diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-03-25 08:49:04 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-03-25 08:49:04 -0300 |
| commit | 54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d (patch) | |
| tree | 27b7d45e582e3d84cdf8d0fa0f3bc93b65f3c986 | |
| parent | b845290619244e8cfe3bc2aa6271c6629eeb86b5 (diff) | |
| parent | 401fb0ad8fa7ad06743435808dac8e913b3c16bb (diff) | |
| download | pfsense-54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d.zip pfsense-54bdff758f68e2e1b1ebd42b8b0b629b68ed1a3d.tar.gz | |
Merge remote-tracking branch 'mainline/master' into inc
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/priv.defs.inc
etc/inc/services.inc
etc/inc/shaper.inc
etc/inc/voucher.inc
etc/inc/vpn.inc
usr/local/www/fbegin.inc
123 files changed, 2099 insertions, 1341 deletions
@@ -28,3 +28,4 @@ nobody:*:65534: admin:*:0: audit:*:77: _ntp:*:123: +_relayd:*:913: diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 6942223..8f1cde8 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1216,7 +1216,9 @@ function session_auth() { $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); - log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); + if(! isset($config['system']['webgui']['quietlogin'])) { + log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); + } $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 44fcb1c..110765c 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -227,7 +227,7 @@ if($config['virtualip']) print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br/><br/>If you did not setup this forwarding, you may be the target of a man-in-the-middle attack.")); } ?> - <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?=$_SERVER['SCRIPT_NAME'];?>"> + <form id="iform" name="login_iform" method="post" action="<?=$_SERVER['SCRIPT_NAME'];?>"> <h1></h1> <div id="inputerrors"><?=$_SESSION['Login_Error'];?></div> <p> diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 4a3b80d..6535f54 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -211,6 +211,8 @@ function captiveportal_configure() { if ($g['booting']) echo "Starting captive portal... "; + else + captiveportal_syslog("Restarting captive portal."); /* kill any running mini_httpd */ killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); @@ -226,7 +228,7 @@ function captiveportal_configure() { touch("{$g['vardb_path']}/captiveportal.db"); /* kill any running minicron */ - killbypid("{$g['varrun_path']}/minicron.pid"); + killbypid("{$g['varrun_path']}/cp_prunedb.pid"); /* init ipfw rules */ captiveportal_init_rules(true); @@ -417,8 +419,12 @@ EOD; /* start up the webserving daemon */ captiveportal_init_webgui(); + /* Kill any existing prunecaptiveportal processes */ + if(file_exists("{$g['varrun_path']}/cp_prunedb.pid")) + killbypid("{$g['varrun_path']}/cp_prunedb.pid"); + /* start pruning process (interval defaults to 60 seconds) */ - mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/minicron.pid " . + mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/cp_prunedb.pid " . "/etc/rc.prunecaptiveportal"); /* generate radius server database */ @@ -429,7 +435,7 @@ EOD; } else { killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); - killbypid("{$g['varrun_path']}/minicron.pid"); + killbypid("{$g['varrun_path']}/cp_prunedb.pid"); captiveportal_radius_stop_all(); @@ -498,6 +504,7 @@ function captiveportal_init_webgui() { $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal-SSL.conf"); } +/* reinit will disconnect all users, be careful! */ function captiveportal_init_rules($reinit = false) { global $config, $g; @@ -708,48 +715,47 @@ function captiveportal_prune_old() { !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; + $radiusservers = captiveportal_get_radius_servers(); + /* read database */ $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); - /* To make sure we iterate over ALL accounts on every run the count($cpdb) is moved * outside of the loop. Otherwise the loop would evaluate count() on every iteration * and since $i would increase and count() would decrement they would meet before we * had a chance to iterate over all accounts. */ $unsetindexes = array(); - $no_users = count($cpdb); - for ($i = 0; $i < $no_users; $i++) { + foreach ($cpdb as $cpentry) { $timedout = false; $term_cause = 1; /* hard timeout? */ if ($timeout) { - if ((time() - $cpdb[$i][0]) >= $timeout) { + if ((time() - $cpentry[0]) >= $timeout) { $timedout = true; $term_cause = 5; // Session-Timeout } } /* Session-Terminate-Time */ - if (!$timedout && !empty($cpdb[$i][9])) { - if (time() >= $cpdb[$i][9]) { + if (!$timedout && !empty($cpentry[9])) { + if (time() >= $cpentry[9]) { $timedout = true; $term_cause = 5; // Session-Timeout } } /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ - $uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; + $uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ if (!$timedout && $uidletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][2]); + $lastact = captiveportal_get_last_activity($cpentry[2]); /* If the user has logged on but not sent any traffic they will never be logged out. * We "fix" this by setting lastact to the login timestamp. */ - $lastact = $lastact ? $lastact : $cpdb[$i][0]; + $lastact = $lastact ? $lastact : $cpentry[0]; if ($lastact && ((time() - $lastact) >= $uidletimeout)) { $timedout = true; $term_cause = 4; // Idle-Timeout @@ -758,25 +764,25 @@ function captiveportal_prune_old() { } /* if vouchers are configured, activate session timeouts */ - if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) { - if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) { + if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) { + if (time() >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } } /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ - if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) { - if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) { + if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) { + if (time() >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } } if ($timedout) { - captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); - $unsetindexes[$i] = $i; + captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT"); + $unsetindexes[] = $cpentry[5]; } /* do periodic RADIUS reauthentication? */ @@ -784,30 +790,30 @@ function captiveportal_prune_old() { if (isset($config['captiveportal']['radacct_enable'])) { if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { /* stop and restart accounting */ - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time + RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid + $cpentry[0], // start time $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac + $cpentry[2], // clientip + $cpentry[3], // clientmac 10); // NAS Request - exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}"); - exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}"); - RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid + exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}"); + exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}"); + RADIUS_ACCOUNTING_START($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3]); // clientmac + $cpentry[2], // clientip + $cpentry[3]); // clientmac } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time + RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid + $cpentry[0], // start time $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac + $cpentry[2], // clientip + $cpentry[3], // clientmac 10, // NAS Request true); // Interim Updates } @@ -815,26 +821,24 @@ function captiveportal_prune_old() { /* check this user against RADIUS again */ if (isset($config['captiveportal']['reauthenticate'])) { - $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username - base64_decode($cpdb[$i][6]), // password + $auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username + base64_decode($cpentry[6]), // password $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - $cpdb[$i][1]); // ruleno + $cpentry[2], // clientip + $cpentry[3], // clientmac + $cpentry[1]); // ruleno if ($auth_list['auth_val'] == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers, 17); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[$i] = $i; + captiveportal_disconnect($cpentry, $radiusservers, 17); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']); + $unsetindexes[] = $cpentry[5]; } } } } - /* This is a kludge to overcome some php weirdness */ - foreach($unsetindexes as $unsetindex) - unset($cpdb[$unsetindex]); /* write database */ - captiveportal_write_db($cpdb); + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); } /* remove a single client according to the DB entry */ @@ -856,12 +860,15 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t false, $stop_time); } - /* Delete client's ip entry from tables 3 and 4. */ - mwexec("/sbin/ipfw table 1 delete {$dbent[2]}"); - mwexec("/sbin/ipfw table 2 delete {$dbent[2]}"); - - /* Release the ruleno so it can be reallocated to new clients. */ - captiveportal_free_ipfw_ruleno($dbent[1]); + + if (is_ipaddr($dbent[2])) { + /* Delete client's ip entry from tables 3 and 4. */ + mwexec("/sbin/ipfw table 1 delete {$dbent[2]}"); + mwexec("/sbin/ipfw table 2 delete {$dbent[2]}"); + /* XXX: Redundant?! Ensure all pf(4) states are killed. */ + mwexec("pfctl -k {$dbent[2]}"); + mwexec("pfctl -K {$dbent[2]}"); + } /* * These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal @@ -872,32 +879,33 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t mwexec("/sbin/ipfw pipe " . ($dbent[1]+20001) . " delete"); } - /* XXX: Redundant?! Ensure all pf(4) states are killed. */ - mwexec("pfctl -k {$dbent[2]}"); - mwexec("pfctl -K {$dbent[2]}"); - + /* Release the ruleno so it can be reallocated to new clients. */ + captiveportal_free_ipfw_ruleno($dbent[1]); } -/* remove a single client by ipfw rule number */ -function captiveportal_disconnect_client($id,$term_cause = 1) { +/* remove a single client by sessionid */ +function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { global $g, $config; - /* read database */ - $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); + $unsetindex = array(); + + $cpdblck = lock('captiveportaldb', LOCK_EX); + + /* read database */ + $cpdb = captiveportal_read_db(true); /* find entry */ - foreach ($cpdb as $i => $cpentry) { - if ($cpentry[1] == $id) { - captiveportal_disconnect($cpentry, $radiusservers, $term_cause); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); - unset($cpdb[$i]); - break; - } - } + if (isset($cpdb[$sessionid])) { + $cpentry = $cpdb[$sessionid]; + /* write database */ + $unsetindex[] = $sessionid; + captiveportal_write_db($cpdb, true, $unsetindex); + unlock($cpdblck); - /* write database */ - captiveportal_write_db($cpdb); + captiveportal_disconnect($cpentry, $radiusservers, $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); + } } /* send RADIUS acct stop for all current clients */ @@ -1077,10 +1085,10 @@ function setup_dnsfilter_entries() { $cp_filterdns_conf = ""; if (is_array($config['captiveportal']['allowedhostname'])) { foreach ($config['captiveportal']['allowedhostname'] as $hostnameent) { - $cp_filterdns_conf .= "ipfw $hostnameent 3 '/etc/rc.captiveportal_configure'\n"; - $cp_filterdns_conf .= "ipfw $hostnameent 4 '/etc/rc.captiveportal_configure'\n"; - $cp_filterdns_conf .= "ipfw $hostnameent 7 '/etc/rc.captiveportal_configure'\n"; - $cp_filterdns_conf .= "ipfw $hostnameent 8 '/etc/rc.captiveportal_configure'\n"; + $cp_filterdns_conf .= "ipfw {$hostnameent['hostname']} 3\n"; + $cp_filterdns_conf .= "ipfw {$hostnameent['hostname']} 4\n"; + $cp_filterdns_conf .= "ipfw {$hostnameent['hostname']} 7\n"; + $cp_filterdns_conf .= "ipfw {$hostnameent['hostname']} 8\n"; } } file_put_contents($cp_filterdns_filename, $cp_filterdns_conf); @@ -1254,38 +1262,54 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db() { - global $g; +function captiveportal_read_db($locked = false) { + global $g; - $cpdb = array(); + $cpdb = array(); + if ($locked == false) $cpdblck = lock('captiveportaldb'); - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) - $cpdb[] = explode(",", $line); + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); + if ($fd) { + while (!feof($fd)) { + $line = trim(fgets($fd)); + if ($line) { + $cpe = explode(",", $line); + /* Hash by session id */ + $cpdb[$cpe[5]] = $cpe; } - fclose($fd); } + fclose($fd); + } + if ($locked == false) unlock($cpdblck); - return $cpdb; + return $cpdb; } /* write captive portal DB */ -function captiveportal_write_db($cpdb) { - global $g; +function captiveportal_write_db($cpdb, $locked = false, $remove = false) { + global $g; + if ($locked == false) $cpdblck = lock('captiveportaldb', LOCK_EX); - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { - foreach ($cpdb as $cpent) { - fwrite($fd, join(",", $cpent) . "\n"); - } - fclose($fd); + + if (is_array($remove)) { + if (!empty($remove)) { + $cpdb = captiveportal_read_db(true); + foreach ($remove as $key) + unset($cpdb[$key]); + } else + return; //This makes sure no record removal calls + } + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); + if ($fd) { + foreach ($cpdb as $cpent) { + fwrite($fd, join(",", $cpent) . "\n"); } - unlock($cpdblck); + fclose($fd); + } + if ($locked == false) + unlock($cpdblck); } function captiveportal_write_elements() { @@ -1515,4 +1539,393 @@ function portal_ip_from_client_ip($cliip) { return false; } +/* functions move from index.php */ + +function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { + global $g, $config; + + /* Get captive portal layout */ + if ($type == "redir") { + header("Location: {$redirurl}"); + return; + } else if ($type == "login") + $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html"); + else + $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html"); + + /* substitute the PORTAL_REDIRURL variable */ + if ($config['captiveportal']['preauthurl']) { + $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$config['captiveportal']['preauthurl']}", $htmltext); + $htmltext = str_replace("#PORTAL_REDIRURL#", "{$config['captiveportal']['preauthurl']}", $htmltext); + } + + /* substitute other variables */ + if (isset($config['captiveportal']['httpslogin'])) { + $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); + $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); + } else { + $ifip = portal_ip_from_client_ip($clientip); + if (!$ifip) + $ourhostname = $config['system']['hostname'] . ":8000"; + else + $ourhostname = "{$ifip}:8000"; + $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext); + $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext); + } + + $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); + $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); + $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); + $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); + + // Special handling case for captive portal master page so that it can be ran + // through the PHP interpreter using the include method above. We convert the + // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out. + $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); + $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); + $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); + $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); + $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); + $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); + + echo $htmltext; +} + +function portal_mac_radius($clientmac,$clientip) { + global $config ; + + $radmac_secret = $config['captiveportal']['radmac_secret']; + + /* authentication against the radius server */ + $username = mac_format($clientmac); + $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); + if ($auth_list['auth_val'] == 2) + return TRUE; + if (!empty($auth_list['url_redirection'])) + portal_reply_page($auth_list['url_redirection'], "redir"); + + return FALSE; +} + +function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) { + + global $redirurl, $g, $config, $type, $passthrumac, $_POST; + + /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */ + if ($ruleno == null) + $ruleno = captiveportal_get_next_ipfw_ruleno(); + + /* if the pool is empty, return appropriate message and exit */ + if (is_null($ruleno)) { + portal_reply_page($redirurl, "error", "System reached maximum login capacity"); + log_error("WARNING! Captive portal has reached maximum login capacity"); + exit; + } + + // Ensure we create an array if we are missing attributes + if (!is_array($attributes)) + $attributes = array(); + + $radiusservers = captiveportal_get_radius_servers(); + + /* Do not allow concurrent login execution. */ + $cpdblck = lock('captiveportaldb', LOCK_EX); + + unset($sessionid); + + /* read in client database */ + $cpdb = captiveportal_read_db(true); + + if ($attributes['voucher']) + $remaining_time = $attributes['session_timeout']; + + $writecfg = false; + /* Find an existing session */ + if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) { + if (isset($config['captiveportal']['passthrumacadd'])) { + $mac = captiveportal_passthrumac_findbyname($username); + if (!empty($mac)) { + if ($_POST['replacemacpassthru']) { + foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) { + if ($macent['mac'] == $mac['mac']) { + $macrules = ""; + $ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']); + if ($ruleno) { + captiveportal_free_ipfw_ruleno($ruleno, true); + $macrules .= "delete {$ruleno}\n"; + ++$ruleno; + $macrules .= "delete {$ruleno}\n"; + } + unset($config['captiveportal']['passthrumac'][$idx]); + $mac['mac'] = $clientmac; + $config['captiveportal']['passthrumac'][] = $mac; + $macrules .= captiveportal_passthrumac_configure_entry($mac); + file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); + $writecfg = true; + $sessionid = true; + break; + } + } + } else { + portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.", + $clientmac, $clientip, $username, $password); + exit; + } + } + } + } + + foreach ($cpdb as $sid => $cpentry) { + /* on the same ip */ + if($cpentry[2] == $clientip) { + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - REUSING OLD SESSION"); + $sessionid = $sid; + break; + } + elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { + // user logged in with an active voucher. Check for how long and calculate + // how much time we can give him (voucher credit - used time) + $remaining_time = $cpentry[0] + $cpentry[7] - time(); + if ($remaining_time < 0) // just in case. + $remaining_time = 0; + + /* This user was already logged in so we disconnect the old one */ + captiveportal_disconnect($cpentry,$radiusservers,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); + unset($cpdb[$sid]); + break; + } + elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) { + /* on the same username */ + if (strcasecmp($cpentry[4], $username) == 0) { + /* This user was already logged in so we disconnect the old one */ + captiveportal_disconnect($cpentry,$radiusservers,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); + unset($cpdb[$sid]); + break; + } + } + } + + if ($attributes['voucher'] && $remaining_time <= 0) + return 0; // voucher already used and no time left + + if (!isset($sessionid)) { + /* generate unique session ID */ + $tod = gettimeofday(); + $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); + + /* Add rules for traffic shaping + * We don't need to add extra rules since traffic will pass due to the following kernel option + * net.inet.ip.fw.one_pass: 1 + */ + $peruserbw = isset($config['captiveportal']['peruserbw']); + + $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; + $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; + + if ($passthrumac) { + $mac = array(); + $mac['mac'] = $clientmac; + if (isset($config['captiveportal']['passthrumacaddusername'])) + $mac['username'] = $username; + $mac['descr'] = "Auto added pass-through MAC for user {$username}"; + if (!empty($bw_up)) + $mac['bw_up'] = $bw_up; + if (!empty($bw_down)) + $mac['bw_down'] = $bw_down; + if (!is_array($config['captiveportal']['passthrumac'])) + $config['captiveportal']['passthrumac'] = array(); + $config['captiveportal']['passthrumac'][] = $mac; + unlock($cpdblck); + $macrules = captiveportal_passthrumac_configure_entry($mac); + file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); + $writecfg = true; + } else { + if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { + $bw_up_pipeno = $ruleno + 20000; + //$bw_up /= 1000; // Scale to Kbit/s + mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100"); + + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}"); + else + mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}"); + } else { + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}"); + else + mwexec("/sbin/ipfw table 1 add {$clientip}"); + } + if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { + $bw_down_pipeno = $ruleno + 20001; + //$bw_down /= 1000; // Scale to Kbit/s + mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100"); + + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}"); + else + mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}"); + } else { + if (!isset($config['captiveportal']['nomacfilter'])) + mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}"); + else + mwexec("/sbin/ipfw table 2 add {$clientip}"); + } + + if ($attributes['voucher']) + $attributes['session_timeout'] = $remaining_time; + + /* encode password in Base64 just in case it contains commas */ + $bpassword = base64_encode($password); + $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, + $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); + + /* rewrite information to database */ + captiveportal_write_db($cpdb, true); + unlock($cpdblck); + + if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { + $acct_val = RADIUS_ACCOUNTING_START($ruleno, + $username, $sessionid, $radiusservers, $clientip, $clientmac); + if ($acct_val == 1) + captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); + } + } + } else + unlock($cpdblck); + + if ($writecfg == true) + write_config(); + + /* redirect user to desired destination */ + if (!empty($attributes['url_redirection'])) + $my_redirurl = $attributes['url_redirection']; + else if ($config['captiveportal']['redirurl']) + $my_redirurl = $config['captiveportal']['redirurl']; + else + $my_redirurl = $redirurl; + + if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) { + + if (isset($config['captiveportal']['httpslogin'])) + $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/"; + else { + $ifip = portal_ip_from_client_ip($clientip); + if (!$ifip) + $ourhostname = $config['system']['hostname'] . ":8000"; + else + $ourhostname = "{$ifip}:8000"; + $logouturl = "http://{$ourhostname}/"; + } + + if (isset($attributes['reply_message'])) + $message = $attributes['reply_message']; + else + $message = 0; + + include("{$g['varetc_path']}/captiveportal-logout.html"); + + } else { + header("Location: " . $my_redirurl); + } + + return $sessionid; +} + + +/* + * Used for when pass-through credits are enabled. + * Returns true when there was at least one free login to deduct for the MAC. + * Expired entries are removed as they are seen. + * Active entries are updated according to the configuration. + */ +function portal_consume_passthrough_credit($clientmac) { + global $config; + + if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count'])) + $freeloginscount = $config['captiveportal']['freelogins_count']; + else + return false; + + if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout'])) + $resettimeout = $config['captiveportal']['freelogins_resettimeout']; + else + return false; + + if ($freeloginscount < 1 || $resettimeout <= 0 || !