diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-12-14 09:56:34 -0200 |
| commit | c92ccac76ff2938c5718440efdd846317f6a2d55 (patch) | |
| tree | 1dd190505af25191f0289552a155732d7432da58 | |
| parent | 386447eaa7cfe727678455955285b1ecd4e6e9f9 (diff) | |
| parent | c9b08a50f0ba328ac0569247eb2063d34f7e6279 (diff) | |
| download | pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.zip pfsense-c92ccac76ff2938c5718440efdd846317f6a2d55.tar.gz | |
Merge remote branch 'mainline/master' into inc
Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/gwlb.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/shaper.inc
etc/inc/upgrade_config.inc
etc/inc/xmlparse.inc
usr/local/www/fbegin.inc
98 files changed, 2041 insertions, 1148 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 35d2c75..0200f4d 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -6,6 +6,11 @@ <theme>pfsense_ng</theme> <sysctl> <item> + <descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr> + <tunable>vfs.read_max</tunable> + <value>default</value> + </item> + <item> <descr>Set the ephemeral port range to be lower.</descr> <tunable>net.inet.ip.portrange.first</tunable> <value>default</value> @@ -130,11 +135,6 @@ <tunable>net.inet.tcp.tso</tunable> <value>default</value> </item> - <item> - <descr>TCP Offload Engine - BCE</descr> - <tunable>hw.bce.tso_enable</tunable> - <value>default</value> - </item> </sysctl> <system> <optimization>normal</optimization> diff --git a/etc/devd.conf b/etc/devd.conf index 647de43..7c63591 100644 --- a/etc/devd.conf +++ b/etc/devd.conf @@ -27,12 +27,6 @@ notify 100 { action "/etc/rc.carpbackup $subsystem"; }; -#notify 0 { -# match "type" "LINK_DOWN"; -# media-type "ethernet"; -# action "/usr/local/sbin/pfSctl -c 'interface linkup stop $subsystem'"; -#}; - # When a USB keyboard arrives, attach it as the console keyboard. attach 100 { device-name "ukbd0"; @@ -57,6 +51,13 @@ notify 0 { action "/usr/local/sbin/pfSctl -c 'interface linkup start $subsystem'"; }; +notify 0 { + match "system" "IFNET"; + match "type" "LINK_DOWN"; + media-type "ethernet"; + action "/usr/local/sbin/pfSctl -c 'interface linkup stop $subsystem'"; +}; + # Notify all users before beginning emergency shutdown when we get # a _CRT or _HOT thermal event and we're going to power down the system # very soon. diff --git a/etc/ecl.php b/etc/ecl.php new file mode 100755 index 0000000..9f68919 --- /dev/null +++ b/etc/ecl.php @@ -0,0 +1,164 @@ +<?php +/* + external config loader + Copyright (C) 2010 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + Currently supported file system types: MS-Dos, FreeBSD UFS + +*/ + +require("globals.inc"); +require("functions.inc"); +require("config.lib.inc"); +require("config.inc"); + +$debug = false; + +function get_boot_disk() { + global $g, $debug; + $disk = exec("/sbin/mount | /usr/bin/grep \"on / \" | /usr/bin/cut -d'/' -f3 | /usr/bin/cut -d' ' -f1"); + return $disk; +} + +function get_disk_slices($disk) { + global $g, $debug; + $slices_array = array(); + $slices = trim(exec("/bin/ls /dev/{$disk}s* 2>/dev/null")); + $slices = str_replace("/dev/", "", $slices); + if($slices == "ls: No match.") + return; + $slices_array = split(" ", $slices); + return $slices_array; +} + +function get_disks() { + global $g, $debug; + $disks_array = array(); + $disks = exec("/sbin/sysctl kern.disks | cut -d':' -f2"); + $disks_s = explode(" ", $disks); + foreach($disks_s as $disk) + if(trim($disk)) + $disks_array[] = $disk; + return $disks_array; +} + +function discover_config($mountpoint) { + global $g, $debug; + $locations_to_check = array("/", "/config"); + foreach($locations_to_check as $ltc) { + $tocheck = "/tmp/mnt/cf{$ltc}config.xml"; + if($debug) { + echo "\nChecking for $tocheck"; + if(file_exists($tocheck)) + echo " -> found!"; + } + if(file_exists($tocheck)) + return $tocheck; + } + return ""; +} + +function test_config($file_location) { + global $g, $debug; + if(!$file_location) + return; + // config.xml was found. ensure it is sound. + $root_obj = trim("<{$g['xml_rootobj']}>"); + $xml_file_head = exec("/usr/bin/head -2 {$file_location} | /usr/bin/tail -n1"); + if($debug) { + echo "\nroot obj = $root_obj"; + echo "\nfile head = $xml_file_head"; + } + if($xml_file_head == $root_obj) { + // Now parse config to make sure + $config_status = config_validate($file_location); + if($config_status) + return true; + } + return false; +} + +// Probes all disks looking for config.xml +function find_config_xml() { + global $g, $debug; + $disks = get_disks(); + // Safety check. + if(!is_array($disks)) + return; + $boot_disk = get_boot_disk(); + exec("/bin/mkdir -p /tmp/mnt/cf"); + foreach($disks as $disk) { + $slices = get_disk_slices($disk); + if(is_array($slices)) { + foreach($slices as $slice) { + if($slice == "") + continue; + if(stristr($slice, $boot_disk)) { + if($debug) + echo "\nSkipping boot device slice $slice"; + continue; + } + echo " $slice"; + // First try msdos fs + if($debug) + echo "\n/sbin/mount -t msdosfs /dev/{$slice} /tmp/mnt/cf 2>/dev/null \n"; + $result = exec("/sbin/mount -t msdosfs /dev/{$slice} /tmp/mnt/cf 2>/dev/null"); + // Next try regular fs (ufs) + if(!$result) { + if($debug) + echo "\n/sbin/mount /dev/{$slice} /tmp/mnt/cf 2>/dev/null \n"; + $result = exec("/sbin/mount /dev/{$slice} /tmp/mnt/cf 2>/dev/null"); + } + $mounted = trim(exec("/sbin/mount | /usr/bin/grep -v grep | /usr/bin/grep '/tmp/mnt/cf' | /usr/bin/wc -l")); + if($debug) + echo "\nmounted: $mounted "; + if(intval($mounted) > 0) { + // Item was mounted - look for config.xml file + $config_location = discover_config($slice); + if($config_location) { + if(test_config($config_location)) { + // We have a valid configuration. Install it. + echo " -> found config.xml\n"; + echo "Backing up old configuration...\n"; + backup_config(); + echo "Restoring [{$slice}] {$config_location}...\n"; + restore_backup($config_location); + echo "Cleaning up...\n"; + exec("/sbin/umount /tmp/mnt/cf"); + exit; + } + exec("/sbin/umount /tmp/mnt/cf"); + } + } + } + } + } +} + +echo "External config loader 1.0 is now starting..."; +find_config_xml(); +echo "\n"; + +?>
\ No newline at end of file diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 61a816e..2a0e7d9 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -49,6 +49,9 @@ if(!$do_not_include_config_gui_inc) require_once("config.gui.inc"); +// Will be changed to false if security checks fail +$security_passed = true; + /* If this function doesn't exist, we're being called from Captive Portal or another internal subsystem which does not include authgui.inc */ if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { @@ -61,66 +64,90 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $http_host = $_SERVER['HTTP_HOST']; } if(is_ipaddr($http_host) or $_SERVER['SERVER_ADDR'] == "127.0.0.1" or - $http_host == "localhost" or $_SERVER['SERVER_ADDR'] == "localhost") + strcasecmp($http_host, "localhost") == 0) + $found_host = true; + if(strcasecmp($http_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 or + strcasecmp($http_host, $config['system']['hostname']) == 0) $found_host = true; - if($config['dyndnses']['dyndns']) + + if(is_array($config['dyndnses']['dyndns']) && !$found_host) foreach($config['dyndnses']['dyndns'] as $dyndns) - if($dyndns['host'] == $http_host or $dyndns['host'] == $_SERVER['SERVER_ADDR']) + if(strcasecmp($dyndns['host'], $http_host) == 0) { $found_host = true; + break; + } - if(!empty($config['system']['webgui']['althostnames'])) { + if(!empty($config['system']['webgui']['althostnames']) && !$found_host) { $althosts = explode(" ", $config['system']['webgui']['althostnames']); foreach ($althosts as $ah) - if($ah == $http_host or $ah == $_SERVER['SERVER_ADDR']) + if(strcasecmp($ah, $http_host) == 0 or strcasecmp($ah, $_SERVER['SERVER_ADDR']) == 0) { $found_host = true; + break; + } } - if($http_host == $config['system']['hostname'] . "." . $config['system']['domain'] or - $http_host == $_SERVER['SERVER_ADDR'] or - $http_host == $config['system']['hostname']) - $found_host = true; - if($found_host == false) { - display_error_form("501", gettext("Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding<br/>Try accessing the router by IP address instead of by hostname.")); - exit; + if(!security_checks_disabled()) { + display_error_form("501", gettext("Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding<br/>Try accessing the router by IP address instead of by hostname.")); + exit; + } + $security_passed = false; } } // If the HTTP_REFERER is something other than ourselves then disallow. if(function_exists("display_error_form") && !isset($config['system']['webgui']['nohttpreferercheck'])) { if($_SERVER['HTTP_REFERER']) { - $found_host = false; - $hostname_me = $config['system']['hostname'] . "." . $config['system']['domain']; - if(stristr($_SERVER['HTTP_REFERER'], $hostname_me)) - $found_host = true; - if(!empty($config['system']['webgui']['althostnames'])) { - $althosts = explode(" ", $config['system']['webgui']['althostnames']); - foreach ($althosts as $ah) { - if(empty($ah)) - continue; - if(stristr($ah, $hostname_me)) { - $found_host = true; - break; - } + if(file_exists("{$g['tmp_path']}/setupwizard_lastreferrer")) { + if($_SERVER['HTTP_REFERER'] == file_get_contents("{$g['tmp_path']}/setupwizard_lastreferrer")) { + unlink("{$g['tmp_path']}/setupwizard_lastreferrer"); + header("Refresh: 1; url=index.php"); + echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"; + echo "<html><head><title>" . gettext("Redirecting...") . "</title></head><body>" . gettext("Redirecting to the dashboard...") . "</body></html>"; + exit; } } - $interface_list_ips = get_configured_ip_addresses(); - foreach($interface_list_ips as $ilips) { - if(empty($ilips)) - continue; - $hostname_me_ip = $config['webgui']['protocol'] . "://" . $ilips; - if(stristr($_SERVER['HTTP_REFERER'],$hostname_me_ip)) { + $found_host = false; + $referrer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST); + if($referrer_host) { + if(strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 + || strcasecmp($referrer_host, $config['system']['hostname']) == 0) $found_host = true; - break; + if(!empty($config['system']['webgui']['althostnames']) && !$found_host) { + $althosts = explode(" ", $config['system']['webgui']['althostnames']); + foreach ($althosts as $ah) { + if(strcasecmp($referrer_host, $ah) == 0) { + $found_host = true; + break; + } + } + } + if(!$found_host) { + $interface_list_ips = get_configured_ip_addresses(); + foreach($interface_list_ips as $ilips) { + if(strcasecmp($referrer_host, $ilips) == 0) { + $found_host = true; + break; + } + } } } if($found_host == false) { - display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin."); - exit; + if(!security_checks_disabled()) { + display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin."); + exit; + } + $security_passed = false; } - } + } else + $security_passed = false; } +if (function_exists("display_error_form") && $security_passed) + /* Security checks passed, so it should be OK to turn them back on */ + restore_security_checks(); +unset($security_passed); + $groupindex = index_groups(); $userindex = index_users(); @@ -393,10 +420,11 @@ function local_user_set(& $user) { $keys = base64_decode($user['authorizedkeys']); file_put_contents("{$user_home}/.ssh/authorized_keys", $keys); chown("{$user_home}/.ssh/authorized_keys", $user_name); - } + } else + unlink_if_exists("{$user_home}/.ssh/authorized_keys"); $un = $lock_account ? "" : "un"; - exec("/usr/sbin/pw {$un}lock -q {$user_name}"); + exec("/usr/sbin/pw {$un}lock {$user_name} -q"); conf_mount_ro(); } @@ -1184,7 +1212,7 @@ function session_auth() { $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); - log_error(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); + log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; @@ -1196,8 +1224,8 @@ function session_auth() { exit; } else { /* give the user an error message */ - $_SESSION['Login_Error'] = gettext("Username or Password incorrect"); - log_error(sprintf(gettext("Login attempt with user: '%1\$s' from: '%2\$s' failed."), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); + $_SESSION['Login_Error'] = "Username or Password incorrect"; + log_auth("webConfigurator authentication error for '{$_POST['usernamefld']}' from {$_SERVER['REMOTE_ADDR']}"); if(isAjax()) { echo "showajaxmessage('{$_SESSION['Login_Error']}');"; return; diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 874c99c..5bf7579 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -608,6 +608,7 @@ EOD; $rulenum = 65310; $ipcount = 0; + $ips = ""; foreach ($cpips as $cpip) { if($ipcount == 0) { $ips = "{$cpip} "; @@ -616,7 +617,7 @@ EOD; } $ipcount++; } - $ips = "{ {$ips} }"; + $ips = "{ 255.255.255.255 or {$ips} }"; $cprules .= "add {$rulenum} set 1 pass ip from any to {$ips} in\n"; $rulenum++; $cprules .= "add {$rulenum} set 1 pass ip from {$ips} to any out\n"; diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 33aac66..e82baba 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -308,10 +308,15 @@ function cert_get_subject($str_crt, $decode = true) { return "unknown"; foreach ($components as $a => $v) { - if (!strlen($subject)) - $subject = "{$a}={$v}"; - else - $subject = "{$a}={$v}, {$subject}"; + if (is_array($v)) + foreach ($v as $w) { + $asubject = "{$a}={$w}"; + $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; + } + else { + $asubject = "{$a}={$v}"; + $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; + } } return $subject; diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 934f0d1..40b765e 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -38,7 +38,7 @@ POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync + pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ diff --git a/etc/inc/config.gui.inc b/etc/inc/config.gui.inc index eea6f33..cd38049 100644 --- a/etc/inc/config.gui.inc +++ b/etc/inc/config.gui.inc @@ -38,7 +38,7 @@ POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync + pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ /* @@ -49,10 +49,10 @@ require_once("globals.inc"); /* do not load this file twice. */ -if($config_inc_loaded == true) +if($config_parsed == true) return; else - $config_inc_loaded = true; + $config_parsed = true; // Set the memory limit to 128M. When someone has something like 500+ tunnels // the parser needs quite a bit of ram. Do not remove this line unless you diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 98592c9..b01fa13 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -38,7 +38,7 @@ POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync + pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ @@ -48,10 +48,17 @@ if($g['booting']) echo "."; //if (in_array("/etc/inc/config.inc", get_included_files())) // return; -// Set the memory limit to 128M. When someone has something like 500+ tunnels +// Set the memory limit to 128M on i386. When someone has something like 500+ tunnels // the parser needs quite a bit of ram. Do not remove this line unless you // know what you are doing. If in doubt, check with dev@ _/FIRST/_! -ini_set("memory_limit","128M"); +if(!$ARCH) + $ARCH = php_uname("m"); + +// Set memory limit to 256M on amd64. +if($ARCH == "amd64") + ini_set("memory_limit","256M"); +else + ini_set("memory_limit","128M"); /* include globals from notices.inc /utility/XML parser files */ require_once("notices.inc"); diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 36417cd..e985aa8 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -39,7 +39,7 @@ POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck /bin/sync + pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ @@ -148,7 +148,7 @@ function parse_config($parse = false) { die(gettext("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup.")); } } - $config = parse_xml_config($g['conf_path'] . '/config.xml', $g['xml_rootobj']); + $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense')); if($config == "-1") { $last_backup = discover_last_backup(); if ($last_backup) @@ -210,6 +210,7 @@ function restore_backup($file) { conf_mount_rw(); unlink_if_exists("{$g['tmp_path']}/config.cache"); copy("$file","/cf/conf/config.xml"); + disable_security_checks(); log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file)); file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", ""); conf_mount_ro(); @@ -352,7 +353,7 @@ function conf_mount_ro() { clear_subsystem_dirty('mount'); /* sync data, then force a remount of /cf */ - mwexec("/bin/sync; /bin/sync"); + pfSense_sync(); mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); mwexec("/sbin/mount -u -r -f /"); } @@ -432,27 +433,32 @@ function convert_config() { * boolean - true if successful, false if not ******/ function safe_write_file($file, $content, $force_binary) { - $tmp_file = $file . "." . getmypid(); - $write_mode = $force_binary ? "wb" : "w"; + $tmp_file = $file . "." . getmypid(); + $write_mode = $force_binary ? "wb" : "w"; - $fd = fopen($tmp_file, $write_mode); - if (!$fd) { - // Unable to open temporary file for writing - return false; - } - if (!fwrite($fd, $content)) { - // Unable to write to temporary file - fclose($fd); - return false; + $fd = fopen($tmp_file, $write_mode); + if (!$fd) { + // Unable to open temporary file for writing + return false; } - fclose($fd); + if (!fwrite($fd, $content)) { + // Unable to write to temporary file + fclose($fd); + return false; + } + fflush($fd); + fclose($fd); - if (!rename($tmp_file, $file)) { - // Unable to move temporary file to original - unlink($tmp_file); - return false; - } - return true; + if (!rename($tmp_file, $file)) { + // Unable to move temporary file to original + @unlink($tmp_file); + return false; + } + + // Sync file before returning + pfSense_sync(); + + return true; } /****f* config/write_config @@ -569,6 +575,8 @@ function reset_factory_defaults($lock = false) { /* copy default configuration */ copy("{$g['conf_default_path']}/config.xml", "{$g['conf_path']}/config.xml"); + disable_security_checks(); + /* call the wizard */ touch("/conf/trigger_initial_wizard"); if (!$lock) @@ -593,6 +601,8 @@ function config_restore($conffile) { unlink_if_exists("{$g['tmp_path']}/config.cache"); copy($conffile, "{$g['cf_conf_path']}/config.xml"); + disable_security_checks(); + unlock($lockkey); $config = parse_config(true); @@ -623,6 +633,8 @@ function config_install($conffile) { copy($conffile, "{$g['conf_path']}/config.xml"); + disable_security_checks(); + /* unlink cache file if it exists */ if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); @@ -633,6 +645,31 @@ function config_install($conffile) { return 0; } +/* + * Disable security checks for DNS rebind and HTTP referrer until next time + * they pass (or reboot), to aid in preventing accidental lockout when + * restoring settings like hostname, domain, IP addresses, and settings + * related to the DNS rebind and HTTP referrer checks. + * Intended for use when restoring a configuration or directly + * modifying config.xml without an unconditional reboot. + */ +function disable_security_checks() { + global $g; + touch("{$g['tmp_path']}/disable_security_checks"); +} + +/* Restores security checks. Should be called after all succeed. */ +function restore_security_checks() { + global $g; + unlink_if_exists("{$g['tmp_path']}/disable_security_checks"); +} + +/* Returns status of security check temporary disable. */ +function security_checks_disabled() { + global $g; + return file_exists("{$g['tmp_path']}/disable_security_checks"); +} + function config_validate($conffile) { global $g, $xmlerr; @@ -690,7 +727,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) { $i = true; if($g['booting']) echo "."; - $newxml = parse_xml_config($backup, $g['xml_rootobj']); + $newxml = parse_xml_config($backup, array($g['xml_rootobj'], 'pfsense')); if($newxml == "-1") { log_error(sprintf(gettext("The backup cache file %s is corrupted. Unlinking."), $backup)); unlink($backup); diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 247fa68..785c902 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -92,8 +92,8 @@ global $config, $g; - $this->_cacheFile = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}.cache"; - $this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}.debug"; + $this->_cacheFile = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . ".cache"; + $this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . ".debug"; log_error("DynDns: updatedns() starting"); @@ -175,7 +175,7 @@ curl_setopt($ch, CURLOPT_USERAGENT, $this->_UserAgent); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_INTERFACE, $this->_ifIP); - curl_setopt($ch, CURLOPT_TIMEOUT, 30); // Completely empirical + curl_setopt($ch, CURLOPT_TIMEOUT, 60); // Completely empirical } switch ($this->_dnsService) { @@ -902,11 +902,23 @@ $this->_ifIP = $ip_address; if (is_private_ip($ip_address)) { $hosttocheck = "checkip.dyndns.org"; - $checkip = gethostbyname($hosttocheck); + $try = 0; + while ($try < 3) { + $checkip = gethostbyname($hosttocheck); + if (is_ipaddr($checkip)) + break; + $try++; + } + if ($try >= 3) { + log_error("Dyndns debug information: Could not resolve {$hosttocheck} to ip using interface ip {$ip_address}."); + return $ip_address; /* XXX: Might return private ip address! */ + } $ip_ch = curl_init("http://{$checkip}"); curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address); + curl_setopt($ip_ch, CURLOPT_CONNECTTIMEOUT, '30'); + curl_setopt($ip_ch, CURLOPT_TIMEOUT, 60); $ip_result_page = curl_exec($ip_ch); curl_close($ip_ch); $ip_result_decoded = urldecode($ip_result_page); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c9ed6f8..8d0d9f2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -62,31 +62,27 @@ $aliases = ""; function flowtable_configure() { global $config, $g; - return; + + if (empty($config['system']['flowtable'])) { + mwexec("/sbin/sysctl net.inet.flowtable.enable=0", true); + return; + } + // Figure out how many flows we should reserve // sized 2x larger than the number of unique connection destinations. if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) $maxstates = $config['system']['maximumstates']; else - $maxstates = "150000"; + $maxstates = 150000; // nmbflows cpu count * ($maxstates * 2) - $cpus = trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d' ' -f2`); + $cpus = trim(`/sbin/sysctl -n kern.smp.cpus`, " \n"); $nmbflows = ($cpus*($maxstates*2)); - // flowtable is not enabled - /* - if($config['system']['flowtable']) - $flowtable_enable = 1; - else - $flowtable_enable = 0; // Flowtable currently only works on 8.0 if(get_freebsd_version() == "8") { - if($flowtable_enable == 1) { - mwexec("/sbin/sysctl net.inet.flowtable.nmbflows={$config['system']['maximumstates']}"); - mwexec("/sbin/sysctl net.inet.ip.output_flowtable_size={$nmbflows}"); - } - mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); + mwexec("/sbin/sysctl net.inet.flowtable.nmbflows={$nmbflows}"); + mwexec("/sbin/sysctl net.inet.ip.output_flowtable_size={$maxstates}"); + mwexec("/sbin/sysctl net.inet.flowtable.enable=1"); } - */ } function filter_load_ipfw() { @@ -135,16 +131,27 @@ function filter_pflog_start() { /* reload filter async */ function filter_configure() { + global $g; + if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_configure() being called $mt\n"; } - send_event("filter reload"); + + /* + * NOTE: Check here for bootup status since this should not be triggered during bootup. + * The reason is that rc.bootup calls filter_configure_sync directly which does this too. + */ + if (!$g['booting']) + send_event("filter reload"); } function filter_delete_states_for_down_gateways() { global $config, $GatewaysList; + if (isset($config['system']['kill_states'])) + return; + $a_gateways = return_gateways_status(); if (is_array($GatewaysList)) { foreach ($GatewaysList as $gwname => $gateway) { @@ -177,8 +184,9 @@ function filter_configure_sync() { global $config, $g, $after_filter_configure_run, $FilterIflist; global $time_based_rules, $filterdns, $aliases; - /* Use config lock to not allow recursion and config changes during this run. */ - $filterlck = lock('config'); + /* Use filter lock to not allow recursion and config lock to prevent changes during this run. */ + $filterlck = lock('filter', LOCK_EX); + $configlck = lock('config'); filter_pflog_start(); @@ -233,6 +241,7 @@ function filter_configure_sync() { update_filter_reload_status(gettext("Filter is disabled. Not loading rules.")); if($g['booting'] == true) echo gettext("done.") . "\n"; + unlock($configlck); unlock($filterlck); return; } @@ -290,6 +299,7 @@ function filter_configure_sync() { if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) { log_error(gettext("WARNING: Could not write new rules!")); + unlock($configlck); unlock($filterlck); return; } @@ -329,6 +339,7 @@ function filter_configure_sync() { file_notice("filter_load", $error_msg, "Filter Reload", ""); log_error($error_msg); update_filter_reload_status($error_msg); + unlock($configlck); unlock($filterlck); return; } @@ -357,7 +368,7 @@ function filter_configure_sync() { * FilterDNS has three debugging levels. The default choosen is 1. * Availabe are level 2 and greater then 2. */ - mwexec("/usr/local/sbin/filterdns {$g['tmp_path']}/filterdns.pid 300 {$g['varetc_path']}/filterdns.conf 1"); + mwexec("/usr/local/sbin/filterdns -p {$g['tmp_path']}/filterdns.pid -i 300 -c {$g['varetc_path']}/filterdns.conf -d 1"); } /* run items scheduled for after filter configure run */ @@ -377,7 +388,7 @@ function filter_configure_sync() { fclose($fda); } - unlock($filterlck); + unlock($configlck); if(file_exists("{$g['tmp_path']}/commands.txt")) { mwexec("sh {$g['tmp_path']}/commands.txt &"); @@ -408,6 +419,7 @@ function filter_configure_sync() { if($g['booting'] == true) echo gettext("done.") . "\n"; + unlock($filterlck); return 0; } @@ -514,6 +526,7 @@ function filter_generate_aliases() { $aliases .= "\n#SSH Lockout Table\n"; $aliases .= "table <sshlockout> persist\n"; + $aliases .= "table <webConfiguratorlockout> persist\n"; $aliases .= "#Snort2C table\n"; $aliases .