[ previous ] [ next ] [ threads ]
 
 From:  Matt Juszczak <matt at atopia dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Authentication Log Patch & Incorrect Title Fix
 Date:  Tue, 12 Oct 2004 00:22:33 -0400 (EDT)
In m0n0wall-1.1, I created a custom patch that added a radius 
authentication log.  I have not upgraded to 1.2b1, but downloaded the 
source for it and ran my diff based on that source tree ... with no 
errors.

Therefore, the attached .patch file should work with 1.2b1 for those of 
you who asked me in email for a copy of the patch.

Also, the .patch file fixes a title error in diag_logs_dhcp.php in which 
the <title></title> has been "System Logs" instead of "DHCP Logs".  Not a 
biggie, but help where I can.

Here's a couple warnings:

1)  I dont know anything about diff & patch.  This is my first attempt.  I 
probably did it wrong.

2)  Someone please check my code :)

If someone could test this patch on a DEVELOPMENT version of 1.2b1 and let 
me know if it works that would be great.  I'm going to be moving our 
m0n0wall box to 1.2b1 shortly for the https support, as soon as I figure 
out how to use mdconfig in 5.x.  Our upcoming user base will be 2000 
constant users through m0n0wall so I have to make sure its as stable as 
possible.

Thanks,

Matt
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/etc/inc/system.inc
STOCKTON_generic-pc-1.2b1/fs/etc/inc/system.inc
196a197
> local4.*					%/var/log/portalauth.log
198c199
< *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none %/var/log/system.log
---
> *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local4.none;local7.none
%/var/log/system.log
212a214,221
> 		if (isset($syslogcfg['portalauth'])) {
> 			$syslogconf .= <<<EOD
> local4.*					@{$syslogcfg['remoteserver']}
> 
> EOD;
> 
> 		}
> 
222c231
< *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none
@{$syslogcfg['remoteserver']}
---
> *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local4.none;local7.none
@{$syslogcfg['remoteserver']}
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/etc/rc STOCKTON_generic-pc-1.2b1/fs/etc/rc
28c28,29
< chmod 0600 /var/log/system.log /var/log/filter.log /var/log/dhcpd.log
---
> clog -i -s 32768 /var/log/portalauth.log
> chmod 0600 /var/log/system.log /var/log/filter.log /var/log/dhcpd.log /var/log/portalauth.log
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/etc/syslog.conf
STOCKTON_generic-pc-1.2b1/fs/etc/syslog.conf
1a2
> local4.*					%/var/log/portalauth.log
3c4
< *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none	%/var/log/system.log
---
>
*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none;local4.none	%/var/log/system.log
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/etc/version STOCKTON_generic-pc-1.2b1/fs/etc/version
1c1
< 1.2b1
---
> 1.2b1-STOCKTON
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/captiveportal/index.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/captiveportal/index.php
35a36
> require("portal_log.inc") ;
79a81
> 			captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip);
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/captiveportal/portal_log.inc
STOCKTON_generic-pc-1.2b1/fs/usr/local/captiveportal/portal_log.inc
0a1,16
> ***************
> *** 0
> --- 1,13 -----
> + <?PHP
> + 
> + /* log successful captive portal authentication to syslog */
> + /* part of this code from php.net */
> + function captiveportal_logportalauth($user,$mac,$ip) {
> +         define_syslog_variables();
> +         openlog("logportalauth", LOG_PID, LOG_LOCAL4);
> +         // Log it
> +         syslog(LOG_INFO, "Success: $user $mac $ip");
> +         closelog();
> + }
> + 
> + ?>
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/www/diag_logs.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/www/diag_logs.php
78c78
< 	<li class="tabact">System</li>
---
>     <li class="tabact">System</li>
80a81
>     <li class="tabinact"><a href="diag_logs_auth.php">Authentication</a></li>
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/www/diag_logs_auth.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/www/diag_logs_auth.php
0a1,103
> ***************
> *** 0
> --- 1,100 -----
> + #!/usr/local/bin/php
> + <?php 
> + /*
> + 	diag_logs_auth.php
> + 	part of m0n0wall (http://m0n0.ch/wall)
> + 	
> + 	Copyright (C) 2003-2004 Manuel Kasper <mk at neon1 dot net>.
> + 	All rights reserved.
> + 	
> + 	Redistribution and use in source and binary forms, with or without
> + 	modification, are permitted provided that the following conditions are met:
> + 	
> + 	1. Redistributions of source code must retain the above copyright notice,