$clientmac) + return false; + + $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']); + + /* + * Read database of used MACs. Lines are a comma-separated list + * of the time, MAC, then the count of pass-through credits remaining. + */ + $usedmacs = captiveportal_read_usedmacs_db(); + + $currenttime = time(); + $found = false; + foreach ($usedmacs as $key => $usedmac) { + $usedmac = explode(",", $usedmac); + + if ($usedmac[1] == $clientmac) { + if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { + if ($usedmac[2] < 1) { + if ($updatetimeouts) { + $usedmac[0] = $currenttime; + unset($usedmacs[$key]); + $usedmacs[] = implode(",", $usedmac); + captiveportal_write_usedmacs_db($usedmacs); + } + + return false; + } else { + $usedmac[2] -= 1; + $usedmacs[$key] = implode(",", $usedmac); + } + + $found = true; + } else + unset($usedmacs[$key]); + + break; + } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) + unset($usedmacs[$key]); + } + + if (!$found) { + $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); + $usedmacs[] = implode(",", $usedmac); + } + + captiveportal_write_usedmacs_db($usedmacs); + return true; +} + +function captiveportal_read_usedmacs_db() { + global $g; + + $cpumaclck = lock('captiveusedmacs'); + if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) { + $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!$usedmacs) + $usedmacs = array(); + } else + $usedmacs = array(); + + unlock($cpumaclck); + return $usedmacs; +} + +function captiveportal_write_usedmacs_db($usedmacs) { + global $g; + + $cpumaclck = lock('captiveusedmacs', LOCK_EX); + @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); + unlock($cpumaclck); +} + ?> diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 7d19045..8d5604f 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -90,12 +90,12 @@ function & lookup_crl($refid) { function ca_chain_array(& $cert) { if($cert['caref']) { $chain = array(); - $crt =& lookup_ca($cert['caref']); + $crt = lookup_ca($cert['caref']); $chain[] = $crt; while ($crt) { $caref = $crt['caref']; if($caref) - $crt =& lookup_ca($caref); + $crt = lookup_ca($caref); else $crt = false; if($crt) @@ -417,7 +417,8 @@ function is_ipsec_cert($certref) { function is_webgui_cert($certref) { global $config; - if ($config['system']['webgui']['ssl-certref'] == $certref) + if (($config['system']['webgui']['ssl-certref'] == $certref) + && ($config['system']['webgui']['protocol'] != "http")) return true; } diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 7b2cab7..75eb013 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -303,9 +303,9 @@ EOD; echo "\n" . gettext("The interfaces will be assigned as follows:") . "\n\n"; + echo "WAN -> " . $wanif . "\n"; if ($lanif != "") echo "LAN -> " . $lanif . "\n"; - echo "WAN -> " . $wanif . "\n"; for ($i = 0; $i < count($optif); $i++) { echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n"; } diff --git a/etc/inc/config.gui.inc b/etc/inc/config.gui.inc index 1a7e397..bfceb5a 100644 --- a/etc/inc/config.gui.inc +++ b/etc/inc/config.gui.inc @@ -41,10 +41,6 @@ pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ -/* - * XXX: Hack around the cvs syntax checks. - * DISABLE_PHP_LINT_CHECKING - */ require_once("globals.inc"); @@ -87,4 +83,4 @@ if($config_parsed == true) { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 9f0b736..c0b568d 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -120,35 +120,6 @@ function parse_config($parse = false) { if(!$parse) { if (file_exists($g['tmp_path'] . '/config.cache')) { $config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache')); -<<<<<<< HEAD - if(is_null($config)) { - unlock($lockkey); - parse_config(true); - $lockkey = lock('config'); - } - } else { - if(!file_exists($g['conf_path'] . "/config.xml")) { - log_error(gettext("No config.xml found, attempting last known config restore.")); - file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", ""); - $last_backup = discover_last_backup(); - if ($last_backup) - restore_backup("/cf/conf/backup/{$last_backup}"); - else { - log_error(gettext("Could not restore config.xml.")); - unlock($lockkey); - die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.")); - } - } - unlock($lockkey); - $config = parse_config(true); - $lockkey = lock('config'); - } - } else { - if(!file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) echo "."; - log_error(gettext("No config.xml found, attempting last known config restore.")); - file_notice("config.xml", gettext("No config.xml found, attempting last known config restore."), "pfSenseConfigurator", ""); -======= if (is_null($config)) $parse = true; } else @@ -160,7 +131,6 @@ function parse_config($parse = false) { echo "."; log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); ->>>>>>> master $last_backup = discover_last_backup(); if ($last_backup) restore_backup("/cf/conf/backup/{$last_backup}"); @@ -276,12 +246,8 @@ function parse_config_bootup() { restore_backup("/cf/conf/backup/{$last_backup}"); } if(!file_exists("{$g['conf_path']}/config.xml")) { -<<<<<<< HEAD echo sprintf(gettext("XML configuration file not found. %s cannot continue booting."), $g['product_name']) . "\n"; -======= - echo "XML configuration file not found. {$g['product_name']} cannot continue booting.\n"; unlock($lockkey); ->>>>>>> master mwexec("/sbin/halt"); exit; } @@ -345,23 +311,23 @@ function conf_mount_rw() { if (refcount_reference(1000) > 1) return; - $status = mwexec("/sbin/mount -u -w {$g['cf_path']}"); + $status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}"); if($status <> 0) { if($g['booting']) echo gettext("Disk is dirty. Running fsck -y") . "\n"; mwexec("/sbin/fsck -y {$g['cf_path']}"); - $status = mwexec("/sbin/mount -u -w {$g['cf_path']}"); + $status = mwexec("/sbin/mount -u -w -o sync,noatime {$g['cf_path']}"); } /* if the platform is soekris or wrap or pfSense, lets mount the * compact flash cards root. */ - $status = mwexec("/sbin/mount -u -w /"); + $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); /* we could not mount this correctly. kick off fsck */ if($status <> 0) { log_error(gettext("File system is dirty. Launching FSCK for /")); mwexec("/sbin/fsck -y /"); - $status = mwexec("/sbin/mount -u -w /"); + $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); } mark_subsystem_dirty('mount'); @@ -389,8 +355,8 @@ function conf_mount_ro() { clear_subsystem_dirty('mount'); /* sync data, then force a remount of /cf */ pfSense_sync(); - mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); - mwexec("/sbin/mount -u -r -f /"); + mwexec("/sbin/mount -u -r -f -o sync,noatime {$g['cf_path']}"); + mwexec("/sbin/mount -u -r -f -o sync,noatime /"); } /****f* config/convert_config @@ -446,14 +412,7 @@ function convert_config() { log_error(sprintf(gettext("Ended Configuration upgrade at %s"), $now)); if ($prev_version != $config['version']) -<<<<<<< HEAD write_config(sprintf(gettext('Upgraded config version level from %1$s to %2$s'), $prev_version, $config['version'])); - - if($g['booting']) - echo gettext("Loading new configuration..."); -======= - write_config("Upgraded config version level from {$prev_version} to {$config['version']}"); ->>>>>>> master } /****f* config/safe_write_file @@ -520,13 +479,12 @@ function write_config($desc="Unknown", $backup = true) { * for now, since it was preventing config saving. */ // $config = parse_config(true, false, false); -<<<<<<< HEAD - if($g['bootup']) - log_error(gettext("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml")); -======= + /* Comment this check out for now. There aren't any current issues that + * make this problematic, and it makes users think there is a problem + * when one doesn't really exist. if($g['booting']) log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); ->>>>>>> master + */ $username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username']; diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index da8844e..dcde894 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -43,7 +43,7 @@ * ZoneEdit - Last Tested: NEVER * Dyns - Last Tested: NEVER * ODS - Last Tested: 02 August 2005 - * FreeDNS - Last Tested: NEVER + * FreeDNS - Last Tested: 23 Feb 2011 * Loopia - Last Tested: NEVER * StaticCling - Last Tested: 27 April 2006 * DNSexit - Last Tested: 20 July 2008 @@ -350,7 +350,7 @@ break; case 'freedns': $needIP = FALSE; - curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsHost); + curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass); $data = curl_exec($ch); if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); curl_close($ch); diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 96864b1..0a6c703 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -46,7 +46,7 @@ function easyrule_find_rule_interface($int) { if ($config['pptpd']['mode'] == "server") $iflist['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $iflist['pppoe'] = "PPPoE VPN"; if ($config['l2tp']['mode'] == "server") @@ -79,11 +79,12 @@ function easyrule_block_rule_exists($int = 'wan') { } /* Search through the rules for one referencing our alias */ - foreach ($config['filter']['rule'] as $rule) + foreach ($config['filter']['rule'] as $rule) { if (!is_array($rule) || !is_array($rule['source'])) continue; if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int)) return true; + } return false; } @@ -114,7 +115,7 @@ function easyrule_block_rule_create($int = 'wan') { $filterent['destination']['any'] = ''; $filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View"); - $a_filter[] = $filterent; + array_splice($a_filter, 0, 0, array($filterent)); return true; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6de6425..64528e7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -124,7 +124,7 @@ function filter_pflog_start() { } mute_kernel_msgs(); $output = 0; - exec("/bin/pgrep -f 'tcpdump -s 256 -v -l -n -e -ttt -i pflog0'", $output, $retval); + exec("/bin/pgrep -af 'tcpdump -s 256 -v -l -n -e -ttt -i pflog0'", $output, $retval); if($retval != 0) mwexec_bg("/usr/sbin/tcpdump -s 256 -v -l -n -e -ttt -i pflog0 | logger -t pf -p local0.info"); unmute_kernel_msgs(); @@ -522,8 +522,10 @@ function filter_generate_aliases() { $aliases .= "table <sshlockout> persist\n"; $aliases .= "table <webConfiguratorlockout> persist\n"; - $aliases .= "#Snort2C table\n"; + $aliases .= "#pfSnortSam tables\n"; $aliases .= "table <snort2c>\n"; + $aliases .= "table <pfSnortSamout>\n"; + $aliases .= "table <pfSnortSamin>\n"; $aliases .= "\ntable <virusprot>\n"; @@ -1122,14 +1124,22 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if($src == "") $src = "any"; /* Match on this source port */ - if($srcport != "") - $src .= " port {$srcport}"; + if($srcport != "") { + $srcportexpand = alias_expand($srcport); + if(!$srcportexpand) + $srcportexpand = $srcport; + $src .= " port {$srcportexpand}"; + } /* sometimes this gets called with "" instead of a value */ if($dst == "") $dst = "any"; /* Match on this dest port */ - if($dstport != "") - $dst .= " port {$dstport}"; + if($dstport != "") { + $dstportexpand = alias_expand($dstport); + if(!$dstportexpand) + $dstportexpand = $dstport; + $dst .= " port {$dstportexpand}"; + } /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */ $staticnatport_txt = ""; if($staticnatport) @@ -1232,11 +1242,14 @@ function filter_nat_rules_generate() { if(is_array($config['nat']['advancedoutbound']['rule'])) { foreach ($config['nat']['advancedoutbound']['rule'] as $obent) { update_filter_reload_status(sprintf(gettext("Creating advanced outbound rule %s"), $obent['descr'])); - $src = $obent['source']['network']; - if(isset($obent['destination']['not']) && !isset($obent['destination']['any'])) - $dst = "!" . $obent['destination']['address']; - else + $src = alias_expand($obent['source']['network']); + if(!$src) + $src = $obent['source']['network']; + $dst = alias_expand($obent['destination']['address']); + if(!$dst) $dst = $obent['destination']['address']; + if(isset($obent['destination']['not']) && !isset($obent['destination']['any'])) + $dst = "!" . $dst; if(!$obent['interface']) $natif = "wan"; else @@ -1339,6 +1352,7 @@ function filter_nat_rules_generate() { } } $natrules .= "\n# Subnets to NAT \n"; + $tonathosts .= "127.0.0.0/8 "; if($numberofnathosts > 4) { $natrules .= "table <tonatsubnets> { {$tonathosts} }\n"; $macroortable = "<tonatsubnets>"; @@ -1527,6 +1541,16 @@ function filter_nat_rules_generate() { else sigkillbypid("/var/run/inetd.pid", "HUP"); } + + if (isset($config['pptpd']['mode']) && ($config['pptpd']['mode'] != "off")) { + if ($config['pptpd']['mode'] == "redir") { + $pptpdtarget = $config['pptpd']['redir']; + $natrules .= "# PPTP\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto gre from any to any -> {$pptpdtarget}\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; + } + } + $natrules .= discover_pkg_rules("nat"); $natrules .= filter_process_carp_nat_rules(); @@ -1619,6 +1643,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = " {$not} {$expsrc}"; } + $rule['protocol'] = strtolower($rule['protocol']); if(in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) { if($rule[$target]['port']) { $srcport = explode("-", $rule[$target]['port']); @@ -1704,7 +1729,7 @@ function filter_generate_user_rule($rule) { } update_filter_reload_status("Setting up pass/block rules"); $type = $rule['type']; - if($type != "pass" && $type != "block" && $type != "reject") { + if($type != "pass" && $type != "block" && $type != "reject" && $type != "match") { /* default (for older rules) is pass */ $type = "pass "; } @@ -1728,7 +1753,7 @@ function filter_generate_user_rule($rule) { update_filter_reload_status(sprintf(gettext("Setting up pass/block rules %s"), $rule['descr'])); /* do not process reply-to for gateway'd rules */ - if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) { + if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($config['system']['disablereplyto'])) { $rg = get_interface_gateway($rule['interface']); if(is_ipaddr($rg)) { $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; @@ -1744,10 +1769,10 @@ function filter_generate_user_rule($rule) { /* Add the load balanced gateways */ $aline['route'] = " \$GW{$rule['gateway']} "; else - log_error(sprintf(gettext("The gateway: %s is invalid/unkown not using it."), $rule['gateway'])); + log_error("The gateway: {$rule['gateway']} is invalid or unknown, not using it."); } - if(isset($rule['protocol'])) { + if (isset($rule['protocol']) && !empty($rule['protocol'])) { if($rule['protocol'] == "tcp/udp") $aline['prot'] = " proto { tcp udp } "; elseif($rule['protocol'] == "icmp") @@ -2006,9 +2031,11 @@ EOD; $ipfrules .= <<<EOD -# snort2c +# pfSnortSam block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" +block quick from <pfSnortSamout> to any label "Block pfSnortSamOut hosts" +block quick from any to <pfSnortSamin> label "Block pfSnortSamIn hosts" EOD; @@ -2157,6 +2184,15 @@ pass in on \${$oc['descr']} proto udp from any port = 68 to {$oc['ip']} port = 6 pass out on \${$oc['descr']} proto udp from {$oc['ip']} port = 67 to any port = 68 label "allow access to DHCP server" EOD; + if($config['dhcpd'][$on]['failover_peerip'] <> "") { + $ipfrules .= <<<EOD +# allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']} +pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" + +EOD; + } + } break; } @@ -2327,10 +2363,37 @@ EOD; $ipfrules .= <<<EOD anchor "tftp-proxy/*" +EOD; + + update_filter_reload_status("Creating uPNP rules..."); + if(isset($config['installedpackages']['miniupnpd']['config'][0]['enable'])) { + + $ipfrules .= <<<EOD # uPnPd anchor "miniupnpd" EOD; + + $upnp_interfaces = explode(",", $config['installedpackages']['miniupnpd'][0]['config']['iface_array']); + foreach($upnp_interfaces as $upnp_if) { + if(is_array($FilterIflist[$upnp_if])) { + $oc = $FilterIflist[$upnp_if]; + if($oc['ip']) { + $sa = $oc['sa']; + $sn = $oc['sn']; + $if = $oc['if']; + } + if($sa) { + $ipfrules .= <<<EOD + +pass in on \${$oc['descr']} proto tcp from {$sa}/{$sn} to 239.255.255.250/32 port 1900 keep state label "pass multicast traffic to miniupnpd" + +EOD; + } + } + } + } + return $ipfrules; } @@ -2570,16 +2633,11 @@ function filter_setup_logging_interfaces() { echo "filter_setup_logging_interfaces() being called $mt\n"; } $rules = ""; - foreach ($FilterIflist as $ifdescr => $ifcfg) { - /* - * XXX: This should be cleared out after a discussion - * between pf(4) devs is cleared out. This breaks - * compatibility with OpenBSD. - */ - if(isset($ifcfg['virtual'])) - continue; - $rules .= "set loginterface {$ifcfg['if']}\n"; - } + if (isset($FilterIflist['lan'])) + $rules .= "set loginterface {$FilterIflist['lan']['if']}\n"; + else if (isset($FilterIflist['wan'])) + $rules .= "set loginterface {$FilterIflist['wan']['if']}\n"; + return $rules; } diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 6f64478..21460c5 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -88,10 +88,12 @@ $g = array( "disablethemeselection" => false, "disablehelpmenu" => false, "disablehelpicon" => false, + "disablecrashreporter" => false, + "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "7.6", + "latest_config" => "7.7", "nopkg_platforms" => array("cdrom"), - "minimum_ram_warning" => "105", + "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "minimum_nic_count" => "1", "minimum_nic_count_text" => "*AT LEAST* 1", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 60201bd..e678b3b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1143,7 +1143,14 @@ function handle_pppoe_reset($post_array) { function interface_ppps_configure($interface) { global $config, $g; - + + /* Return for unassigned interfaces. This is a minimum requirement. */ + if (empty($config['interfaces'][$interface])) + return 0; + $ifcfg = $config['interfaces'][$interface]; + if (!isset($ifcfg['enable'])) + return 0; + // mpd5 requires a /var/spool/lock directory for PPP modem links. if(!is_dir("/var/spool/lock")) { exec("/bin/mkdir -p /var/spool/lock"); @@ -1152,10 +1159,7 @@ function interface_ppps_configure($interface) { // mpd5 modem chat script expected in the same directory as the mpd_xxx.conf files if (!file_exists("{$g['varetc_path']}/mpd.script")) mwexec("/bin/ln -s /usr/local/sbin/mpd.script {$g['varetc_path']}/."); - - $ifcfg = $config['interfaces'][$interface]; - if (!isset($ifcfg['enable'])) - return 0; + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($ifcfg['if'] == $ppp['if']) @@ -1172,7 +1176,7 @@ function interface_ppps_configure($interface) { else $type = $ppp['type']; $upper_type = strtoupper($ppp['type']); - + if($g['booting']) { $descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface); echo "starting {$pppif} link..."; @@ -1180,7 +1184,7 @@ function interface_ppps_configure($interface) { if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) return 0; } - + $ports = explode(',',$ppp['ports']); if ($type != "modem") { foreach ($ports as $pid => $port) @@ -1189,10 +1193,10 @@ function interface_ppps_configure($interface) { $localips = explode(',',$ppp['localip']); $gateways = explode(',',$ppp['gateway']); $subnets = explode(',',$ppp['subnet']); - + /* We bring up the parent interface first because if DHCP is configured on the parent we need - to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs - */ + * to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs + */ foreach($ports as $pid => $port){ switch ($ppp['type']) { case "pppoe": @@ -2469,7 +2473,7 @@ function kill_wpasupplicant($interface) { function find_dhclient_process($interface) { if ($interface) - $pid = `/bin/pgrep -xf "dhclient: {$interface}"`; + $pid = `/bin/pgrep -axf "dhclient: {$interface}"`; else $pid = 0; @@ -3480,8 +3484,8 @@ function is_altq_capable($int) { * http://www.freebsd.org/cgi/man.cgi?query=altq&manpath=FreeBSD+7.2-current&format=html * Only the following drivers have ALTQ support */ - $capable = array("age", "ale", "an", "ath", "aue", "awi", "bce", - "bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem", + $capable = array("age", "alc", "ale", "an", "ath", "aue", "awi", "bce", + "bfe", "bge", "bridge", "cas", "dc", "de", "ed", "em", "ep", "fxp", "gem", "hme", "igb", "ipw", "iwi", "jme", "le", "lem", "msk", "mxge", "my", "nfe", "npe", "nve", "ral", "re", "rl", "rum", "run", "bwn", "sf", "sis", "sk", "ste", "stge", "txp", "udav", "ural", "vge", "vr", "wi", "xl", diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 109bf18..6040de6 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -143,11 +143,13 @@ function ipsec_get_phase1_src(& $ph1ent) { * Return phase1 local address */ function ipsec_get_phase1_dst(& $ph1ent) { + global $g; $rg = $ph1ent['remote-gateway']; - if (!is_ipaddr($rg)) - return resolve_retry($rg); - + if (!is_ipaddr($rg)) { + if(! $g['booting']) + return resolve_retry($rg); + } if(!is_ipaddr($rg)) return false; diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 9101c04..1d9b9b0 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -228,9 +228,9 @@ function openvpn_add_dhcpopts(& $settings, & $conf) { $conf .= "push \"dhcp-option DNS {$settings['dns_server4']}\"\n"; if (!empty($settings['ntp_server1'])) - $conf .= "push \"dhcp-option NTP {$settings['dhcp_ntp']}\"\n"; + $conf .= "push \"dhcp-option NTP {$settings['ntp_server1']}\"\n"; if (!empty($settings['ntp_server2'])) - $conf .= "push \"dhcp-option NTP {$settings['dhcp_ntp']}\"\n"; + $conf .= "push \"dhcp-option NTP {$settings['ntp_server2']}\"\n"; if ($settings['netbios_enable']) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index b6755c8..a352cf2 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1039,6 +1039,22 @@ function is_dhcp_server_enabled() return $dhcpdenable; } +/* Any PPPoE servers enabled? */ +function is_pppoe_server_enabled() { + global $config; + + $pppoeenable = false; + + if (!is_array($config['pppoes']) || !is_array($config['pppoes']['pppoe'])) + return false; + + foreach ($config['pppoes']['pppoe'] as $pppoes) + if ($pppoes['mode'] == 'server') + $pppoeenable = true; + + return $pppoeenable; +} + function convert_seconds_to_hms($sec){ $min=$hrs=0; if ($sec != 0){ @@ -1413,7 +1429,7 @@ function get_freebsd_version() { return $version[0]; } -function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { +function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body', $connect_timeout=60, $timeout=0) { global $ch, $fout, $file_size, $downloaded; $file_size = 1; $downloaded = 1; @@ -1433,10 +1449,10 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '60'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - curl_exec($ch); + @curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if($fout) fclose($fout); @@ -1548,29 +1564,39 @@ if(!function_exists("split")) { } } -function update_alias_names_upon_change($section, $subsection, $fielda, $fieldb, $new_alias_name, $origname) { +function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) { global $g, $config, $pconfig, $debug; if(!$origname) return; + $sectionref = &$config; + foreach($section as $sectionname) { + if(is_array($sectionref) && isset($sectionref[$sectionname])) + $sectionref = &$sectionref[$sectionname]; + else + return; + } + if($debug) $fd = fopen("{$g['tmp_path']}/print_r", "a"); if($debug) fwrite($fd, print_r($pconfig, true)); - if($fieldb) { - if($debug) fwrite($fd, sprintf(gettext("fieldb exists%s"), "\n")); - for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { - if($debug) fwrite($fd, "$i\n"); - if($config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] == $origname) { - if($debug) fwrite($fd, sprintf(gettext('Setting old alias value %1$s to %2$s%3$s'), $origname, $new_alias_name, "\n")); - $config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] = $new_alias_name; + if(is_array($sectionref)) { + foreach($sectionref as $itemkey => $item) { + if($debug) fwrite($fd, "$itemkey\n"); + + $fieldfound = true; + $fieldref = &$sectionref[$itemkey]; + foreach($field as $fieldname) { + if(is_array($fieldref) && isset($fieldref[$fieldname])) + $fieldref = &$fieldref[$fieldname]; + else { + $fieldfound = false; + break; + } } - } - } else { - if($debug) fwrite($fd, "fieldb does not exist\n"); - for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { - if($config["$section"]["$subsection"][$i]["$fielda"] == $origname) { - $config["$section"]["$subsection"][$i]["$fielda"] = $new_alias_name; - if($debug) fwrite($fd, sprintf(gettext('Setting old alias value %1$s to %2$s%3$s'), $origname, $new_alias_name, "\n")); + if($fieldfound && $fieldref == $origname) { + if($debug) fwrite($fd, "Setting old alias value $origname to $new_alias_name\n"); + $fieldref = $new_alias_name; } } } @@ -1674,9 +1700,9 @@ function version_compare_dates($a, $b) { if ((!