diff options
author | Bill Marquette <bill.marquette@gmail.com> | 2011-06-03 17:29:49 -0500 |
---|---|---|
committer | Bill Marquette <bill.marquette@gmail.com> | 2011-06-03 17:29:49 -0500 |
commit | 5cb0360bf47e000f1d3e41266b8225479a490e40 (patch) | |
tree | 7ab0c99b6441ef7f41b64c6a60ebe31a95d15c01 /usr/local/www | |
parent | 5b542ae5055e3667f317f099753f38c89ffbbc9c (diff) | |
parent | bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (diff) | |
download | pfsense-5cb0360bf47e000f1d3e41266b8225479a490e40.zip pfsense-5cb0360bf47e000f1d3e41266b8225479a490e40.tar.gz |
Merge branch 'master' of github.com:bsdperimeter/pfsense
Diffstat (limited to 'usr/local/www')
22 files changed, 281 insertions, 51 deletions
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 598f4d6..9d28375 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -158,6 +158,8 @@ if ($_POST) { $mode = "restore"; else if (stristr($_POST['Submit'], gettext("Reinstall"))) $mode = "reinstallpackages"; + else if (stristr($_POST['Submit'], gettext("Clear Package Lock"))) + $mode = "clearpackagelock"; else if (stristr($_POST['Submit'], gettext("Download"))) $mode = "download"; else if (stristr($_POST['Submit'], gettext("Restore version"))) @@ -470,6 +472,9 @@ if ($_POST) { header("Location: pkg_mgr_install.php?mode=reinstallall"); exit; + } else if ($mode == "clearpackagelock") { + clear_subsystem_dirty('packagelock'); + $savemsg = "Package Lock Cleared"; } else if ($mode == "restore_ver") { $input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm"); if ($ver2restore <> "") { @@ -655,13 +660,17 @@ function backuparea_change(obj) { <td colspan="2" class="list" height="12"> </td> </tr> <tr> - <td colspan="2" class="listtopic"><?=gettext("Reinstall packages"); ?></td> + <td colspan="2" class="listtopic"><?=gettext("Package Functions"); ?></td> </tr> <tr> <td width="22%" valign="baseline" class="vncell"> </td> <td width="78%" class="vtable"> <p><?=gettext("Click this button to reinstall all system packages. This may take a while."); ?> <br /><br /> <input name="Submit" type="submit" class="formbtn" id="reinstallpackages" value="<?=gettext("Reinstall packages"); ?>"> + <br/> + <br/> + <p><?=gettext("Click this button to clear the package lock if a package fails to reinstall properly after an upgrade."); ?> <br /><br /> + <input name="Submit" type="submit" class="formbtn" id="clearpackagelock" value="<?=gettext("Clear Package Lock"); ?>"> </td> </tr> <?php } ?> diff --git a/usr/local/www/diag_ipsec_sad.php b/usr/local/www/diag_ipsec_sad.php index 7ee8b72..e08feba 100755 --- a/usr/local/www/diag_ipsec_sad.php +++ b/usr/local/www/diag_ipsec_sad.php @@ -90,6 +90,7 @@ if ($_GET['act'] == "del") { <td nowrap class="listhdrr"><?=gettext("SPI");?></td> <td nowrap class="listhdrr"><?=gettext("Enc. alg.");?></td> <td nowrap class="listhdr"><?=gettext("Auth. alg.");?></td> + <td nowrap class="listhdr"><?=gettext("Data");?></td> <td nowrap class="list"></td> </tr> <?php foreach ($sad as $sa): ?> @@ -100,6 +101,7 @@ if ($_GET['act'] == "del") { <td class="listr"><?=htmlspecialchars($sa['spi']);?></td> <td class="listr"><?=htmlspecialchars($sa['ealgo']);?></td> <td class="listr"><?=htmlspecialchars($sa['aalgo']);?></td> + <td class="listr"><?=htmlspecialchars($sa['data']);?></td> <td class="list" nowrap> <?php $args = "src=" . rawurlencode($sa['src']); diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index e9f4577..135d0e9 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -99,6 +99,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface external"); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 9895312..5aa069c 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -101,6 +101,7 @@ if (isset($_GET['dup'])) /* run through $_POST items encoding HTML entties so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ +unset($input_errors); foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); @@ -173,7 +174,6 @@ if ($_POST) { $_POST['dsttype'] = "single"; } - unset($input_errors); $pconfig = $_POST; /* input validation */ @@ -290,9 +290,9 @@ if ($_POST) { } } - // Allow extending of the nat edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); - + if (!$input_errors) { $natent = array(); @@ -413,6 +413,9 @@ if ($_POST) { mark_subsystem_dirty('filter'); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); + // Update the NAT entry now if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -425,9 +428,6 @@ if ($_POST) { mark_subsystem_dirty('natconf'); - // Allow extending of the nat edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); - write_config(); header("Location: firewall_nat.php"); @@ -446,14 +446,13 @@ include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> -<?php - // Allow extending of the nat edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly"); -?> - <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> <td width="78%" class="vtable"> @@ -829,7 +828,7 @@ include("fbegin.inc"); ?> </td> </tr><?php endif; ?> <?php - // Allow extending of the nat edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); ?