diff options
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/pkg/miniupnpd.inc | 175 | ||||
-rw-r--r-- | usr/local/pkg/miniupnpd.xml | 36 |
2 files changed, 156 insertions, 55 deletions
diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 2126127..631b646 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -5,6 +5,7 @@ /* MiniUPnPd */ define('UPNP_RCFILE', '/usr/local/etc/rc.d/miniupnpd.sh'); + define('UPNP_CONFIG','/usr/local/etc/miniupnpd.conf'); function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); return; } function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); return; } @@ -14,6 +15,13 @@ mwexec(UPNP_RCFILE.' '.$action); } + function upnp_running () { + if((int)exec("pgrep miniupnpd | wc -l") > 0) + return true; + else + return false; + } + function upnp_config ($name) { global $config; if($config['installedpackages']['miniupnpd']['config'][0]["{$name}"]) @@ -22,13 +30,43 @@ return NULL; } - function upnp_validate_ip($ip) { - if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip)) - return FALSE; - foreach(explode(".", $ip) as $sub) - if($sub<0 || $sub>256) - return FALSE; - return TRUE; + function upnp_write_config($conf_file, $conf_text) { + $conf = fopen($conf_file, "w"); + if(!$conf) { + upnp_warn("Could not open {$conf_file} for writing."); + exit; + } + fwrite($conf, $conf_text); + fclose($conf); + } + + function upnp_validate_ip($ip,$check_cdir) { + /* validate cdir */ + if($check_cdir) { + $ip_array = explode("/",$ip); + if(count($ip_array) == 2) { + if($ip_array[1] < 1 || $ip_array[1] > 32) + return false; + } else + if(count($ip_array) != 1) + return false; + } else + $ip_array[] = $ip; + + /* validate ip */ + if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip_array[0])) + return false; + foreach(explode(".", $ip_array[0]) as $sub) + if($sub < 0 || $sub > 256) + return false; + return true; + } + + function upnp_validate_port($port) { + foreach(explode("-", $port) as $sub) + if($sub < 0 || $sub > 65535) + return false; + return true; } function before_form_miniupnpd($pkg) { @@ -54,27 +92,50 @@ foreach($post['iface_array'] as $iface) if($iface == "wan") $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; - if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'])) + if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false)) $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; - if($post['download'] && $post['download']<=0) + if($post['download'] && $post['download'] <= 0) $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; - if($post['upload'] && $post['upload']<=0) + if($post['upload'] && $post['upload'] <= 0) $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; + + /* user permissions validation */ + for($i=1; $i<=4; $i++) { + if($post["permuser{$i}"]) { + $perm = explode(' ',$post["permuser{$i}"]); + /* should explode to 4 args */ + if(count($perm) != 4) { + $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; + } else { + /* must with allow or deny */ + if(!($perm[0] == 'allow' || $perm[0] == 'deny')) + $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; + /* verify port or port range */ + if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) + $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified + permissions {$i}' field"; + /* verify ip address */ + if(!upnp_validate_ip($perm[2],true)) + $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; + } + } + } } function sync_package_miniupnpd() { global $config; global $input_errors; - $ifaces_final = ""; - $wanif = get_real_wan_interface(); - config_lock(); + config_lock(); + + $configtext = "ext_ifname=".get_real_wan_interface()."\n"; + $configtext .= "port=2189\n"; /* since config is written before this file invoked we don't need to read post data */ - if(upnp_config("enable") && upnp_config("iface_array")) - $iface_array = explode(",",upnp_config("iface_array")); + if(upnp_config('enable') && upnp_config('iface_array')) + $iface_array = explode(',',upnp_config('iface_array')); if($iface_array) { foreach($iface_array as $iface) { @@ -85,7 +146,7 @@ /* non enabled interfaces are displayed in list on miniupnpd settings page */ /* check that the interface has an ip address before adding parameters */ if($addr) { - $ifaces_final .= " -a {$addr}"; + $configtext .= "listening_ip={$addr}\n"; if(!$ifaces_active) $ifaces_active = $iface; else @@ -98,22 +159,44 @@ } } - if($ifaces_final) { - $overridewanip = upnp_config("overridewanip"); - $logpackets = upnp_config("logpackets"); - $sysuptime = upnp_config("sysuptime"); + if($ifaces_active) { + /* override wan ip address, common for carp, etc */ + if(upnp_config('overridewanip')) + $configtext .