diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2011-03-27 14:24:47 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2011-03-27 14:24:47 -0400 |
commit | d68647a11a553ad6bec1993385196b4ecdba5a46 (patch) | |
tree | 4651193a15f09319b65e91f6586859baacade374 | |
parent | 404e0009306860284e0df34efdc36eb6fb5f0ed2 (diff) | |
parent | 17730d9d862d2bee9ca9e87c31ca10cf1bd460a7 (diff) | |
download | pfsense-d68647a11a553ad6bec1993385196b4ecdba5a46.zip pfsense-d68647a11a553ad6bec1993385196b4ecdba5a46.tar.gz |
Merge remote branch 'upstream/master'
-rw-r--r-- | etc/inc/captiveportal.inc | 86 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 13 | ||||
-rw-r--r-- | etc/inc/filter.inc | 11 | ||||
-rw-r--r-- | etc/inc/priv.defs.inc | 12 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 39 | ||||
-rwxr-xr-x | etc/rc.bootup | 4 | ||||
-rwxr-xr-x | etc/sshd | 8 | ||||
-rwxr-xr-x | usr/local/www/carp_status.php | 2 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 157 |
9 files changed, 138 insertions, 194 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index f8c0ccd..196d83c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -57,6 +57,7 @@ function get_default_captive_portal_html() { <html> <body> <form method="post" action="\$PORTAL_ACTION\$"> + <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <center> <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> <tr height="10" bgcolor="#990000"> @@ -94,7 +95,6 @@ function get_default_captive_portal_html() { <div id='loginbox'> Enter Voucher Code: <input name="auth_voucher" type="text" style="border:1px dashed;" size="22"> - <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <input name="accept" type="submit" value="Continue"> </div> </center> @@ -273,82 +273,8 @@ function captiveportal_configure() { if ($config['captiveportal']['page']['errtext']) $errtext = base64_decode($config['captiveportal']['page']['errtext']); else { - /* example page */ - $errtext = <<<EOD -<html> - <body> - <form method="post" action="\$PORTAL_ACTION\$"> - <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> - <center> - <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> - <tr height="10" bgcolor="#990000"> - <td style="border-bottom:1px solid #000000"> - <font color='white'> - <b> - {$g['product_name']} captive portal - </b> - </font> - </td> - </tr> - <tr> - <td> - <div id="mainlevel"> - <center> - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <center> - <div id="mainarea"> - <center> - <table width="100%" border="0" cellpadding="5" cellspacing="5"> - <tr> - <td> - <div id="maindivarea"> - <center> - <div id='statusbox'> - <font color='red' face='arial' size='+1'> - <b> - \$PORTAL_MESSAGE\$ - </b> - </font> - </div> - <br/> - <div id='loginbox'> - <table> - <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> - <tr><td> </td></tr> - <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> - <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> - <tr><td> </td></tr> - <tr> - <td colspan="2"> - <center><input name="accept" type="submit" value="Continue"></center> - </td> - </tr> - </table> - </div> - </center> - </div> - </td> - </tr> - </table> - </center> - </div> - </center> - </td> - </tr> - </table> - </center> - </div> - </td> - </tr> - </table> - </center> - </form> - </body> -</html> - -EOD; + /* example page */ + $errtext = get_default_captive_portal_html(); } $fd = @fopen("{$g['varetc_path']}/captiveportal-error.html", "w"); @@ -684,7 +610,7 @@ EOD; if ($reinit == false) unlock($captiveportallck); - /* filter on layer2 as well so we can check MAC addresses */ + /* activate ipfw(4) so CP can work */ mwexec("/sbin/sysctl net.link.ether.ipfw=1"); return $cprules; @@ -1389,7 +1315,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang * and the out pipe ruleno + 1. This removes limitation that where present in * previous version of the peruserbw. */ - if (isset($config['captiveportal']['peruserbw'])) + if (isset($config['captiveportal']['peruserbw']) || $usebw == true) $ridx++; continue; } @@ -1814,7 +1740,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* redirect user to desired destination */ if (!empty($attributes['url_redirection'])) $my_redirurl = $attributes['url_redirection']; - else if ($config['captiveportal']['redirurl']) + else if (!empty($config['captiveportal']['redirurl'])) $my_redirurl = $config['captiveportal']['redirurl']; else $my_redirurl = $redirurl; diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 586d687..11e1ec3 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -301,16 +301,13 @@ EOD; * null ******/ /* mount flash card read/write */ -function conf_mount_rw($nobootcheck = false) { +function conf_mount_rw() { global $g; /* do not mount on cdrom platform */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; - if($g['booting'] && !