diff options
author | Renato Botelho <renato@netgate.com> | 2015-09-15 17:45:00 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-09-15 18:20:59 -0300 |
commit | c9d46a8e801650dccea466f86c81df3fa626713c (patch) | |
tree | 725930cf412266bf2cb27ecef4ad8d08ac175489 /src | |
parent | b8bb09bd4b55047f10e01c7ec91b3d29e1f70016 (diff) | |
download | pfsense-c9d46a8e801650dccea466f86c81df3fa626713c.zip pfsense-c9d46a8e801650dccea466f86c81df3fa626713c.tar.gz |
Retire PPTP server, fixes #4226:
- Remove PPTP server and all related code
- Bump config version 12.2
- Write upgrade config code to remove pptpd section and also cleanup
firewall and NAT rules using PPTP interface or src/des
Diffstat (limited to 'src')
-rw-r--r-- | src/conf.default/config.xml | 8 | ||||
-rw-r--r-- | src/etc/inc/easyrule.inc | 4 | ||||
-rw-r--r-- | src/etc/inc/filter.inc | 99 | ||||
-rw-r--r-- | src/etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/interfaces.inc | 6 | ||||
-rw-r--r-- | src/etc/inc/pfsense-utils.inc | 7 | ||||
-rw-r--r-- | src/etc/inc/upgrade_config.inc | 98 | ||||
-rw-r--r-- | src/etc/inc/vpn.inc | 235 | ||||
-rw-r--r-- | src/usr/local/www/diag_backup.php | 3 | ||||
-rw-r--r-- | src/usr/local/www/diag_logs_filter.php | 3 | ||||
-rwxr-xr-x | src/usr/local/www/diag_logs_vpn.php | 15 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_1to1_edit.php | 10 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_edit.php | 12 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_npt_edit.php | 6 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out_edit.php | 6 | ||||
-rw-r--r-- | src/usr/local/www/firewall_rules.php | 8 | ||||
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 5 | ||||
-rw-r--r-- | src/usr/local/www/guiconfig.inc | 2 | ||||
-rw-r--r-- | src/usr/local/www/vpn_pptp.php | 509 | ||||
-rw-r--r-- | src/usr/local/www/vpn_pptp_users.php | 147 | ||||
-rw-r--r-- | src/usr/local/www/vpn_pptp_users_edit.php | 189 |
21 files changed, 112 insertions, 1262 deletions
diff --git a/src/conf.default/config.xml b/src/conf.default/config.xml index e16800e..547011f 100644 --- a/src/conf.default/config.xml +++ b/src/conf.default/config.xml @@ -1,6 +1,6 @@ <?xml version="1.0"?> <pfsense> - <version>11.9</version> + <version>12.2</version> <lastchange/> <theme>pfsense_ng</theme> <system> @@ -92,12 +92,6 @@ </range> </lan> </dhcpd> - <pptpd> - <mode/> - <redir/> - <localip/> - <remoteip/> - </pptpd> <snmpd> <syslocation/> <syscontact/> diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc index c46e84d..dbb8cfc 100644 --- a/src/etc/inc/easyrule.inc +++ b/src/etc/inc/easyrule.inc @@ -43,10 +43,6 @@ function easyrule_find_rule_interface($int) { /* Borrowed from firewall_rules.php */ $iflist = get_configured_interface_with_descr(false, true); - if ($config['pptpd']['mode'] == "server") { - $iflist['pptp'] = "PPTP VPN"; - } - if ($config['pppoe']['mode'] == "server") { $iflist['pppoe'] = "PPPoE Server"; } diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 55208a0..fb57cde 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1133,21 +1133,6 @@ function filter_generate_optcfg_array() { $FilterIflist[$if] = $oic; } - if ($config['pptpd']['mode'] == "server" || $config['pptpd']['mode'] == "redir") { - $oic = array(); - $oic['if'] = 'pptp'; - $oic['descr'] = 'pptp'; - $oic['ip'] = $config['pptpd']['localip']; - $oic['sa'] = $config['pptpd']['remoteip']; - $oic['mode'] = $config['pptpd']['mode']; - $oic['virtual'] = true; - if ($config['pptpd']['pptp_subnet'] <> "") { - $oic['sn'] = $config['pptpd']['pptp_subnet']; - } else { - $oic['sn'] = "32"; - } - $FilterIflist['pptp'] = $oic; - } if ($config['l2tp']['mode'] == "server") { $oic = array(); $oic['if'] = 'l2tp'; @@ -1607,22 +1592,6 @@ function filter_nat_rules_automatic_tonathosts($with_descr = false) { } } - /* PPTP subnet */ - if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { - if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], - long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1))); - } else { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], - long2ip32(ip2long($config['pptpd']['remoteip']))); - } - - foreach ($pptp_subnets as $subnet) { - $tonathosts[] = $subnet; - $descriptions[] = gettext("PPTP server"); - } - } - /* PPPoE subnet */ if (is_array($FilterIflist['pppoe'])) { foreach ($FilterIflist['pppoe'] as $pppoe) { @@ -2315,15 +2284,6 @@ function filter_nat_rules_generate() { } fclose($inetd_fd); // Close file handle - if (isset($config['pptpd']['mode']) && ($config['pptpd']['mode'] != "off")) { - if ($config['pptpd']['mode'] == "redir") { - $pptpdtarget = $config['pptpd']['redir']; - $natrules .= "# PPTP\n"; - $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto gre from any to any -> {$pptpdtarget}\n"; - $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; - } - } - $natrules .= discover_pkg_rules("nat"); $natrules .= "# UPnPd rdr anchor\n"; @@ -2521,11 +2481,6 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { case '(self)': $src = "(self)"; break; - case 'pptp': - $pptpsav6 = gen_subnetv6($FilterIflist['pptp']['sav6'], $FilterIflist['pptp']['snv6']); - $pptpsnv6 = $FilterIflist['pptp']['snv6']; - $src = "{$pptpsav6}/{$pptpsnv6}"; - break; case 'pppoe': if (is_array($FilterIflist['pppoe'])) { $pppoesav6 = gen_subnetv6($FilterIflist['pppoe'][0]['ipv6'], $FilterIflist['pppoe'][0]['snv6']); @@ -2563,22 +2518,6 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { case '(self)': $src = "(self)"; break; - case 'pptp': - if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1))); - } else { - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip']))); - } - if (empty($pptp_subnets)) { - return ""; - } - if (isset($rule[$target]['not'])) { - array_walk($pptp_subnets, function (&$value, $key) { - $value="!{$value}"; - }); - } - $src = "{ " . implode(" ", $pptp_subnets) . " }"; - break; case 'pppoe': /* XXX: This needs to be fixed somehow! */ if (is_array($FilterIflist['pppoe'])) { @@ -2630,7 +2569,6 @@ function filter_generate_user_rule($rule) { return "# rule " . $rule['descr'] . " disabled \n"; } update_filter_reload_status("Creating filter rules {$rule['descr']} ..."); - $pptpdcfg = $config['pptpd']; $int = ""; $aline = array(); @@ -2666,12 +2604,6 @@ function filter_generate_user_rule($rule) { $aline['interface'] = " on \$" . $FilterIflist[$rule['interface']]['descr'] . " "; } $ifcfg = $FilterIflist[$rule['interface']]; - if ($pptpdcfg['mode'] != "server") { - if (($rule['source']['network'] == "pptp") || - ($rule['destination']['network'] == "pptp")) { - return "# source network or destination network == pptp on " . $rule['descr']; - } - } switch ($rule['ipprotocol']) { case "inet": @@ -2731,14 +2663,14 @@ function filter_generate_user_rule($rule) { $rg = get_interface_gateway_v6($rule['interface']); if (is_ipaddrv6($rg)) { $aline['reply'] = "reply-to ( {$ifcfg['ifv6']} {$rg} ) "; - } else if ($rule['interface'] <> "pptp") { + } else { log_error(sprintf(gettext("Could not find IPv6 gateway for interface (%s)."), $rule['interface'])); } } else { $rg = get_interface_gateway($rule['interface']); if (is_ipaddrv4($rg)) { $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; - } else if ($rule['interface'] <> "pptp") { + } else { log_error(sprintf(gettext("Could not find IPv4 gateway for interface (%s)."), $rule['interface'])); } } @@ -3083,8 +3015,6 @@ function filter_rules_generate() { echo "filter_rules_generate() being called $mt\n"; } - $pptpdcfg = $config['pptpd']; - $ipfrules = ""; $ipfrules .