From baec2b007fa963f9c047ef08b16abc92c571c407 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 21 Nov 2013 21:18:00 +0000 Subject: Properly create zones for the CP with the new command arguments and properly invoke ipfw for applying rules and other configuration options. --- etc/inc/captiveportal.inc | 39 +++++++++++----------- etc/inc/interfaces.inc | 5 +-- etc/rc.prunecaptiveportal | 7 ++++ usr/local/captiveportal/index.php | 4 ++- usr/local/www/services_captiveportal.php | 14 +++++--- .../www/services_captiveportal_hostname_edit.php | 3 +- usr/local/www/services_captiveportal_ip_edit.php | 5 +-- usr/local/www/services_captiveportal_mac.php | 9 +++-- usr/local/www/services_captiveportal_mac_edit.php | 7 +++- usr/local/www/services_captiveportal_zones.php | 4 +++ usr/local/www/status.php | 8 +++-- 11 files changed, 68 insertions(+), 37 deletions(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 7d683b0..b7a7850 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -174,11 +174,12 @@ function captiveportal_load_modules() { } function captiveportal_configure() { - global $config, $cpzone; + global $config, $cpzone, $cpzoneid; if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; + $cpzoneid = $cp['zoneid']; captiveportal_configure_zone($cp); } } else @@ -186,7 +187,7 @@ function captiveportal_configure() { } function captiveportal_configure_zone($cpcfg) { - global $config, $g, $cpzone; + global $config, $g, $cpzone, $cpzoneid; $captiveportallck = lock("captiveportal{$cpzone}", LOCK_EX); @@ -366,7 +367,7 @@ EOD; /* Release allocated pipes for this zone */ captiveportal_free_dnrules(); - mwexec("/usr/local/sbin/ipfw_context -d {$cpzone}", true); + mwexec("/usr/local/sbin/ipfw zone {$cpzoneid} destory", true); if (empty($config['captiveportal'])) mwexec("/sbin/sysctl net.link.ether.ipfw=0"); @@ -450,13 +451,13 @@ function captiveportal_init_webgui_zone($cpcfg) { /* reinit will disconnect all users, be careful! */ function captiveportal_init_rules($reinit = false) { - global $config, $g, $cpzone; + global $config, $g, $cpzone, $cpzoneid; if (!isset($config['captiveportal'][$cpzone]['enable'])) return; captiveportal_load_modules(); - mwexec("/usr/local/sbin/ipfw_context -a {$cpzone}", true); + mwexec("/usr/local/sbin/ipfw zone {$cpzoneid} create", true); $cpips = array(); $ifaces = get_configured_interface_list(); @@ -473,7 +474,7 @@ function captiveportal_init_rules($reinit = false) { if (!empty($carpif)) { $carpsif = explode(" ", $carpif); foreach ($carpsif as $cpcarp) { - mwexec("/usr/local/sbin/ipfw_context -a {$cpzone} -n {$cpcarp}", true); + mwexec("/usr/local/sbin/ipfw zone {$cpzoneid} madd {$cpcarp}", true); $carpip = find_interface_ip($cpcarp); if (is_ipaddr($carpip)) $cpips[] = $carpip; @@ -481,7 +482,7 @@ function captiveportal_init_rules($reinit = false) { } $cpips[] = $cpipm; } - mwexec("/usr/local/sbin/ipfw_context -a {$cpzone} -n {$tmpif}", true); + mwexec("/usr/local/sbin/ipfw zone {$cpzoneid} madd {$tmpif}", true); } } if (count($cpips) > 0) { @@ -578,7 +579,7 @@ EOD; /* load rules */ $cprules = "flush\n{$cprules}"; file_put_contents("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", $cprules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/ipfw_{$cpzone}.cp.rules", true); //@unlink("{$g['tmp_path']}/ipfw_{$cpzone}.cp.rules"); unset($cprules, $tmprules); @@ -593,7 +594,7 @@ EOD; * (password is in Base64 and only saved when reauthentication is enabled) */ function captiveportal_prune_old() { - global $g, $config, $cpzone; + global $g, $config, $cpzone, $cpzoneid; if (empty($cpzone)) return; @@ -773,7 +774,7 @@ function captiveportal_prune_old() { } function captiveportal_prune_old_automac() { - global $g, $config, $cpzone; + global $g, $config, $cpzone, $cpzoneid; if (is_array($config['captiveportal'][$cpzone]['passthrumac']) && isset($config['captiveportal'][$cpzone]['passthrumacaddusername'])) { $tmpvoucherdb = array(); @@ -826,7 +827,7 @@ function captiveportal_prune_old_automac() { if (!empty($macrules)) { @file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules); unset($macrules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry.prunerules.tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/macentry.prunerules.tmp"); } if ($writecfg === true) write_config("Prune session for auto-added macs"); @@ -1227,7 +1228,7 @@ function captiveportal_syslog($message) { } function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = null) { - global $g, $config; + global $g, $config, $cpzoneid; $pipeno = captiveportal_get_next_dn_ruleno(); @@ -1433,7 +1434,7 @@ function captiveportal_free_dn_ruleno($ruleno) { } function captiveportal_get_dn_passthru_ruleno($value) { - global $config, $g, $cpzone; + global $config, $g, $cpzone, $cpzoneid; $cpcfg = $config['captiveportal'][$cpzone]; if(!isset($cpcfg['enable'])) @@ -1442,7 +1443,7 @@ function captiveportal_get_dn_passthru_ruleno($value) { $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); - $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`); + $ruleno = intval(`/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 5 | /usr/bin/head -n 1`); if ($rules[$ruleno]) { unlock($cpruleslck); return $ruleno; @@ -1512,7 +1513,7 @@ function captiveportal_free_ipfw_ruleno($ruleno) { } function captiveportal_get_ipfw_passthru_ruleno($value) { - global $config, $g, $cpzone; + global $config, $g, $cpzone, $cpzoneid; $cpcfg = $config['captiveportal'][$cpzone]; if(!isset($cpcfg['enable'])) @@ -1521,7 +1522,7 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { $cpruleslck = lock("captiveportalrules{$cpzone}", LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")); - $ruleno = intval(`/sbin/ipfw -x {$cpzone} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); + $ruleno = intval(`/sbin/ipfw -x {$cpzoneid} show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); if ($rules[$ruleno]) { unlock($cpruleslck); return $ruleno; @@ -1752,7 +1753,7 @@ function captiveportal_reapply_attributes($cpentry, $attributes) { } function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $pipeno = null, $radiusctx = null) { - global $redirurl, $g, $config, $type, $passthrumac, $_POST, $cpzone; + global $redirurl, $g, $config, $type, $passthrumac, $_POST, $cpzone, $cpzoneid; // Ensure we create an array if we are missing attributes if (!is_array($attributes)) @@ -1796,7 +1797,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $config['captiveportal'][$cpzone]['passthrumac'][] = $mac; $macrules .= captiveportal_passthrumac_configure_entry($mac); file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); $writecfg = true; $sessionid = true; break; @@ -1896,7 +1897,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut unlock($cpdblck); $macrules = captiveportal_passthrumac_configure_entry($mac); file_put_contents("{$g['tmp_path']}/macentry_{$cpzone}.rules.tmp", $macrules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/macentry_{$cpzone}.rules.tmp"); $writecfg = true; } else { /* See if a pipeno is passed, if not start sessions because this means there isn't one atm */ diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 37a9bb4..96a941b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1125,10 +1125,6 @@ function interfaces_configure() { /* restart dnsmasq */ services_dnsmasq_configure(); - - /* reload captive portal */ - if (function_exists('captiveportal_init_rules')) - captiveportal_init_rules(); } return 0; @@ -3143,6 +3139,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* update dyndns */ send_event("service reload dyndns {$interface}"); + /* XXX: which CPZONE? Needed? */ /* reload captive portal */ captiveportal_init_rules(); } diff --git a/etc/rc.prunecaptiveportal b/etc/rc.prunecaptiveportal index 12b0bce..c7011a5 