$a_time) || (!$b_time)) { return FALSE; } else { - if ($a < $b) + if ($a_time < $b_time) return -1; - elseif ($a == $b) + elseif ($$a_time == $b_time) return 0; else return 1; @@ -1735,7 +1761,7 @@ function version_compare_numeric($a, $b) { } function pfs_version_compare($cur_time, $cur_text, $remote) { // First try date compare - $v = version_compare_dates($cur_time, $b); + $v = version_compare_dates($cur_time, $remote); if ($v === FALSE) { // If that fails, try to compare by string // Before anything else, simply test if the strings are equal diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index eb54b6d..1535e8a 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -451,6 +451,17 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = "") { global $static_output, $g; + if (($g['platform'] == "nanobsd") || ($g['platform'] == "embedded")) { + $pkgtmpdir = "/usr/bin/env PKG_TMPDIR=/root/ "; + $pkgstagingdir = "/root/tmp"; + if (!is_dir($pkgstagingdir)) + mkdir($pkgstagingdir); + $pkgstaging = "-t {$pkgstagingdir}/instmp.XXXXXX"; + $fetchdir = $pkgstagingdir; + } else { + $fetchdir = $g['tmp_path']; + } + $osname = php_uname("s"); $arch = php_uname("m"); $rel = strtolower(php_uname("r")); @@ -461,7 +472,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = $priv_url; if (substr($base_url, -1) == "/") $base_url = substr($base_url, 0, -1); - $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; + $fetchto = "{$fetchdir}/apkg_{$filename}"; $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { @@ -498,8 +509,9 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = } } } + $pkgaddout = ""; - exec("/usr/sbin/pkg_add -fv {$fetchto} 2>&1", $pkgaddout); + exec("{$pkgtmpdir}/usr/sbin/pkg_add {$pkgstaging} -fv {$fetchto} 2>&1", $pkgaddout); pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\npkg_add successfully completed.\n"); return true; @@ -580,7 +592,6 @@ function install_package($package, $pkg_info = "") { write_config($changedesc); $static_output .= gettext("done.") . "\n"; update_output_window($static_output); - $static_output .= gettext("Starting service.") . "\n"; update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); @@ -1140,6 +1151,8 @@ function squash_from_bytes($size, $round = "") { function pkg_reinstall_all() { global $g, $config; + + @unlink('/conf/needs_package_sync'); $pkg_id = 0; $todo = array(); if (is_array($config['installedpackages']['package'])) diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index f16603f..81eda0d 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -325,6 +325,12 @@ $priv_list['page-status-systemlogs-ppp']['match'] = array(); $priv_list['page-status-systemlogs-ppp']['match'][] = "diag_logs_ppp.php*"; $priv_list['page-diagnostics-nanobsd'] = array(); +$priv_list['page-diagnostics-nanobsd']['name'] = gettext("WebCfg - Diagnostics: Edit file"); +$priv_list['page-diagnostics-nanobsd']['descr'] = gettext("Allow access to the 'Diagnostics: Edit File' page."); +$priv_list['page-diagnostics-nanobsd']['match'] = array(); +$priv_list['page-diagnostics-nanobsd']['match'][] = "edit.php*"; + +$priv_list['page-diagnostics-nanobsd'] = array(); $priv_list['page-diagnostics-nanobsd']['name'] = gettext("WebCfg - Diagnostics: NanoBSD"); $priv_list['page-diagnostics-nanobsd']['descr'] = gettext("Allow access to the 'Diagnostics: NanoBSD' page."); $priv_list['page-diagnostics-nanobsd']['match'] = array(); @@ -342,6 +348,12 @@ $priv_list['page-diagnostics-cpuutilization']['descr'] = gettext("Allow access t $priv_list['page-diagnostics-cpuutilization']['match'] = array(); $priv_list['page-diagnostics-cpuutilization']['match'][] = "graph_cpu.php*"; +$priv_list['page-diagnostics-cpuutilization'] = array(); +$priv_list['page-diagnostics-cpuutilization']['name'] = "WebCfg - XMLRPC CPU Utilization page"; +$priv_list['page-diagnostics-cpuutilization']['descr'] = "Allow access to the 'XMLRPC CPU Utilization' page."; +$priv_list['page-diagnostics-cpuutilization']['match'] = array(); +$priv_list['page-diagnostics-cpuutilization']['match'][] = "stats.php*"; + $priv_list['page-diagnostics-haltsystem'] = array(); $priv_list['page-diagnostics-haltsystem']['name'] = gettext("WebCfg - Diagnostics: Halt system page"); $priv_list['page-diagnostics-haltsystem']['descr'] = gettext("Allow access to the 'Diagnostics: Halt system' page."); diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index e928fc8..35c461c 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -298,9 +298,12 @@ function enable_rrd_graphing() { $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling traffic for interface $ifname $realif \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$traffic N:\\\n"; - $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Pass|Out4\/Pass/ {printf \$6 \":\"}'`\\\n"; - $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Block|Out4\/Block/ {printf \$6 \":\"}'|sed -e 's/.\$//'`\n"; + $rrdupdatesh .= "TMPFILE=`mktemp -q /tmp/STATS_{$realif}.XXXXXX` \n"; + $rrdupdatesh .= "$pfctl -vvsI -i {$realif} > \$TMPFILE \n"; + $rrdupdatesh .= "unset BYTES \n"; + $rrdupdatesh .= "BYTES=`cat \$TMPFILE | awk '/In4\/Pass|Out4\/Pass/ {printf \$6 \":\"}'`\\\n"; + $rrdupdatesh .= "`cat \$TMPFILE | awk '/In4\/Block|Out4\/Block/ {printf \$6 \":\"}'|sed -e 's/.\$//'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$traffic N:\$BYTES\n"; /* PACKETS, set up the rrd file */ if (!file_exists("$rrddbpath$ifname$packets")) { @@ -324,9 +327,11 @@ function enable_rrd_graphing() { $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling packets for interface $ifname $realif \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$packets N:\\\n"; - $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Pass|Out4\/Pass/ {printf \$4 \":\"}'`\\\n"; - $rrdupdatesh .= "`$pfctl -vvsI -i {$realif} | awk '/In4\/Block|Out4\/Block/ {printf \$4 \":\"}'|sed -e 's/.\$//'`\n"; + $rrdupdatesh .= "unset PACKETS \n"; + $rrdupdatesh .= "PACKETS=`cat \$TMPFILE | awk '/In4\/Pass|Out4\/Pass/ {printf \$4 \":\"}'`\\\n"; + $rrdupdatesh .= "`cat \$TMPFILE | awk '/In4\/Block|Out4\/Block/ {printf \$4 \":\"}'|sed -e 's/.\$//'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$packets N:\$PACKETS\n"; + $rrdupdatesh .= "rm \$TMPFILE \n"; /* WIRELESS, set up the rrd file */ if($config['interfaces'][$ifname]['wireless']['mode'] == "bss") { @@ -769,6 +774,8 @@ function enable_rrd_graphing() { } function kill_traffic_collector() { + mwexec("killall top", true); + mwexec("killall rrdtool", true); mwexec("/bin/pkill -f updaterrd.sh", true); } diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 3588953..895eb57 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -34,7 +34,7 @@ */ /* - pfSense_BUILDER_BINARIES: /bin/pkill /bin/pgrep /bin/sh /usr/bin/killall + pfSense_BUILDER_BINARIES: /bin/pgrep /bin/sh /usr/bin/killall pfSense_MODULE: utils */ @@ -207,4 +207,4 @@ function is_service_running($service, $ps = "") { return false; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 3c23ece..77846d7 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -32,7 +32,7 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy + pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/pgrep /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/sbin/arp /sbin/ifconfig /usr/local/sbin/dnsmasq pfSense_BUILDER_BINARIES: /usr/sbin/bsnmpd /sbin/route /usr/local/sbin/olsrd pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd @@ -1308,7 +1308,7 @@ function upnp_action ($action) { mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf'); break; case "stop": - while((int)exec("pgrep miniupnpd | wc -l") > 0) + while((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0) mwexec('killall miniupnpd 2>/dev/null', true); mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null'); mwexec('/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null'); @@ -1321,21 +1321,16 @@ function upnp_action ($action) { } function upnp_start() { - global $config, $g; + global $config; if(!isset($config['installedpackages']['miniupnpd']['config'])) return; if($config['installedpackages']['miniupnpd']['config'][0]['enable']) { - if($g['booting']) { - echo gettext("Starting UPnP service... "); - require_once('/usr/local/pkg/miniupnpd.inc'); - sync_package_miniupnpd(); - echo gettext("done.") . "\n"; - } - else { - upnp_action('start'); - } + echo gettext("Starting UPnP service... "); + require_once('/usr/local/pkg/miniupnpd.inc'); + sync_package_miniupnpd(); + echo "done.\n"; } } diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index bc4a0c2..c410495 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -560,16 +560,16 @@ class altq_root_queue { function build_javascript() { $javascript = "<script type=\"text/javascript\">"; $javascript .= "function mySuspend() {"; - $javascript .= "if (document.layers && document.layers['shaperarea'] != null);"; - $javascript .= "document.layers['shaperarea'].visibility = 'hidden';"; + $javascript .= "if (document.layers && document.layers['shaperarea'] != null) "; + $javascript .= "document.layers['shaperarea'].visibility = 'hidden'; "; $javascript .= "else if (document.all)"; $javascript .= "document.all['shaperarea'].style.visibility = 'hidden';"; $javascript .= "}"; $javascript .= "function myResume() {"; - $javascript .= "if (document.layers && document.layers['shaperarea'] != null)"; + $javascript .= "if (document.layers && document.layers['shaperarea'] != null) "; $javascript .= "document.layers['shaperarea'].visibility = 'visible';"; - $javascript .= "else if (document.all)"; + $javascript .= "else if (document.all) "; $javascript .= "document.all['shaperarea'].style.visibility = 'visible';"; $javascript .= "}"; $javascript .= "</script>"; @@ -858,7 +858,7 @@ class priq_queue { function build_javascript() { $javascript = "<script type=\"text/javascript\">"; $javascript .= "function mySuspend() { \n"; - $javascript .= "if (document.layers && document.layers['shaperarea'] != null);\n"; + $javascript .= "if (document.layers && document.layers['shaperarea'] != null)\n"; $javascript .= "document.layers['shaperarea'].visibility = 'hidden';\n"; $javascript .= "else if (document.all)\n"; $javascript .= "document.all['shaperarea'].style.visibility = 'hidden';\n"; @@ -967,8 +967,12 @@ class priq_queue { } function ReadConfig(&$q) { - if (isset($q['name'])) - $this->SetQname($q['name']); + if (!empty($q['name']) && !empty($q['newname']) && $q['name'] != $q['newname']) { + $this->SetQname($q['newname']); + } else if (!empty($q['newname'])) { + $this->SetQname($q['newname']); + } else if (isset($q['name'])) + $this->SetQname($q['name']); if (isset($q['interface'])) $this->SetInterface($q['interface']); $this->SetBandwidth($q['bandwidth']); @@ -1100,7 +1104,10 @@ class priq_queue { $form .= "<tr>"; $form .= "<td width=\"22%\" valign=\"center\" class=\"vncellreq\">"; $form .= gettext("Queue Name") . "</td><td width=\"78%\" class=\"vtable\">"; - $form .= "<input name=\"name\" type=\"text\" id=\"name\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; + $form .= "<input name=\"newname\" type=\"text\" id=\"newname\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; + $form .= htmlspecialchars($this->GetQname()); + $form .= "\">"; + $form .= "<input name=\"name\" type=\"hidden\" id=\"name\" class=\"formfld unknown\" size=\"15\" maxlength=\"15\" value=\""; $form .= htmlspecialchars($this->GetQname()); $form .= "\">"; $form .= "<br /> <span class=\"vexpl\">" . gettext("Enter the name of the queue here. Do not use spaces and limit the size to 15 characters."); @@ -2877,7 +2884,13 @@ class dnpipe_class extends dummynet_class { } function ReadConfig(&$q) { - $this->SetQname($q['name']); + if (!empty($q['name']) && !empty($q['newname']) && $q['name'] != $q['newname']) { + $this->SetQname($q['newname']); + } else if (!empty($q['newname'])) { + $this->SetQname($q['newname']); + } else { + $this->SetQname($q['name']); + } $this->SetNumber($q['number']); if (isset($q['bandwidth']) && $q['bandwidth'] <> "") { $this->SetBandwidth($q['bandwidth']); @@ -2983,7 +2996,9 @@ class dnpipe_class extends dummynet_class { $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; + $form .= "<input type=\"text\" id=\"newname\" name=\"newname\" value=\""; + $form .= $this->GetQname()."\">"; + $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Bandwidth"); @@ -3163,7 +3178,13 @@ class dnqueue_class extends dummynet_class { } function ReadConfig(&$q) { - $this->SetQname($q['name']); + if (!empty($q['name']) && !empty($q['newname']) && $q['name'] != $q['newname']) { + $this->SetQname($q['newname']); + } else if (!empty($q['newname'])) { + $this->SetQname($q['newname']); + } else { + $this->SetQname($q['name']); + } $this->SetNumber($q['number']); if (isset($q['qlimit']) && $q['qlimit'] <> "") $this->SetQlimit($q['qlimit']); @@ -3235,7 +3256,9 @@ class dnqueue_class extends dummynet_class { $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<input type=\"text\" id=\"name\" name=\"name\" value=\""; + $form .= "<input type=\"text\" id=\"newname\" name=\"newname\" value=\""; + $form .= $this->GetQname()."\">"; + $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\""; $form .= $this->GetQname()."\">"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\">" . gettext("Mask") . "</td>"; diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index c7c29c8..7536f8c 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -584,7 +584,7 @@ function upgrade_039_to_040() { $config['system']['group'][0]['name'] = "admins"; $config['system']['group'][0]['description'] = gettext("System Administrators"); $config['system']['group'][0]['scope'] = "system"; - $config['system']['group'][0]['pages'] = "ANY"; + $config['system']['group'][0]['priv'] = "page-all"; $config['system']['group'][0]['home'] = "index.php"; $config['system']['group'][0]['gid'] = "110"; @@ -820,15 +820,18 @@ function upgrade_044_to_045() { global $config; $iflist = get_configured_interface_list(false, true); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { + $i = 0; foreach ($config['vlans']['vlan'] as $id => $vlan) { - $config['vlans']['vlan'][$id]['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; /* Make sure to update the interfaces section with the right name */ + $vlan_name = "{$vlan['if']}_vlan{$vlan['tag']}"; foreach($iflist as $ifname) { - if($config['interfaces'][$ifname]['if'] == "vlan{$id}") { - $config['interfaces'][$ifname]['if'] = $vlan['vlanif']; + if($config['interfaces'][$ifname]['if'] == "vlan{$i}") { + $config['interfaces'][$ifname]['if'] = $vlan_name; + continue; } } - + $config['vlans']['vlan'][$i]['vlanif'] = "{$vlan_name}"; + $i++; } } } @@ -869,6 +872,8 @@ function upgrade_045_to_046() { if(count($config['load_balancer']) == 0) { unset($config['load_balancer']); } + mwexec('/usr/sbin/pw groupadd -n _relayd -g 913'); + mwexec('/usr/sbin/pw useradd -n _relayd -c "Relay Daemon" -d /var/empty -s /usr/sbin/nologin -u 913 -g 913'); } @@ -917,6 +922,11 @@ function upgrade_046_to_047() { if (isset($tunnel['disabled'])) $ph1ent['disabled'] = $tunnel['disabled']; + /* convert to the new vip[$vhid] name */ + if(preg_match("/^carp/", $tunnel['interface'])) { + $carpid = str_replace("carp", "", $tunnel['interface']); + $tunnel['interface'] = "vip" . $config['virtualip']['vip'][$carpid]['vhid']; + } $ph1ent['interface'] = $tunnel['interface']; $ph1ent['remote-gateway'] = $tunnel['remote-gateway']; $ph1ent['descr'] = $tunnel['descr']; @@ -1681,7 +1691,7 @@ function upgrade_053_to_054() { } else { $i = 1; } - $gateway_group['item'][] = "$interface|$i"; + $gateway_group['item'][] = "$static_name|$i"; } $gateway_group_arr[] = $gateway_group; } else { @@ -2206,18 +2216,16 @@ function upgrade_069_to_070() { /* Convert NAT 1:1 rules */ if (is_array($config['nat']['onetoone'])) { - $a_nat = &$config['nat']['onetoone']; - - foreach ($a_nat as &$natent) { + foreach ($config['nat']['onetoone'] as $nidx => $natent) { if ($natent['subnet'] == 32) - $natent['source'] = array("address" => $natent['internal']); + $config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal']); else - $natent['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']); + $config['nat']['onetoone'][$nidx]['source'] = array("address" => $natent['internal'] . "/" . $natent['subnet']); - $natent['destination'] = array("any" => true); + $config['nat']['onetoone'][$nidx]['destination'] = array("any" => true); - unset($natent['internal']); - unset($natent['subnet']); + unset($config['nat']['onetoone'][$nidx]['internal']); + unset($config['nat']['onetoone'][$nidx]['subnet']); } unset($natent); @@ -2298,4 +2306,12 @@ function upgrade_075_to_076() { $config['cron']['item'][] = $cron_item; } +function upgrade_076_to_077() { + global $config; + foreach($config['filter']['rule'] as & $rule) { + if (isset($rule['protocol']) && !empty($rule['protocol'])) + $rule['protocol'] = strtolower($rule['protocol']); + } +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 507e32c..c1a57cf 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -50,7 +50,7 @@ function isvalidpid($pid) { function is_process_running($process) { $output = ""; - exec("/bin/pgrep -x {$process}", $output, $retval); + exec("/bin/pgrep -ax {$process}", $output, $retval); return (intval($retval) == 0); } @@ -463,7 +463,7 @@ function is_domain($domain) { /* returns true if $macaddr is a valid MAC address */ function is_macaddr($macaddr) { - return preg_match('/^[0-9A-F]{2}(?=([:]?))(?:\\1[0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; + return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; } /* returns true if $name is a valid name for an alias */ diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 74d83d9..cb13770 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -100,11 +100,11 @@ EOF; function voucher_auth($voucher_received, $test = 0) { global $g, $config; - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher', LOCK_EX); // XMLRPC Call over to the master Voucher node $a_voucher = &$config['voucher']; - if($a_voucher['vouchersyncdbip']) { + if(!empty($a_voucher['vouchersyncdbip'])) { $syncip = $a_voucher['vouchersyncdbip']; $syncport = $a_voucher['vouchersyncport']; $syncpass = $a_voucher['vouchersyncpass']; @@ -154,10 +154,10 @@ function voucher_auth($voucher_received, $test = 0) { if (!isset($active_vouchers[$roll])) $active_vouchers[$roll] = voucher_read_active_db($roll); // valid voucher. Store roll# and ticket# - if ($line = $active_vouchers[$roll][$voucher]) { - list($timestamp,$minutes) = explode(",", $line); + if (!empty($active_vouchers[$roll][$voucher])) { + list($timestamp,$minutes) = explode(",", $active_vouchers[$roll][$voucher]); // we have an already active voucher here. - $remaining = intval((($timestamp + 60*$minutes) - time())/60); + $remaining = intval((($timestamp + (60*$minutes)) - time())/60); $test_result[] = sprintf(gettext('%1$s (%2$s/%3$s) active and good for %4$d Minutes'), $voucher, $roll, $nr, $remaining); $total_minutes += $remaining; } else { @@ -215,7 +215,7 @@ function voucher_auth($voucher_received, $test = 0) { } // If we did a XMLRPC sync earlier check the timeleft - if($a_voucher['vouchersyncdbip']) + if(!empty($a_voucher['vouchersyncdbip'])) if($remote_time_used['timeleft'] < $total_minutes) $total_minutes = $remote_time_used['timeleft']; @@ -238,8 +238,8 @@ function voucher_auth($voucher_received, $test = 0) { // log in later using just the first voucher. It also keeps username limited // to one voucher and that voucher shows the correct time credit in 'active vouchers' - if ($line = $active_vouchers[$first_voucher_roll][$first_voucher]) { - list($timestamp, $minutes) = explode(",", $line); + if (!empty($active_vouchers[$first_voucher_roll][$first_voucher])) { + list($timestamp, $minutes) = explode(",", $active_vouchers[$first_voucher_roll][$first_voucher]); } else { $timestamp = time(); // new voucher $minutes = $total_minutes; @@ -298,13 +298,13 @@ function voucher_configure() { fwrite($fd, "{$config['voucher']['rollbits']},{$config['voucher']['ticketbits']},{$config['voucher']['checksumbits']},{$config['voucher']['magic']},{$config['voucher']['charset']}\n"); fclose($fd); @chmod("{$g['varetc_path']}/voucher.cfg", 0600); - unlock($voucherlck); + unlock($voucherlck); if ($g['booting'] && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher', LOCK_EX); foreach ($a_roll as $rollent) { @@ -325,8 +325,8 @@ function voucher_configure() { } voucher_write_active_db($roll, $active_vouchers); } - - unlock($voucherlck); + + unlock($voucherlck); echo gettext("done") . "\n"; } @@ -363,7 +363,7 @@ function voucher_read_active_db($roll) { $line = trim(fgets($fd)); if ($line) { list($voucher,$timestamp,$minutes) = explode(",", $line); // voucher,timestamp - if ((($timestamp + 60*$minutes) - time()) > 0) + if ((($timestamp + (60*$minutes)) - time()) > 0) $active[$voucher] = "$timestamp,$minutes"; else $dirty=1; diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 906fcdd..1c0a1c9 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -159,11 +159,15 @@ function vpn_ipsec_configure($ipchg = false) if (!is_ipaddr($rg)) { $filterdns_list[] = "{$rg}"; add_hostname_to_watch($rg); - $rg = resolve_retry($rg); - if (!$rg) + if(! $g['booting']) + $rg = resolve_retry($rg); + if (!is_ipaddr($rg)) continue; } - + if(array_search($rg, $rgmap)) { + log_error("The remote gateway {$rg} already exists on another phase 1 entry"); + continue; + } $rgmap[$ph1ent['remote-gateway']] = $rg; /* step through each phase2 entry */ @@ -813,6 +817,8 @@ EOD; continue; $rgip = $rgmap[$ph1ent['remote-gateway']]; + if(!is_ipaddr($rgip)) + continue; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); @@ -844,7 +850,7 @@ EOD; else $parentinterface = $ph1ent['interface']; - if ($parentinterface <> "wan") { + if (($parentinterface <> "wan") && (is_ipaddr($rgip))) { /* add endpoint routes to correct gateway on interface */ if (interface_has_gateway($parentinterface)) { $gatewayip = get_interface_gateway("$parentinterface"); @@ -862,7 +868,7 @@ EOD; } } } - } else { + } elseif(is_ipaddr($rgip)) { if(stristr($route_str, "{$rgip}")) { mwexec("/sbin/route delete -host {$rgip}", true); } @@ -880,9 +886,7 @@ EOD; /* mange racoon process */ if (is_process_running("racoon")) { sleep("0.1"); - /* XXX: This seems to not work in ipsec-tools 0.7.3 but a HUP signal is equivalent. */ - //mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); - sigkillbypid("{$g['varrun_path']}/racoon.pid", "HUP"); + mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { @@ -897,21 +901,21 @@ EOD; /* load SPD */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); - /* start filterdns, if necessary */ - if (count($filterdns_list) > 0) { - $interval = 60; - if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) - $interval = $ipseccfg['dns-interval']; - - $hostnames = ""; - array_unique($filterdns_list); - foreach ($hostname as $filterdns_list) - $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; - file_put_contents("{$g['varetc_path']}/filternds-ipsec.hosts", $hostnames); - - killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); - mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/filterdns_ipsec.hosts -d 1"); - } + } + /* start filterdns, if necessary */ + if (count($filterdns_list) > 0) { + $interval = 60; + if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) + $interval = $ipseccfg['dns-interval']; + + $hostnames = ""; + array_unique($filterdns_list); + foreach ($filterdns_list as $hostname) + $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); + + killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); + mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/filterdns-ipsec.hosts -d 1"); } vpn_ipsec_failover_configure(); @@ -1676,11 +1680,16 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { /* see if this tunnel has a hostname for the remote-gateway, and if so, * try to resolve it now and add it to the list for filterdns */ + $rgip = ""; if (!is_ipaddr($phase1['remote-gateway'])) { - $rgip = resolve_retry($phase1['remote-gateway']); - add_hostname_to_watch($phase1['remote-gateway']); - if (!$rgip) { - log_error(sprintf(gettext("Could not determine VPN endpoint for '%s'"), $phase1['descr'])); + if(! $g['booting']) { + $rgip = resolve_retry($phase1['remote-gateway']); + add_hostname_to_watch($phase1['remote-gateway']); + } else { + add_hostname_to_watch($phase1['remote-gateway']); + } + if (!is_ipaddr($rgip)) { + log_error("Could not determine VPN endpoint for '{$phase1['descr']}'"); return false; } } else { diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index fe54ea8..a5857ce 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -48,3 +48,4 @@ /usr/local/www/system_usermanager_addcert.php /usr/local/pkg/routed/routed.inc /usr/local/pkg/routed/routed.xml +/usr/local/www/filter_log.inc
