diff options
author | Bill Marquette <bill.marquette@gmail.com> | 2009-02-06 19:18:00 -0600 |
---|---|---|
committer | Bill Marquette <bill.marquette@gmail.com> | 2009-02-06 19:18:00 -0600 |
commit | 55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1 (patch) | |
tree | ba4783bab1dd65f1ceef2dfac9fdbd515531d18b /config/miniupnpd | |
parent | 67780cc9d469288742aea5bc378c29a54edd5ec5 (diff) | |
download | pfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.tar.gz pfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.tar.bz2 pfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.zip |
mv packages to config dir to match web layout
Diffstat (limited to 'config/miniupnpd')
-rw-r--r-- | config/miniupnpd/miniupnpd.inc | 290 | ||||
-rw-r--r-- | config/miniupnpd/miniupnpd.xml | 182 | ||||
-rwxr-xr-x | config/miniupnpd/sbin/miniupnpd | bin | 0 -> 56202 bytes | |||
-rw-r--r-- | config/miniupnpd/status_upnp.php | 120 |
4 files changed, 592 insertions, 0 deletions
diff --git a/config/miniupnpd/miniupnpd.inc b/config/miniupnpd/miniupnpd.inc new file mode 100644 index 00000000..98e44951 --- /dev/null +++ b/config/miniupnpd/miniupnpd.inc @@ -0,0 +1,290 @@ +<?php + +/* package is now in base, check to see + * if we are already being included + */ +if(!function_exists("upnp_action")) { + + require_once("config.inc"); + require_once("functions.inc"); + + /* MiniUPnPd */ + + define('UPNP_RCFILE', '/usr/local/etc/rc.d/miniupnpd.sh'); + define('UPNP_CONFIG','/usr/local/etc/miniupnpd.conf'); + + function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); } + function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); } + + function upnp_action ($action) { + if (file_exists(UPNP_RCFILE)) + mwexec(UPNP_RCFILE.' '.$action); + } + + function upnp_running () { + if((int)exec('pgrep miniupnpd | wc -l') > 0) + return true; + return false; + } + + function upnp_write_config($file, $text) { + $handle = fopen($file, 'w'); + if(!$handle) { + upnp_warn("Could not open {$file} for writing."); + exit; + } + fwrite($handle, $text); + fclose($handle); + } + + function upnp_uuid() { + /* md5 hash of wan mac */ + $uuid = md5(exec('arp -an -i '.get_real_wan_interface().' | /usr/bin/cut -d " " -f4')); + /* put uuid in correct format 8-4-4-4-12 */ + return substr($uuid,0,8).'-'.substr($uuid,9,4).'-'.substr($uuid,13,4).'-'.substr($uuid,17,4).'-'.substr($uuid,21,12); + } + + function upnp_validate_ip($ip,$check_cdir) { + /* validate cdir */ + if($check_cdir) { + $ip_array = explode('/',$ip); + if(count($ip_array) == 2) { + if($ip_array[1] < 1 || $ip_array[1] > 32) + return false; + } else + if(count($ip_array) != 1) + return false; + } else + $ip_array[] = $ip; + + /* validate ip */ + if(!eregi('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', $ip_array[0])) + return false; + foreach(explode('.', $ip_array[0]) as $sub) + if($sub < 0 || $sub > 256) + return false; + return true; + } + + function upnp_validate_port($port) { + foreach(explode('-', $port) as $sub) + if($sub < 0 || $sub > 65535) + return false; + return true; + } + + function before_form_miniupnpd($pkg) { + global $config; + + config_lock(); + + /* if shaper connection speed defined hide fields */ + if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { + $i=0; + foreach ($pkg['fields']['field'] as $field) { + if ($field['fieldname'] == 'download' || $field['fieldname'] == 'upload') + unset($pkg['fields']['field'][$i]); + $i++; + } + } + + config_unlock(); + } + + function validate_form_miniupnpd($post, $input_errors) { + if($post['iface_array']) + foreach($post['iface_array'] as $iface) + if($iface == 'wan') + $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; + if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false)) + $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; + if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) + $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; + if($post['download'] && $post['download'] <= 0) + $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; + if($post['upload'] && $post['upload'] <= 0) + $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; + + /* user permissions validation */ + for($i=1; $i<=4; $i++) { + if($post["permuser{$i}"]) { + $perm = explode(' ',$post["permuser{$i}"]); + /* should explode to 4 args */ + if(count($perm) != 4) { + $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; + } else { + /* must with allow or deny */ + if(!