diff options
author | frank <frankthetank@users.noreply.github.com> | 2017-04-21 22:59:11 -0400 |
---|---|---|
committer | frank <frankthetank@users.noreply.github.com> | 2017-04-21 22:59:11 -0400 |
commit | a741f6e8af56c0cd6b013b60576287f0ffd6c84a (patch) | |
tree | e0c1b44b082de4c6e2dd9ec6e227076214d43286 /src/etc | |
parent | c00c6f672117d599649c324553e44e64f2d553cc (diff) | |
parent | b7d2a3da5a0ef272303c9e5455431267fc0e56ae (diff) | |
download | pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.zip pfsense-a741f6e8af56c0cd6b013b60576287f0ffd6c84a.tar.gz |
Merge branch 'master' of https://github.com/pfsense/pfsense into
dyndns_dreamhost
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/authgui.inc | 1 | ||||
-rw-r--r-- | src/etc/inc/certs.inc | 62 | ||||
-rw-r--r-- | src/etc/inc/config.console.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/dyndns.class | 60 | ||||
-rw-r--r-- | src/etc/inc/easyrule.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/functions.inc | 44 | ||||
-rw-r--r-- | src/etc/inc/gwlb.inc | 477 | ||||
-rw-r--r-- | src/etc/inc/interfaces.inc | 6 | ||||
-rw-r--r-- | src/etc/inc/pfsense-utils.inc | 65 | ||||
-rw-r--r-- | src/etc/inc/pkg-utils.inc | 78 | ||||
-rw-r--r-- | src/etc/inc/services.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/upgrade_config.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/util.inc | 15 | ||||
-rwxr-xr-x | src/etc/pfSense-rc | 5 | ||||
-rwxr-xr-x | src/etc/rc.banner | 2 | ||||
-rwxr-xr-x | src/etc/rc.initial.setlanip | 2 | ||||
-rwxr-xr-x | src/etc/rc.packages | 10 |
17 files changed, 717 insertions, 122 deletions
diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index c7d3362..db76b88 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -27,6 +27,7 @@ include_once("priv.inc"); if (!function_exists('platform_booting')) { require_once('globals.inc'); } +require_once('pfsense-utils.inc'); /* Authenticate user - exit if failed */ if (!session_auth()) { diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index bb114c8..ef12843 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -541,29 +541,26 @@ function cert_get_issuer($str_crt, $decode = true) { return $issuer; } -/* this function works on x509 (crt), rsa key (prv), and req(csr) */ -function cert_get_modulus($str_crt, $decode = true, $type = "crt") { +/* Works for both RSA and ECC (crt) and key (prv) */ +function cert_get_publickey($str_crt, $decode = true, $type = "crt") { if ($decode) { $str_crt = base64_decode($str_crt); } - - $modulus = ""; - if (in_array($type, array("crt", "prv", "csr"))) { - $type = str_replace(array("crt", "prv", "csr"), array("x509", "rsa", "req"), $type); - $modulus = exec("echo \"{$str_crt}\" | openssl {$type} -noout -modulus"); + switch ($type) { + case 'prv': + exec("echo \"{$str_crt}\" | openssl pkey -pubout", $out); + break; + case 'crt': + exec("echo \"{$str_crt}\" | openssl x509 -inform pem -noout -pubkey", $out); + break; + case 'csr': + exec("echo \"{$str_crt}\" | openssl req -inform pem -noout -pubkey", $out); + break; + default: + $out = array(); + break; } - return $modulus; -} - -/* Same but returns modulus keysize not modulus itself */ -function cert_get_modulus_keysize($str_crt, $decode = true, $type = "crt") { - // modulus usually returned as "modulus=.....". Remove anything before an "=" and return 4 x (hex string length) - $raw_modulus = explode('=', cert_get_modulus($str_crt, $decode, $type)); - return strlen(array_pop($raw_modulus))*4; -} - -function csr_get_modulus($str_crt, $decode = true) { - return cert_get_modulus($str_crt, $decode, "csr"); + return implode("\n", $out); } function cert_get_purpose($str_crt, $decode = true) { @@ -603,10 +600,6 @@ function cert_get_serial($str_crt, $decode = true) { } } -function prv_get_modulus($str_crt, $decode = true) { - return cert_get_modulus($str_crt, $decode, "prv"); -} - function is_openvpn_server_ca($caref) { global $config; if (!is_array($config['openvpn']['openvpn-server'])) { @@ -771,6 +764,27 @@ function cert_in_use($certref) { is_package_cert($certref)); } +function cert_usedby_description($refid, $certificates_used_by_packages) { + $result = ""; + if (is_array($certificates_used_by_packages)) { + foreach ($certificates_used_by_packages as $name => $package) { + if (isset($package['certificatelist'][$refid])) { + $hint = "" ; + if (is_array($package['certificatelist'][$refid])) { + foreach ($package['certificatelist'][$refid] as $cert_used) { + $hint = $hint . $cert_used['usedby']."\n"; + } + } + $count = count($package['certificatelist'][$refid]); + $result .= "<div title='".htmlspecialchars($hint)."'>"; + $result .= htmlspecialchars($package['pkgname'])." ($count)<br />"; + $result .= "</div>"; + } + } + } + return $result; +} + function crl_create(& $crl, $caref, $name, $serial = 0, $lifetime = 9999) { global $config; $ca =& lookup_ca($caref); @@ -861,7 +875,7 @@ function cert_compare($cert1, $cert2) { if ((cert_get_issuer($c1, false) == cert_get_issuer($c2, false)) && (cert_get_subject($c1, false) == cert_get_subject($c2, false)) && (cert_get_serial($c1, false) == cert_get_serial($c2, false)) && - (cert_get_modulus($c1, false) == cert_get_modulus($c2, false))) { + (cert_get_publickey($c1, false) == cert_get_publickey($c2, false))) { return true; } return false; diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc index 1415e86..a61bbd7 100644 --- a/src/etc/inc/config.console.inc +++ b/src/etc/inc/config.console.inc @@ -71,7 +71,7 @@ EOD; else $status = "(down)"; $ifsmallist = $ifsmallist . $iface. " "; - echo sprintf("% -7s%s %s %s\n", $iface, $ifa['mac'], + echo sprintf("%-7s %s %s %s\n", $iface, $ifa['mac'], $status, substr($ifa['dmesg'], 0, 48)); } } diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index f0423c9..b32d761 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -60,6 +60,7 @@ * - All-Inkl (all-inkl.com) * - DuiaDNS (www.duiadns.net) * - DuiaDNS IPv6 (www.duiadns.net) + * - Hover (www.hover.com) * - DreamHost DNS (www.dreamhost.com) * +----------------------------------------------------+ * Requirements: @@ -114,6 +115,7 @@ * All-Inkl - Last Tested: 12 November 2016 * DuiaDNS - Last Tested: 25 November 2016 * DuiaDNS IPv6 - Last Tested: 25 November 2016 + * Hover - Last Tested: 15 February 2017 * DreamHost - Not Tested * DreamHost IPv6 - Not Tested * +====================================================+ @@ -214,6 +216,7 @@ case "cloudflare-v6": case "cloudflare": case "gratisdns": + case "hover": if (!