= discover_pkg_rules("pfearly"); @@ -3567,31 +3497,6 @@ EOD; $saved_tracker += 10; $tracker = $saved_tracker; - /* PPTPd enabled? */ - if ($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off") && !isset($config['system']['disablevpnrules'])) { - if ($pptpdcfg['mode'] == "server") { - $pptpdtarget = get_interface_ip(); - } else { - $pptpdtarget = $pptpdcfg['redir']; - } - if (is_ipaddr($pptpdtarget) and is_array($FilterIflist['wan'])) { - $ipfrules .= <<<EOD -# PPTPd rules -pass in {$log['pass']} on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 tracker {$increment_tracker($tracker)} modulate state label "{$fix_rule_label("allow pptpd {$pptpdtarget}")}" -pass in {$log['pass']} on \${$FilterIflist['wan']['descr']} proto gre from any to any tracker {$increment_tracker($tracker)} keep state label "allow gre pptpd" - -EOD; - - } else { - /* this shouldnt ever happen but instead of breaking the clients ruleset - * log an error. - */ - log_error("ERROR! PPTP enabled but could not resolve the \$pptpdtarget"); - } - } - - $saved_tracker += 10; - $tracker = $saved_tracker; if (isset($config['nat']['rule']) && is_array($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { if ((!isset($config['system']['disablenatreflection']) || $rule['natreflection'] == "enable") && diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 66107c0..2e937b1 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -74,7 +74,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "12.1", + "latest_config" => "12.2", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 4d9389a..99361ea 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -129,11 +129,7 @@ function interface_netgraph_needed($interface = "wan") { global $config; $found = false; - if (!empty($config['pptpd']) && - $config['pptpd']['mode'] == "server") { - $found = true; - } - if ($found == false && !empty($config['l2tp']) && + if (!empty($config['l2tp']) && $config['l2tp']['mode'] == "server") { $found = true; } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index e782228..f31f63b 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2832,13 +2832,6 @@ function where_is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = f } if ($check_localip) { - if (is_array($config['pptpd']) && !empty($config['pptpd']['localip']) && (strcasecmp($ipaddr, $config['pptpd']['localip']) == 0)) { - $where_entry = array(); - $where_entry['if'] = 'pptp'; - $where_entry['ip_or_subnet'] = $config['pptpd']['localip']; - $where_configured[] = $where_entry; - } - if (!is_array($config['l2tp']) && !empty($config['l2tp']['localip']) && (strcasecmp($ipaddr, $config['l2tp']['localip']) == 0)) { $where_entry = array(); $where_entry['if'] = 'l2tp'; diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index ab5cb3e..b0ac93b 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -3861,4 +3861,102 @@ function upgrade_120_to_121() { } } +function upgrade_121_to_122() { + global $config; + + // PPTP server was removed + if (isset($config['pptpd'])) { + unset($config['pptpd']); + } + + // Cleanup firewall rules + if (isset($config['filter']['rule']) && is_array($config['filter']['rule'])) { + $rules =& $config['filter']['rules']; + $last_rule = count($rules) - 1; + // Process in reverse order to be able to unset items + for ($i = $last_rule; $i >= 0; $i--) { + if (isset($rules['interface']) && $rules['interface'] == 'pptp') { + unset($rules[$i]); + continue; + } + if (isset($rules['source']['network']) && $rules['source']['network'] == 'pptp') { + unset($rules[$i]); + continue; + } + if (isset($rules['destination']['network']) && $rules['destination']['network'] == 'pptp') { + unset($rules[$i]); + continue; + } + } + } + + // Cleanup 1:1 NAT rules + if (isset($config['nat']['onetoone']) && is_array($config['nat']['onetoone'])) { + $onetoone =& $config['nat']['onetoone']; + $last_rule = count($onetone) - 1; + // Process in reverse order to be able to unset items + for ($i = $last_rule; $i >= 0; $i--) { + if (isset($onetoone['interface']) && $onetoone['interface'] == 'pptp') { + unset($onetoone[$i]); + continue; + } + if (isset($onetoone['source']['network']) && $onetoone['source']['network'] == 'pptp') { + unset($onetoone[$i]); + continue; + } + if (isset($onetoone['destination']['network']) && $onetoone['destination']['network'] == 'pptp') { + unset($onetoone[$i]); + continue; + } + } + } + + // Cleanup npt NAT rules + if (isset($config['nat']['npt']) && is_array($config['nat']['npt'])) { + $npt =& $config['nat']['npt']; + $last_rule = count($npt) - 1; + // Process in reverse order to be able to unset items + for ($i = $last_rule; $i >= 0; $i--) { + if (isset($npt['interface']) && $npt['interface'] == 'pptp') { + unset($npt[$i]); + continue; + } + } + } + + // Cleanup Port-forward NAT rules + if (isset($config['nat']['rule']) && is_array($config['nat']['rule'])) { + $nat_rules =& $config['nat']['rules']; + $last_rule = count($nat_rules) - 1; + // Process in reverse order to be able to unset items + for ($i = $last_rule; $i >= 0; $i--) { + if (isset($nat_rules['interface']) && $nat_rules['interface'] == 'pptp') { + unset($nat_rules[$i]); + continue; + } + if (isset($nat_rules['source']['network']) && $nat_rules['source']['network'] == 'pptp') { + unset($nat_rules[$i]); + continue; + } + if (isset($nat_rules['destination']['network']) && $nat_rules['destination']['network'] == 'pptp') { + unset($nat_rules[$i]); + continue; + } + } + } + + // Cleanup Port-forward NAT rules + if (isset($config['nat']['outbound']['rule']) && is_array($config['nat']['outbound']['rule'])) { + $out_rules =& $config['nat']['outbound']['rules']; + $last_rule = count($out_rules) - 1; + // Process in reverse order to be able to unset items + for ($i = $last_rule; $i >= 0; $i--) { + if (isset($out_rules['interface']) && $out_rules['interface'] == 'pptp') { + unset($out_rules[$i]); + continue; + } + } + } +} + ?> diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 2820822..9622067 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -1361,9 +1361,6 @@ function vpn_ipsec_force_reload($interface = "") { /* master setup for vpn (mpd) */ function vpn_setup() { - /* start pptpd */ - vpn_pptpd_configure(); - /* start pppoe server */ vpn_pppoes_configure(); @@ -1383,238 +1380,6 @@ function vpn_netgraph_support() { } } -function vpn_pptpd_configure() { - global $config, $g; - - $syscfg = $config['system']; - $pptpdcfg = $config['pptpd']; - - if (platform_booting()) { - if (!$pptpdcfg['mode'] || ($pptpdcfg['mode'] == "off")) { - return 0; - } - - if (platform_booting(true)) { - echo gettext("Configuring PPTP VPN service... "); - } - } else { - /* kill mpd */ - killbypid("{$g['varrun_path']}/pptp-vpn.pid"); - - /* wait for process to die */ - sleep(3); - - if (is_process_running("mpd -b")) { - killbypid("{$g['varrun_path']}/pptp-vpn.pid"); - log_error(gettext("Could not kill mpd within 3 seconds. Trying again.")); - } - - /* remove mpd.conf, if it exists */ - unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.conf"); - unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.links"); - unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.secret"); - } - - if (empty($pptpdcfg['n_pptp_units'])) { - log_error("Something wrong in the PPTPd configuration. Preventing starting the daemon because issues would arise."); - return; - } - - /* make sure pptp-vpn directory exists */ - if (!file_exists("{$g['varetc_path']}/pptp-vpn")) { - mkdir("{$g['varetc_path']}/pptp-vpn"); - } - - switch ($pptpdcfg['mode']) { - case 'server': - /* write mpd.conf */ - $fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.conf", "w"); - if (!$fd) { - printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n"); - return 1; - } - - $mpdconf = <<<EOD -pptps: - -EOD; - - for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - $mpdconf .= " load pt{$i}\n"; - } - - for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - - $clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i); - - $mpdconf .= <<<EOD - -pt{$i}: - new -i pptpd{$i} pt{$i} pt{$i} - set ipcp ranges {$pptpdcfg['localip']}/32 {$clientip}/32 - load pts - -EOD; - } - - $mpdconf .=<<<EOD - -pts: - set iface disable on-demand - set iface enable proxy-arp - set iface enable tcpmssfix - set iface idle 1800 - set iface up-script /usr/local/sbin/vpn-linkup - set iface down-script /usr/local/sbin/vpn-linkdown - set bundle enable multilink - set bundle enable crypt-reqd - set link yes acfcomp protocomp - set link no pap chap - set link enable chap-msv2 - set link mtu 1460 - set link keep-alive 10 60 - set ipcp yes vjcomp - set bundle enable compression - set ccp yes mppc - set ccp yes mpp-e128 - set ccp yes mpp-stateless - -EOD; - - if (!isset ($pptpdcfg['req128'])) { - $mpdconf .=<<<EOD - set ccp yes mpp-e40 - set ccp yes mpp-e56 - -EOD; - } - - if (isset($pptpdcfg["wins"]) && $pptpdcfg['wins'] != "") { - $mpdconf .= " set ipcp nbns {$pptpdcfg['wins']}\n"; - } - - if (!empty($pptpdcfg['dns1'])) { - $mpdconf .= " set ipcp dns " . $pptpdcfg['dns1']; - if (!empty($pptpdcfg['dns2'])) { - $mpdconf .= " " . $pptpdcfg['dns2']; - } - $mpdconf .= "\n"; - } elseif (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (isset($config['unbound']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { - $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; - } - - if (isset ($pptpdcfg['radius']['server']['enable'])) { - $authport = (isset($pptpdcfg['radius']['server']['port']) && strlen($pptpdcfg['radius']['server']['port']) > 1) ? $pptpdcfg['radius']['server']['port'] : 1812; - $acctport = $authport + 1; - $mpdconf .=<<<EOD - set radius server {$pptpdcfg['radius']['server']['ip']} "{$pptpdcfg['radius']['server']['secret']}" {$authport} {$acctport} - -EOD; - if (isset ($pptpdcfg['radius']['server2']['enable'])) { - $authport = (isset($pptpdcfg['radius']['server2']['port']) && strlen($pptpdcfg['radius']['server2']['port']) > 1) ? $pptpdcfg['radius']['server2']['port'] : 1812; - $acctport = $authport + 1; - $mpdconf .=<<<EOD - set radius server {$pptpdcfg['radius']['server2']['ip']} "{$pptpdcfg['radius']['server2']['secret2']}" {$authport} {$acctport} - -EOD; - } - $mpdconf .=<<<EOD - set radius retries 3 - set radius timeout 10 - set auth enable radius-auth - -EOD; - - if (isset ($pptpdcfg['radius']['accounting'])) { - $mpdconf .=<<<EOD - set auth enable radius-acct - set radius acct-update 300 - -EOD; - } - } - - fwrite($fd, $mpdconf); - fclose($fd); - unset($mpdconf); - - /* write mpd.links */ - $fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.links", "w"); - if (!$fd) { - printf(gettext("Error: cannot open mpd.links in vpn_pptpd_configure().") . "\n"); - return 1; - } - - $mpdlinks = ""; - - for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { - $mpdlinks .=<<<EOD - -pt{$i}: - set link type pptp - set pptp enable incoming - set pptp disable originate - set pptp disable windowing - -EOD; - } - - fwrite($fd, $mpdlinks); - fclose($fd); - unset($mpdlinks); - - /* write mpd.secret */ - $fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.secret", "w"); - if (!$fd) { - printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n"); - return 1; - } - - $mpdsecret = ""; - - if (is_array($pptpdcfg['user'])) { - foreach ($pptpdcfg['user'] as $user) { - $pass = str_replace('\\', '\\\\', $user['password']); - $pass = str_replace('"', '\"', $pass); - $mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n"; - } - } - - fwrite($fd, $mpdsecret); - fclose($fd); - unset($mpdsecret); - chmod("{$g['varetc_path']}/pptp-vpn/mpd.secret", 0600); - - vpn_netgraph_support(); - - /* fire up mpd */ - mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pptp-vpn -p {$g['varrun_path']}/pptp-vpn.pid -s pptps pptps"); - - break; - - case 'redir': - break; - } - - if (platform_booting()) { - echo "done\n"; - } - - return 0; -} - function vpn_pppoes_configure() { global $config; diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php index 943d57d..cc93b5c 100644 --- a/src/usr/local/www/diag_backup.php +++ b/src/usr/local/www/diag_backup.php @@ -579,7 +579,6 @@ function build_area_list($showall) { "nat" => gettext("NAT"), "openvpn" => gettext("OpenVPN"), "installedpackages" => gettext("Package Manager"), - "pptpd" => gettext("PPTP Server"), "rrddata" => gettext("RRD Data"), "cron" => gettext("Scheduled Tasks"), "syslog" => gettext("Syslog"), @@ -777,4 +776,4 @@ include("foot.inc"); if (is_subsystem_dirty('restore')) { system_reboot(); -}