($perm[0] == 'allow' || $perm[0] == 'deny')) + $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; + /* verify port or port range */ + if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) + $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified + permissions {$i}' field"; + /* verify ip address */ + if(!upnp_validate_ip($perm[2],true)) + $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; + } + } + } + } + + function sync_package_miniupnpd() { + global $config; + global $input_errors; + + config_lock(); + + $upnp_config = $config['installedpackages']['miniupnpd']['config'][0]; + + $config_text = "ext_ifname=".get_real_wan_interface()."\n"; + $config_text .= "port=2189\n"; + + $ifaces_active = ''; + + /* since config is written before this file invoked we don't need to read post data */ + if($upnp_config['enable'] && $upnp_config['iface_array']) + $iface_array = explode(',', $upnp_config['iface_array']); + + if($iface_array) { + foreach($iface_array as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + /* above function returns iface if fail */ + if($if!=$iface) { + $addr = find_interface_ip($if); + /* non enabled interfaces are displayed in list on miniupnpd settings page */ + /* check that the interface has an ip address before adding parameters */ + if($addr) { + $config_text .= "listening_ip={$addr}\n"; + if(!$ifaces_active) { + $webgui_ip = $addr; + $ifaces_active = $iface; + } else { + $ifaces_active .= ", {$iface}"; + } + } else { + upnp_warn("Interface {$iface} has no ip address, ignoring"); + } + } else { + upnp_warn("Could not resolve real interface for {$iface}"); + } + } + + if($ifaces_active) { + /* override wan ip address, common for carp, etc */ + if($upnp_config['overridewanip']) + $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; + + /* if shaper connection speed defined use those values */ + if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { + $download = $config['ezshaper']['step2']['download']*1000; + $upload = $config['ezshaper']['step2']['upload']*1000; + } else { + $download = $upnp_config['download']*1000; + $upload = $upnp_config['upload']*1000; + } + + /* set upload and download bitrates */ + if($download && $upload) { + $config_text .= "bitrate_down={$download}\n"; + $config_text .= "bitrate_up={$upload}\n"; + } + + /* enable logging of packets handled by miniupnpd rules */ + if($upnp_config['logpackets']) + $config_text .= "packet_log=yes\n"; + + /* enable system uptime instead of miniupnpd uptime */ + if($upnp_config['sysuptime']) + $config_text .= "system_uptime=yes\n"; + + /* set webgui url */ + if($config['system']['webgui']['protocol']) { + $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; + if($config['system']['webgui']['port']) + $config_text .= ":{$config['system']['webgui']['port']}"; + $config_text .= "/\n"; + } + + /* set uuid and serial */ + $config_text .= "uuid=".upnp_uuid()."\n"; + $config_text .= "serial=".strtoupper(substr(upnp_uuid(),0,8))."\n"; + + /* set model number */ + $config_text .= "model_number=".exec("/bin/cat /etc/version")."\n"; + + /* upnp access restrictions */ + for($i=1; $i<=4; $i++) { + if($upnp_config["permuser{$i}"]) + $config_text .= "{$upnp_config["permuser{$i}"]}\n"; + } + + if($upnp_config['permdefault']) + $config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n"; + + /* generate rc file start and stop */ + $stop = <<<EOD +if [ `pgrep miniupnpd | wc -l` != 0 ]; then + /usr/bin/killall miniupnpd + while [ `pgrep miniupnpd | wc -l` != 0 ]; do + sleep 1 + done + fi + # Clear existing rules and rdr entries + if [ `pfctl -aminiupnpd -sr | wc -l` != 0 ]; then + /sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null + fi + if [ `pfctl -aminiupnpd -sn | wc -l` != 0 ]; then + /sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null + fi +EOD; + $start = $stop."