diff options
| author | jim-p <jimp@pfsense.org> | 2013-03-20 13:24:12 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-03-20 13:26:16 -0400 |
| commit | ba1d9714c5a96d892a6a80157d542f2dbe4fb71c (patch) | |
| tree | 079bdc26e13959e111de0c3e70e1523e80ed1f16 /etc/inc/config.lib.inc | |
| parent | 919ff1f07070287ee1408ae4d8e530efa756106f (diff) | |
| download | pfsense-ba1d9714c5a96d892a6a80157d542f2dbe4fb71c.zip pfsense-ba1d9714c5a96d892a6a80157d542f2dbe4fb71c.tar.gz | |
Track user/time a firewall rule was created and last updated, and show this information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
Diffstat (limited to 'etc/inc/config.lib.inc')
| -rw-r--r-- | etc/inc/config.lib.inc | 59 |
1 files changed, 36 insertions, 23 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index d6e48e5..bbd6fec 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -509,35 +509,13 @@ function write_config($desc="Unknown", $backup = true) { } } - if (empty($_SESSION["Username"])) { - if (empty($_ENV['USER']) || $_ENV['USER'] == "root") - $username = "(system)"; - else - $username = $_ENV['USER']; - } else - $username = $_SESSION["Username"]; - - if (!empty($_SERVER['REMOTE_ADDR'])) - $username .= '@' . $_SERVER['REMOTE_ADDR']; - if (!isset($argc)) session_commit(); if($backup) backup_config(); - if (!is_array($config['revision'])) - $config['revision'] = array(); - - if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ - $config['revision']['time'] = time(); - - /* Log the running script so it's not entirely unlogged what changed */ - if ($desc == "Unknown") - $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); - - $config['revision']['description'] = "{$username}: " . $desc; - $config['revision']['username'] = $username; + $config['revision'] = make_config_revision_entry($desc); conf_mount_rw(); $lockkey = lock('config', LOCK_EX); @@ -894,4 +872,39 @@ function set_device_perms() { } } +function get_config_user() { + if (empty($_SESSION["Username"])) { + if (empty($_ENV['USER']) || $_ENV['USER'] == "root") + $username = "(system)"; + else + $username = $_ENV['USER']; + } else + $username = $_SESSION["Username"]; + + if (!empty($_SERVER['REMOTE_ADDR'])) + $username .= '@' . $_SERVER['REMOTE_ADDR']; + + return $username; +} + +function make_config_revision_entry($desc = null, $override_user = null) { + if (empty($override_user)) + $username = get_config_user(); + else + $username = $override_user; + + $revision = array(); + + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ + $revision['time'] = time(); + + /* Log the running script so it's not entirely unlogged what changed */ + if ($desc == "Unknown") + $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); + if (!empty($desc)) + $revision['description'] = "{$username}: " . $desc; + $revision['username'] = $username; + return $revision; +} + ?> |
