diff options
author | Renato Botelho <renato@netgate.com> | 2015-08-25 08:08:24 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-08-25 14:49:54 -0300 |
commit | 46bc6e545a17e77202aaf01ec0cd8d5a46567525 (patch) | |
tree | 32d18dda436ec739c67c489ceb771e8629cd926f /usr/local/pkg | |
parent | 4d9801c2dbd2b3e54a39578ee62b93af66607227 (diff) | |
download | pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.zip pfsense-46bc6e545a17e77202aaf01ec0cd8d5a46567525.tar.gz |
Move main pfSense content to src/
Diffstat (limited to 'usr/local/pkg')
-rw-r--r-- | usr/local/pkg/miniupnpd.inc | 297 | ||||
-rw-r--r-- | usr/local/pkg/miniupnpd.xml | 135 |
2 files changed, 0 insertions, 432 deletions
diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc deleted file mode 100644 index 4ea768c..0000000 --- a/usr/local/pkg/miniupnpd.inc +++ /dev/null @@ -1,297 +0,0 @@ -<?php - require_once("util.inc"); - require_once("config.inc"); - require_once("functions.inc"); - require_once("shaper.inc"); - - $shortcut_section = "upnp"; - - /* MiniUPnPd */ - - function upnp_notice($msg) { - log_error("miniupnpd: {$msg}"); - } - - function upnp_warn($msg) { - log_error("miniupnpd: {$msg}"); - } - - function upnp_running () { - if ((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) { - return true; - } - return false; - } - - function upnp_write_config($file, $text) { - $handle = fopen($file, 'w'); - if (!$handle) { - upnp_warn("Could not open {$file} for writing."); - return; - } - fwrite($handle, $text); - fclose($handle); - } - - function upnp_uuid() { - /* md5 hash of wan mac */ - $uuid = md5(get_interface_mac(get_real_interface("wan"))); - /* put uuid in correct format 8-4-4-4-12 */ - return substr($uuid, 0, 8) . '-' . substr($uuid, 9, 4) . '-' . substr($uuid, 13, 4) . '-' . substr($uuid, 17, 4) . '-' . substr($uuid, 21, 12); - } - - function upnp_validate_queue($qname) { - read_altq_config(); - $qlist = get_altq_name_list(); - if (is_array($qlist)) { - return in_array($qname, $qlist); - } else { - return false; - } - } - - function upnp_validate_ip($ip, $check_cdir) { - /* validate cidr */ - $ip_array = array(); - if ($check_cdir) { - $ip_array = explode('/', $ip); - if (count($ip_array) == 2) { - if ($ip_array[1] < 1 || $ip_array[1] > 32) { - return false; - } - } else { - if (count($ip_array) != 1) { - return false; - } - } - } else { - $ip_array[] = $ip; - } - - /* validate ip */ - if (!is_ipaddr($ip_array[0])) { - return false; - } - return true; - } - - function upnp_validate_port($port) { - foreach (explode('-', $port) as $sub) { - if ($sub < 0 || $sub > 65535) { - return false; - } - } - return true; - } - - function before_form_miniupnpd(&$pkg) { - global $config; - - } - - function validate_form_miniupnpd($post, &$input_errors) { - if ($post['enable'] && (!$post['enable_upnp'] && !$post['enable_natpmp'])) { - $input_errors[] = 'At least one of \'UPnP\' or \'NAT-PMP\' must be allowed'; - } - if ($post['iface_array']) { - foreach ($post['iface_array'] as $iface) { - if ($iface == 'wan') { - $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; - } elseif ($iface == $post['ext_iface']) { - $input_errors[] = 'You cannot select the external interface as an internal interface.'; - } - } - } - if ($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'], false)) { - $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; - } - if (($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) { - $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; - } - if ($post['download'] && $post['download'] <= 0) { - $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; - } - if ($post['upload'] && $post['upload'] <= 0) { - $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; - } - if ($post['upnpqueue'] && !upnp_validate_queue($post['upnpqueue'])) { - $input_errors[] = 'You must specify a valid traffic shaping queue.'; - } - - /* user permissions validation */ - $j = substr_count(implode(array_keys($post)), "permuser"); - for ($i = 0; $i < $j; $i++) { - if ($post["permuser{$i}"]) { - $perm = explode(' ', $post["permuser{$i}"]); - /* should explode to 4 args */ - if (count($perm) != 4) { - $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; - } else { - /* must with allow or deny */ - if (!