\ No newline at end of file diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 4b865c5..0ff40e1 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -16,6 +16,7 @@ conf_mount_rw(); $GIT_REPO="http://gitweb.pfsense.org/pfsense/mainline.git"; $CODIR = "/root/pfsense/"; +global $g; global $argv; global $command_split; @@ -27,7 +28,14 @@ unlink_if_exists("/tmp/config.cache"); if(!file_exists("/usr/local/bin/git")) { echo "Cannot find git, fetching..."; - system("pkg_add -r git"); + if (($g['platform'] == "nanobsd") || ($g['platform'] == "embedded")) { + $pkgtmpdir = "/usr/bin/env PKG_TMPDIR=/root/ "; + $pkgstagingdir = "/root/tmp"; + if (!is_dir($pkgstagingdir)) + mkdir($pkgstagingdir); + $pkgstaging = "-t {$pkgstagingdir}/instmp.XXXXXX"; + } + system("{$pkgtmpdir}/usr/sbin/pkg_add {$pkgstaging} -r git"); } # Remove mainline if exists (older) @@ -49,10 +49,12 @@ if [ "$PLATFORM" = "cdrom" ]; then fi if [ "$PLATFORM" = "embedded" ]; then + export PKG_TMPDIR=/root/ /etc/rc.embedded fi if [ "$PLATFORM" = "nanobsd" ]; then + export PKG_TMPDIR=/root/ /etc/rc.embedded fi @@ -401,6 +403,4 @@ echo "Bootup complete" # Reset the cache. read-only requires this. /bin/rm /tmp/config.cache -/etc/rc.conf_mount_ro - exit 0 diff --git a/etc/rc.bootup b/etc/rc.bootup index 3451c88..6cff6ac 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -324,6 +324,8 @@ system_do_shell_commands(); /* start IPsec tunnels */ vpn_ipsec_configure(); +/* Reload dynamic hostname tunnels after bootup finishes */ +mwexec_bg("/etc/rc.newipsecdns"); /* start SNMP service */ services_snmpd_configure(); @@ -390,6 +392,7 @@ if(file_exists('/conf/needs_package_sync')) { clear_subsystem_dirty('packagelock'); } } + @unlink('/conf/needs_package_sync'); } /* done */ diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 9e310f1..ed80306 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -55,7 +55,7 @@ function backup_vip_config_section() { $temp = array(); $temp['vip'] = array(); foreach($config['virtualip']['vip'] as $section) { - if($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") + if(($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") && substr($section['interface'],0,3) != "vip") continue; if($section['advskew'] <> "") { $section_val = intval($section['advskew']); @@ -66,7 +66,6 @@ function backup_vip_config_section() { } if($section['advbase'] <> "") { $section_val = intval($section['advbase']); - $section_val=$section_val+1; if($section_val > 255) $section_val = 255; $section['advbase'] = $section_val; @@ -116,7 +115,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host $parsed_response = XML_RPC_decode($resp->value()); if(!is_array($parsed_response)) { if (trim($parsed_response) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; + $error = "An authentication failure occurred while trying to access {$url}:{$port} ({$method})."; log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; @@ -251,7 +250,7 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens } else { $parsed_response = XML_RPC_decode($resp->value()); if(!is_array($parsed_response) && trim($parsed_repsonse) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} ($method)."; + $error = "An authentication failure occurred while trying to access {$url}:{$port} ($method)."; log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; @@ -417,4 +416,4 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } -?>
\ No newline at end of file +?> diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 70e1dbc..8d16098 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -15,6 +15,25 @@ echo "."; $g['booting'] = false; +if(isset($config['system']['firmware']['alturl']['enable'])) + $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; +else + $updater_url = $g['update_url']; + +$nanosize = ""; +if ($g['platform'] == "nanobsd") { + if (file_exists("/etc/nano_use_vga.txt")) + $nanosize = "-nanobsd-vga-"; + else + $nanosize = "-nanobsd-"; + + $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); + $update_filename = "latest{$nanosize}.img.gz"; +} else { + $update_filename = "latest.tgz"; +} +$autoupdateurl = "{$updater_url}/{$update_filename}"; + $fp = fopen('php://stdin', 'r'); echo ".\n\n"; @@ -37,12 +56,15 @@ switch ($command) { die; break; case "1": - echo "\nEnter the URL to the .tgz or .img.gz update file:\n> "; + echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; $url = chop(fgets($fp)); if(!$url) { fclose($fp); die; } + if($url == "auto") { + $url = $autoupdateurl; + } $status = does_url_exist($url); if($status) { conf_mount_rw(); diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index 3061f16..141f04a 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -31,6 +31,7 @@ */ /* parse the configuration and include all functions used below */ + require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); @@ -42,8 +43,12 @@ while (file_exists("{$g['varrun_path']}/booting")) { sleep(1); } + while(stristr(shell_exec("/bin/ps auxww"), "rc.newipsecdns")) { + // log_error("There is an existing rc.newipsecdns running, sleeping 1 second"); + sleep(1); + } - log_error("IPSEC: One or more IPSEC tunnel endpoints has changed IP. Refreshing."); + log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing."); /* We will walk the list of hostnames found in the ipsec tunnel * configuration. Since we are already triggered by filterdns * that a hostname has changed we can proceed to compare the diff --git a/etc/rc.newwanip b/etc/rc.newwanip index b85d102..f4e59c7 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -45,8 +45,16 @@ require_once("openvpn.inc"); if($g['booting']) exit; -/* Interface IP address has changed */ +function restart_packages() { + global $oldip, $curwanipi, $g; + + /* restart packages */ + mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); + log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); + mwexec_bg("/etc/rc.start_packages"); +} +/* Interface IP address has changed */ $argument = str_replace("\n", "", $argv[1]); log_error("rc.newwanip: Informational is starting {$argument}."); @@ -71,6 +79,12 @@ if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { exit; } +if (empty($interface)) { + filter_configure(); + restart_packages(); + exit; +} + $oldip = "0.0.0.0"; if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); @@ -124,9 +138,6 @@ if (substr($interface_real, 0, 4) != "ovpn") /* reload graphing functions */ enable_rrd_graphing(); -/* restart packages */ -mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); -mwexec_bg("/etc/rc.start_packages"); -log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); +restart_packages(); ?> diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 9d46ad2..f8dd4a2 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -28,7 +28,7 @@ export PATH # temporary files on shutdown from /tmp/ PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then - rm -rf /tmp/* + find -x /tmp/ -type f -exec rm -f {} \; else /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh diff --git a/etc/version b/etc/version index 813dcee..73a14bb 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-BETA5 +2.0-RC1 diff --git a/sbin/dhclient-script b/sbin/dhclient-script index ee98fa0..e7fee7a 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -184,11 +184,12 @@ add_new_routes() { fi ADDED_ROUTE=no + EXISTSGW=`/bin/ls -l /tmp/*_defaultgw | /usr/bin/wc -l` # Only allow the default route to be overridden if it's on our own interface - if [ -f "/tmp/${interface}_defaultgw" ]; then + if [ -f "/tmp/${interface}_defaultgw" -o $EXISTSGW -eq 0 ]; then $ROUTE delete default for router in $new_routers; do - if [ "$new_ip_address" = "$router" ]; then + if [ "$new_ip_address" = "$router" -o "$router" = "255.255.255.255" ]; then $ROUTE add default -iface $interface echo $ROUTE add default -iface $interface | $LOGGER echo $router > /tmp/${interface}_router diff --git a/tmp/post_upgrade_command b/tmp/post_upgrade_command index ed49d0a..99285e4 100755 --- a/tmp/post_upgrade_command +++ b/tmp/post_upgrade_command @@ -5,24 +5,24 @@ KERNELTYPE=`cat /boot/kernel/pfsense_kernel.txt` if [ $KERNELTYPE = "wrap" ]; then if [ -f /kernels/kernel_wrap.gz ]; then - tar xzpf /kernels/kernel_wrap.gz -C /boot/ + tar xzpf /kernels/kernel_wrap.gz --exclude loader.conf -C /boot/ cp /etc/ttys_wrap /etc/ttys fi fi if [ $KERNELTYPE = "Developers" ]; then if [ -f /kernels/kernel_Dev.gz ]; then - tar xzpf /kernels/kernel_Dev.gz -C /boot/ + tar xzpf /kernels/kernel_Dev.gz --exclude loader.conf -C /boot/ cp /boot/kernel/kernel.gz fi fi if [ $KERNELTYPE = "SMP" ]; then if [ -f /kernels/kernel_SMP.gz ]; then - tar xzpf /kernels/kernel_SMP.gz -C /boot/ + tar xzpf /kernels/kernel_SMP.gz --exclude loader.conf -C /boot/ fi fi if [ $KERNELTYPE = "UP" ]; then if [ -f /kernels/kernel_SMP.gz ]; then - tar xzpf /kernels/kernel_uniprocessor.gz -C /boot/ + tar xzpf /kernels/kernel_uniprocessor.gz --exclude loader.conf -C /boot/ fi fi diff --git a/usr/local/bin/ping_hosts.sh b/usr/local/bin/ping_hosts.sh index 8455015..97629c4 100755 --- a/usr/local/bin/ping_hosts.sh +++ b/usr/local/bin/ping_hosts.sh @@ -108,7 +108,7 @@ for TOPING in $PINGHOSTS ; do fi fi # Wan ping time threshold - WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1` + #WANTIME=`rrdtool fetch /var/db/rrd/wan-quality.rrd AVERAGE -r 120 -s -1min -e -1min | grep ":" | cut -f3 -d" " | cut -d"e" -f1` echo "Checking wan ping time $WANTIME" echo $WANTIME > /var/db/wanaverage if [ "$WANTHRESHOLD" != "" ]; then diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index caaa4d2..0170a7a 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -29,7 +29,6 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /sbin/ipfw pfSense_MODULE: captiveportal */ @@ -122,7 +121,7 @@ setTimeout('window.close();',5000) ; </HTML> EOD; - disconnect_client($_POST['logout_id']); + captiveportal_disconnect_client($_POST['logout_id']); exit; } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ @@ -204,411 +203,5 @@ EOD; exit; -function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { - global $g, $config; - - /* Get captive portal layout */ - if ($type == "redir") { - header("Location: {$redirurl}"); - return; - } else if ($type == "login") - $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html"); - else - $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html"); - - /* substitute the PORTAL_REDIRURL variable */ - if ($config['captiveportal']['preauthurl']) { - $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$config['captiveportal']['preauthurl']}", $htmltext); - $htmltext = str_replace("#PORTAL_REDIRURL#", "{$config['captiveportal']['preauthurl']}", $htmltext); - } - - /* substitute other variables */ - if (isset($config['captiveportal']['httpslogin'])) { - $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); - } else { - $ifip = portal_ip_from_client_ip($clientip); - if (!$ifip) - $ourhostname = $config['system']['hostname'] . ":8000"; - else - $ourhostname = "{$ifip}:8000"; - $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext); - $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext); - } - - $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); - - // Special handling case for captive portal master page so that it can be ran - // through the PHP interpreter using the include method above. We convert the - // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out. - $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); - $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); - $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); - $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); - $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); - $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); - - echo $htmltext; -} - -function portal_mac_radius($clientmac,$clientip) { - global $config ; - - $radmac_secret = $config['captiveportal']['radmac_secret']; - - /* authentication against the radius server */ - $username = mac_format($clientmac); - $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); - if ($auth_list['auth_val'] == 2) - return TRUE; - if (!empty($auth_list['url_redirection'])) - portal_reply_page($auth_list['url_redirection'], "redir"); - - return FALSE; -} - -function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) { - - global $redirurl, $g, $config, $type, $passthrumac, $_POST; - - /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */ - if ($ruleno == null) - $ruleno = captiveportal_get_next_ipfw_ruleno(); - - /* if the pool is empty, return appropriate message and exit */ - if (is_null($ruleno)) { - portal_reply_page($redirurl, "error", "System reached maximum login capacity"); - log_error("WARNING! Captive portal has reached maximum login capacity"); - exit; - } - - // Ensure we create an array if we are missing attributes - if (!is_array($attributes)) - $attributes = array(); - - /* read in client database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); - - if ($attributes['voucher']) - $remaining_time = $attributes['session_timeout']; - - $writecfg = false; - /* Find an existing session */ - if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) { - if (isset($config['captiveportal']['passthrumacadd'])) { - $mac = captiveportal_passthrumac_findbyname($username); - if (!empty($mac)) { - if ($_POST['replacemacpassthru']) { - foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) { - if ($macent['mac'] == $mac['mac']) { - $macrules = ""; - $ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']); - if ($ruleno) { - captiveportal_free_ipfw_ruleno($ruleno, true); - $macrules .= "delete {$ruleno}\n"; - ++$ruleno; - $macrules .= "delete {$ruleno}\n"; - } - unset($config['captiveportal']['passthrumac'][$idx]); - $mac['mac'] = $clientmac; - $config['captiveportal']['passthrumac'][] = $mac; - $macrules .= captiveportal_passthrumac_configure_entry($mac); - file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); - $writecfg = true; - $sessionid = true; - break; - } - } - } else { - portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.", - $clientmac, $clientip, $username, $password); - exit; - } - } - } - } - - $nousers = count($cpdb); - for ($i = 0; $i < $nousers; $i++) { - /* on the same ip */ - if($cpdb[$i][2] == $clientip) { - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION"); - $sessionid = $cpdb[$i][5]; - break; - } - elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) { - // user logged in with an active voucher. Check for how long and calculate - // how much time we can give him (voucher credit - used time) - $remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time(); - if ($remaining_time < 0) // just in case. - $remaining_time = 0; - - /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); - break; - } - elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) { - /* on the same username */ - if (strcasecmp($cpdb[$i][4], $username) == 0) { - /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); - break; - } - } - } - - if ($attributes['voucher'] && $remaining_time <= 0) - return 0; // voucher already used and no time left - - if (!isset($sessionid)) { - /* generate unique session ID */ - $tod = gettimeofday(); - $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); - - /* Add rules for traffic shaping - * We don't need to add extra rules since traffic will pass due to the following kernel option - * net.inet.ip.fw.one_pass: 1 - */ - $peruserbw = isset($config['captiveportal']['peruserbw']); - - $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup']; - $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; - - if ($passthrumac) { - $mac = array(); - $mac['mac'] = $clientmac; - if (isset($config['captiveportal']['passthrumacaddusername'])) - $mac['username'] = $username; - $mac['descr'] = "Auto added pass-through MAC for user {$username}"; - if (!empty($bw_up)) - $mac['bw_up'] = $bw_up; - if (!empty($bw_down)) - $mac['bw_down'] = $bw_down; - if (!is_array($config['captiveportal']['passthrumac'])) - $config['captiveportal']['passthrumac'] = array(); - $config['captiveportal']['passthrumac'][] = $mac; - $macrules = captiveportal_passthrumac_configure_entry($mac); - file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); - $writecfg = true; - } else { - if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { - $bw_up_pipeno = $ruleno + 20000; - //$bw_up /= 1000; // Scale to Kbit/s - mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100"); - - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}"); - else - mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}"); - } else { - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}"); - else - mwexec("/sbin/ipfw table 1 add {$clientip}"); - } - if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { - $bw_down_pipeno = $ruleno + 20001; - //$bw_down /= 1000; // Scale to Kbit/s - mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100"); - - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}"); - else - mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}"); - } else { - if (!isset($config['captiveportal']['nomacfilter'])) - mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}"); - else - mwexec("/sbin/ipfw table 2 add {$clientip}"); - } - - if ($attributes['voucher']) - $attributes['session_timeout'] = $remaining_time; - - /* encode password in Base64 just in case it contains commas */ - $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, - $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); - - if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { - $acct_val = RADIUS_ACCOUNTING_START($ruleno, - $username, $sessionid, $radiusservers, $clientip, $clientmac); - if ($acct_val == 1) - captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); - } - - /* rewrite information to database */ - captiveportal_write_db($cpdb); - } - } - - if ($writecfg == true) - write_config(); - - /* redirect user to desired destination */ - if (!empty($attributes['url_redirection'])) - $my_redirurl = $attributes['url_redirection']; - else if ($config['captiveportal']['redirurl']) - $my_redirurl = $config['captiveportal']['redirurl']; - else - $my_redirurl = $redirurl; - - if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) { - - if (isset($config['captiveportal']['httpslogin'])) - $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/"; - else { - $ifip = portal_ip_from_client_ip($clientip); - if (!$ifip) - $ourhostname = $config['system']['hostname'] . ":8000"; - else - $ourhostname = "{$ifip}:8000"; - $logouturl = "http://{$ourhostname}/"; - } - - if (isset($attributes['reply_message'])) - $message = $attributes['reply_message']; - else - $message = 0; - - include("{$g['varetc_path']}/captiveportal-logout.html"); - - } else { - header("Location: " . $my_redirurl); - } - - return $sessionid; -} - - - -/* remove a single client by session ID - * by Dinesh Nair - */ -function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) { - global $g, $config; - - /* read database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); - - /* find entry */ - $dbcount = count($cpdb); - for ($i = 0; $i < $dbcount; $i++) { - if ($cpdb[$i][5] == $sessionid) { - captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason); - unset($cpdb[$i]); - break; - } - } - - /* write database */ - captiveportal_write_db($cpdb); -} - -/* - * Used for when pass-through credits are enabled. - * Returns true when there was at least one free login to deduct for the MAC. - * Expired entries are removed as they are seen. - * Active entries are updated according to the configuration. - */ -function portal_consume_passthrough_credit($clientmac) { - global $config; - - if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count'])) - $freeloginscount = $config['captiveportal']['freelogins_count']; - else - return false; - - if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout'])) - $resettimeout = $config['captiveportal']['freelogins_resettimeout']; - else - return false; - - if ($freeloginscount < 1 || $resettimeout <= 0 || !clientmac) - return false; - - $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']); - - /* - * Read database of used MACs. Lines are a comma-separated list - * of the time, MAC, then the count of pass-through credits remaining. - */ - $usedmacs = captiveportal_read_usedmacs_db(); - - $currenttime = time(); - $found = false; - foreach ($usedmacs as $key => $usedmac) { - $usedmac = explode(",", $usedmac); - - if ($usedmac[1] == $clientmac) { - if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { - if ($usedmac[2] < 1) { - if ($updatetimeouts) { - $usedmac[0] = $currenttime; - unset($usedmacs[$key]); - $usedmacs[] = implode(",", $usedmac); - captiveportal_write_usedmacs_db($usedmacs); - } - - return false; - } else { - $usedmac[2] -= 1; - $usedmacs[$key] = implode(",", $usedmac); - } - - $found = true; - } else - unset($usedmacs[$key]); - - break; - } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) - unset($usedmacs[$key]); - } - - if (!$found) { - $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); - $usedmacs[] = implode(",", $usedmac); - } - - captiveportal_write_usedmacs_db($usedmacs); - return true; -} - -function captiveportal_read_usedmacs_db() { - global $g; - - $cpumaclck = lock('captiveusedmacs'); - if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) { - $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if (!usedmacs) - $usedmacs = array(); - } else - $usedmacs = array(); - - unlock($cpumaclck); - return $usedmacs; -} - -function captiveportal_write_usedmacs_db($usedmacs) { - global $g; - - $cpumaclck = lock('captiveusedmacs', LOCK_EX); - @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); - unlock($cpumaclck); -} ?> diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 075a919..3365bba 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -99,6 +99,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Synchronize Certificates</fielddescr> + <fieldname>synchronizecerts</fieldname> + <description>When this option is enabled, this system will automatically sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Synchronize rules</fielddescr> <fieldname>synchronizerules</fieldname> <description>When this option is enabled, this system will automatically sync the firewall rules to the other CARP host when changes are made..</description> @@ -131,7 +137,7 @@ <field> <fielddescr>Synchronize OpenVPN</fielddescr> <fieldname>synchronizeopenvpn</fieldname> - <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made.