\ No newline at end of file +} diff --git a/src/usr/local/www/diag_logs_filter.php b/src/usr/local/www/diag_logs_filter.php index d43f3a9..5f31998 100644 --- a/src/usr/local/www/diag_logs_filter.php +++ b/src/usr/local/www/diag_logs_filter.php @@ -168,9 +168,6 @@ function build_if_list() { if ($config['l2tp']['mode'] == "server") $interfaces['l2tp'] = "L2TP VPN"; - if ($config['pptpd']['mode'] == "server") - $interfaces['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; diff --git a/src/usr/local/www/diag_logs_vpn.php b/src/usr/local/www/diag_logs_vpn.php index 6429a0c..4394080 100755 --- a/src/usr/local/www/diag_logs_vpn.php +++ b/src/usr/local/www/diag_logs_vpn.php @@ -69,7 +69,7 @@ ##|-PRIV -$vpns = array('pptp' => 'PPTP', 'poes' => 'PPPoE', 'l2tp' => 'L2TP'); +$vpns = array('poes' => 'PPPoE', 'l2tp' => 'L2TP'); $pgtitle = array(gettext("Status"), gettext("System logs"), gettext("VPN")); require("guiconfig.inc"); @@ -85,7 +85,7 @@ if (htmlspecialchars($_POST['vpntype'])) { } elseif (htmlspecialchars($_GET['vpntype'])) { $vpntype = htmlspecialchars($_GET['vpntype']); } else { - $vpntype = "pptp"; + $vpntype = "poes"; } if (htmlspecialchars($_POST['mode'])) { $mode = htmlspecialchars($_POST['mode']); @@ -95,9 +95,6 @@ if (htmlspecialchars($_POST['mode'])) { $mode = "login"; } switch ($vpntype) { - case 'pptp': - $logname = "pptps"; - break; case 'poes': $logname = "poes"; break; @@ -168,12 +165,6 @@ $tab_array[] = array(gettext("Settings"), false, "diag_logs_settings.php"); display_top_tabs($tab_array); $tab_array = array(); -$tab_array[] = array(gettext("PPTP Logins"), - (($vpntype == "pptp") && ($mode != "raw")), - "/diag_logs_vpn.php?vpntype=pptp"); -$tab_array[] = array(gettext("PPTP Raw"), - (($vpntype == "pptp") && ($mode == "raw")), - "/diag_logs_vpn.php?vpntype=pptp&mode=raw"); $tab_array[] = array(gettext("PPPoE Logins"), (($vpntype == "poes") && ($mode != "raw")), "/diag_logs_vpn.php?vpntype=poes"); @@ -239,4 +230,4 @@ display_top_tabs($tab_array, false, 'nav nav-tabs'); </p> </div> </div> -<?php include("foot.inc");
\ No newline at end of file +<?php include("foot.inc"); diff --git a/src/usr/local/www/firewall_nat_1to1_edit.php b/src/usr/local/www/firewall_nat_1to1_edit.php index e051f2b..22d48ce 100644 --- a/src/usr/local/www/firewall_nat_1to1_edit.php +++ b/src/usr/local/www/firewall_nat_1to1_edit.php @@ -282,9 +282,6 @@ function build_srctype_list() { $sel = is_specialnet($pconfig['src']); - if (have_ruleint_access("pptp")) - $list['pptp'] = 'PPTP clients'; - if (have_ruleint_access("pppoe")) $list['pppoe'] = 'PPPoE clients'; @@ -322,9 +319,6 @@ function build_dsttype_list() { $sel = is_specialnet($pconfig['dst']); $list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)'); - if (have_ruleint_access("pptp")) - $list['pptp'] = 'PPTP clients'; - if (have_ruleint_access("pppoe")) $list['pppoe'] = 'PPPoE clients'; @@ -409,10 +403,6 @@ if ($config['l2tp']['mode'] == "server") if (have_ruleint_access("l2tp")) $interfaces['l2tp'] = "L2TP VPN"; -if ($config['pptpd']['mode'] == "server") - if (have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 7b63ff6..e2c90f7 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -534,9 +534,6 @@ function build_srctype_list() { $sel = is_specialnet($pconfig['src']); - if (have_ruleint_access("pptp")) - $list['pptp'] = 'PPTP clients'; - if (have_ruleint_access("pppoe")) $list['pppoe'] = 'PPPoE clients'; @@ -559,9 +556,6 @@ function build_dsttype_list() { $sel = is_specialnet($pconfig['dst']); $list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)'); - if (have_ruleint_access("pptp")) - $list['pptp'] = 'PPTP clients'; - if (have_ruleint_access("pppoe")) $list['pppoe'] = 'PPPoE clients'; @@ -669,10 +663,6 @@ if ($config['l2tp']['mode'] == "server") if (have_ruleint_access("l2tp")) $interfaces['l2tp'] = "L2TP VPN"; -if ($config['pptpd']['mode'] == "server") - if (have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; @@ -1265,4 +1255,4 @@ events.push(function(){ //]]> </script> -<?php include("foot.inc");
\ No newline at end of file +<?php include("foot.inc"); diff --git a/src/usr/local/www/firewall_nat_npt_edit.php b/src/usr/local/www/firewall_nat_npt_edit.php index 6fe0cea..d4f59f4 100644 --- a/src/usr/local/www/firewall_nat_npt_edit.php +++ b/src/usr/local/www/firewall_nat_npt_edit.php @@ -188,10 +188,6 @@ function build_if_list() { if (have_ruleint_access("l2tp")) $interfaces['l2tp'] = "L2TP VPN"; - if ($config['pptpd']['mode'] == "server") - if (have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - if ($config['pppoe']['mode'] == "server") if (have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; @@ -282,4 +278,4 @@ if (isset($id) && $a_npt[$id]) { $form->add($section); print($form); -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 7b149db..74c0aed 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -472,10 +472,6 @@ if ($config['l2tp']['mode'] == "server") if (have_ruleint_access("l2tp")) $interfaces['l2tp'] = "L2TP VPN"; -if ($config['pptpd']['mode'] == "server") - if (have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; @@ -857,4 +853,4 @@ events.push(function(){ //]]> </script> -<?php include("foot.inc");
\ No newline at end of file +<?php include("foot.inc"); diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index 87703f1..c09549e 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -126,12 +126,6 @@ if ($config['l2tp']['mode'] == "server") { } } -if ($config['pptpd']['mode'] == "server") { - if (have_ruleint_access("pptp")) { - $iflist['pptp'] = "PPTP VPN"; - } -} - if (is_array($config['pppoes']['pppoe'])) { foreach ($config['pppoes']['pppoe'] as $pppoes) { if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) { @@ -745,4 +739,4 @@ events.push(function() { }); */}); </script> -<?php include("foot.inc");?>
