diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-08-19 13:52:35 -0400 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-08-19 13:52:35 -0400 |
commit | 24b20350a88b81e99aa6faa5685283e00bdf2083 (patch) | |
tree | 9c8b8f62ee734fd252d301f15031069310d87e89 | |
parent | 6ed79b897b24e323d24746bd53af771ad72d4a43 (diff) | |
parent | 73b5c257b60df7030397e5d825d20f402731a102 (diff) | |
download | pfsense-24b20350a88b81e99aa6faa5685283e00bdf2083.zip pfsense-24b20350a88b81e99aa6faa5685283e00bdf2083.tar.gz |
Merge branch 'RELENG_2_3_4' of gitlab.netgate.com:pfsense/pfsense into RELENG_2_3_4
100 files changed, 2514 insertions, 1024 deletions
@@ -120,6 +120,7 @@ while test "$1" != ""; do export NO_BUILDKERNEL=YES export NO_CLEAN_FREEBSD_OBJ=YES export NO_CLEAN_FREEBSD_SRC=YES + export DO_NOT_SIGN_PKG_REPO=YES _SKIP_REBUILD_PRESTAGE=YES _USE_OLD_DATESTRING=YES ;; @@ -128,6 +129,7 @@ while test "$1" != ""; do ;; --rsync-repos) BUILDACTION="rsync_repos" + export DO_NOT_SIGN_PKG_REPO=YES ;; --build-kernels) BUILDACTION="buildkernels" @@ -415,10 +417,10 @@ if [ -z "${_SKIP_REBUILD_PRESTAGE}" ]; then # Install packages needed for Product install_pkg_install_ports -fi -# Create core repo -core_pkg_create_repo + # Create core repo + core_pkg_create_repo +fi # Send core repo to staging area pkg_repo_rsync "${CORE_PKG_PATH}" ignore_final_rsync diff --git a/src/conf.default/config.xml b/src/conf.default/config.xml index 0937a2b..d44d4ed 100644 --- a/src/conf.default/config.xml +++ b/src/conf.default/config.xml @@ -213,6 +213,15 @@ <who>root</who> <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command> </item> + <item> + <minute>1</minute> + <hour>0</hour> + <mday>*</mday> + <month>*</month> + <wday>*</wday> + <who>root</who> + <command>/usr/bin/nice -n20 /etc/rc.update_pkg_metadata</command> + </item> </cron> <wol/> <rrd> @@ -262,7 +271,7 @@ </monitor_type> </load_balancer> <widgets> - <sequence>system_information:col1:show,interfaces:col2:show</sequence> + <sequence>system_information:col1:show,netgate_services_and_support:col2:show,interfaces:col2:show</sequence> <period>10</period> </widgets> <openvpn/> diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 4835a00..3195304 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -67,6 +67,31 @@ $security_passed = true; /* If this function doesn't exist, we're being called from Captive Portal or another internal subsystem which does not include authgui.inc */ +if (function_exists("display_error_form")) { + /* Extra layer of lockout protection. Check if the user is in the GUI + * lockout table before processing a request */ + + /* Fetch the contents of the lockout table. */ + exec("/sbin/pfctl -t 'webConfiguratorlockout' -T show", $entries); + + /* If the client is in the lockout table, print an error, kill states, and exit */ + if (in_array($_SERVER['REMOTE_ADDR'], array_map('trim', $entries))) { + if (!security_checks_disabled()) { + /* They may never see the error since the connection will be cut off, but try to be nice anyhow. */ + display_error_form("501", gettext("Access Denied<br/><br/>Access attempt from a temporarily locked out client address.<br /><br />Try accessing the firewall again after the lockout expires.")); + /* If they are locked out, they shouldn't have a state. Disconnect their connections. */ + $retval = pfSense_kill_states($_SERVER['REMOTE_ADDR']); + if (is_ipaddrv4($_SERVER['REMOTE_ADDR'])) { + $retval = pfSense_kill_states("0.0.0.0/0", $_SERVER['REMOTE_ADDR']); + } elseif (is_ipaddrv6($_SERVER['REMOTE_ADDR'])) { + $retval = pfSense_kill_states("::", $_SERVER['REMOTE_ADDR']); + } + exit; + } + $security_passed = false; + } +} + if (function_exists("display_error_form") && !isset($config['system']['webgui']['nodnsrebindcheck'])) { /* DNS ReBinding attack prevention. https://redmine.pfsense.org/issues/708 */ $found_host = false; diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index 9437d23..81992c9 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -137,33 +137,78 @@ function display_error_form($http_code, $desc) { return; } - $cssfile = "/css/pfSense.css"; - - if (isset($user_settings['webgui']['webguicss'])) { - if (file_exists("/usr/local/www/css/" . $user_settings['webgui']['webguicss'])) { - $cssfile = "/css/" . $user_settings['webgui']['webguicss']; - } - } + $logincssfile = "#770101"; ?> <!DOCTYPE html> <html lang="en"> -<head> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <link rel="stylesheet" href="<?=$cssfile?>" /> - <title><?=gettext("Error: not allowed"); ?></title> -</head> -<body id="error" class="no-menu"> - <div id="jumbotron"> - <div class="container"> - <div class="col-sm-offset-3 col-sm-6 col-xs-12"> - <!-- FIXME: We really need to POST the logout action --> - <div class="alert alert-danger" role="alert"><a href="index.php?logout"><?=$desc;?></a></div> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <link rel="stylesheet" href="/vendor/bootstrap/css/bootstrap.min.css" type="text/css"> + <link rel="stylesheet" href="/css/login.css" type="text/css"> + <title><?=gettext("Error"); ?></title> + </head> + + <body id="error" > + <div id="total"> + <header> + <div id="headerrow"> + <div class="row"> + <div class="col-sm-4"> + <div id="logodiv" style="text-align:center" class="nowarning"> + <svg role="img" aria-labelledby="pfsense-logo" x="0px" y="0px" viewBox="0 0 282.8 84.2" width="240" height="100%"> + <title id="pfsense-logo-svg">pfSense Logo</title> + <style type="text/css"> + .logo-st0{fill:#2B40B5;} + .logo-st1{fill:#1475CF;} + .logo-st2{fill:#1C1275;} + </style> + <path class="logo-st0" d="M27.8,57.7c2.9,0,5.4-0.9,7.5-2.6c2.1-1.7,3.6-4,4.4-6.8c0.8-2.8,0.6-5.1-0.5-6.8c-1.1-1.7-3.2-2.6-6.1-2.6 c-2.9,0-5.4,0.9-7.5,2.6c-2.1,1.7-3.5,4-4.3,6.8c-0.8,2.8-0.7,5.1,0.5,6.8C22.8,56.9,24.8,57.7,27.8,57.7"/> + <path class="logo-st0" d="M115.1,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C117.7,48.6,116.5,47.4,115.1,46.6"/> + <path class="logo-st0" d="M156.3,34.1c-1.5-1.7-3.3-3-5.5-3.9c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9 c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9 c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3 c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H161v-3.6c0-3-0.4-5.6-1.2-8C159,37.9,157.8,35.8,156.3,34.1 M134.3,44.1 c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6c2.1,0,3.8,0.7,5.1,2.1 c1.3,1.4,2,3,1.9,5H134.3z"/> + <path class="logo-st0" d="M198.3,33.8c-1-1.6-2.4-2.8-4.2-3.7c-1.8-0.9-4.1-1.3-7-1.3c-1.4,0-2.7,0.2-3.8,0.5c-1.2,0.4-2.2,0.8-3.1,1.4 c-0.9,0.6-1.7,1.2-2.4,1.9c-0.7,0.7-1.2,1.4-1.5,2.1H176v-5.1h-11v37.2h11.5V48.4c0-1.2,0.1-2.4,0.2-3.5c0.2-1.1,0.5-2.1,1-3 c0.5-0.9,1.2-1.6,2.1-2.1c0.9-0.5,2.1-0.8,3.6-0.8c1.5,0,2.6,0.3,3.4,0.9c0.8,0.6,1.4,1.4,1.8,2.4c0.4,1,0.6,2,0.7,3.2 c0.1,1.1,0.1,2.3,0.1,3.3v18.2h11.5V46.4c0-2.5-0.2-4.8-0.5-7C199.9,37.3,199.3,35.4,198.3,33.8"/> + <path class="logo-st0" d="M231.5,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C234.1,48.6,232.9,47.4,231.5,46.6"/> + <path class="logo-st0" d="M277.4,51.9v-4.2c-0.1-2.7-0.5-5.2-1.2-7.4c-0.8-2.4-2-4.5-3.5-6.2c-1.5-1.7-3.3-3-5.5-3.9 c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8 c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9 c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H277.4 z M250.7,44.1c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6 c2.1,0,3.8,0.7,5.1,2.1c1.3,1.4,2,3,1.9,5H250.7z"/> + <path class="logo-st1" d="M52.6,38.9l2.6-9.2h4.6l1.8-6.6c0.6-2,1.3-4,2.2-5.8c0.8-1.8,2-3.4,3.4-4.8c1.4-1.4,3.2-2.5,5.3-3.3 c2.1-0.8,4.8-1.2,7.9-1.2c0.8,0,1.5,0,2.3,0.1c-0.7-2.9-3.3-5-6.3-5.1H11.9c-3.6,0-6.5,3-6.5,6.6V67l10.5-37.3h10.6l-1.4,4.9h0.2 c0.6-0.7,1.4-1.3,2.4-2c1-0.7,2-1.3,3.1-1.9c1.1-0.6,2.3-1,3.6-1.4c1.3-0.4,2.6-0.5,3.9-0.5c2.8,0,5.1,0.5,7.1,1.4 c2,0.9,3.5,2.3,4.7,4c1,1.5,1.6,3.3,1.9,5.4l0.8-0.6H52.6z"/> + <path class="logo-st2" d="M82.1,17.9c-0.5-0.1-1.1-0.2-1.8-0.2c-1.8,0-3.3,0.4-4.5,1.2c-1.1,0.8-2.1,2.4-2.8,4.9l-1.7,5.9h6.5l1.6,5.1 l-4.2,4.1h-6.5l-7.9,28H49.4l7.9-28h-4.4L52,39.5c0,0.2,0.1,0.5,0.1,0.7c0.2,2.3-0.1,4.9-0.9,7.7c-0.7,2.6-1.8,5.1-3.3,7.5 c-1.5,2.4-3.2,4.5-5.1,6.3c-2,1.8-4.2,3.3-6.6,4.4c-2.4,1.1-4.9,1.6-7.6,1.6c-2.4,0-4.5-0.4-6.4-1.1c-1.9-0.7-3.2-2-4-3.8h-0.2 l-5,17.7h63.3c3.6,0,6.6-2.9,6.6-6.6V18.2C82.6,18.1,82.3,18,82.1,17.9"/> + <path class="logo-st0" d="M277.6,68.5h0.8c0.4,0,0.6-0.1,0.7-0.2c0.1-0.1,0.2-0.2,0.2-0.4c0-0.1,0-0.2-0.1-0.3c-0.1-0.1-0.1-0.2-0.3-0.2 c-0.1,0-0.3-0.1-0.6-0.1h-0.7V68.5z M277,70.6v-3.8h1.3c0.5,0,0.8,0,1,0.1c0.2,0.1,0.4,0.2,0.5,0.4c0.1,0.2,0.2,0.4,0.2,0.6 c0,0.3-0.1,0.5-0.3,0.7c-0.2,0.2-0.5,0.3-0.8,0.3c0.1,0.1,0.2,0.1,0.3,0.2c0.2,0.2,0.3,0.4,0.6,0.8l0.5,0.7h-0.8l-0.3-0.6 c-0.3-0.5-0.5-0.8-0.6-0.9c-0.1-0.1-0.3-0.1-0.5-0.1h-0.4v1.6H277z M278.6,65.7c-0.5,0-1,0.1-1.5,0.4c-0.5,0.3-0.8,0.6-1.1,1.1 c-0.3,0.5-0.4,1-0.4,1.5c0,0.5,0.1,1,0.4,1.5c0.3,0.5,0.6,0.8,1.1,1.1c0.5,0.3,1,0.4,1.5,0.4c0.5,0,1-0.1,1.5-0.4 c0.5-0.3,0.8-0.6,1.1-1.1c0.3-0.5,0.4-1,0.4-1.5c0-0.5-0.1-1-0.4-1.5c-0.3-0.5-0.6-0.8-1.1-1.1C279.6,65.8,279.1,65.7,278.6,65.7z M278.6,65.1c0.6,0,1.2,0.2,1.8,0.5c0.6,0.3,1,0.7,1.3,1.3c0.3,0.6,0.5,1.2,0.5,1.8c0,0.6-0.2,1.2-0.5,1.8c-0.3,0.6-0.8,1-1.3,1.3 c-0.6,0.3-1.2,0.5-1.8,0.5c-0.6,0-1.2-0.2-1.8-0.5c-0.6-0.3-1-0.8-1.3-1.3c-0.3-0.6-0.5-1.2-0.5-1.8c0-0.6,0.2-1.2,0.5-1.8 c0.3-0.6,0.8-1,1.3-1.3C277.4,65.2,278,65.1,278.6,65.1z"/> + </svg> + </div> + </div> + <div class="col-sm-8 nowarning msgbox text-center"> + <span id="hostspan"> + </span> + </div> + </div> + </div> + </header> + + <div style="background: <?=$logincssfile?>;" class="pagebody"> + <div class="col-sm-2"></div> + + <div class="col-sm-8 offset-md-4 logoCol"> + <div class="loginCont center-block error-panel"> + <a href="index.php?logout"><?=$desc;?></a> + </div> + </div> + + <div class="col-sm-2"></div> </div> + + <footer id="3"> + <div id="footertext"> + <p class="text-muted"> + <a target="_blank" href="https://www.pfsense.org/?gui=bootstrap">pfSense</a> is © + 2004 - 2017 by <a href="https://pfsense.org/license" class="tblnk">Rubicon Communications, LLC (Netgate)</a>. All Rights Reserved. + [<a href="/license.php" class="tblnk">view license</a>] + </p> + </div> + </footer> </div> - </div> -</body> + </body> </html> + + <?php } // end function @@ -252,74 +297,122 @@ if (isset($user_settings['webgui']['webguicss'])) { } } +$logincssfile = "#1e3f75"; + +if (isset($user_settings['webgui']['logincss']) && strlen($user_settings['webgui']['logincss']) == 6) { + $logincssfile = "#" . $user_settings['webgui']['logincss']; +} + if (isset($config['system']['webgui']['loginshowhost'])) { -$hoststr = sprintf(gettext(" on %s.%s"), htmlspecialchars($config['system']['hostname']), htmlspecialchars($config['system']['domain'])); + $loginbannerstr = sprintf(gettext('%1$s.%2$s'), htmlspecialchars($config['system']['hostname']), htmlspecialchars($config['system']['domain'])); } else { - $hoststr = ""; + $loginbannerstr = sprintf(gettext('Login to %1$s'), $g['product_name']); } +$loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"'; + +if (is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) { + $warnclass = "pagebodywarn"; // Make room for a warning display row +} else { + $warnclass = "pagebody"; +} + + ?> <!DOCTYPE html> <html lang="en"> -<head> - <meta name="viewport" content="width=device-width, initial-scale=1"> - <link rel="stylesheet" href="<?=$cssfile?>" /> - <title><?=gettext("Login"); ?></title> - <script type="text/javascript"> - //<![CDATA{ - var events = events || []; - //]]> - </script> -</head> -<body id="login" class="no-menu"> - <div id="jumbotron"> - <div class="container"> - <div class="col-sm-offset-3 col-sm-6 col-xs-12"> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <link rel="stylesheet" href="/vendor/bootstrap/css/bootstrap.min.css" type="text/css"> + <link rel="stylesheet" href="/css/login.css" type="text/css"> + <title><?=gettext("Login"); ?></title> + <script type="text/javascript"> + //<![CDATA{ + var events = events || []; + //]]> + </script> + </head> + + <body id="login" > + <div id="total"> + <header> + <div id="headerrow"> + <div class="row"> + <div class="col-sm-4"> + <div id="logodiv" style="text-align:center" class="nowarning"> + <svg role="img" aria-labelledby="pfsense-logo" x="0px" y="0px" viewBox="0 0 282.8 84.2" width="240" height="100%"> + <title id="pfsense-logo-svg">pfSense Logo</title> + <style type="text/css"> + .logo-st0{fill:#2B40B5;} + .logo-st1{fill:#1475CF;} + .logo-st2{fill:#1C1275;} + </style> + <path class="logo-st0" d="M27.8,57.7c2.9,0,5.4-0.9,7.5-2.6c2.1-1.7,3.6-4,4.4-6.8c0.8-2.8,0.6-5.1-0.5-6.8c-1.1-1.7-3.2-2.6-6.1-2.6 c-2.9,0-5.4,0.9-7.5,2.6c-2.1,1.7-3.5,4-4.3,6.8c-0.8,2.8-0.7,5.1,0.5,6.8C22.8,56.9,24.8,57.7,27.8,57.7"/> + <path class="logo-st0" d="M115.1,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C117.7,48.6,116.5,47.4,115.1,46.6"/> + <path class="logo-st0" d="M156.3,34.1c-1.5-1.7-3.3-3-5.5-3.9c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9 c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9 c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3 c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H161v-3.6c0-3-0.4-5.6-1.2-8C159,37.9,157.8,35.8,156.3,34.1 M134.3,44.1 c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6c2.1,0,3.8,0.7,5.1,2.1 c1.3,1.4,2,3,1.9,5H134.3z"/> + <path class="logo-st0" d="M198.3,33.8c-1-1.6-2.4-2.8-4.2-3.7c-1.8-0.9-4.1-1.3-7-1.3c-1.4,0-2.7,0.2-3.8,0.5c-1.2,0.4-2.2,0.8-3.1,1.4 c-0.9,0.6-1.7,1.2-2.4,1.9c-0.7,0.7-1.2,1.4-1.5,2.1H176v-5.1h-11v37.2h11.5V48.4c0-1.2,0.1-2.4,0.2-3.5c0.2-1.1,0.5-2.1,1-3 c0.5-0.9,1.2-1.6,2.1-2.1c0.9-0.5,2.1-0.8,3.6-0.8c1.5,0,2.6,0.3,3.4,0.9c0.8,0.6,1.4,1.4,1.8,2.4c0.4,1,0.6,2,0.7,3.2 c0.1,1.1,0.1,2.3,0.1,3.3v18.2h11.5V46.4c0-2.5-0.2-4.8-0.5-7C199.9,37.3,199.3,35.4,198.3,33.8"/> + <path class="logo-st0" d="M231.5,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C234.1,48.6,232.9,47.4,231.5,46.6"/> + <path class="logo-st0" d="M277.4,51.9v-4.2c-0.1-2.7-0.5-5.2-1.2-7.4c-0.8-2.4-2-4.5-3.5-6.2c-1.5-1.7-3.3-3-5.5-3.9 c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8 c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9 c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H277.4 z M250.7,44.1c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6 c2.1,0,3.8,0.7,5.1,2.1c1.3,1.4,2,3,1.9,5H250.7z"/> + <path class="logo-st1" d="M52.6,38.9l2.6-9.2h4.6l1.8-6.6c0.6-2,1.3-4,2.2-5.8c0.8-1.8,2-3.4,3.4-4.8c1.4-1.4,3.2-2.5,5.3-3.3 c2.1-0.8,4.8-1.2,7.9-1.2c0.8,0,1.5,0,2.3,0.1c-0.7-2.9-3.3-5-6.3-5.1H11.9c-3.6,0-6.5,3-6.5,6.6V67l10.5-37.3h10.6l-1.4,4.9h0.2 c0.6-0.7,1.4-1.3,2.4-2c1-0.7,2-1.3,3.1-1.9c1.1-0.6,2.3-1,3.6-1.4c1.3-0.4,2.6-0.5,3.9-0.5c2.8,0,5.1,0.5,7.1,1.4 c2,0.9,3.5,2.3,4.7,4c1,1.5,1.6,3.3,1.9,5.4l0.8-0.6H52.6z"/> + <path class="logo-st2" d="M82.1,17.9c-0.5-0.1-1.1-0.2-1.8-0.2c-1.8,0-3.3,0.4-4.5,1.2c-1.1,0.8-2.1,2.4-2.8,4.9l-1.7,5.9h6.5l1.6,5.1 l-4.2,4.1h-6.5l-7.9,28H49.4l7.9-28h-4.4L52,39.5c0,0.2,0.1,0.5,0.1,0.7c0.2,2.3-0.1,4.9-0.9,7.7c-0.7,2.6-1.8,5.1-3.3,7.5 c-1.5,2.4-3.2,4.5-5.1,6.3c-2,1.8-4.2,3.3-6.6,4.4c-2.4,1.1-4.9,1.6-7.6,1.6c-2.4,0-4.5-0.4-6.4-1.1c-1.9-0.7-3.2-2-4-3.8h-0.2 l-5,17.7h63.3c3.6,0,6.6-2.9,6.6-6.6V18.2C82.6,18.1,82.3,18,82.1,17.9"/> + <path class="logo-st0" d="M277.6,68.5h0.8c0.4,0,0.6-0.1,0.7-0.2c0.1-0.1,0.2-0.2,0.2-0.4c0-0.1,0-0.2-0.1-0.3c-0.1-0.1-0.1-0.2-0.3-0.2 c-0.1,0-0.3-0.1-0.6-0.1h-0.7V68.5z M277,70.6v-3.8h1.3c0.5,0,0.8,0,1,0.1c0.2,0.1,0.4,0.2,0.5,0.4c0.1,0.2,0.2,0.4,0.2,0.6 c0,0.3-0.1,0.5-0.3,0.7c-0.2,0.2-0.5,0.3-0.8,0.3c0.1,0.1,0.2,0.1,0.3,0.2c0.2,0.2,0.3,0.4,0.6,0.8l0.5,0.7h-0.8l-0.3-0.6 c-0.3-0.5-0.5-0.8-0.6-0.9c-0.1-0.1-0.3-0.1-0.5-0.1h-0.4v1.6H277z M278.6,65.7c-0.5,0-1,0.1-1.5,0.4c-0.5,0.3-0.8,0.6-1.1,1.1 c-0.3,0.5-0.4,1-0.4,1.5c0,0.5,0.1,1,0.4,1.5c0.3,0.5,0.6,0.8,1.1,1.1c0.5,0.3,1,0.4,1.5,0.4c0.5,0,1-0.1,1.5-0.4 c0.5-0.3,0.8-0.6,1.1-1.1c0.3-0.5,0.4-1,0.4-1.5c0-0.5-0.1-1-0.4-1.5c-0.3-0.5-0.6-0.8-1.1-1.1C279.6,65.8,279.1,65.7,278.6,65.7z M278.6,65.1c0.6,0,1.2,0.2,1.8,0.5c0.6,0.3,1,0.7,1.3,1.3c0.3,0.6,0.5,1.2,0.5,1.8c0,0.6-0.2,1.2-0.5,1.8c-0.3,0.6-0.8,1-1.3,1.3 c-0.6,0.3-1.2,0.5-1.8,0.5c-0.6,0-1.2-0.2-1.8-0.5c-0.6-0.3-1-0.8-1.3-1.3c-0.3-0.6-0.5-1.2-0.5-1.8c0-0.6,0.2-1.2,0.5-1.8 c0.3-0.6,0.8-1,1.3-1.3C277.4,65.2,278,65.1,278.6,65.1z"/> + </svg> + </div> + </div> + <div class="col-sm-8 nowarning msgbox text-center"> + <span id="hostspan"> + <a><h4><?=$loginbannerstr?></h4></a> + </span> + </div> + </div> <?php - if (is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) { - $nifty_background = "#999"; - print_info_box(gettext("The IP address being used to access this router is not configured locally, which may be forwarded by NAT or other means. <br /><br />If this forwarding is unexpected, it should be verified that a man-in-the-middle attack is not taking place.")); - } - - $loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"'; + if ($warnclass == "pagebodywarn") { ?> - - <div class="panel panel-default"> - <div class="panel-heading"> - <h2 class="panel-title"><?=sprintf(gettext("Login to %s %s"), $g['product_name'], $hoststr)?></h2> - </div> - - <div class="panel-body"> -<?php if (!empty($_SESSION['Login_Error'])): ?> - <div class="alert alert-danger" role="alert"><?=$_SESSION['Login_Error'];?></div> -<?php endif ?> - <div class="alert alert-warning hidden" id="no_cookies"><?= gettext("The browser must support cookies to login."); ?></div> - - <form method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>" class="form-horizontal"> - <div class="form-group"> - <label for="usernamefld" class="col-sm-3 control-label"><?=gettext("Username")?></label> - <div class="col-sm-9 col-md-7"> - <input type="text" class="form-control" name="usernamefld" id="usernamefld" placeholder="<?=gettext("Enter your username")?>" autocorrect="off" autocapitalize="none" spellcheck="false"> - </div> - </div> - - <div class="form-group"> - <label for="passwordfld" class="col-sm-3 control-label"><?=gettext("Password")?></label> - <div class="col-sm-9 col-md-7"> - <input type="password" class="form-control" name="passwordfld" id="passwordfld" placeholder="<?=gettext("Enter your password")?>"> - </div> - </div> - - <div class="form-group"> - <div class="col-sm-offset-3 col-sm-9 col-md-7"> - <button type="submit" class="btn btn-primary" name="login"><?=gettext("Login")?></button> - </div> + <div class="row"> + <div class="col-sm-12"> + <div class="alert alert-warning <?=$warnclass?>"> + <?=gettext("The IP address being used to access this router is not configured locally, which may be forwarded by NAT or other means. + If this forwarding is unexpected, it should be verified that a man-in-the-middle attack is not taking place.")?> </div> - </form> + </div> </div> - </div> - </div> - </div> +<?php + } +?> + </div> + </header> + + <div style="background: <?=$logincssfile?>;" class="<?=$warnclass?>"> + <div class="col-sm-4"></div> + + <div class="col-sm-4 offset-md-4 logoCol"> + <div class="loginCont center-block"> + <form method="post" <?=$loginautocomplete?> class="login"> + <p class="form-title">Sign In</p> + <input name="usernamefld" id="usernamefld" type="text" placeholder="Username" autocorrect="off" autocapitalize="none"/> + <input name="passwordfld" id="passwordfld" type="password" placeholder="Password" /> + <input type="submit" name="login" value="Sign In" class="btn btn-success btn-sm" /> + </form> + </div> + </div> + + <div class="col-sm-4"></div> + </div> + + <footer id="3"> + <div id="footertext"> + <p class="text-muted"> + <a target="_blank" href="https://www.pfsense.org/?gui=bootstrap">pfSense</a> is © + 2004 - 2017 by <a href="https://pfsense.org/license" class="tblnk">Rubicon Communications, LLC (Netgate)</a>. All Rights Reserved. + [<a href="/license.php" class="tblnk">view license</a>] + </p> + </div> + </footer> + </div> + + <script src="/vendor/jquery/jquery-1.12.0.min.js?v=<?=filemtime('/usr/local/www/vendor/jquery/jquery-1.12.0.min.js')?>"></script> + <script src="/vendor/bootstrap/js/bootstrap.min.js?v=<?=filemtime('/usr/local/www/vendor/bootstrap/js/bootstrap.min.js')?>"></script> + <script src="/js/pfSense.js?v=<?=filemtime('/usr/local/www/js/pfSense.js')?>"></script> <script type="text/javascript"> //!<[CDATA[ @@ -328,17 +421,18 @@ $hoststr = sprintf(gettext(" on %s.%s"), htmlspecialchars($config['system']['hos "cookie_test=1" + "<?php echo $config['system']['webgui']['protocol'] == 'https' ? '; secure' : '';?>"; - if (document.cookie.indexOf("cookie_test") == -1) - document.getElementById("no_cookies").style.display=""; - else - document.getElementById("no_cookies").style.display="none"; + if (document.cookie.indexOf("cookie_test") == -1) { + alert("<?=gettext('The browser must support cookies to login.')?>"); + } // Delete it document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT"; }); //]]> </script> -<?php -require_once('foot.inc'); + </body> +</html> + +<?php } // end function diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index c18839e..bd71e95 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -2276,7 +2276,7 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri $safe_username = SQLite3::escapeString($username); /* encode password in Base64 just in case it contains commas */ - $bpassword = base64_encode($password); + $bpassword = (isset($config['captiveportal'][$cpzone]['reauthenticate'])) ? base64_encode($password) : ''; $insertquery = "INSERT INTO captiveportal (allow_time, pipeno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time, interim_interval, radiusctx) "; $insertquery .= "VALUES ({$allow_time}, {$pipeno}, '{$clientip}', '{$clientmac}', '{$safe_username}', '{$sessionid}', '{$bpassword}', "; $insertquery .= "{$session_timeout}, {$idle_timeout}, {$session_terminate_time}, {$interim_interval}, '{$radiusctx}')"; diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 5bafa65..e0f5646 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -438,9 +438,6 @@ function convert_config() { } } } - if ($config['version'] == $g['latest_config']) { - return; /* already at latest version */ - } // Save off config version $prev_version = $config['version']; @@ -450,17 +447,37 @@ function convert_config() { if (file_exists("/etc/inc/upgrade_config_custom.inc")) { include_once("upgrade_config_custom.inc"); } + + if ($config['version'] == $g['latest_config']) { + additional_config_upgrade(); + return; /* already at latest version */ + } + + if (!is_array($config['system']['already_run_config_upgrade'])) { + $config['system']['already_run_config_upgrade'] = array(); + } + $already_run = $config['system']['already_run_config_upgrade']; + /* Loop and run upgrade_VER_to_VER() until we're at current version */ while ($config['version'] < $g['latest_config']) { $cur = $config['version'] * 10; $next = $cur + 1; - $migration_function = sprintf('upgrade_%03d_to_%03d', $cur, $next); - if (function_exists($migration_function)) { - $migration_function(); - } - $migration_function = "{$migration_function}_custom"; - if (function_exists($migration_function)) { - $migration_function(); + $migration_function = sprintf('upgrade_%03d_to_%03d', $cur, + $next); + + foreach (array("", "_custom") as $suffix) { + $migration_function .= $suffix; + if (!function_exists($migration_function)) { + continue; + } + if (isset($already_run[$migration_function])) { + /* Already executed, skip now */ + unset($config['system'] + ['already_run_config_upgrade'] + [$migration_function]); + } else { + $migration_function(); + } } $config['version'] = sprintf('%.1f', $next / 10); if (platform_booting()) { @@ -468,12 +485,14 @@ function convert_config() { } } - $now = date("H:i:s"); - log_error(sprintf(gettext("Ended Configuration upgrade at %s"), $now)); - if ($prev_version != $config['version']) { + $now = date("H:i:s"); + log_error(sprintf(gettext("Ended Configuration upgrade at %s"), $now)); + write_config(sprintf(gettext('Upgraded config version level from %1$s to %2$s'), $prev_version, $config['version'])); } + + additional_config_upgrade(); } /****f* config/safe_write_file @@ -560,6 +579,16 @@ function write_config($desc="Unknown", $backup = true, $write_config_only = fals session_commit(); } + if (isset($config['reset_factory_defaults'])) { + /* + We have put a default config.xml on disk and are about to reboot + or reload it. Do not let any system or package code try to save + state to config because that would overwrite the default config + with the running config. + */ + return false; + } + if ($backup) { backup_config(); } @@ -634,7 +663,7 @@ function write_config($desc="Unknown", $backup = true, $write_config_only = fals * integer - indicates completion ******/ function reset_factory_defaults($lock = false, $reboot_required = true) { - global $g; + global $config, $g; conf_mount_rw(); @@ -666,6 +695,17 @@ function reset_factory_defaults($lock = false, $reboot_required = true) { disable_security_checks(); + /* + Let write_config know that we are awaiting reload of the current config + to factory defaults. Either the system is about to reboot, throwing away + the current in-memory config as it shuts down, or the in-memory config + is about to be reloaded on-the-fly by parse_config. + + In both cases, we want to ensure that write_config does not flush the + in-memory config back to disk. + */ + $config['reset_factory_defaults'] = true; + /* call the wizard */ if ($reboot_required) { // If we need a reboot first then touch a different trigger file. diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index fe8d9b9..1271a3f 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -92,6 +92,7 @@ * - All-Inkl (all-inkl.com) * - DuiaDNS (www.duiadns.net) * - DuiaDNS IPv6 (www.duiadns.net) + * - Hover (www.hover.com) * +----------------------------------------------------+ * Requirements: * - PHP version 4.0.2 or higher with the CURL Library and the PCRE Library @@ -145,6 +146,7 @@ * All-Inkl - Last Tested: 12 November 2016 * DuiaDNS - Last Tested: 25 November 2016 * DuiaDNS IPv6 - Last Tested: 25 November 2016 + * Hover - Last Tested: 15 February 2017 * +====================================================+ * * @author E.Kristensen @@ -242,6 +244,7 @@ case "cloudflare-v6": case "cloudflare": case "gratisdns": + case "hover": if (!$dnsUser) $this->_error(3); if (!$dnsPass) $this->_error(4); if (!