($perm[0] == 'allow' || $perm[0] == 'deny')) { - $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; - } - /* verify port or port range */ - if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) { - $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified permissions {$i}' field"; - } - /* verify ip address */ - if (!upnp_validate_ip($perm[2], true)) { - $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; - } - } - } - } - } - - function sync_package_miniupnpd() { - global $g, $config; - global $input_errors; - - $upnp_config = $config['installedpackages']['miniupnpd']['config'][0]; - $config_file = '/var/etc/miniupnpd.conf'; - - if (!isset($upnp_config['ext_iface']) || empty($upnp_config['ext_iface'])) { - $ext_ifname = get_real_interface(); - } else { - $if = convert_friendly_interface_to_real_interface_name($upnp_config['ext_iface']); - if ($if != $upnp_config['ext_iface']) { - $ext_ifname = $if; - } else { - $ext_ifname = get_real_interface(); - upnp_warn("Could not resolve real interface for {$upnp_config['ext_iface']}, defaulting to WAN"); - } - } - - $config_text = "ext_ifname={$ext_ifname}\n"; - $config_text .= "port=2189\n"; - - $ifaces_active = ''; - - /* since config is written before this file is invoked we don't need to read post data */ - if ($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { - $iface_array = explode(',', $upnp_config['iface_array']); - - foreach ($iface_array as $iface) { - /* Setting the same internal and external interface is not allowed. */ - if ($iface == $upnp_config['ext_iface']) { - continue; - } - $if = convert_friendly_interface_to_real_interface_name($iface); - /* above function returns iface if fail */ - if ($if != $iface) { - $addr = find_interface_ip($if); - $bits = find_interface_subnet($if); - /* check that the interface has an ip address before adding parameters */ - if (is_ipaddr($addr)) { - $config_text .= "listening_ip={$if}\n"; - if (!$ifaces_active) { - $webgui_ip = $addr; - $ifaces_active = $iface; - } else { - $ifaces_active .= ", {$iface}"; - } - } else { - upnp_warn("Interface {$iface} has no ip address, ignoring"); - } - } else { - upnp_warn("Could not resolve real interface for {$iface}"); - } - } - - if (!empty($ifaces_active)) { - /* override wan ip address, common for carp, etc */ - if ($upnp_config['overridewanip']) { - $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; - } - - $download = $upnp_config['download']*1000; - $upload = $upnp_config['upload']*1000; - - /* set upload and download bitrates */ - if (!empty($download) && !empty($upload)) { - $config_text .= "bitrate_down={$download}\n"; - $config_text .= "bitrate_up={$upload}\n"; - } - - /* enable logging of packets handled by miniupnpd rules */ - if ($upnp_config['logpackets']) { - $config_text .= "packet_log=yes\n"; - } - - /* enable system uptime instead of miniupnpd uptime */ - if ($upnp_config['sysuptime']) { - $config_text .= "system_uptime=yes\n"; - } - - /* set webgui url */ - if (!empty($config['system']['webgui']['protocol'])) { - $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; - if (!empty($config['system']['webgui']['port'])) { - $config_text .= ":{$config['system']['webgui']['port']}"; - } - $config_text .= "/\n"; - } - - /* set uuid and serial */ - $config_text .= "uuid=".upnp_uuid()."\n"; - $config_text .= "serial=".strtoupper(substr(upnp_uuid(), 0, 8))."\n"; - - /* set model number */ - $config_text .= "model_number=" . $g['product_version'] . "\n"; - - /* upnp access restrictions */ - foreach ($upnp_config['row'] as $row) { - if ($row['permuser']) { - $config_text .= "{$row["permuser"]}\n"; - } - } - - if ($upnp_config['permdefault']) { - $config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n"; - } - - /* Recheck if queue is valid */ - if (!upnp_validate_queue($upnp_config['upnpqueue'])) { - unset($upnp_config['upnpqueue']); - } - - /* Add shaper queue */ - if ($upnp_config['upnpqueue']) { - $config_text .= "queue={$upnp_config['upnpqueue']}\n"; - } - - /* Allow UPnP or NAT-PMP as requested */ - $config_text .= "enable_upnp=" . ($upnp_config['enable_upnp'] ? "yes\n" : "no\n"); - $config_text .= "enable_natpmp=" . ($upnp_config['enable_natpmp'] ? "yes\n" : "no\n"); - - /* write out the configuration */ - upnp_write_config($config_file, $config_text); - - /* if miniupnpd not running start it */ - if (!upnp_running()) { - upnp_notice("Starting service on interface: {$ifaces_active}"); - upnp_action('start'); - } else { - /* restart miniupnpd if settings were changed */ - upnp_notice("Restarting service on interface: {$ifaces_active}"); - upnp_action('restart'); - } - } - } else { - /* user does not want miniupnpd running */ - /* lets stop the service and remove the rc file */ - - if (file_exists($config_file)) { - if (!