Merge remote branch 'upstream/master'

Conflicts:
	etc/inc/globals.inc
	etc/inc/upgrade_config.inc

5 files changed, 89 insertions, 30 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index a87e732..b0cbf14 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -653,6 +653,12 @@ function captiveportal_prune_old() {
 	 */
 	$unsetindexes = array();
 	$voucher_needs_sync = false;
+	/* 
+	 * Snapshot the time here to use for calculation to speed up the process.
+	 * If something is missed next run will catch it!
+	 */
+	$pruning_time = time();
+	$stop_time = $pruning_time;
 	foreach ($cpdb as $cpentry) {
 
 		$timedout = false;
@@ -660,7 +666,7 @@ function captiveportal_prune_old() {
 
 		/* hard timeout? */
 		if ($timeout) {
-			if ((time() - $cpentry[0]) >= $timeout) {
+			if (($pruning_time - $cpentry[0]) >= $timeout) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -668,7 +674,7 @@ function captiveportal_prune_old() {
 
 		/* Session-Terminate-Time */
 		if (!$timedout && !empty($cpentry[9])) {
-			if (time() >= $cpentry[9]) {
+			if ($pruning_time >= $cpentry[9]) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -683,7 +689,7 @@ function captiveportal_prune_old() {
 			 *	We "fix" this by setting lastact to the login timestamp. 
 			 */
 			$lastact = $lastact ? $lastact : $cpentry[0];
-			if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
+			if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) {
 				$timedout = true;
 				$term_cause = 4; // Idle-Timeout
 				$stop_time = $lastact; // Entry added to comply with WISPr
@@ -691,8 +697,8 @@ function captiveportal_prune_old() {
 		}
 
 		/* if vouchers are configured, activate session timeouts */
-		if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
-			if (time() >= ($cpentry[0] + $cpentry[7])) {
+		if (!$timedout && isset($config['voucher']['enable'])) {
+			if ($pruning_time >= ($cpentry[0] + $cpentry[7])) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 				$voucher_needs_sync = true;
@@ -701,7 +707,7 @@ function captiveportal_prune_old() {
 
 		/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */
 		if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
-			if (time() >= ($cpentry[0] + $cpentry[7])) {
+			if ($pruning_time >= ($cpentry[0] + $cpentry[7])) {
 				$timedout = true;
 				$term_cause = 5; // Session-Timeout
 			}
@@ -1615,6 +1621,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		}
 	}
 
+	/* Snaphost the timestamp */
+	$allow_time = time();
+
 	foreach ($cpdb as $sid => $cpentry) {
 		/* on the same ip */
 		if($cpentry[2] == $clientip) {
@@ -1625,7 +1634,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 		elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) {
 			// user logged in with an active voucher. Check for how long and calculate 
 			// how much time we can give him (voucher credit - used time)
-			$remaining_time = $cpentry[0] + $cpentry[7] - time();
+			$remaining_time = $cpentry[0] + $cpentry[7] - $allow_time;
 			if ($remaining_time < 0)    // just in case. 
 				$remaining_time = 0;
 
@@ -1719,7 +1728,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
 
 			/* encode password in Base64 just in case it contains commas */
 			$bpassword = base64_encode($password);
-			$cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
+			$cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
 				$attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']);
 
 			/* rewrite information to database */
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 735ea52..2f9a467 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -91,7 +91,7 @@ $g = array(
 	"disablecrashreporter" => false,
 	"crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php",
 	"debug" => false,
-	"latest_config" => "8.1",
+	"latest_config" => "8.2",
 	"nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "101",
 	"minimum_ram_warning_text" => "128 MB",
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 3867c09..ecbb504 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -85,6 +85,46 @@ function does_interface_exist($interface) {
 		return false;
 }
 
+/*
+ * does_vip_exist($vip): return true or false if a vip is
+ * configured.
+ */
+function does_vip_exist($vip) {
+	global $config;
+	
+	if(!$vip)
+		return false;
+
+
+	switch ($vip['mode']) {
+	case "carp":
+	case "carpdev":
+		$realif = "vip{$vip['vhid']}";
+		if (!does_interface_exist($realif)) {
+			return false;
+		}
+		break;
+	case "ipalias":
+		$realif = get_real_interface($vip['interface']);
+		if (!does_interface_exist($realif)) {
+			return false;
+		}
+		break;
+	case "proxyarp":
+		/* XXX: Implement this */
+	default:
+		return false;
+	}
+
+	$ifacedata = pfSense_getall_interface_addresses($realif);
+	foreach ($ifacedata as $vipips) {
+		if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")
+			return true;
+	}
+
+	return false;
+}
+
 function interface_netgraph_needed($interface = "wan") {
 	global $config;
 
diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc
index ccd5629..93b5552 100644
--- a/etc/inc/upgrade_config.inc
+++ b/etc/inc/upgrade_config.inc
@@ -2498,6 +2498,17 @@ function upgrade_078_to_079() {
 
 function upgrade_079_to_080() {
 	global $config;
+
+	/* Upgrade config in 1.2.3 specifying a username other than admin for synching. */
+	if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) &&
+		is_array($config['installedpackages']['carpsettings']['config'])) {
+		$config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username'];
+		unset($config['system']['username']);
+	}
+}
+
+function upgrade_080_to_081() {
+	global $config;
 	global $g;
 
