diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-20 08:50:19 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-06-20 08:50:19 -0300 |
| commit | f0b17f3f7226f819c94dfab4c9abc0f3e4962152 (patch) | |
| tree | 3118cd18bd89dd64cf991c1023099d63593ecedd /usr/local | |
| parent | d8012adbce60d9a90dac54e5b7832f8fa7e82fb6 (diff) | |
| parent | 3745f21e2a9ccac1dadf78864ef65f2318ac919c (diff) | |
| download | pfsense-f0b17f3f7226f819c94dfab4c9abc0f3e4962152.zip pfsense-f0b17f3f7226f819c94dfab4c9abc0f3e4962152.tar.gz | |
Merge remote-tracking branch 'mainline/master' into inc
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/pkg/carp.xml | 234 | ||||
| -rw-r--r-- | usr/local/pkg/carp_settings.xml | 8 | ||||
| -rw-r--r-- | usr/local/pkg/openntpd.xml | 6 | ||||
| -rwxr-xr-x | usr/local/www/carp_status.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/diag_arp.php | 24 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 4 | ||||
| -rw-r--r-- | usr/local/www/help.php | 1 | ||||
| -rwxr-xr-x | usr/local/www/interfaces_assign.php | 12 | ||||
| -rwxr-xr-x | usr/local/www/pkg.php | 6 | ||||
| -rwxr-xr-x | usr/local/www/pkg_edit.php | 10 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 8 | ||||
| -rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 23 | ||||
| -rw-r--r-- | usr/local/www/services_rfc2136_edit.php | 1 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 19 | ||||
| -rw-r--r-- | usr/local/www/system_camanager.php | 38 | ||||
| -rw-r--r-- | usr/local/www/system_certmanager.php | 39 | ||||
| -rwxr-xr-x | usr/local/www/xmlrpc.php | 28 |
17 files changed, 170 insertions, 299 deletions
diff --git a/usr/local/pkg/carp.xml b/usr/local/pkg/carp.xml deleted file mode 100644 index 36f9fbe..0000000 --- a/usr/local/pkg/carp.xml +++ /dev/null @@ -1,234 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<packagegui> - <name>carp</name> - <version>0.1.0</version> - <xmlver>$Revision$</xmlver> - <title>Services: CARP (failover)</title> - <!-- Menu is where this packages menu will appear --> - <menu> - <name>CARP (failover)</name> - <tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them.</tooltiptext> - <section>Services</section> - <url>carp_status.php</url> - </menu> - <tabs> - <!--<tab> - <text>CARP Virtual IPs</text> - <url>/pkg_edit.php?xml=carp.xml</url> - <active/> - </tab>--> - <tab> - <text>CARP Status</text> - <url>carp_status.php</url> - </tab> - <tab> - <text>CARP Settings</text> - <url>pkg_edit.php?xml=carp_settings.xml&id=0</url> - </tab> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_settings.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_sync_client.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>a+rx</chmod> - <nosync/> - <item>http://www.pfsense.com/packages/config/carp_sync_server.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_status.php</item> - </additional_files_needed> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> - <configpath>['installedpackages']['carp']['config']</configpath> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>VHID Group</fielddescr> - <fieldname>vhid</fieldname> - </columnitem> - <columnitem> - <fielddescr>Virtual IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - </columnitem> - <columnitem> - <fielddescr>Advertising Frequency</fielddescr> - <fieldname>advskew</fieldname> - </columnitem> - <columnitem> - <fielddescr>Netmask</fielddescr> - <fieldname>netmask</fieldname> - </columnitem> - </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> - <fields> - <field> - <fielddescr>Virtual IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>Enter the IP Address that you would like to share on both machines</description> - <type>input</type> - </field> -<!-- - <field> - <fielddescr>Bind Virtual IP to interface</fielddescr> - <fieldname>interface</fieldname> - <description>Select the interface that this IP should bind to (carpdev). Leave this set to AUTO for the system to automatically determine where to setup the IP.</description> - <add_to_interfaces_selection>AUTO</add_to_interfaces_selection> - <size>3</size> - <value>AUTO</value> - <type>interfaces_selection</type> - </field> ---> - <field> - <fielddescr>Virtual IP Netmask</fielddescr> - <fieldname>netmask</fieldname> - <description>Enter the IP Address's netmask that you would like to share on both machines</description> - <type>select</type> - <value>24</value> - <options> - <option><value>1</value><name>1</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - <option><value>31</value><name>31</name></option> - <option><value>32</value><name>32</name></option> - </options> - </field> - <field> - <fielddescr>Virtual IP Password</fielddescr> - <fieldname>password</fieldname> - <description>Enter the VHID group password.