diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-03-01 15:46:54 -0700 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-03-01 15:46:54 -0700 |
| commit | 1e52f18cc9bed60e0b2a4a475c4fd9c8832e7c34 (patch) | |
| tree | ba1e3cad0503ba897828544476bd32d7e39a3218 /usr | |
| parent | 306b8ff7297d63f68b4ddcc27d1527ca891a6f76 (diff) | |
| parent | 0c1b9688b33959ab35f95cf02087ce2e427a1420 (diff) | |
| download | pfsense-1e52f18cc9bed60e0b2a4a475c4fd9c8832e7c34.zip pfsense-1e52f18cc9bed60e0b2a4a475c4fd9c8832e7c34.tar.gz | |
Merge commit 'mainline/master'
Diffstat (limited to 'usr')
28 files changed, 310 insertions, 113 deletions
diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 43c8804..cac39ab 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -73,7 +73,7 @@ <fieldname>pfsyncpeerip</fieldname> <type>input</type> <description> - Setting this option will force pfsync to synchronize its stable table to this IP address. The default is directed multicast. + Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast. </description> </field> <field> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 246be18..64273fc 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -121,7 +121,10 @@ function spit_out_select_items($area, $showall) { "wol" => "Wake on LAN" ); - $select = "<select name=\"{$area}\">\n"; + $select = "<select name=\"{$area}\" id=\"{$aread}\" "; + if ($area == "backuparea") + $select .= " onChange=backuparea_change(this)"; + $select .= " >\n"; $select .= "<option VALUE=\"\">ALL</option>"; if($showall == true) @@ -489,6 +492,13 @@ function decrypt_change() { document.getElementById("decrypt_opts").style.display=""; } +function backuparea_change(obj) { + + if (obj.value == "") + document.getElementById("dotnotbackuprrd").checked = false; + else + document.getElementById("dotnotbackuprrd").checked = true; +} //--> </script> @@ -652,4 +662,4 @@ decrypt_change(); if (is_subsystem_dirty('restore')) exec("/etc/rc.reboot"); -?>
\ No newline at end of file +?> diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index fc0871e..304714f 100755 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -58,6 +58,20 @@ if($_GET['rmver'] != "") { conf_mount_ro(); } +if($_GET['getcfg'] != "") { + $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; + + $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); + $exp_data = file_get_contents($file); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} + cleanup_backupcache(); $confvers = get_backups(); unset($confvers['versions']); @@ -110,13 +124,18 @@ include("head.inc"); <td class="listlr"> <?= $date ?></td> <td class="listr"> <?= $desc ?></td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?newver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"> + <a href="diag_confbak.php?newver=<?=$version['time'];?>" onclick="return confirm('Revert to this configuration?')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="Revert to this configuration" title="Revert to this configuration"> + </a> + </td> + <td valign="middle" class="list" nowrap> + <a href="diag_confbak.php?rmver=<?=$version['time'];?>" onclick="return confirm('Delete this configuration backup?')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="Remove this backup" title="Remove this backup"> </a> </td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?rmver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"> + <a href="diag_confbak.php?getcfg=<?=$version['time'];?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="Download this backup" title="Download this backup"> </a> </td> </tr> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index bec5e10..efd8486 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -110,7 +110,7 @@ if ($_POST) { $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) - if ($_POST['ipaddr'] == get_interface_ip($natif)) + if ($_POST['subnet'] == get_interface_ip($natif)) $input_errors[] = "The {$natdescr} IP address may not be used in a virtual entry."; if($_POST['subnet_bits'] == "32" and $_POST['type'] == "carp") @@ -130,7 +130,7 @@ if ($_POST) { /* check for overlaps with 1:1 NAT */ if (is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['ipaddr'], 32, $natent['external'], $natent['subnet'])) { + if (check_subnets_overlap($_POST['subnet'], 32, $natent['external'], $natent['subnet'])) { $input_errors[] = "A 1:1 NAT mapping overlaps with the specified IP address."; break; } diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 53875fe..6dc2ff3 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -196,9 +196,11 @@ if ($_POST['apply']) { if (!is_array($ifport)) { $reloadif = false; - if (!empty($config['interfaces'][$ifname]['if']) && $config['interfaces'][$ifname]['if'] <> $ifport) + if (!empty($config['interfaces'][$ifname]['if']) && $config['interfaces'][$ifname]['if'] <> $ifport) { + interface_bring_down($ifname); /* Mark this to be reconfigured in any case. */ $reloadif = true; + } $config['interfaces'][$ifname]['if'] = $ifport; if (preg_match('/^ppp_(.