$nobootcheck) - return; - if (refcount_reference(1000) > 1) return; @@ -324,7 +321,7 @@ function conf_mount_rw($nobootcheck = false) { /* if the platform is soekris or wrap or pfSense, lets mount the * compact flash cards root. - */ + */ $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); /* we could not mount this correctly. kick off fsck */ if($status <> 0) { @@ -342,14 +339,14 @@ function conf_mount_rw($nobootcheck = false) { * RESULT * null ******/ -function conf_mount_ro($nobootcheck = false) { +function conf_mount_ro() { global $g; /* do not umount on cdrom or pfSense platforms */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; - if($g['booting'] && !$nobootcheck) + if($g['booting']) return; if (refcount_unreference(1000) > 0) @@ -855,4 +852,4 @@ function set_device_perms() { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 78aa401..fae42a6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1074,7 +1074,12 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $socktype = "stream"; $dash_u = ""; } - $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"; + $target = explode(" ", $target); + foreach ($target as $targip) { + if (empty($targip)) + continue; + $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; + } } $inetdport++; } @@ -1976,7 +1981,7 @@ function filter_generate_user_rule($rule) { } else $aline['flags'] .= "keep state "; - if($noadvoptions == false || $l7_present) + if($noadvoptions == false) if( (isset($rule['source-track']) and $rule['source-track'] <> "") or (isset($rule['max']) and $rule['max'] <> "") or (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or @@ -1985,7 +1990,7 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") or (isset($rule['max-src-states']) and $rule['max-src-states'] <> "") or (isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or - isset($rule['sloppy']) or $l7_present) { + isset($rule['sloppy'])) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) $aline['flags'] .= "sloppy "; diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index 74cd92f..941120c 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -198,6 +198,12 @@ $priv_list['page-diagnostics-traceroute']['descr'] = "Allow access to the 'Diagn $priv_list['page-diagnostics-traceroute']['match'] = array(); $priv_list['page-diagnostics-traceroute']['match'][] = "diag_traceroute.php*"; +$priv_list['page-diagnostics-tables'] = array(); +$priv_list['page-diagnostics-tables']['name'] = "WebCfg - Diagnostics: Tables page"; +$priv_list['page-diagnostics-tables']['descr'] = "Allow access to the 'Diagnostics: Tables' page."; +$priv_list['page-diagnostics-tables']['match'] = array(); +$priv_list['page-diagnostics-tables']['match'][] = "diag_tables.php*"; + $priv_list['page-diagnostics-command'] = array(); $priv_list['page-diagnostics-command']['name'] = "WebCfg - Diagnostics: Command page"; $priv_list['page-diagnostics-command']['descr'] = "Allow access to the 'Diagnostics: Command' page."; @@ -1111,12 +1117,6 @@ $priv_list['page-system-groupmanager']['descr'] = "Allow access to the 'System: $priv_list['page-system-groupmanager']['match'] = array(); $priv_list['page-system-groupmanager']['match'][] = "system_groupmanager.php*"; -$priv_list['page-diag-showbogons'] = array(); -$priv_list['page-diag-showbogons']['name'] = "WebCfg - Diagnostics: Show Bogonsity"; -$priv_list['page-diag-showbogons']['descr'] = "Allows access to the 'Diagnostics: Show Bogons' page"; -$priv_list['page-diag-showbogons']['match'] = array(); -$priv_list['page-diag-showbogons']['match'][] = "diag_showbogons.php"; - $priv_list['page-status-trafficgraph'] = array(); $priv_list['page-status-trafficgraph']['name'] = "WebCfg - Status: Traffic Graph page"; $priv_list['page-status-trafficgraph']['descr'] = "Allow access to the 'Status: Traffic Graph' page."; diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index f4b5e1b..d5c040b 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -41,9 +41,9 @@ function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $user global $g, $config; require_once("xmlrpc.inc"); if($port == "443") - $url = "https://{$syncip}:{$port}"; + $url = "https://{$syncip}"; else - $url = "http://{$syncip}:{$port}"; + $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ $method = 'pfsense.exec_php'; @@ -89,15 +89,15 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, global $g, $config; require_once("xmlrpc.inc"); if($port == "443") - $url = "https://{$syncip}:{$port}"; + $url = "https://{$syncip}"; else - $url = "http://{$syncip}:{$port}"; + $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ $method = 'pfsense.exec_php'; $execcmd = <<<EOF require_once('/etc/inc/voucher.inc'); - \$timeleft = voucher_auth($voucher_received); + \$timeleft = voucher_auth({$voucher_received}); \$toreturn = array(); \$toreturn['timeleft'] = \$timeleft; \$toreturn['voucher']['roll'] = \$config['voucher']['roll']; @@ -119,12 +119,12 @@ EOF; $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); - return array("timeleft" => "0"); + return 0; // $timeleft } elseif($resp->faultCode()) { $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Error code received", ""); - return array("timeleft" => "0"); + return 0; // $timeleft } else { log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } @@ -132,7 +132,7 @@ EOF; if(count($toreturn['voucher']['roll']) <> count($config['voucher']['roll'])) { $config['voucher']['roll'] = $toreturn['voucher']['roll']; write_config("Captive Portal Voucher database synchronized with {$url}"); - voucher_configure(); + voucher_configure(true); } return $toreturn['timeleft']; @@ -230,12 +230,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); + captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected $test_result[] = "$voucher invalid: $result !!"; - captiveportal_syslog("$voucher invalid: $result !!"); + captiveportal_syslog("$voucher invalid: $result !!"); $error++; } } @@ -247,7 +247,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = "Access granted for $total_minutes Minutes in total."; } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -264,8 +264,8 @@ function voucher_auth($voucher_received, $test = 0) { // If we did a XMLRPC sync earlier check the timeleft if(!empty($a_voucher['vouchersyncdbip'])) - if($remote_time_used['timeleft'] < $total_minutes) - $total_minutes = $remote_time_used['timeleft']; + if($remote_time_used < $total_minutes) + $total_minutes = $remote_time_used; // All given vouchers were valid and this isn't simply a test. // Write back the used DB's @@ -301,8 +301,8 @@ function voucher_auth($voucher_received, $test = 0) { return $total_minutes; } -function voucher_configure() { - global $config, $g; +function voucher_configure($sync = false) { + global $config, $g; /* kill any running minicron */ killbypid("{$g['varrun_path']}/vouchercron.pid"); @@ -312,6 +312,8 @@ function voucher_configure() { if ($g['booting']) echo "Enabling voucher support... "; + if ($sync == true) + captiveportal_syslog("Writing voucher db from sync data..."); // start cron if we're asked to save runtime DB periodically // to XML config if it changed @@ -329,7 +331,7 @@ function voucher_configure() { $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { captiveportal_syslog("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); + unlock($voucherlck); return 1; } fwrite($fd, $pubkey); @@ -348,7 +350,7 @@ function voucher_configure() { @chmod("{$g['varetc_path']}/voucher.cfg", 0600); unlock($voucherlck); - if ($g['booting'] && is_array($config['voucher']['roll'])) { + if (($g['booting'] || $sync == true) && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; @@ -375,7 +377,8 @@ function voucher_configure() { } unlock($voucherlck); - echo "done\n"; + if ($g['booting']) + echo "done\n"; } return 0; diff --git a/etc/rc.bootup b/etc/rc.bootup index b7a632e..6cff6ac 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -129,7 +129,7 @@ $memory = get_memory(); $avail = $memory[0]; echo " done.\n"; -conf_mount_rw(true); +conf_mount_rw(); /* save dmesg output to file */ system_dmesg_save(); @@ -400,6 +400,6 @@ unset($g['booting']); led_normalize(); -conf_mount_ro(true); +conf_mount_ro(); ?> @@ -42,7 +42,10 @@ exit; } - conf_mount_rw(true); + /* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */ + if(!is_subsystem_dirty('sshdkeys')) { + conf_mount_rw(); + } function file_size($file) { $size = filesize($file); @@ -138,7 +141,6 @@ /* are we already running? if so exit */ if(is_subsystem_dirty('sshdkeys')) { - conf_mount_ro(true); exit; } @@ -185,6 +187,6 @@ exec("mkdir /conf/sshd"); exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } - conf_mount_ro(true); + conf_mount_ro(); ?> diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 187736b..12b8be9 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -68,7 +68,7 @@ if($_POST['disablecarp'] <> "") { } } } - $savemsg = sprintf(gettext("%s IPs have been disabled."), $carp_counter); + $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter); } else { $savemsg = gettext("CARP has been enabled."); mwexec("/sbin/sysctl net.inet.carp.allow=1"); diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 2ad0217..d6ffc55 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -168,34 +168,42 @@ if ($_POST) { /* input validation */ if ($_POST['enable']) { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + if (!