summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
Diffstat (limited to 'usr')
-rw-r--r--usr/local/pkg/miniupnpd.inc175
-rw-r--r--usr/local/pkg/miniupnpd.xml36
2 files changed, 156 insertions, 55 deletions
diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc
index 2126127..631b646 100644
--- a/usr/local/pkg/miniupnpd.inc
+++ b/usr/local/pkg/miniupnpd.inc
@@ -5,6 +5,7 @@
/* MiniUPnPd */
define('UPNP_RCFILE', '/usr/local/etc/rc.d/miniupnpd.sh');
+ define('UPNP_CONFIG','/usr/local/etc/miniupnpd.conf');
function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); return; }
function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); return; }
@@ -14,6 +15,13 @@
mwexec(UPNP_RCFILE.' '.$action);
}
+ function upnp_running () {
+ if((int)exec("pgrep miniupnpd | wc -l") > 0)
+ return true;
+ else
+ return false;
+ }
+
function upnp_config ($name) {
global $config;
if($config['installedpackages']['miniupnpd']['config'][0]["{$name}"])
@@ -22,13 +30,43 @@
return NULL;
}
- function upnp_validate_ip($ip) {
- if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip))
- return FALSE;
- foreach(explode(".", $ip) as $sub)
- if($sub<0 || $sub>256)
- return FALSE;
- return TRUE;
+ function upnp_write_config($conf_file, $conf_text) {
+ $conf = fopen($conf_file, "w");
+ if(!$conf) {
+ upnp_warn("Could not open {$conf_file} for writing.");
+ exit;
+ }
+ fwrite($conf, $conf_text);
+ fclose($conf);
+ }
+
+ function upnp_validate_ip($ip,$check_cdir) {
+ /* validate cdir */
+ if($check_cdir) {
+ $ip_array = explode("/",$ip);
+ if(count($ip_array) == 2) {
+ if($ip_array[1] < 1 || $ip_array[1] > 32)
+ return false;
+ } else
+ if(count($ip_array) != 1)
+ return false;
+ } else
+ $ip_array[] = $ip;
+
+ /* validate ip */
+ if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip_array[0]))
+ return false;
+ foreach(explode(".", $ip_array[0]) as $sub)
+ if($sub < 0 || $sub > 256)
+ return false;
+ return true;
+ }
+
+ function upnp_validate_port($port) {
+ foreach(explode("-", $port) as $sub)
+ if($sub < 0 || $sub > 65535)
+ return false;
+ return true;
}
function before_form_miniupnpd($pkg) {
@@ -54,27 +92,50 @@
foreach($post['iface_array'] as $iface)
if($iface == "wan")
$input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field';
- if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip']))
+ if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false))
$input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field';
if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download']))
$input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields';
- if($post['download'] && $post['download']<=0)
+ if($post['download'] && $post['download'] <= 0)
$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field';
- if($post['upload'] && $post['upload']<=0)
+ if($post['upload'] && $post['upload'] <= 0)
$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field';
+
+ /* user permissions validation */
+ for($i=1; $i<=4; $i++) {
+ if($post["permuser{$i}"]) {
+ $perm = explode(' ',$post["permuser{$i}"]);
+ /* should explode to 4 args */
+ if(count($perm) != 4) {
+ $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field";
+ } else {
+ /* must with allow or deny */
+ if(!($perm[0] == 'allow' || $perm[0] == 'deny'))
+ $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field";
+ /* verify port or port range */
+ if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3]))
+ $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified
+ permissions {$i}' field";
+ /* verify ip address */
+ if(!upnp_validate_ip($perm[2],true))
+ $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field";
+ }
+ }
+ }
}
function sync_package_miniupnpd() {
global $config;
global $input_errors;
- $ifaces_final = "";
- $wanif = get_real_wan_interface();
- config_lock();
+ config_lock();
+
+ $configtext = "ext_ifname=".get_real_wan_interface()."\n";
+ $configtext .= "port=2189\n";
/* since config is written before this file invoked we don't need to read post data */
- if(upnp_config("enable") && upnp_config("iface_array"))
- $iface_array = explode(",",upnp_config("iface_array"));
+ if(upnp_config('enable') && upnp_config('iface_array'))
+ $iface_array = explode(',',upnp_config('iface_array'));
if($iface_array) {
foreach($iface_array as $iface) {
@@ -85,7 +146,7 @@
/* non enabled interfaces are displayed in list on miniupnpd settings page */
/* check that the interface has an ip address before adding parameters */
if($addr) {
- $ifaces_final .= " -a {$addr}";
+ $configtext .= "listening_ip={$addr}\n";
if(!$ifaces_active)
$ifaces_active = $iface;
else
@@ -98,22 +159,44 @@
}
}
- if($ifaces_final) {
- $overridewanip = upnp_config("overridewanip");
- $logpackets = upnp_config("logpackets");
- $sysuptime = upnp_config("sysuptime");
+ if($ifaces_active) {
