diff options
author | Ermal <eri@pfsense.org> | 2011-09-07 06:42:58 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-09-07 13:04:01 +0000 |
commit | b4792bf8fe3b1cef416c7135fea88c1a0b08800a (patch) | |
tree | d32a5fb188939e28cd42c92aa9b4cf6729ff4947 /usr/local/captiveportal | |
parent | 9b55203f878786a2bbd0b7d5dda4474d2533695b (diff) | |
download | pfsense-b4792bf8fe3b1cef416c7135fea88c1a0b08800a.zip pfsense-b4792bf8fe3b1cef416c7135fea88c1a0b08800a.tar.gz |
Add the multi instance CP to master branch. This allows to define CP with different properties on different interfaces.
Diffstat (limited to 'usr/local/captiveportal')
-rwxr-xr-x | usr/local/captiveportal/index.php | 39 | ||||
-rw-r--r-- | usr/local/captiveportal/radius_accounting.inc | 14 | ||||
-rw-r--r-- | usr/local/captiveportal/radius_authentication.inc | 10 |
3 files changed, 33 insertions, 30 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 1bd9366..9ed509f 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -44,6 +44,9 @@ header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header("Connection: close"); +$cpzone = $_REQUEST['zone']; +$cpcfg = $config['captiveportal'][$cpzone]; + $orig_host = $_ENV['HTTP_HOST']; $orig_request = $_REQUEST['redirurl']; $clientip = $_SERVER['REMOTE_ADDR']; @@ -56,36 +59,36 @@ if (!$clientip) { exit; } -if (isset($config['captiveportal']['httpslogin'])) - $ourhostname = $config['captiveportal']['httpsname'] . ":8001"; +if (isset($config['captiveportal'][$cpzone]['httpslogin'])) + $ourhostname = $config['captiveportal'][$cpzone]['httpsname'] . ($cpcfg['zoneid'] + 1); else { $ifip = portal_ip_from_client_ip($clientip); if (!$ifip) - $ourhostname = $config['system']['hostname'] . ":8000"; + $ourhostname = $config['system'][$cpzone]['hostname'] . ":{$cpcfg['zoneid']}"; else - $ourhostname = "{$ifip}:8000"; + $ourhostname = "{$ifip}:{$cpcfg['zoneid']}"; } if ($orig_host != $ourhostname) { /* the client thinks it's connected to the desired web server, but instead it's connected to us. Issue a redirect... */ - if (isset($config['captiveportal']['httpslogin'])) - header("Location: https://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); + if (isset($config['captiveportal'][$cpzone]['httpslogin'])) + header("Location: https://{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); else - header("Location: http://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); + header("Location: http://{$ourhostname}/index.php?zone={$cpzone}&redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); exit; } -if (!empty($config['captiveportal']['redirurl'])) - $redirurl = $config['captiveportal']['redirurl']; +if (!empty($config['captiveportal'][$cpzone]['redirurl'])) + $redirurl = $config['captiveportal'][$cpzone]['redirurl']; else if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) $redirurl = urldecode($matches[1]); else if ($_REQUEST['redirurl']) $redirurl = $_REQUEST['redirurl']; -$macfilter = !isset($config['captiveportal']['nomacfilter']); -$passthrumac = isset($config['captiveportal']['passthrumacadd']); +$macfilter = !isset($config['captiveportal'][$cpzone]['nomacfilter']); +$passthrumac = isset($config['captiveportal'][$cpzone]['passthrumacadd']); /* find MAC address for client */ $clientmac = arp_get_mac_by_ip($clientip); @@ -98,9 +101,9 @@ if (!$clientmac && ($macfilter || $passthrumac)) { } /* find out if we need RADIUS + RADIUSMAC or not */ -if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { +if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) { $radius_enable = TRUE; - if (isset($config['captiveportal']['radmac_enable'])) + if (isset($config['captiveportal'][$cpzone]['radmac_enable'])) $radmac_enable = TRUE; } @@ -149,14 +152,14 @@ EOD; // YES: user is good for $timecredit minutes. captiveportal_logportalauth($voucher,$clientmac,$clientip,"Voucher login good for $timecredit min."); } else { - portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg); + portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); } } else if (-1 == $timecredit) { // valid but expired captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE","voucher expired"); - portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg); + portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgexpired'] ? $config['voucher'][$cpzone]['msgexpired']: $errormsg); } else { captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE"); - portal_reply_page($redirurl, "error", $config['voucher']['msgnoaccess'] ? $config['voucher']['msgnoaccess'] : $errormsg); + portal_reply_page($redirurl, "error", $config['voucher'][$cpzone]['msgnoaccess'] ? $config['voucher'][$cpzone]['msgnoaccess'] : $errormsg); } } else if ($_POST['accept'] && $radius_enable) { @@ -182,7 +185,7 @@ EOD; portal_reply_page($redirurl, "error", $errormsg); } -} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { +} else if ($_POST['accept'] && $config['captiveportal'][$cpzone]['auth_method'] == "local") { //check against local user manager $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); @@ -193,7 +196,7 @@ EOD; captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); portal_reply_page($redirurl, "error", $errormsg); } -} else if ($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") { +} else if ($_POST['accept'] && $clientip && $config['captiveportal'][$cpzone]['auth_method'] == "none") { captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT"); portal_allow($clientip, $clientmac, "unauthenticated"); } else { diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index 704c229..1f24e65 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -51,13 +51,13 @@ PEAR::loadExtension('bcmath'); function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac) { - global $config; + global $config, $cpzone; $retvalue = array(); $nas_mac = mac_format(get_interface_mac("wan")); $clientmac = mac_format($clientmac); $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; switch($radiusvendor) { @@ -67,10 +67,10 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, break; default: - if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) - $calledstationid = $config['captiveportal']['radiussrcip_attribute']; + if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) + $calledstationid = $config['captiveportal'][$cpzone]['radiussrcip_attribute']; else - $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + $calledstationid = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']); $callingstationid = $clientmac; $callingstationid = $clientmac; } @@ -166,13 +166,13 @@ RADIUS ACCOUNTING STOP/UPDATE function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { - global $config; + global $config, $cpzone; $retvalue = array(); $nas_mac = mac_format(get_interface_mac("wan")); $clientmac = mac_format($clientmac); $nas_port = intval($ruleno); - $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; $stop_time = (empty($stop_time)) ? time() : $stop_time; $session_time = $stop_time - $start_time; $volume = getVolume($clientip); diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 142ab0e..28802ee 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -48,13 +48,13 @@ RADIUS AUTHENTICATION function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { - global $config; + global $config, $cpzone; $retvalue = array(); $nas_mac = mac_format(get_interface_mac(get_real_interface("wan"))); $clientmac = mac_format($clientmac); $nas_port = $ruleno; - $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; // Do we even need to set it to NULL? $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null; @@ -65,10 +65,10 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli $callingstationid = $clientip; break; default: - if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) - $calledstationid = $config['captiveportal']['radiussrcip_attribute']; + if (is_ipaddr($config['captiveportal'][$cpzone]['radiussrcip_attribute'])) + $calledstationid = $config['captiveportal'][$cpzone]['radiussrcip_attribute']; else - $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + $calledstationid = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']); $callingstationid = $clientmac; break; } |