</description> - <type>password</type> - </field> - <field> - <fielddescr>VHID Group</fielddescr> - <fieldname>vhid</fieldname> - <description>Enter the VHID group that the machines will share</description> - <type>select</type> - <value>1</value> - <options> - <option><value>1</value><name>1 (DEFAULT)</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - </options> - </field> - <field> - <fielddescr>Advertising Frequency</fielddescr> - <fieldname>advskew</fieldname> - <description>The frequency that this machine will advertise. 0 = master. Anything above 0 designates a backup.</description> - <type>select</type> - <value>0</value> - <options> - <option><value>0</value><name>0 (DEFAULT)</name></option> - <option><value>1</value><name>1</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - </options> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_add_php_command_late> - interfaces_carp_setup(); - </custom_add_php_command_late> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_delete_php_command> - interfaces_carp_setup(); - </custom_delete_php_command> - <custom_php_deinstall_command> - unlink_if_exists("/usr/local/pkg/carp*"); - unlink_if_exists("/usr/local/pkg/pf/carp*"); - unlink_if_exists("/usr/local/etc/rc.d/carp*"); - unlink_if_exists("/usr/local/pkg/pf/carp*"); - </custom_php_deinstall_command> -</packagegui> diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index f335236..32a9b8c 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -86,6 +86,14 @@ <type>input</type> </field> <field> + <fielddescr>Remote System Username</fielddescr> + <fieldname>username</fieldname> + <default_value>admin</default_value> + <description>Enter the webConfigurator username of the system entered above for synchronizing your configuration. + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and username option on backup cluster members!</b></description> + <type>input</type> + </field> + <field> <fielddescr>Remote System Password</fielddescr> <fieldname>password</fieldname> <description>Enter the webConfigurator password of the system entered above for synchronizing your configuration. diff --git a/usr/local/pkg/openntpd.xml b/usr/local/pkg/openntpd.xml index 907c6fb..cefb76d 100644 --- a/usr/local/pkg/openntpd.xml +++ b/usr/local/pkg/openntpd.xml @@ -15,8 +15,12 @@ <fielddescr>Interface</fielddescr> <description>Select the interface(s) the NTP server will listen on.</description> <default_value>lan</default_value> - <type>interfaces_selection</type> <multiple/> + <type>select_source</type> + <source><![CDATA[openntpd_get_listen_ips()]]></source> + <source_name>name</source_name> + <source_value>value</source_value> + </field> </fields> <custom_php_resync_config_command> diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 12b8be9..e893dad 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -71,8 +71,6 @@ if($_POST['disablecarp'] <> "") { $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter); } else { $savemsg = gettext("CARP has been enabled."); - mwexec("/sbin/sysctl net.inet.carp.allow=1"); - interfaces_carp_setup(); if(is_array($config['virtualip']['vip'])) { $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { @@ -85,9 +83,15 @@ if($_POST['disablecarp'] <> "") { interface_carpdev_configure($vip); sleep(1); break; + case "ipalias": + if (substr($vip['interface'], 0, 3) == "vip") + interface_ipalias_configure($vip); + break; } } } + interfaces_carp_setup(); + mwexec("/sbin/sysctl net.inet.carp.allow=1"); } } diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index 4665a44..9dc12a5 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -248,10 +248,14 @@ function _getHostName($mac,$ip) { return $dhcpmac[$mac]; else if ($dhcpip[$ip]) return $dhcpip[$ip]; - else if(gethostbyaddr($ip) <> "" and gethostbyaddr($ip) <> $ip) - return gethostbyaddr($ip); - else - return ""; + else{ + exec("host -W 1 $ip", $output); + if (preg_match('/.*pointer ([A-Za-z0-9.-]+)\..*/',$output[0],$matches)) { + if ($matches[1] <> $ip) + return $matches[1]; + } + } + return ""; } $pgtitle = array(gettext("Diagnostics"),gettext("ARP Table")); @@ -277,8 +281,18 @@ ob_implicit_flush(1); // Resolve hostnames and replace Z_ with "". The intention // is to sort the list by hostnames, alpha and then the non // resolvable addresses will appear last in the list. +$dnsavailable=1; +$dns = trim(_getHostName("", "8.8.8.8")); +if ($dns == ""){ + $dns = trim(_getHostName("", "8.8.4.4")); + if ($dns == "") $dnsavailable =0; +} + foreach ($data as &$entry) { - $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + if ($dnsavailable){ + $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + }else + $dns=""; if(trim($dns)) $entry['dnsresolve'] = "$dns"; else diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 63d0f7e..ae3a1f7 