$dnsUser) $this->_error(3); if (!$dnsPass) $this->_error(4); if (!$dnsHost) $this->_error(5); @@ -324,6 +327,7 @@ case 'spdyn': case 'spdyn-v6': case 'all-inkl': + case 'hover': $this->_update(); if ($this->_dnsDummyUpdateDone == true) { // If a dummy update was needed, then sleep a while and do the update again to put the proper address back. @@ -835,6 +839,52 @@ curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); curl_setopt($ch, CURLOPT_URL, $server . 'myip=' . $this->_dnsIP); break; + case 'hover': + $needsIP = FALSE; + $port = ""; + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + + //step 1: login to API + $post_data['username'] = $this->_dnsUser; + $post_data['password'] = $this->_dnsPass; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/login"); + curl_setopt($ch, CURLOPT_HEADER, 1); //return the full headers to extract the cookies + $output = curl_exec($ch); + + //extract the cookies + preg_match_all("/^Set-cookie: (.*?);/ism", $output, $cookies); + if( count($cookies[1]) > 0 ){ + $cookie_data = implode("; ",$cookies[1]); + } + + //step 2: find the id of the A record + $post_data = null; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_COOKIE, $cookie_data); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns"); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); + + $output = curl_exec($ch); + preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{\"id\":\"([^\"]*?)\",\"name\":\"{$this->_dnsHost}\".*?\$/", $output, $hostID); + $hostID = $hostID[1]; + preg_match("/^{\"succeeded\":true.*?domain_name\":\"{$this->_dnsDomain}.*?entries.*?{[^\}]*?\"name\":\"{$this->_dnsHost}\".*?content\":\"([^\"]*?)\".*?\$/", $output, $hostIP); + $hostIP = $hostIP[1]; + + //step 3: update the IP + if ($hostID) { + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + curl_setopt($ch, CURLOPT_COOKIE, $cookie_data); + $post_data['content'] = $this->_dnsIP; + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); + curl_setopt($ch, CURLOPT_URL, "https://www.hover.com/api/dns/{$hostID}"); + log_error("HostID:{$hostID}, OldIP:{$hostIP}"); + } + break; case 'dreamhost': case 'dreamhost-v6': $needsIP = TRUE; @@ -1707,6 +1757,16 @@ $this->_debug($header); } break; + case 'hover': + if (preg_match('/succeeded":true/i', $data)) { + $status = $status_intro . $success_str . gettext("IP Address Changed Successfully!") . " (" . $this->_dnsIP . ")"; + $successful_update = true; + } else { + $status = $status_intro . "(" . gettext("Unknown Response") . ")"; + log_error($status_intro . gettext("PAYLOAD:") . " " . $data); + $this->_debug($data); + } + break; case 'dreamhost': case 'dreamhost-v6': $result = json_decode($data,true); diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc index 766eb2e..8984c45 100644 --- a/src/etc/inc/easyrule.inc +++ b/src/etc/inc/easyrule.inc @@ -30,7 +30,7 @@ require_once("config.inc"); function easyrule_find_rule_interface($int) { global $config; /* Borrowed from firewall_rules.php */ - $iflist = get_configured_interface_with_descr(false, true); + $iflist = get_configured_interface_with_descr(true); if ($config['pppoe']['mode'] == "server") { $iflist['pppoe'] = "PPPoE Server"; diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 085fab1..abb3578 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -23,47 +23,17 @@ * limitations under the License. */ -/* BEGIN compatibility goo with HEAD */ -if (!function_exists("pfSenseHeader")) { - /****f* pfsense-utils/pfSenseHeader - * NAME - * pfSenseHeader - * INPUTS - * none - * RESULT - * Javascript header change or browser Location: - ******/ - function pfSenseHeader($text) { - global $_SERVER; - if (isAjax()) { - if ($_SERVER['HTTPS'] == "on") { - $protocol = "https"; - } else { - $protocol = "http"; - } - - $port = ":{$_SERVER['SERVER_PORT']}"; - if ($_SERVER['SERVER_PORT'] == "80" && $protocol == "http") { - $port = ""; - } - if ($_SERVER['SERVER_PORT'] == "443" && $protocol == "https") { - $port = ""; - } - $complete_url = "{$protocol}://{$_SERVER['HTTP_HOST']}{$port}/{$text}"; - echo "\ndocument.location.href = '{$complete_url}';\n"; - } else { - header("Location: $text"); - } - } -} -/* END compatibility goo with HEAD */ +/* + * DEPRECATED! DO NOT INCLUDE THIS FILE! + * Use individual .inc files containing the required functions instead. + */ /* include all configuration functions */ -require_once("interfaces.inc"); +require_once("certs.inc"); require_once("gwlb.inc"); -require_once("services.inc"); +require_once("interfaces.inc"); require_once("pfsense-utils.inc"); -require_once("certs.inc"); +require_once("services.inc"); require_once("system.inc"); require_once("vslb.inc"); diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index d7cecc0..1e927f5 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -521,8 +521,13 @@ function return_gateways_status_text($byname = false, $brief = false) { return $output; } -/* Return all configured gateways on the system */ -function return_gateways_array($disabled = false, $localhost = false, $inactive = false) { +/* Return all configured gateways on the system + $disabled = true - include gateways that are disabled + $localhost = true - include "Null" entries for localhost IP addresses + $inactive = true - include gateways on inactive interfaces + $integer_index = true - index the returned array by integers 0,1,2,... instead of by GW name +*/ +function return_gateways_array($disabled = false, $localhost = false, $inactive = false, $integer_index = false) { global $config, $g; $gateways_arr = array(); @@ -638,7 +643,7 