diff options
author | frank <frankthetank@users.noreply.github.com> | 2017-04-04 22:54:01 -0400 |
---|---|---|
committer | frank <frankthetank@users.noreply.github.com> | 2017-04-04 22:54:01 -0400 |
commit | c00c6f672117d599649c324553e44e64f2d553cc (patch) | |
tree | 217f7fbb0a474183a8782426468f35ca0ab7f893 /src/etc | |
parent | 499ac3069f503f573b50f09c9c293a7ee6b4f869 (diff) | |
parent | 593f052172b0969dfe9e9db755a9a41200e67ab1 (diff) | |
download | pfsense-c00c6f672117d599649c324553e44e64f2d553cc.zip pfsense-c00c6f672117d599649c324553e44e64f2d553cc.tar.gz |
Merge branch 'master' of https://github.com/pfsense/pfsense into
dyndns_dreamhost
Diffstat (limited to 'src/etc')
33 files changed, 733 insertions, 268 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 563987b..9c48992 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -26,6 +26,7 @@ * NOTE : Portions of the mschapv2 support was based on the BSD licensed CHAP.php * file courtesy of Michael Retterklieber. */ +include_once('phpsessionmanager.inc'); if (!$do_not_include_config_gui_inc) { require_once("config.gui.inc"); } @@ -1580,9 +1581,11 @@ function get_user_settings($username) { $settings['webgui']['dashboardcolumns'] = $config['system']['webgui']['dashboardcolumns']; $settings['webgui']['webguihostnamemenu'] = $config['system']['webgui']['webguihostnamemenu']; $settings['webgui']['webguicss'] = $config['system']['webgui']['webguicss']; + $settings['webgui']['interfacessort'] = isset($config['system']['webgui']['interfacessort']); $settings['webgui']['dashboardavailablewidgetspanel'] = isset($config['system']['webgui']['dashboardavailablewidgetspanel']); $settings['webgui']['webguifixedmenu'] = isset($config['system']['webgui']['webguifixedmenu']); $settings['webgui']['webguileftcolumnhyper'] = isset($config['system']['webgui']['webguileftcolumnhyper']); + $settings['webgui']['disablealiaspopupdetail'] = isset($config['system']['webgui']['disablealiaspopupdetail']); $settings['webgui']['systemlogsfilterpanel'] = isset($config['system']['webgui']['systemlogsfilterpanel']); $settings['webgui']['systemlogsmanagelogpanel'] = isset($config['system']['webgui']['systemlogsmanagelogpanel']); $settings['webgui']['statusmonitoringsettingspanel'] = isset($config['system']['webgui']['statusmonitoringsettingspanel']); @@ -1603,9 +1606,11 @@ function get_user_settings($username) { if (isset($user['webguihostnamemenu'])) { $settings['webgui']['webguihostnamemenu'] = $user['webguihostnamemenu']; } + $settings['webgui']['interfacessort'] = isset($user['interfacessort']); $settings['webgui']['dashboardavailablewidgetspanel'] = isset($user['dashboardavailablewidgetspanel']); $settings['webgui']['webguifixedmenu'] = isset($user['webguifixedmenu']); $settings['webgui']['webguileftcolumnhyper'] = isset($user['webguileftcolumnhyper']); + $settings['webgui']['disablealiaspopupdetail'] = isset($user['disablealiaspopupdetail']); $settings['webgui']['systemlogsfilterpanel'] = isset($user['systemlogsfilterpanel']); $settings['webgui']['systemlogsmanagelogpanel'] = isset($user['systemlogsmanagelogpanel']); $settings['webgui']['statusmonitoringsettingspanel'] = isset($user['statusmonitoringsettingspanel']); @@ -1747,12 +1752,11 @@ function session_auth() { true ); - if (!session_id()) { - session_start(); - } + phpsession_begin(); // Detect protocol change if (!isset($_POST['login']) && !empty($_SESSION['Logged_In']) && $_SESSION['protocol'] != $config['system']['webgui']['protocol']) { + phpsession_end(); return false; } @@ -1770,6 +1774,7 @@ function session_auth() { $_SESSION['user_radius_attributes'] = $attributes; $_SESSION['last_access'] = time(); $_SESSION['protocol'] = $config['system']['webgui']['protocol']; + phpsession_end(true); if (!isset($config['system']['webgui']['quietlogin'])) { log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); } @@ -1795,6 +1800,7 @@ function session_auth() { /* Show login page if they aren't logged in */ if (empty($_SESSION['Logged_In'])) { + phpsession_end(true); return false; } @@ -1842,7 +1848,7 @@ function session_auth() { } /* and destroy it */ - session_destroy(); + phpsession_destroy(); $scriptName = explode("/", $_SERVER["SCRIPT_FILENAME"]); $scriptElms = count($scriptName); @@ -1873,7 +1879,7 @@ function session_auth() { if ($_REQUEST['enable_ajax']) { unset($_SESSION['NO_AJAX']); } - + phpsession_end(true); return true; } diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index f0b7751..c7d3362 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -33,7 +33,7 @@ if (!session_auth()) { display_login_form(); exit; } - +phpsession_begin(); /* * Once here, the user has authenticated with the web server. * We give them access only to the appropriate pages based on @@ -90,9 +90,9 @@ if (!$_SESSION['Post_Login']) { /* * Close session data to allow other scripts from same host to come in. - * A session can be reactivated from calling session_start again + * A session can be reactivated from calling phpsession_begin again */ -session_commit(); +phpsession_end(true); /* * determine if the user is allowed access to the requested page diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 84c7cb4..e3c7b7b 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -2328,7 +2328,7 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri } if ($writecfg == true) { - write_config(); + write_config(gettext("Captive Portal allowed users configuration changed")); } /* redirect user to desired destination */ diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index 248019e..bb114c8 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -25,7 +25,7 @@ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf"); require_once("functions.inc"); global $openssl_digest_algs; -$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool"); +$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); global $openssl_crl_status; $openssl_crl_status = array( @@ -427,11 +427,9 @@ function csr_generate(& $cert, $keylen, $dn, $digest_alg = "sha256") { } function csr_complete(& $cert, $str_crt) { - - // return our request information - $cert['crt'] = base64_encode($str_crt); + $str_key = base64_decode($cert['prv']); + cert_import($cert, $str_crt, $str_key); unset($cert['csr']); - return true; } diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc index bb2659e..1415e86 100644 --- a/src/etc/inc/config.console.inc +++ b/src/etc/inc/config.console.inc @@ -377,6 +377,10 @@ EOD; touch("{$g['tmp_path']}/assign_complete"); + if (file_exists("/conf/trigger_initial_wizard")) { + // Let the system know that the interface assign part of initial setup has been done. + touch("{$g['conf_path']}/assign_complete"); + } } } diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 21aeb11..252b3b2 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -443,21 +443,19 @@ function write_config($desc="Unknown", $backup = true, $write_config_only = fals global $config, $g; if (!empty($_SERVER['REMOTE_ADDR'])) { - if (!session_id()) { - @session_start(); - } + @phpsession_begin(); if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) { $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { - session_commit(); + phpsession_end(true); return false; } } + if (!isset($argc)) { + phpsession_end(true); + } } - if (!isset($argc)) { - session_commit(); - } if ($backup) { backup_config(); diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 1c3a5fc..f0423c9 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -666,10 +666,9 @@ case 'route53': require_once("r53.class"); $r53 = new Route53($this->_dnsUser, $this->_dnsPass); - list($r53_regionId, $r53_zoneId) = split('/', $this->_dnsZoneID); - $apiurl = $r53->getApiUrl($r53_zoneId); + $apiurl = $r53->getApiUrl($this->_dnsZoneID); $xmlreq = $r53->getRequestBody($this->_dnsHost, $this->_dnsIP, $this->_dnsTTL); - $httphead = $r53->getHttpPostHeaders($r53_zoneId, $r53_regionId, hash("sha256",$xmlreq)); + $httphead = $r53->getHttpPostHeaders($this->_dnsZoneID, "us-east-1", hash("sha256",$xmlreq)); curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead); if($this->_dnsVerboseLog){ log_error(sprintf("Sending reuquest to: %s", $apiurl)); @@ -704,6 +703,7 @@ break; case 'cloudflare-v6': case 'cloudflare': + $this->_FQDN = ltrim($this->_FQDN, '@.'); $isv6 = ($this->_dnsService === 'cloudflare-v6'); $recordType = $isv6 ? "AAAA" : "A"; $needsIP = TRUE; @@ -1788,7 +1788,7 @@ $currentTime = time(); notify_all_remote(sprintf(gettext('DynDNS updated IP Address on %1$s (%2$s) to %3$s'), convert_real_interface_to_friendly_descr($this->_if), $this->_if, $wan_ip)); log_error(sprintf(gettext('phpDynDNS: updating cache file %1$s: %2$s'), $this->_cacheFile, $wan_ip)); - @file_put_contents($this->_cacheFile, "{$wan_ip}:{$currentTime}"); + @file_put_contents($this->_cacheFile, "{$wan_ip}|{$currentTime}"); } else { @unlink($this->_cacheFile); } @@ -1891,13 +1891,13 @@ } else { if (file_exists($this->_cacheFile)) { $contents = file_get_contents($this->_cacheFile); - list($cacheIP, $cacheTime) = explode(':', $contents); + list($cacheIP, $cacheTime) = explode('|', $contents); $this->_debug($cacheIP.'/'.