Project

General

Profile

Actions

Bug #3216

closed

PFSense 2.1 - Captive Portal Zone - is not avaible in user effective privileges

Added by Francisco Craviotto over 10 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
Start date:
09/18/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

PFsense 2.1. If you configure an user only to access to captive portal, it doesn´t work, I supose why: in user management, adding effective privileges, I add all privileges about services - captive portal and status - captive portal, and only this privileges to an user. When I login as this user, I can´t login pfsense web configurator. In pfsense console I see "successful login" for the user, but web configurator doesn´t work. I supose it is because there is a new level "zones" in captive portal.

Thanks


Files

Actions #1

Updated by Joshua Shoemaker over 10 years ago

I was able to work around this.

Add the lines below to /etc/inc/priv.defs.inc (Toward the end but anywhere as long as it is past line 7 ($priv_list = array();)

$priv_list['page-services-captiveportal-zones'] = array();
$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captiveprotal Zones page");
$priv_list['page-services-captiveportal-zones']['descr'] = gettext("Allow access to the 'Services: CaptivePortal Zones' page.");
$priv_list['page-services-captiveportal-zones']['match'] = array();
$priv_list['page-services-captiveportal-zones']['match'][] = "services_captiveportal_zones.php*";

Actions #2

Updated by Renato Botelho over 10 years ago

  • Target version set to 2.1.1
Actions #3

Updated by Renato Botelho over 10 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Rob Lister over 10 years ago

Thanks. I have applied this fix (nb: less typo "Captiveprotal" and this works, however, have since noticed that it doesn't allow access to the /services_captiveportal_mac.php?zone=xxx page, even though there appear to be entries in the /etc/inc/priv.defs.inc file for this, it doesn't show up in the list of allowed privs for groups.

Also in my case the entries for Allowed IPs and Edit Allowed IPs have become duplicated when assigning to a group:.

WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page

Rob

Actions #6

Updated by Rob Lister over 10 years ago

Okay, I think I might have found the glitch: In the array it's defined twice, once for MAC addresses and again underneath it the same var for hostnames pages. Looks like a copypasta error :)

$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Mac Addresses page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Mac Addresses' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*";

$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit MAC Addresses page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";

$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_hostname.php*";

$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_hostname_edit.php*";

Actions #7

Updated by Rob Lister over 10 years ago

And Edit Allowed hostnames is mistakenly defined for Allowed IPs page:

$priv_list['page-services-captiveportal-allowedhostnames'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_ip.php*";
$priv_list['page-services-captiveportal-editallowedhostnames'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_ip_edit.php*";

Might explain the duplicates that show up in the list.

$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedips']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");

Actions #8

Updated by Renato Botelho about 10 years ago

  • Status changed from Feedback to Resolved
Actions #9

Updated by Davide Cottignoli almost 8 years ago

I noticed that in version from 2.2.5 to 2.3.1 which I have tested there is a regression for this bug. If I want to create an user that has only voucher managing permission I need to include CaptivePortalZoneEdit permission which is not desirable.

Actions

Also available in: Atom PDF