diff options
| author | Carlos Eduardo Ramos <carlos.ramos@bluepex.com> | 2010-05-04 08:12:13 -0300 |
|---|---|---|
| committer | Carlos Eduardo Ramos <carlos.ramos@bluepex.com> | 2010-05-04 08:12:13 -0300 |
| commit | 1cfa0465f4a0d9f6c2c207fbb2d94a95349631ca (patch) | |
| tree | 7759cc6ac1d98290301184b874a966176ff4d440 /usr/local | |
| parent | 8a0b4f1476502fd173f91254a8cdfaab22d83d53 (diff) | |
| parent | 156a7868ba2acafc803318e575b1a1b9ca222fba (diff) | |
| download | pfsense-1cfa0465f4a0d9f6c2c207fbb2d94a95349631ca.zip pfsense-1cfa0465f4a0d9f6c2c207fbb2d94a95349631ca.tar.gz | |
Merge commit 'mainline/master'
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/captiveportal/index.php | 16 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_ip.php | 12 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 39 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_mac.php | 14 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal_mac_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 1 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_csc.php | 1 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 1 | ||||
| -rw-r--r-- | usr/local/www/wizards/openvpn_wizard.xml | 20 |
9 files changed, 53 insertions, 53 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 7d51fc3..4f68026 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -119,12 +119,6 @@ setTimeout('window.close();',5000) ; EOD; exit; -/* The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail */ -} else if ($clientmac && portal_mac_fixed($clientmac)) { - /* punch hole in ipfw for pass thru mac addresses */ - portal_allow($clientip, $clientmac, "unauthenticated"); - exit; - } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ exit; @@ -322,19 +316,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut */ $peruserbw = isset($config['captiveportal']['peruserbw']); $passthrumacadd = isset($config['captiveportal']['passthrumacadd']); - $portalmac = NULL; - if (!empty($clientmac)) { - $portalmac = portal_mac_fixed($clientmac); - if ($portalmac) { - $attributes['bw_up'] = $portalmac['bw_up']; - $attributes['bw_down'] = $portalmac['bw_down']; - } - } $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; - if ($passthrumacadd && $portalmac == NULL) { + if ($passthrumacadd) { $mac = array(); $mac['mac'] = $clientmac; $mac['descr'] = "Auto added pass-through MAC for user {$username}"; diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index fb8711b..4bf2cf9 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -56,8 +56,10 @@ if ($_GET['act'] == "del") { $ipent = $a_allowedips[$_GET['id']]; if (isset($config['captiveportal']['enable'])) { - mwexec("/sbin/ipfw table 1 delete " . $ipent['ip']); - mwexec("/sbin/ipfw table 2 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 3 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 4 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 5 delete " . $ipent['ip']); + mwexec("/sbin/ipfw table 6 delete " . $ipent['ip']); } unset($a_allowedips[$_GET['id']]); @@ -104,7 +106,13 @@ include("head.inc"); <?php $i = 0; foreach ($a_allowedips as $ip): ?> <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> + <?php if($ip['dir'] == "to") + echo "any <img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">"; + ?> <?=strtolower($ip['ip']);?> + <?php if($ip['dir'] == "from") + echo "<img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; + ?> </td> <td class="listbg"> <?=htmlspecialchars($ip['descr']);?> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 45c4e2f..09d8075 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -67,6 +67,7 @@ if (isset($_POST['id'])) if (isset($id) && $a_allowedips[$id]) { $pconfig['ip'] = $a_allowedips[$id]['ip']; + $pconfig['dir'] = $a_allowedips[$id]['dir']; $pconfig['bw_up'] = $a_allowedips[$id]['bw_up']; $pconfig['bw_down'] = $a_allowedips[$id]['bw_down']; $pconfig['descr'] = $a_allowedips[$id]['descr']; @@ -104,6 +105,7 @@ if ($_POST) { if (!$input_errors) { $ip = array(); $ip['ip'] = $_POST['ip']; + $ip['dir'] = $_POST['dir']; $ip['descr'] = $_POST['descr']; if ($_POST['bw_up']) $ip['bw_up'] = $_POST['bw_up']; @@ -117,22 +119,11 @@ if ($_POST) { write_config(); - if (isset($config['captiveportal']['enable'])) { - $bwup = ""; - $bwdown = ""; - $ruleno = captiveportal_get_next_ipfw_ruleno(); - if (!empty($ip['bw_up'])) { - $pipeno = $ruleno + 20000; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100"); - $bwup = "pipe {$pipeno}"; - } - if (!empty($ip['bw_down'])) { - $pipeno = $ruleno + 20001; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100"); - $bwdown = "pipe {$pipeno}"; - } - mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}"); - mwexec("/sbin/ipfw table 2 add {$ip['ip']} {$bwdown}"); + if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) { + $rules = captiveportal_allowedip_configure_entry($ip); + file_put_contents("{$g['tmp_path']}/allowedip_tmp", $rules); + mwexec("/sbin/ipfw {$g['tmp_path']}/allowedip_tmp"); + @unlink("{$g['tmp_path']}/allowedip_tmp"); } header("Location: services_captiveportal_ip.php"); @@ -149,6 +140,22 @@ include("head.inc"); <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> + <td width="22%" valign="top" class="vncellreq">Direction</td> + <td width="78%" class="vtable"> + <select name="dir" class="formfld"> + <?php + $dirs = explode(" ", "Both From To") ; + foreach ($dirs as $dir): ?> + <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> > + <?=htmlspecialchars($dir);?> + </option> + <?php endforeach; ?