From 0092b3bd47bdfa8b3bc24e140235e4693918ee46 Mon Sep 17 00:00:00 2001
From: mgrooms <mgrooms@shrew.net>
Date: Sun, 15 Mar 2009 00:31:55 +0000
Subject: Modify captive portal to use centralized user management. The user
 manager has been modified to include an account expiration option to support
 this service.

---
 etc/inc/auth.inc       | 20 ++++++++++++----
 etc/inc/config.inc     | 26 ++++++++++++++++++++
 etc/inc/globals.inc    |  2 +-
 etc/rc                 |  5 +++-
 etc/rc.exipireaccounts | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 111 insertions(+), 6 deletions(-)
 create mode 100755 etc/rc.exipireaccounts

(limited to 'etc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index ab04846..f45dbae 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -113,9 +113,21 @@ function local_backed($username, $passwd) {
 	if (!$user)
 		return false;
 
-	$passwd = crypt($passwd, $user['password']);
+	if ($user['password'])
+	{
+		$passwd = crypt($passwd, $user['password']);
+		if ($passwd == $user['password'])
+			return true;
+	}
+
+	if ($user['md5-hash'])
+	{
+		$passwd = md5($passwd);
+		if ($passwd == $user['md5-hash'])
+			return true;
+	}
 
-	return ($passwd == $user['password']);
+	return false;
 }
 
 function local_sync_accounts() {
@@ -366,7 +378,7 @@ function local_group_set($group, $reset = false) {
 
 	if($debug)
 		log_error("Running: {$cmd}");
-	$fd = popen($cmd, "w");
+	$fd = popen($cmd, "w");
 	fwrite($fd, $user['password']);
 	pclose($fd);
 
@@ -882,4 +894,4 @@ function session_auth($backing) {
 	return true;
 }
 
-?>
+?>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 7c8597e..026b90f 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -2217,6 +2217,32 @@ endif;
 		$config['version'] = "5.6";
 	}
 
+	/* Convert 5.6 -> 5.7 */
+	if ($config['version'] <= 5.6) {
+
+		/* migrate captivate portal to user manager */
+		if (is_array($config['captiveportal']['user'])) {
+			foreach($config['captiveportal']['user'] as $user) {
+				// avoid user conflicts
+				if ($config['system']['user'][$user['name']])
+					continue;
+				$user['scope'] = "user";
+				if (isset($user['expirationdate'])) {
+					$user['expires'] = $user['expirationdate'];
+					unset($user['expirationdate']);
+				}
+				if (isset($user['password'])) {
+					$user['md5-hash'] = $user['password'];
+					unset($user['password']);
+				}
+				$config['system']['user'][] = $user;
+			}
+			unset($config['captiveportal']['user']);
+		}
+
+		$config['version'] = "5.7";
+	}
+
 	$now = date("H:i:s");
 	log_error("Ended Configuration upgrade at $now");
 
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 66632d9..c8ae12d 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -58,7 +58,7 @@ $g = array(
         "product_website_footer" => "http://www.pfsense.org/?gui20",
 	"product_email" => "coreteam@pfsense.org",
 	"debug" => false,
-	"latest_config" => "5.6",
+	"latest_config" => "5.7",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "115",
 	"minimum_ram_warning_text" => "128 megabytes",
diff --git a/etc/rc b/etc/rc
index bfdda55..ef9250e 100755
--- a/etc/rc
+++ b/etc/rc
@@ -294,9 +294,12 @@ rm -f /tmp/filter_dirty
 rm -f /tmp/rc.linkup
 nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status 2>/dev/null &
 
-# Start ping handler for every 240 seconds
+# Start ping handler every 240 seconds
 minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
 
+# Start account expire handler every hour
+minicron 3600 /var/run/expire_accounts.pid /etc/inc/rc.exipireaccounts
+
 chmod a+rw /tmp/.
 
 echo "Bootup complete"
diff --git a/etc/rc.exipireaccounts b/etc/rc.exipireaccounts
new file mode 100755
index 0000000..7a37e91
--- /dev/null
+++ b/etc/rc.exipireaccounts
@@ -0,0 +1,64 @@
+#!/usr/local/bin/php -f
+<?php
+/* $Id$ */
+/*
+	rc.exireaccounts
+	part of pfSense
+	
+	Copyright (C) 2009 Shrew Soft Inc.
+	All rights reserved.
+	
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+	
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+	
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+	
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+	require_once("auth.inc");
+
+	$removed = 0;
+	if (!is_array($config['system']['user']))
+		return;
+
+	$count = count($config['system']['user']);
+	$index = 0;
+	for(; $index < $count; $index++) {
+		$user = $config['system']['user'][$index];
+		if($user['scope'] == "system")
+			continue;
+		echo "1\n";
+		echo "User {$user['name']} expires {$user['expires']}\n";
+		if(!$user['expires'])
+			continue;
+		echo "1\n";
+		if(strtotime("-1 day") > strtotime($user['expires'])) {
+			echo "removing user {$user['name']} at index #{$index}\n";
+			unset($config['system']['user'][$index]);
+			$removed++;
+			$count--;
+			$index--;
+		}
+	}
+
+	if($removed > 0)
+		write_config("Expired {$removed} user accounts");
+
+	print_r($config);
+
+?>
-- 
cgit v1.1