From 2f3256d07870aa41a85d82300f4ea1ab8bc38212 Mon Sep 17 00:00:00 2001 From: mkasper Date: Sun, 8 Jan 2006 10:41:49 +0000 Subject: [PATCH] Import m0n0wall 1.21 files. git-svn-id: https://svn.m0n0.ch/wall/trunk@27 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- captiveportal/index.php | 363 +++--- captiveportal/radius_accounting.inc | 98 +- captiveportal/radius_authentication.inc | 265 ++-- etc/rc.firmware | 11 +- phpconf/config.xml | 15 + phpconf/inc/captiveportal.inc | 391 ++++-- phpconf/inc/config.inc | 31 +- phpconf/inc/filter.inc | 2 +- phpconf/inc/functions.inc | 5 +- phpconf/inc/globals.inc | 4 +- phpconf/inc/interfaces.inc | 12 +- phpconf/inc/pear.inc | 1055 ++++++++++++++++ phpconf/inc/radius.inc | 1094 +++++++++++++++++ phpconf/inc/services.inc | 6 +- phpconf/inc/shaper.inc | 2 +- phpconf/inc/system.inc | 2 +- phpconf/inc/util.inc | 7 +- phpconf/inc/vpn.inc | 6 +- phpconf/inc/xmlparse.inc | 6 +- phpconf/rc.banner | 4 +- phpconf/rc.bootup | 2 +- phpconf/rc.cleanreboot | 37 + phpconf/rc.initial.defaults | 2 +- phpconf/rc.initial.password | 2 +- phpconf/rc.initial.ping | 2 +- phpconf/rc.initial.reboot | 2 +- phpconf/rc.initial.setlanip | 2 +- phpconf/rc.initial.setports | 2 +- phpconf/rc.newwanip | 2 +- phpconf/rc.prunecaptiveportal | 2 +- webgui/diag_backup.php | 7 +- webgui/diag_defaults.php | 2 +- webgui/diag_ipfstat.php | 2 +- webgui/diag_ipsec_sad.php | 2 +- webgui/diag_ipsec_spd.php | 2 +- webgui/diag_logs.php | 2 +- webgui/diag_logs_dhcp.php | 2 +- webgui/diag_logs_filter.php | 2 +- webgui/diag_logs_portal.php | 2 +- webgui/diag_logs_settings.php | 2 +- webgui/diag_logs_vpn.php | 2 +- webgui/diag_ping.php | 2 +- webgui/diag_resetstate.php | 2 +- webgui/diag_traceroute.php | 2 +- webgui/exec_raw.php | 2 +- webgui/fend.inc | 2 +- webgui/firewall_aliases.php | 2 +- webgui/firewall_aliases_edit.php | 2 +- webgui/firewall_nat.php | 2 +- webgui/firewall_nat_1to1.php | 2 +- webgui/firewall_nat_1to1_edit.php | 2 +- webgui/firewall_nat_edit.php | 2 +- webgui/firewall_nat_out.php | 2 +- webgui/firewall_nat_out_edit.php | 2 +- webgui/firewall_nat_server.php | 2 +- webgui/firewall_nat_server_edit.php | 2 +- webgui/firewall_rules.php | 2 +- webgui/firewall_rules_edit.php | 2 +- webgui/firewall_shaper.php | 2 +- webgui/firewall_shaper_edit.php | 2 +- webgui/firewall_shaper_pipes.php | 2 +- webgui/firewall_shaper_pipes_edit.php | 2 +- webgui/firewall_shaper_queues.php | 2 +- webgui/firewall_shaper_queues_edit.php | 2 +- webgui/graph.php | 520 ++++---- webgui/graph_cpu.php | 264 ++-- webgui/gui.css | 20 + webgui/guiconfig.inc | 12 +- webgui/index.php | 18 +- webgui/interfaces_assign.php | 2 +- webgui/interfaces_lan.php | 2 +- webgui/interfaces_opt.php | 2 +- webgui/interfaces_vlan.php | 2 +- webgui/interfaces_vlan_edit.php | 2 +- webgui/interfaces_wan.php | 2 +- webgui/interfaces_wlan.inc | 2 +- webgui/license.php | 10 +- webgui/reboot.php | 2 +- webgui/services_captiveportal.php | 263 +++- webgui/services_captiveportal_filemanager.php | 165 +++ webgui/services_captiveportal_ip.php | 1 + webgui/services_captiveportal_mac.php | 1 + webgui/services_captiveportal_users.php | 3 +- webgui/services_captiveportal_users_edit.php | 2 +- webgui/services_dhcp.php | 2 +- webgui/services_dhcp_edit.php | 2 +- .../services_dnsmasq_domainoverride_edit.php | 2 +- webgui/services_dyndns.php | 2 +- webgui/services_proxyarp.php | 2 +- webgui/services_proxyarp_edit.php | 2 +- webgui/services_snmp.php | 13 +- webgui/services_wol.php | 2 +- webgui/services_wol_edit.php | 2 +- webgui/status_captiveportal.php | 4 +- webgui/status_graph.php | 2 +- webgui/status_graph_cpu.php | 2 +- webgui/status_interfaces.php | 2 +- webgui/status_wireless.php | 2 +- webgui/system.php | 2 +- webgui/system_advanced.php | 2 +- webgui/system_firmware.php | 2 +- webgui/system_routes.php | 2 +- webgui/system_routes_edit.php | 2 +- webgui/uploadconfig.php | 2 +- webgui/vpn_ipsec.php | 2 +- webgui/vpn_ipsec_ca.php | 2 +- webgui/vpn_ipsec_ca_edit.php | 2 +- webgui/vpn_ipsec_edit.php | 2 +- webgui/vpn_ipsec_keys.php | 2 +- webgui/vpn_ipsec_keys_edit.php | 2 +- webgui/vpn_ipsec_mobile.php | 2 +- webgui/vpn_pptp.php | 2 +- webgui/vpn_pptp_users.php | 2 +- webgui/vpn_pptp_users_edit.php | 2 +- 114 files changed, 3884 insertions(+), 991 deletions(-) create mode 100644 phpconf/inc/pear.inc create mode 100644 phpconf/inc/radius.inc create mode 100644 phpconf/rc.cleanreboot create mode 100644 webgui/services_captiveportal_filemanager.php diff --git a/captiveportal/index.php b/captiveportal/index.php index a6a3581..daa2b16 100644 --- a/captiveportal/index.php +++ b/captiveportal/index.php @@ -4,7 +4,7 @@ index.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,11 +29,9 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("globals.inc"); -require("util.inc"); -require("config.inc"); -require("radius_authentication.inc"); -require("radius_accounting.inc"); +require_once("functions.inc"); +require_once("radius_authentication.inc"); +require_once("radius_accounting.inc"); header("Expires: 0"); header("Cache-Control: no-store, no-cache, must-revalidate"); @@ -42,7 +40,6 @@ header("Pragma: no-cache"); $orig_host = $_ENV['HTTP_HOST']; $orig_request = $_ENV['CAPTIVE_REQPATH']; -$lockfile = "{$g['varrun_path']}/captiveportal.lock"; $clientip = $_ENV['REMOTE_ADDR']; if (!$clientip) { @@ -50,45 +47,87 @@ if (!$clientip) { exit; } +if (isset($config['captiveportal']['httpslogin'])) + $ourhostname = $config['captiveportal']['httpsname'] . ":8001"; +else + $ourhostname = $config['interfaces'][$config['captiveportal']['interface']]['ipaddr'] . ":8000"; + +if ($orig_host != $ourhostname) { + /* the client thinks it's connected to the desired web server, but instead + it's connected to us. Issue a redirect... */ + + if (isset($config['captiveportal']['httpslogin'])) + header("Location: https://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); + else + header("Location: http://{$ourhostname}/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); + + exit; +} + +if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) + $redirurl = urldecode($matches[1]); +if ($_POST['redirurl']) + $redirurl = $_POST['redirurl']; + +$macfilter = !isset($config['captiveportal']['nomacfilter']); + +if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { + $radius_enable = TRUE; + if ($radius_enable && $macfilter && isset($config['captiveportal']['radmac_enable'])) + $radmac_enable = TRUE; +} + /* find MAC address for client */ $clientmac = arp_get_mac_by_ip($clientip); -if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) { +if (!$clientmac && $macfilter) { /* unable to find MAC address - shouldn't happen! - bail out */ + captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR"); exit; } -if ($clientmac && portal_mac_fixed($clientmac)) { +if ($_POST['logout_id']) { + disconnect_client($_POST['logout_id']); + echo << +Disconnecting... + + +You've been disconnected. + + + + + +EOD; +} else if ($clientmac && $macfilter && portal_mac_fixed($clientmac)) { /* punch hole in ipfw for pass thru mac addresses */ portal_allow($clientip, $clientmac, "unauthenticated"); + exit; -} else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { +} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { + /* radius functions handle everything so we exit here since we're done */ + exit; + +} else if ($_POST['accept'] && $radius_enable) { - /* authenticate against radius server */ - $radiusservers = captiveportal_get_radius_servers(); - if ($_POST['auth_user'] && $_POST['auth_pass']) { - $auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'], - $_POST['auth_pass'], - $radiusservers[0]['ipaddr'], - $radiusservers[0]['port'], - $radiusservers[0]['key']); - if ($auth_val == 2) { - captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); - $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'], $_POST['auth_pass']); - if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { - $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'], - $sessionid, - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $clientip); - } - } else { - captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); - readfile("{$g['varetc_path']}/captiveportal-error.html"); + $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN"); + + if ($auth_list['auth_val'] == 1) { + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']); + portal_reply_page($redirurl, "error", $auth_list['error']); + } + else if ($auth_list['auth_val'] == 3) { + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']); + portal_reply_page($redirurl, "error", $auth_list['reply_message']); } } else { - readfile("{$g['varetc_path']}/captiveportal-error.html"); + captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR"); + portal_reply_page($redirurl, "error"); } } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { @@ -122,55 +161,41 @@ if ($clientmac && portal_mac_fixed($clientmac)) { if ($loginok){ captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); - portal_allow($clientip, $clientmac,$_POST['auth_user'],0,0); + portal_allow($clientip, $clientmac,$_POST['auth_user']); } else { captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); - readfile("{$g['varetc_path']}/captiveportal-error.html"); + portal_reply_page($redirurl, "error"); } } else if ($_POST['accept'] && $clientip) { portal_allow($clientip, $clientmac, "unauthenticated"); -} else if ($_POST['logout_id']) { - disconnect_client($_POST['logout_id']); - echo << -Disconnecting... - - -You've been disconnected. - - - - - -EOD; -} else if (($_ENV['SERVER_PORT'] != 8001) && isset($config['captiveportal']['httpslogin'])) { - /* redirect to HTTPS login page */ - header("Location: https://{$config['captiveportal']['httpsname']}:8001/?redirurl=" . urlencode("http://{$orig_host}{$orig_request}")); } else { /* display captive portal page */ - $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html"); - - /* substitute variables */ + portal_reply_page($redirurl, "login"); +} + +exit; + +function portal_reply_page($redirurl, $type = null, $message = null) { + global $g, $config; + + /* Get captive portal layout */ + if ($type == "login") + $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html"); + else + $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal-error.html"); + + /* substitute other variables */ if (isset($config['captiveportal']['httpslogin'])) $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); else $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext); - - if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) - $redirurl = urldecode($matches[1]); - else - $redirurl = "http://{$orig_host}{$orig_request}"; + $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - + $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); + echo $htmltext; } -exit; - function portal_mac_fixed($clientmac) { global $g ; @@ -192,21 +217,30 @@ function portal_mac_fixed($clientmac) { return FALSE ; } -function portal_allow($clientip,$clientmac,$clientuser,$password = "") { +function portal_mac_radius($clientmac,$clientip) { + global $config ; - global $orig_host, $orig_request, $g, $config; + $radmac_secret = $config['captiveportal']['radmac_secret']; - /* user has accepted AUP - let him in */ - portal_lock(); - - /* get next ipfw rule number */ - if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) - $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); - if (!$ruleno) - $ruleno = 10000; /* first rule number */ + /* authentication against the radius server */ + $auth_list = radius($clientmac,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); + if ($auth_list['auth_val'] == 2) { + return TRUE; + } + return FALSE; +} + +function portal_allow($clientip,$clientmac,$clientuser,$password = null, $session_timeout = null, $idle_timeout = null, $url_redirection = null, $session_terminate_time = null) { + + global $redirurl, $g, $config; + + if ((isset($config['captiveportal']['noconcurrentlogins'])) && ($clientuser != 'unauthenticated')) + kick_concurrent_logins($clientuser); - $saved_ruleno = $ruleno; + captiveportal_lock(); + $ruleno = get_next_ipfw_ruleno(); + /* generate unique session ID */ $tod = gettimeofday(); $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); @@ -223,18 +257,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { } /* read in client database */ - $cpdb = array(); - - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)) ; - if($line) { - $cpdb[] = explode(",",$line); - } - } - fclose($fd); - } + $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); @@ -249,7 +272,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $clientip); + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 13); // Port Preempted } mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); unset($cpdb[$i]); @@ -257,19 +282,13 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { } } + /* encode password in Base64 just in case it contains commas */ + $bpassword = base64_encode($password); + $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $clientuser, $sessionid, $bpassword, $session_timeout, $idle_timeout, $session_terminate_time); + /* rewrite information to database */ - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { - foreach ($cpdb as $cpent) { - fwrite($fd, join(",", $cpent) . "\n"); - } - /* write in this new entry */ - /* encode password in Base64 just in case it contains commas */ - $bpassword = base64_encode($password); - fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid},{$bpassword}\n") ; - fclose($fd); - } - + captiveportal_write_db($cpdb); + /* write next rule number */ $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w"); if ($fd) { @@ -280,15 +299,15 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { fclose($fd); } - portal_unlock(); + captiveportal_unlock(); /* redirect user to desired destination */ - if ($config['captiveportal']['redirurl']) - $redirurl = $config['captiveportal']['redirurl']; - else if ($_POST['redirurl']) - $redirurl = $_POST['redirurl']; + if ($url_redirection) + $my_redirurl = $url_redirection; + else if ($config['captiveportal']['redirurl']) + $my_redirurl = $config['captiveportal']['redirurl']; else - $redirurl = "http://{$orig_host}{$orig_request}"; + $my_redirurl = $redirurl; if(isset($config['captiveportal']['logoutwin_enable'])) { @@ -302,7 +321,7 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = "") { Redirecting... -Redirecting to {$redirurl}... +Redirecting to {$my_redirurl}... @@ -330,89 +349,46 @@ document.location.href="{$redirurl}"; EOD; } else { - header("Location: " . $redirurl); + header("Location: " . $my_redirurl); } return $sessionid; } -/* read RADIUS servers into array */ -function captiveportal_get_radius_servers() { - - global $g; - - if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { - $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r"); - if ($fd) { - $radiusservers = array(); - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); - $radiusservers[] = $radsrv; - } - } - fclose($fd); - - return $radiusservers; - } - } - - return false; -} +/* Ensure that only one username is used by one client at a time + * by Paul Taylor + */ +function kick_concurrent_logins($user) { -/* lock captive portal information, decide that the lock file is stale after - 10 seconds */ -function portal_lock() { - - global $lockfile; - - $n = 0; - while ($n < 10) { - /* open the lock file in append mode to avoid race condition */ - if ($fd = @fopen($lockfile, "x")) { - /* succeeded */ - fclose($fd); - return; - } else { - /* file locked, wait and try again */ - sleep(1); - $n++; + captiveportal_lock(); + + /* read database */ + $cpdb = captiveportal_read_db(); + + captiveportal_unlock(); + + if (isset($cpdb)) { + /* find duplicate entry */ + for ($i = 0; $i < count($cpdb); $i++) { + if ($cpdb[$i][4] == $user) { + /* This user was already logged in */ + disconnect_client($cpdb[$i][5],"CONCURRENT LOGIN - TERMINATING OLD SESSION",13); + } } } } -/* unlock captive portal information file */ -function portal_unlock() { - - global $lockfile; - - if (file_exists($lockfile)) - unlink($lockfile); -} - /* remove a single client by session ID by Dinesh Nair */ -function disconnect_client($sessionid) { +function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) { global $g, $config; - portal_lock(); + captiveportal_lock(); /* read database */ - $cpdb = array() ; - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)) ; - if($line) { - $cpdb[] = explode(",",$line); - } - } - fclose($fd); - } + $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); @@ -428,35 +404,34 @@ function disconnect_client($sessionid) { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $cpdb[$i][2]); + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + $term_cause); } mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000)); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"LOGOUT"); + captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason); unset($cpdb[$i]); break; } } /* rewrite information to database */ - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { - foreach ($cpdb as $cpent) { - fwrite($fd, join(",", $cpent) . "\n"); - } - fclose($fd); - } + captiveportal_write_db($cpdb); - portal_unlock(); + captiveportal_unlock(); } -/* log successful captive portal authentication to syslog */ -/* part of this code from php.net */ -function captiveportal_logportalauth($user,$mac,$ip,$status) { - define_syslog_variables(); - openlog("logportalauth", LOG_PID, LOG_LOCAL4); - // Log it - syslog(LOG_INFO, "$status: $user, $mac, $ip"); - closelog(); +function get_next_ipfw_ruleno() { + + global $g; + + /* get next ipfw rule number */ + if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) + $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); + if (!$ruleno) + $ruleno = 10000; /* first rule number */ + + return $ruleno; } ?> diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc index 3459efd..3003233 100644 --- a/captiveportal/radius_accounting.inc +++ b/captiveportal/radius_accounting.inc @@ -38,12 +38,13 @@ // - RFC2869 (Radius Extensions) // * now sends Acct-Input-Gigawords // * now sends Acct-Output-Gigawords + // * full implementation of nas-ip/nas_mac and called/calling-station ids */ -function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) { - $sharedsecret=$radiuskey ; +function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) { # $debug = 1 ; + global $config; exec("/bin/hostname", $nasHostname) ; if(!$nasHostname[0]) @@ -56,13 +57,22 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad /* set 5 second timeout on socket i/o */ stream_set_timeout($fd, 5) ; - $nas_ip_address = get_nas_ip(); + $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); // This function is defined in radius_authentication.inc + $nas_port = $ruleno - 10000; + $ip_exp=explode(".",$clientip); + $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + + switch($radiusvendor) { - if(!isset($clientip)) { - //if there's no client ip, we'll need to use the NAS ip - $clientip=$nas_ip_address; + case 'cisco': + $calledstationid = $clientmac; + $callingstationid = $clientip; + break; + + default: + $calledstationid = $nas_mac; + $callingstationid = $clientmac; } - $ip_exp=explode(".",$clientip); if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; @@ -82,21 +92,25 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad 6+ // Acct Status Type 6+ // Acct RADIUS Authenticated 2+strlen($sessionid)+ // Acct SessionID + 2+strlen($calledstationid)+ //Called-Station-ID + 2+strlen($callingstationid)+ //Calling-Station-ID 6; // Framed-IP-Address // v v v v v v v v v 1 v // Line # 1 2 3 4 5 6 7 8 9 0 E - $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC", + $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header 0,0,0,0, // authcode 6,6,0,0,0,1, // service type 1,2+strlen($username),$username, // username 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier - 5,6,0,0,0,0, // nasPort + 5,6,0,0,0,$nas_port, // nasPort 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,1, // Acct Status Type = Start 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID + 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID + 31,2+strlen($callingstationid),$callingstationid, //Calling-Station-ID 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); @@ -105,17 +119,19 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad // v v v v v v v v v 1 v // Line # 1 2 3 4 5 6 7 8 9 0 E - $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC", + $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header $RA, // authcode 6,6,0,0,0,1, // service type 1,2+strlen($username),$username, // username 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier - 5,6,0,0,0,0, // nasPort + 5,6,0,0,0,$nas_port, // nasPort 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,1, // Acct Status Type = Start 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID + 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID + 31,2+strlen($callingstationid),$callingstationid, //Calling-Station-ID 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); @@ -145,9 +161,11 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad // See RFC2866 for this. } -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false, $radius_term_cause = 1) { - $sharedsecret=$radiuskey ; +function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { # $debug = 1 ; + global $config; + + $stop_time = (empty($stop_time)) ? time() : $stop_time; exec("/bin/hostname", $nasHostname) ; if(!