From 1f1a08c85b7e8ddc6473795534ed5422a2c5aaaf Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 13 Sep 2012 21:15:43 -0400 Subject: Allow/deny access to DHCP by partial MAC matching. --- usr/local/www/services_dhcp.php | 44 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'usr/local/www') diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index ba95897..078d099 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -141,6 +141,8 @@ if (is_array($config['dhcpd'][$if])){ $pconfig['staticarp'] = isset($config['dhcpd'][$if]['staticarp']); $pconfig['ddnsdomain'] = $config['dhcpd'][$if]['ddnsdomain']; $pconfig['ddnsupdate'] = isset($config['dhcpd'][$if]['ddnsupdate']); + $pconfig['mac_allow'] = $config['dhcpd'][$if]['mac_allow']; + $pconfig['mac_deny'] = $config['dhcpd'][$if]['mac_deny']; list($pconfig['ntp1'],$pconfig['ntp2']) = $config['dhcpd'][$if]['ntpserver']; $pconfig['tftp'] = $config['dhcpd'][$if]['tftp']; $pconfig['ldap'] = $config['dhcpd'][$if]['ldap']; @@ -183,6 +185,16 @@ function is_inrange($test, $start, $end) { return false; } +function validate_partial_mac_list($maclist) { + $macs = explode(',', $maclist); + + // Loop through and look for invalid MACs. + foreach ($macs as $mac) + if (!is_macaddr($mac, true)) + return false; + return true; +} + if ($_POST) { unset($input_errors); @@ -241,7 +253,13 @@ if ($_POST) { } } } - + + // Validate MACs + if (!empty($_POST['mac_allow']) && !validate_partial_mac_list($_POST['mac_allow'])) + $input_errors[] = gettext("If you specify a mac allow list, it must contain only valid partial MAC addresses."); + if (!empty($_POST['mac_deny']) && !validate_partial_mac_list($_POST['mac_deny'])) + $input_errors[] = gettext("If you specify a mac deny list, it must contain only valid partial MAC addresses."); + if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); if (($_POST['domain'] && !is_domain($_POST['domain']))) @@ -368,6 +386,8 @@ if ($_POST) { $config['dhcpd'][$if]['staticarp'] = ($_POST['staticarp']) ? true : false; $config['dhcpd'][$if]['ddnsdomain'] = $_POST['ddnsdomain']; $config['dhcpd'][$if]['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; + $config['dhcpd'][$if]['mac_allow'] = $_POST['mac_allow']; + $config['dhcpd'][$if]['mac_deny'] = $_POST['mac_deny']; unset($config['dhcpd'][$if]['ntpserver']); if ($_POST['ntp1']) @@ -482,6 +502,8 @@ include("head.inc"); document.iform.dhcpleaseinlocaltime.disabled = endis; document.iform.ddnsdomain.disabled = endis; document.iform.ddnsupdate.disabled = endis; + document.iform.mac_allow.disabled = endis; + document.iform.mac_deny.disabled = endis; document.iform.ntp1.disabled = endis; document.iform.ntp2.disabled = endis; document.iform.tftp.disabled = endis; @@ -505,6 +527,12 @@ include("head.inc"); aodiv.style.display = "block"; } + function show_maccontrol_config() { + document.getElementById("showmaccontrolbox").innerHTML=''; + aodiv = document.getElementById('showmaccontrol'); + aodiv.style.display = "block"; + } + function show_ntp_config() { document.getElementById("showntpbox").innerHTML=''; aodiv = document.getElementById('showntp'); @@ -772,6 +800,20 @@ include("head.inc"); + + +
+ "> - +
+ + + +
-- cgit v1.1