upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net/upnp: make user permission more flexible, allow 8 for now; closes #1062

Browse source 
(cherry picked from commit a444abfa61)
(cherry picked from commit 0c55fb01ec)
This commit is contained in:
Franco Fichtner 2018-12-13 08:32:40 +01:00
parent 4914906763
commit 55a4bb8f70
4 changed files with 99 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
net/upnp/Makefile
View file

@ -1,6 +1,5 @@
PLUGIN_NAME= upnp
PLUGIN_VERSION= 1.2
PLUGIN_REVISION= 3
PLUGIN_VERSION= 1.3
PLUGIN_DEPENDS= miniupnpd
PLUGIN_COMMENT= Universal Plug and Play Service
PLUGIN_MAINTAINER= franco@opnsense.org

22
net/upnp/src/etc/inc/plugins.inc.d/miniupnpd.inc
View file

@ -96,9 +96,21 @@ function miniupnpd_uuid()
return substr($uuid, 0, 8).'-'.substr($uuid, 9, 4).'-'.substr($uuid, 13, 4).'-'.substr($uuid, 17, 4).'-'.substr($uuid, 21, 12);
}
function miniupnpd_permuser_list()
{
$ret = array();
$count = 8;
for ($i = 1; $i <= $count; $i++) {
$ret[$i] = "permuser{$i}";
}
return $ret;
}
function miniupnpd_configure_do($verbose = false)
{
global $config, $g;
global $config;
miniupnpd_stop();
@ -193,12 +205,12 @@ function miniupnpd_configure_do($verbose = false)
$config_text .= "serial=".strtoupper(substr(miniupnpd_uuid(), 0, 8))."\n";
/* set model number */
$config_text .= "model_number={$g['product_version']}\n";
$config_text .= "model_number=" . trim(shell_exec('opnsense-version -v')) . "\n";
/* upnp access restrictions */
for ($i=1; $i<=4; $i++) {
if ($upnp_config["permuser{$i}"]) {
$config_text .= "{$upnp_config["permuser{$i}"]}\n";
foreach (miniupnpd_permuser_list() as $permuser) {
if (!empty($upnp_config[$permuser])) {
$config_text .= "{$upnp_config[$permuser]}\n";
}
}