$_POST['vouchersyncusername']) { + $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); + $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + } else { + $reqdfields = explode(" ", "vouchersyncdbip vouchersyncport vouchersyncpass vouchersyncusername"); + $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"),gettext("Sync port"),gettext("Sync password"),gettext("Sync username")); + } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } - // Check for form errors - if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) - $input_errors[] = gettext("Need at least 2 characters to create vouchers."); - if ($_POST['charset'] && (strpos($_POST['charset'],"\"")>0)) - $input_errors[] = gettext("Double quotes aren't allowed."); - if ($_POST['charset'] && (strpos($_POST['charset'],",")>0)) - $input_errors[] = "',' " . gettext("aren't allowed."); - if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) - $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); - if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) - $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); - if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) - $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) - $input_errors[] = gettext("Save interval in minutes cant be negative."); - if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) - $input_errors[] = gettext("This doesn't look like an RSA Public key."); - if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) - $input_errors[] = gettext("This doesn't look like an RSA Private key."); + if (!$_POST['vouchersyncusername']) { + // Check for form errors + if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) + $input_errors[] = gettext("Need at least 2 characters to create vouchers."); + if ($_POST['charset'] && (strpos($_POST['charset'],"\"")>0)) + $input_errors[] = gettext("Double quotes aren't allowed."); + if ($_POST['charset'] && (strpos($_POST['charset'],",")>0)) + $input_errors[] = "',' " . gettext("aren't allowed."); + if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) + $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); + if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) + $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); + if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) + $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); + if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) + $input_errors[] = gettext("Save interval in minutes cant be negative."); + if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) + $input_errors[] = gettext("This doesn't look like an RSA Public key."); + if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) + $input_errors[] = gettext("This doesn't look like an RSA Private key."); + } if (!$input_errors) { - $config['voucher']['enable'] = $_POST['enable'] ? true : false; + $config['voucher']['enable'] = $_POST['enable'] ? true : false; + if (!$_POST['vouchersyncusername']) { $config['voucher']['charset'] = $_POST['charset']; $config['voucher']['rollbits'] = $_POST['rollbits']; $config['voucher']['ticketbits'] = $_POST['ticketbits']; @@ -206,6 +214,9 @@ if ($_POST) { $config['voucher']['privatekey'] = base64_encode($_POST['privatekey']); $config['voucher']['msgnoaccess'] = $_POST['msgnoaccess']; $config['voucher']['msgexpired'] = $_POST['msgexpired']; + write_config(); + voucher_configure(); + } else { $config['voucher']['vouchersyncdbip'] = $_POST['vouchersyncdbip']; $config['voucher']['vouchersyncport'] = $_POST['vouchersyncport']; $config['voucher']['vouchersyncusername'] = $_POST['vouchersyncusername']; @@ -215,34 +226,28 @@ if ($_POST) { // Synchronize the voucher DB from the master node require_once("xmlrpc.inc"); if($config['voucher']['vouchersyncport'] == "443") - $url = "https://{$config['voucher']['vouchersyncdbip']}:{$config['voucher']['vouchersyncport']}"; + $url = "https://{$config['voucher']['vouchersyncdbip']}"; else - $url = "http://{$config['voucher']['vouchersyncdbip']}:{$config['voucher']['vouchersyncport']}"; + $url = "http://{$config['voucher']['vouchersyncdbip']}"; + $execcmd = <<<EOF - \$toreturn['voucher']['roll'] = \$config['voucher']['roll']; - \$toreturn['voucher']['charset'] = \$config['voucher']['charset']; - \$toreturn['voucher']['rollbits'] = \$config['voucher']['rollbits']; - \$toreturn['voucher']['ticketbits'] = \$config['voucher']['ticketbits']; - \$toreturn['voucher']['saveinterval'] = \$config['voucher']['saveinterval']; - \$toreturn['voucher']['checksumbits'] = \$config['voucher']['checksumbits']; - \$toreturn['voucher']['magic'] = \$config['voucher']['magic']; - \$toreturn['voucher']['publickey'] = \$config['voucher']['publickey']; - \$toreturn['voucher']['privatekey'] = \$config['voucher']['privatekey']; - \$toreturn['voucher']['msgnoaccess'] = \$config['voucher']['msgnoaccess']; - \$toreturn['voucher']['msgexpired'] = \$config['voucher']['msgexpired']; - + \$toreturn['voucher'] = \$config['voucher']; + unset(\$toreturn['vouchersyncport'], \$toreturn['vouchersyncpass'], \$toreturn['vouchersyncusername'], \$toreturn['vouchersyncdbip']); + EOF; + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($config['voucher']['vouchersyncpass']), XML_RPC_encode($execcmd) ); + $port = $config['voucher']['vouchersyncport']; log_error("voucher XMLRPC sync data {$url}:{$port}."); $msg = new XML_RPC_Message('pfsense.exec_php', $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $config['voucher']['vouchersyncport']); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($config['voucher']['vouchersyncusername'], $config['voucher']['vouchersyncpass']); $resp = $cli->send($msg, "250"); - if(!