diff options
author | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-08 14:13:22 -0400 |
commit | 156bf9b11947045afd85c61437f893d279dfc986 (patch) | |
tree | d3bb35c7f48f0ceeab1474bf39878f91d81a6c7c /etc | |
parent | 534375b6f0ad869022c068ef35c5c6dedcd619bd (diff) | |
parent | 0042f5d964fc5c476d6c90f269ea6f49179ac016 (diff) | |
download | pfsense-156bf9b11947045afd85c61437f893d279dfc986.zip pfsense-156bf9b11947045afd85c61437f893d279dfc986.tar.gz |
Merge remote branch 'upstream/master'
Diffstat (limited to 'etc')
-rw-r--r-- | etc/devd.conf | 4 | ||||
-rw-r--r-- | etc/inc/captiveportal.inc | 51 | ||||
-rw-r--r-- | etc/inc/dyndns.class | 74 | ||||
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 7 | ||||
-rw-r--r-- | etc/inc/pkg-utils.inc | 6 | ||||
-rw-r--r-- | etc/inc/priv.defs.inc | 6 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 16 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 2 | ||||
-rwxr-xr-x | etc/rc.bootup | 2 | ||||
-rwxr-xr-x | etc/rc.newwanip | 2 | ||||
-rwxr-xr-x | etc/rc.php_ini_setup | 4 |
12 files changed, 79 insertions, 100 deletions
diff --git a/etc/devd.conf b/etc/devd.conf index 244af48..d6731d8 100644 --- a/etc/devd.conf +++ b/etc/devd.conf @@ -30,12 +30,12 @@ notify 100 { # When a USB keyboard arrives, attach it as the console keyboard. attach 100 { device-name "ukbd0"; - action "kbdcontrol -k /dev/ukbd0 < /dev/console"; + action "kbdcontrol -k /dev/ukbd0 < /dev/console 2>/dev/null"; }; detach 100 { device-name "ukbd0"; - action "kbdcontrol -k /dev/kbd0 < /dev/console"; + action "kbdcontrol -k /dev/kbd0 < /dev/console 2>/dev/null"; }; # diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 336b8e8..711b2d4 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -814,7 +814,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $syncport = $config['voucher']['vouchersyncport']; $syncpass = $config['voucher']['vouchersyncpass']; $vouchersyncusername = $config['voucher']['vouchersyncusername']; - $remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); + $remote_status = xmlrpc_sync_voucher_disconnect($dbent, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); } } @@ -826,18 +826,15 @@ function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutRea $radiusservers = captiveportal_get_radius_servers(); $unsetindex = array(); - $cpdblck = lock('captiveportaldb', LOCK_EX); - /* read database */ - $cpdb = captiveportal_read_db(true); + $cpdb = captiveportal_read_db(); /* find entry */ if (isset($cpdb[$sessionid])) { $cpentry = $cpdb[$sessionid]; /* write database */ $unsetindex[] = $sessionid; - captiveportal_write_db($cpdb, true, $unsetindex); - unlock($cpdblck); + captiveportal_write_db($cpdb, false, $unsetindex); captiveportal_disconnect($cpentry, $radiusservers, $term_cause); captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); @@ -1114,29 +1111,29 @@ function captiveportal_init_radius_servers() { /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - global $g; - - $cprdsrvlck = lock('captiveportalradius'); - if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { - $radiusservers = array(); - $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", - FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); - if ($cpradiusdb) { - foreach($cpradiusdb as $cpradiusentry) { - $line = trim($cpradiusentry); - if ($line) { - $radsrv = array(); - list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); - $radiusservers[] = $radsrv; - } + global $g; + + $cprdsrvlck = lock('captiveportalradius'); + if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { + $radiusservers = array(); + $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", + FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if ($cpradiusdb) { + foreach($cpradiusdb as $cpradiusentry) { + $line = trim($cpradiusentry); + if ($line) { + $radsrv = array(); + list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line); + $radiusservers[] = $radsrv; } } - unlock($cprdsrvlck); - return $radiusservers; } - unlock($cprdsrvlck); - return false; + return $radiusservers; + } + + unlock($cprdsrvlck); + return false; } /* log successful captive portal authentication to syslog */ @@ -1198,7 +1195,7 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db($locked = false) { +function captiveportal_read_db($locked = false, $index = 5 /* sessionid by default */) { global $g; $cpdb = array(); @@ -1212,7 +1209,7 @@ function captiveportal_read_db($locked = false) { if ($line) { $cpe = explode(",", $line); /* Hash by session id */ - $cpdb[$cpe[5]] = $cpe; + $cpdb[$cpe[$index]] = $cpe; } } fclose($fd); diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 65defb2..07fdf95 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -202,10 +202,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server .$port . '?system=dyndns&hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NO'); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dhs': $needsIP = TRUE; @@ -233,10 +229,6 @@ curl_setopt($ch, CURLOPT_URL, '{$server}{$port}'); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'noip': $needsIP = TRUE; @@ -248,10 +240,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?username=' . urlencode($this->_dnsUser) . '&pass=' . urlencode($this->_dnsPass) . '&hostname=' . $this->_dnsHost.'