diff options
author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-20 08:50:19 -0300 |
---|---|---|
committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-20 08:50:19 -0300 |
commit | f0b17f3f7226f819c94dfab4c9abc0f3e4962152 (patch) | |
tree | 3118cd18bd89dd64cf991c1023099d63593ecedd /etc | |
parent | d8012adbce60d9a90dac54e5b7832f8fa7e82fb6 (diff) | |
parent | 3745f21e2a9ccac1dadf78864ef65f2318ac919c (diff) | |
download | pfsense-f0b17f3f7226f819c94dfab4c9abc0f3e4962152.zip pfsense-f0b17f3f7226f819c94dfab4c9abc0f3e4962152.tar.gz |
Merge remote-tracking branch 'mainline/master' into inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ca_countries | 245 | ||||
-rw-r--r-- | etc/inc/captiveportal.inc | 43 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 4 | ||||
-rw-r--r-- | etc/inc/dyndns.class | 2 | ||||
-rw-r--r-- | etc/inc/filter.inc | 9 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 48 | ||||
-rw-r--r-- | etc/inc/system.inc | 73 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 11 | ||||
-rw-r--r-- | etc/inc/util.inc | 35 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 48 | ||||
-rw-r--r-- | etc/pfSense.obsoletedfiles | 3 | ||||
-rwxr-xr-x | etc/rc.filter_synchronize | 46 | ||||
-rwxr-xr-x | etc/rc.initial.setlanip | 2 | ||||
-rwxr-xr-x | etc/rc.newwanip | 2 | ||||
-rwxr-xr-x | etc/rc.php_ini_setup | 2 | ||||
-rw-r--r-- | etc/version | 2 |
17 files changed, 476 insertions, 101 deletions
diff --git a/etc/ca_countries b/etc/ca_countries new file mode 100644 index 0000000..291711c --- /dev/null +++ b/etc/ca_countries @@ -0,0 +1,245 @@ +US United States of America +CA Canada +AX Aland Islands +AD Andorra +AE United Arab Emirates +AF Afghanistan +AG Antigua and Barbuda +AI Anguilla +AL Albania +AM Armenia +AN Netherlands Antilles +AO Angola +AQ Antarctica +AR Argentina +AS American Samoa +AT Austria +AU Australia +AW Aruba +AZ Azerbaijan +BA Bosnia and Herzegovina +BB Barbados +BD Bangladesh +BE Belgium +BF Burkina Faso +BG Bulgaria +BH Bahrain +BI Burundi +BJ Benin +BM Bermuda +BN Brunei Darussalam +BO Bolivia +BR Brazil +BS Bahamas +BT Bhutan +BV Bouvet Island +BW Botswana +BZ Belize +CA Canada +CC Cocos (Keeling) Islands +CF Central African Republic +CH Switzerland +CI Cote D'Ivoire (Ivory Coast) +CK Cook Islands +CL Chile +CM Cameroon +CN China +CO Colombia +CR Costa Rica +CS Czechoslovakia (former) +CV Cape Verde +CX Christmas Island +CY Cyprus +CZ Czech Republic +DE Germany +DJ Djibouti +DK Denmark +DM Dominica +DO Dominican Republic +DZ Algeria +EC Ecuador +EE Estonia +EG Egypt +EH Western Sahara +ER Eritrea +ES Spain +ET Ethiopia +FI Finland +FJ Fiji +FK Falkland Islands (Malvinas) +FM Micronesia +FO Faroe Islands +FR France +FX France, Metropolitan +GA Gabon +GB Great Britain (UK) +GD Grenada +GE Georgia +GF French Guiana +GG Guernsey +GH Ghana +GI Gibraltar +GL Greenland +GM Gambia +GN Guinea +GP Guadeloupe +GQ Equatorial Guinea +GR Greece +GS S. Georgia and S. Sandwich Isls. +GT Guatemala +GU Guam +GW Guinea-Bissau +GY Guyana +HK Hong Kong +HM Heard and McDonald Islands +HN Honduras +HR Croatia (Hrvatska) +HT Haiti +HU Hungary +ID Indonesia +IE Ireland +IL Israel +IM Isle of Man +IN India +IO British Indian Ocean Territory +IS Iceland +IT Italy +JE Jersey +JM Jamaica +JO Jordan +JP Japan +KE Kenya +KG Kyrgyzstan +KH Cambodia +KI Kiribati +KM Comoros +KN Saint Kitts and Nevis +KR Korea (South) +KW Kuwait +KY Cayman Islands +KZ Kazakhstan +LA Laos +LC Saint Lucia +LI Liechtenstein +LK Sri Lanka +LS Lesotho +LT Lithuania +LU Luxembourg +LV Latvia +LY Libya +MA Morocco +MC Monaco +MD Moldova +ME Montenegro +MG Madagascar +MH Marshall Islands +MK Macedonia +ML Mali +MM Myanmar +MN Mongolia +MO Macau +MP Northern Mariana Islands +MQ Martinique +MR Mauritania +MS Montserrat +MT Malta +MU Mauritius +MV Maldives +MW Malawi +MX Mexico +MY Malaysia +MZ Mozambique +NA Namibia +NC New Caledonia +NE Niger +NF Norfolk Island +NG Nigeria +NI Nicaragua +NL Netherlands +NO Norway +NP Nepal +NR Nauru +NT Neutral Zone +NU Niue +NZ New Zealand (Aotearoa) +OM Oman +PA Panama +PE Peru +PF French Polynesia +PG Papua New Guinea +PH Philippines +PK Pakistan +PL Poland +PM St. Pierre and Miquelon +PN Pitcairn +PR Puerto Rico +PS Palestinian Territory +PT Portugal +PW Palau +PY Paraguay +QA Qatar +RE Reunion +RO Romania +RS Serbia +RU Russian Federation +RW Rwanda +SA Saudi Arabia +SB Solomon Islands +SC