aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorRyan Wagoner <rsw686@pfsense.org>2007-01-29 19:24:44 +0000
committerRyan Wagoner <rsw686@pfsense.org>2007-01-29 19:24:44 +0000
commit992c9b0aaabf513dc5b0efc1be6714d2d03f9c60 (patch)
tree7d44f31ff1b4459c559025f18cd78e6f0bec145d /packages
parent315a89a80f4d3d546beb3af66b106f01fc761fc9 (diff)
downloadpfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.tar.gz
pfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.tar.bz2
pfsense-packages-992c9b0aaabf513dc5b0efc1be6714d2d03f9c60.zip
miniupnpd version bump 20070127 which fixes my network places bug and adds support for access restrictions
Diffstat (limited to 'packages')
-rw-r--r--packages/miniupnpd/miniupnpd.inc218
-rw-r--r--packages/miniupnpd/miniupnpd.xml44
-rwxr-xr-xpackages/miniupnpd/sbin/miniupnpdbin47796 -> 51744 bytes
3 files changed, 185 insertions, 77 deletions
diff --git a/packages/miniupnpd/miniupnpd.inc b/packages/miniupnpd/miniupnpd.inc
index c3cc4cff..631b646a 100644
--- a/packages/miniupnpd/miniupnpd.inc
+++ b/packages/miniupnpd/miniupnpd.inc
@@ -4,9 +4,24 @@
/* MiniUPnPd */
- function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: $msg"); return; }
- function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: $msg"); return; }
-
+ define('UPNP_RCFILE', '/usr/local/etc/rc.d/miniupnpd.sh');
+ define('UPNP_CONFIG','/usr/local/etc/miniupnpd.conf');
+
+ function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); return; }
+ function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); return; }
+
+ function upnp_action ($action) {
+ if (file_exists(UPNP_RCFILE))
+ mwexec(UPNP_RCFILE.' '.$action);
+ }
+
+ function upnp_running () {
+ if((int)exec("pgrep miniupnpd | wc -l") > 0)
+ return true;
+ else
+ return false;
+ }
+
function upnp_config ($name) {
global $config;
if($config['installedpackages']['miniupnpd']['config'][0]["{$name}"])
@@ -15,18 +30,48 @@
return NULL;
}
- function upnp_validate_ip($ip) {
- if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip))
- return FALSE;
- foreach(explode(".", $ip) as $sub)
- if($sub<0 || $sub>256)
- return FALSE;
- return TRUE;
+ function upnp_write_config($conf_file, $conf_text) {
+ $conf = fopen($conf_file, "w");
+ if(!$conf) {
+ upnp_warn("Could not open {$conf_file} for writing.");
+ exit;
+ }
+ fwrite($conf, $conf_text);
+ fclose($conf);
+ }
+
+ function upnp_validate_ip($ip,$check_cdir) {
+ /* validate cdir */
+ if($check_cdir) {
+ $ip_array = explode("/",$ip);
+ if(count($ip_array) == 2) {
+ if($ip_array[1] < 1 || $ip_array[1] > 32)
+ return false;
+ } else
+ if(count($ip_array) != 1)
+ return false;
+ } else
+ $ip_array[] = $ip;
+
+ /* validate ip */
+ if(!eregi("^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$", $ip_array[0]))
+ return false;
+ foreach(explode(".", $ip_array[0]) as $sub)
+ if($sub < 0 || $sub > 256)
+ return false;
+ return true;
}
-
+
+ function upnp_validate_port($port) {
+ foreach(explode("-", $port) as $sub)
+ if($sub < 0 || $sub > 65535)
+ return false;
+ return true;
+ }
+
function before_form_miniupnpd($pkg) {
global $config;
-
+
config_lock();
/* if shaper connection speed defined hide fields */
@@ -47,29 +92,52 @@
foreach($post['iface_array'] as $iface)
if($iface == "wan")
$input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field';
- if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip']))
+ if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false))
$input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field';
if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download']))
$input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields';
- if($post['download'] && $post['download']<=0)
+ if($post['download'] && $post['download'] <= 0)
$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field';
- if($post['upload'] && $post['upload']<=0)
+ if($post['upload'] && $post['upload'] <= 0)
$input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field';
+
+ /* user permissions validation */
+ for($i=1; $i<=4; $i++) {
+ if($post["permuser{$i}"]) {
+ $perm = explode(' ',$post["permuser{$i}"]);
+ /* should explode to 4 args */
+ if(count($perm) != 4) {