> <tr> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index e6b5900..b8506d8 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -125,6 +125,17 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['natport'] = ""; $a_out[] = $natent; + $natent = array(); + $natent['source']['network'] = "127.0.0.0/8"; + $natent['dstport'] = ""; + $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc2); + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['staticnatport'] = false; + $natent['natport'] = "1024:65535"; + $a_out[] = $natent; + /* PPTP subnet */ if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units'])); diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 4d960f2..72bc556 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -46,7 +46,7 @@ require("filter.inc"); require("shaper.inc"); if (!is_array($config['nat']['advancedoutbound'])) - $config['nat']['advancedoutbound'] = array(); + $config['nat']['advancedoutbound'] = array(); if (!is_array($config['nat']['advancedoutbound']['rule'])) { $config['nat']['advancedoutbound']['rule'] = array(); @@ -115,6 +115,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); @@ -209,6 +218,9 @@ if ($_POST) { } } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation"); + if (!$input_errors) { $natent = array(); $natent['source']['network'] = $osn; @@ -265,6 +277,9 @@ if ($_POST) { $natent['destination']['not'] = true; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config"); + if (isset($id) && $a_out[$id]) { $a_out[$id] = $natent; } else { @@ -387,6 +402,10 @@ function poolopts_change() { <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Advanced Outbound NAT entry");?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Do not NAT");?></td> <td width="78%" class="vtable"> @@ -620,6 +639,10 @@ any)");?></td> <br> <span class="vexpl"><?=gettext("You may enter a description here " . "for your reference (not parsed).");?></span></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate"); +?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index daf577a..82d0323 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -126,12 +126,12 @@ if($_REQUEST['dragdroporder']) { $icmptypes = array( "" => gettext("any"), + "echoreq" => gettext("Echo request"), "echorep" => gettext("Echo reply"), "unreach" => gettext("Destination unreachable"), "squench" => gettext("Source quench"), "redir" => gettext("Redirect"), "althost" => gettext("Alternate Host"), - "echoreq" => gettext("Echo"), "routeradv" => gettext("Router advertisement"), "routersol" => gettext("Router solicitation"), "timex" => gettext("Time exceeded"), diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d673df8..acebe3c 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -253,19 +253,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { @@ -547,6 +534,9 @@ if ($_POST) { $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -558,9 +548,6 @@ if ($_POST) { filter_rules_sort(); - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); - write_config(); mark_subsystem_dirty('filter'); @@ -759,12 +746,12 @@ include("head.inc"); <?php $icmptypes = array( "" => gettext("any"), + "echoreq" => gettext("Echo request"), "echorep" => gettext("Echo reply"), "unreach" => gettext("Destination unreachable"), "squench" => gettext("Source quench"), "redir" => gettext("Redirect"), "althost" => gettext("Alternate Host"), - "echoreq" => gettext("Echo"), "routeradv" => gettext("Router advertisement"), "routersol" => gettext("Router solicitation"), "timex" => gettext("Time exceeded"), diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 899e209..fc905b4 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -711,6 +711,15 @@ if ($_POST['apply']) { } else { $wancfg['mss'] = $_POST['mss']; } + if (empty($_POST['mediaopt'])) { + unset($wancfg['media']); + unset($wancfg['mediaopt']); + } else { + $mediaopts = explode(' ', $_POST['mediaopt']); + if ($mediaopts[0] != ''){ $wancfg['media'] = $mediaopts[0]; } + if ($mediaopts[1] != ''){ $wancfg['mediaopt'] = $mediaopts[1]; } + else { unset($wancfg['mediaopt']); } + } if (isset($wancfg['wireless'])) { handle_wireless_post(); } @@ -897,6 +906,21 @@ function check_wireless_mode() { } } +// Find all possible media options for the interface +$mediaopts_list = array(); +$intrealname = $config['interfaces'][$if]['if']; +exec("/sbin/ifconfig -m $intrealname | grep \"media \"", $mediaopts); +foreach ($mediaopts as $mediaopt){ + preg_match("/media (.*)/", $mediaopt, $matches); + if (preg_match("/(.*) mediaopt (.*)/", $matches[1], $matches1)){ + // there is media + mediaopt like "media 1000baseT mediaopt full-duplex" + array_push($mediaopts_list, $matches1[1] . " " . $matches1[2]); + }else{ + // there is only media like "media 1000baseT" + array_push($mediaopts_list, $matches[1]); + } +} + $pgtitle = array(gettext("Interfaces"), $pconfig['descr']); $statusurl = "status_interfaces.php"; @@ -1153,6 +1177,36 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" "header size) will be in effect."); ?> </td> </tr> + <?php + if (count($mediaopts_list) > 0){ + $mediaopt_from_config = $config['interfaces'][$if]['media'] . ' ' . $config['interfaces'][$if]['mediaopt']; + echo "<tr>"; + echo '<td valign="top" class="vncell">' . gettext("Speed and duplex") . '</td>'; + echo '<td class="vtable">'; + echo '<div id="showadvmediabox"'; + if ($mediaopt_from_config != 'autoselect ' && $mediaopt_from_config != ' ') echo " style='display:none'>"; + else echo '>'; + echo '<input type="button" onClick="show_advanced_media()" value="' . gettext("Advanced") . '"></input> - ' . gettext("Show advanced option"); + echo "</div>"; + echo '<div id="showmediaadv" '; + if ($mediaopt_from_config == 'autoselect ' || $mediaopt_from_config == ' ') echo "style='display:none'>"; + else echo '>'; + echo '<select name="mediaopt" class="formselect" id="mediaopt">'; + print "<option value=\"\">Default</option>"; + foreach($mediaopts_list as $mediaopt){ + if ($mediaopt != rtrim($mediaopt_from_config)){ + print "<option value=\"$mediaopt\">" . gettext("$mediaopt") . "</option>"; + } else { + print "<option value=\"$mediaopt\" selected>" . gettext("$mediaopt") . "</option>"; + } + } + echo '</select><br>'; + echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo '</div>'; + echo '</td>'; + echo '</tr>'; + } + ?