= "table <snort2c>\n"; @@ -845,7 +858,12 @@ function filter_get_reflection_interfaces($natif = "") { return $nat_if_list; } -function filter_generate_reflection_nat($rule, $nat_ifs, $protocol, $target, $target_ip, $target_subnet = "") { +function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protocol, $target, $target_ip, $target_subnet = "") { + global $config; + + if(!isset($config['system']['enablenatreflectionhelper'])) + return ""; + // Initialize natrules holder string $natrules = ""; @@ -864,21 +882,26 @@ function filter_generate_reflection_nat($rule, $nat_ifs, $protocol, $target, $ta $protocol_text = ""; } - $target_if_list = array(); - if(empty($target_subnet) || !is_numeric($target_subnet) || $target_subnet == 32) { - $target_if_list[] = guess_interface_from_ip($target_ip); - } else { - $target_if_list[] = guess_interface_from_ip(gen_subnet_max($target_ip, $target_subnet)); - } + if(empty($target_subnet) || !is_numeric($target_subnet)) + $target_subnet = 32; - foreach ($target_if_list as $target_if) { - /* Only install additional NAT rules if the - * target is in the list of source networks */ - if(in_array($target_if, $nat_ifs)) { - $target_networks = "{$target_if}:network"; + if(!is_array($route_table)) { + $route_table = array(); + /* create a route table we can search */ + exec("netstat -rnWf inet", $route_table); + } - $natrules .= "no nat on {$target_if}{$protocol_text} from {$target_if} to {$target}\n"; - $natrules .= "nat on {$target_if}{$protocol_text} from {$target_networks} to {$target} -> {$target_if}{$static_port}\n"; + /* Search for matching subnets in the routing table */ + foreach($route_table as $line) { + if(preg_match("/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+[ ]+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|link[#])/", $line)) { + $fields = preg_split("/[ ]+/", $line); + $subnet = $fields[0]; + $subnet_split = explode("/", $subnet); + $subnet_if = $fields[6]; + if(in_array($subnet_if, $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) { + $natrules .= "no nat on {$subnet_if}{$protocol_text} from {$subnet_if} to {$target}\n"; + $natrules .= "nat on {$subnet_if}{$protocol_text} from {$subnet} to {$target} -> {$subnet_if}{$static_port}\n"; + } } } @@ -1143,6 +1166,7 @@ function filter_nat_rules_generate() { update_filter_reload_status(gettext("Creating 1:1 rules...")); $reflection_txt = ""; + $route_table = ""; /* any 1:1 mappings? */ if(is_array($config['nat']['onetoone'])) { @@ -1200,7 +1224,7 @@ function filter_nat_rules_generate() { } $nat_if_list = array_merge(array($natif), $nat_if_list); - $reflection_txt .= filter_generate_reflection_nat($rule, $nat_if_list, "", $srcaddr, $srcip, $sn); + $reflection_txt .= filter_generate_reflection_nat($rule, $route_table, $nat_if_list, "", $srcaddr, $srcip, $sn); } } $natrules .= "\n# Outbound NAT rules\n"; @@ -1493,11 +1517,12 @@ function filter_nat_rules_generate() { fclose($inetd_fd); // Close file handle // Check if inetd is running, if not start it. If so, restart it gracefully. $helpers = isvalidproc("inetd"); - if(!$helpers) - mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf"); - else - sigkillbypid("/var/run/inetd.pid", "HUP"); - + if(file_exists("/var/etc/inetd.conf")) { + if(!$helpers) + mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf"); + else + sigkillbypid("/var/run/inetd.pid", "HUP"); + } $natrules .= discover_pkg_rules("nat"); $natrules .= filter_process_carp_nat_rules(); @@ -2031,8 +2056,21 @@ EOD; $sshport = $config['system']['ssh']['port']; else $sshport = 22; - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n"; + if($sshport) + $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n"; + } + + $ipfrules .= "\n# webConfigurator lockout\n"; + if(!$config['system']['webgui']['port']) { + if($config['system']['webgui']['protocol'] == "http") + $webConfiguratorlockoutport = "80"; + else + $webConfiguratorlockoutport = "443"; + } else { + $webConfiguratorlockoutport = $config['system']['webgui']['port']; } + if($webConfiguratorlockoutport) + $ipfrules .= "block in log quick proto tcp from <webConfiguratorlockout> to any port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n"; /* * Support for allow limiting of TCP connections by establishment rate diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index b8593dc..ba97ba0 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -41,7 +41,7 @@ function remove_numbers($string) { } function get_nics_with_capabilities($CAPABILITIES) { - $ifs = `ifconfig -l`; + $ifs = `/sbin/ifconfig -l`; $if_list = split(" ", $ifs); $vlan_native_supp = array(); foreach($if_list as $if => $iface) { @@ -113,7 +113,7 @@ $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); if(count($vlan_native_supp) > 0) $g['vlan_long_frame'] = $vlan_native_supp; else - $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); + $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); @@ -122,7 +122,7 @@ $iptos = array("lowdelay", "throughput", "reliability"); $tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg"); if(file_exists("/etc/platform")) { - $arch = trim(`uname -m`); + $arch = php_uname("m"); $g['platform'] = trim(file_get_contents("/etc/platform")); if($g['platform'] == "nanobsd") { $g['update_url']="http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/{$arch}/pfSense_HEAD/.updaters/"; @@ -138,32 +138,33 @@ if(file_exists("/etc/platform")) { /* Default sysctls */ $sysctls = array("net.inet.ip.portrange.first" => "1024", - "net.inet.tcp.blackhole" => "2", - "net.inet.udp.blackhole" => "1", - "net.inet.ip.random_id" => "1", - "net.inet.tcp.drop_synfin" => "1", - "net.inet.ip.redirect" => "1", - "net.inet6.ip6.redirect" => "1", - "net.inet.tcp.syncookies" => "1", - "net.inet.tcp.recvspace" => "65228", - "net.inet.tcp.sendspace" => "65228", - "net.inet.ip.fastforwarding" => "1", - "net.inet.tcp.delayed_ack" => "0", - "net.inet.udp.maxdgram" => "57344", - "net.link.bridge.pfil_onlyip" => "0", - "net.link.bridge.pfil_member" => "1", - "net.link.bridge.pfil_bridge" => "0", - "net.link.tap.user_open" => "1", - "kern.rndtest.verbose" => "0", - "kern.randompid" => "347", - "net.inet.ip.intr_queue_maxlen" => "1000", - "hw.syscons.kbd_reboot" => "0", - "net.inet.tcp.inflight.enable" => "1", - "net.inet.tcp.log_debug" => "0", - "net.inet.tcp.tso" => "1", - "net.inet.icmp.icmplim" => "0" - ); - -$config_inc_loaded = false; - -?>
\ No newline at end of file + "net.inet.tcp.blackhole" => "2", + "net.inet.udp.blackhole" => "1", + "net.inet.ip.random_id" => "1", + "net.inet.tcp.drop_synfin" => "1", + "net.inet.ip.redirect" => "1", + "net.inet6.ip6.redirect" => "1", + "net.inet.tcp.syncookies" => "1", + "net.inet.tcp.recvspace" => "65228", + "net.inet.tcp.sendspace" => "65228", + "net.inet.ip.fastforwarding" => "0", + "net.inet.tcp.delayed_ack" => "0", + "net.inet.udp.maxdgram" => "57344", + "net.link.bridge.pfil_onlyip" => "0", + "net.link.bridge.pfil_member" => "1", + "net.link.bridge.pfil_bridge" => "0", + "net.link.tap.user_open" => "1", + "kern.rndtest.verbose" => "0", + "kern.randompid" => "347", + "net.inet.ip.intr_queue_maxlen" => "1000", + "hw.syscons.kbd_reboot" => "0", + "net.inet.tcp.inflight.enable" => "1", + "net.inet.tcp.log_debug" => "0", + "net.inet.tcp.tso" => "1", + "net.inet.icmp.icmplim" => "0", + "vfs.read_max" => "32" +); + +$config_parsed = false; + +?> diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 8ff94d9..1dcd6c1 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -41,8 +41,6 @@ function setup_gateways_monitor() { if (!is_array($gateways_arr)) { log_error("No gateways to monitor. Apinger will not be run."); killbypid("{$g['varrun_path']}/apinger.pid"); - // TEMPORARY XXX - exec("/usr/bin/killall -9 apinger"); @unlink("{$g['tmp_path']}/apinger.status"); return; } @@ -215,7 +213,7 @@ EOD; log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor']. $gateway['gateway'])); mwexec("/sbin/route delete -host " . escapeshellarg($gateway['monitor']), true); mwexec("/sbin/route add -host " . escapeshellarg($gateway['monitor']) . - " " . escapeshellarg($gateway['gateway'])); + " " . escapeshellarg($gateway['gateway']), true); } $apingerconfig .= $alarmscfg; @@ -225,8 +223,6 @@ EOD; fclose($fd); killbypid("{$g['varrun_path']}/apinger.pid"); - // TEMPORARY XXX - exec("/usr/bin/killall -9 apinger"); if (is_dir("{$g['tmp_path']}")) chmod("{$g['tmp_path']}", 01777); if (!is_dir("{$g['vardb_path']}/rrd")) @@ -236,6 +232,7 @@ EOD; /* start a new apinger process */ @unlink("{$g['tmp_path']}/apinger.status"); + sleep(1); mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); return 0; @@ -291,13 +288,14 @@ function return_gateways_array($disabled = false) { $gateway['friendlyiface'] = $gateway['interface']; $gateway['interface'] = get_real_interface($gateway['interface']); - /* Some interface like wan might be default but have no info recorded + /* FIXME: Should this be enabled. + * Some interface like wan might be default but have no info recorded * the config. - */ if ($gateway['friendlyiface'] == "wan" && !isset($gateway['defaultgw'])) { if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) $gateway['defaultgw'] = true; } + */ /* include the gateway index as the attribute */ $gateway['attribute'] = $i; @@ -409,9 +407,11 @@ function return_gateway_groups_array() { $tiers_count = count($tiers); if($tiers_count == 0) { /* Oh dear, we have no members! Engage Plan B */ - $msg = gettext("Gateways status could not be determined, considering all as up/active."); - log_error($msg); - notify_via_growl($msg); + if (!$g['booting']) { + $msg = gettext("Gateways status could not be determined, considering all as up/active."); + log_error($msg); + notify_via_growl($msg); + } $tiers = $backupplan; } /* sort the tiers array by the tier key */ diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 254932b..ba8d217 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -35,7 +35,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /usr/sbin/pppd /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp + pfSense_BUILDER_BINARIES: /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/route /usr/sbin/ngctl /usr/sbin/arp /bin/kill /usr/local/sbin/mpd5 pfSense_MODULE: interfaces @@ -336,6 +336,12 @@ function interface_bridge_configure(&$bridge) { $commontx = false; if (!isset($opts['encaps']['rxcsum'])) $commonrx = false; + if (!isset($opts['encaps']['tso4'])) + $commontso4 = false; + if (!isset($opts['encaps']['tso6'])) + $commontso6 = false; + if (!isset($opts['encaps']['lro'])) + $commonlro = false; if ($smallermtu == 0 && !empty($mtu)) $smallermtu = $mtu; else if (!empty($mtu) && $mtu < $smallermtu) @@ -347,10 +353,16 @@ function interface_bridge_configure(&$bridge) { $smallermtu = 1500; $flags = 0; - if ($commonrx == false) + if ($commonrx === false) $flags |= IFCAP_RXCSUM; - if ($commontx == false) + if ($commontx === false) $flags |= IFCAP_TXCSUM; + if ($commontso4 === false) + $flags |= IFCAP_TSO4; + if ($commontso6 === false) + $flags |= IFCAP_TSO6; + if ($commonlro === false) + $flags |= IFCAP_LRO; /* Add interfaces to bridge */ foreach ($members as $member) { @@ -543,7 +555,18 @@ function interface_lagg_configure(&$lagg) { /* Calculate smaller mtu and enforce it */ $smallermtu = 0; foreach ($members as $member) { - $mtu = get_interface_mtu($member); + $opts = pfSense_get_interface_addresses($member); + $mtu = $opts['mtu']; + if (!isset($opts['encaps']['txcsum'])) + $commontx = false; + if (!isset($opts['encaps']['rxcsum'])) + $commonrx = false; + if (!isset($opts['encaps']['tso4'])) + $commontso4 = false; + if (!isset($opts['encaps']['tso6'])) + $commontso6 = false; + if (!isset($opts['encaps']['lro'])) + $commonlro = false; if ($smallermtu == 0 && !empty($mtu)) $smallermtu = $mtu; else if (!empty($mtu) && $mtu < $smallermtu) @@ -554,11 +577,24 @@ function interface_lagg_configure(&$lagg) { if ($smallermtu == 0) $smallermtu = 1500; + $flags = 0; + if ($commonrx === false) + $flags |= IFCAP_RXCSUM; + if ($commontx === false) + $flags |= IFCAP_TXCSUM; + if ($commontso4 === false) + $flags |= IFCAP_TSO4; + if ($commontso6 === false) + $flags |= IFCAP_TSO6; + if ($commonlro === false) + $flags |= IFCAP_LRO; + foreach ($members as $member) { if (!array_key_exists($member, $checklist)) continue; /* make sure the parent interface is up */ pfSense_interface_mtu($member, $smallermtu); + pfSense_interface_capabilities($member, -$flags); interfaces_bring_up($member); mwexec("/sbin/ifconfig {$laggif} laggport {$member}"); } @@ -573,19 +609,18 @@ function interface_lagg_configure(&$lagg) { function interfaces_gre_configure() { global $config; - $i = 0; if (is_array($config['gres']['gre']) && count($config['gres']['gre'])) { - foreach ($config['gres']['gre'] as $gre) { + foreach ($config['gres']['gre'] as $i => $gre) { if(empty($gre['greif'])) $gre['greif'] = "gre{$i}"; /* XXX: Maybe we should report any errors?! */ interface_gre_configure($gre); - $i++; } } } -function interface_gre_configure(&$gre) { +/* NOTE: $grekey is not used but useful for passing this function to array_walk. */ +function interface_gre_configure(&$gre, $grekey = "") { global $config, $g; if (!is_array($gre)) @@ -628,19 +663,19 @@ function interface_gre_configure(&$gre) { function interfaces_gif_configure() { global $config; - $i = 0; + if (is_array($config['gifs']['gif']) && count($config['gifs']['gif'])) { - foreach ($config['gifs']['gif'] as $gif) { + foreach ($config['gifs']['gif'] as $i => $gif) { if(empty($gif['gifif'])) $gre['gifif'] = "gif{$i}"; /* XXX: Maybe we should report any errors?! */ interface_gif_configure($gif); - $i++; } } } -function interface_gif_configure(&$gif) { +/* NOTE: $gifkey is not used but useful for passing this function to array_walk. */ +function interface_gif_configure(&$gif, $gifkey = "") { global $config, $g; if (!is_array($gif)) @@ -783,9 +818,6 @@ function interfaces_configure() { /* reload captive portal */ captiveportal_init_rules(); - - /* set the reload filter dity flag */ - filter_configure(); } return 0; @@ -1467,7 +1499,7 @@ function interfaces_carp_setup() { } else $cmdchain->add(gettext("Enable CARP preemption"), "/sbin/sysctl net.inet.carp.preempt=1", true); - $cmdchain->add(gettext("Enable CARP logging"), "/sbin/sysctl net.inet.carp.log=2", true); + $cmdchain->add(gettext("Enable CARP logging"), "/sbin/sysctl net.inet.carp.log=1", true); if (!empty($pfsyncinterface)) $carp_sync_int = get_real_interface($pfsyncinterface); @@ -1686,7 +1718,6 @@ function interface_carp_configure(&$vip) { // set the vip interface to the vhid $vipif = "vip{$vip['vhid']}"; - $interface = interface_translate_type_to_real($vip['interface']); /* * ensure the interface containing the VIP really exists * prevents a panic if the interface is missing or invalid @@ -1718,7 +1749,7 @@ function interface_carp_configure(&$vip) { get_interface_arr(true); $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); interfaces_bring_up($vipif); @@ -1736,12 +1767,11 @@ function interface_carpdev_configure(&$vip) { if($vip['password'] != "") $password = " pass \"" . $vip_password . "\""; - log_error(sprintf(gettext('Found carpdev interface %1$s on top of interface %2$s'), $vip['interface'], $interface)); if (empty($vip['interface'])) return; $vipif = "vip" . $vip['vhid']; - $realif = interface_translate_type_to_real($vip['interface']); + $realif = get_real_interface($vip['interface']); interfaces_bring_up($realif); /* * ensure the interface containing the VIP really exists @@ -1760,7 +1790,7 @@ function interface_carpdev_configure(&$vip) { pfSense_ngctl_name("{$carpdevif}:", $vipif); } - mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); interfaces_bring_up($vipif); /* @@ -1860,6 +1890,7 @@ function interface_wireless_clone($realif, $wlcfg) { pfSense_interface_rename($newif, $realif); // FIXME: not sure what ngctl is for. Doesn't work. // mwexec("/usr/sbin/ngctl name {$newif}: {$realif}", false); + file_put_contents("{$g['tmp_path']}/{$realif}_oldmac", get_interface_mac($realif)); } return true; } @@ -2220,7 +2251,26 @@ EOD; fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c {$g['varetc_path']}/wpa_supplicant_{$if}.conf\n"); } if ($wlcfg['mode'] == "hostap") { + /* add line to script to restore old mac to make hostapd happy */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + $if_oldmac = file_get_contents("{$g['tmp_path']}/{$if}_oldmac"); + if (is_macaddr($if_oldmac)) + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_oldmac) . "\n"); + } + fwrite($fd_set, "{$hostapd} -B {$g['varetc_path']}/hostapd_{$if}.conf\n"); + + /* add line to script to restore spoofed mac after running hostapd */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + if ($wl['spoofmac']) + $if_curmac = $wl['spoofmac']; + else + $if_curmac = get_interface_mac($if); + if (is_macaddr($if_curmac)) + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_curmac) . "\n"); + } } } @@ -2347,6 +2397,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven $wancfg = $config['interfaces'][$interface]; $realif = get_real_interface($interface); + $realhwif = interface_translate_type_to_real($interface); if (!$g['booting']) { /* remove all IPv4 addresses */ @@ -2370,7 +2421,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); if ($wancfg['spoofmac']) { - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . " link " . escapeshellarg($wancfg['spoofmac'])); /* @@ -2379,20 +2430,20 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven */ if (is_array($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $vlan) { - if ($vlan['if'] == $realif) + if ($vlan['if'] == $realhwif) mwexec("/sbin/ifconfig " . escapeshellarg($vlan['vlanif']) . " link " . escapeshellarg($wancfg['spoofmac'])); } } } else { - $mac = get_interface_mac(get_real_interface($wancfg['if'])); - if($mac == "ff:ff:ff:ff:ff:ff") { + $mac = get_interface_mac($realhwif); + if ($mac == "ff:ff:ff:ff:ff:ff") { /* this is not a valid mac address. generate a * temporary mac address so the machine can get online. */ echo gettext("Generating new MAC address."); $random_mac = generate_random_mac_address(); - mwexec("/sbin/ifconfig " . escapeshellarg(get_real_interface($wancfg['if'])) . + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . " link " . escapeshellarg($random_mac)); $wancfg['spoofmac'] = $random_mac; write_config(); @@ -2402,7 +2453,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* media */ if ($wancfg['media'] || $wancfg['mediaopt']) { - $cmd = "/sbin/ifconfig " . escapeshellarg(get_real_interface($wancfg['if'])); + $cmd = "/sbin/ifconfig " . escapeshellarg($realhwif); if ($wancfg['media']) $cmd .= " media " . escapeshellarg($wancfg['media']); if ($wancfg['mediaopt']) @@ -2410,9 +2461,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven mwexec($cmd); } if (!empty($wancfg['mtu'])) - pfSense_interface_mtu($realif, $wancfg['mtu']); + pfSense_interface_mtu($realhwif, $wancfg['mtu']); - $options = pfSense_get_interface_addresses($realif); + $options = pfSense_get_interface_addresses($realhwif); if (is_array($options) && isset($options['caps']['polling'])) { if (isset($config['system']['polling'])) pfSense_interface_capabilities($realif, IFCAP_POLLING); @@ -2421,7 +2472,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } /* skip vlans for checksumming and polling */ - if (!stristr($realif, "vlan") && is_array($options)) { + if (!stristr($realhwif, "vlan") && is_array($options)) { $flags = 0; if(isset($config['system']['disablechecksumoffloading'])) { if (isset($options['encaps']['txcsum'])) @@ -2459,7 +2510,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if (!isset($config['system']['polling']) || !isset($options['caps']['polling'])) { $flags |= IFCAP_POLLING; } - pfSense_interface_capabilities($realif, -$flags); + pfSense_interface_capabilities($realhwif, -$flags); } /* invalidate interface/ip/sn cache */ @@ -2505,17 +2556,17 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interfaces_bring_up($wancfg['if']); if (!$g['booting']) { - interface_reload_carps($realif); + link_interface_to_vips($interface, "update"); unset($gre); $gre = link_interface_to_gre($interface); if (!empty($gre)) - interface_gre_configure($gre); + array_walk($gre, 'interface_gre_configure'); unset($gif); $gif = link_interface_to_gif($interface); if (!empty($gif)) - interface_gif_configure($gif); + array_walk($gif, 'interface_gif_configure'); if ($linkupevent == false) { unset($bridgetmp); @@ -2524,11 +2575,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_bridge_add_member($bridgetmp, $realif); } - link_interface_to_vips($interface, "update"); - $grouptmp = link_interface_to_group($interface); if (!empty($grouptmp)) - interface_group_add_member($realif, $grouptmp); + array_walk($grouptmp, 'interface_group_add_member'); if ($interface == "lan") /* make new hosts file */ @@ -2546,16 +2595,10 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven services_dnsmasq_configure(); /* update dyndns */ - services_dyndns_configure($interface); - - /* force DNS update */ - services_dnsupdate_process($interface); + send_event("service reload dyndns {$interface}"); /* reload captive portal */ captiveportal_init_rules(); - - /* set the reload filter dity flag */ - filter_configure(); } } @@ -2670,6 +2713,7 @@ function interface_group_setup(&$groupname /* The parameter is an array */) { } function interface_group_add_member($interface, $groupname) { + $interface = get_real_interface($interface); mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); } @@ -2698,7 +2742,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { $index = intval(substr($interface, 3)); foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { - if ($index == $counter) + if ($index == $vip['vhid']) return $vip['interface']; } } @@ -2727,22 +2771,22 @@ function convert_friendly_interface_to_friendly_descr($interface) { global $config; switch ($interface) { - case "l2tp": - $ifdesc = "L2TP"; - break; - case "pptp": - $ifdesc = "PPTP"; - break; - case "pppoe": - $ifdesc = "PPPoE"; - break; - case "openvpn": - $ifdesc = "OpenVPN"; - break; - case "enc0": - case "ipsec": - $ifdesc = "IPsec"; - break; + case "l2tp": + $ifdesc = "L2TP"; + break; + case "pptp": + $ifdesc = "PPTP"; + break; + case "pppoe": + $ifdesc = "PPPoE"; + break; + case "openvpn": + $ifdesc = "OpenVPN"; + break; + case "enc0": + case "ipsec": + $ifdesc = "IPsec"; + break; default: if (isset($config['interfaces'][$interface])) { if (empty($config['interfaces'][$interface]['descr'])) @@ -2750,13 +2794,23 @@ function convert_friendly_interface_to_friendly_descr($interface) { else $ifdesc = strtoupper($config['interfaces'][$interface]['descr']); break; + } else if (substr($interface, 0, 3) == "vip") { + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $counter => $vip) { + if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { + if ($interface == "vip{$vip['vhid']}") + return "{$vip['subnet']} - {$vip['descr']}"; + } + } + } + } else { + /* if list */ + $ifdescrs = get_configured_interface_with_descr(false, true); + foreach ($ifdescrs as $if => $ifname) { + if ($if == $interface || $ifname == $interface) + return $ifname; + } } - /* if list */ - $ifdescrs = get_configured_interface_with_descr(false, true); - foreach ($ifdescrs as $if => $ifname) { - if ($if == $interface || $ifname == $interface) - return $ifname; - } break; } @@ -2783,10 +2837,31 @@ function convert_real_interface_to_friendly_descr($interface) { function interface_translate_type_to_real($interface) { global $config; - if ($config['interfaces'][$interface]['if'] <> "") - return $config['interfaces'][$interface]['if']; - else + if (empty($config['interfaces'][$interface])) return $interface; + $tmpif = $config['interfaces'][$interface]; + switch ($tmpif['type']) { + case "ppp": + case "pppoe": + case "pptp": + case "l2tp": + if (is_array($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppidx => $ppp) { + if ($tmpif['if'] == $ppp['if']) { + $interface = $ppp['ports']; + break; + } + } + } + break; + case "dhcp": + case "static": + default: + $interface = $tmpif['if']; + break; + } + + return $interface; } function interface_is_wireless_clone($wlif) { @@ -3042,14 +3117,17 @@ function link_interface_to_vlans($int, $action = "") { function link_interface_to_vips($int, $action = "") { global $config; - if (is_array($config['virtualip']['vip'])) - foreach ($config['virtualip']['vip'] as $vip) - if ($int == $vip['interface']) { - if ($action == "update") + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($int == $vip['interface']) { + if ($action == "update") { + interface_vip_bring_down($vip); interfaces_vips_configure($int); - else - return $vip; + } else + return $vip; } + } + } } /****f* interfaces/link_interface_to_bridge @@ -3074,30 +3152,44 @@ function link_interface_to_bridge($int) { function link_interface_to_group($int) { global $config; + $result = array(); + if (is_array($config['ifgroups']['ifgroupentry'])) { foreach ($config['ifgroups']['ifgroupentry'] as $group) { - if (in_array($int, explode(" ", $groupname['members']))) - return "{$group['ifname']}"; + if (in_array($int, explode(" ", $group['members']))) + $result[$group['ifname']] = $int; } } + + return $result; } function link_interface_to_gre($interface) { global $config; - if (is_array($config['gres']['gre'])) + $result = array(); + + if (is_array($config['gres']['gre'])) { foreach ($config['gres']['gre'] as $gre) if($gre['if'] == $interface) - return $gre; + $result[] = $gre; + } + + return $result; } function link_interface_to_gif($interface) { global $config; - if (is_array($config['gifs']['gif'])) + $result = array(); + + if (is_array($config['gifs']['gif'])) { foreach ($config['gifs']['gif'] as $gif) if($gif['if'] == $interface) - return $gif; + $result[] = $gif; + } + + return $result; } /* @@ -3271,7 +3363,7 @@ function is_altq_capable($int) { */ $capable = array("age", "ale", "an", "ath", "aue", "awi", "bce", "bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem", - "hme", "igb", "ipw", "iwi", "jme", "le", "msk", "mxge", "my", "nfe", + "hme", "igb", "ipw", "iwi", "jme", "le", "lem", "msk", "mxge", "my", "nfe", "npe", "nve", "ral", "re", "rl", "rum", "run", "bwn", "sf", "sis", "sk", "ste", "stge", "txp", "udav", "ural", "vge", "vr", "wi", "xl", "ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", @@ -3450,4 +3542,15 @@ EOD; unlink_if_exists($cron_file); } +function get_vip_descr($ipaddress) { + global $config; + + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['subnet'] == $ipaddress) { + return ($vip['descr']); + } + } + return ""; +} + ?> diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 12f106a..6637c72 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -123,12 +123,18 @@ function ipsec_ikeid_next() { */ function ipsec_get_phase1_src(& $ph1ent) { - if ($ph1ent['interface']) - $if = $ph1ent['interface']; - else + if ($ph1ent['interface']) { + if (!is_ipaddr($ph1ent['interface'])) { + $if = $ph1ent['interface']; + $interfaceip = get_interface_ip($if); + } else { + $interfaceip=$ph1ent['interface']; + } + } + else { $if = "wan"; - - $interfaceip = get_interface_ip($if); + $interfaceip = get_interface_ip($if); + } return $interfaceip; } diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 460d681..9ca76cf 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -41,6 +41,7 @@ * in our config.xml file and check the credentials. */ +require_once("globals.inc"); require_once("config.inc"); require_once("radius.inc"); require_once("auth.inc"); @@ -95,6 +96,11 @@ if (!$username || !$password) { /* Replaced by a sed with propper variables used below(ldap parameters). */ //<template> +if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) { + putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca"); + putenv("LDAPTLS_REQCERT=never"); +} + $authenticated = false; if (($strictusercn === true) && ($common_name != $username)) { @@ -121,4 +127,4 @@ syslog(LOG_WARNING, "user {$username} authenticated\n"); exit(0); -?>
