Merge remote branch 'mainline/master' into inc

author: Renato Botelho <renato.botelho@bluepex.com> 2010-08-16 09:13:15 -0300
committer: Renato Botelho <renato.botelho@bluepex.com> 2010-08-16 09:13:15 -0300
commit: 0f8ae70920f0247dfcff94bcb658e45074afccc4 (patch)
tree: 9cb8584fac1c721e68847305960ad26c0173ef33 /etc
parent: e96d2182cddab944ecc6de439d81ad95ca09ac62 (diff)
parent: 67299a3fe75dbe7802d7d3f81f3da59f2608b686 (diff)
download: pfsense-0f8ae70920f0247dfcff94bcb658e45074afccc4.zip
pfsense-0f8ae70920f0247dfcff94bcb658e45074afccc4.tar.gz
7 files changed, 312 insertions, 22 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 77e4aa5..0e6c2ef 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -46,8 +46,8 @@
  * NOTE : Portions of the mschapv2 support was based on the BSD licensed CHAP.php
  * file courtesy of Michael Retterklieber.
  */
-
-require_once("config.gui.inc");
+if(!$do_not_include_config_gui_inc)
+	require_once("config.gui.inc");
 
 /* If this function doesn't exist, we're being called from Captive Portal or 
    another internal subsystem which does not include authgui.inc */
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 97503b8..021d76d 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -3126,16 +3126,19 @@ function is_altq_capable($int) {
          */
 	$capable = array("age", "ale", "an", "ath", "aue", "awi", "bce",
 			"bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem",
-			"hme", "ipw", "iwi", "jme", "le", "msk", "mxge", "my", "nfe",
+			"hme", "igb", "ipw", "iwi", "jme", "le", "msk", "mxge", "my", "nfe",
 			"npe", "nve", "ral", "re", "rl", "rum", "sf", "sis", "sk",
 			"ste", "stge", "txp", "udav", "ural", "vge", "vr", "wi", "xl",
-			"ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", "ppp");
+			"ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng",
+			"l2tp", "ppp");
 
         $int_family = preg_split("/[0-9]+/", $int);
 
         if (in_array($int_family[0], $capable))
                 return true;
-	else if (stristr($int_family, "vlan")) /* VLANs are name $parent.$vlan now */
+	else if (stristr($int_family, "vlan")) /* VLANs are name $parent_$vlan now */
+		return true;
+	else if (stristr($int_family, "_wlan")) /* WLANs are name $parent_$wlan now */
 		return true;
         else
                 return false;
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index b951d0d..fa7da13 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -1255,23 +1255,17 @@ function get_interface_info($ifdescr) {
 			$ifinfo['dhcplink'] = "down";
 
 		break;
-	/* PPPoE interface? -> get status from virtual interface */
+	/* PPPoE/PPTP/L2TP interface? -> get status from virtual interface */
 	case "pppoe":
+	case "pptp":
+	case "l2tp":
 		if ($ifinfo['status'] == "up" && !isset($link0))
 			/* get PPPoE link status for dial on demand */
-			$ifinfo['pppoelink'] = "up";
+			$ifinfo["{$link_type}link"] = "up";
 		else
-			$ifinfo['pppoelink'] = "down";
+			$ifinfo["{$link_type}link"] = "down";
 
 		break;
-	/* PPTP interface? -> get status from virtual interface */
-	case "pptp":
-		if ($ifinfo['status'] == "up" && !isset($link0))
-			/* get PPTP link status for dial on demand */
-			$ifinfo['pptplink'] = "up";
-		else
-			$ifinfo['pptplink'] = "down";
-		break;
 	/* PPP interface? -> get uptime for this session and cumulative uptime from the persistant log file in conf */
 	case "ppp":
 		if ($ifinfo['status'] == "up")
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 922eb5e..8632540 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -1192,7 +1192,7 @@ function is_interface_mismatch() {
         $do_assign = false;
         $i = 0;
         foreach ($config['interfaces'] as $ifname => $ifcfg) {
-                if (preg_match("/^enc|^cua|^tun|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
+                if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) {
                         $i++;
                 }
                 else if (does_interface_exist($ifcfg['if']) == false) {
@@ -1431,4 +1431,4 @@ function array_merge_recursive_unique($array0, $array1)
     return $result;
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 6efec52..1c204f0 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -474,14 +474,14 @@ function vpn_ipsec_configure($ipchg = false)
 
