From a1dd2966dbd6aa21f621cd81b3b216d25e04b20b Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Sat, 13 Nov 2010 21:48:58 -0700 Subject: [PATCH] Implement permission setting for captive portal login. Added upgrade code to create a cpusers group and add all current captive portal users to it. Ticket #1010 --- etc/inc/auth.inc | 21 ++++++++++++ etc/inc/globals.inc | 2 +- etc/inc/priv/user.priv.inc | 5 +++ etc/inc/upgrade_config.inc | 51 ++++++++++++++++++++++++++++++ usr/local/captiveportal/index.php | 3 ++ usr/local/www/services_captiveportal.php | 36 +++++++++++++++++++++ 6 files changed, 117 insertions(+), 1 deletions(-) diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 1214d17..0c76166 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -244,6 +244,27 @@ function userHasPrivilege($userent, $privid = false) { return true; } +function user_with_privilege_exists($privid) { + global $config; + + if (is_array($config['system']['user'])) + foreach ($config['system']['user'] as $userent) + if (userHasPrivilege($userent, $privid)) + return true; + return false; +} + +function group_with_privilege_exists($privid) { + global $config; + + if (is_array($config['system']['group'])) + foreach ($config['system']['group'] as $groupent) + if (is_array($groupent['priv'])) + if (in_array($privid, $groupent['priv'])) + return true; + return false; +} + function local_backed($username, $passwd) { $user = getUserEntry($username); diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index bab448d..defcf77 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -89,7 +89,7 @@ $g = array( "disablehelpmenu" => false, "disablehelpicon" => false, "debug" => false, - "latest_config" => "7.5", + "latest_config" => "7.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "105", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/priv/user.priv.inc b/etc/inc/priv/user.priv.inc index 779f2bb..4fb1857 100644 --- a/etc/inc/priv/user.priv.inc +++ b/etc/inc/priv/user.priv.inc @@ -2,6 +2,11 @@ global $priv_list; +$priv_list['user-services-captiveportal-login'] = array(); +$priv_list['user-services-captiveportal-login']['name'] = gettext("User - Services - Captive portal login"); +$priv_list['user-services-captiveportal-login']['descr'] = gettext("Indicates whether the user is able to login on ". + "the captive portal."); + $priv_list['user-shell-access'] = array(); $priv_list['user-shell-access']['name'] = "User - System - Shell account access"; $priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 6b34f90..159a772 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1885,6 +1885,7 @@ function upgrade_056_to_057() { $config['system']['user'] = array(); /* migrate captivate portal to user manager */ if (is_array($config['captiveportal']['user'])) { + $config['cpusernames_temp'] = array(); foreach($config['captiveportal']['user'] as $user) { // avoid user conflicts $found = false; @@ -1907,6 +1908,7 @@ function upgrade_056_to_057() { } $user['uid'] = $config['system']['nextuid']++; $config['system']['user'][] = $user; + $config['cpusernames_temp'][] = $user['name']; } unset($config['captiveportal']['user']); } @@ -2279,4 +2281,53 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } +function upgrade_075_to_076() { + global $config; + + if (!isset($config['captiveportal']['enable']) && !isset($config['cpusernames_temp'])) + return; + + $cpusers = array(); + $cpusers['name'] = "cpusers"; + + // Search for a group name that doesn't conflict, in case cpusers already exists + if (is_array($config['system']['group'])) { + do { + $found = false; + foreach ($config['system']['group'] as $groupent) + if ($groupent['name'] == $cpusers['name']) { + $found = true; + $cpusers['name'] = "cpusers" . (substr($cpusers['name'], 7) + 1); + break; + } + } while ($found); + } else + $config['system']['group'] = array(); + + $cpusers['description'] = gettext("Captive Portal Users"); + $cpusers['gid'] = $config['system']['nextgid']++; + $cpusers['priv'] = array("user-services-captiveportal-login"); + $cpusers['member'] = array(); + + if (is_array($config['system']['user'])) { + if (isset($config['cpusernames_temp'])) { + foreach ($config['system']['user'] as $userent) + if (in_array($userent['name'], $config['cpusernames_temp'])) + $cpusers['member'][] = $userent['uid']; + } else { + foreach ($config['system']['user'] as $userent) + if ($userent['uid'] != 0) + $cpusers['member'][] = $userent['uid']; + } + } + + if (isset($config['cpusernames_temp'])) + unset($config['cpusernames_temp']); + + if (empty($cpusers['member'])) + unset($cpusers['member']); + + $config['system']['group'][] = $cpusers; +} + ?> \ No newline at end of file diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 6cbe1c0..cc930b8 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -187,6 +187,9 @@ exit; //check against local user manager $loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']); + if ($loginok) + if (!userHasPrivilege(getUserEntry($_POST['auth_user']), "user-services-captiveportal-login")) + $loginok = false; if ($loginok){ captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN"); portal_allow($clientip, $clientmac,$_POST['auth_user']); diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 13ac985..4486b16 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -222,6 +222,35 @@ if ($_POST) { $config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; $config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; + if ($_POST['enable']) { + // Add a cpusers group if the captive portal login privilege has not been assigned to an existing group or user + if (!group_with_privilege_exists("user-services-captiveportal-login") && !user_with_privilege_exists("user-services-captiveportal-login")) { + $cpusers = array(); + $cpusers['name'] = "cpusers"; + + // Search for a group name that doesn't conflict, in case cpusers already exists + if (is_array($config['system']['group'])) { + do { + $found = false; + foreach ($config['system']['group'] as $groupent) + if ($groupent['name'] == $cpusers['name']) { + $found = true; + $cpusers['name'] = "cpusers" . (substr($cpusers['name'], 7) + 1); + break; + } + } while ($found); + } else + $config['system']['group'] = array(); + + $cpusers['description'] = gettext("Captive Portal Users"); + $cpusers['gid'] = $config['system']['nextgid']++; + $cpusers['priv'] = array("user-services-captiveportal-login"); + $config['system']['group'][] = $cpusers; + + local_group_set($cpusers); + } + } + /* file upload? */ if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); @@ -469,6 +498,13 @@ value="">     + +
+ + +   +   + -- 1.7.2.3