diff options
author | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-05-23 15:57:23 -0300 |
---|---|---|
committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2011-05-23 15:57:23 -0300 |
commit | 45d4b71e070a52bec9e14a82d2656f0e7af07ba1 (patch) | |
tree | d238e7d6506d339c6da27c3a9e56e407c1b869c1 /usr/local | |
parent | d21d6e2090c6701041b8555cdaca9ad2c949d4f1 (diff) | |
parent | 7a18dfa4ed218ad7b114d9cd52c008a76c811614 (diff) | |
download | pfsense-45d4b71e070a52bec9e14a82d2656f0e7af07ba1.zip pfsense-45d4b71e070a52bec9e14a82d2656f0e7af07ba1.tar.gz |
Merge remote-tracking branch 'mainline/master' into inc
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/bin/captiveportal_gather_stats.php | 14 | ||||
-rw-r--r-- | usr/local/pkg/carp_settings.xml | 18 | ||||
-rwxr-xr-x | usr/local/www/diag_arp.php | 233 | ||||
-rwxr-xr-x | usr/local/www/diag_logs_vpn.php | 47 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 2 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 2 | ||||
-rwxr-xr-x | usr/local/www/services_dyndns.php | 4 | ||||
-rw-r--r-- | usr/local/www/services_dyndns_edit.php | 4 | ||||
-rwxr-xr-x | usr/local/www/status_dhcp_leases.php | 18 | ||||
-rwxr-xr-x | usr/local/www/status_interfaces.php | 9 | ||||
-rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 42 | ||||
-rw-r--r-- | usr/local/www/system_advanced_notifications.php | 8 | ||||
-rw-r--r-- | usr/local/www/system_certmanager.php | 37 | ||||
-rw-r--r-- | usr/local/www/system_crlmanager.php | 2 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp_users_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 104 |
17 files changed, 327 insertions, 221 deletions
diff --git a/usr/local/bin/captiveportal_gather_stats.php b/usr/local/bin/captiveportal_gather_stats.php index 5fe1c6b..823b28f 100644 --- a/usr/local/bin/captiveportal_gather_stats.php +++ b/usr/local/bin/captiveportal_gather_stats.php @@ -43,7 +43,7 @@ $concurrent_users = $no_users; $current_user_count = 0; /* tmp file to use to store old data (per interface)*/ -$tmpfile = "{$g['tmp_path']}/captiveportal_online_users"; +$tmpfile = "{$g['vardb_path']}/captiveportal_online_users"; $type = $argv[1]; @@ -82,12 +82,14 @@ if ($type == "loggedin") { $current_user_count = $current_user_count + 1; } - // Write out the latest timestamp - $fd = @fopen($tmpfile, "w"); - if ($fd) { - fwrite($fd, $timestamp); + // Write out the latest timestamp but not if it is empty + if (!empty($timestamp)) { + $fd = @fopen($tmpfile, "w"); + if ($fd) { + fwrite($fd, $timestamp); + } + @fclose($fd); } - @fclose($fd); /* If $timestamp is less than or equal to previous_user_timestamp return 0, * as we only want the 'X' number of users logged in since last RRD poll. diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 3365bba..f335236 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -171,9 +171,21 @@ <type>checkbox</type> </field> <field> - <fielddescr>Synchronize traffic shaper</fielddescr> + <fielddescr>Synchronize traffic shaper(queues)</fielddescr> <fieldname>synchronizetrafficshaper</fieldname> - <description>When this option is enabled, this system will automatically sync the traffic shaper configuration to the other CARP host when changes are made.</description> + <description>When this option is enabled, this system will automatically sync the traffic shaper configuration for queues to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Synchronize traffic shaper(limiter)</fielddescr> + <fieldname>synchronizetrafficshaperlimiter</fieldname> + <description>When this option is enabled, this system will automatically sync the traffic shaper configuration for limiters to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Synchronize traffic shaper(layer7)</fielddescr> + <fieldname>synchronizetrafficshaperlayer7</fieldname> + <description>When this option is enabled, this system will automatically sync the traffic shaper configuration for layer7 to the other CARP host when changes are made.