diff options
| author | gnhb <gnoahb@gmail.com> | 2010-05-29 10:11:33 +0700 |
|---|---|---|
| committer | gnhb <gnoahb@gmail.com> | 2010-05-29 10:11:33 +0700 |
| commit | 68f0c07a0adab08b3fba2bc6749215e10d4d43ce (patch) | |
| tree | 4c698cbfdbae5b2f37f6cb8f6051efde92cba840 /usr/local | |
| parent | d6366dd7beefba982c1e04a1f43f20cfe306808a (diff) | |
| parent | 40e18a72af0d2633251ef197ff6311325ce4eae9 (diff) | |
| download | pfsense-68f0c07a0adab08b3fba2bc6749215e10d4d43ce.zip pfsense-68f0c07a0adab08b3fba2bc6749215e10d4d43ce.tar.gz | |
Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mainline into mlppp
Conflicts:
etc/inc/pfsense-utils.inc
usr/local/www/interfaces.php
Diffstat (limited to 'usr/local')
28 files changed, 889 insertions, 454 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 56cddc0..5990ec1 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -43,7 +43,7 @@ header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); $orig_host = $_ENV['HTTP_HOST']; -$orig_request = $_GET['redirurl']; +$orig_request = $_REQUEST['redirurl']; $clientip = $_SERVER['REMOTE_ADDR']; if (!$clientip) { @@ -154,18 +154,23 @@ exit; if ($_POST['auth_user'] && $_POST['auth_pass']) { $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN"); + $type = "error"; + if (!empty($auth_list['url_redirection'])) { + $redirurl = $auth_list['url_redirection']; + $type = "redir"; + } if ($auth_list['auth_val'] == 1) { captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']); - portal_reply_page($redirurl, "error", $auth_list['error']); + portal_reply_page($redirurl, $type, $auth_list['error']); } else if ($auth_list['auth_val'] == 3) { captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']); - portal_reply_page($redirurl, "error", $auth_list['reply_message']); + portal_reply_page($redirurl, $type, $auth_list['reply_message']); } } else { captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR"); - portal_reply_page($redirurl, "error"); + portal_reply_page($redirurl, "error", "Invalid username/password specified."); } } else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") { @@ -189,25 +194,30 @@ exit; exit; -function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null) { +function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) { global $g, $config; /* Get captive portal layout */ - if ($type == "login") - $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal.html"); + if ($type == "redir") { + header("Location: {$redirurl}"); + return; + } else if ($type == "login") + $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html"); else - $htmltext = file_get_contents("{$g['varetc_path']}/captiveportal-error.html"); + $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html"); /* substitute other variables */ - if (isset($config['captiveportal']['httpslogin'])) + if (isset($config['captiveportal']['httpslogin'])) { $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); - else { - $ifip = portal_ip_from_client_ip($clientip); + $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext); + } else { + $ifip = portal_ip_from_client_ip($clientip); if (!$ifip) $ourhostname = $config['system']['hostname'] . ":8000"; else $ourhostname = "{$ifip}:8000"; $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext); + $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext); } $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext); @@ -215,6 +225,16 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); + // Special handling case for captive portal master page so that it can be ran + // through the PHP interpreter using the include method above. We convert the + // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out. + $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext); + $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext); + $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext); + $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext); + $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext); + $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext); + echo $htmltext; } @@ -226,15 +246,17 @@ function portal_mac_radius($clientmac,$clientip) { /* authentication against the radius server */ $username = mac_format($clientmac); $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN"); - if ($auth_list['auth_val'] == 2) { + if ($auth_list['auth_val'] == 2) return TRUE; - } + if (!empty($auth_list['url_redirection'])) + portal_reply_page($auth_list['url_redirection'], "redir"); + return FALSE; } function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) { - global $redirurl, $g, $config, $url_redirection, $type, $passthrumac; + global $redirurl, $g, $config, $type, $passthrumac, $_POST; /* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */ $captiveshouldunlock = false; @@ -265,8 +287,37 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($attributes['voucher']) $remaining_time = $attributes['session_timeout']; + $writecfg = false; /* Find an existing session */ - for ($i = 0; $i < count($cpdb); $i++) { + if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) { + if (isset($config['captiveportal']['passthrumacadd'])) { + $mac = captiveportal_passthrumac_findbyname($username); + if (!empty($mac)) { + if ($_POST['replacemacpassthru']) { + foreach ($a_passthrumacs as $idx => $macent) { + if ($macent['mac'] == $mac['mac']) { + unset($config['captiveportal']['passthrumac'][$idx]); + $mac['mac'] = $clientmac; + $config['captiveportal']['passthrumac'][] = $mac; + $macrules = captiveportal_passthrumac_configure_entry($mac); + file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); + $writecfg = true; + $sessionid = true; + break; + } + } + } else { + portal_reply_page($redirurl, "error", "Username: {$username} is known with another mac address.", + $clientmac, $clientip, $username, $password); + exit; + } + } + } + } + + $nousers = count($cpdb); + for ($i = 0; $i < $nousers; $i++) { /* on the same ip */ if($cpdb[$i][2] == $clientip) { captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION"); @@ -303,7 +354,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut return 0; // voucher already used and no time left } - $writecfg = false; if (!isset($sessionid)) { /* generate unique session ID */ @@ -322,6 +372,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($passthrumac) { $mac = array(); $mac['mac'] = $clientmac; + if (isset($config['captiveportal']['passthrumacaddusername'])) + $mac['username'] = $username; $mac['descr'] = "Auto added pass-through MAC for user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; @@ -395,8 +447,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut write_config(); /* redirect user to desired destination */ - if ($url_redirection) - $my_redirurl = $url_redirection; + if (!empty($attributes['url_redirection'])) + $my_redirurl = $attributes['url_redirection']; else if ($config['captiveportal']['redirurl']) $my_redirurl = $config['captiveportal']['redirurl']; else @@ -415,40 +467,15 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $logouturl = "http://{$ourhostname}/"; } - echo <<<EOD -<HTML> -<HEAD><TITLE>Redirecting...</TITLE></HEAD> -<BODY> -<SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;"> -<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B> -</SPAN> -<SCRIPT LANGUAGE="JavaScript"> -<!