diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 25 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 40 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 14 | ||||
-rwxr-xr-x | etc/rc.filter_synchronize | 38 | ||||
-rw-r--r-- | usr/local/pkg/carp_settings.xml | 8 | ||||
-rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 4 | ||||
-rwxr-xr-x | usr/local/www/interfaces_assign.php | 12 | ||||
-rwxr-xr-x | usr/local/www/pkg.php | 6 | ||||
-rwxr-xr-x | usr/local/www/pkg_edit.php | 10 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 8 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 24 |
12 files changed, 143 insertions, 48 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index a87e732..b0cbf14 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -653,6 +653,12 @@ function captiveportal_prune_old() { */ $unsetindexes = array(); $voucher_needs_sync = false; + /* + * Snapshot the time here to use for calculation to speed up the process. + * If something is missed next run will catch it! + */ + $pruning_time = time(); + $stop_time = $pruning_time; foreach ($cpdb as $cpentry) { $timedout = false; @@ -660,7 +666,7 @@ function captiveportal_prune_old() { /* hard timeout? */ if ($timeout) { - if ((time() - $cpentry[0]) >= $timeout) { + if (($pruning_time - $cpentry[0]) >= $timeout) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -668,7 +674,7 @@ function captiveportal_prune_old() { /* Session-Terminate-Time */ if (!$timedout && !empty($cpentry[9])) { - if (time() >= $cpentry[9]) { + if ($pruning_time >= $cpentry[9]) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -683,7 +689,7 @@ function captiveportal_prune_old() { * We "fix" this by setting lastact to the login timestamp. */ $lastact = $lastact ? $lastact : $cpentry[0]; - if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) { $timedout = true; $term_cause = 4; // Idle-Timeout $stop_time = $lastact; // Entry added to comply with WISPr @@ -691,8 +697,8 @@ function captiveportal_prune_old() { } /* if vouchers are configured, activate session timeouts */ - if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if (!$timedout && isset($config['voucher']['enable'])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout $voucher_needs_sync = true; @@ -701,7 +707,7 @@ function captiveportal_prune_old() { /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -1615,6 +1621,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } + /* Snaphost the timestamp */ + $allow_time = time(); + foreach ($cpdb as $sid => $cpentry) { /* on the same ip */ if($cpentry[2] == $clientip) { @@ -1625,7 +1634,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { // user logged in with an active voucher. Check for how long and calculate // how much time we can give him (voucher credit - used time) - $remaining_time = $cpentry[0] + $cpentry[7] - time(); + $remaining_time = $cpentry[0] + $cpentry[7] - $allow_time; if ($remaining_time < 0) // just in case. $remaining_time = 0; @@ -1719,7 +1728,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* encode password in Base64 just in case it contains commas */ $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, + $cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); /* rewrite information to database */ diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 735ea52..2f9a467 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -91,7 +91,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "8.1", + "latest_config" => "8.2", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 3867c09..ecbb504 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -85,6 +85,46 @@ function does_interface_exist($interface) { return false; } +/* + * does_vip_exist($vip): return true or false if a vip is + * configured. + */ +function does_vip_exist($vip) { + global $config; + + if(!$vip) + return false; + + + switch ($vip['mode']) { + case "carp": + case "carpdev": + $realif = "vip{$vip['vhid']}"; + if (!does_interface_exist($realif)) { + return false; + } + break; + case "ipalias": + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + return false; + } + break; + case "proxyarp": + /* XXX: Implement this */ + default: + return false; + } + + $ifacedata = pfSense_getall_interface_addresses($realif); + foreach ($ifacedata as $vipips) { + if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}") + return true; + } + + return false; +} + function interface_netgraph_needed($interface = "wan") { global $config; diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index ccd5629..93b5552 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2498,6 +2498,17 @@ function upgrade_078_to_079() { function upgrade_079_to_080() { global $config; + + /* Upgrade config in 1.2.3 specifying a username other than admin for synching. */ + if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) && + is_array($config['installedpackages']['carpsettings']['config'])) { + $config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username']; + unset($config['system']['username']); + } +} + +function upgrade_080_to_081() { + global $config; global $g; /* RRD files changed for quality, traffic and packets graphs */ @@ -2582,10 +2593,9 @@ function upgrade_079_to_080() { } } -function upgrade_080_to_081() { +function upgrade_081_to_082() { global $config; /* enable the allow IPv6 toggle */ $config['system']['ipv6allow'] = true; } - ?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 2700eac..8c89f81 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -87,7 +87,7 @@ function remove_special_characters($string) { return $string; } -function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { +function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -101,10 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host while ($numberofruns < 2) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -138,7 +136,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host return false; } -function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { +function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -151,11 +149,11 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens /* strip out nosync items */ if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } } if (is_array($config_copy['nat']['rule'])) { @@ -236,10 +234,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error("Beginning XMLRPC sync to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -258,8 +254,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; - } else + } else { log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}."); + } $numberofruns = 3; } $numberofruns++; @@ -386,21 +384,23 