diff options
33 files changed, 738 insertions, 388 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9c78017..37f195c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1,9 +1,12 @@ <?php /* captiveportal.inc - part of m0n0wall (http://m0n0.ch/wall) + part of pfSense (http://www.pfSense.org) - Copyright (C) 2009 Ermal Luçi + originally part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2009 Ermal Luçi <ermal.luci@gmail.com> Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -91,30 +94,77 @@ function captiveportal_configure() { else { /* example/template page */ $htmltext = <<<EOD -<html> -<head> -<title>{$g['product_name']} captive portal</title> -</head> -<body> -<center> -<h2>{$g['product_name']} captive portal</h2> -Welcome to the {$g['product_name']} Captive Portal! -<p> -<form method="post" action="\$PORTAL_ACTION\$"> -<input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> -<table> - <tr><td>Username:</td><td><input name="auth_user" type="text"></td></tr> - <tr><td>Password:</td><td><input name="auth_pass" type="password"></td></tr> - <tr><td> </td></tr> - <tr> - <td colspan="2"> - <center><input name="accept" type="submit" value="Continue"></center> - </td> - </tr> -</table> -</center> -</form> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> @@ -142,18 +192,77 @@ EOD; else { /* example page */ $errtext = <<<EOD -<html> -<head> -<title>Authentication error</title> -</head> -<body> -<font color="#cc0000"><h2>Authentication error</h2></font> -<b> -Username and/or password invalid. -<br><br> -<a href="javascript:history.back(); ">Go back</a> -</b> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> EOD; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index aa3fff5..ec11bf0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -160,7 +160,7 @@ function filter_delete_states_for_down_gateways() { if (!is_ipaddr($gwip)) $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gateway['srcip']} "; + $cmd = "/sbin/pfctl -b {$gwstatus['srcip']} "; if (is_ipaddr($gwip)) $cmd .= "-b {$gwip}"; mwexec($cmd); @@ -1457,7 +1457,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 44bad2b..18dc18f 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1059,7 +1059,7 @@ function interface_ppps_configure($interface) { if($g['booting']) { $descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface); - echo " configuring {$upper_type} on {$descr} interface...\n"; + echo "starting {$pppif} link..."; // Do not re-configure the interface if we are booting and it's already been started if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) return 0; @@ -1689,7 +1689,7 @@ function interface_carp_configure(&$vip) { /* Ensure CARP IP really exists prior to loading up. */ $ww_subnet_ip = find_interface_ip($realif); $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits)) { + if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IP address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } @@ -2489,6 +2489,10 @@ function interface_configure($interface = "wan", $reloadall = false) { link_interface_to_vips($interface, "update"); + $grouptmp = link_interface_to_group($interface); + if (!empty($grouptmp)) + interface_group_add_member($realif, $grouptmp); + if ($interface == "lan") /* make new hosts file */ system_hosts_generate(); @@ -2627,6 +2631,10 @@ function interface_group_setup(&$groupname /* The parameter is an array */) { return; } + +function interface_group_add_member($interface, $groupname) { + mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); +} /* COMPAT Function */ function convert_friendly_interface_to_real_interface_name($interface) { @@ -2667,7 +2675,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if ($config['interfaces'][$if]['if'] == $interface) return $if; - if (get_real_interface($if) == $interface) + if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; $int = interface_translate_type_to_real($if); @@ -3026,6 +3034,17 @@ function link_interface_to_bridge($int) { } } +function link_interface_to_group($int) { + global $config; + + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $group) { + if (in_array($int, explode(" ", $groupname['members']))) + return "{$group['ifname']}"; + } + } +} + function link_interface_to_gre($interface) { global $config; @@ -3081,6 +3100,25 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } +function ip_in_interface_alias_subnet($interface, $ipalias) { + global $config; + + if (empty($interface) || !is_ipaddr($ipalias)) + return 0; + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "ipalias": + if ($vip['interface'] <> $interface) + continue; + if (ip_in_subnet($ipalias, gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'])) + return 1; + break; + } + } + } +} + function get_interface_ip($interface = "wan") { $realif = get_real_interface($interface); diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index da7f7e4..574c6a6 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -371,6 +371,7 @@ function enable_rrd_graphing() { foreach($config['openvpn']['openvpn-server'] as $server) { if("ovpns{$server['vpnid']}" == $ifname) { $port = $server['local_port']; + $vpnid = $server['vpnid']; } } } @@ -383,7 +384,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; - $rrdupdatesh .= "`list_current_users | nc localhost {$port} | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; + $rrdupdatesh .= "`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; } /* QUEUES, set up the queues databases */ diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4b98634..682472a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -356,6 +356,8 @@ EOD; $dhhostname = str_replace(".", "_", $dhhostname); $dhcpdconf .= " option host-name {$dhhostname};\n"; } + if ($sm['netbootfile']) + $dhcpdconf .= " filename \"{$sm['netbootfile']}\";\n"; $dhcpdconf .