+)$/', $ifport, $matches)) { $config['interfaces'][$ifname]['pointtopoint'] = true; diff --git a/usr/local/www/interfaces_bridge.php b/usr/local/www/interfaces_bridge.php index d58771e..05c69e2 100644 --- a/usr/local/www/interfaces_bridge.php +++ b/usr/local/www/interfaces_bridge.php @@ -47,7 +47,7 @@ if (!is_array($config['bridges']['bridged'])) $a_bridges = &$config['bridges']['bridged'] ; function bridge_inuse($num) { - global $config; + global $config, $a_bridges; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -111,7 +111,7 @@ include("head.inc"); </tr> <?php $i = 0; $ifdescrs = get_configured_interface_with_descr(); foreach ($a_bridges as $bridge): ?> - <tr> + <tr ondblclick="document.location='interfaces_bridge_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars(strtoupper($bridge['bridgeif']));?> </td> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index f3eefbe..aa1ee03 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -266,7 +266,7 @@ function show_source_port_range() { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> + <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> <input type="text" name="descr" id="descr" class="formfld unknown" size="50" value="<?=$pconfig['descr'];?>"> </td> diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php index 7704e92..cd214e7 100644 --- a/usr/local/www/interfaces_gif.php +++ b/usr/local/www/interfaces_gif.php @@ -47,7 +47,7 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif'] ; function gif_inuse($num) { - global $config; + global $config, $a_gifs; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -109,7 +109,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_gifs as $gif): ?> - <tr> + <tr ondblclick="document.location='interfaces_gif_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($gif['if']);?> </td> diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php index 333ce35..5ad7026 100644 --- a/usr/local/www/interfaces_gre.php +++ b/usr/local/www/interfaces_gre.php @@ -47,7 +47,7 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre'] ; function gre_inuse($num) { - global $config; + global $config, $a_gres; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -109,7 +109,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_gres as $gre): ?> - <tr> + <tr ondblclick="document.location='interfaces_vlan_gre.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($gre['if']);?> </td> diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 0414d9b..51feffd 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -69,7 +69,7 @@ if ($_POST) { $input_errors[] = "Group name already exists!"; } if (preg_match("/([^a-zA-Z])+/", $_POST['ifname'], $match)) - $input_errors[] = "Only characters in a-z A-Z are allowed as interface name."; + $input_errors[] = "Only letters A-Z are allowed as the group name."; $ifgroupentry = array(); $ifgroupentry['ifname'] = $_POST['ifname']; @@ -203,7 +203,7 @@ function removeRow(el) { <td colspan="2" valign="top" class="listtopic">Interface Groups Edit</td> </tr> <tr> - <td valign="top" class="vncellreq">Interface</td> + <td valign="top" class="vncellreq">Group Name</td> <td class="vtable"> <input class="formfld unknown" name="ifname" id="ifname" value="<?=$pconfig['ifname'];?>" /> <br /> diff --git a/usr/local/www/interfaces_lagg.php b/usr/local/www/interfaces_lagg.php index e5ac41a..0beac77 100644 --- a/usr/local/www/interfaces_lagg.php +++ b/usr/local/www/interfaces_lagg.php @@ -115,7 +115,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_laggs as $lagg): ?> - <tr> + <tr ondblclick="document.location='interfaces_lagg_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars(strtoupper($lagg['laggif']));?