+ $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field";
+ } else {
+ /* must with allow or deny */
+ if(!($perm[0] == 'allow' || $perm[0] == 'deny'))
+ $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field";
+ /* verify port or port range */
+ if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3]))
+ $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified
+ permissions {$i}' field";
+ /* verify ip address */
+ if(!upnp_validate_ip($perm[2],true))
+ $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field";
+ }
+ }
+ }
}
function sync_package_miniupnpd() {
global $config;
global $input_errors;
- $ifaces_final = "";
- $wanif = get_real_wan_interface();
- config_lock();
+ config_lock();
+
+ $configtext = "ext_ifname=".get_real_wan_interface()."\n";
+ $configtext .= "port=2189\n";
- /* since config is written before this file invoked we don't need to read post data */
- if(upnp_config("enable") && upnp_config("iface_array"))
- $iface_array = explode(",",upnp_config("iface_array"));
+ /* since config is written before this file invoked we don't need to read post data */
+ if(upnp_config('enable') && upnp_config('iface_array'))
+ $iface_array = explode(',',upnp_config('iface_array'));
- if($iface_array) {
+ if($iface_array) {
foreach($iface_array as $iface) {
$if = convert_friendly_interface_to_real_interface_name($iface);
/* above function returns iface if fail */
@@ -78,9 +146,9 @@
/* non enabled interfaces are displayed in list on miniupnpd settings page */
/* check that the interface has an ip address before adding parameters */
if($addr) {
- $ifaces_final .= " -a {$addr}";
+ $configtext .= "listening_ip={$addr}\n";
if(!$ifaces_active)
- $ifaces_active = "{$iface}";
+ $ifaces_active = $iface;
else
$ifaces_active .= ", {$iface}";
} else {
@@ -91,28 +159,50 @@
}
}
- if($ifaces_final) {
- $overridewanip = upnp_config("overridewanip");
- $logpackets = upnp_config("logpackets");
- $sysuptime = upnp_config("sysuptime");
-
+ if($ifaces_active) {
+ /* override wan ip address, common for carp, etc */
+ if(upnp_config('overridewanip'))
+ $configtext .= "ext_ip=".upnp_config('overridewanip')."\n";
+
/* if shaper connection speed defined use those values */
if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) {
$download = $config['ezshaper']['step2']['download']*1000;
$upload = $config['ezshaper']['step2']['upload']*1000;
} else {
- $download = upnp_config("download")*1000;
- $upload = upnp_config("upload")*1000;
- }
-
- /* valid paramters lets create rc file and start miniupnpd */
-
+ $download = upnp_config('download')*1000;
+ $upload = upnp_config('upload')*1000;
+ }
+
+ /* set upload and download bitrates */
+ if($download && $upload) {
+ $configtext .= "bitrate_down={$download}\n";
+ $configtext .= "bitrate_up={$upload}\n";
+ }
+
+ /* enable logging of packets handled by miniupnpd rules */
+ if(upnp_config('logpackets'))
+ $configtext .= "packet_log=yes\n";
+
+ /* enable system uptime instead of miniupnpd uptime */
+ if(upnp_config('sysuptime'))
+ $configtext .= "system_uptime=yes\n";
+
+ /* upnp access restrictions */
+ for($i=1; $i<=4; $i++) {
+ if(upnp_config("permuser{$i}"))
+ $configtext .= upnp_config("permuser{$i}")."\n";
+ }
+
+ if(upnp_config('permdefault'))
+ $configtext .= "deny 0-65535 0.0.0.0/0 0-65535\n";
+
+ /* generate rc file start and stop */
$stop = <<<EOD
if [ `pgrep miniupnpd | wc -l` != 0 ]; then
/usr/bin/killall miniupnpd
while [ `pgrep miniupnpd | wc -l` != 0 ]; do
sleep 1
- done
+ done
fi
# Clear existing rules and rdr entries
if [ `pfctl -aminiupnpd -sr | wc -l` != 0 ]; then
@@ -122,67 +212,51 @@ if [ `pgrep miniupnpd | wc -l` != 0 ]; then
/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null
fi
EOD;
-
- $start = $stop."\n\t/usr/local/sbin/miniupnpd -p 2869 -i {$wanif}{$ifaces_final}";
-
- /* define maximum downstream and upstream bitrates */
- if($download && $upload)
- $start .= " -B {$download} {$upload}";
+ $start = $stop."\n\t/usr/local/sbin/miniupnpd -f ".UPNP_CONFIG;
- /* override wan ip address, common for carp, etc */
- if($overridewanip)
- $start .= " -o {$overridewanip}";
-
- /* enable logging of packets handled by miniupnpd rules */