Seychelles +SE Sweden +SG Singapore +SH St. Helena +SI Slovenia +SJ Svalbard and Jan Mayen Islands +SK Slovak Republic +SL Sierra Leone +SM San Marino +SN Senegal +SR Suriname +ST Sao Tome and Principe +SU USSR (former) +SV El Salvador +SZ Swaziland +TC Turks and Caicos Islands +TD Chad +TF French Southern Territories +TG Togo +TH Thailand +TJ Tajikistan +TK Tokelau +TM Turkmenistan +TN Tunisia +TO Tonga +TP East Timor +TR Turkey +TT Trinidad and Tobago +TV Tuvalu +TW Taiwan +TZ Tanzania +UA Ukraine +UG Uganda +UM US Minor Outlying Islands +US United States +UY Uruguay +UZ Uzbekistan +VA Vatican City State (Holy See) +VC Saint Vincent and the Grenadines +VE Venezuela +VG Virgin Islands (British) +VI Virgin Islands (U.S.) +VN Viet Nam +VU Vanuatu +WF Wallis and Futuna Islands +WS Samoa +YE Yemen +YT Mayotte +ZA South Africa +ZM Zambia +COM US Commercial +EDU US Educational +GOV US Government +INT International +MIL US Military +NET Network +ORG Non-Profit Organization +ARPA Old style Arpanet diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 5d6074e..a6bdb33 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -652,6 +652,13 @@ function captiveportal_prune_old() { * had a chance to iterate over all accounts. */ $unsetindexes = array(); + $voucher_needs_sync = false; + /* + * Snapshot the time here to use for calculation to speed up the process. + * If something is missed next run will catch it! + */ + $pruning_time = time(); + $stop_time = $pruning_time; foreach ($cpdb as $cpentry) { $timedout = false; @@ -659,7 +666,7 @@ function captiveportal_prune_old() { /* hard timeout? */ if ($timeout) { - if ((time() - $cpentry[0]) >= $timeout) { + if (($pruning_time - $cpentry[0]) >= $timeout) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -667,7 +674,7 @@ function captiveportal_prune_old() { /* Session-Terminate-Time */ if (!$timedout && !empty($cpentry[9])) { - if (time() >= $cpentry[9]) { + if ($pruning_time >= $cpentry[9]) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -682,7 +689,7 @@ function captiveportal_prune_old() { * We "fix" this by setting lastact to the login timestamp. */ $lastact = $lastact ? $lastact : $cpentry[0]; - if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) { $timedout = true; $term_cause = 4; // Idle-Timeout $stop_time = $lastact; // Entry added to comply with WISPr @@ -691,15 +698,16 @@ function captiveportal_prune_old() { /* if vouchers are configured, activate session timeouts */ if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout + $voucher_needs_sync = true; } } /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -762,6 +770,10 @@ function captiveportal_prune_old() { } } + if ($voucher_needs_sync == true) + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + /* write database */ if (!empty($unsetindexes)) captiveportal_write_db($cpdb, false, $unsetindexes); @@ -814,7 +826,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $syncport = $config['voucher']['vouchersyncport']; $syncpass = $config['voucher']['vouchersyncpass']; $vouchersyncusername = $config['voucher']['vouchersyncusername']; - $remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); + $remote_status = xmlrpc_sync_voucher_disconnect($dbent, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); } } @@ -1195,7 +1207,7 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db($locked = false) { +function captiveportal_read_db($locked = false, $index = 5 /* sessionid by default */) { global $g; $cpdb = array(); @@ -1209,7 +1221,7 @@ function captiveportal_read_db($locked = false) { if ($line) { $cpe = explode(",", $line); /* Hash by session id */ - $cpdb[$cpe[5]] = $cpe; + $cpdb[$cpe[$index]] = $cpe; } } fclose($fd); @@ -1229,8 +1241,12 @@ function captiveportal_write_db($cpdb, $locked = false, $remove = false) { if (is_array($remove)) { if (!empty($remove)) { $cpdb = captiveportal_read_db(true); - foreach ($remove as $key) - unset($cpdb[$key]); + foreach ($remove as $key) { + if (is_array($key)) + log_error("Captive portal Array passed as unset index: " . print_r($key, true)); + else + unset($cpdb[$key]); + } } else return; //This makes sure no record removal calls } @@ -1609,6 +1625,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } + /* Snaphost the timestamp */ + $allow_time = time(); + foreach ($cpdb as $sid => $cpentry) { /* on the same ip */ if($cpentry[2] == $clientip) { @@ -1619,7 +1638,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { // user logged in with an active voucher. Check for how long and calculate // how much time we can give him (voucher credit - used time) - $remaining_time = $cpentry[0] + $cpentry[7] - time(); + $remaining_time = $cpentry[0] + $cpentry[7] - $allow_time; if ($remaining_time < 0) // just in case. $remaining_time = 0; @@ -1713,7 +1732,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* encode password in Base64 just in case it contains commas */ $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, + $cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); /* rewrite information to database */ diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 7232d14..d5e0f62 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -342,8 +342,10 @@ function conf_mount_rw() { function conf_mount_ro() { global $g; + /* Do not trust $g['platform'] since this can be clobbered during factory reset. */ + $platform = trim(file_get_contents("/etc/platform")); /* do not umount on cdrom or pfSense platforms */ - if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") + if($platform == "cdrom" or $platform == "pfSense") return; if($g['booting']) diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 07fdf95..340fbc1 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -408,7 +408,7 @@ * Private Function (added 12 July 2005) [beta] * Retrieve Update Status */ - function _checkStatus($data) { + function _checkStatus($ch, $data) { log_error("DynDns: DynDns _checkStatus() starting."); log_error("DynDns: Current Service: {$this->_dnsService}"); $successful_update = false; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e5bc59a..3ca5d3d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -505,11 +505,13 @@ function filter_expand_alias($alias_name) } function filter_generate_aliases() { - global $config, $FilterIflist; + global $config, $FilterIflist, $after_filter_configure_run; + if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_generate_aliases() being called $mt\n"; } + $alias = "#System aliases\n "; $aliases = "loopback = \"{ lo0 }\"\n"; @@ -555,9 +557,10 @@ function filter_generate_aliases() { case "network": case "url": $tableaddrs = "{$addrlist}{$extralias}"; - if(empty($tableaddrs)) + if(empty($tableaddrs)) { $aliases .= "table <{$aliased['name']}> persist\n"; - else + $after_filter_configure_run[] = "/sbin/pfctl -T flush -t " . escapeshellarg($aliased['name']); + } else $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 6993148..3bd0de2 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -91,7 +91,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "7.9", + "latest_config" => "8.0", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 1858be4..0fe6bfc 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -84,6 +84,46 @@ function does_interface_exist($interface) { return false; } +/* + * does_vip_exist($vip): return true or false if a vip is + * configured. + */ +function does_vip_exist($vip) { + global $config; + + if(!$vip) + return false; + + + switch ($vip['mode']) { + case "carp": + case "carpdev": + $realif = "vip{$vip['vhid']}"; + if (!does_interface_exist($realif)) { + return false; + } + break; + case "ipalias": + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + return false; + } + break; + case "proxyarp": + /* XXX: Implement this */ + default: + return false; + } + + $ifacedata = pfSense_getall_interface_addresses($realif); + foreach ($ifacedata as $vipips) { + if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}") + return true; + } + + return false; +} + function interface_netgraph_needed($interface = "wan") { global $config; @@ -3277,8 +3317,12 @@ function link_interface_to_vips($int, $action = "") { foreach ($config['virtualip']['vip'] as $vip) { if ($int == $vip['interface']) { if ($action == "update") { - interface_vip_bring_down($vip); - interfaces_vips_configure($int); + if ($vip['mode'] == "carp" && !does_interface_exist("vip{$vip['vhid']}")) + interfaces_vips_configure($int); + else { + interface_vip_bring_down($vip); + interfaces_vips_configure($int); + } } else return $vip; } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index bf69eda..f427cec 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -86,7 +86,9 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - $resolvconf = "domain {$syscfg['domain']}\n"; + // Do not create blank domain lines, it breaks