\ No newline at end of file +?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 5e607a8..5dc0233 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -393,8 +393,9 @@ function openvpn_reconfigure($mode,& $settings) { $sed .= "\"{$authcfg}\""; } $sed .= ");\\\n"; - if (isset($settings['strictusercn'])) + if ($settings['strictusercn']) $sed .= "\$strictusercn = true;"; + $sed .= " \$modeid = \"{$mode_id}\";"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; @@ -445,19 +446,19 @@ function openvpn_reconfigure($mode,& $settings) { break; } - // The port we'll listen at - // If local_port is used, bind the management port - if ($settings['local_port']) { + // If there is no bind option at all (ip and/or port), add "nobind" directive + // Otherwise, use the local port if defined, failing that, use lport 0 to + // ensure a random source port. + if ((empty($iface_ip)) && (!$settings['local_port'])) + $conf .= "nobind\n"; + elseif ($settings['local_port']) $conf .= "lport {$settings['local_port']}\n"; - } + else + $conf .= "lport 0\n"; + // Use unix socket to overcome the problem on any type of server $conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n"; - // If there is no bind option at all (ip and/or port), add "nobind" directive - if ((empty($iface_ip)) && (!$settings['local_port'])) { - $conf .= "nobind\n"; - } - // The remote server $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; @@ -576,7 +577,9 @@ function openvpn_restart($mode, & $settings) { /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; mwexec_bg("nohup openvpn --config {$fpath}"); - send_event("filter reload"); + + if (!$g['booting']) + send_event("filter reload"); } function openvpn_delete($mode, & $settings) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 96a9d25..c5890d1 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -320,9 +320,8 @@ function setup_microcode() { ******/ function get_carp_status() { /* grab the current status of carp */ - $status = `/sbin/sysctl net.inet.carp.allow | cut -d" " -f2`; - if(intval($status) == "0") return false; - return true; + $status = `/sbin/sysctl -n net.inet.carp.allow`; + return (intval($status) > 0); } /* @@ -339,11 +338,8 @@ function convert_ip_to_network_format($ip, $subnet) { * get_carp_interface_status($carpinterface): returns the status of a carp ip */ function get_carp_interface_status($carpinterface) { - /* basically cache the contents of ifconfig statement - to speed up this routine */ - global $carp_query; - if($carp_query == "") - $carp_query = split("\n", `/sbin/ifconfig $carpinterface | grep carp`); + $carp_query = ""; + exec("/sbin/ifconfig $carpinterface | /usr/bin/grep -v grep | /usr/bin/grep carp:", $carp_query); foreach($carp_query as $int) { if(stristr($int, "MASTER")) return gettext("MASTER"); @@ -377,17 +373,11 @@ function add_rule_to_anchor($anchor, $rule, $label) { * remove $text from file $file */ function remove_text_from_file($file, $text) { - global $fd_log; - if($fd_log) - fwrite($fd_log, sprintf(gettext("Adding needed text items:%s"), "\n")); + if(!file_exists($file) && !is_writable($file)) + return; $filecontents = file_get_contents($file); - $textTMP = str_replace($text, "", $filecontents); - $text = $textTMP; - if($fd_log) - fwrite($fd_log, $text); - $fd = fopen($file, "w"); - fwrite($fd, $text); - fclose($fd); + $text = str_replace($text, "", $filecontents); + @file_put_contents($file, $text); } /* @@ -397,8 +387,6 @@ function remove_text_from_file($file, $text) { function add_text_to_file($file, $text, $replace = false) { if(file_exists($file) and is_writable($file)) { $filecontents = file($file); - $fout = fopen($file, "w"); - $filecontents = array_map('rtrim', $filecontents); array_push($filecontents, $text); if ($replace) @@ -406,12 +394,10 @@ function add_text_to_file($file, $text, $replace = false) { $file_text = implode("\n", $filecontents); - fwrite($fout, $file_text); - fclose($fout); + @file_put_contents($file, $file_text); return true; - } else { - return false; } + return false; } /* @@ -560,6 +546,7 @@ function restore_config_section($section, $new_contents) { if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); write_config(sprintf(gettext("Restored %s of config file (maybe from CARP partner)"), $section)); + disable_security_checks(); conf_mount_ro(); return; } @@ -581,6 +568,7 @@ function merge_config_section($section, $new_contents) { $config[$section] = $section_xml; unlink($fname); write_config(sprintf(gettext("Restored %s of config file (maybe from CARP partner)"), $section)); + disable_security_checks(); conf_mount_ro(); return; } @@ -724,7 +712,7 @@ function call_pfsense_method($method, $params, $timeout = 0) { $cli->setCredentials($username, $password); } $resp = $cli->send($msg, $timeout); - if(!$resp) { + if(!is_object($resp)) { log_error(sprintf(gettext("XMLRPC communication error: %s"), $cli->errstr)); return false; } elseif($resp->faultCode()) { @@ -740,13 +728,16 @@ function call_pfsense_method($method, $params, $timeout = 0) { */ function check_firmware_version($tocheck = "all", $return_php = true) { global $g, $config; + $ip = gethostbyname($g['product_website']); if($ip == $g['product_website']) return false; + $rawparams = array("firmware" => array("version" => trim(file_get_contents('/etc/version'))), "kernel" => array("version" => trim(file_get_contents('/etc/version_kernel'))), "base" => array("version" => trim(file_get_contents('/etc/version_base'))), - "platform" => trim(file_get_contents('/etc/platform')) + "platform" => trim(file_get_contents('/etc/platform')), + "config_version" => $config['version'] ); if($tocheck == "all") { $params = $rawparams; @@ -756,22 +747,38 @@ function check_firmware_version($tocheck = "all", $return_php = true) { $params['platform'] = $rawparams['platform']; } } - if($config['system']['firmware']['branch']) { + if($config['system']['firmware']['branch']) $params['branch'] = $config['system']['firmware']['branch']; - } - if(!$versions = call_pfsense_method('pfsense.get_firmware_version', $params)) { + + /* XXX: What is this method? */ + if(!($versions = call_pfsense_method('pfsense.get_firmware_version', $params))) { return false; } else { $versions["current"] = $params; } + return $versions; } +/* + * host_firmware_version(): Return the versions used in this install + */ +function host_firmware_version($tocheck = "") { + global $g, $config; + + return array( + "firmware" => array("version" => trim(file_get_contents('/etc/version', " \n"))), + "kernel" => array("version" => trim(file_get_contents('/etc/version_kernel', " \n"))), + "base" => array("version" => trim(file_get_contents('/etc/version_base', " \n"))), + "platform" => trim(file_get_contents('/etc/platform', " \n")), + "config_version" => $config['version'] + ); +} + function get_disk_info() { $diskout = ""; exec("/bin/df -h | /usr/bin/grep -w '/' | /usr/bin/awk '{ print $2, $3, $4, $5 }'", $diskout); return explode(' ', $diskout[0]); - // $size, $used, $avail, $cap } /****f* pfsense-utils/strncpy @@ -801,13 +808,6 @@ function strncpy(&$dst, $src, $length) { function reload_interfaces_sync() { global $config, $g; - /* XXX: Use locks?! */ - if (file_exists("{$g['tmp_path']}/reloading_all")) { - log_error(gettext("WARNING: Recursive call to interfaces sync!")); - return; - } - touch("{$g['tmp_path']}/reloading_all"); - if($g['debug']) log_error(gettext("reload_interfaces_sync() is starting.")); @@ -824,13 +824,6 @@ function reload_interfaces_sync() { /* set up interfaces */ interfaces_configure(); - - /* remove reloading_all trigger */ - if($g['debug']) - log_error(sprintf(gettext("Removing %s/reloading_all"), $g['tmp_path'])); - - /* start devd back up */ - mwexec("/bin/rm {$g['tmp_path']}/reload*"); } /****f* pfsense-utils/reload_all @@ -842,7 +835,6 @@ function reload_interfaces_sync() { * none ******/ function reload_all() { - global $g; send_event("service reload all"); } @@ -855,8 +847,7 @@ function reload_all() { * none ******/ function reload_interfaces() { - global $g; - touch("{$g['tmp_path']}/reload_interfaces"); + send_event("interface all reload"); } /****f* pfsense-utils/reload_all_sync @@ -872,13 +863,6 @@ function reload_all_sync() { $g['booting'] = false; - /* XXX: Use locks?! */ - if (file_exists("{$g['tmp_path']}/reloading_all")) { - log_error(gettext("WARNING: Recursive call to reload all sync!")); - return; - } - touch("{$g['tmp_path']}/reloading_all"); - /* parse config.xml again */ $config = parse_config(true); @@ -920,8 +904,6 @@ function reload_all_sync() { /* restart webConfigurator if needed */ send_event("service restart webgui"); - - mwexec("/bin/rm {$g['tmp_path']}/reload*"); } function auto_login() { @@ -990,21 +972,18 @@ function setup_serial_port() { } /* serial console - write out /boot/loader.conf */ $boot_config = file_get_contents("/boot/loader.conf"); - $boot_config_split = split("\n", $boot_config); - $fd = fopen("/boot/loader.conf","w"); - if($fd) { - foreach($boot_config_split as $bcs) { - if(stristr($bcs, "console")) { - /* DONT WRITE OUT, WE'LL DO IT LATER */ - } else { - if($bcs <> "") - fwrite($fd, "{$bcs}\n"); - } - } - if(isset($config['system']['enableserial'])) { - fwrite($fd, "console=\"comconsole\"\n"); - } - fclose($fd); + $boot_config_split = explode("\n", $boot_config); + if(count($boot_config_split) > 0) { + $new_boot_config = array(); + // Loop through and only add lines that are not empty, and which + // do not contain a console directive. + foreach($boot_config_split as $bcs) + if(!empty($bcs) && (stripos($bcs, "console") === false)) + $new_boot_config[] = $bcs; + + if(isset($config['system']['enableserial'])) + $new_boot_config[] = 'console="comconsole"'; + file_put_contents("/boot/loader.conf", implode("\n", $new_boot_config)); } } $ttys = file_get_contents("/etc/ttys"); @@ -1430,8 +1409,8 @@ function isvm() { } function get_freebsd_version() { - $version = trim(`/usr/bin/uname -r | /usr/bin/cut -d'.' -f1`); - return $version; + $version = php_uname("r"); + return $version[0]; } function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { @@ -1454,7 +1433,7 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '60'); curl_setopt($ch, CURLOPT_TIMEOUT, 0); curl_exec($ch); @@ -1506,9 +1485,7 @@ function read_body($ch, $string) { function update_output_window($text) { global $pkg_interface; $log = ereg_replace("\n", "\\n", $text); - if($pkg_interface == "console") { - /* too chatty */ - } else { + if($pkg_interface != "console") { echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>"; } /* ensure that contents are written out */ diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 7dcd28d..e7bcd15 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -8,6 +8,7 @@ * $Id$ ****** * + * Copyright (C) 2010 Ermal Luçi * Copyright (C) 2005-2006 Colin Smith (ethethlay@gmail.com) * All rights reserved. * Redistribution and use in source and binary forms, with or without @@ -34,12 +35,12 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/bin/cd /usr/bin/tar /bin/cat /usr/sbin/fifolog_create /bin/chmod - pfSense_BUILDER_BINARIES: /usr/bin/killall /usr/sbin/pkg_info /usr/sbin/pkg_delete /bin/rm /bin/ls - pfSense_BUILDER_BINARIES: /sbin/pfctl + pfSense_BUILDER_BINARIES: /usr/bin/cd /usr/bin/tar /usr/sbin/fifolog_create /bin/chmod + pfSense_BUILDER_BINARIES: /usr/sbin/pkg_add /usr/sbin/pkg_info /usr/sbin/pkg_delete /bin/rm pfSense_MODULE: pkg */ +require_once("globals.inc"); require_once("xmlrpc.inc"); if(file_exists("/cf/conf/use_xmlreader")) require_once("xmlreader.inc"); @@ -47,7 +48,6 @@ else require_once("xmlparse.inc"); require_once("service-utils.inc"); require_once("pfsense-utils.inc"); -require_once("globals.inc"); if(!function_exists("update_status")) { function update_status($status) { @@ -60,21 +60,33 @@ if(!function_exists("update_output_window")) { } } +if (!function_exists("pkg_debug")) { + /* set up logging if needed */ + function pkg_debug($msg) { + global $g, $debug, $fd_log; + + if (!$debug) + return; + + if (!$fd_log) { + if (!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_{$package}.log", "w")) + update_output_window("Warning, could not open log for writing."); + } + @fwrite($fd_log, $msg); + } +} + $vardb = "/var/db/pkg"; safe_mkdir($vardb); +$g['platform'] = trim(file_get_contents("/etc/platform")); conf_mount_rw(); -$g['platform'] = trim(file_get_contents("/etc/platform")); if(!is_dir("/usr/local/pkg") or !is_dir("/usr/local/pkg/pf")) { safe_mkdir("/usr/local/pkg"); safe_mkdir("/usr/local/pkg/pf"); } conf_mount_ro(); -$version = split("-", trim(file_get_contents("/etc/version"))); -$ver = split("\.", $version[0]); -$g['version'] = intval($ver[1]); - /****f* pkg-utils/remove_package * NAME * remove_package - Removes package from FreeBSD if it exists @@ -86,8 +98,7 @@ $g['version'] = intval($ver[1]); * ******/ function remove_freebsd_package($packagestring) { - $todel = substr(reverse_strrchr($packagestring, "."), 0, -1); - exec("/usr/sbin/pkg_delete -x {$todel}"); + exec("/usr/sbin/pkg_delete -x {$packagestring}"); } /****f* pkg-utils/is_package_installed @@ -118,12 +129,10 @@ function is_package_installed($packagename) { function get_pkg_id($pkg_name) { global $config; - if(is_array($config['installedpackages']['package'])) { - $i = 0; - foreach($config['installedpackages']['package'] as $pkg) { + if (is_array($config['installedpackages']['package'])) { + foreach($config['installedpackages']['package'] as $idx => $pkg) { if($pkg['name'] == $pkg_name) - return $i; - $i++; + return $idx; } } return -1; @@ -141,12 +150,12 @@ function get_pkg_id($pkg_name) { function get_pkg_info($pkgs = 'all', $info = 'all') { global $g; - $freebsd_version = str_replace("\n", "", `uname -r | cut -d'-' -f1 | cut -d'.' -f1`); - $freebsd_machine = str_replace("\n", "", `uname -m`); + $freebsd_version = php_uname("r"); + $freebsd_machine = php_uname("m"); $params = array( "pkg" => $pkgs, "info" => $info, - "freebsd_version" => $freebsd_version, + "freebsd_version" => $freebsd_version[0], "freebsd_machine" => $freebsd_machine ); $resp = call_pfsense_method('pfsense.get_pkgs', $params, 10); @@ -154,14 +163,22 @@ function get_pkg_info($pkgs = 'all', $info = 'all') { } function get_pkg_sizes($pkgs = 'all') { - global $g; + global $config, $g; - $params = array("pkg" => $pkgs); + $freebsd_version = php_uname("r"); + $freebsd_machine = php_uname("m"); + $params = array( + "pkg" => $pkgs, + "freebsd_version" => $freebsd_version, + "freebsd_machine" => $freebsd_machine + ); $msg = new XML_RPC_Message('pfsense.get_pkg_sizes', array(php_value_to_xmlrpc($params))); $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; $cli = new XML_RPC_Client($g['xmlrpcpath'], $xmlrpc_base_url); $resp = $cli->send($msg, 10); - if($resp and !$resp->faultCode()) { + if(!is_object($resp)) + log_error("Could not get response from XMLRPC server!"); + else if (!$resp->faultCode()) { $raw_versions = $resp->value(); return xmlrpc_value_to_php($raw_versions); } @@ -174,35 +191,30 @@ function get_pkg_sizes($pkgs = 'all') { * This function may also print output to the terminal indicating progress. */ function resync_all_package_configs($show_message = false) { - global $config, $restart_sync, $pkg_interface; + global $config, $pkg_interface; - $i = 0; log_error(gettext("Resyncing configuration for all packages.")); - if(!$config['installedpackages']['package']) + if (!is_array($config['installedpackages']['package'])) return; if($show_message == true) echo "Syncing packages:"; - if (is_array($config['installedpackages']['package'])) { - foreach($config['installedpackages']['package'] as $package) { - if (empty($package['name'])) - continue; - if($show_message == true) - echo " " . $package['name']; - get_pkg_depends($package['name'], "all"); - stop_service($package['name']); - sync_package($i, true, true); - if($restart_sync == true) { - $restart_sync = false; - if($pkg_interface == "console") - echo "\n" . gettext("Syncing packages:"); - } - $i++; - } + conf_mount_rw(); + foreach($config['installedpackages']['package'] as $idx => $package) { + if (empty($package['name'])) + continue; + if($show_message == true) + echo " " . $package['name']; + get_pkg_depends($package['name'], "all"); + stop_service($package['name']); + sync_package($idx, true, true); + if($pkg_interface == "console") + echo "\n" . gettext("Syncing packages:"); } if($show_message == true) echo " done.\n"; @unlink("/conf/needs_package_sync"); + conf_mount_ro(); } /* @@ -226,7 +238,6 @@ function is_freebsd_pkg_installed($pkg) { */ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $return_nosync = 1) { global $config; - require_once("notices.inc"); $pkg_id = get_pkg_id($pkg_name); if($pkg_id == -1) @@ -238,8 +249,10 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu if(!file_exists("/usr/local/pkg/" . $package['configurationfile'])) { log_error(sprintf(gettext('The %1$s package is missing required dependencies and must be reinstalled. %2$s'), $package['name'], $package['configurationfile'])); uninstall_package($package['name']); - if (install_package($package['name']) < 0) + if (install_package($package['name']) < 0) { + log_error("Failed reinstalling package {$package['name']}."); return false; + } } $pkg_xml = parse_xml_config_pkg("/usr/local/pkg/" . $package['configurationfile'], "packagegui"); if (!empty($pkg_xml['additional_files_needed'])) { @@ -305,7 +318,6 @@ function uninstall_package($pkg_name) { } function force_remove_package($pkg_name) { - global $config; delete_package_xml($pkg_name); } @@ -313,8 +325,7 @@ function force_remove_package($pkg_name) { * sync_package($pkg_name, $sync_depends = true, $show_message = false) Force a package to setup its configuration and rc.d files. */ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { - global $config; - require_once("notices.inc"); + global $config, $config_parsed; if(empty($config['installedpackages']['package'])) return; @@ -337,7 +348,8 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { return -1; } $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $package['configurationfile'], "packagegui"); - + if(isset($pkg_config['nosync'])) + return; /* Bring in package include files */ if (!empty($pkg_config['include_file'])) { $include_file = $pkg_config['include_file']; @@ -354,11 +366,6 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { } } - /* XXX: Zend complains about the next line "Wrong break depth" - * The code is obviously wrong, but I'm not sure what it's supposed to do? - */ - if(isset($pkg_config['nosync'])) - continue; if(!empty($pkg_config['custom_php_global_functions'])) eval($pkg_config['custom_php_global_functions']); if(!empty($pkg_config['custom_php_resync_config_command'])) @@ -368,18 +375,30 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { if(is_array($depends)) { foreach($depends as $item) { if(!file_exists($item)) { + require_once("notices.inc"); file_notice($package['name'], sprintf(gettext("The %s package is missing required dependencies and must be reinstalled."), $package['name']), "Packages", "/pkg_mgr_install.php?mode=reinstallpkg&pkg={$package['name']}", 1); log_error("Could not find {$item}. Reinstalling package."); uninstall_package($pkg_name); - install_package($pkg_name); + if (install_package($pkg_name) < 0) { + log_error("Reinstalling package {$package['name']} failed. Take appropriate measures!!!"); + return -1; + } } else { $item_config = parse_xml_config_pkg($item, "packagegui"); if (empty($item_config)) continue; if(isset($item_config['nosync'])) continue; - if($item_config['custom_php_command_before_form'] <> "") - eval($item_config['custom_php_command_before_form']); + if (!empty($item_config['include_file'])) { + if (file_exists($item_config['include_file'])) + require_once($item_config['include_file']); + else { + log_error("Not calling package sync code for dependency {$item_config['name']} of {$package['name']} because some include files are missing."); + continue; + } + } + if($item_config['custom_php_global_functions'] <> "") + eval($item_config['custom_php_global_functions']); if($item_config['custom_php_resync_config_command'] <> "") eval($item_config['custom_php_resync_config_command']); if($show_message == true) @@ -393,11 +412,9 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { /* * pkg_fetch_recursive: Download and install a FreeBSD package and its dependencies. This function provides output to * a progress bar and output window. - * - * XXX: This function needs to return where a pkg_add fails. Our current error messages aren't very descriptive. */ -function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = '') { - global $pkgent, $static_output, $g, $fd_log; +function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = "") { + global $static_output, $g; $osname = php_uname("s"); $arch = php_uname("m"); @@ -406,14 +423,14 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $priv_url = "http://ftp2.{$osname}.org/pub/{$osname}/ports/{$arch}/packages-{$rel}/Latest"; if (empty($base_url)) $base_url = $priv_url; - $pkg_extension = ".tgz"; - if (substr($filename, -4) != ".tbz") - $filename .= $pkg_extension; + if (substr($base_url, -1) == "/") + $base_url = substr($base_url, 0, -1); $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Trying to download {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { - $static_output .= " could not download.\n"; + $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; update_output_window($static_output); return false; } else if ($base_url == $priv_url) { @@ -429,47 +446,40 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = update_output_window($static_output); $slaveout = ""; exec("/usr/bin/tar --fast-read -O -f {$fetchto} -x +CONTENTS 2>&1", $slaveout); - $workingdir = preg_grep("/instmp/", $slaveout); - $workingdir = $workingdir[0]; $raw_depends_list = array_values(preg_grep("/\@pkgdep/", $slaveout)); - if($raw_depends_list != "") { - if($pkgent['exclude_dependency'] != "") - $raw_depends_list = array_values(preg_grep($pkgent['exclude_dependency'], PREG_GREP_INVERT)); + if ($raw_depends_list != "") { + $pkg_extension = ".tbz"; foreach($raw_depends_list as $adepend) { - $working_depend = explode(" ", $adepend); + $working_depend = explode(" ", trim($adepend, "\n")); if (substr($working_depend[1], -4) != ".tbz") $depend_filename = $working_depend[1] . $pkg_extension; else $depend_filename = $working_depend[1]; - if(is_freebsd_pkg_installed($working_depend[1]) === false) { - pkg_fetch_recursive($working_depend[1], $depend_filename, $dependlevel + 1, $base_url); + if (!is_freebsd_pkg_installed($working_depend[1])) { + if (pkg_fetch_recursive($working_depend[1], $depend_filename, $dependlevel + 1, $base_url) == false) + return false; } else { //$dependlevel++; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " "; - @fwrite($fd_log, $working_depend[1] . "\n"); + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; + pkg_debug($working_depend[1] . "\n"); } } } $pkgaddout = ""; exec("/usr/sbin/pkg_add -fv {$fetchto} 2>&1", $pkgaddout); - @fwrite($fd_log, $pkgname . " " . print_r($pkgaddout, true) . "\n"); + pkg_debug($pkgname . " " . print_r($pkgaddout, true) . "\npkg_add successfully completed.\n"); return true; } function install_package($package, $pkg_info = "") { - global $g, $config, $pkg_interface, $fd_log, $static_output, $pkg_interface, $restart_sync; + global $g, $config, $static_output, $pkg_interface; /* safe side. Write config below will send to ro again. */ conf_mount_rw(); if($pkg_interface == "console") echo "\n"; - /* open logfiles and begin installation */ - if (!$fd_log) { - if (!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_{$package}.log", "w")) - update_output_window(gettext("Warning, could not open log for writing.")); - } /* fetch package information if needed */ if(empty($pkg_info) or !is_array($pkg_info[$package])) { $pkg_info = get_pkg_info(array($package)); @@ -479,19 +489,19 @@ function install_package($package, $pkg_info = "") { return -1; } } - @fwrite($fd_log, gettext("Beginning package installation.\n")); - log_error(gettext('Beginning package installation for') . ' ' . $pkg_info['name'] . '.'); - update_status(gettext("Beginning package installation for") . " " . $pkg_info['name'] . "..."); + pkg_debug(gettext("Beginning package installation.") . "\n"); + log_error(sprintf(gettext('Beginning package installation for %s .'), $pkg_info['name'])); + $static_output .