</description> + <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made. Using this option implies "Synchronize Certificates" as they are required for OpenVPN.</description> <type>checkbox</type> </field> <field> diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 2da8c93..f52214b 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -1,24 +1,25 @@ <?php + require_once("util.inc"); require_once("config.inc"); require_once("functions.inc"); require_once("shaper.inc"); /* MiniUPnPd */ - function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); } - function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); } + function upnp_notice ($msg) { log_error("miniupnpd: {$msg}"); } + function upnp_warn ($msg) { log_error("miniupnpd: {$msg}"); } function upnp_running () { - if((int)exec('pgrep miniupnpd | wc -l') > 0) + if((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) return true; return false; - } + } function upnp_write_config($file, $text) { $handle = fopen($file, 'w'); if(!$handle) { upnp_warn("Could not open {$file} for writing."); - exit; + return; } fwrite($handle, $text); fclose($handle); @@ -26,7 +27,7 @@ function upnp_uuid() { /* md5 hash of wan mac */ - $uuid = md5(exec('arp -an -i '.get_real_interface().' | /usr/bin/cut -d " " -f4')); + $uuid = md5(get_interface_mac(get_real_interface("wan"))); /* put uuid in correct format 8-4-4-4-12 */ return substr($uuid,0,8).'-'.substr($uuid,9,4).'-'.substr($uuid,13,4).'-'.substr($uuid,17,4).'-'.substr($uuid,21,12); } @@ -42,7 +43,8 @@ } function upnp_validate_ip($ip, $check_cdir) { - /* validate cdir */ + /* validate cidr */ + $ip_array = array(); if($check_cdir) { $ip_array = explode('/', $ip); if(count($ip_array) == 2) { @@ -55,11 +57,8 @@ $ip_array[] = $ip; /* validate ip */ - if(!eregi('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', $ip_array[0])) + if (!is_ipaddr($ip_array[0])) return false; - foreach(explode('.', $ip_array[0]) as $sub) - if($sub < 0 || $sub > 256) - return false; return true; } @@ -73,15 +72,6 @@ function before_form_miniupnpd($pkg) { global $config; - /* if shaper connection speed defined hide fields */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $i=0; - foreach ($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'download' || $field['fieldname'] == 'upload') - unset($pkg['fields']['field'][$i]); - $i++; - } - } } function validate_form_miniupnpd($post, $input_errors) { @@ -138,49 +128,38 @@ $ifaces_active = ''; /* since config is written before this file invoked we don't need to read post data */ - if($upnp_config['enable'] && $upnp_config['iface_array']) + if($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { $iface_array = explode(',', $upnp_config['iface_array']); - if($iface_array) { foreach($iface_array as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ if($if!=$iface) { $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on miniupnpd settings page */ /* check that the interface has an ip address before adding parameters */ - if($addr) { + if (is_ipaddr($addr)) { $config_text .= "listening_ip={$addr}\n"; if(!$ifaces_active) { $webgui_ip = $addr; $ifaces_active = $iface; - } else { + } else $ifaces_active .= ", {$iface}"; - } - } else { + } else upnp_warn("Interface {$iface} has no ip address, ignoring"); - } - } else { + } else upnp_warn("Could not resolve real interface for {$iface}"); - } } - if($ifaces_active) { + if (!empty($ifaces_active)) { /* override wan ip address, common for carp, etc */ if($upnp_config['overridewanip']) $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; - /* if shaper connection speed defined use those values */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $download = $config['ezshaper']['step2']['download']*1000; - $upload = $config['ezshaper']['step2']['upload']*1000; - } else { - $download = $upnp_config['download']*1000; - $upload = $upnp_config['upload']*1000; - } + $download = $upnp_config['download']*1000; + $upload = $upnp_config['upload']*1000; /* set upload and download bitrates */ - if($download && $upload) { + if(!empty($download) && !empty($upload)) { $config_text .= "bitrate_down={$download}\n"; $config_text .= "bitrate_up={$upload}\n"; } @@ -194,9 +173,9 @@ $config_text .= "system_uptime=yes\n"; /* set webgui url */ - if($config['system']['webgui']['protocol']) { + if(!empty($config['system']['webgui']['protocol'])) { $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; - if($config['system']['webgui']['port']) + if(!empty($config['system']['webgui']['port'])) $config_text .= ":{$config['system']['webgui']['port']}"; $config_text .= "/\n"; } @@ -206,7 +185,7 @@ $config_text .= "serial=".strtoupper(substr(upnp_uuid(),0,8))."\n"; /* set model number */ - $config_text .= "model_number=".exec("/bin/cat /etc/version")."\n"; + $config_text .= "model_number=".file_get_contents("/etc/version")."\n"; /* upnp access restrictions */ for($i=1; $i<=4; $i++) { @@ -238,25 +217,23 @@ upnp_action('start'); } /* or restart miniupnpd if settings were changed */ - elseif($_POST['iface_array']) { + else { upnp_notice("Restarting service on interface: {$ifaces_active}"); upnp_action('restart'); } } - } - - if(!$iface_array || !$ifaces_active) { - /* no parameters user does not want miniupnpd running */ + } else { + /* user does not want miniupnpd running */ /* lets stop the service and remove the rc file */ - if(file_exists($config_file)) { + if (file_exists($config_file)) { if(!$upnp_config['enable']) upnp_notice('Stopping service: miniupnpd disabled'); else upnp_notice('Stopping service: no interfaces selected'); upnp_action('stop'); - unlink($config_file); + @unlink($config_file); } } } diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index f962ac2..60489c2 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -1,7 +1,5 @@ #!/bin/sh -# write nameservers to file needs dns fidnings?! - # let the configuration system know that the ip has changed. #/usr/local/sbin/pfSctl -c "interface newip $interface" /bin/echo $4 > /tmp/$1_router diff --git a/usr/local/www/crash_reporter.php b/usr/local/www/crash_reporter.php new file mode 100755 index 0000000..d423568 --- /dev/null +++ b/usr/local/www/crash_reporter.php @@ -0,0 +1,143 @@ +<?php +/* $Id$ */ +/* + crash_reporter.php + part of pfSense + Copyright (C) 2011 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: header +*/ + +##|+PRIV +##|*IDENT=page-diagnostics-crash-reporter +##|*NAME=Crash reporter +##|*DESCR=Uploads crash reports to pfSense and or deletes crash reports. +##|*MATCH=crash_reporter.php* +##|-PRIV + +require("guiconfig.inc"); +require("functions.inc"); +require("captiveportal.inc"); + +define("FILE_SIZE", 450000); + +function upload_crash_report($files) { + global $g; + $post = array(); + $counter = 0; + foreach($files as $file) { + $post["file{$counter}"] = "@{$file}"; + $counter++; + } + $ch = curl_init(); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_VERBOSE, 0); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible;)"); + curl_setopt($ch, CURLOPT_URL, $g['crashreporterurl']); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post); + $response = curl_exec($ch); + return $response; +} + +function output_crash_reporter_html($crash_reports) { + echo "<strong>" . gettext("Unfortunately we have detected a kernel crash (panic).") . "</strong></p>"; + echo "If you are unfamiliar with kernel panics wikipedia has information <a target='_new' href='http://en.wikipedia.org/wiki/Kernel_panic'>here</a>.<p/>"; + echo gettext("Would you like to submit the crash debug logs to the pfSense developers for inspection?") . "</p>"; + echo "<p>"; + echo "<i>" . gettext("Please double check the contents to ensure you are comfortable sending this information before clicking Yes.") . "</i><br/>"; + echo "<p>"; + echo gettext("Contents of crash reports") . ":<br/>"; + echo "<textarea readonly rows='40' cols='65' name='crashreports'>{$crash_reports}</textarea>"; + echo "<p/>"; + echo "<input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("Yes") . "\">" . gettext(" - Submit this to the developers for inspection"); + echo "<p/><input name=\"Submit\" type=\"submit\" class=\"formbtn\" value=\"" . gettext("No") . "\">" . gettext(" - Just delete the crash report and take me back to the Dashboard"); + echo "<p/>"; + echo "</form>"; +} + +$pgtitle = array(gettext("Diagnostics"),gettext("Crash reporter")); +include('head.inc'); + +$crash_report_header = "Crash report begins. Anonymous machine information:\n\n"; +$crash_report_header .= php_uname("m") . "\n"; +$crash_report_header .= php_uname("r") . "\n"; +$crash_report_header .= php_uname("v") . "\n"; +$crash_report_header .= "\nCrash report details:\n"; + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> + + <form action="crash_reporter.php" method="post"> + +<?php + if (gettext($_POST['Submit']) == "Yes") { + echo gettext("Processing..."); + file_put_contents("/var/crash/crashreport_header.txt", $crash_report_header); + exec("/usr/bin/gzip /var/crash/*"); + $files_to_upload = glob("/var/crash/*"); + echo "<p/>"; + echo gettext("Uploading..."); + ob_flush(); + flush(); + if(is_array($files_to_upload)) { + $resp = upload_crash_report($files_to_upload); + exec("rm /var/crash/*"); + echo "<p/>"; + print_r($resp); + echo "<p/><a href='/'>" . gettext("Continue") . "</a>" . gettext(" and delete crash report files from local disk."); + } else { + echo "Could not find any crash files."; + } + } else if(gettext($_POST['Submit']) == "No") { + exec("rm /var/crash/*"); + Header("Location: /"); + exit; + } else { + $crash_files = glob("/var/crash/*"); + $crash_reports = $crash_report_header; + if(is_array($crash_files)) { + foreach($crash_files as $cf) { + if(filesize($cf) < FILE_SIZE) { + $crash_reports .= "\nFilename: {$cf}\n"; + $crash_reports .= file_get_contents($cf); + } + } + } else { + echo "Could not locate any crash data."; + } + output_crash_reporter_html($crash_reports); + } +?> + +<?php include("fend.inc"); ?> + +</body> +</html> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 5892f06..598f4d6 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -355,17 +355,14 @@ if ($_POST) { // Firewall rules $origname = $config['interfaces'][$iface]['descr']; $newname = $config['interfaces'][$iface]['descr'] . "Alias"; - update_alias_names_upon_change('filter', 'rule', 'source', 'address', $newname, $origname); - update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $newname, $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $newname, $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $newname, $origname); // NAT Rules - update_alias_names_upon_change('nat', 'rule', 'source', 'address', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'source', 'port', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'target', '', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'local-port', '', $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $newname, $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $newname, $origname); // Alias in an alias - update_alias_names_upon_change('aliases', 'alias', 'address', '', $newname, $origname); + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $newname, $origname); } } } diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php index 85c05da..612e02a 100755 --- a/usr/local/www/diag_defaults.php +++ b/usr/local/www/diag_defaults.php @@ -73,7 +73,7 @@ include("head.inc"); <li><?=gettext("Reboot after changes are installed");?></li> <li><?=gettext("WAN interface will be set to obtain an address automatically from a DHCP server");?></li> <li><?=gettext("webConfigurator admin username will be reset to 'admin'");?></li> - <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['product_name']?>'</li> + <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['factory_shipped_password']?>'</li> </ul> <?=gettext("Are you sure you want to proceed?");?></strong></p> diff --git a/usr/local/www/diag_ipsec_xml.php b/usr/local/www/diag_ipsec_xml.php new file mode 100644 index 0000000..4b9d6ea --- /dev/null +++ b/usr/local/www/diag_ipsec_xml.php @@ -0,0 +1,83 @@ +<?php +/* $Id$ */ +/* + diag_ipsec_xml.php + Copyright (C) 2007 pfSense Project + Copyright (C) 2010 Seth Mos + All rights reserved. + + Parts of this code was originally based on vpn_ipsec_sad.php + Copyright (C) 2003-2004 Manuel Kasper + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-ipsecxml +##|*NAME=Diag IPsec XML page +##|*DESCR=Allow access to the 'Diag IPsec XML' page. +##|*MATCH=diag_ipsec_xml.php +##|-PRIV + +global $g; +$nocsrf = true; + +require("guiconfig.inc"); +require("ipsec.inc"); + +if (!is_array($config['ipsec']['phase2'])) + $config['ipsec']['phase2'] = array(); + +$ipsec_status = array(); + +$a_phase2 = &$config['ipsec']['phase2']; + +$spd = ipsec_dump_spd(); +$sad = ipsec_dump_sad(); + +if(is_array($a_phase2)) { + foreach ($a_phase2 as $ph2ent) { + ipsec_lookup_phase1($ph2ent,$ph1ent); + $tunnel = array(); + if (!isset($ph2ent['disabled']) && !isset($ph1ent['disabled'])) { + if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) + $tunnel['state'] = "up"; + elseif(!isset($config['ipsec']['enable'])) + $tunnel['state'] = "disabled"; + else + $tunnel['state'] = "down"; + + $tunnel['src'] = ipsec_get_phase1_src($ph1ent); + $tunnel['endpoint'] = $ph1ent['remote-gateway']; + $tunnel['local'] = ipsec_idinfo_to_text($ph2ent['localid']); + $tunnel['remote'] = ipsec_idinfo_to_text($ph2ent['remoteid']); + $tunnel['name'] = "{$ph2ent['descr']}"; + $ipsec_status['tunnel'][] = $tunnel; + } + } +} + +$listtags = array("tunnel"); +$xml = dump_xml_config($ipsec_status, "ipsec"); + +echo $xml; +?> diff --git a/usr/local/www/diag_limiter_info.php b/usr/local/www/diag_limiter_info.php index 1d4ca28..6f525dc 100644 --- a/usr/local/www/diag_limiter_info.php +++ b/usr/local/www/diag_limiter_info.php @@ -71,7 +71,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('limiteractivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('limiteractivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getlimiteractivity()', 2000); } setTimeout('getlimiteractivity()', 5000); diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php index b0bba94..560cd1a 100755 --- a/usr/local/www/diag_logs_ipsec.php +++ b/usr/local/www/diag_logs_ipsec.php @@ -54,6 +54,8 @@ $replace = array(); if(is_array($config['ipsec']['phase1'])) foreach($config['ipsec']['phase1'] as $ph1ent) { $gateway = ipsec_get_phase1_dst($ph1ent); + if(!is_ipaddr($gateway)) + continue; $search[] = "/(racoon: )([A-Z:].*?)({$gateway}\[[0-9].+\]|{$gateway})(.*)/i"; $replace[] = "$1<strong>[{$ph1ent['descr']}]</strong>: $2$3$4"; } diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php index 835b99b..8a9cb41 100644 --- a/usr/local/www/diag_packet_capture.php +++ b/usr/local/www/diag_packet_capture.php @@ -117,8 +117,18 @@ include("fbegin.inc"); <select name="interface"> <?php $interfaces = get_configured_interface_with_descr(); - foreach ($interfaces as $iface => $ifacename): -?> + if (isset($config['ipsec']['enable'])) + $interfaces['ipsec'] = "IPsec"; + foreach (array('server', 'client') as $mode) { + if (is_array($config['openvpn']["openvpn-{$mode}"])) { + foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { + if (!isset($setting['disable'])) { + $interfaces['ovpn' . substr($mode, 0, 1) . $setting['vpnid']] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + } + } + } + } + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($selectedif == $iface) echo "selected"; ?>> <?php echo $ifacename;?> </option> diff --git a/usr/local/www/diag_pf_info.php b/usr/local/www/diag_pf_info.php index 633cd1e..cba9727 100644 --- a/usr/local/www/diag_pf_info.php +++ b/usr/local/www/diag_pf_info.php @@ -75,7 +75,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2000); } setTimeout('getcpuactivity()', 5000); diff --git a/usr/local/www/diag_smart.php b/usr/local/www/diag_smart.php index 05239fa..d3da72b 100644 --- a/usr/local/www/diag_smart.php +++ b/usr/local/www/diag_smart.php @@ -256,7 +256,7 @@ switch($action) default: { // Get all AD* and DA* (IDE and SCSI) devices currently installed and stores them in the $devs array - exec("ls /dev | grep '^[ad][da]*[0-9]$'", $devs); + exec("ls /dev | grep '^[ad][da][0-9]\{1,2\}$'", $devs); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> diff --git a/usr/local/www/diag_system_activity.php b/usr/local/www/diag_system_activity.php index b94dc92..e1e8003 100644 --- a/usr/local/www/diag_system_activity.php +++ b/usr/local/www/diag_system_activity.php @@ -70,7 +70,7 @@ include("head.inc"); }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2500); } setTimeout('getcpuactivity()', 1000); diff --git a/usr/local/www/diag_system_pftop.php b/usr/local/www/diag_system_pftop.php index a064f27..af0a581 100644 --- a/usr/local/www/diag_system_pftop.php +++ b/usr/local/www/diag_system_pftop.php @@ -77,7 +77,7 @@ else }); } function activitycallback(transport) { - $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre style="text-align:left;">' + transport.responseText + '</pre></font>'; setTimeout('getcpuactivity()', 2500); } setTimeout('getcpuactivity()', 1000); diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 3b94d69..942904a 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -29,6 +29,13 @@ pfSense_MODULE: shell */ +##|+PRIV +##|*IDENT=page-diagnostics-edit +##|*NAME=Diagnostics: Edit FIle +##|*DESCR=Allow access to the 'Diagnostics: Edit File' page. +##|*MATCH=edit.php* +##|-PRIV + $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 8183797..8687e3a 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -212,6 +212,8 @@ $diagnostics_menu = msort(array_merge($diagnostics_menu, return_ext_menu("Diagno if(! $g['disablehelpmenu']) { $help_menu = array(); $help_menu[] = array(gettext("About this Page"), $helpurl); + if($g['product_name'] == "pfSense") + $help_menu[] = array(gettext("Bug Database"), "http://www.pfsense.org/j.php?jumpto=redmine"); $help_menu[] = array(gettext("User Forum"), "http://www.pfsense.org/j.php?jumpto=forum"); $help_menu[] = array(gettext("Documentation"), "http://www.pfsense.org/j.php?jumpto=doc"); $help_menu[] = array(gettext("Developers Wiki"), "http://www.pfsense.org/j.php?jumpto=devwiki"); @@ -387,7 +389,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { $notices = get_notices(); if(!$notices) { $need_alert_display = true; - $display_text = print_notices() . "<br>"; + $display_text = print_notices($notices) . "<br>"; } } if($need_alert_display == true) { diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index b72e3c4..4a16bac 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -75,80 +75,30 @@ if ($_GET['act'] == "del") { $is_alias_referenced = false; $referenced_by = false; $alias_name = $a_aliases[$_GET['id']]['name']; - if(is_array($config['nat']['rule'])) { - foreach($config['nat']['rule'] as $rule) { - if($rule['localip'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - if($is_alias_referenced == false) { - if(is_array($config['filter']['rule'])) { - foreach($config['filter']['rule'] as $rule) { - if($rule['source']) { - if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - if($rule['destination']) - if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - } - if($is_alias_referenced == false) { - if(is_array($config['nat']['rule'])) { - foreach($config['nat']['rule'] as $rule) { - if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['target'] && $rule['target'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - if($rule['local-port'] && $rule['local-port'] == $alias_name) { - $is_alias_referenced = true; - $referenced_by = $rule['descr']; - break; - } - } - } - } + // Firewall rules + find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Rules + find_alias_reference(array('nat', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT 1:1 Rules + //find_alias_reference(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by); + //find_alias_reference(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + // NAT Outbound Rules + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by); + find_alias_reference(array('nat', 'advancedoutbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); + // Alias in an alias + find_alias_reference(array('aliases', 'alias'), array('address'), $alias_name, $is_alias_referenced, $referenced_by); if($is_alias_referenced == true) { $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); } else { @@ -162,6 +112,41 @@ if ($_GET['act'] == "del") { } } +function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) { + global $config; + if(!$origname || $is_alias_referenced) + return; + + $sectionref = &$config; + foreach($section as $sectionname) { + if(is_array($sectionref) && isset($sectionref[$sectionname])) + $sectionref = &$sectionref[$sectionname]; + else + return; + } + + if(is_array($sectionref)) { + foreach($sectionref as $itemkey => $item) { + $fieldfound = true; + $fieldref = &$sectionref[$itemkey]; + foreach($field as $fieldname) { + if(is_array($fieldref) && isset($fieldref[$fieldname])) + $fieldref = &$fieldref[$fieldname]; + else { + $fieldfound = false; + break; + } + } + if($fieldfound && $fieldref == $origname) { + $is_alias_referenced = true; + if(is_array($item)) + $referenced_by = $item['descr']; + break; + } + } + } +} + $pgtitle = array(gettext("Firewall"),gettext("Aliases")); include("head.inc"); diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 3710644..33d124e 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -293,17 +293,29 @@ if ($_POST) { */ if ($_POST['name'] <> $_POST['origname']) { // Firewall rules - update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $_POST['name'], $origname); // NAT Rules - update_alias_names_upon_change('nat', 'rule', 'source', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'source', 'port', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $_POST['name'], $origname); + // NAT 1:1 Rules + //update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $_POST['name'], $origname); + //update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $_POST['name'], $origname); + // NAT Outbound Rules + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $_POST['name'], $origname); + update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('target'), $_POST['name'], $origname); // Alias in an alias - update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name'], $origname); + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $_POST['name'], $origname); } if (isset($id) && $a_aliases[$id]) { diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 1a3ce77..135dd99 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -284,9 +284,8 @@ function typesel_change() { if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -413,7 +412,7 @@ function typesel_change() { <tr> <td><?=gettext("Address:"); ?> </td> <td> - <input name="dst" type="text" class="formfld" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input name="dst" type="text" autocomplete="off" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select name="dstmask" class="formselect" id="dstmask"> <?php diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 125a34f..361d324 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -478,9 +478,8 @@ include("fbegin.inc"); ?> if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -670,7 +669,7 @@ include("fbegin.inc"); ?> <tr> <td><?=gettext("Address:"); ?