$dnsHost) $this->_error(5); @@ -351,6 +354,7 @@ case 'spdyn': case 'spdyn-v6': case 'all-inkl': + case 'hover': $this->_update(); if ($this->_dnsDummyUpdateDone == true) { // If a dummy update was needed, then sleep a while and do the update again to put the proper address back. @@ -583,8 +587,9 @@ break; case 'loopia': $needsIP = TRUE; + if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON"; curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); - curl_setopt($ch, CURLOPT_URL, 'https://dns.loopia.se/XDynDNSServer/XDynDNS.php?hostname='.$this->_dnsHost.'&myip='.$this->_dnsIP); + curl_setopt($ch, CURLOPT_URL, 'https://dns.loopia.se/XDynDNSServer/XDynDNS.php?hostname='.$this->_dnsHost.'&myip='.$this->_dnsIP.'&wildcard='.$this->_dnsWildcard); break; case 'opendns': $needsIP = FALSE; @@ -852,6 +857,52 @@ curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_URL, $server . 'myip=' . $this->_dnsIP); break; + case 'hover': + $needsIP = FALSE; + $port = ""; + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + + //step 1: login to API + $post_data['username'] = $this->_dnsUser; + $post_data['password'] = $this->_dnsPass; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/login"); + curl_setopt($ch, CURLOPT_HEADER, 1); //return the full headers to extract the cookies + $output = curl_exec($ch); + + //extract the cookies + preg_match_all("/^Set-cookie: (.*?);/ism", $output, $cookies); + if( count($cookies[1]) > 0 ){ + $cookie_data = implode("; ",$cookies[1]); + } + + //step 2: find the id of the A record + $post_data = null; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_COOKIE, $cookie_data); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns"); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); + + $output = curl_exec($ch); + preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{\"id\":\"([^\"]*?)\",\"name\":\"{$this->_dnsHost}\".*?\$/", $output, $hostID); + $hostID = $hostID[1]; + preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{[^\}]*?\"name\":\"{$this->_dnsHost}\".*?content\":\"([^\"]*?)\".*?\$/", $output, $hostIP); + $hostIP = $hostIP[1]; + + //step 3: update the IP + if ($hostID) { + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + curl_setopt($ch, CURLOPT_COOKIE, $cookie_data); + $post_data['content'] = $this->_dnsIP; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns/{$hostID}"); + log_error("HostID:{$hostID}, OldIP:{$hostIP}"); + } + break; default: break; } @@ -1516,6 +1567,16 @@ $this->_debug($header); } break; + case 'hover': + if (preg_match('/succeeded":true/i', $data)) { + $status = $status_intro . $success_str . gettext("IP Address Changed Successfully!") . " (" . $this->_dnsIP . ")"; + $successful_update = true; + } else { + $status = $status_intro . "(" . gettext("Unknown Response") . ")"; + log_error($status_intro . gettext("PAYLOAD:") . " " . $data); + $this->_debug($data); + } + break; } if ($successful_update == true) { diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 96669b4..dac5afa 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -591,10 +591,7 @@ function filter_generate_scrubing() { } /* set up MSS clamping */ if (($scrubcfg['mss'] <> "") && - (is_numeric($scrubcfg['mss'])) && - ($scrubcfg['if'] != "pppoe") && - ($scrubcfg['if'] != "pptp") && - ($scrubif['if'] != "l2tp")) { + (is_numeric($scrubcfg['mss']))) { $mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40)); } else { $mssclamp = ""; @@ -2759,6 +2756,12 @@ function filter_generate_user_rule($rule) { return "# {$error_text}"; } } + + /* Work around broken wizard rules. See https://redmine.pfsense.org/issues/7434 */ + if ($rule['destination']['port'] == "137-139-137-139") { + $rule['destination']['port'] = "137-139"; + } + if ($rule['destination']['port'] && !is_port_or_range(str_replace("-", ":", $rule['destination']['port']))) { $error_text = ""; diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index f876896..160453d 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -146,11 +146,11 @@ if (file_exists("/etc/platform")) { } else { $g['default_config_backup_count'] = 30; } -} else { - // shouldn't happen but "just in case" no platform were detected - $g['platform'] = 'undetected'; - $g['default_config_backup_count'] = 30; -} +} else { + // shouldn't happen but "just in case" no platform were detected + $g['platform'] = 'undetected'; + $g['default_config_backup_count'] = 30; +} if (file_exists("{$g['etc_path']}/default-config-flavor")) { @@ -217,6 +217,10 @@ if (file_exists("/etc/inc/globals_override.inc")) { /* Read all XML files in following dir and load menu entries */ $g["ext_menu_path"] = "/usr/local/share/{$g['product_name']}/menu"; +/* Cache file used to store pfSense version */ +$g["version_cache_file"] = "{$g['varrun_path']}/{$g['product_name']}_version"; +$g['version_cache_refresh'] = 2 * 60 * 60; /* 2h */ + function platform_booting($on_console = false) { global $g; diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 67c2a04..28e15b5 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -70,6 +70,27 @@ function interfaces_bring_up($interface) { } /* + * Validate comma-separated list of IPv4 addresses + */ +function validate_ipv4_list($value) { + $value = trim($value); + + if (empty($value)) { + return false; + } + + $list = explode(',', $value); + + foreach ($list as $ip) { + if (!is_ipaddrv4($ip)) { + return false; + } + } + + return true; +} + +/* * Return the interface array */ function get_interface_arr($flush = false) { @@ -2248,7 +2269,9 @@ function interface_proxyarp_configure($interface = "") { if (!is_ipaddr($paaifip)) { return; } - $args = get_real_interface($interface) . " auto"; + $vipif = get_real_interface($interface); + $args = "-p {$g['varrun_path']}/choparp_{$vipif}.pid "; + $args .= $vipif . " auto"; foreach ($paa[$interface] as $paent) { if (isset($paent['subnet'])) { $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); @@ -2264,7 +2287,9 @@ function interface_proxyarp_configure($interface = "") { if (!is_ipaddr($paaifip)) { continue; } - $args = get_real_interface($paif) . " auto"; + $vipif = get_real_interface($paif); + $args = "-p {$g['varrun_path']}/choparp_{$vipif}.pid "; + $args .= $vipif . " auto"; foreach ($paents as $paent) { if (isset($paent['subnet'])) { $args .= " " . escapeshellarg("{$paent['subnet']}/{$paent['subnet_bits']}"); @@ -3243,17 +3268,24 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); } - $mac = get_interface_mac($realhwif); + /* Get the vendor MAC. Use source dependent upon whether or not booting. */ + $current_mac = get_interface_mac($realhwif); + if (platform_booting()) { + $vendor_mac = $current_mac; + } else { + $vendor_mac = get_interface_vendor_mac($realhwif); + } + $mac_addr = $wancfg['spoofmac'] ?: $vendor_mac; /* - * Don't try to reapply the spoofed MAC if it's already applied. + * Don't try to reapply the MAC if it's already applied. * When ifconfig link is used, it cycles the interface down/up, which triggers - * the interface config again, which attempts to spoof the MAC again, + * the interface config again, which attempts to apply the MAC again, * which cycles the link again... */ - if ($wancfg['spoofmac'] && ($wancfg['spoofmac'] != $mac)) { + if (!empty($mac_addr) && ($mac_addr != $current_mac)) { mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . - " link " . escapeshellarg($wancfg['spoofmac'])); - } elseif ($mac == "ff:ff:ff:ff:ff:ff") { + " link " . escapeshellarg($mac_addr)); + } elseif ($current_mac == "ff:ff:ff:ff:ff:ff") { /* this is not a valid mac address. generate a * temporary mac address so the machine can get online. */ @@ -3933,7 +3965,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { if (!isset($wancfg['dhcp6prefixonly'])) { $dhcp6cconf .= "\tsend ia-na 0;\t# request stateful address\n"; } - if (is_numeric($wancfg['dhcp6-ia-pd-len']) && !empty($trackiflist)) { + if (is_numeric($wancfg['dhcp6-ia-pd-len'])) { $dhcp6cconf .= "\tsend ia-pd 0;\t# request prefix delegation\n"; } @@ -4263,7 +4295,7 @@ initial-interval 1; script "/sbin/dhclient-script"; EOD; - if (is_ipaddrv4($wancfg['dhcprejectfrom'])) { + if (validate_ipv4_list($wancfg['dhcprejectfrom'])) { $dhclientconf .= <<<EOD reject {$wancfg['dhcprejectfrom']}; @@ -5826,11 +5858,15 @@ function get_interface_mtu($interface) { } function get_interface_mac($interface) { - $macinfo = pfSense_get_interface_addresses($interface); return $macinfo["macaddr"]; } +function get_interface_vendor_mac($interface) { + $macinfo = pfSense_get_interface_addresses($interface); + return $macinfo["hwaddr"] ?: ''; +} + /****f* pfsense-utils/generate_random_mac_address * NAME * generate_random_mac - generates a random mac address diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index ff3ab16..17b1c02 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1815,7 +1815,7 @@ function openvpn_gen_route_ipv4($network, $iroute = false) { function openvpn_gen_route_ipv6($network, $iroute = false) { $i = ($iroute) ? "i" : ""; list($ipv6, $prefix) = explode('/', trim($network)); - if (empty($prefix)) { + if (empty($prefix) && !is_numeric($prefix)) { $prefix = "128"; } return "{$i}route-ipv6 ${ipv6}/${prefix}"; diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 0eeb25a..589f4b4 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -418,6 +418,47 @@ function gen_requirestatefilter_field(&$section, $value) { 'before the states are displayed. Useful for systems with large state tables.'); } +/****f* pfsense-utils/gen_created_updated_fields + * NAME + * gen_created_updated_fields + * INPUTS + * Pointer to form object + * Array of created time and username + * Array of updated time and username + * RESULT + * no return value, section object is added to form if needed + ******/ +function gen_created_updated_fields(&$form, $created, $updated) { + $has_created_time = (isset($created['time']) && isset($created['username'])); + $has_updated_time = (isset($updated['time']) && isset($updated['username'])); + + if ($has_created_time || $has_updated_time) { + $section = new Form_Section('Rule Information'); + + if ($has_created_time) { + $section->addInput(new Form_StaticText( + 'Created', + sprintf( + gettext('%1$s by %2$s'), + date(gettext("n/j/y H:i:s"), $created['time']), + $created['username']) + )); + } + + if ($has_updated_time) { + $section->addInput(new Form_StaticText( + 'Updated', + sprintf( + gettext('%1$s by %2$s'), + date(gettext("n/j/y H:i:s"), $updated['time']), + $updated['username']) + )); + } + + $form->add($section); + } +} + function hardware_offloading_applyflags($iface) { global $config; @@ -699,7 +740,7 @@ function get_carp_interface_status($carpid) { $vhid = $vip['vhid']; $carp_query = ''; - $_gb = exec("/sbin/ifconfig $interface | /usr/bin/grep carp: | /usr/bin/grep \"vhid $vhid\"", $carp_query); + $_gb = exec("/sbin/ifconfig {$interface} | /usr/bin/grep \"carp:.* vhid {$vhid} \"", $carp_query); foreach ($carp_query as $int) { if (stripos($int, "MASTER")) return "MASTER"; @@ -1933,8 +1974,8 @@ function download_file($url, $destination, $verify_ssl = true, $connect_timeout curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - if (!isset($config['system']['do_not_send_host_uuid'])) { - curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ' : ' . get_single_sysctl('kern.hostuuid')); + if (!isset($config['system']['do_not_send_uniqueid'])) { + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ':' . system_get_uniqueid()); } else { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); } @@ -1988,8 +2029,8 @@ function download_file_with_progress_bar($url, $destination, $verify_ssl = true, curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - if (!isset($config['system']['do_not_send_host_uuid'])) { - curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ' : ' . get_single_sysctl('kern.hostuuid')); + if (!isset($config['system']['do_not_send_uniqueid'])) { + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ':' . system_get_uniqueid()); } else { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); } @@ -2146,6 +2187,37 @@ if (!function_exists("split")) { } } +function update_alias_name($new_alias_name, $orig_alias_name) { + if (!$orig_alias_name) { + return; + } + + // Firewall rules + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name); + // NAT Rules + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $new_alias_name, $orig_alias_name); + // NAT 1:1 Rules + //update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $new_alias_name, $orig_alias_name); + //update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + // NAT Outbound Rules + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('source', 'network'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('sourceport'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('dstport'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('target'), $new_alias_name, $orig_alias_name); + // Alias in an alias + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $new_alias_name, $orig_alias_name); +} + function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) { global $g, $config, $pconfig, $debug; if (!$origname) { diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index a62fda3..b0433d7 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -109,6 +109,11 @@ function pkg_update($force = false) { function pkg_env($extra_env = array()) { global $config, $g; + $user_agent = $g['product_name'] . '/' . $g['product_version']; + if (!isset($config['system']['do_not_send_uniqueid'])) { + $user_agent .= ':' . system_get_uniqueid(); + } + $pkg_env_vars = array( "LANG" => "C", "HTTP_USER_AGENT" => $user_agent, @@ -146,11 +151,6 @@ function pkg_call($params, $mute = false, $extra_env = array()) { return false; } - $user_agent = $g['product_name'] . '/' . $g['product_version']; - if (!isset($config['system']['do_not_send_host_uuid'])) { - $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); - } - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ @@ -231,11 +231,6 @@ function pkg_exec($params, &$stdout, &$stderr, $extra_env = array()) { return -1; } - $user_agent = $g['product_name'] . '/' . $g['product_version']; - if (!isset($config['system']['do_not_send_host_uuid'])) { - $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); - } - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ @@ -372,8 +367,8 @@ function get_package_internal_name($package_data) { } // Get information about packages. -function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $installed_pkgs_only = false) { - +function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, + $installed_pkgs_only = false) { global $g, $input_errors; $out = $err = $extra_param = ''; @@ -410,30 +405,47 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta } if (!$installed_pkgs_only) { - $rc = pkg_exec("search {$extra_param}-R --raw-format json-compact " . $pkgs, $out, $err); + $rc = pkg_exec( + "search {$extra_param}-R --raw-format json-compact " . + $pkgs, $out, $err); } - if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled)) && is_package_installed($pkgs)) { - /* Fall back on pkg info to return locally installed matching pkgs instead, if + if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled)) + && is_pkg_installed($pkgs)) { + /* + * Fall back on pkg info to return locally installed matching + * pkgs instead, if: * * (1) only installed pkgs needed, or - * we tried to check the local catalog copy (implying that we would have accepted incomplete/outdated pkg info) - * but it didn't have any contents, or for other reasons returned an error. + * we tried to check the local catalog copy (implying that + * we would have accepted incomplete/outdated pkg info) + * but it didn't have any contents, or for other reasons + * returned an error. * AND * (2) at least some pkgs matching <pattern> are installed * - * Following an unsuccessful attempt to access a remote repo catalog, the local copy is wiped clear. Thereafter any - * "pkg search" will return an error until online+updated again. If the calling code would have accepted local copy info - * (which could be incomplete/out of date), then it makes sense to fall back on pkg info to at least return the known - * info about installed pkgs (pkg info should still work), instead of failing and returning no info at all. - * For example, this at least enables offline view + management of installed pkgs in GUI/console. + * Following an unsuccessful attempt to access a remote repo + * catalog, the local copy is wiped clear. Thereafter any + * "pkg search" will return an error until online+updated again. + * If the calling code would have accepted local copy info + * (which could be incomplete/out of date), then it makes sense + * to fall back on pkg info to at least return the known + * info about installed pkgs (pkg info should still work), + * instead of failing and returning no info at all. + * For example, this at least enables offline view + management + * of installed pkgs in GUI/console. * - * We skip this step if no matching pkgs are installed, because then pkg info would return a "no matching pkgs" - * RC code, even though this wouldn't be considered an "error" (and $out+$err would be correct empty strings if none match). - * Note that is_package_installed() is a wrapper for pkg info -e <pattern> which is what we need here. + * We skip this step if no matching pkgs are installed, because + * then pkg info would return a "no matching pkgs" RC code, + * even though this wouldn't be considered an "error" (and + * $out+$err would be correct empty strings if none match). + * + * Note that is_pkg_installed() is a wrapper for pkg info -e + * <pattern> which is what we need here. */ // ok, 1 or more packages match, so pkg info can be safely called to get the pkg list - $rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, $out, $err); + $rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, + $out, $err); } if ($lock) { @@ -445,8 +457,10 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta "ERROR: Error trying to get packages list. Aborting...") . "\n"); update_status($err); - $input_errors[] = gettext("ERROR: Error trying to get packages list. Aborting...") . "\n"; - $input_errors[] = $err; + $input_errors[] = gettext( + "ERROR: Error trying to get packages list. Aborting...") . + "\n"; + $input_errors[] = $err; return array(); } @@ -458,7 +472,8 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta continue; } - if (isset($pkg_filter) && !in_array($pkg_info['name'], $pkg_filter)) { + if (isset($pkg_filter) && !in_array($pkg_info['name'], + $pkg_filter)) { continue; } @@ -473,24 +488,29 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta if (is_pkg_installed($pkg_info['name'])) { $pkg_info['installed'] = true; - $rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err); + $rc = pkg_exec("query %v {$pkg_info['name']}", $out, + $err); if ($rc != 0) { update_status("\n" . gettext( "ERROR: Error trying to get package version. Aborting...") . "\n"); update_status($err); - $input_errors[] = gettext("ERROR: Error trying to get package version. Aborting...") . "\n"; - $input_errors[] = $err; + $input_errors[] = gettext( + "ERROR: Error trying to get package version. Aborting...") . + "\n"; + $input_errors[] = $err; return array(); } - $pkg_info['installed_version'] = str_replace("\n", "", $out); + $pkg_info['installed_version'] = str_replace("\n", "", + $out); } else if (is_package_installed($pkg_info['shortname'])) { $pkg_info['broken'] = true; } - $pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', $pkg_info['desc']); + $pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', + $pkg_info['desc']); $result[] = $pkg_info; unset($pkg_info); @@ -517,12 +537,7 @@ function register_all_installed_packages() { $pkg_info = get_pkg_info('all', true, true); - foreach ($pkg_info as $pkg) { - if (!isset($pkg['installed'])) { - continue; - } - pkg_remove_prefix($pkg['name']); if (is_package_installed($pkg['name'])) { @@ -866,11 +881,6 @@ function install_package_xml($package_name) { return false; } - /* set up package logging streams */ - if ($pkg_info['logging']) { - system_syslogd_start(); - } - update_status(gettext("Writing configuration... ")); write_config($changedesc); log_error(sprintf(gettext("Successfully installed package: %s."), $pkg_info['name'])); @@ -879,6 +889,11 @@ function install_package_xml($package_name) { update_status($pkg_info['after_install_info']); } + /* set up package logging streams */ + if ($pkg_info['logging']) { + system_syslogd_start(true); + } + return true; } @@ -996,7 +1011,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { $need_syslog_restart = false; if (is_array($pkg_info['logging']) && $pkg_info['logging']['logfilename'] <> "") { update_status(gettext("Syslog entries... ")); - @unlink("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); + @unlink_if_exists("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); update_status("done.\n"); $need_syslog_restart = true; } @@ -1007,12 +1022,11 @@ function delete_package_xml($package_name, $when = "post-deinstall") { unset($config['installedpackages']['package'][$pkgid]); update_status(gettext("done.") . "\n"); write_config(sprintf(gettext("Removed %s package."), $package_name)); - } - - /* remove package entry from /etc/syslog.conf if needed */ - /* this must be done after removing the entries from config.xml */ - if ($need_syslog_restart) { - system_syslogd_start(); + /* remove package entry from /etc/syslog.conf if needed */ + /* this must be done after removing the entries from config.xml */ + if ($need_syslog_restart) { + system_syslogd_start(true); + } } conf_mount_ro(); @@ -1173,14 +1187,34 @@ function get_base_pkg_name() { } /* Verify if system needs upgrade (meta package or base) */ -function get_system_pkg_version($baseonly = false) { +function get_system_pkg_version($baseonly = false, $use_cache = true) { global $g; - $output = exec("/usr/local/sbin/{$g['product_name']}-upgrade -c", $_gc, - $rc); + $cache_file = $g['version_cache_file']; + $rc_file = $cache_file . '.rc'; + + $rc = ""; + if ($use_cache && file_exists($rc_file) && + (time()-filemtime($rc_file) < $g['version_cache_refresh'])) { + $rc = chop(@file_get_contents($rc_file)); + } + + if ($rc == "2") { + $output = @file_get_contents($cache_file); + } else if ($rc != "0") { + $output = exec( + "/usr/local/sbin/{$g['product_name']}-upgrade -c", $_gc, + $rc); + + /* Update cache if it succeeded */ + if ($rc == 0 || $rc == 2) { + @file_put_contents($cache_file, $output); + @file_put_contents($rc_file, $rc); + } + } /* pfSense-upgrade returns 2 when there is a new version */ - if ($rc == 2) { + if ($rc == "2") { $new_version = explode(' ', $output)[0]; } @@ -1191,7 +1225,7 @@ function get_system_pkg_version($baseonly = false) { return false; } - $info = get_pkg_info($base_pkg, true); + $info = get_pkg_info($base_pkg, true, true); $pkg_info = array(); foreach ($info as $item) { @@ -1203,7 +1237,7 @@ function get_system_pkg_version($baseonly = false) { if (empty($pkg_info) || (!$baseonly && ($pkg_info['version'] == $pkg_info['installed_version']))) { - $info = get_pkg_info($meta_pkg, true); + $info = get_pkg_info($meta_pkg, true, true); foreach ($info as $item) { if ($item['name'] == $meta_pkg) { @@ -1285,7 +1319,9 @@ function pkg_switch_repo($path) { file_put_contents("/usr/local/etc/pkg.conf", $pkg_conf); } - return pkg_update(true); + /* Update pfSense_version cache */ + mwexec_bg("/etc/rc.update_pkg_metadata now"); + return; } ?> diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index 677036c..57aee80 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -20,13 +20,15 @@ * limitations under the License. */ -require_once("globals.inc"); require_once("captiveportal.inc"); -require_once("openvpn.inc"); +require_once("globals.inc"); +require_once("gwlb.inc"); require_once("ipsec.inc"); +require_once("openvpn.inc"); +require_once("system.inc"); +require_once("util.inc"); require_once("vpn.inc"); require_once("vslb.inc"); -require_once("gwlb.inc"); define("RCFILEPREFIX", "/usr/local/etc/rc.d/"); function write_rcfile($params) { @@ -261,6 +263,11 @@ function get_services() { $pconfig['description'] = gettext("NTP clock sync"); $services[] = $pconfig; + $pconfig = array(); + $pconfig['name'] = "syslogd"; + $pconfig['description'] = gettext("System Logger Daemon"); + $services[] = $pconfig; + if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $zone => $setting) { if (isset($setting['enable'])) { @@ -620,6 +627,9 @@ function service_control_start($name, $extras) { relayd_configure(); filter_configure(); break; + case 'syslogd': + system_syslogd_start(); + break; default: start_service($name); break; @@ -690,6 +700,16 @@ function service_control_stop($name, $extras) { case 'relayd': mwexec('pkill relayd'); break; + case 'syslogd': + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM"); + usleep(100000); + } + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); + usleep(100000); + } + break; default: stop_service($name); break; @@ -760,6 +780,9 @@ function service_control_restart($name, $extras) { relayd_configure(true); filter_configure(); break; + case 'syslogd': + system_syslogd_start(); + break; default: restart_service($name); break; diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index fdb0d4b..94e1ad8 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -55,8 +55,8 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit'); -define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit'); +define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker hover loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit'); +define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Hover,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit'); /* implement ipv6 route advertising daemon */ function services_radvd_configure($blacklist = array()) { @@ -647,6 +647,7 @@ EOD; $type = "secondary"; $my_port = "520"; $peer_port = "519"; + $dhcpdconf_pri = ''; } else { $my_port = "519"; $peer_port = "520"; @@ -2288,12 +2289,21 @@ function services_unbound_configure($restart_dhcp = true) { echo "services_unbound_configure() being called $mt\n"; } - // kill any running Unbound instance - if (file_exists("{$g['varrun_path']}/unbound.pid")) { - sigkillbypid("{$g['varrun_path']}/unbound.pid", "TERM"); - } - if (isset($config['unbound']['enable'])) { + require_once('/etc/inc/unbound.inc'); + + /* Stop Unbound using TERM */ + if (file_exists("{$g['varrun_path']}/unbound.pid")) { + sigkillbypid("{$g['varrun_path']}/unbound.pid", "TERM"); + } + + /* If unbound is still running, wait up to 30 seconds for it to terminate. */ + for ($i=1; $i <= 30; $i++) { + if (is_process_running('unbound')) { + sleep(1); + } + } + if (platform_booting()) { echo gettext("Starting DNS Resolver..."); } else { @@ -2305,13 +2315,17 @@ function services_unbound_configure($restart_dhcp = true) { $return = 1; } - require_once('/etc/inc/unbound.inc'); sync_unbound_service(); if (platform_booting()) { echo gettext("done.") . "\n"; } system_dhcpleases_configure(); + } else { + /* kill Unbound since it should not be enabled */ + if (file_exists("{$g['varrun_path']}/unbound.pid")) { + sigkillbypid("{$g['varrun_path']}/unbound.pid", "KILL"); + } } if (!platform_booting() && $restart_dhcp) { diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 1e12513..8fc0edd 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -337,13 +337,15 @@ function system_hosts_local_entries() { $hosts = array(); $hosts[] = array( 'ipaddr' => '127.0.0.1', - 'fqdn' => 'localhost', - 'name' => 'localhost.' . $syscfg['domain'] + 'fqdn' => 'localhost.' . $syscfg['domain'], + 'name' => 'localhost', + 'domain' => $syscfg['domain'] ); $hosts[] = array( 'ipaddr' => '::1', - 'fqdn' => 'localhost', - 'name' => 'localhost.' . $syscfg['domain'] + 'fqdn' => 'localhost.' . $syscfg['domain'], + 'name' => 'localhost', + 'domain' => $syscfg['domain'] ); if ($config['interfaces']['lan']) { @@ -362,7 +364,9 @@ function system_hosts_local_entries() { if (is_ipaddrv4($cfgip)) { $hosts[] = array( 'ipaddr' => $cfgip, - 'fqdn' => $local_fqdn + 'fqdn' => $local_fqdn, + 'name' => $syscfg['hostname'], + 'domain' => $syscfg['domain'] ); $hosts_if_found = true; } @@ -370,7 +374,9 @@ function system_hosts_local_entries() { if (is_ipaddrv6($cfgipv6)) { $hosts[] = array( 'ipaddr' => $cfgipv6, - 'fqdn' => $local_fqdn + 'fqdn' => $local_fqdn, + 'name' => $syscfg['hostname'], + 'domain' => $syscfg['domain'] ); $hosts_if_found = true; } @@ -401,7 +407,9 @@ function system_hosts_override_entries($dnscfg) { $hosts[] = array( 'ipaddr' => $host['ip'], - 'fqdn' => $fqdn + 'fqdn' => $fqdn, + 'name' => $host['host'], + 'domain' => $host['domain'] ); if (!is_array($host['aliases']) || @@ -418,7 +426,9 @@ function system_hosts_override_entries($dnscfg) { $hosts[] = array( 'ipaddr' => $host['ip'], - 'fqdn' => $fqdn + 'fqdn' => $fqdn, + 'name' => $alias['host'], + 'domain' => $alias['domain'] ); } } @@ -451,17 +461,20 @@ function system_hosts_dhcpd_entries() { } $fqdn = $host['hostname'] . "."; + $domain = ""; if ($host['domain']) { - $fqdn .= $host['domain']; + $domain = $host['domain']; } elseif ($dhcpifconf['domain']) { - $fqdn .= $dhcpifconf['domain']; + $domain = $dhcpifconf['domain']; } else { - $fqdn .= $syscfg['domain']; + $domain = $syscfg['domain']; } $hosts[] = array( 'ipaddr' => $host['ipaddr'], - 'fqdn' => $fqdn + 'fqdn' => $fqdn . $domain, + 'name' => $host['hostname'], + 'domain' => $domain ); } } @@ -505,17 +518,20 @@ function system_hosts_dhcpd_entries() { } $fqdn = $host['hostname'] . "."; + $domain = ""; if ($host['domain']) { - $fqdn .= $host['domain']; - } else if ($dhcpifconf['domain']) { - $fqdn .= $dhcpifconf['domain']; + $domain = $host['domain']; + } elseif ($dhcpifconf['domain']) { + $domain = $dhcpifconf['domain']; } else { - $fqdn .= $syscfg['domain']; + $domain = $syscfg['domain']; } $hosts[] = array( 'ipaddr' => $ipaddrv6, - 'fqdn' => $fqdn + 'fqdn' => $fqdn . $domain, + 'name' => $host['hostname'], + 'domain' => $domain ); } } @@ -566,9 +582,11 @@ function system_hosts_generate() { $hosts_array = system_hosts_entries($dnsmasqcfg); foreach ($hosts_array as $host) { - $hosts .= "{$host['ipaddr']}\t{$host['fqdn']}"; - if (!empty($host['name'])) { - $hosts .= " {$host['name']}"; + $hosts .= "{$host['ipaddr']}\t"; + if ($host['name'] == "localhost") { + $hosts .= "{$host['name']} {$host['fqdn']}"; + } else { + $hosts .= "{$host['fqdn']} {$host['name']}"; } $hosts .= "\n"; } @@ -977,8 +995,12 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) { global $config, $g; + if ($restart_syslogd) { - exec("/usr/bin/killall syslogd"); + /* syslogd does not react well to clog rewriting the file while it is running. */ + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); + } } if (isset($config['system']['disablesyslogclog'])) { unlink($logfile); @@ -995,7 +1017,12 @@ function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = tru function clear_all_log_files($restart = false) { global $g; - exec("/usr/bin/killall syslogd"); + if ($restart) { + /* syslogd does not react well to clog rewriting the file while it is running. */ + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); + } + } $log_files = array("system", "filter", "dhcpd", "vpn", "poes", "l2tps", "openvpn", "portalauth", "ipsec", "ppp", "relayd", "wireless", "nginx", "ntpd", "gateways", "resolver", "routing"); foreach ($log_files as $lfile) { @@ -1014,7 +1041,7 @@ function clear_all_log_files($restart = false) { return; } -function system_syslogd_start() { +function system_syslogd_start($sighup = false) { global $config, $g; if (isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1245,18 +1272,27 @@ EOD; $syslogd_sockets .= " -l {$log_socket}"; } - if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { - sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM"); - usleep(100000); // syslogd often doesn't respond to a TERM quickly enough for the starting of syslogd below to be successful + /* If HUP was requested, but syslogd is not running, restart it instead. */ + if ($sighup && !isvalidpid("{$g['varrun_path']}/syslog.pid")) { + $sighup = false; } - if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { - // if it still hasn't responded to the TERM, KILL it. - sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); - usleep(100000); - } + if (!$sighup) { + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM"); + usleep(100000); // syslogd often doesn't respond to a TERM quickly enough for the starting of syslogd below to be successful + } + + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + // if it still hasn't responded to the TERM, KILL it. + sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); + usleep(100000); + } - $retval = mwexec_bg("/usr/sbin/syslogd -s -c -c {$syslogd_sockets} -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}"); + $retval = mwexec_bg("/usr/sbin/syslogd -s -c -c {$syslogd_sockets} -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}"); + } else { + $retval = sigkillbypid("{$g['varrun_path']}/syslog.pid", "HUP"); + } if (platform_booting()) { echo gettext("done.") . "\n"; @@ -1281,6 +1317,7 @@ function system_webgui_create_certificate() { $cert = array(); $cert['refid'] = uniqid(); $cert['descr'] = sprintf(gettext("webConfigurator default (%s)"), $cert['refid']); + $cert_hostname = "{$config['system']['hostname']}-{$cert['refid']}"; $dn = array( 'countryName' => "US", @@ -1288,7 +1325,8 @@ function system_webgui_create_certificate() { 'localityName' => "Locality", 'organizationName' => "{$g['product_name']} webConfigurator Self-Signed Certificate", 'emailAddress' => "admin@{$config['system']['hostname']}.{$config['system']['domain']}", - 'commonName' => "{$config['system']['hostname']}-{$cert['refid']}"); + 'commonName' => $cert_hostname, + 'subjectAltName' => "DNS:{$cert_hostname}"); $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ if (!cert_create($cert, null, 2048, 2000, $dn, "self-signed", "sha256")) { while ($ssl_err = openssl_error_string()) { @@ -2329,6 +2367,24 @@ function system_get_serial() { return get_single_sysctl('kern.hostuuid'); } +function system_get_uniqueid() { + global $g; + + $uniqueid_file="{$g['vardb_path']}/uniqueid"; + + if (empty($g['uniqueid'])) { + if (!file_exists($uniqueid_file)) { + mwexec("/usr/sbin/gnid > {$g['vardb_path']}/uniqueid " . + "2>/dev/null"); + } + if (file_exists($uniqueid_file)) { + $g['uniqueid'] = @file_get_contents($uniqueid_file); + } + } + + return ($g['uniqueid'] ?: ''); +} + /* * attempt to identify the specific platform (for embedded systems) * Returns an array with two elements: @@ -2386,6 +2442,7 @@ function system_identify_specific_platform() { return (array('name' => 'XG-1540', 'descr' => 'Super Micro XG-1540')); break; case 'apu2': + case 'APU2': return (array('name' => 'apu2', 'descr' => 'PC Engines APU2')); break; case 'Virtual Machine': diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc index cbba152..7480de7 100644 --- a/src/etc/inc/unbound.inc +++ b/src/etc/inc/unbound.inc @@ -497,10 +497,10 @@ function do_as_unbound_user($cmd, $param1 = "") { mwexec("/usr/local/sbin/unbound -c {$g['unbound_chroot_path']}/unbound.conf"); break; case "stop": - mwexec("echo '/usr/local/sbin/unbound-control stop' | /usr/bin/su -m unbound", true); + mwexec("echo '/usr/local/sbin/unbound-control -c {$g['unbound_chroot_path']}/unbound.conf stop' | /usr/bin/su -m unbound", true); break; case "reload": - mwexec("echo '/usr/local/sbin/unbound-control reload' | /usr/bin/su -m unbound", true); + mwexec("echo '/usr/local/sbin/unbound-control -c {$g['unbound_chroot_path']}/unbound.conf reload' | /usr/bin/su -m unbound", true); break; case "unbound-anchor": $root_key_file = "{$g['unbound_chroot_path']}{$param1}/root.key"; @@ -568,20 +568,13 @@ function unbound_add_domain_overrides($pvt_rev="", $cfgsubdir = "") { } } -function unbound_add_host_entries($cfgsubdir = "") { - global $config, $g; - - // Make sure the config setting is a valid unbound local zone type. If not use "transparent". - if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { - $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; +function unbound_generate_zone_data($domain, $hosts, &$added_ptr, $zone_type = "transparent", $write_domain_zone_declaration = false, $always_add_short_names = false) { + global $config; + if ($write_domain_zone_declaration) { + $zone_data = "local-zone: \"{$domain}.\" {$zone_type}\n"; } else { - $system_domain_local_zone_type = "transparent"; + $zone_data = ""; } - - $unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n"; - - $hosts = system_hosts_entries($config['unbound']); - $added_ptr = array(); foreach ($hosts as $host) { if (is_ipaddrv4($host['ipaddr'])) { $type = 'A'; @@ -590,15 +583,69 @@ function unbound_add_host_entries($cfgsubdir = "") { } else { continue; } - if (!$added_ptr[$host['ipaddr']]) { - $unbound_entries .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; + $zone_data .= "local-data-ptr: \"{$host['ipaddr']} {$host['fqdn']}\"\n"; $added_ptr[$host['ipaddr']] = true; } - $unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n"; - if (isset($host['name'])) { - $unbound_entries .= "local-data: \"{$host['name']} {$type} {$host['ipaddr']}\"\n"; + /* For the system localhost entry, write an entry for just the hostname. */ + if ((($host['name'] == "localhost") && ($domain == $config['system']['domain'])) || $always_add_short_names) { + $zone_data .= "local-data: \"{$host['name']}. {$type} {$host['ipaddr']}\"\n"; } + /* Redirect zones must have a zone declaration that matches the + * local-data record exactly, it cannot have entries "under" the + * domain. + */ + if ($zone_type == "redirect") { + $zone_data .= "local-zone: \"{$host['fqdn']}.\" {$zone_type}\n";; + } + $zone_data .= "local-data: \"{$host['fqdn']}. {$type} {$host['ipaddr']}\"\n"; + } + return $zone_data; +} + +function unbound_add_host_entries($cfgsubdir = "") { + global $config, $g; + + $hosts = system_hosts_entries($config['unbound']); + + /* Pass 1: Build domain list and hosts inside domains */ + $hosts_by_domain = array(); + foreach ($hosts as $host) { + if (!array_key_exists($host['domain'], $hosts_by_domain)) { + $hosts_by_domain[$host['domain']] = array(); + } + $hosts_by_domain[$host['domain']][] = $host; + } + + $added_ptr = array(); + /* Build local zone data */ + // Check if auto add host entries is not set + $system_domain_local_zone_type = "transparent"; + if (!isset($config['unbound']['disable_auto_added_host_entries'])) { + // Make sure the config setting is a valid unbound local zone type. If not use "transparent". + if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { + $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; + } + } + /* Add entries for the system domain before all others */ + if (array_key_exists($config['system']['domain'], $hosts_by_domain)) { + $unbound_entries .= unbound_generate_zone_data($config['system']['domain'], + $hosts_by_domain[$config['system']['domain']], + $added_ptr, + $system_domain_local_zone_type, + true); + /* Unset this so it isn't processed again by the loop below. */ + unset($hosts_by_domain[$config['system']['domain']]); + } + + /* Build zone data for other domain */ + foreach ($hosts_by_domain as $domain => $hosts) { + $unbound_entries .= unbound_generate_zone_data($domain, + $hosts, + $added_ptr, + "transparent", + false, + isset($config['unbound']['always_add_short_names'])); } // Write out entries diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 3bfd6fa..fe3c3a7 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -685,7 +685,7 @@ function upgrade_040_to_041() { $config['sysctl']['item'][1]['value'] = "default"; $config['sysctl']['item'][2]['tunable'] = "net.inet.ip.random_id"; - $config['sysctl']['item'][2]['descr'] = gettext("Randomize the ID field in IP packets (default is 0: sequential IP IDs)"); + $config['sysctl']['item'][2]['descr'] = gettext("Randomize the ID field in IP packets (default is 1: Assign random IP IDs)"); $config['sysctl']['item'][2]['value'] = "default"; $config['sysctl']['item'][3]['tunable'] = "net.inet.tcp.drop_synfin"; @@ -4777,7 +4777,7 @@ function upgrade_147_to_148() { } // if there was a space in a group name, there may be multiple - // groups with the same name in the group file. To prevent pw + // groups with the same name in the group file. To prevent pw // from getting into a neverending loop, delete all user-defined // groups here. local_sync_accounts will run shortly after this // and add them back. redmine #6012 @@ -5057,4 +5057,113 @@ function upgrade_157_to_158() { } } +/* + * Special function that is called independent of current config version. It's + * a workaround to have config_upgrade running on older versions after next + * config version was already taken by newer pfSense. + * + * XXX Change the way we handle config version to make it based on product + * version + */ +function additional_config_upgrade() { + global $config; + + if (!is_array($config['system']['already_run_config_upgrade'])) { + $config['system']['already_run_config_upgrade'] = array(); + } + $already_run = $config['system']['already_run_config_upgrade']; + + /* Copy of upgrade_166_to_167 from 2.4 */ + if (!isset($already_run['upgrade_166_to_167'])) { + /* + * If this box was updated during the small period of time + * $config latest_version was set to 15.9, reset it to 15.8 + * so we are sure this upgrade will not be skipped when move + * to 2.4 + */ + + if ($config['version'] == "15.9") { + $config['version'] = "15.8"; + } + + if (strpos($config['widgets']['sequence'], + 'netgate_services_and_support') === false) { + $widgets = explode(",", $config['widgets']['sequence']); + $cnt = count($widgets); + $col2 = $cnt; + $newsequence = array(); + + // Locate the firt column 2 widget + for ($idx=0;$idx<$cnt;$idx++) { + if (strpos($widgets[$idx], 'col2') !== false) { + $col2 = $idx; + break; + } + } + + /* + * Loop through the widgets inserting the new widget + * before the first col2 widget + */ + for ($old=0,$new=0;$old<$cnt;$old++,$new++) { + $newsequence[$new] = $widgets[$old]; + + if ($old != ($col2 - 1)) { + continue; + } + $new++; + $newsequence[$new] = + "netgate_services_and_support:col2:open:0"; + } + + $config['widgets']['sequence'] = implode(",", + $newsequence); + } + + $config['system']['already_run_config_upgrade'] + ['upgrade_166_to_167'] = true; + $config['system']['already_run_config_upgrade'] + ['upgrade_167_to_168'] = true; + write_config("Enabled Netgate Services and Support Widget"); + } + + /* Copy of upgrade_168_to_169() from 2.4 */ + if (!isset($already_run['upgrade_168_to_169'])) { + $found = false; + + /* Detect old temporary workaround */ + if (isset($config['cron']['rc_update_pkg_metadata'])) { + unset($config['cron']['rc_update_pkg_metadata']); + $found = true; + } + + $command = '/usr/bin/nice -n20 /etc/rc.update_pkg_metadata'; + + if (!$found && is_array($config['cron']['item'])) { + foreach ($config['cron']['item'] as $entry) { + if ($entry['command'] == $command) { + $found = true; + break; + } + } + } + + if (!$found) { + $config['cron']['item'][] = array( + 'minute' => '1', + 'hour' => '0', + 'mday' => '*', + 'month' => '*', + 'wday' => '*', + 'who' => 'root', + 'command' => $command + ); + } + + $config['system']['already_run_config_upgrade'] + ['upgrade_168_to_169'] = true; + write_config("Added pkg metadata update cronjob"); + } +} + ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 2147d9e..e858c89 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -136,13 +136,6 @@ function clear_subsystem_dirty($subsystem = "") { @unlink("{$g['varrun_path']}/{$subsystem}.dirty"); } -function config_lock() { - return; -} -function config_unlock() { - return; -} - /* lock configuration file */ function lock($lock, $op = LOCK_SH) { global $g; @@ -2207,7 +2200,7 @@ function is_interface_mismatch() { $missing_interfaces = array(); if (is_array($config['interfaces'])) { foreach ($config['interfaces'] as $ifname => $ifcfg) { - if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { + if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan|_\d{0,4}_\d{0,4}$/i", $ifcfg['if'])) { // Do not check these interfaces. $i++; continue; diff --git a/src/etc/inc/vslb.inc b/src/etc/inc/vslb.inc index 7c1ff17..1573842 100644 --- a/src/etc/inc/vslb.inc +++ b/src/etc/inc/vslb.inc @@ -179,6 +179,7 @@ function relayd_configure($kill_first=false) { if (!function_exists('filter_expand_alias_array')) { require_once("filter.inc"); } + require_once("util.inc"); $vs_a = $config['load_balancer']['virtual_server']; $pool_a = $config['load_balancer']['lbpool']; @@ -382,7 +383,7 @@ function relayd_configure($kill_first=false) { if (is_process_running('relayd')) { if (!empty($vs_a)) { if ($kill_first) { - mwexec('pkill relayd'); + sigkillbyname("relayd", "TERM"); /* Remove all active relayd anchors now that relayd is no longer running. */ cleanup_lb_anchor("*"); mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); @@ -398,7 +399,7 @@ function relayd_configure($kill_first=false) { * mwexec('/usr/local/sbin/relayctl stop'); * returns "command failed" */ - mwexec('pkill relayd'); + sigkillbyname("relayd", "TERM"); /* Remove all active relayd anchors now that relayd is no longer running. */ cleanup_lb_anchor("*"); } diff --git a/src/etc/inc/xmlparse.inc b/src/etc/inc/xmlparse.inc index 84a1424..95783b6 100644 --- a/src/etc/inc/xmlparse.inc +++ b/src/etc/inc/xmlparse.inc @@ -279,7 +279,7 @@ function dump_xml_config_sub($arr, $indent) { (substr($ent, 0, 9) == "ldap_attr") || (substr($ent, 0, 9) == "ldap_bind") || (substr($ent, 0, 11) == "ldap_basedn") || - (substr($ent, 0, 18) == "ldap_authcn") || + (substr($ent, 0, 11) == "ldap_authcn") || (substr($ent, 0, 19) == "ldap_extended_query")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { @@ -310,9 +310,9 @@ function dump_xml_config_sub($arr, $indent) { (substr($ent, 0, 9) == "ldap_attr") || (substr($ent, 0, 9) == "ldap_bind") || (substr($ent, 0, 11) == "ldap_basedn") || - (substr($ent, 0, 18) == "ldap_authcn") || + (substr($ent, 0, 11) == "ldap_authcn") || (substr($ent, 0, 19) == "ldap_extended_query") || - (substr($ent, 0, 5) == "text")) { + (substr($ent, 0, 4) == "text")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index f9dd3ba..faa5113 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -682,7 +682,6 @@ /usr/local/share/dict /usr/local/share/doc /usr/local/share/emacs -/usr/local/share/examples /usr/local/share/java /usr/local/share/locale/af /usr/local/share/locale/am @@ -933,6 +932,7 @@ /usr/local/www/vpn_pppoe_edit.php /usr/local/www/vpn_pppoe_users.php /usr/local/www/vpn_pppoe_users_edit.php +/usr/local/www/widgets/include/thermal_sensors.inc /usr/local/www/widgets/widgets/deactivated /usr/local/www/wizards/traffic_shaper_wizard.inc /usr/local/www/wizards/traffic_shaper_wizard.xml diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index fd2b046..8b6750b 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -60,7 +60,7 @@ require_once("pfsense-utils.inc"); $GIT_PKG = "git"; // Either "git" or the full package URL $GIT_BIN= "/usr/local/bin/git"; $GIT_REPO = "git://github.com/pfsense/pfsense.git"; -$DEFAULT_BRANCH = "RELENG_2_3"; +$DEFAULT_BRANCH = "RELENG_2_3_4"; $CODIR = "/root/pfsense"; $GITSYNC_MERGE = "/root/.gitsync_merge"; @@ -68,6 +68,7 @@ $GITSYNC_MERGE = "/root/.gitsync_merge"; $branches = array( "master" => "2.4 development branch", "RELENG_2_3" => "2.3 development branch", + "RELENG_2_3_4" => "2.3.4 stable branch", "build_commit" => "The commit originally used to build the image" ); @@ -513,6 +513,9 @@ fi /usr/local/sbin/${product}-upgrade -y -b 3 +# Update pkg metadata +/etc/rc.update_pkg_metadata now + # Log product version to syslog get_version BUILDTIME=`cat /etc/version.buildtime` diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index d626520..0770a29 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -186,6 +186,8 @@ echo "Loading configuration..."; parse_config_bootup(); echo "done.\n"; +mwexec("/usr/sbin/gnid > {$g['vardb_path']}/uniqueid 2>/dev/null"); + /* run any early shell commands specified in config.xml */ system_do_shell_commands(1); diff --git a/src/etc/rc.packages b/src/etc/rc.packages index d503b6b..a957b81 100755 --- a/src/etc/rc.packages +++ b/src/etc/rc.packages @@ -52,6 +52,11 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* If PHP is not running, silently abort and run registration during boot */ +if (!file_exists('/var/run/php-fpm.pid')) { + exit; +} + require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); @@ -73,11 +78,6 @@ if ($argc == 1) { exit; } -/* If PHP is not running, silently abort and run registration during boot */ -if (!isvalidpid('/var/run/php-fpm.pid')) { - exit; -} - $pkg = ''; $when = ''; diff --git a/src/etc/rc.update_bogons.sh b/src/etc/rc.update_bogons.sh index 2548ed9..b21090f 100755 --- a/src/etc/rc.update_bogons.sh +++ b/src/etc/rc.update_bogons.sh @@ -55,6 +55,14 @@ # Global variables proc_error="" +do_not_send_uniqueid=$(/usr/local/sbin/read_xml_tag.sh boolean system/do_not_send_uniqueid) +if [ "${do_not_send_uniqueid}" != "true" ]; then + uniqueid=$(/usr/sbin/gnid) + export HTTP_USER_AGENT="${product}/${product_version}:${uniqueid}" +else + export HTTP_USER_AGENT="${product}/${product_version}" +fi + # Download and extract if necessary process_url() { local file=$1 diff --git a/src/etc/rc.update_pkg_metadata b/src/etc/rc.update_pkg_metadata new file mode 100755 index 0000000..f22c1af --- /dev/null +++ b/src/etc/rc.update_pkg_metadata @@ -0,0 +1,48 @@ +#!/bin/sh +# +# rc.update_pkg_metadata +# +# Copyright (c) 2017 Rubicon Communications, LLC (Netgate). All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ "$1" = "now" ]; then + sleep_time=0 +else + sleep_time=$(jot -r 1 1 86399) +fi + +# Read product_name from $g, defaults to pfSense +product=$(/usr/local/sbin/read_global_var product_name pfSense) + +tmp_version=$(mktemp -q /tmp/${product}_version.XXXXXXXX) \ + || exit 1 + +( \ + sleep $sleep_time \ + && /usr/local/sbin/${product}-upgrade -uf \ + && ( \ + /usr/local/sbin/${product}-upgrade -Uc > ${tmp_version}.tmp \ + ; rc=$? \ + ; tail -n 1 ${tmp_version}.tmp > $tmp_version \ + ; rm -f ${tmp_version}.tmp \ + ; echo $rc > ${tmp_version}.rc \ + ; test $rc -eq 2 && return 0 || return $rc \ + ) \ + && ( \ + mv $tmp_version /var/run/${product}_version \ + && mv ${tmp_version}.rc /var/run/${product}_version.rc \ + ) || rm -f $tmp_version ${tmp_version}.rc +) >/dev/null 2>&1 & + +exit 0 diff --git a/src/etc/ssl/openssl.cnf b/src/etc/ssl/openssl.cnf index 3ea2df5..fc6b072 100644 --- a/src/etc/ssl/openssl.cnf +++ b/src/etc/ssl/openssl.cnf @@ -221,6 +221,7 @@ extendedKeyUsage=clientAuth # copy of [ usr_cert ] plus nonempty Subject Alternative Names basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment nsComment = "OpenSSL Generated User Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always diff --git a/src/etc/version b/src/etc/version index 529d064..0aa25ee 100644 --- a/src/etc/version +++ b/src/etc/version @@ -1 +1 @@ -2.3.4-DEVELOPMENT +2.3.4-RELEASE diff --git a/src/usr/local/sbin/openvpn.attributes.sh b/src/usr/local/sbin/openvpn.attributes.sh index 1c22a6c..ef18a7c 100755 --- a/src/usr/local/sbin/openvpn.attributes.sh +++ b/src/usr/local/sbin/openvpn.attributes.sh @@ -50,7 +50,6 @@ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED # OF THE POSSIBILITY OF SUCH DAMAGE. -echo $script_type > /tmp/script if [ "$script_type" = "client-connect" ]; then if [ -f /tmp/$common_name ]; then /bin/cat /tmp/$common_name > $1 diff --git a/src/usr/local/www/crash_reporter.php b/src/usr/local/www/crash_reporter.php index d674440..7e8e5e8 100644 --- a/src/usr/local/www/crash_reporter.php +++ b/src/usr/local/www/crash_reporter.php @@ -61,11 +61,13 @@ require_once("guiconfig.inc"); require_once("functions.inc"); require_once("captiveportal.inc"); +require_once("system.inc"); define("FILE_SIZE", 450000); function upload_crash_report($files) { - global $g; + global $g, $config; + $post = array(); $counter = 0; foreach ($files as $file) { @@ -77,7 +79,11 @@ function upload_crash_report($files) { curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); + if (!isset($config['system']['do_not_send_uniqueid'])) { + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ':' . system_get_uniqueid()); + } else { + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); + } curl_setopt($ch, CURLOPT_URL, $g['crashreporterurl']); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); diff --git a/src/usr/local/www/csrf/csrf-magic.js b/src/usr/local/www/csrf/csrf-magic.js index a889773..0989c10 100644 --- a/src/usr/local/www/csrf/csrf-magic.js +++ b/src/usr/local/www/csrf/csrf-magic.js @@ -40,13 +40,11 @@ CsrfMagic.prototype = { send: function(data) { if (!this.csrf_isPost) return this.csrf_send(data); prepend = csrfMagicName + '=' + csrfMagicToken + '&'; - - // Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers - // if (this.csrf_purportedLength === undefined) { - // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); - // delete this.csrf_purportedLength; - // } - + // XXX: Removed to eliminate 'Refused to set unsafe header "Content-length" ' errors in modern browsers + // if (this.csrf_purportedLength === undefined) { + // this.csrf_setRequestHeader("Content-length", this.csrf_purportedLength + prepend.length); + // delete this.csrf_purportedLength; + // } delete this.csrf_isPost; return this.csrf_send(prepend + data); }, @@ -89,6 +87,10 @@ CsrfMagic.prototype._updateProps = function() { } } CsrfMagic.process = function(base) { + if(typeof base == 'object') { + base[csrfMagicName] = csrfMagicToken; + return base; + } var prepend = csrfMagicName + '=' + csrfMagicToken; if (base) return prepend + '&' + base; return prepend; diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php index 58f4eba..65db19f 100644 --- a/src/usr/local/www/csrf/csrf-magic.php +++ b/src/usr/local/www/csrf/csrf-magic.php @@ -217,7 +217,8 @@ function csrf_get_tokens() { $secret = csrf_get_secret(); if (!