$cacheTime); $initial = false; $log_error .= sprintf(gettext("Cached IP: %s"), $cacheIP); } else { $cacheIP = '0.0.0.0'; - @file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}"); + @file_put_contents($this->_cacheFile, "0.0.0.0|{$currentTime}"); $cacheTime = $currentTime; $initial = true; $log_error .= gettext("No Cached IP found."); diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc index b86a39e..766eb2e 100644 --- a/src/etc/inc/easyrule.inc +++ b/src/etc/inc/easyrule.inc @@ -263,7 +263,7 @@ function easyrule_block_host_add($host, $int = 'wan', $ipproto = "inet") { /* If needed, write the config and reload the filter */ if ($dirty) { - write_config(); + write_config(sprintf(gettext("Blocked host %s via easy rule"), $host)); $retval = filter_configure(); if (!empty($_SERVER['DOCUMENT_ROOT'])) { header("Location: firewall_aliases.php"); @@ -413,7 +413,7 @@ function easyrule_parse_unblock($int, $host, $ipproto = "inet") { $config['aliases']['alias'][$id]['detail'] = join("||", $a_detail); // Update config - write_config(); + write_config(sprintf(gettext("Unblocked host %s via easy rule"), $host)); $retval = filter_configure(); if (!empty($_SERVER['DOCUMENT_ROOT'])) { header("Location: firewall_aliases.php"); diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 6890c98..d940442 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -102,6 +102,8 @@ $icmptypes = array( define("ANTILOCKOUT_TRACKER", 10000); define("BOGONS_TRACKER", 11000); define("RFC1918_TRACKER", 12000); +define("PFLABEL_MAXLEN", 63); +define("USER_LABEL_INTRO", "USER_RULE: "); $tracker = 1000000000; $negate_tracker = 10000000; @@ -119,10 +121,15 @@ function filter_negaterule_tracker() { return "tracker {$negate_tracker} "; } +function user_rule_descr_maxlen() { + return PFLABEL_MAXLEN - strlen(USER_LABEL_INTRO); +} + function fix_rule_label($descr) { $descr = str_replace('"', '', $descr); - if (strlen($descr) > 63) { - return substr($descr, 0, 60) . "..."; + if (strlen($descr) > PFLABEL_MAXLEN) { + $dots = "..."; + return substr($descr, 0, PFLABEL_MAXLEN - strlen($dots)) . $dots; } else { return $descr; } @@ -580,7 +587,20 @@ function filter_generate_scrubing() { return $scrubrules; } -function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting, &$use_filterdns = false) { +function filter_generate_nested_alias($name) { + global $aliastable; + + $aliasnesting = array(); + $aliasaddrnesting = array(); + + if (($name == "") || !isset($aliastable[$name])) { + return ""; + } + + return filter_generate_nested_alias_recurse($name, $aliastable[$name], $aliasnesting, $aliasaddrnesting); +} + +function filter_generate_nested_alias_recurse($name, $alias, &$aliasnesting, &$aliasaddrnesting, &$use_filterdns = false) { global $aliastable, $filterdns; $addresses = explode(" ", $alias); @@ -597,7 +617,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $tmpline = ""; if (is_alias($address)) { if (alias_get_type($address) == 'urltable') { - // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias. Just load IPs from the file. + // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias_recurse. Just load IPs from the file. $urltable_nesting = alias_expand_urltable($address); if (!empty($urltable_nesting)) { $urlfile_as_arr = file($urltable_nesting); @@ -613,10 +633,10 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr } /* We already expanded this alias so there is no necessity to do it again. */ else if (!isset($aliasnesting[$address])) { - $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $use_filterdns); + $tmpline = filter_generate_nested_alias_recurse($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $use_filterdns); } } else if (!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && (is_port($address) || is_portrange($address))) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && is_port_or_range($address)) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) { $use_filterdns = true; $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; @@ -657,9 +677,7 @@ function filter_expand_alias($alias_name) { if (isset($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $aliased) { if ($aliased['name'] == $alias_name) { - $aliasnesting = array(); - $aliasaddrnesting = array(); - return filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + return filter_generate_nested_alias($aliased['name']); } } } @@ -743,14 +761,12 @@ function filter_generate_aliases() { /* Setup pf groups */ if (isset($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $aliased) { - $aliasnesting = array(); - $aliasaddrnesting = array(); if (is_numericint($aliased['name'])) { // skip aliases with numeric-only names. redmine #4289 file_notice("Filter_Reload", sprintf(gettext("Aliases with numeric-only names are not valid. Skipping alias %s"), $aliased['name'])); continue; } - $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + $addrlist = filter_generate_nested_alias($aliased['name']); switch ($aliased['type']) { case "host": case "network": @@ -2374,7 +2390,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if ($rule['descr'] != "" and $line != "") { - $ret['descr'] = "label \"" . fix_rule_label("USER_RULE: {$rule['descr']}") . "\""; + $ret['descr'] = "label \"" . fix_rule_label(USER_LABEL_INTRO . "{$rule['descr']}") . "\""; } else { $ret['descr'] = "label \"USER_RULE\""; } @@ -2678,7 +2694,7 @@ function filter_generate_user_rule($rule) { $aline['ipprotocol'] = "inet6"; break; default: - $aline['ipprotocol'] = ""; + $aline['ipprotocol'] = "inet"; break; } @@ -2693,6 +2709,38 @@ function filter_generate_user_rule($rule) { file_notice("Filter_Reload", $error_text); return "# {$error_text}"; } + if ($rule['source']['port'] + && !is_port_or_range(str_replace("-", ":", $rule['source']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['source']['port'])) { + $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['source']['port'])) == "") { + $error_text = sprintf(gettext("Empty source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } + } + if ($rule['destination']['port'] + && !is_port_or_range(str_replace("-", ":", $rule['destination']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['destination']['port'])) { + $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['destination']['port'])) == "") { + $error_text = sprintf(gettext("Empty destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } + } update_filter_reload_status(gettext("Setting up pass/block rules")); $type = $rule['type']; if ($type != "pass" && $type != "block" && $type != "reject" && $type != "match") { @@ -2786,7 +2834,9 @@ function filter_generate_user_rule($rule) { if ($rule['protocol'] == "icmp" && $rule['icmptype'] && ($rule['icmptype'] != 'any')) { $icmptype_key = ($rule['ipprotocol'] == 'inet6' ? 'icmp6-type' : 'icmp-type'); - $icmptype_text = (strpos($rule['icmptype'], ",") === false ? $rule['icmptype'] : '{ ' . $rule['icmptype'] . ' }'); + // XXX: Bug #7372 + $icmptype_text = replace_element_in_list($rule['icmptype'], ',', 'skip', '39'); + $icmptype_text = (strpos($icmptype_text, ",") === false ? $icmptype_text : '{ ' . $icmptype_text . ' }'); $aline[$icmptype_key] = "{$icmptype_key} {$icmptype_text} "; } @@ -3782,12 +3832,6 @@ function filter_rules_spoofcheck_generate($ifname, $ifcfg, $log) { return $ipfrules; } -/* COMPAT Function */ -function tdr_install_cron($should_install) { - log_error(gettext("Please use filter_tdr_install_cron() function tdr_install_cron will be deprecated!")); - filter_tdr_install_cron($should_install); -} - /****f* filter/filter_tdr_install_cron * NAME * filter_tdr_install_cron diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 85aff1a..085fab1 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -24,12 +24,6 @@ */ /* BEGIN compatibility goo with HEAD */ -if (!function_exists("gettext")) { - function gettext($text) { - return $text; - } -} - if (!function_exists("pfSenseHeader")) { /****f* pfsense-utils/pfSenseHeader * NAME @@ -64,77 +58,6 @@ if (!function_exists("pfSenseHeader")) { } /* END compatibility goo with HEAD */ -/*fetch menu notices function*/ -if (!function_exists("get_menu_messages")) { - function get_menu_messages() { - global $g, $config; - if (are_notices_pending()) { - $notices = get_notices(); - $requests = array(); - - ## Get Query Arguments from URL ### - foreach ($_REQUEST as $key => $value) { - if ($key != "PHPSESSID") { - $requests[] = $key . '=' . $value; - } - } - if (is_array($requests)) { - $request_string = implode("&", $requests); - } - - if (is_array($notices)) { - $notice_msgs = "<table colspan=\'6\' id=\'notice_table\'>"; - $alert_style = "style=\'color:#ffffff; filter:Glow(color=#ff0000, strength=12);\' "; - $notice = "<a href=\'#\' onclick=notice_action(\'acknowledge\',\'all\');domTT_close(this); {$alert_style}>" . gettext("Acknowledge All Notices") . "</a>"; - $alert_link = "title=\'" . gettext("Click to Acknowledge") . "\' {$alert_style}"; - $domtt_width = 500; - foreach ($notices as $key => $value) { - $date = date("m-d-y H:i:s", $key); - $noticemsg = ($value['notice'] != "" ? $value['notice'] : $value['id']); - $noticemsg = strip_tags(preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg)); - if ((strlen($noticemsg)* 8) > $domtt_width) { - $domtt_width = (strlen($noticemsg) *8); - } - if ((strlen($noticemsg)* 8) > 900) { - $domtt_width = 900; - } - $alert_action = "onclick=notice_action(\'acknowledge\',\'{$key}\');domTT_close(this);jQuery(this).parent().parent().remove();"; - $notice_msgs .