From b4eb3a17379560b8d070ed2f3d2ef1e67f9f4ae5 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 17 Jun 2010 12:16:25 -0400 Subject: Check if a variable is set before trying to unset. Otherwise, this will blow up with $a[b][c] if $a[b] doesn't exist. --- usr/local/www/wizard.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 8a5c78f..a59e83d 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -136,14 +136,15 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type * item is a checkbox, it should have the value "on" * if it was checked */ - $text = "unset(\$config" . $field_conv . ");"; + $var = "\$config{$field_conv}"; + $text = "if (isset({$var})) unset({$var});"; eval($text); return; } if($field_type == "interfaces_selection") { - $text = "unset(\$config" . $field_conv . ");"; - eval($text); + $var = "\$config{$field_conv}"; + $text = "if (isset({$var})) unset({$var});"; $text = "\$config" . $field_conv . " = \"" . $updatetext . "\";"; eval($text); return; -- cgit v1.1 From 7af53acecd3b0c4b8c78a17992513bf9b4f75f35 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Thu, 17 Jun 2010 12:31:50 -0400 Subject: fix text --- etc/inc/shaper.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 0729557..85090bb 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -1081,7 +1081,7 @@ class priq_queue { $form .= " GetEnabled() == "on") $form .= " CHECKED"; - $form .= " > Enable/Disable queue and its childs"; + $form .= " > Enable/Disable queue and its children"; $form .= ""; $form .= ""; $form .= ""; @@ -2929,7 +2929,7 @@ class dnpipe_class extends dummynet_class { $form .= " GetEnabled() == "on") $form .= " CHECKED"; - $form .= " > Enable/Disable limiter and its childs"; + $form .= " > Enable/Disable limiter and its children"; $form .= ""; $form .= "
Name"; $form .= ""; @@ -3172,7 +3172,7 @@ class dnqueue_class extends dummynet_class { $form .= " GetEnabled() == "on") $form .= " CHECKED"; - $form .= " > Enable/Disable queue and its childs"; + $form .= " > Enable/Disable queue and its children"; $form .= ""; $form .= "
Name"; $form .= ""; -- cgit v1.1 From 822b687b162a5022d9d687cf98867149e1af126f Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 19:22:52 +0000 Subject: Do not assume WAN as the default interface to get the ip from for the calling station id. Instead add a select box(list) to choose the interface(ip) to send to radius. --- usr/local/captiveportal/radius_authentication.inc | 2 +- usr/local/www/services_captiveportal.php | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 7f37b03..bd5b74e 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -66,7 +66,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli break; default: - $calledstationid = get_interface_ip("wan"); + $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); $callingstationid = $clientmac; } diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 5206535..c47eba9 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -98,6 +98,7 @@ $pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; $pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); +$pconfig['radiussrcip_attribute'] = $config['captiveportal']['radiussrcip_attribute']; $pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']); $pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']); $pconfig['radmac_format'] = $config['captiveportal']['radmac_format']; @@ -200,6 +201,7 @@ if ($_POST) { $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; + $config['captiveportal']['radiussession_timeout'] = $_POST['radiussrcip_attribute']; $config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false; $config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; $config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; @@ -263,6 +265,7 @@ function enable_change(enable_change) { document.iform.noconcurrentlogins.disabled = endis; document.iform.radiusvendor.disabled = radius_endis; document.iform.radiussession_timeout.disabled = radius_endis; + document.iform.radiussrcip_attribute.disabled = radius_endis; document.iform.htmlfile.disabled = endis; document.iform.errfile.disabled = endis; document.iform.logoutfile.disabled = endis; @@ -528,6 +531,26 @@ value=""> + Radius ip attribute + +
+ Choose the ip to use for calling station attribute. + + + + Session-Timeout >Use RADIUS Session-Timeout attributes
When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute. -- cgit v1.1 From 34e9ca600219a4ba7470ffcc28cc1467ba9a7d3b Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 19:33:52 +0000 Subject: Show even VIP's in the list. This is copied from nat code and probably should be generalized. --- usr/local/captiveportal/radius_authentication.inc | 15 +++++++++------ usr/local/www/services_captiveportal.php | 15 +++++++++++++++ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index bd5b74e..1f7e2b5 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -61,13 +61,16 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli switch($radiusvendor) { case 'cisco': - $calledstationid = $clientmac; - $callingstationid = $clientip; - break; - + $calledstationid = $clientmac; + $callingstationid = $clientip; + break; default: - $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); - $callingstationid = $clientmac; + if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) + $calledstationid = $config['captiveportal']['radiussrcip_attribute']; + else + $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + $callingstationid = $clientmac; + break; } // Create our instance diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index c47eba9..0c60c7c 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -544,6 +544,21 @@ value=""> echo "\n"; } } + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $sn) { + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; + + for ($i = 0; $i <= $len; $i++) { + $snip = long2ip32($start+$i); + echo "\n"; + } + } else + echo "\n"; + } + } ?>