= sprintf(gettext("Beginning package installation for %s ."), $pkg_info['name']); update_status($static_output); /* fetch the package's configuration file */ if($pkg_info['config_file'] != "") { - $static_output .= gettext("Downloading package configuration file...") . " "; + $static_output .= "\n" . gettext(Downloading package configuration file... "); update_output_window($static_output); - @fwrite($fd_log, gettext("Downloading package configuration file...\n")); + pkg_debug(gettext("Downloading package configuration file...") . "\n"); $fetchto = substr(strrchr($pkg_info['config_file'], '/'), 1); download_file_with_progress_bar($pkg_info['config_file'], '/usr/local/pkg/' . $fetchto); if(!file_exists('/usr/local/pkg/' . $fetchto)) { - @fwrite($fd_log, gettext("ERROR! Unable to fetch package configuration file. Aborting installation.") . "\n"); + pkg_debug(gettext("ERROR! Unable to fetch package configuration file. Aborting installation.") . \n"); if($pkg_interface == "console") print "\n" . gettext("ERROR! Unable to fetch package configuration file. Aborting package installation.") . "\n"; else { @@ -540,8 +550,6 @@ function install_package($package, $pkg_info = "") { update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); - start_service($pkg_info['name']); - $restart_sync = true; } } @@ -568,7 +576,7 @@ function eval_once($toeval) { } function install_package_xml($pkg) { - global $g, $config, $fd_log, $static_output, $pkg_interface; + global $g, $config, $static_output, $pkg_interface, $config_parsed; if(($pkgid = get_pkg_id($pkg)) == -1) { $static_output .= sprintf(gettext("The %s package is not installed.%sInstallation aborted."), $pkg, "\n\n"); @@ -582,13 +590,6 @@ function install_package_xml($pkg) { } else $pkg_info = $config['installedpackages']['package'][$pkgid]; - /* set up logging if needed */ - if(!$fd_log) { - if(!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_{$pkg}.log", "w")) { - update_output_window(gettext("Warning, could not open log for writing.")); - } - } - /* pkg_add the package and its dependencies */ if($pkg_info['depends_on_package_base_url'] != "") { if($pkg_interface == "console") @@ -600,38 +601,26 @@ function install_package_xml($pkg) { update_output_window($static_output); foreach((array) $pkg_info['depends_on_package'] as $pkgdep) { $pkg_name = substr(reverse_strrchr($pkgdep, "."), 0, -1); - $static_output = $static_orig . "done.\nChecking for successful package installation... "; + $static_output = $static_orig . "\nChecking for package installation... "; update_output_window($static_output); - $pkg_installed = true; - if (!isset($pkg_info['skip_install_checks'])) - $pkg_installed = is_freebsd_pkg_installed($pkg_name); - - if($pkg_installed == false) - pkg_fetch_recursive($pkg_name, $pkgdep, 0, $pkg_info['depends_on_package_base_url']); - /* make sure our package was successfully installed */ - if($pkg_installed == false) - $pkg_installed = is_freebsd_pkg_installed($pkg_name); - if($pkg_installed == true) { - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); - fwrite($fd_log, gettext("pkg_add successfully completed.\n")); - } else { - $static_output .= "of {$pkg_name} failed!\n\nInstallation aborted."; - update_output_window($static_output); - fwrite($fd_log, gettext("Package WAS NOT installed properly.\n")); - fclose($fd_log); - if($pkg_interface <> "console") { - echo "\n<script language=\"JavaScript\">document.progressbar.style.visibility='hidden';</script>"; - echo "\n<script language=\"JavaScript\">document.progholder.style.visibility='hidden';</script>"; + if (!is_freebsd_pkg_installed($pkg_name)) { + if (!pkg_fetch_recursive($pkg_name, $pkgdep, 0, $pkg_info['depends_on_package_base_url'])) { + $static_output .= "of {$pkg_name} failed!\n\nInstallation aborted."; + update_output_window($static_output); + pkg_debug(gettext("Package WAS NOT installed properly.") . "\n"); + if($pkg_interface <> "console") { + echo "\n<script language=\"JavaScript\">document.progressbar.style.visibility='hidden';</script>"; + echo "\n<script language=\"JavaScript\">document.progholder.style.visibility='hidden';</script>"; + } + sleep(1); + return false; } - sleep(1); - return false; } } } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= gettext("Loading package configuration... "); + $static_output .= "\n" . gettext("Loading package configuration... "); update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= gettext("done.") . "\n"; @@ -679,13 +668,13 @@ function install_package_xml($pkg) { return false; } if(stristr($filename, ".tgz") <> "") { - fwrite($fd_log, gettext("Extracting tarball to -C for") . " " . $filename . "...\n"); + pkg_debug(gettext("Extracting tarball to -C for ") . $filename . "...\n"); $tarout = ""; exec("/usr/bin/tar xvzf " . $prefix . $filename . " -C / 2>&1", $tarout); - fwrite($fd_log, print_r($tarout, true) . "\n"); + pkg_debug(print_r($tarout, true) . "\n"); } if($pkg_chmod <> "") { - fwrite($fd_log, sprintf(gettext('Changing file mode to %1$s for %2$s%3$s%4$s'), $pkg_chmod, $prefix, $filename, "\n")); + pkg_debug(sprintf(gettext('Changing file mode to %1$s for %2$s%3$s%4$s'), $pkg_chmod, $prefix, $filename, "\n")); @chmod($prefix . $filename, $pkg_chmod); system("/bin/chmod {$pkg_chmod} {$prefix}{$filename}"); } @@ -703,7 +692,7 @@ function install_package_xml($pkg) { if($pkg_config['include_file'] <> "") { $static_output = gettext("Loading package instructions...") . "\n"; update_output_window($static_output); - fwrite($fd_log, "require_once('{$pkg_config['include_file']}')\n"); + pkg_debug("require_once('{$pkg_config['include_file']}')\n"); if (file_exists($pkg_config['include_file'])) require_once($pkg_config['include_file']); else { @@ -785,8 +774,7 @@ function install_package_xml($pkg) { } else { $static_output .= gettext("Loading package configuration... failed!") . "\n\n" . gettext("Installation aborted."); update_output_window($static_output); - fwrite($fd_log, gettext("Unable to load package configuration. Installation aborted.\n")); - fclose($fd_log); + pkg_debug(gettext("Unable to load package configuration. Installation aborted.") ."\n"); if($pkg_interface <> "console") { echo "\n<script language=\"JavaScript\">document.progressbar.style.visibility='hidden';</script>"; echo "\n<script language=\"JavaScript\">document.progholder.style.visibility='hidden';</script>"; @@ -799,9 +787,8 @@ function install_package_xml($pkg) { if($pkg_info['logging']) { mwexec("/usr/sbin/fifolog_create -s 32768 {$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); @chmod($g['varlog_path'] . '/' . $pkg_info['logging']['logfilename'], 0600); - @fwrite($fd_log, "Adding text to file /etc/syslog.conf\n"); - if(is_process_running("syslogd")) - mwexec("killall syslogd"); + add_text_to_file("/etc/syslog.conf", $pkg_info['logging']['facilityname'] . "\t\t\t\t" . $pkg_info['logging']['logfilename']); + pkg_debug("Adding text to file /etc/syslog.conf\n"); system_syslogd_start(); } @@ -819,24 +806,25 @@ function delete_package($pkg) { update_output_window($static_output); return; } else { - $static_output .= "\t" . sprintf(gettext("Starting package deletion for %s..."), $pkg); + if($pkg) + $static_output .= "\t" . sprintf(gettext("Starting package deletion for %s..."), $pkg); update_output_window($static_output); } $info = ""; exec("/usr/sbin/pkg_info -qrx {$pkg}", $info); remove_freebsd_package($pkg); + $static_output .= "done.\n"; + update_output_window($static_output); foreach($info as $line) { - $depend = trim(str_replace("@pkgdep", "", $line)); + $depend = trim(str_replace("@pkgdep", "", $line), " \n"); delete_package($depend); } - $static_output .= "done.\n"; - update_output_window($static_output); return; } function delete_package_xml($pkg) { - global $g, $config, $fd_log, $static_output, $pkg_interface; + global $g, $config, $static_output, $pkg_interface; conf_mount_rw(); @@ -853,21 +841,16 @@ function delete_package_xml($pkg) { conf_mount_ro(); return; } - /* set up logging if needed */ - if(!$fd_log) { - if(!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_{$pkg}.log", "w")) { - update_output_window(gettext("Warning, could not open log for writing.")); - } - } - fwrite($fd_log, sprintf(gettext("Removing %s package... "), $pkg)); - $static_output .= sprintf(gettext("Removing %s components..."), $pkg) . "\n"; + pkg_debug(sprintf(gettext("Removing %s package... "),$pkg)); + $static_output .= sprintf(gettext("Removing %s components..."),$pkg) . "\n"; update_output_window($static_output); /* parse package configuration */ $packages = &$config['installedpackages']['package']; $tabs =& $config['installedpackages']['tab']; $menus =& $config['installedpackages']['menu']; $services = &$config['installedpackages']['service']; - if(file_exists("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'])) { + $pkg_info =& $packages[$pkgid]; + if(file_exists("/usr/local/pkg/" . $pkg_info['configurationfile'])) { $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'], "packagegui"); /* remove tab items */ if(is_array($pkg_config['tabs'])) { @@ -935,7 +918,7 @@ function delete_package_xml($pkg) { if($pkg_config['include_file'] <> "") { $static_output .= gettext("Loading package instructions...") . "\n"; update_output_window($static_output); - fwrite($fd_log, "require_once(\"{$pkg_config['include_file']}\")\n"); + pkg_debug("require_once(\"{$pkg_config['include_file']}\")\n"); if (file_exists($pkg_config['include_file'])) require_once($pkg_config['include_file']); else { @@ -965,14 +948,6 @@ function delete_package_xml($pkg) { $static_output .= gettext("done.") . "\n"; update_output_window($static_output); } - /* syslog */ - if(is_array($pkg_config['logging']) && $pkg_config['logging']['logfile_name'] <> "") { - $static_output .= "\t" . gettext("Syslog entries... "); - update_output_window($static_output); - remove_text_from_file("/etc/syslog.conf", $pkg_config['logging']['facilityname'] . "\t\t\t\t" . $pkg_config['logging']['logfilename']); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); - } /* deinstall commands */ if($pkg_config['custom_php_deinstall_command'] <> "") { $static_output .= "\t" . gettext("Deinstall commands... "); @@ -987,7 +962,7 @@ function delete_package_xml($pkg) { if($pkg_config['include_file'] <> "") { $static_output .= "\t" . gettext("Removing package instructions..."); update_output_window($static_output); - fwrite($fd_log, sprintf(gettext("Remove '%s'"), $pkg_config['include_file']) . "\n"); + pkg_debug(sprintf(gettext("Remove '%s'"), $pkg_config['include_file']) . "\n"); unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); $static_output .= "done.\n"; update_output_window($static_output); @@ -1016,29 +991,24 @@ function delete_package_xml($pkg) { $static_output .= gettext("done.") . "\n"; update_output_window($static_output); } - /* remove config.xml entries */ + /* syslog */ + if(is_array($pkg_info['logging']) && $pkg_info['logging']['logfile_name'] <> "") { + $static_output .= "\tSyslog entries... "; + update_output_window($static_output); + remove_text_from_file("/etc/syslog.conf", $pkg_info['logging']['facilityname'] . "\t\t\t\t" . $pkg_info['logging']['logfilename']); + system_syslogd_start(); + @unlink("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); + $static_output .= "done.\n"; + update_output_window($static_output); + } conf_mount_ro(); + /* remove config.xml entries */ $static_output .= "\t" . gettext("Configuration... "); update_output_window($static_output); unset($config['installedpackages']['package'][$pkgid]); $static_output .= gettext("done.") . "\n"; update_output_window($static_output); - write_config(sprintf(gettext("Removed %s package.") . "\n", $pkg)); - /* file cleanup */ - $ctag = file("/etc/crontab"); - foreach($ctag as $line) - if(trim($line) != "") - $towrite[] = $line; - - $tmptab = fopen("{$g['tmp_path']}/crontab", "w"); - foreach($towrite as $line) - fwrite($tmptab, $line); - fclose($tmptab); - - // Go RW again since the write_config above will put it back to RO - conf_mount_rw(); - rename("{$g['tmp_path']}/crontab", "/etc/crontab"); - conf_mount_ro(); + write_config("Removed {$pkg} package.\n"); } function expand_to_bytes($size) { @@ -1090,7 +1060,8 @@ function get_package_install_size($pkg = 'all', $pkg_info = "") { if(!$pkg_info) $pkg_info = get_pkg_sizes($pkg); foreach($pkg as $apkg) { - if(!$pkg_info[$apkg]) continue; + if(!$pkg_info[$apkg]) + continue; $toreturn[$apkg] = expand_to_bytes(walk_depend(array($pkg_info[$apkg]), $pkgdb)); } return $toreturn; diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 11f89c9..d63367d 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -4001,6 +4001,4 @@ $dn_default_shaper_msg .= gettext("The tree on the left helps you navigate throu $dn_default_shaper_msg .= " </p></strong></span>"; $dn_default_shaper_msg .= "</td></tr>"; - - ?> diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 604d481..e560a19 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -33,7 +33,7 @@ pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/sysctl /sbin/route pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/bin/netstat /usr/sbin/syslogd pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir - pfSense_BUILDER_BINARIES: /usr/bin/tar /bin/sync /usr/local/sbin/ntpd /usr/sbin/ntpdate + pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/sbin/ntpd /usr/sbin/ntpdate pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload pfSense_MODULE: utils */ @@ -52,10 +52,9 @@ function activate_powerd() { function get_default_sysctl_value($id) { global $sysctls; - foreach($sysctls as $sysctl => $value) { - if($sysctl == $id) - return $value; - } + + if (isset($sysctls[$id])) + return $sysctls[$id]; } function activate_sysctls() { @@ -307,11 +306,6 @@ function system_routing_configure($interface = "") { echo "system_routing_configure() being called $mt\n"; } - /* Enable fast routing, if enabled */ - /* XXX: More checks need to be done for subsystems that are not compatibel with fast routing. */ - if(isset($config['staticroutes']['enablefastrouting']) && !isset($config['ipsec']['enable'])) - mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1"); - $gatewayip = ""; $interfacegw = ""; $foundgw = false; @@ -455,11 +449,9 @@ function system_syslogd_start() { if($config['installedpackages']['package']) { foreach($config['installedpackages']['package'] as $package) { if($package['logging']) { - $pkgfacilities[] = $package['logging']['facilityname']; - $separatelogfacilities = $separatelogfacilities + $pkgfacilities; - $facilitylist = implode(',', $pkgfacilities); + array_push($separatelogfacilities, $package['logging']['facilityname']); mwexec("{$log_create_directive} 10240 {$g['varlog_path']}/{$package['logging']['logfilename']}"); - $syslogconf .= "!{$facilitylist}\n*.*\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n"; + $syslogconf .= "!{$package['logging']['facilityname']}\n*.*\t\t\t\t\t\t {$log_directive}{$g['varlog_path']}/{$package['logging']['logfilename']}\n"; } } } @@ -524,7 +516,7 @@ news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path local7.none {$log_directive}{$g['varlog_path']}/system.log security.* {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf +auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 *.emerg * EOD; @@ -623,12 +615,12 @@ EOD; fclose($fd); // Are we logging to a least one remote server ? if(strpos($syslogconf, "@") != false) - $retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); else - $retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); } else { - $retval = mwexec("/usr/sbin/syslogd -c"); + $retval = mwexec("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log"); } if ($g['booting']) @@ -1334,7 +1326,7 @@ function system_set_harddisk_standby() { // Check for a numeric value if (is_numeric($standby)) { // Sync the disk(s) - mwexec('/bin/sync'); + pfSense_sync(); if (!mwexec('/sbin/sysctl hw.ata.standby=' . ((int)$standby))) { // Reinitialize ATA-drives mwexec('/usr/local/sbin/atareinit'); diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 65bcbaa..bca0ec7 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -704,18 +704,14 @@ function upgrade_040_to_041() { $config['sysctl']['item'][18]['tunable'] = "net.inet.tcp.tso"; $config['sysctl']['item'][18]['descr'] = gettext("TCP Offload engine"); $config['sysctl']['item'][18]['value'] = "default"; - - $config['sysctl']['item'][19]['tunable'] = "hw.bce.tso_enable"; - $config['sysctl']['item'][19]['descr'] = gettext("TCP Offload engine - BCE"); - $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "net.inet.ip.portrange.first"; - $config['sysctl']['item'][20]['descr'] = gettext("Set the ephemeral port range starting port"); - $config['sysctl']['item'][20]['value'] = "default"; + $config['sysctl']['item'][19]['tunable'] = "net.inet.ip.portrange.first"; + $config['sysctl']['item'][19]['descr'] = "Set the ephemeral port range starting port"; + $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][21]['tunable'] = "hw.syscons.kbd_reboot "; - $config['sysctl']['item'][21]['descr'] = gettext("Enables ctrl+alt+delete"); - $config['sysctl']['item'][21]['value'] = "default"; + $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot "; + $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; + $config['sysctl']['item'][20]['value'] = "default"; } } @@ -1082,7 +1078,7 @@ function upgrade_047_to_048() { if (!empty($config['dyndns'])) { $config['dyndnses'] = array(); $config['dyndnses']['dyndns'] = array(); - if(isset($config['dyndns'][0]['enable'])) { + if(isset($config['dyndns'][0]['host'])) { $tempdyn = array(); $tempdyn['enable'] = isset($config['dyndns'][0]['enable']); $tempdyn['type'] = $config['dyndns'][0]['type']; @@ -1671,10 +1667,11 @@ function upgrade_053_to_054() { $monitor = $split[1]; /* on static upgraded configuration we automatically prepend GW_ */ $static_name = "GW_" . strtoupper($interface); - if(is_ipaddr($monitor)) { - $interface = $static_name; - $config['interfaces'][$interface]['monitorip'] = $monitor; - } + if(is_ipaddr($monitor)) + foreach ($a_gateways as & $gw) + if ($gw['name'] == $static_name) + $gw['monitor'] = $monitor; + /* on failover increment tier. Else always assign 1 */ if($lbpool['behaviour'] == "failover") { $i++; @@ -1738,6 +1735,8 @@ function upgrade_054_to_055() { } /* the roundtrip times need to be divided by 1000 to get seconds, really */ $databases = array(); + if (!file_exists($rrddbpath)) + @mkdir($rrddbpath); chdir($rrddbpath); $databases = glob("*-quality.rrd"); rsort($databases); @@ -1885,11 +1884,20 @@ function upgrade_055_to_056() { function upgrade_056_to_057() { global $config; + if (!is_array($config['system']['user'])) + $config['system']['user'] = array(); /* migrate captivate portal to user manager */ if (is_array($config['captiveportal']['user'])) { foreach($config['captiveportal']['user'] as $user) { // avoid user conflicts - if ($config['system']['user'][$user['name']]) + $found = false; + foreach ($config['system']['user'] as $userent) { + if ($userent['name'] == $user['name']) { + $found = true; + break; + } + } + if ($found) continue; $user['scope'] = "user"; if (isset($user['expirationdate'])) { @@ -1900,6 +1908,7 @@ function upgrade_056_to_057() { $user['md5-hash'] = $user['password']; unset($user['password']); } + $user['uid'] = $config['system']['nextuid']++; $config['system']['user'][] = $user; } unset($config['captiveportal']['user']); @@ -2228,10 +2237,10 @@ function upgrade_070_to_071() { function rename_field(& $section, $oldname, $newname) { if (is_array($section)) { foreach($section as & $item) { - if (!empty($item[$oldname])) { + if (!empty($item[$oldname])) $item[$newname] = $item[$oldname]; + if (isset($item[$oldname])) unset($item[$oldname]); - } } } } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 90875a0..a39670b 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -38,7 +38,7 @@ /* kill a process by pid file */ function killbypid($pidfile) { - sigkillbypid($pidfile, "TERM"); + return sigkillbypid($pidfile, "TERM"); } function isvalidpid($pid) { @@ -649,10 +649,16 @@ function get_configured_ip_addresses() { require_once("interfaces.inc"); $ip_array = array(); $interfaces = get_configured_interface_list(); - foreach($interfaces as $int) { - $ipaddr = get_interface_ip($int); - $ip_array[$int] = $ipaddr; + if(is_array($interfaces)) { + foreach($interfaces as $int) { + $ipaddr = get_interface_ip($int); + $ip_array[$int] = $ipaddr; + } } + $interfaces = get_configured_carp_interface_list(); + if(is_array($interfaces)) + foreach($interfaces as $int => $ipaddr) + $ip_array[$int] = $ipaddr; return $ip_array; } @@ -784,6 +790,23 @@ function log_error($error) { return; } +/****f* util/log_auth +* NAME +* log_error - Sends a string to syslog as LOG_AUTH facility +* INPUTS +* $error - string containing the syslog message. +* RESULT +* null +******/ +function log_auth($error) { + global $g; + $page = $_SERVER['SCRIPT_NAME']; + syslog(LOG_AUTH, "$page: $error"); + if ($g['debug']) + syslog(LOG_WARNING, var_dump(debug_backtrace())); + return; +} + /****f* util/exec_command * NAME * exec_command - Execute a command and return a string of the result. @@ -802,17 +825,16 @@ function exec_command($command) { /* wrapper for exec() */ function mwexec($command, $mute = false) { - global $g; - $oarr = array(); - $retval = 0; + if ($g['debug']) { if (!$_SERVER['REMOTE_ADDR']) echo "mwexec(): $command\n"; - exec("$command 2>&1", $oarr, $retval); - } else { - exec("$command 2>&1", $oarr, $retval); } + $oarr = array(); + $retval = 0; + $garbage = exec("$command 2>&1", $oarr, $retval); + if(isset($config['system']['developerspew'])) $mute = false; if(($retval <> 0) && ($mute === false)) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index b76f959..e720853 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -118,6 +118,7 @@ function vpn_ipsec_configure($ipchg = false) return true; } else { mwexec("/sbin/ifconfig enc0 up"); + mwexec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); if ($g['booting']) echo gettext("Configuring IPsec VPN... "); @@ -635,15 +636,18 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk mobile tunnel */ - if (($localid_type == "none") || ($ph1ent['authentication_method'] == "pre_shared_key") && isset($ph1ent['mobile'])) + /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + if (($localid_type == "none") || + (($ph1ent['authentication_method'] == "xauth_psk_server") || + ($ph1ent['authentication_method'] == "pre_shared_key")) + && isset($ph1ent['mobile'])) $localid_spec = " "; else { - if ($localid_type != "address") { - $localid_type = "subnet"; - } - $localid_spec = $localid_type." ".$localid_data." any"; - } + if ($localid_type != "address") { + $localid_type = "subnet"; + } + $localid_spec = $localid_type." ".$localid_data." any"; + } if (!isset($ph2ent['mobile'])) { $remoteid_type = $ph2ent['remoteid']['type']; @@ -656,16 +660,23 @@ EOD; $remoteid_spec = "anonymous"; } else { - $rgip = $rgmap[$ph1ent['remote-gateway']]; - $localid_data = ipsec_get_phase1_src($ph1ent); - if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } - $localid_spec = "address {$localid_data}"; - - $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; - if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } - $remoteid_spec = "address {$remoteid_data}"; + if ((($ph1ent['authentication_method'] == "xauth_psk_server") || + ($ph1ent['authentication_method'] == "pre_shared_key")) + && isset($ph1ent['mobile'])) + $localid_spec = " "; + else { + $localid_data = ipsec_get_phase1_src($ph1ent); + if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } + $localid_spec = "address {$localid_data}"; + } + if (!isset($ph2ent['mobile'])) { + $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; + if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } + $remoteid_spec = "address {$remoteid_data}"; + } else + $remoteid_spec = "anonymous"; } if($ph2ent['protocol'] == 'esp') { @@ -877,7 +888,6 @@ EOD; sleep("0.1"); mwexec("/usr/local/sbin/setkey -F", false); sleep("0.1"); - exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); /* start racoon */ mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf", false); sleep("0.1"); diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 1738370..c1ab5cd 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -179,20 +179,27 @@ function parse_xml_config_raw($cffile, $rootobj, $isstring = "false") { while ($data = fread($fp, 4096)) { if (!xml_parse($xml_parser, $data, feof($fp))) { - log_error(sprintf(gettext('XML error: %1$s at line %2$d') . "\n", + log_error(sprintf(gettext('XML error: %1$s at line %2$d in %3$s') . "\n", xml_error_string(xml_get_error_code($xml_parser)), - xml_get_current_line_number($xml_parser))); + xml_get_current_line_number($xml_parser), + $cffile)); return -1; } } xml_parser_free($xml_parser); - if (!$parsedcfg[$rootobj]) { + if (!is_array($rootobj)) + $rootobj = array($rootobj); + foreach ($rootobj as $rootobj_name) + if ($parsedcfg[$rootobj_name]) + break; + + if (!$parsedcfg[$rootobj_name]) { log_error(sprintf(gettext("XML error: no %s object found!") . "\n", $rootobj)); return -1; } - return $parsedcfg[$rootobj]; + return $parsedcfg[$rootobj_name]; } function dump_xml_config_sub($arr, $indent) { diff --git a/etc/inc/xmlreader.inc b/etc/inc/xmlreader.inc index f1450b8..173a59f 100644 --- a/etc/inc/xmlreader.inc +++ b/etc/inc/xmlreader.inc @@ -128,7 +128,13 @@ function parse_xml_config_raw($cffile, $rootobj, $isstring = "false") { } else log_error(sprintf(gettext("Error returned while trying to parse %s"), $cffile)); - return $parsedcfg[$rootobj]; + if (!is_array($rootobj)) + $rootobj = array($rootobj); + foreach ($rootobj as $rootobj_name) + if ($parsedcfg[$rootobj_name]) + break; + + return $parsedcfg[$rootobj_name]; } function dump_xml_config_sub(& $writer, $arr) { diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index 61167bf..ef4fc19 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -107,17 +107,36 @@ function php_value_to_xmlrpc($value, $force_array = false) { * the array before returning it. */ function xmlrpc_auth(&$params) { - global $config; + global $config, $_SERVER; + + if (!is_array($config['system']['user'])) { + array_shift($params); + unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); + return false; + } + if (!isset($config['system']['user'][0]['password'])) { + array_shift($params); + unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); + return false; + } + $localpass = $config['system']['user'][0]['password']; if(crypt($params[0], $localpass) == $localpass) { array_shift($params); + unset($params['xmlrpcauth']); return true; - } else if(crypt($params['xmlrpcauth'], $localpass) != $localpass) { + } else if(crypt($params['xmlrpcauth'], $localpass) == $localpass) { + array_shift($params); unset($params['xmlrpcauth']); - return false; + return true; } + + array_shift($params); unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); return false; } -?>