= "}\n"; $i++; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index aae2e07..bcc0e0e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -233,20 +233,20 @@ function system_hosts_generate() { } function system_dhcpleases_configure() { - global $configure, $g; - + global $config, $g; + /* Start the monitoring process for dynamic dhcpclients. */ if (isset($config['dnsmasq']['regdhcp'])) { /* Make sure we do not error out */ @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); - if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); - else - mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$syscfg['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); - } else { - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); - @unlink("{$g['varrun_path']}/dhcpleases.pid"); - } + if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); + else + mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); + } else { + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); + @unlink("{$g['varrun_path']}/dhcpleases.pid"); + } } function system_hostname_configure() { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index f782b45..cd7d75a 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1415,6 +1415,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $server['vpnid'] = $vpnid++; + if (!empty($server['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $server['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $server['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $server['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}"; + break; + } + } + } + } + $config['openvpn']['openvpn-server'][] = $server; } unset($config['installedpackages']['openvpnserver']); @@ -1489,6 +1517,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $client['vpnid'] = $vpnid++; + if (!empty($client['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $client['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $client['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $client['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}"; + break; + } + } + } + } + if (!empty($client['disable'])) $client['disable'] = true; else diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 29e35c8..6ea0732 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -145,9 +145,16 @@ function voucher_auth($voucher_received, $test = 0) { // All given vouchers were valid and this isn't simply a test. // Write back the used DB's - if (is_array($bitstring)) - foreach ($bitstring as $roll => $used) - voucher_write_used_db($roll, base64_encode($used)); + if (is_array($bitstring)) { + foreach ($bitstring as $roll => $used) { + if(is_array($used)) { + foreach($used as $u) + voucher_write_used_db($roll, base64_encode($u)); + } else { + voucher_write_used_db($roll, base64_encode($used)); + } + } + } // Active DB: we only add the first voucher if multiple given // and give that one all the time credit. This allows the user to logout and diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 922cd5f..ab8d474 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1213,7 +1213,7 @@ EOD; $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); - if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['server']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; } else { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; @@ -1273,9 +1273,9 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - if (isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['server']['enable'])) { $mpdconf .=<<<EOD - set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" set radius retries 3 set radius timeout 10 set auth enable radius-auth diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index ff5156f..7731302 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -48,104 +48,104 @@ require_once("interfaces.inc"); * the configuration section */ function backup_vip_config_section() { - global $config; - $new_section = &$config['virtualip']; - foreach($new_section['vip'] as $section) { - if($section['mode'] == "proxyarp") { - unset($section); - } - if($section['advskew'] <> "") { - $section_val = intval($section['advskew']); - $section_val=$section_val+100; - if($section_val > 255) - $section_val = 255; - $section['advskew'] = $section_val; - } - $temp['vip'][] = $section; - } - return $temp; + global $config; + $new_section = &$config['virtualip']; + foreach($new_section['vip'] as $section) { + if($section['mode'] == "proxyarp") { + unset($section); + } + if($section['advskew'] <> "") { + $section_val = intval($section['advskew']); + $section_val=$section_val+100; + if($section_val > 255) + $section_val = 255; + $section['advskew'] = $section_val; + } + $temp['vip'][] = $section; + } + return $temp; } function remove_special_characters($string) { - $match_array = ""; - preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); - $string = ""; - foreach ($match_array[0] as $ma) { - if ($string <> "") - $string .= " "; - $string .= $ma; - } - return $string; + $match_array = ""; + preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); + $string = ""; + foreach ($match_array[0] as $ma) { + if ($string <> "") + $string .= " "; + $string .= $ma; + } + return $string; } function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { - global $config, $g; + global $config, $g; - if(file_exists("{$g['varrun_path']}/booting")) - return; + if(file_exists("{$g['varrun_path']}/booting")) + return; - update_filter_reload_status("Syncing CARP data to {$url}"); + update_filter_reload_status("Syncing CARP data to {$url}"); - /* make a copy of config */ - $config_copy = $config; + /* make a copy of config */ + $config_copy = $config; - /* strip out nosync items */ - if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); - } + /* strip out nosync items */ + if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } - if (is_array($config_copy['nat']['rule'])) { + } + if (is_array($config_copy['nat']['rule'])) { $natcnt = count($config_copy['nat']['rule']); - for ($x = 0; $x < $natcnt; $x++) { - $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['rule'][$x]); + for ($x = 0; $x < $natcnt; $x++) { + $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['rule'][$x]); } - } - if (is_array($config_copy['filter']['rule'])) { + } + if (is_array($config_copy['filter']['rule'])) { $filtercnt = count($config_copy['filter']['rule']); - for ($x = 0; $x < $filtercnt; $x++) { - $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); - if (isset ($config_copy['filter']['rule'][$x]['nosync'])) - unset ($config_copy['filter']['rule'][$x]); + for ($x = 0; $x < $filtercnt; $x++) { + $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); + if (isset ($config_copy['filter']['rule'][$x]['nosync'])) + unset ($config_copy['filter']['rule'][$x]); } - } - if (is_array($config_copy['aliases']['alias'])) { + } + if (is_array($config_copy['aliases']['alias'])) { $aliascnt = count($config_copy['aliases']['alias']); - for ($x = 0; $x < $aliascnt; $x++) { - $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); - if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) - unset ($config_copy['aliases']['alias'][$x]); - } + for ($x = 0; $x < $aliascnt; $x++) { + $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); + if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) + unset ($config_copy['aliases']['alias'][$x]); } - if (is_array($config_copy['dnsmasq']['hosts'])) { + } + if (is_array($config_copy['dnsmasq']['hosts'])) { $dnscnt = count($config_copy['dnsmasq']['hosts']); - for ($x = 0; $x < $dnscnt; $x++) { - $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); - if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) - unset ($config_copy['dnsmasq']['hosts'][$x]); - } + for ($x = 0; $x < $dnscnt; $x++) { + $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); + if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) + unset ($config_copy['dnsmasq']['hosts'][$x]); } - if (is_array($config_copy['virtualip']['vip'])) { + } + if (is_array($config_copy['virtualip']['vip'])) { $vipcnt = count($config_copy['virtualip']['vip']); - for ($x = 0; $x < $vipcnt; $x++) { - $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); - if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") - unset ($config_copy['virtualip']['vip'][$x]); - } + for ($x = 0; $x < $vipcnt; $x++) { + $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); + if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") + unset ($config_copy['virtualip']['vip'][$x]); } - if (is_array($config_copy['ipsec']['tunnel'])) { + } + if (is_array($config_copy['ipsec']['tunnel'])) { $ipseccnt = count($config_copy['ipsec']['tunnel']); - for ($x = 0; $x < $ipseccnt; $x++) { - $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); - if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) - unset ($config_copy['ipsec']['tunnel'][$x]); - } + for ($x = 0; $x < $ipseccnt; $x++) { + $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); + if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) + unset ($config_copy['ipsec']['tunnel'][$x]); } + } if (is_array($config_copy['dhcpd'])) { foreach($config_copy['dhcpd'] as $dhcpif => $dhcpifconf) { @@ -157,10 +157,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens } } - foreach ($sections as $section) { - /* we can't use array_intersect_key() - * due to the vip 'special case' - */ + foreach ($sections as $section) { + /* we can't use array_intersect_key() + * due to the vip 'special case' + */ switch ($section) { case 'virtualip': $xml[$section] = backup_vip_config_section(); @@ -174,49 +174,49 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens default: $xml[$section] = $config_copy[$section]; } - } + } - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); - $numberofruns = 0; - while ($numberofruns < 2) { - log_error("Beginning XMLRPC sync to {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $password); - if($numberofruns > 1) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "240"); - if($resp->faultCode()) { - $error = "A communications error occurred while attempting communication with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - return; - } - if(!$resp) { - $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } else { - log_error("XMLRPC sync successfully completed with {$url}:{$port}."); - $numberofruns = 3; - } - $parsed_response = XML_RPC_Decode($resp->value()); - if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - $numberofruns = 5; - } - $numberofruns++; - } + $numberofruns = 0; + while ($numberofruns < 2) { + log_error("Beginning XMLRPC sync to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if($resp->faultCode()) { + $error = "A communications error occurred while attempting communication with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + return; + } + if(!$resp) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } else { + log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + $numberofruns = 3; + } + $parsed_response = XML_RPC_Decode($resp->value()); + if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + $numberofruns = 5; + } + $numberofruns++; + } } global $g; @@ -227,89 +227,95 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { if ($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $carp['synchronizetoip']; - if ($carp['synchronizerules'] != "" and is_array($config['filter'])) - $sections[] = 'filter'; - if ($carp['synchronizenat'] != "" and is_array($config['nat'])) - $sections[] = 'nat'; - if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) - $sections[] = 'aliases'; - if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) - $sections[] = 'dhcpd'; - if ($carp['synchronizewol'] != "" and is_array($config['wol'])) - $sections[] = 'wol'; - if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) - $sections[] = 'shaper'; - if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) { - $sections[] = 'staticroutes'; - $sections[] = 'gateways'; - } - if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) - $sections[] = 'virtualip'; - if ($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) - $sections[] = 'load_balancer'; - if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) - $sections[] = 'ipsec'; - if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) { - $sections[] = 'openvpn'; - $mergesections[] = 'cert'; - $mergesections[] = 'ca'; - } - if ($carp['synchronizeusers'] != "") { - $mergesections[] = 'user'; - $mergesections[] = 'group'; - } - if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) - $sections[] = 'dnsmasq'; - if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) - $sections[] = 'schedules'; - if (count($sections) > 0) { - update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); - if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); - $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); - $params = array( - XML_RPC_encode($carp['password']) - ); + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if ($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } - $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $carp['password']); - $resp = $cli->send($msg, "900"); + /* if port is empty lets rely on the protocol selection */ + $port = $config['system']['webgui']['port']; + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } - if(!$resp) { - $error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } else { - log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}."); - $numberofruns = 3; - } - } - break; - } - } + $synchronizetoip .