From d5ae560d8396f81a6f73667bf53df046b71ace35 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 3 May 2010 18:14:27 +0000 Subject: Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page. --- etc/inc/captiveportal.inc | 64 +++++++++++++---------- usr/local/captiveportal/index.php | 16 +----- usr/local/www/services_captiveportal_mac.php | 14 +++-- usr/local/www/services_captiveportal_mac_edit.php | 2 - 4 files changed, 43 insertions(+), 53 deletions(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 611016d..94ca06e 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -127,7 +127,8 @@ function captiveportal_configure() { $cprules = captiveportal_rules_generate($cpinterface, $cpips); $cprules .= "\n"; /* generate passthru mac database */ - captiveportal_passthrumac_configure(true); + $cprules .= captiveportal_passthrumac_configure(true); + $cprules .= "\n"; /* allowed ipfw rules to make allowed ip work */ $cprules .= captiveportal_allowedip_configure(); @@ -719,31 +720,50 @@ function captiveportal_radius_stop_all($lock = false) { unlock($captiveportallck); } +function captiveportal_passthrumac_configure_entry($macent) { + $rules = ""; + $enBwup = isset($macent['bw_up']); + $enBwdown = isset($macent['bw_down']); + $actionup = "allow"; + $actiondown = "allow"; + + if ($enBwup && $enBwdown) + $ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true); + else + $ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, false); + + if ($enBwup) { + $bw_up = $ruleno + 20000; + $rules .= "pipe {$bw_up} config bw {$macent['bw_up']}Kbit/s queue 100\n"; + $actionup = "pipe {$bw_up}"; + } + if ($enBwdown) { + $bw_down = $ruleno + 20001; + $rules .= "pipe {$bw_down} config bw {$macent['bw_down']}Kbit/s queue 100\n"; + $actiondown = "pipe {$bw_down}"; + } + $rules .= "add {$ruleno} {$actionup} ip from any to any MAC {$macent['mac']} any\n"; + $ruleno++; + $rules .= "add {$ruleno} {$actiondown} ip from any to any MAC any {$macent['mac']}\n"; + + return $rules; +} + function captiveportal_passthrumac_configure($lock = false) { global $config, $g; - if (!$lock) - $captiveportallck = lock('captiveportal'); - - /* clear out passthru macs, if necessary */ - unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); + $rules = ""; if (is_array($config['captiveportal']['passthrumac'])) { $macdb = array(); foreach ($config['captiveportal']['passthrumac'] as $macent) { + $rules .= captiveportal_passthrumac_configure_entry($macent); $macdb[$macent['mac']]['active'] = true; - if (isset($macent['bw_up'])) - $macdb[$macent['mac']]['bw_up'] = $macent['bw_up']; - if (isset($macent['bw_down'])) - $macdb[$macent['mac']]['bw_down'] = $macent['bw_down']; } - /* record passthru MACs so can be recognized and let thru */ - file_put_contents("{$g['vardb_path']}/captiveportal_mac.db", serialize($macdb)); } - if (!$lock) - unlock($captiveportallck); + return $rules; } /* @@ -1074,7 +1094,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { } } -function captiveportal_get_ipfw_ruleno_byvalue($value, $table = 1) { +function captiveportal_get_ipfw_passthru_ruleno($value) { global $config, $g; if(!isset($config['captiveportal']['enable'])) @@ -1082,7 +1102,7 @@ function captiveportal_get_ipfw_ruleno_byvalue($value, $table = 1) { if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); - $ruleno = intval(`/sbin/ipfw table {$table} list | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); + $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); if ($rules[$ruleno]) return $ruleno; } @@ -1159,18 +1179,6 @@ function getNasIP() return $nasIp; } -function portal_mac_fixed($clientmac) { - global $g ; - - /* open captive portal mac db */ - if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) { - $macdb = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal_mac.db")); - if (isset($macdb[$clientmac])) - return $macdb[$clientmac]; - } - return FALSE ; -} - function portal_ip_from_client_ip($cliip) { global $config; diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 7d51fc3..4f68026 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -119,12 +119,6 @@ setTimeout('window.close();',5000) ; EOD; exit; -/* The $macfilter can be removed safely since we first check if the $clientmac is present, if not we fail */ -} else if ($clientmac && portal_mac_fixed($clientmac)) { - /* punch hole in ipfw for pass thru mac addresses */ - portal_allow($clientip, $clientmac, "unauthenticated"); - exit; - } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ exit; @@ -322,19 +316,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut */ $peruserbw = isset($config['captiveportal']['peruserbw']); $passthrumacadd = isset($config['captiveportal']['passthrumacadd']); - $portalmac = NULL; - if (!empty($clientmac)) { - $portalmac = portal_mac_fixed($clientmac); - if ($portalmac) { - $attributes['bw_up'] = $portalmac['bw_up']; - $attributes['bw_down'] = $portalmac['bw_down']; - } - } $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; - if ($passthrumacadd && $portalmac == NULL) { + if ($passthrumacadd) { $mac = array(); $mac['mac'] = $clientmac; $mac['descr'] = "Auto added pass-through MAC for user {$username}"; diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index dd5fdfe..7c40b85 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -74,13 +74,12 @@ if ($_POST) { } } if ($found == true) { - $ip = captiveportal_get_ipfw_ruleno_byvalue($_POST['delmac']); - if ($ip) { - captiveportal_disconnect_client($ip); + $ruleno = captiveportal_get_ipfw_passthru_ruleno($_POST['delmac']); + if ($ruleno) { + mwexec("/sbin/ipfw delete {$ruleno}; /sbin/ipfw delete " . ++$ruleno); } unset($a_passthrumacs[$idx]); write_config(); - captiveportal_passthrumac_configure(true); } } exit; @@ -89,14 +88,13 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_passthrumacs[$_GET['id']]) { - $ip = captiveportal_get_ipfw_ruleno_byvalue($a_passthrumacs[$_GET['id']]['mac']); - if ($ip) { - captiveportal_disconnect_client($ip); + $ruleno = captiveportal_get_ipfw_passthru_ruleno($a_passthrumacs[$_GET['id']]['mac']); + if ($ruleno) { + mwexec("/sbin/ipfw delete {$ruleno}; /sbin/ipfw delete " . ++$ruleno); } unset($a_passthrumacs[$_GET['id']]); write_config(); header("Location: services_captiveportal_mac.php"); - mark_subsystem_dirty('passthrumac'); exit; } } diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 89e2757..ac7b341 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -120,8 +120,6 @@ if ($_POST) { write_config(); - mark_subsystem_dirty('passthrumac'); - header("Location: services_captiveportal_mac.php"); exit; } -- cgit v1.1