From 55a4bb8f70edaaa4d47884b716e5147ceb3a73b4 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 13 Dec 2018 08:32:40 +0100
Subject: [PATCH] net/upnp: make user permission more flexible, allow 8 for
 now; closes #1062

(cherry picked from commit a444abfa61e8420888b3df38b4f1d25f027edb83)
(cherry picked from commit 0c55fb01ece2df151efa158c1f15edee53db72b7)
---
 net/upnp/Makefile                             |   3 +-
 .../src/etc/inc/plugins.inc.d/miniupnpd.inc   |  22 +++-
 net/upnp/src/www/services_upnp.php            | 122 ++++++++----------
 net/upnp/src/www/status_upnp.php              |  50 +++----
 4 files changed, 99 insertions(+), 98 deletions(-)

diff --git a/net/upnp/Makefile b/net/upnp/Makefile
index 8260c6950..f8ca698c8 100644
--- a/net/upnp/Makefile
+++ b/net/upnp/Makefile
@@ -1,6 +1,5 @@
 PLUGIN_NAME=		upnp
-PLUGIN_VERSION=		1.2
-PLUGIN_REVISION=	3
+PLUGIN_VERSION=		1.3
 PLUGIN_DEPENDS=		miniupnpd
 PLUGIN_COMMENT=		Universal Plug and Play Service
 PLUGIN_MAINTAINER=	franco@opnsense.org
diff --git a/net/upnp/src/etc/inc/plugins.inc.d/miniupnpd.inc b/net/upnp/src/etc/inc/plugins.inc.d/miniupnpd.inc
index f229b2d7d..51b5e41bf 100644
--- a/net/upnp/src/etc/inc/plugins.inc.d/miniupnpd.inc
+++ b/net/upnp/src/etc/inc/plugins.inc.d/miniupnpd.inc
@@ -96,9 +96,21 @@ function miniupnpd_uuid()
     return substr($uuid, 0, 8).'-'.substr($uuid, 9, 4).'-'.substr($uuid, 13, 4).'-'.substr($uuid, 17, 4).'-'.substr($uuid, 21, 12);
 }
 
+function miniupnpd_permuser_list()
+{
+    $ret = array();
+    $count = 8;
+
+    for ($i = 1; $i <= $count; $i++) {
+        $ret[$i] = "permuser{$i}";
+    }
+
+    return $ret;
+}
+
 function miniupnpd_configure_do($verbose = false)
 {
-    global $config, $g;
+    global $config;
 
     miniupnpd_stop();
 
@@ -193,12 +205,12 @@ function miniupnpd_configure_do($verbose = false)
             $config_text .= "serial=".strtoupper(substr(miniupnpd_uuid(), 0, 8))."\n";
 
             /* set model number */
-            $config_text .= "model_number={$g['product_version']}\n";
+            $config_text .= "model_number=" . trim(shell_exec('opnsense-version -v')) . "\n";
 
             /* upnp access restrictions */
-            for ($i=1; $i<=4; $i++) {
-                if ($upnp_config["permuser{$i}"]) {
-                    $config_text .= "{$upnp_config["permuser{$i}"]}\n";
+            foreach (miniupnpd_permuser_list() as $permuser) {
+                if (!empty($upnp_config[$permuser])) {
+                    $config_text .= "{$upnp_config[$permuser]}\n";
                 }
             }
 
diff --git a/net/upnp/src/www/services_upnp.php b/net/upnp/src/www/services_upnp.php
index 7d05533fe..b2feb6dea 100644
--- a/net/upnp/src/www/services_upnp.php
+++ b/net/upnp/src/www/services_upnp.php
@@ -1,31 +1,31 @@
 <?php
 
 /*
-    Copyright (C) 2014-2016 Deciso B.V.
-    Copyright (C) 2004-2012 Scott Ullrich <sullrich@gmail.com>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
+ * Copyright (C) 2014-2016 Deciso B.V.
+ * Copyright (C) 2004-2012 Scott Ullrich <sullrich@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
 require_once("guiconfig.inc");
 require_once("interfaces.inc");
@@ -34,7 +34,8 @@ require_once("filter.inc");
 require_once("system.inc");
 require_once("plugins.inc.d/miniupnpd.inc");
 
-function upnp_validate_ip($ip) {
+function miniupnpd_validate_ip($ip)
+{
     /* validate cidr */
     $ip_array = array();
     $ip_array = explode('/', $ip);
@@ -50,15 +51,18 @@ function upnp_validate_ip($ip) {
     if (!is_ipaddr($ip_array[0])) {
         return false;
     }
+
     return true;
 }
 
-function upnp_validate_port($port) {
+function miniupnpd_validate_port($port)
+{
     foreach (explode('-', $port) as $sub) {
         if ($sub < 0 || $sub > 65535 || !is_numeric($sub)) {
             return false;
         }
     }
+
     return true;
 }
 
@@ -66,8 +70,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig = array();
 
     $copy_fields = array('enable', 'enable_upnp', 'enable_natpmp', 'ext_iface', 'iface_array', 'download',
-                         'upload', 'overridewanip', 'logpackets', 'sysuptime', 'permdefault', 'permuser1',
-                         'permuser2', 'permuser3', 'permuser4');
+                         'upload', 'overridewanip', 'logpackets', 'sysuptime', 'permdefault');
+
+    foreach (miniupnpd_permuser_list() as $permuser) {
+        $copy_fields[] = $permuser;
+    }
 
     foreach ($copy_fields as $fieldname) {
         if (isset($config['installedpackages']['miniupnpd']['config'][0][$fieldname])) {
@@ -109,9 +116,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     }
 
