summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-07-01 15:22:42 -0400
committerjim-p <jimp@pfsense.org>2014-07-01 15:22:42 -0400
commitc55dfc4a9b4020533e6ec25278fc772b33ff2b93 (patch)
tree4a0e35d70f05c7301b5db9d63e215d250e578736
parentc5f9fb72655ce9b87ba7a8dad5cadeb1acd20150 (diff)
downloadpfsense-c55dfc4a9b4020533e6ec25278fc772b33ff2b93.zip
pfsense-c55dfc4a9b4020533e6ec25278fc772b33ff2b93.tar.gz
Detect if an unofficial package repository is in use and warn the user. Part of issue #484 (more to go)
-rw-r--r--etc/inc/pkg-utils.inc30
-rw-r--r--usr/local/www/pkg_mgr.php11
2 files changed, 40 insertions, 1 deletions
diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc
index 1174f79..016f027 100644
--- a/etc/inc/pkg-utils.inc
+++ b/etc/inc/pkg-utils.inc
@@ -1411,4 +1411,34 @@ function get_pkg_interfaces_select_source($include_localhost=false) {
}
return $ssifs;
}
+
+function verify_all_package_servers() {
+ global $config, $g;
+ /* If an alternate package repository is defined, check it before
+ checking the default. */
+ if (isset($config['system']['altpkgrepo']['enable']) && !empty($config['system']['altpkgrepo']['xmlrpcbaseurl'])) {
+ return verify_package_server($config['system']['altpkgrepo']['xmlrpcbaseurl']);
+ } else {
+ return verify_package_server($g['xmlrpcbaseurl']);
+ }
+}
+
+/* Check if the active package server is a valid default or if it has been
+ altered. */
+function verify_package_server($server) {
+ /* Define the expected default package server domains. Include
+ preceding "." to prevent matching from being too liberal. */
+ $default_package_domains = array('.pfsense.org', '.pfsense.com', '.netgate.com');
+
+ /* For this test we only need to check the hostname. */
+ $xmlrpcbase = parse_url($server, PHP_URL_HOST);
+
+ foreach ($default_package_domains as $dom) {
+ if (substr($xmlrpcbase, -(strlen($dom))) == $dom) {
+ return true;
+ }
+ }
+ return false;
+}
+
?>
diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php
index 4afb295..454cedd 100644
--- a/usr/local/www/pkg_mgr.php
+++ b/usr/local/www/pkg_mgr.php
@@ -74,6 +74,7 @@ function domTT_title($title_msg) {
//get_pkg_info only if cache file has more then $g[min_pkg_cache_file_time] seconds
$pkg_cache_file_time=($g['min_pkg_cache_file_time'] ? $g['min_pkg_cache_file_time'] : 120);
+$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl'];
if (!file_exists("{$g['tmp_path']}/pkg_info.cache") || (time() - filemtime("{$g['tmp_path']}/pkg_info.cache")) > $pkg_cache_file_time) {
$pkg_info = get_pkg_info('all', array("noembedded", "name", "category", "website", "version", "status", "descr", "maintainer", "required_version", "maximum_version", "pkginfolink", "config_file"));
//create cache file after get_pkg_info
@@ -84,7 +85,6 @@ if (!file_exists("{$g['tmp_path']}/pkg_info.cache") || (time() - filemtime("{$g[
//$pkg_sizes = get_pkg_sizes();
} else {
$using_cache = true;
- $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl'];
if(file_exists("{$g['tmp_path']}/pkg_info.cache")) {
$savemsg = sprintf(gettext("Unable to retrieve package info from %s. Cached data will be used."), $xmlrpc_base_url);
$pkg_info = unserialize(@file_get_contents("{$g['tmp_path']}/pkg_info.cache"));
@@ -115,6 +115,15 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
+
+ if (!verify_all_package_servers())
+ print_info_box(sprintf(gettext("The package server currently "
+ . "configured on this firewall (%s) is NOT an official package "
+ . "server. The contents of such servers cannot be verified and "
+ . "may contain malicious files. To ensure that you receive "
+ . "verifiable and trusted packages, return the package server "
+ . "settings to their default values."), htmlspecialchars($xmlrpc_base_url)));
+
if ($savemsg)
print_info_box($savemsg);
?>
OpenPOWER on IntegriCloud