$has_cookies && $secret) { // :TODO: Harden this against proxy-spoofing attacks - $ip = ';ip:' . csrf_hash($_SERVER['IP_ADDRESS']); + $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']); + $ip = ';ip:' . csrf_hash($IP_ADDRESS); } else { $ip = ''; } @@ -327,7 +328,8 @@ function csrf_check_token($token) { if ($GLOBALS['csrf']['user'] !== false) return false; if (!empty($_COOKIE)) return false; if (!$GLOBALS['csrf']['allow-ip']) return false; - return $value === csrf_hash($_SERVER['IP_ADDRESS'], $time); + $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']); + return $value === csrf_hash($IP_ADDRESS, $time); } return false; } @@ -379,7 +381,7 @@ function csrf_get_secret() { */ function csrf_generate_secret($len = 32) { $r = ''; - for ($i = 0; $i < 32; $i++) { + for ($i = 0; $i < $len; $i++) { $r .= chr(mt_rand(0, 255)); } $r .= time() . microtime(); diff --git a/src/usr/local/www/css/login.css b/src/usr/local/www/css/login.css new file mode 100644 index 0000000..22b4f2c --- /dev/null +++ b/src/usr/local/www/css/login.css @@ -0,0 +1,189 @@ +body, html { + height: 100%; + padding: 0; + margin: 0; +} + +body { + width: 100%; +} + +header { +} + +#headerrow { + position: fixed; + height: 90px; + top: 0; + width: 100%; + background-color: white; +} + +.pagebody { + position: absolute; + top:90px; + bottom:25px; + width: 100%; + color: white; +} + +.pagebodywarn { + position: absolute; + top:140px; + bottom:25px; + width: 100%; + color: white; +} + +.nowarning { + height: 80px; + padding-top: 10px; +} + +#hostspan { + text-align: right; +} + +.msgbox { + padding-right: 60px; + padding-top: 25px; +} + +@media only screen and (max-width : 768px) { + /* only size 'xs' and below */ + #headerrow { + height: 100px; + } + + .pagebody { + top: 100px; + } + + .pagebody2 { + top: 250px; + } + + .nowarning { + height: 60px; + } + + .msgbox { + padding-right: 0px; + padding-top: 0px; + } + + #hostspan { + text-align: center; + } +} + +#footertext { + position: fixed; + height: 25px; + bottom: 0; + width: 100%; + background-color: #212121; + color: white; + text-align: center; +} + +.loginCont { + position: absolute; + top: 50%; left: 50%; + transform: translate(-50%,-50%); + height: 55%; + width: 80%; +} + +.error-panel a { + color: white; +} +p.form-title +{ + font-family: 'Open Sans' , sans-serif; + font-size: 20px; + font-weight: 500; + text-align: center; + color: #FFFFFF; + margin-top: 5%; + text-transform: uppercase; + letter-spacing: 4px; +} + +form.login +{ + width: 270px; + margin: 0 auto; +} + +form.login input[type="text"], form.login input[type="password"] +{ + width: 100%; + margin: 0; + padding: 10px 10px; + background: 0; + border: 0; + border-bottom: 1px solid #FFFFFF; + outline: 0; + font-style: italic; + font-size: 18px; + font-weight: 600; + letter-spacing: 1px; + margin-bottom: 5px; + color: #FFFFFF; + outline: 0; +} + +form.login input[type="submit"] +{ + width: 60%; + font-size: 14px; + text-transform: uppercase; + font-weight: 500; + margin-top: 36px; + outline: 0; + cursor: pointer; + letter-spacing: 1px; + display: block; + margin : 0 auto; + margin-top: 36px; +} + +form.login input[type="submit"]:hover +{ + transition: background-color 0.5s ease; +} + +form.login label, form.login a +{ + font-size: 12px; + font-weight: 400; + color: #FFFFFF; +} + +form.login a +{ + transition: color 0.5s ease; +} + +form.login a:hover +{ + color: #2ecc71; +} + +.logoCol { + height: 100%; +} + +/** Re-style web-kit broswer autocomplete boxes (Fixes Chrome's ugly yellow background) **/ +@-webkit-keyframes autofill { + to { + color: white; + background: transparent; + } +} + +input:-webkit-autofill { + -webkit-animation-name: autofill; + -webkit-animation-fill-mode: both; +} diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php index 394f79e..17524d7 100644 --- a/src/usr/local/www/diag_backup.php +++ b/src/usr/local/www/diag_backup.php @@ -366,17 +366,8 @@ if ($_POST) { if (is_array($ifdescrs)) { foreach ($ifdescrs as $iface) { if (is_alias($config['interfaces'][$iface]['descr'])) { - // Firewall rules $origname = $config['interfaces'][$iface]['descr']; - $newname = $config['interfaces'][$iface]['descr'] . "Alias"; - update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $newname, $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $newname, $origname); - // NAT Rules - update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $newname, $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $newname, $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('target'), $newname, $origname); - // Alias in an alias - update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $newname, $origname); + update_alias_name($origname . "Alias", $origname); } } } diff --git a/src/usr/local/www/diag_dns.php b/src/usr/local/www/diag_dns.php index b6082a6..391ca31 100644 --- a/src/usr/local/www/diag_dns.php +++ b/src/usr/local/www/diag_dns.php @@ -116,12 +116,13 @@ function resolve_host_addresses($host) { return $resolved; } -if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { +if (isAllowedPage('firewall_aliases_edit.php') && isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { $resolved = gethostbyname($host); $type = "hostname"; if ($resolved) { $resolved = resolve_host_addresses($host); $isfirst = true; + $addresses = ""; foreach ($resolved as $re) { if ($re['data'] != "") { if (!$isfirst) { @@ -139,18 +140,24 @@ if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) { $isfirst = false; } } - $newalias = array(); - $newalias['name'] = $aliasname; - $newalias['type'] = "network"; - $newalias['address'] = $addresses; - $newalias['descr'] = gettext("Created from Diagnostics-> DNS Lookup"); - if ($alias_exists) { - $a_aliases[$id] = $newalias; + if ($addresses == "") { + $couldnotcreatealias = true; } else { - $a_aliases[] = $newalias; + $newalias = array(); + $newalias['name'] = $aliasname; + $newalias['type'] = "network"; + $newalias['address'] = $addresses; + $newalias['descr'] = gettext("Created from Diagnostics-> DNS Lookup"); + if ($alias_exists) { + $a_aliases[$id] = $newalias; + } else { + $a_aliases[] = $newalias; + } + write_config(gettext("Created an alias from Diagnostics - DNS Lookup page.")); + $createdalias = true; } - write_config(); - $createdalias = true; + } else { + $couldnotcreatealias = true; } } @@ -244,6 +251,16 @@ if ($createdalias) { } else { print_info_box(gettext("Alias was created successfully."), 'success'); } + + $alias_exists = true; +} + +if ($couldnotcreatealias) { + if ($alias_exists) { + print_info_box(sprintf(gettext("Could not update alias for %s"), $host), 'warning', false); + } else { + print_info_box(sprintf(gettext("Could not create alias for %s"), $host), 'warning', false); + } } $form = new Form(false); @@ -266,7 +283,7 @@ $form->addGlobal(new Form_Button( 'fa-search' ))->addClass('btn-primary'); -if (!empty($resolved)) { +if (!empty($resolved) && isAllowedPage('firewall_aliases_edit.php')) { if ($alias_exists) { $button_text = gettext("Update alias"); } else { @@ -348,4 +365,21 @@ if (!$input_errors && $type) { </div> <?php } +?> +<script type="text/javascript"> +//<![CDATA[ +events.push(function() { + var original_host = "<?=$host;?>"; + + $('input[name="host"]').on('input', function() { + if ($('#host').val() == original_host) { + disableInput('create_alias', false); + } else { + disableInput('create_alias', true); + } + }); +}); +//]]> +</script> +<?php include("foot.inc"); diff --git a/src/usr/local/www/diag_edit.php b/src/usr/local/www/diag_edit.php index 5dfae47..3dde573 100644 --- a/src/usr/local/www/diag_edit.php +++ b/src/usr/local/www/diag_edit.php @@ -271,7 +271,7 @@ print_callout(gettext("The capabilities offered here can be dangerous. No suppor if (values.shift() == "0") { var file = values.shift(); - var fileContent = window.atob(values.join("|")); + var fileContent = window.Base64.decode(values.join("|")); $("#fileContent").val(fileContent); } else { diff --git a/src/usr/local/www/diag_gmirror.php b/src/usr/local/www/diag_gmirror.php index 9b39cd4..90ee826 100644 --- a/src/usr/local/www/diag_gmirror.php +++ b/src/usr/local/www/diag_gmirror.php @@ -247,7 +247,7 @@ else: <?php if (count($mirror_status) > 0): ?> - <table class="table table-striped stable-hover table-condensed"> + <table class="table table-striped table-hover table-condensed"> <thead> <tr> <th><?=gettext("Name"); ?></th> @@ -328,7 +328,7 @@ else: <div class="panel-body table-responsive"> <?php if (count($unused_consumers) > 0): ?> - <table class="table table-striped stable-hover table-condensed"> + <table class="table table-striped table-hover table-condensed"> <thead> <tr> <th><?=gettext("Name"); ?></th> diff --git a/src/usr/local/www/diag_ndp.php b/src/usr/local/www/diag_ndp.php index cc5fcfd..68b82bc 100644 --- a/src/usr/local/www/diag_ndp.php +++ b/src/usr/local/www/diag_ndp.php @@ -65,10 +65,28 @@ @ini_set('zlib.output_compression', 0); @ini_set('implicit_flush', 1); - +define('NDP_BINARY_PATH', '/usr/sbin/ndp'); require_once("guiconfig.inc"); -exec("/usr/sbin/ndp -na", $rawdata); +// Delete ndp entry. +if (isset($_POST['deleteentry'])) { + $ip = $_POST['deleteentry']; + if (is_ipaddrv6($ip)) { + $commandReturnValue = mwexec(NDP_BINARY_PATH . " -d " . escapeshellarg($ip), true); + $deleteSucceededFlag = ($commandReturnValue == 0); + } else { + $deleteSucceededFlag = false; + } + + $deleteResultMessage = ($deleteSucceededFlag) + ? sprintf(gettext("The NDP entry for %s has been deleted."), $ip) + : sprintf(gettext("%s is not a valid IPv6 address or could not be deleted."), $ip); + $deleteResultMessageType = ($deleteSucceededFlag) + ? 'success' + : 'alert-warning'; +} + +exec(NDP_BINARY_PATH . " -na", $rawdata); $i = 0; @@ -79,9 +97,15 @@ foreach ($ifdescrs as $key =>$interface) { $hwif[$config['interfaces'][$key]['if']] = $interface; } -/* Array ( [0] => Neighbor [1] => Linklayer [2] => Address -[3] => Netif [4] => Expire [5] => S -[6] => Flags ) */ +/* + * Key map for each element in $rawdata + * 0 => Neighbor IP + * 1 => Physical address (MAC) + * 2 => Interface + * 3 => Expiration + * 4 => State + * 5 => Flags + */ $data = array(); array_shift($rawdata); foreach ($rawdata as $line) { @@ -91,6 +115,7 @@ foreach ($rawdata as $line) { $ndpent['ipv6'] = trim($elements[0]); $ndpent['mac'] = trim($elements[1]); $ndpent['interface'] = trim($elements[2]); + $ndpent['expiration'] = trim($elements[3]); $data[] = $ndpent; } @@ -127,6 +152,11 @@ $mac_man = load_mac_manufacturer_table(); $pgtitle = array(gettext("Diagnostics"), gettext("NDP Table")); include("head.inc"); + +// Show message if defined. +if (isset($deleteResultMessage, $deleteResultMessageType)) { + print_info_box(htmlentities($deleteResultMessage), $deleteResultMessageType); +} ?> <div class="panel panel-default"> @@ -137,10 +167,12 @@ include("head.inc"); <table class="table table-striped table-condensed table-hover sortable-theme-bootstrap" data-sortable> <thead> <tr> - <th><?= gettext("IPv6 address"); ?></th> - <th><?= gettext("MAC address"); ?></th> - <th><?= gettext("Hostname"); ?></th> - <th><?= gettext("Interface"); ?></th> + <th><?=gettext("IPv6 address")?></th> + <th><?=gettext("MAC address")?></th> + <th><?=gettext("Hostname")?></th> + <th><?=gettext("Interface")?></th> + <th><?=gettext("Expiration")?></th> + <th data-sortable="false"><?=gettext("Actions")?></th> </tr> </thead> <tbody> @@ -171,6 +203,12 @@ include("head.inc"); } ?> </td> + <td> + <?=$entry['expiration']?> + </td> + <td> + <a class="fa fa-trash" title="<?=gettext('Delete NDP entry')?>" href="diag_ndp.php?deleteentry=<?=$entry['ipv6']?>" usepost></a> + </td> </tr> <?php endforeach; ?> </tbody> diff --git a/src/usr/local/www/diag_smart.php b/src/usr/local/www/diag_smart.php index 22f6062..8cf5d45 100644 --- a/src/usr/local/www/diag_smart.php +++ b/src/usr/local/www/diag_smart.php @@ -268,7 +268,6 @@ switch ($action) { $config['system']['smartmonemail'] = $_POST['smartmonemail']; write_config(); $retval = 0; - config_lock(); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message($retval); $style = 'success'; @@ -276,7 +275,6 @@ switch ($action) { $savemsg = $retval; $style='danger'; } - config_unlock(); // Write the changes to the smartd.conf file update_email($_POST['smartmonemail']); // Send sig HUP to smartd, rereads the config file diff --git a/src/usr/local/www/diag_tables.php b/src/usr/local/www/diag_tables.php index b6a9a36..b4b0b81 100644 --- a/src/usr/local/www/diag_tables.php +++ b/src/usr/local/www/diag_tables.php @@ -63,11 +63,17 @@ $shortcut_section = "aliases"; require_once("guiconfig.inc"); +exec("/sbin/pfctl -sT", $tables); + // Set default table $tablename = "sshlockout"; -if ($_REQUEST['type']) { +if ($_REQUEST['type'] && in_array($_REQUEST['type'], $tables)) { $tablename = $_REQUEST['type']; +} else { + /* Invalid 'type' passed, do not take any actions that use the 'type' field. */ + unset($_REQUEST['type']); + $_REQUEST['delete']; } // Gather selected alias metadata. @@ -144,7 +150,6 @@ if ($_POST['Download'] && ($bogons || $urltable)) { } exec("/sbin/pfctl -t " . escapeshellarg($tablename) . " -T show", $entries); -exec("/sbin/pfctl -sT", $tables); include("head.inc"); @@ -261,7 +266,7 @@ events.push(function() { { type: 'post', data: { - type: '<?=htmlspecialchars($tablename)?>', + type: '<?=htmlspecialchars(addslashes($tablename))?>', delete: $(this).data('entry') }, success: function() { diff --git a/src/usr/local/www/firewall_aliases_edit.php b/src/usr/local/www/firewall_aliases_edit.php index 64879e5..db84d15 100644 --- a/src/usr/local/www/firewall_aliases_edit.php +++ b/src/usr/local/www/firewall_aliases_edit.php @@ -92,10 +92,6 @@ if (!is_array($config['aliases']['alias'])) { } $a_aliases = &$config['aliases']['alias']; -if ($_POST) { - $origname = $_POST['origname']; -} - // Debugging if ($debug) { unlink_if_exists("{$g['tmp_path']}/alias_rename_log.txt"); @@ -159,6 +155,14 @@ if (isset($id) && $a_aliases[$id]) { } } +if ($_POST['save']) { + // Remember the original name on an attempt to save + $origname = $_POST['origname']; +} else { + // Set the original name on edit (or add, when this will be blank) + $origname = $pconfig['name']; +} + $tab = $_REQUEST['tab']; if (empty($tab)) { @@ -502,31 +506,8 @@ if ($_POST) { /* Check to see if alias name needs to be * renamed on referenced rules and such */ - if ($_POST['name'] <> $_POST['origname']) { - // Firewall rules - update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $_POST['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $_POST['name'], $origname); - // NAT Rules - update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('target'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $_POST['name'], $origname); - // NAT 1:1 Rules - //update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $_POST['name'], $origname); - //update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $_POST['name'], $origname); - // NAT Outbound Rules - update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('source', 'network'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('sourceport'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('destination', 'address'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('dstport'), $_POST['name'], $origname); - update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('target'), $_POST['name'], $origname); - // Alias in an alias - update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $_POST['name'], $origname); + if ($_POST['name'] <> $origname) { + update_alias_name($_POST['name'], $origname); } pfSense_handle_custom_code("/usr/local/pkg/firewall_aliases_edit/pre_write_config"); @@ -672,7 +653,7 @@ $form->addGlobal(new Form_Input( 'origname', null, 'hidden', - $pconfig['name'] + $origname )); if (isset($id) && $a_aliases[$id]) { diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 1077f57..1571fda 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -84,6 +84,34 @@ if (!is_array($config['nat']['rule'])) { $a_nat = &$config['nat']['rule']; +$iflist = get_configured_interface_with_descr(false, true); + +foreach ($iflist as $if => $ifdesc) { + if (have_ruleint_access($if)) { + $interfaces[$if] = $ifdesc; + } +} + +if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { + $interfaces['l2tp'] = gettext("L2TP VPN"); + } +} + +if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + $interfaces['pppoe'] = gettext("PPPoE Server"); +} + +/* add ipsec interfaces */ +if (ipsec_enabled() && have_ruleint_access("enc0")) { + $interfaces["enc0"] = gettext("IPsec"); +} + +/* add openvpn/tun interfaces */ +if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { + $interfaces["openvpn"] = gettext("OpenVPN"); +} + if (is_numericint($_GET['id'])) { $id = $_GET['id']; } @@ -284,6 +312,10 @@ if ($_POST) { $_POST['localip'] = trim($_POST['localip']); } + if (!array_key_exists($_POST['interface'], $interfaces)) { + $input_errors[] = gettext("The submitted interface does not exist."); + } + if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } @@ -694,34 +726,6 @@ $section->addInput(new Form_Checkbox( $pconfig['nordr'] ))->setHelp('This option is rarely needed. Don\'t use this without thorough knowledge of the implications.'); -$iflist = get_configured_interface_with_descr(false, true); - -foreach ($iflist as $if => $ifdesc) { - if (have_ruleint_access($if)) { - $interfaces[$if] = $ifdesc; - } -} - -if ($config['l2tp']['mode'] == "server") { - if (have_ruleint_access("l2tp")) { - $interfaces['l2tp'] = gettext("L2TP VPN"); - } -} - -if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { - $interfaces['pppoe'] = gettext("PPPoE Server"); -} - -/* add ipsec interfaces */ -if (ipsec_enabled() && have_ruleint_access("enc0")) { - $interfaces["enc0"] = gettext("IPsec"); -} - -/* add openvpn/tun interfaces */ -if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { - $interfaces["openvpn"] = gettext("OpenVPN"); -} - $section->addInput(new Form_Select( 'interface', '*Interface', @@ -986,28 +990,7 @@ if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET[' $form->add($section); -$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); -$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); - -if ($has_created_time || $has_updated_time) { - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) . gettext(" by ") . $a_nat[$id]['created']['username'] - )); - } - - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) . gettext(" by ") . $a_nat[$id]['updated']['username'] - )); - } - - $form->add($section); -} +gen_created_updated_fields($form, $a_nat[$id]['created'], $a_nat[$id]['updated']); if (isset($id) && $a_nat[$id]) { $form->addGlobal(new Form_Input( @@ -1294,7 +1277,7 @@ events.push(function() { <?php if (!$_POST) { ?> - dst_change($('#interface').val(),'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>'); + dst_change($('#interface').val(),'<?=htmlspecialchars(addslashes($pconfig['interface']))?>','<?=htmlspecialchars($pconfig['dst'])?>'); <?php } ?> diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 0ca8933..3df52b8 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -686,28 +686,7 @@ $section->addInput(new Form_Input( $form->add($section); -$has_created_time = (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])); -$has_updated_time = (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated'])); - -if ($has_created_time || $has_updated_time) { - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - date(gettext("n/j/y H:i:s"), $a_out[$id]['created']['time']) . gettext(" by ") . $a_out[$id]['created']['username'] - )); - } - - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - date(gettext("n/j/y H:i:s"), $a_out[$id]['updated']['time']) . gettext(" by ") . $a_out[$id]['updated']['username'] - )); - } - - $form->add($section); -} +gen_created_updated_fields($form, $a_out[$id]['created'], $a_out[$id]['updated']); print($form); diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 2ccf127..7727082 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1768,30 +1768,10 @@ $section->add($group)->setHelp('Choose the Acknowledge Queue only if there is a 'selected Queue.' ); -$has_created_time = (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])); -$has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])); - - -if ($has_created_time || $has_updated_time) { - $form->add($section); - $section = new Form_Section('Rule Information'); - - if ($has_created_time) { - $section->addInput(new Form_StaticText( - 'Created', - date('n/j/y H:i:s', $a_filter[$id]['created']['time']) . gettext(' by ') .'<b>'. $a_filter[$id]['created']['username'] .'</b>' - )); - } +$form->add($section); - if ($has_updated_time) { - $section->addInput(new Form_StaticText( - 'Updated', - date('n/j/y H:i:s', $a_filter[$id]['updated']['time']) . gettext(' by ') .'<b>'. $a_filter[$id]['updated']['username'] .'</b>' - )); - } -} +gen_created_updated_fields($form, $a_filter[$id]['created'], $a_filter[$id]['updated']); -$form->add($section); echo $form; ?> diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index 532c67d..502059e 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -288,7 +288,7 @@ display_top_tabs($tab_array); <div class="panel panel-default"> <div class="panel-heading"><h2 class="panel-title"><?=gettext('Virtual IP Address')?></h2></div> <div class="panel-body table-responsive"> - <table class="table table-striped table-hover table-condensed table-rowdblclickedit"> + <table class="table table-striped table-hover table-condensed table-rowdblclickedit sortable-theme-bootstrap" data-sortable> <thead> <tr> <th><?=gettext("Virtual IP address")?></th> diff --git a/src/usr/local/www/getserviceproviders.php b/src/usr/local/www/getserviceproviders.php index 4a02a26..3335179 100644 --- a/src/usr/local/www/getserviceproviders.php +++ b/src/usr/local/www/getserviceproviders.php @@ -74,6 +74,7 @@ function get_country_providers($country) { return is_array($sp['provider'][0]) ? $sp['provider'] : array($sp['provider']); } } + $provider_list = (is_array($provider_list)) ? $provider_list : array(); return $provider_list; } @@ -91,8 +92,12 @@ function country_list() { function providers_list($country) { $serviceproviders = get_country_providers($country); - foreach ($serviceproviders as $sp) { - echo $sp['name']['value'] . "\n"; + if (is_array($serviceproviders)) { + foreach ($serviceproviders as $sp) { + echo $sp['name']['value'] . "\n"; + } + } else { + $serviceproviders = array(); } } diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index b2d88d5..cd2532f 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -280,7 +280,7 @@ function do_input_validation($postdata, $reqdfields, $reqdfieldsn, &$input_error } for ($i = 0; $i < count($reqdfields); $i++) { - if ($_POST[$reqdfields[$i]] == "" && $_REQUEST[$reqdfields[$i]] == "") { + if ($postdata[$reqdfields[$i]] == "") { $input_errors[] = sprintf(gettext("The field %s is required."), $reqdfieldsn[$i]); } } diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index 355c187..2cf5d2f 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -420,7 +420,7 @@ if (!