-- -LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64'); -if (LogoutWin) { - LogoutWin.document.write('<HTML>'); - LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ; - LogoutWin.document.write('<BODY BGCOLOR="#435370">'); - LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ; - LogoutWin.document.write('<B>Click the button below to disconnect</B><P>'); - LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">'); - LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">'); - LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">'); - LogoutWin.document.write('</FORM>'); - LogoutWin.document.write('</DIV></BODY>'); - LogoutWin.document.write('</HTML>'); - LogoutWin.document.close(); -} + include("{$g['varetc_path']}/captiveportal-logout.html"); -document.location.href="{$my_redirurl}"; ---> -</SCRIPT> -</BODY> -</HTML> - -EOD; } else { - header("Location: " . $my_redirurl); + if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) { + header ('HTTP/1.1 301 Moved Permanently'); + header("Location: " . $_POST['ORIGINAL_PORTAL_IP']); + } else { + header("Location: " . $my_redirurl); + } } return $sessionid; diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index e60a217..688af74 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -54,7 +54,7 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, global $config; $retvalue = array(); - $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if'])); + $nas_mac = mac_format(get_interface_mac("wan")); $clientmac = mac_format($clientmac); $nas_port = $ruleno; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; @@ -67,7 +67,7 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, break; default: - $calledstationid = $nas_mac; + $calledstationid = get_interface_ip("wan"); $callingstationid = $clientmac; } @@ -165,7 +165,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius global $config; $retvalue = array(); - $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if'])); + $nas_mac = mac_format(get_interface_mac("wan")); $clientmac = mac_format($clientmac); $nas_port = $ruleno; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; @@ -185,7 +185,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius break; default: - $calledstationid = $nas_mac; + $calledstationid = get_interface_ip("wan"); $callingstationid = $clientmac; } diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 01ec063..7f37b03 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -51,7 +51,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli global $config; $retvalue = array(); - $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if'])); + $nas_mac = mac_format(get_interface_mac(get_real_interface("wan"))); $clientmac = mac_format($clientmac); $nas_port = $ruleno; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; @@ -66,7 +66,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli break; default: - $calledstationid = $nas_mac; + $calledstationid = get_interface_ip("wan"); $callingstationid = $clientmac; } @@ -74,13 +74,11 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli $rauth = new Auth_RADIUS_PAP($username, $password); /* - Add support for more then one radiusserver. - At most 10 servers may be specified. - When multiple servers are given, they are tried in round-robin fashion until a valid response is received - */ - + * Add support for more then one radiusserver. + * At most 10 servers may be specified. + * When multiple servers are given, they are tried in round-robin fashion until a valid response is received + */ foreach ($radiusservers as $radsrv) { - // Add a new server to our instance $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 243008d..e2cbacb 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -230,7 +230,7 @@ if ($_POST) { if($rrd_data) { $data .= "\t\t<rrddatafile>\n"; $data .= "\t\t\t<filename>{$rrd}</filename>\n"; - $data .= "\t\t\t<data>" . base64_encode($rrd_data) . "</data>\n"; + $data .= "\t\t\t<data>" . base64_encode(gzdeflate($rrd_data)) . "</data>\n"; $data .= "\t\t</rrddatafile>\n"; } } @@ -318,7 +318,16 @@ if ($_POST) { if($config['rrddata']) { foreach($config['rrddata']['rrddatafile'] as $rrd) { $rrd_fd = fopen("{$g['vardb_path']}/rrd/{$rrd['filename']}", "w"); - fwrite($rrd_fd, base64_decode($rrd['data'])); + $data = base64_decode($rrd['data']); + /* Try to decompress the data. */ + $dcomp = @gzinflate($data); + if ($dcomp) { + /* If the decompression worked, write the decompressed data */ + fwrite($rrd_fd, $dcomp); + } else { + /* If the decompression failed, it wasn't compressed, so write raw data */ + fwrite($rrd_fd, $data); + } fclose($rrd_fd); } unset($config['rrddata']); @@ -565,7 +574,7 @@ function backuparea_change(obj) { </tr> <tr> <td> - <input name="donotbackuprrd" type="checkbox" class="formcheckbox" id="dotnotbackuprrd"> + <input name="donotbackuprrd" type="checkbox" class="formcheckbox" id="dotnotbackuprrd" checked> </td> <td> <span class="vexpl">Do not backup RRD data (NOTE: RRD Data can consume 4+ megabytes of config.xml space!)</span> diff --git a/usr/local/www/diag_routes.php b/usr/local/www/diag_routes.php index c62aadb..1b136ab 100644 --- a/usr/local/www/diag_routes.php +++ b/usr/local/www/diag_routes.php @@ -57,15 +57,16 @@ include('head.inc'); <tr> <td class="vncellreq" width="22%">Name resolution</td> -<td class="listr" width="78%"> +<td class="vtable" width="78%"> <input type="checkbox" class="formfld" name="resolve" value="yes" <?php if ($_POST['resolve'] == 'yes') echo 'checked'; ?>> Enable</input> <br /> <span class="expl">Enable this to attempt to resolve names when displaying the tables.</span> +</td> </tr> <tr> <td class="vncellreq" width="22%"> </td> -<td class="listr" width="78%"> +<td class="vtable" width="78%"> <input type="submit" class="formbtn" name="submit" value="Show" /> <br /> <br /> @@ -94,13 +95,17 @@ include('head.inc'); if ($i == 1) $class = 'listhdrr'; else - $class = 'listr'; + $class = 'listlr'; print("<tr>\n"); $j = 0; foreach (explode(' ', $line) as $entry) { if ($entry == '') continue; + if ($i == 1 && $j == $elements - 1) + $class = 'listhdr'; print("<td class=\"$class\">$entry</td>\n"); + if ($i > 1) + $class = 'listr'; $j++; } // The 'Expire' field might be blank diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d7806b1..719e32f 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -625,13 +625,13 @@ include("fbegin.inc"); ?> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): - $baseip = ip2long32($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - - for ($i = $sn['subnet_bits'] - 1; $i <= 32; $i++): - $snip = long2ip32($baseip); + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; + for ($i = 0; $i <= $len; $i++): + $snip = long2ip32($start+$i); ?> <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> - <?php $baseip = $baseip + 1; ?> <?php endfor; else: ?> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index e5fb88a..df0487f 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -421,14 +421,12 @@ any)</td> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): - $baseip = ip2long32($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - $snip = long2ip32($baseip); -?> - <option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> -<?php - for ($i = $sn['subnet_bits']; $i <= 32; $i++): - $baseip = $baseip + 1; - $snip = long2ip32($baseip); + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; + + for ($i = 0; $i <= $len; $i++): + $snip = long2ip32($start+$i); ?> <option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> <?php endfor; ?> diff --git a/usr/local/www/installer.php b/usr/local/www/installer.php new file mode 100644 index 0000000..534ff63 --- /dev/null +++ b/usr/local/www/installer.php @@ -0,0 +1,280 @@ +<?php +/* + installer.php + part of pfSense (http://www.pfsense.com/) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +function write_out_pc_sysinstaller_config($disk) { + $fd = fopen("/PCBSD/pc-sysinstall/examples/pfSense-install.cfg", "w"); + if(!$fd) { + return true; + } + $config = <<<EOF +# Sample configuration file for an installation using pc-sysinstall + +installMode=fresh +installInteractive=yes +installType=FreeBSD +installMedium=LiveCD + +# Set the disk parameters +disk0={$disk} +partition=all +bootManager=bsd +commitDiskPart + +# Setup the disk label +# All sizes are expressed in MB +# Avail FS Types, UFS, UFS+S, UFS+J, ZFS, SWAP +# Size 0 means use the rest of the slice size +disk0-part=UFS+S 0 / +# Do it now! +commitDiskLabel + +# Set if we are installing via optical, USB, or FTP +installType=FreeBSD + +packageType=cpdup + +# Optional Components +cpdupPaths=boot,COPYRIGHT,bin,conf,conf.default,dev,etc,home,kernels,libexec,lib,root,sbin,sys,usr,var + +runExtCommand=chmod a+rx /usr/local/bin/after_installation_routines.sh && cd / && /usr/local/bin/after_installation_routines.sh +EOF; + fwrite($fd, $config); + fclose($fd); + return; +} + +function start_installation() { + $fd = fopen("/tmp/installer.sh", "w"); + fwrite($fd, "/PCBSD/pc-sysinstall/pc-sysinstall -c /PCBSD/pc-sysinstall/examples/pfSense-install.cfg && touch /tmp/install_complete"); + fclose($fd); + exec("chmod a+rx /tmp/installer.sh"); + mwexec_bg("sh /tmp/installer.sh"); +} + +function installer_find_first_disk() { + $disk = `/PCBSD/pc-sysinstall/pc-sysinstall disk-list | head -n1 | cut -d':' -f1`; + return $disk; +} + +function update_installer_status() { + if(!file_exists("/tmp/.pc-sysinstall/pc-sysinstall.log")) + return; + echo `tail -n20 /tmp/.pc-sysinstall/pc-sysinstall.log`; + if(file_exists("/tmp/install_complete")) { + echo "Installation completed."; + unlink_if_exists("/tmp/installer.sh"); + } +} + +function update_installer_status_win($status) { + echo "<script type=\"text/javascript\">\n"; + echo "\$('installeroutput').value = '" . str_replace(htmlentities($status), "\n", "") . "';\n"; + echo "installeroutput.scroll = installeroutput.maxScroll;\n"; + echo "</script>"; +} + +function begin_quick_easy_install() { + unlink_if_exists("/tmp/install_complete"); + $disk = installer_find_first_disk(); + if(!