diff options
| author | jim-p <jimp@pfsense.org> | 2014-07-01 15:22:42 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2014-07-01 15:22:42 -0400 |
| commit | c55dfc4a9b4020533e6ec25278fc772b33ff2b93 (patch) | |
| tree | 4a0e35d70f05c7301b5db9d63e215d250e578736 | |
| parent | c5f9fb72655ce9b87ba7a8dad5cadeb1acd20150 (diff) | |
| download | pfsense-c55dfc4a9b4020533e6ec25278fc772b33ff2b93.zip pfsense-c55dfc4a9b4020533e6ec25278fc772b33ff2b93.tar.gz | |
Detect if an unofficial package repository is in use and warn the user. Part of issue #484 (more to go)
| -rw-r--r-- | etc/inc/pkg-utils.inc | 30 | ||||
| -rw-r--r-- | usr/local/www/pkg_mgr.php | 11 |
2 files changed, 40 insertions, 1 deletions
diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 1174f79..016f027 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1411,4 +1411,34 @@ function get_pkg_interfaces_select_source($include_localhost=false) { } return $ssifs; } + +function verify_all_package_servers() { + global $config, $g; + /* If an alternate package repository is defined, check it before + checking the default. */ + if (isset($config['system']['altpkgrepo']['enable']) && !empty($config['system']['altpkgrepo']['xmlrpcbaseurl'])) { + return verify_package_server($config['system']['altpkgrepo']['xmlrpcbaseurl']); + } else { + return verify_package_server($g['xmlrpcbaseurl']); + } +} + +/* Check if the active package server is a valid default or if it has been + altered. */ +function verify_package_server($server) { + /* Define the expected default package server domains. Include + preceding "." to prevent matching from being too liberal. */ + $default_package_domains = array('.pfsense.org', '.pfsense.com', '.netgate.com'); + + /* For this test we only need to check the hostname. */ + $xmlrpcbase = parse_url($server, PHP_URL_HOST); + + foreach ($default_package_domains as $dom) { + if (substr($xmlrpcbase, -(strlen($dom))) == $dom) { + return true; + } + } + return false; +} + ?> diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 4afb295..454cedd 100644 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -74,6 +74,7 @@ function domTT_title($title_msg) { //get_pkg_info only if cache file has more then $g[min_pkg_cache_file_time] seconds $pkg_cache_file_time=($g['min_pkg_cache_file_time'] ? $g['min_pkg_cache_file_time'] : 120); +$xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; if (!file_exists("{$g['tmp_path']}/pkg_info.cache") || (time() - filemtime("{$g['tmp_path']}/pkg_info.cache")) > $pkg_cache_file_time) { $pkg_info = get_pkg_info('all', array("noembedded", "name", "category", "website", "version", "status", "descr", "maintainer", "required_version", "maximum_version", "pkginfolink", "config_file")); //create cache file after get_pkg_info @@ -84,7 +85,6 @@ if (!file_exists("{$g['tmp_path']}/pkg_info.cache") || (time() - filemtime("{$g[ //$pkg_sizes = get_pkg_sizes(); } else { $using_cache = true; - $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; if(file_exists("{$g['tmp_path']}/pkg_info.cache")) { $savemsg = sprintf(gettext("Unable to retrieve package info from %s. Cached data will be used."), $xmlrpc_base_url); $pkg_info = unserialize(@file_get_contents("{$g['tmp_path']}/pkg_info.cache")); @@ -115,6 +115,15 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); + + if (!verify_all_package_servers()) + print_info_box(sprintf(gettext("The package server currently " + . "configured on this firewall (%s) is NOT an official package " + . "server. The contents of such servers cannot be verified and " + . "may contain malicious files. To ensure that you receive " + . "verifiable and trusted packages, return the package server " + . "settings to their default values."), htmlspecialchars($xmlrpc_base_url))); + if ($savemsg) print_info_box($savemsg); ?> |