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -118,9 +118,9 @@ if ($_GET['act'] == "del") { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; } } else if ($a_vip[$_GET['id']]['mode'] == "carp") { - $vipiface = $a_vip[$_GET['id']]['interface']; + $vipiface = "vip{$a_vip[$_GET['id']]['vhid']}"; foreach ($a_vip as $vip) { - if ($vipiface == "vip{$vip['vhid']}" && $vip['mode'] == "ipalias") + if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias") $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by ip alias entry") . " {$vip['descr']}."; } } diff --git a/usr/local/www/help.php b/usr/local/www/help.php index a89a551..0391505 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -222,7 +222,6 @@ $helppages = array( /* Below here are pages that may need some cleanup or have not been fully looked at yet */ 'carp_status.php' => 'http://doc.pfsense.org/index.php/Category:CARP', - 'carp.xml' => 'http://doc.pfsense.org/index.php/Category:CARP', 'carp_settings.xml' => 'http://doc.pfsense.org/index.php/Category:CARP', 'load_balancer_monitor.php' => 'http://doc.pfsense.org/index.php/Category:Load_balancing', diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 714feb4..3e35b0e 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -143,6 +143,16 @@ if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { } } +$ovpn_descrs = array(); +if (is_array($config['openvpn'])) { + if (is_array($config['openvpn']['openvpn-server'])) + foreach ($config['openvpn']['openvpn-server'] as $s) + $ovpn_descrs[$s['vpnid']] = $s['description']; + if (is_array($config['openvpn']['openvpn-client'])) + foreach ($config['openvpn']['openvpn-client'] as $c) + $ovpn_descrs[$c['vpnid']] = $c['description']; +} + if ($_POST['apply']) { if (file_exists("/var/run/interface_mismatch_reboot_needed")) system_reboot(); @@ -452,6 +462,8 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) echo htmlspecialchars($descr); } elseif ($portinfo['isqinq']) { echo htmlspecialchars($portinfo['descr']); + } elseif (substr($portname, 0, 4) == 'ovpn') { + echo htmlspecialchars($portname . " (" . $ovpn_descrs[substr($portname, 5, 1)] . ")"); } else echo htmlspecialchars($portname . " (" . $portinfo['mac'] . ")"); ?></option> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index b3485f0..0a119d9 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -146,6 +146,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -170,8 +172,8 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); echo '</td></tr>'; } } diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 5361b51..9f883cd 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -366,6 +366,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -390,9 +392,9 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); - echo '</td></tr>'; + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); + echo '</td></tr>'; } } ?> @@ -462,7 +464,7 @@ if ($pkg['tabs'] <> "") { $value = $_POST[$fieldname]; if (is_array($value)) $value = implode(',', $value); } else { - if (isset($id) && $a_pkg[$id]) + if (isset($id) && $a_pkg[$id] && $a_pkg[$id][$fieldname]) $value = $a_pkg[$id][$fieldname]; else $value = $pkga['default_value']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 4526028..3d1bd51 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -300,10 +300,10 @@ function enable_change(enable_change) { document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change; - var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change; - document.iform.reauthenticateacct[0].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[1].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[2].disabled = reauthenticate_dis; + var radacct_dis = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change; + document.iform.reauthenticateacct[0].disabled = radacct_dis; + document.iform.reauthenticateacct[1].disabled = radacct_dis; + document.iform.reauthenticateacct[2].disabled = radacct_dis; } //--> </script> diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index f5af953..f4f4b89 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -78,8 +78,6 @@ if (!isset($config['voucher']['rollbits'])) $config['voucher']['rollbits'] = 16; if (!isset($config['voucher']['ticketbits'])) $config['voucher']['ticketbits'] = 10; -if (!isset($config['voucher']['saveinterval'])) - $config['voucher']['saveinterval'] = 5; if (!isset($config['voucher']['checksumbits'])) $config['voucher']['checksumbits'] = 5; if (!isset($config['voucher']['magic'])) @@ -150,7 +148,6 @@ $pconfig['enable'] = isset($config['voucher']['enable']); $pconfig['charset'] = $config['voucher']['charset']; $pconfig['rollbits'] = $config['voucher']['rollbits']; $pconfig['ticketbits'] = $config['voucher']['ticketbits']; -$pconfig['saveinterval'] = $config['voucher']['saveinterval']; $pconfig['checksumbits'] = $config['voucher']['checksumbits']; $pconfig['magic'] = $config['voucher']['magic']; $pconfig['publickey'] = base64_decode($config['voucher']['publickey']); @@ -176,8 +173,8 @@ if ($_POST) { /* input validation */ if ($_POST['enable'] == "yes") { if (!