diff options
author | jim-p <jimp@pfsense.org> | 2011-06-03 15:34:54 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-06-03 15:34:54 -0400 |
commit | 534375b6f0ad869022c068ef35c5c6dedcd619bd (patch) | |
tree | 7a756196aa5f720c2d4019bb1686e7ebd25bdc36 /usr | |
parent | ee0cf21f7c71cc0d7630a0d607b1082424dc725b (diff) | |
parent | bd4b09826c4f0a6ecae94c99a9fdfa8bf7bc4a95 (diff) | |
download | pfsense-534375b6f0ad869022c068ef35c5c6dedcd619bd.zip pfsense-534375b6f0ad869022c068ef35c5c6dedcd619bd.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
etc/inc/openvpn.inc
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/diag_backup.php | 11 | ||||
-rwxr-xr-x | usr/local/www/diag_ipsec_sad.php | 2 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 1 | ||||
-rw-r--r-- | usr/local/www/system_advanced_misc.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_camanager.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_certmanager.php | 2 | ||||
-rwxr-xr-x | usr/local/www/vpn_ipsec.php | 3 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 18 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 87 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 12 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 16 |
11 files changed, 97 insertions, 59 deletions
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 598f4d6..9d28375 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -158,6 +158,8 @@ if ($_POST) { $mode = "restore"; else if (stristr($_POST['Submit'], gettext("Reinstall"))) $mode = "reinstallpackages"; + else if (stristr($_POST['Submit'], gettext("Clear Package Lock"))) + $mode = "clearpackagelock"; else if (stristr($_POST['Submit'], gettext("Download"))) $mode = "download"; else if (stristr($_POST['Submit'], gettext("Restore version"))) @@ -470,6 +472,9 @@ if ($_POST) { header("Location: pkg_mgr_install.php?mode=reinstallall"); exit; + } else if ($mode == "clearpackagelock") { + clear_subsystem_dirty('packagelock'); + $savemsg = "Package Lock Cleared"; } else if ($mode == "restore_ver") { $input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm"); if ($ver2restore <> "") { @@ -655,13 +660,17 @@ function backuparea_change(obj) { <td colspan="2" class="list" height="12"> </td> </tr> <tr> - <td colspan="2" class="listtopic"><?=gettext("Reinstall packages"); ?></td> + <td colspan="2" class="listtopic"><?=gettext("Package Functions"); ?></td> </tr> <tr> <td width="22%" valign="baseline" class="vncell"> </td> <td width="78%" class="vtable"> <p><?=gettext("Click this button to reinstall all system packages. This may take a while."); ?> <br /><br /> <input name="Submit" type="submit" class="formbtn" id="reinstallpackages" value="<?=gettext("Reinstall packages"); ?>"> + <br/> + <br/> + <p><?=gettext("Click this button to clear the package lock if a package fails to reinstall properly after an upgrade."); ?> <br /><br /> + <input name="Submit" type="submit" class="formbtn" id="clearpackagelock" value="<?=gettext("Clear Package Lock"); ?>"> </td> </tr> <?php } ?> diff --git a/usr/local/www/diag_ipsec_sad.php b/usr/local/www/diag_ipsec_sad.php index 7ee8b72..e08feba 100755 --- a/usr/local/www/diag_ipsec_sad.php +++ b/usr/local/www/diag_ipsec_sad.php @@ -90,6 +90,7 @@ if ($_GET['act'] == "del") { <td nowrap class="listhdrr"><?=gettext("SPI");?></td> <td nowrap class="listhdrr"><?=gettext("Enc. alg.");?></td> <td nowrap class="listhdr"><?=gettext("Auth. alg.");?></td> + <td nowrap class="listhdr"><?=gettext("Data");?></td> <td nowrap class="list"></td> </tr> <?php foreach ($sad as $sa): ?> @@ -100,6 +101,7 @@ if ($_GET['act'] == "del") { <td class="listr"><?=htmlspecialchars($sa['spi']);?></td> <td class="listr"><?=htmlspecialchars($sa['ealgo']);?></td> <td class="listr"><?=htmlspecialchars($sa['aalgo']);?></td> + <td class="listr"><?=htmlspecialchars($sa['data']);?></td> <td class="list" nowrap> <?php $args = "src=" . rawurlencode($sa['src']); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 0ecf1d3..41957c5 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1311,6 +1311,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), if ($mediaopt_from_config == 'autoselect ' || $mediaopt_from_config == ' ') echo "style='display:none'>"; else echo '>'; echo '<select name="mediaopt" class="formselect" id="mediaopt">'; + print "<option value=\"\">Default</option>"; foreach($mediaopts_list as $mediaopt){ if ($mediaopt != rtrim($mediaopt_from_config)){ print "<option value=\"$mediaopt\">" . gettext("$mediaopt") . "</option>"; diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 21bff54..2264365 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -280,7 +280,7 @@ function maxmss_checked(obj) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Load Balancing"); ?