diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 173 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 12 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 62 | ||||
-rw-r--r-- | etc/inc/xmlparse.inc | 2 | ||||
-rw-r--r-- | etc/inc/xmlreader.inc | 2 | ||||
-rwxr-xr-x | etc/rc.linkup | 5 | ||||
-rwxr-xr-x | etc/rc.php_ini_setup | 7 |
7 files changed, 205 insertions, 58 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 37f195c..c403252 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -50,54 +50,85 @@ require_once("filter.inc"); require_once("radius.inc"); require_once("voucher.inc"); -function captiveportal_configure() { +function get_default_captive_portal_html() { global $config, $g; + // Detect if vouchers are being used and default to the voucher page + if($config['voucher']) { + $htmltext = <<<EOD +<html> + <body> + <form method="post" action="\$PORTAL_ACTION\$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + Guest Voucher code required to continue + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + \$PORTAL_MESSAGE\$ + </b> + </font> + </div> + <p/> + <div id='loginbox'> + Enter Voucher Code: + <input name="auth_voucher" type="text" style="border:1px dashed;" size="22"> + <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> + <input name="accept" type="submit" value="Continue"> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> +</html> - $captiveportallck = lock('captiveportal'); - - if (isset($config['captiveportal']['enable'])) { - - if ($g['booting']) - echo gettext("Starting captive portal... "); - - /* kill any running mini_httpd */ - killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/lighty-CaptivePortal-SSL.pid"); - - /* remove old information */ - unlink_if_exists("{$g['vardb_path']}/captiveportal.db"); - unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); - unlink_if_exists("{$g['vardb_path']}/captiveportal_ip.db"); - unlink_if_exists("{$g['vardb_path']}/captiveportal_radius.db"); - - /* setup new database in case someone tries to access the status -> captive portal page */ - touch("{$g['vardb_path']}/captiveportal.db"); - - /* kill any running minicron */ - killbypid("{$g['varrun_path']}/minicron.pid"); - - /* init ipfw rules */ - captiveportal_init_rules(true); - - /* stop accounting on all clients */ - captiveportal_radius_stop_all(true); - - /* initialize minicron interval value */ - $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; - - /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } +EOD; + return $htmltext; + } - /* write portal page */ - if ($config['captiveportal']['page']['htmltext']) - $htmltext = base64_decode($config['captiveportal']['page']['htmltext']); - else { - /* example/template page */ - $htmltext = <<<EOD + // Vouchers are not found, return the normal user/pass auth page + $htmltext = <<<EOD <html> <body> - <form method="post" action="$PORTAL_ACTION$"> - <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <form method="post" action="\$PORTAL_ACTION\$"> + <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <center> <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> <tr height="10" bgcolor="#990000"> @@ -127,7 +158,7 @@ function captiveportal_configure() { <div id='statusbox'> <font color='red' face='arial' size='+1'> <b> - $PORTAL_MESSAGE$ + \$PORTAL_MESSAGE\$ </b> </font> </div> @@ -167,9 +198,55 @@ function captiveportal_configure() { </body> </html> +EOD; + + return $htmltext; +} +function captiveportal_configure() { + global $config, $g; -EOD; + $captiveportallck = lock('captiveportal'); + + if (isset($config['captiveportal']['enable'])) { + + if ($g['booting']) + echo "Starting captive portal... "; + + /* kill any running mini_httpd */ + killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); + killbypid("{$g['varrun_path']}/lighty-CaptivePortal-SSL.pid"); + + /* remove old information */ + unlink_if_exists("{$g['vardb_path']}/captiveportal.db"); + unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); + unlink_if_exists("{$g['vardb_path']}/captiveportal_ip.db"); + unlink_if_exists("{$g['vardb_path']}/captiveportal_radius.db"); + + /* setup new database in case someone tries to access the status -> captive portal page */ + touch("{$g['vardb_path']}/captiveportal.db"); + + /* kill any running minicron */ + killbypid("{$g['varrun_path']}/minicron.pid"); + + /* init ipfw rules */ + captiveportal_init_rules(true); + + /* stop accounting on all clients */ + captiveportal_radius_stop_all(true); + + /* initialize minicron interval value */ + $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; + + /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ + if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } + + /* write portal page */ + if ($config['captiveportal']['page']['htmltext']) + $htmltext = base64_decode($config['captiveportal']['page']['htmltext']); + else { + /* example/template page */ + $htmltext = get_default_captive_portal_html(); } $fd = @fopen("{$g['varetc_path']}/captiveportal.html", "w"); @@ -194,8 +271,8 @@ EOD; $errtext = <<<EOD <html> <body> - <form method="post" action="$PORTAL_ACTION$"> - <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <form method="post" action="\$PORTAL_ACTION\$"> + <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <center> <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> <tr height="10" bgcolor="#990000"> @@ -225,7 +302,7 @@ EOD; <div id='statusbox'> <font color='red' face='arial' size='+1'> <b> - $PORTAL_MESSAGE$ + \$PORTAL_MESSAGE\$ </b> </font> </div> diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 18dc18f..11e8321 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2313,7 +2313,7 @@ function find_dhclient_process($interface) { return $pid; } -function interface_configure($interface = "wan", $reloadall = false) { +function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { global $config, $g; global $interface_sn_arr_cache, $interface_ip_arr_cache; @@ -2482,10 +2482,12 @@ function interface_configure($interface = "wan", $reloadall = false) { if (!empty($gif)) interface_gif_configure($gif); - unset($bridgetmp); - $bridgetmp = link_interface_to_bridge($interface); - if (!empty($bridgetmp)) - interface_bridge_add_member($bridgetmp, $realif); + if ($linkupevent == false) { + unset($bridgetmp); + $bridgetmp = link_interface_to_bridge($interface); + if (!empty($bridgetmp)) + interface_bridge_add_member($bridgetmp, $realif); + } link_interface_to_vips($interface, "update"); diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 6ea0732..978b1d2 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -136,12 +136,24 @@ function voucher_auth($voucher_received, $test = 0) { // the user wouldn't know that he used at least one invalid voucher. if ($error) { - unlock($voucherlck); + unlock($voucherlck); if ($total_minutes > 0) // probably not needed, but want to make sure $total_minutes = 0; // we only report -1 (expired) or 0 (no access) return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS } + // XMLRPC Call over to the master Voucher node + $a_voucher = &$config['voucher']; + if($a_voucher['vouchersyncdbip']) { + $syncip = $a_voucher['vouchersyncdbip']; + $syncport = $a_voucher['vouchersyncport']; + $syncpass = $a_voucher['vouchersyncpass']; + $syncpass = $a_voucher['vouchersyncusername']; + $remote_time_used = sync_used_voucher($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername); + if($remote_time_used['timeleft'] < 1) + $total_minutes = $remote_time_used['timeleft']; + } + // All given vouchers were valid and this isn't simply a test. // Write back the used DB's @@ -179,6 +191,54 @@ function voucher_auth($voucher_received, $test = 0) { return $total_minutes; } +function sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { + require_once("xmlrpc.inc"); + if($port == "443") + $url = "https://{$syncip}:{$port}"; + else + $url = "http://{$syncip}:{$port}"; + + /* Construct code that is run on remote machine */ + $method = 'pfsense.exec_php'; + $execcmd = <<<EOF + require_once('/etc/inc/voucher.inc'); + \$timeleft = voucher_auth($voucher_received); + \$toreturn = array(); + \$toreturn['timeleft'] = \$timeleft; + +EOF; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("voucher XMLRPC sync data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials('admin', $password); + $resp = $cli->send($msg, "250"); + if(!$resp) { + $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); + return array("timeleft" => "0"); + } elseif($resp->faultCode()) { + $cli->setDebug(1); + $resp = $cli->send($msg, "250"); + $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("CaptivePortalVoucherSync", $error, "Error code received", ""); + return array("timeleft" => "0"); + } else { + log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + $timeleft = XML_RPC_Decode($resp->value()); + //print_r($timeleft); + return $timeleft; +} + function voucher_configure() { global $config, $g; diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index cb01253..aa4d7e4 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -36,7 +36,7 @@ function listtags() { * I know it's a pain, but it's a pain to find stuff too if it's not */ $ret = explode(" ", - "alias aliasurl allowedip authserver bridged ca cacert cert clone config ". + "alias aliasurl allowedip authserver bridged ca cacert cert crl clone config ". "container columnitem build_port_path depends_on_package disk dnsserver dnsupdate ". "domainoverrides dyndns earlyshellcmd element encryption-algorithm-option ". "field fieldname hash-algorithm-option gateway_item gateway_group gif gre ". diff --git a/etc/inc/xmlreader.inc b/etc/inc/xmlreader.inc index a215bc9..e53c668 100644 --- a/etc/inc/xmlreader.inc +++ b/etc/inc/xmlreader.inc @@ -40,7 +40,7 @@ function listtags() { * I know it's a pain, but it's a pain to find stuff too if it's not */ $ret = explode(" ", - "alias aliasurl allowedip authserver bridged ca cacert cert clone config ". + "alias aliasurl allowedip authserver bridged ca cacert cert crl clone config ". "container columnitem depends_on_package disk dnsserver dnsupdate ". "domainoverrides dyndns earlyshellcmd element encryption-algorithm-option ". "field fieldname hash-algorithm-option gateway_item gateway_group gif gre ". diff --git a/etc/rc.linkup b/etc/rc.linkup index 682adb1..997228f 100755 --- a/etc/rc.linkup +++ b/etc/rc.linkup @@ -40,7 +40,7 @@ function handle_argument_group($iface, $argument2) { global $config; $ipaddr = $config['interfaces'][$iface]['ipaddr']; - if (is_ipaddr($ipaddr)) { + if (is_ipaddr($ipaddr) || empty($ipaddr)) { log_error("Hotplug event detected for {$iface} but ignoring since interface is configured with static IP ({$ipaddr})"); $iface = get_real_interface($iface); exec("/usr/sbin/arp -d -i {$iface} -a"); @@ -56,7 +56,8 @@ function handle_argument_group($iface, $argument2) { $riface = get_real_interface($iface); exec("/usr/sbin/arp -d -i {$riface} -a"); log_error("HOTPLUG: Configuring interface {$iface}"); - interface_configure($iface); + // Do not try to readd to bridge otherwise em(4) has problems + interface_configure($iface, false, true); break; case "up": log_error("DEVD Ethernet attached event for {$iface}"); diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index ee26d95..a54b1f4 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -25,6 +25,13 @@ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. +if [ -f /usr/local/etc/php.ini ]; then + rm /usr/local/etc/php.ini +fi +if [ -f /usr/local/lib/php.ini ]; then + rm /usr/local/lib/php.ini +fi + # Set our operating platform PLATFORM=`cat /etc/platform` EXTENSIONSDIR="/usr/local/lib/php/20060613/" |