$g['disablehelpmenu']) { $help_menu[] = array(gettext("User Forum"), "https://www.pfsense.org/j.php?jumpto=forum"); $help_menu[] = array(gettext("Documentation"), "https://www.pfsense.org/j.php?jumpto=doc"); - $help_menu[] = array(gettext("Paid Support"), "https://www.pfsense.org/j.php?jumpto=portal"); + $help_menu[] = array(gettext("Paid Support"), "https://www.netgate.com/support"); $help_menu[] = array(gettext("pfSense Book"), "https://www.pfsense.org/j.php?jumpto=book"); $help_menu[] = array(gettext("FreeBSD Handbook"), "https://www.pfsense.org/j.php?jumpto=fbsdhandbook"); $help_menu = msort(array_merge($help_menu, return_ext_menu("Help")), 0); @@ -517,7 +517,7 @@ if (($pagename === "index.php") && ($numColumns > 2)) { unset($notitle); } else { if (isset($pglinks)) { - print(genhtmltitle($pgtitle, $pglinks)); + print(genhtmltitle($pgtitle, $pglinks)); } else { print(genhtmltitle($pgtitle)); } diff --git a/src/usr/local/www/includes/functions.inc.php b/src/usr/local/www/includes/functions.inc.php index 23012bd..b53d2b4 100644 --- a/src/usr/local/www/includes/functions.inc.php +++ b/src/usr/local/www/includes/functions.inc.php @@ -114,29 +114,13 @@ function get_uptime() { return $uptimestr; } -/* Calculates non-idle CPU time and returns as a percentage */ +// Returns the current total ticks and user ticks. The dashboard widget calculates the load from that function cpu_usage() { - $duration = 1; + $diff = array('user', 'nice', 'sys', 'intr', 'idle'); $cpuTicks = array_combine($diff, explode(" ", get_single_sysctl('kern.cp_time'))); - sleep($duration); - $cpuTicks2 = array_combine($diff, explode(" ", get_single_sysctl('kern.cp_time'))); - - $totalStart = array_sum($cpuTicks); - $totalEnd = array_sum($cpuTicks2); - - // Something wrapped ?!?! - if ($totalEnd <= $totalStart) { - return 0; - } - - // Calculate total cycles used - $totalUsed = ($totalEnd - $totalStart) - ($cpuTicks2['idle'] - $cpuTicks['idle']); - - // Calculate the percentage used - $cpuUsage = floor(100 * ($totalUsed / ($totalEnd - $totalStart))); - return $cpuUsage; + return array_sum($cpuTicks) . "|" . $cpuTicks['idle']; } function get_pfstate($percent=false) { diff --git a/src/usr/local/www/index.php b/src/usr/local/www/index.php index 4d9535e..2a053f7 100644 --- a/src/usr/local/www/index.php +++ b/src/usr/local/www/index.php @@ -482,6 +482,66 @@ function updateWidgets(newWidget) { $('input[name=sequence]', $('#widgetSequence_form')).val(sequence); } +// Determine if all the checkboxes are checked +function are_all_checked(checkbox_panel_ref) { + var allBoxesChecked = true; + $(checkbox_panel_ref).each(function() { + if ((this.type == 'checkbox') && !this.checked) { + allBoxesChecked = false; + } + }); + return allBoxesChecked; +} + +// If the checkboxes are all checked, then clear them all. +// Otherwise set them all. +function set_clear_checkboxes(checkbox_panel_ref) { + checkTheBoxes = !are_all_checked(checkbox_panel_ref); + + $(checkbox_panel_ref).each(function() { + $(this).prop("checked", checkTheBoxes); + }); +} + +// Set the given id to All or None button depending if the checkboxes are all checked. +function set_all_none_button(checkbox_panel_ref, all_none_button_id) { + if (are_all_checked(checkbox_panel_ref)) { + text = "<?=gettext('None')?>"; + } else { + text = "<?=gettext('All')?>"; + } + + $("#" + all_none_button_id).html('<i class="fa fa-undo icon-embed-btn"></i>' + text); +} + +// Setup the necessary events to manage the All/None button and included checkboxes +// used for selecting the items to show on a widget. +function set_widget_checkbox_events(checkbox_panel_ref, all_none_button_id) { + set_all_none_button(checkbox_panel_ref, all_none_button_id); + + $(checkbox_panel_ref).change(function() { + set_all_none_button(checkbox_panel_ref, all_none_button_id); + }); + + $("#" + all_none_button_id).click(function() { + set_clear_checkboxes(checkbox_panel_ref); + set_all_none_button(checkbox_panel_ref, all_none_button_id); + }); +} + +// --------------------- EXPERIMENTAL centralized widget refresh system ------------------------------ +// These need to live outsie of the events.push() function to enable the widgets to see them +var ajaxspecs = new Array(); // Array to hold widget refresh specifications (objects ) +var ajaxidx = 0; +var ajaxmutex = false; +var ajaxcntr = 0; + +// Add a widget refresh object to the array list +function register_ajax(ws) { + ajaxspecs.push(ws); +} +// --------------------------------------------------------------------------------------------------- + events.push(function() { // Make panels destroyable @@ -538,6 +598,55 @@ events.push(function() { $('#btnstore').removeClass("invisible"); } }); + + // --------------------- EXPERIMENTAL centralized widget refresh system ------------------------------ + function make_ajax_call(wd) { + ajaxmutex = true; + + $.ajax({ + type: 'POST', + url: wd.url, + dataType: 'html', + data: wd.parms, + + success: function(data){ + wd.callback(data); + ajaxmutex = false; + }, + + error: function(e){ +// alert("Error: " + e); + ajaxmutex = false; + } + }); + } + + // Loop through each AJAX widget refresh object, make the AJAX call and pass the + // results back to the widget's callback function + function executewidget() { + if (ajaxspecs.length > 0) { + var freq = ajaxspecs[ajaxidx].freq; // widget can specifify it should be called freq times around hte loop + + if (!ajaxmutex) { + if (((ajaxcntr % freq) === 0) && (typeof ajaxspecs[ajaxidx].callback === "function" )) { + make_ajax_call(ajaxspecs[ajaxidx]); + } + + if (++ajaxidx >= ajaxspecs.length) { + ajaxidx = 0; + + if (++ajaxcntr >= 4096) { + ajaxcntr = 0; + } + } + } + + setTimeout(function() { executewidget(); }, 1000); + } + } + + // Kick it off + executewidget(); }); //]]> </script> diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php index d6b8643..681c44d 100644 --- a/src/usr/local/www/interfaces.php +++ b/src/usr/local/www/interfaces.php @@ -720,7 +720,7 @@ if ($_POST['apply']) { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $staticroutes = get_staticroutes(true); $_POST['spoofmac'] = strtolower(str_replace("-", ":", $_POST['spoofmac'])); - if ($_POST['ipaddr']) { + if (($_POST['type'] == 'staticv4') && $_POST['ipaddr']) { if (!is_ipaddrv4($_POST['ipaddr'])) { $input_errors[] = gettext("A valid IPv4 address must be specified."); } else { @@ -752,7 +752,7 @@ if ($_POST['apply']) { } } } - if ($_POST['ipaddrv6']) { + if (($_POST['type'] == 'staticv6') && $_POST['ipaddrv6']) { $_POST['ipaddrv6'] = addrtolower($_POST['ipaddrv6']); if (!is_ipaddrv6($_POST['ipaddrv6'])) { @@ -792,8 +792,8 @@ if ($_POST['apply']) { if (($_POST['alias-subnet'] && !is_numeric($_POST['alias-subnet']))) { $input_errors[] = gettext("A valid alias subnet bit count must be specified."); } - if ($_POST['dhcprejectfrom'] && !is_ipaddrv4($_POST['dhcprejectfrom'])) { - $input_errors[] = gettext("A valid alias IP address must be specified to reject DHCP Leases from."); + if ($_POST['dhcprejectfrom'] && !validate_ipv4_list($_POST['dhcprejectfrom'])) { + $input_errors[] = gettext("An invalid IP address was detected in the 'Reject leases from' field."); } if (($_POST['gateway'] != "none") || ($_POST['gatewayv6'] != "none")) { $match = false; @@ -1998,7 +1998,8 @@ $section->addInput(new Form_Input( 'Reject leases from', 'text', $pconfig['dhcprejectfrom'] -))->setHelp('To make the DHCP client reject leases from an undesirable DHCP server, place the IP address of the DHCP server here. ' . +))->setHelp('To have the DHCP client reject offers from specific DHCP servers, enter their IP addresses here ' . + '(separate multiple entries with a comma). ' . 'This is useful for rejecting leases from cable modems that offer private IP addresses when they lose upstream sync.'); $group = new Form_Group('Protocol timing'); diff --git a/src/usr/local/www/interfaces_groups_edit.php b/src/usr/local/www/interfaces_groups_edit.php index aeefd16..f5b5e58 100644 --- a/src/usr/local/www/interfaces_groups_edit.php +++ b/src/usr/local/www/interfaces_groups_edit.php @@ -265,7 +265,7 @@ $section->addInput(new Form_Select( ))->setWidth(6)->setHelp('NOTE: Rules for WAN type '. 'interfaces in groups do not contain the reply-to mechanism upon which '. 'Multi-WAN typically relies. '. - '<a href="https://doc.pfsense.org/index.php/ifgroups">More Information</a>'); + '<a href="https://doc.pfsense.org/index.php/Interface_Groups">More Information</a>'); if (isset($id) && $a_ifgroups[$id]) { $form->addGlobal(new Form_Input( diff --git a/src/usr/local/www/js/pfSense.js b/src/usr/local/www/js/pfSense.js index 92c4e21..14b252f 100644 --- a/src/usr/local/www/js/pfSense.js +++ b/src/usr/local/www/js/pfSense.js @@ -157,13 +157,20 @@ $(function() { if (input.val() == "") return; - // Eat all of the options with a value greater than max. We don't want them to be available - while (select.options[0].value > max) - select.remove(0); - - if (select.options.length < max) { - for (var i=select.options.length; i<=max; i++) - select.options.add(new Option(i, i), 0); + var attr = $(select).attr('disabled'); + + // Don't do anything if the mask selector is disabled + if (typeof attr === typeof undefined || attr === false) { + // Eat all of the options with a value greater than max. We don't want them to be available + while (select.options[0].value > max) + select.remove(0); + + if (select.options.length < max) { + for (var i=select.options.length; i<=max; i++) + select.options.add(new Option(i, i), 0); + // Make sure index 0 is selected otherwise it will stay in "32" for V6 + select.options.selectedIndex = "0"; + } } }); diff --git a/src/usr/local/www/js/pfSenseHelpers.js b/src/usr/local/www/js/pfSenseHelpers.js index 5d9a51a..484e05a 100644 --- a/src/usr/local/www/js/pfSenseHelpers.js +++ b/src/usr/local/www/js/pfSenseHelpers.js @@ -697,14 +697,15 @@ $('[id*=restartservice-], [id*=stopservice-], [id*=startservice-]').click(functi name = args[0]; mode_zone = args[2]; id = args[3]; - } else if (args[0] == "cpativeportal") { + } else if (args[0] == "captiveportal") { action = args[1]; name = args[0]; mode_zone = args[2]; id = args[3]; } else { action = args[0]; - name = args[1]; + args.shift(); + name = args.join('-'); } $(this).children('i').removeClass().addClass('fa fa-cog fa-spin text-success'); diff --git a/src/usr/local/www/js/traffic-graphs.js b/src/usr/local/www/js/traffic-graphs.js index 79e3927..3b318b0 100644 --- a/src/usr/local/www/js/traffic-graphs.js +++ b/src/usr/local/www/js/traffic-graphs.js @@ -23,6 +23,7 @@ function draw_graph(refreshInterval, then, backgroundupdate) { var invert = localStorage.getItem('invert'); var size = localStorage.getItem('size'); + var lasttime = 0; startTime = 120 * refreshInterval; then.setSeconds(then.getSeconds() - startTime); @@ -149,39 +150,45 @@ function draw_graph(refreshInterval, then, backgroundupdate) { } - now = new Date(Date.now()); - + var setTime = true; + var xtime = 0; + var timeDiff = 0; $.each(json, function( key, ifVals ) { + if (setTime == true) { + var valueTime = ifVals[0].values[0]; + timeDiff = valueTime - lasttime; + lasttime = valueTime; + xtime = valueTime * 1000; + setTime = false; + } label = $('#traffic-chart-' + key + ' svg > .interface-label'); $(label).text(ifVals.name); - if(!myData[key][0].first) { - - var trafficIn = ((ifVals[0].values[1] * size) - latest[ifVals[0].key]) / refreshInterval; - var trafficOut = ((ifVals[1].values[1] * size) - latest[ifVals[1].key]) / refreshInterval; + var trafficIn = ((ifVals[0].values[1] * size) - latest[ifVals[0].key]) / timeDiff; + var trafficOut = ((ifVals[1].values[1] * size) - latest[ifVals[1].key]) / timeDiff; if((localStorage.getItem('invert') === "true")) { trafficOut = 0 - trafficOut; } myData[key][0].values.push({ - x: now.getTime(), + x: xtime, y: trafficIn }); myData[key][1].values.push({ - x: now.getTime(), + x: xtime, y: trafficOut }); } else { myData[key][0].values.push({ - x: now.getTime(), + x: xtime, y: 0 }); myData[key][1].values.push({ - x: now.getTime(), + x: xtime, y: 0 }); } diff --git a/src/usr/local/www/pkg_edit.php b/src/usr/local/www/pkg_edit.php index 07a359b..18d3f0d 100644 --- a/src/usr/local/www/pkg_edit.php +++ b/src/usr/local/www/pkg_edit.php @@ -124,10 +124,15 @@ if ($config['installedpackages'] && !is_array($config['installedpackages'][xml_s $config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'] = array(); } -// If the first entry in the array is an empty <config/> tag, kill it. +/* If the first entry in the array is an empty <config/> tag, kill it. + * See the following tickets for more: + * https://redmine.pfsense.org/issues/7624 + * https://redmine.pfsense.org/issues/476 + */ if ($config['installedpackages'] && (count($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']) > 0) && - ($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'][0] == "")) { + (empty($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'][0])) && + is_array($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config'])) { array_shift($config['installedpackages'][xml_safe_fieldname($pkg['name'])]['config']); } @@ -233,7 +238,12 @@ if ($_POST) { } } - if (isset($id) && $a_pkg[$id]) { + /* If the user supplied an ID and it eixsts, or if id=0 + * and the settings are invalid, overwrite. + * See https://redmine.pfsense.org/issues/7624 + */ + if (isset($id) && ($a_pkg[$id] || + (($id == 0) && !is_array($a_pkg[$id])) )) { $a_pkg[$id] = $pkgarr; } else { $a_pkg[] = $pkgarr; diff --git a/src/usr/local/www/pkg_mgr.php b/src/usr/local/www/pkg_mgr.php index e384095..35f2df9 100644 --- a/src/usr/local/www/pkg_mgr.php +++ b/src/usr/local/www/pkg_mgr.php @@ -75,17 +75,16 @@ if (is_subsystem_dirty('packagelock')) { exit; } -// We are being called only to get the pacakge data, not to display anything +// We are being called only to get the package data, not to display anything if (($_REQUEST) && ($_REQUEST['ajax'])) { print(get_pkg_table()); exit; } -// THe content for the table of packages is created here and fetched by Ajax. This allows us to draw the page and dispay -// any required messages while the table it being downloaded/populated. On very small/slow systems, that can take a while +// The content for the table of packages is created here and fetched by Ajax. This allows us to draw the page and display +// any required messages while the table is being downloaded/populated. On very small/slow systems, that can take a while function get_pkg_table() { - - $pkg_info = get_pkg_info(); + $pkg_info = get_pkg_info('all', true, false); if (!$pkg_info) { print("error"); @@ -281,7 +280,7 @@ events.push(function() { } }); - // Retrieve the table formatted pacakge information and display it in the "Packages" panel + // Retrieve the table formatted package information and display it in the "Packages" panel // (Or display an appropriate error message) var ajaxRequest; diff --git a/src/usr/local/www/pkg_mgr_install.php b/src/usr/local/www/pkg_mgr_install.php index 2e838bb..7959dfa 100644 --- a/src/usr/local/www/pkg_mgr_install.php +++ b/src/usr/local/www/pkg_mgr_install.php @@ -96,7 +96,7 @@ if ($_REQUEST['ajax']) { $response = ""; $code = 0; - // If this is an ajax call to get the installed and newst versions, call that function, + // If this is an ajax call to get the installed and newest versions, call that function, // JSON encode the result, print it and exit if ($_REQUEST['getversion']) { $firmwareversions = get_system_pkg_version(true); diff --git a/src/usr/local/www/pkg_mgr_installed.php b/src/usr/local/www/pkg_mgr_installed.php index 8a915c1..a9447b2 100644 --- a/src/usr/local/www/pkg_mgr_installed.php +++ b/src/usr/local/www/pkg_mgr_installed.php @@ -71,7 +71,7 @@ if (is_subsystem_dirty('packagelock')) { exit; } -// We are being called only to get the pacakge data, not to display anything +// We are being called only to get the package data, not to display anything if (($_REQUEST) && ($_REQUEST['ajax'])) { print(get_pkg_table()); exit; @@ -269,7 +269,7 @@ display_top_tabs($tab_array); events.push(function() { - // Retrieve the table formatted pacakge information and display it in the "Packages" panel + // Retrieve the table formatted package information and display it in the "Packages" panel // (Or display an appropriate error message) var ajaxRequest; diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index 0143dd6..dab442e 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -973,7 +973,9 @@ $section->addInput(new Form_Checkbox( 'Reauthenticate connected users every minute', $pconfig['reauthenticate'] ))->setHelp('If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is logged in every minute. ' . - 'If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.'); + 'If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately. ' . + 'Reauthentication requires user credentials to be cached in the captive portal database while a user is logged in; ' . + 'The cached credentials are necessary for the portal to perform automatic reauthentication requests.'); $section->addInput(new Form_Checkbox( 'radmac_enable', @@ -1125,8 +1127,15 @@ if ($pconfig['httpslogin_enable']) { if ($pconfig['page']['htmltext']) { $group = new Form_Group('Current Portal Page'); $group->add(new Form_Button( + 'btnliveview', + 'Live View', + $href, + 'fa-file-text-o' + ))->addClass('btn btn-info btn-xs')->setAttribute("target", "_blank"); + + $group->add(new Form_Button( 'btnview', - 'View', + 'View Page Contents', '?zone=' . $cpzone . '&act=viewhtml', 'fa-file-text-o' ))->addClass('btn btn-info btn-xs')->setAttribute("target", "_blank"); @@ -1160,7 +1169,7 @@ if ($pconfig['page']['errtext']) { $group = new Form_Group('Current Auth Error Page'); $group->add(new Form_Button( 'btnview', - 'View', + 'View Page Contents', '?zone=' . $cpzone . '&act=viewerrhtml', 'fa-file-text-o' ))->addClass('btn btn-info btn-xs')->setAttribute("target", "_blank"); @@ -1192,7 +1201,7 @@ if ($pconfig['page']['logouttext']) { $group = new Form_Group('Current Logout Page'); $group->add(new Form_Button( 'btnview', - 'View', + 'View Page Contents', '?zone=' . $cpzone . '&act=viewlogouthtml', 'fa-file-text-o' ))->addClass('btn btn-info btn-xs')->setAttribute("target", "_blank"); diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index a80514b..d70757d 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -449,18 +449,30 @@ if (isset($_POST['save'])) { } } - /* If enabling DHCP Server, make sure that the DHCP Relay isn't enabled on this interface */ - if ($_POST['enable'] && isset($config['dhcrelay']['enable']) && (stristr($config['dhcrelay']['interface'], $if) !== false)) { - $input_errors[] = sprintf(gettext("The DHCP relay on the %s interface must be disabled before enabling the DHCP server."), $iflist[$if]); - } - - /* If disabling DHCP Server, make sure that DHCP registration isn't enabled for DNS forwarder/resolver */ - if (!$_POST['enable']) { - if (isset($config['dnsmasq']['enable']) && (isset($config['dnsmasq']['regdhcp']) || isset($config['dnsmasq']['regdhcpstatic']) || isset($config['dnsmasq']['dhcpfirst']))) { - $input_errors[] = gettext("Disable DHCP Registration features in DNS Forwarder before disabling DHCP Server."); + if ((!isset($pool) || !is_numeric($pool)) && $act != "newpool") { + /* If enabling DHCP Server, make sure that the DHCP Relay isn't enabled on this interface */ + if ($_POST['enable'] && isset($config['dhcrelay']['enable']) && + (stristr($config['dhcrelay']['interface'], $if) !== false)) { + $input_errors[] = sprintf(gettext( + "The DHCP relay on the %s interface must be disabled before enabling the DHCP server."), + $iflist[$if]); } - if (isset($config['unbound']['enable']) && (isset($config['unbound']['regdhcp']) || isset($config['unbound']['regdhcpstatic']))) { - $input_errors[] = gettext("Disable DHCP Registration features in DNS Resolver before disabling DHCP Server."); + + /* If disabling DHCP Server, make sure that DHCP registration isn't enabled for DNS forwarder/resolver */ + if (!$_POST['enable']) { + if (isset($config['dnsmasq']['enable']) && + (isset($config['dnsmasq']['regdhcp']) || + isset($config['dnsmasq']['regdhcpstatic']) || + isset($config['dnsmasq']['dhcpfirst']))) { + $input_errors[] = gettext( + "Disable DHCP Registration features in DNS Forwarder before disabling DHCP Server."); + } + if (isset($config['unbound']['enable']) && + (isset($config['unbound']['regdhcp']) || + isset($config['unbound']['regdhcpstatic']))) { + $input_errors[] = gettext( + "Disable DHCP Registration features in DNS Resolver before disabling DHCP Server."); + } } } diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index d819461..f6b51cf 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -336,7 +336,7 @@ $group->setHelp('Enter the complete fully qualified domain name. Example: myhost 'he.net tunnelbroker: Enter the tunnel ID.' . '<br />' . 'GleSYS: Enter the record ID.' . '<br />' . 'DNSimple: Enter only the domain name.' . '<br />' . - 'Namecheap, Cloudflare, GratisDNS: Enter the hostname and the domain separately, with the domain being the domain or subdomain zone being handled by the provider.'); + 'Namecheap, Cloudflare, GratisDNS, Hover: Enter the hostname and the domain separately, with the domain being the domain or subdomain zone being handled by the provider.'); $section->add($group); @@ -504,9 +504,8 @@ events.push(function() { hideInput('ttl', false); break; case "namecheap": - case "cloudflare-v6": - case "cloudflare": case "gratisdns": + case "hover": hideGroupInput('domainname', false); hideInput('resultmatch', true); hideInput('updateurl', true); @@ -522,7 +521,7 @@ events.push(function() { break; case "cloudflare-v6": case "cloudflare": - hideGroupInput('domainname', true); + hideGroupInput('domainname', false); hideInput('resultmatch', true); hideInput('updateurl', true); hideInput('requestif', true); @@ -534,6 +533,7 @@ events.push(function() { hideCheckbox('proxied', false); hideInput('zoneid', true); hideInput('ttl', true); + break; default: hideGroupInput('domainname', true); hideInput('resultmatch', true); diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index c4b7d8b..23a16db 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -188,6 +188,10 @@ if ($_POST) { $input_errors[] = gettext("DHCP Server must be enabled for DHCP Registration to work in DNS Resolver."); } + if (($pconfig['system_domain_local_zone_type'] == "redirect") && isset($pconfig['regdhcp'])) { + $input_errors[] = gettext('A System Domain Local Zone Type of "redirect" is not compatible with DHCP Registration.'); + } + $display_custom_options = $pconfig['custom_options']; $pconfig['custom_options'] = base64_encode(str_replace("\r\n", "\n", $pconfig['custom_options'])); diff --git a/src/usr/local/www/shortcuts.inc b/src/usr/local/www/shortcuts.inc index 27c36b1..370080b 100644 --- a/src/usr/local/www/shortcuts.inc +++ b/src/usr/local/www/shortcuts.inc @@ -295,6 +295,11 @@ $shortcuts['snmp'] = array(); $shortcuts['snmp']['main'] = "services_snmp.php"; $shortcuts['snmp']['service'] = "bsnmpd"; +$shortcuts['syslogd'] = array(); +$shortcuts['syslogd']['main'] = "status_logs_settings.php"; +$shortcuts['syslogd']['log'] = "status_logs.php"; +$shortcuts['syslogd']['service'] = "syslogd"; + $shortcuts['authentication'] = array(); $shortcuts['authentication']['main'] = "system_authservers.php"; // $shortcuts['authentication']['status'] = "diag_authentication.php"; diff --git a/src/usr/local/www/status.php b/src/usr/local/www/status.php index c8e6a71..4a75298 100644 --- a/src/usr/local/www/status.php +++ b/src/usr/local/www/status.php @@ -74,6 +74,25 @@ require_once("gwlb.inc"); $output_path = "/tmp/status_output/"; $output_file = "/tmp/status_output.tgz"; +if ($_POST['submit'] == "DOWNLOAD" && file_exists($output_file)) { + session_cache_limiter('public'); + $fd = fopen($output_file, "rb"); + header("Content-Type: application/octet-stream"); + header("Content-Length: " . filesize($output_file)); + header("Content-Disposition: attachment; filename=\"" . + trim(htmlentities(basename($output_file))) . "\""); + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + + fpassthru($fd); + exit; +} + if (is_dir($output_path)) { unlink_if_exists("{$output_path}/*"); @rmdir($output_path); @@ -124,6 +143,8 @@ function doCmdT($title, $command, $method) { $line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line); $line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line); $line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line); + $line = preg_replace("/<md5sigpass>.*?<\\/md5sigpass>/", "<md5sigpass>xxxxx</md5sigpass>", $line); + $line = preg_replace("/<md5sigkey>.*?<\\/md5sigkey>/", "<md5sigkey>xxxxx</md5sigkey>", $line); $line = str_replace("\t", " ", $line); echo htmlspecialchars($line, ENT_NOQUOTES); fwrite($ofd, $line); @@ -201,6 +222,14 @@ function get_firewall_info() { if (!empty($platform['descr'])) { $firewall_info .= "<br/>Platform: " . htmlspecialchars($platform['descr']); } + + if (file_exists('/var/db/uniqueid')) { + $ngid = file_get_contents('/var/db/uniqueid'); + if (!empty($ngid)) { + $firewall_info .= "<br/>Netgate Device ID: " . htmlspecialchars($ngid); + } + } + $serial = system_get_serial(); if (!empty($serial)) { $firewall_info .= "<br/>SN/UUID: " . htmlspecialchars($serial); @@ -257,6 +286,7 @@ defCmdT("Network-Routing tables", "/usr/bin/netstat -nWr"); defCmdT("Network-Gateway Status", 'get_gateway_status', "php_func"); defCmdT("Network-Mbuf Usage", "/usr/bin/netstat -mb"); defCmdT("Network-Protocol Statistics", "/usr/bin/netstat -s"); +defCmdT("Network-Buffer and Timer Statistics", "/usr/bin/netstat -nWx"); defCmdT("Network-Sockets", "/usr/bin/sockstat"); defCmdT("Network-ARP Table", "/usr/sbin/arp -an"); defCmdT("Network-NDP Table", "/usr/sbin/ndp -na"); @@ -362,17 +392,24 @@ exec("/bin/date", $dateOutput, $dateStatus); $currentDate = $dateOutput[0]; $pgtitle = array($g['product_name'], "Status"); -include("head.inc"); +include("head.inc"); ?> -print_info_box( +<form action="status.php" method="post"> + +<?php print_info_box( gettext("Make sure all sensitive information is removed! (Passwords, etc.) before posting information from this page in public places (like mailing lists).") . '<br />' . gettext("Common password fields in config.xml have been automatically redacted.") . '<br />' . - sprintf(gettext('When the page has finished loading, the output will be stored in %1$s. It may be downloaded via scp or %2$sDiagnostics > Command Prompt%3$s.'), - $output_file, '<a href="/diag_command.php?dlPath=' . $output_file . '">', '</a>')); + sprintf(gettext('When the page has finished loading, the output is stored in %1$s. It may be downloaded via scp or using this button: '), $output_file) . + ' <button name="submit" type="submit" class="btn btn-primary btn-sm" id="download" value="DOWNLOAD">' . + '<i class="fa fa-download icon-embed-btn"></i>' . + gettext("Download") . + '</button>'); ?> + +</form> -print_info_box(get_firewall_info(), 'info', false); +<?php print_info_box(get_firewall_info(), 'info', false); listCmds(); execCmds(); diff --git a/src/usr/local/www/status_dhcp_leases.php b/src/usr/local/www/status_dhcp_leases.php index 6a4044a..934dc21 100644 --- a/src/usr/local/www/status_dhcp_leases.php +++ b/src/usr/local/www/status_dhcp_leases.php @@ -325,8 +325,8 @@ foreach ($config['interfaces'] as $ifname => $ifarr) { $slease['if'] = $ifname; $slease['start'] = ""; $slease['end'] = ""; - $slease['hostname'] = htmlentities($static['hostname']); - $slease['descr'] = htmlentities($static['descr']); + $slease['hostname'] = $static['hostname']; + $slease['descr'] = $static['descr']; $slease['act'] = $static_string; $slease['online'] = in_array(strtolower($slease['mac']), $arpdata_mac) ? $online_string : $offline_string; $slease['staticmap_array_index'] = $idx; @@ -359,11 +359,11 @@ if (count($pools) > 0) { <tbody> <?php foreach ($pools as $data):?