> </td> diff --git a/usr/local/www/interfaces_ppp.php b/usr/local/www/interfaces_ppp.php index 8e200d1..3eb93ba 100644 --- a/usr/local/www/interfaces_ppp.php +++ b/usr/local/www/interfaces_ppp.php @@ -108,7 +108,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_ppps as $id => $ppp): ?> - <tr> + <tr ondblclick="document.location='interfaces_ppp_edit.php?id=<?=$i;?>'"> <td class="listr"> <?=htmlspecialchars($ppp['port']);?> </td> diff --git a/usr/local/www/interfaces_ppp_edit.php b/usr/local/www/interfaces_ppp_edit.php index 1b86ea4..ca5fc6c 100644 --- a/usr/local/www/interfaces_ppp_edit.php +++ b/usr/local/www/interfaces_ppp_edit.php @@ -1,6 +1,6 @@ <?php /* - interfaces_lan.php + interfaces_ppp_edit.php part of pfSense(http://pfsense.org) Originally written by Adam Lebsack <adam at holonyx dot com> diff --git a/usr/local/www/interfaces_qinq.php b/usr/local/www/interfaces_qinq.php index fc88eab..604d778 100755 --- a/usr/local/www/interfaces_qinq.php +++ b/usr/local/www/interfaces_qinq.php @@ -46,7 +46,7 @@ if (!is_array($config['qinqs']['qinqentry'])) $a_qinqs = &$config['qinqs']['qinqentry']; function qinq_inuse($num) { - global $config, $g; + global $config, $a_qinqs; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -118,7 +118,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_qinqs as $qinq): ?> - <tr> + <tr ondblclick="document.location='interfaces_qinq_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($qinq['if']);?> </td> diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php index b2322e9..0adfa7d 100755 --- a/usr/local/www/interfaces_vlan.php +++ b/usr/local/www/interfaces_vlan.php @@ -48,7 +48,7 @@ if (!is_array($config['vlans']['vlan'])) $a_vlans = &$config['vlans']['vlan'] ; function vlan_inuse($num) { - global $config, $g; + global $config, $a_vlans; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -111,7 +111,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_vlans as $vlan): ?> - <tr> + <tr ondblclick="document.location='interfaces_vlan_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($vlan['if']);?> </td> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 545132c..b79a5ac 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -74,6 +74,7 @@ $pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); $pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']); $pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); +$pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']); $pconfig['key'] = base64_decode($config['captiveportal']['private-key']); $pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); $pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']); @@ -116,6 +117,8 @@ if ($_POST) { } else { if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") || !strstr($_POST['cacert'], "END CERTIFICATE")) + $input_errors[] = "This intermmediate certificate does not appear to be valid."; if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) $input_errors[] = "This key does not appear to be valid."; } @@ -174,6 +177,7 @@ if ($_POST) { $config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn']; $config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup']; $config['captiveportal']['certificate'] = base64_encode($_POST['cert']); + $config['captiveportal']['cacertificate'] = base64_encode($_POST['cacert']); $config['captiveportal']['private-key'] = base64_encode($_POST['key']); $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; @@ -569,6 +573,13 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> <br> Paste an RSA private key in PEM format here.</td> </tr> + <tr> + <td valign="top" class="vncell">HTTPS intermmediate certificate</td> + <td class="vtable"> + <textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea> + <br> + Paste a certificate in X.509 PEM format here.</td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Portal page contents</td> <td width="78%" class="vtable"> diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index b7fa1b7..f177dbb 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -113,7 +113,7 @@ if($config['installedpackages']['olsrd']) { } if (!$_GET['if']) - $savemsg = "<b>The DHCP Server can only be enabled on interfaces configured with static IP addresses.<p> The interfaces not configured with a static IP will not be shown.</p></b>"; + $savemsg = "<b>The DHCP Server can only be enabled on interfaces configured with static IP addresses.