$resp) { + if(!is_object($resp)) { $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); @@ -257,43 +262,47 @@ EOF; } else { log_error("The Captive Portal voucher database has been synchronized with {$url}:{$port} (pfsense.exec_php)."); } - $toreturn = XML_RPC_Decode($resp->value()); - if(!is_array($toreturn)) { - if($toreturn == "Authentication failed") - $input_errors[] = "Could not synchronize the voucher database: Authentication Failed."; - } else { - // If we received back the voucher roll and other information then store it. - if($toreturn['voucher']['roll']) - $config['voucher']['roll'] = $toreturn['voucher']['roll']; - if($toreturn['voucher']['rollbits']) - $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; - if($toreturn['voucher']['ticketbits']) - $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; - if($toreturn['voucher']['saveinterval']) - $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; - if($toreturn['voucher']['checksumbits']) - $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; - if($toreturn['voucher']['magic']) - $config['voucher']['magic'] = $toreturn['voucher']['magic']; - if($toreturn['voucher']['publickey']) - $config['voucher']['publickey'] = $toreturn['voucher']['publickey']; - if($toreturn['voucher']['privatekey']) - $config['voucher']['privatekey'] = $toreturn['voucher']['privatekey']; - if($toreturn['voucher']['msgnoaccess']) - $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; - if($toreturn['voucher']['msgexpired']) - $config['voucher']['msgexpired'] = $toreturn['voucher']['msgexpired']; - if($toreturn['voucher']['msgnoaccess']) - $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; - $savemsg = gettext("Voucher database has been synchronized from {$url}"); + if (!$input_errors) { + $toreturn = XML_RPC_Decode($resp->value()); + if(!is_array($toreturn)) { + if($toreturn == "Authentication failed") + $input_errors[] = "Could not synchronize the voucher database: Authentication Failed."; + } else { + // If we received back the voucher roll and other information then store it. + if($toreturn['voucher']['roll']) + $config['voucher']['roll'] = $toreturn['voucher']['roll']; + if($toreturn['voucher']['rollbits']) + $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; + if($toreturn['voucher']['ticketbits']) + $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; + if($toreturn['voucher']['saveinterval']) + $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; + if($toreturn['voucher']['checksumbits']) + $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; + if($toreturn['voucher']['magic']) + $config['voucher']['magic'] = $toreturn['voucher']['magic']; + if($toreturn['voucher']['publickey']) + $config['voucher']['publickey'] = $toreturn['voucher']['publickey']; + if($toreturn['voucher']['privatekey']) + $config['voucher']['privatekey'] = $toreturn['voucher']['privatekey']; + if($toreturn['voucher']['msgnoaccess']) + $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; + if($toreturn['voucher']['msgexpired']) + $config['voucher']['msgexpired'] = $toreturn['voucher']['msgexpired']; + if($toreturn['voucher']['msgnoaccess']) + $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; + $savemsg = gettext("Voucher database has been synchronized from {$url}:{$port}"); + + write_config(); + voucher_configure(true); + } } } - write_config(); - voucher_configure(); - if($savemsg && isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) - $savemsg .= "<br/>"; - if (isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) - $savemsg .= gettext("Don't forget to configure and enable Captive Portal."); + } + if($savemsg && isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) + $savemsg .= "<br/>"; + if (isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) + $savemsg .= gettext("Don't forget to configure and enable Captive Portal."); } } include("head.inc"); @@ -582,6 +591,8 @@ function enable_change(enable_change) { <td colspan="2" class="list"><p class="vexpl"> <span class="red"><strong> <?=gettext("Note:"); ?><br> </strong></span> <?=gettext("Changing any Voucher parameter (apart from managing the list of Rolls) on this page will render existing vouchers useless if they were generated with different settings."); ?> + <br/> + <?=gettext("Specifying the Voucher Database Synchronization options will not record any other value from the other options. They will be retrieved/synced from the master."); ?> </p> </td> </tr> |