\n\t/usr/local/sbin/miniupnpd -f ".UPNP_CONFIG; + + /* write out the configuration */ + conf_mount_rw(); + upnp_write_config(UPNP_CONFIG, $config_text); + write_rcfile(array( + 'file' => 'miniupnpd.sh', + 'start' => $start, + 'stop' => $stop + ) + ); + conf_mount_ro(); + + /* if miniupnpd not running start it */ + if(!upnp_running()) { + upnp_notice("Starting service on interface: {$ifaces_active}"); + upnp_action('start'); + } + /* or restart miniupnpd if settings were changed */ + elseif($_POST['iface_array']) { + upnp_notice("Restarting service on interface: {$ifaces_active}"); + upnp_action('restart'); + } + } + } + + if(!$iface_array || !$ifaces_active) { + /* no parameters user does not want miniupnpd running */ + /* lets stop the service and remove the rc file */ + + if(file_exists(UPNP_RCFILE)) { + if(!$upnp_config['enable']) + upnp_notice('Stopping service: miniupnpd disabled'); + else + upnp_notice('Stopping service: no interfaces selected'); + + upnp_action('stop'); + + conf_mount_rw(); + unlink(UPNP_RCFILE); + unlink(UPNP_CONFIG); + conf_mount_ro(); + } + } + + config_unlock(); + } + +} + +?>
\ No newline at end of file diff --git a/config/miniupnpd/miniupnpd.xml b/config/miniupnpd/miniupnpd.xml new file mode 100644 index 00000000..53d70851 --- /dev/null +++ b/config/miniupnpd/miniupnpd.xml @@ -0,0 +1,182 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>miniupnpd</name> + <version>20070927</version> + <title>Services: MiniUPnPd</title> + <savetext>Change</savetext> + <aftersaveredirect>/status_upnp.php</aftersaveredirect> + <include_file>/usr/local/pkg/miniupnpd.inc</include_file> + <menu> + <name>MiniUPnPd</name> + <tooltiptext>Set miniupnpd settings such as interfaces to listen on.</tooltiptext> + <section>Services</section> + <url>/status_upnp.php</url> + </menu> + <service> + <name>miniupnpd</name> + <rcfile>miniupnpd.sh</rcfile> + <executable>miniupnpd</executable> + </service> + <tabs> + <tab> + <text>UPnP Status</text> + <url>/status_upnp.php</url> + </tab> + <tab> + <text>MiniUPnPd Settings</text> + <url>/pkg_edit.php?xml=miniupnpd.xml&id=0</url> + <active/> + </tab> + </tabs> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/sbin/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/miniupnpd/sbin/miniupnpd</item> + </additional_files_needed> + <fields> + <field> + <fielddescr>Enable MiniUPnPd</fielddescr> + <fieldname>enable</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>Interfaces (generally LAN)</fielddescr> + <fieldname>iface_array</fieldname> + <description>You can use the CTRL or COMMAND key to select multiple interfaces.</description> + <type>interfaces_selection</type> + <size>3</size> + <required/> + <value>lan</value> + <multiple>true</multiple> + </field> + <field> + <fielddescr>Maximum Download Speed (Kbits/second)</fielddescr> + <fieldname>download</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Maximum Upload Speed (Kbits/second)</fielddescr> + <fieldname>upload</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Override WAN address</fielddescr> + <fieldname>overridewanip</fieldname> + <type>input</type> + </field> + <field> + <fielddescr>Log packets handled by miniupnpd rules?</fielddescr> + <fieldname>logpackets</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>Use system uptime instead of miniupnpd uptime?</fielddescr> + <fieldname>sysuptime</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>By default deny access to miniupnpd?