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive if ($disabled == false) { $iflist = get_configured_interface_with_descr(); } else { - $iflist = get_configured_interface_with_descr(false, true); + $iflist = get_configured_interface_with_descr(true); } /* Process/add dynamic v4 gateways. */ @@ -864,6 +869,11 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive $gateways_arr['Null4'] = $gwlo4; $gateways_arr['Null6'] = $gwlo6; } + + if ($integer_index) { + $gateways_arr = array_values($gateways_arr); + } + return($gateways_arr); } @@ -1323,4 +1333,465 @@ function gateway_is_gwgroup_member($name) { return $members; } +/* + Check the proposed gateway settings to see if they are valid. + $gateway_settings - the proposed array of proposed gateway settings + $id - the index of the gateway proposed to be modified (otherwise "" if adding a new gateway) + $parent_ip - the IP (v4 or v6) address about to be set on the corresponding interface (if any) + $parent_sn - the subnet about to be set on the corresponding interface (if any) + (Note: the above 2 parameters allow gateway parameters to be validated concurrently with saving + an interface, before the new interface parameters are actually saved in the config.) + Return completed $input_errors array if there is any problem. + Otherwise return an empty $input_errors array +*/ +function validate_gateway($gateway_settings, $id = "", $parent_ip = "", $parent_sn = "") { + global $config; + + $a_gateways = return_gateways_array(true, false, true, true); + $input_errors = array(); + + /* input validation */ + $reqdfields = explode(" ", "name interface"); + $reqdfieldsn = array(gettext("Name"), gettext("Interface")); + + do_input_validation($gateway_settings, $reqdfields, $reqdfieldsn, $input_errors); + + if (!isset($gateway_settings['name'])) { + $input_errors[] = "A valid gateway name must be specified."; + } + if (!is_validaliasname($gateway_settings['name'])) { + $input_errors[] = invalidaliasnamemsg($gateway_settings['name'], gettext("gateway")); + } else if (isset($gateway_settings['disabled'])) { + // We have a valid gateway name that the user wants to mark as disabled. + // Check if the gateway name is used in any gateway group. + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $group) { + foreach ($group['item'] as $item) { + $items = explode("|", $item); + if ($items[0] == $gateway_settings['name']) { + $input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Gateway Group "%2$s"'), $gateway_settings['name'], $group['name']); + } + } + } + } + + // Check if the gateway name is used in any enabled Static Route. + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $route) { + if ($route['gateway'] == $gateway_settings['name']) { + if (!isset($route['disabled'])) { + // There is a static route that uses this gateway and is enabled (not disabled). + $input_errors[] = sprintf(gettext('Gateway "%1$s" cannot be disabled because it is in use on Static Route "%2$s"'), $gateway_settings['name'], $route['network']); + } + } + } + } + } + /* skip system gateways which have been automatically added */ + if (($gateway_settings['gateway'] && (!is_ipaddr($gateway_settings['gateway'])) && ($gateway_settings['attribute'] !== "system")) && ($gateway_settings['gateway'] != "dynamic")) { + $input_errors[] = gettext("A valid gateway IP address must be specified."); + } + + if ($gateway_settings['gateway'] && is_ipaddr($gateway_settings['gateway'])) { + if (is_ipaddrv4($gateway_settings['gateway'])) { + if ($parent_ip == '') { + $parent_ip = get_interface_ip($gateway_settings['interface']); + $parent_sn = get_interface_subnet($gateway_settings['interface']); + } + if (empty($parent_ip) || empty($parent_sn)) { + $input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface."); + } elseif (!isset($gateway_settings["nonlocalgateway"])) { + $subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn); + $vips = link_interface_to_vips($gateway_settings['interface']); + if (is_array($vips)) { + foreach ($vips as $vip) { + if (!is_ipaddrv4($vip['subnet'])) { + continue; + } + $subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; + } + } + + $found = false; + foreach ($subnets as $subnet) { + if (ip_in_subnet($gateway_settings['gateway'], $subnet)) { + $found = true; + break; + } + } + + if ($found === false) { + $input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']); + } + } + } else if (is_ipaddrv6($gateway_settings['gateway'])) { + /* do not do a subnet match on a link local address, it's valid */ + if (!is_linklocal($gateway_settings['gateway'])) { + if ($parent_ip == '') { + $parent_ip = get_interface_ipv6($gateway_settings['interface']); + $parent_sn = get_interface_subnetv6($gateway_settings['interface']); + } + if (empty($parent_ip) || empty($parent_sn)) { + $input_errors[] = gettext("Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface."); + } elseif (!isset($gateway_settings["nonlocalgateway"])) { + $subnets = array(gen_subnetv6($parent_ip, $parent_sn) . "/" . $parent_sn); + $vips = link_interface_to_vips($gateway_settings['interface']); + if (is_array($vips)) { + foreach ($vips as $vip) { + if (!is_ipaddrv6($vip['subnet'])) { + continue; + } + $subnets[] = gen_subnetv6($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; + } + } + + $found = false; + foreach ($subnets as $subnet) { + if (ip_in_subnet($gateway_settings['gateway'], $subnet)) { + $found = true; + break; + } + } + + if ($found === false) { + $input_errors[] = sprintf(gettext("The gateway address %s does not lie within one of the chosen interface's subnets."), $gateway_settings['gateway']); + } + } + } + } + + if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddr'])) { + if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddr']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) { + $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration."); + } + } + if (!empty($config['interfaces'][$gateway_settings['interface']]['ipaddrv6'])) { + if (is_ipaddr($config['interfaces'][$gateway_settings['interface']]['ipaddrv6']) && (empty($gateway_settings['gateway']) || $gateway_settings['gateway'] == "dynamic")) { + $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration."); + } + } + } + if (($gateway_settings['monitor'] != "") && ($gateway_settings['monitor'] != "dynamic")) { + validateipaddr($gateway_settings['monitor'], IPV4V6, "Monitor IP", $input_errors, false); + } + if (isset($gateway_settings['data_payload']) && is_numeric($gateway_settings['data_payload']) && $gateway_settings['data_payload'] < 0) { + $input_errors[] = gettext("A valid data payload must be specified."); + } + /* only allow correct IPv4 and IPv6 gateway addresses */ + if (($gateway_settings['gateway'] <> "") && is_ipaddr($gateway_settings['gateway']) && $gateway_settings['gateway'] != "dynamic") { + if (is_ipaddrv6($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet")) { + $input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $gateway_settings['gateway']); + } + if (is_ipaddrv4($gateway_settings['gateway']) && ($gateway_settings['ipprotocol'] == "inet6")) { + $input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $gateway_settings['gateway']); + } + } + /* only allow correct IPv4 and IPv6 monitor addresses */ + if (($gateway_settings['monitor'] <> "") && is_ipaddr($gateway_settings['monitor']) && $gateway_settings['monitor'] != "dynamic") { + if (is_ipaddrv6($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet")) { + $input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $gateway_settings['monitor']); + } + if (is_ipaddrv4($gateway_settings['monitor']) && ($gateway_settings['ipprotocol'] == "inet6")) { + $input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $gateway_settings['monitor']); + } + } + + if (isset($gateway_settings['name'])) { + /* check for overlaps */ + foreach ($a_gateways as $gateway) { + if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) { + if ($gateway['name'] != $gateway_settings['name']) { + $input_errors[] = gettext("Changing name on a gateway is not allowed."); + } + continue; + } + if ($gateway_settings['name'] <> "") { + if (($gateway['name'] <> "") && ($gateway_settings['name'] == $gateway['name']) && ($gateway['attribute'] !== "system")) { + $input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $gateway_settings['name']); + break; + } + } + if (is_ipaddr($gateway_settings['gateway'])) { + if (($gateway['gateway'] <> "") && ($gateway_settings['gateway'] == $gateway['gateway']) && ($gateway['attribute'] !== "system")) { + $input_errors[] = sprintf(gettext('The gateway IP address "%s" already exists.'), $gateway_settings['gateway']); + break; + } + } + if (is_ipaddr($gateway_settings['monitor'])) { + if (($gateway['monitor'] <> "") && ($gateway_settings['monitor'] == $gateway['monitor']) && ($gateway['attribute'] !== "system")) { + $input_errors[] = sprintf(gettext('The monitor IP address "%s" is already in use. A different monitor IP must be chosen.'), $gateway_settings['monitor']); + break; + } + } + } + } + + /* input validation of dpinger advanced parameters */ + + $dpinger_default = return_dpinger_defaults(); + $latencylow = $dpinger_default['latencylow']; + if ($gateway_settings['latencylow']) { + if (!is_numeric($gateway_settings['latencylow'])) { + $input_errors[] = gettext("The low latency threshold needs to be a numeric value."); + } else if ($gateway_settings['latencylow'] < 1) { + $input_errors[] = gettext("The low latency threshold needs to be positive."); + } else { + $latencylow = $gateway_settings['latencylow']; + } + } + + $latencyhigh = $dpinger_default['latencyhigh']; + if ($gateway_settings['latencyhigh']) { + if (!is_numeric($gateway_settings['latencyhigh'])) { + $input_errors[] = gettext("The high latency threshold needs to be a numeric value."); + } else if ($gateway_settings['latencyhigh'] < 1) { + $input_errors[] = gettext("The high latency threshold needs to be positive."); + } else { + $latencyhigh = $gateway_settings['latencyhigh']; + } + } + + $losslow = $dpinger_default['losslow']; + if ($gateway_settings['losslow']) { + if (!is_numeric($gateway_settings['losslow'])) { + $input_errors[] = gettext("The low Packet Loss threshold needs to be a numeric value."); + } else if ($gateway_settings['losslow'] < 1) { + $input_errors[] = gettext("The low Packet Loss threshold needs to be positive."); + } else if ($gateway_settings['losslow'] >= 100) { + $input_errors[] = gettext("The low Packet Loss threshold needs to be less than 100."); + } else { + $losslow = $gateway_settings['losslow']; + } + } + + $losshigh = $dpinger_default['losshigh']; + if ($gateway_settings['losshigh']) { + if (!is_numeric($gateway_settings['losshigh'])) { + $input_errors[] = gettext("The high Packet Loss threshold needs to be a numeric value."); + } else if ($gateway_settings['losshigh'] < 1) { + $input_errors[] = gettext("The high Packet Loss threshold needs to be positive."); + } else if ($gateway_settings['losshigh'] > 100) { + $input_errors[] = gettext("The high Packet Loss threshold needs to be 100 or less."); + } else { + $losshigh = $gateway_settings['losshigh']; + } + } + + $time_period = $dpinger_default['time_period']; + if ($gateway_settings['time_period']) { + if (!is_numeric($gateway_settings['time_period'])) { + $input_errors[] = gettext("The time period over which results are averaged needs to be a numeric value."); + } else if ($gateway_settings['time_period'] < 1) { + $input_errors[] = gettext("The time period over which results are averaged needs to be positive."); + } else { + $time_period = $gateway_settings['time_period']; + } + } + + $interval = $dpinger_default['interval']; + if ($gateway_settings['interval']) { + if (!is_numeric($gateway_settings['interval'])) { + $input_errors[] = gettext("The probe interval needs to be a numeric value."); + } else if ($gateway_settings['interval'] < 1) { + $input_errors[] = gettext("The probe interval needs to be positive."); + } else { + $interval = $gateway_settings['interval']; + } + } + + $loss_interval = $dpinger_default['loss_interval']; + if ($gateway_settings['loss_interval']) { + if (!is_numeric($gateway_settings['loss_interval'])) { + $input_errors[] = gettext("The loss interval needs to be a numeric value."); + } else if ($gateway_settings['loss_interval'] < 1) { + $input_errors[] = gettext("The loss interval setting needs to be positive."); + } else { + $loss_interval = $gateway_settings['loss_interval']; + } + } + + $alert_interval = $dpinger_default['alert_interval']; + if ($gateway_settings['alert_interval']) { + if (!is_numeric($gateway_settings['alert_interval'])) { + $input_errors[] = gettext("The alert interval needs to be a numeric value."); + } else if ($gateway_settings['alert_interval'] < 1) { + $input_errors[] = gettext("The alert interval setting needs to be positive."); + } else { + $alert_interval = $gateway_settings['alert_interval']; + } + } + + if ($latencylow >= $latencyhigh) { + $input_errors[] = gettext( + "The high latency threshold needs to be greater than the low latency threshold"); + } + + if ($losslow >= $losshigh) { + $input_errors[] = gettext( + "The high packet loss threshold needs to be higher than the low packet loss threshold"); + } + + // If the loss interval is less than latencyhigh, then high latency could never be recorded + // because those high latency packets would be considered as lost. So do not allow that. + if ($latencyhigh > $loss_interval) { + $input_errors[] = gettext("The loss interval needs to be greater than or equal to the high latency threshold."); + } + + // Ensure that the time period is greater than 2 times the probe interval plus the loss interval. + if (($interval * 2 + $loss_interval) >= $time_period) { + $input_errors[] = gettext("The time period needs to be greater than twice the probe interval plus the loss interval."); + } + + // There is no point recalculating the average latency and loss more often than the probe interval. + // So the alert interval needs to be >= probe interval. + if ($interval > $alert_interval) { + $input_errors[] = gettext("The alert interval needs to be greater than or equal to the probe interval."); + } + + return $input_errors; +} + +// Save gateway settings. +// $gateway_settings - the array of gateway setting parameters +// $realid - the index of the gateway to be modified (otherwise "" if adding a new gateway) + +// This function is responsible to: +// Setup the gateway parameter structure from the gateway settings input parameter +// Save the structure into the config +// Remove any run-time settings from gateway parameters that are changed (e.g. remove routes to addresses that are changing) + +// A subsequent "apply" step will implement the added/changed gateway. + +function save_gateway($gateway_settings, $realid = "") { + global $config; + + $a_gateway_item = &$config['gateways']['gateway_item']; + $reloadif = ""; + $gateway = array(); + + if (empty($gateway_settings['interface'])) { + $gateway['interface'] = $gateway_settings['friendlyiface']; + } else { + $gateway['interface'] = $gateway_settings['interface']; + } + if (is_ipaddr($gateway_settings['gateway'])) { + $gateway['gateway'] = $gateway_settings['gateway']; + } else { + $gateway['gateway'] = "dynamic"; + } + $gateway['name'] = $gateway_settings['name']; + $gateway['weight'] = $gateway_settings['weight']; + $gateway['ipprotocol'] = $gateway_settings['ipprotocol']; + if ($gateway_settings['interval']) { + $gateway['interval'] = $gateway_settings['interval']; + } + + if ($gateway_settings['time_period']) { + $gateway['time_period'] = $gateway_settings['time_period']; + } + if ($gateway_settings['alert_interval']) { + $gateway['alert_interval'] = $gateway_settings['alert_interval']; + } + + $gateway['descr'] = $gateway_settings['descr']; + if ($gateway_settings['monitor_disable'] == "yes") { + $gateway['monitor_disable'] = true; + } + if ($gateway_settings['action_disable'] == "yes") { + $gateway['action_disable'] = true; + } + if ($gateway_settings['nonlocalgateway'] == "yes") { + $gateway['nonlocalgateway'] = true; + } + if ($gateway_settings['force_down'] == "yes") { + $gateway['force_down'] = true; + } + if (is_ipaddr($gateway_settings['monitor'])) { + $gateway['monitor'] = $gateway_settings['monitor']; + } + if (isset($gateway_settings['data_payload']) && $gateway_settings['data_payload'] > 0) { + $gateway['data_payload'] = $gateway_settings['data_payload']; + } + + /* NOTE: If gateway ip is changed need to cleanup the old static interface route */ + if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['gateway']) && + $gateway['gateway'] != $a_gateway_item[$realid]['gateway'] && + isset($a_gateway_item[$realid]["nonlocalgateway"])) { + $realif = get_real_interface($a_gateway_item[$realid]['interface']); + $inet = (!is_ipaddrv4($a_gateway_item[$realid]['gateway']) ? "-inet6" : "-inet"); + $cmd = "/sbin/route delete $inet " . escapeshellarg($a_gateway_item[$realid]['gateway']) . " -iface " . escapeshellarg($realif); + mwexec($cmd); + } + + /* NOTE: If monitor ip is changed need to cleanup the old static route */ + if ($gateway_settings['monitor'] != "dynamic" && !empty($a_gateway_item[$realid]) && is_ipaddr($a_gateway_item[$realid]['monitor']) && + $gateway_settings['monitor'] != $a_gateway_item[$realid]['monitor'] && $gateway['gateway'] != $a_gateway_item[$realid]['monitor']) { + if (is_ipaddrv4($a_gateway_item[$realid]['monitor'])) { + mwexec("/sbin/route delete " . escapeshellarg($a_gateway_item[$realid]['monitor'])); + } else { + mwexec("/sbin/route delete -inet6 " . escapeshellarg($a_gateway_item[$realid]['monitor'])); + } + } + + if ($gateway_settings['defaultgw'] == "yes" || $gateway_settings['defaultgw'] == "on") { + $i = 0; + /* remove the default gateway bits for all gateways with the same address family */ + foreach ($a_gateway_item as $gw) { + if ($gateway['ipprotocol'] == $gw['ipprotocol']) { + unset($config['gateways']['gateway_item'][$i]['defaultgw']); + if ($gw['interface'] != $gateway_settings['interface'] && $gw['defaultgw']) { + $reloadif = $gw['interface']; + } + } + $i++; + } + $gateway['defaultgw'] = true; + } + + if ($gateway_settings['latencylow']) { + $gateway['latencylow'] = $gateway_settings['latencylow']; + } + if ($gateway_settings['latencyhigh']) { + $gateway['latencyhigh'] = $gateway_settings['latencyhigh']; + } + if ($gateway_settings['losslow']) { + $gateway['losslow'] = $gateway_settings['losslow']; + } + if ($gateway_settings['losshigh']) { + $gateway['losshigh'] = $gateway_settings['losshigh']; + } + if ($gateway_settings['loss_interval']) { + $gateway['loss_interval'] = $gateway_settings['loss_interval']; + } + + if (isset($gateway_settings['disabled'])) { + $gateway['disabled'] = true; + /* Check if the gateway was enabled but changed to disabled. */ + if ((isset($realid) && $a_gateway_item[$realid]) && ($a_gateway_item[$realid]['disabled'] == false)) { + /* If the disabled gateway was the default route, remove the default route */ + if (is_ipaddr($gateway['gateway']) && + isset($gateway['defaultgw'])) { + $inet = (!is_ipaddrv4($gateway['gateway']) ? '-inet6' : '-inet'); + mwexec("/sbin/route delete {$inet} default"); + } + } + } else { + unset($gateway['disabled']); + } + + /* when saving the manual gateway we use the attribute which has the corresponding id */ + if (isset($realid) && $a_gateway_item[$realid]) { + $a_gateway_item[$realid] = $gateway; + } else { + $a_gateway_item[] = $gateway; + } + + mark_subsystem_dirty('staticroutes'); + + write_config(); + + if (!empty($reloadif)) { + send_event("interface reconfigure {$reloadif}"); + } +} ?> diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index d50aab8..414e51f 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -2519,7 +2519,7 @@ function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) { $baseif = interface_get_wireless_base($ifcfg['if']); // Sync shared settings for assigned clones - $iflist = get_configured_interface_list(false, true); + $iflist = get_configured_interface_list(true); foreach ($iflist as $if) { if ($baseif == interface_get_wireless_base($config['interfaces'][$if]['if']) && $ifcfg['if'] != $config['interfaces'][$if]['if']) { if (isset($config['interfaces'][$if]['wireless']['standard']) || $sync_changes) { @@ -4802,7 +4802,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan", $ /* XXX: For speed reasons reference directly the interface array */ $ifdescrs = &$config['interfaces']; - //$ifdescrs = get_configured_interface_list(false, true); + //$ifdescrs = get_configured_interface_list(true); foreach ($ifdescrs as $if => $ifname) { if ($if == $interface || $ifname['if'] == $interface) { @@ -4879,7 +4879,7 @@ function convert_friendly_interface_to_friendly_descr($interface) { return get_interface_linklocal($interface); } else { /* if list */ - $ifdescrs = get_configured_interface_with_descr(false, true); + $ifdescrs = get_configured_interface_with_descr(true); foreach ($ifdescrs as $if => $ifname) { if ($if == $interface || $ifname == $interface) { return $ifname; diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index ea5d5fe..3fa06c0 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -130,6 +130,37 @@ function get_dns_servers() { return array_unique($dns_servers); } +/****f* pfsense-utils/pfSenseHeader + * NAME + * pfSenseHeader + * INPUTS + * none + * RESULT + * Javascript header change or browser Location: + ******/ +function pfSenseHeader($text) { + global $_SERVER; + if (isAjax()) { + if ($_SERVER['HTTPS'] == "on") { + $protocol = "https"; + } else { + $protocol = "http"; + } + + $port = ":{$_SERVER['SERVER_PORT']}"; + if ($_SERVER['SERVER_PORT'] == "80" && $protocol == "http") { + $port = ""; + } + if ($_SERVER['SERVER_PORT'] == "443" && $protocol == "https") { + $port = ""; + } + $complete_url = "{$protocol}://{$_SERVER['HTTP_HOST']}{$port}/{$text}"; + echo "\ndocument.location.href = '{$complete_url}';\n"; + } else { + header("Location: $text"); + } +} + /****f* pfsense-utils/get_css_files * NAME * get_css_files - get a list of the available CSS files (themes) @@ -605,7 +636,7 @@ function is_schedule_inuse($schedule) { function setup_microcode() { /* if list */ - $iflist = get_configured_interface_list(false, true); + $iflist = get_configured_interface_list(true); foreach ($iflist as $if => $ifdescr) { enable_hardware_offloading($if); } @@ -2078,6 +2109,37 @@ function update_progress_bar($percent, $first_time) { } } +function update_alias_name($new_alias_name, $orig_alias_name) { + if (!$orig_alias_name) { + return; + } + + // Firewall rules + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name); + // NAT Rules + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('target'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $new_alias_name, $orig_alias_name); + // NAT 1:1 Rules + //update_alias_names_upon_change(array('nat', 'onetoone'), array('external'), $new_alias_name, $orig_alias_name); + //update_alias_names_upon_change(array('nat', 'onetoone'), array('source', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + // NAT Outbound Rules + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('source', 'network'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('sourceport'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('destination', 'address'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('dstport'), $new_alias_name, $orig_alias_name); + update_alias_names_upon_change(array('nat', 'outbound', 'rule'), array('target'), $new_alias_name, $orig_alias_name); + // Alias in an alias + update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $new_alias_name, $orig_alias_name); +} + function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) { global $g, $config, $pconfig, $debug; if (!