> + </select> + <br> + <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication). + Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">IP address</td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>"> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index dd5fdfe..7c40b85 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -74,13 +74,12 @@ if ($_POST) { } } if ($found == true) { - $ip = captiveportal_get_ipfw_ruleno_byvalue($_POST['delmac']); - if ($ip) { - captiveportal_disconnect_client($ip); + $ruleno = captiveportal_get_ipfw_passthru_ruleno($_POST['delmac']); + if ($ruleno) { + mwexec("/sbin/ipfw delete {$ruleno}; /sbin/ipfw delete " . ++$ruleno); } unset($a_passthrumacs[$idx]); write_config(); - captiveportal_passthrumac_configure(true); } } exit; @@ -89,14 +88,13 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_passthrumacs[$_GET['id']]) { - $ip = captiveportal_get_ipfw_ruleno_byvalue($a_passthrumacs[$_GET['id']]['mac']); - if ($ip) { - captiveportal_disconnect_client($ip); + $ruleno = captiveportal_get_ipfw_passthru_ruleno($a_passthrumacs[$_GET['id']]['mac']); + if ($ruleno) { + mwexec("/sbin/ipfw delete {$ruleno}; /sbin/ipfw delete " . ++$ruleno); } unset($a_passthrumacs[$_GET['id']]); write_config(); header("Location: services_captiveportal_mac.php"); - mark_subsystem_dirty('passthrumac'); exit; } } diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 89e2757..ac7b341 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -120,8 +120,6 @@ if ($_POST) { write_config(); - mark_subsystem_dirty('passthrumac'); - header("Location: services_captiveportal_mac.php"); exit; } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 14a4af6..831be25 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -341,6 +341,7 @@ function autotls_change() { $tab_array[] = array(gettext("Client"), true, "vpn_openvpn_client.php"); $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php"); $tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml"); + $tab_array[] = array(gettext("Logs"), false, "diag_logs_openvpn.php"); add_package_tabs("OpenVPN", $tab_array); display_top_tabs($tab_array); ?> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 2408af0..b70404f 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -291,6 +291,7 @@ function netbios_change() { $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); $tab_array[] = array(gettext("Client Specific Overrides"), true, "vpn_openvpn_csc.php"); $tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml"); + $tab_array[] = array(gettext("Logs"), false, "diag_logs_openvpn.php"); add_package_tabs("OpenVPN", $tab_array); display_top_tabs($tab_array); ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4f0d59d..f19a216 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -504,6 +504,7 @@ function netbios_change() { $tab_array[] = array(gettext("Client"), false, "vpn_openvpn_client.php"); $tab_array[] = array(gettext("Client Specific Overrides"), false, "vpn_openvpn_csc.php"); $tab_array[] = array(gettext("Wizards"), false, "wizard.php?xml=openvpn_wizard.xml"); + $tab_array[] = array(gettext("Logs"), false, "diag_logs_openvpn.php"); add_package_tabs("OpenVPN", $tab_array); display_top_tabs($tab_array); ?> diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index bba38c8..01d5d57 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -204,21 +204,21 @@ </field> <field> <name>nameattr</name> - <displayname>User naming attribute</displayname> + <displayname>User Naming Attribute</displayname> <type>input</type> <bindstofield>ovpnserver->step2->nameattr</bindstofield> - <description>Typically "cn" (OpenLDAP, Novell eDirectory), "samAccountName" (Microsoft AD), </description> + <description>Typically "cn" (OpenLDAP, Novell eDirectory), "samAccountName" (Microsoft AD)</description> </field> <field> <name>groupattr</name> - <displayname>Group naming attribute</displayname> + <displayname>Group Naming Attribute</displayname> <type>input</type> <bindstofield>ovpnserver->step2->groupattr</bindstofield> <description>Typically "cn" (OpenLDAP, Microsoft AD, and Novell eDirectory)</description> </field> <field> <name>memberattr</name> - <displayname>Member naming attribute</displayname> + <displayname>Member Naming Attribute</displayname> <type>input</type> <bindstofield>ovpnserver->step2->memberattr</bindstofield> <description>Typically "member" (OpenLDAP), "memberOf" (Microsoft AD), "uniqueMember" (Novell eDirectory)</description> @@ -611,7 +611,7 @@ </field> <field> <name>localport</name> - <displayname>Local port</displayname> + <displayname>Local Port</displayname> <description>Local port upon which OpenVPN will listen for connections. The default port is 1194. Leave this blank unless you need to use a different port.</description> <type>input</type> <size>10</size> @@ -678,7 +678,7 @@ <field> <name>crypto</name> <type>select</type> - <displayname>Encryption algorithm</displayname> + <displayname>Encryption Algorithm</displayname> <bindstofield>ovpnserver->step10->crypto</bindstofield> <options> <option> @@ -693,7 +693,7 @@ <name>Tunnel Settings</name> </field> <field> - <displayname>Tunnel network</displayname> + <displayname>Tunnel Network</displayname> <name>tunnelnet</name> <type>input</type> <size>20</size> @@ -708,7 +708,7 @@ <bindstofield>ovpnserver->step10->rdrgw</bindstofield> </field> <field> - <displayname>Local network</displayname> + <displayname>Local Network</displayname> <name>localnet</name> <type>input</type> <size>20</size> @@ -716,7 +716,7 @@ <description>This is the network that will be accessible from the remote endpoint, expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.</description> </field> <field> - <displayname>Remote network</displayname> + <displayname>Remote Network</displayname> <name>remotenet</name> <type>input</type> <size>20</size> @@ -746,7 +746,7 @@ <bindstofield>ovpnserver->step10->tos</bindstofield> </field> <field> - <displayname>Inter-client communication</displayname> + <displayname>Inter-Client Communication</displayname> <name>interclient</name> <type>checkbox</type> <description>Allow communication between clients connected to this server.</description> |