> <tr> <td colspan="2" valign="top" height="16"></td> </tr> @@ -2157,6 +2211,11 @@ $types = array("none" => gettext("None"), "static" => gettext("Static"), "dhcp" report_failure(); } } + function show_advanced_media() { + document.getElementById("showadvmediabox").innerHTML=''; + aodiv = document.getElementById('showmediaadv'); + aodiv.style.display = "block"; + } <?php echo "show_allcfg(document.iform.enable);"; echo "updateType('{$pconfig['type']}');\n"; diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index 145fe0a..08f1a53 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -97,9 +97,13 @@ if ($_POST) { if (!$input_errors) { if (isset($id) && $a_vlans[$id]) { - if ($a_vlans[$id]['if'] != $_POST['if']) - // Destroy previous vlan - pfSense_interface_destroy($a_vlans[$id]['if']); + if (($a_vlans[$id]['if'] != $_POST['if']) || ($a_vlans[$id]['tag'] != $_POST['tag'])) { + if (!empty($a_vlans[$id]['vlanif'])) + // Destroy previous vlan + pfSense_interface_destroy($a_vlans[$id]['vlanif']); + else + pfSense_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); + } } $vlan = array(); $vlan['if'] = $_POST['if']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 23e6cd9..586e569 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -474,7 +474,7 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client </tr> <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>> - <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a></td> + <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td> </tr> <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>> diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index bdef534..f5af953 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -568,7 +568,8 @@ function enable_change(enable_change) { <td width="22%" valign="top" class="vncellreq"><?=gettext("Synchronize Voucher Database IP"); ?></td> <td width="78%" class="vtable"> <input name="vouchersyncdbip" type="text" class="formfld" id="vouchersyncdbip" size="17" value="<?=htmlspecialchars($pconfig['vouchersyncdbip']);?>"> - <br><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> + <br/><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> + <br/><?=gettext("NOTE: this should be setup on the slave nodes and not the primary node!"); ?> </td> </tr> <tr> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 51857ab..2264365 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -56,6 +56,7 @@ $pconfig['proxyuser'] = $config['system']['proxyuser']; $pconfig['proxypass'] = $config['system']['proxypass']; $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); +$pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']); $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); $pconfig['racoondebug_enable'] = isset($config['ipsec']['racoondebug']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); @@ -106,6 +107,11 @@ if ($_POST) { else unset($config['system']['lb_use_sticky']); + if($_POST['gw_switch_default'] == "yes") + $config['system']['gw_switch_default'] = true; + else + unset($config['system']['gw_switch_default']); + if($_POST['preferoldsa_enable'] == "yes") $config['ipsec']['preferoldsa'] = true; else @@ -272,6 +278,15 @@ function maxmss_checked(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Load Balancing"); ?></td> + <td width="78%" class="vtable"> + <input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Allow default gateway switching"); ?></strong><br/> + <?=gettext("If the link where the default gateway resides fails " . + "switch the default gateway to another available one."); ?> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index e1b83f2..5541f83 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -92,6 +92,8 @@ if ($act == "del") { unset($a_ca[$id]); write_config(); $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br/>"; + pfSenseHeader("system_camanager.php"); + exit; } if ($act == "edit") { diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index cc1c65a..470f0cd 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -94,6 +94,8 @@ if ($act == "del") { unset($a_cert[$id]); write_config(); $savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>"; + pfSenseHeader("system_certmanager.php"); + exit; } if ($act == "new") { diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index d810cb9..cc6c4f1 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,7 +49,7 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager")) { +if (isAllowedPage("system_usermanager.php*")) { // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 465c607..54ed505 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -375,6 +375,9 @@ include("head.inc"); <a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase2 entry?"); ?>')"> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete phase2 entry"); ?>" width="17" height="17" border="0"> </a> + <a href="vpn_ipsec_phase2.php?dup=<?=$j;?>"> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new Phase 2 based on this one"); ?