$nasHostname[0]) @@ -174,13 +192,23 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius /* set 5 second timeout on socket i/o */ stream_set_timeout($fd, 5) ; - $nas_ip_address = get_nas_ip(); + $nas_port = $ruleno - 10000; + $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); + $ip_exp=explode(".",$clientip); + $session_time = $stop_time - $start_time; + $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + + switch($radiusvendor) { - if(!isset($clientip)) { - //if there's no client ip, we'll need to use the NAS ip - $clientip=$nas_ip_address; + case 'cisco': + $calledstationid = $clientmac; + $callingstationid = $clientip; + break; + + default: + $calledstationid = $nas_mac; + $callingstationid = $clientmac; } - $ip_exp=explode(".",$clientip); if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; @@ -208,9 +236,8 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 6+ // output bytes 6+ // output packets 6+ // output gigawords - 2+strlen($nas_ip_address)+ //Called-Station-ID - 2+strlen($clientip)+ //Calling-Station-ID - + 2+strlen($calledstationid)+ //Called-Station-ID + 2+strlen($callingstationid)+ //Calling-Station-ID 6; //Framed-IP-Address if ($interimupdate) @@ -226,22 +253,21 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 6,6,0,0,0,1, // service type 1,2+strlen($username),$username, // username 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier - 5,6,0,0,0,0, // nasPort + 5,6,0,0,0,$nas_port, // nasPort 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,$acctstatustype, // Acct Status Type 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID - 49,6,$radius_term_cause, // Acct Terminate = User Request - 46,6,time() - $start_time, // Session Time + 49,6,$term_cause, // Acct Terminate + 46,6,$session_time, // Session Time 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets 52,6,$input_gigawords, // Input Gigawords 43,6,$output_bytes, // Output Octets 48,6,$output_pkts, // Output Packets 53,6,$output_gigawords, // Output Gigawords - 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID - 31,2+strlen($clientip),$clientip, //Calling-Station-ID - + 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID + 31,2+strlen($callingstationid),$callingstationid, //Calling-Station-ID 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); @@ -256,22 +282,21 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 6,6,0,0,0,1, // service type 1,2+strlen($username),$username, // username 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier - 5,6,0,0,0,0, // nasPort + 5,6,0,0,0,$nas_port, // nasPort 61,6,0,0,0,15, // nasPortType = Ethernet 40,6,0,0,0,$acctstatustype, // Acct Status Type 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID - 49,6,$radius_term_cause, // Acct Terminate = User Request - 46,6,time() - $start_time, // Session Time + 49,6,$term_cause, // Acct Terminate = User Request + 46,6,$session_time, // Session Time 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets 52,6,$input_gigawords, // Input Gigawords 43,6,$output_bytes, // Output Octets 48,6,$output_pkts, // Output Packets 53,6,$output_gigawords, // Output Gigawords - 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID - 31,2+strlen($clientip),$clientip, //Calling-Station-ID - + 30,2+strlen($calledstationid),$calledstationid, //Called-Station-ID + 31,2+strlen($callingstationid),$callingstationid, //Calling-Station-ID 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address ); @@ -301,13 +326,6 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius // See RFC2866 for this. } -function get_nas_ip() { - global $config; - - /* static WAN IP address */ - return $config['interfaces']['wan']['ipaddr']; -} - function gigawords($bytes) { /* We use BCMath functions since normal integers don't work with so large numbers */ diff --git a/captiveportal/radius_authentication.inc b/captiveportal/radius_authentication.inc index af30df1..28ef14c 100644 --- a/captiveportal/radius_authentication.inc +++ b/captiveportal/radius_authentication.inc @@ -1,128 +1,163 @@ - // for use in the m0n0wall distribution http://m0n0.ch/wall/ - // - // Changes include moving from raw sockets to fsockopen - // and the removal of dependency on external conf file - // An existing bug which resulted in a malformed RADIUS packet - // was also fixed and patches submitted to Edwin. This bug would - // have caused authentication to fail on every access. - -function RADIUS_AUTHENTICATION($username,$password,$radiusip,$radiusport,$radiuskey) { - $sharedsecret=$radiuskey ; - # $debug = 1 ; - - exec("/bin/hostname", $nasHostname) ; - if(!$nasHostname[0]) - $nasHostname[0] = "m0n0wall" ; - - $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ; - if(!$fd) - return 1 ; /* error return */ +/* vim: set expandtab tabstop=4 shiftwidth=4: */ +/* +Copyright (c) 2005, Jonathan De Graeve +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The names of the authors may not be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY +OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +This code cannot simply be copied and put under the GNU Public License or +any other GPL-like (LGPL, GPL2) License. + + This code is made possible thx to samples made by Michael Bretterklieber + author of the PHP PECL Radius package + + Changes made include: + * Support for multiple radius servers + * Error Message and Reply Message + * Called-Station-Id,Calling-Station-Id,NAS-Port,NAS-Port-Type + * Different Authentication Methods + +*/ + +require_once("radius.inc"); + +/* +RADIUS AUTHENTICATION +--------------------- +*/ + +function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { + global $config; + + /* Initialisation of variables - Constructor */ + $retvalue = array(); + $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null; + $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); + $nas_port = $ruleno - 10000; + $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + + exec("/bin/hostname", $nasHostname) ; + if(!$nasHostname[0]) + $nasHostname[0] = "m0n0wall" ; + +$rauth = new Auth_RADIUS_PAP($username, $password); + +/* +Add support for more then one radiusserver. +At most 10 servers may be specified. +When multiple servers are given, they are tried in round-robin fashion until a valid response is received +*/ + +foreach ($radiusservers as $radsrv) { + + // Add a new server to our instance + $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - /* set 5 second timeout on socket i/o */ - stream_set_timeout($fd, 5) ; - - if ($debug) - echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; - - $RA=pack("CCCCCCCCCCCCCCCC", // auth code - 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255, - 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255, - 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255, - 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255); - - $encryptedpassword=Encrypt($password,$sharedsecret,$RA); - - $length=4+ // header - 16+ // auth code - 6+ // service type - 2+strlen($username)+ // username - 2+strlen($encryptedpassword)+ // userpassword - 2+strlen($nasHostname[0])+ // nasIdentifier - 6+ // nasPort - 6; // nasPortType - - $thisidentifier=rand()%256; - // v v v v v v v v v - // Line # 1 2 3 4 5 6 7 8 E - $data=pack("CCCCa*CCCCCCCCa*CCa*CCa*CCCCCCCCCCCC", - 1,$thisidentifier,$length/256,$length%256, // header - $RA, // authcode - 6,6,0,0,0,1, // service type - 1,2+strlen($username),$username, // username - 2,2+strlen($encryptedpassword),$encryptedpassword, // userpassword - 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier - 5,6,0,0,0,0, // nasPort - 61,6,0,0,0,15 // nasPortType = Ethernet - ); - - if($debug) { - echo "username is $username with len " . strlen($username) ."\n" ; - echo "encryptedpassword is $encryptedpassword with len " . strlen($encryptedpassword) ."\n" ; - echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ; - } - - $ret = fwrite($fd,$data) ; - if( !$ret || ($ret != $length) ) - return 1; /* error return */ - - if ($debug) - echo "
writing $length bytes
\n"; - - $readdata = fgets($fd,2) ; /* read 1 byte */ - $status = socket_get_status($fd) ; - fclose($fd) ; - - if($status['timed_out']) - $retvalue = 1 ; - else - $retvalue = ord($readdata) ; - - return $retvalue ; +} + +$rauth->username = $username; +$rauth->password = $password; + + +if (!$rauth->start()) { + $retvalue['auth_val'] = 1; + $retvalue['error'] = $rauth->getError(); + if ($debug) + printf("Radius start: %s
\n", $retvalue['error']); +} +else { + + // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius // 2 -> Access-Accept // 3 -> Access-Reject // See RFC2865 for this. -} -function Encrypt($password,$key,$RA) { - global $debug; + /* + * We put our attributes in here + */ - $keyRA=$key.$RA; + switch($radiusvendor) { - if ($debug) - echo "
key: $key
password: $password
\n"; + case 'cisco': + $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $clientmac); + $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientip); + break; - $md5checksum=md5($keyRA); - $output=""; + default: + $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $nas_mac); + $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientmac); + } + + // Default attributes + $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port); + + // Send request + + $result = $rauth->send(); + if (PEAR::isError($result)) { + $retvalue['auth_val'] = 1; + $retvalue['error'] = $result->getMessage(); + if ($debug) + printf("Radius send failed: %s
\n", $retvalue['error']); + } else if ($result === true) { + $retvalue['auth_val'] = 2; + if ($debug) + printf("Radius Auth succeeded
\n"); + } else { + $retvalue['auth_val'] = 3; + if ($debug) + printf("Radius Auth rejected
\n"); + } - for ($i=0;$i<=15;$i++) { - if (2*$i>strlen($md5checksum)) $m=0; else $m=hexdec(substr($md5checksum,2*$i,2)); - if ($i>strlen($keyRA)) $k=0; else $k=ord(substr($keyRA,$i,1)); - if ($i>strlen($password)) $p=0; else $p=ord(substr($password,$i,1)); - $c=$m^$p; - $output.=chr($c); + // Get attributes, even if auth failed. + // We will push the results in the retvalue array + if (!$rauth->getAttributes()) { + $retvalue['error'] = $rauth->getError(); + if ($debug) + printf("Radius getAttributes: No attributes
\n", $retvalue['error']); + } else { + $retvalue = array_merge($retvalue,$rauth->listAttributes()); + if ($debug) { + if (!$rauth->listAttributes()) + printf("No Attributes
\n"); + else + print_r($rauth->listAttributes()); + } + // We convert the session_terminate_time to unixtimestamp if its set before returning the whole array to our caller + if (!empty($retvalue['session_terminate_time'])) { + $stt = &$retvalue['session_terminate_time']; + $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt))); + } } - return $output; + } + + // close OO RADIUS_AUTHENTICATION + $rauth->close(); + + return $retvalue; + } + ?> diff --git a/etc/rc.firmware b/etc/rc.firmware index 2b28070..6a8fea2 100644 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -49,7 +49,14 @@ upgrade) /sbin/umount -f /cf /sbin/mount -r /cf - echo "Done - rebooting system..." - /sbin/reboot + echo "Done - rebooting system..." + + # unset CGI environment variables so as not to confuse PHP + unset CONTENT_TYPE GATEWAY_INTERFACE REMOTE_USER REMOTE_ADDR AUTH_TYPE + unset HTTP_USER_AGENT CONTENT_LENGTH SCRIPT_FILENAME HTTP_HOST + unset SERVER_SOFTWARE HTTP_REFERER SERVER_PROTOCOL REQUEST_METHOD + unset SERVER_PORT SCRIPT_NAME SERVER_NAME + + /etc/rc.cleanreboot ;; esac diff --git a/phpconf/config.xml b/phpconf/config.xml index 85a1c12..ed62bee 100644 --- a/phpconf/config.xml +++ b/phpconf/config.xml @@ -30,6 +30,7 @@ + @@ -222,6 +223,7 @@ public + @@ -264,11 +266,18 @@ none|radius|local + + + + stopstart|interimupdate + + + @@ -276,6 +285,12 @@ + + + + + + --> diff --git a/phpconf/inc/captiveportal.inc b/phpconf/inc/captiveportal.inc index 52e878d..2cbe623 100644 --- a/phpconf/inc/captiveportal.inc +++ b/phpconf/inc/captiveportal.inc @@ -3,7 +3,7 @@ captiveportal.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -37,7 +37,9 @@ /* include all configuration functions */ require_once("functions.inc"); require_once("radius_authentication.inc"); -require_once("radius_accounting.inc") ; +require_once("radius_accounting.inc"); + +$lockfile = "{$g['varrun_path']}/captiveportal.lock"; function captiveportal_configure() { global $config, $g; @@ -65,6 +67,12 @@ function captiveportal_configure() { /* stop accounting on all clients */ captiveportal_radius_stop_all(); + /* initialize minicron interval value */ + $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; + + /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ + if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } + /* remove old information */ unlink_if_exists("{$g['vardb_path']}/captiveportal.nextrule"); unlink_if_exists("{$g['vardb_path']}/captiveportal.db"); @@ -129,6 +137,9 @@ EOD; fwrite($fd, $errtext); fclose($fd); } + + /* write elements */ + captiveportal_write_elements(); /* load rules */ mwexec("/sbin/ipfw -f delete set 1"); @@ -155,9 +166,25 @@ EOD; chdir($g['captiveportal_path']); + if ($config['captiveportal']['maxproc']) + $maxproc = $config['captiveportal']['maxproc']; + else + $maxproc = 16; + + if (isset($config['captiveportal']['maxprocperip']) && + $config['captiveportal']['maxprocperip'] !== "") { + if ($config['captiveportal']['maxprocperip'] == 0) + $maxperiparg = ""; + else + $maxperiparg = "-maxperip " . $config['captiveportal']['maxprocperip']; + } else + $maxperiparg = "-maxperip 4"; + /* start web server */ - mwexec("/usr/local/sbin/mini_httpd -a -M 0 -u root -maxproc 16" . - " -p 8000 -i {$g['varrun_path']}/mini_httpd.cp.pid"); + $cpip = $config['interfaces'][$config['captiveportal']['interface']]['ipaddr']; + mwexec("/usr/local/sbin/mini_httpd -a -M 0 -u root -maxproc $maxproc $maxperiparg" . + " -p 8000 -i {$g['varrun_path']}/mini_httpd.cp.pid" . + " -cpelement {$g['captiveportal_element_path']} $cpip:8000"); /* fire up another one for HTTPS if requested */ if (isset($config['captiveportal']['httpslogin']) && @@ -176,14 +203,17 @@ EOD; fwrite($fd, "\n"); fwrite($fd, $key); fclose($fd); - + + $httpsname = ($config['captiveportal']['httpsname']) ? $config['captiveportal']['httpsname'] : $cpip; + mwexec("/usr/local/sbin/mini_httpd -S -a -M 0 -E {$g['varetc_path']}/cert-portal.pem" . - " -u root -maxproc 16 -p 8001" . - " -i {$g['varrun_path']}/mini_httpd.cps.pid"); + " -u root -maxproc $maxproc $maxperiparg -p 8001" . + " -i {$g['varrun_path']}/mini_httpd.cps.pid" . + " -cpelement {$g['captiveportal_element_path']} $httpsname:8001"); } - /* start pruning process (interval = 60 seconds) */ - mwexec("/usr/local/bin/minicron 60 {$g['varrun_path']}/minicron.pid " . + /* start pruning process (interval defaults to 60 seconds) */ + mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/minicron.pid " . "/etc/rc.prunecaptiveportal"); /* generate passthru mac database */ @@ -195,6 +225,7 @@ EOD; if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || ($config['captiveportal']['auth_method'] == "radius"))) { $radiusip = $config['captiveportal']['radiusip']; + $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; if ($config['captiveportal']['radiusport']) $radiusport = $config['captiveportal']['radiusport']; @@ -206,12 +237,21 @@ EOD; else $radiusacctport = 1813; + if ($config['captiveportal']['radiusport2']) + $radiusport2 = $config['captiveportal']['radiusport2']; + else + $radiusport2 = 1812; + $radiuskey = $config['captiveportal']['radiuskey']; + $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); if (!$fd) { printf("Error: cannot open radius DB file in captiveportal_configure().\n"); return 1; + } else if (isset($radiusip2, $radiuskey2)) { + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" + . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); } else { fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); } @@ -326,12 +366,14 @@ EOD; } /* remove clients that have been around for longer than the specified amount of time */ -/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password */ +/* db file structure: +timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time */ + /* (password is in Base64 and only saved when reauthentication is enabled) */ function captiveportal_prune_old() { global $g, $config; - + /* check for expired entries */ if ($config['captiveportal']['timeout']) $timeout = $config['captiveportal']['timeout'] * 60; @@ -356,22 +398,46 @@ function captiveportal_prune_old() { for ($i = 0; $i < count($cpdb); $i++) { $timedout = false; + $term_cause = 1; /* hard timeout? */ if ($timeout) { - if ((time() - $cpdb[$i][0]) >= $timeout) - $timedout = true; + if ((time() - $cpdb[$i][0]) >= $timeout) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } + } + + /* Session-Terminate-Time */ + if (!$timedout && !empty($cpdb[$i][9])) { + if (time() >= $cpdb[$i][9]) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } } + /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ + $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ if (!$timedout && $idletimeout) { $lastact = captiveportal_get_last_activity($cpdb[$i][1]); - if ($lastact && ((time() - $lastact) >= $idletimeout)) + if ($lastact && ((time() - $lastact) >= $idletimeout)) { $timedout = true; + $term_cause = 4; // Idle-Timeout + $stop_time = $lastact; // Entry added to comply with WISPr + } + } + + /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ + if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) { + if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } } if ($timedout) { - captiveportal_disconnect($cpdb[$i], $radiusservers); + captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); unset($cpdb[$i]); } @@ -390,14 +456,18 @@ function captiveportal_prune_old() { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $cpdb[$i][2]); //clientip + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 10); // NAS Request exec("/sbin/ipfw zero {$cpdb[$i][1]}"); - RADIUS_ACCOUNTING_START($cpdb[$i][4], - $cpdb[$i][5], + RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno + $cpdb[$i][4], // username + $cpdb[$i][5], // sessionid $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $cpdb[$i][2]); + $cpdb[$i][2], // clientip + $cpdb[$i][3]); // clientmac } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno $cpdb[$i][4], // username @@ -406,21 +476,24 @@ function captiveportal_prune_old() { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $cpdb[$i][2], //clientip - true); + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 10, // NAS Request + true); // Interim Updates } } /* check this user against RADIUS again */ - $auth_val = RADIUS_AUTHENTICATION($cpdb[$i][4], - base64_decode($cpdb[$i][6]), - $radiusservers[0]['ipaddr'], - $radiusservers[0]['port'], - $radiusservers[0]['key']); + $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username + base64_decode($cpdb[$i][6]), // password + $radiusservers, + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + $cpdb[$i][1]); // ruleno - if ($auth_val == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT"); + if ($auth_list['auth_val'] == 3) { + captiveportal_disconnect($cpdb[$i], $radiusservers, 17); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); unset($cpdb[$i]); } } @@ -433,9 +506,11 @@ function captiveportal_prune_old() { } /* remove a single client according to the DB entry */ -function captiveportal_disconnect($dbent, $radiusservers) { +function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { global $g, $config; + + $stop_time = (empty($stop_time)) ? time() : $stop_time; /* this client needs to be deleted - remove ipfw rules */ if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { @@ -446,7 +521,11 @@ function captiveportal_disconnect($dbent, $radiusservers) { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $dbent[2]); //clientip + $dbent[2], // clientip + $dbent[3], // clientmac + $term_cause, // Acct-Terminate-Cause + false, + $stop_time); } mwexec("/sbin/ipfw delete " . $dbent[1] . " " . ($dbent[1]+10000)); @@ -461,7 +540,7 @@ function captiveportal_disconnect($dbent, $radiusservers) { } /* remove a single client by ipfw rule number */ -function captiveportal_disconnect_client($id) { +function captiveportal_disconnect_client($id,$term_cause = 1) { global $g, $config; @@ -474,7 +553,7 @@ function