= "<tr><td style=\'vertical-align: top\' width=\'120\'><a href=\'#\' {$alert_link} {$alert_action}>{$date}</a></td><td style=\'vertical-align: top\'><a href=\'#\' {$alert_link} {$alert_action}>[ " . htmlspecialchars($noticemsg) . "]</a></td></tr>"; - } - $notice_msgs .= "</table>"; - - $domtt = "onclick=\"domTT_activate(this, event, 'caption', '{$notice}','content', '<br />{$notice_msgs}', 'trail', false, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle','width','{$domtt_width}','y',5,'type', 'sticky');\""; - $menu_messages = "<div id='alerts'>\n"; - if (count($notices) == 1) { - $msg = sprintf("%1$02d", count($notices)) . " " . gettext("unread notice"); - } else { - $msg = sprintf("%1$02d", count($notices)) . " " . gettext("unread notices"); - } - $menu_messages .= "<div id='marquee-text' style='z-index:1001;'><a href='#' {$domtt}><b> .:. {$msg} .:. </b></a></div>\n"; - $menu_messages .= "</div>\n"; - } - } else { - $menu_messages = '<div id="hostname">'; - $menu_messages .= $config['system']['hostname'] . "." . $config['system']['domain']; - $menu_messages .= '</div>'; - } - return ($menu_messages); - } -} - -if (!function_exists("dom_title")) { - function dom_title($title_msg, $width=NULL) { - $width = preg_replace("/\D+/", "", $width); - if (!empty($width)) { - $width = ",'width',$width"; - } - if (!empty($title_msg)) { - $title_msg = preg_replace("/\s+/", " ", $title_msg); - $title_msg = preg_replace("/'/", "\'", $title_msg); - return "onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\" onmouseover=\"domTT_activate(this, event, 'content', '{$title_msg}', 'trail', true, 'delay', 250, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle' $width);\""; - } - } -} /* include all configuration functions */ require_once("interfaces.inc"); require_once("gwlb.inc"); diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index ed635c3..061de9c 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -37,7 +37,6 @@ define('DMYPWD', "********"); global $g; $g = array( - "base_packages" => "siproxd", "event_address" => "unix:///var/run/check_reload_status", "factory_shipped_username" => "admin", "factory_shipped_password" => "pfsense", @@ -71,7 +70,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "16.1", + "latest_config" => "16.4", "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "wan_interface_name" => "wan", diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index f3e7904..d7cecc0 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -630,6 +630,9 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive } } unset($gateway); + + //Sort the array by GW name before moving on. + ksort($gateways_arr, SORT_STRING | SORT_FLAG_CASE); /* Loop through all interfaces with a gateway and add it to a array */ if ($disabled == false) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 90a5749..d50aab8 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -38,6 +38,27 @@ function interfaces_bring_up($interface) { } /* + * Validate comma-separated list of IPv4 addresses + */ +function validate_ipv4_list($value) { + $value = trim($value); + + if (empty($value)) { + return false; + } + + $list = explode(',', $value); + + foreach ($list as $ip) { + if (!is_ipaddrv4($ip)) { + return false; + } + } + + return true; +} + +/* * Return the interface array */ function get_interface_arr($flush = false) { @@ -1300,7 +1321,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = switch ($ifcfg['ipaddrv6']) { case "slaac": case "dhcp6": - kill_dhcp6client_process($realif, isset($ifcfg['dhcp6norelease'])); + kill_dhcp6client_process($realif, $destroy, false); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf"); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh"); unlink_if_exists("{$g['varetc_path']}/rtsold_{$realifv6}_script.sh"); @@ -3039,36 +3060,72 @@ function find_dhcp6c_process($interface) { return intval($pid); } -function kill_dhcp6client_process($interface, $norelease) { +function kill_dhcp6client_process($interface, $force, $release = false) { global $g; + $i = 0; + + /* + Beware of the following: Reason, the interface may be down, but + dhcp6c may still be running, it just complains it cannot send + and carries on. Commented out as will stop the call to kill. + if (empty($interface) || !does_interface_exist($interface)) { return; } + */ - if (($pid = find_dhcp6c_process($interface)) != 0) { - /* - * Kill -9 caused the pid to get left behind, also if we need a - * relase sent then it needs to be -15, this then allows dhcp6c - * to send the release, it will also clean up after itself - */ - $sig = (isset($norelease) ? SIGKILL : SIGTERM); - posix_kill($pid, $sig); - if(!isset($norelease)) { - /* - * Allow dhcp6c to send release and exit gracefully if - * needed. - */ - sleep(2); - } + /*********** Notes on signals for dhcp6c and this function ************* + + If we have Taken the WAN interface down, then dhcp6c sits there sending + a release and waiting for the response that never comes. + So we need to tell it that the interface is down and to just die quickly + otherwise a new client may launch and we have duplicate proceses. + In this case use SIGUSR1. + + If we want to exit normally obeying the no release flag then use SIGTERM. + If we want to exit with a release overiding the no release flag then + use SIGUSR2. + + If $Force is true it will use SIGUSR1, thus forcing dhcp6c to + exit quickly without sending release signals. + + If $Force is set to false and $release is also set to false dhcp6c will + follow the no-release flag. + + If $Force is set to false and $release is true then dhcp6c will send a + release regardless of the no-release flag. + ***********************************************************************/ + + if ($force == true) { + $psig=SIGUSR1; + } else if ($release == false) { + $psig=SIGTERM; + } else { + $psig=SIGUSR2; } - /* Clear the RTSOLD script created lock & tidy up */ + + while ((($pid = find_dhcp6c_process($interface)) != 0) && ($i < 3)) { + /* 3rd time make it die for sure */ + $sig = ($i == 2 ? SIGKILL : $psig); + posix_kill($pid, $sig); + sleep(1); + $i++; + } + /* Clear the RTSOLD script created lock & tidy up */ unlink_if_exists("/tmp/dhcp6c_{$interface}_lock"); - /* just in case! */ - unlink_if_exists("{$g['varrun_path']}/dhcp6c_{$interface}.pid"); + unlink_if_exists("{$g['varrun_path']}/dhcp6c_{$interface}.pid"); // just in case! +} +function reset_dhcp6client_process($interface) { + + $pid = find_dhcp6c_process($interface); + + if($pid != 0) { + posix_kill($pid, SIGHUP); + } } -function run_dhcp6client_process($interface, $wancfg) { +function run_dhcp6client_process($interface, $interface_name, $wancfg) { global $g; $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; @@ -3082,20 +3139,19 @@ function run_dhcp6client_process($interface, $wancfg) { * It should not happen as the process should have been killed and the * lock deleted. */ + if (!file_exists("/tmp/dhcp6c_{$interface}_lock")) { - kill_dhcp6client_process($interface, - isset($wancfg['dhcp6norelease'])); - + kill_dhcp6client_process($interface, true); /* Lock it to avoid multiple runs */ touch("/tmp/dhcp6c_{$interface}_lock"); mwexec("/usr/local/sbin/dhcp6c {$debugOption} " . "{$noreleaseOption} " . - "-c {$g['varetc_path']}/dhcp6c_wan.conf " . + "-c {$g['varetc_path']}/dhcp6c_{$interface_name}.conf " . "-p {$g['varrun_path']}/dhcp6c_{$interface}.pid " . $interface); log_error(sprintf(gettext( "Starting dhcp6 client for interface wan %s in DHCP6 without RA mode"), - $wanif)); + $interface)); } } @@ -3265,8 +3321,10 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if ($g['debug']) { log_error(sprintf(gettext("Deny router advertisements for interface %s"), $interface)); } - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -accept_rtadv", true); - + if (isset($wancfg['dhcp6usev4iface']) || $wancfg['ipaddr']==='ppp') + { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -accept_rtadv", true); + } /* wireless configuration? */ if (is_array($wancfg['wireless'])) { interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); @@ -3298,8 +3356,8 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . " link " . escapeshellarg($random_mac)); $wancfg['spoofmac'] = $random_mac; - write_config(); - file_notice("MAC Address altered", sprintf(gettext('The INVALID MAC address (ff:ff:ff:ff:ff:ff) on interface %1$s has been automatically replaced with %2$s'), $realif, $random_mac), "Interfaces"); + write_config(sprintf(gettext('The invalid MAC address (ff:ff:ff:ff:ff:ff) on interface %1$s has been automatically replaced with %2$s'), $realif, $random_mac)); + file_notice("MAC Address altered", sprintf(gettext('The invalid MAC address (ff:ff:ff:ff:ff:ff) on interface %1$s has been automatically replaced with %2$s'), $realif, $random_mac), "Interfaces"); } /* media */ @@ -3945,6 +4003,13 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { log_error(gettext("Failed to write user DUID file!")); } } + + /* accept router advertisements for this interface */ + /* Moved to early in the function as sometimes interface not ready */ + /* RTSOLD fails as interface does not accept ..... */ + + log_error("Accept router advertisements on interface {$wanif} "); + mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); if ($wancfg['adv_dhcp6_config_file_override']) { // DHCP6 Config File Override @@ -4022,6 +4087,9 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { } } + $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; + $noreleaseOption = isset($wancfg['dhcp6norelease']) ? "-n" : ""; + /* wide-dhcp6c works for now. */ if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}.conf", $dhcp6cconf)) { printf("Error: cannot open dhcp6c_{$interface}.conf in interface_dhcpv6_configure() for writing.