diff options
author | Renato Botelho <renato.botelho@bluepex.com> | 2010-10-13 08:39:39 -0300 |
---|---|---|
committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-10-13 08:39:39 -0300 |
commit | 8eec6fc0d1264ab87a9938b25a3f93682d6c8b0f (patch) | |
tree | 2177999c3c13c05c00735008c7345bf7dec6e5d3 /etc/inc | |
parent | 10f0a57ab4f47e73a3d248087ee54f805b4d7367 (diff) | |
parent | 5a171fb7cce71f4e2a737847c3ede56298e0b0cf (diff) | |
download | pfsense-8eec6fc0d1264ab87a9938b25a3f93682d6c8b0f.zip pfsense-8eec6fc0d1264ab87a9938b25a3f93682d6c8b0f.tar.gz |
Merge remote branch 'mainline/master' into inc
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/easyrule.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 2 | ||||
-rwxr-xr-x | etc/inc/openvpn.auth-user.php | 7 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 4 | ||||
-rw-r--r-- | etc/inc/services.inc | 10 |
5 files changed, 21 insertions, 4 deletions
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 2e3af4b..d834702 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -80,6 +80,8 @@ function easyrule_block_rule_exists($int = 'wan') { /* Search through the rules for one referencing our alias */ foreach ($config['filter']['rule'] as $rule) + if (!is_array($rule) || !is_array($rule['source'])) + continue; if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int)) return true; return false; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 1be6068..8e749e5 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -133,7 +133,7 @@ function interface_vlan_configure(&$vlan) { pfSense_interface_capabilities($if, IFCAP_VLAN_HWTAGGING|IFCAP_VLAN_MTU|IFCAP_VLAN_HWFILTER); if (!empty($vlanif) && does_interface_exist($vlanif)) { - interface_bring_down($vlanif); + interface_bring_down($vlanif, true); } else { $tmpvlanif = pfSense_interface_create("vlan"); pfSense_interface_rename($tmpvlanif, $vlanif); diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index a611f8c..544e21f 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -85,6 +85,7 @@ openlog("openvpn", LOG_ODELAY, LOG_AUTH); /* read data from environment */ $username = getenv("username"); $password = getenv("password"); +$common_name = getenv("common_name"); if (!$username || !$password) { syslog(LOG_ERR, "invalid user authentication environment"); @@ -95,6 +96,12 @@ if (!$username || !$password) { //<template> $authenticated = false; + +if (($strictusercn === true) && ($common_name != $username)) { + syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); + exit(1); +} + foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "local") diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 1e7e9b8..c528f67 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -392,7 +392,9 @@ function openvpn_reconfigure($mode,& $settings) { $firstsed = 1; $sed .= "\"{$authcfg}\""; } - $sed .= ");"; + $sed .= ");\\\n"; + if (isset($settings['strictusercn'])) + $sed .= "\$strictusercn = true;"; mwexec("/bin/cat /etc/inc/openvpn.auth-user.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index c91071c..82166d6 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -565,12 +565,18 @@ function services_dhcrelay_configure() { $destif = get_real_interface("wan"); } - $dhcrelayifs[] = $destif; + if (!empty($destif)) + $dhcrelayifs[] = $destif; } $dhcrelayifs = array_unique($dhcrelayifs); /* fire up dhcrelay */ - $cmd = "/usr/local/sbin/dhcrelay -i " . join(" -i ", $dhcrelayifs); + if (empty($dhcrelayifs)) { + log_error("No suitable interface found for running dhcrelay!"); + return; /* XXX */ + } + + $cmd = "/usr/local/sbin/dhcrelay -i " . implode(" -i ", $dhcrelayifs); if (isset($dhcrelaycfg['agentoption'])) $cmd .= " -a -m replace"; |