 	/* RRD files changed for quality, traffic and packets graphs */
@@ -2582,10 +2593,9 @@ function upgrade_079_to_080() {
 	}
 }
 
-function upgrade_080_to_081() {
+function upgrade_081_to_082() {
 	global $config;
 	/* enable the allow IPv6 toggle */
 	$config['system']['ipv6allow'] = true;
 }
-
 ?>
diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize
index 2700eac..8c89f81 100755
--- a/etc/rc.filter_synchronize
+++ b/etc/rc.filter_synchronize
@@ -87,7 +87,7 @@ function remove_special_characters($string) {
 	return $string;
 }
 
-function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') {
+function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') {
 	global $config, $g;
 
 	if(file_exists("{$g['varrun_path']}/booting") || $g['booting'])
@@ -101,10 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host
 		while ($numberofruns < 2) {
 			$msg = new XML_RPC_Message($method, $params);
 			$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
-			/* XXX: Configurable from the GUI?! */
-			$username = "admin";
 			$cli->setCredentials($username, $password);
-			if($numberofruns > 1)
+			if($numberofruns > 0)
 				$cli->setDebug(1);
 			/* send our XMLRPC message and timeout after 240 seconds */
 			$resp = $cli->send($msg, "240");
@@ -138,7 +136,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host
 	return false;
 }
 
-function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') {
+function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') {
 	global $config, $g;
 
 	if(file_exists("{$g['varrun_path']}/booting") || $g['booting'])
@@ -151,11 +149,11 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens
 
 	/* strip out nosync items */
 	if (is_array($config_copy['nat']['advancedoutbound']['rule'])) {
-	$rulescnt = count($config_copy['nat']['advancedoutbound']['rule']);
-	for ($x = 0; $x < $rulescnt; $x++) {
-		$config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']);
-		if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync']))
-			unset ($config_copy['nat']['advancedoutbound']['rule'][$x]);
+		$rulescnt = count($config_copy['nat']['advancedoutbound']['rule']);
+		for ($x = 0; $x < $rulescnt; $x++) {
+			$config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']);
+			if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync']))
+				unset ($config_copy['nat']['advancedoutbound']['rule'][$x]);
 		}
 	}
 	if (is_array($config_copy['nat']['rule'])) {
@@ -236,10 +234,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens
 		log_error("Beginning XMLRPC sync to {$url}:{$port}.");
 		$msg = new XML_RPC_Message($method, $params);
 		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
-		/* XXX: Configurable from the GUI?! */
-		$username = "admin";
 		$cli->setCredentials($username, $password);
-		if($numberofruns > 1)
+		if($numberofruns > 0)
 			$cli->setDebug(1);
 		/* send our XMLRPC message and timeout after 240 seconds */
 		$resp = $cli->send($msg, "240");
@@ -258,8 +254,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens
 				log_error($error);
 				file_notice("sync_settings", $error, "Settings Sync", "");
 				exit;
-			} else
+			} else {
 				log_error("XMLRPC sync successfully completed with {$url}:{$port}.");
+				update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}.");
+			}
 			$numberofruns = 3;
 		}
 		$numberofruns++;
@@ -386,21 +384,23 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) {
 		if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers']))
 			$sections[] = 'vouchers';
 		if (count($sections) > 0) {
-			if (!carp_check_version($synchronizetoip, $carp['password'], $port))
+			if (empty($carp['username']))
+				$username = "admin";
+			else
+				$username = $carp['username'];
+			if (!carp_check_version($synchronizetoip, $username, $carp['password'], $port))
 				break;
 				
 			update_filter_reload_status("Signaling CARP reload signal...");
-			carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port);
+			carp_sync_xml($synchronizetoip, $username, $carp['password'], $sections, $port);
 			if (is_array($mergesections))
-				carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section');
+				carp_sync_xml($synchronizetoip, $username, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section');
 			$cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
 			$params = array(
 				XML_RPC_encode($carp['password'])
 			);
 
 			$msg = new XML_RPC_Message('pfsense.filter_configure', $params);
-			/* XXX: Configurable from the GUI */
-			$username = "admin";
 			$cli->setCredentials($username, $carp['password']);
 			$resp = $cli->send($msg, "900");