= $carp['synchronizetoip']; + if ($carp['synchronizerules'] != "" and is_array($config['filter'])) + $sections[] = 'filter'; + if ($carp['synchronizenat'] != "" and is_array($config['nat'])) + $sections[] = 'nat'; + if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) + $sections[] = 'aliases'; + if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) + $sections[] = 'dhcpd'; + if ($carp['synchronizewol'] != "" and is_array($config['wol'])) + $sections[] = 'wol'; + if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) + $sections[] = 'shaper'; + if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) { + $sections[] = 'staticroutes'; + $sections[] = 'gateways'; + } + if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) + $sections[] = 'virtualip'; + if ($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) + $sections[] = 'load_balancer'; + if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) + $sections[] = 'ipsec'; + if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) { + $sections[] = 'openvpn'; + $mergesections[] = 'cert'; + $mergesections[] = 'ca'; + } + if ($carp['synchronizeusers'] != "") { + $mergesections[] = 'user'; + $mergesections[] = 'group'; + } + if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) + $sections[] = 'dnsmasq'; + if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) + $sections[] = 'schedules'; + if ($carp['synchronizecaptiveportal'] != "" and is_array($config['captiveportal'])) + $sections[] = 'captiveportal'; + if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) + $sections[] = 'vouchers'; + if (count($sections) > 0) { + update_filter_reload_status("Signaling CARP reload signal..."); + carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + if (is_array($mergesections)) + carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); + $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); + $params = array( + XML_RPC_encode($carp['password']) + ); + + $msg = new XML_RPC_Message('pfsense.filter_configure', $params); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $carp['password']); + $resp = $cli->send($msg, "900"); + + if(!$resp) { + $error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } else { + log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}."); + $numberofruns = 3; + } + } + break; + } + } } -?> +?>
\ No newline at end of file diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 5479eed..ee26d95 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -228,7 +228,7 @@ if [ $RAM -gt 96 ]; then ; APC Settings apc.enabled="1" -apc.enable_cli="1" +apc.enable_cli="0" apc.shm_size="${APCSHMEMSIZE}" [suhosin] diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 6316d0c..79a9fa6 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -486,12 +486,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut include("{$g['varetc_path']}/captiveportal-logout.html"); } else { - if($_POST['ORIGINAL_PORTAL_IP'] && $_SERVER['SERVER_NAME'] != $_POST['ORIGINAL_PORTAL_IP']) { - header ('HTTP/1.1 301 Moved Permanently'); - header("Location: " . $_POST['ORIGINAL_PORTAL_IP']); - } else { - header("Location: " . $my_redirurl); - } + header("Location: " . $my_redirurl); } return $sessionid; diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 170609f..de0d226 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -161,6 +161,12 @@ <type>checkbox</type> </field> <field> + <fielddescr>Synchronize Captive Portal</fielddescr> + <fieldname>synchronizecaptiveportal</fieldname> + <description>When this option is enabled, this system will automatically sync the Captive Portal configuration to the other CARP host when changes are made.</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Synchronize to IP</fielddescr> <fieldname>synchronizetoip</fieldname> <description>Enter the IP address of the firewall you are synchronizing with.</description> diff --git a/usr/local/sbin/ovpn-linkdown b/usr/local/sbin/ovpn-linkdown index 451f606..e3c7400 100755 --- a/usr/local/sbin/ovpn-linkdown +++ b/usr/local/sbin/ovpn-linkdown @@ -1,5 +1,5 @@ #!/bin/sh -/sbin/pfctl -b $3 +/sbin/pfctl -b $4 -b $5 # delete the node just in case mpd cannot do that /bin/rm -f /var/etc/nameserver_$1 /bin/rm -f /tmp/$1_router diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index 91874d4..19c0d69 100755 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -56,9 +56,9 @@ if ($_POST) { if (!$input_errors) { if (authenticate_user($_POST['username'], $_POST['password'], $authcfg)) { - $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated sucessfully."); + $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); $groups = getUserGroups($_POST['username'], $authcfg); - $savemsg .= "<br />" + gettext("This user is member of this groups") + ": <br />"; + $savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />"; foreach ($groups as $group) $savemsg .= "{$group} "; } else { diff --git a/usr/local/www/diag_logs_relayd.php b/usr/local/www/diag_logs_relayd.php index ec654c7..3aac431 100755 --- a/usr/local/www/diag_logs_relayd.php +++ b/usr/local/www/diag_logs_relayd.php @@ -67,8 +67,8 @@ include("head.inc"); $tab_array[] = array(gettext("Firewall"), false, "diag_logs_filter.php"); $tab_array[] = array(gettext("DHCP"), false, "diag_logs_dhcp.php"); $tab_array[] = array(gettext("Portal Auth"), false, "diag_logs_auth.php"); - $tab_array[] = array(gettext("PPP"), false, "diag_logs_ppp.php"); $tab_array[] = array(gettext("IPsec"), false, "diag_logs_ipsec.php"); + $tab_array[] = array(gettext("PPP"), false, "diag_logs_ppp.php"); $tab_array[] = array(gettext("VPN"), false, "diag_logs_vpn.php"); $tab_array[] = array(gettext("Load Balancer"), true, "diag_logs_relayd.php"); $tab_array[] = array(gettext("OpenVPN"), false, "diag_logs_openvpn.php"); diff --git a/usr/local/www/diag_overload_tables.php b/usr/local/www/diag_tables.php index 9c409c6..9551e51 100644 --- a/usr/local/www/diag_overload_tables.php +++ b/usr/local/www/diag_tables.php @@ -1,6 +1,6 @@ <?php /* - diag_overload_tables.php + diag_tables.php Copyright (C) 2010 Jim Pingle Portions borrowed from diag_dump_states.php: @@ -35,13 +35,13 @@ */ ##|+PRIV -##|*IDENT=page-diagnostics-overload-tables -##|*NAME=Diagnostics: PF Overload table IP addresses -##|*DESCR=Allow access to the 'Diagnostics: Overload tables' page. -##|*MATCH=diag_overload_tables.php* +##|*IDENT=page-diagnostics-tables +##|*NAME=Diagnostics: PF Table IP addresses +##|*DESCR=Allow access to the 'Diagnostics: Tables' page. +##|*MATCH=diag_tables.php* ##|-PRIV -$pgtitle = array(gettext("Diagnostics"), gettext("Overload tables")); +$pgtitle = array(gettext("Diagnostics"), gettext("Tables")); require_once("guiconfig.inc"); @@ -82,10 +82,10 @@ include("fbegin.inc"); <script language="javascript"> function method_change(entrytype) { - window.location='diag_overload_tables.php?type=' + entrytype; + window.location='diag_tables.php?type=' + entrytype; } function del_entry(entry) { - new Ajax.Request("diag_overload_tables.php?type=<?php echo $tablename;?