diff options
author | jim-p <jimp@pfsense.org> | 2011-06-14 16:41:15 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-14 16:41:15 -0400 |
commit | e49d4564dbf6be680e4d3c91c00a798e390fa358 (patch) | |
tree | cec495f96af3d202a02ee8c4522b076142158424 /etc | |
parent | 424be584c34531d52ac0da8a5e954847e158c6cf (diff) | |
parent | 144fbff2a146d9eb3921e763f6bcc7bde39bf5f9 (diff) | |
download | pfsense-e49d4564dbf6be680e4d3c91c00a798e390fa358.zip pfsense-e49d4564dbf6be680e4d3c91c00a798e390fa358.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
etc/inc/globals.inc
etc/inc/upgrade_config.inc
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 25 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 40 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 14 | ||||
-rwxr-xr-x | etc/rc.filter_synchronize | 38 |
5 files changed, 89 insertions, 30 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index a87e732..b0cbf14 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -653,6 +653,12 @@ function captiveportal_prune_old() { */ $unsetindexes = array(); $voucher_needs_sync = false; + /* + * Snapshot the time here to use for calculation to speed up the process. + * If something is missed next run will catch it! + */ + $pruning_time = time(); + $stop_time = $pruning_time; foreach ($cpdb as $cpentry) { $timedout = false; @@ -660,7 +666,7 @@ function captiveportal_prune_old() { /* hard timeout? */ if ($timeout) { - if ((time() - $cpentry[0]) >= $timeout) { + if (($pruning_time - $cpentry[0]) >= $timeout) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -668,7 +674,7 @@ function captiveportal_prune_old() { /* Session-Terminate-Time */ if (!$timedout && !empty($cpentry[9])) { - if (time() >= $cpentry[9]) { + if ($pruning_time >= $cpentry[9]) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -683,7 +689,7 @@ function captiveportal_prune_old() { * We "fix" this by setting lastact to the login timestamp. */ $lastact = $lastact ? $lastact : $cpentry[0]; - if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) { $timedout = true; $term_cause = 4; // Idle-Timeout $stop_time = $lastact; // Entry added to comply with WISPr @@ -691,8 +697,8 @@ function captiveportal_prune_old() { } /* if vouchers are configured, activate session timeouts */ - if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if (!$timedout && isset($config['voucher']['enable'])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout $voucher_needs_sync = true; @@ -701,7 +707,7 @@ function captiveportal_prune_old() { /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -1615,6 +1621,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } + /* Snaphost the timestamp */ + $allow_time = time(); + foreach ($cpdb as $sid => $cpentry) { /* on the same ip */ if($cpentry[2] == $clientip) { @@ -1625,7 +1634,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { // user logged in with an active voucher. Check for how long and calculate // how much time we can give him (voucher credit - used time) - $remaining_time = $cpentry[0] + $cpentry[7] - time(); + $remaining_time = $cpentry[0] + $cpentry[7] - $allow_time; if ($remaining_time < 0) // just in case. $remaining_time = 0; @@ -1719,7 +1728,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* encode password in Base64 just in case it contains commas */ $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, + $cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); /* rewrite information to database */ diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 735ea52..2f9a467 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -91,7 +91,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "8.1", + "latest_config" => "8.2", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 3867c09..ecbb504 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -85,6 +85,46 @@ function does_interface_exist($interface) { return false; } +/* + * does_vip_exist($vip): return true or false if a vip is + * configured. + */ +function does_vip_exist($vip) { + global $config; + + if(!$vip) + return false; + + + switch ($vip['mode']) { + case "carp": + case "carpdev": + $realif = "vip{$vip['vhid']}"; + if (!does_interface_exist($realif)) { + return false; + } + break; + case "ipalias": + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + return false; + } + break; + case "proxyarp": + /* XXX: Implement this */ + default: + return false; + } + + $ifacedata = pfSense_getall_interface_addresses($realif); + foreach ($ifacedata as $vipips) { + if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}") + return true; + } + + return false; +} + function interface_netgraph_needed($interface = "wan") { global $config; diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index ccd5629..93b5552 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2498,6 +2498,17 @@ function upgrade_078_to_079() { function upgrade_079_to_080() { global $config; + + /* Upgrade config in 1.2.3 specifying a username other than admin for synching. */ + if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) && + is_array($config['installedpackages']['carpsettings']['config'])) { + $config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username']; + unset($config['system']['username']); + } +} + +function upgrade_080_to_081() { + global $config; global $g; /* RRD files changed for quality, traffic and packets graphs */ @@ -2582,10 +2593,9 @@ function upgrade_079_to_080() { } } -function upgrade_080_to_081() { +function upgrade_081_to_082() { global $config; /* enable the allow IPv6 toggle */ $config['system']['ipv6allow'] = true; } - ?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 2700eac..8c89f81 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -87,7 +87,7 @@ function remove_special_characters($string) { return $string; } -function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { +function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -101,10 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host while ($numberofruns < 2) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -138,7 +136,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host return false; } -function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { +function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -151,11 +149,11 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens /* strip out nosync items */ if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } } if (is_array($config_copy['nat']['rule'])) { @@ -236,10 +234,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error("Beginning XMLRPC sync to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -258,8 +254,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; - } else + } else { log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}."); + } $numberofruns = 3; } $numberofruns++; @@ -386,21 +384,23 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { - if (!carp_check_version($synchronizetoip, $carp['password'], $port)) + if (empty($carp['username'])) + $username = "admin"; + else + $username = $carp['username']; + if (!carp_check_version($synchronizetoip, $username, $carp['password'], $port)) break; update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $sections, $port); if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) ); $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - /* XXX: Configurable from the GUI */ - $username = "admin"; $cli->setCredentials($username, $carp['password']); $resp = $cli->send($msg, "900"); |