captiveportal_disconnect_client($id) { /* find entry */ for ($i = 0; $i < count($cpdb); $i++) { if ($cpdb[$i][1] == $id) { - captiveportal_disconnect($cpdb[$i], $radiusservers); + captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); unset($cpdb[$i]); break; @@ -490,6 +569,9 @@ function captiveportal_disconnect_client($id) { /* send RADIUS acct stop for all current clients */ function captiveportal_radius_stop_all() { global $g, $config; + + if (!isset($config['captiveportal']['radacct_enable'])) + return; captiveportal_lock(); $cpdb = captiveportal_read_db(); @@ -505,7 +587,9 @@ function captiveportal_radius_stop_all() { $radiusservers[0]['ipaddr'], $radiusservers[0]['acctport'], $radiusservers[0]['key'], - $cpdb[$i][2]); //clientip + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 7); // Admin Reboot } } captiveportal_unlock(); @@ -625,107 +709,182 @@ function captiveportal_get_last_activity($ruleno) { return 0; } -/* read captive portal DB into array */ -function captiveportal_read_db() { - - global $g; - - $cpdb = array(); - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - $cpdb[] = explode(",", $line); - } - } - fclose($fd); - } - return $cpdb; -} - -/* write captive portal DB */ -function captiveportal_write_db($cpdb) { - - global $g; - - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { - foreach ($cpdb as $cpent) { - fwrite($fd, join(",", $cpent) . "\n"); - } - fclose($fd); - } -} - /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - - global $g; - - if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { - $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r"); - if ($fd) { - $radiusservers = array(); - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); - $radiusservers[] = $radsrv; - } - } - fclose($fd); - - return $radiusservers; - } - } - - return false; + + global $g; + + if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { + $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r"); + if ($fd) { + $radiusservers = array(); + while (!feof($fd)) { + $line = trim(fgets($fd)); + if ($line) { + $radsrv = array(); + list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); + $radiusservers[] = $radsrv; + } + } + fclose($fd); + + return $radiusservers; + } + } + + return false; } /* lock captive portal information, decide that the lock file is stale after 10 seconds */ function captiveportal_lock() { - - global $g; - - $lockfile = "{$g['varrun_path']}/captiveportal.lock"; - - $n = 0; - while ($n < 10) { - /* open the lock file in append mode to avoid race condition */ - if ($fd = @fopen($lockfile, "x")) { - /* succeeded */ - fclose($fd); - return; - } else { - /* file locked, wait and try again */ - sleep(1); - $n++; - } - } + + global $lockfile; + + $n = 0; + while ($n < 10) { + /* open the lock file in append mode to avoid race condition */ + if ($fd = @fopen($lockfile, "x")) { + /* succeeded */ + fclose($fd); + return; + } else { + /* file locked, wait and try again */ + sleep(1); + $n++; + } + } } -/* unlock configuration file */ +/* unlock captive portal information file */ function captiveportal_unlock() { - - global $g; - - $lockfile = "{$g['varrun_path']}/captiveportal.lock"; - - if (file_exists($lockfile)) - unlink($lockfile); + + global $lockfile; + + if (file_exists($lockfile)) + unlink($lockfile); } /* log successful captive portal authentication to syslog */ /* part of this code from php.net */ -function captiveportal_logportalauth($user,$mac,$ip,$status) { +function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { define_syslog_variables(); + $message = trim($message); openlog("logportalauth", LOG_PID, LOG_LOCAL4); // Log it + if (!$message) syslog(LOG_INFO, "$status: $user, $mac, $ip"); + else + syslog(LOG_INFO, "$status: $user, $mac, $ip, $message"); closelog(); } +function radius($username,$password,$clientip,$clientmac,$type) { + global $g, $config; + + $next_ruleno = get_next_ipfw_ruleno(); + $radiusservers = captiveportal_get_radius_servers(); + $radacct_enable = isset($config['captiveportal']['radacct_enable']); + + $auth_list = RADIUS_AUTHENTICATION($username, + $password, + $radiusservers, + $clientip, + $clientmac, + $next_ruleno); + + if ($auth_list['auth_val'] == 2) { + captiveportal_logportalauth($username,$clientmac,$clientip,$type); + $sessionid = portal_allow($clientip, + $clientmac, + $username, + $password, + $auth_list['session_timeout'], + $auth_list['idle_timeout'], + $auth_list['url_redirection'], + $auth_list['session_terminate_time']); + + if ($radacct_enable) { + $auth_list['acct_val'] = RADIUS_ACCOUNTING_START($next_ruleno, + $username, + $sessionid, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], + $clientip, + $clientmac); + if ($auth_list['acct_val'] == 1) + captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); + } + } + + return $auth_list; + +} + +/* read captive portal DB into array */ +function captiveportal_read_db() { + + global $g; + + $cpdb = array(); + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); + if ($fd) { + while (!feof($fd)) { + $line = trim(fgets($fd)); + if ($line) { + $cpdb[] = explode(",", $line); + } + } + fclose($fd); + } + return $cpdb; +} + +/* write captive portal DB */ +function captiveportal_write_db($cpdb) { + + global $g; + + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); + if ($fd) { + foreach ($cpdb as $cpent) { + fwrite($fd, join(",", $cpent) . "\n"); + } + fclose($fd); + } +} + +function captiveportal_write_elements() { + global $g, $config; + + /* delete any existing elements */ + if (is_dir($g['captiveportal_element_path'])) { + $dh = opendir($g['captiveportal_element_path']); + while (($file = readdir($dh)) !== false) { + if ($file != "." && $file != "..") + unlink($g['captiveportal_element_path'] . "/" . $file); + } + closedir($dh); + } else { + mkdir($g['captiveportal_element_path']); + } + + if (is_array($config['captiveportal']['element'])) { + + foreach ($config['captiveportal']['element'] as $data) { + $fd = @fopen($g['captiveportal_element_path'] . '/' . $data['name'], "wb"); + if (!$fd) { + printf("Error: cannot open '{$data['name']}' in captiveportal_write_elements().\n"); + return 1; + } + $decoded = base64_decode($data['content']); + fwrite($fd,$decoded); + fclose($fd); + } + } + + return 0; +} + ?> diff --git a/phpconf/inc/config.inc b/phpconf/inc/config.inc index 71f4b26..e6636ac 100644 --- a/phpconf/inc/config.inc +++ b/phpconf/inc/config.inc @@ -3,7 +3,7 @@ config.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -634,6 +634,9 @@ function config_install($conffile) { if (!file_exists($conffile)) return 1; + if (!config_validate($conffile)) + return 1; + config_lock(); conf_mount_rw(); @@ -645,6 +648,32 @@ function config_install($conffile) { return 0; } +function config_validate($conffile) { + + global $g, $xmlerr; + + $xml_parser = xml_parser_create(); + + if (!($fp = fopen($conffile, "r"))) { + $xmlerr = "XML error: unable to open file"; + return false; + } + + while ($data = fread($fp, 4096)) { + if (!xml_parse($xml_parser, $data, feof($fp))) { + $xmlerr = sprintf("%s at line %d", + xml_error_string(xml_get_error_code($xml_parser)), + xml_get_current_line_number($xml_parser)); + return false; + } + } + xml_parser_free($xml_parser); + + fclose($fp); + + return true; +} + /* lock configuration file, decide that the lock file is stale after 10 seconds */ function config_lock() { diff --git a/phpconf/inc/filter.inc b/phpconf/inc/filter.inc index a85da2e..d08a1e1 100644 --- a/phpconf/inc/filter.inc +++ b/phpconf/inc/filter.inc @@ -3,7 +3,7 @@ filter.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/inc/functions.inc b/phpconf/inc/functions.inc index a23a37a..863d828 100644 --- a/phpconf/inc/functions.inc +++ b/phpconf/inc/functions.inc @@ -3,7 +3,7 @@ functions.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,6 +29,8 @@ */ /* include all configuration functions */ +require_once("globals.inc"); +require_once("config.inc"); require_once("system.inc"); require_once("interfaces.inc"); require_once("services.inc"); @@ -36,5 +38,6 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("vpn.inc"); require_once("captiveportal.inc"); +require_once("util.inc"); ?> diff --git a/phpconf/inc/globals.inc b/phpconf/inc/globals.inc index 14be2c8..0102739 100644 --- a/phpconf/inc/globals.inc +++ b/phpconf/inc/globals.inc @@ -3,7 +3,7 @@ globals.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,6 +42,8 @@ $g = array( "cf_conf_path" => "/cf/conf", "www_path" => "/usr/local/www", "captiveportal_path" => "/usr/local/captiveportal", + "captiveportal_element_path" => "/var/db/cpelements", + "captiveportal_element_sizelimit" => 262144, "xml_rootobj" => "m0n0wall", "pppoe_interface" => "ng0", "n_pptp_units" => 16, diff --git a/phpconf/inc/interfaces.inc b/phpconf/inc/interfaces.inc index 0dc5e5e..a928fe9 100644 --- a/phpconf/inc/interfaces.inc +++ b/phpconf/inc/interfaces.inc @@ -3,7 +3,7 @@ interfaces.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -826,4 +826,14 @@ function get_current_wan_address() { } } +function get_interface_mac($interface) { + + /* build interface list with netstat */ + exec("/usr/bin/netstat -I $interface -nW -f link", $linkinfo); + array_shift($linkinfo); + $alink = preg_split("/\s+/", $linkinfo[0]); + $mac = chop($alink[3]); + return $mac; +} + ?> diff --git a/phpconf/inc/pear.inc b/phpconf/inc/pear.inc new file mode 100644 index 0000000..a1967b8 --- /dev/null +++ b/phpconf/inc/pear.inc @@ -0,0 +1,1055 @@ + | +// | Stig Bakken | +// | Tomas V.V.Cox | +// +--------------------------------------------------------------------+ +// +// $Id: PEAR.php,v 1.50.2.19 2005/03/28 16:56:58 cellog Exp $ +// + +define('PEAR_ERROR_RETURN', 1); +define('PEAR_ERROR_PRINT', 2); +define('PEAR_ERROR_TRIGGER', 4); +define('PEAR_ERROR_DIE', 8); +define('PEAR_ERROR_CALLBACK', 16); +/** + * WARNING: obsolete + * @deprecated + */ +define('PEAR_ERROR_EXCEPTION', 32); +define('PEAR_ZE2', (function_exists('version_compare') && + version_compare(zend_version(), "2-dev", "ge"))); + +if (substr(PHP_OS, 0, 3) == 'WIN') { + define('OS_WINDOWS', true); + define('OS_UNIX', false); + define('PEAR_OS', 'Windows'); +} else { + define('OS_WINDOWS', false); + define('OS_UNIX', true); + define('PEAR_OS', 'Unix'); // blatant assumption +} + +// instant backwards compatibility +if (!defined('PATH_SEPARATOR')) { + if (OS_WINDOWS) { + define('PATH_SEPARATOR', ';'); + } else { + define('PATH_SEPARATOR', ':'); + } +} + +$GLOBALS['_PEAR_default_error_mode'] = PEAR_ERROR_RETURN; +$GLOBALS['_PEAR_default_error_options'] = E_USER_NOTICE; +$GLOBALS['_PEAR_destructor_object_list'] = array(); +$GLOBALS['_PEAR_shutdown_funcs'] = array(); +$GLOBALS['_PEAR_error_handler_stack'] = array(); + +@ini_set('track_errors', true); + +/** + * Base class for other PEAR classes. Provides rudimentary + * emulation of destructors. + * + * If you want a destructor in your class, inherit PEAR and make a + * destructor method called _yourclassname (same name as the + * constructor, but with a "_" prefix). Also, in your constructor you + * have to call the PEAR constructor: $this->PEAR();. + * The destructor method will be called without parameters. Note that + * at in some SAPI implementations (such as Apache), any output during + * the request shutdown (in which destructors are called) seems to be + * discarded. If you need to get any debug information from your + * destructor, use error_log(), syslog() or something similar. + * + * IMPORTANT! To use the emulated destructors you need to create the + * objects by reference: $obj =& new PEAR_child; + * + * @since PHP 4.0.2 + * @author Stig Bakken + * @see http://pear.php.net/manual/ + */ +class PEAR +{ + // {{{ properties + + /** + * Whether to enable internal debug messages. + * + * @var bool + * @access private + */ + var $_debug = false; + + /** + * Default error mode for this object. + * + * @var int + * @access private + */ + var $_default_error_mode = null; + + /** + * Default error options used for this object when error mode + * is PEAR_ERROR_TRIGGER. + * + * @var int + * @access private + */ + var $_default_error_options = null; + + /** + * Default error handler (callback) for this object, if error mode is + * PEAR_ERROR_CALLBACK. + * + * @var string + * @access private + */ + var $_default_error_handler = ''; + + /** + * Which class to use for error objects. + * + * @var string + * @access private + */ + var $_error_class = 'PEAR_Error'; + + /** + * An array of expected errors. + * + * @var array + * @access private + */ + var $_expected_errors = array(); + + // }}} + + // {{{ constructor + + /** + * Constructor. Registers this object in + * $_PEAR_destructor_object_list for destructor emulation if a + * destructor object exists. + * + * @param string $error_class (optional) which class to use for + * error objects, defaults to PEAR_Error. + * @access public + * @return void + */ + function PEAR($error_class = null) + { + $classname = strtolower(get_class($this)); + if ($this->_debug) { + print "PEAR constructor called, class=$classname\n"; + } + if ($error_class !== null) { + $this->_error_class = $error_class; + } + while ($classname && strcasecmp($classname, "pear")) { + $destructor = "_$classname"; + if (method_exists($this, $destructor)) { + global $_PEAR_destructor_object_list; + $_PEAR_destructor_object_list[] = &$this; + if (!isset($GLOBALS['_PEAR_SHUTDOWN_REGISTERED'])) { + register_shutdown_function("_PEAR_call_destructors"); + $GLOBALS['_PEAR_SHUTDOWN_REGISTERED'] = true; + } + break; + } else { + $classname = get_parent_class($classname); + } + } + } + + // }}} + // {{{ destructor + + /** + * Destructor (the emulated type of...). Does nothing right now, + * but is included for forward compatibility, so subclass + * destructors should always call it. + * + * See the note in the class desciption about output from + * destructors. + * + * @access public + * @return void + */ + function _PEAR() { + if ($this->_debug) { + printf("PEAR destructor called, class=%s\n", strtolower(get_class($this))); + } + } + + // }}} + // {{{ getStaticProperty() + + /** + * If you have a class that's mostly/entirely static, and you need static + * properties, you can use this method to simulate them. Eg. in your method(s) + * do this: $myVar = &PEAR::getStaticProperty('myclass', 'myVar'); + * You MUST use a reference, or they will not persist! + * + * @access public + * @param string $class The calling classname, to prevent clashes + * @param string $var The variable to retrieve. + * @return mixed A reference to the variable. If not set it will be + * auto initialised to NULL. + */ + function &getStaticProperty($class, $var) + { + static $properties; + return $properties[$class][$var]; + } + + // }}} + // {{{ registerShutdownFunc() + + /** + * Use this function to register a shutdown method for static + * classes. + * + * @access public + * @param mixed $func The function name (or array of class/method) to call + * @param mixed $args The arguments to pass to the function + * @return void + */ + function registerShutdownFunc($func, $args = array()) + { + $GLOBALS['_PEAR_shutdown_funcs'][] = array($func, $args); + } + + // }}} + // {{{ isError() + + /** + * Tell whether a value is a PEAR error. + * + * @param mixed $data the value to test + * @param int $code if $data is an error object, return true + * only if $code is a string and + * $obj->getMessage() == $code or + * $code is an integer and $obj->getCode() == $code + * @access public + * @return bool true if parameter is an error + */ + function isError($data, $code = null) + { + if (is_a($data, 'PEAR_Error')) { + if (is_null($code)) { + return true; + } elseif (is_string($code)) { + return $data->getMessage() == $code; + } else { + return $data->getCode() == $code; + } + } + return false; + } + + // }}} + // {{{ setErrorHandling() + + /** + * Sets how errors generated by this object should be handled. + * Can be invoked both in objects and statically. If called + * statically, setErrorHandling sets the default behaviour for all + * PEAR objects. If called in an object, setErrorHandling sets + * the default behaviour for that object. + * + * @param int $mode + * One of PEAR_ERROR_RETURN, PEAR_ERROR_PRINT, + * PEAR_ERROR_TRIGGER, PEAR_ERROR_DIE, + * PEAR_ERROR_CALLBACK or PEAR_ERROR_EXCEPTION. + * + * @param mixed $options + * When $mode is PEAR_ERROR_TRIGGER, this is the error level (one + * of E_USER_NOTICE, E_USER_WARNING or E_USER_ERROR). + * + * When $mode is PEAR_ERROR_CALLBACK, this parameter is expected + * to be the callback function or method. A callback + * function is a string with the name of the function, a + * callback method is an array of two elements: the element + * at index 0 is the object, and the element at index 1 is + * the name of the method to call in the object. + * + * When $mode is PEAR_ERROR_PRINT or PEAR_ERROR_DIE, this is + * a printf format string used when printing the error + * message. + * + * @access public + * @return void + * @see PEAR_ERROR_RETURN + * @see PEAR_ERROR_PRINT + * @see PEAR_ERROR_TRIGGER + * @see PEAR_ERROR_DIE + * @see PEAR_ERROR_CALLBACK + * @see PEAR_ERROR_EXCEPTION + * + * @since PHP 4.0.5 + */ + + function setErrorHandling($mode = null, $options = null) + { + if (isset($this) && is_a($this, 'PEAR')) { + $setmode = &$this->_default_error_mode; + $setoptions = &$this->_default_error_options; + } else { + $setmode = &$GLOBALS['_PEAR_default_error_mode']; + $setoptions = &$GLOBALS['_PEAR_default_error_options']; + } + + switch ($mode) { + case PEAR_ERROR_EXCEPTION: + case PEAR_ERROR_RETURN: + case PEAR_ERROR_PRINT: + case PEAR_ERROR_TRIGGER: + case PEAR_ERROR_DIE: + case null: + $setmode = $mode; + $setoptions = $options; + break; + + case PEAR_ERROR_CALLBACK: + $setmode = $mode; + // class/object method callback + if (is_callable($options)) { + $setoptions = $options; + } else { + trigger_error("invalid error callback", E_USER_WARNING); + } + break; + + default: + trigger_error("invalid error mode", E_USER_WARNING); + break; + } + } + + // }}} + // {{{ expectError() + + /** + * This method is used to tell which errors you expect to get. + * Expected errors are always returned with error mode + * PEAR_ERROR_RETURN. Expected error codes are stored in a stack, + * and this method pushes a new element onto it. The list of + * expected errors are in effect until they are popped off the + * stack with the popExpect() method. + * + * Note that this method can not be called statically + * + * @param mixed $code a single error code or an array of error codes to expect + * + * @return int the new depth of the "expected errors" stack + * @access public + */ + function expectError($code = '*') + { + if (is_array($code)) { + array_push($this->_expected_errors, $code); + } else { + array_push($this->_expected_errors, array($code)); + } + return sizeof($this->_expected_errors); + } + + // }}} + // {{{ popExpect() + + /** + * This method pops one element off the expected error codes + * stack. + * + * @return array the list of error codes that were popped + */ + function popExpect() + { + return array_pop($this->_expected_errors); + } + + // }}} + // {{{ _checkDelExpect() + + /** + * This method checks unsets an error code if available + * + * @param mixed error code + * @return bool true if the error code was unset, false otherwise + * @access private + * @since PHP 4.3.0 + */ + function _checkDelExpect($error_code) + { + $deleted = false; + + foreach ($this->_expected_errors AS $key => $error_array) { + if (in_array($error_code, $error_array)) { + unset($this->_expected_errors[$key][array_search($error_code, $error_array)]); + $deleted = true; + } + + // clean up empty arrays + if (0 == count($this->_expected_errors[$key])) { + unset($this->_expected_errors[$key]); + } + } + return $deleted; + } + + // }}} + // {{{ delExpect() + + /** + * This method deletes all occurences of the specified element from + * the expected error codes stack. + * + * @param mixed $error_code error code that should be deleted + * @return mixed list of error codes that were deleted or error + * @access public + * @since PHP 4.3.0 + */ + function delExpect($error_code) + { + $deleted = false; + + if ((is_array($error_code) && (0 != count($error_code)))) { + // $error_code is a non-empty array here; + // we walk through it trying to unset all + // values + foreach($error_code as $key => $error) { + if ($this->_checkDelExpect($error)) { + $deleted = true; + } else { + $deleted = false; + } + } + return $deleted ? true : PEAR::raiseError("The expected error you submitted does not exist"); // IMPROVE ME + } elseif (!empty($error_code)) { + // $error_code comes alone, trying to unset it + if ($this->_checkDelExpect($error_code)) { + return true; + } else { + return PEAR::raiseError("The expected error you submitted does not exist"); // IMPROVE ME + } + } else { + // $error_code is empty + return PEAR::raiseError("The expected error you submitted is empty"); // IMPROVE ME + } + } + + // }}} + // {{{ raiseError() + + /** + * This method is a wrapper that returns an instance of the + * configured error class with this object's default error + * handling applied. If the $mode and $options parameters are not + * specified, the object's defaults are used. + * + * @param mixed $message a text error message or a PEAR error object + * + * @param int $code a numeric error code (it is up to your class + * to define these if you want to use codes) + * + * @param int $mode One of PEAR_ERROR_RETURN, PEAR_ERROR_PRINT, + * PEAR_ERROR_TRIGGER, PEAR_ERROR_DIE, + * PEAR_ERROR_CALLBACK, PEAR_ERROR_EXCEPTION. + * + * @param mixed $options If $mode is PEAR_ERROR_TRIGGER, this parameter + * specifies the PHP-internal error level (one of + * E_USER_NOTICE, E_USER_WARNING or E_USER_ERROR). + * If $mode is PEAR_ERROR_CALLBACK, this + * parameter specifies the callback function or + * method. In other error modes this parameter + * is ignored. + * + * @param string $userinfo If you need to pass along for example debug + * information, this parameter is meant for that. + * + * @param string $error_class The returned error object will be + * instantiated from this class, if specified. + * + * @param bool $skipmsg If true, raiseError will only pass error codes, + * the error message parameter will be dropped. + * + * @access public + * @return object a PEAR error object + * @see PEAR::setErrorHandling + * @since PHP 4.0.5 + */ + function raiseError($message = null, + $code = null, + $mode = null, + $options = null, + $userinfo = null, + $error_class = null, + $skipmsg = false) + { + // The error is yet a PEAR error object + if (is_object($message)) { + $code = $message->getCode(); + $userinfo = $message->getUserInfo(); + $error_class = $message->getType(); + $message->error_message_prefix = ''; + $message = $message->getMessage(); + } + + if (isset($this) && isset($this->_expected_errors) && sizeof($this->_expected_errors) > 0 && sizeof($exp = end($this->_expected_errors))) { + if ($exp[0] == "*" || + (is_int(reset($exp)) && in_array($code, $exp)) || + (is_string(reset($exp)) && in_array($message, $exp))) { + $mode = PEAR_ERROR_RETURN; + } + } + // No mode given, try global ones + if ($mode === null) { + // Class error handler + if (isset($this) && isset($this->_default_error_mode)) { + $mode = $this->_default_error_mode; + $options = $this->_default_error_options; + // Global error handler + } elseif (isset($GLOBALS['_PEAR_default_error_mode'])) { + $mode = $GLOBALS['_PEAR_default_error_mode']; + $options = $GLOBALS['_PEAR_default_error_options']; + } + } + + if ($error_class !