4 files changed, 473 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 685713b..a5cf992 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -781,4 +781,184 @@ function vpn_endpoint_determine($tunnel, $curwanip) {
 	return null;
 }
 
+function vpn_pppoe_configure() {
+	global $config, $g;
+
+	$syscfg = $config['system'];
+	$pppoecfg = $config['pppoe'];
+
+	if ($g['booting']) {
+		if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off"))
+			return 0;
+
+		echo "Configuring PPPoE VPN service... ";
+	} else {
+		/* kill mpd */
+		killbypid("{$g['varrun_path']}/mpd-vpn.pid");
+
+		/* wait for process to die */
+		sleep(2);
+		
+		vpn_pptp_configure();
+	}
+
+	/* make sure mpd-vpn directory exists */
+	if (!file_exists("{$g['varetc_path']}/mpd-vpn"))
+		mkdir("{$g['varetc_path']}/mpd-vpn");
+
+	switch ($pppoecfg['mode']) {
+
+		case 'server':
+
+			/* write mpd.conf */
+			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "a");
+			if (!$fd) {
+				printf("Error: cannot open mpd.conf in vpn_pppoe_configure().\n");
+				return 1;
+			}
+			$mpdconf = "\n\n";
+			$mpdconf .= <<<EOD
+pppoe:
+
+EOD;
+
+			for ($i = 0; $i < $g['n_pppoe_units']; $i++) {
+				$mpdconf .= "	load pt{$i}\n";
+			}
+
+			for ($i = 0; $i < $g['n_pppoe_units']; $i++) {
+
+				$clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i);
+				$ngif = "ng" . ($i+1);
+
+				$mpdconf .= <<<EOD
+
+pppoe0:
+	new -i {$ngif} pppoe{i} pppoe{i}
+	set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32
+	load pppoe_standart
+
+EOD;
+			}
+
+			$mpdconf .= <<<EOD
+
+pppoe_standart:
+	#set link type pppoe
+	#set pppoe iface lnc0
+	set pppoe service "*"
+	set pppoe disable originate
+	set pppoe enable incoming
+	set bundle no multilink
+	set bundle enable compression
+	set bundle accept encryption
+	set bundle max-logins 1
+	set iface idle 0
+	set iface disable on-demand
+	set iface disable proxy-arp
+	set iface enable tcpmssfix
+	set iface mtu 1500
+	set link mtu 1500
+	set link no pap chap
+	set link enable chap
+	set link keep-alive 60 180
+	set ipcp yes vjcomp
+	set ipcp no vjcomp
+	set link max-redial -1
+	set link mtu 1452
+	set ccp yes mpp-e40
+	set ccp yes mpp-e128
+	set ccp yes mpp-stateless
+	set ipcp dns 10.10.1.3
+	set link latency 1
+
+EOD;
+
+			if (isset($config['dnsmasq']['enable'])) {
+				$mpdconf .= "	set ipcp dns " . $config['interfaces']['lan']['ipaddr'];
+				if ($syscfg['dnsserver'][0])
+					$mpdconf .= " " . $syscfg['dnsserver'][0];
+				$mpdconf .= "\n";
+			} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
+				$mpdconf .= "	set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
+			}
+
+			if (isset($pppoecfg['radius']['enable'])) {
+				$mpdconf .= <<<EOD
+	set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}"
+	set radius retries 3
+	set radius timeout 10
+	set bundle enable radius-auth
+	set bundle disable radius-fallback
+
+EOD;
+
+				if (isset($pppoecfg['radius']['accounting'])) {
+					$mpdconf .= <<<EOD
+	set bundle enable radius-acct
+
+EOD;
+				}
+			}
+
+			fwrite($fd, $mpdconf);
+			fclose($fd);
+
+			/* write mpd.links */
+			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "a");
+			if (!$fd) {
+				printf("Error: cannot open mpd.links in vpn_pppoe_configure().\n");
+				return 1;
+			}
+
+			$mpdlinks = "";
+
+			for ($i = 0; $i < $g['n_pppoe_units']; $i++) {
+				$mpdlinks .= <<<EOD
+
+pppoe:
+	set link type pppoe
+	#set pppoe iface lnc0
+
+EOD;
+			}
+
+			fwrite($fd, $mpdlinks);
+			fclose($fd);
+
+			/* write mpd.secret */
+			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "a");
+			if (!$fd) {
+				printf("Error: cannot open mpd.secret in vpn_pppoe_configure().\n");
+				return 1;
+			}
+
+			$mpdsecret = "\n\n";
+
+			if (is_array($pppoecfg['user'])) {
+				foreach ($pppoecfg['user'] as $user)
+					$mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
+			}
+
+			fwrite($fd, $mpdsecret);
+			fclose($fd);
+			chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600);
+
+			/* fire up mpd */
+			mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pppoe");
+
+			break;
+
+		case 'redir':
+			break;
+	}
+
+	touch("{$g["tmp_path"]}/filter_dirty");
+