\ No newline at end of file +?> diff --git a/etc/phpshellsessions/externalconfiglocator b/etc/phpshellsessions/externalconfiglocator new file mode 100644 index 0000000..84534b3 --- /dev/null +++ b/etc/phpshellsessions/externalconfiglocator @@ -0,0 +1,3 @@ + +include("/etc/ecl.php"); + @@ -332,16 +332,31 @@ echo "done." if [ `/bin/ls -la /etc/gettytab | /usr/bin/awk '{ print $5'}` -lt 512 ]; then echo ">>> Restoring /etc/gettytab due to unusal size" echo ">>> Restoring /etc/gettytab due to unusal size" | /usr/bin/logger - cp /etc/gettytab.bak /etc/gettytab + /bin/cp /etc/gettytab.bak /etc/gettytab fi # Recreate capabilities DB -cap_mkdb /etc/login.conf +/usr/bin/cap_mkdb /etc/login.conf # Run the php.ini setup file and populate # /usr/local/etc/php.ini and /usr/local/lib/php.ini /etc/rc.php_ini_setup +# Launch external configuration loader for supported platforms +if [ "$PLATFORM" = "embedded" ]; then + /usr/local/bin/php -q /etc/ecl.php +fi + +# Launch external configuration loader for supported platforms +if [ "$PLATFORM" = "nanobsd" ]; then + /usr/local/bin/php -q /etc/ecl.php +fi + +# Launch external configuration loader for supported platforms +if [ "$PLATFORM" = "pfSense" ]; then + /usr/local/bin/php -q /etc/ecl.php +fi + nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status # let the PHP-based configuration subsystem set up the system now @@ -379,12 +394,12 @@ echo "done." /bin/chmod a+rw /tmp/. echo "Bootup complete" -rm $varrunpath/booting +/bin/rm $varrunpath/booting /usr/local/bin/beep.sh start 2>&1 >/dev/null # Reset the cache. read-only requires this. -rm /tmp/config.cache +/bin/rm /tmp/config.cache /etc/rc.conf_mount_ro diff --git a/etc/rc.bootup b/etc/rc.bootup index 2d39df6..fe1faa3 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -249,9 +249,6 @@ echo "Starting PFLOG..."; filter_pflog_start(); echo "done.\n"; -/* start load balancer daemon */ -relayd_configure(); - /* reconfigure our gateway monitor */ echo "Setting up gateway monitors..."; setup_gateways_monitor(); @@ -282,6 +279,9 @@ system_routing_configure(); /* enable routing */ system_routing_enable(); +/* start load balancer daemon */ +relayd_configure(); + /* configure console menu */ system_console_configure(); @@ -293,10 +293,6 @@ echo "done.\n"; /* Launch on bootup and keep trying to sync. Exit once time/date has been sync'd. */ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); -/* static IP address? -> attempt DNS update */ -if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) - services_dnsupdate_process(); - /* start DHCP service */ services_dhcpd_configure(); @@ -306,12 +302,15 @@ services_dnsmasq_configure(); /* start dhcpleases dhpcp hosts leases program */ system_dhcpleases_configure(); -/* start dyndns service */ -send_event("service reload dyndnsall"); - /* start DHCP relay */ services_dhcrelay_configure(); +/* dyndns service updates */ +send_event("service reload dyndnsall"); + +/* Run a filter configure now that most all services have started */ +filter_configure_sync(); + /* setup pppoe and pptp */ vpn_setup(); @@ -336,9 +335,6 @@ system_set_harddisk_standby(); /* lock down console if necessary */ auto_login(); -/* Run a filter configure now that most all services have started */ -filter_configure_sync(); - /* load graphing functions */ enable_rrd_graphing(); @@ -361,16 +357,16 @@ if($config['system']['afterbootupshellcmd'] <> "") { if($avail < $g['minimum_ram_warning']) { require_once("/etc/inc/notices.inc"); file_notice("{$g['product_name']}MemoryRequirements", "{$g['product_name']} requires at least {$g['minimum_ram_warning_text']} of RAM. Expect unusual performance. This platform is not supported.", "Memory", "", 1); - mwexec("sysctl net.inet.tcp.recvspace=4096"); - mwexec("sysctl net.inet.tcp.sendspace=4096"); + mwexec("/sbin/sysctl net.inet.tcp.recvspace=4096"); + mwexec("/sbin/sysctl net.inet.tcp.sendspace=4096"); } /* if we are operating at 1000 then increase timeouts. this was never accounted for after moving to 1000 hz */ -$kern_hz = `sysctl kern.clockrate | awk '{ print $5 }' | cut -d"," -f1`; +$kern_hz = `/sbin/sysctl kern.clockrate | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"," -f1`; $kern_hz = trim($kern_hz, "\r\n"); if($kern_hz == "1000") - mwexec("sysctl net.inet.tcp.rexmit_min=30"); + mwexec("/sbin/sysctl net.inet.tcp.rexmit_min=30"); /* start the igmpproxy daemon */ services_igmpproxy_configure(); @@ -383,7 +379,7 @@ activate_powerd(); /* Remove the old shutdown binary if we kept it. */ if (file_exists("/sbin/shutdown.old")) - unlink("/sbin/shutdown.old"); + @unlink("/sbin/shutdown.old"); /* done */ unset($g['booting']); diff --git a/etc/rc.dyndns.update b/etc/rc.dyndns.update index a84cadd..557113c 100755 --- a/etc/rc.dyndns.update +++ b/etc/rc.dyndns.update @@ -38,9 +38,12 @@ require_once("shaper.inc"); $argument = trim($argv[1], " \n"); -if(empty($argument)) +if(empty($argument)) { services_dyndns_configure(); -else + services_dnsupdate_process(); +} else { services_dyndns_configure($argument); + services_dnsupdate_process($argument); +} ?> diff --git a/etc/rc.filter_configure_xmlrpc b/etc/rc.filter_configure_xmlrpc index 4a42df7..bd1f785 100755 --- a/etc/rc.filter_configure_xmlrpc +++ b/etc/rc.filter_configure_xmlrpc @@ -43,7 +43,6 @@ require_once("shaper.inc"); require_once("xmlrpc.inc"); require_once("interfaces.inc"); -filter_configure(); system_routing_configure(); setup_gateways_monitor(); relayd_configure(); @@ -51,4 +50,4 @@ require_once("openvpn.inc"); openvpn_resync_all(); services_dhcpd_configure(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index dede6ba..0a8316b 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -64,6 +64,13 @@ function backup_vip_config_section() { $section_val = 255; $section['advskew'] = $section_val; } + if($section['advbase'] <> "") { + $section_val = intval($section['advbase']); + $section_val=$section_val+1; + if($section_val > 255) + $section_val = 255; + $section['advbase'] = $section_val; + } $temp['vip'][] = $section; } return $temp; @@ -81,10 +88,59 @@ function remove_special_characters($string) { return $string; } +function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { + global $config, $g; + + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) + return; + + $params = array( + XML_RPC_encode($password) + ); + + $numberofruns = 0; + while ($numberofruns < 2) { + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if(!is_object($resp)) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } else { + $parsed_response = XML_RPC_decode($resp->value()); + if(!is_array($parsed_response)) { + if (trim($parsed_response) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + exit; + } + } else { + if (!isset($parsed_response['config_version']) || + $parsed_response['config_version'] < $config['version']) + return false; + else + return true; + } + } + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + $numberofruns++; + } + + return false; +} + function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; - if(file_exists("{$g['varrun_path']}/booting")) + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; update_filter_reload_status("Syncing CARP data to {$url}"); @@ -189,46 +245,48 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); - continue; } elseif($resp->faultCode()) { $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); - continue; } else { - log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + $parsed_response = XML_RPC_decode($resp->value()); + if(!is_array($parsed_response) && trim($parsed_repsonse) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ($method)."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + exit; + } else + log_error("XMLRPC sync successfully completed with {$url}:{$port}."); $numberofruns = 3; } - $parsed_response = XML_RPC_Decode($resp->value()); - if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - $numberofruns = 5; - } $numberofruns++; } } global $g; -if (file_exists("{$g['varrun_path']}/booting")) +if (file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { - if ($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if ($config['system']['webgui']['protocol'] != "") { + if (empty($carp['synchronizetoip'])) { + log_error("CARP sync not being done because of missing sync ip!"); + break; + } + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if (!empty($config['system']['webgui']['protocol'])) { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } /* if port is empty lets rely on the protocol selection */ $port = $config['system']['webgui']['port']; - if ($port == "") { + if (empty($port)) { if ($config['system']['webgui']['protocol'] == "http") $port = "80"; else @@ -323,6 +381,12 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { + if (!carp_check_version($synchronizetoip, $carp['password'], $port)) { + update_filter_reload_status("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + log_error("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + break; + } + update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); if (is_array($mergesections)) @@ -351,7 +415,6 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } break; - } } } diff --git a/etc/rc.initial b/etc/rc.initial index 13fcbba..4d88bda 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -3,7 +3,7 @@ # $Id$ # /etc/rc.initial # part of pfSense by Scott Ullrich -# Copyright (C) 2004 Scott Ullrich, All rights reserved. +# Copyright (C) 2004-2010 Scott Ullrich, All rights reserved. # originally based on m0n0wall (http://neon1.net/m0n0wall) # Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. # All rights reserved. @@ -43,45 +43,38 @@ fi product=`grep product_name /etc/inc/globals.inc | cut -d'"' -f4` hidebanner=`grep hidebanner /etc/inc/globals.inc | cut -d'"' -f4` -# display a cheap menu -echo -echo -echo " ${product} console setup " -echo "***************************" -echo " 0) Logout (SSH only)" -echo " 1) Assign Interfaces" -echo " 2) Set interface(s) IP address" -echo " 3) Reset webConfigurator password" -echo " 4) Reset to factory defaults" -echo " 5) Reboot system" -echo " 6) Halt system" -echo " 7) Ping host" -echo " 8) Shell" -echo " 9) PFtop" -echo "10) Filter Logs" -echo "11) Restart webConfigurator" -echo "12) ${product} Developer Shell" -echo "13) Upgrade from console" +# Check to see if SSH is listening. SSHD=`/usr/bin/sockstat -4l | grep "*.22" | wc -l` if [ "$SSHD" -gt 0 ]; then - echo "14) Disable Secure Shell (sshd)"; + sshd_option="14) Disable Secure Shell (sshd)"; else - echo "14) Enable Secure Shell (sshd)"; + sshd_option="14) Enable Secure Shell (sshd)"; fi for i in /var/db/pfi/capable_*; do if [ -f $i -a ! -L /cf/conf ]; then - echo "98) Move configuration file to removable device" + option98="98) Move configuration file to removable device" break fi done if [ "$PLATFORM" = "cdrom" ]; then - echo "99) Install ${product} to a hard drive/memory drive, etc." - echo + option99="99) Install ${product} to a hard drive, etc." fi -echo +# display a cheap menu +echo "" +echo "" +echo " 0) Logout (SSH only) 8) Shell" +echo " 1) Assign Interfaces 9) pfTop" +echo " 2) Set interface(s) IP address 10) Filter Logs" +echo " 3) Reset webConfigurator password 11) Restart webConfigurator" +echo " 4) Reset to factory defaults 12) ${product} Developer Shell" +echo " 5) Reboot system 13) Upgrade from console" +echo " 6) Halt system ${sshd_option}" +echo " 7) Ping host ${option98}" +/bin/echo "${option99}" + read -p "Enter an option: " opmode echo diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 347ccd0..4735994 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -41,6 +41,10 @@ require_once("ipsec.inc"); require_once("vpn.inc"); require_once("openvpn.inc"); +// Do not process while booting +if($g['booting']) + exit; + /* Interface IP address has changed */ $argument = str_replace("\n", "", $argv[1]); @@ -71,6 +75,10 @@ $oldip = "0.0.0.0"; if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); +$grouptmp = link_interface_to_group($interface); +if (!empty($grouptmp)) + array_walk($grouptmp, 'interface_group_add_member'); + /* regenerate resolv.conf if DNS overrides are allowed */ system_resolvconf_generate(true); @@ -84,6 +92,9 @@ system_routing_configure($interface); /* reconfigure our gateway monitor */ setup_gateways_monitor(); +/* signal filter reload */ +filter_configure(); + if (is_ipaddr($oldip) && $curwanip == $oldip) exit; @@ -99,10 +110,6 @@ vpn_ipsec_force_reload(); /* start OpenVPN server & clients */ openvpn_resync_all($interface); -/* signal filter reload */ -unlink_if_exists("/tmp/config.cache"); -filter_configure(); - /* reload graphing functions */ enable_rrd_graphing(); @@ -111,5 +118,4 @@ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); mwexec_bg("/etc/rc.start_packages"); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); -return 0; ?> diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index b2b6320..6fc7589 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -26,7 +26,7 @@ # POSSIBILITY OF SUCH DAMAGE. # Set our operating platform -PLATFORM=`cat /etc/platform` +PLATFORM=`/bin/cat /etc/platform` EXTENSIONSDIR="/usr/local/lib/php/20060613/" # Grab amount of memory that is detected @@ -37,8 +37,8 @@ else fi if [ -z "$AVAILMEM" ]; then - MEM=`sysctl hw.physmem | cut -d':' -f2` - AVAILMEM=`expr $MEM / 1048576` + MEM=`/sbin/sysctl hw.physmem | cut -d':' -f2` + AVAILMEM=`/bin/expr $MEM / 1048576` fi # Calculate APC SHM size according @@ -132,18 +132,18 @@ PHPMODULES="$PHPMODULES pfSense" # Clear the .ini file to make sure we are clean if [ -f /usr/local/etc/php.ini ]; then - rm /usr/local/etc/php.ini + /bin/rm /usr/local/etc/php.ini fi if [ -f /usr/local/lib/php.ini ]; then - rm /usr/local/lib/php.ini + /bin/rm /usr/local/lib/php.ini fi -LOADED_MODULES=`/usr/local/bin/php -m | grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/grep -v "\["` # Get a loaded module list in the stock php # Populate a dummy php.ini to avoid # the file being clobbered and the firewall # not being able to boot back up. -cat >/usr/local/lib/php.ini <<EOF +/bin/cat >/usr/local/lib/php.ini <<EOF ; File generated from /etc/rc.php_ini_setup output_buffering = "0" expose_php = Off @@ -168,16 +168,16 @@ extension_dir=${EXTENSIONSDIR} EOF # Copy php.ini file to etc/ too (cli) -cp /usr/local/lib/php.ini /usr/local/etc/php.ini +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini # Ensure directory exists if [ ! -d /etc/php_dynamodules ]; then - mkdir /etc/php_dynamodules + /bin/mkdir /etc/php_dynamodules fi # Read in dynamodules if [ -d /etc/php_dynamodules ]; then - DYNA_MODULES=`ls /etc/php_dynamodules/` + DYNA_MODULES=`/bin/ls /etc/php_dynamodules/` PHPMODULES="$PHPMODULES $DYNA_MODULES" fi @@ -200,12 +200,12 @@ for EXT in $PHPMODULES; do done # Get amount of ram installed on this system -RAM=`sysctl hw.realmem | awk '{print $2/1000000}' | awk -F '.' '{print $1}'` +RAM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1000000}' | /usr/bin/awk -F '.' '{print $1}'` export RAM export LOWMEM if [ "$RAM" -gt 96 ]; then - cat >>/usr/local/lib/php.ini <<EOF + /bin/cat >>/usr/local/lib/php.ini <<EOF ; APC Settings apc.enabled="1" @@ -217,10 +217,10 @@ EOF else LOWMEM="TRUE" echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." - echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." | logger -p daemon.info -i -t rc.php_ini_setup + echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup fi - cat >>/usr/local/lib/php.ini <<EOF + /bin/cat >>/usr/local/lib/php.ini <<EOF [suhosin] suhosin.get.max_array_depth = 5000 @@ -235,24 +235,25 @@ suhosin.request.max_array_depth = 5000 suhosin.request.max_array_index_length = 256 suhosin.request.max_vars = 5000 suhosin.request.max_value_length = 500000 +suhosin.memory_limit = 512435456 EOF # Copy php.ini file to etc/ too (cli) -cp /usr/local/lib/php.ini /usr/local/etc/php.ini +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini # Remove old log file if it exists. if [ -f /var/run/php_modules_load_errors.txt ]; then - rm /var/run/php_modules_load_errors.txt + /bin/rm /var/run/php_modules_load_errors.txt fi for EXT in $PHPMODULES; do - PHPMODULESLC="$PHPMODULESLC `echo "$EXT" | tr '[:upper:]' '[:lower:]'`" + PHPMODULESLC="$PHPMODULESLC `echo "$EXT" | /usr/bin/tr '[:upper:]' '[:lower:]'`" done # Check loaded modules and remove anything that did not load correctly -LOADED_MODULES=`/usr/local/bin/php -m | tr '[:upper:]' '[:lower:]' 2>/dev/null | grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\["` for EXT in $PHPMODULESLC; do SHOULDREMOVE="true" for LM in $LOADED_MODULES; do @@ -272,12 +273,12 @@ for EXT in $PHPMODULESLC; do if [ "$SHOULDREMOVE" = "true" ]; then if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt - cat /usr/local/lib/php.ini | grep -v $EXT > /tmp/php.ini - rm -f /usr/local/lib/php.ini - mv /tmp/php.ini /usr/local/lib/php.ini + /bin/cat /usr/local/lib/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini + /bin/rm -f /usr/local/lib/php.ini + /bin/mv /tmp/php.ini /usr/local/lib/php.ini fi fi done # Copy php.ini file to etc/ too (cli) -cp /usr/local/lib/php.ini /usr/local/etc/php.ini +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini @@ -53,7 +53,14 @@ if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key")) { if(!file_exists("/etc/ssh/ssh_host_key.pub")) { echo "Restoring SSH from /conf/sshd/"; - exec("cp /conf/sshd/* /etc/ssh/"); + exec("/bin/cp -p /conf/sshd/* /etc/ssh/"); + + /* make sure host private key permissions aren't too open so sshd won't complain */ + $files_to_check = array('ssh_host_dsa_key','ssh_host_key','ssh_host_rsa_key'); + foreach($files_to_check as $f2c) { + if(file_exists("/etc/ssh/{$f2c}")) + chmod("/etc/ssh/{$f2c}", 0600); + } } } @@ -176,7 +183,7 @@ if($g['platform'] == "nanobsd") { if(!is_dir("/conf/sshd")) exec("mkdir /conf/sshd"); - exec("cp /etc/ssh/ssh_host* /conf/sshd"); + exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } conf_mount_ro(); diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 01dfc78..ee98fa0 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -59,7 +59,7 @@ arp_flush() { } delete_old_address() { - rm -f /var/db/${interface}_ip + /bin/rm -f /var/db/${interface}_ip $IFCONFIG $interface inet -alias $old_ip_address $medium } @@ -82,8 +82,6 @@ add_new_address() { echo $new_routers > /tmp/${interface}_router echo $new_ip_address > /var/db/${interface}_ip - /usr/local/sbin/pfSctl -c "interface newip $interface" - } delete_old_alias() { @@ -185,6 +183,7 @@ add_new_routes() { return fi + ADDED_ROUTE=no # Only allow the default route to be overridden if it's on our own interface if [ -f "/tmp/${interface}_defaultgw" ]; then $ROUTE delete default @@ -193,13 +192,12 @@ add_new_routes() { $ROUTE add default -iface $interface echo $ROUTE add default -iface $interface | $LOGGER echo $router > /tmp/${interface}_router - echo $router > /tmp/${interface}_defaultgw else $ROUTE add default $router echo $ROUTE add default $router | $LOGGER echo $router > /tmp/${interface}_router - echo $router > /tmp/${interface}_defaultgw fi + ADDED_ROUTE=yes # 2nd and subsequent default routers error out, so explicitly # stop processing the list after the first one. break @@ -211,8 +209,10 @@ add_new_routes() { set $new_static_routes while [ $# -gt 1 ]; do $ROUTE add $1 $2 + if [ "$ADDED_ROUTE" = "no" ]; then + echo $2 > /tmp/${interface}_router + fi shift; shift - echo $new_routers > /tmp/${interface}_router done fi } @@ -226,7 +226,7 @@ add_new_resolv_conf() { done fi if [ -n "$new_domain_name_servers" ]; then - rm -f /var/etc/nameserver_$interface + /bin/rm -f /var/etc/nameserver_$interface for nameserver in $new_domain_name_servers; do # Add a route to the nameserver out the correct interface # so that mulitple wans work correctly with multiple dns @@ -235,7 +235,6 @@ add_new_resolv_conf() { $ROUTE add $nameserver -iface $interface done echo $new_domain_name >/var/etc/searchdomain_$interface - /usr/local/sbin/pfSctl -c 'service reload dns' fi return 0 @@ -243,6 +242,7 @@ add_new_resolv_conf() { # Notify rc.newwanip of changes to an interface notify_rc_newwanip() { + /usr/local/sbin/pfSctl -c "interface newip $interface" } # @@ -261,12 +261,12 @@ if [ -f /etc/dhclient-enter-hooks ]; then fi fi -if [ -x $ROUTE ]; then - if_defaultroute=`$ROUTE get default | $GREP interface | $AWK '{print $2}'` -else - $LOGGER "if_defaultroute" - if_defaultroute="x" -fi +#if [ -x $ROUTE ]; then +# if_defaultroute=`$ROUTE -n get -inet default | $GREP interface | $AWK '{print $2}'` +#else +# $LOGGER "if_defaultroute" +# if_defaultroute="x" +#fi $LOGGER $reason case $reason in @@ -287,17 +287,17 @@ ARPCHECK|ARPSEND) BOUND|RENEW|REBIND|REBOOT) check_hostname - changes=no + changes="no" if [ -n "$old_ip_address" ]; then if [ -n "$alias_ip_address" ] && \ [ "$old_ip_address" != "$alias_ip_address" ]; then delete_old_alias - changes=yes + changes="yes" fi if [ "$old_ip_address" != "$new_ip_address" ]; then delete_old_address delete_old_routes - changes=yes + changes="yes" fi fi if [ "$reason" = BOUND ] || \ @@ -306,12 +306,12 @@ BOUND|RENEW|REBIND|REBOOT) [ "$old_ip_address" != "$new_ip_address" ]; then add_new_address add_new_routes - changes=yes + changes="yes" fi if [ -n "$alias_ip_address" ] && \ [ "$new_ip_address" != "$alias_ip_address" ]; then add_new_alias - changes=yes + changes="yes" fi add_new_resolv_conf if [ "$changes" = "yes" ] ; then @@ -334,7 +334,7 @@ TIMEOUT) if [ -n "$new_routers" ]; then $LOGGER "New Routers ($interface): $new_routers" set "$new_routers" - if /sbin/ping -q -c 1 -w 1 "$1"; then + if /sbin/ping -q -c 1 -t 1 "$1"; then if [ "$new_ip_address" != "$alias_ip_address" ]; then add_new_alias fi diff --git a/usr/local/bin/beep.sh b/usr/local/bin/beep.sh index ca39a07..febb222 100755 --- a/usr/local/bin/beep.sh +++ b/usr/local/bin/beep.sh @@ -9,14 +9,14 @@ if [ "$PFSENSETYPE" = "embedded" ]; then fi # this is super annoying in VMware, exit if in VMware -VMWCOUNT=`dmesg -a | grep VMware | wc -l | awk '{ print $1 }'` +VMWCOUNT=`/usr/bin/grep -c VMware /var/log/dmesg.boot` if [ $VMWCOUNT -gt 0 ]; then exit; fi # Check for different HZ if [ -f /boot/loader.conf ]; then - HZ=`cat /boot/loader.conf | grep kern.hz | wc -l | awk '{ print $1 }'` + HZ=`/usr/bin/grep -c kern.hz /boot/loader.conf` if [ "$HZ" = "1" ]; then NOTELENGTH="10" fi diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index de0d226..19db7e7 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -3,58 +3,54 @@ <name>carpsettings</name> <version>0.1.0</version> <title>Services: CARP Settings</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['carpsettings']['config']</configpath> <aftersaveredirect>pkg_edit.php?xml=carp_settings.xml&id=0</aftersaveredirect> - <!-- Menu is where this packages menu will appear --> <menu> - <name>CARP (failover)</name> - <tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent.</tooltiptext> - <section>Firewall</section> - <configfile>carp_settings.xml</configfile> + <name>CARP (failover)</name> + <tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent.</tooltiptext> + <section>Firewall</section> + <configfile>carp_settings.xml</configfile> </menu> <tabs> -<!-- <tab> - <text>CARP Virtual IPs</text> - <url>/pkg.php?xml=carp.xml</url> - </tab> ---> - <tab> - <text>Virtual IPs</text> - <url>firewall_virtual_ip.php</url> - </tab> - <tab> - <text>CARP Settings</text> - <url>pkg_edit.php?xml=carp_settings.xml&id=0</url> - <active/> - </tab> + <tab> + <text>Virtual IPs</text> + <url>firewall_virtual_ip.php</url> + </tab> + <tab> + <text>CARP Settings</text> + <url>pkg_edit.php?xml=carp_settings.xml&id=0</url> + <active/> + </tab> </tabs> <adddeleteeditpagefields> - <columnitem> - <fielddescr>PFSync Enabled</fielddescr> - <fieldname>pfsyncenabled</fieldname> - </columnitem> - <columnitem> - <fielddescr>PFSync IP</fielddescr> - <fieldname>pfsyncip</fieldname> - </columnitem> - <columnitem> - <fielddescr>PFSync Interface</fielddescr> - <fieldname>pfsyncinterface</fieldname> - </columnitem> + <columnitem> + <fielddescr>PFSync Enabled</fielddescr> + <fieldname>pfsyncenabled</fieldname> + </columnitem> + <columnitem> + <fielddescr>PFSync IP</fielddescr> + <fieldname>pfsyncip</fieldname> + </columnitem> + <columnitem> + <fielddescr>PFSync Interface</fielddescr> + <fieldname>pfsyncinterface</fieldname> + </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> - <fielddescr>Synchronize Enabled</fielddescr> + <name>State Synchronization Settings (pfsync)</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Synchronize States</fielddescr> <fieldname>pfsyncenabled</fieldname> - <description> - PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. + <description> + pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. + <p> + This setting should be enabled on all members of a failover group. <p> - NOTE: Clicking save will force a configuration sync! - </description> + NOTE: Clicking save will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below) + </description> <type>checkbox</type> </field> <field> @@ -62,14 +58,14 @@ <fieldname>pfsyncinterface</fieldname> <type>interfaces_selection</type> <description> - If Synchronize State is enabled, it will utilize this interface for communication. - <br><b>NOTE:</b> We recommend setting this to a interface other than LAN! A dedicated interface works the best. - <br><b>NOTE:</b> You must define a IP on each machine participating in this failover group. - <br><b>NOTE:</b> You must have an IP assigned to the interface on any participating sync nodes. + If Synchronize States is enabled, it will utilize this interface for communication. + <br><b>NOTE:</b> We recommend setting this to a interface other than LAN! A dedicated interface works the best. + <br><b>NOTE:</b> You must define a IP on each machine participating in this failover group. + <br><b>NOTE:</b> You must have an IP assigned to the interface on any participating sync nodes. </description> </field> <field> - <fielddescr>pfSync sync peer IP</fielddescr> + <fielddescr>pfsync Synchronize Peer IP</fielddescr> <fieldname>pfsyncpeerip</fieldname> <type>input</type> <description> @@ -77,6 +73,26 @@ </description> </field> <field> + <name>Configuration Synchronization Settings (XMLRPC Sync)</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Synchronize Config to IP</fielddescr> + <fieldname>synchronizetoip</fieldname> + <description>Enter the IP address of the firewall to which the selected configuration sections should be synchronized. + <br><br>NOTE: XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly! + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and password option on backup cluster members!