diff options
author | Ryan Wagoner <rsw686@pfsense.org> | 2007-01-29 19:24:44 +0000 |
---|---|---|
committer | Ryan Wagoner <rsw686@pfsense.org> | 2007-01-29 19:24:44 +0000 |
commit | 992c9b0aaabf513dc5b0efc1be6714d2d03f9c60 (patch) | |
tree | 7d44f31ff1b4459c559025f18cd78e6f0bec145d /packages/miniupnpd | |
parent | 315a89a80f4d3d546beb3af66b106f01fc761fc9 (diff) | |
download | pfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.tar.gz pfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.tar.bz2 pfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.zip |
miniupnpd version bump 20070127 which fixes my network places bug and adds support for access restrictions
Diffstat (limited to 'packages/miniupnpd')
-rw-r--r-- | packages/miniupnpd/miniupnpd.inc | 218 | ||||
-rw-r--r-- | packages/miniupnpd/miniupnpd.xml | 44 | ||||
-rwxr-xr-x | packages/miniupnpd/sbin/miniupnpd | bin | 47796 -> 51744 bytes |
3 files changed, 185 insertions, 77 deletions
diff --git a/packages/miniupnpd/miniupnpd.inc b/packages/miniupnpd/miniupnpd.inc index c3cc4cff..631b646a 100644 --- a/packages/miniupnpd/miniupnpd.inc +++ b/packages/miniupnpd/miniupnpd.inc @@ -4,9 +4,24 @@ /* MiniUPnPd */ - function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: $msg"); return; } - function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: $msg"); return; } - + define('UPNP_RCFILE', '/usr/local/etc/rc.d/miniupnpd.sh'); + define('UPNP_CONFIG','/usr/local/etc/miniupnpd.conf'); + + function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); return; } + function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); return; } + + function upnp_action ($action) { + if (file_exists(UPNP_RCFILE)) + mwexec(UPNP_RCFILE.' '.$action); + } + + function upnp_running () { + if((int)exec("pgrep miniupnpd | wc -l") > 0) + return true; + else + return false; + } + function upnp_config ($name) { global $config; if($config['installedpackages']['miniupnpd']['config'][0]["{$name}"]) @@ -15,18 +30,48 @@ return NULL; } - function upnp_validate_ip($ip) { - if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip)) - return FALSE; - foreach(explode(".", $ip) as $sub) - if($sub<0 || $sub>256) - return FALSE; - return TRUE; + function upnp_write_config($conf_file, $conf_text) { + $conf = fopen($conf_file, "w"); + if(!$conf) { + upnp_warn("Could not open {$conf_file} for writing."); + exit; + } + fwrite($conf, $conf_text); + fclose($conf); + } + + function upnp_validate_ip($ip,$check_cdir) { + /* validate cdir */ + if($check_cdir) { + $ip_array = explode("/",$ip); + if(count($ip_array) == 2) { + if($ip_array[1] < 1 || $ip_array[1] > 32) + return false; + } else + if(count($ip_array) != 1) + return false; + } else + $ip_array[] = $ip; + + /* validate ip */ + if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip_array[0])) + return false; + foreach(explode(".", $ip_array[0]) as $sub) + if($sub < 0 || $sub > 256) + return false; + return true; } - + + function upnp_validate_port($port) { + foreach(explode("-", $port) as $sub) + if($sub < 0 || $sub > 65535) + return false; + return true; + } + function before_form_miniupnpd($pkg) { global $config; - + config_lock(); /* if shaper connection speed defined hide fields */ @@ -47,29 +92,52 @@ foreach($post['iface_array'] as $iface) if($iface == "wan") $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; - if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'])) + if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false)) $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; - if($post['download'] && $post['download']<=0) + if($post['download'] && $post['download'] <= 0) $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; - if($post['upload'] && $post['upload']<=0) + if($post['upload'] && $post['upload'] <= 0) $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; + + /* user permissions validation */ + for($i=1; $i<=4; $i++) { + if($post["permuser{$i}"]) { + $perm = explode(' ',$post["permuser{$i}"]); + /* should explode to 4 args */ + if(count($perm) != 4) { + $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; + } else { + /* must with allow or deny */ + if(!