Feature #1010 » permission-setting-for-captive-portal.patch
| etc/inc/auth.inc | ||
|---|---|---|
| 244 | 244 |
return true; |
| 245 | 245 |
} |
| 246 | 246 | |
| 247 |
function user_with_privilege_exists($privid) {
|
|
| 248 |
global $config; |
|
| 249 | ||
| 250 |
if (is_array($config['system']['user'])) |
|
| 251 |
foreach ($config['system']['user'] as $userent) |
|
| 252 |
if (userHasPrivilege($userent, $privid)) |
|
| 253 |
return true; |
|
| 254 |
return false; |
|
| 255 |
} |
|
| 256 | ||
| 257 |
function group_with_privilege_exists($privid) {
|
|
| 258 |
global $config; |
|
| 259 | ||
| 260 |
if (is_array($config['system']['group'])) |
|
| 261 |
foreach ($config['system']['group'] as $groupent) |
|
| 262 |
if (is_array($groupent['priv'])) |
|
| 263 |
if (in_array($privid, $groupent['priv'])) |
|
| 264 |
return true; |
|
| 265 |
return false; |
|
| 266 |
} |
|
| 267 | ||
| 247 | 268 |
function local_backed($username, $passwd) {
|
| 248 | 269 | |
| 249 | 270 |
$user = getUserEntry($username); |
| etc/inc/globals.inc | ||
|---|---|---|
| 89 | 89 |
"disablehelpmenu" => false, |
| 90 | 90 |
"disablehelpicon" => false, |
| 91 | 91 |
"debug" => false, |
| 92 |
"latest_config" => "7.5",
|
|
| 92 |
"latest_config" => "7.6",
|
|
| 93 | 93 |
"nopkg_platforms" => array("cdrom"),
|
| 94 | 94 |
"minimum_ram_warning" => "105", |
| 95 | 95 |
"minimum_ram_warning_text" => "128 MB", |
| etc/inc/priv/user.priv.inc | ||
|---|---|---|
| 2 | 2 | |
| 3 | 3 |
global $priv_list; |
| 4 | 4 | |
| 5 |
$priv_list['user-services-captiveportal-login'] = array(); |
|
| 6 |
$priv_list['user-services-captiveportal-login']['name'] = gettext("User - Services - Captive portal login");
|
|
| 7 |
$priv_list['user-services-captiveportal-login']['descr'] = gettext("Indicates whether the user is able to login on ".
|
|
| 8 |
"the captive portal."); |
|
| 9 | ||
| 5 | 10 |
$priv_list['user-shell-access'] = array(); |
| 6 | 11 |
$priv_list['user-shell-access']['name'] = "User - System - Shell account access"; |
| 7 | 12 |
$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". |
| etc/inc/upgrade_config.inc | ||
|---|---|---|
| 1885 | 1885 |
$config['system']['user'] = array(); |
| 1886 | 1886 |
/* migrate captivate portal to user manager */ |
| 1887 | 1887 |
if (is_array($config['captiveportal']['user'])) {
|
| 1888 |
$config['cpusernames_temp'] = array(); |
|
| 1888 | 1889 |
foreach($config['captiveportal']['user'] as $user) {
|
| 1889 | 1890 |
// avoid user conflicts |
| 1890 | 1891 |
$found = false; |
| ... | ... | |
| 1907 | 1908 |
} |
| 1908 | 1909 |
$user['uid'] = $config['system']['nextuid']++; |
| 1909 | 1910 |
$config['system']['user'][] = $user; |
| 1911 |
$config['cpusernames_temp'][] = $user['name']; |
|
| 1910 | 1912 |
} |
| 1911 | 1913 |
unset($config['captiveportal']['user']); |
| 1912 | 1914 |
} |
| ... | ... | |
| 2279 | 2281 |
rename_field($config['crl'], 'name', 'descr'); |
| 2280 | 2282 |
} |
| 2281 | 2283 | |
| 2284 |
function upgrade_075_to_076() {
|
|
| 2285 |
global $config; |
|
| 2286 | ||
| 2287 |
if (!isset($config['captiveportal']['enable']) && !isset($config['cpusernames_temp'])) |
|
| 2288 |
return; |
|
| 2289 | ||
| 2290 |
$cpusers = array(); |
|
| 2291 |
$cpusers['name'] = "cpusers"; |
|
| 2292 | ||
| 2293 |
// Search for a group name that doesn't conflict, in case cpusers already exists |
|
| 2294 |
if (is_array($config['system']['group'])) {
|
|
| 2295 |
do {
|
|
| 2296 |
$found = false; |
|
| 2297 |
foreach ($config['system']['group'] as $groupent) |
|
| 2298 |
if ($groupent['name'] == $cpusers['name']) {
|
|
| 2299 |
$found = true; |
|
| 2300 |
$cpusers['name'] = "cpusers" . (substr($cpusers['name'], 7) + 1); |
|
| 2301 |
break; |
|
| 2302 |
} |
|
| 2303 |
} while ($found); |
|
| 2304 |
} else |
|
| 2305 |
$config['system']['group'] = array(); |
|
| 2306 | ||
| 2307 |
$cpusers['description'] = gettext("Captive Portal Users");
|
|
| 2308 |
$cpusers['gid'] = $config['system']['nextgid']++; |