> </td> <td> - <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select name="dstmask" class="formselect" id="dstmask"> <?php diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 85c4550..4649795 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -145,22 +145,24 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { } } /* PPPoE subnet */ - if($config['pppoe']['mode'] == "server") { - if (is_ipaddr($config['pppoe']['localip'])) { - if($config['pppoe']['pppoe_subnet'] <> "") - $ossubnet = $config['pppoe']['pppoe_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pppoe']['localip'], $ossubnet); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPPoE server"); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + foreach ($config['pppoes']['pppoe'] as $pppoes) { + if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) { + if($pppoes['pppoe_subnet'] <> "") + $ossubnet = $pppoes['pppoe_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($pppoes['localip'], $ossubnet); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = gettext("Auto created rule for PPPoE server"); + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } } } /* L2TP subnet */ @@ -445,14 +447,18 @@ include("head.inc"); </tr> <tr> <td colspan="12"> - <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> - </strong></span><?=gettext("If advanced outbound NAT is enabled, no outbound NAT " . - "rules will be automatically generated any longer. Instead, only the mappings " . - "you specify below will be used. With advanced outbound NAT disabled, " . - "a mapping is automatically created for each interface's subnet " . - "(except WAN). If you use target addresses other than the WAN interface's " . - "IP address, then depending on the way your WAN connection is setup, you " . - "may also need a"); ?> <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP."); ?></a></span><br> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> + </strong></span> + <?=gettext("With automatic outbound NAT enabled, a mapping is automatically created " . + "for each interface's subnet (except WAN-type connections) and the rules " . + "on this page are ignored.<br/><br/> " . + "If manual outbound NAT is enabled, outbound NAT rules will not be " . + "automatically generated and only the mappings you specify on this page " . + "will be used. <br/><br/> " . + "If a target address other than a WAN-type interface's IP address is used, " . + "then depending on the way the WAN connection is setup, a "); ?> + <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP"); ?></a> + <?= gettext(" may also be required.") ?></span><br> </td> </tr> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index f03bded..db6d03d 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -72,6 +72,8 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_out[$id]) { $pconfig['protocol'] = $a_out[$id]['protocol']; list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); + if (!is_numeric($pconfig['source_subnet'])) + $pconfig['source_subnet'] = 32; $pconfig['sourceport'] = $a_out[$id]['sourceport']; address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], $pconfig['destination_subnet'], $pconfig['destination_not'], @@ -122,28 +124,25 @@ if ($_POST) { $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); - if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_port($_POST['sourceport'])) - $input_errors[] = gettext("You must supply either a valid port for the source port entry."); + if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_portoralias($_POST['sourceport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); - if($protocol_uses_ports and $_POST['dstport'] <> "" and !is_port($_POST['dstport'])) - $input_errors[] = gettext("You must supply either a valid port for the destination port entry."); + if($protocol_uses_ports and $_POST['dstport'] <> "" and !is_portoralias($_POST['dstport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); if($protocol_uses_ports and $_POST['natport'] <> "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) - $input_errors[] = gettext("You must supply either a valid port for the nat port entry."); + $input_errors[] = gettext("You must supply a valid port for the nat port entry."); if ($_POST['source_type'] != "any") { - if ($_POST['source'] && !is_ipaddr($_POST['source']) && $_POST['source'] <> "any") { + if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } - if ($protocol_uses_ports && $_POST['sourceport'] && !is_numericint($_POST['sourceport'])) { - $input_errors[] = gettext("A valid source port must be specified."); - } if ($_POST['destination_type'] != "any") { - if ($_POST['destination'] && !is_ipaddr($_POST['destination'])) { + if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } } @@ -185,6 +184,8 @@ if ($_POST) { /* if user has selected any as source, set it here */ if($_POST['source_type'] == "any") { $osn = "any"; + } else if(is_alias($_POST['source'])) { + $osn = $_POST['source']; } else { $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; } @@ -192,6 +193,8 @@ if ($_POST) { /* check for existing entries */ if ($_POST['destination_type'] == "any") { $ext = "any"; + } else if(is_alias($_POST['destination'])) { + $ext = $_POST['destination']; } else { $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; } @@ -285,6 +288,8 @@ include("head.inc"); ?> +<script type="text/javascript" src="/javascript/suggestions.js"></script> +<script type="text/javascript" src="/javascript/autosuggest.js"></script> <script language="JavaScript"> <!-- var portsenabled = 1; @@ -407,9 +412,8 @@ function poolopts_change() { if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -454,7 +458,7 @@ function poolopts_change() { </select> </td></tr> <td><?=gettext("Address:");?> </td> - <td><input name="source" type="text" class="formfld unknown" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>">/<select name="source_subnet" class="formfld" id="source_subnet"> + <td><input name="source" type="text" autocomplete="off" class="formfldalias" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>">/<select name="source_subnet" class="formfld" id="source_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> <option value="<?=$i;?>"<?php if ($i == $pconfig['source_subnet']) echo " selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -466,7 +470,7 @@ function poolopts_change() { </tr> <tr name="sport_tr" id="sport_tr"> <td><?=gettext("Source port:");?> </td> - <td><input name="sourceport" type="text" class="formfld unknown" id="sourceport" size="5" value="<?=htmlspecialchars($pconfig['sourceport']);?>"> <?=gettext("(leave + <td><input name="sourceport" type="text" autocomplete="off" class="formfldalias" id="sourceport" size="5" value="<?=htmlspecialchars($pconfig['sourceport']);?>"> <?=gettext("(leave blank for any)");?></td> </tr> </table></td> @@ -490,7 +494,7 @@ blank for any)");?></td> </tr> <tr> <td><?=gettext("Address:");?> </td> - <td><input name="destination" type="text" class="formfld unknown" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>"> + <td><input name="destination" type="text" autocomplete="off" class="formfldalias" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>"> / <select name="destination_subnet" class="formselect" id="destination_subnet"> <?php for ($i = 32; $i >= 0; $i--): ?> @@ -505,7 +509,7 @@ blank for any)");?></td> </tr> <tr name="dport_tr" id="dport_tr"> <td><?=gettext("Destination port:");?> </td> - <td><input name="dstport" type="text" class="formfld unknown" id="dstport" size="5" value="<?=htmlspecialchars($pconfig['dstport']);?>"> <?=gettext("(leave blank for + <td><input name="dstport" type="text" autocomplete="off" class="formfldalias" id="dstport" size="5" value="<?=htmlspecialchars($pconfig['dstport']);?>"> <?=gettext("(leave blank for any)");?></td> </tr> </table> @@ -635,6 +639,41 @@ staticportchange(); nonat_change(); proto_change(); poolopts_change(); + +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $aliasesaddr = ""; + if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + switch ($alias_name['type']) { + case "port": + if($isfirst == 1) $portaliases .= ","; + $portaliases .= "'" . $alias_name['name'] . "'"; + $isfirst = 1; + break; + case "host": + case "network": + case "openvpn": + case "urltable": + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + break; + default: + break; + } + } +?> + + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + var customarray=new Array(<?php echo $portaliases; ?>); + + var oTextbox1 = new AutoSuggestControl(document.getElementById("source"), new StateSuggestions(addressarray)); + var oTextbox2 = new AutoSuggestControl(document.getElementById("sourceport"), new StateSuggestions(customarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("destination"), new StateSuggestions(addressarray)); + var oTextbox4 = new AutoSuggestControl(document.getElementById("dstport"), new StateSuggestions(customarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index a0b34b4..8fa4670 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -162,9 +162,11 @@ if ($config['pptpd']['mode'] == "server") if(have_ruleint_access("pptp")) $iflist['pptp'] = "PPTP VPN"; -if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $iflist['pppoe'] = "PPPoE VPN"; +if (is_array($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoes) + if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) + $iflist['pppoe'] = "PPPoE Server"; +} /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) @@ -192,7 +194,7 @@ if ($_POST) { clear_subsystem_dirty('filter'); - $savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background. You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>"); + $savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br/>You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>"); } } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 8933344..29b0336 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -196,6 +196,9 @@ if ($_POST) { if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp") $input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP."); + if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none") + $input_errors[] = gettext("Queue type rules only work with queues."); + if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; @@ -602,6 +605,9 @@ include("head.inc"); <?=htmlspecialchars($type);?> </option> <?php endforeach; ?> +<?php if ($if == "FloatingRules" || isset($pconfig['floating'])): ?> + <option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option> +<?php endif; ?> </select> <br/> <span class="vexpl"> @@ -683,9 +689,8 @@ include("head.inc"); if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) if(have_ruleint_access("enc0")) @@ -905,7 +910,7 @@ include("head.inc"); <tr> <td><?=gettext("Address:");?> </td> <td> - <input <?=$edit_disabled;?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / <select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask"> <?php @@ -1122,7 +1127,7 @@ include("head.inc"); <br/><center> <input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center> <br/> - <span class="vexpl"><?=gettext("Use this to choose TCP flags that must". + <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". "be set or cleared for this rule to match.");?></span> </div> </td> @@ -1314,7 +1319,10 @@ include("head.inc"); $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> / @@ -1332,7 +1340,10 @@ include("head.inc"); $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index 865f048..5222771 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -71,10 +71,12 @@ if ($_GET) { if ($_POST) { if ($_POST['name']) $qname = htmlspecialchars(trim($_POST['name'])); + else if ($_POST['newname']) + $qname = htmlspecialchars(trim($_POST['name'])); if ($_POST['pipe']) $pipe = htmlspecialchars(trim($_POST['pipe'])); else - $pipe = htmlspecialchars(trim($_POST['name'])); + $pipe = htmlspecialchars(trim($qname)); if ($_POST['parentqueue']) $parentqueue = htmlspecialchars(trim($_POST['parentqueue'])); } @@ -94,12 +96,25 @@ if ($_GET) { switch ($action) { case "delete": if ($queue) { - $queue->delete_queue(); - write_config(); - mark_subsystem_dirty('shaper'); + if (is_array($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + if ($rule['dnpipe'] == $queue->GetNumber() || $rule['pdnpipe'] == $queue->GetNumber()) + $input_errors[] = gettext("This pipe/queue is referenced in filter rules, please remove references from there before deleteing."); + } + } + if (!$input_errors) { + $queue->delete_queue(); + write_config(); + mark_subsystem_dirty('shaper'); + header("Location: firewall_shaper_vinterface.php"); + exit; + } + $output_form .= $queue->build_form(); + } else { + $input_errors[] = gettext("No queue with name {$qname} was found!"); + $output_form .= "<p class=\"pgtitle\">" . $dn_default_shaper_msg."</p>"; + $dontshow = true; } - header("Location: firewall_shaper_vinterface.php"); - exit; break; case "resetall": foreach ($dummynet_pipe_list as $dn) diff --git a/usr/local/www/graph_cpu.php b/usr/local/www/graph_cpu.php index 3908153..9c6dbd7 100644 --- a/usr/local/www/graph_cpu.php +++ b/usr/local/www/graph_cpu.php @@ -39,6 +39,8 @@ ##|*MATCH=graph_cpu.php* ##|-PRIV +require_once("guiconfig.inc"); + header("Last-Modified: " . gmdate( "D, j M Y H:i:s" ) . " GMT" ); header("Expires: " . gmdate( "D, j M Y H:i:s", time() ) . " GMT" ); header("Cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1 diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index c6a58b3..6b3aefd 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -418,8 +418,15 @@ function print_info_box($msg) { function get_std_save_message($ok) { global $d_sysrebootreqd_path; - - return "The changes have been applied successfully. You can also <a href='status_filter_reload.php'>monitor</a> the filter reload progress."; + $filter_related = false; + $filter_pages = array("nat", "filter"); + $to_return = "The changes have been applied successfully."; + foreach($filter_pages as $fp) + if(stristr($_SERVER['SCRIPT_FILENAME'], $fp)) + $filter_related = true; + if($filter_related) + $to_return .= "<br/>You can also <a href='status_filter_reload.php'>monitor</a> the filter reload progress."; + return $to_return; } function pprint_address($adr) { diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index e4a7a95..97c7111 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -62,7 +62,7 @@ $pagetitle = gentitle( $pgtitle ); * Coded by: Erik Kristensen */ - $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php'); + $dir = trim(basename($_SERVER["SCRIPT_FILENAME"], '.php')); $path = "{$g['www_path']}/javascript/" . $dir . "/"; if (is_dir($path)) { if ($dh = opendir($path)) { diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php index 063d9bc..eacaa23 100644 --- a/usr/local/www/headjs.php +++ b/usr/local/www/headjs.php @@ -34,6 +34,8 @@ ##|*MATCH=headjs.php* ##|-PRIV +require_once("guiconfig.inc"); + function getHeadJS() { global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif; @@ -163,4 +165,4 @@ function getHeadJS() { return $headjs; } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/help.php b/usr/local/www/help.php index 59cc905..a89a551 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -4,6 +4,8 @@ * */ +require_once("guiconfig.inc"); + /* Define hash of jumpto url maps */ /* Links to categories could probably be more specific. */ diff --git a/usr/local/www/index.php b/usr/local/www/index.php index c1fdc26..92376e5 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -56,6 +56,21 @@ require_once('functions.inc'); require_once('guiconfig.inc'); require_once('notices.inc'); +if($g['disablecrashreporter'] != true) { + // Check to see if we have a crash report + $crash = glob("/var/crash/*"); + $x = 0; + $skip_files = array(".", "..", "minfree", ""); + if(is_array($crash)) { + foreach($crash as $c) { + if (!in_array(basename($c), $skip_files)) + $x++; + } + if($x > 0) + $savemsg = "{$g['product_name']} has detected a crash report. Click <a href='crash_reporter.php'>here</a> for more information."; + } +} + ##build list of widgets $directory = "/usr/local/www/widgets/widgets/"; $dirhandle = opendir($directory); @@ -451,6 +466,10 @@ include("fbegin.inc"); echo $jscriptstr; if(!file_exists("/usr/local/www/themes/{$g['theme']}/no_big_logo")) echo "<center><img src=\"./themes/".$g['theme']."/images/logobig.jpg\"></center><br>"; + +if ($savemsg) + print_info_box($savemsg); + ?> <div id="widgetcontainer" style="display:none"> <div id="content1"><h1><?=gettext("Available Widgets"); ?></h1><p><?php diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 98d449b..d1fa6f7 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -517,7 +517,12 @@ if ($_POST['apply']) { if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) { $wancfg['if'] = $a_ppps[$pppid]['ports']; unset($a_ppps[$pppid]); + } else if ($wancfg['type'] == "dhcp") { + $pid = find_dhclient_process($realif); + if($pid) + posix_kill($pid, SIGTERM); } + } $ppp = array(); if ($wancfg['ipaddr'] != "ppp") diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 3d2cec0..5dca193 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -298,7 +298,7 @@ if ($_GET['act'] == "del") { * then ensure that we are not running DHCP on the wan which * will make a lot of ISP's unhappy. */ - if($config['interfaces']['lan']) { + if($config['interfaces']['lan'] && $config['dhcpd']['wan']) { unset($config['dhcpd']['wan']); } diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index ec48bc9..91085a8 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -223,7 +223,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Bridge"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Bridge"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 6744979..74fe8ee 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -121,7 +121,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GIF"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GIF"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index ca95369..08cd350 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -124,7 +124,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GRE"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GRE"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 09dbf51..606d06b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -93,6 +93,8 @@ if ($_POST) { $lagg['descr'] = $_POST['descr']; $lagg['laggif'] = $_POST['laggif']; $lagg['proto'] = $_POST['proto']; + if (isset($id) && $a_laggs[$id]) + $lagg['laggif'] = $a_laggs[$id]['laggif']; $lagg['laggif'] = interface_lagg_configure($lagg); if ($lagg['laggif'] == "" || !stristr($lagg['laggif'], "lagg")) @@ -115,7 +117,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("LAGG"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("LAGG"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index 140b998..1f3c748 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -54,8 +54,9 @@ if (!is_array($config['ppps']['ppp'])) $a_ppps = &$config['ppps']['ppp']; +$iflist = get_configured_interface_with_descr(); $portlist = get_interface_list(); -$portlist = array_merge($portlist, get_configured_interface_with_descr()); +$portlist = array_merge($portlist, $iflist); $id = $_GET['id']; if (isset($_POST['id'])) @@ -355,24 +356,18 @@ if ($_POST) { must be able to clear the config data in the <cron> section of config.xml if it exists */ handle_pppoe_reset($_POST); - - $iflist = get_configured_interface_list(); - foreach ($iflist as $if) { - if ($config['interfaces'][$if]['if'] == $ppp['if']){ - $thisif = $if; - break; - } - } + if (isset($id) && $a_ppps[$id]) $a_ppps[$id] = $ppp; else $a_ppps[] = $ppp; - + write_config(); configure_cron(); - - if (isset($thisif)){ - interface_ppps_configure($thisif); + + foreach ($iflist as $pppif => $ifdescr) { + if ($config['interfaces'][$if]['if'] == $ppp['if']) + interface_ppps_configure($pppif); } header("Location: interfaces_ppps.php"); exit; diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index ea43508..145fe0a 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -128,7 +128,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("VLAN"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("VLAN"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index 686345d..ae56add 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -142,7 +142,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Wireless"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Wireless"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 32c9463..b3485f0 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -238,15 +238,17 @@ if ($pkg['tabs'] <> "") { $page = 1; $tmpcount = 0; $tmppp = 0; - foreach ($evaledvar as $ipa) { - if($tmpcount == $display_maximum_rows) { - $page++; - $tmpcount = 0; + if(is_array($evaledvar)) { + foreach ($evaledvar as $ipa) { + if($tmpcount == $display_maximum_rows) { + $page++; + $tmpcount = 0; + } + if($tmppp == $startdisplayingat) + break; + $tmpcount++; + $tmppp++; } - if($tmppp == $startdisplayingat) - break; - $tmpcount++; - $tmppp++; } echo "<tr><td colspan='" . count($pkg['adddeleteeditpagefields']['columnitem']) . "'>"; echo "<table width='100%'>"; diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 02fb8d3..78a3362 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -129,6 +129,7 @@ include("head.inc"); } } else { // unknown available package version + $pkgver = ""; if(!strcmp($pkg['version'], $latest_package)) { $tdclass = "listr"; $pkgver = $pkg['version']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 8d12c7c..faaeb37 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -82,6 +82,7 @@ $pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret']; $pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']); $pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); +$pconfig['httpsname'] = $config['captiveportal']['httpsname']; $pconfig['preauthurl'] = strtolower($config['captiveportal']['preauthurl']); $pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); $pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']); @@ -583,7 +584,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> </tr> <tr> - <td class="vncell" valign="top"><?=gettext("Radius ip attribute"); ?></td> + <td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td> <td> <select name="radiussrcip_attribute" id="radiussrcip_attribute"> <?php $iflist = get_configured_interface_with_descr(); diff --git a/usr/local/www/services_captiveportal_hostname_edit.php b/usr/local/www/services_captiveportal_hostname_edit.php index b6e580a..a199341 100755 --- a/usr/local/www/services_captiveportal_hostname_edit.php +++ b/usr/local/www/services_captiveportal_hostname_edit.php @@ -133,19 +133,8 @@ if ($_POST) { write_config(); - if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) { - $rules = ""; - $hostname = gethostbyname($oldip); - if($hostname) - for ($i = 3; $i < 10; $i++) - $rules .= "table {$i} delete {$hostname}\n"; - $hostname = gethostbyname($ip); - if(is_ipaddr($hostname)) - $rules .