\ No newline at end of file +<?php include("foot.inc");?> diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 1630395..c32a226 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1132,9 +1132,6 @@ foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) if ($config['l2tp']['mode'] == "server" && have_ruleint_access("l2tp")) $interfaces['l2tp'] = 'L2TP VPN'; -if ($config['pptpd']['mode'] == "server" && have_ruleint_access("pptp")) - $interfaces['pptp'] = 'PPTP VPN'; - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE Server"; @@ -1256,8 +1253,6 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { ); if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") $ruleValues['(self)'] = 'This Firewall (self)'; - if (have_ruleint_access("pptp")) - $ruleValues['pptp'] = 'PPTP clients'; if (have_ruleint_access("pppoe")) $ruleValues['pppoe'] = 'PPPoE clients'; if (have_ruleint_access("l2tp")) diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index 5bd0882..9c7b14b 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -256,7 +256,7 @@ $wkports = array( /* TCP flags */ $tcpflags = array("fin", "syn", "rst", "psh", "ack", "urg", "ece", "cwr"); -$specialnets = array("(self)" => "This Firewall", "pptp" => "PPTP clients", "pppoe" => "PPPoE clients", "l2tp" => "L2TP clients"); +$specialnets = array("(self)" => "This Firewall", "pppoe" => "PPPoE clients", "l2tp" => "L2TP clients"); $spiflist = get_configured_interface_with_descr(false, true); foreach ($spiflist as $ifgui => $ifdesc) { diff --git a/src/usr/local/www/vpn_pptp.php b/src/usr/local/www/vpn_pptp.php deleted file mode 100644 index fc918b4..0000000 --- a/src/usr/local/www/vpn_pptp.php +++ /dev/null @@ -1,509 +0,0 @@ -<?php - -/* - WARNING: DEPRICATED! SHOULD NOT BE CONVERTED. SEE https://github.com/SjonHortensius/pfsense/issues/229 -*/ - -/* - vpn_pptp.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-vpn-vpnpptp -##|*NAME=VPN: VPN PPTP page -##|*DESCR=Allow access to the 'VPN: VPN PPTP' page. -##|*MATCH=vpn_pptp.php* -##|-PRIV - -require("guiconfig.inc"); -require_once("functions.inc"); -require_once("filter.inc"); -require_once("shaper.inc"); -require_once("vpn.inc"); - -if (!is_array($config['pptpd']['radius'])) { - $config['pptpd']['radius'] = array(); -} -$pptpcfg = &$config['pptpd']; - -$pconfig['remoteip'] = $pptpcfg['remoteip']; -$pconfig['localip'] = $pptpcfg['localip']; -$pconfig['redir'] = $pptpcfg['redir']; -$pconfig['mode'] = $pptpcfg['mode']; -$pconfig['wins'] = $pptpcfg['wins']; -$pconfig['req128'] = isset($pptpcfg['req128']); -$pconfig['n_pptp_units'] = $pptpcfg['n_pptp_units']; -$pconfig['pptp_dns1'] = $pptpcfg['dns1']; -$pconfig['pptp_dns2'] = $pptpcfg['dns2']; -$pconfig['radiusenable'] = isset($pptpcfg['radius']['server']['enable']); -$pconfig['radiusissueips'] = isset($pptpcfg['radius']['radiusissueips']); -$pconfig['radiussecenable'] = isset($pptpcfg['radius']['server2']['enable']); -$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); -$pconfig['radiusserver'] = $pptpcfg['radius']['server']['ip']; -$pconfig['radiusserverport'] = $pptpcfg['radius']['server']['port']; -$pconfig['radiusserveracctport'] = $pptpcfg['radius']['server']['acctport']; -$pconfig['radiussecret'] = $pptpcfg['radius']['server']['secret']; -$pconfig['radiusserver2'] = $pptpcfg['radius']['server2']['ip']; -$pconfig['radiusserver2port'] = $pptpcfg['radius']['server2']['port']; -$pconfig['radiusserver2acctport'] = $pptpcfg['radius']['server2']['acctport']; -$pconfig['radiussecret2'] = $pptpcfg['radius']['server2']['secret2']; -$pconfig['radius_acct_update'] = $pptpcfg['radius']['acct_update']; -$pconfig['radius_nasip'] = $pptpcfg['radius']['nasip']; - -if ($_POST) { - - if (isset($input_errors)) - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['mode'] == "server") { - $reqdfields = explode(" ", "localip remoteip"); - $reqdfieldsn = array(gettext("Server address"),gettext("Remote start address")); - - if ($_POST['radiusenable']) { - $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); - $reqdfieldsn = array_merge($reqdfieldsn, - array(gettext("RADIUS server address"),gettext("RADIUS shared secret"))); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { - $input_errors[] = gettext("A valid server address must be specified."); - } - if (is_ipaddr_configured($_POST['localip'])) { - $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); - } - if (!is_ipaddr($_POST['remoteip'])) { - $input_errors[] = gettext("A valid remote start address must be specified."); - } - if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { - $input_errors[] = gettext("A valid RADIUS server address must be specified."); - } - - if (!$input_errors) { - $subnet_start = ip2ulong($_POST['remoteip']); - $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_pptp_units'] - 1; - - if ((ip2ulong($_POST['localip']) >= $subnet_start) && - (ip2ulong($_POST['localip']) <= $subnet_end)) { - $input_errors[] = gettext("The specified server address lies in the remote subnet."); - } - // TODO: Should this check be for any local IP address? - if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { - $input_errors[] = gettext("The specified server address is equal to the LAN interface address."); - } - } - } else if ($_POST['mode'] == "redir") { - $reqdfields = explode(" ", "redir"); - $reqdfieldsn = array(gettext("PPTP redirection target address")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { - $input_errors[] = gettext("A valid target address must be specified."); - } - } else if (isset($config['pptpd']['mode'])) { - unset($config['pptpd']['mode']); - } - - if (!$input_errors) { - $pptpcfg['remoteip'] = $_POST['remoteip']; - $pptpcfg['redir'] = $_POST['redir']; - $pptpcfg['localip'] = $_POST['localip']; - $pptpcfg['mode'] = $_POST['mode']; - $pptpcfg['wins'] = $_POST['wins']; - $pptpcfg['n_pptp_units'] = $_POST['n_pptp_units']; - $pptpcfg['radius']['server']['ip'] = $_POST['radiusserver']; - $pptpcfg['radius']['server']['port'] = $_POST['radiusserverport']; - $pptpcfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; - $pptpcfg['radius']['server']['secret'] = $_POST['radiussecret']; - $pptpcfg['radius']['server2']['ip'] = $_POST['radiusserver2']; - $pptpcfg['radius']['server2']['port'] = $_POST['radiusserver2port']; - $pptpcfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; - $pptpcfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; - $pptpcfg['radius']['nasip'] = $_POST['radius_nasip']; - $pptpcfg['radius']['acct_update'] = $_POST['radius_acct_update']; - - if ($_POST['pptp_dns1'] == "") { - if (isset($pptpcfg['dns1'])) - unset($pptpcfg['dns1']); - } else - $pptpcfg['dns1'] = $_POST['pptp_dns1']; - - if ($_POST['pptp_dns2'] == "") { - if (isset($pptpcfg['dns2'])) - unset($pptpcfg['dns2']); - } else - $pptpcfg['dns2'] = $_POST['pptp_dns2']; - - if($_POST['req128'] == "yes") - $pptpcfg['req128'] = true; - else if (isset($pptpcfg['req128'])) - unset($pptpcfg['req128']); - - if($_POST['radiusenable'] == "yes") - $pptpcfg['radius']['server']['enable'] = true; - else if (isset($pptpcfg['radius']['server']['enable'])) - unset($pptpcfg['radius']['server']['enable']); - - if($_POST['radiussecenable'] == "yes") - $pptpcfg['radius']['server2']['enable'] = true; - else if (isset($pptpcfg['radius']['server2']['enable'])) - unset($pptpcfg['radius']['server2']['enable']); - - if($_POST['radacct_enable'] == "yes") - $pptpcfg['radius']['accounting'] = true; - else if (isset($pptpcfg['radius']['accounting'])) - unset($pptpcfg['radius']['accounting']); - - if($_POST['radiusissueips'] == "yes") { - $pptpcfg['radius']['radiusissueips'] = true; - } else if (isset($pptpcfg['radius']['radiusissueips'])) - unset($pptpcfg['radius']['radiusissueips']); - - write_config(); - - $retval = 0; - $retval = vpn_pptpd_configure(); - $savemsg = get_std_save_message($retval); - - filter_configure(); - } -} - -$pgtitle = array(gettext("VPN"),gettext("VPN PPTP")); -$shortcut_section = "pptps"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<script type="text/javascript"> -//<![CDATA[ -function get_radio_value(obj) -{ - for (i = 0; i < obj.length; i++) { - if (obj[i].checked) - return obj[i].value; - } - return null; -} - -function enable_change(enable_over) { - if ((get_radio_value(document.iform.mode) == "server") || enable_over) { - document.iform.remoteip.disabled = 0; - document.iform.localip.disabled = 0; - document.iform.req128.disabled = 0; - document.iform.radiusenable.disabled = 0; - document.iform.radiusissueips.disabled = 0; - document.iform.wins.disabled = 0; - document.iform.n_pptp_units.disabled = 0; - document.iform.pptp_dns1.disabled = 0; - document.iform.pptp_dns2.disabled = 0; - - if (document.iform.radiusenable.checked || enable_over) { - document.iform.radiussecenable.disabled = 0; - document.iform.radacct_enable.disabled = 0; - document.iform.radiusserver.disabled = 0; - document.iform.radiusserverport.disabled = 0; - document.iform.radiusserveracctport.disabled = 0; - document.iform.radiussecret.disabled = 0; - document.iform.radius_nasip.disabled = 0; - document.iform.radius_acct_update.disabled = 0; - document.iform.radiusissueips.disabled = 0; - if (document.iform.radiussecenable.checked || enable_over) { - document.iform.radiusserver2.disabled = 0; - document.iform.radiussecret2.disabled = 0; - document.iform.radiusserver2port.disabled = 0; - document.iform.radiusserver2acctport.disabled = 0; - } else { - - document.iform.radiusserver2.disabled = 1; - document.iform.radiussecret2.disabled = 1; - document.iform.radiusserver2port.disabled = 1; - document.iform.radiusserver2acctport.disabled = 1; - } - } else { - document.iform.radacct_enable.disabled = 1; - document.iform.radiusserver.disabled = 1; - document.iform.radiusserverport.disabled = 1; - document.iform.radiusissueips.disabled = 1; - document.iform.radiusserveracctport.disabled = 1; - document.iform.radiussecret.disabled = 1; - document.iform.radius_nasip.disabled = 1; - document.iform.radius_acct_update.disabled = 1; - document.iform.radiusissueips.disabled = 1; - document.iform.radiusserver2.disabled = 1; - document.iform.radiussecret2.disabled = 1; - document.iform.radiusserver2port.disabled = 1; - document.iform.radiusserver2acctport.disabled = 1; - } - - } else { - document.iform.remoteip.disabled = 1; - document.iform.localip.disabled = 1; - document.iform.req128.disabled = 1; - document.iform.n_pptp_units.disabled = 1; - document.iform.pptp_dns1.disabled = 1; - document.iform.pptp_dns2.disabled = 1; - document.iform.radiusenable.disabled = 1; - document.iform.radacct_enable.disabled = 1; - document.iform.radiusserver.disabled = 1; - document.iform.radiusserverport.disabled = 1; - document.iform.radiusissueips.disabled = 1; - document.iform.radiusserveracctport.disabled = 1; - document.iform.radiussecret.disabled = 1; - document.iform.radius_nasip.disabled = 1; - document.iform.radius_acct_update.disabled = 1; - document.iform.radiussecenable.disabled = 1; - document.iform.radiusserver2.disabled = 1; - document.iform.radiusserver2port.disabled = 1; - document.iform.radiusserver2acctport.disabled = 1; - document.iform.radiussecret2.disabled = 1; - document.iform.wins.disabled = 1; - document.iform.radiusissueips.disabled = 1; - } - if ((get_radio_value(document.iform.mode) == "redir") || enable_over) { - document.iform.redir.disabled = 0; - } else { - document.iform.redir.disabled = 1; - } -} -//]]> -</script> -<form action="vpn_pptp.php" method="post" name="iform" id="iform"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php print_info_box(gettext("PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.<br /><br /><a href=\"https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807\">Read More</a>")); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn pptp"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Configuration"), true, "vpn_pptp.php"); - $tab_array[1] = array(gettext("Users"), false, "vpn_pptp_users.php"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - <td> -<div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="mode" type="radio" onclick="enable_change(false)" value="off" - <?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked=\"checked\"";?> /> - <?=gettext("Off"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - - <input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked=\"checked\"" ?> /> - <?=gettext("Redirect incoming PPTP connections to");?>:</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("PPTP redirection");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="redir" type="text" class="formfld unknown" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>" /> - <br /> - <?=gettext("Enter the IP address of a host which will accept incoming " . - "PPTP connections"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked=\"checked\""; ?> /> - <?=gettext("Enable PPTP server"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("No. PPTP users"); ?></td> - <td width="78%" class="vtable"> - <select id="n_pptp_units" name="n_pptp_units"> - <?php - $toselect = ($pconfig['n_pptp_units'] > 0) ? $pconfig['n_pptp_units'] : 16; - for($x=1; $x<255; $x++) { - if($x == $toselect) - $SELECTED = " selected=\"selected\""; - else - $SELECTED = ""; - echo "<option value=\"{$x}\"{$SELECTED}>{$x}</option>\n"; - } - ?> - </select> - <br /><?=gettext("Hint: 10 is ten PPTP clients"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Server address"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="localip" type="text" class="formfld unknown" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" /> - <br /> - <?=gettext("Enter the IP address the PPTP server should give to clients for use as their \"gateway\""); ?>. - <br /> - <?=gettext("Typically this is set to an unused IP just outside of the client range"); ?>. - <br /> - <br /> - <?=gettext("NOTE: This should NOT be set to any IP address currently in use on this firewall"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Remote address " . - "range"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld unknown" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>" /> - <br /> - <?