Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
6b3bff0f
Commit
6b3bff0f
authored
Apr 23, 2015
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
src: start to prune varrun_path foo
Style and sanity splatter all over while at it.
parent
ca9ab9b6
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
46 additions
and
40 deletions
+46
-40
auth.inc
src/etc/inc/auth.inc
+32
-29
captiveportal.inc
src/etc/inc/captiveportal.inc
+14
-11
No files found.
src/etc/inc/auth.inc
View file @
6b3bff0f
...
@@ -203,7 +203,7 @@ function index_groups()
...
@@ -203,7 +203,7 @@ function index_groups()
$groupindex
=
array
();
$groupindex
=
array
();
if
(
is
_array
(
$config
[
'system'
][
'group'
]))
{
if
(
is
set
(
$config
[
'system'
][
'group'
]))
{
$i
=
0
;
$i
=
0
;
foreach
(
$config
[
'system'
][
'group'
]
as
$groupent
)
{
foreach
(
$config
[
'system'
][
'group'
]
as
$groupent
)
{
$groupindex
[
$groupent
[
'name'
]]
=
$i
;
$groupindex
[
$groupent
[
'name'
]]
=
$i
;
...
@@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid)
...
@@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid)
{
{
global
$config
;
global
$config
;
if
(
is
_array
(
$config
[
'system'
][
'group'
]))
{
if
(
is
set
(
$config
[
'system'
][
'group'
]))
{
foreach
(
$config
[
'system'
][
'group'
]
as
&
$group
)
{
foreach
(
$config
[
'system'
][
'group'
]
as
&
$group
)
{
if
(
$group
[
'gid'
]
==
$gid
)
{
if
(
$group
[
'gid'
]
==
$gid
)
{
return
$group
;
return
$group
;
...
@@ -518,7 +518,8 @@ function local_user_get_groups($user, $all = false)
...
@@ -518,7 +518,8 @@ function local_user_get_groups($user, $all = false)
global
$config
;
global
$config
;
$groups
=
array
();
$groups
=
array
();
if
(
!
is_array
(
$config
[
'system'
][
'group'
]))
{
if
(
!
isset
(
$config
[
'system'
][
'group'
]))
{
return
$groups
;
return
$groups
;
}
}
...
@@ -540,8 +541,9 @@ function local_user_set_groups($user, $new_groups = null)
...
@@ -540,8 +541,9 @@ function local_user_set_groups($user, $new_groups = null)
{
{
global
$config
,
$groupindex
;
global
$config
,
$groupindex
;
if
(
!
is
_array
(
$config
[
'system'
][
'group'
]))
if
(
!
is
set
(
$config
[
'system'
][
'group'
]))
{
return
;
return
;
}
$cur_groups
=
local_user_get_groups
(
$user
,
true
);
$cur_groups
=
local_user_get_groups
(
$user
,
true
);
$mod_groups
=
array
();
$mod_groups
=
array
();
...
@@ -680,33 +682,31 @@ function ldap_test_connection($authcfg)
...
@@ -680,33 +682,31 @@ function ldap_test_connection($authcfg)
function
ldap_setup_caenv
(
$authcfg
)
function
ldap_setup_caenv
(
$authcfg
)
{
{
global
$g
;
require_once
(
"certs.inc"
);
require_once
(
"certs.inc"
);
unset
(
$caref
);
unset
(
$caref
);
if
(
empty
(
$authcfg
[
'ldap_caref'
])
||
!
strstr
(
$authcfg
[
'ldap_urltype'
],
"SSL"
))
{
if
(
empty
(
$authcfg
[
'ldap_caref'
])
||
!
strstr
(
$authcfg
[
'ldap_urltype'
],
"SSL"
))
{
putenv
(
'LDAPTLS_REQCERT=never'
);
putenv
(
'LDAPTLS_REQCERT=never'
);
return
;
return
;
}
else
{
}
$caref
=
lookup_ca
(
$authcfg
[
'ldap_caref'
]);
if
(
!
$caref
)
{
$caref
=
lookup_ca
(
$authcfg
[
'ldap_caref'
]);
log_error
(
sprintf
(
gettext
(
"LDAP: Could not lookup CA by reference for host %s."
),
$authcfg
[
'ldap_caref'
]));
if
(
!
$caref
)
{
/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
log_error
(
sprintf
(
gettext
(
"LDAP: Could not lookup CA by reference for host %s."