= captiveportal_allowedip_configure_entry($hostname); - file_put_contents("{$g['tmp_path']}/allowedhostname_tmp{$id}", $rules); - mwexec("/sbin/ipfw -q {$g['tmp_path']}/allowedhostname_tmp{$id}"); - @unlink("{$g['tmp_path']}/allowedhostname_tmp{$id}"); - } + if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) + captiveportal_init_rules(); header("Location: services_captiveportal_hostname.php"); exit; diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index cddc8e0..ecde99b 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -150,8 +150,8 @@ if ($_POST) { if ($_POST['ipaddr']) { $dynsubnet_start = ip2ulong($config['dhcpd'][$if]['range']['from']); $dynsubnet_end = ip2ulong($config['dhcpd'][$if]['range']['to']); - if ((ip2ulong($_POST['ipaddr']) > $dynsubnet_start) && - (ip2ulong($_POST['ipaddr']) < $dynsubnet_end)) { + if ((ip2ulong($_POST['ipaddr']) >= $dynsubnet_start) && + (ip2ulong($_POST['ipaddr']) <= $dynsubnet_end)) { $input_errors[] = sprintf(gettext("The IP address must not be within the DHCP range for this interface.")); } diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php index 4535f6b..defb275 100755 --- a/usr/local/www/services_dnsmasq.php +++ b/usr/local/www/services_dnsmasq.php @@ -28,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: dnsforwarder */ @@ -44,18 +44,18 @@ require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); -$pconfig['enable'] = isset($config['dnsmasq']['enable']); +$pconfig['enable'] = isset($config['dnsmasq']['enable']); $pconfig['regdhcp'] = isset($config['dnsmasq']['regdhcp']); $pconfig['regdhcpstatic'] = isset($config['dnsmasq']['regdhcpstatic']); -if (!is_array($config['dnsmasq']['hosts'])) +if (!is_array($config['dnsmasq']['hosts'])) $config['dnsmasq']['hosts'] = array(); -if (!is_array($config['dnsmasq']['domainoverrides'])) - $config['dnsmasq']['domainoverrides'] = array(); +if (!is_array($config['dnsmasq']['domainoverrides'])) + $config['dnsmasq']['domainoverrides'] = array(); -$a_hosts = &$config['dnsmasq']['hosts']; +$a_hosts = &$config['dnsmasq']['hosts']; $a_domainOverrides = &$config['dnsmasq']['domainoverrides']; if ($_POST) { @@ -80,24 +80,24 @@ if ($_POST) { } if ($_GET['act'] == "del") { - if ($_GET['type'] == 'host') { - if ($a_hosts[$_GET['id']]) { - unset($a_hosts[$_GET['id']]); - write_config(); + if ($_GET['type'] == 'host') { + if ($a_hosts[$_GET['id']]) { + unset($a_hosts[$_GET['id']]); + write_config(); mark_subsystem_dirty('hosts'); - header("Location: services_dnsmasq.php"); - exit; - } - } - elseif ($_GET['type'] == 'doverride') { - if ($a_domainOverrides[$_GET['id']]) { - unset($a_domainOverrides[$_GET['id']]); - write_config(); + header("Location: services_dnsmasq.php"); + exit; + } + } + elseif ($_GET['type'] == 'doverride') { + if ($a_domainOverrides[$_GET['id']]) { + unset($a_domainOverrides[$_GET['id']]); + write_config(); mark_subsystem_dirty('hosts'); - header("Location: services_dnsmasq.php"); - exit; - } - } + header("Location: services_dnsmasq.php"); + exit; + } + } } $pgtitle = array(gettext("Services"),gettext("DNS forwarder")); @@ -123,157 +123,173 @@ function enable_change(enable_over) { <?php if (is_subsystem_dirty('hosts')): ?><p> <?php print_info_box_np(gettext("The DNS forwarder configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br> <?php endif; ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="vtable"><p> - <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)"> - <strong><?=gettext("Enable DNS forwarder");?><br> - </strong></p></td> - </tr> - <tr> - <td class="vtable"><p> - <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>> - <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br> - </strong><?php printf(gettext("If this option is set, then machines that specify". - " their hostname when requesting a DHCP lease will be registered". - " in the DNS forwarder, so that their name can be resolved.". - " You should also set the domain in %sSystem:". - " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p> - </td> - </tr> - <tr> - <td class="vtable"><p> - <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>> - <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br> - </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ". - "be registered in the DNS forwarder, so that their name can be ". - "resolved. You should also set the domain in %s". - "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p> - </td> - </tr> - <tr> - <td> <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)"> - </td> - </tr> - <tr> - <td><p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> - </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP". - " service (if enabled) will automatically serve the LAN IP". - " address as a DNS server to DHCP clients so they will use". - " the forwarder. The DNS forwarder will use the DNS servers". - " entered in %sSystem: General setup%s". - " or those obtained via DHCP or PPP on WAN if the "Allow". - " DNS server list to be overridden by DHCP/PPP on WAN"". - " is checked. If you don't use that option (or if you use". - " a static IP address on WAN), you must manually specify at". - " least one DNS server on the %sSystem:". - "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br> - <br> - <?=gettext("You may enter records that override the results from the". - " forwarders below.");?></span></p></td> - </tr> - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="20%" class="listhdrr"><?=gettext("Host");?></td> - <td width="25%" class="listhdrr"><?=gettext("Domain");?></td> - <td width="20%" class="listhdrr"><?=gettext("IP");?></td> - <td width="25%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="vtable"><p> + <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)"> + <strong><?=gettext("Enable DNS forwarder");?><br> + </strong></p></td> </tr> - <?php $i = 0; foreach ($a_hosts as $hostent): ?> - <tr> - <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=strtolower($hostent['host']);?> - </td> - <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=strtolower($hostent['domain']);?> - </td> - <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=$hostent['ip'];?> - </td> - <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($hostent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </table> -<!-- update to enable domain overrides --> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr><td> </td></tr> - <tr> - <td><p><?=gettext("Below you can override an entire domain by specifying an". - " authoritative DNS server to be queried for that domain.");?></p></td> - </tr> - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr"><?=gettext("Domain");?></td> - <td width="20%" class="listhdrr"><?=gettext("IP");?></td> - <td width="35%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> + <tr> + <td class="vtable"><p> + <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>> + <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br> + </strong><?php printf(gettext("If this option is set, then machines that specify". + " their hostname when requesting a DHCP lease will be registered". + " in the DNS forwarder, so that their name can be resolved.". + " You should also set the domain in %sSystem:". + " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p> + </td> + </tr> + <tr> + <td class="vtable"><p> + <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>> + <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br> + </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ". + "be registered in the DNS forwarder, so that their name can be ". + "resolved. You should also set the domain in %s". + "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p> + </td> + </tr> + <tr> + <td> + <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)"> + </td> + </tr> + <tr> + <td> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> + </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP". + " service (if enabled) will automatically serve the LAN IP". + " address as a DNS server to DHCP clients so they will use". + " the forwarder. The DNS forwarder will use the DNS servers". + " entered in %sSystem: General setup%s". + " or those obtained via DHCP or PPP on WAN if the "Allow". + " DNS server list to be overridden by DHCP/PPP on WAN"". + " is checked. If you don't use that option (or if you use". + " a static IP address on WAN), you must manually specify at". + " least one DNS server on the %sSystem:". + "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br> + <br> + <?=gettext("You may enter records that override the results from the". + " forwarders below.");?></span></p> + </td> + </tr> +</table> + <br> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable"> + <thead> + <tr> + <td width="20%" class="listhdrr"><?=gettext("Host");?></td> + <td width="25%" class="listhdrr"><?=gettext("Domain");?></td> + <td width="20%" class="listhdrr"><?=gettext("IP");?></td> + <td width="25%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17" heigth="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> + <tr> + <td width="17"></td> + <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - <?php $i = 0; foreach ($a_domainOverrides as $doment): ?> - <tr> - <td class="listlr"> - <?=strtolower($doment['domain']);?> - </td> - <td class="listr"> - <?=$doment['ip'];?> - </td> - <td class="listbg"> - <?=htmlspecialchars($doment['descr']);?> - </td> - <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a> - <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> + </td> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_hosts as $hostent): ?> + <tr> + <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=strtolower($hostent['host']);?> + </td> + <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=strtolower($hostent['domain']);?> + </td> + <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=$hostent['ip'];?> + </td> + <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($hostent['descr']);?> + </td> + <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17" heigth="17"></td> - <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> + <tr> + <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </tr> + <?php $i++; endforeach; ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> </table> - </td> - </tr> - </table> - </form> + </td> + </tr> + </tfoot> +</table> +<!-- update to enable domain overrides --> +<table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td> </td></tr> + <tr> + <td><p><?=gettext("Below you can override an entire domain by specifying an". + " authoritative DNS server to be queried for that domain.");?></p></td> + </tr> +</table> + <br> +<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable"> + <thead> + <tr> + <td width="35%" class="listhdrr"><?=gettext("Domain");?></td> + <td width="20%" class="listhdrr"><?=gettext("IP");?></td> + <td width="35%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17" heigth="17"></td> + <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_domainOverrides as $doment): ?> + <tr> + <td class="listlr"> + <?=strtolower($doment['domain']);?> + </td> + <td class="listr"> + <?=$doment['ip'];?> + </td> + <td class="listbg"> + <?=htmlspecialchars($doment['descr']);?> + </td> + <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a> + <a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td width="17" heigth="17"></td> + <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </tfoot> +</table> +</form> <script language="JavaScript"> <!-- enable_change(false); diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 9ff0f22..f2a3072 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -76,16 +76,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + + if(($pconfig['type'] == "freedns" || $pconfig['type'] == "namecheap") && $_POST['username'] == "") + $_POST['username'] = "none"; /* input validation */ $reqdfields = array(); $reqdfieldsn = array(); - $reqdfields = array("host", "password", "type"); - $reqdfieldsn = array(gettext("Hostname"),gettext("Password"),gettext("Service type")); - if ($pconfig['type'] != "namecheap") { - $reqdfields[] = "username"; - $reqdfieldsn[] = gettext("Username"); - } + $reqdfields = array("host", "username", "password", "type"); + $reqdfieldsn = array(gettext("Hostname"),gettext("Username"),gettext("Password"),gettext("Service type")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); @@ -105,6 +104,9 @@ if ($_POST) { $dyndns['enable'] = $_POST['enable'] ? false : true; $dyndns['interface'] = $_POST['interface']; $dyndns['descr'] = $_POST['descr']; + + if($dyndns['username'] == "none") + $dyndns['username'] = ""; if (isset($id) && $a_dyndns[$id]) $a_dyndns[$id] = $dyndns; @@ -217,6 +219,8 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("Password");?></td> <td width="78%" class="vtable"> <input name="password" type="password" class="formfld pwd" id="password" size="20" value="<?=htmlspecialchars($pconfig['password']);?>"> + <br/> + <?=gettext("FreeDNS (freedns.afraid.org): Enter your \"Authentication Token\" provided by FreeDNS.");?> </td> </tr> <tr> diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index e3c5b7d..cdc3e6a 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -54,15 +54,15 @@ if($_GET['wakeall'] <> "") { $mac = $wolent['mac']; $if = $wolent['interface']; $description = $wolent['descr']; - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + continue; + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ + if (!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) $savemsg .= sprintf(gettext('Sent magic packet to %1$s (%2$s)%3$s'),$mac, $description, ".<br>"); - } - else { + else $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s (%4$s) did not complete successfully%5$s'),'<a href="/diag_logs.php">','</a>',$description,$mac,".<br>"); - } } } @@ -89,14 +89,16 @@ if ($_POST || $_GET['mac']) { if (!$input_errors) { /* determine broadcast address */ - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); - /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ - $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); - } + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + $input_errors[] = gettext("A valid ip could not be found!"); else { - $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); + /* Execute wol command and check return code. */ + if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) + $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); + else + $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); } } } diff --git a/usr/local/www/stats.php b/usr/local/www/stats.php index 54e5ef6..3ce8096 100644 --- a/usr/local/www/stats.php +++ b/usr/local/www/stats.php @@ -28,11 +28,19 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("includes/functions.inc.php"); +##|+PRIV +##|*IDENT=page-diagnostics-cpuutilization +##|*NAME=Diagnostics: CPU Utilization page +##|*DESCR=Allow access to the 'Diagnostics: CPU Utilization' page. +##|*MATCH=stats.php* +##|-PRIV + +require_once("guiconfig.inc"); +require_once("includes/functions.inc.php"); $cpu = cpu_usage(); echo $cpu; exit; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 9560041..8913367 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -81,9 +81,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { if ($_GET['order'] == "ip") @@ -131,7 +132,7 @@ if ($_GET['order']) { <?php endif; ?> <td class="list sort_ignore"></td> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -141,7 +142,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$sid;?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/status_filter_reload.php b/usr/local/www/status_filter_reload.php index ddd57ca..aa6348b 100644 --- a/usr/local/www/status_filter_reload.php +++ b/usr/local/www/status_filter_reload.php @@ -50,12 +50,12 @@ if($_GET['getstatus']) { echo "|{$status}|"; exit; } -if($_GET['reloadfilter']) { +if($_POST['reloadfilter']) { send_event("filter reload"); header("Location: status_filter_reload.php"); exit; } -if($_GET['syncfilter']) { +if($_POST['syncfilter']) { send_event("filter sync"); header("Location: status_filter_reload.php"); exit; @@ -68,11 +68,13 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <br/> -<a href="/status_filter_reload.php?reloadfilter=true"><input type="button" value="Reload Filter" id="reloadfilter"></a> -<?php if ($config["installedpackages"]["carpsettings"]["config"][0]["pfsyncpeerip"] != ""): ?> +<form action="status_filter_reload.php" method="POST" name="filter"> +<input type="submit" value="Reload Filter" name="reloadfilter" id="reloadfilter"> +<?php if (is_array($config["installedpackages"]["carpsettings"]["config"][0]) && $config["installedpackages"]["carpsettings"]["config"][0]["pfsyncpeerip"] != ""): ?> -<a href="/status_filter_reload.php?syncfilter=true"><input type="button" value="Force Config Sync" id="syncfilter"></a> +<input type="submit" value="Force Config Sync" name="syncfilter" id="syncfilter"> <? endif; ?> +</form> <br/><br/><br/> <div id="status" name="status" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000;"> <?php echo $status; ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 34040db..8af6e7d 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -194,6 +194,7 @@ if(file_exists($rrdcolors)) { log_error(sprintf(gettext("rrdcolors.inc.php for theme %s does not exist, using defaults!"),$g['theme'])); $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); + $colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -313,23 +314,33 @@ if((strstr($curdatabase, "-traffic.rrd")) && (file_exists("$rrddbpath$curdatabas $graphcmd .= "CDEF:\"$curif-bytes_t_block=$curif-bytes_in_t_block,$curif-bytes_out_t_block,+\" "; $graphcmd .= "CDEF:\"$curif-bytes_t=$curif-bytes_in_t_pass,$curif-bytes_out_t_block,+\" "; + $graphcmd .= "VDEF:\"$curif-in_bits_95=$curif-in_bits,95,PERCENT\" "; + $graphcmd .= "VDEF:\"$curif-out_bits_95=$curif-out_bits,95,PERCENT\" "; + $graphcmd .= "AREA:\"$curif-in_bits_block#{$colortrafficdown[1]}:$curif-in-block\" "; $graphcmd .= "AREA:\"$curif-in_bits_pass#{$colortrafficdown[0]}:$curif-in-pass:STACK\" "; $graphcmd .= "{$AREA}:\"$curif-out_bits_block_neg#{$colortrafficup[1]}:$curif-out-block\" "; $graphcmd .= "{$AREA}:\"$curif-out_bits_pass_neg#{$colortrafficup[0]}:$curif-out-pass:STACK\" "; + $graphcmd .= "HRULE:\"$curif-in_bits_95#{$colortraffic95[1]}:$curif-in (95%)\" "; + $graphcmd .= "HRULE:\"$curif-out_bits_95#{$colortraffic95[0]}:$curif-out (95%)\" "; + $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t maximum average current period\\n\" "; + $graphcmd .= "COMMENT:\"\t\t maximum average current period 95th percentile\\n\" "; + $graphcmd .= "COMMENT:\"in-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_pass:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_in_t_pass:AVERAGE:%7.2lf %sB i\" "; + $graphcmd .= "GPRINT:\"$curif-in_bits_95:%7.2lf %sb/s\" "; + $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"out-pass\t\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:MAX:%7.2lf %sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:AVERAGE:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-out_bits_pass:LAST:%7.2lf %Sb/s\" "; $graphcmd .= "GPRINT:\"$curif-bytes_out_t_pass:AVERAGE:%7.2lf %sB o\" "; + $graphcmd .= "GPRINT:\"$curif-out_bits_95:%7.2lf %sb/s\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"in-block\t\" "; $graphcmd .= "GPRINT:\"$curif-in_bits_block:MAX:%7.2lf %sb/s\" "; diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 7b4b8e3..e23ceb0 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -62,6 +62,7 @@ $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; $pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']); +$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']); $a_cert =& $config['cert']; @@ -117,6 +118,11 @@ if ($_POST) { unset($config['system']['webgui']['disablehttpredirect']); $restart_webgui = true; } + if ($_POST['quietlogin'] == "yes") { + $config['system']['webgui']['quietlogin'] = true; + } else { + unset($config['system']['webgui']['quietlogin']); + } if($_POST['disableconsolemenu'] == "yes") { $config['system']['disableconsolemenu'] = true; @@ -315,13 +321,24 @@ function prot_change() { <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> <strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong> <br/> - <?php gettext("When this is unchecked, access to the webConfigurator " . + <?php echo gettext("When this is unchecked, access to the webConfigurator " . "is always permitted even on port 80, regardless of the listening port configured." . "Check this box to disable this automatically added redirect rule. "); ?> </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td> + <td width="78%" class="vtable"> + <input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator successful logins"); ?></strong> + <br/> + <?php echo gettext("When this is checked, successful logins to the webConfigurator " . + "will not be logged."); + ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td> <td width="78%" class="vtable"> <?php diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 38d12c1..8165922 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -56,6 +56,7 @@ $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; $pconfig['maximumstates'] = $config['system']['maximumstates']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; +$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; if (!isset($config['system']['enablebinatreflection'])) $pconfig['disablebinatreflection'] = "yes"; @@ -124,6 +125,11 @@ if ($_POST) { else $config['system']['enablebinatreflection'] = "yes"; + if($_POST['disablereplyto'] == "yes") + $config['system']['disablereplyto'] = $_POST['disablereplyto']; + else + unset($config['system']['disablereplyto']); + if($_POST['enablenatreflectionhelper'] == "yes") $config['system']['enablenatreflectionhelper'] = "yes"; else @@ -325,6 +331,17 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Disable reply-to</td> + <td width="78%" class="vtable"> + <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> + <strong><?=gettext("Disable reply-to on WAN rules");?></strong> + <br /> + <?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " . + "When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?> + <br /> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <?php if(count($config['interfaces']) > 1): ?> diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index 4cd279a..d2b796f 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -124,7 +124,7 @@ if ($_POST) { include("head.inc"); -$pgtitle = array(gettext("System"),gettext("Advanced: Miscellaneous")); +$pgtitle = array(gettext("System"),gettext("Advanced: System Tunables")); include("head.inc"); ?> diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index 06a9eb1..2daa6a2 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -136,6 +136,7 @@ if ($g['platform'] == "nanobsd") { $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } +@unlink("/tmp/{$g['product_name']}_version"); download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); $latest_version = str_replace("\n", "", @file_get_contents("/tmp/{$g['product_name']}_version")); if(!$latest_version) { diff --git a/usr/local/www/system_firmware_check.php b/usr/local/www/system_firmware_check.php index cb80b6a..25d3095 100755 --- a/usr/local/www/system_firmware_check.php +++ b/usr/local/www/system_firmware_check.php @@ -131,8 +131,8 @@ if ($g['platform'] == "nanobsd") { $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } -download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); -$remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); +if(download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version", 'read_body', 5, 5) === true) + $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); $static_text .= gettext("done") . "\\n"; if (!$remote_version) { $static_text .= gettext("Unable to check for updates.") . "\\n"; diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index ea3c215..ebdebef 100755 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -157,14 +157,14 @@ function enable_altfirmwareurl(enable_over) { <td colspan="2" valign="top" class="listtopic"><?=gettext("Updates"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Not signed images."); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Unsigned images"); ?></td> <td width="78%" class="vtable"> <input name="allowinvalidsig" type="checkbox" id="allowinvalidsig" value="yes" <?php if (isset($curcfg['allowinvalidsig'])) echo "checked"; ?> /> <br /> - <?=gettext("Allow updating the system with auto-updater and images with no signature."); ?> + <?=gettext("Allow auto-update firmware images with a missing or invalid digital signature to be used."); ?> </td> </tr> -<?php if(file_exists("/usr/local/bin/git")): ?> +<?php if(file_exists("/usr/local/bin/git") && $g['platform'] == "pfSense"): ?> <tr> <td colspan="2" class="list" height="12"> </td> </tr> @@ -179,18 +179,53 @@ function enable_altfirmwareurl(enable_over) { <?=gettext("After updating, sync with the following repository/branch before reboot."); ?> </td> </tr> +<?php + if(is_dir("/root/pfsense/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git config remote.origin.url", $output_str); + if(is_array($output_str) && !empty($output_str[0])) + $lastrepositoryurl = $output_str[0]; + unset($output_str); + } +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Repository URL"); ?></td> <td width="78%" class="vtable"> <input name="repositoryurl" type="input" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo $gitcfg['repositoryurl']; ?