&ip=' . $this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'easydns': $needsIP = TRUE; @@ -264,10 +252,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard=' . $this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=' . $this->_dnsBackMX); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'hn': $needsIP = TRUE; @@ -280,10 +264,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?ver=1&IP=' . $this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'zoneedit': $needsIP = FALSE; @@ -298,11 +278,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, "{$server}{$port}?host=" .$this->_dnsHost); - - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dyns': $needsIP = FALSE; @@ -313,10 +288,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $port . '?username=' . urlencode($this->_dnsUser) . '&password=' . $this->_dnsPass . '&host=' . $this->_dnsHost); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'ods': $needsIP = FALSE; @@ -354,33 +325,21 @@ break; } } - $this->_checkStatus($code); + $this->_checkStatus(0, $code); break; case 'freedns': $needIP = FALSE; curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dnsexit': $needsIP = TRUE; curl_setopt($ch, CURLOPT_URL, 'http://www.dnsexit.com/RemoteUpdate.sv?login='.$this->_dnsUser. '&password='.$this->_dnsPass.'&host='.$this->_dnsHost.'&myip='.$this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred:" . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'loopia': $needsIP = TRUE; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_URL, 'https://dns.loopia.se/XDynDNSServer/XDynDNS.php?hostname='.$this->_dnsHost.'&myip='.$this->_dnsIP); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'opendns': $needsIP = FALSE; @@ -394,19 +353,11 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server .$port); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'staticcling': $needsIP = FALSE; curl_setopt($ch, CURLOPT_URL, 'http://www.staticcling.org/update.html?login='.$this->_dnsUser.'&pass='.$this->_dnsPass); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occured: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'dnsomatic': /* Example syntax @@ -423,10 +374,6 @@ if($this->_dnsPort) $port = ":" . $this->_dnsPort; curl_setopt($ch, CURLOPT_URL, $server . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NOCHG'); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Request completed. DNS-O-Matic reported: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'namecheap': /* Example: @@ -438,10 +385,6 @@ list($hostname, $domain) = explode(".", $this->_dnsHost, 2); $server = "https://dynamicdns.park-your-domain.com/update?host={$hostname}&domain={$domain}&password={$this->_dnsPass}&ip={$this->_dnsIP}"; curl_setopt($ch, CURLOPT_URL, $server); - $data = curl_exec($ch); - if (@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; case 'he-net': $needsIP = FALSE; @@ -450,14 +393,15 @@ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsHost . ':' . $this->_dnsPass); curl_setopt($ch, CURLOPT_URL, $server . 'hostname=' . $this->_dnsHost); - $data = curl_exec($ch); - if(@curl_error($ch)) log_error("Curl error occurred: " . curl_error($ch)); - curl_close($ch); - $this->_checkStatus($data); break; default: break; } + if ($this->_dnsService != 'ods') { + $data = curl_exec($ch); + $this->_checkStatus($ch, $data); + @curl_close($ch); + } } /* @@ -468,6 +412,12 @@ log_error("DynDns: DynDns _checkStatus() starting."); log_error("DynDns: Current Service: {$this->_dnsService}"); $successful_update = false; + if ($this->_dnsService != 'ods' && @curl_error($ch)) { + $status = "Curl error occurred: " . curl_error($ch); + log_error($status); + $this->status = $status; + return; + } switch ($this->_dnsService) { case 'dnsomatic': if (preg_match('/badauth/i', $data)) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fa58ef9..a294efc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1831,6 +1831,11 @@ function filter_generate_user_rule($rule) { } else if(!array_key_exists($rule['interface'], $FilterIflist)) { foreach($FilterIflist as $oc) $item .= $oc['descr']; return "# {$item} {$rule['interface']} array key does not exist for " . $rule['descr']; + } else if((array_key_exists($rule['interface'], $FilterIflist)) + && (is_array($FilterIflist[$rule['interface']])) + && (is_array($FilterIflist[$rule['interface']][0]))) { + /* Currently this only case for this is the pppoe server. There should be an existing macro with this name. */ + $aline['interface'] = " on \$" . $rule['interface'] . " "; } else $aline['interface'] = " on \$" . $FilterIflist[$rule['interface']]['descr'] . " "; $ifcfg = $FilterIflist[$rule['interface']]; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 480d1b6..0de333b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3455,8 +3455,9 @@ function link_interface_to_vips($int, $action = "") { foreach ($config['virtualip']['vip'] as $vip) { if ($int == $vip['interface']) { if ($action == "update") { - interface_vip_bring_down($vip); - interfaces_vips_configure($int); + //interface_vip_bring_down($vip); + if (!does_interface_exist("vip{$vip['vhid']}")) + interfaces_vips_configure($int); } else return $vip; } @@ -4018,4 +4019,4 @@ function get_vip_descr($ipaddress) { return ""; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 070dade..ebc2df2 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -141,10 +141,10 @@ function get_pkg_id($pkg_name) { /****f* pkg-utils/get_pkg_info * NAME - * get_pkg_info - Retrive package information from pfsense.com. + * get_pkg_info - Retrieve package information from pfsense.com. * INPUTS - * $pkgs - 'all' to retrive all packages, an array containing package names otherwise - * $info - 'all' to retrive all information, an array containing keys otherwise + * $pkgs - 'all' to retrieve all packages, an array containing package names otherwise + * $info - 'all' to retrieve all information, an array containing keys otherwise * RESULT * $raw_versions - Array containing retrieved information, indexed by package name. ******/ diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index 941120c..4a4855e 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -955,6 +955,12 @@ $priv_list['page-system-usermanager']['descr'] = "Allow access to the 'System: U $priv_list['page-system-usermanager']['match'] = array(); $priv_list['page-system-usermanager']['match'][] = "system_usermanager.php*"; +$priv_list['page-system-usermanager-passwordmg'] = array(); +$priv_list['page-system-usermanager-passwordmg']['name'] = "WebCfg - System: User Password Manager page"; +$priv_list['page-system-usermanager-passwordmg']['descr'] = "Allow access to the 'System: User Password Manager' page."; +$priv_list['page-system-usermanager-passwordmg']['match'] = array(); +$priv_list['page-system-usermanager-passwordmg']['match'][] = "system_usermanager_passwordmg.php*"; + $priv_list['page-system-usermanager_addcert'] = array(); $priv_list['page-system-usermanager_addcert']['name'] = "WebCfg - System: User Manager: Add Certificate"; $priv_list['page-system-usermanager_addcert']['descr'] = "Allow access to the 'User Manager: Add Certificate' page."; diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index e6a44c4..ad96914 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -213,6 +213,9 @@ function voucher_expire($voucher_received) { $a_vouchers_received = split("[\t\n\r ]+",$voucher_received); $active_dirty = false; + $cpdb = captiveportal_read_db(false, 4); /* Indexed by Voucher */ + $unsetindexes[] = array(); + // go through all received vouchers, check their valid and extract // Roll# and Ticket# using the external readvoucher binary foreach ($a_vouchers_received as $voucher) { @@ -242,6 +245,15 @@ function voucher_expire($voucher_received) { if (!(ord($bitstring[$roll][$pos]) & $mask)) $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); + + /* Check if this voucher has any active sessions */ + if (isset($cpdb[$voucher])) { + $cpentry = $cpdb[$voucher]; + captiveportal_disconnect($cpentry,null,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION"); + unset($cpdb[$voucher]); + $unsetindexes[] = $cpentry[5]; + } } else captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } else @@ -269,6 +281,10 @@ function voucher_expire($voucher_received) { unlock($voucherlck); + /* Write database */ + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); + return true; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 25b573a..10f2fc1 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -942,7 +942,7 @@ EOD; $hostnames = ""; array_unique($filterdns_list); foreach ($filterdns_list as $hostname) - $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + $hostnames .= "cmd {$hostname} '/usr/local/sbin/pfSctl -c \"service reload ipsecdns\"'\n"; file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); diff --git a/etc/rc.bootup b/etc/rc.bootup index e71c430..2f0c2cd 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -322,7 +322,7 @@ system_do_shell_commands(); /* start IPsec tunnels */ vpn_ipsec_configure(); /* Reload dynamic hostname tunnels after bootup finishes */ -mwexec_bg("/etc/rc.newipsecdns"); +send_event("service reload ipsecdns"); /* start SNMP service */ services_snmpd_configure(); diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 01c6890..59a1e65 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -51,7 +51,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); - send_event("reload packages"); + send_event("service reload packages"); } /* Interface IP address has changed */ diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 67aceaf..99efc39 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -112,8 +112,12 @@ PHPMODULES="$PHPMODULES pdo" PHPMODULES="$PHPMODULES sqlite" # ZeroMQ PHPMODULES="$PHPMODULES zmq" +# SSH2 +PHPMODULES="$PHPMODULES ssh2" # pfSense extensions PHPMODULES="$PHPMODULES pfSense" +# ion cube +PHPMODULES="$PHPMODULES ioncube_loader" # Modules previously included. # can be turned on by touching |