>&delete=" + entry, { + new Ajax.Request("diag_tables.php?type=<?php echo $tablename;?>&delete=" + entry, { onComplete: function(response) { if (200 == response.status) new Effect.Fade($(response.responseText), { duration: 1.0 } ); @@ -133,7 +133,7 @@ include("fbegin.inc"); <?php if($count > 0) - echo "<p/>" . gettext("Delete") . " <a href='diag_overload_tables.php?deleteall=true&type={$tablename}'>" . gettext("all") . "</a> " . gettext("entries in this table."); + echo "<p/>" . gettext("Delete") . " <a href='diag_tables.php?deleteall=true&type={$tablename}'>" . gettext("all") . "</a> " . gettext("entries in this table."); ?> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index fa8f9d4..48cbe83 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -186,7 +186,7 @@ $diagnostics_menu[] = array("DNS Lookup", "/diag_dns.php"); $diagnostics_menu[] = array("Edit File", "/edit.php"); $diagnostics_menu[] = array("Factory Defaults", "/diag_defaults.php"); $diagnostics_menu[] = array("Halt System", "/halt.php" ); -$diagnostics_menu[] = array("Overload tables", "/diag_overload_tables.php"); +$diagnostics_menu[] = array("Tables", "/diag_tables.php"); $diagnostics_menu[] = array("Ping", "/diag_ping.php"); $diagnostics_menu[] = array("pfTOP", "/diag_system_pftop.php"); $diagnostics_menu[] = array("Reboot", "/reboot.php"); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index ceded3d..7f75f83 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -362,17 +362,14 @@ if ($_POST) { // If a rule already exists, load it if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); - if ($filterentid == false) { - pconfig_to_address($filterent['source'], $_POST['src'], - $_POST['srcmask'], $_POST['srcnot'], - $_POST['srcbeginport'], $_POST['srcendport']); + if ($filterentid == false) $filterent['associated-rule-id'] = $natent['associated-rule-id']; - } else + else $filterent =& $config['filter']['rule'][$filterentid]; - } else - pconfig_to_address($filterent['source'], $_POST['src'], - $_POST['srcmask'], $_POST['srcnot'], - $_POST['srcbeginport'], $_POST['srcendport']); + } + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); // Update interface, protocol and destination $filterent['interface'] = $_POST['interface']; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 3a769b7..3c2ccd6 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -71,6 +71,25 @@ function check_for_advanced_options(&$item) { $item_set .= "max-src-conn-rate {$item['max-src-conn-rate']} "; if($item['max-src-conn-rates']) $item_set .= "max-src-conn-rates {$item['max-src-conn-rates']} "; + if($item['gateway']) + $item_set .= "gateway {$item['gateway']} "; + if($item['dnpipe']) + $item_set .= "limiter {$item['dnpipe']} "; + if($item['pdnpipe']) + $item_set .= "limiter {$item['pdnpipe']} "; + if($item['l7container']) + $item_set .= "layer7 {$item['l7container']} "; + if($item['tag']) + $item_set .= "tag {$item['tag']} "; + if($item['tagged']) + $item_set .= "tagged {$item['tagged']} "; + if(isset($item['allowopts'])) + $item_set .= "allowopts "; + if(isset($item['disablereplyto'])) + $item_set .= "disable reply-to "; + if($item['tcpflags_any'] || $item['tcpflags1'] || $item['tcpflags2']) + $item_set .= "tcpflags set"; + return $item_set; } diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 1ccfc2a..ec15fdf 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -108,6 +108,15 @@ if ($_GET['act'] == "del") { } } + if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { + $vipiface = $a_vip[$_GET['id']]['interface']; + foreach ($a_vip as $vip) { + if ($vip['interface'] == $vipiface && $vip['mode'] == "carp") + if (ip_in_subnet($vip['subnet'], gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'])) + $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; + } + } + if (!$input_errors) { // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index ffddef7..8951435 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -143,7 +143,7 @@ if ($_POST) { $parent_ip = get_interface_ip($_POST['interface']); $parent_sn = get_interface_subnet($_POST['interface']); - if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn)) { + if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); } else if ($parent_sn != $_POST['subnet_bits']) @@ -154,8 +154,22 @@ if ($_POST) { } if (isset($id) && ($a_vip[$id])) { - if ($a_vip[$id]['mode'] != $_POST['mode']) - interface_vip_bring_down($a_vip[$id]); + if ($a_vip[$id]['mode'] != $_POST['mode']) { + $bringdown = false; + if ($a_vip[$id]['mode'] == "proxyarp") { + $vipiface = $a_vip[$id]['interface']; + foreach ($a_vip as $vip) { + if ($vip['interface'] == $vipiface && $vip['mode'] == "carp") { + if (ip_in_subnet($vip['subnet'], gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'])) { + $input_errors[] = gettext("This entry cannot be modified because it is still referenced by CARP") . " {$vip['descr']}."; + $bringdown = false; + } + } + } + } + if (bringdown == false) + interface_vip_bring_down($a_vip[$id]); + } if ($a_vip[$id]['interface'] != $_POST['interface']) interface_vip_bring_down($a_vip[$id]); } diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 421286c..41f0fd2 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -241,7 +241,9 @@ if ($_POST['apply']) { if ($_GET['act'] == "del") { $id = $_GET['id']; - if (link_interface_to_bridge($id)) + if (link_interface_to_group($id)) + $input_errors[] = gettext("The interface is part of a group. Please remove it from the group to continue"); + else if (link_interface_to_bridge($id)) $input_errors[] = gettext("The interface is part of a bridge. Please remove it from the bridge to continue"); else if (link_interface_to_gre($id)) $input_errors[] = gettext("The interface is part of a gre tunnel. Please delete the tunnel to continue"); diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index df42a15..52e6fe3 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -131,31 +131,45 @@ include("fbegin.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php if ($pkg['tabs'] <> "") { - echo '<tr><td>'; - $tab_array = array(); - foreach($pkg['tabs']['tab'] as $tab) { - if(isset($tab['active'])) { - $active = true; - } else { - $active = false; - } - $urltmp = ""; - if($tab['url'] <> "") - $urltmp = $tab['url']; - if($tab['xml'] <> "") - $urltmp = "pkg_edit.php?xml=" . $tab['xml']; - - $myurl = getenv("HTTP_HOST"); - // eval url so that above $myurl item can be processed if need be. - $url = str_replace('$myurl', $myurl, $urltmp); - $tab_array[] = array( - $tab['text'], - $active, - $url - ); + $tab_array = array(); + foreach($pkg['tabs']['tab'] as $tab) { + if($tab['tab_level']) + $tab_level = $tab['tab_level']; + else + $tab_level = 1; + if(isset($tab['active'])) { + $active = true; + } else { + $active = false; + } + $urltmp = ""; + if($tab['url'] <> "") $urltmp = $tab['url']; + if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; + + $addresswithport = getenv("HTTP_HOST"); + $colonpos = strpos($addresswithport, ":"); + if ($colonpos !