$upnp_config['enable']) { - upnp_notice('Stopping service: miniupnpd disabled'); - } else { - upnp_notice('Stopping service: no interfaces selected'); - } - - upnp_action('stop'); - @unlink($config_file); - } - } - } -?> diff --git a/usr/local/pkg/miniupnpd.xml b/usr/local/pkg/miniupnpd.xml deleted file mode 100644 index 33d8ac4..0000000 --- a/usr/local/pkg/miniupnpd.xml +++ /dev/null @@ -1,135 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<packagegui> - <title>Services: UPnP & NAT-PMP</title> - <name>miniupnpd</name> - <version>20100712</version> - <savetext>Change</savetext> - <include_file>/usr/local/pkg/miniupnpd.inc</include_file> - <menu> - <name>UPnP & NAT-PMP</name> - <tooltiptext>Set UPnP & NAT-PMP settings such as interfaces to listen on.</tooltiptext> - <section>Services</section> - <url>/pkg_edit.php?xml=miniupnpd.xml&id=0</url> - </menu> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/sbin/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/miniupnpd/sbin/miniupnpd</item> - </additional_files_needed> - <service> - <name>miniupnpd</name> - <rcfile>miniupnpd.sh</rcfile> - <executable>miniupnpd</executable> - </service> - <fields> - <field> - <name>UPnP & NAT-PMP Settings</name> - <type>listtopic</type> - <enablefields>enable_upnp,enable_natpmp,ext_iface,iface_array,download,upload,overridewanip,upnpqueue,logpackets,sysuptime,permdefault</enablefields> - </field> - <field> - <fielddescr>Enable UPnP & NAT-PMP</fielddescr> - <fieldname>enable</fieldname> - <type>checkbox</type> - <enablefields>enable_upnp,enable_natpmp,ext_iface,iface_array,download,upload,overridewanip,upnpqueue,logpackets,sysuptime,permdefault</enablefields> - </field> - <field> - <fielddescr>Allow UPnP Port Mapping</fielddescr> - <fieldname>enable_upnp</fieldname> - <type>checkbox</type> - <description>This protocol is often used by Microsoft-compatible systems.</description> - </field> - <field> - <fielddescr>Allow NAT-PMP Port Mapping</fielddescr> - <fieldname>enable_natpmp</fieldname> - <type>checkbox</type> - <description>This protocol is often used by Apple-compatible systems.</description> - </field> - <field> - <fielddescr>External Interface (generally WAN)</fielddescr> - <fieldname>ext_iface</fieldname> - <default_value>wan</default_value> - <type>interfaces_selection</type> - <hideinterfaceregex>loopback</hideinterfaceregex> - <description>Select only your primary WAN interface (interface with your default route). Only one interface is allowed here, not multiple.</description> - <required/> - </field> - <field> - <fielddescr>Interfaces (generally LAN)</fielddescr> - <fieldname>iface_array</fieldname> - <default_value>lan</default_value> - <type>interfaces_selection</type> - <description>You can use the CTRL or COMMAND key to select multiple interfaces.</description> - <required/> - <multiple/> - </field> - <field> - <fielddescr>Maximum Download Speed (Kbits/second)</fielddescr> - <fieldname>download</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>Maximum Upload Speed (Kbits/second)</fielddescr> - <fieldname>upload</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>Override WAN address</fielddescr> - <fieldname>overridewanip</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>Traffic Shaping Queue</fielddescr> - <fieldname>upnpqueue</fieldname> - <type>input</type> - </field> - <field> - <fielddescr>Log packets handled by UPnP & NAT-PMP rules?</fielddescr> - <fieldname>logpackets</fieldname> - <type>checkbox</type> - </field> - <field> - <fielddescr>Use system uptime instead of UPnP & NAT-PMP service uptime?</fielddescr> - <fieldname>sysuptime</fieldname> - <type>checkbox</type> - </field> - <field> - <fielddescr>By default deny access to UPnP & NAT-PMP?</fielddescr> - <fieldname>permdefault</fieldname> - <type>checkbox</type> - </field> - <field> - <fielddescr>User specified permissions</fielddescr> - <fieldname>none</fieldname> - <description>Format: [allow or deny] [ext port or range] [int ipaddr or ipaddr/CIDR] [int port or range] - <br />Example: allow 1024-65535 192.168.0.0/24 1024-65535</description> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fieldname>permuser</fieldname> - <type>input</type> - <size>60</size> - </rowhelperfield> - </rowhelper> - </field> - </fields> - <custom_php_command_before_form> - before_form_miniupnpd($pkg); - </custom_php_command_before_form> - <custom_php_validation_command> - validate_form_miniupnpd($_POST, $input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - sync_package_miniupnpd(); - </custom_php_resync_config_command> -</packagegui> |