diff options
author | jim-p <jimp@pfsense.org> | 2011-06-19 10:58:06 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-19 10:58:06 -0400 |
commit | 248501cd9d4d4370a95ec1f6f679afa3c26bea52 (patch) | |
tree | 9f43b7981523041e5b4b33d913084c8f41682a42 | |
parent | 3df8786bfd712c2d553b690f75680f1a12129a60 (diff) | |
parent | dd4bded7de6d6654afe2cf203df3136c1bef9515 (diff) | |
download | pfsense-248501cd9d4d4370a95ec1f6f679afa3c26bea52.zip pfsense-248501cd9d4d4370a95ec1f6f679afa3c26bea52.tar.gz |
Merge remote-tracking branch 'upstream/master'
-rw-r--r-- | etc/ca_countries | 245 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 4 | ||||
-rw-r--r-- | etc/inc/system.inc | 37 | ||||
-rwxr-xr-x | usr/local/www/diag_arp.php | 24 | ||||
-rw-r--r-- | usr/local/www/system_advanced_admin.php | 19 | ||||
-rw-r--r-- | usr/local/www/system_camanager.php | 38 | ||||
-rw-r--r-- | usr/local/www/system_certmanager.php | 39 | ||||
-rwxr-xr-x | usr/sbin/pc-sysinstall/backend/functions-extractimage.sh | 70 |
8 files changed, 407 insertions, 69 deletions
diff --git a/etc/ca_countries b/etc/ca_countries new file mode 100644 index 0000000..291711c --- /dev/null +++ b/etc/ca_countries @@ -0,0 +1,245 @@ +US United States of America +CA Canada +AX Aland Islands +AD Andorra +AE United Arab Emirates +AF Afghanistan +AG Antigua and Barbuda +AI Anguilla +AL Albania +AM Armenia +AN Netherlands Antilles +AO Angola +AQ Antarctica +AR Argentina +AS American Samoa +AT Austria +AU Australia +AW Aruba +AZ Azerbaijan +BA Bosnia and Herzegovina +BB Barbados +BD Bangladesh +BE Belgium +BF Burkina Faso +BG Bulgaria +BH Bahrain +BI Burundi +BJ Benin +BM Bermuda +BN Brunei Darussalam +BO Bolivia +BR Brazil +BS Bahamas +BT Bhutan +BV Bouvet Island +BW Botswana +BZ Belize +CA Canada +CC Cocos (Keeling) Islands +CF Central African Republic +CH Switzerland +CI Cote D'Ivoire (Ivory Coast) +CK Cook Islands +CL Chile +CM Cameroon +CN China +CO Colombia +CR Costa Rica +CS Czechoslovakia (former) +CV Cape Verde +CX Christmas Island +CY Cyprus +CZ Czech Republic +DE Germany +DJ Djibouti +DK Denmark +DM Dominica +DO Dominican Republic +DZ Algeria +EC Ecuador +EE Estonia +EG Egypt +EH Western Sahara +ER Eritrea +ES Spain +ET Ethiopia +FI Finland +FJ Fiji +FK Falkland Islands (Malvinas) +FM Micronesia +FO Faroe Islands +FR France +FX France, Metropolitan +GA Gabon +GB Great Britain (UK) +GD Grenada +GE Georgia +GF French Guiana +GG Guernsey +GH Ghana +GI Gibraltar +GL Greenland +GM Gambia +GN Guinea +GP Guadeloupe +GQ Equatorial Guinea +GR Greece +GS S. Georgia and S. Sandwich Isls. +GT Guatemala +GU Guam +GW Guinea-Bissau +GY Guyana +HK Hong Kong +HM Heard and McDonald Islands +HN Honduras +HR Croatia (Hrvatska) +HT Haiti +HU Hungary +ID Indonesia +IE Ireland +IL Israel +IM Isle of Man +IN India +IO British Indian Ocean Territory +IS Iceland +IT Italy +JE Jersey +JM Jamaica +JO Jordan +JP Japan +KE Kenya +KG Kyrgyzstan +KH Cambodia +KI Kiribati +KM Comoros +KN Saint Kitts and Nevis +KR Korea (South) +KW Kuwait +KY Cayman Islands +KZ Kazakhstan +LA Laos +LC Saint Lucia +LI Liechtenstein +LK Sri Lanka +LS Lesotho +LT Lithuania +LU Luxembourg +LV Latvia +LY Libya +MA Morocco +MC Monaco +MD Moldova +ME Montenegro +MG Madagascar +MH Marshall Islands +MK Macedonia +ML Mali +MM Myanmar +MN Mongolia +MO Macau +MP Northern Mariana Islands +MQ Martinique +MR Mauritania +MS Montserrat +MT Malta +MU Mauritius +MV Maldives +MW Malawi +MX Mexico +MY Malaysia +MZ Mozambique +NA Namibia +NC New Caledonia +NE