</fielddescr> + <fieldname>permdefault</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>User specified permissions 1</fielddescr> + <fieldname>permuser1</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range] + <br />Example: allow 1024-65535 192.168.0.0/24 1024-65535</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified permissions 2</fielddescr> + <fieldname>permuser2</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified permissions 3</fielddescr> + <fieldname>permuser3</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified permissions 4</fielddescr> + <fieldname>permuser4</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + </fields> + <custom_php_command_before_form> + before_form_miniupnpd(&$pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + validate_form_miniupnpd($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_miniupnpd(); + </custom_php_resync_config_command> + <custom_php_install_command> + sync_package_miniupnpd(); + </custom_php_install_command> + <custom_php_deinstall_command> + exec("rm -f /usr/local/etc/rc.d/miniupnpd*"); + </custom_php_deinstall_command> +</packagegui> diff --git a/config/miniupnpd/sbin/miniupnpd b/config/miniupnpd/sbin/miniupnpd Binary files differnew file mode 100755 index 00000000..cb2f107d --- /dev/null +++ b/config/miniupnpd/sbin/miniupnpd diff --git a/config/miniupnpd/status_upnp.php b/config/miniupnpd/status_upnp.php new file mode 100644 index 00000000..87e2294d --- /dev/null +++ b/config/miniupnpd/status_upnp.php @@ -0,0 +1,120 @@ +<?php +/* $Id$ */ +/* + status_upnp.php + part of pfSense (http://www.pfsense.com/) + + Copyright (C) 2006 Seth Mos <seth.mos@xs4all.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +/* Defaults to this page but if no settings are present, redirect to setup page */ +if(!$config['installedpackages']['miniupnpd']['config'][0]['iface_array'] || + !$config['installedpackages']['miniupnpd']['config'][0]['enable']) + Header("Location: /pkg_edit.php?xml=miniupnpd.xml&id=0"); + +if ($_POST) { + if ($_POST['clear'] == "Clear") { + mwexec("/bin/sh /usr/local/etc/rc.d/miniupnpd.sh restart"); + $savemsg = "Rules have been cleared and the daemon restarted"; + } +} + +$rdr_entries = array(); +exec("/sbin/pfctl -aminiupnpd -sn", $rdr_entries, $pf_ret); + +$now = time(); +$year = date("Y"); + +$pgtitle = "Status: UPnP Status"; +include("head.inc"); +/* put your custom HTML head content here */ +/* using some of the $pfSenseHead function calls */ +//$pfSenseHead->addMeta("<meta http-equiv=\"refresh\" content=\"120;url={$_SERVER['SCRIPT_NAME']}\" />"); +//echo $pfSenseHead->getHTML(); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></font></p> +<?php if ($savemsg) print_info_box($savemsg); ?> + +<div id="mainlevel"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("UPnP Status "), true, "/status_upnp.php"); + $tab_array[] = array(gettext("MiniUPnPd Settings "), false, "/pkg_edit.php?xml=miniupnpd.xml&id=0"); + display_top_tabs($tab_array); +?> +</table> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont" > + <form action="status_upnp.php" method="post"> + <b><input type="submit" name="clear" id="clear" value="Clear" /></b> + </form> + </td> + </tr> + <tr> + <td class="tabcont" > + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="10%" class="listhdrr"><?=gettext("Port")?></td> + <td width="10%" class="listhdrr"><?=gettext("Protocol")?></td> + <td width="20%" class="listhdrr"><?=gettext("Internal IP")?></td> + <td width="60%" class="listhdr"><?=gettext("Description")?></td> + </tr> + <?php $i = 0; foreach ($rdr_entries as $rdr_entry) { + if (preg_match("/on (.*) inet proto (.*) from any to any port = (.*) label \"(.*)\" -> (.*) port (.*)/", $rdr_entry, $matches)) + $rdr_proto = $matches[2]; + $rdr_port = $matches[3]; + $rdr_ip = $matches[5]; + $rdr_label =$matches[4]; + ?> + <tr> + <td class="listlr"> + <?php print $rdr_port;?> + </td> + <td class="listlr"> + <?php print $rdr_proto;?> + </td> + <td class="listlr"> + <?php print $rdr_ip;?> + </td> + <td class="listlr"> + <?php print $rdr_label;?> + </td> + </tr> + <?php $i++; }?> + </table> + </td> + </tr> +</table> +</div> +<?php include("fend.inc"); ?> +</body> +</html> |