> + 	   this list of conditions and the following disclaimer.
> + 	
> + 	2. Redistributions in binary form must reproduce the above copyright
> + 	   notice, this list of conditions and the following disclaimer in the
> + 	   documentation and/or other materials provided with the distribution.
> + 	
> + 	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
> + 	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
> + 	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
> + 	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
> + 	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + 	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
> + 	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
> + 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> + 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
> + 	POSSIBILITY OF SUCH DAMAGE.
> + */
> + 
> + require("guiconfig.inc");
> + 
> + $nentries = $config['syslog']['nentries'];
> + if (!$nentries)
> + 	$nentries = 50;
> + 
> + if ($_POST['clear']) {
> + 	exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log");
> + }
> + 
> + function dump_clog($logfile, $tail) {
> + 	global $g, $config;
> + 
> + 	$sor = isset($config['syslog']['reverse']) ? "-r" : "";
> + 
> + 	exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
> + 	
> + 	foreach ($logarr as $logent) {
> + 		echo "<tr valign=\"top\">\n";
> + 		
> + 		?>
> + 		<td class="listr"><?PHP echo $logent; ?></td>
> + 		<?PHP
> + 
> + 		echo "</tr>\n";
> + 	}
> + }
> + 
> + ?>
> + <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> + <html>
> + <head>
> + <title>m0n0wall webGUI - Diagnostics: Captive Portal Authentication Log</title>
> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> + <link href="gui.css" rel="stylesheet" type="text/css">
> + </head>
> + 
> + <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
> + <?php include("fbegin.inc"); ?>
> + <p class="pgtitle">Diagnostics: Captive Portal Authentication Log</p>
> + <table width="100%" border="0" cellpadding="0" cellspacing="0">
> +   <tr><td>
> +   <ul id="tabnav">
> +     <li class="tabinact"><a href="diag_logs.php">System</a></li>
> +     <li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
> +     <li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
> +     <li class="tabact">Authentication</li>
> +     <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
> +   </ul>
> +   </td></tr>
> +   <tr> 
> +     <td class="tabcont">
> + 		<table width="100%" border="0" cellspacing="0" cellpadding="0">
> + 		  <tr> 
> + 			<td colspan="2" class="listtopic"> 
> + 			  Last <?=$nentries;?> Captive Portal Authentication log entries</td>
> + 		  </tr>
> + 		  <?php dump_clog("/var/log/portalauth.log", $nentries); ?>
> + 		</table>
> + 		<br><form action="diag_logs_auth.php" method="post">
> + <input name="clear" type="submit" class="formbtn" value="Clear log">
> + </form>
> + 	</td>
> +   </tr>
> + </table>
> + <?php include("fend.inc"); ?>
> + </body>
> + </html>
> + 
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/www/diag_logs_dhcp.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/www/diag_logs_dhcp.php
67c67
< <title>m0n0wall webGUI - Diagnostics: System logs</title>
---
> <title>m0n0wall webGUI - Diagnostics: DHCP logs</title>
80a81
>     <li class="tabinact"><a href="diag_logs_auth.php">Authentication</a></li>
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/www/diag_logs_filter.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/www/diag_logs_filter.php
135a136
>     <li class="tabinact"><a href="diag_logs_auth.php">Authentication</a></li>
diff -rN -x dev DEVEL_generic-pc-1.2b1/fs/usr/local/www/diag_logs_settings.php
STOCKTON_generic-pc-1.2b1/fs/usr/local/www/diag_logs_settings.php
38a39
> $pconfig['portalauth'] = isset($config['syslog']['portalauth']);
65a67
> 		$config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false;
99a102
> 		document.iform.portalauth.disabled = 0;
103a107
> 		document.iform.portalauth.disabled = 1;
123a128
>     <li class="tabinact"><a href="diag_logs_auth.php">Authentication</a></li>
168c173,174
<                           firewall events<br> <input name="dhcp" id="dhcp" type="checkbox"
value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>>
---
>                           firewall events<br> <input name="portalauth" id="portalauth"
type="checkbox" value="yes" <?php if ($pconfig['portalauth']) echo "checked"; ?>>
>                           Portal Auth Log<br> <input name="dhcp" id="dhcp" type="checkbox"
value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>>