\n"); @@ -4030,20 +4098,55 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { } unset($dhcp6cconf); - /* - * Script create for dhcp6withoutRA mode. - * dhcp6c will launch rtsold. rtsold will then run the wan ipv6 - * configure - */ - $dhcp6cscriptwithoutra = "#!/bin/sh\n"; + /*************** Script Debug Logging *************************** + Both dhcp6 scripts now have a logging message built in. + These logging messages ONLY appear if dhcp6c debug logging is set. + The logging messages appear in the dhcp section of the logs, + not in system. + + These scripts now also take advantage of the REASON= env vars + supplied by dhcp6c. + ****************************************************************/ + + /* Script create for dhcp6withoutRA mode */ + /* dhcp6c will launch rtsold. rtsold will then run the wan ipv6 configure */ + $dhcp6cscriptwithoutra = "#!/bin/sh\n"; $dhcp6cscriptwithoutra .= "# This shell script launches rtsold.\n"; $dhcp6cscriptwithoutra .= "dmips=\${new_domain_name_servers}\n"; $dhcp6cscriptwithoutra .= "dmnames=\${new_domain_name}\n"; + $dhcp6cscriptwithoutra .= "dreason=\${REASON}\n"; // Need to pass params to the final script $dhcp6cscriptwithoutra .= "echo \$dmips > /tmp/{$wanif}_domain_name_servers\n"; $dhcp6cscriptwithoutra .= "echo \$dmnames > /tmp/{$wanif}_new_domain_name\n"; + $dhcp6cscriptwithoutra .= "echo \$dreason > /tmp/{$wanif}_reason\n"; + $dhcp6cscriptwithoutra .= "case \$REASON in\n"; + $dhcp6cscriptwithoutra .= "REQUEST)\n"; + $dhcp6cscriptwithoutra .= "/bin/sleep 2\n"; $dhcp6cscriptwithoutra .= "/usr/sbin/rtsold -1 -p {$g['varrun_path']}/rtsold_{$wanif}.pid -O {$g['varetc_path']}/rtsold_{$wanif}_script.sh {$wanif}\n"; - + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c REQUEST on {$wanif} - running rc.newwanipv6\"\n"; + } + $dhcp6cscriptwithoutra .= ";;\n"; + $dhcp6cscriptwithoutra .= "REBIND)\n"; + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c rebind on {$wanif}\"\n"; + } + $dhcp6cscriptwithoutra .= ";;\n"; + if (isset($wancfg['dhcp6norelease'])) { + $dhcp6cscriptwithoutra .= "EXIT)\n"; + } else { + $dhcp6cscriptwithoutra .= "RELEASE)\n"; + } + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c EXIT or RELEASE on {$wanif} running rc.newwanipv6\"\n"; + } + $dhcp6cscriptwithoutra .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + $dhcp6cscriptwithoutra .= ";;\n"; + $dhcp6cscriptwithoutra .= "RENEW|INFO)\n"; + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c renew, no change - bypassing update on {$wanif}\"\n"; + } + $dhcp6cscriptwithoutra .= "esac\n"; if (!@file_put_contents( "{$g['varetc_path']}/dhcp6c_{$interface}_dhcp6withoutra_script.sh", $dhcp6cscriptwithoutra)) { @@ -4053,6 +4156,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($dhcp6cscriptwithoutra); return 1; } + unset($dhcp6cscriptwithoutra); @chmod( "{$g['varetc_path']}/dhcp6c_{$interface}_dhcp6withoutra_script.sh", @@ -4067,12 +4171,41 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { if (!isset($wancfg['dhcp6withoutra'])) { $dhcp6cscript .= "dmips=\${new_domain_name_servers}\n"; $dhcp6cscript .= "dmnames=\${new_domain_name}\n"; + $dhcp6cscript .= "case \$REASON in\n"; + $dhcp6cscript .= "REQUEST)\n"; + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c REQUEST on {$wanif} - running rc.newwanipv6\"\n"; + } + $dhcp6cscript .= ";;\n"; + $dhcp6cscript .= "REBIND)\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c rebind on {$wanif}\"\n"; + } + $dhcp6cscript .= ";;\n"; + if (isset($wancfg['dhcp6norelease'])) { + $dhcp6cscript .= "EXIT)\n"; + } else { + $dhcp6cscript .= "RELEASE)\n"; + } + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c EXIT or RELEASE on {$wanif} running rc.newwanipv6\"\n"; + } + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + $dhcp6cscript .= ";;\n"; + $dhcp6cscript .= "RENEW|INFO)\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c renew, no change - bypassing update on {$wanif}\"\n"; + } + $dhcp6cscript .= "esac\n"; } else { // Need to get the paramaters from the dhcp6cwithoutRA run $dhcp6cscript .= "dmips=\$(cat \"/tmp/{$wanif}_domain_name_servers\")\n"; $dhcp6cscript .= "dmnames=\$(cat \"/tmp/{$wanif}_new_domain_name\")\n"; + $dhcp6cscript .= "/bin/sleep 1\n"; + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; } - $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) { printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); @@ -4082,9 +4215,6 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($dhcp6cscript); @chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755); - $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; - $noreleaseOption = isset($wancfg['dhcp6norelease']) ? "-n" : ""; - $rtsoldscript = "#!/bin/sh\n"; $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n"; $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n"; @@ -4102,22 +4232,24 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * of dhcp6c being launched */ $rtsoldscript .= "if [ ! -f /tmp/dhcp6c_{$wanif}_lock ]; then\n"; - $rtsoldscript .= "\tif [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; - $rtsoldscript .= "\t\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; - $rtsoldscript .= "\t\t/bin/rm -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; - $rtsoldscript .= "\t\t/bin/sleep 1\n"; - $rtsoldscript .= "\tfi\n"; /* * Create the lock file, trying to prevent multiple instances * of dhcp6c being launched */ $rtsoldscript .= "\t/usr/bin/touch /tmp/dhcp6c_{$wanif}_lock\n"; + $rtsoldscript .= "\tif [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; + $rtsoldscript .= "\t\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "\t\t/bin/rm -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "\t\t/bin/sleep 1\n"; + $rtsoldscript .= "\tfi\n"; $rtsoldscript .= "\t/usr/local/sbin/dhcp6c {$debugOption} " . "{$noreleaseOption} -c {$g['varetc_path']}/dhcp6c_{$interface}.conf " . "-p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n"; $rtsoldscript .= "else\n"; - $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"RTSOLD Lock in place\"\n"; + $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"RTSOLD Lock in place - sending SIGHUP to dhcp6c\"\n"; + $rtsoldscript .= "\tdhcp6c_pid=\$(cat \"{$g['varrun_path']}/dhcp6c_{$wanif}.pid\")\n"; + $rtsoldscript .= "\t/bin/kill -1 \${dhcp6c_pid}\n"; $rtsoldscript .= "fi\n"; } else { /* @@ -4137,12 +4269,9 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($rtsoldscript); @chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755); - /* accept router advertisements for this interface */ - log_error("Accept router advertisements on interface {$wanif} "); - mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); - if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) { killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid"); + log_error("Killing running rtsold process"); sleep(2); } @@ -4167,7 +4296,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * Otherwise it is not ready to accept and will fail. */ sleep(3); - run_dhcp6client_process($wanif,$wancfg); + run_dhcp6client_process($wanif,$interface,$wancfg); } } else { /* @@ -4175,6 +4304,8 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * ( it does not background, it exits! ) It will launch dhcp6c * if dhcpwihtoutra is not set */ + log_error("Starting rtsold process"); + sleep(2); mwexec("/usr/sbin/rtsold -1 " . "-p {$g['varrun_path']}/rtsold_{$wanif}.pid " . "-O {$g['varetc_path']}/rtsold_{$wanif}_script.sh " . @@ -4399,7 +4530,7 @@ initial-interval 1; script "/usr/local/sbin/pfSense-dhclient-script"; EOD; - if (is_ipaddrv4($wancfg['dhcprejectfrom'])) { + if (validate_ipv4_list($wancfg['dhcprejectfrom'])) { $dhclientconf .