$disk) { + // XXX: hide progress bar + $savemsg = "Could not find a suitable disk for installation"; + update_installer_status_win("Could not find a suitable disk for installation."); + return; + } + write_out_pc_sysinstaller_config($disk); + update_installer_status_win("Beginning installation on disk {$disk}."); + start_installation(); +} + +if($_REQUEST['state'] == "update_installer_status") { + update_installer_status(); + exit; +} + +if($_REQUEST['step1_post']) { + +} + +if($_REQUEST['step2_post']) { + +} + +if($_REQUEST['step3_post']) { + +} + +if($_REQUEST['step4_post']) { + +} + +$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); +if(strstr($pfSversion, "1.2")) + $one_two = true; + +$pgtitle = "pfSense: Installer"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> + <script type="text/javascript"> + function getinstallerprogress() { + url = 'installer.php'; + pars = 'state=update_installer_status'; + callajax(url, pars, installcallback); + } + function callajax(url, pars, activitycallback) { + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: pars, + onComplete: activitycallback + }); + } + function installcallback(transport) { + this.document.forms[0].installeroutput.value=transport.responseText; + setTimeout('getinstallerprogress()', 1000); + } +</script> +<?php include("fbegin.inc"); ?> + +<?php if($one_two): ?> +<p class="pgtitle"><?=$pgtitle?></font></p> +<?php endif; ?> + +<?php if ($savemsg) print_info_box($savemsg); ?> + +<?php +if($_REQUEST['state'] == "quickeasyinstall") { + quickeasyinstall_gui(); +} else { + installer_main(); +} + +function template() { +echo <<<EOF +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont" > + <form action="installer.php" method="post"> + <div id="pfsensetemplate"> + + + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> +</div> +EOF; + +} + +function quickeasyinstall_gui() { + echo <<<EOF +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont" > + <form action="installer.php" method="post" state="step1_post"> + <div id="pfsenseinstaller"> + Starting Installer... Please wait...<p/> + {{ Insert progressbar here }}<p/> + <textarea name='installeroutput' id='installeroutput' rows="20" cols="80"> + </textarea> + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> +</div> +<script type="text/javascript">setTimeout('getinstallerprogress()', 250);</script> +EOF; + +} + + +function installer_main() { +echo <<<EOF +<div id="mainlevel"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont" > + <form action="installer.php" method="post" state="step1_post"> + <div id="pfsenseinstaller"> + <a href='installer.php?state=quickeasyinstall'>Quick/Easy installation</a> + </p> + </div> + </td> + </tr> + </table> + </div> + </td> + </tr> + </table> +</div> +EOF; + +} + +?> + +</form> +<?php include("fend.inc"); ?> +</body> +</html> + +<?php + if($_REQUEST['state'] == "quickeasyinstall") { + begin_quick_easy_install(); + } +?> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index a68112a..65389d7 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1468,6 +1468,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" <br/><br/> Location<br/> <select name="reglocation" class="formselect" id="reglocation"> + <option <? if (empty($pconfig['reglocation'])) echo "selected"; ?> value="">Default</option> <option <? if ($pconfig['reglocation'] == 'indoor') echo "selected"; ?> value="indoor">Indoor</option> <option <? if ($pconfig['reglocation'] == 'outdoor') echo "selected"; ?> value="outdoor">Outdoor</option> <option <? if ($pconfig['reglocation'] == 'anywhere') echo "selected"; ?> value="anywhere">Anywhere</option> diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php index 08ef8f8..92439fa 100644 --- a/usr/local/www/interfaces_gif.php +++ b/usr/local/www/interfaces_gif.php @@ -111,7 +111,7 @@ include("head.inc"); <?php $i = 0; foreach ($a_gifs as $gif): ?> <tr ondblclick="document.location='interfaces_gif_edit.php?id=<?=$i;?>'"> <td class="listlr"> - <?=htmlspecialchars($gif['if']);?> + <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($gif['if']));?> </td> <td class="listr"> <?=htmlspecialchars($gif['remote-addr']);?> diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php index 17b14fe..a1a959e 100644 --- a/usr/local/www/interfaces_gre.php +++ b/usr/local/www/interfaces_gre.php @@ -111,7 +111,7 @@ include("head.inc"); <?php $i = 0; foreach ($a_gres as $gre): ?> <tr ondblclick="document.location='interfaces_vlan_gre.php?id=<?=$i;?>'"> <td class="listlr"> - <?=htmlspecialchars($gre['if']);?> + <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($gre['if']));?> </td> <td class="listr"> <?=htmlspecialchars($gre['remote-addr']);?> diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 1445dcf..e82bba0 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -195,7 +195,7 @@ include("head.inc"); $pkginfolink = $index['pkginfolink']; echo "<a target='_new' href='$pkginfolink'>Package Info</a>"; } else { - echo gettext("No info, check the") . "<a href='http://forum.pfsense.org/index.php/board,15.0.html'>" . gettext("forum") . "</a>"; + echo gettext("No info, check the") . " <a href='http://forum.pfsense.org/index.php/board,15.0.html'>" . gettext("forum") . "</a>"; } ?> </td> diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 5db007f..2708c78 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -134,7 +134,7 @@ include("head.inc"); $pkginfolink = $currentvers[$pkg['name']]['pkginfolink']; echo "<a target='_new' href='$pkginfolink'>" . gettext("Package Info") . "</a>"; } else { - echo gettext("No info, check the") . "<a href='http://forum.pfsense.org/index.php/board,15.0.html'>" . gettext("forum") . "</a>"; + echo gettext("No info, check the") . " <a href='http://forum.pfsense.org/index.php/board,15.0.html'>" . gettext("forum") . "</a>"; } ?> </td> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 8f8262c..331708a 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -57,6 +57,9 @@ if ($_GET['act'] == "viewhtml") { } else if ($_GET['act'] == "viewerrhtml") { echo base64_decode($config['captiveportal']['page']['errtext']); exit; +} else if ($_GET['act'] == "viewlogouthtml") { + echo base64_decode($config['captiveportal']['page']['logouttext']); + exit; } $pconfig['cinterface'] = $config['captiveportal']['interface']; @@ -93,6 +96,7 @@ $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; $pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); $pconfig['passthrumacadd'] = isset($config['captiveportal']['passthrumacadd']); +$pconfig['passthrumacaddusername'] = isset($config['captiveportal']['passthrumacaddusername']); $pconfig['radmac_format'] = $config['captiveportal']['radmac_format']; if ($_POST) { @@ -194,6 +198,7 @@ if ($_POST) { $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; $config['captiveportal']['passthrumacadd'] = $_POST['passthrumacadd'] ? true : false; + $config['captiveportal']['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false; $config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false; /* file upload? */ @@ -201,6 +206,8 @@ if ($_POST) { $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); if (is_uploaded_file($_FILES['errfile']['tmp_name'])) $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); + if (is_uploaded_file($_FILES['logoutfile']['tmp_name'])) + $config['captiveportal']['page']['logouttext'] = base64_encode(file_get_contents($_FILES['logoutfile']['tmp_name'])); write_config(); @@ -255,6 +262,7 @@ function enable_change(enable_change) { document.iform.radiussession_timeout.disabled = radius_endis; document.iform.htmlfile.disabled = endis; document.iform.errfile.disabled = endis; + document.iform.logoutfile.disabled = endis; document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change; @@ -280,6 +288,7 @@ function enable_change(enable_change) { $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); $tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); + $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php"); display_top_tabs($tab_array); ?