Choose the ip to use for calling station attribute. -- cgit v1.1 From 5082282c3a4cfaed950dee0d8aaf6b7a6a7e7dfe Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 19:39:30 +0000 Subject: Use the configured src ip attribute choosen for accounting too. --- usr/local/captiveportal/radius_accounting.inc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index 688af74..f57757a 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -67,7 +67,11 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, break; default: - $calledstationid = get_interface_ip("wan"); + if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) + $calledstationid = $config['captiveportal']['radiussrcip_attribute']; + else + $calledstationid = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + $callingstationid = $clientmac; $callingstationid = $clientmac; } -- cgit v1.1 From f23e63638af309ec317dc924794c34dd1c68fecc Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 21:44:53 +0000 Subject: Fixes #660. Simplify some code and correctly do an exit after a redirect is issued. Thanks-to: Efonne for analysis. --- etc/inc/auth.inc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 2e580b1..e358827 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1099,10 +1099,12 @@ function session_auth() { $_SESSION['last_access'] = time(); log_error("Successful login for user '{$_POST['usernamefld']}' from: {$_SERVER['REMOTE_ADDR']}"); require_once("functions.inc"); + $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; else pfSenseHeader("/{$page}"); + exit; } else { /* give the user an error message */ $_SESSION['Login_Error'] = "Username or Password incorrect"; @@ -1177,20 +1179,14 @@ function session_auth() { * to submit a HTML form. It basically diables the observation * of the submit event and hence does not trigger Ajax. */ - if ($_GET['disable_ajax']) { + if ($_GET['disable_ajax']) $_SESSION['NO_AJAX'] = "True"; - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - } /* * Same to re-enable Ajax. */ - if ($_GET['enable_ajax']) { + if ($_GET['enable_ajax']) unset($_SESSION['NO_AJAX']); - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - } $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; return true; -- cgit v1.1 From 8aede55b43d5f484c7708c5998b8432b3c5c3667 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 21:48:31 +0000 Subject: Use proper name for index. --- usr/local/www/services_captiveportal.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 0c60c7c..fc5a1a9 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -201,7 +201,7 @@ if ($_POST) { $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; - $config['captiveportal']['radiussession_timeout'] = $_POST['radiussrcip_attribute']; + $config['captiveportal']['radiussrcip_attribute'] = $_POST['radiussrcip_attribute']; $config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false; $config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; $config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; -- cgit v1.1 From 80b292f3d886430cf6a2fb0c34d460125c94ee5b Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 21:54:10 +0000 Subject: Do not include functions.inc just for pfSenseHeader which is not really the best place to use! --- etc/inc/auth.inc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index e358827..f9b9d21 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1098,12 +1098,14 @@ function session_auth() { $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); log_error("Successful login for user '{$_POST['usernamefld']}' from: {$_SERVER['REMOTE_ADDR']}"); - require_once("functions.inc"); $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; - else - pfSenseHeader("/{$page}"); + else { + if (empty($page)) + $page = "/"; + header("Location: {$page}"); + } exit; } else { /* give the user an error message */ -- cgit v1.1 From 64c0462becb942f92e65e71eb0bbac1b797994a2 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 21:57:39 +0000 Subject: Teach even getNasIP for the new callingstation ip setting. --- etc/inc/captiveportal.inc | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 83d8b31..be3c831 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1248,10 +1248,17 @@ function getNasID() function getNasIP() { - $nasIp = get_interface_ip(); - if(!$nasIp) - $nasIp = "0.0.0.0"; - return $nasIp; + global $config; + + if (!empty($config['captiveportal']['radiussrcip_attribute'])) + $nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + else + $nasIp = get_interface_ip(); + + if(!is_ipaddr($nasIp)) + $nasIp = "0.0.0.0"; + + return $nasIp; } function portal_ip_from_client_ip($cliip) { @@ -1278,4 +1285,4 @@ function portal_ip_from_client_ip($cliip) { return false; } -?> \ No newline at end of file +?> -- cgit v1.1 From 4a756e9be7e39bfb0d6ec0937e71d5a44eba0829 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 22:09:00 +0000 Subject: Actually correctly handle some vip types ips for getNasIP. --- etc/inc/captiveportal.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index be3c831..17d961a 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1251,7 +1251,10 @@ function getNasIP() global $config; if (!empty($config['captiveportal']['radiussrcip_attribute'])) - $nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); + if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) + $nasIp = $config['captiveportal']['radiussrcip_attribute']; + else + $nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); else $nasIp = get_interface_ip(); -- cgit v1.1 From 36ff7f81ca06925903ee8565872454d038753d4b Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 17 Jun 2010 22:10:01 +0000 Subject: Ooops curly missing. --- etc/inc/captiveportal.inc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 17d961a..1b34717 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1250,13 +1250,14 @@ function getNasIP() { global $config; - if (!empty($config['captiveportal']['radiussrcip_attribute'])) + if (empty($config['captiveportal']['radiussrcip_attribute'])) + $nasIp = get_interface_ip(); + else { if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) $nasIp = $config['captiveportal']['radiussrcip_attribute']; else $nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']); - else - $nasIp = get_interface_ip(); + } if(!is_ipaddr($nasIp)) $nasIp = "0.0.0.0"; -- cgit v1.1