>" width="17" height="17" border="0"> + </a> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 12bb235..69cb438 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -89,6 +89,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; + $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy']; $pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check']; if (($pconfig['authentication_method'] == "pre_shared_key") || @@ -307,6 +308,7 @@ if ($_POST) { $ph1ent['certref'] = $pconfig['certref']; $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; + $ph1ent['generate_policy'] = $pconfig['generate_policy']; $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; @@ -644,6 +646,22 @@ function dpdchkbox_change() { </span> </td> </tr> + <tr id="generate_policy"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td> + <td width="78%" class="vtable"> + <select name="generate_policy" class="formselect"> + <option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option> + <option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option> + <option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option> + <option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option> + <option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option> + </select> + <br> + <span class="vexpl"> + <?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?> + </span> + </td> + </tr> <tr id="proposal_check"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index d45b0d6..395b81e 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -140,9 +140,64 @@ if ($_POST) { break; } } - - /* TODO : Validate enabled phase2's are not duplicates */ - + /* Validate enabled phase2's are not duplicates */ + if (isset($pconfig['mobile'])){ + /* User is adding phase 2 for mobile phase1 */ + foreach($a_phase2 as $key => $name){ + if (isset($name['mobile'])){ + /* check duplicate localids only for mobile clents */ + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $entered = array(); + $entered['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered); + if ($localid_data == $entered_localid_data){ + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + } + } + } + }else{ + /* User is adding phase 2 for site-to-site phase1 */ + $input_error = 0; + foreach($a_phase2 as $key => $name){ + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ + /* check duplicate subnets only for given phase1 */ + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']); + $entered_local = array(); + $entered_local['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered_local); + $entered_remote = array(); + $entered_remote['type'] = $pconfig['remoteid_type']; + if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; + if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote); + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + } + } + } + } + } + $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 4b9fc74..97b7769 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -350,10 +350,6 @@ function autotls_change() { <?php if (!$savemsg) $savemsg = ""; -if (count($a_ca) == 0) - $savemsg .= "You have no Certificate Authorities defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; -if (count($a_cert) == 0) - $savemsg .= "<br/>You have no Certificates defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; if ($input_errors) print_input_errors($input_errors); @@ -632,6 +628,7 @@ if ($savemsg) <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): @@ -642,11 +639,15 @@ if ($savemsg) <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -667,6 +668,9 @@ if ($savemsg) <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="psk"> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4a24e2e..b08c481 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -555,10 +555,6 @@ function netbios_change() { <?php if (!$savemsg) $savemsg = ""; -if (count($a_ca) == 0) - $savemsg .= "You have no Certificate Authorities defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; -if (count($a_cert) == 0) - $savemsg .= "<br/>You have no Certificates defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; if ($input_errors) print_input_errors($input_errors); @@ -768,6 +764,7 @@ if ($savemsg) <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): @@ -778,11 +775,15 @@ if ($savemsg) <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_crl"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_crl)): ?> <select name='crlref' class="formselect"> <option value="">None</option> <?php @@ -799,11 +800,15 @@ if ($savemsg) <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Revocation Lists (CRLs) defined.</b> <br/>Create one under <a href="system_crlmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -824,6 +829,9 @@ if ($savemsg) <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_dh"> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 97fbc45..500700a 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -271,8 +271,14 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; - - return restore_config_section_xmlrpc($raw_params); + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + $config_new = array_overlay($config, $params[0]); + $config = $config_new; + $mergedkeys = implode(",", array_keys($params[0])); + write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); + return $xmlrpc_g['return']['true']; } /*****************************/ @@ -448,4 +454,17 @@ $server = new XML_RPC_Server( unlock($xmlrpclockkey); + function array_overlay($a1,$a2) + { + foreach($a1 as $k => $v) { + if(!array_key_exists($k,$a2)) continue; + if(is_array($v) && is_array($a2[$k])){ + $a1[$k] = array_overlay($v,$a2[$k]); + }else{ + $a1[$k] = $a2[$k]; + } + } + return $a1; + } + ?> |