 					$init = "on";
 					$genp = "off";
-					$pcheck = "claim";
+					$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "claim";
 					$passive = "";
 					if (isset($ph1ent['mobile'])) {
 						$rgip = "anonymous";
 						/* Mimic 1.2.3's behavior for pure-psk mobile tunnels */
 						if ($ph1ent['authentication_method'] == "pre_shared_key") {
 							$passive = "passive on;";
-							$pcheck = "obey";
+							$pcheck = !empty($ph1ent['proposal_check']) ? $ph1ent['proposal_check'] : $pcheck = "obey";
 							$genp = "on";
 						} else {
 							$init = "off";
@@ -535,7 +535,23 @@ function vpn_ipsec_configure($ipchg = false)
 
 						chmod($keypath, 0600);
 
+						$ca = lookup_ca($ph1ent['caref']);
+						if ($ca) {
+							$cafile = "ca-".$ikeid.".crt";
+							$capath = $g['varetc_path']."/".$cafile;
+
+							if (!file_put_contents($capath, base64_decode($ca['crt'])))
+							{
+								log_error("Error: Cannot write phase1 CA certificate file for {$ph1ent['name']}");
+								continue;
+							}
+
+							chmod($capath, 0600);
+							$caline = "ca_type x509 \"".basename($capath)."\";";
+						}
+
 						$certline = "certificate_type x509 \"".basename($certpath)."\" \"".basename($keypath)."\";";
+
 					}
 
