diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 175 | ||||
-rw-r--r-- | etc/inc/config.gui.inc | 4 | ||||
-rw-r--r-- | etc/inc/filter.inc | 3 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/pkg-utils.inc | 2 | ||||
-rw-r--r-- | etc/inc/priv.defs.inc | 14 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 4 | ||||
-rw-r--r-- | etc/inc/util.inc | 2 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 30 | ||||
-rwxr-xr-x | etc/rc.newipsecdns | 4 | ||||
-rwxr-xr-x | etc/rc.newwanip | 21 | ||||
-rwxr-xr-x | usr/local/captiveportal/index.php | 2 | ||||
-rw-r--r-- | usr/local/pkg/carp_settings.xml | 8 | ||||
-rw-r--r-- | usr/local/www/edit.php | 7 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 10 | ||||
-rw-r--r-- | usr/local/www/graph_cpu.php | 2 | ||||
-rw-r--r-- | usr/local/www/headjs.php | 4 | ||||
-rw-r--r-- | usr/local/www/help.php | 2 | ||||
-rw-r--r-- | usr/local/www/interfaces_lagg_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/stats.php | 12 | ||||
-rwxr-xr-x | usr/local/www/status_captiveportal.php | 7 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/captive_portal_status.widget.php | 7 | ||||
-rw-r--r-- | usr/local/www/wizards/openvpn_wizard.inc | 2 |
23 files changed, 193 insertions, 133 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index f414d9a..ab3bc2d 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -715,11 +715,11 @@ function captiveportal_prune_old() { !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; + $radiusservers = captiveportal_get_radius_servers(); + /* read database */ $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); - /* To make sure we iterate over ALL accounts on every run the count($cpdb) is moved * outside of the loop. Otherwise the loop would evaluate count() on every iteration * and since $i would increase and count() would decrement they would meet before we @@ -783,7 +783,7 @@ function captiveportal_prune_old() { if ($timedout) { captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); - $unsetindexes[$i] = $i; + $unsetindexes[] = $cpdb[$i][5]; } /* do periodic RADIUS reauthentication? */ @@ -831,17 +831,14 @@ function captiveportal_prune_old() { if ($auth_list['auth_val'] == 3) { captiveportal_disconnect($cpdb[$i], $radiusservers, 17); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[$i] = $i; + $unsetindexes[] = $cpdb[$i][5]; } } } } - /* This is a kludge to overcome some php weirdness */ - foreach($unsetindexes as $unsetindex) - unset($cpdb[$unsetindex]); /* write database */ - captiveportal_write_db($cpdb); + captiveportal_write_db($cpdb, false, $unsetindexes); } /* remove a single client according to the DB entry */ @@ -885,26 +882,29 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t } -/* remove a single client by ipfw rule number */ -function captiveportal_disconnect_client($id,$term_cause = 1) { +/* remove a single client by sessionid */ +function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { global $g, $config; - /* read database */ - $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); + $unsetindex = array(); + + $cpdblck = lock('captiveportaldb', LOCK_EX); + + /* read database */ + $cpdb = captiveportal_read_db(true); /* find entry */ - foreach ($cpdb as $i => $cpentry) { - if ($cpentry[1] == $id) { - captiveportal_disconnect($cpentry, $radiusservers, $term_cause); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); - unset($cpdb[$i]); - break; - } - } + if (isset($cpdb[$sessionid])) { + $cpentry = $cpdb[$sessionid]; + /* write database */ + $unsetindex[] = $sessionid; + captiveportal_write_db($cpdb, true, $unsetindex); + unlock($cpdblck); - /* write database */ - captiveportal_write_db($cpdb); + captiveportal_disconnect($cpentry, $radiusservers, $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); + } } /* send RADIUS acct stop for all current clients */ @@ -1261,38 +1261,51 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db() { - global $g; +function captiveportal_read_db($locked = false) { + global $g; - $cpdb = array(); + $cpdb = array(); + if ($locked == false) $cpdblck = lock('captiveportaldb'); - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) - $cpdb[] = explode(",", $line); + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); + if ($fd) { + while (!feof($fd)) { + $line = trim(fgets($fd)); + if ($line) { + $cpe = explode(",", $line); + /* Hash by session id */ + $cpdb[$cpe[5]] = $cpe; } - fclose($fd); } + fclose($fd); + } + if ($locked == false) unlock($cpdblck); - return $cpdb; + return $cpdb; } /* write captive portal DB */ -function captiveportal_write_db($cpdb) { - global $g; +function captiveportal_write_db($cpdb, $locked = false, $remove = array()) { + global $g; + if ($locked == false) $cpdblck = lock('captiveportaldb', LOCK_EX); - $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { - foreach ($cpdb as $cpent) { - fwrite($fd, join(",", $cpent) . "\n"); - } - fclose($fd); + + if (!empty($remove)) { + $cpdb = captiveportal_read_db(true); + foreach ($remove as $key) + unset($cpdb[$key]); + } + $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); + if ($fd) { + foreach ($cpdb as $cpent) { + fwrite($fd, join(",", $cpent) . "\n"); } - unlock($cpdblck); + fclose($fd); + } + if ($locked == false) + unlock($cpdblck); } function captiveportal_write_elements() { @@ -1609,11 +1622,16 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if (!is_array($attributes)) $attributes = array(); - /* read in client database */ - $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); + /* Do not allow concurrent login execution. */ + $cpdblck = lock('captiveportaldb', LOCK_EX); + + unset($sessionid); + + /* read in client database */ + $cpdb = captiveportal_read_db(true); + if ($attributes['voucher']) $remaining_time = $attributes['session_timeout']; @@ -1654,34 +1672,33 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } - $nousers = count($cpdb); - for ($i = 0; $i < $nousers; $i++) { + foreach ($cpdb as $sid => $cpentry) { /* on the same ip */ - if($cpdb[$i][2] == $clientip) { - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION"); - $sessionid = $cpdb[$i][5]; + if($cpentry[2] == $clientip) { + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - REUSING OLD SESSION"); + $sessionid = $sid; break; } - elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) { + elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { // user logged in with an active voucher. Check for how long and calculate // how much time we can give him (voucher credit - used time) - $remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time(); + $remaining_time = $cpentry[0] + $cpentry[7] - time(); if ($remaining_time < 0) // just in case. $remaining_time = 0; /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); + captiveportal_disconnect($cpentry,$radiusservers,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); + unset($cpdb[$sid]); break; } elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) { /* on the same username */ - if (strcasecmp($cpdb[$i][4], $username) == 0) { + if (strcasecmp($cpentry[4], $username) == 0) { /* This user was already logged in so we disconnect the old one */ - captiveportal_disconnect($cpdb[$i],$radiusservers,13); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); - unset($cpdb[$i]); + captiveportal_disconnect($cpentry,$radiusservers,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); + unset($cpdb[$sid]); break; } } @@ -1717,6 +1734,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if (!is_array($config['captiveportal']['passthrumac'])) $config['captiveportal']['passthrumac'] = array(); $config['captiveportal']['passthrumac'][] = $mac; + unlock($cpdblck); $macrules = captiveportal_passthrumac_configure_entry($mac); file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules); mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); @@ -1761,17 +1779,19 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); + /* rewrite information to database */ + captiveportal_write_db($cpdb, true); + unlock($cpdblck); + if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { $acct_val = RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac); if ($acct_val == 1) captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); } - - /* rewrite information to database */ - captiveportal_write_db($cpdb); } - } + } else + unlock($cpdblck); if ($writecfg == true) write_config(); @@ -1812,33 +1832,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } - -/* remove a single client by session ID - * by Dinesh Nair - */ -function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) { - global $g, $config; - - /* read database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); - - /* find entry */ - $dbcount = count($cpdb); - for ($i = 0; $i < $dbcount; $i++) { - if ($cpdb[$i][5] == $sessionid) { - captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason); - unset($cpdb[$i]); - break; - } - } - - /* write database */ - captiveportal_write_db($cpdb); -} - /* * Used for when pass-through credits are enabled. * Returns true when there was at least one free login to deduct for the MAC. @@ -1931,4 +1924,4 @@ function captiveportal_write_usedmacs_db($usedmacs) { unlock($cpumaclck); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.gui.inc b/etc/inc/config.gui.inc index df7d2c2..0e00d44 100644 --- a/etc/inc/config.gui.inc +++ b/etc/inc/config.gui.inc @@ -41,10 +41,6 @@ pfSense_BUILDER_BINARIES: /sbin/mount /sbin/sysctl /sbin/umount /sbin/halt /sbin/fsck pfSense_MODULE: config */ -/* - * XXX: Hack around the cvs syntax checks. - * DISABLE_PHP_LINT_CHECKING - */ require_once("globals.inc"); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 01cdfc7..3f9fe33 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1700,6 +1700,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = " {$not} {$expsrc}"; } + $rule['protocol'] = strtolower($rule['protocol']); if(in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) { if($rule[$target]['port']) { $srcport = explode("-", $rule[$target]['port']); @@ -1850,7 +1851,7 @@ function filter_generate_user_rule($rule) { log_error("The gateway: {$rule['gateway']} is invalid or unknown, not using it."); } - if(isset($rule['protocol'])) { + if (isset($rule['protocol']) && !empty($rule['protocol'])) { if($rule['protocol'] == "tcp/udp") $aline['prot'] = " proto { tcp udp } "; elseif(($rule['protocol'] == "icmp") && ($rule['ipprotocol'] == "inet6")) diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 937d193..21460c5 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -93,7 +93,7 @@ $g = array( "debug" => false, "latest_config" => "7.7", "nopkg_platforms" => array("cdrom"), - "minimum_ram_warning" => "105", + "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "minimum_nic_count" => "1", "minimum_nic_count_text" => "*AT LEAST* 1", diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index a97de3a..9af1c43 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1152,6 +1152,8 @@ function squash_from_bytes($size, $round = "") { function pkg_reinstall_all() { global $g, $config; + + @unlink('/conf/needs_package_sync'); $pkg_id = 0; $todo = array(); if (is_array($config['installedpackages']['package'])) diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index 6ba46d4..287a267 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -325,6 +325,12 @@ $priv_list['page-status-systemlogs-ppp']['match'] = array(); $priv_list['page-status-systemlogs-ppp']['match'][] = "diag_logs_ppp.php*"; $priv_list['page-diagnostics-nanobsd'] = array(); +$priv_list['page-diagnostics-nanobsd']['name'] = "WebCfg - Diagnostics: Edit file"; +$priv_list['page-diagnostics-nanobsd']['descr'] = "Allow access to the 'Diagnostics: Edit File' page."; +$priv_list['page-diagnostics-nanobsd']['match'] = array(); +$priv_list['page-diagnostics-nanobsd']['match'][] = "edit.php*"; + +$priv_list['page-diagnostics-nanobsd'] = array(); $priv_list['page-diagnostics-nanobsd']['name'] = "WebCfg - Diagnostics: NanoBSD"; $priv_list['page-diagnostics-nanobsd']['descr'] = "Allow access to the 'Diagnostics: NanoBSD' page."; $priv_list['page-diagnostics-nanobsd']['match'] = array(); @@ -342,6 +348,12 @@ $priv_list['page-diagnostics-cpuutilization']['descr'] = "Allow access to the 'D $priv_list['page-diagnostics-cpuutilization']['match'] = array(); $priv_list['page-diagnostics-cpuutilization']['match'][] = "graph_cpu.php*"; +$priv_list['page-diagnostics-cpuutilization'] = array(); +$priv_list['page-diagnostics-cpuutilization']['name'] = "WebCfg - XMLRPC CPU Utilization page"; +$priv_list['page-diagnostics-cpuutilization']['descr'] = "Allow access to the 'XMLRPC CPU Utilization' page."; +$priv_list['page-diagnostics-cpuutilization']['match'] = array(); +$priv_list['page-diagnostics-cpuutilization']['match'][] = "stats.php*"; + $priv_list['page-diagnostics-haltsystem'] = array(); $priv_list['page-diagnostics-haltsystem']['name'] = "WebCfg - Diagnostics: Halt system page"; $priv_list['page-diagnostics-haltsystem']['descr'] = "Allow access to the 'Diagnostics: Halt system' page."; @@ -1164,4 +1176,4 @@ $priv_list['page-firewall-schedules-edit']['match'][] = "firewall_schedule_edit. $priv_rmvd = array(); -?>
\ No newline at end of file +?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index c87d1ad..fee3786 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2386,6 +2386,10 @@ function upgrade_076_to_077() { enable_rrd_graphing(); if ($g['booting']) echo "Updating configuration..."; + foreach($config['filter']['rule'] as & $rule) { + if (isset($rule['protocol']) && !empty($rule['protocol'])) + $rule['protocol'] = strtolower($rule['protocol']); + } } ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index ced3085..cf531ce 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -532,7 +532,7 @@ function is_domain($domain) { /* returns true if $macaddr is a valid MAC address */ function is_macaddr($macaddr) { - return preg_match('/^[0-9A-F]{2}(?=([:]?))