diff options
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 185 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 4 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 44 | ||||
| -rw-r--r-- | etc/inc/rrd.inc | 3 | ||||
| -rw-r--r-- | etc/inc/services.inc | 2 | ||||
| -rw-r--r-- | etc/inc/system.inc | 20 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 56 | ||||
| -rw-r--r-- | etc/inc/voucher.inc | 13 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 6 |
9 files changed, 273 insertions, 60 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9c78017..37f195c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1,9 +1,12 @@ <?php /* captiveportal.inc - part of m0n0wall (http://m0n0.ch/wall) + part of pfSense (http://www.pfSense.org) - Copyright (C) 2009 Ermal Luçi + originally part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2009 Ermal Luçi <ermal.luci@gmail.com> Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -91,30 +94,77 @@ function captiveportal_configure() { else { /* example/template page */ $htmltext = <<<EOD -<html> -<head> -<title>{$g['product_name']} captive portal</title> -</head> -<body> -<center> -<h2>{$g['product_name']} captive portal</h2> -Welcome to the {$g['product_name']} Captive Portal! -<p> -<form method="post" action="\$PORTAL_ACTION\$"> -<input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> -<table> - <tr><td>Username:</td><td><input name="auth_user" type="text"></td></tr> - <tr><td>Password:</td><td><input name="auth_pass" type="password"></td></tr> - <tr><td> </td></tr> - <tr> - <td colspan="2"> - <center><input name="accept" type="submit" value="Continue"></center> - </td> - </tr> -</table> -</center> -</form> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> @@ -142,18 +192,77 @@ EOD; else { /* example page */ $errtext = <<<EOD -<html> -<head> -<title>Authentication error</title> -</head> -<body> -<font color="#cc0000"><h2>Authentication error</h2></font> -<b> -Username and/or password invalid. -<br><br> -<a href="javascript:history.back(); ">Go back</a> -</b> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> EOD; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index aa3fff5..ec11bf0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -160,7 +160,7 @@ function filter_delete_states_for_down_gateways() { if (!is_ipaddr($gwip)) $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gateway['srcip']} "; + $cmd = "/sbin/pfctl -b {$gwstatus['srcip']} "; if (is_ipaddr($gwip)) $cmd .= "-b {$gwip}"; mwexec($cmd); @@ -1457,7 +1457,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 44bad2b..18dc18f 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1059,7 +1059,7 @@ function interface_ppps_configure($interface) { if($g['booting']) { $descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface); - echo " configuring {$upper_type} on {$descr} interface...\n"; + echo "starting {$pppif} link..."; // Do not re-configure the interface if we are booting and it's already been started if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) return 0; @@ -1689,7 +1689,7 @@ function interface_carp_configure(&$vip) { /* Ensure CARP IP really exists prior to loading up. */ $ww_subnet_ip = find_interface_ip($realif); $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits)) { + if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IP address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } @@ -2489,6 +2489,10 @@ function interface_configure($interface = "wan", $reloadall = false) { link_interface_to_vips($interface, "update"); + $grouptmp = link_interface_to_group($interface); + if (!empty($grouptmp)) + interface_group_add_member($realif, $grouptmp); + if ($interface == "lan") /* make new hosts file */ system_hosts_generate(); @@ -2627,6 +2631,10 @@ function interface_group_setup(&$groupname /* The parameter is an array */) { return; } + +function interface_group_add_member($interface, $groupname) { + mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); +} /* COMPAT Function */ function convert_friendly_interface_to_real_interface_name($interface) { @@ -2667,7 +2675,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if ($config['interfaces'][$if]['if'] == $interface) return $if; - if (get_real_interface($if) == $interface) + if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; $int = interface_translate_type_to_real($if); @@ -3026,6 +3034,17 @@ function link_interface_to_bridge($int) { } } +function link_interface_to_group($int) { + global $config; + + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $group) { + if (in_array($int, explode(" ", $groupname['members']))) + return "{$group['ifname']}"; + } + } +} + function link_interface_to_gre($interface) { global $config; @@ -3081,6 +3100,25 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } +function ip_in_interface_alias_subnet($interface, $ipalias) { + global $config; + + if (empty($interface) || !is_ipaddr($ipalias)) + return 0; + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "ipalias": + if ($vip['interface'] <> $interface) + continue; + if (ip_in_subnet($ipalias, gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'])) + return 1; + break; + } + } + } +} + function get_interface_ip($interface = "wan") { $realif = get_real_interface($interface); diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index da7f7e4..574c6a6 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -371,6 +371,7 @@ function enable_rrd_graphing() { foreach($config['openvpn']['openvpn-server'] as $server) { if("ovpns{$server['vpnid']}" == $ifname) { $port = $server['local_port']; + $vpnid = $server['vpnid']; } } } @@ -383,7 +384,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; - $rrdupdatesh .= "`list_current_users | nc localhost {$port} | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; + $rrdupdatesh .= "`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; } /* QUEUES, set up the queues databases */ diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4b98634..682472a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -356,6 +356,8 @@ EOD; $dhhostname = str_replace(".", "_", $dhhostname); $dhcpdconf .= " option host-name {$dhhostname};\n"; } + if ($sm['netbootfile']) + $dhcpdconf .= " filename \"{$sm['netbootfile']}\";\n"; $dhcpdconf .= "}\n"; $i++; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index aae2e07..bcc0e0e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -233,20 +233,20 @@ function system_hosts_generate() { } function system_dhcpleases_configure() { - global $configure, $g; - + global $config, $g; + /* Start the monitoring process for dynamic dhcpclients. */ if (isset($config['dnsmasq']['regdhcp'])) { /* Make sure we do not error out */ @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); - if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); - else - mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$syscfg['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); - } else { - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); - @unlink("{$g['varrun_path']}/dhcpleases.pid"); - } + if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); + else + mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); + } else { + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); + @unlink("{$g['varrun_path']}/dhcpleases.pid"); + } } function system_hostname_configure() { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index f782b45..cd7d75a 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1415,6 +1415,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $server['vpnid'] = $vpnid++; + if (!empty($server['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $server['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $server['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $server['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}"; + break; + } + } + } + } + $config['openvpn']['openvpn-server'][] = $server; } unset($config['installedpackages']['openvpnserver']); @@ -1489,6 +1517,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $client['vpnid'] = $vpnid++; + if (!empty($client['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $client['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $client['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $client['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}"; + break; + } + } + } + } + if (!empty($client['disable'])) $client['disable'] = true; else diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 29e35c8..6ea0732 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -145,9 +145,16 @@ function voucher_auth($voucher_received, $test = 0) { // All given vouchers were valid and this isn't simply a test. // Write back the used DB's - if (is_array($bitstring)) - foreach ($bitstring as $roll => $used) - voucher_write_used_db($roll, base64_encode($used)); + if (is_array($bitstring)) { + foreach ($bitstring as $roll => $used) { + if(is_array($used)) { + foreach($used as $u) + voucher_write_used_db($roll, base64_encode($u)); + } else { + voucher_write_used_db($roll, base64_encode($used)); + } + } + } // Active DB: we only add the first voucher if multiple given // and give that one all the time credit. This allows the user to logout and diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 922cd5f..ab8d474 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1213,7 +1213,7 @@ EOD; $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); - if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['server']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; } else { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; @@ -1273,9 +1273,9 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - if (isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['server']['enable'])) { $mpdconf .=<<<EOD - set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" set radius retries 3 set radius timeout 10 set auth enable radius-auth |
