diff options
author | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
commit | 58005e521346eea230c564aacf34b0820b9a6123 (patch) | |
tree | 7242c84ccd28d9044a7c0f08f7ecfee952634a65 /usr/local | |
parent | e5770bc233d9a6a9a335b02490d7c4607410cd95 (diff) | |
parent | 97c1f2684c5dd225075fec08148f084ff190af0a (diff) | |
download | pfsense-58005e521346eea230c564aacf34b0820b9a6123.zip pfsense-58005e521346eea230c564aacf34b0820b9a6123.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
conf.default/config.xml
etc/inc/filter.inc
etc/inc/globals.inc
etc/inc/pfsense-utils.inc
etc/inc/upgrade_config.inc
usr/local/www/interfaces.php
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/pkg/routed.inc | 13 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 9 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 16 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 23 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 25 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 28 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 60 | ||||
-rwxr-xr-x | usr/local/www/interfaces_vlan_edit.php | 10 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 2 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_ip_edit.php | 3 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_mac.php | 1 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal_mac_edit.php | 3 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 16 | ||||
-rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 5 | ||||
-rw-r--r-- | usr/local/www/system_usermanager.php | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 70 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 23 |
17 files changed, 267 insertions, 42 deletions
diff --git a/usr/local/pkg/routed.inc b/usr/local/pkg/routed.inc index 4d1b1d8..ec730d5 100644 --- a/usr/local/pkg/routed.inc +++ b/usr/local/pkg/routed.inc @@ -39,10 +39,15 @@ function setup_routed() { if (isset($config['installedpackages']['routed']['config'][0]['enable']) && $config['installedpackages']['routed']['config'][0]['enable'] == "on") { /* if user selected individual interfaces */ - $ifarr = explode(",", $config['installedpackages']['routed']['config'][0]['iface_array']); + $ifarr = array_flip(explode(",", $config['installedpackages']['routed']['config'][0]['iface_array'])); + $allifs = get_interface_arr(); if (!empty($ifarr)) { - foreach($ifarr as $ifname) { - $gw .= setup_etc_gateways($ifname, 'enable'); + foreach($allifs as $ifname) { + $friendly_ifname = convert_real_interface_to_friendly_interface_name($ifname); + if (array_key_exists($friendly_ifname, $ifarr)) + $gw .= setup_etc_gateways($ifname, 'enable'); + else + $gw .= setup_etc_gateways($ifname, 'disable'); } } else /* setup for all interfaces */ @@ -76,7 +81,7 @@ function setup_etc_gateways($iface="", $mode="") { } break; case "disable": - $ret .= "no_rip "; + $ret .= "no_rip_out no_solicit no_rdisc no_rdisc_adv"; break; default: diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index e9f4577..135d0e9 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -99,6 +99,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface external"); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 3dc1d83..5aa069c 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -101,6 +101,7 @@ if (isset($_GET['dup'])) /* run through $_POST items encoding HTML entties so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ +unset($input_errors); foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); @@ -173,7 +174,6 @@ if ($_POST) { $_POST['dsttype'] = "single"; } - unset($input_errors); $pconfig = $_POST; /* input validation */ @@ -290,6 +290,9 @@ if ($_POST) { } } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); + if (!$input_errors) { $natent = array(); @@ -410,6 +413,9 @@ if ($_POST) { mark_subsystem_dirty('filter'); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); + // Update the NAT entry now if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -443,6 +449,10 @@ include("fbegin.inc"); ?> <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> <td width="78%" class="vtable"> @@ -817,6 +827,10 @@ include("fbegin.inc"); ?> </select> </td> </tr><?php endif; ?> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); +?