 					$ealgos = '';
@@ -570,6 +586,7 @@ remote {$rgip}
 	initial_contact = {$init};
 	nat_traversal = {$natt};
 	{$certline}
+	{$caline}
 	{$dpdline1}
 	{$dpdline2}
 	support_proxy on;
diff --git a/etc/inc/zeromq.inc b/etc/inc/zeromq.inc
new file mode 100644
index 0000000..5b2d70c
--- /dev/null
+++ b/etc/inc/zeromq.inc
@@ -0,0 +1,268 @@
+<?php 
+/*
+	zeromq.inc
+	part of the pfSense project (http://www.pfsense.com)
+	Copyright 2010 Scott Ullrich <sullrich@gmail.com>
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+define('ZEROMQ_AUTH_FAIL', 'authfail');
+define('ZEROMQ_TRUE', 'true');
+define('ZEROMQ_FASLE', 'false');
+
+$do_not_include_config_gui_inc = true;
+require("auth.inc"):
+
+/* zeromq_send: Send a message to a member node */
+function zeromq_send($protocol = "tcp", $ipaddress, $port, $method, $params, $username, $password) {
+	if(!$ipaddress || !$port || !$message || !$username || !$password) 
+		return;
+	
+	/* Set calling function and auth information */
+	$params['username'] = $username;
+	$params['password'] = $password;
+	$params['function'] = $method;
+	
+	/* Serialize the data we are going to send over */
+	$serialized = serialize($params);
+
+	/* Create new queue object */
+	$queue = new ZMQSocket(new ZMQContext(), ZMQ::SOCKET_REQ, "MySock1");
+	$queue->connect("{$protocol}://{$ipaddress}:{$port}");
+
+	/* Assign socket 1 to the queue, send and receive */
+	$result = $queue->send($serialized)->recv();
+
+	/* Unserialize the return and return */
+	$unserializedresult = unserialize($result);
+	
+	/* Return the result to the caller */
+	return $unserializedresult;
+}
+
+function zeromq_server($protocol = "tcp", $ipaddress, $port) {
+	if(!$ipaddress || !$port) 
+		return;
+	$server = new ZMQSocket(new ZMQContext(), ZMQ::SOCKET_REP);
+	$server->bind("{$protocol}://{$ipaddress}:{$port}");
+	/* Loop receiving and echoing back */
+	while ($msg = $server->recv()) {
+	    $message = unserialize($msg);
+		switch ($message['function']) {
+			case "pfsense.exec_shell":
+				$function_to_call = "exec_shell_zeromq";
+			break;
+			case "pfsense.exec_php":
+				$function_to_call = "exec_php_zeromq";
+			break;
+			case "pfsense.filter_configure":
+				$function_to_call = "filter_configure_zeromq";
+			break;
+			case "pfsense.interfaces_carp_configure":
+				$function_to_call = "interfaces_carp_configure_zeromq";
+			break;
+			case "pfsense.backup_config_section":
+				$function_to_call = "backup_config_section_zeromq";
+			break;
+			case "pfsense.restore_config_section":
+				$function_to_call = "restore_config_section_zeromq";
+			break;
+			case "pfsense.merge_config_section":
+				$function_to_call = "merge_config_section_zeromq";
+			break;
+			case "pfsense.merge_installedpackages_section_zeromq":
+				$function_to_call = "merge_installedpackages_section_zeromq";
+			break;
+			case "pfsense.check_firmware_version":
+				$function_to_call = "check_firmware_version_zeromq";
+			break;
+			case "pfsense.reboot":
+				$function_to_call = "reboot_zeromq";
+			break;
+			case "pfsense.get_notices":
+				$function_to_call = "get_notices_zeromq";
+			break;
+		}
+		if(!$function_to_call) 
+			return;
+		// Call function that is being invoked
+		$result = $function_to_call($message);
+	    /* echo back the result */
+	    $server->send($result);  
+	}
+}
+
+function zeromq_auth($params) {
+	global $config, $g;	
+
+	$username = $params['username'];
+	$password = $params['password'];
+	
+	$user = getUserEntry($username);
+	if (!$user)
+		return false;
+
+	if (is_account_disabled($username) || is_account_expired($username))
+		return false;
+
+	if ($user['password']) {
+		$passwd = crypt($passwd, $user['password']);
+		if ($passwd == $user['password'])
+			return true;
+	}
+
+	if ($user['md5-hash']) {
+		$passwd = md5($passwd);
+		if ($passwd == $user['md5-hash'])
+			return true;
+	}
+
+	return false;
+}
+
+function exec_php_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	$exec_php = $params[0];
+	eval($exec_php);
+	if($toreturn) {
+		$response = XML_RPC_encode($toreturn);
+		return new XML_RPC_Response($response);
+	} else
+		return ZEROMQ_FASLE;
+}
+
+function exec_shell_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	$shell_cmd = $params[0];
+	mwexec($shell_cmd);
+	return ZEROMQ_FASLE;
+}
+
+function backup_config_section_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	$val = array_intersect_key($config, array_flip($params[0]));
+	return new XML_RPC_Response(XML_RPC_encode($val));
+}
+
+function restore_config_section_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	$config = array_merge($config, $params[0]);
+	$mergedkeys = implode(",", array_keys($params[0]));
+	write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys));
+	return ZEROMQ_FASLE;
+}
+
+function merge_installedpackages_section_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	$config['installedpackages'] = array_merge($config['installedpackages'], $params[0]);
+	$mergedkeys = implode(",", array_keys($params[0]));
+	write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys));
+	return ZEROMQ_FASLE;
+}
+
+function merge_config_section_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params))
+	 	return ZEROMQ_AUTH_FAIL;
+	$config = array_merge_recursive_unique($config, $params[0]);
+	$mergedkeys = implode(",", array_keys($params[0]));
+	write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client.");
+	return ZEROMQ_FASLE;
+}
+
+function filter_configure_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params))
+		return ZEROMQ_AUTH_FAIL;
+	filter_configure();
+	system_routing_configure();
+	setup_gateways_monitor();
+	relayd_configure();
+	require_once("openvpn.inc");
+	openvpn_resync_all();
+	services_dhcpd_configure();
+	services_dnsmasq_configure();
+	local_sync_accounts();
+	return ZEROMQ_FASLE;
+}
+
+function interfaces_carp_configure_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) 
+		return ZEROMQ_AUTH_FAIL;
+	interfaces_carp_setup();
+	interfaces_vips_configure();
+	return ZEROMQ_FASLE;
+}
+
+function check_firmware_version_zeromq($raw_params) {
+	global  $XML_RPC_String;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params)) return ZEROMQ_AUTH_FAIL;
+	return new XML_RPC_Response(new XML_RPC_Value(check_firmware_version(false), $XML_RPC_String));
+}
+
+function reboot_zeromq($raw_params) {
+	global $config, $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params))
+		return ZEROMQ_AUTH_FAIL;
+	mwexec_bg("/etc/rc.reboot");
+	return ZEROMQ_FASLE;
+}
+
+function get_notices_zeromq($raw_params) {
+	global $g;
+	$params = xmlrpc_params_to_php($raw_params);
+	if(!zeromq_auth($params))
+		return ZEROMQ_AUTH_FAIL;
+	require("notices.inc");
+	if(!$params) {
+		$toreturn = get_notices();
+	} else {
+		$toreturn = get_notices($params);
+	}
+	$response = new XML_RPC_Response(XML_RPC_encode($toreturn));
+	return $response;
+}
+
+?>
+\ No newline at end of file
diff --git a/etc/rc b/etc/rc
index 6f3e28c..99ae96c 100755
--- a/etc/rc
+++ b/etc/rc
@@ -28,6 +28,16 @@ version=`cat /etc/version`
 # Mount memory file system if it exists
 echo "Mounting filesystems..."
 