     /* user permissions validation */
-    for($i=1; $i<=4; $i++) {
-        if (!empty($pconfig["permuser{$i}"])) {
-            $perm = explode(' ',$pconfig["permuser{$i}"]);
+    foreach (miniupnpd_permuser_list() as $i => $permuser) {
+        if (!empty($pconfig[$permuser])) {
+            $perm = explode(' ', $pconfig[$permuser]);
             /* should explode to 4 args */
             if (count($perm) != 4) {
                 $input_errors[] = sprintf(gettext("You must follow the specified format in the 'User specified permissions %s' field"), $i);
@@ -121,11 +128,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $input_errors[] = sprintf(gettext("You must begin with allow or deny in the 'User specified permissions %s' field"), $i);
               }
               /* verify port or port range */
-              if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) {
+              if (!miniupnpd_validate_port($perm[1]) || !miniupnpd_validate_port($perm[3])) {
                   $input_errors[] = sprintf(gettext("You must specify a port or port range between 0 and 65535 in the 'User specified permissions %s' field"), $i);
               }
               /* verify ip address */
-              if (!upnp_validate_ip($perm[2])) {
+              if (!miniupnpd_validate_ip($perm[2])) {
                   $input_errors[] = sprintf(gettext("You must specify a valid ip address in the 'User specified permissions %s' field"), $i);
               }
             }
@@ -140,8 +147,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $upnp[$fieldname] = !empty($pconfig[$fieldname]);
         }
         // text field types
-        foreach (array('ext_iface', 'download', 'upload', 'overridewanip', 'permuser1',
-                       'permuser2', 'permuser3', 'permuser4') as $fieldname) {
+        foreach (array('ext_iface', 'download', 'upload', 'overridewanip') as $fieldname) {
+            $upnp[$fieldname] = $pconfig[$fieldname];
+        }
+        foreach (miniupnpd_permuser_list() as $fieldname) {
             $upnp[$fieldname] = $pconfig[$fieldname];
         }
         // array types
@@ -313,43 +322,24 @@ include("head.inc");
                     </tr>
                   </thead>
                   <tbody>
+<?php foreach (miniupnpd_permuser_list() as $i => $permuser): ?>
                     <tr>
-                      <td style="width:22%"><a id="help_for_permuser1" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 1");?></td>
+<?php if ($i == 1): ?>
+                      <td style="width:22%"><a id="help_for_permuser" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Entry') . ' ' . $i ?></td>
+<?php else: ?>
+                      <td style="width:22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext('Entry') . ' ' . $i ?></td>
+<?php endif ?>
                       <td style="width:78%">
-                        <input name="permuser1" type="text" value="<?=$pconfig['permuser1'];?>" />
-                        <div class="hidden" data-for="help_for_permuser1">
+                        <input name="<?= html_safe($permuser) ?>" type="text" value="<?= $pconfig[$permuser] ?>" />
+<?php if ($i == 1): ?>
+                        <div class="hidden" data-for="help_for_permuser">
                           <?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?><br/>
                           <?=gettext("Example: allow 1024-65535 192.168.0.0/24 1024-65535");?>
                         </div>
+<?php endif ?>
                       </td>
                     </tr>
-                    <tr>
-                      <td><a id="help_for_permuser2" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 2");?></td>
-                      <td>
-                        <input name="permuser2" type="text" value="<?=$pconfig['permuser2'];?>" />
-                        <div class="hidden" data-for="help_for_permuser2">
-                          <?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
-                        </div>
-                      </td>
-                    </tr>
-                    <tr>
-                      <td><a id="help_for_permuser3" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 3");?></td>
-                      <td>
-                        <input name="permuser3" type="text" value="<?=$pconfig['permuser3'];?>" />
-                        <div class="hidden" data-for="help_for_permuser3">
-                          <?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
-                        </div>
-                      </td>
-                    </tr>
-                    <tr>
-                      <td><a id="help_for_permuser4" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set 4");?></td>
-                      <td>
-                        <input name="permuser4" type="text" value="<?=$pconfig['permuser4'];?>" />
-                        <div class="hidden" data-for="help_for_permuser4">
-                          <?=gettext("Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]");?>
-                        </div>
-                      </td>
-                    </tr>
+<?php endforeach ?>
                   </tbody>
                 </table>
               </div>
diff --git a/net/upnp/src/www/status_upnp.php b/net/upnp/src/www/status_upnp.php
index 0444772a5..0ab38657c 100644
--- a/net/upnp/src/www/status_upnp.php
+++ b/net/upnp/src/www/status_upnp.php
@@ -1,31 +1,31 @@
 <?php
 
 /*
-    Copyright (C) 2014-2016 Deciso B.V.
-    Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
-    All rights reserved.
-
-    Redistribution and use in source and binary forms, with or without
-    modification, are permitted provided that the following conditions are met:
-
-    1. Redistributions of source code must retain the above copyright notice,
-       this list of conditions and the following disclaimer.
-
-    2. Redistributions in binary form must reproduce the above copyright
-       notice, this list of conditions and the following disclaimer in the
-       documentation and/or other materials provided with the distribution.
-
-    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-    POSSIBILITY OF SUCH DAMAGE.
-*/
+ * Copyright (C) 2014-2016 Deciso B.V.
+ * Copyright (C) 2010 Seth Mos <seth.mos@dds.nl>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
 
 require_once("guiconfig.inc");
 require_once("services.inc");