== null) { + $ec = $error_class; + } elseif (isset($this) && isset($this->_error_class)) { + $ec = $this->_error_class; + } else { + $ec = 'PEAR_Error'; + } + if ($skipmsg) { + return new $ec($code, $mode, $options, $userinfo); + } else { + return new $ec($message, $code, $mode, $options, $userinfo); + } + } + + // }}} + // {{{ throwError() + + /** + * Simpler form of raiseError with fewer options. In most cases + * message, code and userinfo are enough. + * + * @param string $message + * + */ + function throwError($message = null, + $code = null, + $userinfo = null) + { + if (isset($this) && is_a($this, 'PEAR')) { + return $this->raiseError($message, $code, null, null, $userinfo); + } else { + return PEAR::raiseError($message, $code, null, null, $userinfo); + } + } + + // }}} + function staticPushErrorHandling($mode, $options = null) + { + $stack = &$GLOBALS['_PEAR_error_handler_stack']; + $def_mode = &$GLOBALS['_PEAR_default_error_mode']; + $def_options = &$GLOBALS['_PEAR_default_error_options']; + $stack[] = array($def_mode, $def_options); + switch ($mode) { + case PEAR_ERROR_EXCEPTION: + case PEAR_ERROR_RETURN: + case PEAR_ERROR_PRINT: + case PEAR_ERROR_TRIGGER: + case PEAR_ERROR_DIE: + case null: + $def_mode = $mode; + $def_options = $options; + break; + + case PEAR_ERROR_CALLBACK: + $def_mode = $mode; + // class/object method callback + if (is_callable($options)) { + $def_options = $options; + } else { + trigger_error("invalid error callback", E_USER_WARNING); + } + break; + + default: + trigger_error("invalid error mode", E_USER_WARNING); + break; + } + $stack[] = array($mode, $options); + return true; + } + + function staticPopErrorHandling() + { + $stack = &$GLOBALS['_PEAR_error_handler_stack']; + $setmode = &$GLOBALS['_PEAR_default_error_mode']; + $setoptions = &$GLOBALS['_PEAR_default_error_options']; + array_pop($stack); + list($mode, $options) = $stack[sizeof($stack) - 1]; + array_pop($stack); + switch ($mode) { + case PEAR_ERROR_EXCEPTION: + case PEAR_ERROR_RETURN: + case PEAR_ERROR_PRINT: + case PEAR_ERROR_TRIGGER: + case PEAR_ERROR_DIE: + case null: + $setmode = $mode; + $setoptions = $options; + break; + + case PEAR_ERROR_CALLBACK: + $setmode = $mode; + // class/object method callback + if (is_callable($options)) { + $setoptions = $options; + } else { + trigger_error("invalid error callback", E_USER_WARNING); + } + break; + + default: + trigger_error("invalid error mode", E_USER_WARNING); + break; + } + return true; + } + + // {{{ pushErrorHandling() + + /** + * Push a new error handler on top of the error handler options stack. With this + * you can easily override the actual error handler for some code and restore + * it later with popErrorHandling. + * + * @param mixed $mode (same as setErrorHandling) + * @param mixed $options (same as setErrorHandling) + * + * @return bool Always true + * + * @see PEAR::setErrorHandling + */ + function pushErrorHandling($mode, $options = null) + { + $stack = &$GLOBALS['_PEAR_error_handler_stack']; + if (isset($this) && is_a($this, 'PEAR')) { + $def_mode = &$this->_default_error_mode; + $def_options = &$this->_default_error_options; + } else { + $def_mode = &$GLOBALS['_PEAR_default_error_mode']; + $def_options = &$GLOBALS['_PEAR_default_error_options']; + } + $stack[] = array($def_mode, $def_options); + + if (isset($this) && is_a($this, 'PEAR')) { + $this->setErrorHandling($mode, $options); + } else { + PEAR::setErrorHandling($mode, $options); + } + $stack[] = array($mode, $options); + return true; + } + + // }}} + // {{{ popErrorHandling() + + /** + * Pop the last error handler used + * + * @return bool Always true + * + * @see PEAR::pushErrorHandling + */ + function popErrorHandling() + { + $stack = &$GLOBALS['_PEAR_error_handler_stack']; + array_pop($stack); + list($mode, $options) = $stack[sizeof($stack) - 1]; + array_pop($stack); + if (isset($this) && is_a($this, 'PEAR')) { + $this->setErrorHandling($mode, $options); + } else { + PEAR::setErrorHandling($mode, $options); + } + return true; + } + + // }}} + // {{{ loadExtension() + + /** + * OS independant PHP extension load. Remember to take care + * on the correct extension name for case sensitive OSes. + * + * @param string $ext The extension name + * @return bool Success or not on the dl() call + */ + function loadExtension($ext) + { + if (!extension_loaded($ext)) { + // if either returns true dl() will produce a FATAL error, stop that + if ((ini_get('enable_dl') != 1) || (ini_get('safe_mode') == 1)) { + return false; + } + if (OS_WINDOWS) { + $suffix = '.dll'; + } elseif (PHP_OS == 'HP-UX') { + $suffix = '.sl'; + } elseif (PHP_OS == 'AIX') { + $suffix = '.a'; + } elseif (PHP_OS == 'OSX') { + $suffix = '.bundle'; + } else { + $suffix = '.so'; + } + return @dl('php_'.$ext.$suffix) || @dl($ext.$suffix); + } + return true; + } + + // }}} +} + +// {{{ _PEAR_call_destructors() + +function _PEAR_call_destructors() +{ + global $_PEAR_destructor_object_list; + if (is_array($_PEAR_destructor_object_list) && + sizeof($_PEAR_destructor_object_list)) + { + reset($_PEAR_destructor_object_list); + if (@PEAR::getStaticProperty('PEAR', 'destructlifo')) { + $_PEAR_destructor_object_list = array_reverse($_PEAR_destructor_object_list); + } + while (list($k, $objref) = each($_PEAR_destructor_object_list)) { + $classname = get_class($objref); + while ($classname) { + $destructor = "_$classname"; + if (method_exists($objref, $destructor)) { + $objref->$destructor(); + break; + } else { + $classname = get_parent_class($classname); + } + } + } + // Empty the object list to ensure that destructors are + // not called more than once. + $_PEAR_destructor_object_list = array(); + } + + // Now call the shutdown functions + if (is_array($GLOBALS['_PEAR_shutdown_funcs']) AND !empty($GLOBALS['_PEAR_shutdown_funcs'])) { + foreach ($GLOBALS['_PEAR_shutdown_funcs'] as $value) { + call_user_func_array($value[0], $value[1]); + } + } +} + +// }}} + +class PEAR_Error +{ + // {{{ properties + + var $error_message_prefix = ''; + var $mode = PEAR_ERROR_RETURN; + var $level = E_USER_NOTICE; + var $code = -1; + var $message = ''; + var $userinfo = ''; + var $backtrace = null; + + // }}} + // {{{ constructor + + /** + * PEAR_Error constructor + * + * @param string $message message + * + * @param int $code (optional) error code + * + * @param int $mode (optional) error mode, one of: PEAR_ERROR_RETURN, + * PEAR_ERROR_PRINT, PEAR_ERROR_DIE, PEAR_ERROR_TRIGGER, + * PEAR_ERROR_CALLBACK or PEAR_ERROR_EXCEPTION + * + * @param mixed $options (optional) error level, _OR_ in the case of + * PEAR_ERROR_CALLBACK, the callback function or object/method + * tuple. + * + * @param string $userinfo (optional) additional user/debug info + * + * @access public + * + */ + function PEAR_Error($message = 'unknown error', $code = null, + $mode = null, $options = null, $userinfo = null) + { + if ($mode === null) { + $mode = PEAR_ERROR_RETURN; + } + $this->message = $message; + $this->code = $code; + $this->mode = $mode; + $this->userinfo = $userinfo; + if (function_exists("debug_backtrace")) { + if (@!PEAR::getStaticProperty('PEAR_Error', 'skiptrace')) { + $this->backtrace = debug_backtrace(); + } + } + if ($mode & PEAR_ERROR_CALLBACK) { + $this->level = E_USER_NOTICE; + $this->callback = $options; + } else { + if ($options === null) { + $options = E_USER_NOTICE; + } + $this->level = $options; + $this->callback = null; + } + if ($this->mode & PEAR_ERROR_PRINT) { + if (is_null($options) || is_int($options)) { + $format = "%s"; + } else { + $format = $options; + } + printf($format, $this->getMessage()); + } + if ($this->mode & PEAR_ERROR_TRIGGER) { + trigger_error($this->getMessage(), $this->level); + } + if ($this->mode & PEAR_ERROR_DIE) { + $msg = $this->getMessage(); + if (is_null($options) || is_int($options)) { + $format = "%s"; + if (substr($msg, -1) != "\n") { + $msg .= "\n"; + } + } else { + $format = $options; + } + die(sprintf($format, $msg)); + } + if ($this->mode & PEAR_ERROR_CALLBACK) { + if (is_callable($this->callback)) { + call_user_func($this->callback, $this); + } + } + if ($this->mode & PEAR_ERROR_EXCEPTION) { + trigger_error("PEAR_ERROR_EXCEPTION is obsolete, use class PEAR_ErrorStack for exceptions", E_USER_WARNING); + eval('$e = new Exception($this->message, $this->code);$e->PEAR_Error = $this;throw($e);'); + } + } + + // }}} + // {{{ getMode() + + /** + * Get the error mode from an error object. + * + * @return int error mode + * @access public + */ + function getMode() { + return $this->mode; + } + + // }}} + // {{{ getCallback() + + /** + * Get the callback function/method from an error object. + * + * @return mixed callback function or object/method array + * @access public + */ + function getCallback() { + return $this->callback; + } + + // }}} + // {{{ getMessage() + + + /** + * Get the error message from an error object. + * + * @return string full error message + * @access public + */ + function getMessage() + { + return ($this->error_message_prefix . $this->message); + } + + + // }}} + // {{{ getCode() + + /** + * Get error code from an error object + * + * @return int error code + * @access public + */ + function getCode() + { + return $this->code; + } + + // }}} + // {{{ getType() + + /** + * Get the name of this error/exception. + * + * @return string error/exception name (type) + * @access public + */ + function getType() + { + return get_class($this); + } + + // }}} + // {{{ getUserInfo() + + /** + * Get additional user-supplied information. + * + * @return string user-supplied information + * @access public + */ + function getUserInfo() + { + return $this->userinfo; + } + + // }}} + // {{{ getDebugInfo() + + /** + * Get additional debug information supplied by the application. + * + * @return string debug information + * @access public + */ + function getDebugInfo() + { + return $this->getUserInfo(); + } + + // }}} + // {{{ getBacktrace() + + /** + * Get the call backtrace from where the error was generated. + * Supported with PHP 4.3.0 or newer. + * + * @param int $frame (optional) what frame to fetch + * @return array Backtrace, or NULL if not available. + * @access public + */ + function getBacktrace($frame = null) + { + if ($frame === null) { + return $this->backtrace; + } + return $this->backtrace[$frame]; + } + + // }}} + // {{{ addUserInfo() + + function addUserInfo($info) + { + if (empty($this->userinfo)) { + $this->userinfo = $info; + } else { + $this->userinfo .= " ** $info"; + } + } + + // }}} + // {{{ toString() + + /** + * Make a string representation of this object. + * + * @return string a string with an object summary + * @access public + */ + function toString() { + $modes = array(); + $levels = array(E_USER_NOTICE => 'notice', + E_USER_WARNING => 'warning', + E_USER_ERROR => 'error'); + if ($this->mode & PEAR_ERROR_CALLBACK) { + if (is_array($this->callback)) { + $callback = (is_object($this->callback[0]) ? + strtolower(get_class($this->callback[0])) : + $this->callback[0]) . '::' . + $this->callback[1]; + } else { + $callback = $this->callback; + } + return sprintf('[%s: message="%s" code=%d mode=callback '. + 'callback=%s prefix="%s" info="%s"]', + strtolower(get_class($this)), $this->message, $this->code, + $callback, $this->error_message_prefix, + $this->userinfo); + } + if ($this->mode & PEAR_ERROR_PRINT) { + $modes[] = 'print'; + } + if ($this->mode & PEAR_ERROR_TRIGGER) { + $modes[] = 'trigger'; + } + if ($this->mode & PEAR_ERROR_DIE) { + $modes[] = 'die'; + } + if ($this->mode & PEAR_ERROR_RETURN) { + $modes[] = 'return'; + } + return sprintf('[%s: message="%s" code=%d mode=%s level=%s '. + 'prefix="%s" info="%s"]', + strtolower(get_class($this)), $this->message, $this->code, + implode("|", $modes), $levels[$this->level], + $this->error_message_prefix, + $this->userinfo); + } + + // }}} +} + +/* + * Local Variables: + * mode: php + * tab-width: 4 + * c-basic-offset: 4 + * End: + */ +?> diff --git a/phpconf/inc/radius.inc b/phpconf/inc/radius.inc new file mode 100644 index 0000000..842cd2a --- /dev/null +++ b/phpconf/inc/radius.inc @@ -0,0 +1,1094 @@ + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The names of the authors may not be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY +OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +This code cannot simply be copied and put under the GNU Public License or +any other GPL-like (LGPL, GPL2) License. + + $Id: RADIUS.php,v 1.5 2004/03/25 15:48:40 mbretter Exp $ + + This version of RADIUS.php has been modified by + Jonathan De Graeve to integrate with M0n0wall + + $Id_jdg: 2005/12/22 14:22:42 + + Changes made include: + * StandardAttributes for M0n0wall use + * Removed internal Session-Id creation + * Adding of ReplyMessage to getAttributes() + * Adding of listAttributes() + * Adding of VENDOR Bay Networks (Nortel) + * Adding of VENDOR Nomadix + * Adding of VENDOR WISPr (Wi-Fi Alliance) + +*/ + +require_once("pear.inc"); + +/** +* Client implementation of RADIUS. This are wrapper classes for +* the RADIUS PECL. +* Provides RADIUS Authentication (RFC2865) and RADIUS Accounting (RFC2866). +* +* @package Auth_RADIUS +* @author Michael Bretterklieber +* @access public +* @version $Revision: 1.5 $ +*/ + +PEAR::loadExtension('radius'); + +/** + * class Auth_RADIUS + * + * Abstract base class for RADIUS + * + * @package Auth_RADIUS + */ +class Auth_RADIUS extends PEAR { + + /** + * List of RADIUS servers. + * @var array + * @see addServer(), putServer() + */ + var $_servers = array(); + + /** + * Path to the configuration-file. + * @var string + * @see setConfigFile() + */ + var $_configfile = null; + + /** + * Resource. + * @var resource + * @see open(), close() + */ + var $res = null; + + /** + * Username for authentication and accounting requests. + * @var string + */ + var $username = null; + + /** + * Password for plaintext-authentication (PAP). + * @var string + */ + var $password = null; + + /** + * List of known attributes. + * @var array + * @see dumpAttributes(), getAttributes() + */ + var $attributes = array(); + + /** + * List of raw attributes. + * @var array + * @see dumpAttributes(), getAttributes() + */ + var $rawAttributes = array(); + + /** + * List of raw vendor specific attributes. + * @var array + * @see dumpAttributes(), getAttributes() + */ + var $rawVendorAttributes = array(); + + /** + * Constructor + * + * Loads the RADIUS PECL/extension + * + * @return void + */ + function Auth_RADIUS() + { + $this->PEAR(); + } + + /** + * Adds a RADIUS server to the list of servers for requests. + * + * At most 10 servers may be specified. When multiple servers + * are given, they are tried in round-robin fashion until a + * valid response is received + * + * @access public + * @param string $servername Servername or IP-Address + * @param integer $port Portnumber + * @param string $sharedSecret Shared secret + * @param integer $timeout Timeout for each request + * @param integer $maxtries Max. retries for each request + * @return void + */ + function addServer($servername = 'localhost', $port = 0, $sharedSecret = 'testing123', $timeout = 5, $maxtries = 3) + { + $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries); + } + + /** + * Returns an error message, if an error occurred. + * + * @access public + * @return string + */ + function getError() + { + return radius_strerror($this->res); + } + + /** + * Sets the configuration-file. + * + * @access public + * @param string $file Path to the configuration file + * @return void + */ + function setConfigfile($file) + { + $this->_configfile = $file; + } + + /** + * Puts an attribute. + * + * @access public + * @param integer $attrib Attribute-number + * @param mixed $port Attribute-value + * @param type $type Attribute-type + * @return bool true on success, false on error + */ + function putAttribute($attrib, $value, $type = null) + { + if ($type == null) { + $type = gettype($value); + } + + switch ($type) { + case 'integer': + return radius_put_int($this->res, $attrib, $value); + + case 'addr': + return radius_put_addr($this->res, $attrib, $value); + + case 'string': + default: + return radius_put_attr($this->res, $attrib, $value); + } + + } + + /** + * Puts a vendor-specific attribute. + * + * @access public + * @param integer $vendor Vendor (MSoft, Cisco, ...) + * @param integer $attrib Attribute-number + * @param mixed $port Attribute-value + * @param type $type Attribute-type + * @return bool true on success, false on error + */ + function putVendorAttribute($vendor, $attrib, $value, $type = null) + { + + if ($type == null) { + $type = gettype($value); + } + + switch ($type) { + case 'integer': + return radius_put_vendor_int($this->res, $vendor, $attrib, $value); + + case 'addr': + return radius_put_vendor_addr($this->res, $vendor,$attrib, $value); + + case 'string': + default: + return radius_put_vendor_attr($this->res, $vendor, $attrib, $value); + } + + } + + /** + * Prints known attributes received from the server. + * + * @access public + */ + function dumpAttributes() + { + foreach ($this->attributes as $name => $data) { + echo "$name:$data