=gettext("Specify the starting address for the client IP subnet"); ?>.<br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("PPTP DNS Servers"); ?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="pptp_dns1" type="text" class="formfld unknown" id="pptp_dns1" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns1']);?>" /> - <br /> - <input name="pptp_dns2" type="text" class="formfld unknown" id="pptp_dns2" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns2']);?>" /> - <br /> - <?=gettext("primary and secondary DNS servers assigned to PPTP clients"); ?><br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("WINS Server"); ?></td> - <td width="78%" valign="top" class="vtable"> - <input name="wins" class="formfld unknown" id="wins" size="20" value="<?=htmlspecialchars($pconfig['wins']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS"); ?></td> - <td width="78%" class="vtable"> - <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Use a RADIUS server for authentication"); ?></strong><br /> - <?=gettext("When set, all users will be authenticated using " . - "the RADIUS server specified below. The local user database " . - "will not be used"); ?>.<br /> - <br /> - <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Enable RADIUS accounting"); ?> <br /> - </strong><?=gettext("Sends accounting packets to the RADIUS server"); ?>.<br /> - <br /> - <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Secondary RADIUS server for failover authentication"); ?></strong><br /> - <?=gettext("When set, all requests will go to the secondary server when primary fails"); ?><br /> - <br /> - <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " checked=\"checked\""; ?> /> - <strong><?=gettext("RADIUS issued IPs"); ?></strong> - <br /><?=gettext("Issue IP addresses via RADIUS server"); ?>. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS NAS IP"); ?></td> - <td width="78%" valign="top" class="vtable"> - <input name="radius_nasip" class="formfld unknown" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS Accounting Update"); ?></td> - <td width="78%" valign="top" class="vtable"> - <input name="radius_acct_update" class="formfld unknown" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS Server"); ?> </td> - <td width="78%" class="vtable"> - <input name="radiusserver" type="text" class="formfld unknown" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>" /> - <input name="radiusserverport" type="text" class="formfld unknown" id="radiusserverport" size="4" value="<?=htmlspecialchars($pconfig['radiusserverport']);?>" /> - <input name="radiusserveracctport" type="text" class="formfld unknown" id="radiusserveracctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserveracctport']);?>" /> - <br /> - <?=gettext("Enter the IP address, RADIUS port, and RADIUS accounting port of the RADIUS server"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("RADIUS shared secret"); ?></td> - <td width="78%" valign="top" class="vtable"> - <input name="radiussecret" type="password" class="formfld pwd" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>" /> - <br /> - <?=gettext("Enter the shared secret that will be used to authenticate " . - "to the RADIUS server"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Secondary RADIUS server"); ?> </td> - <td width="78%" class="vtable"> - <input name="radiusserver2" type="text" class="formfld unknown" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>" /> - <input name="radiusserver2port" type="text" class="formfld unknown" id="radiusserver2port" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2port']);?>" /> - <input name="radiusserver2acctport" type="text" class="formfld unknown" id="radiusserver2acctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2acctport']);?>" /> - <br /> - <?=gettext("Enter the IP address, RADIUS port, and RADIUS accounting port of the RADIUS server"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Secondary RADIUS shared secret"); ?></td> - <td width="78%" valign="top" class="vtable"> - <input name="radiussecret2" type="password" class="formfld pwd" id="radiussecret2" size="20" value="<?=htmlspecialchars($pconfig['radiussecret2']);?>" /> - <br /> - <?=gettext("Enter the shared secret that will be used to authenticate " . - "to the secondary RADIUS server"); ?>.</td> - </tr> - <tr> - <td height="16" colspan="2" valign="top"></td> - </tr> - <tr> - <td width="22%" valign="middle"> </td> - <td width="78%" class="vtable"> - <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Require 128-bit encryption"); ?></strong><br /> - <?=gettext("When set, only 128-bit encryption will be accepted. Otherwise " . - "40-bit and 56-bit encryption will be accepted as well. Note that " . - "encryption will always be forced on PPTP connections (i.e. " . - "unencrypted connections will not be accepted)"); ?>.</td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)" /> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong><?=gettext("Note");?>:<br /> - </strong></span><?=gettext("don't forget to ");?><a href="firewall_rules.php?if=pptp"><?=gettext("add a firewall rule"); ?></a> <?=gettext("to permit ". - "traffic from PPTP clients");?>!</span></td> - </tr> - </table> -</div> - </td> - </tr> -</table> -</form> -<script type="text/javascript"> -//<![CDATA[ -enable_change(false); -//]]> -</script> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/src/usr/local/www/vpn_pptp_users.php b/src/usr/local/www/vpn_pptp_users.php deleted file mode 100644 index da62e6a..0000000 --- a/src/usr/local/www/vpn_pptp_users.php +++ /dev/null @@ -1,147 +0,0 @@ -<?php - -/* - WARNING: DEPRICATED! SHOULD NOT BE CONVERTED. SEE https://github.com/SjonHortensius/pfsense/issues/229 -*/ - -/* - vpn_pptp_users.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-vpn-vpnpptp-users -##|*NAME=VPN: VPN PPTP: Users page -##|*DESCR=Allow access to the 'VPN: VPN PPTP: Users' page. -##|*MATCH=vpn_pptp_users.php* -##|-PRIV - -require("guiconfig.inc"); -require_once("vpn.inc"); - -if (!is_array($config['pptpd']['user'])) { - $config['pptpd']['user'] = array(); -} -$a_secret = &$config['pptpd']['user']; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - $retval = vpn_setup(); - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (is_subsystem_dirty('pptpusers')) - clear_subsystem_dirty('pptpusers'); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_secret[$_GET['id']]) { - unset($a_secret[$_GET['id']]); - write_config(); - mark_subsystem_dirty('pptpusers'); - header("Location: vpn_pptp_users.php"); - exit; - } -} - -$pgtitle = array(gettext("VPN"),gettext("VPN PPTP"),gettext("Users")); -$shortcut_section = "pptps"; -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<form action="vpn_pptp_users.php" method="post"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (isset($config['pptpd']['radius']['enable'])) - print_info_box(gettext("Warning: RADIUS is enabled. The local user database will not be used.")); ?