</b> + </description> + <type>input</type> + </field> + <field> + <fielddescr>Remote System Password</fielddescr> + <fieldname>password</fieldname> + <description>Enter the webConfigurator password of the system entered above for synchronizing your configuration. + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and password option on backup cluster members!</b></description> + <type>password</type> + </field> + <field> <fielddescr>Synchronize Users and Groups</fielddescr> <fieldname>synchronizeusers</fieldname> <description>When this option is enabled, this system will automatically sync the users and groups over to the other CARP host when changes are made.</description> @@ -166,20 +182,6 @@ <description>When this option is enabled, this system will automatically sync the Captive Portal configuration to the other CARP host when changes are made.</description> <type>checkbox</type> </field> - <field> - <fielddescr>Synchronize to IP</fielddescr> - <fieldname>synchronizetoip</fieldname> - <description>Enter the IP address of the firewall you are synchronizing with.</description> - <type>input</type> - <note>Note: CARP sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly! Also note that you will not use the Synchronize to IP and password option on backup cluster members!</note> - </field> - <field> - <fielddescr>Remote System Password</fielddescr> - <fieldname>password</fieldname> - <description>Enter the webConfigurator password of the system that you would like to synchronize with.</description> - <type>password</type> - <note>NOTE: You will not use the Synchronize to IP and password option on backup cluster members!</note> - </field> </fields> <custom_php_validation_command> if($_POST["synchronizetoip"]) { diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 543d3d7..187736b 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -47,13 +47,11 @@ function gentitle_pkg($pgname) { unset($interface_arr_cache); unset($carp_interface_count_cache); -unset($carp_query); unset($interface_ip_arr_cache); $status = get_carp_status(); if($_POST['disablecarp'] <> "") { if($status == true) { - $carp_ints = get_all_carp_interfaces(); mwexec("/sbin/sysctl net.inet.carp.allow=0"); if(is_array($config['virtualip']['vip'])) { $viparr = &$config['virtualip']['vip']; @@ -110,10 +108,13 @@ include("head.inc"); <tr> <td> <?php + $carpcount = 0; if(is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $carp) { - if ($carp['mode'] == "carp") + if ($carp['mode'] == "carp") { $carpcount++; + break; + } } } if($carpcount > 0) { @@ -146,13 +147,15 @@ include("head.inc"); if(is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $carp) { - if ($carp['mode'] != "carp") continue; + if ($carp['mode'] != "carp") + continue; $ipaddress = $carp['subnet']; $password = $carp['password']; $netmask = $carp['subnet_bits']; $vhid = $carp['vhid']; $advskew = $carp['advskew']; - $carp_int = find_carp_interface($ipaddress); + $advbase = $carp['advbase']; + $carp_int = "vip{$vhid}"; $status = get_carp_interface_status($carp_int); echo "<tr>"; $align = "valign='middle'"; diff --git a/usr/local/www/diag_limiter_info.php b/usr/local/www/diag_limiter_info.php new file mode 100644 index 0000000..1d4ca28 --- /dev/null +++ b/usr/local/www/diag_limiter_info.php @@ -0,0 +1,116 @@ +<?php +/* $Id$ */ +/* + diag_limiter_info.php + Copyright (C) 2010 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /usr/bin/top + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-diag-system-activity +##|*NAME=Diagnostics: System Activity +##|*DESCR=Allows access to the 'Diagnostics: System Activity' page +##|*MATCH=diag_system_activity* +##|-PRIV + +require("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); + +$pgtitle = gettext("Diagnostics: Limiter Info"); + +if($_REQUEST['getactivity']) { + $text = `/sbin/ipfw pipe show`; + if($text == "") + $text = "We could not find any limiters on this system."; + echo $text; + exit; +} + +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<script type="text/javascript"> + function getlimiteractivity() { + var url = "/diag_limiter_info.php"; + var pars = 'getactivity=yes'; + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: pars, + onComplete: activitycallback + }); + } + function activitycallback(transport) { + $('limiteractivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + setTimeout('getlimiteractivity()', 2000); + } + setTimeout('getlimiteractivity()', 5000); +</script> +<div id='maincontent'> +<?php + include("fbegin.inc"); + if(strstr($pfSversion, "1.2")) + echo "<p class=\"pgtitle\">{$pgtitle}</p>"; + if($savemsg) { + echo "<div id='savemsg'>"; + print_info_box($savemsg); + echo "</div>"; + } + if ($input_errors) + print_input_errors($input_errors); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> + <center> + <table> + <tr><td> + <div name='limiteractivitydiv' id='limiteractivitydiv'> + <b><?=gettext("Gathering Limiter information, please wait...");?> + </div> + </td></tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/diag_pf_info.php b/usr/local/www/diag_pf_info.php new file mode 100644 index 0000000..633cd1e --- /dev/null +++ b/usr/local/www/diag_pf_info.php @@ -0,0 +1,120 @@ +<?php +/* $Id$ */ +/* + diag_pf_info.php + Copyright (C) 2010 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* + pfSense_BUILDER_BINARIES: /usr/bin/top + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-diag-system-activity +##|*NAME=Diagnostics: System Activity +##|*DESCR=Allows access to the 'Diagnostics: System Activity' page +##|*MATCH=diag_system_activity* +##|-PRIV + +require("guiconfig.inc"); + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); + +$pgtitle = gettext("Diagnostics: pfInfo"); + +if($_REQUEST['getactivity']) { + $text = `/sbin/pfctl -vvsi`; + $text .= "<p/>"; + $text .= `/sbin/pfctl -vvsm`; + $text .= "<p/>"; + $text .= `/sbin/pfctl -vvst`; + $text .= "<p/>"; + $text .= `/sbin/pfctl -vvsI`; + echo $text; + exit; +} + +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<script type="text/javascript"> + function getcpuactivity() { + var url = "/diag_pf_info.php"; + var pars = 'getactivity=yes'; + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: pars, + onComplete: activitycallback + }); + } + function activitycallback(transport) { + $('cpuactivitydiv').innerHTML = '<font face="Courier"><font size="2"><b><pre>' + transport.responseText + '</pre></font>'; + setTimeout('getcpuactivity()', 2000); + } + setTimeout('getcpuactivity()', 5000); +</script> +<div id='maincontent'> +<?php + include("fbegin.inc"); + if(strstr($pfSversion, "1.2")) + echo "<p class=\"pgtitle\">{$pgtitle}</p>"; + if($savemsg) { + echo "<div id='savemsg'>"; + print_info_box($savemsg); + echo "</div>"; + } + if ($input_errors) + print_input_errors($input_errors); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="backuptable" class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> + <center> + <table> + <tr><td> + <div name='cpuactivitydiv' id='cpuactivitydiv'> + <b><?=gettext("Gathering PF information, please wait...");?> + </div> + </td></tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/diag_pkglogs.php b/usr/local/www/diag_pkglogs.php index 9fb2b8f..17459c4 100755 --- a/usr/local/www/diag_pkglogs.php +++ b/usr/local/www/diag_pkglogs.php @@ -50,6 +50,7 @@ ##|-PRIV require("guiconfig.inc"); +require("pkg-utils.inc"); if(!($nentries = $config['syslog']['nentries'])) $nentries = 50; @@ -58,7 +59,7 @@ if(!($nentries = $config['syslog']['nentries'])) $nentries = 50; $i = 0; $pkgwithlogging = false; -$apkg = $_POST['pkg']; +$apkg = $_GET['pkg']; if(!$apkg) { // If we aren't looking for a specific package, locate the first package that handles logging. if($config['installedpackages']['package'] <> "") { foreach($config['installedpackages']['package'] as $package) { @@ -84,8 +85,8 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <ul id="tabnav"> + <tr> + <td> <?php if($pkgwithlogging == false) { print_info_box(gettext("No packages with logging facilities are currently installed.")); @@ -93,23 +94,25 @@ include("head.inc"); include("fend.inc"); exit; } + $tab_array = array(); foreach($config['installedpackages']['package'] as $package) { if(is_array($package['logging'])) { if(!($logtab = $package['logging']['logtab'])) $logtab = $package['name']; if($apkg == $package['name']) { $curtab = $logtab; - echo '<li class="tabact">' . $logtab . '</li>'; + $tab_array[] = array(sprintf(gettext("%s"),$logtab), true, "diag_pkglogs.php?pkg=".$package['name']); } else { - Echo '<li class="tabinact"><a href="diag_pkglogs.php?pkg=' . htmlspecialchars($package['name']) . '">' . $logtab . '</a></li>'; + $tab_array[] = array(sprintf(gettext("%s"),$logtab), false, "diag_pkglogs.php?pkg=".$package['name']); } } } + display_top_tabs($tab_array); ?> - </ul> </td></tr> <tr> - <td class="tabcont"> - <table width="100%" border="0" cellspacing="0" cellpadding="0"> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2" class="listtopic"> <?php printf(gettext('Last %1$s %2$s log entries'),$nentries,$curtab); ?></td> @@ -119,12 +122,12 @@ include("head.inc"); dump_clog($g['varlog_path'] . '/' . $package['logging']['logfilename'], $nentries); ?> </table> - <br> <!-- <form action="diag_pkglogs.php" method="post"> <input name="clear" type="submit" class="formbtn" value="Clear log"> </form> --> + </div> </td> </tr> </table> diff --git a/usr/local/www/diag_system_pftop.php b/usr/local/www/diag_system_pftop.php index a3e6680..a064f27 100644 --- a/usr/local/www/diag_system_pftop.php +++ b/usr/local/www/diag_system_pftop.php @@ -42,7 +42,7 @@ require("guiconfig.inc"); $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -$pgtitle = gettext("Diagnostics: PFTop"); +$pgtitle = gettext("Diagnostics: pfTop"); if($_REQUEST['getactivity']) { if($_REQUEST['sorttype']) diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 9236c3f..3b94d69 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -58,9 +58,11 @@ if($_REQUEST['action']) { $_REQUEST['data'] = str_replace("\r", "", base64_decode($_REQUEST['data'])); $ret = file_put_contents($_REQUEST['file'], $_REQUEST['data']); conf_mount_ro(); - if($_REQUEST['file'] == "config.xml") + if($_REQUEST['file'] == "/conf/config.xml" || $_REQUEST['file'] == "/cf/conf/config.xml") { if(file_exists("/tmp/config.cache")) unlink("/tmp/config.cache"); + disable_security_checks(); + } if($ret === false) { echo "|" . gettext("Failed to write file") . ".|"; } elseif($ret <> strlen($_REQUEST['data'])) { diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 098a4f2..45a14a2 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -170,9 +170,9 @@ $ifentries = get_configured_interface_with_descr(); foreach ($ifentries as $ent => $entdesc) { if (is_array($config['interfaces'][$ent]['wireless']) && preg_match($g['wireless_regex'], $config['interfaces'][$ent]['if'])) - $ifdescrs[$ent] = $entdesc; + $wifdescrs[$ent] = $entdesc; } -if (count($ifdescrs) > 0) +if (count($wifdescrs) > 0) $status_menu[] = array(gettext("Wireless"), "/status_wireless.php"); $status_menu = msort(array_merge($status_menu, return_ext_menu("Status")),0); @@ -186,9 +186,12 @@ $diagnostics_menu[] = array(gettext("DNS Lookup"), "/diag_dns.php"); $diagnostics_menu[] = array(gettext("Edit File"), "/edit.php"); $diagnostics_menu[] = array(gettext("Factory Defaults"), "/diag_defaults.php"); $diagnostics_menu[] = array(gettext("Halt System"), "/halt.php" ); +$diagnostics_menu[] = array(gettext("Limiter Info"), "/diag_limiter_info.php" ); + $diagnostics_menu[] = array(gettext("Tables"), "/diag_tables.php"); $diagnostics_menu[] = array(gettext("Ping"), "/diag_ping.php"); -$diagnostics_menu[] = array(gettext("pfTOP"), "/diag_system_pftop.php"); +$diagnostics_menu[] = array(gettext("pfInfo"), "/diag_pf_info.php"); +$diagnostics_menu[] = array(gettext("pfTop"), "/diag_system_pftop.php"); $diagnostics_menu[] = array(gettext("Reboot"), "/reboot.php"); $diagnostics_menu[] = array(gettext("Routes"), "/diag_routes.php"); $diagnostics_menu[] = array(gettext("SMART Status"), "/diag_smart.php"); diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 94132f2..306c811 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -114,27 +114,43 @@ include("head.inc"); </table> </td> </tr> - <?php $i = 0; foreach ($a_1to1 as $natent): ?> + <?php + $textse = "</span>"; + + $i = 0; foreach ($a_1to1 as $natent): + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; ?> <tr> <td class="listlr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> <?php + echo $textss; if (!$natent['interface']) echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); else echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + echo $textse; ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo $natent['external']; ?> + <?php + $source_net = pprint_address($natent['source']); + $source_cidr = strstr($source_net, '/'); + echo $textss . $natent['external'] . $source_cidr . $textse; + ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo pprint_address($natent['source']); ?> + <?php echo $textss . $source_net . $textse; ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo pprint_address($natent['destination']); ?> + <?php echo $textss . pprint_address($natent['destination']) . $textse; ?> </td> <td class="listbg" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> + <?=$textss;?> <?=htmlspecialchars($natent['descr']);?> + <?=$textse;?> </td> <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 3484755..2910c08 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -113,13 +113,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if($_POST['sourceport'] <> "" && !is_port($_POST['sourceport'])) + $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); + + if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_port($_POST['sourceport'])) $input_errors[] = gettext("You must supply either a valid port for the source port entry."); - if($_POST['dstport'] <> "" and !is_port($_POST['dstport'])) + if($protocol_uses_ports and $_POST['dstport'] <> "" and !is_port($_POST['dstport'])) $input_errors[] = gettext("You must supply either a valid port for the destination port entry."); - if($_POST['natport'] <> "" and !is_port($_POST['natport'])) + if($protocol_uses_ports and $_POST['natport'] <> "" and !is_port($_POST['natport']) and !isset($_POST['nonat'])) $input_errors[] = gettext("You must supply either a valid port for the nat port entry."); if ($_POST['source_type'] != "any") { @@ -130,7 +132,7 @@ if ($_POST) { if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } - if ($_POST['sourceport'] && !is_numericint($_POST['sourceport'])) { + if ($protocol_uses_ports && $_POST['sourceport'] && !is_numericint($_POST['sourceport'])) { $input_errors[] = gettext("A valid source port must be specified."); } if ($_POST['destination_type'] != "any") { @@ -147,11 +149,7 @@ if ($_POST) { } } - if ($_POST['nonat'] && $_POST['staticnatport']) { - $input_errors[] = gettext("Static port cannot be used with No NAT."); - } - - if ($_POST['target'] && !is_ipaddr($_POST['target'])) { + if ($_POST['target'] && !is_ipaddr($_POST['target']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("A valid target IP address must be specified."); } @@ -182,13 +180,13 @@ if ($_POST) { if (!$input_errors) { $natent = array(); $natent['source']['network'] = $osn; - $natent['sourceport'] = $_POST['sourceport']; + $natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : ""; $natent['descr'] = $_POST['descr']; - $natent['target'] = $_POST['target']; + $natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : ""; $natent['interface'] = $_POST['interface']; /* static-port */ - if(isset($_POST['staticnatport'])) { + if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { $natent['staticnatport'] = true; } else { unset($natent['staticnatport']); @@ -211,12 +209,12 @@ if ($_POST) { } else { $natent['destination']['address'] = $ext; } - if($_POST['natport'] != "") { + if($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) { $natent['natport'] = $_POST['natport']; } else { unset($natent['natport']); } - if($_POST['dstport'] != "") { + if($_POST['dstport'] != "" && $protocol_uses_ports) { $natent['dstport'] = $_POST['dstport']; } else { unset($natent['dstport']); diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 3ece034..ae4f60e 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -379,7 +379,22 @@ if($_REQUEST['undodrag']) { <?php // Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1. if (!isset($config['system']['webgui']['noantilockout']) && (((count($config['interfaces']) > 1) && ($if == 'lan')) - || ((count($config['interfaces']) == 1) && ($if == 'wan')))): ?> + || ((count($config['interfaces']) == 1) && ($if == 'wan')))): + + $guiport = "80"; + if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "") + $guiport = "{$config['system']['webgui']['port']}"; + if ($config['system']['webgui']['protocol'] == "https") + $guiport .= "<br/>443"; + + $sshport = ""; + if (isset($config['system']['enablesshd'])) { + $sshport = 22; + if($config['system']['ssh']['port'] <> "") + $sshport = $config['system']['ssh']['port']; + } + $sshport = "22<br/>"; +?> <tr valign="top" id="antilockout"> <td class="list"> </td> <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" border="0"></td> @@ -388,7 +403,7 @@ if($_REQUEST['undodrag']) { <td class="listr" style="background-color: #E0E0E0">*</td> <td class="listr" style="background-color: #E0E0E0">*</td> <td class="listr" style="background-color: #E0E0E0"><?=$iflist[$if];?> Address</td> - <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"><?= $sshport . $guiport ?></td> <td class="listr" style="background-color: #E0E0E0">*</td> <td class="listr" style="background-color: #E0E0E0">*</td> <td class="listr" style="background-color: #E0E0E0"></td> @@ -535,7 +550,7 @@ if($_REQUEST['undodrag']) { $schedstatus = false; $dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun')); $monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December')); - if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){ + if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) { foreach ($a_schedules as $schedule) { if ($schedule['name'] == $filterent['sched'] ){ @@ -826,6 +841,7 @@ if($_REQUEST['undodrag']) { <script type="text/javascript"> var number_of_rules = <?=$nrules?>; <?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++): ?> +/* Sortable.create("dragtable", { tag:"tr", format:"fr([0-9999999])", @@ -838,6 +854,7 @@ if($_REQUEST['undodrag']) { updateOrder(Sortable.serialize('dragtable', 'tr')); } }); +*/ <?php endfor; ?> function updateOrder(order) { if(document.getElementById("redboxtable")) diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index dfd94e6..1c6c3f0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -362,6 +362,10 @@ if ($_POST) { else if ($_POST['ackqueue'] == $_POST['defaultqueue']) $input_errors[] = gettext("Acknowledge queue and Queue cannot be the same."); } + if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + $input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction."); + if (isset($_POST['floating']) && $_POST['gateway'] != "default" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + $input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction."); if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") { if ($_POST['dnpipe'] == "none" ) $input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too."); diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index e5e9072..edcde6c 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -82,6 +82,7 @@ if (isset($id) && $a_vip[$id]) { $pconfig['mode'] = $a_vip[$id]['mode']; $pconfig['vhid'] = $a_vip[$id]['vhid']; $pconfig['advskew'] = $a_vip[$id]['advskew']; + $pconfig['advbase'] = $a_vip[$id]['advbase']; $pconfig['password'] = $a_vip[$id]['password']; $pconfig['range'] = $a_vip[$id]['range']; $pconfig['subnet'] = $a_vip[$id]['subnet']; @@ -185,6 +186,7 @@ if ($_POST) { if ($_POST['mode'] === "carp" or $_POST['mode'] == "carpdev-dhcp") { $vipent['vhid'] = $_POST['vhid']; $vipent['advskew'] = $_POST['advskew']; + $vipent['advbase'] = $_POST['advbase']; $vipent['password'] = $_POST['password']; } @@ -262,28 +264,30 @@ function enable_change(enable_over) { document.iform.vhid.disabled = 0; document.iform.password.disabled = 0; document.iform.advskew.disabled = 0; + document.iform.advbase.disabled = 0; document.iform.type.disabled = 1; document.iform.subnet_bits.disabled = 0; - document.iform.subnet.disabled = 0; - if (note.firstChild == null) { - note.appendChild(carpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(carpnote); - } + document.iform.subnet.disabled = 0; + if (note.firstChild == null) { + note.appendChild(carpnote); + } else { + note.removeChild(note.firstChild); + note.appendChild(carpnote); + } } else { document.iform.vhid.disabled = 1; document.iform.password.disabled = 1; document.iform.advskew.disabled = 1; + document.iform.advbase.disabled = 1; document.iform.type.disabled = 0; document.iform.subnet_bits.disabled = 1; - document.iform.subnet.disabled = 0; - if (note.firstChild == null) { - note.appendChild(proxyarpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(proxyarpnote); - } + document.iform.subnet.disabled = 0; + if (note.firstChild == null) { + note.appendChild(proxyarpnote); + } else { + note.removeChild(note.firstChild); + note.appendChild(proxyarpnote); + } } if (get_radio_value(document.iform.mode) == "other") { document.iform.type.disabled = 1; @@ -307,9 +311,10 @@ function enable_change(enable_over) { document.iform.subnet.disabled = 1; document.iform.subnet.value = ''; document.iform.subnet_bits.value = ''; - document.iform.vhid.disabled = 0; - document.iform.password.disabled = 0; - document.iform.advskew.disabled = 0; + document.iform.vhid.disabled = 0; + document.iform.password.disabled = 0; + document.iform.advskew.disabled = 0; + document.iform.advbase.disabled = 0; } } function typesel_change() { @@ -431,7 +436,7 @@ function typesel_change() { <tr valign="top"> <td width="22%" class="vncellreq"><?=gettext("VHID Group");?></td> <td class="vtable"><select id='vhid' name='vhid'> - <?php for ($i = 1; $i <= 254; $i++): ?> + <?php for ($i = 1; $i <= 65536; $i++): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['vhid']) echo "selected"; ?>> <?=$i;?> </option> @@ -442,14 +447,23 @@ function typesel_change() { </tr> <tr valign="top"> <td width="22%" class="vncellreq"><?=gettext("Advertising Frequency");?></td> - <td class="vtable"><select id='advskew' name='advskew'> + <td class="vtable"> + Base: <select id='advbase' name='advbase'> + <?php for ($i = 1; $i <= 254; $i++): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['advbase']) echo "selected"; ?>> + <?=$i;?> + </option> + <?php endfor; ?> + </select> + Skew: <select id='advskew' name='advskew'> <?php for ($i = 0; $i <= 254; $i++): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['advskew']) echo "selected"; ?>> + <option value="<?=$i;?>" <?php if ($i == $pconfig['advskew']) echo "selected"; ?>> <?=$i;?> - </option> + </option> <?php endfor; ?> - </select> - <br><?=gettext("The frequency that this machine will advertise. 0 = master. Anything above 0 designates a backup.");?> + </select> + <br/><br/> + <?=gettext("The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster detrmines the master.");?> </td> </tr> <tr> diff --git a/usr/local/www/getserviceproviders.php b/usr/local/www/getserviceproviders.php index 5767950..a2122c0 100644 --- a/usr/local/www/getserviceproviders.php +++ b/usr/local/www/getserviceproviders.php @@ -35,6 +35,7 @@ ##|*DESCR=Allow access to the 'AJAX: Service Providers' page. ##|*MATCH=getserviceproviders.php* ##|-PRIV +require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); $serviceproviders_xml = "/usr/local/share/mobile-broadband-provider-info/serviceproviders.xml"; diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index bafb8fa..70f9459 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -1059,7 +1059,8 @@ function rule_popup($src,$srcport,$dst,$dstport){ $alias_caption = substr($alias_caption, 0, $maxlength) . "..."; $alias_caption_escaped = str_replace("'", "\'", $alias_caption); - $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>"; + $alias_content_escaped = str_replace("'", "\'", $alias_content_text); + $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_escaped</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>"; if ($alias_name['name'] == $src) $alias_src_span_begin = $span_begin; diff --git a/usr/local/www/index.php b/usr/local/www/index.php index ffc3369..3bb68cf 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -423,7 +423,7 @@ EOD; $closehead = false; ## Set Page Title and Include Header -$pgtitle = array(sprintf(gettext("%s Dashboard"), $g['product_name'])); +$pgtitle = array(gettext("Status: Dashboard")); include("head.inc"); echo "\t<script type=\"text/javascript\" src=\"javascript/domTT/domLib.js\"></script>\n"; diff --git a/usr/local/www/installer.php b/usr/local/www/installer.php index aa3b9c0..68570ac 100644 --- a/usr/local/www/installer.php +++ b/usr/local/www/installer.php @@ -645,7 +645,8 @@ EOF; $custom_txt .