\n"; + } + } + + /** + * Return our know attributes array received from the server. + * + * @access public + */ + function listAttributes() + { + return $this->attributes; + } + + /** + * Overwrite this. + * + * @access public + */ + function open() + { + } + + /** + * Overwrite this. + * + * @access public + */ + function createRequest() + { + } + + /** + * Puts standard attributes. + * + * @access public + */ + function putStandardAttributes() + { + $this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); + $this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); + } + + /** + * Puts custom attributes. + * + * @access public + */ + function putAuthAttributes() + { + if (isset($this->username)) { + $this->putAttribute(RADIUS_USER_NAME, $this->username); + } + } + + /** + * Configures the radius library. + * + * @access public + * @param string $servername Servername or IP-Address + * @param integer $port Portnumber + * @param string $sharedSecret Shared secret + * @param integer $timeout Timeout for each request + * @param integer $maxtries Max. retries for each request + * @return bool true on success, false on error + * @see addServer() + */ + function putServer($servername, $port = 0, $sharedsecret = 'testing123', $timeout = 3, $maxtries = 3) + { + if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) { + return false; + } + return true; + } + + /** + * Configures the radius library via external configurationfile + * + * @access public + * @param string $servername Servername or IP-Address + * @return bool true on success, false on error + */ + function putConfigfile($file) + { + if (!radius_config($this->res, $file)) { + return false; + } + return true; + } + + /** + * Initiates a RADIUS request. + * + * @access public + * @return bool true on success, false on errors + */ + function start() + { + if (!$this->open()) { + return false; + } + + foreach ($this->_servers as $s) { + // Servername, port, sharedsecret, timeout, retries + if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) { + return false; + } + } + + if (!empty($this->_configfile)) { + if (!$this->putConfigfile($this->_configfile)) { + return false; + } + } + + $this->createRequest(); + $this->putStandardAttributes(); + $this->putAuthAttributes(); + return true; + } + + /** + * Sends a prepared RADIUS request and waits for a response + * + * @access public + * @return mixed true on success, false on reject, PEAR_Error on error + */ + function send() + { + $req = radius_send_request($this->res); + if (!$req) { + return $this->raiseError('Error sending request: ' . $this->getError()); + } + + switch($req) { + case RADIUS_ACCESS_ACCEPT: + if (is_subclass_of($this, 'auth_radius_acct')) { + return $this->raiseError('RADIUS_ACCESS_ACCEPT is unexpected for accounting'); + } + return true; + + case RADIUS_ACCESS_REJECT: + return false; + + case RADIUS_ACCOUNTING_RESPONSE: + if (is_subclass_of($this, 'auth_radius_pap')) { + return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication'); + } + return true; + + default: + return $this->raiseError("Unexpected return value: $req"); + } + + } + + /** + * Reads all received attributes after sending the request. + * + * This methos stores know attributes in the property attributes, + * all attributes (including known attibutes) are stored in rawAttributes + * or rawVendorAttributes. + * NOTE: call this functio also even if the request was rejected, because the + * Server returns usualy an errormessage + * + * @access public + * @return bool true on success, false on error + */ + function getAttributes() + { + + while ($attrib = radius_get_attr($this->res)) { + + if (!is_array($attrib)) { + return false; + } + + $attr = $attrib['attr']; + $data = $attrib['data']; + + $this->rawAttributes[$attr] = $data; + + switch ($attr) { + case RADIUS_FRAMED_IP_ADDRESS: + $this->attributes['framed_ip'] = radius_cvt_addr($data); + break; + + case RADIUS_FRAMED_IP_NETMASK: + $this->attributes['framed_mask'] = radius_cvt_addr($data); + break; + + case RADIUS_FRAMED_MTU: + $this->attributes['framed_mtu'] = radius_cvt_int($data); + break; + + case RADIUS_FRAMED_COMPRESSION: + $this->attributes['framed_compression'] = radius_cvt_int($data); + break; + + case RADIUS_SESSION_TIMEOUT: + $this->attributes['session_timeout'] = radius_cvt_int($data); + break; + + case RADIUS_IDLE_TIMEOUT: + $this->attributes['idle_timeout'] = radius_cvt_int($data); + break; + + case RADIUS_SERVICE_TYPE: + $this->attributes['service_type'] = radius_cvt_int($data); + break; + + case RADIUS_CLASS: + $this->attributes['class'] = radius_cvt_int($data); + break; + + case RADIUS_FRAMED_PROTOCOL: + $this->attributes['framed_protocol'] = radius_cvt_int($data); + break; + + case RADIUS_FRAMED_ROUTING: + $this->attributes['framed_routing'] = radius_cvt_int($data); + break; + + case RADIUS_FILTER_ID: + $this->attributes['filter_id'] = radius_cvt_string($data); + break; + + case RADIUS_REPLY_MESSAGE: + $this->attributes['reply_message'] = radius_cvt_string($data); + break; + + case RADIUS_VENDOR_SPECIFIC: + $attribv = radius_get_vendor_attr($data); + if (!is_array($attribv)) { + return false; + } + + $vendor = $attribv['vendor']; + $attrv = $attribv['attr']; + $datav = $attribv['data']; + + $this->rawVendorAttributes[$vendor][$attrv] = $datav; + + if ($vendor == RADIUS_VENDOR_MICROSOFT) { + + switch ($attrv) { + case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS: + $this->attributes['ms_chap2_success'] = radius_cvt_string($datav); + break; + + case RADIUS_MICROSOFT_MS_CHAP_ERROR: + $this->attributes['ms_chap_error'] = radius_cvt_string(substr($datav,1)); + break; + + case RADIUS_MICROSOFT_MS_CHAP_DOMAIN: + $this->attributes['ms_chap_domain'] = radius_cvt_string($datav); + break; + + case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: + $this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav); + break; + + case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: + $this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav); + break; + + case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS: + $demangled = radius_demangle($this->res, $datav); + $this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8); + $this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN); + break; + + case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY: + $this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav); + break; + + case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY: + $this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav); + break; + + case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER: + $this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav); + break; + } + } + + if ($vendor == RADIUS_VENDOR_BAY) { + + switch ($attrv) { + case RADIUS_BAY_CES_GROUP: + $this->attributes['ces_group'] = radius_cvt_string($datav); + break; + } + } + + if ($vendor == 3309) { /* RADIUS_VENDOR_NOMADIX */ + + switch ($attrv) { + case 1: /* RADIUS_NOMADIX_BW_UP */ + $this->attributes['bw_up'] = radius_cvt_int($datav); + break; + case 2: /* RADIUS_NOMADIX_BW_DOWN */ + $this->attributes['bw_down'] = radius_cvt_int($datav); + break; + case 3: /* RADIUS_NOMADIX_URL_REDIRECTION */ + $this->attributes['url_redirection'] = radius_cvt_string($datav); + break; + case 5: /* RADIUS_NOMADIX_EXPIRATION */ + $this->attributes['expiration'] = radius_cvt_string($datav); + break; + case 7: /* RADIUS_NOMADIX_MAXBYTESUP */ + $this->attributes['maxbytesup'] = radius_cvt_int($datav); + break; + case 8: /* RADIUS_NOMADIX_MAXBYTESDOWN */ + $this->attributes['maxbytesdown'] = radius_cvt_int($datav); + break; + case 10: /* RADIUS_NOMADIX_LOGOFF_URL */ + $this->attributes['url_logoff'] = radius_cvt_string($datav); + break; + } + } + + if ($vendor == 14122) { /* RADIUS_VENDOR_WISPr Wi-Fi Alliance */ + + switch ($attrv) { + case 1: /* WISPr-Location-ID */ + $this->attributes['location_id'] = radius_cvt_string($datav); + break; + case 2: /* WISPr-Location-Name */ + $this->attributes['location_name'] = radius_cvt_string($datav); + break; + case 3: /* WISPr-Logoff-URL */ + $this->attributes['url_logoff'] = radius_cvt_string($datav); + break; + case 4: /* WISPr-Redirection-URL */ + $this->attributes['url_redirection'] = radius_cvt_string($datav); + break; + case 5: /* WISPr-Bandwidth-Min-Up */ + $this->attributes['bw_minbytesup'] = radius_cvt_int($datav); + break; + case 6: /* WISPr-Bandwidth-Min-Down */ + $this->attributes['bw_minbytesdown'] = radius_cvt_int($datav); + break; + case 7: /* WIPSr-Bandwidth-Max-Up */ + $this->attributes['bw_maxbytesup'] = radius_cvt_int($datav); + break; + case 8: /* WISPr-Bandwidth-Max-Down */ + $this->attributes['bw_maxbytesdown'] = radius_cvt_int($datav); + break; + case 9: /* WISPr-Session-Terminate-Time */ + $this->attributes['session_terminate_time'] = radius_cvt_string($datav); + break; + case 10: /* WISPr-Session-Terminate-End-Of-Day */ + $this->attributes['session_terminate_endofday'] = radius_cvt_int($datav); + break; + case 11: /* WISPr-Billing-Class-Of-Service */ + $this->attributes['billing_class_of_service'] = radius_cvt_string($datav); + break; + } + } + + break; + + } + } + + return true; + } + + /** + * Frees resources. + * + * Calling this method is always a good idea, because all security relevant + * attributes are filled with Nullbytes to leave nothing in the mem. + * + * @access public + */ + function close() + { + if ($this->res != null) { + radius_close($this->res); + $this->res = null; + } + $this->username = str_repeat("\0", strlen($this->username)); + $this->password = str_repeat("\0", strlen($this->password)); + } + +} + +/** + * class Auth_RADIUS_PAP + * + * Class for authenticating using PAP (Plaintext) + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_PAP extends Auth_RADIUS +{ + + /** + * Constructor + * + * @param string $username Username + * @param string $password Password + * @return void + */ + function Auth_RADIUS_PAP($username = null, $password = null) + { + $this->Auth_RADIUS(); + $this->username = $username; + $this->password = $password; + } + + /** + * Creates a RADIUS resource + * + * Creates a RADIUS resource for authentication. This should be the first + * call before you make any other things with the library. + * + * @return bool true on success, false on error + */ + function open() + { + $this->res = radius_auth_open(); + if (!$this->res) { + return false; + } + return true; + } + + /** + * Creates an authentication request + * + * Creates an authentication request. + * You MUST call this method before you can put any attribute + * + * @return bool true on success, false on error + */ + function createRequest() + { + if (!radius_create_request($this->res, RADIUS_ACCESS_REQUEST)) { + return false; + } + return true; + } + + /** + * Put authentication specific attributes + * + * @return void + */ + function putAuthAttributes() + { + if (isset($this->username)) { + $this->putAttribute(RADIUS_USER_NAME, $this->username); + } + if (isset($this->password)) { + $this->putAttribute(RADIUS_USER_PASSWORD, $this->password); + } + } + +} + +/** + * class Auth_RADIUS_CHAP_MD5 + * + * Class for authenticating using CHAP-MD5 see RFC1994. + * Instead og the plaintext password the challenge and + * the response are needed. + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_CHAP_MD5 extends Auth_RADIUS_PAP +{ + /** + * 8 Bytes binary challenge + * @var string + */ + var $challenge = null; + + /** + * 16 Bytes MD5 response binary + * @var string + */ + var $response = null; + + /** + * Id of the authentication request. Should incremented after every request. + * @var integer + */ + var $chapid = 1; + + /** + * Constructor + * + * @param string $username Username + * @param string $challenge 8 Bytes Challenge (binary) + * @param integer $chapid Requestnumber + * @return void + */ + function Auth_RADIUS_CHAP_MD5($username = null, $challenge = null, $chapid = 1) + { + $this->Auth_RADIUS_PAP(); + $this->username = $username; + $this->challenge = $challenge; + $this->chapid = $chapid; + } + + /** + * Put CHAP-MD5 specific attributes + * + * For authenticating using CHAP-MD5 via RADIUS you have to put the challenge + * and the response. The chapid is inserted in the first byte of the response. + * + * @return void + */ + function putAuthAttributes() + { + if (isset($this->username)) { + $this->putAttribute(RADIUS_USER_NAME, $this->username); + } + if (isset($this->response)) { + $response = pack('C', $this->chapid) . $this->response; + $this->putAttribute(RADIUS_CHAP_PASSWORD, $response); + } + if (isset($this->challenge)) { + $this->putAttribute(RADIUS_CHAP_CHALLENGE, $this->challenge); + } + } + + /** + * Frees resources. + * + * Calling this method is always a good idea, because all security relevant + * attributes are filled with Nullbytes to leave nothing in the mem. + * + * @access public + */ + function close() + { + Auth_RADIUS_PAP::close(); + $this->challenge = str_repeat("\0", strlen($this->challenge)); + $this->response = str_repeat("\0", strlen($this->response)); + } + +} + +/** + * class Auth_RADIUS_MSCHAPv1 + * + * Class for authenticating using MS-CHAPv1 see RFC2433 + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_MSCHAPv1 extends Auth_RADIUS_CHAP_MD5 +{ + /** + * LAN-Manager-Response + * @var string + */ + var $lmResponse = null; + + /** + * Wether using deprecated LM-Responses or not. + * 0 = use LM-Response, 1 = use NT-Response + * @var bool + */ + var $flags = 1; + + /** + * Put MS-CHAPv1 specific attributes + * + * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge + * and the response. The response has this structure: + * struct rad_mschapvalue { + * u_char ident; + * u_char flags; + * u_char lm_response[24]; + * u_char response[24]; + * }; + * + * @return void + */ + function putAuthAttributes() + { + if (isset($this->username)) { + $this->putAttribute(RADIUS_USER_NAME, $this->username); + } + if (isset($this->response) || isset($this->lmResponse)) { + $lmResp = isset($this->lmResponse) ? $this->lmResponse : str_repeat ("\0", 24); + $ntResp = isset($this->response) ? $this->response : str_repeat ("\0", 24); + $resp = pack('CC', $this->chapid, $this->flags) . $lmResp . $ntResp; + $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp); + } + if (isset($this->challenge)) { + $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge); + } + } +} + +/** + * class Auth_RADIUS_MSCHAPv2 + * + * Class for authenticating using MS-CHAPv2 see RFC2759 + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_MSCHAPv2 extends Auth_RADIUS_MSCHAPv1 +{ + /** + * 16 Bytes binary challenge + * @var string + */ + var $challenge = null; + + /** + * 16 Bytes binary Peer Challenge + * @var string + */ + var $peerChallenge = null; + + /** + * Put MS-CHAPv2 specific attributes + * + * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge + * and the response. The response has this structure: + * struct rad_mschapv2value { + * u_char ident; + * u_char flags; + * u_char pchallenge[16]; + * u_char reserved[8]; + * u_char response[24]; + * }; + * where pchallenge is the peer challenge. Like for MS-CHAPv1 we set the flags field to 1. + * @return void + */ + function putAuthAttributes() + { + if (isset($this->username)) { + $this->putAttribute(RADIUS_USER_NAME, $this->username); + } + if (isset($this->response) && isset($this->peerChallenge)) { + // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response + $resp = pack('CCa16a8a24',$this->chapid , 1, $this->peerChallenge, str_repeat("\0", 8), $this->response); + $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp); + } + if (isset($this->challenge)) { + $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge); + } + } + + /** + * Frees resources. + * + * Calling this method is always a good idea, because all security relevant + * attributes are filled with Nullbytes to leave nothing in the mem. + * + * @access public + */ + function close() + { + Auth_RADIUS_MSCHAPv1::close(); + $this->peerChallenge = str_repeat("\0", strlen($this->peerChallenge)); + } +} + +/** + * class Auth_RADIUS_Acct + * + * Class for RADIUS accounting + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_Acct extends Auth_RADIUS +{ + /** + * Defines where the Authentication was made, possible values are: + * RADIUS_AUTH_RADIUS, RADIUS_AUTH_LOCAL, RADIUS_AUTH_REMOTE + * @var integer + */ + var $authentic = null; + + /** + * Defines the type of the accounting request, on of: + * RADIUS_START, RADIUS_STOP, RADIUS_ACCOUNTING_ON, RADIUS_ACCOUNTING_OFF + * @var integer + */ + var $status_type = null; + + /** + * The time the user was logged in in seconds + * @var integer + */ + var $session_time = null; + + /** + * A uniq identifier for the session of the user, maybe the PHP-Session-Id + * @var string + */ + var $session_id = null; + + /** + * Constructor + * + * This function is disabled for M0n0wall since we use our own session_id + * + * Generates a predefined session_id. We use the Remote-Address, the PID, and the Current user. + * @return void + * + function Auth_RADIUS_Acct() + { + $this->Auth_RADIUS(); + + if (isset($_SERVER)) { + $var = &$_SERVER; + } else { + $var = &$GLOBALS['HTTP_SERVER_VARS']; + } + + $this->session_id = sprintf("%s:%d-%s", isset($var['REMOTE_ADDR']) ? $var['REMOTE_ADDR'] : '127.0.0.1' , getmypid(), get_current_user()); + } + */ + + /** + * Constructor + * + */ + + function Auth_RADIUS_Acct() + { + $this->Auth_RADIUS(); + } + + /** + * Creates a RADIUS resource + * + * Creates a RADIUS resource for accounting. This should be the first + * call before you make any other things with the library. + * + * @return bool true on success, false on error + */ + function open() + { + $this->res = radius_acct_open(); + if (!$this->res) { + return false; + } + return true; + } + + /** + * Creates an accounting request + * + * Creates an accounting request. + * You MUST call this method before you can put any attribute. + * + * @return bool true on success, false on error + */ + function createRequest() + { + if (!radius_create_request($this->res, RADIUS_ACCOUNTING_REQUEST)) { + return false; + } + return true; + } + + /** + * Put attributes for accounting. + * + * Here we put some accounting values. There many more attributes for accounting, + * but for web-applications only certain attributes make sense. + * @return void + */ + function putAuthAttributes() + { + $this->putAttribute(RADIUS_ACCT_SESSION_ID, $this->session_id); + $this->putAttribute(RADIUS_ACCT_STATUS_TYPE, $this->status_type); + if (isset($this->session_time) && $this->status_type == RADIUS_STOP) { + $this->putAttribute(RADIUS_ACCT_SESSION_TIME, $this->session_time); + } + if (isset($this->authentic)) { + $this->putAttribute(RADIUS_ACCT_AUTHENTIC, $this->authentic); + } + + } + +} + +/** + * class Auth_RADIUS_Acct_Start + * + * Class for RADIUS accounting. Its usualy used, after the user has logged in. + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_Acct_Start extends Auth_RADIUS_Acct +{ + /** + * Defines the type of the accounting request. + * It is set to RADIUS_START by default in this class. + * @var integer + */ + var $status_type = RADIUS_START; +} + +/** + * class Auth_RADIUS_Acct_Start + * + * Class for RADIUS accounting. Its usualy used, after the user has logged out. + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_Acct_Stop extends Auth_RADIUS_Acct +{ + /** + * Defines the type of the accounting request. + * It is set to RADIUS_STOP by default in this class. + * @var integer + */ + var $status_type = RADIUS_STOP; +} + +if (!defined('RADIUS_UPDATE')) + define('RADIUS_UPDATE', 3); + +/** + * class Auth_RADIUS_Acct_Update + * + * Class for interim RADIUS accounting updates. + * + * @package Auth_RADIUS + */ +class Auth_RADIUS_Acct_Update extends Auth_RADIUS_Acct +{ + /** + * Defines the type of the accounting request. + * It is set to RADIUS_UPDATE by default in this class. + * @var integer + */ + var $status_type = RADIUS_UPDATE; +} + +?> diff --git a/phpconf/inc/services.inc b/phpconf/inc/services.inc index d27fe6a..94f1ed8 100644 --- a/phpconf/inc/services.inc +++ b/phpconf/inc/services.inc @@ -3,7 +3,7 @@ services.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -418,6 +418,10 @@ rocommunity "{$config['snmpd']['rocommunity']}" EOD; + if (isset($config['snmpd']['bindlan'])) { + $snmpdconf .= "agentaddress udp:161@{$config['interfaces']['lan']['ipaddr']}\n"; + } + fwrite($fd, $snmpdconf); fclose($fd); diff --git a/phpconf/inc/shaper.inc b/phpconf/inc/shaper.inc index 9a75edf..30ea152 100644 --- a/phpconf/inc/shaper.inc +++ b/phpconf/inc/shaper.inc @@ -3,7 +3,7 @@ shaper.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/inc/system.inc b/phpconf/inc/system.inc index 4c397b1..24636d4 100644 --- a/phpconf/inc/system.inc +++ b/phpconf/inc/system.inc @@ -3,7 +3,7 @@ system.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/inc/util.inc b/phpconf/inc/util.inc index bafc28f..ed8f4dd 100644 --- a/phpconf/inc/util.inc +++ b/phpconf/inc/util.inc @@ -3,7 +3,7 @@ util.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,6 +46,11 @@ function killbyname($procname) { return mwexec("/usr/bin/killall " . escapeshellarg($procname)); } +/* kill a process by name */ +function sigkillbyname($procname, $sig) { + return mwexec("/usr/bin/killall -{$sig} " . escapeshellarg($procname)); +} + /* return the subnet address given a host address and a subnet bit count */ function gen_subnet($ipaddr, $bits) { if (!is_ipaddr($ipaddr) || !is_numeric($bits)) diff --git a/phpconf/inc/vpn.inc b/phpconf/inc/vpn.inc index b89f239..6716485 100644 --- a/phpconf/inc/vpn.inc +++ b/phpconf/inc/vpn.inc @@ -3,7 +3,7 @@ vpn.