> <tr> - <td><?=$data['name']?></td> - <td><?=$data['mystate']?></td> - <td><?=adjust_gmt($data['mydate'])?></td> - <td><?=$data['peerstate']?></td> - <td><?=adjust_gmt($data['peerdate'])?></td> + <td><?=htmlspecialchars($data['name'])?></td> + <td><?=htmlspecialchars($data['mystate'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['mydate']))?></td> + <td><?=htmlspecialchars($data['peerstate'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['peerdate']))?></td> </tr> <?php endforeach; ?> </tbody> @@ -463,46 +463,46 @@ foreach ($leases as $data): ?> <tr> <td><i class="fa <?=$icon?>"></i></td> - <td><?=$data['ip']?></td> + <td><?=htmlspecialchars($data['ip'])?></td> <td> - <?=$mac?> + <?=htmlspecialchars($mac)?> <?php if (isset($mac_man[$mac_hi])):?> - (<?=$mac_man[$mac_hi]?>) + (<?=htmlspecialchars($mac_man[$mac_hi])?>) <?php endif; ?> </td> <?php /* only make CID column when we have one */ if ($got_cid) { ?> - <td><?=$data['cid']?></td> + <td><?=htmlspecialchars($data['cid'])?></td> <?php } ?> - <td><?=$data['hostname']?></td> - <td><?=$data['descr']?></td> + <td><?=htmlspecialchars($data['hostname'])?></td> + <td><?=htmlspecialchars($data['descr'])?></td> <? if ($data['type'] != "static"): ?> - <td><?=adjust_gmt($data['start'])?></td> - <td><?=adjust_gmt($data['end'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['start']))?></td> + <td><?=htmlspecialchars(adjust_gmt($data['end']))?></td> <? else: ?> <td><?=gettext("n/a")?></td> <td><?=gettext("n/a")?></td> <? endif; ?> - <td><?=$data['online']?></td> - <td><?=$data['act']?></td> + <td><?=htmlspecialchars($data['online'])?></td> + <td><?=htmlspecialchars($data['act'])?></td> <td> <?php if ($data['type'] == $dynamic_string): ?> - <a class="fa fa-plus-square-o" title="<?=gettext("Add static mapping")?>" href="services_dhcp_edit.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>&hostname=<?=htmlspecialchars($data['hostname'])?>"></a> + <a class="fa fa-plus-square-o" title="<?=gettext("Add static mapping")?>" href="services_dhcp_edit.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>&hostname=<?=htmlspecialchars($data['hostname'])?>"></a> <?php else: ?> - <a class="fa fa-pencil" title="<?=gettext('Edit static mapping')?>" href="services_dhcp_edit.php?if=<?=$data['if']?>&id=<?=$data['staticmap_array_index']?>"></a> + <a class="fa fa-pencil" title="<?=gettext('Edit static mapping')?>" href="services_dhcp_edit.php?if=<?=htmlspecialchars($data['if'])?>&id=<?=htmlspecialchars($data['staticmap_array_index'])?>"></a> <?php endif; ?> - <a class="fa fa-plus-square" title="<?=gettext("Add WOL mapping")?>" href="services_wol_edit.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>&descr=<?=$data['hostname']?>"></a> + <a class="fa fa-plus-square" title="<?=gettext("Add WOL mapping")?>" href="services_wol_edit.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>&descr=<?=htmlspecialchars($data['hostname'])?>"></a> <?php if ($data['online'] != $online_string):?> - <a class="fa fa-power-off" title="<?=gettext("Send WOL packet")?>" href="services_wol.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>"></a> + <a class="fa fa-power-off" title="<?=gettext("Send WOL packet")?>" href="services_wol.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>"></a> <?php endif; ?> <?php if ($data['type'] == $dynamic_string && $data['online'] != $online_string):?> - <a class="fa fa-trash" title="<?=gettext('Delete lease')?>" href="status_dhcp_leases.php?deleteip=<?=$data['ip']?>&all=<?=intval($_GET['all'])?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete lease')?>" href="status_dhcp_leases.php?deleteip=<?=htmlspecialchars($data['ip'])?>&all=<?=intval($_GET['all'])?>"></a> <?php endif; ?> </td> </tr> diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index e0604df..eb4a152 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -79,6 +79,11 @@ if (!isset($config['system']['webgui']['dashboardcolumns'])) { $config['system']['webgui']['dashboardcolumns'] = 2; } +// set default language if unset +if (!isset($config['system']['language'])) { + $config['system']['language'] = $g['language']; +} + $dnsgw_counter = 1; while (isset($config["system"]["dns{$dnsgw_counter}gw"])) { @@ -92,6 +97,7 @@ $pconfig['timezone'] = $config['system']['timezone']; $pconfig['timeservers'] = $config['system']['timeservers']; $pconfig['language'] = $config['system']['language']; $pconfig['webguicss'] = $config['system']['webgui']['webguicss']; +$pconfig['logincss'] = $config['system']['webgui']['logincss']; $pconfig['webguifixedmenu'] = $config['system']['webgui']['webguifixedmenu']; $pconfig['dashboardcolumns'] = $config['system']['webgui']['dashboardcolumns']; $pconfig['webguileftcolumnhyper'] = isset($config['system']['webgui']['webguileftcolumnhyper']); @@ -101,7 +107,7 @@ $pconfig['systemlogsmanagelogpanel'] = isset($config['system']['webgui']['system $pconfig['statusmonitoringsettingspanel'] = isset($config['system']['webgui']['statusmonitoringsettingspanel']); $pconfig['webguihostnamemenu'] = $config['system']['webgui']['webguihostnamemenu']; $pconfig['dnslocalhost'] = isset($config['system']['dnslocalhost']); -$pconfig['dashboardperiod'] = isset($config['widgets']['period']) ? $config['widgets']['period']:"10"; +//$pconfig['dashboardperiod'] = isset($config['widgets']['period']) ? $config['widgets']['period']:"10"; $pconfig['loginshowhost'] = isset($config['system']['webgui']['loginshowhost']); $pconfig['requirestatefilter'] = isset($config['system']['webgui']['requirestatefilter']); @@ -183,9 +189,9 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($_POST['dashboardperiod']) { - $config['widgets']['period'] = $_POST['dashboardperiod']; - } +// if ($_POST['dashboardperiod']) { +// $config['widgets']['period'] = $_POST['dashboardperiod']; +// } if ($_POST['webguicss']) { $config['system']['webgui']['webguicss'] = $_POST['webguicss']; @@ -193,6 +199,13 @@ if ($_POST) { unset($config['system']['webgui']['webguicss']); } + + if ($_POST['logincss']) { + $config['system']['webgui']['logincss'] = $_POST['logincss']; + } else { + unset($config['system']['webgui']['logincss']); + } + $config['system']['webgui']['loginshowhost'] = $_POST['loginshowhost'] ? true:false; if ($_POST['webguifixedmenu']) { @@ -614,13 +627,22 @@ gen_associatedpanels_fields( gen_requirestatefilter_field($section, $pconfig['requirestatefilter']); gen_webguileftcolumnhyper_field($section, $pconfig['webguileftcolumnhyper']); +$section->addInput(new Form_Select( + 'logincss', + 'Login page color', + $pconfig['logincss'], + ["1e3f75;" => gettext("Blue"), "003300" => gettext("Green"), "770101" => gettext("Red"), + "4b1263" => gettext("Purple"), "424142" => gettext("Gray"), "333333" => gettext("Dark gray"), + "633215" => gettext("Brown" ), "bf7703" => gettext("Orange")] +))->setHelp('Choose a color for the login page'); + $section->addInput(new Form_Checkbox( 'loginshowhost', 'Login hostname', 'Show hostname on login banner', $pconfig['loginshowhost'] )); - +/* $section->addInput(new Form_Input( 'dashboardperiod', 'Dashboard update period', @@ -630,7 +652,7 @@ $section->addInput(new Form_Input( ))->setHelp('Time in seconds between dashboard widget updates. Small values cause ' . 'more frequent updates but increase the load on the web server. ' . 'Minimum is 5 seconds, maximum 600 seconds'); - +*/ $form->add($section); print $form; diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 79ca581..8c370ba 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -87,7 +87,7 @@ $pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); $pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); $pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; $pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; -$pconfig['do_not_send_host_uuid'] = isset($config['system']['do_not_send_host_uuid']); +$pconfig['do_not_send_uniqueid'] = isset($config['system']['do_not_send_uniqueid']); $pconfig['powerd_ac_mode'] = "hadp"; if (!empty($config['system']['powerd_ac_mode'])) { @@ -215,10 +215,10 @@ if ($_POST) { unset($config['system']['pkg_nochecksig']); } - if ($_POST['do_not_send_host_uuid'] == "yes") { - $config['system']['do_not_send_host_uuid'] = true; + if ($_POST['do_not_send_uniqueid'] == "yes") { + $config['system']['do_not_send_uniqueid'] = true; } else { - unset($config['system']['do_not_send_host_uuid']); + unset($config['system']['do_not_send_uniqueid']); } if ($_POST['powerd_enable'] == "yes") { @@ -597,11 +597,11 @@ if ($g['platform'] == "pfSense") { $section = new Form_Section('Installation Feedback'); $section->addInput(new Form_Checkbox( - 'do_not_send_host_uuid', - 'Host UUID', - 'Do NOT send HOST UUID with user agent', - $pconfig['do_not_send_host_uuid'] -))->setHelp('Enable this option to not send HOST UUID to pfSense as part of User-Agent header.'); + 'do_not_send_uniqueid', + 'Netgate Device ID', + 'Do NOT send Netgate Device ID with user agent', + $pconfig['do_not_send_uniqueid'] +))->setHelp('Enable this option to not send Netgate Device ID to pfSense as part of User-Agent header.'); $form->add($section); diff --git a/src/usr/local/www/system_advanced_notifications.php b/src/usr/local/www/system_advanced_notifications.php index d8851c9..ec56cc9 100644 --- a/src/usr/local/www/system_advanced_notifications.php +++ b/src/usr/local/www/system_advanced_notifications.php @@ -120,7 +120,9 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if (isset($_POST['save'])) { + $testgrowl = isset($_POST['test-growl']); + $testsmtp = isset($_POST['test-smtp']); + if (isset($_POST['save']) || $testsmtp || $testgrowl) { // Growl $config['notifications']['growl']['ipaddress'] = $_POST['ipaddress']; @@ -194,7 +196,7 @@ if ($_POST) { unset($config['system']['disablebeep']); } - if (!$input_errors) { + if (!$input_errors && !$testsmtp && !$testgrowl) { write_config(); pfSenseHeader("system_advanced_notifications.php"); @@ -203,7 +205,7 @@ if ($_POST) { } - if (isset($_POST['test-growl'])) { + if ($testgrowl) { // Send test message via growl if (isset($config['notifications']['growl']['ipaddress'])) { unlink_if_exists($g['vardb_path'] . "/growlnotices_lastmsg.txt"); @@ -212,7 +214,7 @@ if ($_POST) { } } - if (isset($_POST['test-smtp'])) { + if ($testsmtp) { // Send test message via smtp if (file_exists("/var/db/notices_lastmsg.txt")) { unlink("/var/db/notices_lastmsg.txt"); diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 9557f50..7678c3b 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -139,10 +139,7 @@ if (!is_array($config['system']['authserver'])) { $config['system']['authserver'] = array(); } -$a_servers = auth_get_authserver_list(); -foreach ($a_servers as $servers) { - $a_server[] = $servers; -} +$a_server = array_values(auth_get_authserver_list()); if (!is_array($config['ca'])) { $config['ca'] = array(); @@ -171,6 +168,7 @@ if ($act == "del") { /* Remove server from temp list used later on this page. */ unset($a_server[$_GET['id']]); + $a_server = array_values($a_server); $savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted)); write_config($savemsg); @@ -321,6 +319,13 @@ if ($_POST) { } } + // https://redmine.pfsense.org/issues/4154 + if ($pconfig['type'] == "radius") { + if (is_ipaddrv6($_POST['radius_host'])) { + $input_errors[] = gettext("IPv6 does not work for RADIUS authentication, see Bug #4154."); + } + } + if (!$input_errors) { $server = array(); $server['refid'] = uniqid(); diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index c19b2f8..5b3972c 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -426,12 +426,20 @@ if ($_POST) { if (!empty($pconfig['dn_organizationalunit'])) { $dn['organizationalUnitName'] = $pconfig['dn_organizationalunit']; } + if (is_ipaddr($pconfig['dn_commonname'])) { + $altnames_tmp = array("IP:{$pconfig['dn_commonname']}"); + } else { + $altnames_tmp = array("DNS:{$pconfig['dn_commonname']}"); + } if (count($altnames)) { - $altnames_tmp = ""; foreach ($altnames as $altname) { - $altnames_tmp[] = "{$altname['type']}:{$altname['value']}"; + // The CN is added as a SAN automatically, do not add it again. + if ($altname['value'] != $pconfig['dn_commonname']) { + $altnames_tmp[] = "{$altname['type']}:{$altname['value']}"; + } } - + } + if (!empty($altnames_tmp)) { $dn['subjectAltName'] = implode(",", $altnames_tmp); } @@ -797,6 +805,8 @@ if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)) { $group->addClass('repeatable'); + $group->setHelp('Enter additional identifiers for the certificate in this list. The Common Name field is automatically added to the certificate as an Alternative Name.'); + $section->add($group); $counter++; diff --git a/src/usr/local/www/system_gateways_edit.php b/src/usr/local/www/system_gateways_edit.php index 85e0afd..46238b1 100644 --- a/src/usr/local/www/system_gateways_edit.php +++ b/src/usr/local/www/system_gateways_edit.php @@ -500,14 +500,16 @@ if ($_POST) { if ($_POST['defaultgw'] == "yes" || $_POST['defaultgw'] == "on") { $i = 0; /* remove the default gateway bits for all gateways with the same address family */ - foreach ($a_gateway_item as $gw) { - if ($gateway['ipprotocol'] == $gw['ipprotocol']) { - unset($config['gateways']['gateway_item'][$i]['defaultgw']); - if ($gw['interface'] != $_POST['interface'] && $gw['defaultgw']) { - $reloadif = $gw['interface']; + if (is_array($a_gateway_item)) { + foreach ($a_gateway_item as $gw) { + if ($gateway['ipprotocol'] == $gw['ipprotocol']) { + unset($config['gateways']['gateway_item'][$i]['defaultgw']); + if ($gw['interface'] != $_POST['interface'] && $gw['defaultgw']) { + $reloadif = $gw['interface']; + } } + $i++; } - $i++; } $gateway['defaultgw'] = true; } diff --git a/src/usr/local/www/system_update_settings.php b/src/usr/local/www/system_update_settings.php index 2a27fae..877ff34 100644 --- a/src/usr/local/www/system_update_settings.php +++ b/src/usr/local/www/system_update_settings.php @@ -66,15 +66,6 @@ $repos = pkg_list_repos(); if ($_POST) { - // Set the firmware branch, but only if we are not using it already - if ($_POST['fwbranch']) { - if (($_POST['fwbranch'] == "development") && !is_pkg_installed($g['product_name'] . "-repo-devel")) { - pkg_switch_repo(true); - } else if (($_POST['fwbranch'] == "stable") && !is_pkg_installed($g['product_name'] . "-repo")) { - pkg_switch_repo(false); - } - } - if ($_POST['disablecheck'] == "yes") { $config['system']['firmware']['disablecheck'] = true; } elseif (isset($config['system']['firmware']['disablecheck'])) { @@ -254,7 +245,7 @@ if (file_exists("/usr/local/bin/git") && $g['platform'] == $g['product_name']) { 'Branch name', 'text', ($gitcfg['branch'] ? $gitcfg['branch'] : '') - ))->setHelp('The most recently used branch was "%s". (Usually the branch name is RELENG_2_3)' . + ))->setHelp('The most recently used branch was "%s". (Usually the branch name is RELENG_2_3_4)' . '<br />Note: Sync will not be performed if a branch is not specified.', [$lastbranch]); $group = new Form_Group('Sync options'); diff --git a/src/usr/local/www/vendor/filebrowser/browser.php b/src/usr/local/www/vendor/filebrowser/browser.php index 8ca1217..48961a9 100644 --- a/src/usr/local/www/vendor/filebrowser/browser.php +++ b/src/usr/local/www/vendor/filebrowser/browser.php @@ -148,7 +148,7 @@ foreach ($files as $file): <tr> <td></td> <td class="fbFile vexpl text-left" id="<?=$fqpn;?>"> - <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?> + <?php $filename = htmlspecialchars(addslashes(str_replace("//","/", "{$path}/{$file}"))); ?> <div onClick="$('#fbTarget').val('<?=$filename?>'); loadFile(); $('#fbBrowser').fadeOut();"> <img src="/vendor/filebrowser/images/file_<?=$type;?>.gif" alt="" title=""> <?=$file;?> diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php index f3a0991..f5e7f2f 100644 --- a/src/usr/local/www/vpn_ipsec.php +++ b/src/usr/local/www/vpn_ipsec.php @@ -289,8 +289,27 @@ display_top_tabs($tab_array); </tr> </thead> <tbody class="p1-entries"> -<?php $i = 0; foreach ($a_phase1 as $ph1ent): ?> <?php +$iflabels = get_configured_interface_with_descr(false, true); +$viplist = get_configured_vip_list(); +foreach ($viplist as $vip => $address) { + $iflabels[$vip] = $address; + if (get_vip_descr($address)) { + $iflabels[$vip] .= " (". get_vip_descr($address) .")"; + } +} +$grouplist = return_gateway_groups_array(); +foreach ($grouplist as $name => $group) { + if ($group[0]['vip'] != "") { + $vipif = $group[0]['vip']; + } else { + $vipif = $group[0]['int']; + } + $iflabels[$name] = "GW Group {$name}"; +} + +$i = 0; foreach ($a_phase1 as $ph1ent): + $iconfn = "pass"; $entryStatus = (isset($ph1ent['disabled']) ? 'disabled' : 'enabled'); @@ -321,26 +340,11 @@ display_top_tabs($tab_array); <td> <?php if ($ph1ent['interface']) { - $iflabels = get_configured_interface_with_descr(); - - $viplist = get_configured_vip_list(); - foreach ($viplist as $vip => $address) { - $iflabels[$vip] = $address; - if (get_vip_descr($address)) { - $iflabels[$vip] .= " (". get_vip_descr($address) .")"; - } - } - - $grouplist = return_gateway_groups_array(); - foreach ($grouplist as $name => $group) { - if ($group[0]['vip'] != "") { - $vipif = $group[0]['vip']; - } else { - $vipif = $group[0]['int']; - } - $iflabels[$name] = "GW Group {$name}"; + if (isset($iflabels[$ph1ent['interface']])) { + $if = htmlspecialchars($iflabels[$ph1ent['interface']]); + } else { + $if = sprintf("Interface not found: '%s'", $ph1ent['interface']); } - $if = htmlspecialchars($iflabels[$ph1ent['interface']]); } else { $if = "WAN"; } diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index daf1f95..61e44f7 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -964,17 +964,17 @@ events.push(function() { }); // Mode - $('#mode').click(function () { + $('#mode').change(function () { mode_change(); }); // Use proxy - $('#proxy_authtype').click(function () { + $('#proxy_authtype').change(function () { useproxy_changed(); }); // Tun/tap - $('#dev_mode').click(function () { + $('#dev_mode').change(function () { dev_mode_change(); }); diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 62b9e43..7971f47 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -1628,7 +1628,7 @@ events.push(function() { }); // Tun/tap mode - $('#dev_mode, #serverbridge_dhcp').click(function () { + $('#dev_mode, #serverbridge_dhcp').change(function () { tuntap_change(); }); diff --git a/src/usr/local/www/widgets/include/thermal_sensors.inc b/src/usr/local/www/widgets/include/thermal_sensors.inc deleted file mode 100644 index e9f4137..0000000 --- a/src/usr/local/www/widgets/include/thermal_sensors.inc +++ /dev/null @@ -1,71 +0,0 @@ -<?php -/* - * thermal_sensors.inc - * - * part of pfSense (https://www.pfsense.org) - * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense® software distribution. (http://www.pfsense.org/). - * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. - * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). - * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - -//set variable for custom title -$thermal_sensors_widget_title = gettext("Thermal Sensors"); -//$thermal_sensors_widget_link = "thermal_sensors.php"; - - -//returns core temp data (from coretemp.ko or amdtemp.ko driver) as "|"-delimited string. -//NOTE: depends on proper config in System >> Advanced >> Miscellaneous tab >> Thermal Sensors section. -function getThermalSensorsData() { - - $_gb = exec("/sbin/sysctl -a | grep temperature", $dfout); - $dfout_filtered = array_filter($dfout, function($v) { - return strpos($negsign, ' -') === false; - }); - return join("|", $dfout_filtered); - -} -?> diff --git a/src/usr/local/www/widgets/javascript/thermal_sensors.js b/src/usr/local/www/widgets/javascript/thermal_sensors.js index a00dd92..7766a2a 100644 --- a/src/usr/local/www/widgets/javascript/thermal_sensors.js +++ b/src/usr/local/www/widgets/javascript/thermal_sensors.js @@ -54,33 +54,6 @@ warningTemp = 9999; criticalTemp = 100; ajaxBusy = false; -//should be called from "thermal_sensors.widget.php" -function showThermalSensorsData() { - if (!ajaxBusy) { - ajaxBusy = true; - //get data from thermal_sensors.widget.php - url = "/widgets/widgets/thermal_sensors.widget.php?getThermalSensorsData=1" - //IE fix to disable cache when using http:// , just append timespan - + new Date().getTime(); - - $.ajax(url, { - type: 'get', - success: function(data) { - var thermalSensorsData = data || ""; - buildThermalSensorsData(thermalSensorsData); - }, - error: function(jqXHR, status, error) { - warningTemp = 9999; - buildThermalSensorsDataRaw('<span class="alert-danger">Temperature data could not be read.</span>'); - } - }); - - ajaxBusy = false; - } - //call itself in 11 seconds - window.setTimeout(showThermalSensorsData, 11000); -} - function buildThermalSensorsData(thermalSensorsData) { //NOTE: variable thermal_sensors_widget_showRawOutput is declared/set in "thermal_sensors.widget.php" if (thermal_sensors_widget_showRawOutput) { diff --git a/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php b/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php index 0c3aa7a..3d60ab7 100644 --- a/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php +++ b/src/usr/local/www/widgets/widgets/dyn_dns_status.widget.php @@ -157,7 +157,7 @@ if ($_REQUEST['getdyndnsstatus']) { if (is_array($_POST['show'])) { $user_settings['widgets']['dyn_dns_status']['filter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['dyn_dns_status']['filter'] = ""; + $user_settings['widgets']['dyn_dns_status']['filter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved Dynamic DNS Filter via Dashboard.")); @@ -236,6 +236,13 @@ function get_dyndns_service_text($dyndns_type) { </td> </tr> <?php endforeach;?> + <?php if ($rowid == -1):?> + <tr> + <td colspan="4" class="text-center"> + <?=gettext('All Dyn DNS entries are hidden.');?> + </td> + </tr> + <?php endif;?> </tbody> </table> </div> @@ -285,39 +292,40 @@ function get_dyndns_service_text($dyndns_type) { <script type="text/javascript"> //<![CDATA[ - function dyndns_getstatus() { - scroll(0,0); - var url = "/widgets/widgets/dyn_dns_status.widget.php"; - var pars = 'getdyndnsstatus=yes'; - $.ajax( - url, - { - type: 'get', - data: pars, - complete: dyndnscallback - }); + events.push(function(){ - } - function dyndnscallback(transport) { - // The server returns a string of statuses separated by vertical bars - var responseStrings = transport.responseText.split("|"); - for (var count=0; count<responseStrings.length; count++) { - var divlabel = '#dyndnsstatus' + count; - $(divlabel).prop('innerHTML',responseStrings[count]); - } + // --------------------- centralized widget refresh system ------------------------------ - // Refresh the status every 5 minutes - setTimeout('dyndns_getstatus()', 5*60*1000); - } - events.push(function(){ - $("#showalldyndns").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); + // Callback function called by refresh system when data is retrieved + function dyndnscallback(s) { + // The server returns a string of statuses separated by vertical bars + var responseStrings = s.split("|"); + for (var count=0; count<responseStrings.length; count++) { + var divlabel = '#dyndnsstatus' + count; + $(divlabel).prop('innerHTML',responseStrings[count]); + } + } + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + getdyndnsstatus : "yes" + }; + + // Create an object defining the widget refresh AJAX call + var dyndnsObject = new Object(); + dyndnsObject.name = "DynDNS"; + dyndnsObject.url = "/widgets/widgets/dyn_dns_status.widget.php"; + dyndnsObject.callback = dyndnscallback; + dyndnsObject.parms = postdata; + dyndnsObject.freq = 20; + + // Register the AJAX object + register_ajax(dyndnsObject); + + // --------------------------------------------------------------------------------------------------- + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showalldyndns"); }); - // Do the first status check 2 seconds after the dashboard opens - setTimeout('dyndns_getstatus()', 2000); + //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/gateways.widget.php b/src/usr/local/www/widgets/widgets/gateways.widget.php index 5c9c836..70292cb 100644 --- a/src/usr/local/www/widgets/widgets/gateways.widget.php +++ b/src/usr/local/www/widgets/widgets/gateways.widget.php @@ -80,17 +80,17 @@ if ($_POST) { $user_settings["widgets"]["gateways_widget"]["display_type"] = $_POST["display_type"]; } - if (is_array($_POST['show'])) { - $validNames = array(); - $a_gateways = return_gateways_array(); + $validNames = array(); + $a_gateways = return_gateways_array(); - foreach ($a_gateways as $gname => $gateway) { - array_push($validNames, $gname); - } + foreach ($a_gateways as $gname => $gateway) { + array_push($validNames, $gname); + } + if (is_array($_POST['show'])) { $user_settings["widgets"]["gateways_widget"]["gatewaysfilter"] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings["widgets"]["gateways_widget"]["gatewaysfilter"] = ""; + $user_settings["widgets"]["gateways_widget"]["gatewaysfilter"] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Updated gateways widget settings via dashboard.")); @@ -199,40 +199,6 @@ $widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period </div> </form> -<script> -//<![CDATA[ - - function get_gw_stats() { - var ajaxRequest; - - ajaxRequest = $.ajax({ - url: "/widgets/widgets/gateways.widget.php", - type: "post", - data: { ajax: "ajax"} - }); - - // Deal with the results of the above ajax call - ajaxRequest.done(function (response, textStatus, jqXHR) { - $('#gwtblbody').html(response); - // and do it again - setTimeout(get_gw_stats, "<?=$widgetperiod?>"); - }); - } - - events.push(function(){ - $("#showallgateways").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); - - // Start polling for updates some small random number of seconds from now (so that all the widgets don't - // hit the server at exactly the same time) - setTimeout(get_gw_stats, Math.floor((Math.random() * 10000) + 1000)); - }); -//]]> -</script> - <?php function compose_table_body_contents() { global $user_settings; @@ -351,7 +317,7 @@ function compose_table_body_contents() { if (!