</description> <type>checkbox</type> </field> <field> @@ -211,4 +223,4 @@ /* force a filter configure for syncing */ filter_configure(); </custom_add_php_command_late> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index 8a39d3a..4665a44 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -88,118 +88,122 @@ $l = 0; $p = 0; // Put everything together again while($i < $leases_count) { - /* split the line by space */ - $data = explode(" ", $leases_content[$i]); - /* walk the fields */ - $f = 0; - $fcount = count($data); - /* with less then 20 fields there is nothing useful */ - if($fcount < 20) { - $i++; - continue; - } - while($f < $fcount) { - switch($data[$f]) { - case "failover": - $pools[$p]['name'] = $data[$f+2]; - $pools[$p]['mystate'] = $data[$f+7]; - $pools[$p]['peerstate'] = $data[$f+14]; - $pools[$p]['mydate'] = $data[$f+10]; - $pools[$p]['mydate'] .= " " . $data[$f+11]; - $pools[$p]['peerdate'] = $data[$f+17]; - $pools[$p]['peerdate'] .= " " . $data[$f+18]; - $p++; - $i++; - continue 3; - case "lease": - $leases[$l]['ip'] = $data[$f+1]; - $leases[$l]['type'] = "dynamic"; - $f = $f+2; - break; - case "starts": - $leases[$l]['start'] = $data[$f+2]; - $leases[$l]['start'] .= " " . $data[$f+3]; - $f = $f+3; - break; - case "ends": - $leases[$l]['end'] = $data[$f+2]; - $leases[$l]['end'] .= " " . $data[$f+3]; - $f = $f+3; - break; - case "tstp": - $f = $f+3; - break; - case "tsfp": - $f = $f+3; - break; - case "atsfp": - $f = $f+3; - break; - case "cltt": - $f = $f+3; - break; - case "binding": - switch($data[$f+2]) { - case "active": - $leases[$l]['act'] = "active"; - break; - case "free": - $leases[$l]['act'] = "expired"; - $leases[$l]['online'] = "offline"; - break; - case "backup": - $leases[$l]['act'] = "reserved"; - $leases[$l]['online'] = "offline"; - break; - } - $f = $f+1; - break; - case "next": - /* skip the next binding statement */ - $f = $f+3; - break; - case "hardware": - $leases[$l]['mac'] = $data[$f+2]; - /* check if it's online and the lease is active */ - if($leases[$l]['act'] == "active") { - $online = exec("/usr/sbin/arp -an |/usr/bin/awk '/{$leases[$l]['ip']}/ {print}'|wc -l"); - if ($online == 1) { - $leases[$l]['online'] = 'online'; - } else { - $leases[$l]['online'] = 'offline'; - } - } - $f = $f+2; - break; - case "client-hostname": - if($data[$f+1] <> "") { - $leases[$l]['hostname'] = preg_replace('/"/','',$data[$f+1]); - } else { - $hostname = gethostbyaddr($leases[$l]['ip']); - if($hostname <> "") { - $leases[$l]['hostname'] = $hostname; - } - } - $f = $f+1; - break; - case "uid": - $f = $f+1; - break; - } - $f++; - } - $l++; - $i++; + /* split the line by space */ + $data = explode(" ", $leases_content[$i]); + /* walk the fields */ + $f = 0; + $fcount = count($data); + /* with less then 20 fields there is nothing useful */ + if($fcount < 20) { + $i++; + continue; + } + while($f < $fcount) { + switch($data[$f]) { + case "failover": + $pools[$p]['name'] = $data[$f+2]; + $pools[$p]['mystate'] = $data[$f+7]; + $pools[$p]['peerstate'] = $data[$f+14]; + $pools[$p]['mydate'] = $data[$f+10]; + $pools[$p]['mydate'] .= " " . $data[$f+11]; + $pools[$p]['peerdate'] = $data[$f+17]; + $pools[$p]['peerdate'] .= " " . $data[$f+18]; + $p++; + $i++; + continue 3; + case "lease": + $leases[$l]['ip'] = $data[$f+1]; + $leases[$l]['type'] = "dynamic"; + $f = $f+2; + break; + case "starts": + $leases[$l]['start'] = $data[$f+2]; + $leases[$l]['start'] .= " " . $data[$f+3]; + $f = $f+3; + break; + case "ends": + $leases[$l]['end'] = $data[$f+2]; + $leases[$l]['end'] .