diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-02-07 11:09:09 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-02-07 11:15:10 -0200 |
commit | a8cb003844c8feda083925415d9cfc96d5f3827f (patch) | |
tree | 14ae704fd9fb090f69ddfa44ec7647413d4f46d5 /usr | |
parent | 060bc78b02232484a089349a26ecee4e5bc72429 (diff) | |
download | pfsense-a8cb003844c8feda083925415d9cfc96d5f3827f.zip pfsense-a8cb003844c8feda083925415d9cfc96d5f3827f.tar.gz |
Implement privilege for allowing login through CP
- The feature is optional, on by default for new zones, off for current
ones when upgrading
It should fix #1010
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/captiveportal/index.php | 4 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 21 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_zones_edit.php | 1 |
3 files changed, 21 insertions, 5 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 98b26e9..63b4280 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -207,6 +207,10 @@ EOD; if ($_POST['auth_user'] && $_POST['auth_pass']) { //check against local user manager $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); + + if ($loginok && isset($cpcfg['localauth_priv'])) + $loginok = userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login"); + if ($loginok){ captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); portal_allow($clientip, $clientmac,$_POST['auth_user']); diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 867fe74..8423d45 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -97,6 +97,7 @@ if ($a_cp[$cpzone]) { $pconfig['enable'] = isset($a_cp[$cpzone]['enable']); $pconfig['pms_enabled'] = $a_cp[$cpzone]['pms_enabled']; $pconfig['auth_method'] = $a_cp[$cpzone]['auth_method']; + $pconfig['localauth_priv'] = isset($a_cp[$cpzone]['localauth_priv']); $pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']); $pconfig['radmac_enable'] = isset($a_cp[$cpzone]['radmac_enable']); $pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret']; @@ -251,6 +252,7 @@ if ($_POST) { else unset($newcp['pms_enabled']); $newcp['auth_method'] = $_POST['auth_method']; + $newcp['localauth_priv'] = isset($_POST['localauth_priv']); $newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false; $newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false; $newcp['radmac_enable'] = $_POST['radmac_enable'] ? true : false; @@ -334,6 +336,7 @@ include("head.inc"); function enable_change(enable_change) { var endis, radius_endis; endis = !(document.iform.enable.checked || enable_change); + localauth_endis = !((!endis && document.iform.auth_method[1].checked) || enable_change); radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change); https_endis = !((!endis && document.iform.httpslogin_enable.checked) || enable_change); @@ -347,6 +350,7 @@ function enable_change(enable_change) { document.iform.timeout.disabled = endis; document.iform.preauthurl.disabled = endis; document.iform.redirurl.disabled = endis; + document.iform.localauth_priv.disabled = localauth_endis; document.iform.radiusip.disabled = radius_endis; document.iform.radiusip2.disabled = radius_endis; document.iform.radiusip3.disabled = radius_endis; @@ -571,19 +575,26 @@ function enable_change(enable_change) { <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>> <?=gettext("No Authentication"); ?></td> - </tr> + </tr> <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>> <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td> - </tr> + </tr> + </tr><tr> + <td> </td> + <td> </td> + </tr> <tr> + <td> </td> + <td><input name="localauth_priv" type="checkbox" id="localauth_priv" value="yes" onClick="enable_change(false)" <?php if($pconfig['localauth_priv']=="yes") echo "checked"; ?>> + <?=gettext("Allow only users/groups with 'Captive portal login' privilege set"); ?></td> + </tr><tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>> <?=gettext("RADIUS Authentication"); ?></td> - </tr><tr> + </tr><tr> <td> </td> <td> </td> - </tr> - <tr> + </tr> <td width="22%" valign="top" class="vncell"><?=gettext("Radius Protocol"); ?></td> <td width="78%" class="vtable"> <table cellpadding="0" cellspacing="0"> diff --git a/usr/local/www/services_captiveportal_zones_edit.php b/usr/local/www/services_captiveportal_zones_edit.php index 4353d7e..1e8b861 100644 --- a/usr/local/www/services_captiveportal_zones_edit.php +++ b/usr/local/www/services_captiveportal_zones_edit.php @@ -76,6 +76,7 @@ if ($_POST) { $a_cp[$cpzone] = array(); $a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']); $a_cp[$cpzone]['descr'] = $_POST['descr']; + $a_cp[$cpzone]['localauth_priv'] = true; write_config(); header("Location: services_captiveportal.php?zone={$cpzone}"); |