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -50,13 +50,13 @@ function vpn_ipsec_configure($ipchg = false) { echo "Configuring IPsec VPN... "; } else { /* kill racoon */ - killbypid("{$g['varrun_path']}/racoon.pid"); + killbyname("racoon"); /* wait for process to die */ sleep(2); /* send a SIGKILL to be sure */ - sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL"); + sigkillbyname("racoon", "KILL"); } /* flush SPD and SAD */ diff --git a/phpconf/inc/xmlparse.inc b/phpconf/inc/xmlparse.inc index a6067b4..e66b656 100644 --- a/phpconf/inc/xmlparse.inc +++ b/phpconf/inc/xmlparse.inc @@ -4,7 +4,7 @@ functions to parse/dump configuration files in XML format part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -33,7 +33,7 @@ $listtags = explode(" ", "rule user key dnsserver winsserver " . "encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " . "staticmap route alias pipe queue shellcmd cacert earlyshellcmd mobilekey " . - "servernat proxyarpnet passthrumac allowedip wolentry vlan domainoverrides"); + "servernat proxyarpnet passthrumac allowedip wolentry vlan domainoverrides element"); function startElement($parser, $name, $attrs) { global $depth, $curpath, $config, $havedata, $listtags; @@ -139,6 +139,8 @@ function parse_xml_config($cffile, $rootobj) { die("XML error: no $rootobj object found!\n"); } + fclose($fp); + return $config[$rootobj]; } diff --git a/phpconf/rc.banner b/phpconf/rc.banner index 6fc23f5..d1df62b 100644 --- a/phpconf/rc.banner +++ b/phpconf/rc.banner @@ -4,7 +4,7 @@ rc.banner part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -41,7 +41,7 @@ *** This is m0n0wall, version {$version} built on {$buildtime} for {$g['fullplatform']} - Copyright (C) 2002-2005 by Manuel Kasper. All rights reserved. + Copyright (C) 2002-2006 by Manuel Kasper. All rights reserved. Visit http://m0n0.ch/wall for updates. diff --git a/phpconf/rc.bootup b/phpconf/rc.bootup index f3ef1d9..f5ab3e7 100644 --- a/phpconf/rc.bootup +++ b/phpconf/rc.bootup @@ -4,7 +4,7 @@ rc.bootup part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.cleanreboot b/phpconf/rc.cleanreboot new file mode 100644 index 0000000..c7051b3 --- /dev/null +++ b/phpconf/rc.cleanreboot @@ -0,0 +1,37 @@ +#!/usr/local/bin/php -f +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("functions.inc"); + +system_reboot_sync(); + +?> diff --git a/phpconf/rc.initial.defaults b/phpconf/rc.initial.defaults index c3c30c7..2ef0cbf 100644 --- a/phpconf/rc.initial.defaults +++ b/phpconf/rc.initial.defaults @@ -4,7 +4,7 @@ rc.initial.defaults part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.password b/phpconf/rc.initial.password index 9d79811..fb0d180 100644 --- a/phpconf/rc.initial.password +++ b/phpconf/rc.initial.password @@ -4,7 +4,7 @@ rc.initial.password part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.ping b/phpconf/rc.initial.ping index 760a16c..3cca874 100644 --- a/phpconf/rc.initial.ping +++ b/phpconf/rc.initial.ping @@ -4,7 +4,7 @@ rc.initial.ping part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.reboot b/phpconf/rc.initial.reboot index 5c3b9ef..a19d32f 100644 --- a/phpconf/rc.initial.reboot +++ b/phpconf/rc.initial.reboot @@ -4,7 +4,7 @@ rc.initial.reboot part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.setlanip b/phpconf/rc.initial.setlanip index a5196ee..95be165 100644 --- a/phpconf/rc.initial.setlanip +++ b/phpconf/rc.initial.setlanip @@ -4,7 +4,7 @@ rc.initial.setlanip part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.initial.setports b/phpconf/rc.initial.setports index e08b574..edfddc8 100644 --- a/phpconf/rc.initial.setports +++ b/phpconf/rc.initial.setports @@ -4,7 +4,7 @@ rc.initial.setports part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.newwanip b/phpconf/rc.newwanip index 6868cfd..28dfb6a 100644 --- a/phpconf/rc.newwanip +++ b/phpconf/rc.newwanip @@ -4,7 +4,7 @@ rc.newwanip part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/phpconf/rc.prunecaptiveportal b/phpconf/rc.prunecaptiveportal index 39e7b7e..b207a5b 100644 --- a/phpconf/rc.prunecaptiveportal +++ b/phpconf/rc.prunecaptiveportal @@ -4,7 +4,7 @@ rc.prunecaptiveportal part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_backup.php b/webgui/diag_backup.php index 0ebe120..0332d8f 100644 --- a/webgui/diag_backup.php +++ b/webgui/diag_backup.php @@ -4,7 +4,7 @@ diag_backup.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -64,7 +64,10 @@ if ($_POST) { system_reboot(); $savemsg = "The configuration has been restored. The firewall is now rebooting."; } else { - $input_errors[] = "The configuration could not be restored."; + $errstr = "The configuration could not be restored."; + if ($xmlerr) + $errstr .= " (XML error: $xmlerr)"; + $input_errors[] = $errstr; } } else { $input_errors[] = "The configuration could not be restored (file upload error)."; diff --git a/webgui/diag_defaults.php b/webgui/diag_defaults.php index cd92302..f29d1c5 100644 --- a/webgui/diag_defaults.php +++ b/webgui/diag_defaults.php @@ -4,7 +4,7 @@ diag_defaults.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_ipfstat.php b/webgui/diag_ipfstat.php index 808badf..62735de 100644 --- a/webgui/diag_ipfstat.php +++ b/webgui/diag_ipfstat.php @@ -4,7 +4,7 @@ diag_ipfstat.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2005 Paul Taylor (paultaylor@winndixie.com) and Manuel Kasper . + Copyright (C) 2005-2006 Paul Taylor (paultaylor@winndixie.com) and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_ipsec_sad.php b/webgui/diag_ipsec_sad.php index 45377be..266992e 100644 --- a/webgui/diag_ipsec_sad.php +++ b/webgui/diag_ipsec_sad.php @@ -4,7 +4,7 @@ diag_ipsec_sad.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_ipsec_spd.php b/webgui/diag_ipsec_spd.php index 74db399..7e591ca 100644 --- a/webgui/diag_ipsec_spd.php +++ b/webgui/diag_ipsec_spd.php @@ -4,7 +4,7 @@ diag_ipsec_spd.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs.php b/webgui/diag_logs.php index c566b95..20b40e3 100644 --- a/webgui/diag_logs.php +++ b/webgui/diag_logs.php @@ -4,7 +4,7 @@ diag_logs.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs_dhcp.php b/webgui/diag_logs_dhcp.php index f43433c..5d13c2a 100644 --- a/webgui/diag_logs_dhcp.php +++ b/webgui/diag_logs_dhcp.php @@ -4,7 +4,7 @@ diag_logs_dhcp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs_filter.php b/webgui/diag_logs_filter.php index d6b8ea3..a04b56e 100644 --- a/webgui/diag_logs_filter.php +++ b/webgui/diag_logs_filter.php @@ -4,7 +4,7 @@ diag_logs_filter.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs_portal.php b/webgui/diag_logs_portal.php index 6b66e57..bec712c 100644 --- a/webgui/diag_logs_portal.php +++ b/webgui/diag_logs_portal.php @@ -4,7 +4,7 @@ diag_logs_portal.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs_settings.php b/webgui/diag_logs_settings.php index c60f5d0..10ff40b 100644 --- a/webgui/diag_logs_settings.php +++ b/webgui/diag_logs_settings.php @@ -4,7 +4,7 @@ diag_logs_settings.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_logs_vpn.php b/webgui/diag_logs_vpn.php index 22b881f..470da4a 100644 --- a/webgui/diag_logs_vpn.php +++ b/webgui/diag_logs_vpn.php @@ -4,7 +4,7 @@ diag_logs_vpn.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_ping.php b/webgui/diag_ping.php index f4e6c0a..56ce8cb 100644 --- a/webgui/diag_ping.php +++ b/webgui/diag_ping.php @@ -4,7 +4,7 @@ diag_ping.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Bob Zoller (bob@kludgebox.com) and Manuel Kasper . + Copyright (C) 2003-2006 Bob Zoller (bob@kludgebox.com) and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_resetstate.php b/webgui/diag_resetstate.php index f55b0af..5d4d830 100644 --- a/webgui/diag_resetstate.php +++ b/webgui/diag_resetstate.php @@ -4,7 +4,7 @@ diag_resetstate.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/diag_traceroute.php b/webgui/diag_traceroute.php index 69a534d..4be1d92 100644 --- a/webgui/diag_traceroute.php +++ b/webgui/diag_traceroute.php @@ -4,7 +4,7 @@ diag_traceroute.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2005 Paul Taylor (paultaylor@winndixie.com) and Manuel Kasper . + Copyright (C) 2005-2006 Paul Taylor (paultaylor@winndixie.com) and Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/exec_raw.php b/webgui/exec_raw.php index bccdc23..cf97345 100644 --- a/webgui/exec_raw.php +++ b/webgui/exec_raw.php @@ -4,7 +4,7 @@ exec_raw.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/fend.inc b/webgui/fend.inc index c88a50c..2d96527 100644 --- a/webgui/fend.inc +++ b/webgui/fend.inc @@ -1,7 +1,7 @@ - m0n0wall is © 2002-2005 by Manuel Kasper. + m0n0wall is © 2002-2006 by Manuel Kasper. All rights reserved.  [view license] diff --git a/webgui/firewall_aliases.php b/webgui/firewall_aliases.php index 2429421..e1e6447 100644 --- a/webgui/firewall_aliases.php +++ b/webgui/firewall_aliases.php @@ -4,7 +4,7 @@ firewall_aliases.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_aliases_edit.php b/webgui/firewall_aliases_edit.php index 81c27a3..f2c3d0e 100644 --- a/webgui/firewall_aliases_edit.php +++ b/webgui/firewall_aliases_edit.php @@ -4,7 +4,7 @@ firewall_aliases_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat.php b/webgui/firewall_nat.php index 9c084e2..1af50e4 100644 --- a/webgui/firewall_nat.php +++ b/webgui/firewall_nat.php @@ -4,7 +4,7 @@ firewall_nat.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_1to1.php b/webgui/firewall_nat_1to1.php index 9aa91d7..511bcc6 100644 --- a/webgui/firewall_nat_1to1.php +++ b/webgui/firewall_nat_1to1.php @@ -4,7 +4,7 @@ firewall_nat_1to1.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_1to1_edit.php b/webgui/firewall_nat_1to1_edit.php index 07c061b..e6d6754 100644 --- a/webgui/firewall_nat_1to1_edit.php +++ b/webgui/firewall_nat_1to1_edit.php @@ -4,7 +4,7 @@ firewall_nat_1to1_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_edit.php b/webgui/firewall_nat_edit.php index a5731db..059d8b9 100644 --- a/webgui/firewall_nat_edit.php +++ b/webgui/firewall_nat_edit.php @@ -4,7 +4,7 @@ firewall_nat_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_out.php b/webgui/firewall_nat_out.php index e4a5da5..fdd875c 100644 --- a/webgui/firewall_nat_out.php +++ b/webgui/firewall_nat_out.php @@ -4,7 +4,7 @@ firewall_nat_out.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_out_edit.php b/webgui/firewall_nat_out_edit.php index d446822..61b6386 100644 --- a/webgui/firewall_nat_out_edit.php +++ b/webgui/firewall_nat_out_edit.php @@ -4,7 +4,7 @@ firewall_nat_out_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_server.php b/webgui/firewall_nat_server.php index 9c0998f..45f21eb 100644 --- a/webgui/firewall_nat_server.php +++ b/webgui/firewall_nat_server.php @@ -4,7 +4,7 @@ firewall_nat_server.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_nat_server_edit.php b/webgui/firewall_nat_server_edit.php index 67e4c05..e059485 100644 --- a/webgui/firewall_nat_server_edit.php +++ b/webgui/firewall_nat_server_edit.php @@ -4,7 +4,7 @@ firewall_nat_server_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_rules.php b/webgui/firewall_rules.php index 3173986..bbd0af9 100644 --- a/webgui/firewall_rules.php +++ b/webgui/firewall_rules.php @@ -4,7 +4,7 @@ firewall_rules.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_rules_edit.php b/webgui/firewall_rules_edit.php index 43139af..5d6829e 100644 --- a/webgui/firewall_rules_edit.php +++ b/webgui/firewall_rules_edit.php @@ -4,7 +4,7 @@ firewall_rules_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper.php b/webgui/firewall_shaper.php index c5e48be..7037cd8 100644 --- a/webgui/firewall_shaper.php +++ b/webgui/firewall_shaper.php @@ -4,7 +4,7 @@ firewall_shaper.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper_edit.php b/webgui/firewall_shaper_edit.php index 305ca9c..1248b35 100644 --- a/webgui/firewall_shaper_edit.php +++ b/webgui/firewall_shaper_edit.php @@ -4,7 +4,7 @@ firewall_shaper_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper_pipes.php b/webgui/firewall_shaper_pipes.php index 75aea79..fdaf271 100644 --- a/webgui/firewall_shaper_pipes.php +++ b/webgui/firewall_shaper_pipes.php @@ -4,7 +4,7 @@ firewall_shaper_pipes.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper_pipes_edit.php b/webgui/firewall_shaper_pipes_edit.php index 4248de0..2b6cf72 100644 --- a/webgui/firewall_shaper_pipes_edit.php +++ b/webgui/firewall_shaper_pipes_edit.php @@ -4,7 +4,7 @@ firewall_shaper_pipes_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper_queues.php b/webgui/firewall_shaper_queues.php index 11306d2..9389a2e 100644 --- a/webgui/firewall_shaper_queues.php +++ b/webgui/firewall_shaper_queues.php @@ -4,7 +4,7 @@ firewall_shaper_queues.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/firewall_shaper_queues_edit.php b/webgui/firewall_shaper_queues_edit.php index b97d49d..564b467 100644 --- a/webgui/firewall_shaper_queues_edit.php +++ b/webgui/firewall_shaper_queues_edit.php @@ -4,7 +4,7 @@ firewall_shaper_queues_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/graph.php b/webgui/graph.php index 2703a69..f7ff104 100644 --- a/webgui/graph.php +++ b/webgui/graph.php @@ -4,7 +4,8 @@ graph.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2004-2005 T. Lechat and Manuel Kasper . + Copyright (C) 2004-2006 T. Lechat , Manuel Kasper + and Jonathan Watt . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,297 +30,322 @@ POSSIBILITY OF SUCH DAMAGE. */ -// VERSION 1.0.4 +header("Content-type: image/svg+xml"); /********** HTTP GET Based Conf ***********/ -$ifnum=@$_GET["ifnum"]; //BSD / SNMP interface name / number -$ifname=@$_GET["ifname"]?$_GET["ifname"]:"Interface $ifnum"; //Interface name that will be showed on top right of graph +$ifnum=@$_GET["ifnum"]; // BSD / SNMP interface name / number +$ifname=@$_GET["ifname"]?$_GET["ifname"]:"Interface $ifnum"; //Interface name that will be showed on top right of graph /********* Other conf *******/ -$scale_type="up"; //Autoscale default setup : "up" = only increase scale; "follow" = increase and decrease scale according to current graphed datas -$nb_plot=120; //NB plot in graph +$scale_type="up"; //Autoscale default setup : "up" = only increase scale; "follow" = increase and decrease scale according to current graphed datas +$nb_plot=120; //NB plot in graph $time_interval=1; //Refresh time Interval -$first_stage_time_interval=2; //First stage time Intervall - -$urldata=@$_SERVER["SCRIPT_NAME"]; $fetch_link = "stats.cgi?$ifnum"; -//Style -$style['bg']="fill:white;stroke:none;stroke-width:0;opacity:1;"; -$style['axis']="fill:black;stroke:black;stroke-width:1;"; -$style['in']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:7;"; -$style['out']="fill:#8092B3; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:7;"; -$style['graph_in']="fill:none;stroke:#435370;stroke-width:1;opacity:0.8;"; -$style['graph_out']="fill:none;stroke:#8092B3;stroke-width:1;opacity:0.8;"; -$style['legend']="fill:black; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;"; -$style['graphname']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:8;"; -$style['grid_txt']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:6;"; -$style['grid']="stroke:gray;stroke-width:1;opacity:0.5;"; -$style['switch_unit']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4; text-decoration:underline;"; -$style['switch_scale']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4; text-decoration:underline;"; -$style['error']="fill:blue; font-family:Arial; font-size:4;"; -$style['collect_initial']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;"; +//SVG attributes +$attribs['axis']='fill="black" stroke="black"'; +$attribs['in']='fill="#435370" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="7"'; +$attribs['out']='fill="#8092B3" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="7"'; +$attribs['graph_in']='fill="none" stroke="#435370" stroke-opacity="0.8"'; +$attribs['graph_out']='fill="none" stroke="#8092B3" stroke-opacity="0.8"'; +$attribs['legend']='fill="black" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4"'; +$attribs['graphname']='fill="#435370" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="8"'; +$attribs['grid_txt']='fill="gray" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="6"'; +$attribs['grid']='stroke="gray" stroke-opacity="0.5"'; +$attribs['switch_unit']='fill="#435370" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4" text-decoration="underline"'; +$attribs['switch_scale']='fill="#435370" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4" text-decoration="underline"'; +$attribs['error']='fill="blue" font-family="Arial" font-size="4"'; +$attribs['collect_initial']='fill="gray" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4"'; //Error text if we cannot fetch data : depends on which method is used $error_text = "Cannot get data about interface $ifnum"; -$height=100; //SVG internal height : do not modify -$width=200; //SVG internal width : do not modify +$height=100; //SVG internal height : do not modify +$width=200; //SVG internal width : do not modify /********* Graph DATA **************/ -header("Content-type: image/svg+xml"); -print('' . "\n");?> - - - - - - - - - - - In - Out - - - - Switch to bytes/s - AutoScale () - - Graph shows last seconds - "/> - - - - - - \ No newline at end of file + + ]]> + + diff --git a/webgui/graph_cpu.php b/webgui/graph_cpu.php index b87504d..a7d1101 100644 --- a/webgui/graph_cpu.php +++ b/webgui/graph_cpu.php @@ -4,7 +4,8 @@ graph_cpu.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2004-2005 T. Lechat and Manuel Kasper . + Copyright (C) 2004-2005 T. Lechat , Manuel Kasper + and Jonathan Watt . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,146 +30,161 @@ POSSIBILITY OF SUCH DAMAGE. */ +header("Content-type: image/svg+xml"); + /********* Other conf *******/ -$nb_plot=120; //NB plot in graph +$nb_plot = 120; // maximum number of data points to plot in the graph $fetch_link = "stats.cgi?cpu"; -//Style -$style['bg']="fill:white;stroke:none;stroke-width:0;opacity:1;"; -$style['axis']="fill:black;stroke:black;stroke-width:1;"; -$style['cpu']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:7;"; -$style['graph_cpu']="fill:none;stroke:#435370;stroke-width:1;opacity:0.8;"; -$style['legend']="fill:black; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;"; -$style['grid_txt']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:6;"; -$style['grid']="stroke:gray;stroke-width:1;opacity:0.5;"; -$style['error']="fill:blue; font-family:Arial; font-size:4;"; -$style['collect_initial']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;"; +//SVG attributes +$attribs['axis']='fill="black" stroke="black"'; +$attribs['cpu']='fill="#435370" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="7"'; +$attribs['graph_cpu']='fill="none" stroke="#435370" stroke-opacity="0.8"'; +$attribs['legend']='fill="black" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4"'; +$attribs['grid_txt']='fill="gray" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="6"'; +$attribs['grid']='stroke="gray" stroke-opacity="0.5"'; +$attribs['error']='fill="blue" font-family="Arial" font-size="4"'; +$attribs['collect_initial']='fill="gray" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4"'; -$error_text = "Cannot get CPU load"; - -$height=100; //SVG internal height : do not modify -$width=200; //SVG internal width : do not modify +$height=100; // SVG internal height : do not modify +$width=200; // SVG internal width : do not modify /********* Graph DATA **************/ -header("Content-type: image/svg+xml"); -print('' . "\n");?> - - - - - - - 75% - 50% - 25% - - "/> - - - - - - \ No newline at end of file + ]]> + + diff --git a/webgui/gui.css b/webgui/gui.css index e18b205..ba8827a 100644 --- a/webgui/gui.css +++ b/webgui/gui.css @@ -44,6 +44,15 @@ p { font-size: 10px; font-weight: bold; } +.formbtns { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 9px; + font-weight: bold; +} +textarea.notes { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 11px; +} .vvcell { background-color: #FFFFC6; } @@ -254,6 +263,17 @@ a { padding-top: 2px; padding-bottom: 2px; } +.optsect_t2 { + border-right: 1px solid #999999; + background-color: #435370; + padding-right: 6px; + padding-left: 6px; + padding-top: 5px; + padding-bottom: 5px; + font-size: 11px; + color: #FFFFFF; + font-weight: bold; +} .optsect_s { font-size: 11px; color: #FFFFFF; diff --git a/webgui/guiconfig.inc b/webgui/guiconfig.inc index 24e61bd..8bbd52a 100644 --- a/webgui/guiconfig.inc +++ b/webgui/guiconfig.inc @@ -3,7 +3,7 @@ guiconfig.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -447,6 +447,16 @@ function allowedips_sort() { usort($config['captiveportal']['allowedip'],"allowedipscmp"); } +function cpelements_sort() { + global $g, $config; + + function cpelementscmp($a, $b) { + return strcasecmp($a['name'], $b['name']); + } + + usort($config['captiveportal']['element'],"cpelementscmp"); +} + function wol_sort() { global $g, $config; diff --git a/webgui/index.php b/webgui/index.php index 21b9b97..4584451 100644 --- a/webgui/index.php +++ b/webgui/index.php @@ -4,7 +4,7 @@ index.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -47,8 +47,16 @@ if ($fd) { fclose($fd); } +if ($_POST) { + $config['system']['notes'] = base64_encode($_POST['notes']); + write_config(); + header("Location: index.php"); + exit; +} + ?> +
@@ -145,5 +153,13 @@ echo $memUsage . "%"; ?> + + + +
 