= " " . $data[$f+3]; + $f = $f+3; + break; + case "tstp": + $f = $f+3; + break; + case "tsfp": + $f = $f+3; + break; + case "atsfp": + $f = $f+3; + break; + case "cltt": + $f = $f+3; + break; + case "binding": + switch($data[$f+2]) { + case "active": + $leases[$l]['act'] = "active"; + break; + case "free": + $leases[$l]['act'] = "expired"; + $leases[$l]['online'] = "offline"; + break; + case "backup": + $leases[$l]['act'] = "reserved"; + $leases[$l]['online'] = "offline"; + break; + } + $f = $f+1; + break; + case "next": + /* skip the next binding statement */ + $f = $f+3; + break; + case "rewind": + /* skip the rewind binding statement */ + $f = $f+3; + break; + case "hardware": + $leases[$l]['mac'] = $data[$f+2]; + /* check if it's online and the lease is active */ + if($leases[$l]['act'] == "active") { + $online = exec("/usr/sbin/arp -an |/usr/bin/awk '/{$leases[$l]['ip']}/ {print}'|wc -l"); + if ($online == 1) { + $leases[$l]['online'] = 'online'; + } else { + $leases[$l]['online'] = 'offline'; + } + } + $f = $f+2; + break; + case "client-hostname": + if($data[$f+1] <> "") { + $leases[$l]['hostname'] = preg_replace('/"/','',$data[$f+1]); + } else { + $hostname = gethostbyaddr($leases[$l]['ip']); + if($hostname <> "") { + $leases[$l]['hostname'] = $hostname; + } + } + $f = $f+1; + break; + case "uid": + $f = $f+1; + break; + } + $f++; + } + $l++; + $i++; } /* remove duplicate items by mac address */ if(count($leases) > 0) { - $leases = remove_duplicate($leases,"ip"); + $leases = remove_duplicate($leases,"ip"); } if(count($pools) > 0) { - $pools = remove_duplicate($pools,"name"); - asort($pools); + $pools = remove_duplicate($pools,"name"); + asort($pools); } // Put this in an easy to use form @@ -218,8 +222,10 @@ $i = 0; /* if list */ $ifdescrs = get_configured_interface_with_descr(); -foreach ($ifdescrs as $key =>$interface) { - $hwif[$config['interfaces'][$key]['if']] = $interface; +foreach ($ifdescrs as $key => $interface) { + $thisif = convert_friendly_interface_to_real_interface_name($key); + if (!empty($thisif)) + $hwif[$thisif] = $interface; } $data = array(); @@ -235,8 +241,7 @@ foreach ($rawdata as $line) { } } -function _getHostName($mac,$ip) -{ +function _getHostName($mac,$ip) { global $dhcpmac, $dhcpip; if ($dhcpmac[$mac]) @@ -283,6 +288,8 @@ foreach ($data as &$entry) { // Sort the data alpha first $data = msort($data, "dnsresolve"); +// Load MAC-Manufacturer table +$mac_man = load_mac_manufacturer_table(); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -298,7 +305,13 @@ $data = msort($data, "dnsresolve"); <?php foreach ($data as $entry): ?> <tr> <td class="listlr"><?=$entry['ip'];?></td> - <td class="listr"><?=$entry['mac'];?></td> + <td class="listr"> + <?php + $mac=$entry['mac']; + $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); + print $mac; + if(isset($mac_man[$mac_hi])){ print "<br/><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>"; } + ?> <td class="listr"> <?php echo str_replace("Z_ ", "", $entry['dnsresolve']); diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php index adef3e1..658b5bb 100755 --- a/usr/local/www/diag_logs_vpn.php +++ b/usr/local/www/diag_logs_vpn.php @@ -49,11 +49,38 @@ $nentries = $config['syslog']['nentries']; if (!$nentries) $nentries = 50; -$vpntype = (htmlspecialchars($_GET['vpntype'])) ? htmlspecialchars($_GET['vpntype']) : "pptp"; -$mode = (htmlspecialchars($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : "login"; +if (htmlspecialchars($_POST['vpntype'])) + $vpntype = htmlspecialchars($_POST['vpntype']); +elseif (htmlspecialchars($_GET['vpntype'])) + $vpntype = htmlspecialchars($_GET['vpntype']); +else + $vpntype = "pptp"; + +if (htmlspecialchars($_POST['mode'])) + $mode = htmlspecialchars($_POST['mode']); +elseif (htmlspecialchars($_GET['mode'])) + $mode = htmlspecialchars($_GET['mode']); +else + $mode = "login"; + +switch ($vpntype) { + case 'pptp': + $logname = "pptps"; + break; + case 'poes': + $logname = "poes"; + break; + case 'l2tp': + $logname = "l2tps"; + break; +} -if ($_POST['clear']) - clear_log_file("/var/log/vpn.log"); +if ($_POST['clear']) { + if ($mode != "raw") + clear_log_file("/var/log/vpn.log"); + else + clear_log_file("/var/log/{$logname}.log"); +} function dump_clog_vpn($logfile, $tail) { global $g, $config, $vpntype; @@ -151,22 +178,12 @@ include("head.inc"); </tr> <?php dump_clog_vpn("/var/log/vpn.log", $nentries); ?