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> </td> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 6535fe8..db20a27 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -125,16 +125,23 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['natport'] = ""; $a_out[] = $natent; + $natent = array(); + $natent['source']['network'] = "127.0.0.0/8"; + $natent['dstport'] = ""; + $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc2); + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['staticnatport'] = false; + $natent['natport'] = "1024:65535"; + $a_out[] = $natent; + /* PPTP subnet */ - if($config['pptpd']['mode'] == "server") { - if (is_ipaddr($config['pptpd']['localip'])) { - if($config['pptpd']['pptp_subnet'] <> "") - $ossubnet = $config['pptpd']['pptp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pptpd']['localip'], $ossubnet); + if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units'])); + foreach ($pptp_subnets as $pptpsn) { $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['source']['network'] = $pptpsn; $natent['sourceport'] = ""; $natent['descr'] = gettext("Auto created rule for PPTP server"); $natent['target'] = ""; diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 4d960f2..72bc556 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -46,7 +46,7 @@ require("filter.inc"); require("shaper.inc"); if (!is_array($config['nat']['advancedoutbound'])) - $config['nat']['advancedoutbound'] = array(); + $config['nat']['advancedoutbound'] = array(); if (!is_array($config['nat']['advancedoutbound']['rule'])) { $config['nat']['advancedoutbound']['rule'] = array(); @@ -115,6 +115,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + /* run through $_POST items encoding HTML entties so that the user + * cannot think he is slick and perform a XSS attack on the unwilling + */ + foreach ($_POST as $key => $value) { + $temp = str_replace(">", "", $value); + $newpost = htmlentities($temp); + if($newpost <> $temp) + $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } /* input validation */ $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); @@ -209,6 +218,9 @@ if ($_POST) { } } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation"); + if (!$input_errors) { $natent = array(); $natent['source']['network'] = $osn; @@ -265,6 +277,9 @@ if ($_POST) { $natent['destination']['not'] = true; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config"); + if (isset($id) && $a_out[$id]) { $a_out[$id] = $natent; } else { @@ -387,6 +402,10 @@ function poolopts_change() { <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Advanced Outbound NAT entry");?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Do not NAT");?></td> <td width="78%" class="vtable"> @@ -620,6 +639,10 @@ any)");?></td> <br> <span class="vexpl"><?=gettext("You may enter a description here " . "for your reference (not parsed).");?></span></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate"); +?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 542f832..41e537e 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -256,19 +256,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { @@ -404,6 +391,9 @@ if ($_POST) { $input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well."); } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation"); + if (!$input_errors) { $filterent = array(); $filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:''; @@ -551,6 +541,9 @@ if ($_POST) { $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -561,6 +554,7 @@ if ($_POST) { } filter_rules_sort(); + write_config(); mark_subsystem_dirty('filter'); @@ -603,6 +597,10 @@ include("head.inc"); <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly"); +?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> <td width="78%" class="vtable"> @@ -1405,6 +1403,10 @@ $i--): ?> </div> </td> </tr> +<?php + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate"); +?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index e001903..0ecf1d3 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -346,7 +346,7 @@ if ($_POST['apply']) { log_error("removing old v6 address {$values['ipaddrv6']} on {$realif}"); mwexec("/sbin/ifconfig {$realif} inet6 {$values['ipaddrv6']} -alias"); } - interface_reconfigure($ifapply); + interface_reconfigure($ifapply, true); } else { interface_bring_down($ifapply); } @@ -814,6 +814,15 @@ if ($_POST['apply']) { } else { $wancfg['mss'] = $_POST['mss']; } + if (empty($_POST['mediaopt'])) { + unset($wancfg['media']); + unset($wancfg['mediaopt']); + } else { + $mediaopts = explode(' ', $_POST['mediaopt']); + if ($mediaopts[0] != ''){ $wancfg['media'] = $mediaopts[0]; } + if ($mediaopts[1] != ''){ $wancfg['mediaopt'] = $mediaopts[1]; } + else { unset($wancfg['mediaopt']); } + } if (isset($wancfg['wireless'])) { handle_wireless_post(); } @@ -1006,6 +1015,21 @@ function check_wireless_mode() { } } +// Find all possible media options for the interface +$mediaopts_list = array(); +$intrealname = $config['interfaces'][$if]['if']; +exec("/sbin/ifconfig -m $intrealname | grep \"media \"", $mediaopts); +foreach ($mediaopts as $mediaopt){ + preg_match("/media (.*)/", $mediaopt, $matches); + if (preg_match("/(.*) mediaopt (.*)/", $matches[1], $matches1)){ + // there is media + mediaopt like "media 1000baseT mediaopt full-duplex" + array_push($mediaopts_list, $matches1[1] . " " . $matches1[2]); + }else{ + // there is only media like "media 1000baseT" + array_push($mediaopts_list, $matches[1]); + } +} + $pgtitle = array(gettext("Interfaces"), $pconfig['descr']); $statusurl = "status_interfaces.php"; @@ -1272,6 +1296,35 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), "header size) will be in effect."); ?