($perm[0] == 'allow' || $perm[0] == 'deny')) + $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; + /* verify port or port range */ + if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) + $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified + permissions {$i}' field"; + /* verify ip address */ + if(!upnp_validate_ip($perm[2],true)) + $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; + } + } + } } function sync_package_miniupnpd() { global $config; global $input_errors; - $ifaces_final = ""; - $wanif = get_real_wan_interface(); - config_lock(); + config_lock(); + + $configtext = "ext_ifname=".get_real_wan_interface()."\n"; + $configtext .= "port=2189\n"; - /* since config is written before this file invoked we don't need to read post data */ - if(upnp_config("enable") && upnp_config("iface_array")) - $iface_array = explode(",",upnp_config("iface_array")); + /* since config is written before this file invoked we don't need to read post data */ + if(upnp_config('enable') && upnp_config('iface_array')) + $iface_array = explode(',',upnp_config('iface_array')); - if($iface_array) { + if($iface_array) { foreach($iface_array as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ @@ -78,9 +146,9 @@ /* non enabled interfaces are displayed in list on miniupnpd settings page */ /* check that the interface has an ip address before adding parameters */ if($addr) { - $ifaces_final .= " -a {$addr}"; + $configtext .= "listening_ip={$addr}\n"; if(!$ifaces_active) - $ifaces_active = "{$iface}"; + $ifaces_active = $iface; else $ifaces_active .= ", {$iface}"; } else { @@ -91,28 +159,50 @@ } } - if($ifaces_final) { - $overridewanip = upnp_config("overridewanip"); - $logpackets = upnp_config("logpackets"); - $sysuptime = upnp_config("sysuptime"); - + if($ifaces_active) { + /* override wan ip address, common for carp, etc */ + if(upnp_config('overridewanip')) + $configtext .= "ext_ip=".upnp_config('overridewanip')."\n"; + /* if shaper connection speed defined use those values */ if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { $download = $config['ezshaper']['step2']['download']*1000; $upload = $config['ezshaper']['step2']['upload']*1000; } else { - $download = upnp_config("download")*1000; - $upload = upnp_config("upload")*1000; - } - - /* valid paramters lets create rc file and start miniupnpd */ - + $download = upnp_config('download')*1000; + $upload = upnp_config('upload')*1000; + } + + /* set upload and download bitrates */ + if($download && $upload) { + $configtext .= "bitrate_down={$download}\n"; + $configtext .= "bitrate_up={$upload}\n"; + } + + /* enable logging of packets handled by miniupnpd rules */ + if(upnp_config('logpackets')) + $configtext .= "packet_log=yes\n"; + + /* enable system uptime instead of miniupnpd uptime */ + if(upnp_config('sysuptime')) + $configtext .= "system_uptime=yes\n"; + + /* upnp access restrictions */ + for($i=1; $i<=4; $i++) { + if(upnp_config("permuser{$i}")) + $configtext .= upnp_config("permuser{$i}")."\n"; + } + + if(upnp_config('permdefault')) + $configtext .= "deny 0-65535 0.0.0.0/0 0-65535\n"; + + /* generate rc file start and stop */ $stop = <<<EOD if [ `pgrep miniupnpd | wc -l` != 0 ]; then /usr/bin/killall miniupnpd while [ `pgrep miniupnpd | wc -l` != 0 ]; do sleep 1 - done + done fi # Clear existing rules and rdr entries if [ `pfctl -aminiupnpd -sr | wc -l` != 0 ]; then @@ -122,67 +212,51 @@ if [ `pgrep miniupnpd | wc -l` != 0 ]; then /sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null fi EOD; - - $start = $stop."\n\t/usr/local/sbin/miniupnpd -p 2869 -i {$wanif}{$ifaces_final}"; - - /* define maximum downstream and upstream bitrates */ - if($download && $upload) - $start .= " -B {$download} {$upload}"; + $start = $stop."\n\t/usr/local/sbin/miniupnpd -f ".UPNP_CONFIG; - /* override wan ip address, common for carp, etc */ - if($overridewanip) - $start .= " -o {$overridewanip}"; - - /* enable logging of packets handled by miniupnpd rules */ - if($logpackets) - $start .