<p> Only interfaces configured with a static IP will be shown.</p></b>"; $iflist = get_configured_interface_with_descr(); diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php index d17393c..c68227e 100755 --- a/usr/local/www/services_dyndns.php +++ b/usr/local/www/services_dyndns.php @@ -53,6 +53,26 @@ if ($_GET['act'] == "del") { exit; } +function dyndnsCheckIP($int) { + + $ip_address = get_interface_ip($int); + if (is_private_ip($ip_address)) { + $hosttocheck = "checkip.dyndns.org"; + $checkip = gethostbyname($hosttocheck); + $ip_ch = curl_init("http://{$checkip}"); + curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE); + curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address); + $ip_result_page = curl_exec($ip_ch); + curl_close($ip_ch); + $ip_result_decoded = urldecode($ip_result_page); + preg_match('=Current IP Address: (.*)</body>=siU', $ip_result_decoded, $matches); + $ip_address = trim($matches[1]); + } + + return $ip_address; +} + $pgtitle = array("Services", "Dynamic DNS clients"); include("head.inc"); @@ -76,22 +96,22 @@ include("head.inc"); <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td width="5%" class="listhdrr"></td> - <td width="15%" class="listhdrr">Service</td> + <td width="5%" class="listhdrr"></td> + <td width="15%" class="listhdrr">Service</td> <td width="20%" class="listhdrr">Hostname</td> <td width="20%" class="listhdrr">Cached IP</td> <td width="50%" class="listhdr">Description</td> <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_dyndns as $dyndns): ?> - <tr> - <td class="listlr"> - <?php $iflist = get_configured_interface_with_descr(); - foreach ($iflist as $if => $ifdesc): - if ($dyndns['interface'] == $if): ?> - <?=$ifdesc; break;?> - <?php endif; endforeach; ?> - </td> + </tr> + <?php $i = 0; foreach ($a_dyndns as $dyndns): ?> + <tr ondblclick="document.location='services_dyndns_edit.php?id=<?=$i;?>'"> + <td class="listlr"> + <?php $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $if => $ifdesc): + if ($dyndns['interface'] == $if): ?> + <?=$ifdesc; break;?> + <?php endif; endforeach; ?> + </td> <td class="listlr"> <?php $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS"); @@ -107,26 +127,23 @@ include("head.inc"); <?=htmlspecialchars($dyndns['host']);?> </td> <td class="listlr"> - <?php - $int = strtolower($if); - $real_int = get_real_interface($if); - $filename = "{$g['conf_path']}/dyndns_{$int}dyndns.cache"; - if(file_exists($filename)) { - $dns_resolv = str_replace("\n", "", `/usr/bin/host {$dyndns['host']} | awk '{ print $4 }'`); - $cached_ip_s = split(":", file_get_contents($filename)); - $cached_ip = $cached_ip_s[0]; - $int_ip = find_interface_ip($real_int); - if($int_ip <> $cached_ip or $dns_resolv <> $int_ip) - echo "<font color='red'>"; - else - echo "<font color='green'>"; - echo htmlspecialchars($cached_ip); - echo "</font>"; - } else { - echo "N/A"; - } - ?> - </td> + <?php + $filename = "{$g['conf_path']}/dyndns_{$if}{$dyndns['type']}.cache"; + $ipaddr = dyndnsCheckIP($if); + if(file_exists($filename)) { + $cached_ip_s = split(":", file_get_contents($filename)); + $cached_ip = $cached_ip_s[0]; + if($ipaddr <> $cached_ip) + echo "<font color='red'>"; + else + echo "<font color='green'>"; + echo htmlspecialchars($cached_ip); + echo "</font>"; + } else { + echo "N/A"; + } + ?> + </td> <td class="listbg"> <?=htmlspecialchars($dyndns['descr']);?> </td> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index c0ed3dd..edf2e0a 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -95,6 +95,7 @@ if ($act == "edit") { $pconfig['radius_host'] = $a_server[$id]['host']; $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port']; $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port']; + $pconfig['radius_secret'] = $a_server[$id]['radius_secret']; if ($pconfig['radius_auth_port'] && $pconfig['radius_acct_port'] ) { diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 97722c7..eb3ac65 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -668,7 +668,7 @@ function internalca_change() { <td width="78%" class="vtable"> <textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=$pconfig['csr'];?></textarea> <br> - Copy the certificate signing data from here and forward it to your certificate authority for singing.</td> + Copy the certificate signing data from here and forward it to your certificate authority for signing.</td> </td> </tr> <tr> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 7dfb6aa..b562579 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -192,7 +192,7 @@ if ($_POST) { $a_gateway_item[] = $gateway; } } - + system_resolvconf_generate(); mark_subsystem_dirty('staticroutes'); write_config(); diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index a0426c0..4ef01f5 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -72,18 +72,12 @@ if ($_POST) { if($_POST['session_timeout']) {