> </td></tr> <tr> @@ -370,7 +379,13 @@ to access after they've authenticated.</td> <strong>Enable Pass-through MAC automatic additions</strong><br> If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it. - If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td> + If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown. + <br/><br/> + <input name="passthrumacaddusername" type="checkbox" class="formfld" id="passthrumacaddusername" value="yes" <?php if ($pconfig['passthrumacaddusername']) echo "checked"; ?>> + <strong>Enable Pass-through MAC automatic addition with username</strong><br> + If this option is set, with the automatically MAC passthrough entry created the username, used during authentication, will be saved. + To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it. + </td> </tr> <tr> <td valign="top" class="vncell">Per-user bandwidth restriction</td> @@ -608,7 +623,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> <br> <br> <?php endif; ?> - Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") + Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". Include the "auth_user" and "auth_pass" and/or "auth_voucher" input fields if authentication is enabled, otherwise it will always fail. Example code for the form:<br> @@ -632,7 +647,21 @@ Example code for the form:<br> <br> <br> <?php endif; ?> -The contents of the HTML file that you upload here are displayed when an authentication error occurs. +The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. +You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Logout<br> + page<br> + contents</td> + <td class="vtable"> + <input name="logoutfile" type="file" class="formfld file" id="logoutfile"><br> + <?php if ($config['captiveportal']['page']['logouttext']): ?> + <a href="?act=viewlogouthtml" target="_blank">View current page</a> + <br> + <br> + <?php endif; ?> +The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.</td> </tr> <tr> diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php index 328f293..2c8d815 100755 --- a/usr/local/www/services_captiveportal_filemanager.php +++ b/usr/local/www/services_captiveportal_filemanager.php @@ -137,6 +137,7 @@ include("head.inc"); $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); $tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php"); $tab_array[] = array("File Manager", true, "services_captiveportal_filemanager.php"); + $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php"); display_top_tabs($tab_array); ?> </td></tr> <tr> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 4bf2cf9..61e05e5 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -85,6 +85,7 @@ include("head.inc"); $tab_array[] = array("Allowed IP addresses", true, "services_captiveportal_ip.php"); $tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); + $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 09d8075..57e8476 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -111,19 +111,25 @@ if ($_POST) { $ip['bw_up'] = $_POST['bw_up']; if ($_POST['bw_down']) $ip['bw_down'] = $_POST['bw_down']; - if (isset($id) && $a_allowedips[$id]) + if (isset($id) && $a_allowedips[$id]) { + $oldip = $a_allowedips[$id]['ip']; $a_allowedips[$id] = $ip; - else + } else { + $oldip = $ip['ip']; $a_allowedips[] = $ip; + } allowedips_sort(); write_config(); if (isset($config['captiveportal']['enable']) && is_module_loaded("ipfw.ko")) { - $rules = captiveportal_allowedip_configure_entry($ip); - file_put_contents("{$g['tmp_path']}/allowedip_tmp", $rules); - mwexec("/sbin/ipfw {$g['tmp_path']}/allowedip_tmp"); - @unlink("{$g['tmp_path']}/allowedip_tmp"); + $rules = ""; + for ($i = 3; $i < 10; $i++) + $rules .= "table {$i} delete {$oldip}\n"; + $rules .= captiveportal_allowedip_configure_entry($ip); + file_put_contents("{$g['tmp_path']}/allowedip_tmp{$id}", $rules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/allowedip_tmp{$id}"); + @unlink("{$g['tmp_path']}/allowedip_tmp{$id}"); } header("Location: services_captiveportal_ip.php"); diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 7c40b85..3e459f4 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -64,8 +64,15 @@ if ($_POST) { clear_subsystem_dirty('passthrumac'); } - if ($_POST['delmac'] && $_POST['postafterlogin']) { - if (is_array($a_passthrumacs)) { + if ($_POST['postafterlogin']) { + if (!is_array($a_passthrumacs)) + exit; + if ($_POST['username']) { + $mac = captiveportal_passthrumac_findbyname($_POST['username']); + if (!empty($mac)) + $_POST['delmac'] = $mac['mac']; + } + if ($_POST['delmac']) { $found = false; foreach ($a_passthrumacs as $idx => $macent) { if ($macent['mac'] == $_POST['delmac']) { @@ -118,6 +125,7 @@ include("head.inc"); $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); $tab_array[] = array("Vouchers", false, "services_captiveportal_vouchers.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); + $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index ac7b341..bc397b7 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -112,14 +112,28 @@ if ($_POST) { $mac['descr'] = $_POST['descr']; - if (isset($id) && $a_passthrumacs[$id]) + if (isset($id) && $a_passthrumacs[$id]) { + $oldmac = $a_passthrumacs[$id]['mac']; $a_passthrumacs[$id] = $mac; - else + } else { + $oldmac = $mac['mac']; $a_passthrumacs[] = $mac; + } passthrumacs_sort(); write_config(); + $ruleno = captiveportal_get_ipfw_passthru_ruleno($oldmac); + if ($ruleno) { + captiveportal_free_ipfw_ruleno($ruleno); + $rules = "delete {$ruleno}\n"; + $rules .= "delete " . ++$ruleno . "\n"; + $rules .= captiveportal_passthrumac_configure_entry($mac); + file_put_contents("{$g['tmp_path']}/tmpmacedit{$id}", $rules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/tmpmacedit{$id}"); + @unlink("{$g['tmp_path']}/tmpmacedit{$id}"); + } + header("Location: services_captiveportal_mac.php"); exit; } diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index c43de08..de305b7 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -244,6 +244,7 @@ function enable_change(enable_change) { $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php"); $tab_array[] = array("Vouchers", true, "services_captiveportal_vouchers.php"); $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php"); + $tab_array[] = array("Auth Logs", false, "diag_logs_auth.php"); display_top_tabs($tab_array); ?> </ul> diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index b72258f..0bbb3bc 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -47,7 +47,7 @@ if(!$g['services_dhcp_server_enable']) { exit; } -/* Fix failover DHCP problem +/* Fix failover DHCP problem * http://article.gmane.org/gmane.comp.security.firewalls.pfsense.support/18749 */ ini_set("memory_limit","64M"); @@ -120,8 +120,8 @@ $iflist = get_configured_interface_with_descr(); /* set the starting interface */ if (!