff) | |
download | pfsense-33f0abb1245ac409fbe9e94884fdd531eb1c42cf.zip pfsense-33f0abb1245ac409fbe9e94884fdd531eb1c42cf.tar.gz |
Restore 1.2b5's captive portal. 1.2b7 + radius == boom.
Diffstat (limited to 'usr/local/captiveportal/index.php')
-rwxr-xr-x | usr/local/captiveportal/index.php | 83 |
1 files changed, 9 insertions, 74 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 1f35a57..497e506 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -27,10 +27,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - This version of index.php has been modified by Rob Parker - <rob.parker@keycom.co.uk>. Changes made are in relation to Per-User Bandwidth - Management based on returned RADIUS attributes, and are (c) 2004 Keycom PLC. */ require("globals.inc"); @@ -63,12 +59,7 @@ if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) { if ($clientmac && portal_mac_fixed($clientmac)) { /* punch hole in ipfw for pass thru mac addresses */ - // KEYCOM: passthru mac bandwidth control] - if (isset($config['captiveportal']['peruserbw'])) { - portal_allow($clientip, $clientmac, "unauthenticated",$config['captiveportal']['bwauthmacup'],$config['captiveportal']['bwauthmacdn']); - } else { - portal_allow($clientip, $clientmac, "unauthenticated",0,0); - } + portal_allow($clientip, $clientmac, "unauthenticated"); } else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { @@ -81,23 +72,14 @@ if ($clientmac && portal_mac_fixed($clientmac)) { $radiusservers[0]['ipaddr'], $radiusservers[0]['port'], $radiusservers[0]['key']); - $auth_returns = explode("/", $auth_val); - $auth_val = $auth_returns[0]; - $bw_up = $auth_returns[1]; - $bw_down = $auth_returns[2]; if ($auth_val == 2) { - if (isset($config['captiveportal']['peruserbw'])) { - $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],$bw_up,$bw_down); - } else { - $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],0,0); - } + $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']); if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'], $sessionid, $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $clientip); + $radiusservers[0]['key']); } } else { readfile("{$g['varetc_path']}/captiveportal-error.html"); @@ -107,20 +89,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) { } } else if ($_POST['accept'] && $clientip) { - //KEYCOM: authorised up and down bandwidth defaults (set from webgui). If not set, use 128/128 - if (isset($config['captiveportal']['peruserbw'])) { - $bw_up=$config['captiveportal']['bwauthipup']; - $bw_down=$config['captiveportal']['bwauthipdn']; - if(!isset($bw_up)) { - $bw_up=128; - } - if(!isset($bw_down)) { - $bw_down=128; - } - portal_allow($clientip, $clientmac, "unauthenticated",$bw_up,$bw_down); - } else { - portal_allow($clientip, $clientmac, "unauthenticated",0,0); - } + portal_allow($clientip, $clientmac, "unauthenticated"); } else if ($_POST['logout_id']) { disconnect_client($_POST['logout_id']); echo <<<EOD @@ -150,7 +119,7 @@ EOD; if (isset($config['captiveportal']['httpslogin'])) $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); else - $htmltext = str_replace("\$PORTAL_ACTION\$", "", $htmltext); + $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext); if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) $redirurl = urldecode($matches[1]); @@ -184,7 +153,7 @@ function portal_mac_fixed($clientmac) { return FALSE ; } -function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { +function portal_allow($clientip,$clientmac,$clientuser) { global $orig_host, $orig_request, $g, $config; @@ -206,26 +175,6 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { /* add ipfw rules for layer 3 */ exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); - - /* KEYCOM: add ipfw rules for dummynet based on bw_up and bw_down */ - //we're just copying them by adding on some and hoping no collision will occur - //2000 users would be expecting a bit much from a WAP ;) - - //we're using fixed rule numbers which are 'a step above' the m0n0 ones - //this makes sure we always know where our rules are, and taht they are deleted when m0n0's are - //they're set so they shouldn't hit anything important, and also so they are in roughly the right position in the fw. - - //of course, we only need to do this if it's enabled in the config - if (isset($config['captiveportal']['peruserbw'])) { - $up_rule_number = $ruleno + 40500; - $down_rule_number = $ruleno + 45500; - $lanif = $config['interfaces']['lan']['if']; - exec("/sbin/ipfw add $up_rule_number set 4 pipe $up_rule_number ip from $clientip to any via $lanif"); - exec("/sbin/ipfw add $down_rule_number set 4 pipe $down_rule_number ip from any to $clientip via $lanif"); - exec("/sbin/ipfw pipe $up_rule_number config bw " . trim($bw_up) . "Kbit/s queue 10"); - exec("/sbin/ipfw pipe $down_rule_number config bw " . trim($bw_down) . "Kbit/s queue 10"); - } - /* done */ /* add ipfw rules for layer 2 */ if (!isset($config['captiveportal']['nomacfilter'])) { @@ -260,17 +209,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) { $cpdb[$i][0], // start time $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $clientip); - } - //KEYCOM: we need to delete +40500 and +45500 as well... - //these are the rule numbers we use to control traffic shaping for each logged in user via captive portal - mwexec("/sbin/ipfw delete " . $cpdb[$i][1]); - //we only need to remove our rules if peruserbw is turned on. - if(isset($config['captiveportal']['peruserbw'])) { - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500)); - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500)); + $radiusservers[0]['key']); } + mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); unset($cpdb[$i]); break; } @@ -444,15 +385,9 @@ function disconnect_client($sessionid) { $cpdb[$i][0], // start time $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $clientip); + $radiusservers[0]['key']); } - //again we need to remve +40500 and +45500 as well, if they exist mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); - if(isset($config['captiveportal']['peruserbw'])) { - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500)); - mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500)); - } unset($cpdb[$i]); break; } |