== False) { + //my url is actually just the IP address of the pfsense box + $myurl = substr($addresswithport, 0, $colonpos); + } else { + $myurl = $addresswithport; + } + // eval url so that above $myurl item can be processed if need be. + $url = str_replace('$myurl', $myurl, $urltmp); + + $tab_array[$tab_level][] = array( + $tab['text'], + $active, + $url + ); + } + + ksort($tab_array); + foreach($tab_array as $tab) { + echo '<tr><td>'; + display_top_tabs($tab); + echo '</td></tr>'; } - display_top_tabs($tab_array); - echo '</td></tr>'; } ?> <script> diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 9d2ef13..cd9af8a 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -332,39 +332,45 @@ foreach ($pkg['fields']['field'] as $field) { <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php if ($pkg['tabs'] <> "") { - echo '<tr><td>'; $tab_array = array(); foreach($pkg['tabs']['tab'] as $tab) { - if(isset($tab['active'])) { - $active = true; - } else { - $active = false; - } - $urltmp = ""; - if($tab['url'] <> "") $urltmp = $tab['url']; - if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; - - $addresswithport = getenv("HTTP_HOST"); - $colonpos = strpos($addresswithport, ":"); - if ($colonpos !== False){ - //my url is actually just the IP address of the pfsense box - $myurl = substr($addresswithport, 0, $colonpos); - } - else - { - $myurl = $addresswithport; - } - // eval url so that above $myurl item can be processed if need be. - $url = str_replace('$myurl', $myurl, $urltmp); - - $tab_array[] = array( - $tab['text'], - $active, - $url - ); + if($tab['tab_level']) + $tab_level = $tab['tab_level']; + else + $tab_level = 1; + if(isset($tab['active'])) { + $active = true; + } else { + $active = false; + } + $urltmp = ""; + if($tab['url'] <> "") $urltmp = $tab['url']; + if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; + + $addresswithport = getenv("HTTP_HOST"); + $colonpos = strpos($addresswithport, ":"); + if ($colonpos !== False) { + //my url is actually just the IP address of the pfsense box + $myurl = substr($addresswithport, 0, $colonpos); + } else { + $myurl = $addresswithport; + } + // eval url so that above $myurl item can be processed if need be. + $url = str_replace('$myurl', $myurl, $urltmp); + + $tab_array[$tab_level][] = array( + $tab['text'], + $active, + $url + ); } - display_top_tabs($tab_array); - echo '</td></tr>'; + + ksort($tab_array); + foreach($tab_array as $tab) { + echo '<tr><td>'; + display_top_tabs($tab); + echo '</td></tr>'; + } } ?> <tr><td><div id="mainarea"><table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index d1f6ed9..53094bc 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -716,7 +716,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> <br> <br> <?php endif; ?> -<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when an authentication error occurs. " . +<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when logout event occurs. " . "You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td> </tr> <tr> diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php index 26d3580..51da0f4 100755 --- a/usr/local/www/services_dhcp_edit.php +++ b/usr/local/www/services_dhcp_edit.php @@ -73,7 +73,7 @@ if (!is_array($config['dhcpd'][$if]['staticmap'])) { } $static_arp_enabled=isset($config['dhcpd'][$if]['staticarp']); - +$netboot_enabled=isset($config['dhcpd'][$if]['netboot']); $a_maps = &$config['dhcpd'][$if]['staticmap']; $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); @@ -87,10 +87,12 @@ if (isset($id) && $a_maps[$id]) { $pconfig['mac'] = $a_maps[$id]['mac']; $pconfig['hostname'] = $a_maps[$id]['hostname']; $pconfig['ipaddr'] = $a_maps[$id]['ipaddr']; + $pconfig['netbootfile'] = $a_maps[$id]['netbootfile']; $pconfig['descr'] = $a_maps[$id]['descr']; } else { $pconfig['mac'] = $_GET['mac']; $pconfig['hostname'] = $_GET['hostname']; + $pconfig['netbootfile'] = $_GET['netbootfile']; $pconfig['descr'] = $_GET['descr']; } @@ -156,6 +158,7 @@ if ($_POST) { $mapent['ipaddr'] = $_POST['ipaddr']; $mapent['hostname'] = $_POST['hostname']; $mapent['descr'] = $_POST['descr']; + $mapent['netbootfile'] = $_POST['netbootfile']; if (isset($id) && $a_maps[$id]) $a_maps[$id] = $mapent; @@ -219,6 +222,14 @@ include("head.inc"); <input name="hostname" type="text" class="formfld unknown" id="hostname" size="20" value="<?=htmlspecialchars($pconfig['hostname']);?>"> <br> <span class="vexpl"><?=gettext("Name of the host, without domain part.");?></span></td> </tr> + <?php if($netboot_enabled) { ?> + <tr> + <td width="22%" valign="top" class="vncell">Netboot filename</td> + <td width="78%" class="vtable"> + <input name="netbootfile" type="text" class="formfld unknown" id="netbootfile" size="20" value="<?=htmlspecialchars($pconfig['netbootfile']);?>"> + <br> <span class="vexpl">Name of the file that should be loaded when this host boots off of the network, overrides setting on main page.</span></td> + </tr> + <?php } ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index f901014..ddcfd2d 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -177,14 +177,14 @@ foreach ($ifdescrs as $ifn => $ifd) { <p><form method="post" action="status_graph.php"> </form> <p> -<div> - <div class="widgetdiv" style="padding: 5px; float:left; width:46%"> +<div id="niftyOutter"> + <div id="col1" style="float: left; width: 46%; padding: 5px; position: relative;"> <object data="graph.php?ifnum=<?=$curif;?>&ifname=<?=rawurlencode($ifdescrs[$curif]);?>" type="image/svg+xml" width="<?=$width;?>" height="<?=$height;?>"> <param name="src" value="graph.php?ifnum=<?=$curif;?>&ifname=<?=rawurlencode($ifdescrs[$curif]);?>" /> <?=gettext("Your browser does not support the type SVG! You need to either use Firefox or download the Adobe SVG plugin"); ?>. </object> </div> - <div class="widgetdiv" style="padding: 5px; float:right; width:48%"> + <div id="col2" style="float: right; width: 48%; padding: 5px; position: relative;"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="listtopic" valign="top"><?=gettext("Host IP"); ?