(?:\\1[0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; + return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; } /* returns true if $name is a valid name for an alias */ diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2e72a6d..0e21224 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -903,21 +903,21 @@ EOD; /* load SPD */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); - /* start filterdns, if necessary */ - if (count($filterdns_list) > 0) { - $interval = 60; - if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) - $interval = $ipseccfg['dns-interval']; - - $hostnames = ""; - array_unique($filterdns_list); - foreach ($filterdns_list as $hostname) - $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; - file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); - - killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); - mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/filterdns-ipsec.hosts -d 1"); - } + } + /* start filterdns, if necessary */ + if (count($filterdns_list) > 0) { + $interval = 60; + if (!empty($ipseccfg['dns-interval']) && is_numeric($ipseccfg['dns-interval'])) + $interval = $ipseccfg['dns-interval']; + + $hostnames = ""; + array_unique($filterdns_list); + foreach ($filterdns_list as $hostname) + $hostnames .= "cmd {$hostname} '/etc/rc.newipsecdns'\n"; + file_put_contents("{$g['varetc_path']}/filterdns-ipsec.hosts", $hostnames); + + killbypid("{$g['varrun_path']}/filterdns-ipsec.pid"); + mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c {$g['varetc_path']}/filterdns-ipsec.hosts -d 1"); } vpn_ipsec_failover_configure(); diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index c8fcabe..141f04a 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -43,6 +43,10 @@ while (file_exists("{$g['varrun_path']}/booting")) { sleep(1); } + while(stristr(shell_exec("/bin/ps auxww"), "rc.newipsecdns")) { + // log_error("There is an existing rc.newipsecdns running, sleeping 1 second"); + sleep(1); + } log_error("IPSEC: One or more IPsec tunnel endpoints has changed its IP. Refreshing."); /* We will walk the list of hostnames found in the ipsec tunnel diff --git a/etc/rc.newwanip b/etc/rc.newwanip index b85d102..f4e59c7 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -45,8 +45,16 @@ require_once("openvpn.inc"); if($g['booting']) exit; -/* Interface IP address has changed */ +function restart_packages() { + global $oldip, $curwanipi, $g; + + /* restart packages */ + mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); + log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); + mwexec_bg("/etc/rc.start_packages"); +} +/* Interface IP address has changed */ $argument = str_replace("\n", "", $argv[1]); log_error("rc.newwanip: Informational is starting {$argument}."); @@ -71,6 +79,12 @@ if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { exit; } +if (empty($interface)) { + filter_configure(); + restart_packages(); + exit; +} + $oldip = "0.0.0.0"; if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); @@ -124,9 +138,6 @@ if (substr($interface_real, 0, 4) != "ovpn") /* reload graphing functions */ enable_rrd_graphing(); -/* restart packages */ -mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); -mwexec_bg("/etc/rc.start_packages"); -log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); +restart_packages(); ?> diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 30dec37..996cdeb 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -122,7 +122,7 @@ setTimeout('window.close();',5000) ; </HTML> EOD; - disconnect_client($_POST['logout_id']); + captiveportal_disconnect_client($_POST['logout_id']); exit; } else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) { /* radius functions handle everything so we exit here since we're done */ diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 075a919..3365bba 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -99,6 +99,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Synchronize Certificates</fielddescr> + <fieldname>synchronizecerts</fieldname> + <description>When this option is enabled, this system will automatically sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Synchronize rules</fielddescr> <fieldname>synchronizerules</fieldname> <description>When this option is enabled, this system will automatically sync the firewall rules to the other CARP host when changes are made..</description> @@ -131,7 +137,7 @@ <field> <fielddescr>Synchronize OpenVPN</fielddescr> <fieldname>synchronizeopenvpn</fieldname> - <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made.</description> + <description>When this option is enabled, this system will automatically sync the OpenVPN configuration to the other CARP host when changes are made. Using this option implies "Synchronize Certificates" as they are required for OpenVPN.