Niger +NF Norfolk Island +NG Nigeria +NI Nicaragua +NL Netherlands +NO Norway +NP Nepal +NR Nauru +NT Neutral Zone +NU Niue +NZ New Zealand (Aotearoa) +OM Oman +PA Panama +PE Peru +PF French Polynesia +PG Papua New Guinea +PH Philippines +PK Pakistan +PL Poland +PM St. Pierre and Miquelon +PN Pitcairn +PR Puerto Rico +PS Palestinian Territory +PT Portugal +PW Palau +PY Paraguay +QA Qatar +RE Reunion +RO Romania +RS Serbia +RU Russian Federation +RW Rwanda +SA Saudi Arabia +SB Solomon Islands +SC Seychelles +SE Sweden +SG Singapore +SH St. Helena +SI Slovenia +SJ Svalbard and Jan Mayen Islands +SK Slovak Republic +SL Sierra Leone +SM San Marino +SN Senegal +SR Suriname +ST Sao Tome and Principe +SU USSR (former) +SV El Salvador +SZ Swaziland +TC Turks and Caicos Islands +TD Chad +TF French Southern Territories +TG Togo +TH Thailand +TJ Tajikistan +TK Tokelau +TM Turkmenistan +TN Tunisia +TO Tonga +TP East Timor +TR Turkey +TT Trinidad and Tobago +TV Tuvalu +TW Taiwan +TZ Tanzania +UA Ukraine +UG Uganda +UM US Minor Outlying Islands +US United States +UY Uruguay +UZ Uzbekistan +VA Vatican City State (Holy See) +VC Saint Vincent and the Grenadines +VE Venezuela +VG Virgin Islands (British) +VI Virgin Islands (U.S.) +VN Viet Nam +VU Vanuatu +WF Wallis and Futuna Islands +WS Samoa +YE Yemen +YT Mayotte +ZA South Africa +ZM Zambia +COM US Commercial +EDU US Educational +GOV US Government +INT International +MIL US Military +NET Network +ORG Non-Profit Organization +ARPA Old style Arpanet diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 859eb8e..575a661 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -342,8 +342,10 @@ function conf_mount_rw() { function conf_mount_ro() { global $g; + /* Do not trust $g['platform'] since this can be clobbered during factory reset. */ + $platform = trim(file_get_contents("/etc/platform")); /* do not umount on cdrom or pfSense platforms */ - if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") + if($platform == "cdrom" or $platform == "pfSense") return; if($g['booting']) diff --git a/etc/inc/system.inc b/etc/inc/system.inc index aadcdaa..7fd3bcf 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -799,8 +799,10 @@ function system_webgui_start() { } /* generate lighttpd configuration */ + $max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf", - $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/"); + $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/", + "cert.pem", "ca.pem", $max_procs); /* attempt to start lighthttpd */ $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf"); @@ -880,6 +882,7 @@ function system_generate_lighty_config($filename, } // Ramp up captive portal max procs + // Work relative to the default of 2, for values that would be >2. if($captive_portal == true) { if($avail > 65 and $avail < 98) { $max_procs = 1; @@ -888,38 +891,38 @@ function system_generate_lighty_config($filename, $max_procs = 2; } if($avail > 127 and $avail < 256) { - $max_procs = 3; + $max_procs += 1; } if($avail > 255 and $avail < 384) { - $max_procs = 4; + $max_procs += 2; } if($avail > 383) { - $max_procs = 5; + $max_procs += 3; } } if($captive_portal == true) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; } else if ($avail > 0 and $avail < 128) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "2", - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "2", + ), EOC; } else $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; if($fast_cgi_enable == true) { @@ -934,7 +937,7 @@ fastcgi.server = ( ".php" => "socket" => "{$g['tmp_path']}/php-fastcgi.socket", "min-procs" => 0, "max-procs" => {$max_procs}, - {$bin_environment} +{$bin_environment} "bin-path" => "/usr/local/bin/php" ) ) diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index 4665a44..9dc12a5 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -248,10 +248,14 @@ function _getHostName($mac,$ip) { return $dhcpmac[$mac]; else if ($dhcpip[$ip]) return $dhcpip[$ip]; - else if(gethostbyaddr($ip) <> "" and gethostbyaddr($ip) <> $ip) - return gethostbyaddr($ip); - else - return ""; + else{ + exec("host -W 1 $ip", $output); + if (preg_match('/.*pointer ([A-Za-z0-9.-]+)\..*/',$output[0],$matches)) { + if ($matches[1] <> $ip) + return $matches[1]; + } + } + return ""; } $pgtitle = array(gettext("Diagnostics"),gettext("ARP Table")); @@ -277,8 +281,18 @@ ob_implicit_flush(1); // Resolve hostnames and replace Z_ with "". The intention // is to sort the list by hostnames, alpha and then the non // resolvable addresses will appear last in the list. +$dnsavailable=1; +$dns = trim(_getHostName("", "8.8.8.8")); +if ($dns == ""){ + $dns = trim(_getHostName("", "8.8.4.4")); + if ($dns == "") $dnsavailable =0; +} + foreach ($data as &$entry) { - $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + if ($dnsavailable){ + $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + }else + $dns=""; if(trim($dns)) $entry['dnsresolve'] = "$dns"; else diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 601bb8e..4965fb9 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -51,6 +51,7 @@ require_once("shaper.inc"); $pconfig['webguiproto'] = $config['system']['webgui']['protocol']; $pconfig['webguiport'] = $config['system']['webgui']['port']; +$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); @@ -84,6 +85,10 @@ if ($_POST) { if(!is_port($_POST['webguiport'])) $input_errors[] = gettext("You must specify a valid webConfigurator port number"); + if ($_POST['max_procs']) + if(!is_numeric($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) + $input_errors[] = gettext("Max Processes must be a number 1 or greater"); + if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) @@ -111,6 +116,8 @@ if ($_POST) { $restart_webgui = true; if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref'])) $restart_webgui = true; + if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs'])) + $restart_webgui = true; if ($_POST['disablehttpredirect'] == "yes") { $config['system']['webgui']['disablehttpredirect'] = true; @@ -322,6 +329,18 @@ function prot_change() { </td> </tr> <tr> + <td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td> + <td class="vtable"> + <input name="max_procs" type="text" class="formfld unknown" id="max_procs" "size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>"> + <br> + <span class="vexpl"> + <?=gettext("Enter the number of webConfigurator processes you " . + "want to run. This defaults to 2. Increasing this will allow more " . + "users/browsers to access the GUI concurrently."); ?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td> <td width="78%" class="vtable"> <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 5541f83..a4b60af 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -154,7 +154,7 @@ if ($act == "expkey") { if ($_POST) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -185,6 +185,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "existing") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if ($reqdfields[$i] == 'dn_email'){ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if ($reqdfields[$i] == 'dn_commonname'){ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -271,6 +283,15 @@ function method_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -394,12 +415,15 @@ function method_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("US");?