100755 --- a/etc/rc.prunecaptiveportal +++ b/etc/rc.prunecaptiveportal @@ -39,8 +39,15 @@ require_once("shaper.inc"); require_once("captiveportal.inc"); global $g; +global $cpzone; +global $cpzoneid; $cpzone = str_replace("\n", "", $argv[1]); +if (!is_array($config['captiveportal'][$cpzone])) { + log_error("{$cpzone} is not a valid zone in the configuration!"); + return; +} +$cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; if (file_exists("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running")) { $stat = stat("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running"); diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index a97c33b..e8bcee3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -44,7 +44,7 @@ header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header("Connection: close"); -global $cpzone; +global $cpzone, $cpzoneid; $cpzone = $_REQUEST['zone']; $cpcfg = $config['captiveportal'][$cpzone]; @@ -55,6 +55,8 @@ if (empty($cpcfg)) { return; } +$cpzoneid = $cpcfg['zoneid']; + $orig_host = $_ENV['HTTP_HOST']; /* NOTE: IE 8/9 is buggy and that is why this is needed */ $orig_request = trim($_REQUEST['redirurl'], " /"); diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 8d7b211..ced841c 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -44,6 +44,10 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("captiveportal.inc"); +global $cpzone; +global $cpzoneid; + +$cpzoneid = 1; /* Just a default */ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; @@ -85,7 +89,7 @@ if (!is_array($config['cert'])) $a_cert =& $config['cert']; if ($a_cp[$cpzone]) { - $pconfig['zoneid'] = $a_cp[$cpzone]['zoneid']; + $cpzoneid = $pconfig['zoneid'] = $a_cp[$cpzone]['zoneid']; $pconfig['cinterface'] = $a_cp[$cpzone]['interface']; $pconfig['maxproc'] = $a_cp[$cpzone]['maxproc']; $pconfig['maxprocperip'] = $a_cp[$cpzone]['maxprocperip']; @@ -248,10 +252,12 @@ if ($_POST) { $newcp =& $a_cp[$cpzone]; //$newcp['zoneid'] = $a_cp[$cpzone]['zoneid']; if (empty($newcp['zoneid'])) { - $newcp['zoneid'] = 8000; - foreach ($a_cp as $keycpzone => $cp) + $newcp['zoneid'] = 1; + foreach ($a_cp as $keycpzone => $cp) { if ($cp['zoneid'] == $newcp['zoneid'] && $keycpzone != $cpzone) $newcp['zoneid'] += 2; /* Resreve space for SSL config if needed */ + } + $cpzoneid = $newcp['zoneid']; } $oldifaces = explode(",", $newcp['interface']); if (is_array($_POST['cinterface'])) @@ -344,7 +350,7 @@ if ($_POST) { if (!empty($toremove)) { foreach ($toremove as $removeif) { $removeif = get_real_interface($removeif); - mwexec("/usr/local/sbin/ipfw_context -d {$cpzone} -x {$removeif}"); + mwexec("/usr/local/sbin/ipfw zone {$cpzone} mdel {$removeif}"); } } captiveportal_configure_zone($newcp); diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index b42aa78..cf01f18 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -140,7 +140,8 @@ if ($_POST) { $rules = captiveportal_allowedhostname_configure(); @file_put_contents("{$g['tmp_path']}/hostname_rules", $rules); - mwexec("/sbin/ipfw -x {$cpzone} {$g['tmp_path']}/hostname_rules"); + $cpzoneid = $a_cp[$cpzone]['zoneid']; + mwexec("/sbin/ipfw -x {$cpzoneid} {$g['tmp_path']}/hostname_rules"); unset($rules); header("Location: services_captiveportal_hostname.php?zone={$cpzone}"); diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index a700e9b..f91d680 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -147,9 +147,10 @@ if ($_POST) { if (isset($a_cp[$cpzone]['enable']) && is_module_loaded("ipfw.ko")) { $rules = ""; + $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($ipfw); if (isset($oldip) && isset($oldmask)) { - $ipfw = pfSense_ipfw_getTablestats($cpzone, 3, $oldip, $oldmask); + $ipfw = pfSense_ipfw_getTablestats($cpzoneid, 3, $oldip, $oldmask); $rules .= "table 3 delete {$oldip}/{$oldmask}\n"; $rules .