Notes +
+ +
+
diff --git a/webgui/interfaces_assign.php b/webgui/interfaces_assign.php index 578f427..9c8dd69 100644 --- a/webgui/interfaces_assign.php +++ b/webgui/interfaces_assign.php @@ -5,7 +5,7 @@ part of m0n0wall (http://m0n0.ch/wall) Written by Jim McBeath based on existing m0n0wall files - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_lan.php b/webgui/interfaces_lan.php index e5b4c27..d42689f 100644 --- a/webgui/interfaces_lan.php +++ b/webgui/interfaces_lan.php @@ -4,7 +4,7 @@ interfaces_lan.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_opt.php b/webgui/interfaces_opt.php index 58c6aa7..3ae74c2 100644 --- a/webgui/interfaces_opt.php +++ b/webgui/interfaces_opt.php @@ -4,7 +4,7 @@ interfaces_opt.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_vlan.php b/webgui/interfaces_vlan.php index a896fc9..0258f4b 100644 --- a/webgui/interfaces_vlan.php +++ b/webgui/interfaces_vlan.php @@ -4,7 +4,7 @@ interfaces_vlan.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_vlan_edit.php b/webgui/interfaces_vlan_edit.php index 4d9cf4b..f1d724b 100644 --- a/webgui/interfaces_vlan_edit.php +++ b/webgui/interfaces_vlan_edit.php @@ -4,7 +4,7 @@ interfaces_vlan_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_wan.php b/webgui/interfaces_wan.php index bf9d389..93232c8 100644 --- a/webgui/interfaces_wan.php +++ b/webgui/interfaces_wan.php @@ -4,7 +4,7 @@ interfaces_wan.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/interfaces_wlan.inc b/webgui/interfaces_wlan.inc index 57f50da..3c481b5 100644 --- a/webgui/interfaces_wlan.inc +++ b/webgui/interfaces_wlan.inc @@ -3,7 +3,7 @@ interfaces_wlan.inc part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/license.php b/webgui/license.php index 6138d5b..1eda7d5 100644 --- a/webgui/license.php +++ b/webgui/license.php @@ -4,7 +4,7 @@ $pgtitle = array("License"); require("guiconfig.inc"); ?> -