$if || !isset($iflist[$if])) { foreach ($iflist as $ifent => $ifname) { - $oc = $config['interfaces'][$ifent]; - if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddr($oc['ipaddr']))) || + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddr($oc['ipaddr']))) || (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddr($oc['ipaddr'])))) continue; $if = $ifent; @@ -133,7 +133,7 @@ if (is_array($config['dhcpd'][$if])){ if (is_array($config['dhcpd'][$if]['range'])) { $pconfig['range_from'] = $config['dhcpd'][$if]['range']['from']; $pconfig['range_to'] = $config['dhcpd'][$if]['range']['to']; - } + } $pconfig['deftime'] = $config['dhcpd'][$if]['defaultleasetime']; $pconfig['maxtime'] = $config['dhcpd'][$if]['maxleasetime']; $pconfig['gateway'] = $config['dhcpd'][$if]['gateway']; @@ -156,8 +156,8 @@ if (is_array($config['dhcpd'][$if])){ $pconfig['failover_peerip'] = $config['dhcpd'][$if]['failover_peerip']; $pconfig['netmask'] = $config['dhcpd'][$if]['netmask']; $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; - if (!is_array($config['dhcpd'][$if]['staticmap'])) - $config['dhcpd'][$if]['staticmap'] = array(); + if (!is_array($config['dhcpd'][$if]['staticmap'])) + $config['dhcpd'][$if]['staticmap'] = array(); $a_maps = &$config['dhcpd'][$if]['staticmap']; } @@ -165,7 +165,7 @@ $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); /* set the enabled flag which will tell us if DHCP relay is enabled - * on any interface. We will use this to disable DHCP server since + * on any interface. We will use this to disable DHCP server since * the two are not compatible with each other. */ @@ -193,37 +193,49 @@ if ($_POST) { $pconfig = $_POST; + $numberoptions = array(); + for($x=0; $x<99; $x++) { + if(isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { + $numbervalue = array(); + $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); + $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); + $numberoptions['item'][] = $numbervalue; + } + } + // Reload the new pconfig variable that the forum uses. + $pconfig['numberoptions'] = $numberoptions; + /* input validation */ if ($_POST['enable']) { $reqdfields = explode(" ", "range_from range_to"); $reqdfieldsn = explode(",", "Range begin,Range end"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['range_from'] && !is_ipaddr($_POST['range_from']))) + + if (($_POST['range_from'] && !is_ipaddr($_POST['range_from']))) $input_errors[] = "A valid range must be specified."; - if (($_POST['range_to'] && !is_ipaddr($_POST['range_to']))) + if (($_POST['range_to'] && !is_ipaddr($_POST['range_to']))) $input_errors[] = "A valid range must be specified."; - if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) + if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) $input_errors[] = "A valid IP address must be specified for the gateway."; - if (($_POST['wins1'] && !is_ipaddr($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddr($_POST['wins2']))) + if (($_POST['wins1'] && !is_ipaddr($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddr($_POST['wins2']))) $input_errors[] = "A valid IP address must be specified for the primary/secondary WINS servers."; - if (($_POST['dns1'] && !is_ipaddr($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddr($_POST['dns2']))) + if (($_POST['dns1'] && !is_ipaddr($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddr($_POST['dns2']))) $input_errors[] = "A valid IP address must be specified for the primary/secondary DNS servers."; - if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) $input_errors[] = "The default lease time must be at least 60 seconds."; - if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) $input_errors[] = "The maximum lease time must be at least 60 seconds and higher than the default lease time."; - if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) $input_errors[] = "A valid domain name must be specified for the dynamic DNS registration."; - if (($_POST['ntp1'] && !is_ipaddr($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddr($_POST['ntp2']))) + if (($_POST['ntp1'] && !is_ipaddr($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddr($_POST['ntp2']))) $input_errors[] = "A valid IP address must be specified for the primary/secondary NTP servers."; if (($_POST['domain'] && !is_domain($_POST['domain']))) $input_errors[] = "A valid domain name must be specified for the DNS domain."; if (($_POST['tftp'] && (!is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp'])))) $input_errors[] = "A valid IP address or hostname must be specified for the TFTP server."; - if (($_POST['nextserver'] && !is_ipaddr($_POST['nextserver']))) + if (($_POST['nextserver'] && !is_ipaddr($_POST['nextserver']))) $input_errors[] = "A valid IP address must be specified for the network boot server."; if(gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) @@ -234,8 +246,8 @@ if ($_POST) { // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { - if($vip['interface'] == $if) - if($vip['subnet'] && is_inrange($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) + if($vip['interface'] == $if) + if($vip['subnet'] && is_inrange($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) $input_errors[] = "The subnet range cannot overlap with virtual IP address {$vip['subnet']}."; } } @@ -271,7 +283,7 @@ if ($_POST) { $config['dhcpd'][$if]['maxleasetime'] = $_POST['maxtime']; $config['dhcpd'][$if]['netmask'] = $_POST['netmask']; $previous = $config['dhcpd'][$if]['failover_peerip']; - if($previous <> $_POST['failover_peerip']) + if($previous <> $_POST['failover_peerip']) mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); $config['dhcpd'][$if]['failover_peerip'] = $_POST['failover_peerip']; @@ -313,17 +325,8 @@ if ($_POST) { // Handle the custom options rowhelper if(isset($config['dhcpd'][$if]['numberoptions']['item'])) unset($config['dhcpd'][$if]['numberoptions']['item']); - for($x=0; $x<99; $x++) { - if(isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { - $numbervalue = array(); - $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); - $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); - $config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue; - } - } - - // Reload the new pconfig variable that the forum uses. - $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; + + $config['dhcpd'][$if]['numberoptions'] = $numberoptions; write_config(); @@ -343,12 +346,12 @@ if ($_POST) { if ($retvaldns == 0) { clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); - } + } } else { - $retvaldhcp = services_dhcpd_configure(); + $retvaldhcp = services_dhcpd_configure(); if ($retvaldhcp == 0) clear_subsystem_dirty('staticmaps'); - } + } if($retvaldhcp == 1 || $retvaldns == 1) $retval = 1; $savemsg = get_std_save_message($retval); @@ -458,10 +461,10 @@ include("head.inc"); <form action="services_dhcp.php" method="post" name="iform" id="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php +<?php if ($dhcrelay_enabled) { - echo "DHCP Relay is currently enabled. Cannot enable the DHCP Server service while the DHCP Relay is enabled on any interface."; - include("fend.inc"); + echo "DHCP Relay is currently enabled. Cannot enable the DHCP Server service while the DHCP Relay is enabled on any interface."; + include("fend.inc"); echo "</body>"; echo "</html>"; exit; @@ -471,15 +474,15 @@ include("head.inc"); <?php print_info_box_np("The static mapping configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php +<tr><td> +<?php /* active tabs */ $tab_array = array(); $tabscounter = 0; $i = 0; foreach ($iflist as $ifent => $ifname) { - $oc = $config['interfaces'][$ifent]; - if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddr($oc['ipaddr']))) || + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpd'][$ifent]) && !isset($config['dhcpd'][$ifent]['enable']) && (!is_ipaddr($oc['ipaddr']))) || (!is_array($config['dhcpd'][$ifent]) && (!is_ipaddr($oc['ipaddr'])))) continue; if ($ifent == $if) @@ -497,189 +500,181 @@ include("head.inc"); exit; } display_top_tabs($tab_array); - ?> - </td></tr> - <tr> - <td> +?> +</td></tr> +<tr> +<td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> - <strong>Enable DHCP server on - <?=htmlspecialchars($iflist[$if]);?> - interface</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> - <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>> - <strong>Deny unknown clients</strong><br> - If this is checked, only the clients defined below will get DHCP leases from this server. </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Subnet</td> - <td width="78%" class="vtable"> - <?=gen_subnet($ifcfgip, $ifcfgsn);?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Subnet mask</td> - <td width="78%" class="vtable"> - <?=gen_subnet_mask($ifcfgsn);?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Available range</td> - <td width="78%" class="vtable"> - <?php - $range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); - $range_from++; - echo long2ip32($range_from); - ?