$origname) { @@ -2834,6 +2896,7 @@ function get_locale_list() { "en_US" => gettext("English"), "es" => gettext("Spanish"), "nb" => gettext("Norwegian Bokmål"), + "ru" => gettext("Russian"), "zh_Hans_CN" => gettext("Chinese (Simplified, China)"), "zh_TW" => gettext("Chinese (Taiwan)"), ); diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index e576241..36e0885 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -337,8 +337,8 @@ function get_package_internal_name($package_data) { } // Get information about packages. -function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $installed_pkgs_only = false) { - +function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, + $installed_pkgs_only = false) { global $g, $input_errors; $out = $err = $extra_param = ''; @@ -375,30 +375,47 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta } if (!$installed_pkgs_only) { - $rc = pkg_exec("search {$extra_param}-R --raw-format json-compact " . $pkgs, $out, $err); + $rc = pkg_exec( + "search {$extra_param}-R --raw-format json-compact " . + $pkgs, $out, $err); } - if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled)) && is_package_installed($pkgs)) { - /* Fall back on pkg info to return locally installed matching pkgs instead, if + if (($installed_pkgs_only || ($rc != 0 && $remote_repo_usage_disabled)) + && is_pkg_installed($pkgs)) { + /* + * Fall back on pkg info to return locally installed matching + * pkgs instead, if: * * (1) only installed pkgs needed, or - * we tried to check the local catalog copy (implying that we would have accepted incomplete/outdated pkg info) - * but it didn't have any contents, or for other reasons returned an error. + * we tried to check the local catalog copy (implying that + * we would have accepted incomplete/outdated pkg info) + * but it didn't have any contents, or for other reasons + * returned an error. * AND * (2) at least some pkgs matching <pattern> are installed * - * Following an unsuccessful attempt to access a remote repo catalog, the local copy is wiped clear. Thereafter any - * "pkg search" will return an error until online+updated again. If the calling code would have accepted local copy info - * (which could be incomplete/out of date), then it makes sense to fall back on pkg info to at least return the known - * info about installed pkgs (pkg info should still work), instead of failing and returning no info at all. - * For example, this at least enables offline view + management of installed pkgs in GUI/console. + * Following an unsuccessful attempt to access a remote repo + * catalog, the local copy is wiped clear. Thereafter any + * "pkg search" will return an error until online+updated again. + * If the calling code would have accepted local copy info + * (which could be incomplete/out of date), then it makes sense + * to fall back on pkg info to at least return the known + * info about installed pkgs (pkg info should still work), + * instead of failing and returning no info at all. + * For example, this at least enables offline view + management + * of installed pkgs in GUI/console. * - * We skip this step if no matching pkgs are installed, because then pkg info would return a "no matching pkgs" - * RC code, even though this wouldn't be considered an "error" (and $out+$err would be correct empty strings if none match). - * Note that is_package_installed() is a wrapper for pkg info -e <pattern> which is what we need here. + * We skip this step if no matching pkgs are installed, because + * then pkg info would return a "no matching pkgs" RC code, + * even though this wouldn't be considered an "error" (and + * $out+$err would be correct empty strings if none match). + * + * Note that is_pkg_installed() is a wrapper for pkg info -e + * <pattern> which is what we need here. */ // ok, 1 or more packages match, so pkg info can be safely called to get the pkg list - $rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, $out, $err); + $rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, + $out, $err); } if ($lock) { @@ -410,8 +427,10 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta "ERROR: Error trying to get packages list. Aborting...") . "\n"); update_status($err); - $input_errors[] = gettext("ERROR: Error trying to get packages list. Aborting...") . "\n"; - $input_errors[] = $err; + $input_errors[] = gettext( + "ERROR: Error trying to get packages list. Aborting...") . + "\n"; + $input_errors[] = $err; return array(); } @@ -423,7 +442,8 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta continue; } - if (isset($pkg_filter) && !in_array($pkg_info['name'], $pkg_filter)) { + if (isset($pkg_filter) && !in_array($pkg_info['name'], + $pkg_filter)) { continue; } @@ -438,24 +458,29 @@ function get_pkg_info($pkgs = 'all', $remote_repo_usage_disabled = false, $insta if (is_pkg_installed($pkg_info['name'])) { $pkg_info['installed'] = true; - $rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err); + $rc = pkg_exec("query %v {$pkg_info['name']}", $out, + $err); if ($rc != 0) { update_status("\n" . gettext( "ERROR: Error trying to get package version. Aborting...") . "\n"); update_status($err); - $input_errors[] = gettext("ERROR: Error trying to get package version. Aborting...") . "\n"; - $input_errors[] = $err; + $input_errors[] = gettext( + "ERROR: Error trying to get package version. Aborting...") . + "\n"; + $input_errors[] = $err; return array(); } - $pkg_info['installed_version'] = str_replace("\n", "", $out); + $pkg_info['installed_version'] = str_replace("\n", "", + $out); } else if (is_package_installed($pkg_info['shortname'])) { $pkg_info['broken'] = true; } - $pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', $pkg_info['desc']); + $pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', + $pkg_info['desc']); $result[] = $pkg_info; unset($pkg_info); @@ -482,12 +507,7 @@ function register_all_installed_packages() { $pkg_info = get_pkg_info('all', true, true); - foreach ($pkg_info as $pkg) { - if (!isset($pkg['installed'])) { - continue; - } - pkg_remove_prefix($pkg['name']); if (is_package_installed($pkg['name'])) { diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 5ed626b..f7aadd8 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -23,8 +23,8 @@ * limitations under the License. */ -define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dreamhost