> <?php else: - switch ($vpntype) { - case 'pptp': - $logname = "pptps"; - break; - case 'poes': - $logname = "poes"; - break; - case 'l2tp': - $logname = "l2tps"; - break; - } dump_clog("/var/log/{$logname}.log", $nentries); endif; ?> </table> <br /> <input type="hidden" name="vpntype" id="vpntype" value="<?=$vpntype;?>"> + <input type="hidden" name="mode" id="mode" value="<?=$mode;?>"> <input name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log"); ?>"> </form> </td> diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index ce730e1..8602740 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -142,7 +142,7 @@ if ($_POST) { $input_errors[] = gettext("Reserved word used for alias name."); } else { if (is_validaliasname($_POST['name']) == false) - $input_errors[] = gettext("The alias name may only consist of the characters") . " a-z, A-Z, 0-9, _."; + $input_errors[] = gettext("The alias name must be less than 32 characters long and may only consist of the characters") . " a-z, A-Z, 0-9, _."; } /* check for name conflicts */ if (empty($a_aliases[$id])) { diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 53df333..899e209 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -310,7 +310,7 @@ if ($_POST['apply']) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); foreach ($toapplylist as $ifapply) { if (isset($config['interfaces'][$ifapply]['enable'])) - interface_configure($ifapply, true); + interface_reconfigure($ifapply, true); else interface_bring_down($ifapply); } diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 24595da..23e6cd9 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -263,6 +263,7 @@ function enable_change(enable_change) { document.iform.freelogins_resettimeout.disabled = endis; document.iform.freelogins_updatetimeouts.disabled = endis; document.iform.timeout.disabled = endis; + document.iform.preauthurl.disabled = endis; document.iform.redirurl.disabled = endis; document.iform.radiusip.disabled = radius_endis; document.iform.radiusip2.disabled = radius_endis; @@ -283,6 +284,7 @@ function enable_change(enable_change) { document.iform.radmac_format.disabled = radius_endis; document.iform.httpsname.disabled = endis; document.iform.cert.disabled = endis; + document.iform.cacert.disabled = endis; document.iform.key.disabled = endis; document.iform.logoutwin_enable.disabled = endis; document.iform.nomacfilter.disabled = endis; diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php index c6939d7..263a669 100755 --- a/usr/local/www/services_dyndns.php +++ b/usr/local/www/services_dyndns.php @@ -114,8 +114,8 @@ include("head.inc"); </td> <td class="listlr"> <?php - $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap"); - $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap"); + $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap, HE.net"); + $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap he-net"); $j = 0; for ($j = 0; $j < count($vals); $j++) if ($vals[$j] == $dyndns['type']) { echo htmlspecialchars($types[$j]); diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php index f2a3072..e382deb 100644 --- a/usr/local/www/services_dyndns_edit.php +++ b/usr/local/www/services_dyndns_edit.php @@ -159,8 +159,8 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="type" class="formselect" id="type"> <?php - $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap"); - $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap"); + $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS, Namecheap, HE.net"); + $vals = explode(" ", "dnsomatic dyndns dyndns-static dyndns-custom dhs dyns easydns noip ods zoneedit loopia freedns dnsexit opendns namecheap he-net"); $j = 0; for ($j = 0; $j < count($vals); $j++): ?> <option value="<?=$vals[$j];?>" <?php if ($vals[$j] == $pconfig['type']) echo "selected";?>> <?=htmlspecialchars($types[$j]);?> diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php index 39ed024..ba18b72 100755 --- a/usr/local/www/status_dhcp_leases.php +++ b/usr/local/www/status_dhcp_leases.php @@ -324,6 +324,8 @@ foreach ($pools as $data) { <td class="listhdrr"><a href="#"><?