m0n0wall is Copyright © 2002-2005 by Manuel Kasper +

m0n0wall is Copyright © 2002-2006 by Manuel Kasper (mk@neon1.net).
All rights reserved.

Redistribution and use in source and binary forms, with or without
@@ -133,9 +133,10 @@ require("guiconfig.inc");
Paul Taylor (paultaylor@winn-dixie.com)
    ARP table, Traceroute and Filter state pages
+     captive portal: disable concurrent logins, file manager

Jonathan De Graeve (Jonathan.De.Graeve@imelda.be)
-     captive portal RADIUS accounting gigawords

+     complete captive portal RADIUS overhaul; file manager

m0n0wall is based upon/includes various free software packages, listed below.
@@ -200,5 +201,8 @@ All rights reserved.
This product includes software developed by Edwin Groothuis.

wol (http://ahh.sourceforge.net/wol)
- Copyright © 2000,2001,2002,2003,2004 Thomas Krennwallner <krennwallner@aon.at> + Copyright © 2000,2001,2002,2003,2004 Thomas Krennwallner <krennwallner@aon.at>
+
+ PHP RADIUS PECL package
+ Copyright (c) 2003, Michael Bretterklieber <michael@bretterklieber.com>. All rights reserved. diff --git a/webgui/reboot.php b/webgui/reboot.php index 9723275..11b9f88 100644 --- a/webgui/reboot.php +++ b/webgui/reboot.php @@ -4,7 +4,7 @@ reboot.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php index 7233293..b9ffdee 100644 --- a/webgui/services_captiveportal.php +++ b/webgui/services_captiveportal.php @@ -4,7 +4,7 @@ services_captiveportal.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -47,11 +47,15 @@ if ($_GET['act'] == "viewhtml") { } $pconfig['cinterface'] = $config['captiveportal']['interface']; +$pconfig['maxproc'] = $config['captiveportal']['maxproc']; +$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip']; $pconfig['timeout'] = $config['captiveportal']['timeout']; $pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; $pconfig['enable'] = isset($config['captiveportal']['enable']); $pconfig['auth_method'] = $config['captiveportal']['auth_method']; $pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); +$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']); +$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret']; $pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']); $pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); @@ -60,11 +64,17 @@ $pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); $pconfig['key'] = base64_decode($config['captiveportal']['private-key']); $pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); $pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']); +$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']); $pconfig['redirurl'] = $config['captiveportal']['redirurl']; $pconfig['radiusip'] = $config['captiveportal']['radiusip']; +$pconfig['radiusip2'] = $config['captiveportal']['radiusip2']; $pconfig['radiusport'] = $config['captiveportal']['radiusport']; +$pconfig['radiusport2'] = $config['captiveportal']['radiusport2']; $pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport']; $pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; +$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; +$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; +$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); if ($_POST) { @@ -112,21 +122,38 @@ if ($_POST) { if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; } + if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { + $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; + } if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; } + if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; + } if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + } + if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { + $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; + } + $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; + if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { + $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; } if (!$input_errors) { $config['captiveportal']['interface'] = $_POST['cinterface']; + $config['captiveportal']['maxproc'] = $_POST['maxproc']; + $config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; $config['captiveportal']['timeout'] = $_POST['timeout']; $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; $config['captiveportal']['auth_method'] = $_POST['auth_method']; $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; $config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false; + $config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false; + $config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; $config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct']; $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; $config['captiveportal']['httpsname'] = $_POST['httpsname']; @@ -134,11 +161,17 @@ if ($_POST) { $config['captiveportal']['private-key'] = base64_encode($_POST['key']); $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; + $config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; $config['captiveportal']['redirurl'] = $_POST['redirurl']; $config['captiveportal']['radiusip'] = $_POST['radiusip']; + $config['captiveportal']['radiusip2'] = $_POST['radiusip2']; $config['captiveportal']['radiusport'] = $_POST['radiusport']; + $config['captiveportal']['radiusport2'] = $_POST['radiusport2']; $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport']; $config['captiveportal']['radiuskey'] = $_POST['radiuskey']; + $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; + $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; + $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; /* file upload? */ if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) @@ -162,31 +195,48 @@ if ($_POST) { @@ -200,6 +250,7 @@ function enable_change(enable_change) {

  • Pass-through MAC
  • Allowed IP addresses
  • Users
    • +
  • File manager
    • @@ -228,6 +279,21 @@ function enable_change(enable_change) {
    Choose which interface to run the captive portal on. + + Maximum concurrent connections + + + + + + + + +
    per client IP address (0 = no limit)
    total
    +This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in +to the captive portal, but rather how many users can load the portal page or authenticate at the same time! +Default is 4 connections per client IP address, with a total maximum of 16 connections. + Idle timeout @@ -258,69 +324,169 @@ If you provide a URL here, clients will be redirected to that URL instead of the to access after they've authenticated. + Concurrent user logins + + > + Disable concurrent logins
    + If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected. + + MAC filtering > Disable MAC filtering
    - If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. This is required when the MAC address of cannot be determined (usually because there are routers between m0n0wall and the clients). + If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. + This is required when the MAC address of the client cannot be determined (usually because there are routers between m0n0wall and the clients). + If this is enabled, RADIUS MAC authentication cannot be used. Authentication - - - - - - - - - - - - - - - - - - - - - - - - -
    > + > No authentication
    > + > Local user manager
    > + > RADIUS authentication
       
    IP address:
    Port:
    Shared secret:  
    Accounting:  > - send RADIUS accounting packets
    Accounting port:  
    Reauthentication:  > - reauthenticate connected users every minute

    - > no accounting updates
    - > stop/start accounting
    - > interim update
    -
    - When using RADIUS authentication, enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813). -

    If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Primary RADIUS server
    IP address
    + Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.
    Port
    + Leave this field blank to use the default port (1812).
    Shared secret  
    + Leave this field blank to not use a RADIUS shared secret (not recommended).
    Secondary RADIUS server
    IP address
    + If you have a second RADIUS server, you can activate it by entering its IP address here.
    Port
    Shared secret  
    Accounting
     > + send RADIUS accounting packets
    + If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.
    Accounting port
    + Leave blank to use the default port (1813).
    Reauthentication
     > + Reauthenticate connected users every minute
    + If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is + logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.
    Accounting updates + > no accounting updates
    + > stop/start accounting
    + > interim update +
    RADIUS MAC authentication
      + >Enable RADIUS MAC authentication
    + If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password + entered below to the RADIUS server.
    Shared secret
    RADIUS options
    Session-Timeout>Use RADIUS Session-Timeout attributes
    + When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.
    Type
    + If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and + the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = m0n0wall's WAN IP address.
    HTTPS login > Enable HTTPS login
    - If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. This option only applies when RADIUS authentication is used. A server name, certificate and matching private key must also be specified below. + If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below. HTTPS server name @@ -352,7 +518,9 @@ to access after they've authenticated.
    Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") -with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". Include the "auth_user" and "auth_pass" input elements if RADIUS authentication is enabled. If RADIUS is enabled and no "auth_user" is present, authentication will always fail. If RADIUS is not enabled, you can omit both of these input elements. Example code for the form:
    +with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". +Include the "auth_user" and "auth_pass" input fields if authentication is enabled, otherwise it will always fail. +Example code for the form:

    <form method="post" action="$PORTAL_ACTION$">
       <input name="auth_user" type="text">
    @@ -372,7 +540,8 @@ with a submit button (name="accept") and a hidden field with name=&quo

    -The contents of the HTML file that you upload here are displayed when a RADIUS authentication error occurs. +The contents of the HTML file that you upload here are displayed when an authentication error occurs. +You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.   diff --git a/webgui/services_captiveportal_filemanager.php b/webgui/services_captiveportal_filemanager.php new file mode 100644 index 0000000..cb0a7de --- /dev/null +++ b/webgui/services_captiveportal_filemanager.php @@ -0,0 +1,165 @@ +#!/usr/local/bin/php + $g['captiveportal_element_sizelimit']) { + $input_errors[] = "The total size of all files uploaded may not exceed " . + format_bytes($g['captiveportal_element_sizelimit']) . "."; + } + + if (!$input_errors) { + $element = array(); + $element['name'] = $name; + $element['size'] = $size; + $element['content'] = base64_encode(file_get_contents($_FILES['new']['tmp_name'])); + + $a_element[] = $element; + + write_config(); + captiveportal_write_elements(); + header("Location: services_captiveportal_filemanager.php"); + exit; + } + } +} else { + if (($_GET['act'] == "del") && $a_element[$_GET['id']]) { + unset($a_element[$_GET['id']]); + write_config(); + captiveportal_write_elements(); + header("Location: services_captiveportal_filemanager.php"); + exit; + } +} + +?> + +
    + + + + + + +
    + +
    + + + + + + + + + + + + + + + 0): ?> + + + + + + + + + + + + + + + + + + +
    NameSize
    + +
    TOTAL
    + + +
    + + Note:
    +     + Any files that you upload here will be made available in the root directory + of the captive portal HTTP(S) server. You may reference them directly from + your portal page HTML code using relative paths. Example: you've uploaded + an image with the name 'test.jpg' using the file manager. Then you can + include it in your portal page like this:

    + <img src="test.jpg" width=... height=...> +

    + The total size limit for all files is .     +
    +
    + diff --git a/webgui/services_captiveportal_ip.php b/webgui/services_captiveportal_ip.php index 2266496..e827b4c 100644 --- a/webgui/services_captiveportal_ip.php +++ b/webgui/services_captiveportal_ip.php @@ -82,6 +82,7 @@ if ($_GET['act'] == "del") {
  • Pass-through MAC
  • Allowed IP addresses
  • Users
    • +
  • File manager
    • diff --git a/webgui/services_captiveportal_mac.php b/webgui/services_captiveportal_mac.php index 056b90f..9f3f2db 100644 --- a/webgui/services_captiveportal_mac.php +++ b/webgui/services_captiveportal_mac.php @@ -82,6 +82,7 @@ if ($_GET['act'] == "del") {
  • Pass-through MAC
  • Allowed IP addresses
  • Users
    • +
  • File manager
    • diff --git a/webgui/services_captiveportal_users.php b/webgui/services_captiveportal_users.php index 370f530..ca7fcd6 100644 --- a/webgui/services_captiveportal_users.php +++ b/webgui/services_captiveportal_users.php @@ -4,7 +4,7 @@ services_captiveportal_users.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Copyright (C) 2005 Pascal Suter . All rights reserved. @@ -72,6 +72,7 @@ if ($changed) {
  • Pass-through MAC
  • Allowed IP addresses
  • Users
    • +
  • File manager
    • diff --git a/webgui/services_captiveportal_users_edit.php b/webgui/services_captiveportal_users_edit.php index 9607f26..d8fea4e 100644 --- a/webgui/services_captiveportal_users_edit.php +++ b/webgui/services_captiveportal_users_edit.php @@ -4,7 +4,7 @@ services_captiveportal_users_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Copyright (C) 2005 Pascal Suter . All rights reserved. diff --git a/webgui/services_dhcp.php b/webgui/services_dhcp.php index 4f1b60d..ba001cc 100644 --- a/webgui/services_dhcp.php +++ b/webgui/services_dhcp.php @@ -4,7 +4,7 @@ services_dhcp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_dhcp_edit.php b/webgui/services_dhcp_edit.php index e531b6e..2ad3117 100644 --- a/webgui/services_dhcp_edit.php +++ b/webgui/services_dhcp_edit.php @@ -4,7 +4,7 @@ services_dhcp_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_dnsmasq_domainoverride_edit.php b/webgui/services_dnsmasq_domainoverride_edit.php index 2fff172..f618ed0 100644 --- a/webgui/services_dnsmasq_domainoverride_edit.php +++ b/webgui/services_dnsmasq_domainoverride_edit.php @@ -4,7 +4,7 @@ services_dnsmasq_domainoverride_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_dyndns.php b/webgui/services_dyndns.php index e7cf037..0cdfe30 100644 --- a/webgui/services_dyndns.php +++ b/webgui/services_dyndns.php @@ -4,7 +4,7 @@ services_dyndns.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_proxyarp.php b/webgui/services_proxyarp.php index 13a3dad..7eeb5dd 100644 --- a/webgui/services_proxyarp.php +++ b/webgui/services_proxyarp.php @@ -4,7 +4,7 @@ services_proxyarp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_proxyarp_edit.php b/webgui/services_proxyarp_edit.php index d5a0883..7bcbe8e 100644 --- a/webgui/services_proxyarp_edit.php +++ b/webgui/services_proxyarp_edit.php @@ -4,7 +4,7 @@ services_proxyarp_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_snmp.php b/webgui/services_snmp.php index 28e294f..7243a2c 100644 --- a/webgui/services_snmp.php +++ b/webgui/services_snmp.php @@ -4,7 +4,7 @@ services_snmp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -41,6 +41,7 @@ $pconfig['syslocation'] = $config['snmpd']['syslocation']; $pconfig['syscontact'] = $config['snmpd']['syscontact']; $pconfig['rocommunity'] = $config['snmpd']['rocommunity']; $pconfig['enable'] = isset($config['snmpd']['enable']); +$pconfig['bindlan'] = isset($config['snmpd']['bindlan']); if ($_POST) { @@ -60,6 +61,7 @@ if ($_POST) { $config['snmpd']['syscontact'] = $_POST['syscontact']; $config['snmpd']['rocommunity'] = $_POST['rocommunity']; $config['snmpd']['enable'] = $_POST['enable'] ? true : false; + $config['snmpd']['bindlan'] = $_POST['bindlan'] ? true : false; write_config(); @@ -82,6 +84,7 @@ function enable_change(enable_change) { document.iform.syslocation.disabled = endis; document.iform.syscontact.disabled = endis; document.iform.rocommunity.disabled = endis; + document.iform.bindlan.disabled = endis; } //--> @@ -114,6 +117,14 @@ function enable_change(enable_change) {
    In most cases, "public" is used here + + + + > Bind to LAN interface only +
    + This option can be useful when trying to access the SNMP agent + by the LAN interface's IP address through a VPN tunnel terminated on the WAN interface. +   diff --git a/webgui/services_wol.php b/webgui/services_wol.php index abcb16a..f2d8f8e 100644 --- a/webgui/services_wol.php +++ b/webgui/services_wol.php @@ -4,7 +4,7 @@ services_wol.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/services_wol_edit.php b/webgui/services_wol_edit.php index 3e25b04..e66a3cc 100644 --- a/webgui/services_wol_edit.php +++ b/webgui/services_wol_edit.php @@ -4,7 +4,7 @@ services_wol_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/status_captiveportal.php b/webgui/status_captiveportal.php index 21cb03a..42f709c 100644 --- a/webgui/status_captiveportal.php +++ b/webgui/status_captiveportal.php @@ -4,7 +4,7 @@ status_captiveportal.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without @@ -36,7 +36,7 @@ require("guiconfig.inc"); . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/status_graph_cpu.php b/webgui/status_graph_cpu.php index b44d8a0..04c6fa3 100644 --- a/webgui/status_graph_cpu.php +++ b/webgui/status_graph_cpu.php @@ -4,7 +4,7 @@ status_graph_cpu.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/status_interfaces.php b/webgui/status_interfaces.php index 138d6fa..b9a4d5c 100644 --- a/webgui/status_interfaces.php +++ b/webgui/status_interfaces.php @@ -4,7 +4,7 @@ status_interfaces.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/status_wireless.php b/webgui/status_wireless.php index f8771bb..1f11a7f 100644 --- a/webgui/status_wireless.php +++ b/webgui/status_wireless.php @@ -4,7 +4,7 @@ status_wireless.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/system.php b/webgui/system.php index a75ebf2..739b542 100644 --- a/webgui/system.php +++ b/webgui/system.php @@ -4,7 +4,7 @@ system.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/system_advanced.php b/webgui/system_advanced.php index e6083a9..26c1694 100644 --- a/webgui/system_advanced.php +++ b/webgui/system_advanced.php @@ -4,7 +4,7 @@ system_advanced.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/system_firmware.php b/webgui/system_firmware.php index dc7edf4..de14d3e 100644 --- a/webgui/system_firmware.php +++ b/webgui/system_firmware.php @@ -4,7 +4,7 @@ system_firmware.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/system_routes.php b/webgui/system_routes.php index a6fb970..2bbfd48 100644 --- a/webgui/system_routes.php +++ b/webgui/system_routes.php @@ -4,7 +4,7 @@ system_routes.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/system_routes_edit.php b/webgui/system_routes_edit.php index 76519e3..3b8394a 100644 --- a/webgui/system_routes_edit.php +++ b/webgui/system_routes_edit.php @@ -4,7 +4,7 @@ system_routes_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/uploadconfig.php b/webgui/uploadconfig.php index a86b56b..364cbfe 100644 --- a/webgui/uploadconfig.php +++ b/webgui/uploadconfig.php @@ -4,7 +4,7 @@ uploadconfig.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec.php b/webgui/vpn_ipsec.php index 9a52898..2fc3d41 100644 --- a/webgui/vpn_ipsec.php +++ b/webgui/vpn_ipsec.php @@ -4,7 +4,7 @@ vpn_ipsec.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_ca.php b/webgui/vpn_ipsec_ca.php index bb54ac7..2cad319 100644 --- a/webgui/vpn_ipsec_ca.php +++ b/webgui/vpn_ipsec_ca.php @@ -4,7 +4,7 @@ vpn_ipsec_ca.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_ca_edit.php b/webgui/vpn_ipsec_ca_edit.php index 687d340..20046c3 100644 --- a/webgui/vpn_ipsec_ca_edit.php +++ b/webgui/vpn_ipsec_ca_edit.php @@ -4,7 +4,7 @@ vpn_ipsec_ca_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_edit.php b/webgui/vpn_ipsec_edit.php index cb1a302..adbe310 100644 --- a/webgui/vpn_ipsec_edit.php +++ b/webgui/vpn_ipsec_edit.php @@ -4,7 +4,7 @@ vpn_ipsec_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_keys.php b/webgui/vpn_ipsec_keys.php index 676e569..c108653 100644 --- a/webgui/vpn_ipsec_keys.php +++ b/webgui/vpn_ipsec_keys.php @@ -4,7 +4,7 @@ vpn_ipsec_keys.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_keys_edit.php b/webgui/vpn_ipsec_keys_edit.php index 3491585..a037d8e 100644 --- a/webgui/vpn_ipsec_keys_edit.php +++ b/webgui/vpn_ipsec_keys_edit.php @@ -4,7 +4,7 @@ vpn_ipsec_keys_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_ipsec_mobile.php b/webgui/vpn_ipsec_mobile.php index 0a10977..b1f7e93 100644 --- a/webgui/vpn_ipsec_mobile.php +++ b/webgui/vpn_ipsec_mobile.php @@ -4,7 +4,7 @@ vpn_ipsec_mobile.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_pptp.php b/webgui/vpn_pptp.php index 43a19e5..12ffa53 100644 --- a/webgui/vpn_pptp.php +++ b/webgui/vpn_pptp.php @@ -4,7 +4,7 @@ vpn_pptp.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_pptp_users.php b/webgui/vpn_pptp_users.php index 2e4c47a..56a6c42 100644 --- a/webgui/vpn_pptp_users.php +++ b/webgui/vpn_pptp_users.php @@ -4,7 +4,7 @@ vpn_pptp_users.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/webgui/vpn_pptp_users_edit.php b/webgui/vpn_pptp_users_edit.php index bbeddc1..323fddc 100644 --- a/webgui/vpn_pptp_users_edit.php +++ b/webgui/vpn_pptp_users_edit.php @@ -4,7 +4,7 @@ vpn_pptp_users_edit.php part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper . + Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. Redistribution and use in source and binary forms, with or without -- 2.25.1