> </td> </tr> + <?php + if (count($mediaopts_list) > 0){ + $mediaopt_from_config = $config['interfaces'][$if]['media'] . ' ' . $config['interfaces'][$if]['mediaopt']; + echo "<tr>"; + echo '<td valign="top" class="vncell">' . gettext("Speed and duplex") . '</td>'; + echo '<td class="vtable">'; + echo '<div id="showadvmediabox"'; + if ($mediaopt_from_config != 'autoselect ' && $mediaopt_from_config != ' ') echo " style='display:none'>"; + else echo '>'; + echo '<input type="button" onClick="show_advanced_media()" value="' . gettext("Advanced") . '"></input> - ' . gettext("Show advanced option"); + echo "</div>"; + echo '<div id="showmediaadv" '; + if ($mediaopt_from_config == 'autoselect ' || $mediaopt_from_config == ' ') echo "style='display:none'>"; + else echo '>'; + echo '<select name="mediaopt" class="formselect" id="mediaopt">'; + foreach($mediaopts_list as $mediaopt){ + if ($mediaopt != rtrim($mediaopt_from_config)){ + print "<option value=\"$mediaopt\">" . gettext("$mediaopt") . "</option>"; + } else { + print "<option value=\"$mediaopt\" selected>" . gettext("$mediaopt") . "</option>"; + } + } + echo '</select><br>'; + echo gettext("Here you can explicitely set up speed and duplex mode for the interface."); + echo '</div>'; + echo '</td>'; + echo '</tr>'; + } + ?> <tr> <td colspan="2" valign="top" height="16"></td> </tr> @@ -2488,6 +2541,11 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), report_failure(); } } + function show_advanced_media() { + document.getElementById("showadvmediabox").innerHTML=''; + aodiv = document.getElementById('showmediaadv'); + aodiv.style.display = "block"; + } function save_callback_v6(transport) { var response_v6 = transport.responseText; if(response_v6) { diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index 145fe0a..08f1a53 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -97,9 +97,13 @@ if ($_POST) { if (!$input_errors) { if (isset($id) && $a_vlans[$id]) { - if ($a_vlans[$id]['if'] != $_POST['if']) - // Destroy previous vlan - pfSense_interface_destroy($a_vlans[$id]['if']); + if (($a_vlans[$id]['if'] != $_POST['if']) || ($a_vlans[$id]['tag'] != $_POST['tag'])) { + if (!empty($a_vlans[$id]['vlanif'])) + // Destroy previous vlan + pfSense_interface_destroy($a_vlans[$id]['vlanif']); + else + pfSense_interface_destroy("{$a_vlans[$id]['if']}_vlan{$a_vlans[$id]['tag']}"); + } } $vlan = array(); $vlan['if'] = $_POST['if']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 23e6cd9..586e569 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -474,7 +474,7 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client </tr> <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>> - <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a></td> + <?=gettext("Local"); ?> <a href="system_usermanager.php"><?=gettext("User Manager"); ?></a> / <?=gettext("Vouchers"); ?></td> </tr> <tr> <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index fd87c5b..01d52a2 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -159,6 +159,9 @@ include("head.inc"); <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit allowed ip rule");?></td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Direction"); ?></td> <td width="78%" class="vtable"> <select name="dir" class="formfld"> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 25c250c..f42ac80 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -108,6 +108,7 @@ if ($_GET['act'] == "del") { if ($a_passthrumacs[$_GET['id']]) { $ruleno = captiveportal_get_ipfw_passthru_ruleno($a_passthrumacs[$_GET['id']]['mac']); if ($ruleno) { + captiveportal_free_ipfw_ruleno($ruleno); mwexec("/sbin/ipfw delete {$ruleno}; /sbin/ipfw delete " . ++$ruleno); } unset($a_passthrumacs[$_GET['id']]); diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index aabf4b3..07f6d8c 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -153,6 +153,9 @@ include("head.inc"); <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="services_captiveportal_mac_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Pass-through MAC address");?