$timeout = intval($_POST['session_timeout']);
if ($timeout != "" && !is_numeric($timeout))
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
-
- if ($timeout < 1)
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
-
- if ($timeout > 999)
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
+ $input_errors[] = gettext("Session timeout must be an integer value.");
}
if (!$input_errors) {
- if($_POST['session_timeout'] && $_POST['session_timeout'] != "0")
+ if($_POST['session_timeout'])
$pconfig['session_timeout'] = intval($_POST['session_timeout']);
else
unset($config['system']['webgui']['session_timeout']);
@@ -200,7 +194,7 @@ include("head.inc"); document.iform.ldapserver.disabled = 0;
document.iform.ldapbindun.disabled = 0;
document.iform.ldapbindpw.disabled = 0;
- document.iform.ldapfilter.value = "(samaccountname=$username)";
+ document.iform.ldapfilter.value = "(samaccountname=*)";
document.iform.ldapnameattribute.value = "samaccountname";
document.iform.ldapgroupattribute.value = "memberOf";
break;
@@ -214,7 +208,7 @@ include("head.inc"); document.iform.ldapserver.disabled = 0;
document.iform.ldapbindun.disabled = 0;
document.iform.ldapbindpw.disabled = 0;
- document.iform.ldapfilter.value = "(cn=$username)";
+ document.iform.ldapfilter.value = "(cn=*)";
document.iform.ldapnameattribute.value = "CN";
document.iform.ldapgroupattribute.value = "groupMembership";
break;
@@ -249,7 +243,7 @@ if(!$pconfig['backend']) <td width="78%" class="vtable">
<input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" />
<br />
- <?=gettext("Time in minutes to expire idle management sessions.");?><br />
+ <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br />
</td>
</tr>
<tr>
@@ -260,7 +254,7 @@ if(!$pconfig['backend']) <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Active Directory)</option>
<option value="ldapother"<?php if ($pconfig['backend'] == "ldapother") echo " SELECTED";?>>LDAP OTHER (eDir, etc)</option>
</select>
- <br/>NOTE: login failures or server not available issues will fall back to pfSense internal users/group authentication.
+ <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> internal users/group authentication.
</td>
</tr>
<tr>
@@ -366,4 +360,4 @@ if(!$pconfig['backend']) return true;
}
}
-</script>
\ No newline at end of file +</script>
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index f2899e6..a1eb068 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -223,7 +223,7 @@ function change_mode() { function typesel_change_local(bits) { - if (!bits) + if (typeof(bits)=="undefined") bits = 24; switch (document.iform.localid_type.selectedIndex) { @@ -258,7 +258,7 @@ function typesel_change_remote(bits) { function typesel_change_remote(bits) { - if (!bits) + if (typeof(bits)=="undefined") bits = 24; switch (document.iform.remoteid_type.selectedIndex) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index f1f48fd..0083fd2 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -90,6 +90,9 @@ if($_GET['act']=="edit"){ $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; + $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; + $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd']; + $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype']; $pconfig['description'] = $a_client[$id]['description']; $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; @@ -156,6 +159,11 @@ if ($_POST) { if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) $input_errors[] = $result; + + if ($pconfig['proxy_authtype'] != "none") { + if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) + $input_errors[] = "User name and password are required for proxy with authentication."; + } } if($pconfig['tunnel_network']) @@ -207,6 +215,9 @@ if ($_POST) { $client['resolve_retry'] = $pconfig['resolve_retry']; $client['proxy_addr'] = $pconfig['proxy_addr']; $client['proxy_port'] = $pconfig['proxy_port']; + $client['proxy_authtype'] = $pconfig['proxy_authtype']; + $client['proxy_user'] = $pconfig['proxy_user']; + $client['proxy_passwd'] = $pconfig['proxy_passwd']; $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; $client['custom_options'] = $pconfig['custom_options']; @@ -277,6 +288,15 @@ function autokey_change() { document.getElementById("autokey_opts").style.display=""; } +function useproxy_changed() { + + if ($('proxy_authtype').value != 'none') { + $('proxy_authtype_opts').show(); + } else { + $('proxy_authtype_opts').hide(); + } +} + function tlsauth_change() { <?php if (!