$gw_displayed) { $rtnstr .= '<tr>'; - $rtnstr .= '<td colspan="5">'; + $rtnstr .= '<td colspan="5" class="text-center">'; if (count($a_gateways)) { $rtnstr .= gettext('All gateways are hidden.'); } else { @@ -363,3 +329,37 @@ function compose_table_body_contents() { return($rtnstr); } ?> + +<script> +//<![CDATA[ + +events.push(function(){ + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function gateways_callback(s) { + $('#gwtblbody').html(s); + } + + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + widgetkey : "<?=$widgetkey?>" + }; + + // Create an object defining the widget refresh AJAX call + var gatewaysObject = new Object(); + gatewaysObject.name = "Gateways"; + gatewaysObject.url = "/widgets/widgets/gateways.widget.php"; + gatewaysObject.callback = gateways_callback; + gatewaysObject.parms = postdata; + gatewaysObject.freq = 1; + + // Register the AJAX object + register_ajax(gatewaysObject); + + // --------------------------------------------------------------------------------------------------- +}); + +//]]> +</script> diff --git a/src/usr/local/www/widgets/widgets/installed_packages.widget.php b/src/usr/local/www/widgets/widgets/installed_packages.widget.php index 5515969..7ebe1cc 100644 --- a/src/usr/local/www/widgets/widgets/installed_packages.widget.php +++ b/src/usr/local/www/widgets/widgets/installed_packages.widget.php @@ -67,7 +67,7 @@ require_once("/usr/local/www/widgets/include/installed_packages.inc"); require_once("pkg-utils.inc"); if ($_REQUEST && $_REQUEST['ajax']) { - $package_list = get_pkg_info(); + $package_list = get_pkg_info('all', true, true); $installed_packages = array_filter($package_list, function($v) { return (isset($v['installed']) || isset($v['broken'])); }); diff --git a/src/usr/local/www/widgets/widgets/interface_statistics.widget.php b/src/usr/local/www/widgets/widgets/interface_statistics.widget.php index b5368fa..9f94951 100644 --- a/src/usr/local/www/widgets/widgets/interface_statistics.widget.php +++ b/src/usr/local/www/widgets/widgets/interface_statistics.widget.php @@ -81,15 +81,32 @@ if ($_REQUEST && $_REQUEST['ajax']) { ); $skipinterfaces = explode(",", $user_settings['widgets']['interface_statistics']['iffilter']); + $an_interface_is_selected = false; // decide if at least 1 interface is selected for display + $an_interface_is_displayed = false; // decide if at least 1 interface is displayed (i.e. not down) print("<thead>"); print( "<tr>"); print( "<th></th>"); foreach ($ifdescrs as $ifdescr => $ifname) { - if (!in_array($ifdescr, $skipinterfaces)) { - print( "<th>" . $ifname . "</th>"); + if (in_array($ifdescr, $skipinterfaces)) { + continue; } + + $an_interface_is_selected = true; + $ifinfo_arr[$ifdescr] = get_interface_info($ifdescr); + $ifinfo_arr[$ifdescr]['inbytes'] = format_bytes($ifinfo_arr[$ifdescr]['inbytes']); + $ifinfo_arr[$ifdescr]['outbytes'] = format_bytes($ifinfo_arr[$ifdescr]['outbytes']); + if ($ifinfo_arr[$ifdescr]['status'] != "down") { + $an_interface_is_displayed = true; + print("<th>" . $ifname . "</th>"); + } + } + + if (!$an_interface_is_selected) { + print("<th>" . gettext('All interfaces are hidden.') . "</th>"); + } else if (!$an_interface_is_displayed) { + print("<th>" . gettext('All selected interfaces are down.') . "</th>"); } print( "</tr>"); @@ -105,19 +122,12 @@ if ($_REQUEST && $_REQUEST['ajax']) { continue; } - $ifinfo = get_interface_info($ifdescr); - - if ($ifinfo['status'] == "down") { - continue; + if ($ifinfo_arr[$ifdescr]['status'] != "down") { + print("<td>" . (isset($ifinfo_arr[$ifdescr][$key]) ? htmlspecialchars($ifinfo_arr[$ifdescr][$key]) : 'n/a') . "</td>"); } - $ifinfo['inbytes'] = format_bytes($ifinfo['inbytes']); - $ifinfo['outbytes'] = format_bytes($ifinfo['outbytes']); - - print("<td>" . (isset($ifinfo[$key]) ? htmlspecialchars($ifinfo[$key]) : 'n/a') . "</td>"); } - print( "</td>"); print( "</tr>"); } print( "</tbody>"); @@ -133,7 +143,7 @@ if ($_REQUEST && $_REQUEST['ajax']) { if (is_array($_POST['show'])) { $user_settings['widgets']['interface_statistics']['iffilter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['interface_statistics']['iffilter'] = ""; + $user_settings['widgets']['interface_statistics']['iffilter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved Interface Statistics Filter via Dashboard.")); @@ -191,35 +201,57 @@ $widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period <script type="text/javascript"> //<![CDATA[ - - function get_if_stats() { +/* + function get_if_stats_<?=$widgetkey_nodash?>() { var ajaxRequest; ajaxRequest = $.ajax({ url: "/widgets/widgets/interface_statistics.widget.php", type: "post", - data: { ajax: "ajax"} + data: { ajax: "ajax", widgetkey: "<?=$widgetkey?>"} }); // Deal with the results of the above ajax call ajaxRequest.done(function (response, textStatus, jqXHR) { - $('#iftbl').html(response); + $('#<?=$widgetkey?>-iftbl').html(response); // and do it again - setTimeout(get_if_stats, "<?=$widgetperiod?>"); + setTimeout(get_if_stats_<?=$widgetkey_nodash?>, "<?=$widgetperiod?>"); }); } +*/ + events.push(function() { + // --------------------- Centralized widget refresh system ------------------------------ - events.push(function(){ - $("#showallinterfacesforstats").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); + // Callback function called by refresh system when data is retrieved + function interface_statistics_callback(s) { + $('#iftbl').html(s); + } + + // POST data to send via AJAX + var postdata = { + ajax : "ajax", + widgetkey :"<?=$widgetkey?>" + }; + + // Create an object defining the widget refresh AJAX call + var ifstatObject = new Object(); + ifstatObject.name = "IFstats"; + ifstatObject.url = "/widgets/widgets/interface_statistics.widget.php"; + ifstatObject.callback = interface_statistics_callback; + ifstatObject.parms = postdata; + ifstatObject.freq = 1; + + // Register the AJAX object + register_ajax(ifstatObject); + + // --------------------------------------------------------------------------------------------------- + // Note: This manages all settings checkboxes with id starting with "show" + // (i.e. both the interface and stats item selection groups) + // using a single All/None button + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallinterfacesforstats"); - // Start polling for updates some small random number of seconds from now (so that all the widgets don't - // hit the server at exactly the same time) - setTimeout(get_if_stats, Math.floor((Math.random() * 10000) + 1000)); }); //]]> </script> + diff --git a/src/usr/local/www/widgets/widgets/interfaces.widget.php b/src/usr/local/www/widgets/widgets/interfaces.widget.php index 27cd803..92b6f48 100644 --- a/src/usr/local/www/widgets/widgets/interfaces.widget.php +++ b/src/usr/local/www/widgets/widgets/interfaces.widget.php @@ -61,7 +61,7 @@ require_once("/usr/local/www/widgets/include/interfaces.inc"); $ifdescrs = get_configured_interface_with_descr(); -if ($_POST) { +if ($_POST && !$_REQUEST['ajax']) { $validNames = array(); @@ -72,26 +72,30 @@ if ($_POST) { if (is_array($_POST['show'])) { $user_settings['widgets']['interfaces']['iffilter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['interfaces']['iffilter'] = ""; + $user_settings['widgets']['interfaces']['iffilter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved Interfaces Filter via Dashboard.")); header("Location: /index.php"); } +if (!$_REQUEST['ajax']) { ?> -<div class="table-responsive"> +<div id="ifaces_status" class="table-responsive"> + <?php } ?> <table class="table table-striped table-hover table-condensed"> <tbody> <?php $skipinterfaces = explode(",", $user_settings['widgets']['interfaces']['iffilter']); +$interface_is_displayed = false; foreach ($ifdescrs as $ifdescr => $ifname): if (in_array($ifdescr, $skipinterfaces)) { continue; } + $interface_is_displayed = true; $ifinfo = get_interface_info($ifdescr); if ($ifinfo['pppoelink'] || $ifinfo['pptplink'] || $ifinfo['l2tplink']) { /* PPP link (non-cell) - looks like a modem */ @@ -159,10 +163,28 @@ foreach ($ifdescrs as $ifdescr => $ifname): </tr> <?php endforeach; +if (!$interface_is_displayed): +?> + <tr> + <td class="text-center"> + <?=gettext('All interfaces are hidden.');?> + </td> + </tr> + +<?php +endif; ?> </tbody> </table> + +<?php +/* for AJAX response, we only need the panels */ +if ($_REQUEST['ajax']) { + exit; +} +?> </div> + <!-- close the body we're wrapped in and add a configuration-panel --> </div><div id="widget-<?=$widgetname?>_panel-footer" class="panel-footer collapse"> @@ -208,12 +230,33 @@ endforeach; <script> //<![CDATA[ events.push(function(){ - $("#showallinterfaces").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function interfaces_callback(s) { + $('#ifaces_status').html(s); + } + + // POST data to send via AJAX + var postdata = { + widgetkey :"<?=$widgetkey?>", + ajax: "ajax" + }; + + // Create an object defining the widget refresh AJAX call + var interfacesObject = new Object(); + interfacesObject.name = "Interfaces"; + interfacesObject.url = "/widgets/widgets/interfaces.widget.php"; + interfacesObject.callback = interfaces_callback; + interfacesObject.parms = postdata; + interfacesObject.freq = 1; + + // Register the AJAX object + register_ajax(interfacesObject); + + // --------------------------------------------------------------------------------------------------- + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallinterfaces"); }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/log.widget.php b/src/usr/local/www/widgets/widgets/log.widget.php index fa54e9a..0b4f97a 100644 --- a/src/usr/local/www/widgets/widgets/log.widget.php +++ b/src/usr/local/www/widgets/widgets/log.widget.php @@ -61,7 +61,7 @@ require_once("functions.inc"); /* In an effort to reduce duplicate code, many shared functions have been moved here. */ require_once("filter_log.inc"); -if ($_POST) { +if ($_POST && !$_REQUEST['ajax']) { if (is_numeric($_POST['filterlogentries'])) { $user_settings['widgets']['filterlogentries'] = $_POST['filterlogentries']; } else { @@ -121,6 +121,8 @@ $nentriesinterval = isset($user_settings['widgets']['filterlogentriesinterval']) $filter_logfile = "{$g['varlog_path']}/filter.log"; $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray); + +if (!$_REQUEST['ajax']) { ?> <script type="text/javascript"> //<![CDATA[ @@ -128,6 +130,7 @@ $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray) //]]> </script> +<?php } ?> <table class="table table-striped table-hover"> <thead> @@ -190,7 +193,7 @@ $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray) endforeach; if (count($filterlog) == 0) { - print '<tr class="text-nowrap"><td colspan=5 class="text-center">'; + print '<tr class="text-nowrap"><td colspan=5 class="text-center text-danger">'; print gettext('No logs to display'); print '</td></tr>'; } @@ -202,31 +205,42 @@ $filterlog = conv_log_filter($filter_logfile, $nentries, 50, $filterfieldsarray) <?php /* for AJAX response, we only need the panel-body */ -if (isset($_GET['lastsawtime'])) { +if ($_REQUEST['ajax']) { exit; } -?> +?> <script type="text/javascript"> //<![CDATA[ -function logWidgetUpdateFromServer() { - $.ajax({ - type: 'get', - url: '/widgets/widgets/log.widget.php', - data: 'lastsawtime='+logWidgetLastRefresh, - dataFilter: function(raw){ - // We reload the entire widget, strip this block of javascript from it - return raw.replace(/<script>([\s\S]*)<\/script>/gi, ''); - }, - dataType: 'html', - success: function(data){ - $('#widget-log .panel-body').html(data); - } - }); -} events.push(function(){ - setInterval('logWidgetUpdateFromServer()', <?=$nentriesinterval?>*1000); + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function logs_callback(s) { + $('#widget-log .panel-body').html(s); + } + + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + lastsawtime: logWidgetLastRefresh<?=$widgetkey_nodash?> + }; + + // Create an object defining the widget refresh AJAX call + var logsObject = new Object(); + logsObject.name = "Gateways"; + logsObject.url = "/widgets/widgets/log.widget.php"; + logsObject.callback = logs_callback; + logsObject.parms = postdata; + logsObject.freq = <?=$nentriesinterval?>/5; // This is not going to be exactly the number of seconds + // the user has specified, but at least it is respected + // to some extent + + // Register the AJAX object + register_ajax(logsObject); + + // --------------------------------------------------------------------------------------------------- }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/netgate_services_and_support.widget.php b/src/usr/local/www/widgets/widgets/netgate_services_and_support.widget.php new file mode 100644 index 0000000..0d8b28b --- /dev/null +++ b/src/usr/local/www/widgets/widgets/netgate_services_and_support.widget.php @@ -0,0 +1,163 @@ +<?php +/* + * netgate_services_and_support.widget.php + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + This widget transmits the Netgate Device ID to Netgate's REST API, and retrieves the support information. + The connection is made using HTTPS/TLS. No other data is transmitted. If the widget + is not enabled, then no transmission is made + + If the file containing the support data exists on the file system and is less than 24 hours old + the file contents are displayed immediately. If not, an AJAX call is made to retrieve fresh information +*/ + +require_once("guiconfig.inc"); + +$nocsrf = true; +$supportfile = "/var/db/support.json"; +$idfile = "/var/db/uniqueid"; +$FQDN = "https://ews.netgate.com/support"; +$refreshinterval = (24 * 3600); // 24 hours + + +if ($_REQUEST['ajax']) { + + // Retrieve the support data from Netgate.com if the support data file does not exist, + // or if it is more than a day old + if (!file_exists($supportfile) || ( time()-filemtime($supportfile) > $refreshinterval)) { + if (file_exists($supportfile)) { + unlink($supportfile); + } + + updateSupport(); + } + + if (file_exists($supportfile)) { + print(file_get_contents($supportfile)); + } + + exit; +} + +// If the widget is called with act=refresh, delete the JSON file and reload the page, thereby forcing the +// widget to get a fresh copy of the support information +if ($_REQUEST['act'] == "refresh") { + + if (file_exists($supportfile)) { + unlink($supportfile); + } + + header("Location: /"); + exit; +} + +// Poll the Netgate server to obtain the JSON/HTML formatted support information +// and write it to the JSON file +function updateSupport() { + global $g, $supportfile, $idfile, $FQDN; + + if (file_exists($idfile)) { + if (function_exists('curl_version')) { + $post = ['uid' => file_get_contents($idfile), 'language' => '0']; + $url = $FQDN; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_VERBOSE, 0); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_POST, true); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,4); + $response = curl_exec($ch); + $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); + + if ($status == 200) { + file_put_contents($supportfile, $response); + } + } + } +} + + +$doajax = "yes"; + +print("<div>"); + +if (file_exists($supportfile) && ( time()-filemtime($supportfile) < $refreshinterval)) { + // Print the support data from the file + $str = file_get_contents($supportfile); + $json = json_decode($str, true); + print($json['summary']); + print($json['htmltext']); + $doajax = "no"; +} else { + //Print empty <div>s and request the data by AJAX + print(sprintf(gettext("%sRetrieving support information %s %s"), + "<div id=\"summary\" class=\"alert alert-warning\">", "<i class=\"fa fa-cog fa-spin\"></i>", "</div><div id=\"htmltxt\"></div>")); +} + +// Print a low-key refresh link +print('<div style="text-align:right;padding-right:15px;"><a href="/widgets/widgets/netgate_services_and_support.widget.php?act=refresh" usepost><i class="fa fa-refresh"></i></a></div>'); + +print("</div>"); + +?> + +<script type="text/javascript"> +//<![CDATA[ + events.push(function(){ + function fetch_spt_data() { + + $.ajax({ + type: 'POST', + url: "/widgets/widgets/netgate_services_and_support.widget.php", + data: { + ajax: "ajax" + }, + + success: function(data){ + if (data.length > 0) { + var obj = JSON.parse(data); + + $('#summary').removeClass("alert"); + $('#summary').removeClass("alert-warning"); + $('#summary').html(obj.summary); + $('#htmltxt').html(obj.htmltext); + } + }, + + error: function(e){ + // alert("Error: " + e); + + } + }); + } + + if ("<?=$doajax?>" === "yes") { + fetch_spt_data(); + } + }); + + +//]]> +</script> diff --git a/src/usr/local/www/widgets/widgets/ntp_status.widget.php b/src/usr/local/www/widgets/widgets/ntp_status.widget.php index 5914c7d..54c1e08 100644 --- a/src/usr/local/www/widgets/widgets/ntp_status.widget.php +++ b/src/usr/local/www/widgets/widgets/ntp_status.widget.php @@ -259,30 +259,34 @@ setInterval(function() { <script type="text/javascript"> //<![CDATA[ - function ntp_getstatus() { - var url = "/widgets/widgets/ntp_status.widget.php"; - var pars = 'updateme=yes'; - $.ajax( - url, - { - type: 'get', - data: pars, - complete: ntpstatuscallback - }); +events.push(function(){ + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function ntp_callback(s) { + $('[id="ntpstatus"]').prop('innerHTML', s); } - function ntpstatuscallback(transport) { - // The server returns formatted html code - var responseStringNtp = transport.responseText - $('#ntpstatus').prop('innerHTML',responseStringNtp); + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + updateme : "yes" + }; - // Refresh the status at the configured interval - setTimeout('ntp_getstatus()', "<?=$widgetperiod?>"); - } + // Create an object defining the widget refresh AJAX call + var ntpObject = new Object(); + ntpObject.name = "NTP"; + ntpObject.url = "/widgets/widgets/ntp_status.widget.php"; + ntpObject.callback = ntp_callback; + ntpObject.parms = postdata; + ntpObject.freq = 4; + + // Register the AJAX object + register_ajax(ntpObject); + + // --------------------------------------------------------------------------------------------------- +}); - // Start polling for updates some small random number of seconds from now (so that all the widgets don't - // hit the server at exactly the same time) - setTimeout(ntp_getstatus, Math.floor((Math.random() * 10000) + 1000)); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/openvpn.widget.php b/src/usr/local/www/widgets/widgets/openvpn.widget.php index 5704822..4bba428 100644 --- a/src/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/src/usr/local/www/widgets/widgets/openvpn.widget.php @@ -97,7 +97,7 @@ if ($_REQUEST && $_REQUEST['ajax']) { if (is_array($_POST['show'])) { $user_settings['widgets']['openvpn']['filter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['openvpn']['filter'] = ""; + $user_settings['widgets']['openvpn']['filter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved OpenVPN Filter via Dashboard.")); @@ -115,12 +115,15 @@ function printPanel() { $skipovpns = explode(",", $user_settings['widgets']['openvpn']['filter']); $opstring = ""; + $got_ovpn_server = false; foreach ($servers as $server): if (in_array($server['vpnid'], $skipovpns)) { continue; } + $got_ovpn_server = true; + $opstring .= "<div class=\"widget panel panel-default\">"; $opstring .= "<div class=\"panel-heading\"><h2 class=\"panel-title\">" . htmlspecialchars($server['name']) . "</h2></div>"; $opstring .= "<div class=\"table-responsive\">"; @@ -322,7 +325,15 @@ function printPanel() { endif; if ((empty($clients)) && (empty($servers)) && (empty($sk_servers))) { - print(gettext("No OpenVPN instances defined")); + $none_to_display_text = gettext("No OpenVPN instances defined"); + } else if (!$got_ovpn_server && !$got_sk_server && !$got_ovpn_client) { + $none_to_display_text = gettext("All OpenVPN instances are hidden"); + } else { + $none_to_display_text = ""; + } + + if (strlen($none_to_display_text) > 0) { + print('<table class="table"><tbody><td class="text-center">' . $none_to_display_text . '</td></tbody></table>'); } } @@ -353,35 +364,34 @@ $widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period ); } - // Refresh the panel - function get_update() { - var ajaxRequest; + events.push(function(){ + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallovpns"); + + // --------------------- Centralized widget refresh system ------------------------------ - ajaxRequest = $.ajax({ - url: "/widgets/widgets/openvpn.widget.php", - type: "post", - data: { ajax: "ajax"} - }); + // Callback function called by refresh system when data is retrieved + function openvpn_callback(s) { + $('#mainpanel').html(s); + } - // Deal with the results of the above ajax call - ajaxRequest.done(function (response, textStatus, jqXHR) { - $('#mainpanel').html(response); + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + widgetkey: "<?=$widgetkey?>" + }; - // and do it again - setTimeout(get_update, "<?=$widgetperiod?>"); - }); - } + // Create an object defining the widget refresh AJAX call + var openvpnObject = new Object(); + openvpnObject.name = "OpenVPN"; + openvpnObject.url = "/widgets/widgets/openvpn.widget.php"; + openvpnObject.callback = openvpn_callback; + openvpnObject.parms = postdata; + openvpnObject.freq = 4; - events.push(function(){ - $("#showallovpns").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); - - // Start polling for updates some small random number of seconds from now (so that all the widgets don't - // hit the server at exactly the same time) - setTimeout(get_update, Math.floor((Math.random() * 10000) + 1000)); + // Register the AJAX object + register_ajax(openvpnObject); + + // --------------------------------------------------------------------------------------------------- }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/services_status.widget.php b/src/usr/local/www/widgets/widgets/services_status.widget.php index 4672b2e..f28a1ed 100644 --- a/src/usr/local/www/widgets/widgets/services_status.widget.php +++ b/src/usr/local/www/widgets/widgets/services_status.widget.php @@ -59,7 +59,7 @@ if ($_POST) { if (is_array($_POST['show'])) { $user_settings['widgets']['servicestatusfilter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['servicestatusfilter'] = ""; + $user_settings['widgets']['servicestatusfilter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved Service Status Filter via Dashboard.")); @@ -83,12 +83,15 @@ $skipservices = explode(",", $user_settings['widgets']['servicestatusfilter']); if (count($services) > 0) { uasort($services, "service_dispname_compare"); + $service_is_displayed = false; foreach ($services as $service) { if ((!$service['dispname']) || (in_array($service['dispname'], $skipservices)) || (!is_service_enabled($service['dispname']))) { continue; } + $service_is_displayed = true; + if (empty($service['description'])) { $service['description'] = get_pkg_descr($service['name']); } @@ -103,8 +106,12 @@ if (count($services) > 0) { </tr> <?php } + + if (!$service_is_displayed) { + echo "<tr><td colspan=\"4\" class=\"text-center\">" . gettext("All services are hidden") . ". </td></tr>\n"; + } } else { - echo "<tr><td colspan=\"3\" class=\"text-center\">" . gettext("No services found") . ". </td></tr>\n"; + echo "<tr><td colspan=\"4\" class=\"text-center\">" . gettext("No services found") . ". </td></tr>\n"; } ?> </tbody> @@ -157,12 +164,7 @@ if (count($services) > 0) { <script type="text/javascript"> //<![CDATA[ events.push(function(){ - $("#showallservices").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); - + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallservices"); }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/smart_status.widget.php b/src/usr/local/www/widgets/widgets/smart_status.widget.php index 49f1f42..9707e94 100644 --- a/src/usr/local/www/widgets/widgets/smart_status.widget.php +++ b/src/usr/local/www/widgets/widgets/smart_status.widget.php @@ -79,7 +79,7 @@ if ($_POST) { if (is_array($_POST['show'])) { $user_settings['widgets']['smart_status']['filter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['smart_status']['filter'] = ""; + $user_settings['widgets']['smart_status']['filter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved SMART Status Filter via Dashboard.")); @@ -101,6 +101,7 @@ if ($_POST) { <tbody> <?php $skipsmart = explode(",", $user_settings['widgets']['smart_status']['filter']); +$smartdrive_is_displayed = false; if (count($devs) > 0) { foreach ($devs as $dev) { ## for each found drive do @@ -108,6 +109,7 @@ if (count($devs) > 0) { continue; } + $smartdrive_is_displayed = true; $dev_ident = exec("diskinfo -v /dev/$dev | grep ident | awk '{print $1}'"); ## get identifier from drive $dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit} /^SMART Health Status/ {print $2;exit}'")); ## get SMART state from drive @@ -136,6 +138,16 @@ if (count($devs) > 0) { </tr> <?php } + + if (!$smartdrive_is_displayed) { +?> + <tr> + <td colspan="4" class="text-center"> + <?=gettext('All SMART drives are hidden.');?> + </td> + </tr> +<?php + } } ?> </tbody> @@ -182,12 +194,7 @@ if (count($devs) > 0) { <script type="text/javascript"> //<![CDATA[ events.push(function(){ - $("#showallsmartdrives").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); - + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallsmartdrives"); }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php index a3d62ab..d32f144 100644 --- a/src/usr/local/www/widgets/widgets/system_information.widget.php +++ b/src/usr/local/www/widgets/widgets/system_information.widget.php @@ -84,14 +84,21 @@ $sysinfo_items = array( 'disk_usage' => gettext('Disk Usage') ); +// Declared here so that JavaScript can access it +$updtext = sprintf(gettext("Obtaining update status %s"), "<i class='fa fa-cog fa-spin'></i>"); + if ($_REQUEST['getupdatestatus']) { require_once("pkg-utils.inc"); + $cache_file = $g['version_cache_file']; + if (isset($config['system']['firmware']['disablecheck'])) { exit; } - $system_version = get_system_pkg_version(); + /* If $_REQUEST['getupdatestatus'] == 2, force update */ + $system_version = get_system_pkg_version(false, + ($_REQUEST['getupdatestatus'] == 1)); if ($system_version === false) { print(gettext("<i>Unable to check for updates</i>")); @@ -119,16 +126,30 @@ if ($_REQUEST['getupdatestatus']) { <?php break; case '=': - print(gettext("The system is on the latest version.")); + printf('<span class="text-success">%s</span>' . "\n", + gettext("The system is on the latest version.")); break; case '>': - print(gettext("The system is on a later version than<br />the official release.")); + printf("%s\n", gettext( + "The system is on a later version than official release.")); break; default: - print(gettext( "<i>Error comparing installed version<br />with latest available</i>")); + printf("<i>%s</i>\n", gettext( + "Error comparing installed with latest version available")); break; } + if (file_exists($cache_file)): +?