= <<<EOD reject {$wancfg['dhcprejectfrom']}; @@ -5850,12 +5981,13 @@ function is_altq_capable($int) { * 20150328 - removed wireless drivers - ath, awi, bwn, iwi, ipw, ral, rum, run, wi - for now. redmine #4406 */ $capable = array("ae", "age", "alc", "ale", "an", "aue", "axe", "bce", - "bfe", "bge", "bridge", "cas", "cpsw", "cxl", "dc", "de", "ed", "em", "ep", "epair", "et", "fxp", "gem", - "hme", "hn", "igb", "ix", "jme", "le", "lem", "msk", "mxge", "my", "nfe", - "nge", "npe", "nve", "re", "rl", "sf", "sge", "sis", "sk", - "ste", "stge", "ti", "txp", "udav", "ural", "vge", "vmx", "vr", "vte", "xl", - "ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", - "l2tp", "ppp", "vtnet"); + "bfe", "bge", "bridge", "cas", "cpsw", "cxl", "dc", "de", + "ed", "em", "ep", "epair", "et", "fxp", "gem", "hme", "hn", + "igb", "ix", "jme", "l2tp", "le", "lem", "msk", "mxge", "my", + "ndis", "nfe", "ng", "nge", "npe", "nve", "ovpnc", "ovpns", + "ppp", "pppoe", "pptp", "re", "rl", "sf", "sge", "sis", "sk", + "ste", "stge", "ti", "tun", "txp", "udav", "ural", "vge", + "vlan", "vmx", "vr", "vte", "vtnet", "xl"); $int_family = remove_ifindex($int); diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 075306f..ea5d5fe 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -255,6 +255,25 @@ function gen_dashboardcolumns_field(&$section, $value) { )); } +/****f* pfsense-utils/gen_interfacessort_field + * NAME + * gen_interfacessort_field + * INPUTS + * Pointer to section object + * Initial value for the field + * RESULT + * no return value, section object is updated + ******/ +function gen_interfacessort_field(&$section, $value) { + + $section->addInput(new Form_Checkbox( + 'interfacessort', + 'Interfaces Sort', + 'Sort Alphabetically', + $value + ))->setHelp('If selected, lists of interfaces will be sorted by description, otherwise they are listed wan,lan,optn...'); +} + /****f* pfsense-utils/gen_associatedpanels_fields * NAME * gen_associatedpanels_fields @@ -320,6 +339,25 @@ function gen_webguileftcolumnhyper_field(&$section, $value) { ))->setHelp('If selected, clicking a label in the left column will select/toggle the first item of the group.'); } +/****f* pfsense-utils/gen_disablealiaspopupdetail_field + * NAME + * gen_disablealiaspopupdetail_field + * INPUTS + * Pointer to section object + * Initial value for the field + * RESULT + * no return value, section object is updated + ******/ +function gen_disablealiaspopupdetail_field(&$section, $value) { + + $section->addInput(new Form_Checkbox( + 'disablealiaspopupdetail', + 'Alias Popups', + 'Disable details in alias popups', + $value + ))->setHelp('If selected, the details in alias popups will not be shown, just the alias description (e.g. in Firewall Rules).'); +} + /****f* pfsense-utils/gen_pagenamefirst_field * NAME * gen_pagenamefirst_field @@ -356,6 +394,7 @@ function gen_user_settings_fields(&$section, $pconfig) { gen_webguifixedmenu_field($section, $pconfig['webguifixedmenu']); gen_webguihostnamemenu_field($section, $pconfig['webguihostnamemenu']); gen_dashboardcolumns_field($section, $pconfig['dashboardcolumns']); + gen_interfacessort_field($section, $pconfig['interfacessort']); gen_associatedpanels_fields( $section, $pconfig['dashboardavailablewidgetspanel'], @@ -363,6 +402,7 @@ function gen_user_settings_fields(&$section, $pconfig) { $pconfig['systemlogsmanagelogpanel'], $pconfig['statusmonitoringsettingspanel']); gen_webguileftcolumnhyper_field($section, $pconfig['webguileftcolumnhyper']); + gen_disablealiaspopupdetail_field($section, $pconfig['disablealiaspopupdetail']); gen_pagenamefirst_field($section, $pconfig['pagenamefirst']); } @@ -1009,9 +1049,12 @@ function setup_serial_port($when = "save", $path = "") { $serialspeed = (is_numeric($config['system']['serialspeed'])) ? $config['system']['serialspeed'] : "115200"; $serial_only = false; + $vga_only = false; $specific_platform = system_identify_specific_platform(); - if ($specific_platform['name'] == 'RCC-VE' || + if ($specific_platform['name'] == 'XG-1540') { + $vga_only = true; + } elseif ($specific_platform['name'] == 'RCC-VE' || $specific_platform['name'] == 'RCC' || $specific_platform['name'] == 'RCC-DFF' || $specific_platform['name'] == 'apu2') { @@ -1067,7 +1110,9 @@ function setup_serial_port($when = "save", $path = "") { if ($serial_only === true) { $data[] = 'boot_serial="YES"'; $data[] = 'console="comconsole"'; - } else if (is_serial_enabled()) { + } elseif ($vga_only === true) { + $data[] = 'console="vidconsole"'; + } elseif (is_serial_enabled()) { $data[] = 'boot_multicons="YES"'; $data[] = 'boot_serial="YES"'; $primaryconsole = isset($g['primaryconsole_force']) ? @@ -1084,10 +1129,9 @@ function setup_serial_port($when = "save", $path = "") { } $data[] = 'comconsole_speed="' . $serialspeed . '"'; - $specplatform = system_identify_specific_platform(); - if ($specplatform['name'] == 'RCC-VE' || - $specplatform['name'] == 'RCC' || - $specplatform['name'] == 'RCC-DFF') { + if ($specific_platform['name'] == 'RCC-VE' || + $specific_platform['name'] == 'RCC' || + $specific_platform['name'] == 'RCC-DFF') { $data[] = 'comconsole_port="0x2F8"'; $data[] = 'hint.uart.0.flags="0x00"'; $data[] = 'hint.uart.1.flags="0x10"'; @@ -1751,7 +1795,7 @@ function compare_hostname_to_dnscache($hostname) { */ function load_crypto() { global $config, $g; - $crypto_modules = array('aesni'); + $crypto_modules = array('aesni', 'cryptodev'); if (!in_array($config['system']['crypto_hardware'], $crypto_modules)) { return false; @@ -2034,14 +2078,6 @@ function update_progress_bar($percent, $first_time) { } } -/* Split() is being DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. */ -if (!function_exists("split")) { - function split($separator, $haystack, $limit = null) { - log_error("deprecated split() call with separator '{$separator}'"); - return preg_split($separator, $haystack, $limit); - } -} - function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) { global $g, $config, $pconfig, $debug; if (!$origname) { @@ -2137,7 +2173,7 @@ function parse_aliases_file($filename, $type = "url", $max_items = -1, $kflc = f $tmp = $tmp_str; } $valid = (($type == "url" || $type == "urltable") && (is_ipaddr($tmp) || is_subnet($tmp))) || - (($type == "url_ports" || $type == "urltable_ports") && (is_port($tmp) || is_portrange($tmp))); + (($type == "url_ports" || $type == "urltable_ports") && is_port_or_range($tmp)); if ($valid) { $items[] = $tmp; if (count($items) == $max_items) { @@ -2797,8 +2833,7 @@ function get_locale_list() { $locales = array( "en_US" => gettext("English"), "es" => gettext("Spanish"), - "pt_BR" => gettext("Portuguese (Brazil)"), - "tr" => gettext("Turkish"), + "nb" => gettext("Norwegian Bokmål"), "zh_Hans_CN" => gettext("Chinese (Simplified, China)"), "zh_TW" => gettext("Chinese (Taiwan)"), ); @@ -3015,6 +3050,7 @@ function huawei_service_to_string($state) { $modes[2] = gettext("Valid Service"); $modes[3] = gettext("Restricted Regional Service"); $modes[4] = gettext("Powersaving Service"); + $modes[255] = gettext("Unknown Service"); $string = $modes[$state]; return $string; } diff --git a/src/etc/inc/phpsessionmanager.inc b/src/etc/inc/phpsessionmanager.inc new file mode 100644 index 0000000..8f1a00e --- /dev/null +++ b/src/etc/inc/phpsessionmanager.inc @@ -0,0 +1,78 @@ +<?php +/* + * phpsessionmanager.inc + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +$session_opencounter = 0; +$session_write = false; +$session_action_list = array(); + +function simplestacktrace() { + $stack = debug_backtrace(); + $str = ""; + foreach($stack as $s) { + // $s['args'] + $str .= "\n{$s['function']}(..) - {$s['file']}:{$s['line']}"; + } + return $str; +} + +function phpsession_begin() { + global $session_opencounter, $session_action_list; + $session_action_list[] = "#### phpsession_begin ####" . simplestacktrace(); + if ($session_opencounter == 0) { + session_start(); + } + $session_opencounter++; +} + +function phpsession_destroy() { + global $session_opencounter, $session_action_list; + $session_action_list[] = "#### phpsession_destroy ####" . simplestacktrace(); + session_destroy(); + $session_opencounter = 0; +} + +function phpsession_end($write = false) { + global $session_opencounter, $session_write, $session_action_list; + $session_action_list[] = "#### phpsession_end ####" . simplestacktrace(); + $session_write |= $write; + $session_opencounter--; + if ($session_opencounter == 0) { + if ($session_write) { + session_commit(); + $session_write = false; + } else { + session_abort(); + } + } + if ($session_opencounter < 0) { + $session_opencounter = 0; + syslog(LOG_WARNING, "PHPSESSION closed more often than opened!" . simplestacktrace()); + } +} + +function phpsession_cleanupcheck() { + global $session_opencounter, $session_action_list; + if ($session_opencounter > 0) { + syslog(LOG_WARNING, "PHPSESSION {$session_opencounter} open sessions left at shutdown script!".print_r($session_action_list, true)); + } +} + +register_shutdown_function('phpsession_cleanupcheck'); diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index df6a755..e576241 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -140,7 +140,7 @@ function pkg_call($params, $mute = false, $extra_env = array()) { stream_set_blocking($pipes[2], 0); /* XXX: should be a tunnable? */ - $timeout = 300; // seconds + $timeout = 60; // seconds $error_log = ''; do { @@ -148,7 +148,7 @@ function pkg_call($params, $mute = false, $extra_env = array()) { $read = array($pipes[1], $pipes[2]); $except = array(); - $stream = stream_select($read, $write, $except, null, $timeout); + $stream = stream_select($read, $write, $except, $timeout); if ($stream !