),
$authcfg
[
'ldap_caref'
]));
putenv
(
'LDAPTLS_REQCERT=hard'
);
/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
return
;
}
if
(
!
is_dir
(
"
{
$g
[
'varrun_path'
]
}
/certs"
))
@
mkdir
(
"
{
$g
[
'varrun_path'
]
}
/certs"
);
if
(
file_exists
(
"
{
$g
[
'varrun_path'
]
}
/certs/
{
$caref
[
'refid'
]
}
.ca"
))
@
unlink
(
"
{
$g
[
'varrun_path'
]
}
/certs/
{
$caref
[
'refid'
]
}
.ca"
);
file_put_contents
(
"
{
$g
[
'varrun_path'
]
}
/certs/
{
$caref
[
'refid'
]
}
.ca"
,
base64_decode
(
$caref
[
'crt'
]));
@
chmod
(
"
{
$g
[
'varrun_path'
]
}
/certs/
{
$caref
[
'refid'
]
}
.ca"
,
0600
);
putenv
(
'LDAPTLS_REQCERT=hard'
);
putenv
(
'LDAPTLS_REQCERT=hard'
);
/* XXX: Probably even the hashed link should be created for this? */
return
;
putenv
(
"LDAPTLS_CACERTDIR=
{
$g
[
'varrun_path'
]
}
/certs"
);
putenv
(
"LDAPTLS_CACERT=
{
$g
[
'varrun_path'
]
}
/certs/
{
$caref
[
'refid'
]
}
.ca"
);
}
}
@
mkdir
(
"/var/run/certs"
);
@
unlink
(
"/var/run/certs/
{
$caref
[
'refid'
]
}
.ca"
);
file_put_contents
(
"/var/run/certs/
{
$caref
[
'refid'
]
}
.ca"
,
base64_decode
(
$caref
[
'crt'
]));
@
chmod
(
"/var/run/certs/
{
$caref
[
'refid'
]
}
.ca"
,
0600
);
putenv
(
'LDAPTLS_REQCERT=hard'
);
/* XXX: Probably even the hashed link should be created for this? */
putenv
(
"LDAPTLS_CACERTDIR=/var/run/certs"
);
putenv
(
"LDAPTLS_CACERT=/var/run/certs/
{
$caref
[
'refid'
]
}
.ca"
);
}
}
function
ldap_test_bind
(
$authcfg
)
function
ldap_test_bind
(
$authcfg
)
...
@@ -1261,12 +1261,14 @@ function auth_get_authserver_list() {
...
@@ -1261,12 +1261,14 @@ function auth_get_authserver_list() {
return
$list
;
return
$list
;
}
}
function
getUserGroups
(
$username
,
$authcfg
)
{
function
getUserGroups
(
$username
,
$authcfg
)
{
global
$config
;
global
$config
;
$allowed_groups
=
array
();
$allowed_groups
=
array
();
$member_groups
=
array
();
switch
(
$authcfg
[
'type'
])
{
switch
(
$authcfg
[
'type'
])
{
case
'ldap'
:
case
'ldap'
:
$allowed_groups
=
@
ldap_get_groups
(
$username
,
$authcfg
);
$allowed_groups
=
@
ldap_get_groups
(
$username
,
$authcfg
);
break
;
break
;
...
@@ -1278,11 +1280,12 @@ function getUserGroups($username, $authcfg) {
...
@@ -1278,11 +1280,12 @@ function getUserGroups($username, $authcfg) {
break
;
break
;
}
}
$member_groups
=
array
();
if
(
isset
(
$config
[
'system'
][
'group'
]))
{
if
(
is_array
(
$config
[
'system'
][
'group'
]))
{
foreach
(
$config
[
'system'
][
'group'
]
as
$group
)
{
foreach
(
$config
[
'system'
][
'group'
]
as
$group
)
if
(
in_array
(
$group
[
'name'
],
$allowed_groups
))
{
if
(
in_array
(
$group
[
'name'
],
$allowed_groups
))
$member_groups
[]
=
$group
[
'name'
];
$member_groups
[]
=
$group
[
'name'
];
}
}
}
}
return
$member_groups
;
return
$member_groups
;
...
...
src/etc/inc/captiveportal.inc
View file @
6b3bff0f
...
@@ -405,7 +405,7 @@ function captiveportal_configure_zone($cpcfg) {
...
@@ -405,7 +405,7 @@ function captiveportal_configure_zone($cpcfg) {
}
else
}
else
captiveportal_syslog
(
"Reconfiguring captive portal(
{
$cpcfg
[
'zone'
]
}
)."
);
captiveportal_syslog
(
"Reconfiguring captive portal(
{
$cpcfg
[
'zone'
]
}
)."