> + <div> + <?printf("%s %s", gettext("Version information updated at"), + date("Y-m-d H:i", filemtime($cache_file)));?> + + <a id="updver" href="#" class="fa fa-refresh"></a> + </div> +<?php + endif; + exit; } elseif ($_POST) { @@ -141,22 +162,17 @@ if ($_REQUEST['getupdatestatus']) { if (is_array($_POST['show'])) { $user_settings['widgets']['system_information']['filter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['system_information']['filter'] = ""; + $user_settings['widgets']['system_information']['filter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved System Information Widget Filter via Dashboard.")); header("Location: /index.php"); } -/* Adding one second to the system widet update period - * will ensure that we update the GUI right after the stats are updated. - */ -$widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period'] * 1000 : 10000; -$widgetperiod += 1000; - $filesystems = get_mounted_filesystems(); $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information']['filter']); +$rows_displayed = false; ?> <div class="table-responsive"> @@ -164,6 +180,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <tbody> <?php if (!in_array('name', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Name");?></th> @@ -172,6 +189,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('system', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("System");?></th> @@ -186,6 +204,13 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] ?> <br /> <?=gettext("Serial: ");?><strong><?=system_get_serial();?></strong> +<?php + // If the uniqueID is available, display it here + $uniqueid = system_get_uniqueid(); + if (!empty($uniqueid)) { + print("<br />" . gettext("Netgate Device ID:") . " <strong>{$uniqueid}</strong>"); + } +?> </td> </tr> <?php @@ -219,6 +244,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] endif; endif; if (!in_array('version', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Version");?></th> @@ -233,7 +259,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; ?> <?php if (!isset($config['system']['firmware']['disablecheck'])): ?> <br /><br /> - <div id='updatestatus'><?php echo gettext("Obtaining update status "); ?><i class="fa fa-cog fa-spin"></i></div> + <div id='updatestatus'><?=$updtext?></div> <?php endif; ?> </td> </tr> @@ -274,6 +300,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('cpu_type', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("CPU Type");?></th> @@ -291,6 +318,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('hwcrypto', $skipsysinfoitems)): + $rows_displayed = true; ?> <?php if ($hwcrypto): ?> <tr> @@ -301,6 +329,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('uptime', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Uptime");?></th> @@ -309,6 +338,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('current_datetime', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Current date/time");?></th> @@ -317,6 +347,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('dns_servers', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("DNS server(s)");?></th> @@ -334,6 +365,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('last_config_change', $skipsysinfoitems)): + $rows_displayed = true; ?> <?php if ($config['revision']): ?> <tr> @@ -344,6 +376,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('state_table_size', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("State table size");?></th> @@ -362,6 +395,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('mbuf_usage', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("MBUF Usage");?></th> @@ -380,6 +414,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('temperature', $skipsysinfoitems)): + $rows_displayed = true; ?> <?php if (get_temp() != ""): ?> <tr> @@ -397,6 +432,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('load_average', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Load average");?></th> @@ -407,6 +443,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('cpu_usage', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("CPU usage");?></th> @@ -415,13 +452,13 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <div id="cpuPB" class="progress-bar progress-bar-striped" role="progressbar" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100" style="width: 0%"> </div> </div> - <?php $update_period = (!empty($config['widgets']['period'])) ? $config['widgets']['period'] : "10"; ?> - <span id="cpumeter"><?=sprintf(gettext("Updating in %s seconds"), $update_period)?></span> + <span id="cpumeter"><?=sprintf(gettext("Retrieving CPU data %s"), "<i class=\"fa fa-gear fa-spin\"></i>")?></span> </td> </tr> <?php endif; if (!in_array('memory_usage', $skipsysinfoitems)): + $rows_displayed = true; ?> <tr> <th><?=gettext("Memory usage");?></th> @@ -438,6 +475,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('swap_usage', $skipsysinfoitems)): + $rows_displayed = true; ?> <?php if ($showswap == true): ?> <tr> @@ -456,6 +494,7 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <?php endif; if (!in_array('disk_usage', $skipsysinfoitems)): + $rows_displayed = true; $diskidx = 0; foreach ($filesystems as $fs): ?> @@ -473,6 +512,15 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] $diskidx++; endforeach; endif; + if (!$rows_displayed): +?> + <tr> + <td class="text-center"> + <?=gettext('All System Information items are hidden.');?> + </td> + </tr> +<?php + endif; ?> </tbody> @@ -519,60 +567,18 @@ $skipsysinfoitems = explode(",", $user_settings['widgets']['system_information'] <script type="text/javascript"> //<![CDATA[ -<?php if (!isset($config['system']['firmware']['disablecheck'])): ?> -function systemStatusGetUpdateStatus() { - $.ajax({ - type: 'get', - url: '/widgets/widgets/system_information.widget.php', - data: 'getupdatestatus=1', - dataFilter: function(raw){ - // We reload the entire widget, strip this block of javascript from it - return raw.replace(/<script>([\s\S]*)<\/script>/gi, ''); - }, - dataType: 'html', - success: function(data){ - $('#widget-system_information #updatestatus').html(data); - } - }); -} - -setTimeout('systemStatusGetUpdateStatus()', 4000); -<?php endif; ?> - -function updateMeters() { - url = '/getstats.php'; - - $.ajax(url, { - type: 'get', - success: function(data) { - response = data || ""; - if (response != "") - stats(data); - } - }); - - setTimer(); - -} events.push(function(){ - $("#showallsysinfoitems").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallsysinfoitems"); }); -var update_interval = "<?=$widgetperiod?>"; +var lastTotal = 0; +var lastUsed = 0; function setProgress(barName, percent) { $('#' + barName).css('width', percent + '%').attr('aria-valuenow', percent); } -function setTimer() { - timeout = window.setTimeout('updateMeters()', update_interval); -} - function stats(x) { var values = x.split("|"); if ($.each(values,function(key,value) { @@ -582,19 +588,23 @@ function stats(x) { return false; })) - updateUptime(values[2]); - updateDateTime(values[5]); - updateCPU(values[0]); - updateMemory(values[1]); - updateState(values[3]); - updateTemp(values[4]); - updateInterfaceStats(values[6]); - updateInterfaces(values[7]); - updateCpuFreq(values[8]); - updateLoadAverage(values[9]); - updateMbuf(values[10]); - updateMbufMeter(values[11]); - updateStateMeter(values[12]); + if (lastTotal === 0) { + lastTotal = values[0]; + lastUsed = values[1]; + } else { + updateCPU(values[0], values[1]); + } + + updateUptime(values[3]); + updateDateTime(values[6]); + updateMemory(values[2]); + updateState(values[4]); + updateTemp(values[5]); + updateCpuFreq(values[7]); + updateLoadAverage(values[8]); + updateMbuf(values[9]); + updateMbufMeter(values[10]); + updateStateMeter(values[11]); } function updateMemory(x) { @@ -621,19 +631,32 @@ function updateMbufMeter(x) { } } -function updateCPU(x) { +function updateCPU(total, used) { + if ((lastTotal <= total) && (lastUsed <= used)) { // Just in case it wraps + // Calculate the total ticks and the used ticks sine the last time it was checked + var d_total = total - lastTotal; + var d_used = used - lastUsed; - if ($('#cpumeter')) { - $("#cpumeter").html(x + '%'); - } - if ($('#cpuPB')) { - setProgress('cpuPB', parseInt(x)); - } + // Convert to percent + var x = Math.trunc( ((d_total - d_used)/d_total) * 100); + + if ($('#cpumeter')) { + $('[id="cpumeter"]').html(x + '%'); + } + + if ($('#cpuPB')) { + setProgress('cpuPB', parseInt(x)); + } - /* Load CPU Graph widget if enabled */ - if (widgetActive('cpu_graphs')) { - GraphValue(graph[0], x); + /* Load CPU Graph widget if enabled */ + if (widgetActive('cpu_graphs')) { + GraphValue(graph[0], x); + } } + + // Update the saved "last" values + lastTotal = total; + lastUsed = used; } function updateTemp(x) { @@ -743,9 +766,92 @@ function widgetActive(x) { } } -/* start updater */ + events.push(function(){ - setTimer(); + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function meters_callback(s) { + stats(s); + } + + // POST data to send via AJAX + var postdata = { + ajax: "ajax" + }; + + // Create an object defining the widget refresh AJAX call + var metersObject = new Object(); + metersObject.name = "Meters"; + metersObject.url = "/getstats.php"; + metersObject.callback = meters_callback; + metersObject.parms = postdata; + metersObject.freq = 1; + + // Register the AJAX object + register_ajax(metersObject); + + <?php if (!isset($config['system']['firmware']['disablecheck'])): ?> + + // Callback function called by refresh system when data is retrieved + function version_callback(s) { + $('[id^=widget-system_information] #updatestatus').html(s); + + // The click handler has to be attached after the div is updated + $('#updver').click(function() { + updver_ajax(); + }); + } + + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + getupdatestatus: "1" + }; + + // Create an object defining the widget refresh AJAX call + var versionObject = new Object(); + versionObject.name = "Version"; + versionObject.url = "/widgets/widgets/system_information.widget.php"; + versionObject.callback = version_callback; + versionObject.parms = postdata; + versionObject.freq = 100; + + // Register the AJAX object + register_ajax(versionObject); +<?php endif; ?> + + //set_widget_checkbox_events("#<?=$widget_panel_footer_id?> [id^=show]", "<?=$widget_showallnone_id?>"); + + // AJAX function to update the version display with non-cached data + function updver_ajax() { + + // Display the "updating" message + $('[id^=widget-system_information] #updatestatus').html("<?=$updtext?>"); // <?=$updtext?>"); + + $.ajax({ + type: 'POST', + url: "/widgets/widgets/system_information.widget.php", + dataType: 'html', + data: { + ajax: "ajax", + getupdatestatus: "2" + }, + + success: function(data){ + // Display the returned data + $('[id^=widget-system_information] #updatestatus').html(data); + + // Re-attach the click handler (The binding was lost when the <div> content was replaced) + $('#updver').click(function() { + updver_ajax(); + }); + }, + + error: function(e){ + } + }); + } }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/thermal_sensors.widget.php b/src/usr/local/www/widgets/widgets/thermal_sensors.widget.php index cac502b..8dfb085 100644 --- a/src/usr/local/www/widgets/widgets/thermal_sensors.widget.php +++ b/src/usr/local/www/widgets/widgets/thermal_sensors.widget.php @@ -52,14 +52,23 @@ */ require_once("guiconfig.inc"); -require_once("/usr/local/www/widgets/include/thermal_sensors.inc"); + +//set variable for custom title +$thermal_sensors_widget_title = gettext("Thermal Sensors"); //========================================================================= //called by showThermalSensorsData() (jQuery Ajax call) in thermal_sensors.js -if (isset($_GET["getThermalSensorsData"])) { +if (isset($_REQUEST["getThermalSensorsData"])) { //get Thermal Sensors data and return - echo getThermalSensorsData(); - return; + $_gb = exec("/sbin/sysctl -a | grep temperature", $dfout); + $dfout_filtered = array_filter($dfout, function($v) { + return strpos($negsign, ' -') === false; + }); + + print(join("|", $dfout_filtered)); + + exit; + } //========================================================================= @@ -177,7 +186,33 @@ function getBoolValueFromConfig(&$configArray, $valueKey, $defaultValue) { //start showing temp data //NOTE: the refresh interval will be reset to a proper value in showThermalSensorsData() (thermal_sensors.js). events.push(function(){ - showThermalSensorsData(); + // --------------------- Centralized widget refresh system ------------------------------ + + // Callback function called by refresh system when data is retrieved + function ts_callback(s) { + var thermalSensorsData = s || ""; + buildThermalSensorsData(thermalSensorsData); + } + + // POST data to send via AJAX + var postdata = { + ajax: "ajax", + getThermalSensorsData : "1" + }; + + // Create an object defining the widget refresh AJAX call + var tsObject = new Object(); + tsObject.name = "Gateways"; + tsObject.url = "/widgets/widgets/thermal_sensors.widget.php"; + tsObject.callback = ts_callback; + tsObject.parms = postdata; + tsObject.freq = 4; + + // Register the AJAX object + register_ajax(tsObject); + + // --------------------------------------------------------------------------------------------------- + //showThermalSensorsData(); }); //]]> </script> diff --git a/src/usr/local/www/widgets/widgets/wake_on_lan.widget.php b/src/usr/local/www/widgets/widgets/wake_on_lan.widget.php index b4d22de..e650114 100644 --- a/src/usr/local/www/widgets/widgets/wake_on_lan.widget.php +++ b/src/usr/local/www/widgets/widgets/wake_on_lan.widget.php @@ -72,14 +72,16 @@ if ($_POST) { $validNames = array(); - foreach ($config['wol']['wolentry'] as $wolent) { - array_push($validNames, get_wolent_key($wolent)); + if (is_array($config['wol']['wolentry'])) { + foreach ($config['wol']['wolentry'] as $wolent) { + array_push($validNames, get_wolent_key($wolent)); + } } if (is_array($_POST['show'])) { $user_settings['widgets']['wol']['filter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { - $user_settings['widgets']['wol']['filter'] = ""; + $user_settings['widgets']['wol']['filter'] = implode(',', $validNames); } save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Saved Wake on LAN Filter via Dashboard.")); @@ -102,11 +104,14 @@ if ($_POST) { $skipwols = explode(",", $user_settings['widgets']['wol']['filter']); if (count($wolcomputers) > 0): + $wol_entry_is_displayed = false; + foreach ($wolcomputers as $wolent): if (in_array(get_wolent_key($wolent), $skipwols)) { continue; } + $wol_entry_is_displayed = true; $is_active = exec("/usr/sbin/arp -an |/usr/bin/grep {$wolent['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print $1;}'"); $status = exec("/usr/sbin/arp -an | /usr/bin/awk '$4 == \"{$wolent['mac']}\" { print $7 }'"); ?> @@ -133,8 +138,15 @@ if (count($wolcomputers) > 0): </a> </td> </tr> -<?php endforeach; -else: ?> +<?php + endforeach; + if (!$wol_entry_is_displayed): +?> + <tr><td colspan="4" class="text-center"><?=gettext("All WoL entries are hidden.")?></td></tr> +<?php + endif; +else: +?> <tr><td colspan="4" class="text-center"><?= gettext("No saved WoL addresses") ?></td></tr> <?php endif; @@ -205,12 +217,7 @@ if (is_array($config['dhcpd'])) { <script> //<![CDATA[ events.push(function(){ - $("#showallwols").click(function() { - $("#widget-<?=$widgetname?>_panel-footer [id^=show]").each(function() { - $(this).prop("checked", true); - }); - }); - + set_widget_checkbox_events("#widget-<?=$widgetname?>_panel-footer [id^=show]", "showallwols"); }); //]]> </script> diff --git a/tools/builder_common.sh b/tools/builder_common.sh index 9099d67..1f627ef 100644 --- a/tools/builder_common.sh +++ b/tools/builder_common.sh @@ -535,6 +535,18 @@ make_world() { (script -aq $LOGFILE make -C ${FREEBSD_SRC_DIR}/tools/tools/ath/athstats ${makeargs} install || print_error_pfS;) | egrep '^>>>' | tee -a ${LOGFILE} echo ">>> Building and installing crypto tools and athstats for ${TARGET} architecture... (Finished - $(LC_ALL=C date))" | tee -a ${LOGFILE} + if [ "${PRODUCT_NAME}" = "pfSense" -a -n "${GNID_REPO_BASE}" ]; then + echo ">>> Building gnid... " | tee -a ${LOGFILE} + (\ + cd ${GNID_SRC_DIR} && \ + make INCLUDE_DIR=${GNID_INCLUDE_DIR} \ + LIBCRYPTO_DIR=${GNID_LIBCRYPTO_DIR} clean gnid \ + ) || print_error_pfS + install -o root -g wheel -m 0700 ${GNID_SRC_DIR}/gnid \ + ${STAGE_CHROOT_DIR}/usr/sbin \ + || print_error_pfS + fi + unset makeargs } @@ -1726,6 +1738,30 @@ update_freebsd_sources() { ( cd ${FREEBSD_SRC_DIR} && git checkout ${GIT_FREEBSD_COSHA1} ) 2>&1 | grep -C3 -i -E 'error|fatal' fi echo "Done!" + + if [ "${PRODUCT_NAME}" = "pfSense" -a -n "${GNID_REPO_BASE}" ]; then + echo ">>> Obtaining gnid sources..." + + _CLONE=1 + if [ -d "${GNID_SRC_DIR}/.git" ]; then + CUR_BRANCH=$(cd ${GNID_SRC_DIR} && git branch | grep '^\*' | cut -d' ' -f2) + if [ "${CUR_BRANCH}" = "${GNID_BRANCH}" ]; then + _CLONE=0 + ( cd ${GNID_SRC_DIR} && git clean -fd; git fetch origin; git reset --hard origin/${GNID_BRANCH} ) 2>&1 | grep -C3 -i -E 'error|fatal' + else + rm -rf ${GNID_SRC_DIR} + fi + fi + + if [ ${_CLONE} -eq 1 ]; then + ( git clone --branch ${GNID_BRANCH} ${GNID_REPO_BASE} ${GNID_SRC_DIR} ) 2>&1 | grep -C3 -i -E 'error|fatal' + fi + + if [ ! -d "${GNID_SRC_DIR}/.git" ]; then + echo ">>> ERROR: It was not possible to clone gnid src repo" + print_error_pfS + fi + fi } pkg_chroot() { @@ -1754,7 +1790,7 @@ pkg_chroot() { _params="--repo-conf-dir /tmp/pkg-repos " fi script -aq ${BUILDER_LOGS}/install_pkg_install_ports.txt \ - pkg -c ${_root} ${_params}$@ >/dev/null 2>&1 + chroot ${_root} pkg ${_params}$@ >/dev/null 2>&1 local result=$? rm -f ${_root}/etc/resolv.conf /sbin/umount -f ${_root}/dev diff --git a/tools/builder_defaults.sh b/tools/builder_defaults.sh index bf4cc18..2addee0 100644 --- a/tools/builder_defaults.sh +++ b/tools/builder_defaults.sh @@ -127,7 +127,7 @@ if [ -z "${PRODUCT_VERSION}" ]; then export PRODUCT_VERSION=$(head -n 1 ${PRODUCT_SRC}/etc/version) fi -export PRODUCT_REVISION=${PRODUCT_REVISION:-""} +export PRODUCT_REVISION=${PRODUCT_REVISION:-"1"} # Product repository tag to build _cur_git_repo_branch_or_tag=$(git -C ${BUILDER_ROOT} rev-parse --abbrev-ref HEAD) @@ -145,7 +145,7 @@ GIT_REPO_BASE=$(git -C ${BUILDER_ROOT} config --get remote.origin.url | sed -e ' # This is used for using svn for retrieving src export FREEBSD_REPO_BASE=${FREEBSD_REPO_BASE:-"${GIT_REPO_BASE}/freebsd-src.git"} -export FREEBSD_BRANCH=${FREEBSD_BRANCH:-"RELENG_2_3"} +export FREEBSD_BRANCH=${FREEBSD_BRANCH:-"RELENG_2_3_4"} export FREEBSD_PARENT_BRANCH=${FREEBSD_PARENT_BRANCH:-"releng/10.3"} export FREEBSD_SRC_DIR=${FREEBSD_SRC_DIR:-"${SCRATCHDIR}/FreeBSD-src"} @@ -186,6 +186,13 @@ else export MODULES_OVERRIDE=${MODULES_OVERRIDE:-"i2c ipmi ndis ipfw ipdivert dummynet fdescfs opensolaris zfs glxsb if_stf coretemp amdtemp aesni sfxge hwpmc vmm nmdm ixgbe"} fi +# gnid +export GNID_REPO_BASE=${GNID_REPO_BASE:-"${GIT_REPO_BASE}/gnid.git"} +export GNID_SRC_DIR=${GNID_SRC_DIR:-"${SCRATCHDIR}/gnid"} +export GNID_BRANCH=${GNID_BRANCH:-"master"} +export GNID_INCLUDE_DIR=${GNID_INCLUDE_DIR:-"${MAKEOBJDIRPREFIX}/${FREEBSD_SRC_DIR}/tmp/usr/include"} +export GNID_LIBCRYPTO_DIR=${GNID_LIBCRYPTO_DIR:-"${MAKEOBJDIRPREFIX}/${FREEBSD_SRC_DIR}/secure/lib/libcrypto"} + # Area that the final image will appear in export IMAGES_FINAL_DIR=${IMAGES_FINAL_DIR:-"${SCRATCHDIR}/${PRODUCT_NAME}/"} @@ -273,7 +280,7 @@ export POUDRIERE_PORTS_NAME=${POUDRIERE_PORTS_NAME:-"${PRODUCT_NAME}_${POUDRIERE export POUDRIERE_BULK=${POUDRIERE_BULK:-"${BUILDER_TOOLS}/conf/pfPorts/poudriere_bulk"} export POUDRIERE_PORTS_GIT_URL=${POUDRIERE_PORTS_GIT_URL:-"${GIT_REPO_BASE}/freebsd-ports.git"} -export POUDRIERE_PORTS_GIT_BRANCH=${POUDRIERE_PORTS_GIT_BRANCH:-"RELENG_2_3"} +export POUDRIERE_PORTS_GIT_BRANCH=${POUDRIERE_PORTS_GIT_BRANCH:-"RELENG_2_3_4"} unset _IS_RELEASE unset _IS_RC @@ -310,8 +317,8 @@ export PKG_RSYNC_LOGS=${PKG_RSYNC_LOGS:-"/staging/ce/packages/logs/${POUDRIERE_B # Final packages server if [ -n "${_IS_RELEASE}" ]; then - export PKG_FINAL_RSYNC_HOSTNAME=${PKG_FINAL_RSYNC_HOSTNAME:-"files01.nyi.netgate.com files02.nyi.netgate.com files03.nyi.netgate.com"} - export PKG_FINAL_RSYNC_DESTDIR=${PKG_FINAL_RSYNC_DESTDIR:-"/usr/local/www/pkg"} + export PKG_FINAL_RSYNC_HOSTNAME=${PKG_FINAL_RSYNC_HOSTNAME:-"nfs1.nyi.netgate.com"} + export PKG_FINAL_RSYNC_DESTDIR=${PKG_FINAL_RSYNC_DESTDIR:-"/storage/files/pkg"} else export PKG_FINAL_RSYNC_HOSTNAME=${PKG_FINAL_RSYNC_HOSTNAME:-"beta.pfsense.org"} export PKG_FINAL_RSYNC_DESTDIR=${PKG_FINAL_RSYNC_DESTDIR:-"/usr/local/www/beta/packages"} @@ -331,7 +338,7 @@ if [ -n "${_IS_RELEASE}" -o -n "${_IS_RC}" ]; then export PKG_REPO_BRANCH_DEVEL=${PKG_REPO_BRANCH_DEVEL:-"v2_3"} export PKG_REPO_BRANCH_STAGING=${PKG_REPO_BRANCH_STAGING:-${PKG_REPO_BRANCH_RELEASE}} else - export PKG_REPO_BRANCH_RELEASE=${PKG_REPO_BRANCH_RELEASE:-"v2_3_3"} + export PKG_REPO_BRANCH_RELEASE=${PKG_REPO_BRANCH_RELEASE:-"v2_3_4"} export PKG_REPO_BRANCH_DEVEL=${PKG_REPO_BRANCH_DEVEL:-${POUDRIERE_BRANCH}} export PKG_REPO_BRANCH_STAGING=${PKG_REPO_BRANCH_STAGING:-${PKG_REPO_BRANCH_DEVEL}} fi diff --git a/tools/conf/pfPorts/make.conf b/tools/conf/pfPorts/make.conf index 6e0a354..691d8f1 100644 --- a/tools/conf/pfPorts/make.conf +++ b/tools/conf/pfPorts/make.conf @@ -80,12 +80,18 @@ dns_bind99_UNSET_FORCE=FIXED_RRSET IDN LARGE_FILE dns_bind910_SET_FORCE=DLZ_FILESYSTEM FILTER_AAAA IPV6 LINKS RRL SIGCHASE SSL THREADS GSSAPI_NONE dns_bind910_UNSET_FORCE=FIXED_RRSET IDN LARGE_FILE +dns_bind911_SET_FORCE=DLZ_FILESYSTEM FILTER_AAAA IPV6 LINKS RRL SIGCHASE SSL THREADS GSSAPI_NONE +dns_bind911_UNSET_FORCE=FIXED_RRSET IDN LARGE_FILE LMDB +dns_bind-pfsense_SET_FORCE=DLZ_FILESYSTEM FILTER_AAAA IPV6 LINKS RRL SIGCHASE SSL THREADS GSSAPI_NONE +dns_bind-pfsense_UNSET_FORCE=FIXED_RRSET IDN LARGE_FILE LMDB + www_c-icap_SET_FORCE=LARGE_FILES www_c-icap_UNSET_FORCE=IPV6 graphics_cairo_UNSET_FORCE=X11 XCB OPENGL net_freeradius2_SET_FORCE=KERBEROS LDAP MYSQL PERL PGSQL PYTHON SSL_PORT +net_freeradius3_SET_FORCE=HEIMDAL LDAP MYSQL PERL PGSQL PYTHON SQLITE3 lang_gcc_UNSET_FORCE=JAVA @@ -119,7 +125,7 @@ www_squidguard_UNSET_FORCE=QUOTE_STRING www_squid_SET_FORCE=ARP_ACL AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF FS_AUFS FS_DISKD GSSAPI_MIT HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE LAX_HTTP SNMP SSL SSL_CRTD TP_PF WCCP WCCPV2 www_squid_UNSET_FORCE=AUTH_SMB AUTH_SQL DEBUG DNS_HELPER ECAP ESI FS_ROCK GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL STACKTRACES TP_IPF TP_IPFW VIA_DB -security_suricata_SET_FORCE=GEOIP HTP_PORT IPFW JSON LUAJIT NSS PORTS_PCAP NETMAP +security_suricata_SET_FORCE=GEOIP HTP_PORT IPFW JSON LUAJIT NSS PORTS_PCAP NETMAP HYPERSCAN REDIS security_suricata_UNSET_FORCE=LUA PRELUDE SC TESTS net-mgmt_zabbix22-agent_SET_FORCE=IPV6 SQLITE @@ -139,3 +145,5 @@ shells_scponly_UNSET_FORCE=DEFAULT_CHDIR DOCS GFTP RSYNC SVN SVNSERVE UNISON net-mgmt_net-snmp_SET_FORCE=IPV6 MFD_REWRITES TLS net-mgmt_net-snmp_UNSET_FORCE=AX_DISABLE_TRAP AX_SOCKONLY DOCS DUMMY JAIL MYSQL PYTHON SMUX TKMIB UNPRIVILEGED + +sysutils_pftop_SET_FORCE=ALTQ diff --git a/tools/conf/pfPorts/poudriere_bulk b/tools/conf/pfPorts/poudriere_bulk index b15f86b..d95a2ed 100644 --- a/tools/conf/pfPorts/poudriere_bulk +++ b/tools/conf/pfPorts/poudriere_bulk @@ -6,6 +6,7 @@ databases/php56-mysqli databases/php56-pdo_mysql benchmarks/iperf benchmarks/iperf3 +devel/aws-sdk-php dns/dnstop editors/vim-lite editors/nano @@ -17,6 +18,7 @@ net/trafshow3 net/vnstat net-mgmt/dhcp_probe net-mgmt/net-snmp +net-mgmt/iprange sysutils/htop sysutils/grub2-bhyve sysutils/pstree @@ -32,7 +34,7 @@ net/%%PRODUCT_NAME%%-pkg-pfBlockerNG net/%%PRODUCT_NAME%%-pkg-haproxy net/%%PRODUCT_NAME%%-pkg-haproxy-devel net/%%PRODUCT_NAME%%-pkg-Avahi -sysutils/%%PRODUCT_NAME%%-pkg-Netgate-Coreboot-Upgrade +sysutils/%%PRODUCT_NAME%%-pkg-Netgate_Coreboot_Upgrade sysutils/%%PRODUCT_NAME%%-pkg-Notes sysutils/%%PRODUCT_NAME%%-pkg-Backup sysutils/%%PRODUCT_NAME%%-pkg-Cron @@ -72,10 +74,12 @@ ftp/%%PRODUCT_NAME%%-pkg-tftpd security/%%PRODUCT_NAME%%-pkg-suricata www/%%PRODUCT_NAME%%-pkg-squid net/%%PRODUCT_NAME%%-pkg-ntopng +net-mgmt/%%PRODUCT_NAME%%-pkg-bandwidthd net-mgmt/%%PRODUCT_NAME%%-pkg-zabbix-agent net-mgmt/%%PRODUCT_NAME%%-pkg-zabbix-proxy net/%%PRODUCT_NAME%%-pkg-LADVD net/%%PRODUCT_NAME%%-pkg-freeradius2 +net/%%PRODUCT_NAME%%-pkg-freeradius3 sysutils/%%PRODUCT_NAME%%-pkg-syslog-ng net/%%PRODUCT_NAME%%-pkg-Status_Traffic_Totals net/hping diff --git a/tools/templates/pkg_repos/pfSense-repo.conf b/tools/templates/pkg_repos/pfSense-repo.conf index 953ecfd..6cde860 100644 --- a/tools/templates/pkg_repos/pfSense-repo.conf +++ b/tools/templates/pkg_repos/pfSense-repo.conf @@ -1,7 +1,7 @@ FreeBSD: { enabled: no } %%PRODUCT_NAME%%-core: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%_%%ARCH%%-core", + url: "%%PKG_REPO_SERVER_RELEASE%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%_%%ARCH%%-core", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", @@ -9,7 +9,7 @@ FreeBSD: { enabled: no } } %%PRODUCT_NAME%%: { - url: "%%PKG_REPO_SERVER_DEVEL%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%_%%ARCH%%-%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%", + url: "%%PKG_REPO_SERVER_RELEASE%%/%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%_%%ARCH%%-%%PRODUCT_NAME%%_%%PKG_REPO_BRANCH_RELEASE%%", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/local/share/%%PRODUCT_NAME%%/keys/pkg", |