> -<?php if (is_subsystem_dirty('pptpusers')): ?><br/> -<?php print_info_box_np(gettext("The PPTP user list has been modified").".<br />".gettext("You must apply the changes in order for them to take effect").".<br /></b><b>".gettext("Warning: this will terminate all current PPTP sessions")."!");?><br /> -<?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="vpn pptp users"> - <tr><td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[0] = array(gettext("Configuration"), false, "vpn_pptp.php"); - $tab_array[1] = array(gettext("Users"), true, "vpn_pptp_users.php"); - display_top_tabs($tab_array); -?> </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> - <td class="listhdrr"><?=gettext("Username");?></td> - <td class="listhdr"><?=gettext("IP address");?></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17"></td> - <td><a href="vpn_pptp_users_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add user");?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php $i = 0; foreach ($a_secret as $secretent): ?> - <tr> - <td class="listlr"> - <?=htmlspecialchars($secretent['name']);?> - </td> - <td class="listr"> - <?=htmlspecialchars($secretent['ip']);?> - </td> - <td class="list nowrap"><a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit user");?>" width="17" height="17" border="0" alt="edit" /></a> - <a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this user?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete user");?>" width="17" height="17" border="0" alt="delete" /></a></td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17"></td> - <td><a href="vpn_pptp_users_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add user");?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - </table> -</div> - </td> - </tr> -</table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/src/usr/local/www/vpn_pptp_users_edit.php b/src/usr/local/www/vpn_pptp_users_edit.php deleted file mode 100644 index 5c5d787..0000000 --- a/src/usr/local/www/vpn_pptp_users_edit.php +++ /dev/null @@ -1,189 +0,0 @@ -<?php - -/* - WARNING: DEPRICATED! SHOULD NOT BE CONVERTED. SEE https://github.com/SjonHortensius/pfsense/issues/229 -*/ - -/* - vpn_pptp_users_edit.php - part of m0n0wall (http://m0n0.ch/wall) - part of pfSense - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-vpn-vpnpptp-user-edit -##|*NAME=VPN: VPN PPTP: User: Edit page -##|*DESCR=Allow access to the 'VPN: VPN PPTP: User: Edit' page. -##|*MATCH=vpn_pptp_users_edit.php* -##|-PRIV - -function pptpusercmp($a, $b) { - return strcasecmp($a['name'], $b['name']); -} - -function pptpd_users_sort() { - global $config; - - if (!is_array($config['ppptpd']['user'])) - return; - - usort($config['pptpd']['user'], "pptpusercmp"); -} - -require("guiconfig.inc"); -require_once("vpn.inc"); - -if (!is_array($config['pptpd']['user'])) { - $config['pptpd']['user'] = array(); -} -$a_secret = &$config['pptpd']['user']; - -if (is_numericint($_GET['id'])) - $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) - $id = $_POST['id']; - -if (isset($id) && $a_secret[$id]) { - $pconfig['username'] = $a_secret[$id]['name']; - $pconfig['ip'] = $a_secret[$id]['ip']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if (isset($id) && ($a_secret[$id])) { - $reqdfields = explode(" ", "username"); - $reqdfieldsn = array(gettext("Username")); - } else { - $reqdfields = explode(" ", "username passwordfld1"); - $reqdfieldsn = array(gettext("Username"),gettext("Password")); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) - $input_errors[] = gettext("The username contains invalid characters."); - - if (preg_match("/^!/", $_POST['passwordfld1'])) - $input_errors[] = gettext("The password cannot start with '!'."); - - if (!preg_match("/^[\x20-\x7E]*$/", $_POST['passwordfld1'])) - $input_errors[] = gettext("The password contains invalid characters."); - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) { - $input_errors[] = gettext("The passwords do not match."); - } - if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { - $input_errors[] = gettext("The IP address entered is not valid."); - } - - if (!$input_errors && !(isset($id) && $a_secret[$id])) { - /* make sure there are no dupes */ - foreach ($a_secret as $secretent) { - if ($secretent['name'] == $_POST['username']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - - if (!$input_errors) { - - if (isset($id) && $a_secret[$id]) - $secretent = $a_secret[$id]; - - $secretent['name'] = $_POST['username']; - $secretent['ip'] = $_POST['ip']; - - if ($_POST['passwordfld1']) - $secretent['password'] = $_POST['passwordfld1']; - - if (isset($id) && $a_secret[$id]) - $a_secret[$id] = $secretent; - else - $a_secret[] = $secretent; - pptpd_users_sort(); - - write_config(); - mark_subsystem_dirty('pptpusers'); - - header("Location: vpn_pptp_users.php"); - exit; - } -} - -$pgtitle = array(gettext("VPN"),gettext("VPN PPTP"),gettext("User"),gettext("Edit")); -$shortcut_section = "pptps"; -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="vpn_pptp_users_edit.php" method="post" name="iform" id="iform"> - <div id="mainarea"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="vpn pptp users edit"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="username" type="text" class="formfld user" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Password");?></td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - <br /><?=$mandfldhtml;?><input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - (<?=gettext("confirmation");?>)<?php if (isset($id) && $a_secret[$id]): ?><br /> - <span class="vexpl"><?=gettext("If you want to change the users' password, ". - "enter it here twice.");?></span><?php endif; ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IP address");?></td> - <td width="78%" class="vtable"> - <input name="ip" type="text" class="formfld unknown" id="ip" size="20" value="<?=htmlspecialchars($pconfig['ip']);?>" /> - <br /><span class="vexpl"><?=gettext("If you want the user to be assigned a specific IP address, enter it here.");?></span></td> - </tr> - <tr> - <td class="vncell" width="22%" valign="top"> </td> - <td class="vncell" width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <?php if (isset($id) && $a_secret[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> - </div> -</form> -<?php include("fend.inc"); ?> -</body> -</html> |