></td> @@ -272,7 +272,8 @@ foreach ($ifdescrs as $ifn => $ifd) { </td> </tr> </table> - </div> + </div> + <div style="clear: both;"></div> </div> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index 14dc30d..d66a9d7 100755 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -175,6 +175,9 @@ $dbheader = array("allgraphs-traffic.rrd", "outbound-packets.rrd", "outbound-traffic.rrd"); +/* additional menu choices for the custom tab */ +$dbheader_custom = array("system-throughput.rrd"); + foreach($databases as $database) { if(stristr($database, "-wireless")) { $wireless = true; @@ -182,7 +185,7 @@ foreach($databases as $database) { if(stristr($database, "-queues")) { $queues = true; } - if(stristr($database, "-cellular")) { + if(stristr($database, "-cellular") && !empty($config['ppps'])) { $cellular = true; } if(stristr($database, "-vpnusers")) { @@ -191,6 +194,7 @@ foreach($databases as $database) { } /* append the existing array to the header */ $ui_databases = array_merge($dbheader, $databases); +$custom_databases = array_merge($dbheader_custom, $databases); $styles = array('inverse' => gettext('Inverse'), 'absolute' => gettext('Absolute')); @@ -227,12 +231,13 @@ function get_dates($curperiod, $graph) { break; } $start = mktime((8 + $houroffset), 0, 0, $curmonth, $curday, $curyear); - if($offset == 0) + if(($offset != 0) || (($end - ($start + (12 * 3600)) ) > 0) ) { $end = mktime((8 + $houroffset) + 12, 0, 0, $curmonth, $curday, $curyear); + } break; case "day": $start = mktime(0, 0, 0, $curmonth, ($curday + $offset), $curyear); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, $curmonth, (($curday + $offset) + 1), $curyear); break; case "week": @@ -245,27 +250,27 @@ function get_dates($curperiod, $graph) { break; } $start = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset), $curyear); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset + 7), $curyear); break; case "month": $start = mktime(0, 0, 0, ($curmonth + $offset), 0, $curyear); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); break; case "quarter": $start = mktime(0, 0, 0, (($curmonth - 2) + $offset), 0, $curyear); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); break; case "year": $start = mktime(0, 0, 0, 1, 0, ($curyear + $offset)); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); break; case "4year": $start = mktime(0, 0, 0, 1, 0, (($curyear - 3) + $offset)); - if($offset == 0) + if($offset != 0) $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); break; } @@ -335,7 +340,7 @@ function get_dates($curperiod, $graph) { <?php if($curcat == "custom") { - foreach ($databases as $db => $database) { + foreach ($custom_databases as $db => $database) { $optionc = split("-", $database); $search = array("-", ".rrd", $optionc); $replace = array(" :: ", "", $friendly); @@ -357,9 +362,9 @@ function get_dates($curperiod, $graph) { switch($curcat) { case "system": - $optioncf = str_replace($search, $replace, $optionc[1]); - echo "<option value=\"$optioncf\""; - $prettyprint = ucwords(str_replace($search, $replace, $optioncf)); + $optionc = str_replace($search, $replace, $optionc[1]); + echo "<option value=\"$optionc\""; + $prettyprint = ucwords(str_replace($search, $replace, $optionc)); break; default: /* Deduce a interface if possible and use the description */ @@ -419,7 +424,7 @@ function get_dates($curperiod, $graph) { <?php $curdatabase = $curoption; $graph = "custom-$curdatabase"; - if(in_array($curdatabase, $databases)) { + if(in_array($curdatabase, $custom_databases)) { echo "<tr><td colspan=2 class=\"list\">\n"; echo "<IMG BORDER='0' name='{$graph}-{$curoption}-{$curdatabase}' "; echo "id='{$graph}-{$curoption}-{$curdatabase}' ALT=\"$prettydb Graph\" "; @@ -439,14 +444,31 @@ function get_dates($curperiod, $graph) { $replace = array(" :: ", "", $friendly); switch($curoption) { case "outbound": + /* make sure we do not show the placeholder databases in the outbound view */ + if((stristr($curdatabase, "outbound")) || (stristr($curdatabase, "allgraphs"))) { + continue 2; + } /* only show interfaces with a gateway */ $optionc = "$optionc[0]"; if(!interface_has_gateway($optionc)) { - if(!preg_match("/($optionc)-(quality)/", $curdatabase)) { + if(!isset($gateways_arr)) { + if(preg_match("/quality/i", $curdatabase)) + $gateways_arr = return_gateways_array(); + else + $gateways_arr = array(); + } + $found_gateway = false; + foreach ($gateways_arr as $gw) { + if ($gw['name'] == $optionc) { + $found_gateway = true; + break; + } + } + if(!$found_gateway) { continue 2; } } - if(! preg_match("/($optionc)[-.]/i", $curdatabase)) { + if(! preg_match("/(^$optionc-|-$optionc\\.)/i", $curdatabase)) { continue 2; } break; @@ -458,11 +480,11 @@ function get_dates($curperiod, $graph) { break; default: /* just use the name here */ - if(! preg_match("/($curoption)[-.]/i", $curdatabase)) { + if(! preg_match("/(^$curoption-|-$curoption\\.)/i", $curdatabase)) { continue 2; } } - if(in_array($curdatabase, $databases)) { + if(in_array($curdatabase, $ui_databases)) { $dates = get_dates($curperiod, $graph); $start = $dates['start']; $end = $dates['end']; @@ -488,7 +510,7 @@ function get_dates($curperiod, $graph) { <?php foreach($graphs as $graph) { /* check which databases are valid for our category */ - foreach($databases as $curdatabase) { + foreach($ui_databases as $curdatabase) { if(! stristr($curdatabase, $curcat)) { continue; } @@ -497,11 +519,31 @@ function get_dates($curperiod, $graph) { $replace = array(" :: ", "", $friendly); switch($curoption) { case "outbound": - if(!interface_has_gateway($optionc)) { - continue 2; + /* make sure we do not show the placeholder databases in the outbound view */ + if((stristr($curdatabase, "outbound")) || (stristr($curdatabase, "allgraphs"))) { + continue 2; } - if(! stristr($curdatabase, $optionc)) { + /* only show interfaces with a gateway */ + $optionc = "$optionc[0]"; + if(!interface_has_gateway($optionc)) { + if(!isset($gateways_arr)) + if(preg_match("/quality/i", $curdatabase)) + $gateways_arr = return_gateways_array(); + else + $gateways_arr = array(); + $found_gateway = false; + foreach ($gateways_arr as $gw) { + if ($gw['name'] == $optionc) { + $found_gateway = true; + break; + } + } + if(!$found_gateway) { continue 2; + } + } + if(! preg_match("/(^$optionc-|-$optionc\\.)/i", $curdatabase)) { + continue 2; } break; case "allgraphs": @@ -512,7 +554,7 @@ function get_dates($curperiod, $graph) { break; default: /* just use the name here */ - if(! stristr($curdatabase, $curoption)) { + if(! preg_match("/(^$curoption-|-$curoption\\.)/i", $curdatabase)) { continue 2; } } diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 4e7b887..c57e322 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -32,7 +32,8 @@ pfSense_MODULE: system */ -require("guiconfig.inc"); +require_once("globals.inc"); +require_once("guiconfig.