Bug #3216
closedPFSense 2.1 - Captive Portal Zone - is not avaible in user effective privileges
Added by Francisco Craviotto about 11 years ago. Updated over 8 years ago.
100%
Description
PFsense 2.1. If you configure an user only to access to captive portal, it doesn´t work, I supose why: in user management, adding effective privileges, I add all privileges about services - captive portal and status - captive portal, and only this privileges to an user. When I login as this user, I can´t login pfsense web configurator. In pfsense console I see "successful login" for the user, but web configurator doesn´t work. I supose it is because there is a new level "zones" in captive portal.
Thanks
Files
VoucherManagerUserPermission.png (69.4 KB) VoucherManagerUserPermission.png | Davide Cottignoli, 05/26/2016 02:29 AM | ||
ErrorRedirectingPageVoucherManager.png (41.6 KB) ErrorRedirectingPageVoucherManager.png | Davide Cottignoli, 05/26/2016 02:30 AM |
Updated by Joshua Shoemaker about 11 years ago
I was able to work around this.
Add the lines below to /etc/inc/priv.defs.inc (Toward the end but anywhere as long as it is past line 7 ($priv_list = array();)
$priv_list['page-services-captiveportal-zones'] = array();
$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captiveprotal Zones page");
$priv_list['page-services-captiveportal-zones']['descr'] = gettext("Allow access to the 'Services: CaptivePortal Zones' page.");
$priv_list['page-services-captiveportal-zones']['match'] = array();
$priv_list['page-services-captiveportal-zones']['match'][] = "services_captiveportal_zones.php*";
Updated by Renato Botelho about 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 8deaf333f25dc18d461d7f2b0e61b1b2c1a64ace.
Updated by Renato Botelho about 11 years ago
Applied in changeset 4a913451bba01ac65dcaedf31e24fcd938bbe0a2.
Updated by Rob Lister about 11 years ago
Thanks. I have applied this fix (nb: less typo "Captiveprotal" and this works, however, have since noticed that it doesn't allow access to the /services_captiveportal_mac.php?zone=xxx page, even though there appear to be entries in the /etc/inc/priv.defs.inc file for this, it doesn't show up in the list of allowed privs for groups.
Also in my case the entries for Allowed IPs and Edit Allowed IPs have become duplicated when assigning to a group:.
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
Rob
Updated by Rob Lister about 11 years ago
Okay, I think I might have found the glitch: In the array it's defined twice, once for MAC addresses and again underneath it the same var for hostnames pages. Looks like a copypasta error :)
$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Mac Addresses page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Mac Addresses' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*";
$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit MAC Addresses page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";
$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_hostname.php*";
$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_hostname_edit.php*";
Updated by Rob Lister about 11 years ago
And Edit Allowed hostnames is mistakenly defined for Allowed IPs page:
$priv_list['page-services-captiveportal-allowedhostnames'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_ip.php*";
$priv_list['page-services-captiveportal-editallowedhostnames'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_ip_edit.php*";
Might explain the duplicates that show up in the list.
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedips']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
Updated by Renato Botelho over 10 years ago
- Status changed from Feedback to Resolved
Updated by Davide Cottignoli over 8 years ago
- File VoucherManagerUserPermission.png VoucherManagerUserPermission.png added
- File ErrorRedirectingPageVoucherManager.png ErrorRedirectingPageVoucherManager.png added
I noticed that in version from 2.2.5 to 2.3.1 which I have tested there is a regression for this bug. If I want to create an user that has only voucher managing permission I need to include CaptivePortalZoneEdit permission which is not desirable.