$pconfig['tls']): ?> @@ -459,6 +479,50 @@ function autotls_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Authentication method : + </span> + </td> + <td> + <select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()"> + <option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>>none</option> + <option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>>basic</option> + <option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>>ntlm</option> + </select> + </td> + </tr> + </table> + <br /> + <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Username : + </span> + </td> + <td> + <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Password : + </span> + </td> + <td> + <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Server host name resolution</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> @@ -797,6 +861,7 @@ function autotls_change() { mode_change(); autokey_change(); tlsauth_change(); +useproxy_changed(); //--> </script> </body> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4617e5c..c58942f 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -44,6 +44,10 @@ if (!is_array($config['openvpn']['openvpn-server'])) $a_server = &$config['openvpn']['openvpn-server']; +if (!is_array($config['system']['authserver'])) + $config['system']['authserver'] = array(); +$auth_servers =& $config['system']['authserver']; + $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -82,6 +86,7 @@ if($_GET['act']=="edit"){ $pconfig['disable'] = isset($a_server[$id]['disable']); $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; + $pconfig['authmode'] = $a_server[$id]['authmode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; @@ -238,7 +243,7 @@ if ($_POST) { if (!$tls_mode && !$pconfig['autokey_enable']) { $reqdfields = array('shared_key'); $reqdfieldsn = array('Shared key'); - } else { + } else { $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = explode(",", "Certificate Authority,Certificate");; } @@ -260,6 +265,7 @@ if ($_POST) { if ($_POST['disable'] == "yes") $server['disable'] = true; $server['mode'] = $pconfig['mode']; + $server['authmode'] = $pconfig['authmode']; $server['protocol'] = $pconfig['protocol']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; @@ -370,7 +376,12 @@ function mode_change() { case "p2p_shared_key": document.getElementById("client_opts").style.display="none"; document.getElementById("remote_opts").style.display=""; + document.getElementById("authmodetr").style.display="none"; break; + case "server_user": + case "server_tls_user": + document.getElementById("authmodetr").style.display=""; + /* FALL THROUGH */ default: document.getElementById("client_opts").style.display=""; document.getElementById("remote_opts").style.display="none"; @@ -531,6 +542,22 @@ function netbios_change() { </select> </td> </tr> + <tr id="authmodetr" style="display:none"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> + <td width="78%" class="vtable"> + <select name='authmode' id='authmode' class="formselect"> + <option value="local" <?php if ($pconfig['authmode'] == "local") echo "selected";?>>Local authentication database</option> + <?php + foreach ($auth_servers as $auth_server): + $selected = ""; + if ($pconfig['authmode'] == $auth_server['name']) + $selected = "selected"; + ?> + <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/widgets/include/gmirror_status.inc b/usr/local/www/widgets/include/gmirror_status.inc index 677be85..414c394 100644 --- a/usr/local/www/widgets/include/gmirror_status.inc +++ b/usr/local/www/widgets/include/gmirror_status.inc @@ -1,5 +1,31 @@ <?php -function get_gmirror_status() { +/* + gmirror_status.widget.php + Copyright (C) 2009-2010 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function gmirror_get_status() { $status = ""; exec("/sbin/gmirror status", $status); $mirrors = array(); @@ -28,4 +54,37 @@ function get_gmirror_status() { } /* Return an hash of mirrors and components */ return $mirrors; -} ?>