=gettext("Lease Type"); ?></a></td> </tr> <?php +// Load MAC-Manufacturer table +$mac_man = load_mac_manufacturer_table(); foreach ($leases as $data) { if (($data['act'] == "active") || ($data['act'] == "static") || ($_GET['all'] == 1)) { if ($data['act'] != "active" && $data['act'] != "static") { @@ -357,10 +359,20 @@ foreach ($leases as $data) { } echo "<tr>\n"; echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane} </td>\n"; + $mac=$data['mac']; + $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); if ($data['online'] != "online") { - echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\" onclick=\"return confirm('" . gettext("Send Wake on LAN packet to this MAC address?") . "')\">{$data['mac']}</a>{$fspane} </td>\n"; - } else { - echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; + if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac=$mac\" title=\"" . gettext("$mac - send Wake on LAN packet to this MAC address") ."\">{$mac}</a><br/><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>{$fspane} </td>\n"; + }else{ + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\">{$data['mac']}</a>{$fspane} </td>\n"; + } + }else{ + if(isset($mac_man[$mac_hi])){ // Manufacturer for this MAC is defined + echo "<td class=\"listr\">{$fspans}{$mac}<br/><font size=\"-2\"><i>{$mac_man[$mac_hi]}</i></font>{$fspane} </td>\n"; + }else{ + echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; + } } echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane} </td>\n"; if ($data['type'] != "static") { diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 266d36b..6c98a34 100755 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -68,6 +68,8 @@ include("head.inc"); $ifdescrs = get_configured_interface_with_descr(false, true); foreach ($ifdescrs as $ifdescr => $ifname): $ifinfo = get_interface_info($ifdescr); + // Load MAC-Manufacturer table + $mac_man = load_mac_manufacturer_table(); ?> <?php if ($i): ?> <tr> @@ -175,7 +177,12 @@ include("head.inc"); <tr> <td width="22%" class="vncellt"><?=gettext("MAC address");?></td> <td width="78%" class="listr"> - <?=htmlspecialchars($ifinfo['macaddr']);?> + <?php + $mac=$ifinfo['macaddr']; + $mac_hi = strtoupper($mac[0] . $mac[1] . $mac[3] . $mac[4] . $mac[6] . $mac[7]); + if(isset($mac_man[$mac_hi])){ print "<span title=\"$mac\">" . htmlspecialchars($mac_man[$mac_hi]); print "</span>"; } + else {print htmlspecialchars($mac);} + ?> </td> </tr> <?php endif; if ($ifinfo['status'] != "down"): ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index d21f91c..a2aa6d2 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -933,16 +933,15 @@ elseif((strstr($curdatabase, "-loggedin.rrd")) && (file_exists("$rrddbpath$curda $graphcmd .= "--start $start --end $end "; $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; + $graphcmd .= "--base=1000 "; + $graphcmd .= "--lower-limit=0 "; + $graphcmd .= "--slope-mode "; $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; $graphcmd .= "DEF:\"$curif-loggedinusers=$rrddbpath$curdatabase:loggedinusers:AVERAGE\" "; - $graphcmd .= "LINE2:\"$curif-loggedinusers#{$colorcaptiveportalusers[0]}:$curif-loggedinusers\" "; - $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t current\t\t average\t maximum\\n\" "; - $graphcmd .= "COMMENT:\"Users Online\t\" "; - $graphcmd .= "GPRINT:\"$curif-loggedinusers:LAST:%7.2lf \" "; - $graphcmd .= "GPRINT:\"$curif-loggedinusers:AVERAGE:%7.2lf \" "; - $graphcmd .= "GPRINT:\"$curif-loggedinusers:MAX:%7.2lf \" "; + $graphcmd .= "CDEF:\"$curif-totalusers_t=PREV,UN,0,PREV,IF,$curif-loggedinusers,+\" "; + $graphcmd .= "AREA:\"$curif-totalusers_t#{$colorcaptiveportalusers[0]}:Total logged in users\" "; + $graphcmd .= "GPRINT:\"$curif-totalusers_t:MAX:%8.0lf \\n\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } @@ -953,37 +952,18 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "--vertical-label \"Captive Portal Users\" "; $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; - $graphcmd .