></td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("MAC address"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 203906a..f5af953 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -39,6 +39,8 @@ $statusurl = "status_captiveportal_vouchers.php"; $logurl = "diag_logs_auth.php"; +if ($_POST['postafterlogin']) + $nocsrf= true; require("guiconfig.inc"); require("functions.inc"); require("filter.inc"); @@ -116,9 +118,8 @@ if ($_GET['act'] == "del") { exit; } } - /* print all vouchers of the selected roll */ -if ($_GET['act'] == "csv") { +else if ($_GET['act'] == "csv") { $privkey = base64_decode($config['voucher']['privatekey']); if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) { $fd = fopen("{$g['varetc_path']}/voucher.private","w"); @@ -164,6 +165,12 @@ $pconfig['vouchersyncusername'] = $config['voucher']['vouchersyncusername']; if ($_POST) { unset($input_errors); + + if ($_POST['postafterlogin']) { + voucher_expire($_POST['voucher_expire']); + exit; + } + $pconfig = $_POST; /* input validation */ @@ -199,6 +206,8 @@ if ($_POST) { $input_errors[] = gettext("This doesn't look like an RSA Public key."); if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) $input_errors[] = gettext("This doesn't look like an RSA Private key."); + if ($_POST['vouchersyncdbip'] && (is_ipaddr_configured($_POST['vouchersyncdbip']))) + $input_errors[] = gettext("You cannot sync the voucher database to this host (itself)."); } if (!$input_errors) { @@ -559,7 +568,8 @@ function enable_change(enable_change) { <td width="22%" valign="top" class="vncellreq"><?=gettext("Synchronize Voucher Database IP"); ?></td> <td width="78%" class="vtable"> <input name="vouchersyncdbip" type="text" class="formfld" id="vouchersyncdbip" size="17" value="<?=htmlspecialchars($pconfig['vouchersyncdbip']);?>"> - <br><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> + <br/><?=gettext("IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from."); ?> + <br/><?=gettext("NOTE: this should be setup on the slave nodes and not the primary node!"); ?> </td> </tr> <tr> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 48581ce..f6247e5 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -1062,8 +1062,9 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-loggedinusers=$rrddbpath$curdatabase:loggedinusers:AVERAGE\" "; $graphcmd .= "CDEF:\"$curif-totalusers_t=PREV,UN,0,PREV,IF,$curif-loggedinusers,+\" "; - $graphcmd .= "AREA:\"$curif-totalusers_t#{$colorcaptiveportalusers[0]}:Total logged in users\" "; - $graphcmd .= "GPRINT:\"$curif-totalusers_t:MAX:%8.0lf \\n\" "; + $graphcmd .= "CDEF:\"$curif-totalusers_d=$curif-totalusers_t,FLOOR\" "; + $graphcmd .= "AREA:\"$curif-totalusers_d#{$colorcaptiveportalusers[0]}:Total logged in users\" "; + $graphcmd .= "GPRINT:\"$curif-totalusers_d:MAX:%8.0lf \\n\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index d810cb9..597aefd 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -49,7 +49,7 @@ require("certs.inc"); require("guiconfig.inc"); -if (isAllowedPage("system_usermanager")) { +if (isAllowedPage("system_usermanager*")) { // start admin user code $pgtitle = array(gettext("System"),gettext("User Manager")); diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 5957c9e..6586b42 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,8 +141,74 @@ if ($_POST) { } } - /* TODO : Validate enabled phase2's are not duplicates */ - + /* Validate enabled phase2's are not duplicates */ + if (isset($pconfig['mobile'])){ + /* User is adding phase 2 for mobile phase1 */ + foreach($a_phase2 as $name){ + if (isset($name['mobile'])){ + /* check duplicate localids only for mobile clents */ + if ($name['localid']['type'] == $pconfig['localid_type']){ + /* Types match, check further */ + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address']) + $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits']) + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + if (count($input_errors) > 0) + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + }else{ + /* User is adding phase 2 for site-to-site phase1 */ + $input_error = 0; + foreach($a_phase2 as $name){ + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ + /* check duplicate subnets only for given phase1 */ + if ($name['localid']['type'] == $pconfig['localid_type'] && + $name['remoteid']['type'] == $pconfig['remoteid_type']){ + /* Types match, check further */ + $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; + $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + if ($configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + } + if ($input_error){ + $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } + } + $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 97fbc45..500700a 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -271,8 +271,14 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; - - return restore_config_section_xmlrpc($raw_params); + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + $config_new = array_overlay($config, $params[0]); + $config = $config_new; + $mergedkeys = implode(",", array_keys($params[0])); + write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); + return $xmlrpc_g['return']['true']; } /*****************************/ @@ -448,4 +454,17 @@ $server = new XML_RPC_Server( unlock($xmlrpclockkey); + function array_overlay($a1,$a2) + { + foreach($a1 as $k => $v) { + if(!array_key_exists($k,$a2)) continue; + if(is_array($v) && is_array($a2[$k])){ + $a1[$k] = array_overlay($v,$a2[$k]); + }else{ + $a1[$k] = $a2[$k]; + } + } + return $a1; + } + ?> |