|
| 2309 |
$cpusers['priv'] = array("user-services-captiveportal-login");
|
|
| 2310 |
$cpusers['member'] = array(); |
|
| 2311 | ||
| 2312 |
if (is_array($config['system']['user'])) {
|
|
| 2313 |
if (isset($config['cpusernames_temp'])) {
|
|
| 2314 |
foreach ($config['system']['user'] as $userent) |
|
| 2315 |
if (in_array($userent['name'], $config['cpusernames_temp'])) |
|
| 2316 |
$cpusers['member'][] = $userent['uid']; |
|
| 2317 |
} else {
|
|
| 2318 |
foreach ($config['system']['user'] as $userent) |
|
| 2319 |
if ($userent['uid'] != 0) |
|
| 2320 |
$cpusers['member'][] = $userent['uid']; |
|
| 2321 |
} |
|
| 2322 |
} |
|
| 2323 | ||
| 2324 |
if (isset($config['cpusernames_temp'])) |
|
| 2325 |
unset($config['cpusernames_temp']); |
|
| 2326 | ||
| 2327 |
if (empty($cpusers['member'])) |
|
| 2328 |
unset($cpusers['member']); |
|
| 2329 | ||
| 2330 |
$config['system']['group'][] = $cpusers; |
|
| 2331 |
} |
|
| 2332 | ||
| 2282 | 2333 |
?> |
| usr/local/captiveportal/index.php | ||
|---|---|---|
| 187 | 187 | |
| 188 | 188 |
//check against local user manager |
| 189 | 189 |
$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); |
| 190 |
if ($loginok) |
|
| 191 |
if (!userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login")) |
|
| 192 |
$loginok = false; |
|
| 190 | 193 |
if ($loginok){
|
| 191 | 194 |
captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); |
| 192 | 195 |
portal_allow($clientip, $clientmac,$_POST['auth_user']); |
| usr/local/www/services_captiveportal.php | ||
|---|---|---|
| 222 | 222 |
$config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; |
| 223 | 223 |
$config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; |
| 224 | 224 | |
| 225 |
if ($_POST['enable']) {
|
|
| 226 |
// Add a cpusers group if the captive portal login privilege has not been assigned to an existing group or user |
|
| 227 |
if (!group_with_privilege_exists("user-services-captiveportal-login") && !user_with_privilege_exists("user-services-captiveportal-login")) {
|
|
| 228 |
$cpusers = array(); |
|
| 229 |
$cpusers['name'] = "cpusers"; |
|
| 230 | ||
| 231 |
// Search for a group name that doesn't conflict, in case cpusers already exists |
|
| 232 |
if (is_array($config['system']['group'])) {
|
|
| 233 |
do {
|
|
| 234 |
$found = false; |
|
| 235 |
foreach ($config['system']['group'] as $groupent) |
|
| 236 |
if ($groupent['name'] == $cpusers['name']) {
|
|
| 237 |
$found = true; |
|
| 238 |
$cpusers['name'] = "cpusers" . (substr($cpusers['name'], 7) + 1); |
|
| 239 |
break; |
|
| 240 |
} |
|
| 241 |
} while ($found); |
|
| 242 |
} else |
|
| 243 |
$config['system']['group'] = array(); |
|
| 244 | ||
| 245 |
$cpusers['description'] = gettext("Captive Portal Users");
|
|
| 246 |
$cpusers['gid'] = $config['system']['nextgid']++; |
|
| 247 |
$cpusers['priv'] = array("user-services-captiveportal-login");
|
|
| 248 |
$config['system']['group'][] = $cpusers; |
|
| 249 | ||
| 250 |
local_group_set($cpusers); |
|
| 251 |
} |
|
| 252 |
} |
|
| 253 | ||
| 225 | 254 |
/* file upload? */ |
| 226 | 255 |
if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) |
| 227 | 256 |
$config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); |
| ... | ... | |
| 469 | 498 |
<td> </td> |
| 470 | 499 |
<td> </td> |
| 471 | 500 |
</tr> |
| 501 |
<tr> |
|
| 502 |
<td colspan="2"><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?></strong></span><br>
|
|
| 503 |
<?=gettext("When using the local user manager for authentication, only users with the Captive Portal Login privilege are allowed access. This may be given by adding the user to a Captive Portal Users group that has the privilege or by assigning the privilege directly."); ?></span></td>
|
|
| 504 |
</tr><tr> |
|
| 505 |
<td> </td> |
|
| 506 |
<td> </td> |
|
| 507 |
</tr> |
|
| 472 | 508 |
</table> |
| 473 | 509 |
<table width="100%" border="0" cellpadding="6" cellspacing="0"> |
| 474 | 510 |
<tr> |