== FALSE && $stream > 0) { foreach ($read as $pipe) { $content = stream_get_contents($pipe); @@ -812,6 +812,9 @@ function install_package_xml($package_name) { } update_status(gettext("done.") . "\n"); } + if (is_array($pkg_config['tabs'])) { + $config['installedpackages']['package'][$pkgid]['tabs'] = $pkg_config['tabs']; + } } else { pkg_debug("Unable to find config file\n"); update_status(gettext("Loading package configuration... failed!") . "\n\n" . gettext("Installation aborted.")); @@ -938,7 +941,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { } } /* deinstall commands */ - if ($when == "post-deinstall" && $pkg_config['custom_php_deinstall_command'] <> "") { + if ($when == "deinstall" && $pkg_config['custom_php_deinstall_command'] <> "") { update_status(gettext("Deinstall commands... ")); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); @@ -952,7 +955,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { $need_syslog_restart = false; if (is_array($pkg_info['logging']) && $pkg_info['logging']['logfilename'] <> "") { update_status(gettext("Syslog entries... ")); - @unlink("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); + @unlink_if_exists("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); update_status("done.\n"); $need_syslog_restart = true; } @@ -963,14 +966,12 @@ function delete_package_xml($package_name, $when = "post-deinstall") { unset($config['installedpackages']['package'][$pkgid]); update_status(gettext("done.") . "\n"); write_config(sprintf(gettext("Removed %s package."), $package_name)); + /* remove package entry from /etc/syslog.conf if needed */ + /* this must be done after removing the entries from config.xml */ + if ($need_syslog_restart) { + system_syslogd_start(); + } } - - /* remove package entry from /etc/syslog.conf if needed */ - /* this must be done after removing the entries from config.xml */ - if ($need_syslog_restart) { - system_syslogd_start(); - } - } /* diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index a2e2763..a80e383 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -275,6 +275,7 @@ function getAllowedPages($username, &$attributes = array()) { $allowed_pages = array(); $allowed_groups = array(); + phpsession_begin(); if ($_SESSION['remoteauth']) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); // cache auth results for a short time to ease load on auth services & logs @@ -331,7 +332,7 @@ function getAllowedPages($username, &$attributes = array()) { // log_error("debug: user {$username} pages = {$dbg_pages}"); $_SESSION['page-match'] = $allowed_pages; - + phpsession_end(true); return $allowed_pages; } diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index 071129d..5b5789a 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -20,13 +20,15 @@ * limitations under the License. */ -require_once("globals.inc"); require_once("captiveportal.inc"); -require_once("openvpn.inc"); +require_once("globals.inc"); +require_once("gwlb.inc"); require_once("ipsec.inc"); +require_once("openvpn.inc"); +require_once("system.inc"); +require_once("util.inc"); require_once("vpn.inc"); require_once("vslb.inc"); -require_once("gwlb.inc"); define("RCFILEPREFIX", "/usr/local/etc/rc.d/"); function write_rcfile($params) { @@ -261,6 +263,11 @@ function get_services() { $pconfig['description'] = gettext("NTP clock sync"); $services[] = $pconfig; + $pconfig = array(); + $pconfig['name'] = "syslogd"; + $pconfig['description'] = gettext("System Logger Daemon"); + $services[] = $pconfig; + if (is_array($config['captiveportal'])) { foreach ($config['captiveportal'] as $zone => $setting) { if (isset($setting['enable'])) { @@ -478,17 +485,20 @@ function get_service_status_icon($service, $withtext = true, $smallicon = false, } $fa_size = ($smallicon) ? "fa-1x" : "fa-lg"; - $spacer = ($withthumbs || $withtext) ? " " : ""; if ($title == "state") { - $output = "<i class=\"{$text_class} {$fa_class} {$fa_size}\" title=\"{$statustext}\"></i>{$spacer}"; + $title = $statustext; } elseif ($title == "service_state") { - $output = "<i class=\"{$text_class} {$fa_class} {$fa_size}\" title=\"" . sprintf(gettext('%1$s Service is %2$s'), $service["name"], $statustext) . "\"></i>{$spacer}"; + $title = sprintf(gettext('%1$s Service is %2$s'), $service["name"], $statustext); } elseif ($title == "description_state") { - $output = "<i class=\"{$text_class} {$fa_class} {$fa_size}\" title=\"" . sprintf(gettext('%1$s Service is %2$s'), $service["description"], $statustext) . "\"></i>{$spacer}"; + $title = sprintf(gettext('%1$s Service is %2$s'), $service["description"], $statustext); } elseif ($title == "description_service_state") { - $output = "<i class=\"{$text_class} {$fa_class} {$fa_size}\" title=\"" . sprintf(gettext('%1$s, %2$s Service is %3$s'), $service["description"], $service["name"], $statustext) . "\"></i>{$spacer}"; + $title = sprintf(gettext('%1$s, %2$s Service is %3$s'), $service["description"], $service["name"], $statustext); } + $spacer = ($withthumbs || $withtext) ? " " : ""; + + $output = "<i class=\"{$text_class} {$fa_class} {$fa_size}\" title=\"{$title}\"><span style=\"display: none\">{$statustext}</span></i>{$spacer}"; + $spacer = ($withtext) ? " " : ""; if ($withthumbs) { $output .= "<i class=\"{$text_class} {$fa_class_thumbs} {$fa_size}\" title=\"{$Thumbs_UpDown}\"></i>{$spacer}"; @@ -567,7 +577,6 @@ function service_control_start($name, $extras) { captiveportal_init_webgui_zonename($zone); break; case 'ntpd': - case 'openntpd': system_ntp_configure(); break; case 'dpinger': @@ -615,6 +624,10 @@ function service_control_start($name, $extras) { break; case 'relayd': relayd_configure(); + filter_configure(); + break; + case 'syslogd': + system_syslogd_start(); break; default: start_service($name); @@ -684,7 +697,17 @@ function service_control_stop($name, $extras) { } break; case 'relayd': - mwexec('pkill relayd'); + sigkillbyname("relayd", "TERM"); + break; + case 'syslogd': + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "TERM"); + usleep(100000); + } + if (isvalidpid("{$g['varrun_path']}/syslog.pid")) { + sigkillbypid("{$g['varrun_path']}/syslog.pid", "KILL"); + usleep(100000); + } break; default: stop_service($name); @@ -754,6 +777,10 @@ function service_control_restart($name, $extras) { break; case 'relayd': relayd_configure(true); + filter_configure(); + break; + case 'syslogd': + system_syslogd_start(); break; default: restart_service($name); diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index fdf2c8c..5ed626b 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -2524,8 +2524,10 @@ function services_dnsupdate_process($int = "", $updatehost = "", $forced = false if (isset($dnsupdate['usepublicip'])) { $wanip = dyndnsCheckIP($if); + $bindip = get_interface_ip($if); } else { $wanip = get_interface_ip($if); + $bindip = $wanip; } $wanipv6 = get_interface_ipv6($if); @@ -2533,7 +2535,10 @@ function services_dnsupdate_process($int = "", $updatehost = "", $forced = false "/dyndns_{$dnsupdate['interface']}_rfc2136_" . escapeshellarg($dnsupdate['host']) . "_{$dnsupdate['server']}.cache"; - $cacheFilev6 = $cacheFile . ".ipv6"; + $cacheFilev6 = $g['conf_path'] . + "/dyndns_{$dnsupdate['interface']}_rfc2136_" . + escapeshellarg($dnsupdate['host']) . + "_{$dnsupdate['server']}_v6.cache"; $currentTime = time(); if (!$wanip && !$wanipv6) { @@ -2617,6 +2622,7 @@ EOD; "{$dnsupdate['host']}. A\n"; $upinst .= "update add {$dnsupdate['host']}. " . "{$dnsupdate['ttl']} A {$wanip}\n"; + $upinst .= "local {$bindip}\n"; $need_update = true; } else { log_error(sprintf(gettext( @@ -2864,6 +2870,8 @@ function install_cron_job($command, $active = false, $minute = "0", $hour = "*", if ($is_installed == true) { unset($config['cron']['item'][$x]); $change_message = "Removed cron job for %s"; + } else { + $cron_changed = false; } } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 61b6a77..b14e625 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -327,13 +327,15 @@ function system_hosts_local_entries() { ); $hosts_if_found = true; } - $cfgipv6 = get_interface_ipv6($sysif); - if (is_ipaddrv6($cfgipv6)) { - $hosts[] = array( - 'ipaddr' => $cfgipv6, - 'fqdn' => $local_fqdn - ); - $hosts_if_found = true; + if (!isset($syscfg['ipv6dontcreatelocaldns'])) { + $cfgipv6 = get_interface_ipv6($sysif); + if (is_ipaddrv6($cfgipv6)) { + $hosts[] = array( + 'ipaddr' => $cfgipv6, + 'fqdn' => $local_fqdn + ); + $hosts_if_found = true; + } } if ($hosts_if_found == true) { break; @@ -1518,7 +1520,7 @@ EOD; printf(gettext("Error: cannot open certificate file in system_webgui_start().