= " -L"; - - /* enable system uptime instead of miniupnpd uptime */ - if($sysuptime) - $start .= " -U"; - + /* write out the configuration */ conf_mount_rw(); - + upnp_write_config(UPNP_CONFIG,$configtext); write_rcfile(array( - "file" => "miniupnpd.sh", - "start" => $start, - "stop" => $stop + 'file' => 'miniupnpd.sh', + 'start' => $start, + 'stop' => $stop ) ); - conf_mount_ro(); /* if miniupnpd not running start it */ - if(!is_service_running("miniupnpd")) { + if(!upnpd_running) { upnp_notice("Starting service on interface: {$ifaces_active}"); - start_service("miniupnpd"); + upnp_action('start'); } /* or restart miniupnpd if settings were changed */ elseif($_POST['iface_array']) { upnp_notice("Restarting service on interface: {$ifaces_active}"); - restart_service("miniupnpd"); + upnp_action('restart'); } - } + } } - if(!$iface_array || !$ifaces_final) { + if(!$iface_array || !$ifaces_active) { /* no parameters user does not want miniupnpd running */ /* lets stop the service and remove the rc file */ - - if(file_exists("/usr/local/etc/rc.d/miniupnpd.sh")) { - if(!upnp_config("enable")) - upnp_notice("Stopping service, miniupnpd disabled"); + + if(file_exists(UPNP_RCFILE)) { + if(!upnp_config('enable')) + upnp_notice('Stopping service: miniupnpd disabled'); else - upnp_notice("Stopping service, no interfaces selected"); + upnp_notice('Stopping service: no interfaces selected'); - stop_service("miniupnpd"); + upnp_action('stop'); conf_mount_rw(); - unlink("/usr/local/etc/rc.d/miniupnpd.sh"); + unlink(UPNP_RCFILE); + unlink(UPNP_CONFIG); conf_mount_ro(); } } - + config_unlock(); } ?> diff --git a/packages/miniupnpd/miniupnpd.xml b/packages/miniupnpd/miniupnpd.xml index c1d41bbc..ac03d03e 100644 --- a/packages/miniupnpd/miniupnpd.xml +++ b/packages/miniupnpd/miniupnpd.xml @@ -2,7 +2,7 @@ <packagegui> <title>Services: MiniUPnPd</title> <name>miniupnpd</name> - <version>20070112</version> + <version>20070127</version> <savetext>Change</savetext> <include_file>/usr/local/pkg/miniupnpd.inc</include_file> <aftersaveredirect>status_upnp.php</aftersaveredirect> @@ -62,12 +62,12 @@ <fielddescr>Maximum Download Speed (Kbits/second)</fielddescr> <fieldname>download</fieldname> <type>input</type> - </field> + </field> <field> <fielddescr>Maximum Upload Speed (Kbits/second)</fielddescr> <fieldname>upload</fieldname> <type>input</type> - </field> + </field> <field> <fielddescr>Override WAN address</fielddescr> <fieldname>overridewanip</fieldname> @@ -77,11 +77,45 @@ <fielddescr>Log packets handled by miniupnpd rules?</fielddescr> <fieldname>logpackets</fieldname> <type>checkbox</type> - </field> + </field> <field> <fielddescr>Use system uptime instead of miniupnpd uptime?</fielddescr> <fieldname>sysuptime</fieldname> <type>checkbox</type> + </field> + <field> + <fielddescr>By default deny access to miniupnpd?</fielddescr> + <fieldname>permdefault</fieldname> + <type>checkbox</type> + </field> + <field> + <fielddescr>User specified persmissions 1</fielddescr> + <fieldname>permuser1</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range] + <br />Example: allow 1024-65535 192.168.0.0/24 1024-65535</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 2</fielddescr> + <fieldname>permuser2</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 3</fielddescr> + <fieldname>permuser3</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>User specified persmissions 4</fielddescr> + <fieldname>permuser4</fieldname> + <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description> + <type>input</type> + <size>60</size> </field> </fields> <custom_php_command_before_form> @@ -92,7 +126,7 @@ </custom_php_validation_command> <custom_php_resync_config_command> sync_package_miniupnpd(); - </custom_php_resync_config_command> + </custom_php_resync_config_command> <custom_php_install_command> sync_package_miniupnpd(); </custom_php_install_command> diff --git a/packages/miniupnpd/sbin/miniupnpd b/packages/miniupnpd/sbin/miniupnpd Binary files differindex f634c605..1332bd25 100755 --- a/packages/miniupnpd/sbin/miniupnpd +++ b/packages/miniupnpd/sbin/miniupnpd |