$_POST['vouchersyncusername']) { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic"); + $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic")); } else { $reqdfields = explode(" ", "vouchersyncdbip vouchersyncport vouchersyncpass vouchersyncusername"); $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"),gettext("Sync port"),gettext("Sync password"),gettext("Sync username")); @@ -200,8 +197,6 @@ if ($_POST) { $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) - $input_errors[] = gettext("Save interval in minutes cant be negative."); if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) $input_errors[] = gettext("This doesn't look like an RSA Public key."); if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) @@ -221,7 +216,6 @@ if ($_POST) { $config['voucher']['ticketbits'] = $_POST['ticketbits']; $config['voucher']['checksumbits'] = $_POST['checksumbits']; $config['voucher']['magic'] = $_POST['magic']; - $config['voucher']['saveinterval'] = $_POST['saveinterval']; $config['voucher']['publickey'] = base64_encode($_POST['publickey']); $config['voucher']['privatekey'] = base64_encode($_POST['privatekey']); $config['voucher']['msgnoaccess'] = $_POST['msgnoaccess']; @@ -287,8 +281,6 @@ EOF; $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; if($toreturn['voucher']['ticketbits']) $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; - if($toreturn['voucher']['saveinterval']) - $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; if($toreturn['voucher']['checksumbits']) $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; if($toreturn['voucher']['magic']) @@ -336,7 +328,6 @@ function before_save() { document.iform.charset.disabled = false; document.iform.rollbits.disabled = false; document.iform.ticketbits.disabled = false; - document.iform.saveinterval.disabled = false; document.iform.checksumbits.disabled = false; document.iform.magic.disabled = false; document.iform.publickey.disabled = false; @@ -353,7 +344,6 @@ function enable_change(enable_change) { document.iform.charset.disabled = endis; document.iform.rollbits.disabled = endis; document.iform.ticketbits.disabled = endis; - document.iform.saveinterval.disabled = endis; document.iform.checksumbits.disabled = endis; document.iform.magic.disabled = endis; document.iform.publickey.disabled = endis; @@ -368,7 +358,6 @@ function enable_change(enable_change) { document.iform.charset.disabled = true; document.iform.rollbits.disabled = true; document.iform.ticketbits.disabled = true; - document.iform.saveinterval.disabled = true; document.iform.checksumbits.disabled = true; document.iform.magic.disabled = true; document.iform.publickey.disabled = true; @@ -534,14 +523,6 @@ function enable_change(enable_change) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Save Interval"); ?></td> - <td width="78%" class="vtable"> - <input name="saveinterval" type="text" class="formfld" id="saveinterval" size="4" value="<?=htmlspecialchars($pconfig['saveinterval']);?>"> - <?=gettext("Minutes"); ?><br> - <?=gettext("The list of active and used vouchers can be stored in the system's configuration file once every x minutes to survive power outages. No save is done if no new vouchers have been activated. Enter 0 to never write runtime state to XML config."); ?> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Invalid Voucher Message"); ?></td> <td width="78%" class="vtable"> <input name="msgnoaccess" type="text" class="formfld" id="msgnoaccess" size="80" value="<?=htmlspecialchars($pconfig['msgnoaccess']);?>"> diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index 7c5f114..e5b36d6 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -146,6 +146,7 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname");?></td> <td width="78%" class="vtable"> <input name="host" type="text" class="formfld unknown" id="host" size="30" value="<?=htmlspecialchars($pconfig['host']);?