= "<tr><td align='right'><b>Filesystem type:</td><td><select name='fstype'>\n"; $custom_txt .= "<option value='UFS'>UFS</option>\n"; $custom_txt .= "<option value='UFS+S'>UFS + Softupdates</option>\n"; - $release = trim(`uname -r | cut -d'.' -f1`); + $release = php_uname("r"); + $release = $release[0]; if($release == "9") $custom_txt .= "<option value='UFS+J'>UFS + Journaling</option>\n"; if(file_exists("/boot/gptzfsboot")) @@ -749,4 +750,4 @@ EOF; end_html(); } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 450401b..2d821ab 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -159,7 +159,7 @@ if ($wancfg['if'] == $a_ppps[$pppid]['if']) { } }// End force pppoe reset at specific time }// End if type == pppoe - if ($a_ppps[$pppid]['type'] == "pptp"){ + else if ($a_ppps[$pppid]['type'] == "pptp"){ $pconfig['pptp_username'] = $a_ppps[$pppid]['username']; $pconfig['pptp_password'] = base64_decode($a_ppps[$pppid]['password']); $pconfig['pptp_local'] = explode(",",$a_ppps[$pppid]['localip']); @@ -375,7 +375,7 @@ if ($_POST['apply']) { if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && $_POST['type'] != "static") $input_errors[] = gettext("The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration."); - switch($_POST['type']) { + switch(strtolower($_POST['type'])) { case "static": $reqdfields = explode(" ", "ipaddr subnet gateway"); $reqdfieldsn = array(gettext("IP address"),gettext("Subnet bit count"),gettext("Gateway")); @@ -389,15 +389,13 @@ if ($_POST['apply']) { } } case "dhcp": - if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) - $input_errors[] = gettext("You have to reassign the interface to be able to configure as {$_POST['type']}."); break; case "ppp": $reqdfields = explode(" ", "port phone"); $reqdfieldsn = array(gettext("Modem Port"),gettext("Phone Number")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; - case "PPPoE": + case "pppoe": if ($_POST['pppoe_dialondemand']) { $reqdfields = explode(" ", "pppoe_username pppoe_password pppoe_dialondemand pppoe_idletimeout"); $reqdfieldsn = array(gettext("PPPoE username"),gettext("PPPoE password"),gettext("Dial on demand"),gettext("Idle timeout value")); @@ -407,7 +405,7 @@ if ($_POST['apply']) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; - case "PPTP": + case "pptp": if ($_POST['pptp_dialondemand']) { $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote pptp_dialondemand pptp_idletimeout"); $reqdfieldsn = array(gettext("PPTP username"),gettext("PPTP password"),gettext("PPTP local IP address"),gettext("PPTP subnet"),gettext("PPTP remote IP address"),gettext("Dial on demand"),gettext("Idle timeout value")); @@ -515,6 +513,12 @@ if ($_POST['apply']) { } } if (!$input_errors) { + if ($wancfg['type'] != $_POST['type']) { + if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) { + $wancfg['if'] = $a_ppps[$pppid]['ports']; + unset($a_ppps[$pppid]); + } + } $ppp = array(); if ($wancfg['ipaddr'] != "ppp") unset($wancfg['ipaddr']); @@ -874,7 +878,7 @@ function check_wireless_mode() { } } -$pgtitle = array(gettext("Interfaces"), strtoupper($pconfig['descr'])); +$pgtitle = array(gettext("Interfaces"), $pconfig['descr']); $statusurl = "status_interfaces.php"; $closehead = false; diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index fbd6e7f..340ee78 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -302,7 +302,7 @@ if ($_GET['act'] == "del") { } } -if ($_GET['act'] == "add") { +if ($_GET['act'] == "add" && (count($config['interfaces']) < count($portlist))) { /* find next free optional interface number */ if(!$config['interfaces']['lan']) { $newifname = gettext("lan"); @@ -348,7 +348,8 @@ if ($_GET['act'] == "add") { $savemsg = gettext("Interface has been added."); -} +} else if ($_GET['act'] == "add") + $input_errors[] = "No more interfaces available to be assigned."; include("head.inc"); @@ -401,7 +402,7 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) </tr> <?php foreach ($config['interfaces'] as $ifname => $iface): if ($iface['descr']) - $ifdescr = strtoupper($iface['descr']); + $ifdescr = $iface['descr']; else $ifdescr = strtoupper($ifname); ?> @@ -414,7 +415,7 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) <?php if ($portinfo['isvlan']) { $descr = sprintf(gettext('VLAN %1$s on %2$s'),$portinfo['tag'],$portinfo['if']); if ($portinfo['descr']) - $descr .= " (" . strtoupper($portinfo['descr']) . ")"; + $descr .= " (" . $portinfo['descr'] . ")"; echo htmlspecialchars($descr); } elseif ($portinfo['iswlclone']) { $descr = $portinfo['cloneif']; @@ -453,7 +454,7 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) </td> <td valign="middle" class="list"> <?php if ($ifname != 'wan'): ?> - <a href="interfaces_assign.php?act=del&id=<?=$ifname;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title=<?=gettext("delete interface"); ?> width="17" height="17" border="0"></a> + <a href="interfaces_assign.php?act=del&id=<?=$ifname;?>" onclick="return confirm('<?=gettext("Do you really want to delete this interface?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title=<?=gettext("delete interface"); ?> width="17" height="17" border="0"></a> <?php endif; ?> </td> </tr> diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index efbf036..59bad8f 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -136,6 +136,9 @@ include("head.inc"); <select name="if" class="formselect"> <?php $portlist = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $cif => $carpip) + $portlist[$cif] = $carpip." (".get_vip_descr($carpip).")"; foreach ($portlist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; if ($ifn == $pconfig['if']) diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index f0f0a84..ce9f324 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -139,6 +139,9 @@ include("head.inc"); <select name="if" class="formselect"> <?php $portlist = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $cif => $carpip) + $portlist[$cif] = $carpip." (".get_vip_descr($carpip).")"; foreach ($portlist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; if ($ifn == $pconfig['if']) diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index adfb102..253be67 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -96,7 +96,6 @@ if ($_POST) { $ifgroupentry['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if (isset($id) && $a_ifgroups[$id] && $_POST['ifname'] != $a_ifgroups[$id]['ifname']) { - if (!empty($config['filter']) && is_array($config['filter']['rule'])) { foreach ($config['filter']['rule'] as $ridx => $rule) { if (isset($rule['floating'])) { diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index b65597c..b30853b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -47,14 +47,18 @@ $a_laggs = &$config['laggs']['lagg']; $portlist = get_interface_list(); +$realifchecklist = array(); /* add LAGG interfaces */ if (is_array($config['laggs']['lagg']) && count($config['laggs']['lagg'])) { - foreach ($config['laggs']['lagg'] as $lagg) + foreach ($config['laggs']['lagg'] as $lagg) { unset($portlist[$lagg['laggif']]); + $laggiflist = explode(",", $lagg['members']); + foreach ($laggiflist as $tmpif) + $realifchecklist[get_real_interface($tmpif)] = $tmpif; + } } $checklist = get_configured_interface_list(false, true); -$realifchecklist = array(); foreach ($checklist as $tmpif) $realifchecklist[get_real_interface($tmpif)] = $tmpif; @@ -76,7 +80,7 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "members proto"); - $reqdfieldsn = array(",", gettext("Member interfaces"), gettext("Lagg protocol")); + $reqdfieldsn = array(gettext("Member interfaces"), gettext("Lagg protocol")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); diff --git a/usr/local/www/javascript/filter_log.js b/usr/local/www/javascript/filter_log.js index 88be819..d8cffd4 100644 --- a/usr/local/www/javascript/filter_log.js +++ b/usr/local/www/javascript/filter_log.js @@ -74,10 +74,6 @@ function update_div_rows(data) { var isIE = navigator.appName.indexOf('Microsoft') != -1; var isSafari = navigator.userAgent.indexOf('Safari') != -1; var isOpera = navigator.userAgent.indexOf('Opera') != -1; - var rows = $$('.log-entry-mini'); - if (rows.length == 0) { - rows = $$('.log-entry'); - } var showanim = 1; if (isIE) { showanim = 0; @@ -89,6 +85,11 @@ function update_div_rows(data) { } data = data.slice(startat, data.length); + var rows = $$('.log-entry-mini'); + if (rows.length == 0) { + rows = $$('.log-entry'); + } + for(var x=0; x<data.length; x++) { /* if reverse logging is enabled we need to show the * records in a reverse order with new items appearing @@ -96,18 +97,17 @@ function update_div_rows(data) { */ if(isReverse == false) { for (var i = 1; i < rows.length; i++) { - nextrecord = i - 1; - rows[nextrecord].innerHTML = rows[i].innerHTML; + rows[i-1].innerHTML = rows[i].innerHTML; } } else { - for (var i = rows.length - 2; i > 0; i--) { - nextrecord = i + 1; - rows[nextrecord].innerHTML = rows[i].innerHTML; + for (var i = rows.length - 1; i > 0; i--) { + rows[i].innerHTML = rows[i-1].innerHTML; } } $('firstrow').update(data[x]); } } + function toggle_pause() { if(isPaused) { isPaused = false; diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 52bc31a..8b71837 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -84,17 +84,16 @@ $id = $_GET['id']; if (isset($_POST['id'])) $id = htmlspecialchars($_POST['id']); -if(!is_numeric($id)) { - Header("Location: /"); - exit; -} - - // Not posting? Then user is editing a record. There must be a valid id // when editing a record. if(!$id && !$_POST) $id = "0"; - + +if(!is_numeric($id)) { + Header("Location: /"); + exit; +} + if($pkg['custom_php_global_functions'] <> "") eval($pkg['custom_php_global_functions']); diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 289e58a..7139a0d 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -214,7 +214,7 @@ rmdir_recursive("/var/tmp/instmp*"); // close log if($fd_log) - fclose($fd_log); + fclose($fd_log); /* read only fs */ conf_mount_ro(); diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 4ac762a..3f922d4 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -265,21 +265,21 @@ if ($_POST) { foreach ($pconfig['numberoptions']['item'] as $numberoption) { if ( $numberoption['type'] == 'text' && strstr($numberoption['value'], '"') ) $input_errors[] = gettext("Text type cannot include quotation marks."); - else if ( $numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption['value']) && !preg_match('/^[0-9a-z]{2}(?:\:[0-9a-z]{2})*$/i', $numberoption['value']) ) + else if ( $numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption['value']) && !preg_match('/^[0-9a-f]{2}(?:\:[0-9a-f]{2})*$/i', $numberoption['value']) ) $input_errors[] = gettext("String type must be enclosed in quotes like \"this\" or must be a series of octets specified in hexadecimal, separated by colons, like 01:23:45:67:89:ab:cd:ef"); - else if ( $numberoption['type'] == 'flag' && $numberoption['value'] != 'true' && $numberoption['value'] != 'false' && $numberoption['value'] != 'on' && $numberoption['value'] != 'off' ) + else if ( $numberoption['type'] == 'boolean' && $numberoption['value'] != 'true' && $numberoption['value'] != 'false' && $numberoption['value'] != 'on' && $numberoption['value'] != 'off' ) $input_errors[] = gettext("Boolean type must be true, false, on, or off."); - else if ( $numberoption['type'] == 'uint8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 255) ) + else if ( $numberoption['type'] == 'unsigned integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 255) ) $input_errors[] = gettext("Unsigned 8-bit integer type must be a number in the range 0 to 255."); - else if ( $numberoption['type'] == 'uint16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535) ) + else if ( $numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535) ) $input_errors[] = gettext("Unsigned 16-bit integer type must be a number in the range 0 to 65535."); - else if ( $numberoption['type'] == 'uint32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295) ) + else if ( $numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295) ) $input_errors[] = gettext("Unsigned 32-bit integer type must be a number in the range 0 to 4294967295."); - else if ( $numberoption['type'] == 'int8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127) ) + else if ( $numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127) ) $input_errors[] = gettext("Signed 8-bit integer type must be a number in the range -128 to 127."); - else if ( $numberoption['type'] == 'int16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767) ) + else if ( $numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767) ) $input_errors[] = gettext("Signed 16-bit integer type must be a number in the range -32768 to 32767."); - else if ( $numberoption['type'] == 'int32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647) ) + else if ( $numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647) ) $input_errors[] = gettext("Signed 32-bit integer type must be a number in the range -2147483648 to 2147483647."); else if ( $numberoption['type'] == 'ip-address' && !is_ipaddr($numberoption['value']) && !is_hostname($numberoption['value']) ) $input_errors[] = gettext("IP address or host type must be an IP address or host name."); @@ -431,9 +431,9 @@ include("head.inc"); <script type="text/javascript"> function itemtype_field(fieldname, fieldsize, n) { return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php - $customitemtypes = array('text' => gettext('Text'), 'string' => gettext('String'), 'flag' => gettext('Boolean'), - 'uint8' => gettext('Unsigned 8-bit integer'), 'uint16' => gettext('Unsigned 16-bit integer'), 'uint32' => gettext('Unsigned 32-bit integer'), - 'int8' => gettext('Signed 8-bit integer'), 'int16' => gettext('Signed 16-bit integer'), 'int32' => gettext('Signed 32-bit integer'), 'ip-address' => gettext('IP address or host')); + $customitemtypes = array('text' => gettext('Text'), 'string' => gettext('String'), 'boolean' => gettext('Boolean'), + 'unsigned integer 8' => gettext('Unsigned 8-bit integer'), 'unsigned integer 16' => gettext('Unsigned 16-bit integer'), 'unsigned integer 32' => gettext('Unsigned 32-bit integer'), + 'signed integer 8' => gettext('Signed 8-bit integer'), 'signed integer 16' => gettext('Signed 16-bit integer'), 'signed integer 32' => gettext('Signed 32-bit integer'), 'ip-address' => gettext('IP address or host')); foreach ($customitemtypes as $typename => $typedescr) { echo "<option value=\"{$typename}\">{$typedescr}</option>"; } diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php index c8e918c..37a9837 100755 --- a/usr/local/www/services_dhcp_relay.php +++ b/usr/local/www/services_dhcp_relay.php @@ -130,12 +130,17 @@ function enable_change(enable_over) { <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> <?php - if ($dhcpd_enabled): - echo gettext("DHCP Server is currently enabled. Cannot enable the DHCP Relay service while the DHCP Server is enabled on any interface."); - else: + if ($dhcpd_enabled) { + echo "<td>DHCP Server is currently enabled. Cannot enable the DHCP Relay service while the DHCP Server is enabled on any interface."; + echo "</td></tr></table></div></td></tr></table></body>"; + echo "</html>"; + include("fend.inc"); + exit; + } ?> - <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCP Relay configuration"); ?></td> </tr> <tr> @@ -184,7 +189,6 @@ function enable_change(enable_over) { <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)"> </td> </tr> -<?php endif; ?> </table> </div> </td> diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php index c1a25d4..c6939d7 100755 --- a/usr/local/www/services_dyndns.php +++ b/usr/local/www/services_dyndns.php @@ -114,21 +114,21 @@ include("head.inc"); </td> <td class="listlr"> <?php - $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap"); - $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap"); - $j = 0; for ($j = 0; $j < count($vals); $j++) - if ($vals[$j] == $dyndns['type']) { - echo htmlspecialchars($types[$j]); - break; - } - ?> + $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap"); + $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap"); + $j = 0; for ($j = 0; $j < count($vals); $j++) + if ($vals[$j] == $dyndns['type']) { + echo htmlspecialchars($types[$j]); + break; + } + ?> </td> <td class="listr"> <?=htmlspecialchars($dyndns['host']);?> </td> <td class="listlr"> <?php - $filename = "{$g['conf_path']}/dyndns_{$if}{$dyndns['type']}.cache"; + $filename = "{$g['conf_path']}/dyndns_{$if}{$dyndns['type']}" . escapeshellarg($dyndns['host']) . ".cache"; $ipaddr = dyndnsCheckIP($if); if(file_exists($filename)) { $cached_ip_s = split(":", file_get_contents($filename)); diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index 7d3072c..9ff0f22 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -117,7 +117,7 @@ if ($_POST) { conf_mount_rw(); - mwexec("/bin/rm {$g['conf_path']}/dyndns_{$dyndns['interface']}{$dyndns['type']}.cache"); + unlink("{$g['conf_path']}/dyndns_{$dyndns['interface']}{$dyndns['type']}{$dyndns['host']}.cache"); $retval = services_dyndns_configure_client($dyndns); diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index a68b6bd..4527a71 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -174,7 +174,7 @@ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients'] foreach ($ifdescrs as $ifn => $ifd) { echo "<option value=\"$ifn\""; if ($ifn == $curif) echo " selected"; - echo ">" . strtoupper(htmlspecialchars($ifd)) . " (" . strtoupper($ifn) . ")</option>\n"; + echo ">" . htmlspecialchars($ifd) . "</option>\n"; } ?> </select> @@ -184,8 +184,8 @@ foreach ($ifdescrs as $ifn => $ifd) { <p> <div id="niftyOutter"> <div id="col1" style="float: left; width: 46%; padding: 5px; position: relative;"> - <object data="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=strtoupper(rawurlencode($ifdescrs[htmlspecialchars($curif)]));?>" type="image/svg+xml" width="<?=$width;?>" height="<?=$height;?>"> - <param name="src" value="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=strtoupper(rawurlencode($ifdescrs[htmlspecialchars($curif)]));?>" /> + <object data="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=rawurlencode($ifdescrs[htmlspecialchars($curif)]);?>" type="image/svg+xml" width="<?=$width;?>" height="<?=$height;?>"> + <param name="src" value="graph.php?ifnum=<?=htmlspecialchars($curif);?>&ifname=<?=rawurlencode($ifdescrs[htmlspecialchars($curif)]);?>" /> <?=gettext("Your browser does not support the type SVG! You need to either use Firefox or download the Adobe SVG plugin"); ?>. </object> </div> diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php index bab9976..43510c8 100755 --- a/usr/local/www/status_lb_vs.php +++ b/usr/local/www/status_lb_vs.php @@ -94,7 +94,7 @@ function parse_redirects($rdr_a) { $line = $rdr_a[$i]; if (preg_match("/^[0-9]+/", $line)) { $regs = array(); - if($x = preg_match("/^[0-9]+\s+redirect\s+([0-9a-zA-Z\s]+)\s+([a-z]+)/", $line, $regs)) { + if($x = preg_match("/^[0-9]+\s+redirect\s+([0-9a-zA-Z\.]+)\s+([a-z]+)/", $line, $regs)) { $vs[trim($regs[1])] = array(); $vs[trim($regs[1])]['status'] = trim($regs[2]); } diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 0a944a9..38d12c1 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -124,6 +124,11 @@ if ($_POST) { else $config['system']['enablebinatreflection'] = "yes"; + if($_POST['enablenatreflectionhelper'] == "yes") + $config['system']['enablenatreflectionhelper'] = "yes"; + else + unset($config['system']['enablenatreflectionhelper']); + $config['system']['reflectiontimeout'] = $_POST['reflectiontimeout']; if($_POST['bypassstaticroutes'] == "yes") @@ -348,6 +353,15 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"> </td> + <td width="78%" class="vtable"> + <input name="enablenatreflectionhelper" type="checkbox" id="enablenatreflectionhelper" value="yes" <?php if (isset($config['system']['enablenatreflectionhelper'])) echo "checked"; ?> /> + <strong><?=gettext("Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.");?></strong> + <br/> + <?=gettext("Currently only applies to 1:1 NAT rules. Required for full functionality of NAT Reflection for 1:1 NAT.");?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td> <td width="78%" class="vtable"> <select name="tftpinterface[]" multiple="true" class="formselect" size="3"> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 547ee46..b93301d 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -57,6 +57,7 @@ $pconfig['maxmss'] = $config['system']['maxmss']; $pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); $pconfig['glxsb_enable'] = isset($config['system']['glxsb_enable']); $pconfig['schedule_states'] = isset($config['system']['schedule_states']); +$pconfig['kill_states'] = isset($config['system']['kill_states']); if ($_POST) { @@ -107,6 +108,11 @@ if ($_POST) { else unset($config['system']['schedule_states']); + if($_POST['kill_states'] == "yes") + $config['system']['kill_states'] = true; + else + unset($config['system']['kill_states']); + write_config(); $retval = 0; @@ -279,6 +285,21 @@ function maxmss_checked(obj) { "This option allows to override this setting by not clearing states for existing connections."); ?> </td> </tr> + <tr> + <td colspan="2" class="list" height="12"> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Gateway Monitoring"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("States"); ?></td> + <td width="78%" class="vtable"> + <input name="kill_states" type="checkbox" id="kill_states" value="yes" <?php if ($pconfig['kill_states']) echo "checked"; ?> /> + <br /> + <?=gettext("By default the monitoring process will flush states for a gateway that goes down. ". + "This option allows to override this setting by not clearing states for existing connections."); ?> + </td> + </tr> <tr> <td colspan="2" class="list" height="12"> </td> </tr> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 9a78cb6..90b61d6 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -214,16 +214,18 @@ if ($_POST) { if (!$input_errors) { $result = false; - $crl = array(); - $crl['refid'] = uniqid(); - if ($thiscrl) + if ($thiscrl) { $crl =& $thiscrl; + } else { + $crl = array(); + $crl['refid'] = uniqid(); + } $crl['descr'] = $pconfig['descr']; $crl['caref'] = $pconfig['caref']; if ($pconfig['method'] == "existing") { - $crl['text'] == base64_encode($pconfig['crltext']); + $crl['text'] = base64_encode($pconfig['crltext']); } if ($pconfig['method'] == "internal") { @@ -235,7 +237,7 @@ if ($_POST) { if (!$thiscrl) $a_crl[] = $crl; - write_config("Saved CRL {$crl['caref']}"); + write_config("Saved CRL {$crl['descr']}"); pfSenseHeader("system_crlmanager.php"); } @@ -537,9 +539,11 @@ function method_change() { <td class="listr"><?php echo ($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td> <td class="listr"><?php echo ($inuse) ? "YES" : "NO"; ?></td> <td valign="middle" nowrap class="list"> + <?php if (!$internal || count($tmpcrl['cert'])): ?> <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid'];?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" /> </a> + <?php endif; ?> <?php if ($internal): ?> <a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid'];?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" /> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 21f37ab..025ff97 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -116,7 +116,7 @@ if ($_POST) { $parent_ip = get_interface_ip($_POST['interface']); if (is_ipaddr($parent_ip)) { $parent_sn = get_interface_subnet($_POST['interface']); - if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn)) { + if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['gateway'])) { $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); } } diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index f2ca993..3ca0de9 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -206,7 +206,7 @@ include("head.inc"); </tr> <tr><td> </td> <tr> - <td width="45%" align="right"><font color="white"><?=gettext("Default gateway:"); ?></td><td><input type="checkbox" id="defaultgw" name="defaultgw"<?=$checked?>></td> + <td width="45%" align="right"><font color="white"><?=gettext("Default gateway:"); ?></td><td><input type="checkbox" id="defaultgw" name="defaultgw"></td> </tr> <tr> <td width="45%" align="right"><font color="white"><?=gettext("Interface:"); ?></td> @@ -291,7 +291,9 @@ include("head.inc"); var descr = $('gatewaydescr').getValue(); gatewayip = $('gatewayip').getValue(); addrtype = $('addrtype').getValue(); - var defaultgw = $('defaultgw').getValue(); + var defaultgw = ''; + if ($('defaultgw').checked) + defaultgw = 'yes'; var url = "system_gateways_edit.php"; var pars = 'isAjax=true&defaultgw=' + escape(defaultgw) + '&interface=' + escape(iface) + '&name=' + escape(name) + '&descr=' + escape(descr) + '&gateway=' + escape(gatewayip) + '&type=' + escape(addrtype); var myAjax = new Ajax.Request( @@ -310,7 +312,7 @@ include("head.inc"); optn.value = value; selectbox.options.add(optn); selectbox.selectedIndex = (selectbox.options.length-1); - $('notebox').innerHTML="<p/><strong><?=gettext("NOTE:");?></strong> <?php printf(gettext("You can manage Gateways %shere%s."), "<a target='_new' href='system_gateways.php'>", "</a>");?> + $('notebox').innerHTML="<p/><strong><?=gettext("NOTE:");?></strong> <?php printf(gettext("You can manage Gateways %shere%s."), "<a target='_new' href='system_gateways.php'>", "</a>");?> </strong>"; } function report_failure() { alert("<?=gettext("Sorry, we could not create your gateway at this time."); ?>"); diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index d7e3e1a..d9017c4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -62,10 +62,13 @@ if ($_POST) { } if (!