= "table 4 delete {$oldip}/{$oldmask}\n"; if (is_array($ipfw)) { @@ -163,7 +164,7 @@ if ($_POST) { } $uniqid = uniqid("{$cpzone}_allowed"); @file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); } diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index b0a8492..e636f7b 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -44,6 +44,9 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); +global $cpzone; +global $cpzoneid; + $cpzone = $_GET['zone']; if (isset($_POST['zone'])) $cpzone = $_POST['zone']; @@ -102,10 +105,11 @@ if ($_POST) { } } if ($found == true) { + $cpzoneid = $a_cp[$cpzone]['zoneid']; $rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$idx]); $uniqid = uniqid("{$cpzone}_mac"); file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); unset($a_passthrumacs[$idx]); write_config(); @@ -120,10 +124,11 @@ if ($_POST) { if ($_GET['act'] == "del") { $a_passthrumacs =& $a_cp[$cpzone]['passthrumac']; if ($a_passthrumacs[$_GET['id']]) { + $cpzoneid = $a_cp[$cpzone]['zoneid']; $rules = captiveportal_passthrumac_delete_entry($a_passthrumacs[$_GET['id']]); $uniqid = uniqid("{$cpzone}_mac"); file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); unset($a_passthrumacs[$_GET['id']]); write_config(); diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index ef70c45..e03454d 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -54,6 +54,9 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); +global $cpzone; +global $cpzoneid; + $pgtitle = array(gettext("Services"),gettext("Captive portal"),gettext("Edit MAC address rules")); $shortcut_section = "captiveportal"; @@ -153,12 +156,14 @@ if ($_POST) { write_config(); if (isset($config['captiveportal'][$cpzone]['enable'])) { + $cpzoneid = $config['captiveportal'][$cpzone]['zoneid']; $rules = captiveportal_passthrumac_delete_entry($oldmac); $rules .= captiveportal_passthrumac_configure_entry($mac); $uniqid = uniqid("{$cpzone}_macedit"); file_put_contents("{$g['tmp_path']}/{$uniqid}_tmp", $rules); - mwexec("/sbin/ipfw -x {$cpzone} -q {$g['tmp_path']}/{$uniqid}_tmp"); + mwexec("/sbin/ipfw -x {$cpzoneid} -q {$g['tmp_path']}/{$uniqid}_tmp"); @unlink("{$g['tmp_path']}/{$uniqid}_tmp"); + unset($cpzoneid); } header("Location: services_captiveportal_mac.php?zone={$cpzone}"); diff --git a/usr/local/www/services_captiveportal_zones.php b/usr/local/www/services_captiveportal_zones.php index 58fc3d8..454b36e 100644 --- a/usr/local/www/services_captiveportal_zones.php +++ b/usr/local/www/services_captiveportal_zones.php @@ -16,6 +16,9 @@ require_once("filter.inc"); require("shaper.inc"); require("captiveportal.inc"); +global $cpzone; +global $cpzoneid; + if (!is_array($config['captiveportal'])) $config['captiveportal'] = array(); $a_cp = &$config['captiveportal']; @@ -23,6 +26,7 @@ $a_cp = &$config['captiveportal']; if ($_GET['act'] == "del" && !empty($_GET['zone'])) { $cpzone = $_GET['zone']; if ($a_cp[$cpzone]) { + $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($a_cp[$cpzone]['enable']); captiveportal_configure_zone($a_cp[$cpzone]); unset($a_cp[$cpzone]); diff --git a/usr/local/www/status.php b/usr/local/www/status.php index a4906cf..4459207 100755 --- a/usr/local/www/status.php +++ b/usr/local/www/status.php @@ -138,10 +138,12 @@ defCmdT("top | head -n5", "/usr/bin/top | /usr/bin/head -n5"); defCmdT("sysctl hw.physmem","/sbin/sysctl hw.physmem"); -if (isset($config['captiveportal']) && is_array($config['captiveportal'])) - foreach ($config['captiveportal'] as $cpZone => $cpdata) +if (isset($config['captiveportal']) && is_array($config['captiveportal'])) { + foreach ($config['captiveportal'] as $cpZone => $cpdata) { if (isset($cpdata['enable'])) - defCmdT("ipfw -x {$cpZone} show", "/sbin/ipfw -x {$cpZone} show"); + defCmdT("ipfw -x {$cpdata['zoneid']} show", "/sbin/ipfw -x {$cpdata['zoneid']} show"); + } +} defCmdT("pfctl -sn", "/sbin/pfctl -sn"); defCmdT("pfctl -sr", "/sbin/pfctl -sr"); -- cgit v1.1