+	if ($g['booting'])
+		echo "done\n";
+
+	return 0;
+}
+
 ?>
 \ No newline at end of file
diff --git a/etc/version b/etc/version
index b0d230e..eecd809 100644
--- a/etc/version
+++ b/etc/version
@@ -1 +1 @@
-0.71.12
-\ No newline at end of file
+0.72
+\ No newline at end of file
diff --git a/usr/local/www/vpn_pppoe_users.php b/usr/local/www/vpn_pppoe_users.php
new file mode 100755
index 0000000..7fb7f92
--- /dev/null
+++ b/usr/local/www/vpn_pppoe_users.php
@@ -0,0 +1,132 @@
+#!/usr/local/bin/php
+<?php
+/*
+	vpn_pppoe_users.php
+	part of pfSense
+	
+	Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['pppoe']['user'])) {
+	$config['pppoe']['user'] = array();
+}
+pppoe_users_sort();
+$a_secret = &$config['pppoe']['user'];
+
+if ($_POST) {
+
+	$pconfig = $_POST;
+
+	if ($_POST['apply']) {
+		$retval = 0;
+		if (!file_exists($d_sysrebootreqd_path)) {
+			config_lock();
+			$retval = vpn_pppoe_configure();
+			config_unlock();
+		}
+		$savemsg = get_std_save_message($retval);
+		if ($retval == 0) {
+			if (file_exists($d_pppoeuserdirty_path))
+				unlink($d_pppoeuserdirty_path);
+		}
+	}
+}
+
+if ($_GET['act'] == "del") {
+	if ($a_secret[$_GET['id']]) {
+		unset($a_secret[$_GET['id']]);
+		write_config();
+		touch($d_pppoeuserdirty_path);
+		header("Location: vpn_pppoe_users.php");
+		exit;
+	}
+}
+
+$pgtitle = "VPN: PPTP: Users";
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<form action="vpn_pppoe_users.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (isset($config['pppoe']['radius']['enable']))
+	print_info_box("Warning: RADIUS is enabled. The local user database will not be used."); ?>
+<?php if (file_exists($d_pppoeuserdirty_path)): ?><p>
+<?php print_info_box_np("The PPTP user list has been modified.<br>You must apply the changes in order for them to take effect.<br><b>Warning: this will terminate all current PPTP sessions!</b>");?><br>
+<?php endif; ?>
+<div id="mainarea">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+  <tr><td class="tabnavtbl">
+<?php
+	$tab_array = array();
+	$tab_array[0] = array("Configuration", false, "vpn_pppoe.php");
+	$tab_array[1] = array("Users", true, "vpn_pppoe_users.php");
+	display_top_tabs($tab_array);
+?>    </td></tr>
+  <tr> 
+    <td colspan="3" class="tabcont">
+              <table width="80%" border="0" cellpadding="0" cellspacing="0">
+                <tr> 
+                  <td class="listhdrr">Username</td>
+                  <td class="listhdr">IP address</td>
+                  <td class="list"></td>
+				</tr>
+			  <?php $i = 0; foreach ($a_secret as $secretent): ?>
+                <tr> 
+                  <td class="listlr">
+                    <?=htmlspecialchars($secretent['name']);?>
+                  </td>
+                  <td class="listr">
+                    <?=htmlspecialchars($secretent['ip']);?>&nbsp;
+                  </td>
+                  <td class="list" nowrap> <a href="vpn_pppoe_users_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit user" width="17" height="17" border="0"></a>
+                     &nbsp;<a href="vpn_pppoe_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete user" width="17" height="17" border="0"></a></td>
+				</tr>
+			  <?php $i++; endforeach; ?>
+                <tr> 
+                  <td class="list" colspan="2"></td>
+                  <td class="list"> <a href="vpn_pppoe_users_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add user" width="17" height="17" border="0"></a></td>
+				</tr>
+              </table>
+			</td>
+	</tr>
+</table>
+</div>
+</form>
+<?php include("fend.inc"); ?>
+<script type="text/javascript">
+NiftyCheck();
+Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth");
+</script>
+
+</body>
+</html>
+
+
diff --git a/usr/local/www/vpn_pppoe_users_edit.php b/usr/local/www/vpn_pppoe_users_edit.php
new file mode 100755
index 0000000..aa8fc02
--- /dev/null
+++ b/usr/local/www/vpn_pppoe_users_edit.php
@@ -0,0 +1,160 @@
+#!/usr/local/bin/php
+<?php
+/*
+	vpn_pppoe_users_edit.php
+	part of pfSense
+	
+	Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['pppoe']['user'])) {
+	$config['pppoe']['user'] = array();
+}
+pppoe_users_sort();