= "--height 200 --width 620 "; - $graphcmd .= "DEF:\"$curif-concurrentusers=$rrddbpath$curdatabase:concurrentusers:AVERAGE\" "; - $graphcmd .= "LINE2:\"$curif-concurrentusers#{$colorcaptiveportalusers[0]}:$curif-concurrentusers\" "; - $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t current\t\t average\t maximum\\n\" "; - $graphcmd .= "COMMENT:\"Users Online\t\" "; - $graphcmd .= "GPRINT:\"$curif-concurrentusers:LAST:%7.2lf \" "; - $graphcmd .= "GPRINT:\"$curif-concurrentusers:AVERAGE:%7.2lf \" "; - $graphcmd .= "GPRINT:\"$curif-concurrentusers:MAX:%7.2lf \" "; - $graphcmd .= "COMMENT:\"\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; -} -elseif((strstr($curdatabase, "-totalusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { - /* define graphcmd for online Captive Portal users stats */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; - $graphcmd .= "--start $start --end $end "; - $graphcmd .= "--vertical-label \"Total Captive Portal Users\" "; - $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; $graphcmd .= "--base=1000 "; $graphcmd .= "--lower-limit=0 "; $graphcmd .= "--slope-mode "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; $graphcmd .= "--height 200 --width 620 "; - $graphcmd .= "DEF:\"$curif-totalusers=$rrddbpath$curdatabase:totalusers:AVERAGE\" "; - $graphcmd .= "AREA:\"$curif-totalusers#{$colorcaptiveportalusers[0]}:$curif-totalusers\" "; + $graphcmd .= "DEF:\"$curif-concurrentusers=$rrddbpath$curdatabase:concurrentusers:AVERAGE\" "; + $graphcmd .= "AREA:\"$curif-concurrentusers#{$colorcaptiveportalusers[0]}:Concurrent Users\" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t current\t\t average\t maximum\\n\" "; $graphcmd .= "COMMENT:\"Users Online\t\" "; - $graphcmd .= "GPRINT:\"$curif-totalusers:LAST:%8.0lf \" "; - $graphcmd .= "GPRINT:\"$curif-totalusers:AVERAGE:%8.0lf \" "; - $graphcmd .= "GPRINT:\"$curif-totalusers:MAX:%8.0lf \" "; + $graphcmd .= "GPRINT:\"$curif-concurrentusers:LAST:%8.0lf \" "; + $graphcmd .= "GPRINT:\"$curif-concurrentusers:AVERAGE:%8.0lf \" "; + $graphcmd .= "GPRINT:\"$curif-concurrentusers:MAX:%8.0lf \" "; $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } diff --git a/usr/local/www/system_advanced_notifications.php b/usr/local/www/system_advanced_notifications.php index c914d7a..7da289a 100644 --- a/usr/local/www/system_advanced_notifications.php +++ b/usr/local/www/system_advanced_notifications.php @@ -62,6 +62,8 @@ if($config['notifications']['smtp']['ipaddress']) $pconfig['smtpipaddress'] = $config['notifications']['smtp']['ipaddress']; if($config['notifications']['smtp']['port']) $pconfig['smtpport'] = $config['notifications']['smtp']['port']; +if($config['notifications']['smtp']['ssl']) + $pconfig['smtpssl'] = $config['notifications']['smtp']['ssl']; if($config['notifications']['smtp']['notifyemailaddress']) $pconfig['smtpnotifyemailaddress'] = $config['notifications']['smtp']['notifyemailaddress']; if($config['notifications']['smtp']['username']) @@ -100,6 +102,7 @@ if ($_POST) { // SMTP $config['notifications']['smtp']['ipaddress'] = $_POST['smtpipaddress']; $config['notifications']['smtp']['port'] = $_POST['smtpport']; + $config['notifications']['smtp']['ssl'] = isset($_POST['smtpssl']) ? 'checked' : 'unchecked'; $config['notifications']['smtp']['notifyemailaddress'] = $_POST['smtpnotifyemailaddress']; $config['notifications']['smtp']['username'] = $_POST['smtpusername']; $config['notifications']['smtp']['password'] = $_POST['smtppassword']; @@ -208,8 +211,9 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("SMTP Port of E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpport' value='<?php echo $pconfig['smtpport']; ?>'><br/> - <?=gettext("This is the port of the SMTP E-Mail server, typically 25 or 587 (submission)."); ?> + <input name='smtpport' value='<?php echo $pconfig['smtpport']; ?>'> + <input type='checkbox' name='smtpssl' <?php echo $pconfig['smtpssl']; ?