+ /* override wan ip address, common for carp, etc */
+ if(upnp_config('overridewanip'))
+ $configtext .= "ext_ip=".upnp_config('overridewanip')."\n";
/* if shaper connection speed defined use those values */
if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) {
$download = $config['ezshaper']['step2']['download']*1000;
$upload = $config['ezshaper']['step2']['upload']*1000;
} else {
- $download = upnp_config("download")*1000;
- $upload = upnp_config("upload")*1000;
+ $download = upnp_config('download')*1000;
+ $upload = upnp_config('upload')*1000;
+ }
+
+ /* set upload and download bitrates */
+ if($download && $upload) {
+ $configtext .= "bitrate_down={$download}\n";
+ $configtext .= "bitrate_up={$upload}\n";
+ }
+
+ /* enable logging of packets handled by miniupnpd rules */
+ if(upnp_config('logpackets'))
+ $configtext .= "packet_log=yes\n";
+
+ /* enable system uptime instead of miniupnpd uptime */
+ if(upnp_config('sysuptime'))
+ $configtext .= "system_uptime=yes\n";
+
+ /* upnp access restrictions */
+ for($i=1; $i<=4; $i++) {
+ if(upnp_config("permuser{$i}"))
+ $configtext .= upnp_config("permuser{$i}")."\n";
}
- /* valid paramters lets create rc file and start miniupnpd */
+ if(upnp_config('permdefault'))
+ $configtext .= "deny 0-65535 0.0.0.0/0 0-65535\n";
+ /* generate rc file start and stop */
$stop = <<<EOD
if [ `pgrep miniupnpd | wc -l` != 0 ]; then
/usr/bin/killall miniupnpd
@@ -129,63 +212,47 @@ if [ `pgrep miniupnpd | wc -l` != 0 ]; then
/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null
fi
EOD;
+ $start = $stop."\n\t/usr/local/sbin/miniupnpd -f ".UPNP_CONFIG;
- $start = $stop."\n\t/usr/local/sbin/miniupnpd -p 2869 -i {$wanif}{$ifaces_final}";
-
- /* define maximum downstream and upstream bitrates */
- if($download && $upload)
- $start .= " -B {$download} {$upload}";
-
- /* override wan ip address, common for carp, etc */
- if($overridewanip)
- $start .= " -o {$overridewanip}";
-
- /* enable logging of packets handled by miniupnpd rules */
- if($logpackets)
- $start .= " -L";
-
- /* enable system uptime instead of miniupnpd uptime */
- if($sysuptime)
- $start .= " -U";
-
+ /* write out the configuration */
conf_mount_rw();
-
+ upnp_write_config(UPNP_CONFIG,$configtext);
write_rcfile(array(
- "file" => "miniupnpd.sh",
- "start" => $start,
- "stop" => $stop
+ 'file' => 'miniupnpd.sh',
+ 'start' => $start,
+ 'stop' => $stop
)
);
-
conf_mount_ro();
/* if miniupnpd not running start it */
- if((int)exec("pgrep miniupnpd | wc -l") != 1) {
+ if(!upnpd_running) {
upnp_notice("Starting service on interface: {$ifaces_active}");
- upnp_action("start");
+ upnp_action('start');
}
/* or restart miniupnpd if settings were changed */
elseif($_POST['iface_array']) {
upnp_notice("Restarting service on interface: {$ifaces_active}");
- upnp_action("restart");
+ upnp_action('restart');
}
}
}
- if(!$iface_array || !$ifaces_final) {
+ if(!$iface_array || !$ifaces_active) {
/* no parameters user does not want miniupnpd running */
/* lets stop the service and remove the rc file */
if(file_exists(UPNP_RCFILE)) {
- if(!upnp_config("enable"))
- upnp_notice("Stopping service, miniupnpd disabled");
+ if(!upnp_config('enable'))
+ upnp_notice('Stopping service: miniupnpd disabled');
else
- upnp_notice("Stopping service, no interfaces selected");
+ upnp_notice('Stopping service: no interfaces selected');
- upnp_action("stop");
+ upnp_action('stop');
conf_mount_rw();
unlink(UPNP_RCFILE);
+ unlink(UPNP_CONFIG);
conf_mount_ro();
}
}
diff --git a/usr/local/pkg/miniupnpd.xml b/usr/local/pkg/miniupnpd.xml
index b67d789..c743e86 100644
--- a/usr/local/pkg/miniupnpd.xml
+++ b/usr/local/pkg/miniupnpd.xml
@@ -2,7 +2,7 @@
<packagegui>
<title>Services: MiniUPnPd</title>
<name>miniupnpd</name>
- <version>20070112</version>
+ <version>20070130</version>
<savetext>Change</savetext>
<include_file>/usr/local/pkg/miniupnpd.inc</include_file>
<aftersaveredirect>status_upnp.php</aftersaveredirect>
@@ -83,6 +83,40 @@
<fieldname>sysuptime</fieldname>
<type>checkbox</type>
</field>
+ <field>
+ <fielddescr>By default deny access to miniupnpd?</fielddescr>
+ <fieldname>permdefault</fieldname>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 1</fielddescr>
+ <fieldname>permuser1</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]
+ &lt;br /&gt;Example: allow 1024-65535 192.168.0.0/24 1024-65535</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 2</fielddescr>
+ <fieldname>permuser2</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 3</fielddescr>
+ <fieldname>permuser3</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 4</fielddescr>
+ <fieldname>permuser4</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
</fields>
<custom_php_command_before_form>
before_form_miniupnpd(&amp;$pkg);
OpenPOWER on IntegriCloud