\ No newline at end of file +} + +function gmirror_html_status() { + $mirrors = gmirror_get_status(); + $output = ""; + if (count($mirrors) > 0) { + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Name</td>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Status</td>\n"; + $output .= "<td width=\"20%\" class=\"vncellt\">Component</td>\n"; + $output .= "</tr>\n"; + foreach ($mirrors as $mirror => $name) { + $components = count($name["components"]); + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['name']}</td>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['status']}</td>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$name['components'][0]}</td>\n"; + $output .= "</tr>\n"; + if (count($name["components"]) > 1) { + $morecomponents = array_slice($name["components"], 1); + foreach ($morecomponents as $component) { + $output .= "<tr>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$component}</td>\n"; + $output .= "</tr>\n"; + } + } + } + } else { + $output .= "<tr><td colspan=\"3\" class=\"listr\">No Mirrors Found</td></tr>\n"; + } + // $output .= "<tr><td colspan=\"3\" class=\"listr\">Updated at " . date("F j, Y, g:i:s a") . "</td></tr>\n"; + return $output; +} +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/gmirror_status.widget.php b/usr/local/www/widgets/widgets/gmirror_status.widget.php index dcbcbc4..cd73a0f 100644 --- a/usr/local/www/widgets/widgets/gmirror_status.widget.php +++ b/usr/local/www/widgets/widgets/gmirror_status.widget.php @@ -1,7 +1,7 @@ <?php /* gmirror_status.widget.php - Copyright (C) 2009 Jim Pingle + Copyright (C) 2009-2010 Jim Pingle Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -27,35 +27,21 @@ require_once("/usr/local/www/widgets/include/gmirror_status.inc"); -$mirrors = get_gmirror_status(); - +if ($_GET['textonly'] == "true") { + header("Cache-Control: no-cache"); + echo gmirror_html_status(); + exit; +} ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> - <tbody> -<?php if (count($mirrors) > 0) { ?> - <tr> - <td width="40%" class="vncellt">Name</td> - <td width="40%" class="vncellt">Status</td> - <td width="20%" class="vncellt">Component</td> - </tr> - <?php foreach ($mirrors as $mirror => $name) { ?> - <tr> - <td width="40%" rowspan="<?= count($name["components"]) ?>" class="listr"><?= $name["name"] ?></td> - <td width="40%" rowspan="<?= count($name["components"]) ?>" class="listr"><?= $name["status"] ?></td> - <td width="20%" class="listr"><?= $name["components"][0] ?></td> - </tr> - <?php - if (count($name["components"]) > 1) { - $morecomponents = array_slice($name["components"], 1); - foreach ($morecomponents as $component) { ?> - <tr> - <td width="20%" class="listr"><?= $component ?></td> - </tr> - <?php } - } ?> - <?php } ?> -<?php } else { ?> - <tr><td colspan="3" class="listr">No Mirrors Found</td></tr> -<?php } ?> + <tbody id="gmirror_status_table"> + <?php echo gmirror_html_status(); ?> </tbody> </table> + +<script type="text/javascript" language="javascript"> + // <![CDATA[ + var gmirrorupdater = new Ajax.PeriodicalUpdater('gmirror_status_table', '/widgets/widgets/gmirror_status.widget.php?textonly=true', + { method: 'get', frequency: 5 } ); + // ]]> +</script> diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 45302b3..f50d469 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -654,13 +654,19 @@ function fixup_string($string) { } } $myurl = $proto . "://" . $_SERVER['HTTP_HOST'] . $urlport . "/"; - $newstring = str_replace("\$myurl", $myurl, $newstring); + + if (strstr($newstring, "\$myurl")) + $newstring = str_replace("\$myurl", $myurl, $newstring); // fixup #2: $wanip - $curwanip = get_interface_ip(); - $newstring = str_replace("\$wanip", $curwanip, $newstring); + if (strstr($newstring, "\$wanip")) { + $curwanip = get_interface_ip(); + $newstring = str_replace("\$wanip", $curwanip, $newstring); + } // fixup #3: $lanip - $lanip = get_interface_ip("lan"); - $newstring = str_replace("\$lanip", $lanip, $newstring); + if (strstr($newstring, "\$lanip")) { + $lanip = get_interface_ip("lan"); + $newstring = str_replace("\$lanip", $lanip, $newstring); + } // fixup #4: fix'r'up here. return $newstring; } |