</description> <type>checkbox</type> </field> <field> diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php index 3b94d69..942904a 100644 --- a/usr/local/www/edit.php +++ b/usr/local/www/edit.php @@ -29,6 +29,13 @@ pfSense_MODULE: shell */ +##|+PRIV +##|*IDENT=page-diagnostics-edit +##|*NAME=Diagnostics: Edit FIle +##|*DESCR=Allow access to the 'Diagnostics: Edit File' page. +##|*MATCH=edit.php* +##|-PRIV + $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index e4cb57f..a8a6fe3 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -1343,7 +1343,10 @@ $i--): ?> $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> / @@ -1361,7 +1364,10 @@ $i--): ?> $qselected = 1; echo " SELECTED"; } - echo ">{$q}</option>"; + if (isset($ifdisp[$q])) + echo ">{$ifdisp[$q]}</option>"; + else + echo ">{$q}</option>"; } ?> </select> diff --git a/usr/local/www/graph_cpu.php b/usr/local/www/graph_cpu.php index 3908153..9c6dbd7 100644 --- a/usr/local/www/graph_cpu.php +++ b/usr/local/www/graph_cpu.php @@ -39,6 +39,8 @@ ##|*MATCH=graph_cpu.php* ##|-PRIV +require_once("guiconfig.inc"); + header("Last-Modified: " . gmdate( "D, j M Y H:i:s" ) . " GMT" ); header("Expires: " . gmdate( "D, j M Y H:i:s", time() ) . " GMT" ); header("Cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1 diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php index 063d9bc..eacaa23 100644 --- a/usr/local/www/headjs.php +++ b/usr/local/www/headjs.php @@ -34,6 +34,8 @@ ##|*MATCH=headjs.php* ##|-PRIV +require_once("guiconfig.inc"); + function getHeadJS() { global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif; @@ -163,4 +165,4 @@ function getHeadJS() { return $headjs; } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/help.php b/usr/local/www/help.php index 59cc905..a89a551 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -4,6 +4,8 @@ * */ +require_once("guiconfig.inc"); + /* Define hash of jumpto url maps */ /* Links to categories could probably be more specific. */ diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index dc886e3..606d06b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -93,6 +93,8 @@ if ($_POST) { $lagg['descr'] = $_POST['descr']; $lagg['laggif'] = $_POST['laggif']; $lagg['proto'] = $_POST['proto']; + if (isset($id) && $a_laggs[$id]) + $lagg['laggif'] = $a_laggs[$id]['laggif']; $lagg['laggif'] = interface_lagg_configure($lagg); if ($lagg['laggif'] == "" || !stristr($lagg['laggif'], "lagg")) diff --git a/usr/local/www/stats.php b/usr/local/www/stats.php index 54e5ef6..3ce8096 100644 --- a/usr/local/www/stats.php +++ b/usr/local/www/stats.php @@ -28,11 +28,19 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("includes/functions.inc.php"); +##|+PRIV +##|*IDENT=page-diagnostics-cpuutilization +##|*NAME=Diagnostics: CPU Utilization page +##|*DESCR=Allow access to the 'Diagnostics: CPU Utilization' page. +##|*MATCH=stats.php* +##|-PRIV + +require_once("guiconfig.inc"); +require_once("includes/functions.inc.php"); $cpu = cpu_usage(); echo $cpu; exit; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 9560041..8913367 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -81,9 +81,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { if ($_GET['order'] == "ip") @@ -131,7 +132,7 @@ if ($_GET['order']) { <?php endif; ?> <td class="list sort_ignore"></td> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -141,7 +142,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$sid;?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index d240d69..829515f 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -68,9 +68,10 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); + $sessionid = $cpent[5]; if ($_GET['showact']) $cpent[5] = captiveportal_get_last_activity($cpent[2]); - $cpdb[] = $cpent; + $cpdb[$sessionid] = $cpent; } if ($_GET['order']) { @@ -97,7 +98,7 @@ if ($_GET['order']) { <td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td> <?php endif; ?> </tr> -<?php foreach ($cpdb as $cpent): ?> +<?php foreach ($cpdb as $sid => $cpent): ?> <tr> <td class="listlr"><?=$cpent[2];?></td> <td class="listr"><?=$cpent[3];?> </td> @@ -107,7 +108,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$sid;?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> </tr> <?php endforeach; ?> </table> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 5af4510..e48cfb3 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -603,7 +603,7 @@ function step12_submitphpaction() { $rule['destination']['network'] = $server['interface'] . "ip"; $rule['destination']['port'] = $server['local_port']; $rule['interface'] = $server['interface']; - $rule['protocol'] = $server['protocol']; + $rule['protocol'] = strtolower($server['protocol']); $rule['type'] = "pass"; $rule['enabled'] = "on"; $config['filter']['rule'][] = $rule; |