%s"), "\n"); return 1; } - chmod("{$g['varetc_path']}/{$cert_location}", 0600); + chmod("{$g['varetc_path']}/{$cert_location}", 0644); if ($ca <> "") { $cert_chain = $cert . "\n" . $ca; } else { diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 6019c3b..bbd6552 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -5147,4 +5147,150 @@ function upgrade_160_to_161() { } } +/* Previous versions of pfSense had cryptodev built into the kernel. + * To retain the expected behavior on upgrade, load the cryptodev + * module for users that did not choose a module. + */ +function upgrade_161_to_162() { + global $config; + if (empty($config['system']['crypto_hardware'])) { + $config['system']['crypto_hardware'] = "cryptodev"; + } +} + +/* Traffic graphs widget settings are now stored in a layout similar + * to other widgets. Migrate any old settings. + */ +function upgrade_162_to_163() { + require_once("ipsec.inc"); + global $config; + + foreach (array('refreshinterval', 'invert', 'size', 'backgroundupdate') as $setting) { + if (isset($config['widgets']['trafficgraphs'][$setting])) { + $config['widgets']['traffic_graphs'][$setting] = $config['widgets']['trafficgraphs'][$setting]; + unset($config['widgets']['trafficgraphs'][$setting]); + } + } + + if (isset($config['widgets']['trafficgraphs']['shown'])) { + if (is_array($config['widgets']['trafficgraphs']['shown']['item'])) { + $ifdescrs = get_configured_interface_with_descr(); + + if (ipsec_enabled()) { + $ifdescrs['enc0'] = "IPsec"; + } + + $validNames = array(); + + foreach ($ifdescrs as $ifdescr => $ifname) { + array_push($validNames, $ifdescr); + } + + $config['widgets']['traffic_graphs']['filter'] = implode(',', array_diff($validNames, $config['widgets']['trafficgraphs']['shown']['item'])); + } + + unset($config['widgets']['trafficgraphs']['shown']); + } +} + +/* Dashboard widget settings config format has changed to support having possibly multiple + * of a widget on the dashboard. Migrate any old settings. + */ +function convert_widget_164($oldname, $newname, $settings_keys) { + global $config; + + if ($newname == '') { + $newname = $oldname . '-0'; + } + + if ($oldname == '') { + // These settings were stored directly in $config['widgets'] + // Move them down under their new key. + // e.g. $config['widgets']['filterlogentries'] + // becomes $config['widgets']['log-0']['filterlogentries'] + foreach ($settings_keys as $oldkey => $newkey) { + if ($newkey == '') { + $newkey = $oldkey; + } + + // Modify the system-wide entry + if (isset($config['widgets'][$oldkey])) { + $config['widgets'][$newname][$newkey] = $config['widgets'][$oldkey]; + unset($config['widgets'][$oldkey]); + } + + // Modify any user-specific entries + foreach ($config['system']['user'] as & $user) { + if (isset($user['widgets'][$oldkey])) { + $user['widgets'][$newname][$newkey] = $user['widgets'][$oldkey]; + unset($user['widgets'][$oldkey]); + } + } + } + } else { + // These settings were stored in some key under 'widgets', + // e.g. $config['widgets']['gateways_widget']['display_type'] + // becomes $config['widgets']['gateways-0']['display_type'] + foreach ($settings_keys as $oldkey => $newkey) { + if ($newkey == '') { + $newkey = $oldkey; + } + + // Modify the system-wide entry + if (isset($config['widgets'][$oldname][$oldkey])) { + $config['widgets'][$newname][$newkey] = $config['widgets'][$oldname][$oldkey]; + unset($config['widgets'][$oldname][$oldkey]); + } + + // Modify any user-specific entries + foreach ($config['system']['user'] as & $user) { + if (isset($user['widgets'][$oldname][$oldkey])) { + $user['widgets'][$newname][$newkey] = $user['widgets'][$oldname][$oldkey]; + unset($user['widgets'][$oldname][$oldkey]); + } + + if (isset($user['widgets'][$oldname])) { + unset($user['widgets'][$oldname]); + } + } + } + + if (isset($config['widgets'][$oldname])) { + unset($config['widgets'][$oldname]); + } + } +} + +function upgrade_163_to_164() { + global $config; + + convert_widget_164('dyn_dns_status', '', array('filter' => '')); + convert_widget_164('gateways_widget', 'gateways-0', array('display_type' => '', 'gatewaysfilter' => '')); + convert_widget_164('interface_statistics', '', array('iffilter' => '')); + convert_widget_164('interfaces', '', array('iffilter' => '')); + convert_widget_164('', 'log-0', + array( + 'filterlogentries' => '', + 'filterlogentriesacts' => '', + 'filterlogentriesinterfaces' => '', + 'filterlogentriesinterval' => '')); + convert_widget_164('openvpn', '', array('filter' => '')); + convert_widget_164('', 'picture-0', array('picturewidget' => '', 'picturewidget_filename' => '')); + convert_widget_164('', 'rss-0', array('rssfeed' => '', 'rssmaxitems' => '', 'rsswidgetheight' => '', 'rsswidgettextlength' => '')); + convert_widget_164('', 'services_status-0', array('servicestatusfilter' => 'filter')); + convert_widget_164('smart_status', '', array('filter' => '')); + convert_widget_164('system_information', '', array('filter' => '')); + convert_widget_164('thermal_sensors_widget', 'thermal_sensors-0', + array( + 'thermal_sensors_widget_zone_warning_threshold' => '', + 'thermal_sensors_widget_zone_critical_threshold' => '', + 'thermal_sensors_widget_core_warning_threshold' => '', + 'thermal_sensors_widget_core_critical_threshold' => '', + 'thermal_sensors_widget_show_raw_output' => '', + 'thermal_sensors_widget_show_full_sensor_name' => '', + 'thermal_sensors_widget_pulsate_warning' => '', + 'thermal_sensors_widget_pulsate_critical' => '' + )); + convert_widget_164('wol', 'wake_on_lan-0', array('filter' => '')); +} ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 937f899..d294d1d 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -105,13 +105,6 @@ function clear_subsystem_dirty($subsystem = "") { @unlink("{$g['varrun_path']}/{$subsystem}.dirty"); } -function config_lock() { - return; -} -function config_unlock() { - return; -} - /* lock configuration file */ function lock($lock, $op = LOCK_SH) { global $g; @@ -1124,8 +1117,13 @@ function is_portrange($portrange) { return (count($ports) == 2 && is_port($ports[0]) && is_port($ports[1])); } -/* returns true if $port is a valid port number or an alias thereof */ -function is_portoralias($port) { +/* returns true if $port is a valid TCP/UDP port number or range ("<port>:<port>") */ +function is_port_or_range($port) { + return (is_port($port) || is_portrange($port)); +} + +/* returns true if $port is an alias that is a port type */ +function is_portalias($port) { global $config; if (is_alias($port)) { @@ -1136,10 +1134,18 @@ function is_portoralias($port) { } } } - return false; - } else { - return is_port($port); } + return false; +} + +/* returns true if $port is a valid port number or an alias thereof */ +function is_port_or_alias($port) { + return (is_port($port) || is_portalias($port)); +} + +/* returns true if $port is a valid TCP/UDP port number or range ("<port>:<port>") or an alias thereof */ +function is_port_or_range_or_alias($port) { + return (is_port($port) || is_portrange($port) || is_portalias($port)); } /* create ranges of sequential port numbers (200:215) and remove duplicates */ @@ -1403,7 +1409,7 @@ function get_configured_interface_list_by_realif($only_opt = false, $withdisable /* return the configured interfaces list with their description. */ function get_configured_interface_with_descr($only_opt = false, $withdisabled = false) { - global $config; + global $config, $user_settings; $iflist = array(); @@ -1421,6 +1427,10 @@ function get_configured_interface_with_descr($only_opt = false, $withdisabled = } } + if ($user_settings['webgui']['interfacessort']) { + asort($iflist); + } + return $iflist; } @@ -1780,7 +1790,7 @@ function alias_expand($name) { } } return "\${$name}"; - } else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name)) { + } else if (is_ipaddr($name) || is_subnet($name) || is_port_or_range($name)) { return "{$name}"; } else { return null; @@ -2152,7 +2162,7 @@ function is_interface_mismatch() { $missing_interfaces = array(); if (is_array($config['interfaces'])) { foreach ($config['interfaces'] as $ifname => $ifcfg) { - if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { + if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan|_\d{0,4}_\d{0,4}$/i", $ifcfg['if'])) { // Do not check these interfaces. $i++; continue; @@ -2368,6 +2378,23 @@ function explode_assoc($delimiter, $string) { return $result; } +/* + * Given a string of text with some delimiter, look for occurrences + * of some string and replace all of those. + * $text - the text string (e.g. "abc,defg,x123,ipv4,xyz") + * $delimiter - the delimiter (e.g. ",") + * $element - the element to match (e.g. "defg") + * $replacement - the string to replace it with (e.g. "42") + * Returns the resulting delimited string (e.g. "abc,42,x123,ipv4,xyz") + */ +function replace_element_in_list($text, $delimiter, $element, $replacement) { + $textArray = explode($delimiter, $text); + while (($entry = array_search($element, $textArray)) !== false) { + $textArray[$entry] = $replacement; + } + return implode(',', $textArray); +} + /* Try to change a static route, if it doesn't exist, add it */ function route_add_or_change($args) { global $config; @@ -2689,4 +2716,10 @@ function get_duid_from_file() { } return($duid_ASCII); } + +/* Replaces the Mac OS 9 and earlier (\r) and DOS/Windows (\r\n) newlines with the Unix equivalent (\n). */ +function unixnewlines($text) { + return preg_replace('/\r\n?/', "\n", $text); +} + ?