>>Enable SSL/TLS Authentication<br/> + <?=gettext("This is the port of the SMTP E-Mail server, typically 25, 587 (submission) or 465 (smtps, tick ssl/tls checkbox)"); ?> </td> </tr> <tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 9ef6d64..cc1c65a 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -280,12 +280,25 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); +// old way /* make sure this csr and certificate subjects match */ - $subj_csr = csr_get_subject($pconfig['csr'], false); - $subj_cert = cert_get_subject($pconfig['cert'], false); - - if (strcmp($subj_csr,$subj_cert)) - $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); +// $subj_csr = csr_get_subject($pconfig['csr'], false); +// $subj_cert = cert_get_subject($pconfig['cert'], false); +// +// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) { +// if (strcmp($subj_csr,$subj_cert)) { +// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); +// $subject_mismatch = true; +// } +// } + $mod_csr = csr_get_modulus($pconfig['csr'], false); + $mod_cert = cert_get_modulus($pconfig['cert'], false); + + if (strcmp($mod_csr,$mod_cert)) { + // simply: if the moduli don't match, then the private key and public key won't match + $input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert); + $subject_mismatch = true; + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -314,7 +327,7 @@ if ($_POST) { include("head.inc"); ?> -<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>"> <?php include("fbegin.inc"); ?> <script type="text/javascript"> <!-- @@ -776,6 +789,14 @@ function internalca_change() { <tr> <td width="22%" valign="top"> </td> <td width="78%"> + <?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?> + <input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" /> + <label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br /> + <?php echo gettext("Warning: Using this option may create an " . + "invalid certificate. Check this box to disable the request -> " . + "response subject verification. "); + ?><br/> + <?php endif; */ ?> <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" /> <?php if (isset($id) && $a_cert[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>" /> @@ -800,7 +821,7 @@ function internalca_change() { $i = 0; foreach($a_cert as $cert): $name = htmlspecialchars($cert['descr']); - + if ($cert['crt']) { $subj = cert_get_subject($cert['crt']); $issuer = cert_get_issuer($cert['crt']); @@ -868,7 +889,7 @@ function internalca_change() { <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" /> </a> <?php if (!cert_in_use($cert['refid'])): ?> - <a href="system_certmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')"> + <a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" /> </a> <?php endif; ?> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 72e795b..1beb75b 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -494,6 +494,7 @@ function method_change() { </thead> <tbody> <?php + $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; // Map CRLs to CAs in one pass $ca_crl_map = array(); foreach($a_crl as $crl) @@ -504,7 +505,6 @@ function method_change() { $name = htmlspecialchars($ca['descr']); if($ca['prv']) { - $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; $cainternal = "YES"; } else $cainternal = "NO"; diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index 1cd0075..b1b4811 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -84,7 +84,7 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) $input_errors[] = gettext("The username contains invalid characters."); - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['passwordfld'])) + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password'])) $input_errors[] = gettext("The password contains invalid characters."); if (preg_match("/^!