122
net/upnp/src/www/services_upnp.php
View file

@ -1,31 +1,31 @@
<?php
/*
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2004-2012 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
* Copyright (C) 2014-2016 Deciso B.V.
* Copyright (C) 2004-2012 Scott Ullrich <sullrich@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("interfaces.inc");
@ -34,7 +34,8 @@ require_once("filter.inc");
require_once("system.inc");
require_once("plugins.inc.d/miniupnpd.inc");
function upnp_validate_ip($ip) {
function miniupnpd_validate_ip($ip)
{
/* validate cidr */
$ip_array = array();
$ip_array = explode('/', $ip);
@ -50,15 +51,18 @@ function upnp_validate_ip($ip) {
if (!is_ipaddr($ip_array[0])) {
return false;
}
return true;
}
function upnp_validate_port($port) {
function miniupnpd_validate_port($port)
{
foreach (explode('-', $port) as $sub) {
if ($sub < 0 || $sub > 65535 || !is_numeric($sub)) {
return false;
}
}
return true;
}
@ -66,8 +70,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$copy_fields = array('enable', 'enable_upnp', 'enable_natpmp', 'ext_iface', 'iface_array', 'download',
'upload', 'overridewanip', 'logpackets', 'sysuptime', 'permdefault', 'permuser1',
'permuser2', 'permuser3', 'permuser4');
'upload', 'overridewanip', 'logpackets', 'sysuptime', 'permdefault');
foreach (miniupnpd_permuser_list() as $permuser) {
$copy_fields[] = $permuser;
}
foreach ($copy_fields as $fieldname) {
if (isset($config['installedpackages']['miniupnpd']['config'][0][$fieldname])) {
@ -109,9 +116,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
/* user permissions validation */
for($i=1; $i<=4; $i++) {
if (!empty($pconfig["permuser{$i}"])) {
$perm = explode(' ',$pconfig["permuser{$i}"]);
foreach (miniupnpd_permuser_list() as $i => $permuser) {
if (!empty($pconfig[$permuser])) {
$perm = explode(' ', $pconfig[$permuser]);
/* should explode to 4 args */
if (count($perm) != 4) {
$input_errors[] = sprintf(gettext("You must follow the specified format in the 'User specified permissions %s' field"), $i);
@ -121,11 +128,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = sprintf(gettext("You must begin with allow or deny in the 'User specified permissions %s' field"), $i);
}
/* verify port or port range */
if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) {
if (!miniupnpd_validate_port($perm[1]) || !miniupnpd_validate_port($perm[3])) {
$input_errors[] = sprintf(gettext("You must specify a port or port range between 0 and 65535 in the 'User specified permissions %s' field"), $i);
}
/* verify ip address */
if (!upnp_validate_ip($perm[2])) {
if (!miniupnpd_validate_ip($perm[2])) {
$input_errors[] = sprintf(gettext("You must specify a valid ip address in the 'User specified permissions %s' field"), $i);
}
}
@ -140,8 +147,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$upnp[$fieldname] = !empty($pconfig[$fieldname]);
}
// text field types
foreach (array('ext_iface', 'download', 'upload', 'overridewanip', 'permuser1',
'permuser2', 'permuser3', 'permuser4') as $fieldname) {
foreach (array('ext_iface', 'download', 'upload', 'overridewanip') as $fieldname) {
$upnp[$fieldname] = $pconfig[$fieldname];
}
foreach (miniupnpd_permuser_list() as $fieldname) {
$upnp[$fieldname] = $pconfig[$fieldname];
}
// array types
@ -313,43 +322,24 @@ include("head.inc");
</tr>
</thead>
<tbody>
<?php foreach (miniupnpd_permuser_list() as $i => $permuser): ?>
<tr>
<td style="width:22%"><a id="help_for_permuser1" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 1");?></td>
<?php if ($i == 1): ?>
<td style="width:22%"><a id="help_for_permuser" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Entry') . ' ' . $i ?></td>
<?php else: ?>
<td style="width:22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext('Entry') . ' ' . $i ?></td>
<?php endif ?>
<td style="width:78%">
<input name="permuser1" type="text" value="<?=$pconfig['permuser1'];?>" />
<div class="hidden" data-for="help_for_permuser1">
<input name="<?= html_safe($permuser) ?>" type="text" value="<?= $pconfig[$permuser] ?>" />
<?php if ($i == 1): ?>
<div class="hidden" data-for="help_for_permuser">
<?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?><br/>
<?=gettext("Example: allow 1024-65535 192.168.0.0/24 1024-65535");?>
</div>
<?php endif ?>
</td>
</tr>
<tr>
<td><a id="help_for_permuser2" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 2");?></td>
<td>
<input name="permuser2" type="text" value="<?=$pconfig['permuser2'];?>" />
<div class="hidden" data-for="help_for_permuser2">
<?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_permuser3" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 3");?></td>
<td>
<input name="permuser3" type="text" value="<?=$pconfig['permuser3'];?>" />
<div class="hidden" data-for="help_for_permuser3">
<?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_permuser4" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 4");?></td>
<td>
<input name="permuser4" type="text" value="<?=$pconfig['permuser4'];?>" />
<div class="hidden" data-for="help_for_permuser4">
<?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
</div>
</td>
</tr>
<?php endforeach ?>
</tbody>
</table>
</div>

50
net/upnp/src/www/status_upnp.php
View file

@ -1,31 +1,31 @@
<?php
/*
Copyright (C) 2014-2016 Deciso B.V.
Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
* Copyright (C) 2014-2016 Deciso B.V.
* Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("services.inc");