+# Handle ZFS read-only case
+if [ "$PLATFORM" = "pfSense" ]; then
+	if [ -f /usr/bin/grep ]; then
+		WHEREISROOT=`/sbin/mount | /usr/bin/grep " / " | /usr/bin/grep "tank" | /usr/bin/cut -d' ' -f1`
+		if [ "$WHEREISROOT" != "" ]; then
+			/sbin/zfs set readonly=off $WHEREISROOT
+		fi
+	fi
+fi
+
 if [ "$PLATFORM" = "cdrom" ]; then
 	/etc/rc.cdrom
 fi
@@ -112,7 +122,6 @@ if [ "$PLATFORM" = "cdrom" ] ; then
 	mkdir /tmp/unionfs/bin
 	mkdir /tmp/unionfs/boot
 	mkdir /tmp/unionfs/confdefault
-	mkdir /tmp/unionfs/PCBSD
 	echo -n "Mounting unionfs directories:"
 	echo -n " usr"
 	mount_unionfs /tmp/unionfs/usr /usr/
@@ -127,7 +136,6 @@ if [ "$PLATFORM" = "cdrom" ] ; then
 	echo -n " conf.default"
 	mount_unionfs /tmp/unionfs/confdefault /conf.default/
 	echo -n " installer"
-	mount_unionfs /tmp/unionfs/PCBSD /PCBSD/
 	echo "... done."
 fi
author	Renato Botelho <renato.botelho@bluepex.com>	2010-08-16 09:13:15 -0300
committer	Renato Botelho <renato.botelho@bluepex.com>	2010-08-16 09:13:15 -0300
commit	0f8ae70920f0247dfcff94bcb658e45074afccc4 (patch)
tree	9cb8584fac1c721e68847305960ad26c0173ef33 /etc
parent	e96d2182cddab944ecc6de439d81ad95ca09ac62 (diff)
parent	67299a3fe75dbe7802d7d3f81f3da59f2608b686 (diff)
download	pfsense-0f8ae70920f0247dfcff94bcb658e45074afccc4.zip pfsense-0f8ae70920f0247dfcff94bcb658e45074afccc4.tar.gz