> - <em><?=gettext("( two letters )");?></em> + <select name='dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 470f0cd..87b8d91 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -153,7 +153,7 @@ if ($act == "csr") { if ($_POST) { if ($_POST['save'] == gettext("Save")) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -206,6 +206,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "import") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -413,6 +425,15 @@ function internalca_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -639,13 +660,15 @@ function internalca_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="csr_dn_country" type="text" class="formfld unknown" size="2" value="<?=htmlspecialchars($pconfig['csr_dn_country']);?>" /> - - <em>ex:</em> - - US - - <em><?=gettext("( two letters )");?></em> + <select name='csr_dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['csr_dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh b/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh index aeb585f..76cb247 100755 --- a/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh +++ b/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh @@ -404,45 +404,53 @@ init_extraction() # Lets start by figuring out what medium we are using case ${INSTALLMEDIUM} in - LiveCD) - get_value_from_cfg cpdupPaths - if [ ! -z "${VAL}" ] - then - INSFILE="${VAL}" ; export INSFILE - fi - oIFS=$IFS - IFS="," - for FILE in $INSFILE; do - echo_log "pc-sysinstall: Running cpdup -vvv -I -o /${FILE} /mnt/${FILE}" - /usr/local/bin/cpdup -vvv -I -o /${FILE} /mnt/${FILE} >&1 2>&1 - if [ "$?" != "0" ] - then - echo "CPDUP failure occured:" >>${LOGOUT} - exit_err "ERROR: Error occurred during cpdup" - fi - done - oIFS=$IFS - IFS=" -" - return + LiveCD) # Copies files using cpdup. Ideal for pre-staged fs + if [ ! -f /usr/local/bin/cpdup ] + then + echo "Could not locate cpdup binary" >>${LOGOUT} + exit_err "Could not locate cpdup binary (pkg_add -r cpdup)?" + fi + get_value_from_cfg cpdupPathsPrefix + if [ ! -z "${VAL}" ] + CPDUPPATHPREFIX="" + then + CPDUPPATHPREFIX="${VAL}" ; export CPDUPPATHPREFIX + fi + get_value_from_cfg cpdupPaths + if [ ! -z "${VAL}" ] + then + CPDUPDIR="${VAL}" ; export CPDUPDIR + fi + oIFS=$IFS + IFS="," + for FILE in $CPDUPDIR; do + echo_log "pc-sysinstall: Running cpdup -o ${CPDUPPATHPREFIX}/${FILE} /mnt/${FILE}" + /usr/local/bin/cpdup -o ${CPDUPPATHPREFIX}/${FILE} /mnt/${FILE} >&1 2>&1 + if [ "$?" != "0" ] + then + echo "cpdup failure occurred:" >>${LOGOUT} + exit_err "ERROR: Error occurred during cpdup" + fi + done + IFS=$oIFS + return ;; dvd|usb) # Lets start by mounting the disk opt_mount - if [ ! -z "${INSDIR}" ] - then - INSDIR="${CDMNT}/${INSDIR}" ; export INSDIR - start_extract_split - - else - INSFILE="${CDMNT}/${INSFILE}" ; export INSFILE - start_extract_uzip_tar - fi + if [ ! -z "${INSDIR}" ] + then + INSDIR="${CDMNT}/${INSDIR}" ; export INSDIR + start_extract_split + else + INSFILE="${CDMNT}/${INSFILE}" ; export INSFILE + start_extract_uzip_tar + fi ;; ftp) fetch_install_file start_extract_uzip_tar ;; rsync) start_rsync_copy - ;; + ;; *) exit_err "ERROR: Unknown install medium" ;; esac |