> diff --git a/src/etc/inc/vslb.inc b/src/etc/inc/vslb.inc index 7d59cb1..da52adb 100644 --- a/src/etc/inc/vslb.inc +++ b/src/etc/inc/vslb.inc @@ -147,6 +147,7 @@ function relayd_configure($kill_first=false) { if (!function_exists('filter_expand_alias_array')) { require_once("filter.inc"); } + require_once("util.inc"); $vs_a = $config['load_balancer']['virtual_server']; $pool_a = $config['load_balancer']['lbpool']; @@ -350,7 +351,7 @@ function relayd_configure($kill_first=false) { if (is_process_running('relayd')) { if (!empty($vs_a)) { if ($kill_first) { - mwexec('pkill relayd'); + sigkillbyname("relayd", "TERM"); /* Remove all active relayd anchors now that relayd is no longer running. */ cleanup_lb_anchor("*"); mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf"); @@ -366,7 +367,7 @@ function relayd_configure($kill_first=false) { * mwexec('/usr/local/sbin/relayctl stop'); * returns "command failed" */ - mwexec('pkill relayd'); + sigkillbyname("relayd", "TERM"); /* Remove all active relayd anchors now that relayd is no longer running. */ cleanup_lb_anchor("*"); } @@ -485,6 +486,10 @@ function get_lb_anchors() { function cleanup_lb_anchor($anchorname = "*") { $lbanchors = get_lb_anchors(); foreach ($lbanchors as $lba) { + /* Skip empty/blank results */ + if (empty($lba)) { + continue; + } if (($anchorname == "*") || ($lba == "relayd/{$anchorname}")) { /* Flush both the NAT and the Table for the anchor, so it will be completely removed by pf. */ mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F nat"); diff --git a/src/etc/inc/wizardapp.inc b/src/etc/inc/wizardapp.inc index 88143b5..7aabc57 100644 --- a/src/etc/inc/wizardapp.inc +++ b/src/etc/inc/wizardapp.inc @@ -644,7 +644,7 @@ $othersplist = array(); $othersplist['smb'] = array(); /* Microsoft SMB and friends */ $othersplist['smb'][] = array('SMB1', 'tcp', '445', '445', 'both'); - $othersplist['smb'][] = array('SMB2', 'tcp', '137-139', '137-139', 'both'); + $othersplist['smb'][] = array('SMB2', 'tcp', '137', '139', 'both'); $othersplist['snmp'] = array(); /* Simple network management protocol */ diff --git a/src/etc/inc/xmlrpc_client.inc b/src/etc/inc/xmlrpc_client.inc index 26a93be..962265d 100644 --- a/src/etc/inc/xmlrpc_client.inc +++ b/src/etc/inc/xmlrpc_client.inc @@ -111,7 +111,8 @@ class pfsense_xmlrpc_client { if ($previouserror == null) { // CurlException doesnt get filled with PreviousError, // however we dont want to show the stacktrace included in the 'message' to non sysadmin users - $this->error = "CurlException calling XMLRPC method {$method} #" . $e->getMessage(); + preg_match("/HTTP_Request2_ConnectionException: (.*) in \/.*/", $e->getMessage(), $errormsg); + $this->error = "A communications error occurred while attempting to call XMLRPC method {$method}: " . $errormsg[1]; } else { $this->error = "CurlException calling XMLRPC method {$method} #" . $previouserror->getMessage(); } diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index 26874c7..0ac9479 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -512,8 +512,8 @@ if (!$upgrading) { echo "===> Checkout complete.\n"; echo "\n"; if (!$upgrading) { - echo "Your system is now sync'd and PHP and nginx will be restarted in 5 seconds.\n\n"; + echo "The system is now sync'd and PHP and nginx will be restarted in 5 seconds.\n\n"; } else { - echo "Your system is now sync'd.\n\n"; + echo "The system is now sync'd.\n\n"; } diff --git a/src/etc/phpshellsessions/removeshaper b/src/etc/phpshellsessions/removeshaper index ab35e8e..a715705 100644 --- a/src/etc/phpshellsessions/removeshaper +++ b/src/etc/phpshellsessions/removeshaper @@ -37,7 +37,7 @@ foreach ($config['filter']['rule'] as $key => $rule) { unset($config['filter']['rule'][$key]); } } -if (write_config()) { +if (write_config(gettext("pfSsh.php removed shaper settings"))) { echo gettext("Shaper Successfully Removed.\n"); } else { echo gettext("Unable to write config.xml (Access Denied?)\n"); diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index ea0d91a..60919e0 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -113,7 +113,6 @@ echo "done.\n"; if (mwexec("/bin/kenv -q pfSense.boot 2>/dev/null") != 0) { /* Collect vendor MAC address for all interfaces */ $ifs = pfSense_interface_listget(); - unlink_if_exists("{$g['vardb_path']}/vendor_mac"); foreach ($ifs as $if) { $if_details = pfSense_get_interface_addresses($if); if (isset($if_details['iftype']) && @@ -128,15 +127,21 @@ if (mwexec("/bin/kenv -q pfSense.boot 2>/dev/null") != 0) { $vendor_mac_arr[$if] = $if_details['macaddr']; } - @file_put_contents("{$g['vardb_path']}/vendor_mac", json_encode($vendor_mac_arr)); - unset($ifs, $if, $vendor_mac_arr); + $vendor_mac_arr_json = json_encode($vendor_mac_arr); + if (@file_get_contents("{$g['vardb_path']}/vendor_mac") !== $vendor_mac_arr_json) { + @file_put_contents("{$g['vardb_path']}/vendor_mac", $vendor_mac_arr_json); + } + unset($ifs, $if, $vendor_mac_arr, $vendor_mac_arr_json); mwexec("/bin/kenv pfSense.boot=1"); } /* run any early shell commands specified in config.xml */ system_do_shell_commands(1); -if (file_exists("/conf/trigger_initial_wizard")) { +// Only do the alternate interface checks if: +// 1) The user has not yet run the initial wizard; and +// 2) The user has not used the console menu to setup interface assignments +if (file_exists("/conf/trigger_initial_wizard") && !file_exists("/conf/assign_complete")) { check_for_alternate_interfaces(); } diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize index a6f6aa7..2eb9d6c 100755 --- a/src/etc/rc.filter_synchronize +++ b/src/etc/rc.filter_synchronize @@ -96,8 +96,11 @@ function carp_check_version() { $resp = $rpc_client->xmlrpc_method('host_firmware_version'); log_error(sprintf(gettext("XMLRPC versioncheck:").$resp['config_version'] ." -- ". $config['version'])); - if (!isset($resp['config_version']) || - ($resp['config_version'] != $config['version'])) { + if (!isset($resp['config_version'])) { + update_filter_reload_status("The {$g['product_name']} software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!"); + log_error("The {$g['product_name']} software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!"); + return false; + } elseif ($resp['config_version'] != $config['version']) { update_filter_reload_status("The other member is on a different configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); log_error("The other member is on a different configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); return false; diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password index 661e17c..c0fa85a 100755 --- a/src/etc/rc.initial.password +++ b/src/etc/rc.initial.password @@ -56,6 +56,7 @@ The User manager authentication server is set to "' . $config['system']['webgui' $config['system']['user'] = array(); } $config['system']['user'][] = $admin_user; + $admin_user =& getUserEntryByUID(0); } $admin_user['name'] = "admin"; @@ -66,6 +67,10 @@ The User manager authentication server is set to "' . $config['system']['webgui' unset($admin_user['disabled']); } + if (isset($admin_user['expires'])) { + unset($admin_user['expires']); + } + local_user_set_password($admin_user, strtolower($g['product_name'])); local_user_set($admin_user); write_config(gettext("password changed from console menu")); diff --git a/src/etc/rc.initial.toggle_sshd b/src/etc/rc.initial.toggle_sshd index 59699c9..692f9d2 100755 --- a/src/etc/rc.initial.toggle_sshd +++ b/src/etc/rc.initial.toggle_sshd @@ -34,7 +34,7 @@ if (isset($config['system']['enablesshd'])) { if ($yn[0] == "y") { unset($config['system']['enablesshd']); echo "\nWriting configuration..."; - write_config(); + write_config(gettext("Disabled SSHD from console menu.")); echo " done.\n"; echo "\nDisabling SSHD..."; send_event("service reload sshd"); @@ -50,7 +50,7 @@ if (isset($config['system']['enablesshd'])) { if ($yn[0] == "y") { $config['system']['enablesshd'] = true; echo "\nWriting configuration..."; - write_config(); + write_config(gettext("Enabled SSHD from console menu.")); echo " done.\n"; echo "\nEnabling SSHD..."; send_event("service reload sshd"); diff --git a/src/etc/rc.php-fpm_restart b/src/etc/rc.php-fpm_restart index 3af827e..c390c77 100755 --- a/src/etc/rc.php-fpm_restart +++ b/src/etc/rc.php-fpm_restart @@ -22,6 +22,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +echo ">>> Killing check_reload_status" +/bin/pkill -9 check_reload_status +sleep 2 + echo ">>> Killing php-fpm" /bin/pkill -F /var/run/php-fpm.pid sleep 2 @@ -40,3 +44,6 @@ echo ">>> Restarting php-fpm" | /usr/bin/logger -p daemon.info -i -t rc.php-fpm_ echo ">>> Starting php-fpm" /usr/local/sbin/php-fpm -c /usr/local/etc/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null +# restart check_reload_status +echo ">>> Starting check_reload_status" +/usr/bin/nice -n20 /usr/local/sbin/check_reload_status diff --git a/src/etc/rc.update_alias_url_data b/src/etc/rc.update_alias_url_data index a896584..f4e2cbd 100755 --- a/src/etc/rc.update_alias_url_data +++ b/src/etc/rc.update_alias_url_data @@ -27,7 +27,7 @@ require_once("config.inc"); require_once("functions.inc"); if (update_alias_url_data()) { - write_config(); + write_config(gettext("URL alias data updated via minicron")); send_event("filter reload"); } ?> |