Bug #2311
closedWrong redirection URL (from http -> https) missing colon char
90%
Description
Setup: pfsense 2.1 20120322-1658
config.xml file copied over from 2.0.1
Checking CP I noticed a wrong redirection URL
HTTP/1.1 302 Found
Expires: Wed, 28 Mar 2012 02:01:49 GMT
Expires: 0
Cache-Control: max-age=180000
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Location: https://hotspot.domain.tld8001/index.php?zone=cpzone&redirurl=http%3A%2F%2Fwww.in.gr%2F
Content-type: text/html
Content-Length: 0
Date: Mon, 26 Mar 2012 00:01:49 GMT
Server: lighttpd/1.4.29
where hotspot.domain.tld is my CP's hostname
Updated by Chris Buechler over 12 years ago
- Status changed from New to Assigned
- Assignee set to Darren Embry
- Affected Version set to 2.1
Updated by Darren Embry over 12 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 80
I believe I found and fixed the bug but can you provide steps to reproduce along with config.xml?
And this is within the captive portal itself, right?
Updated by Dim Hatz over 12 years ago
Yes, it's the standard CP with SSL login enabled, i.e. CP answers http requests (forwarded via ipfw to 127.0.0.1:8000) and redirects them via the 302 code (see the http in first post) to lighttpd SSL listening at port 8001.
My test setup for this bug is very simple -- see xml snippet:
<captiveportal> <page/> <timeout>240</timeout> <interface>lan</interface> <idletimeout>15</idletimeout> <freelogins_count/> <freelogins_resettimeout/> <auth_method>local</auth_method> <reauthenticateacct/> <httpsname>hotspot.domain.tld</httpsname> <preauthurl/> <bwdefaultdn/> <bwdefaultup/> <certificate>aaaaaaaaaa</certificate> <cacertificate>bbbbbbbbbb</cacertificate> <private-key>ccccccccc</private-key> <noconcurrentlogins/> <redirurl/> <radiusip/> <radiusip2/> <radiusport/> <radiusport2/> <radiusacctport/> <radiuskey/> <radiuskey2/> <radiusvendor>default</radiusvendor> <radiussrcip_attribute>wan</radiussrcip_attribute> <radmac_format>default</radmac_format> <httpslogin/> <enable/> </captiveportal>
Updated by Darren Embry over 12 years ago
- Status changed from Feedback to Assigned
- Assignee changed from Darren Embry to Chris Buechler
- % Done changed from 80 to 90
Chris, I'm pretty sure I fixed the problem just from looking at the code but I need you to test this please because for some reason I cannot get CP working with httpslogin turned on so I cannot properly test myself.
I'm pretty sure that all you need to do is turn on httpslogin to trigger the bug.
Here is my patch for this bug, it's committed in 2.1 and it's a very small patch and I'm mostly confident in it:
https://github.com/bsdperimeter/pfsense/commit/a53794c9cce9d71d6243072c87916e35c416cc0c
Updated by Dim Hatz over 12 years ago
OK, just synced my 2.1 with the file from git, and the malformed 302 redirection URL issue seems fixed.
However:
1) previously generated vouchers don't seem to work (as defined in the copied over 2.0.1 xml) producing "invalid credentials specified"
2) voucher generation seems to have issues. Btw when I click "save" on the CP's Vouchers tab without having changed anything on that page, any created Voucher Rolls vanish!
I'll investigate further and probably open a new ticket, if necessary.
Updated by Chris Buechler over 12 years ago
- Status changed from Assigned to Resolved
this particular issue is fixed