Bug #3216
closed
PFSense 2.1 - Captive Portal Zone - is not avaible in user effective privileges
Added by Francisco Craviotto over 10 years ago.
Updated almost 8 years ago.
Category:
User Manager / Privileges
Description
PFsense 2.1. If you configure an user only to access to captive portal, it doesn´t work, I supose why: in user management, adding effective privileges, I add all privileges about services - captive portal and status - captive portal, and only this privileges to an user. When I login as this user, I can´t login pfsense web configurator. In pfsense console I see "successful login" for the user, but web configurator doesn´t work. I supose it is because there is a new level "zones" in captive portal.
Thanks
Files
I was able to work around this.
Add the lines below to /etc/inc/priv.defs.inc (Toward the end but anywhere as long as it is past line 7 ($priv_list = array();)
$priv_list['page-services-captiveportal-zones'] = array();
$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captiveprotal Zones page");
$priv_list['page-services-captiveportal-zones']['descr'] = gettext("Allow access to the 'Services: CaptivePortal Zones' page.");
$priv_list['page-services-captiveportal-zones']['match'] = array();
$priv_list['page-services-captiveportal-zones']['match'][] = "services_captiveportal_zones.php*";
- Target version set to 2.1.1
- Status changed from New to Feedback
- % Done changed from 0 to 100
Thanks. I have applied this fix (nb: less typo "Captiveprotal" and this works, however, have since noticed that it doesn't allow access to the /services_captiveportal_mac.php?zone=xxx page, even though there appear to be entries in the /etc/inc/priv.defs.inc file for this, it doesn't show up in the list of allowed privs for groups.
Also in my case the entries for Allowed IPs and Edit Allowed IPs have become duplicated when assigning to a group:.
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
WebCfg - Services: Captive portal: Edit Allowed IPs page
Rob
Okay, I think I might have found the glitch: In the array it's defined twice, once for MAC addresses and again underneath it the same var for hostnames pages. Looks like a copypasta error :)
$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Mac Addresses page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Mac Addresses' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*";
$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit MAC Addresses page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";
$priv_list['page-services-captiveportal-macaddresses'] = array();
$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page");
$priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_hostname.php*";
$priv_list['page-services-captiveportal-editmacaddresses'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page");
$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page.");
$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_hostname_edit.php*";
And Edit Allowed hostnames is mistakenly defined for Allowed IPs page:
$priv_list['page-services-captiveportal-allowedhostnames'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_ip.php*";
$priv_list['page-services-captiveportal-editallowedhostnames'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array();
$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_ip_edit.php*";
Might explain the duplicates that show up in the list.
$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page");
$priv_list['page-services-captiveportal-allowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page.");
$priv_list['page-services-captiveportal-editallowedips']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page");
$priv_list['page-services-captiveportal-editallowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.");
- Status changed from Feedback to Resolved
I noticed that in version from 2.2.5 to 2.3.1 which I have tested there is a regression for this bug. If I want to create an user that has only voucher managing permission I need to include CaptivePortalZoneEdit permission which is not desirable.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