= "ext_ip=".upnp_config('overridewanip')."\n"; /* if shaper connection speed defined use those values */ if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { $download = $config['ezshaper']['step2']['download']*1000; $upload = $config['ezshaper']['step2']['upload']*1000; } else { - $download = upnp_config("download")*1000; - $upload = upnp_config("upload")*1000; + $download = upnp_config('download')*1000; + $upload = upnp_config('upload')*1000; + } + + /* set upload and download bitrates */ + if($download && $upload) { + $configtext .= "bitrate_down={$download}\n"; + $configtext .= "bitrate_up={$upload}\n"; + } + + /* enable logging of packets handled by miniupnpd rules */ + if(upnp_config('logpackets')) + $configtext .= "packet_log=yes\n"; + + /* enable system uptime instead of miniupnpd uptime */ + if(upnp_config('sysuptime')) + $configtext .= "system_uptime=yes\n"; + + /* upnp access restrictions */ + for($i=1; $i<=4; $i++) { + if(upnp_config("permuser{$i}")) + $configtext .= upnp_config("permuser{$i}")."\n"; } - /* valid paramters lets create rc file and start miniupnpd */ + if(upnp_config('permdefault')) + $configtext .= "deny 0-65535 0.0.0.0/0 0-65535\n"; + /* generate rc file start and stop */ $stop = <<<EOD if [ `pgrep miniupnpd | wc -l` != 0 ]; then /usr/bin/killall miniupnpd @@ -129,63 +212,47 @@ if [ `pgrep miniupnpd | wc -l` != 0 ]; then /sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null fi EOD; + $start = $stop."\n\t/usr/local/sbin/miniupnpd -f ".UPNP_CONFIG; - $start = $stop."\n\t/usr/local/sbin/miniupnpd -p 2869 -i {$wanif}{$ifaces_final}"; - - /* define maximum downstream and upstream bitrates */ - if($download && $upload) - $start .= " -B {$download} {$upload}"; - - /* override wan ip address, common for carp, etc */ - if($overridewanip) - $start .= " -o {$overridewanip}"; - - /* enable logging of packets handled by miniupnpd rules */ - if($logpackets) - $start .= " -L"; - - /* enable system uptime instead of miniupnpd uptime */ - if($sysuptime) - $start .= " -U"; - + /* write out the configuration */ conf_mount_rw(); - + upnp_write_config(UPNP_CONFIG,$configtext); write_rcfile(array( - "file" => "miniupnpd.sh", - "start" => $start, - "stop" => $stop + 'file' => 'miniupnpd.sh', + 'start' => $start, + 'stop' => $stop ) ); - conf_mount_ro(); /* if miniupnpd not running start it */ - if((int)exec("pgrep miniupnpd | wc -l") != 1) { + if(!upnpd_running) { upnp_notice("Starting service on interface: {$ifaces_active}"); - upnp_action("start"); + upnp_action('start'); } /* or restart miniupnpd if settings were changed */ elseif($_POST['iface_array']) { upnp_notice("Restarting service on interface: {$ifaces_active}"); - upnp_action("restart"); + upnp_action('restart'); } } } - if(!$iface_array || !$ifaces_final) { + if(!$iface_array || !$ifaces_active) { /* no parameters user does not want miniupnpd running */ /* lets stop the service and remove the rc file */ if(file_exists(UPNP_RCFILE)) { - if(!upnp_config("enable")) - upnp_notice("Stopping service, miniupnpd disabled"); + if(!upnp_config('enable')) + upnp_notice('Stopping service: miniupnpd disabled'); else - upnp_notice("Stopping service, no interfaces selected"); + upnp_notice('Stopping service: no interfaces selected'); - upnp_action("stop"); + upnp_action('stop'); conf_mount_rw(); unlink(UPNP_RCFILE); + unlink(UPNP_CONFIG); conf_mount_ro(); } } diff --git a/usr/local/pkg/miniupnpd.xml b/usr/local/pkg/miniupnpd.xml index b67d789..c743e86 100644 --- a/usr/local/pkg/miniupnpd.xml +++ b/usr/local/pkg/miniupnpd.xml @@ -2,7 +2,7 @@ <packagegui> <title>Services: MiniUPnPd</title> <name>miniupnpd</name> - <version>20070112</version> + <version>20070130</version> <savetext>Change</savetext> <include_file>/usr/local/pkg/miniupnpd.inc</include_file> <aftersaveredirect>status_upnp.php</aftersaveredirect> @@ -83,6 +83,40 @@ <fieldname>sysuptime</fieldname> <type>checkbox</type> </field> + <field> + <fielddescr>By default deny access to miniupnpd?</fielddescr> + <fieldname>permdefault</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>User specified persmissions 1</fielddescr> + <fieldname>permuser1</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range] + <br />Example: allow 1024-65535 192.168.0.0/24 1024-65535</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 2</fielddescr> + <fieldname>permuser2</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 3</fielddescr> + <fieldname>permuser3</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 4</fielddescr> + <fieldname>permuser4</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> </fields> <custom_php_command_before_form> before_form_miniupnpd(&$pkg); |