>"> +<?php if($lastrepositoryurl): ?> + <br /> + <?=sprintf(gettext("The most recently used repository was %s"), $lastrepositoryurl); ?> + <br /> + <?=gettext("This will be used if the field is left blank."); ?> +<?php endif; ?> </td> </tr> +<?php + if(is_dir("/root/pfsense/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git branch", $output_str); + if(is_array($output_str)) { + foreach($output_str as $output_line) { + if(strstr($output_line, '* ')) { + $lastbranch = substr($output_line, 2); + break; + } + } + } + unset($output_str); + } +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Branch name"); ?></td> <td width="78%" class="vtable"> <input name="branch" type="input" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo $gitcfg['branch']; ?>"> +<?php if($lastbranch): ?> + <br /> + <?=sprintf(gettext("The most recently used branch was %s"), $lastbranch); ?> +<?php else: ?> + <br /> + <?=gettext("Usually the branch name is master"); ?> +<?php endif; ?> <br /> - <?=gettext("Sync will not be performed if a branch is not specified."); ?> + <?=gettext("Note: Sync will not be performed if a branch is not specified."); ?> </td> </tr> <?php endif; ?> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 9256c40..6b1a81b 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -205,6 +205,9 @@ if (isAllowedPage("system_usermanager")) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) $input_errors[] = gettext("The username contains invalid characters."); + if (strlen($_POST['usernamefld']) > 16) + $input_errors[] = gettext("The username is longer than 16 characters."); + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) $input_errors[] = gettext("The passwords do not match."); @@ -478,7 +481,7 @@ function sshkeyClicked(obj) { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> + <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> </td> </tr> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index d9017c4..f8269ad 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -64,10 +64,11 @@ if ($_POST) { if (!$input_errors) { if ($_POST['authmode'] != "local") { $authsrv = auth_get_authserver($_POST['authmode']); - if ($_POST['savetest'] && $authsrv['type'] == "ldap") - $save_and_test = true; - else - $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + if ($_POST['savetest']) + if ($authsrv['type'] == "ldap") + $save_and_test = true; + else + $savemsg = gettext("The test was not performed because it is supported only for ldap based backends."); } diff --git a/usr/local/www/themes/code-red/rrdcolors.inc.php b/usr/local/www/themes/code-red/rrdcolors.inc.php index cdaff68..869727f 100755 --- a/usr/local/www/themes/code-red/rrdcolors.inc.php +++ b/usr/local/www/themes/code-red/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('990000','a83c3c','b36666'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/metallic/rrdcolors.inc.php b/usr/local/www/themes/metallic/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/metallic/rrdcolors.inc.php +++ b/usr/local/www/themes/metallic/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/nervecenter/rrdcolors.inc.php b/usr/local/www/themes/nervecenter/rrdcolors.inc.php index 8e74545..c681f78 100644 --- a/usr/local/www/themes/nervecenter/rrdcolors.inc.php +++ b/usr/local/www/themes/nervecenter/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense-dropdown/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif b/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif Binary files differnew file mode 100644 index 0000000..cd3a532 --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_info_pkg.gif diff --git a/usr/local/www/themes/pfsense/rrdcolors.inc.php b/usr/local/www/themes/pfsense/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php index 8e74545..09956cc 100644 --- a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php @@ -32,6 +32,7 @@ $colortrafficup = array("666666", "CCCCCC"); $colortrafficdown = array("990000", "CC0000"); +$colortraffic95 = array("660000", "FF0000"); $colorpacketsup = array("666666", "CCCCCC"); $colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); @@ -47,5 +48,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/themes/the_wall/rrdcolors.inc.php b/usr/local/www/themes/the_wall/rrdcolors.inc.php index 8e74545..c2bc613 100644 --- a/usr/local/www/themes/the_wall/rrdcolors.inc.php +++ b/usr/local/www/themes/the_wall/rrdcolors.inc.php @@ -47,5 +47,6 @@ $colorwireless = array('333333','a83c3c','999999'); $colorspamdtime = array('DDDDFF', 'AAAAFF', 'DDDDFF', '000066'); $colorspamdconn = array('00AA00BB', 'FFFFFFFF', '00660088', 'FFFFFF88', '006600'); $colorvpnusers = array('990000'); +$colorcaptiveportalusers = array('990000'); ?> diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 4e9c537..b4b1b05 100755 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -386,7 +386,7 @@ function login_banner_change() { <input name="pool_enable" type="checkbox" id="pool_enable" value="yes" <?=$chk;?> onClick="pool_change()"> </td> <td> - <?=gettext("Provide a vitual IP address to clients"); ?><br> + <?=gettext("Provide a virtual IP address to clients"); ?><br> </td> </tr> </table> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 6240a63..12bb235 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -282,7 +282,7 @@ if ($_POST) { /* the vpn_ipsec_configure() handles adding the route */ if ($pconfig['interface'] <> "wan") { if($old_ph1ent['remote-gateway'] <> $pconfig['remotegw']) { - mwexec("/sbin/route delete -host {$oldph1ent['remote-gateway']}"); + mwexec("/sbin/route delete -host {$old_ph1ent['remote-gateway']}"); } } @@ -389,6 +389,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; break; case 'xauth_rsa_server': case 'rsasig': @@ -396,6 +398,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = ''; document.getElementById('opt_ca').style.display = ''; + document.getElementById('opt_cert').disabled = false; + document.getElementById('opt_ca').disabled = false; break; <?php if ($pconfig['mobile']) { ?> case 'pre_shared_key': @@ -403,6 +407,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = 'none'; document.getElementById('opt_cert').style.display = 'none'; document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; break; <?php } ?> default: /* psk modes*/ @@ -410,6 +416,8 @@ function methodsel_change() { document.getElementById('opt_peerid').style.display = ''; document.getElementById('opt_cert').style.display = 'none'; document.getElementById('opt_ca').style.display = 'none'; + document.getElementById('opt_cert').disabled = true; + document.getElementById('opt_ca').disabled = true; break; } } diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index b20fe0c..d45b0d6 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,7 +141,7 @@ if ($_POST) { } } -/* TODO : Validate enabled phase2's are not duplicates */ + /* TODO : Validate enabled phase2's are not duplicates */ $ealgos = pconfig_to_ealgos($pconfig); @@ -184,6 +184,7 @@ if ($_POST) { if(is_array($ph2ent)) { ipsec_lookup_phase1($ph2ent, $ph1ent); $old_ph1ent = $ph1ent; + $old_ph1ent['remote-gateway'] = resolve_retry($old_ph1ent['remote-gateway']); reload_tunnel_spd_policy ($ph1ent, $ph2ent, $old_ph1ent, $old_ph2ent); } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index d2374b2..d28315d 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -125,7 +125,7 @@ if($_GET['act']=="edit"){ } else $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); $pconfig['crypto'] = $a_client[$id]['crypto']; - $pconfig['engine'] = $a_server[$id]['engine']; + $pconfig['engine'] = $a_client[$id]['engine']; $pconfig['tunnel_network'] = $a_client[$id]['tunnel_network']; $pconfig['remote_network'] = $a_client[$id]['remote_network']; diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index d240d69..829515f 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -68,9 +68,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { @@ -97,7 +98,7 @@ if ($_GET['order']) { <td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td> <?php endif; ?> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -107,7 +108,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$sid;?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index fdf2e3c..c93c708 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -13,7 +13,7 @@ if($_GET['action']) { $retval = kill_client($port, $remipp); echo htmlentities("|{$port}|{$remipp}|{$retval}|"); } else { - echo "invalid input"; + echo gettext("invalid input"); } exit; } @@ -21,7 +21,10 @@ if($_GET['action']) { function kill_client($port, $remipp) { - $tcpsrv = "tcp://127.0.0.1:{$port}"; + global $g; + + //$tcpsrv = "tcp://127.0.0.1:{$port}"; + $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock"; $errval; $errstr; @@ -29,13 +32,19 @@ function kill_client($port, $remipp) { $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); $killed = -1; if ($fp) { + stream_set_timeout($fp, 1); fputs($fp, "kill {$remipp}\n"); while (!feof($fp)) { $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) + break; + /* parse header list line */ - if (strpos($line, "INFO:")) + if (strpos($line, "INFO:") !== false) continue; - if (strpos($line, "UCCESS")) { + if (strpos($line, "SUCCESS") !== false) { $killed = 0; } break; @@ -97,7 +106,7 @@ $clients = openvpn_get_active_clients(); <td class="listhdrr">Real/Virtual IP</td> </tr> <?php foreach ($server['conns'] as $conn): ?> - <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$server['mgmt']}:{$conn['remote_host']}"; ?>'> <td class="listlr"> <?=$conn['common_name'];?> </td> @@ -106,12 +115,12 @@ $clients = openvpn_get_active_clients(); </td> <td class='list' rowspan="2"> <img src='/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif' height='17' width='17' border='0' - onclick="killClient('<?php echo $server['port']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' - name='<?php echo "i:{$server['port']}:{$conn['remote_host']}"; ?>' + onclick="killClient('<?php echo $server['mgmt']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' + name='<?php echo "i:{$server['mgmt']}:{$conn['remote_host']}"; ?>' title='Kill client connection from <?php echo $conn['remote_host']; ?>' alt='' /> </td> </tr> - <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <tr name='<?php echo "r:{$server['mgmt']}:{$conn['remote_host']}"; ?>'> <td class="listlr"> <?=$conn['connect_time'];?> </td> diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index 1b9683a..e1e4645 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -38,7 +38,7 @@ require_once("guiconfig.inc"); require_once('notices.inc'); if($_REQUEST['getupdatestatus']) { - if(isset($curcfg['alturl']['enable'])) + if(isset($config['system']['firmware']['alturl']['enable'])) $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; else $updater_url = $g['update_url']; @@ -48,9 +48,10 @@ if($_REQUEST['getupdatestatus']) { $nanosize = "-nanobsd-" . strtolower(trim(file_get_contents("/etc/nanosize.txt"))); } - download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version"); + @unlink("/tmp/{$g['product_name']}_version"); + if (download_file_with_progress_bar("{$updater_url}/version{$nanosize}", "/tmp/{$g['product_name']}_version", 'read_body', 5, 5) === true) + $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); - $remote_version = trim(@file_get_contents("/tmp/{$g['product_name']}_version")); if(empty($remote_version)) echo "<br /><br />Unable to check for updates."; else { diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 5af4510..e48cfb3 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -603,7 +603,7 @@ function step12_submitphpaction() { $rule['destination']['network'] = $server['interface'] . "ip"; $rule['destination']['port'] = $server['local_port']; $rule['interface'] = $server['interface']; - $rule['protocol'] = $server['protocol']; + $rule['protocol'] = strtolower($server['protocol']); $rule['type'] = "pass"; $rule['enabled'] = "on"; $config['filter']['rule'][] = $rule; diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 5a33d39..8d37518 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -256,7 +256,7 @@ </field> <field> <name>Gateway</name> - <bindstofield>interfaces->wan->gateway</bindstofield> + <bindstofield>wizardtemp->wangateway</bindstofield> <type>input</type> <validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate> <message>Gateway IP Address field is invalid</message> @@ -387,6 +387,11 @@ <stepbeforeformdisplay> <![CDATA[ $config['interfaces']['tmp'] = array(); + + if (is_array($config['gateways']['gateway_item'])) + foreach ($config['gateways']['gateway_item'] as $gw) + if ($gw['name'] == 'WANGW') + $config['wizardtemp']['wangateway'] = $gw['gateway']; ]]> </stepbeforeformdisplay> <stepsubmitphpaction> @@ -554,12 +559,37 @@ <description>A reload is now in progress. Please wait. <p> The system will automatically try to access $myurl in 120 seconds. <p> You can click on the icon above to access the site more quickly. <meta http-equiv="refresh" content="60; url=$myurl" ></description> <stepafterformdisplay> + <![CDATA[ $config['system']['hostname'] = $config['wizardtemp']['system']['hostname']; $config['system']['domain'] = $config['wizardtemp']['system']['domain']; + if (!empty($config['wizardtemp']['wangateway'])) { + if (!is_array($config['gateways']['gateway_item'])) + $config['gateways']['gateway_item'] = array(); + $found = false; + foreach ($config['gateways']['gateway_item'] as & $gw) { + if ($gw['name'] == 'WANGW') { + $found = true; + $gw['gateway'] = $config['wizardtemp']['wangateway']; + } + } + if (!$found) { + $newgw = array(); + $newgw['interface'] = "wan"; + $newgw['gateway'] = $config['wizardtemp']['wangateway']; + $newgw['name'] = "WANGW"; + $newgw['weight'] = 1; + $newgw['descr'] = "WAN Gateway"; + $newgw['defaultgw'] = true; + $config['gateways']['gateway_item'][] = $newgw; + } + $config['interfaces']['wan']['gateway'] = "WANGW"; + } unset($config['wizardtemp']); write_config(); reload_all(); - mwexec_bg("/etc/rc.update_bogons.sh now"); + setup_gateways_monitor(); + mwexec_bg("/etc/rc.update_bogons.sh now"); + ]]> </stepafterformdisplay> </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index b684fb6..408d663 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -456,15 +456,24 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $friendly_interface = $i+1; - $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $friendly_interface = $i+1; + $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $friendly_interface = $i+1; + $savemsg=gettext("You cannot set the VoIP upload bandwidth on WAN #{$friendly_interface} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -949,8 +958,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -968,8 +977,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -982,8 +991,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -998,8 +1007,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1021,8 +1030,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1043,10 +1052,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1068,6 +1077,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1094,7 +1104,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index b59c5a7..9e1b03c 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -469,14 +469,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); + $input_bw = $factor * floatval($_POST["conn{$i}upload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } if (!is_numeric($_POST["local{$i}download"])) { @@ -484,14 +492,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["local{$i}downloadspeed"] == "%") { + if (intval($_POST["local{$i}download"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -1006,8 +1022,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1025,8 +1041,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1039,8 +1055,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1055,8 +1071,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1078,8 +1094,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1100,10 +1116,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1125,6 +1141,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1151,7 +1168,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index c6347da..aaeeccc 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -495,10 +495,17 @@ function step3_stepsubmitphpaction() { $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { if (!is_numeric($_POST["conn{$i}upload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); + $stepid--; + return; + } + if ($_POST["conn{$i}uploadspeed"] == "%") { + if (intval($_POST["conn{$i}upload"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); $stepid--; return; } + } else { $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); @@ -507,6 +514,7 @@ function step3_stepsubmitphpaction() { $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); $stepid--; return; + } } } @@ -517,14 +525,22 @@ function step3_stepsubmitphpaction() { $stepid--; return; } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); - $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); - $input_bw = $factor * floatval($_POST["local{$i}download"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["local{$i}downloadspeed"] == "%") { + if (intval($_POST["local{$i}download"]) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["local{$i}downloadspeed"]); + $input_bw = $factor * floatval($_POST["local{$i}download"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } @@ -1039,8 +1055,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1058,8 +1074,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1072,8 +1088,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1088,8 +1104,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1111,8 +1127,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1133,10 +1149,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1158,6 +1174,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1184,7 +1201,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index a5de47e..0dedfea 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -296,21 +296,46 @@ function step3_stepsubmitphpaction() { } } + if (!is_numeric($_POST["connupload"]) || !is_numeric($_POST['conndownload'])) { + $savemsg = gettext("Upload or download bandwidth is not valid."); + $stepid--; + return; + } $steps = intval($config['ezshaper']['step1']['numberofconnections']); for ($i = 0; $i < $steps; $i++) { - if (!is_numeric($_POST["connupload"])) { - $savemsg = gettext("Upload bandwidth of connection {$i} is not valid."); - $stepid--; - return; - } - $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); - $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); - $factor = wizard_get_bandwidthtype_scale($_POST["conn{$i}uploadspeed"]); - $input_bw = $factor * floatval($_POST["conn{$i}upload"]); - if ((0.8 * $ifbw) < $input_bw) { - $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); - $stepid--; - return; + if ($_POST["connuploadspeed"] == "%") { + if (intval($_POST['connupload']) > 80) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}uploadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}upload"]); + $factor = wizard_get_bandwidthtype_scale($_POST["connuploadspeed"]); + $input_bw = $factor * floatval($_POST["connupload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP upload bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } + if ($_POST["conndownloadspeed"] == "%") { + if (intval($_POST['conndownload']) > 80) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } + } else { + $factor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); + $ifbw = $factor * floatval($config['ezshaper']['step2']["conn{$i}download"]); + $factor = wizard_get_bandwidthtype_scale($_POST["conndownloadspeed"]); + $input_bw = $factor * floatval($_POST["conndownload"]); + if ((0.8 * $ifbw) < $input_bw) { + $savemsg=gettext("You cannot set the VoIP download bandwidth on connection {$i} higher than 80% of the connection."); + $stepid--; + return; + } } } } @@ -1178,8 +1203,8 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qOthersLow"; $rule['source']['address'] = $config['ezshaper']['step4']['address']; @@ -1197,8 +1222,8 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['defaultqueue'] = "qVoIP"; $rule['source']['address'] = $config['ezshaper']['step3']['address']; @@ -1211,8 +1236,8 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; - $rule['direction'] = "out"; $rule['protocol'] = "udp"; $rule['source']['any'] = TRUE; $rule['defaultqueue'] = "qVoIP"; @@ -1227,8 +1252,8 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_voip {$voip[0]} outbound"; @@ -1250,8 +1275,8 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['descr'] = "m_P2P {$p2pclient[0]} outbound"; @@ -1272,10 +1297,10 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; @@ -1297,6 +1322,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ @@ -1323,7 +1349,6 @@ function apply_all_choosen_items() { $loop = 1; } if (!$loop) { - $rule['direction'] = "out"; $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['floating'] = "yes"; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml index ae5a139..30bc566 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml @@ -124,7 +124,8 @@ <message>IP Address field is non-blank and doesn't look like an IP address.</message> </field> <field> - <name>Download Speed</name> + <displayname>Upload Speed</displayname> + <name>connupload</name> <type>input</type> <bindstofield>ezshaper->step3->connupload</bindstofield> <combinefieldsbegin>true</combinefieldsbegin> @@ -134,7 +135,7 @@ <dontdisplayname>true</dontdisplayname> <dontcombinecells>true</dontcombinecells> <donotdisable>true</donotdisable> - <name>Download Speed Unit</name> + <name>connuploadspeed</name> <description>The limit you want to apply.</description> <type>select</type> <options> @@ -158,7 +159,8 @@ <bindstofield>ezshaper->step3->connuploadspeed</bindstofield> </field> <field> - <name>Upload Speed</name> + <displayname>Download Speed</displayname> + <name>conndownload</name> <type>input</type> <bindstofield>ezshaper->step3->conndownload</bindstofield> <combinefieldsbegin>true</combinefieldsbegin> @@ -168,14 +170,14 @@ <dontdisplayname>true</dontdisplayname> <dontcombinecells>true</dontcombinecells> <donotdisable>true</donotdisable> - <name>Upload Speed Unit</name> + <name>conndownloadspeed</name> <description>The limit you want to apply.</description> <type>select</type> <options> <option> - <name>%</name> - <value>%</value> - </option> + <name>%</name> + <value>%</value> + </option> <option> <name>Kilobit/s</name> <value>Kb</value> @@ -189,7 +191,7 @@ <value>Gb</value> </option> </options> - <bindstofield>ezshaper->step3->conndownloadspeed</bindstofield> + <bindstofield>ezshaper->step3->conndownloadspeed</bindstofield> </field> <field> <name>Next</name> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index ea0166b..ebb3a24 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -171,7 +171,7 @@ function restore_config_section_xmlrpc($raw_params) { // Then add ipalias and proxyarp types already defined on the backup if (is_array($vipbackup)) { foreach ($vipbackup as $vip) { - if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") array_unshift($config['virtualip']['vip'], $vip); } } @@ -226,8 +226,16 @@ function merge_config_section_xmlrpc($raw_params) { foreach ($config['virtualip']['vip'] as $vip) interface_vip_bring_down($vip); } + $vipbackup = $config['virtualip']['vip']; } $config = array_merge_recursive_unique($config, $params[0]); + // Then add ipalias and proxyarp types already defined on the backup + if (is_array($vipbackup)) { + foreach ($vipbackup as $vip) { + if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + array_unshift($config['virtualip']['vip'], $vip); + } + } $mergedkeys = implode(",", array_keys($params[0])); write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client."); interfaces_vips_configure(); |