);
/* kill any running minicron */
/* kill any running minicron */
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/cp_prunedb_
{
$cpzone
}
.pid"
);
killbypid
(
"
/var/run
/cp_prunedb_
{
$cpzone
}
.pid"
);
/* initialize minicron interval value */
/* initialize minicron interval value */
$croninterval
=
$cpcfg
[
'croninterval'
]
?
$cpcfg
[
'croninterval'
]
:
60
;
$croninterval
=
$cpcfg
[
'croninterval'
]
?
$cpcfg
[
'croninterval'
]
:
60
;
...
@@ -521,19 +521,23 @@ EOD;
...
@@ -521,19 +521,23 @@ EOD;
captiveportal_write_elements
();
captiveportal_write_elements
();
/* kill any running mini_httpd */
/* kill any running mini_httpd */
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/lighty-
{
$cpzone
}
-CaptivePortal.pid"
);
killbypid
(
"
/var/run
/lighty-
{
$cpzone
}
-CaptivePortal.pid"
);
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/lighty-
{
$cpzone
}
-CaptivePortal-SSL.pid"
);
killbypid
(
"
/var/run
/lighty-
{
$cpzone
}
-CaptivePortal-SSL.pid"
);
/* start up the webserving daemon */
/* start up the webserving daemon */
captiveportal_init_webgui_zone
(
$cpcfg
);
captiveportal_init_webgui_zone
(
$cpcfg
);
/* Kill any existing prunecaptiveportal processes */
/* Kill any existing prunecaptiveportal processes */
if
(
file_exists
(
"
{
$g
[
'varrun_path'
]
}
/cp_prunedb_
{
$cpzone
}
.pid"
))
killbypid
(
"/var/run/cp_prunedb_
{
$cpzone
}
.pid"
);
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/cp_prunedb_
{
$cpzone
}
.pid"
);
/* start pruning process (interval defaults to 60 seconds) */
/* start pruning process (interval defaults to 60 seconds) */
mwexec
(
"/usr/local/bin/minicron
$croninterval
{
$g
[
'varrun_path'
]
}
/cp_prunedb_
{
$cpzone
}
.pid "
.
mwexecf
(
"/usr/local/etc/rc.prunecaptiveportal
{
$cpzone
}
"
);
'/usr/local/bin/minicron %s %s %s %s'
,
$croninterval
,
"/var/run/cp_prunedb_
{
$cpzone
}
.pid"
,
'/usr/local/etc/rc.prunecaptiveportal'
,
$cpzone
);
/* generate radius server database */
/* generate radius server database */
unlink_if_exists
(
"
{
$g
[
'vardb_path'
]
}
/captiveportal_radius_
{
$cpzone
}
.db"
);
unlink_if_exists
(
"
{
$g
[
'vardb_path'
]
}
/captiveportal_radius_
{
$cpzone
}
.db"
);
...
@@ -546,9 +550,9 @@ EOD;
...
@@ -546,9 +550,9 @@ EOD;
}
}
}
else
{
}
else
{
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/lighty-
{
$cpzone
}
-CaptivePortal.pid"
);
killbypid
(
"
/var/run
/lighty-
{
$cpzone
}
-CaptivePortal.pid"
);
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/lighty-
{
$cpzone
}
-CaptivePortal-SSL.pid"
);
killbypid
(
"
/var/run
/lighty-
{
$cpzone
}
-CaptivePortal-SSL.pid"
);
killbypid
(
"
{
$g
[
'varrun_path'
]
}
/cp_prunedb_
{
$cpzone
}
.pid"
);
killbypid
(
"
/var/run
/cp_prunedb_
{
$cpzone
}
.pid"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal_
{
$cpzone
}
.html"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal_
{
$cpzone
}
.html"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal-
{
$cpzone
}
-error.html"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal-
{
$cpzone
}
-error.html"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal-
{
$cpzone
}
-logout.html"
);
@
unlink
(
"
{
$g
[
'varetc_path'
]
}
/captiveportal-
{
$cpzone
}
-logout.html"
);
...
@@ -567,7 +571,6 @@ EOD;
...
@@ -567,7 +571,6 @@ EOD;
/* Release allocated pipes for this zone */
/* Release allocated pipes for this zone */
captiveportal_free_dnrules
();
captiveportal_free_dnrules
();
if
(
empty
(
$config
[
'captiveportal'
]))
if
(
empty
(
$config
[
'captiveportal'
]))
set_single_sysctl
(
"net.link.ether.ipfw"
,
"0"
);
set_single_sysctl
(
"net.link.ether.ipfw"
,
"0"
);
else
{
else
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment