Merge remote branch 'mainline/master' into inc

Conflicts:
	etc/inc/filter.inc
	etc/inc/system.inc

6 files changed, 23 insertions, 40 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index cfa9466..59e9128 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -454,6 +454,8 @@ function local_user_set_groups($user, $new_groups = NULL ) {
 	foreach ($cur_groups as $groupname) {
 		if (in_array($groupname,$new_groups))
 			continue;
+		if (!isset($config['system']['group'][$groupindex[$groupname]]))
+			continue;
 		$group = & $config['system']['group'][$groupindex[$groupname]];
 		if (is_array($group['member'])) {
 			$index = array_search($user['uid'], $group['member']);
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index c9d8b92..211f33a 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -57,6 +57,9 @@ $GatewaysList = array();
 /* Used for the hostname dns resolver */
 $filterdns = "";
 
+/* Used for aliases and interface macros */
+$aliases = "";
+
 function flowtable_configure() {
 	global $config, $g;
 	return;
@@ -172,7 +175,7 @@ function filter_delete_states_for_down_gateways() {
 /* reload filter sync */
 function filter_configure_sync() {
 	global $config, $g, $after_filter_configure_run, $FilterIflist;
-	global $time_based_rules, $filterdns;
+	global $time_based_rules, $filterdns, $aliases;
 
 	/* Use config lock to not allow recursion and config changes during this run. */
 	$filterlck = lock('config');
@@ -1095,7 +1098,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
 }
 
 function filter_nat_rules_generate() {
-	global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList;
+	global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList, $aliases;
 
 	$natrules = "nat-anchor \"natearly/*\"\n";
 
@@ -2689,17 +2692,15 @@ EOD;
 }
 
 function discover_pkg_rules($ruletype) {
-	global $config, $g;
+	global $config, $g, $aliases;
 
 	/* Bail if there is no pkg directory, or if the package files might be out of sync. */
 	if(!is_dir("/usr/local/pkg") || file_exists('/conf/needs_package_sync'))
 		return "";
 
 	$rules = "";
-	$files = split("\n", trim(`ls /usr/local/pkg/*.inc`));
+	$files = glob("/usr/local/pkg/*.inc");
 	foreach($files as $pkg_inc) {
-		if($pkg_inc == "ls: No match.")
-			continue;
 		update_filter_reload_status(sprintf(gettext("Checking for %1$s PF hooks in package %2$s"), $ruletype, $pkg_inc));
 		require_once($pkg_inc);
 		$pkg = basename($pkg_inc, ".inc");
@@ -2707,7 +2708,7 @@ function discover_pkg_rules($ruletype) {
 		if(function_exists($pkg_generate_rules)) {
 			update_filter_reload_status(sprintf(gettext("Processing early %1$s rules for package %2$s"), $ruletype, $pkg_inc));
 			$tmprules = $pkg_generate_rules("$ruletype");
-			file_put_contents("{$g['tmp_path']}/rules.test.packages", $tmprules);
+			file_put_contents("{$g['tmp_path']}/rules.test.packages", $aliases . $tmprules);
 			$status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.test.packages");
 			if ($status <> 0) {
 				$errorrules = sprintf(gettext("There was an error while parsing the package filter rules for %s."), $pkg_inc) . "\n";
diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
index 02d8711..03cbf6f 100644
--- a/etc/inc/gwlb.inc
+++ b/etc/inc/gwlb.inc
@@ -339,11 +339,7 @@ function return_gateways_array($disabled = false) {
 			}
 		}
 
-		/* retrieve a proper monitor IP? */
-		$ifcfg =& $config['interfaces'][$ifname];
-		if (is_ipaddr($ifcfg['monitorip']))
-			$gateway['monitor'] = $ifcfg['monitorip'];
-		else
+		if (is_ipaddr($gateway['gateway']))
 			$gateway['monitor'] = $gateway['gateway'];
 
 		$gateway['descr'] = "Interface {$friendly} Dynamic Gateway";
@@ -478,7 +474,7 @@ function lookup_gateway_monitor_ip_by_name($name) {
 		if(!is_ipaddr($gateway['monitor']))
 			return $gateway['gateway'];
 
-		return ($monitorip);
+		return $gateway['monitor'];
         }
 
         return (false);
@@ -501,9 +497,7 @@ function get_interface_gateway($interface, &$dynamic = false) {
         $gw = NULL;
 
         $gwcfg =& $config['interfaces'][$interface];
-        if (is_ipaddr($gwcfg['gateway']))
-                $gw = $gwcfg['gateway'];
-        else if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
+        if (!empty($gwcfg['gateway']) && is_array($config['gateways']['gateway_item'])) {
                	foreach($config['gateways']['gateway_item'] as $gateway) {
                         if ($gateway['name'] == $gwcfg['gateway']) {
                                 $gw = $gateway['gateway'];
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index f4d224e..93ff163 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -2499,9 +2499,6 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven
 			} else if (substr($realif, 0, 4) == "ovpn") {
 				/* XXX: Should be done anything?! */
 			}
-
-			if (is_ipaddr($wancfg['gateway']))
-				file_put_contents("{$g['tmp_path']}/{$realif}_router", $wancfg['gateway']);
 			break;
 	}
 
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 422ae77..59ea4ea 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -355,7 +355,7 @@ function system_routing_configure($interface = "") {
 	}
 
 	if ($dont_add_route == false ) {
-		if (!empty($interface) && $inteface != $interafegw)
+		if (!empty($interface) && $interface != $interfacegw)
 			;
 		else if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) {
 			$action = "add";
@@ -364,14 +364,6 @@ function system_routing_configure($interface = "") {
 			}
 			log_error(sprintf(gettext("ROUTING: %1$s default route to %2$s"), $action, $gatewayip));
 			mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip));
-		} else if (is_ipaddr($config['interfaces']['wan']['gateway'])) {
-			/* Adding gateway for 1.2-style configs without the new
-		  	 * gateway setup configured.
-		  	 * Force WAN to be default gateway because that is the 1.2 behavior.
-			 */
-			log_error(gettext("WARNING: There is no default gateway in the configuration."));
-			$gatewayip = $config['interfaces']['wan']['gateway'];
-			mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true);
 		}
 	}
 
@@ -380,18 +372,15 @@ function system_routing_configure($interface = "") {
 
 		foreach ($config['staticroutes']['route'] as $rtent) {
 			$gatewayip = "";
-			if (isset($gateways_arr[$rtent['gateway']])) {
-				$gatewayip = $gateways_arr[$rtent['gateway']]['gateway'];
-				$interfacegw = $gateways_arr[$rtent['gateway']]['interface'];
-				if ($interface == $gateways_arr[$rtent['gateway']]['friendlyiface'])
-					continue;
-			} else if (is_ipaddr($rtent['gateway'])) {
-				$gatewayip = $rtent['gateway'];
-			} else {
+			if (empty($gateways_arr[$rtent['gateway']])) {
 				log_error(sprintf(gettext("Static Routes: Gateway IP could not be found for %s"), $rtent['network']));
 				continue;
 			}
-
+			$gateway = $gateways_arr[$rtent['gateway']];
+			if ($interface == $gateway['friendlyiface'])
+				continue;
+			$gatewayip = $gateway['gateway'];
+			$interfacegw = $gateway['interface'];
 			$action = "add";
 			if (isset($route_arr[$rtent['network']]))
 				$action = "change";
diff --git a/etc/rc.newwanip b/etc/rc.newwanip
index 9d3d484..c018cb0 100755
--- a/etc/rc.newwanip
+++ b/etc/rc.newwanip
@@ -78,15 +78,15 @@ system_resolvconf_generate(true);
 file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
 file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
 
-if (is_ipaddr($oldip) && $curwanip == $oldip)
-	exit;
-
 /* reconfigure static routes (kernel may have deleted them) */
 system_routing_configure($interface);
 
 /* reconfigure our gateway monitor */
 setup_gateways_monitor();
 
+if (is_ipaddr($oldip) && $curwanip == $oldip)
+	exit;
+
 /* perform RFC 2136 DNS update */
 services_dnsupdate_process($interface);