></td> <td width="78%" class="vtable"> - <input name="lb_use_sticky" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) echo "checked=\"checked\""; ?> /> + <input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Allow default gateway switching"); ?></strong><br/> <?=gettext("If the link where the default gateway resides fails " . "switch the default gateway to another available one."); ?> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index e1b83f2..5541f83 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -92,6 +92,8 @@ if ($act == "del") { unset($a_ca[$id]); write_config(); $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br/>"; + pfSenseHeader("system_camanager.php"); + exit; } if ($act == "edit") { diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index cc1c65a..470f0cd 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -94,6 +94,8 @@ if ($act == "del") { unset($a_cert[$id]); write_config(); $savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>"; + pfSenseHeader("system_certmanager.php"); + exit; } if ($act == "new") { diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 7e5122a..4864e66 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -375,6 +375,9 @@ include("head.inc"); <a href="vpn_ipsec.php?act=delph2&p2index=<?=$j;?>" onclick="return confirm('<?=gettext("Do you really want to delete this phase2 entry?"); ?>')"> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="<?=gettext("delete phase2 entry"); ?>" width="17" height="17" border="0"> </a> + <a href="vpn_ipsec_phase2.php?dup=<?=$j;?>"> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new Phase 2 based on this one"); ?>" width="17" height="17" border="0"> + </a> </td> </tr> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index edfc36b..96ce52d 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -90,6 +90,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['dhgroup'] = $a_phase1[$p1index]['dhgroup']; $pconfig['lifetime'] = $a_phase1[$p1index]['lifetime']; $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; + $pconfig['generate_policy'] = $a_phase1[$p1index]['generate_policy']; $pconfig['proposal_check'] = $a_phase1[$p1index]['proposal_check']; if (($pconfig['authentication_method'] == "pre_shared_key") || @@ -310,6 +311,7 @@ if ($_POST) { $ph1ent['certref'] = $pconfig['certref']; $ph1ent['caref'] = $pconfig['caref']; $ph1ent['authentication_method'] = $pconfig['authentication_method']; + $ph1ent['generate_policy'] = $pconfig['generate_policy']; $ph1ent['proposal_check'] = $pconfig['proposal_check']; $ph1ent['descr'] = $pconfig['descr']; $ph1ent['nat_traversal'] = $pconfig['nat_traversal']; @@ -662,6 +664,22 @@ function dpdchkbox_change() { </span> </td> </tr> + <tr id="generate_policy"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Policy Generation"); ?></td> + <td width="78%" class="vtable"> + <select name="generate_policy" class="formselect"> + <option value="" <?php if (empty($pconfig['generate_policy'])) echo "selected"; ?>>Default</option> + <option value="on" <?php if ($pconfig['generate_policy'] == "on") echo "selected"; ?>>On</option> + <option value="off" <?php if ($pconfig['generate_policy'] == "off") echo "selected"; ?>>Off</option> + <option value="require" <?php if ($pconfig['generate_policy'] == "require") echo "selected"; ?>>Require</option> + <option value="unique" <?php if ($pconfig['generate_policy'] == "unique") echo "selected"; ?>>Unique</option> + </select> + <br> + <span class="vexpl"> + <?=gettext("When working as a responder (as with mobile clients), this controls how policies are generated based on SA proposals."); ?> + </span> + </td> + </tr> <tr id="proposal_check"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Proposal Checking"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 6586b42..56f377a 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -140,69 +140,58 @@ if ($_POST) { break; } } - /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ /* User is adding phase 2 for mobile phase1 */ - foreach($a_phase2 as $name){ + foreach($a_phase2 as $key => $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ - if ($name['localid']['type'] == $pconfig['localid_type']){ - /* Types match, check further */ - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address']) - $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits']) - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $entered = array(); + $entered['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered); + if ($localid_data == $entered_localid_data){ + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; } - if (count($input_errors) > 0) - break; /* there is an error, stop checking other phase2 definitions */ } } } }else{ /* User is adding phase 2 for site-to-site phase1 */ $input_error = 0; - foreach($a_phase2 as $name){ + foreach($a_phase2 as $key => $name){ if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ /* check duplicate subnets only for given phase1 */ - if ($name['localid']['type'] == $pconfig['localid_type'] && - $name['remoteid']['type'] == $pconfig['remoteid_type']){ - /* Types match, check further */ - $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; - $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; - switch($pconfig['localid_type']){ - case "none": - case "lan": - case "wan": - if ($configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "address": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - case "network": - if ($name['localid']['address'] == $pconfig['localid_address'] && - $name['localid']['netbits'] == $pconfig['localid_netbits'] && - $configured_remote_string == $eneterd_remote_string) - $input_error = 1; - break; - } - if ($input_error){ - $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); - break; /* there is an error, stop checking other phase2 definitions */ + $localid_data = ipsec_idinfo_to_cidr($name['localid']); + $remoteid_data = ipsec_idinfo_to_cidr($name['remoteid']); + $entered_local = array(); + $entered_local['type'] = $pconfig['localid_type']; + if (isset($pconfig['localid_address'])) $entered_local['address'] = $pconfig['localid_address']; + if (isset($pconfig['localid_netbits'])) $entered_local['netbits'] = $pconfig['localid_netbits']; + $entered_localid_data = ipsec_idinfo_to_cidr($entered_local); + $entered_remote = array(); + $entered_remote['type'] = $pconfig['remoteid_type']; + if (isset($pconfig['remoteid_address'])) $entered_remote['address'] = $pconfig['remoteid_address']; + if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; + $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote); + if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; } } } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 4b9fc74..97b7769 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -350,10 +350,6 @@ function autotls_change() { <?php if (!$savemsg) $savemsg = ""; -if (count($a_ca) == 0) - $savemsg .= "You have no Certificate Authorities defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; -if (count($a_cert) == 0) - $savemsg .= "<br/>You have no Certificates defined. You must visit the <a href=\"system_camanager.php\">Certificate Manager</a> to make one."; if ($input_errors) print_input_errors($input_errors); @@ -632,6 +628,7 @@ if ($savemsg) <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): @@ -642,11 +639,15 @@ if ($savemsg) <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -667,6 +668,9 @@ if ($savemsg) <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="psk"> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index bb7c106..0a50446 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -559,10 +559,6 @@ function netbios_change() { <?php if (!$savemsg) $savemsg = ""; -if (count($a_ca) == 0) - $savemsg .= "You have no Certificate Authorities defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; -if (count($a_cert) == 0) - $savemsg .= "<br/>You have no Certificates defined. You can visit the <a href=\"system_camanager.php\">Certificate Manager</a> or use the <a href=\"wizard.php?xml=openvpn_wizard.xml\">Wizard.</a> to create one. "; if ($input_errors) print_input_errors($input_errors); @@ -772,6 +768,7 @@ if ($savemsg) <tr id="tls_ca"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_ca)): ?> <select name='caref' class="formselect"> <?php foreach ($a_ca as $ca): @@ -782,11 +779,15 @@ if ($savemsg) <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_crl"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_crl)): ?> <select name='crlref' class="formselect"> <option value="">None</option> <?php @@ -803,11 +804,15 @@ if ($savemsg) <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['descr'] . $caname;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificate Revocation Lists (CRLs) defined.</b> <br/>Create one under <a href="system_crlmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td> <td width="78%" class="vtable"> + <?php if (count($a_cert)): ?> <select name='certref' class="formselect"> <?php foreach ($a_cert as $cert): @@ -828,6 +833,9 @@ if ($savemsg) <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> </select> + <?php else: ?> + <b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System > Cert Manager</a>. + <?php endif; ?> </td> </tr> <tr id="tls_dh"> |