>"> + <br/><span>Fully qualified hostname of the host to be updated</span> </td> </tr> <tr> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 601bb8e..4965fb9 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -51,6 +51,7 @@ require_once("shaper.inc"); $pconfig['webguiproto'] = $config['system']['webgui']['protocol']; $pconfig['webguiport'] = $config['system']['webgui']['port']; +$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); @@ -84,6 +85,10 @@ if ($_POST) { if(!is_port($_POST['webguiport'])) $input_errors[] = gettext("You must specify a valid webConfigurator port number"); + if ($_POST['max_procs']) + if(!is_numeric($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) + $input_errors[] = gettext("Max Processes must be a number 1 or greater"); + if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) @@ -111,6 +116,8 @@ if ($_POST) { $restart_webgui = true; if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref'])) $restart_webgui = true; + if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs'])) + $restart_webgui = true; if ($_POST['disablehttpredirect'] == "yes") { $config['system']['webgui']['disablehttpredirect'] = true; @@ -322,6 +329,18 @@ function prot_change() { </td> </tr> <tr> + <td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td> + <td class="vtable"> + <input name="max_procs" type="text" class="formfld unknown" id="max_procs" "size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>"> + <br> + <span class="vexpl"> + <?=gettext("Enter the number of webConfigurator processes you " . + "want to run. This defaults to 2. Increasing this will allow more " . + "users/browsers to access the GUI concurrently."); ?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td> <td width="78%" class="vtable"> <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 5541f83..a4b60af 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -154,7 +154,7 @@ if ($act == "expkey") { if ($_POST) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -185,6 +185,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "existing") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if ($reqdfields[$i] == 'dn_email'){ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if ($reqdfields[$i] == 'dn_commonname'){ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -271,6 +283,15 @@ function method_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -394,12 +415,15 @@ function method_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("US");?> - <em><?=gettext("( two letters )");?></em> + <select name='dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 470f0cd..87b8d91 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -153,7 +153,7 @@ if ($act == "csr") { if ($_POST) { if ($_POST['save'] == gettext("Save")) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -206,6 +206,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "import") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -413,6 +425,15 @@ function internalca_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -639,13 +660,15 @@ function internalca_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="csr_dn_country" type="text" class="formfld unknown" size="2" value="<?=htmlspecialchars($pconfig['csr_dn_country']);?>" /> - - <em>ex:</em> - - US - - <em><?=gettext("( two letters )");?></em> + <select name='csr_dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['csr_dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 500700a..2fbf5e3 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -166,7 +166,9 @@ function restore_config_section_xmlrpc($raw_params) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") $oldvips[$vip['vhid']] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; - else if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip") + $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; + else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && substr($vip['interface'], 0, 3) != "vip") $vipbackup[] = $vip; } } @@ -193,16 +195,26 @@ function restore_config_section_xmlrpc($raw_params) { * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ - if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { - if (isset($oldvips[$vip['vhid']])) { + if ($vip['mode'] == "carp" && isset($oldvips[$vip['vhid']])) { if ($oldvips[$vip['vhid']] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { - if (does_interface_exist("vip{$vip['vhid']}")) - continue; // Skip reconfiguring this vips since nothing has changed. - } else - unset($oldvips['vhid']); + if (does_vip_exist($vip)) { + unset($oldvips[$vip['vhid']]); + continue; // Skip reconfiguring this vips since nothing has changed. + } + } + unset($oldvips[$vip['vhid']]); + } else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip" && isset($oldvips[$vip['subnet']])) { + if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { + if (does_vip_exist($vip)) { + unset($oldvips[$vip['subnet']]); + continue; // Skip reconfiguring this vips since nothing has changed. + } + } + unset($oldvips[$vip['subnet']]); } switch ($vip['mode']) { @@ -224,7 +236,7 @@ function restore_config_section_xmlrpc($raw_params) { } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipif => $oldvippar) { - if (does_interface_exist("vip{$oldvipif}")) + if (!is_ipaddr($oldvipif) && does_interface_exist("vip{$oldvipif}")) pfSense_interface_destroy("vip{$oldvipif}"); } if ($carp_setuped == true) |