> - - - <?php - $range_to = ip2long(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); - $range_to--; - echo long2ip32($range_to); - ?> - </td> - </tr> - <?php if($is_olsr_enabled): ?> - <tr> - <td width="22%" valign="top" class="vncellreq">Subnet Mask</td> - <td width="78%" class="vtable"> - <select name="netmask" class="formselect" id="netmask"> - <?php - for ($i = 32; $i > 0; $i--) { - if($i <> 31) { - echo "<option value=\"{$i}\" "; - if ($i == $pconfig['netmask']) echo "selected"; - echo ">" . $i . "</option>"; - } - } - ?> - </select> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncellreq">Range</td> - <td width="78%" class="vtable"> - <input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range_from']);?>"> - to <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">WINS servers</td> - <td width="78%" class="vtable"> - <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>"><br> - <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">DNS servers</td> - <td width="78%" class="vtable"> - <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>"><br> - <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>"><br> - NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Gateway</td> - <td width="78%" class="vtable"> - <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>"><br> - The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Domain name</td> - <td width="78%" class="vtable"> - <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>"><br> - The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Domain search list</td> - <td width="78%" class="vtable"> - <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>"><br> - The DHCP server can optionally provide a domain search list. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Default lease time</td> - <td width="78%" class="vtable"> - <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>"> - seconds<br> - This is used for clients that do not ask for a specific - expiration time.<br> - The default is 7200 seconds. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Maximum lease time</td> - <td width="78%" class="vtable"> - <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>"> - seconds<br> - This is the maximum lease time for clients that ask - for a specific expiration time.<br> - The default is 86400 seconds. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Failover peer IP:</td> - <td width="78%" class="vtable"> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> + <strong>Enable DHCP server on + <?=htmlspecialchars($iflist[$if]);?> + interface</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> + <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>> + <strong>Deny unknown clients</strong><br> + If this is checked, only the clients defined below will get DHCP leases from this server. </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Subnet</td> + <td width="78%" class="vtable"> + <?=gen_subnet($ifcfgip, $ifcfgsn);?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Subnet mask</td> + <td width="78%" class="vtable"> + <?=gen_subnet_mask($ifcfgsn);?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Available range</td> + <td width="78%" class="vtable"> + <?php + $range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); + $range_from++; + echo long2ip32($range_from); + ?> + - + <?php + $range_to = ip2long(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); + $range_to--; + echo long2ip32($range_to); + ?> + </td> + </tr> + <?php if($is_olsr_enabled): ?> + <tr> + <td width="22%" valign="top" class="vncellreq">Subnet Mask</td> + <td width="78%" class="vtable"> + <select name="netmask" class="formselect" id="netmask"> + <?php + for ($i = 32; $i > 0; $i--) { + if($i <> 31) { + echo "<option value=\"{$i}\" "; + if ($i == $pconfig['netmask']) echo "selected"; + echo ">" . $i . "</option>"; + } + } + ?> + </select> + </td> + </tr> + <?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncellreq">Range</td> + <td width="78%" class="vtable"> + <input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range_from']);?>"> + to <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">WINS servers</td> + <td width="78%" class="vtable"> + <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>"><br> + <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">DNS servers</td> + <td width="78%" class="vtable"> + <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>"><br> + <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>"><br> + NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Gateway</td> + <td width="78%" class="vtable"> + <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>"><br> + The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Domain name</td> + <td width="78%" class="vtable"> + <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>"><br> + The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Domain search list</td> + <td width="78%" class="vtable"> + <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>"><br> + The DHCP server can optionally provide a domain search list. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Default lease time</td> + <td width="78%" class="vtable"> + <input name="deftime" type="text" class="formfld unknown" id="deftime" size="10" value="<?=htmlspecialchars($pconfig['deftime']);?>"> + seconds<br> + This is used for clients that do not ask for a specific + expiration time.<br> + The default is 7200 seconds. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Maximum lease time</td> + <td width="78%" class="vtable"> + <input name="maxtime" type="text" class="formfld unknown" id="maxtime" size="10" value="<?=htmlspecialchars($pconfig['maxtime']);?>"> + seconds<br> + This is the maximum lease time for clients that ask + for a specific expiration time.<br> + The default is 86400 seconds. + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Failover peer IP:</td> + <td width="78%" class="vtable"> <input name="failover_peerip" type="text" class="formfld host" id="failover_peerip" size="20" value="<?=htmlspecialchars($pconfig['failover_peerip']);?>"><br> Leave blank to disable. Enter the interface IP address of the other machine. Machines must be using CARP. </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"> - Static ARP - </td> - <td width="78%" class="vtable"> - <table> - <tr> - <td> - <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> - </td> - <td> - <b>Enable Static ARP entries</b> - </td> - </tr> - <tr> - <td> - - </td> - <td> - <span class="red"><strong>Note:</strong></span> Only the machines listed below will be able to communicate with the firewall on this NIC. - </td> - </tr> - </table> - </td> + <td width="22%" valign="top" class="vncell">Static ARP</td> + <td width="78%" class="vtable"> + <table> + <tr> + <td> + <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> + </td> + <td><b>Enable Static ARP entries</b></td> + </tr> + <tr> + <td> </td> + <td> + <span class="red"><strong>Note:</strong></span> Only the machines listed below will be able to communicate with the firewall on this NIC. + </td> + </tr> + </table> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"> - Dynamic DNS - </td> - <td width="78%" class="vtable"> - <div id="showddnsbox"> - <input type="button" onClick="show_ddns_config()" value="Advanced"></input> - Show Dynamic DNS</a> - </div> - <div id="showddns" style="display:none"> - <input valign="middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked"; ?>> - <b>Enable registration of DHCP client names in DNS.</b><br /> - <p> - <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>"><br /> - Note: Leave blank to disable dynamic DNS registration.<br /> - Enter the dynamic DNS domain which will be used to register client names in the DNS server. - </div> - </td> - </tr> + <td width="22%" valign="top" class="vncell">Dynamic DNS</td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onClick="show_ddns_config()" value="Advanced"></input> - Show Dynamic DNS</a> + </div> + <div id="showddns" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked"; ?>> + <b>Enable registration of DHCP client names in DNS.