+$a_secret = &$config['pppoe']['user'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
+
+if (isset($id) && $a_secret[$id]) {
+	$pconfig['username'] = $a_secret[$id]['name'];
+	$pconfig['ip'] = $a_secret[$id]['ip'];
+}
+
+if ($_POST) {
+	
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	if (isset($id) && ($a_secret[$id])) {
+		$reqdfields = explode(" ", "username");
+		$reqdfieldsn = explode(",", "Username");
+	} else {
+		$reqdfields = explode(" ", "username password");
+		$reqdfieldsn = explode(",", "Username,Password");
+	}
+	
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+	
+	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username']))
+		$input_errors[] = "The username contains invalid characters.";
+		
+	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password']))
+		$input_errors[] = "The password contains invalid characters.";
+	
+	if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) {
+		$input_errors[] = "The passwords do not match.";
+	}
+	if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) {
+		$input_errors[] = "The IP address entered is not valid.";
+	}
+	
+	if (!$input_errors && !(isset($id) && $a_secret[$id])) {
+		/* make sure there are no dupes */
+		foreach ($a_secret as $secretent) {
+			if ($secretent['name'] == $_POST['username']) {
+				$input_errors[] = "Another entry with the same username already exists.";
+				break;
+			}
+		}
+	}
+
+	if (!$input_errors) {
+	
+		if (isset($id) && $a_secret[$id])
+			$secretent = $a_secret[$id];
+	
+		$secretent['name'] = $_POST['username'];
+		$secretent['ip'] = $_POST['ip'];
+		
+		if ($_POST['password'])
+			$secretent['password'] = $_POST['password'];
+		
+		if (isset($id) && $a_secret[$id])
+			$a_secret[$id] = $secretent;
+		else
+			$a_secret[] = $secretent;
+		
+		write_config();
+		touch($d_pppoeuserdirty_path);
+		
+		header("Location: vpn_pppoe_users.php");
+		exit;
+	}
+}
+
+$pgtitle = "VPN: PPTP: User: Edit";
+include("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+            <form action="vpn_pppoe_users_edit.php" method="post" name="iform" id="iform">
+              <?display_topbar()?>
+              <div id="mainarea">
+	      <table width="100%" border="0" cellpadding="6" cellspacing="0">
+                <tr> 
+                  <td width="22%" valign="top" class="vncellreq">Username</td>
+                  <td width="78%" class="vtable">
+					<?=$mandfldhtml;?><input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>"> 
+                  </td>
+                <tr> 
+                  <td width="22%" valign="top" class="vncellreq">Password</td>
+                  <td width="78%" class="vtable"> 
+                    <?=$mandfldhtml;?><input name="password" type="password" class="formfld" id="password" size="20"> 
+                    <br><?=$mandfldhtml;?><input name="password2" type="password" class="formfld" id="password2" size="20"> 
+                    &nbsp;(confirmation)<?php if (isset($id) && $a_secret[$id]): ?><br>
+                    <span class="vexpl">If you want to change the users' password, 
+                    enter it here twice.</span><?php endif; ?></td>
+                </tr>
+                <tr> 
+                  <td width="22%" valign="top" class="vncell">IP address</td>
+                  <td width="78%" class="vtable"> 
+                    <input name="ip" type="text" class="formfld" id="ip" size="20" value="<?=htmlspecialchars($pconfig['ip']);?>"> 
+                    <br><span class="vexpl">If you want the user to be assigned a specific IP address, enter it here.</span></td>
+                </tr>
+                <tr> 
+                  <td class="vncell" width="22%" valign="top">&nbsp;</td>
+                  <td class="vncell" width="78%"> 
+                    <input name="Submit" type="submit" class="formbtn" value="Save"> 
+                    <?php if (isset($id) && $a_secret[$id]): ?>
+                    <input name="id" type="hidden" value="<?=$id;?>">
+                    <?php endif; ?>
+                  </td>
+                </tr>
+              </table>
+	      </div>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
+
+