- if($logpackets)
- $start .= " -L";
-
- /* enable system uptime instead of miniupnpd uptime */
- if($sysuptime)
- $start .= " -U";
-
+ /* write out the configuration */
conf_mount_rw();
-
+ upnp_write_config(UPNP_CONFIG,$configtext);
write_rcfile(array(
- "file" => "miniupnpd.sh",
- "start" => $start,
- "stop" => $stop
+ 'file' => 'miniupnpd.sh',
+ 'start' => $start,
+ 'stop' => $stop
)
);
-
conf_mount_ro();
/* if miniupnpd not running start it */
- if(!is_service_running("miniupnpd")) {
+ if(!upnpd_running) {
upnp_notice("Starting service on interface: {$ifaces_active}");
- start_service("miniupnpd");
+ upnp_action('start');
}
/* or restart miniupnpd if settings were changed */
elseif($_POST['iface_array']) {
upnp_notice("Restarting service on interface: {$ifaces_active}");
- restart_service("miniupnpd");
+ upnp_action('restart');
}
- }
+ }
}
- if(!$iface_array || !$ifaces_final) {
+ if(!$iface_array || !$ifaces_active) {
/* no parameters user does not want miniupnpd running */
/* lets stop the service and remove the rc file */
-
- if(file_exists("/usr/local/etc/rc.d/miniupnpd.sh")) {
- if(!upnp_config("enable"))
- upnp_notice("Stopping service, miniupnpd disabled");
+
+ if(file_exists(UPNP_RCFILE)) {
+ if(!upnp_config('enable'))
+ upnp_notice('Stopping service: miniupnpd disabled');
else
- upnp_notice("Stopping service, no interfaces selected");
+ upnp_notice('Stopping service: no interfaces selected');
- stop_service("miniupnpd");
+ upnp_action('stop');
conf_mount_rw();
- unlink("/usr/local/etc/rc.d/miniupnpd.sh");
+ unlink(UPNP_RCFILE);
+ unlink(UPNP_CONFIG);
conf_mount_ro();
}
}
-
+
config_unlock();
}
?>
diff --git a/packages/miniupnpd/miniupnpd.xml b/packages/miniupnpd/miniupnpd.xml
index c1d41bbc..ac03d03e 100644
--- a/packages/miniupnpd/miniupnpd.xml
+++ b/packages/miniupnpd/miniupnpd.xml
@@ -2,7 +2,7 @@
<packagegui>
<title>Services: MiniUPnPd</title>
<name>miniupnpd</name>
- <version>20070112</version>
+ <version>20070127</version>
<savetext>Change</savetext>
<include_file>/usr/local/pkg/miniupnpd.inc</include_file>
<aftersaveredirect>status_upnp.php</aftersaveredirect>
@@ -62,12 +62,12 @@
<fielddescr>Maximum Download Speed (Kbits/second)</fielddescr>
<fieldname>download</fieldname>
<type>input</type>
- </field>
+ </field>
<field>
<fielddescr>Maximum Upload Speed (Kbits/second)</fielddescr>
<fieldname>upload</fieldname>
<type>input</type>
- </field>
+ </field>
<field>
<fielddescr>Override WAN address</fielddescr>
<fieldname>overridewanip</fieldname>
@@ -77,11 +77,45 @@
<fielddescr>Log packets handled by miniupnpd rules?</fielddescr>
<fieldname>logpackets</fieldname>
<type>checkbox</type>
- </field>
+ </field>
<field>
<fielddescr>Use system uptime instead of miniupnpd uptime?</fielddescr>
<fieldname>sysuptime</fieldname>
<type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>By default deny access to miniupnpd?</fielddescr>
+ <fieldname>permdefault</fieldname>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 1</fielddescr>
+ <fieldname>permuser1</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]
+ &lt;br /&gt;Example: allow 1024-65535 192.168.0.0/24 1024-65535</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 2</fielddescr>
+ <fieldname>permuser2</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 3</fielddescr>
+ <fieldname>permuser3</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>User specified persmissions 4</fielddescr>
+ <fieldname>permuser4</fieldname>
+ <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/cdir] [int port or range]</description>
+ <type>input</type>
+ <size>60</size>
</field>
</fields>
<custom_php_command_before_form>
@@ -92,7 +126,7 @@
</custom_php_validation_command>
<custom_php_resync_config_command>
sync_package_miniupnpd();
- </custom_php_resync_config_command>
+ </custom_php_resync_config_command>
<custom_php_install_command>
sync_package_miniupnpd();
</custom_php_install_command>
diff --git a/packages/miniupnpd/sbin/miniupnpd b/packages/miniupnpd/sbin/miniupnpd
index f634c605..1332bd25 100755
--- a/packages/miniupnpd/sbin/miniupnpd
+++ b/packages/miniupnpd/sbin/miniupnpd
Binary files differ