</b><br /> + <p> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>"><br /> + Note: Leave blank to disable dynamic DNS registration.<br /> + Enter the dynamic DNS domain which will be used to register client names in the DNS server. + </div> + </td> + </tr> <tr> - <td width="22%" valign="top" class="vncell">NTP servers</td> - <td width="78%" class="vtable"> + <td width="22%" valign="top" class="vncell">NTP servers</td> + <td width="78%" class="vtable"> <div id="showntpbox"> <input type="button" onClick="show_ntp_config()" value="Advanced"></input> - Show NTP configuration</a> </div> @@ -690,102 +685,96 @@ include("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"> - TFTP server - </td> - <td width="78%" class="vtable"> - <div id="showtftpbox"> - <input type="button" onClick="show_tftp_config()" value="Advanced"></input> - Show TFTP configuration</a> - </div> - <div id="showtftp" style="display:none"> - <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>"><br> - Leave blank to disable. Enter a full hostname or IP for the TFTP server. - </div> + <td width="22%" valign="top" class="vncell">TFTP server</td> + <td width="78%" class="vtable"> + <div id="showtftpbox"> + <input type="button" onClick="show_tftp_config()" value="Advanced"></input> - Show TFTP configuration</a> + </div> + <div id="showtftp" style="display:none"> + <input name="tftp" type="text" class="formfld unknown" id="tftp" size="50" value="<?=htmlspecialchars($pconfig['tftp']);?>"><br> + Leave blank to disable. Enter a full hostname or IP for the TFTP server. + </div> </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">LDAP URI</td> - <td width="78%" class="vtable"> - <div id="showldapbox"> - <input type="button" onClick="show_ldap_config()" value="Advanced"></input> - Show LDAP configuration</a> - </div> - <div id="showldap" style="display:none"> - <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>"><br> - Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com - </div> - </td> + <td width="22%" valign="top" class="vncell">LDAP URI</td> + <td width="78%" class="vtable"> + <div id="showldapbox"> + <input type="button" onClick="show_ldap_config()" value="Advanced"></input> - Show LDAP configuration</a> + </div> + <div id="showldap" style="display:none"> + <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>"><br> + Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com + </div> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Enable network booting</td> - <td width="78%" class="vtable"> - <div id="shownetbootbox"> - <input type="button" onClick="show_netboot_config()" value="Advanced"></input> - Show Network booting</a> - </div> - <div id="shownetboot" style="display:none"> - <input valign="middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked"; ?>> - <b>Enables network booting.</b> - <p> - Enter the IP of the <b>next-server</b> - <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>"> - and the filename - <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>"><br> - Note: You need both a filename and a boot server configured for this to work! - <p> - Enter the <b>root-path</b>-string - <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>"><br> - Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname - </div> + <td width="22%" valign="top" class="vncell">Enable network booting</td> + <td width="78%" class="vtable"> + <div id="shownetbootbox"> + <input type="button" onClick="show_netboot_config()" value="Advanced"></input> - Show Network booting</a> + </div> + <div id="shownetboot" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked"; ?>> + <b>Enables network booting.</b> + <p> + Enter the IP of the <b>next-server</b> + <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>"> + and the filename + <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>"><br> + Note: You need both a filename and a boot server configured for this to work! + <p> + Enter the <b>root-path</b>-string + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>"><br> + Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname + </div> </td> </tr> <tr> - - - <td width="22%" valign="top" class="vncell"> - Additional BOOTP/DHCP Options - </td> - <td width="78%" class="vtable"> - <div id="shownumbervaluebox"> - <input type="button" onClick="show_shownumbervalue()" value="Advanced"></input> - Show Additional BOOTP/DHCP Options</a> + <td width="22%" valign="top" class="vncell">Additional BOOTP/DHCP Options</td> + <td width="78%" class="vtable"> + <div id="shownumbervaluebox"> + <input type="button" onClick="show_shownumbervalue()" value="Advanced"></input> - Show Additional BOOTP/DHCP Options</a> + </div> + <div id="shownumbervalue" style="display:none"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="3"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_new">URL</a>. </div> - <div id="shownumbervalue" style="display:none"> - <table id="maintable"> - <tbody> - <tr> - <td colspan="3"> - <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> - Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_new">URL</a>. - </div> - </td> - </tr> - <tr> - <td><div id="onecolumn">Number</div></td> - <td><div id="twocolumn">Value</div></td> - </tr> + </td> + </tr> + <tr> + <td><div id="onecolumn">Number</div></td> + <td><div id="twocolumn">Value</div></td> + </tr> <?php $counter = 0; ?> - <?php + <?php if($pconfig['numberoptions']) - foreach($pconfig['numberoptions']['item'] as $item): + foreach($pconfig['numberoptions']['item'] as $item): ?> <?php $number = $item['number']; $value = $item['value']; ?> - <tr> - <td> - <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> - </td> - <td> - <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> - </td> - <td> - <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="Delete" /> - </td> - </tr> + <tr> + <td> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + </td> + <td> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="Delete" /> + </td> + </tr> <?php $counter++; ?> <?php endforeach; ?> - </tbody> - <tfoot> - </tfoot> + </tbody> + <tfoot> + </tfoot> </table> <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> @@ -800,25 +789,25 @@ include("head.inc"); </td> </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="if" type="hidden" value="<?=$if;?>"> - <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> - </td> - </tr> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> <p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span>The DNS servers entered in <a href="system.php">System: - General setup</a> (or the <a href="services_dnsmasq.php">DNS - forwarder</a>, if enabled) </span><span class="vexpl">will - be assigned to clients by the DHCP server.<br> - <br> - The DHCP lease table can be viewed on the <a href="diag_dhcp_leases.php">Status: - DHCP leases</a> page.<br> - </span></p> - </td> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="if" type="hidden" value="<?=$if;?>"> + <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> <p><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span>The DNS servers entered in <a href="system.php">System: + General setup</a> (or the <a href="services_dnsmasq.php">DNS + forwarder</a>, if enabled) </span><span class="vexpl">will + be assigned to clients by the DHCP server.<br> + <br> + The DHCP lease table can be viewed on the <a href="diag_dhcp_leases.php">Status: + DHCP leases</a> page.<br> + </span></p> + </td> </tr> </table> <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -829,56 +818,56 @@ include("head.inc"); <td width="30%" class="listhdr">Description</td> <td width="10%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> - <tr> + <tr> <td valign="middle" width="17"></td> <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> </tr> - <?php if(is_array($a_maps)): ?> - <?php $i = 0; foreach ($a_maps as $mapent): ?> - <?php if($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): ?> - <tr> - <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['mac']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['ipaddr']);?> - </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['hostname']);?> - </td> - <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> - <?