tools like dig. + if($syscfg['domain']) + $resolvconf = "domain {$syscfg['domain']}\n"; $havedns = false; @@ -739,8 +741,10 @@ function system_webgui_start() { } /* generate lighttpd configuration */ + $max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf", - $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/"); + $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/", + "cert.pem", "ca.pem", $max_procs); /* attempt to start lighthttpd */ $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf"); @@ -820,6 +824,7 @@ function system_generate_lighty_config($filename, } // Ramp up captive portal max procs + // Work relative to the default of 2, for values that would be >2. if($captive_portal == true) { if($avail > 65 and $avail < 98) { $max_procs = 1; @@ -828,38 +833,38 @@ function system_generate_lighty_config($filename, $max_procs = 2; } if($avail > 127 and $avail < 256) { - $max_procs = 3; + $max_procs += 1; } if($avail > 255 and $avail < 384) { - $max_procs = 4; + $max_procs += 2; } if($avail > 383) { - $max_procs = 5; + $max_procs += 3; } } if($captive_portal == true) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; } else if ($avail > 0 and $avail < 128) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "2", - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "2", + ), EOC; } else $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; if($fast_cgi_enable == true) { @@ -874,7 +879,7 @@ fastcgi.server = ( ".php" => "socket" => "{$g['tmp_path']}/php-fastcgi.socket", "min-procs" => 0, "max-procs" => {$max_procs}, - {$bin_environment} +{$bin_environment} "bin-path" => "/usr/local/bin/php" ) ) @@ -1171,9 +1176,16 @@ function system_ntp_configure() { $xmlsettings = $config['installedpackages']['openntpd']['config'][0]; if ($xmlsettings['enable'] == 'on') { $ifaces = explode(',', $xmlsettings['interface']); - $ifaces = array_map('get_real_interface', $ifaces); - $ifaces = array_filter($ifaces, 'does_interface_exist'); - $ips = array_map('find_interface_ip', $ifaces); + $ips = array(); + foreach ($ifaces as $if) { + if (is_ipaddr($if)) { + $ips[] = $if; + } else { + $if = get_real_interface($if); + if (does_interface_exist($if)) + $ips[] = find_interface_ip($if); + } + } foreach ($ips as $ip) { if (is_ipaddr($ip)) $ntpcfg .= "listen on $ip\n"; @@ -1494,4 +1506,23 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } +function openntpd_get_listen_ips() { + $interfaces = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + $listenips = array(); + foreach ($carplist as $cif => $carpip) + $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + foreach ($interfaces as $iface => $ifacename) { + $tmp["name"] = $ifacename; + $tmp["value"] = $iface; + $listenips[] = $tmp; + } + $tmp["name"] = "Localhost"; + $tmp["value"] = "lo0"; + $listenips[] = $tmp; + return $listenips; +} ?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 714e11d..e7e632a 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2497,4 +2497,15 @@ function upgrade_078_to_079() { unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd"); } +function upgrade_079_to_080() { + global $config; + + /* Upgrade config in 1.2.3 specifying a username other than admin for synching. */ + if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) && + is_array($config['installedpackages']['carpsettings']['config'])) { + $config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username']; + unset($config['system']['username']); + } +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index b353004..e27c1b0 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1250,29 +1250,30 @@ function is_interface_vlan_mismatch() { } function is_interface_mismatch() { - global $config, $g; + global $config, $g; - /* XXX: Should we process only enabled interfaces?! */ - $do_assign = false; - $i = 0; + $do_assign = false; + $i = 0; if (is_array($config['interfaces'])) { - foreach ($config['interfaces'] as $ifname => $ifcfg) { - if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { - $i++; - } - else if (does_interface_exist($ifcfg['if']) == false) { + foreach ($config['interfaces'] as $ifname => $ifcfg) { + if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { + // Do not check these interfaces. + $i++; + continue; + } + else if (does_interface_exist($ifcfg['if']) == false) { $do_assign = true; - } else - $i++; - } + } else + $i++; + } } - if ($g['minimum_nic_count'] > $i) { - $do_assign = true; - } else if (file_exists("{$g['tmp_path']}/assign_complete")) - $do_assign = false; + if ($g['minimum_nic_count'] > $i) { + $do_assign = true; + } else if (file_exists("{$g['tmp_path']}/assign_complete")) + $do_assign = false; - return $do_assign; + return $do_assign; } /* sync carp entries to other firewalls */ diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index dda49d2..d50269f 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -29,7 +29,7 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/local/bin/voucher /usr/local/bin/minicron + pfSense_BUILDER_BINARIES: /usr/local/bin/voucher pfSense_MODULE: captiveportal */ @@ -213,6 +213,9 @@ function voucher_expire($voucher_received) { $a_vouchers_received = split("[\t\n\r ]+",$voucher_received); $active_dirty = false; + $cpdb = captiveportal_read_db(false, 4); /* Indexed by Voucher */ + $unsetindexes[] = array(); + // go through all received vouchers, check their valid and extract // Roll# and Ticket# using the external readvoucher binary foreach ($a_vouchers_received as $voucher) { @@ -242,6 +245,15 @@ function voucher_expire($voucher_received) { if (!(ord($bitstring[$roll][$pos]) & $mask)) $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); + + /* Check if this voucher has any active sessions */ + if (isset($cpdb[$voucher])) { + $cpentry = $cpdb[$voucher]; + captiveportal_disconnect($cpentry,null,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION"); + unset($cpdb[$voucher]); + $unsetindexes[] = $cpentry[5]; + } } else captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } else @@ -253,6 +265,9 @@ function voucher_expire($voucher_received) { if ($active_dirty == true) { foreach ($active_vouchers as $roll => $active) voucher_write_active_db($roll, $active); + + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); } // Write back the used DB's @@ -269,6 +284,10 @@ function voucher_expire($voucher_received) { unlock($voucherlck); + /* Write database */ + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); + return true; } @@ -424,6 +443,9 @@ function voucher_auth($voucher_received, $test = 0) { $active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes"; voucher_write_active_db($roll, $active_vouchers[$first_voucher_roll]); + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + unlock($voucherlck); return $total_minutes; @@ -432,9 +454,6 @@ function voucher_auth($voucher_received, $test = 0) { function voucher_configure($sync = false) { global $config, $g; - /* kill any running minicron */ - killbypid("{$g['varrun_path']}/vouchercron.pid"); - if (!isset($config['voucher']['enable'])) return 0; @@ -443,15 +462,6 @@ function voucher_configure($sync = false) { if ($sync == true) captiveportal_syslog("Writing voucher db from sync data..."); - // start cron if we're asked to save runtime DB periodically - // to XML config if it changed - $croninterval = $config['voucher']['saveinterval'] * 60; // need seconds. Config has minutes - if ($croninterval) { - /* start pruning process (interval defaults to 60 seconds) */ - mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/vouchercron.pid " . - "/etc/rc.savevoucher"); - } - $voucherlck = lock('voucher', LOCK_EX); /* write public key used to verify vouchers */ @@ -548,8 +558,12 @@ function voucher_read_active_db($roll) { } } fclose($fd); - if ($dirty) // if we found expired entries, lets save our snapshot + if ($dirty) { // if we found expired entries, lets save our snapshot voucher_write_active_db($roll, $active); + + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + } } } return $active; @@ -620,12 +634,12 @@ function voucher_log($priority, $message) { } /* Save active and used voucher DB into XML config and write it to flash - * Called during reboot -> system_reboot_cleanup() and minicron + * Called during reboot -> system_reboot_cleanup() and every active voucher change */ function voucher_save_db_to_config() { global $config, $g; - if (!isset($config['voucher']['enable']) || $config['voucher']['saveinterval'] == 0) + if (!isset($config['voucher']['enable'])) return; // no vouchers or don't want to save DB's $voucherlck = lock('voucher', LOCK_EX); @@ -653,7 +667,7 @@ function voucher_save_db_to_config() { unlock($voucherlck); - write_config(); + write_config("Synching vouchers"); return; } diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index a5857ce..d2ce3c1 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -46,6 +46,7 @@ /usr/local/www/fred.png /usr/local/www/index.html /usr/local/www/system_usermanager_addcert.php +/usr/local/www/filter_log.inc /usr/local/pkg/routed/routed.inc /usr/local/pkg/routed/routed.xml -/usr/local/www/filter_log.inc
\ No newline at end of file +/usr/local/pkg/carp.xml diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index af0e5cc..fe8a30f 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -87,7 +87,7 @@ function remove_special_characters($string) { return $string; } -function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { +function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -101,10 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host while ($numberofruns < 2) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -138,7 +136,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host return false; } -function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { +function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -151,11 +149,11 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens /* strip out nosync items */ if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } } if (is_array($config_copy['nat']['rule'])) { @@ -218,8 +216,12 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $xml[$section] = backup_vip_config_section(); break; case 'user': + $xml['system'][$section] = $config_copy['system'][$section]; + $xml['system']['nextuid'] = $config_copy['system']['nextuid']; + break; case 'group': $xml['system'][$section] = $config_copy['system'][$section]; + $xml['system']['nextgid'] = $config_copy['system']['nextgid']; break; default: $xml[$section] = $config_copy[$section]; @@ -236,10 +238,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error("Beginning XMLRPC sync to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -258,8 +258,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; - } else + } else { log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}."); + } $numberofruns = 3; } $numberofruns++; @@ -369,8 +371,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $sections[] = 'crl'; } if ($carp['synchronizeusers'] != "") { - $mergesections[] = 'user'; - $mergesections[] = 'group'; + $sections[] = 'user'; + $sections[] = 'group'; } if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) $sections[] = 'dnsmasq'; @@ -384,21 +386,21 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { - if (!carp_check_version($synchronizetoip, $carp['password'], $port)) + if (empty($carp['username'])) + $username = "admin"; + else + $username = $carp['username']; + if (!carp_check_version($synchronizetoip, $username, $carp['password'], $port)) break; update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); - if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $sections, $port); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) ); $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - /* XXX: Configurable from the GUI */ - $username = "admin"; $cli->setCredentials($username, $carp['password']); $resp = $cli->send($msg, "900"); diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index e95acd4..fd60d6a 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -217,7 +217,7 @@ } $upperifname = strtoupper($interface); - echo "\nPlease wait, saving and activating your changes to {$upperifname}..."; + echo "\nPlease wait while the changes are saved to {$upperifname}..."; write_config(gettext("{$interface} IP configuration from console menu")); interface_reconfigure(strtolower($upperifname)); echo " Reloading filter..."; diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 93eb089..a4fbde8 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -51,7 +51,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); - send_event("reload packages"); + send_event("service reload packages"); } /* Interface IP address has changed */ diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 5a138ed..99efc39 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -116,6 +116,8 @@ PHPMODULES="$PHPMODULES zmq" PHPMODULES="$PHPMODULES ssh2" # pfSense extensions PHPMODULES="$PHPMODULES pfSense" +# ion cube +PHPMODULES="$PHPMODULES ioncube_loader" # Modules previously included. # can be turned on by touching diff --git a/etc/version b/etc/version index 3f0e26d..f197044 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-RC2 +2.0-RC3 |