dreamhost-v6 duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit'); -define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DreamHost,Dreamhost (v6),DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit'); +define('DYNDNS_PROVIDER_VALUES', 'all-inkl citynetwork cloudflare cloudflare-v6 custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dreamhost dreamhost-v6 duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns freedns-v6 glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker hover loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdyn spdyn-v6 zoneedit'); +define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,City Network,CloudFlare,CloudFlare (v6),Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DreamHost,Dreamhost (v6),DuiaDns.net,DuiaDns.net (v6),DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Hover,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDYN,SPDYN (v6),ZoneEdit'); /* implement ipv6 route advertising daemon */ function services_radvd_configure($blacklist = array()) { diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index bbd6552..ab7574d 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -742,7 +742,7 @@ function upgrade_041_to_042() { function upgrade_042_to_043() { global $config; /* migrate old interface gateway to the new gateways config */ - $iflist = get_configured_interface_list(false, true); + $iflist = get_configured_interface_list(true); $gateways = array(); $i = 0; foreach ($iflist as $ifname => $interface) { @@ -837,7 +837,7 @@ function upgrade_043_to_044() { function upgrade_044_to_045() { global $config; - $iflist = get_configured_interface_list(false, true); + $iflist = get_configured_interface_list(true); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { $i = 0; foreach ($config['vlans']['vlan'] as $id => $vlan) { diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index d294d1d..db8ec73 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1367,16 +1367,13 @@ function compare_interface_friendly_names($a, $b) { } /* return the configured interfaces list. */ -function get_configured_interface_list($only_opt = false, $withdisabled = false) { +function get_configured_interface_list($withdisabled = false) { global $config; $iflist = array(); /* if list */ foreach ($config['interfaces'] as $if => $ifdetail) { - if ($only_opt && ($if == "wan" || $if == "lan")) { - continue; - } if (isset($ifdetail['enable']) || $withdisabled == true) { $iflist[$if] = $if; } @@ -1386,16 +1383,13 @@ function get_configured_interface_list($only_opt = false, $withdisabled = false) } /* return the configured interfaces list. */ -function get_configured_interface_list_by_realif($only_opt = false, $withdisabled = false) { +function get_configured_interface_list_by_realif($withdisabled = false) { global $config; $iflist = array(); /* if list */ foreach ($config['interfaces'] as $if => $ifdetail) { - if ($only_opt && ($if == "wan" || $if == "lan")) { - continue; - } if (isset($ifdetail['enable']) || $withdisabled == true) { $tmpif = get_real_interface($if); if (!empty($tmpif)) { @@ -1408,16 +1402,13 @@ function get_configured_interface_list_by_realif($only_opt = false, $withdisable } /* return the configured interfaces list with their description. */ -function get_configured_interface_with_descr($only_opt = false, $withdisabled = false) { +function get_configured_interface_with_descr($withdisabled = false) { global $config, $user_settings; $iflist = array(); /* if list */ foreach ($config['interfaces'] as $if => $ifdetail) { - if ($only_opt && ($if == "wan" || $if == "lan")) { - continue; - } if (isset($ifdetail['enable']) || $withdisabled == true) { if (empty($ifdetail['descr'])) { $iflist[$if] = strtoupper($if); diff --git a/src/etc/pfSense-rc b/src/etc/pfSense-rc index 4b9990d..0bb0f2b 100755 --- a/src/etc/pfSense-rc +++ b/src/etc/pfSense-rc @@ -228,7 +228,12 @@ SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` # make some directories in /var /bin/mkdir -p $varrunpath /var/log /var/etc /var/db/entropy /var/db/rrd /var/at/jobs/ /var/empty /var/log/nginx 2>/dev/null + +# turn off the immutable flag, set /var/empty to read-only, make it immutable again +chflags noschg /var/empty chmod 0555 /var/empty +chflags schg /var/empty + /bin/rm -rf $varrunpath/* # Cleanup configuration files from previous instance diff --git a/src/etc/rc.banner b/src/etc/rc.banner index 92d9e12..05f1e2c 100755 --- a/src/etc/rc.banner +++ b/src/etc/rc.banner @@ -32,7 +32,7 @@ $machine = trim(`uname -m`); print "*** Welcome to {$product} {$g['product_version_string']} ({$machine}) on {$hostname} ***\n"; -$iflist = get_configured_interface_with_descr(false, true); +$iflist = get_configured_interface_with_descr(true); foreach ($iflist as $ifname => $friendly) { /* point to this interface's config */ $ifconf = $config['interfaces'][$ifname]; diff --git a/src/etc/rc.initial.setlanip b/src/etc/rc.initial.setlanip index b0b7144..25ed88e 100755 --- a/src/etc/rc.initial.setlanip +++ b/src/etc/rc.initial.setlanip @@ -134,7 +134,7 @@ function get_interface_config_description($iface) { $fp = fopen('php://stdin', 'r'); /* build an interface collection */ -$ifdescrs = get_configured_interface_with_descr(false, true); +$ifdescrs = get_configured_interface_with_descr(true); $count = count($ifdescrs); /* grab interface that we will operate on, unless there is only one interface */ diff --git a/src/etc/rc.packages b/src/etc/rc.packages index b0f37b3..8a6f886 100755 --- a/src/etc/rc.packages +++ b/src/etc/rc.packages @@ -20,6 +20,11 @@ * limitations under the License. */ +/* If PHP is not running, silently abort and run registration during boot */ +if (!file_exists('/var/run/php-fpm.pid')) { + exit; +} + require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); @@ -41,11 +46,6 @@ if ($argc == 1) { exit; } -/* If PHP is not running, silently abort and run registration during boot */ -if (!isvalidpid('/var/run/php-fpm.pid')) { - exit; -} - $pkg = ''; $when = ''; |