$input_errors) { - if ($_POST['savetest'] && $_POST['authmode'] == "ldap") - $save_and_test = true; - else - $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + if ($_POST['authmode'] != "local") { + $authsrv = auth_get_authserver($_POST['authmode']); + if ($_POST['savetest'] && $authsrv['type'] == "ldap") + $save_and_test = true; + else + $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + } if(isset($_POST['session_timeout']) && $_POST['session_timeout'] != "") diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index c0232ab..40879f6 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -191,7 +191,10 @@ include("head.inc"); $iflabels = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $iflabels[$cif] = strtoupper($cif) . " ({$carpip})"; + $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $if = htmlspecialchars($iflabels[$ph1ent['interface']]); } else @@ -443,7 +446,7 @@ function show_ipsec_header($ph1ent) { global $g; if (isset($ph1ent['mobile'])) $mobile = "&mobile=true"; - echo <<<EOF + ?> <tr> <td class="listhdrr"><?=gettext("Remote Gateway"); ?></td> <td class="listhdrr"><?=gettext("Mode"); ?></td> @@ -454,7 +457,7 @@ function show_ipsec_header($ph1ent) { </td> </tr> -EOF; +<?php } diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index c498858..6240a63 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -509,7 +509,10 @@ function dpdchkbox_change() { $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index f8d601d..b20fe0c 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -358,7 +358,12 @@ function change_protocol() { <select name="localid_type" class="formselect" onChange="typesel_change_local()"> <option value="address" <?php if ($pconfig['localid_type'] == "address") echo "selected";?>><?=gettext("Address"); ?></option> <option value="network" <?php if ($pconfig['localid_type'] == "network") echo "selected";?>><?=gettext("Network"); ?></option> - <option value="lan" <?php if ($pconfig['localid_type'] == "lan" ) echo "selected";?>><?=gettext("LAN subnet"); ?></option> + <?php + $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $ifname => $ifdescr): + ?> + <option value="<?=$ifname; ?>" <?php if ($pconfig['localid_type'] == $ifname ) echo "selected";?>><?=sprintf(gettext("%s subnet"), $ifdescr); ?></option> + <?php endforeach; ?> <option value="none" <?php if ($pconfig['localid_type'] == "none" ) echo "selected";?>><?=gettext("None"); ?></option> </select> </td> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 04bbeb9..96f67bf 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -457,10 +457,10 @@ if ($savemsg) $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) - $interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})"; + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; @@ -479,7 +479,7 @@ if ($savemsg) <td width="78%" class="vtable"> <input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/> <br/> - <?=gettext("Set this option if you would like to bind to a specific port"); ?>. + <?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?> </td> </tr> <tr> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 7cb4332..9d7c00d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -427,6 +427,7 @@ function mode_change() { case "p2p_shared_key": document.getElementById("client_opts").style.display="none"; document.getElementById("remote_opts").style.display=""; + document.getElementById("gwredir_opts").style.display="none"; document.getElementById("local_opts").style.display="none"; document.getElementById("authmodetr").style.display="none"; document.getElementById("inter_client_communication").style.display="none"; @@ -434,6 +435,7 @@ function mode_change() { case "p2p_tls": document.getElementById("client_opts").style.display="none"; document.getElementById("remote_opts").style.display=""; + document.getElementById("gwredir_opts").style.display=""; document.getElementById("local_opts").style.display=""; document.getElementById("authmodetr").style.display="none"; document.getElementById("inter_client_communication").style.display="none"; @@ -443,6 +445,7 @@ function mode_change() { document.getElementById("authmodetr").style.display=""; document.getElementById("client_opts").style.display=""; document.getElementById("remote_opts").style.display="none"; + document.getElementById("gwredir_opts").style.display=""; document.getElementById("local_opts").style.display=""; document.getElementById("inter_client_communication").style.display=""; break; @@ -451,10 +454,12 @@ function mode_change() { default: document.getElementById("client_opts").style.display=""; document.getElementById("remote_opts").style.display="none"; + document.getElementById("gwredir_opts").style.display=""; document.getElementById("local_opts").style.display=""; document.getElementById("inter_client_communication").style.display=""; break; } + gwredir_change(); } function autokey_change() { @@ -658,10 +663,10 @@ if ($savemsg) $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) - $interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})"; + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; @@ -900,7 +905,7 @@ if ($savemsg) "to connecting clients. (see Address Pool)"); ?> </td> </tr> - <tr> + <tr id="gwredir_opts"> <td width="22%" valign="top" class="vncell"><?=gettext("Redirect Gateway"); ?></td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> diff --git a/usr/local/www/widgets/include/carp_status.inc b/usr/local/www/widgets/include/carp_status.inc index d2851d2..79d3c03 100644 --- a/usr/local/www/widgets/include/carp_status.inc +++ b/usr/local/www/widgets/include/carp_status.inc @@ -4,4 +4,4 @@ $carp_status_title = "Carp Status"; $carp_status_title_link = "carp_status.php"; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/widgets/widgets/carp_status.widget.php b/usr/local/www/widgets/widgets/carp_status.widget.php index 7c98946..6399579 100644 --- a/usr/local/www/widgets/widgets/carp_status.widget.php +++ b/usr/local/www/widgets/widgets/carp_status.widget.php @@ -37,13 +37,14 @@ require_once("/usr/local/www/widgets/include/carp_status.inc"); if(is_array($config['virtualip']['vip'])) { $carpint=0; foreach($config['virtualip']['vip'] as $carp) { - if ($carp['mode'] != "carp") continue; + if ($carp['mode'] != "carp") + continue; $ipaddress = $carp['subnet']; $password = $carp['password']; - $netmask = $carp['subnet_bits']; + $netmask = $carp['subnet_bits']; $vhid = $carp['vhid']; $advskew = $carp['advskew']; - $carp_int = find_carp_interface($ipaddress); + $carp_int = "vip{$vhid}"; $status = get_carp_interface_status($carp_int); ?> <tr> @@ -54,7 +55,7 @@ require_once("/usr/local/www/widgets/include/carp_status.inc"); </td> <td width="70%" class="listr"> <?php - if($status == "MASTER") { + if($status == "MASTER") { echo "<img src='/themes/".$g['theme']."/images/icons/icon_pass.gif' title=\"$status\">"; } else if($status == "BACKUP") { echo "<img src='/themes/".$g['theme']."/images/icons/icon_pass_d.gif' title=\"$status\">"; @@ -73,4 +74,4 @@ require_once("/usr/local/www/widgets/include/carp_status.inc"); <?php } ?> -</table>
\ No newline at end of file +</table> diff --git a/usr/local/www/widgets/widgets/cpu_graphs.widget.php b/usr/local/www/widgets/widgets/deactivated/cpu_graphs.widget.php index 42c5faa..fa48610 100644 --- a/usr/local/www/widgets/widgets/cpu_graphs.widget.php +++ b/usr/local/www/widgets/widgets/deactivated/cpu_graphs.widget.php @@ -70,4 +70,3 @@ require_once("functions.inc"); //GraphDynamicScale(graph[0]); </script> - diff --git a/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/usr/local/www/widgets/widgets/traffic_graphs.widget.php index bcc2298..9d1e76c 100644 --- a/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -68,7 +68,7 @@ Refresh Interval: <option value="8" <?php if ($refreshInterval == "8") echo "SELECTED";?>>8</option> <option value="9" <?php if ($refreshInterval == "9") echo "SELECTED";?>>9</option> <option value="10" <?php if ($refreshInterval == "10") echo "SELECTED";?>>10</option> - </select> Seconds<br> <b>Note:</b> changing this settings can affect CPU Performance on the pfSense Box<br><br> + </select> Seconds<br> <b>Note:</b> changing this setting will increase CPU utilization<br><br> <input id="submit" name="submit" type="submit" onclick="return updatePref();" class="formbtn" value="Save Settings" /> </div> diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 965a2aa..493fab1 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -894,7 +894,7 @@ if($pkg['step'][$stepid]['javascriptafterformdisplay'] <> "") { */ function fixup_string($string) { - global $config, $myurl; + global $config, $g, $myurl, $title; $newstring = $string; // fixup #1: $myurl -> http[s]://ip_address:port/ switch($config['system']['webgui']['protocol']) { @@ -918,7 +918,26 @@ function fixup_string($string) { $urlport = ""; } } - $myurl = $proto . "://" . $_SERVER['HTTP_HOST'] . $urlport . "/"; + $http_host = explode(":", $_SERVER['HTTP_HOST']); + $http_host = $http_host[0]; + $urlhost = $http_host; + // If finishing the setup wizard, check if accessing on a LAN or WAN address that changed + if($title == "Reload in progress") { + if (is_ipaddr($urlhost)) { + $host_if = find_ip_interface($urlhost); + if ($host_if) { + $host_if = convert_real_interface_to_friendly_interface_name($host_if); + if ($host_if && is_ipaddr($config['interfaces'][$host_if]['ipaddr'])) + $urlhost = $config['interfaces'][$host_if]['ipaddr']; + } + } else if ($urlhost == $config['system']['hostname']) + $urlhost = $config['wizardtemp']['system']['hostname']; + else if ($urlhost == $config['system']['hostname'] . '.' . $config['system']['domain']) + $urlhost = $config['wizardtemp']['system']['hostname'] . '.' . $config['wizardtemp']['system']['domain']; + } + if($urlhost != $http_host) + file_put_contents("{$g['tmp_path']}/setupwizard_lastreferrer", $proto . "://" . $http_host . $urlport . $_SERVER['REQUEST_URI']); + $myurl = $proto . "://" . $urlhost . $urlport . "/"; if (strstr($newstring, "\$myurl")) $newstring = str_replace("\$myurl", $myurl, $newstring); diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index aad3a59..6b0627c 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -57,7 +57,7 @@ <field> <name>Hostname</name> <type>input</type> - <bindstofield>system->hostname</bindstofield> + <bindstofield>wizardtemp->system->hostname</bindstofield> <description>EXAMPLE: myserver</description> <validate>^[a-z0-9.|-]+$</validate> <message>Invalid Hostname</message> @@ -65,7 +65,7 @@ <field> <name>Domain</name> <type>input</type> - <bindstofield>system->domain</bindstofield> + <bindstofield>wizardtemp->system->domain</bindstofield> <description>EXAMPLE: mydomain.com</description> <validate>^[a-z0-9.|-]+$</validate> <message>Domain name field is invalid</message> @@ -99,6 +99,14 @@ <type>submit</type> </field> </fields> + <stepbeforeformdisplay> + <![CDATA[ + $config['wizardtemp'] = array(); + $config['wizardtemp']['system'] = array(); + $config['wizardtemp']['system']['hostname'] = $config['system']['hostname']; + $config['wizardtemp']['system']['domain'] = $config['system']['domain']; + ]]> + </stepbeforeformdisplay> <stepsubmitphpaction> <![CDATA[ if(empty($_POST['hostname']) || !is_hostname($_POST['hostname'])) { @@ -553,6 +561,10 @@ <description>A reload is now in progress. Please wait. <p> The system will automatically try to access $myurl in 120 seconds. <p> You can click on the icon above to access the site more quickly. <meta http-equiv="refresh" content="60; url=$myurl" ></description> <stepafterformdisplay> + $config['system']['hostname'] = $config['wizardtemp']['system']['hostname']; + $config['system']['domain'] = $config['wizardtemp']['system']['domain']; + unset($config['wizardtemp']); + write_config(); reload_all(); mwexec_bg("/etc/rc.update_bogons.sh now"); </stepafterformdisplay> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index e42de1e..05c3671 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -555,10 +555,8 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); + exit; } function apply_all_choosen_items() { @@ -685,7 +683,7 @@ function apply_all_choosen_items() { if ($remainbw > 0 && $remainbw > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1037,7 +1035,7 @@ function apply_all_choosen_items() { if ($remainbw > 0 && $remainbw > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard.xml b/usr/local/www/wizards/traffic_shaper_wizard.xml index ce2b04c..4c2f2a3 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard.xml @@ -1215,16 +1215,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index 78c8990..50fa627 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -525,7 +525,7 @@ function step4_stepsubmitphpaction() { $stepid--; return; } - $bw = wizard_get_bw($_POST['bandwidth']); + $bw = $_POST['bandwidth']; if($bw > 15 && $bw < 2) { $savemsg="Values should be between 2% and 15%!"; $stepid--; @@ -554,7 +554,7 @@ function step5_stepsubmitphpaction() { $stepid--; return; } - $bw = wizard_get_bw($_POST['bandwidth']); + $bw = $_POST['bandwidth']; if($bw > 15 && $bw < 2) { $savemsg="Values should be between 2% and 15%!"; $stepid--; @@ -582,11 +582,8 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); + exit; } function apply_all_choosen_items() { @@ -712,7 +709,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1097,7 +1094,7 @@ function apply_all_choosen_items() { $remainbw = round($remainbw / $downbw * 100, 2); if (intval($remainbw) > 0 && intval($remainbw) > 40) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml index 5d83553..ecdb508 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml @@ -1220,16 +1220,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index 63b3b11..83c3e49 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -615,11 +615,8 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); + exit; } function apply_all_choosen_items() { @@ -745,7 +742,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1143,7 +1140,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 40) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml index 9fca078..050f493 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml @@ -1228,16 +1228,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index e4f5816..b5f8d63 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -397,11 +397,8 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); + exit; } function apply_all_choosen_items() { @@ -520,8 +517,8 @@ function apply_all_choosen_items() { $remainbw = round($remainbw / $upbw * 100, 2); if ($remainbw > 0 && $remainbw > 30) { - $message=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$message}"); + $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -910,8 +907,8 @@ function apply_all_choosen_items() { } $remainbw = round($remainbw / $lanbw * 100, 2); if ($remainbw > 0 && $remainbw > 30) { - $message=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$message}"); + $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml index 9ed7c44..ae5a139 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml @@ -1277,16 +1277,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 375ad46..ea0166b 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -61,12 +61,12 @@ if($synchronizetoip) { } $xmlrpc_g = array( - "return" => array( - "true" => new XML_RPC_Response(new XML_RPC_Value(true, $XML_RPC_Boolean)), - "false" => new XML_RPC_Response(new XML_RPC_Value(false, $XML_RPC_Boolean)), - "authfail" => new XML_RPC_Response(new XML_RPC_Value(gettext("Authentication failed"), $XML_RPC_String)) - ) - ); + "return" => array( + "true" => new XML_RPC_Response(new XML_RPC_Value(true, $XML_RPC_Boolean)), + "false" => new XML_RPC_Response(new XML_RPC_Value(false, $XML_RPC_Boolean)), + "authfail" => new XML_RPC_Response(new XML_RPC_Value(gettext("Authentication failed"), $XML_RPC_String)) + ) +); /* * pfSense XMLRPC errors @@ -75,20 +75,21 @@ $xmlrpc_g = array( $XML_RPC_erruser = 200; /* EXPOSED FUNCTIONS */ - $exec_php_doc = gettext("XMLRPC wrapper for eval(). This method must be called with two parameters: a string containing the local system\'s password followed by the PHP code to evaluate."); $exec_php_sig = array( - array( - $XML_RPC_Boolean, // First signature element is return value. - $XML_RPC_String, // password - $XML_RPC_String, // shell code to exec - ) - ); + array( + $XML_RPC_Boolean, // First signature element is return value. + $XML_RPC_String, // password + $XML_RPC_String, // shell code to exec + ) +); function exec_php_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $exec_php = $params[0]; eval($exec_php); if($toreturn) { @@ -99,61 +100,61 @@ function exec_php_xmlrpc($raw_params) { } /*****************************/ - $exec_shell_doc = gettext("XMLRPC wrapper for mwexec(). This method must be called with two parameters: a string containing the local system\'s password followed by an shell command to execute."); $exec_shell_sig = array( - array( - $XML_RPC_Boolean, // First signature element is return value. - $XML_RPC_String, // password - $XML_RPC_String, // shell code to exec - ) - ); - + array( + $XML_RPC_Boolean, // First signature element is return value. + $XML_RPC_String, // password + $XML_RPC_String, // shell code to exec + ) +); function exec_shell_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $shell_cmd = $params[0]; mwexec($shell_cmd); + return $xmlrpc_g['return']['true']; } - - /*****************************/ - - $backup_config_section_doc = gettext("XMLRPC wrapper for backup_config_section. This method must be called with two parameters: a string containing the local system\'s password followed by an array containing the keys to be backed up."); $backup_config_section_sig = array( - array( - $XML_RPC_Struct, // First signature element is return value. - $XML_RPC_String, - $XML_RPC_Array - ) - ); + array( + $XML_RPC_Struct, // First signature element is return value. + $XML_RPC_String, + $XML_RPC_Array + ) +); function backup_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $val = array_intersect_key($config, array_flip($params[0])); + return new XML_RPC_Response(XML_RPC_encode($val)); } /*****************************/ - $restore_config_section_doc = gettext("XMLRPC wrapper for restore_config_section. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $restore_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; @@ -168,54 +169,55 @@ function restore_config_section_xmlrpc($raw_params) { // For vip section, first keep items sent from the master $config = array_merge($config, $params[0]); // Then add ipalias and proxyarp types already defined on the backup - foreach ($vipbackup as $vip) { - if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) - $config['virtualip']['vip'][]=$vip ; + if (is_array($vipbackup)) { + foreach ($vipbackup as $vip) { + if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + array_unshift($config['virtualip']['vip'], $vip); + } } $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } - /*****************************/ - - $merge_config_section_doc = gettext("XMLRPC wrapper for merging package sections. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $merge_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function merge_installedpackages_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $config['installedpackages'] = array_merge($config['installedpackages'], $params[0]); $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); + return $xmlrpc_g['return']['true']; } - /*****************************/ - - $merge_config_section_doc = gettext("XMLRPC wrapper for merge_config_section. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $merge_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; @@ -229,23 +231,25 @@ function merge_config_section_xmlrpc($raw_params) { $mergedkeys = implode(",", array_keys($params[0])); write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client."); interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $filter_configure_doc = gettext("Basic XMLRPC wrapper for filter_configure. This method must be called with one paramater: a string containing the local system\'s password. This function returns true upon completion."); $filter_configure_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String + ) +); function filter_configure_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; filter_configure(); system_routing_configure(); setup_gateways_monitor(); @@ -255,71 +259,98 @@ function filter_configure_xmlrpc($raw_params) { services_dhcpd_configure(); services_dnsmasq_configure(); local_sync_accounts(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $carp_configure_doc = gettext("Basic XMLRPC wrapper for configuring CARP interfaces."); $carp_configure_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String + ) +); function interfaces_carp_configure_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $check_firmware_version_doc = gettext("Basic XMLRPC wrapper for check_firmware_version. This function will return the output of check_firmware_version upon completion."); + $check_firmware_version_sig = array( - array( - $XML_RPC_String, - $XML_RPC_String - ) - ); + array( + $XML_RPC_String, + $XML_RPC_String + ) +); function check_firmware_version_xmlrpc($raw_params) { global $xmlrpc_g, $XML_RPC_String; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + return new XML_RPC_Response(new XML_RPC_Value(check_firmware_version(false), $XML_RPC_String)); } /*****************************/ +$pfsense_firmware_version_doc = gettext("Basic XMLRPC wrapper for check_firmware_version. This function will return the output of check_firmware_version upon completion."); + +$pfsense_firmware_version_sig = array ( + array ( + $XML_RPC_Struct, + $XML_RPC_String + ) +); + +function pfsense_firmware_version_xmlrpc($raw_params) { + global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + + return new XML_RPC_Response(XML_RPC_encode(host_firmware_version())); +} + +/*****************************/ $reboot_doc = gettext("Basic XMLRPC wrapper for rc.reboot."); $reboot_sig = array(array($XML_RPC_Boolean, $XML_RPC_String)); - function reboot_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; mwexec_bg("/etc/rc.reboot"); + return $xmlrpc_g['return']['true']; } /*****************************/ - $get_notices_sig = array( - array( - $XML_RPC_Array, - $XML_RPC_String - ), - array( - $XML_RPC_Array - ) - ); + array( + $XML_RPC_Array, + $XML_RPC_String + ), + array( + $XML_RPC_Array + ) +); function get_notices_xmlrpc($raw_params) { global $g, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; require("notices.inc"); @@ -329,44 +360,47 @@ function get_notices_xmlrpc($raw_params) { $toreturn = get_notices($params); } $response = new XML_RPC_Response(XML_RPC_encode($toreturn)); + return $response; } /*****************************/ - $server = new XML_RPC_Server( array( - 'pfsense.exec_shell' => array('function' => 'exec_shell_xmlrpc', - 'signature' => $exec_shell_sig, - 'docstring' => $exec_shell_doc), - 'pfsense.exec_php' => array('function' => 'exec_php_xmlrpc', - 'signature' => $exec_php_sig, - 'docstring' => $exec_php_doc), - 'pfsense.filter_configure' => array('function' => 'filter_configure_xmlrpc', - 'signature' => $filter_configure_sig, - 'docstring' => $filter_configure_doc), - 'pfsense.interfaces_carp_configure' => array('function' => 'interfaces_carp_configure_xmlrpc', - 'docstring' => $carp_configure_sig), - 'pfsense.backup_config_section' => array('function' => 'backup_config_section_xmlrpc', - 'signature' => $backup_config_section_sig, - 'docstring' => $backup_config_section_doc), - 'pfsense.restore_config_section' => array('function' => 'restore_config_section_xmlrpc', - 'signature' => $restore_config_section_sig, - 'docstring' => $restore_config_section_doc), - 'pfsense.merge_config_section' => array('function' => 'merge_config_section_xmlrpc', - 'signature' => $merge_config_section_sig, - 'docstring' => $merge_config_section_doc), - 'pfsense.merge_installedpackages_section_xmlrpc' => array('function' => 'merge_installedpackages_section_xmlrpc', - 'signature' => $merge_config_section_sig, - 'docstring' => $merge_config_section_doc), - 'pfsense.check_firmware_version' => array('function' => 'check_firmware_version_xmlrpc', - 'signature' => $check_firmware_version_sig, - 'docstring' => $check_firmware_version_doc), - 'pfsense.reboot' => array('function' => 'reboot_xmlrpc', - 'signature' => $reboot_sig, - 'docstring' => $reboot_doc), - 'pfsense.get_notices' => array('function' => 'get_notices_xmlrpc', - 'signature' => $get_notices_sig) + 'pfsense.exec_shell' => array('function' => 'exec_shell_xmlrpc', + 'signature' => $exec_shell_sig, + 'docstring' => $exec_shell_doc), + 'pfsense.exec_php' => array('function' => 'exec_php_xmlrpc', + 'signature' => $exec_php_sig, + 'docstring' => $exec_php_doc), + 'pfsense.filter_configure' => array('function' => 'filter_configure_xmlrpc', + 'signature' => $filter_configure_sig, + 'docstring' => $filter_configure_doc), + 'pfsense.interfaces_carp_configure' => array('function' => 'interfaces_carp_configure_xmlrpc', + 'docstring' => $carp_configure_sig), + 'pfsense.backup_config_section' => array('function' => 'backup_config_section_xmlrpc', + 'signature' => $backup_config_section_sig, + 'docstring' => $backup_config_section_doc), + 'pfsense.restore_config_section' => array('function' => 'restore_config_section_xmlrpc', + 'signature' => $restore_config_section_sig, + 'docstring' => $restore_config_section_doc), + 'pfsense.merge_config_section' => array('function' => 'merge_config_section_xmlrpc', + 'signature' => $merge_config_section_sig, + 'docstring' => $merge_config_section_doc), + 'pfsense.merge_installedpackages_section_xmlrpc' => array('function' => 'merge_installedpackages_section_xmlrpc', + 'signature' => $merge_config_section_sig, + 'docstring' => $merge_config_section_doc), + 'pfsense.check_firmware_version' => array('function' => 'check_firmware_version_xmlrpc', + 'signature' => $check_firmware_version_sig, + 'docstring' => $check_firmware_version_doc), + 'pfsense.host_firmware_version' => array('function' => 'pfsense_firmware_version_xmlrpc', + 'signature' => $pfsense_firmware_version_sig, + 'docstring' => $host_firmware_version_doc), + 'pfsense.reboot' => array('function' => 'reboot_xmlrpc', + 'signature' => $reboot_sig, + 'docstring' => $reboot_doc), + 'pfsense.get_notices' => array('function' => 'get_notices_xmlrpc', + 'signature' => $get_notices_sig) ) ); |