=htmlspecialchars($mapent['descr']);?> - </td> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> + <?php if(is_array($a_maps)): ?> + <?php $i = 0; foreach ($a_maps as $mapent): ?> + <?php if($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): ?> + <tr> + <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['mac']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['ipaddr']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['hostname']);?> + </td> + <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <?=htmlspecialchars($mapent['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this mapping?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> <?php endif; ?> <?php $i++; endforeach; ?> <?php endif; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - </table> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </table> </div> - </td> - </tr> +</td> +</tr> </table> </form> <script language="JavaScript"> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 2dd53cb..8a6eae0 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -52,6 +52,7 @@ require_once("shaper.inc"); $pconfig['webguiproto'] = $config['system']['webgui']['protocol']; $pconfig['webguiport'] = $config['system']['webgui']['port']; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; +$pconfig['disablehttpredirect'] = isset($config['system']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['enableserial'] = $config['system']['enableserial']; @@ -99,6 +100,14 @@ if ($_POST) { if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref'])) $restart_webgui = true; + if ($_POST['disablehttpredirect'] == "yes") { + $config['system']['disablehttpredirect'] = true; + $restart_webgui = true; + } else { + unset($config['system']['disablehttpredirect']); + $restart_webgui = true; + } + if($_POST['disableconsolemenu'] == "yes") { $config['system']['disableconsolemenu'] = true; auto_login(); @@ -274,6 +283,18 @@ function prot_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td> + <td width="78%" class="vtable"> + <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong> + <br/> + <?php gettext("When this is unchecked, access to the webConfigurator " . + "is always permitted even on port 80, regardless of the listening port configured." . + "Check this box to disable this automatically added redirect rule. "); + ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td> <td width="78%" class="vtable"> <?php diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 74a315b..370c47c 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -254,7 +254,7 @@ function update_description(itemnum) { <option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>><?=gettext("conservative");?></option> </select> <br/> - <textarea readonly="yes" cols="60" rows="1" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> + <textarea readonly="yes" cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> <script language="javascript" type="text/javascript"> update_description(document.forms[0].optimization.selectedIndex); </script> diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index 579a735..9c37c99 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -137,7 +137,9 @@ if ($_POST) { $group['name'] = $_POST['groupname']; $group['description'] = $_POST['description']; - if ($group['gid'] != 1998) // all group + if (empty($_POST['members'])) + unset($group['member']); + else if ($group['gid'] != 1998) // all group $group['member'] = $_POST['members']; if (isset($id) && $a_group[$id]) diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 1224f6a..c3da004 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -158,6 +158,7 @@ if (isAllowedPage("system_usermanager")) { $pconfig['uid'] = $a_user[$id]['uid']; $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); $pconfig['priv'] = $a_user[$id]['priv']; + $pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk']; $pconfig['disabled'] = isset($a_user[$id]['disabled']); } } @@ -270,6 +271,7 @@ if (isAllowedPage("system_usermanager")) { $userent['fullname'] = $_POST['fullname']; $userent['expires'] = $_POST['expires']; $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); + $userent['ipsecpsk'] = $_POST['ipsecpsk']; if($_POST['disabled']) $userent['disabled'] = true; @@ -728,6 +730,12 @@ function sshkeyClicked(obj) { <?=gettext("Paste an authorized keys file here.");?> </td> </tr> + <tr id="ipsecpskrow" name="ipsecpskrow"> + <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td> + <td width="78%" class="vtable"> + <input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>"> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php index 59bb57c..2a232f3 100644 --- a/usr/local/www/vpn_ipsec_keys.php +++ b/usr/local/www/vpn_ipsec_keys.php @@ -46,6 +46,18 @@ if (!is_array($config['ipsec']['mobilekey'])) { ipsec_mobilekey_sort(); $a_secret = &$config['ipsec']['mobilekey']; +$userkeys = array(); +foreach ($config['system']['user'] as $id => $user) { + if (isset($user['ipsecpsk'])) { + $k = array(); + $k["ident"] = $user['name']; + $k["pre-shared-key"] = $user['ipsecpsk']; + $k["id"] = $id; + $userkeys[] = $k; + } +} + + if ($_GET['act'] == "del") { if ($a_secret[$_GET['id']]) { unset($a_secret[$_GET['id']]); @@ -98,6 +110,19 @@ if (is_subsystem_dirty('ipsec')) </table> </td> </tr> + <?php $i = 0; foreach ($userkeys as $secretent): ?> + <tr> + <td class="listlr gray"> + <?=htmlspecialchars($secretent['ident']);?> + </td> + <td class="listr gray"> + <?=htmlspecialchars($secretent['pre-shared-key']);?> + </td> + <td class="list" nowrap><a href="system_usermanager.php?act=edit&id=<?=$secretent['id'];?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit key" width="17" height="17" border="0"></a> + </td> + </tr> + <?php $i++; endforeach; ?> + <?php $i = 0; foreach ($a_secret as $secretent): ?> <tr> <td class="listlr"> diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php index 6e0db5b..20ac6c0 100644 --- a/usr/local/www/vpn_ipsec_keys_edit.php +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -56,6 +56,10 @@ if (isset($id) && $a_secret[$id]) { } if ($_POST) { + $userids = array(); + foreach ($config['system']['user'] as $id => $user) { + $userids[$user['name']] = $id; + } unset($input_errors); $pconfig = $_POST; @@ -68,6 +72,9 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) $input_errors[] = "The identifier contains invalid characters."; + + if (array_key_exists($_POST['ident'], $userids)) + $input_errors[] = "A user with this name already exists. Add the key to the user instead."; if (!$input_errors && !(isset($id) && $a_secret[$id])) { /* make sure there are no dupes */ @@ -117,7 +124,7 @@ include("head.inc"); <tr> <td valign="top" class="vncellreq">Identifier</td> <td class="vtable"> - <?=$mandfldhtml;?><input name="ident" type="text" class="formfld" id="ident" size="30" value="<?=$pconfig['ident'];?>"> + <?=$mandfldhtml;?><input name="ident" type="text" class="formfld unknown" id="ident" size="30" value="<?=$pconfig['ident'];?>"> <br> This can be either an IP address, fully qualified domain name or an e-mail address. </td> @@ -125,7 +132,7 @@ This can be either an IP address, fully qualified domain name or an e-mail addre <tr> <td width="22%" valign="top" class="vncellreq">Pre-shared key</td> <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="psk" type="text" class="formfld" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>"> + <?=$mandfldhtml;?><input name="psk" type="text" class="formfld unknown" id="psk" size="40" value="<?=htmlspecialchars($pconfig['psk']);?>"> </td> </tr> <tr> diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index c9a6b65..b395fc6 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -90,7 +90,12 @@ $curcfg = $config['system']['firmware']; <?php if(!$g['hideplatform']): ?> <tr> <td width="25%" class="vncellt">Platform</td> - <td width="75%" class="listr"><?=htmlspecialchars($g['platform']);?></td> + <td width="75%" class="listr"> + <?=htmlspecialchars($g['platform']);?> + <?php if (($g['platform'] == "nanobsd") && (file_exists("/etc/nanosize.txt"))) { + echo " (" . htmlspecialchars(trim(file_get_contents("/etc/nanosize.txt"))) . ")"; + } ?> + </td> </tr> <?php endif; ?> <?php if ($g['platform'] == "nanobsd"): ?> |
