Project

General

Profile

Actions

Bug #2311

closed

Wrong redirection URL (from http -> https) missing colon char

Added by Dim Hatz over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
Captive Portal
Target version:
Start date:
03/25/2012
Due date:
% Done:

90%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

Setup: pfsense 2.1 20120322-1658
config.xml file copied over from 2.0.1

Checking CP I noticed a wrong redirection URL

HTTP/1.1 302 Found
Expires: Wed, 28 Mar 2012 02:01:49 GMT
Expires: 0
Cache-Control: max-age=180000
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Location: https://hotspot.domain.tld8001/index.php?zone=cpzone&redirurl=http%3A%2F%2Fwww.in.gr%2F
Content-type: text/html
Content-Length: 0
Date: Mon, 26 Mar 2012 00:01:49 GMT
Server: lighttpd/1.4.29

where hotspot.domain.tld is my CP's hostname

Actions #1

Updated by Chris Buechler over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Darren Embry
  • Affected Version set to 2.1
Actions #2

Updated by Darren Embry over 9 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 80

I believe I found and fixed the bug but can you provide steps to reproduce along with config.xml?

And this is within the captive portal itself, right?

Actions #3

Updated by Dim Hatz over 9 years ago

Yes, it's the standard CP with SSL login enabled, i.e. CP answers http requests (forwarded via ipfw to 127.0.0.1:8000) and redirects them via the 302 code (see the http in first post) to lighttpd SSL listening at port 8001.

My test setup for this bug is very simple -- see xml snippet:

        <captiveportal>
                <page/>
                <timeout>240</timeout>
                <interface>lan</interface>
                <idletimeout>15</idletimeout>
                <freelogins_count/>
                <freelogins_resettimeout/>
                <auth_method>local</auth_method>
                <reauthenticateacct/>
                <httpsname>hotspot.domain.tld</httpsname>
                <preauthurl/>
                <bwdefaultdn/>
                <bwdefaultup/>
                <certificate>aaaaaaaaaa</certificate>
                <cacertificate>bbbbbbbbbb</cacertificate>
                <private-key>ccccccccc</private-key>
                <noconcurrentlogins/>
                <redirurl/>
                <radiusip/>
                <radiusip2/>
                <radiusport/>
                <radiusport2/>
                <radiusacctport/>
                <radiuskey/>
                <radiuskey2/>
                <radiusvendor>default</radiusvendor>
                <radiussrcip_attribute>wan</radiussrcip_attribute>
                <radmac_format>default</radmac_format>
                <httpslogin/>
                <enable/>
        </captiveportal>

Actions #4

Updated by Darren Embry over 9 years ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Darren Embry to Chris Buechler
  • % Done changed from 80 to 90

Chris, I'm pretty sure I fixed the problem just from looking at the code but I need you to test this please because for some reason I cannot get CP working with httpslogin turned on so I cannot properly test myself.

I'm pretty sure that all you need to do is turn on httpslogin to trigger the bug.

Here is my patch for this bug, it's committed in 2.1 and it's a very small patch and I'm mostly confident in it:
https://github.com/bsdperimeter/pfsense/commit/a53794c9cce9d71d6243072c87916e35c416cc0c

Actions #5

Updated by Dim Hatz over 9 years ago

OK, just synced my 2.1 with the file from git, and the malformed 302 redirection URL issue seems fixed.

However:
1) previously generated vouchers don't seem to work (as defined in the copied over 2.0.1 xml) producing "invalid credentials specified"
2) voucher generation seems to have issues. Btw when I click "save" on the CP's Vouchers tab without having changed anything on that page, any created Voucher Rolls vanish!
I'll investigate further and probably open a new ticket, if necessary.

Actions #6

Updated by Chris Buechler over 9 years ago

  • Status changed from Assigned to Resolved

this particular issue is fixed

Actions

Also available in: Atom PDF