summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-08-21 21:02:14 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-08-21 21:02:14 +0000
commit8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d (patch)
treed993ec194df18f7c62993a1a2a287568c85f4cc3 /usr/local
parent92442757dd0e12e593a5723787fa976735547335 (diff)
downloadpfsense-8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d.zip
pfsense-8c1ce6c7c0f232d8ac46b5f38f6671df5583e42d.tar.gz
Instead of simply bailing leaving the client with a blank screen, output that an error occured and write out to the system log more verbose information for what the problem is. If in the case of a missing mac address, suggest that the user may want to disable mac filtering if they do not need this functionality.
Diffstat (limited to 'usr/local')
-rwxr-xr-xusr/local/captiveportal/index.php106
1 files changed, 55 insertions, 51 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 89166db..788efcf 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -1,21 +1,21 @@
-<?php
+<?php
/*
index.php
part of m0n0wall (http://m0n0.ch/wall)
-
+
Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -41,6 +41,8 @@ $clientip = $_SERVER['REMOTE_ADDR'];
if (!$clientip) {
/* not good - bail out */
+ echo "An error occured. Please check the system logs for more information.";
+ log_error("Captive portal could not deterimine clients ip address.");
exit;
}
@@ -48,6 +50,8 @@ if (!$clientip) {
$clientmac = arp_get_mac_by_ip($clientip);
if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) {
/* unable to find MAC address - shouldn't happen! - bail out */
+ echo "An error occured. Please check the system logs for more information.";
+ log_error("Captive portal could not deterimine clients MAC address. Disable MAC address filtering in captive portal if you do not needs this functionality.");
exit;
}
@@ -59,7 +63,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
/* authenticate against radius server */
$radiusservers = captiveportal_get_radius_servers();
-
+
if ($_POST['auth_user'] && $_POST['auth_pass']) {
$auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'],
$_POST['auth_pass'],
@@ -84,7 +88,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
} else {
readfile("{$g['varetc_path']}/captiveportal-error.html");
}
-
+
} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {
//check against local usermanager
@@ -103,9 +107,9 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
}
if ($moddb)
write_config();
-
+
$userdb = &$config['captiveportal']['user'];
-
+
for ($i = 0; $i < count($userdb); $i++) {
if (($userdb[$i]['name'] == $_POST['auth_user']) && ($userdb[$i]['password'] == md5($_POST['auth_pass']))) {
$loginok = true;
@@ -145,27 +149,27 @@ EOD;
/* redirect to HTTPS login page */
header("Location: https://{$config['captiveportal']['httpsname']}:8001/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
} else {
-
+
header("Expires: 0");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
- header("Pragma: no-cache");
-
+ header("Pragma: no-cache");
+
/* display captive portal page */
$htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html");
-
+
/* substitute variables */
if (isset($config['captiveportal']['httpslogin']))
$htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
else
$htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext);
-
+
if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
$redirurl = urldecode($matches[1]);
else
$redirurl = "http://{$orig_host}{$orig_request}";
$htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
-
+
echo $htmltext;
}
@@ -174,7 +178,7 @@ exit;
function portal_mac_fixed($clientmac) {
global $g ;
-
+
/* open captive portal mac db */
if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
$fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ;
@@ -191,7 +195,7 @@ function portal_mac_fixed($clientmac) {
fclose($fd) ;
}
return FALSE ;
-}
+}
function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
@@ -199,7 +203,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
/* user has accepted AUP - let him in */
portal_lock();
-
+
/* get next ipfw rule number */
if (file_exists("{$g['vardb_path']}/captiveportal.nextrule"))
$ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule"));
@@ -207,22 +211,22 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
$ruleno = 10000; /* first rule number */
$saved_ruleno = $ruleno;
-
+
/* generate unique session ID */
$tod = gettimeofday();
$sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
-
+
/* add ipfw rules for layer 3 */
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
-
+
/* add ipfw rules for layer 2 */
if (!isset($config['captiveportal']['nomacfilter'])) {
$l2ruleno = $ruleno + 10000;
exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
}
-
+
/* read in client database */
$cpdb = array();
@@ -232,11 +236,11 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
$line = trim(fgets($fd)) ;
if($line) {
$cpdb[] = explode(",",$line);
- }
+ }
}
fclose($fd);
}
-
+
$radiusservers = captiveportal_get_radius_servers();
/* find an existing entry and delete it */
@@ -256,7 +260,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
unset($cpdb[$i]);
break;
}
- }
+ }
/* rewrite information to database */
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
@@ -270,7 +274,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid},{$bpassword}\n") ;
fclose($fd);
}
-
+
/* write next rule number */
$fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
if ($fd) {
@@ -280,9 +284,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
fwrite($fd, $ruleno);
fclose($fd);
}
-
+
portal_unlock();
-
+
/* redirect user to desired destination */
if ($config['captiveportal']['redirurl'])
$redirurl = $config['captiveportal']['redirurl'];
@@ -290,14 +294,14 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") {
$redirurl = $_POST['redirurl'];
else
$redirurl = "http://{$orig_host}{$orig_request}";
-
+
if(isset($config['captiveportal']['logoutwin_enable'])) {
-
+
if (isset($config['captiveportal']['httpslogin']))
$logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
else
$logouturl = "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/";
-
+
echo <<<EOD
<HTML>
<HEAD><TITLE>Redirecting...</TITLE></HEAD>
@@ -331,17 +335,17 @@ document.location.href="{$redirurl}";
EOD;
} else {
- header("Location: " . $redirurl);
+ header("Location: " . $redirurl);
}
-
+
return $sessionid;
}
/* read RADIUS servers into array */
function captiveportal_get_radius_servers() {
-
+
global $g;
-
+
if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
$fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r");
if ($fd) {
@@ -355,20 +359,20 @@ function captiveportal_get_radius_servers() {
}
}
fclose($fd);
-
+
return $radiusservers;
}
}
-
+
return false;
}
/* lock captive portal information, decide that the lock file is stale after
10 seconds */
function portal_lock() {
-
+
global $lockfile;
-
+
$n = 0;
while ($n < 10) {
/* open the lock file in append mode to avoid race condition */
@@ -386,9 +390,9 @@ function portal_lock() {
/* unlock captive portal information file */
function portal_unlock() {
-
+
global $lockfile;
-
+
if (file_exists($lockfile))
unlink($lockfile);
}
@@ -397,11 +401,11 @@ function portal_unlock() {
by Dinesh Nair
*/
function disconnect_client($sessionid) {
-
+
global $g, $config;
-
+
portal_lock();
-
+
/* read database */
$cpdb = array() ;
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
@@ -410,14 +414,14 @@ function disconnect_client($sessionid) {
$line = trim(fgets($fd)) ;
if($line) {
$cpdb[] = explode(",",$line);
- }
+ }
}
fclose($fd);
}
-
+
$radiusservers = captiveportal_get_radius_servers();
-
- /* find entry */
+
+ /* find entry */
for ($i = 0; $i < count($cpdb); $i++) {
if ($cpdb[$i][5] == $sessionid) {
/* this client needs to be deleted - remove ipfw rules */
@@ -437,7 +441,7 @@ function disconnect_client($sessionid) {
break;
}
}
-
+
/* rewrite information to database */
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
if ($fd) {
@@ -446,7 +450,7 @@ function disconnect_client($sessionid) {
}
fclose($fd);
}
-
+
portal_unlock();
}
OpenPOWER on IntegriCloud