/", $_POST['password'])) diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index ebb3a24..97fbc45 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -158,26 +158,80 @@ function restore_config_section_xmlrpc($raw_params) { $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + $vipbackup = array(); + $oldvips = array(); if (isset($params[0]['virtualip'])) { if(is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) - interface_vip_bring_down($vip); + foreach ($config['virtualip']['vip'] as $vipindex => $vip) { + if ($vip['mode'] == "carp") + $oldvips[$vip['vhid']] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; + else if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + $vipbackup[] = $vip; + } } - $vipbackup = $config['virtualip']['vip']; } + // For vip section, first keep items sent from the master - $config = array_merge($config, $params[0]); - // Then add ipalias and proxyarp types already defined on the backup - if (is_array($vipbackup)) { - foreach ($vipbackup as $vip) { - if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") - array_unshift($config['virtualip']['vip'], $vip); - } + $config = array_merge_recursive_unique($config, $params[0]); + + /* Then add ipalias and proxyarp types already defined on the backup */ + if (is_array($vipbackup) && !empty($vipbackup)) { + if (!is_array($config['virtualip'])) + $config['virtualip'] = array(); + if (!is_array($config['virtualip']['vip'])) + $config['virtualip']['vip'] = array(); + foreach ($vipbackup as $vip) + array_unshift($config['virtualip']['vip'], $vip); } + + /* Log what happened */ $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); - interfaces_vips_configure(); + + /* + * The real work on handling the vips specially + * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps + */ + if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + $carp_setuped = false; + $anyproxyarp = false; + foreach ($config['virtualip']['vip'] as $vip) { + if (isset($oldvips[$vip['vhid']])) { + if ($oldvips[$vip['vhid']] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { + if (does_interface_exist("vip{$vip['vhid']}")) + continue; // Skip reconfiguring this vips since nothing has changed. + } else + unset($oldvips['vhid']); + } + + switch ($vip['mode']) { + case "proxyarp": + $anyproxyarp = true; + break; + case "ipalias": + interface_ipalias_configure(&$vip); + break; + case "carp": + if ($carp_setuped == false) + $carp_setuped = true; + interface_carp_configure($vip); + break; + case "carpdev-dhcp": + interface_carpdev_configure($vip); + break; + } + } + /* Cleanup remaining old carps */ + foreach ($oldvips as $oldvipif => $oldvippar) { + if (does_interface_exist("vip{$oldvipif}")) + pfSense_interface_destroy("vip{$oldvipif}"); + } + if ($carp_setuped == true) + interfaces_carp_setup(); + if ($anyproxyarp == true) + interface_proxyarp_configure(); + } return $xmlrpc_g['return']['true']; } @@ -218,29 +272,7 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; - $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) - return $xmlrpc_g['return']['authfail']; - if (isset($params[0]['virtualip'])) { - if(is_array($config['virtualip']['vip'])) { - foreach ($config['virtualip']['vip'] as $vip) - interface_vip_bring_down($vip); - } - $vipbackup = $config['virtualip']['vip']; - } - $config = array_merge_recursive_unique($config, $params[0]); - // Then add ipalias and proxyarp types already defined on the backup - if (is_array($vipbackup)) { - foreach ($vipbackup as $vip) { - if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") - array_unshift($config['virtualip']['vip'], $vip); - } - } - $mergedkeys = implode(",", array_keys($params[0])); - write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client."); - interfaces_vips_configure(); - - return $xmlrpc_g['return']['true']; + return restore_config_section_xmlrpc($raw_params); } /*****************************/ @@ -372,6 +404,8 @@ function get_notices_xmlrpc($raw_params) { return $response; } +$xmlrpclockkey = lock('xmlrpc', LOCK_EX); + /*****************************/ $server = new XML_RPC_Server( array( @@ -412,4 +446,6 @@ $server = new XML_RPC_Server( ) ); +unlock($xmlrpclockkey); + ?> |