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("rrd.inc"); @@ -185,7 +186,7 @@ if ($altq_list_queues[$curif]) { $speedlimit = ($upstream + $downstream); /* select theme colors if the inclusion file exists */ -$rrdcolors = "./themes/{$g['theme']}/rrdcolors.inc.php"; +$rrdcolors = "{$g['www_path']}/themes/{$g['theme']}/rrdcolors.inc.php"; if(file_exists($rrdcolors)) { include($rrdcolors); } else { diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 81c8c4c..46e8c3e 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -344,7 +344,7 @@ function enable_change(enable_over) { } ?> </select> - <br><?=gettext("Hint: 10 is TEN pppoe clients"); ?> + <br><?=gettext("Hint: 10 is ten PPPoE clients"); ?> </td> </tr> <tr> @@ -387,21 +387,21 @@ function enable_change(enable_over) { <br> </strong><?=gettext("Sends accounting packets to the RADIUS server"); ?>.<br> <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked"; ?>> - <strong><?=gettext("Use Backup Radius Server"); ?></strong><br> + <strong><?=gettext("Use Backup RADIUS Server"); ?></strong><br> <?=gettext("When set, if primary server fails all requests will be sent via backup server"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("NAS IP Address"); ?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="radius_nasip" type="text" class="formfld unknown" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> - <br><?=gettext("radius server NAS ip Address"); ?><br> + <br><?=gettext("RADIUS server NAS IP Address"); ?><br> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("RADIUS Accounting Update"); ?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="radius_acct_update" type="text" class="formfld unknown" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> - <br><?=gettext("Radius accounting update period in seconds"); ?> + <br><?=gettext("RADIUS accounting update period in seconds"); ?> </td> </tr> <tr> @@ -416,7 +416,7 @@ function enable_change(enable_over) { <input name="radiusserver" type="text" class="formfld unknown" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> <input name="radiusserverport" type="text" class="formfld unknown" id="radiusserverport" size="4" value="<?=htmlspecialchars($pconfig['radiusserverport']);?>"> <input name="radiusserveracctport" type="text" class="formfld unknown" id="radiusserveracctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserveracctport']);?>"> - <br><?=gettext("Enter the IP address and port of the RADIUS server. Format ip auth_port acct_port"); ?><br> + <br><?=gettext("Enter the IP address, authentication port and accounting port (optional) of the RADIUS server."); ?><br> <br> <?=gettext("standard port 1812 and 1813 accounting"); ?></td> </tr> <tr> @@ -432,7 +432,7 @@ function enable_change(enable_over) { <input name="radiusserver2" type="text" class="formfld unknown" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>"> <input name="radiusserver2port" type="text" class="formfld unknown" id="radiusserver2port" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2port']);?>"> <input name="radiusserver2acctport" type="text" class="formfld unknown" id="radiusserver2acctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2acctport']);?>"> - <br><?=gettext("Enter the IP address and port of the BACKUP RADIUS server. Format ip auth_port acct_port"); ?><br> + <br><?=gettext("Enter the IP address, authentication port and accounting port (optional) of the backup RADIUS server."); ?><br> <br> <?=gettext("standard port 1812 and 1813 accounting"); ?></td> </tr> <tr> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index e4a7c8c..ff8175c 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -512,6 +512,9 @@ function step12_submitphpaction() { $server['interface'] = $pconfig['step10']['interface']; if (isset($pconfig['step10']['localport'])) $server['local_port'] = $pconfig['step10']['localport']; + + if (strlen($pconfig['step10']['descr']) > 30) + $pconfig['step10']['descr'] = substr($pconfig['step10']['descr'], 0, 30); $server['description'] = $pconfig['step10']['descr']; $server['custom_options'] = $pconfig['step10']['advanced']; if (isset($pconfig['step10']['tlsauth'])) { @@ -567,7 +570,10 @@ function step12_submitphpaction() { if (isset($pconfig['step11']['ovpnrule'])) { $rule = array(); - $rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules."); + $rule['descr'] = gettext("OpenVPN {$server['description']} wizard"); + /* Ensure the rule descr is not too long for pf to handle */ + if (strlen($rule['descr']) > 52) + $rule['descr'] = substr($rule['descr'], 0, 52); $rule['direction'] = "in"; $rule['source']['any'] = TRUE; $rule['destination']['network'] = $server['interface'] . "ip"; @@ -580,7 +586,10 @@ function step12_submitphpaction() { } if (isset($pconfig['step11']['ovpnallow'])) { $rule = array(); - $rule['descr'] = gettext("OpenVPN {$server['description']} wizard rules."); + $rule['descr'] = gettext("OpenVPN {$server['description']} wizard"); + /* Ensure the rule descr is not too long for pf to handle */ + if (strlen($rule['descr']) > 52) + $rule['descr'] = substr($rule['descr'], 0, 52); $rule['source']['any'] = TRUE; $rule['destination']['any'] = TRUE; $rule['interface'] = "openvpn"; diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index f790f7b..6d46438 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -121,6 +121,7 @@ <displayname>Name</displayname> <type>input</type> <bindstofield>ovpnserver->step2->authtype</bindstofield> + <size>30</size> <description>Descriptive server name, for your own reference.</description> </field> <field> @@ -283,6 +284,7 @@ <displayname>Name</displayname> <type>input</type> <bindstofield>ovpnserver->step2->authtype</bindstofield> + <size>20</size> <description>Descriptive name for the RADIUS server, for your reference.</description> </field> <field> @@ -360,6 +362,7 @@ <displayname>Descriptive name</displayname> <description>A name for your reference, to identify this certificate. This is the same as common-name field for other Certificates.</description> <type>input</type> + <size>20</size> <bindstofield>ovpnserver->step6->certca</bindstofield> </field> <field> @@ -490,6 +493,7 @@ <displayname>Descriptive name</displayname> <description>A name for your reference, to identify this certificate. This is also known as the certificate's "Common Name."</description> <type>input</type> + <size>20</size> <bindstofield>ovpnserver->step9->certname</bindstofield> </field> <field> @@ -939,3 +943,4 @@ <includefile>/usr/local/www/wizards/openvpn_wizard.inc</includefile> </step> </pfsensewizard> + |