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { - if (!carp_check_version($synchronizetoip, $carp['password'], $port)) + if (empty($carp['username'])) + $username = "admin"; + else + $username = $carp['username']; + if (!carp_check_version($synchronizetoip, $username, $carp['password'], $port)) break; update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $sections, $port); if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) ); $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - /* XXX: Configurable from the GUI */ - $username = "admin"; $cli->setCredentials($username, $carp['password']); $resp = $cli->send($msg, "900"); diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index f335236..32a9b8c 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -86,6 +86,14 @@ <type>input</type> </field> <field> + <fielddescr>Remote System Username</fielddescr> + <fieldname>username</fieldname> + <default_value>admin</default_value> + <description>Enter the webConfigurator username of the system entered above for synchronizing your configuration. + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and username option on backup cluster members!</b></description> + <type>input</type> + </field> + <field> <fielddescr>Remote System Password</fielddescr> <fieldname>password</fieldname> <description>Enter the webConfigurator password of the system entered above for synchronizing your configuration. diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 63d0f7e..ae3a1f7 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -118,9 +118,9 @@ if ($_GET['act'] == "del") { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; } } else if ($a_vip[$_GET['id']]['mode'] == "carp") { - $vipiface = $a_vip[$_GET['id']]['interface']; + $vipiface = "vip{$a_vip[$_GET['id']]['vhid']}"; foreach ($a_vip as $vip) { - if ($vipiface == "vip{$vip['vhid']}" && $vip['mode'] == "ipalias") + if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias") $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by ip alias entry") . " {$vip['descr']}."; } } diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 714feb4..3e35b0e 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -143,6 +143,16 @@ if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { } } +$ovpn_descrs = array(); +if (is_array($config['openvpn'])) { + if (is_array($config['openvpn']['openvpn-server'])) + foreach ($config['openvpn']['openvpn-server'] as $s) + $ovpn_descrs[$s['vpnid']] = $s['description']; + if (is_array($config['openvpn']['openvpn-client'])) + foreach ($config['openvpn']['openvpn-client'] as $c) + $ovpn_descrs[$c['vpnid']] = $c['description']; +} + if ($_POST['apply']) { if (file_exists("/var/run/interface_mismatch_reboot_needed")) system_reboot(); @@ -452,6 +462,8 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) echo htmlspecialchars($descr); } elseif ($portinfo['isqinq']) { echo htmlspecialchars($portinfo['descr']); + } elseif (substr($portname, 0, 4) == 'ovpn') { + echo htmlspecialchars($portname . " (" . $ovpn_descrs[substr($portname, 5, 1)] . ")"); } else echo htmlspecialchars($portname . " (" . $portinfo['mac'] . ")"); ?></option> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index b3485f0..0a119d9 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -146,6 +146,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -170,8 +172,8 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); echo '</td></tr>'; } } diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 5361b51..9f883cd 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -366,6 +366,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -390,9 +392,9 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); - echo '</td></tr>'; + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); + echo '</td></tr>'; } } ?> @@ -462,7 +464,7 @@ if ($pkg['tabs'] <> "") { $value = $_POST[$fieldname]; if (is_array($value)) $value = implode(',', $value); } else { - if (isset($id) && $a_pkg[$id]) + if (isset($id) && $a_pkg[$id] && $a_pkg[$id][$fieldname]) $value = $a_pkg[$id][$fieldname]; else $value = $pkga['default_value']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 4526028..3d1bd51 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -300,10 +300,10 @@ function enable_change(enable_change) { document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change; - var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change; - document.iform.reauthenticateacct[0].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[1].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[2].disabled = reauthenticate_dis; + var radacct_dis = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change; + document.iform.reauthenticateacct[0].disabled = radacct_dis; + document.iform.reauthenticateacct[1].disabled = radacct_dis; + document.iform.reauthenticateacct[2].disabled = radacct_dis; } //--> </script> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 1689b85..2fbf5e3 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -166,7 +166,9 @@ function restore_config_section_xmlrpc($raw_params) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") $oldvips[$vip['vhid']] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; - else if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip") + $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; + else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && substr($vip['interface'], 0, 3) != "vip") $vipbackup[] = $vip; } } @@ -193,16 +195,26 @@ function restore_config_section_xmlrpc($raw_params) { * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ - if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { - if (isset($oldvips[$vip['vhid']])) { - unset($oldvips[$vip['vhid']]); + if ($vip['mode'] == "carp" && isset($oldvips[$vip['vhid']])) { if ($oldvips[$vip['vhid']] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { - if (does_interface_exist("vip{$vip['vhid']}")) + if (does_vip_exist($vip)) { + unset($oldvips[$vip['vhid']]); + continue; // Skip reconfiguring this vips since nothing has changed. + } + } + unset($oldvips[$vip['vhid']]); + } else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip" && isset($oldvips[$vip['subnet']])) { + if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { + if (does_vip_exist($vip)) { + unset($oldvips[$vip['subnet']]); continue; // Skip reconfiguring this vips since nothing has changed. + } } + unset($oldvips[$vip['subnet']]); } switch ($vip['mode']) { @@ -224,7 +236,7 @@ function restore_config_section_xmlrpc($raw_params) { } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipif => $oldvippar) { - if (does_interface_exist("vip{$oldvipif}")) + if (!is_ipaddr($oldvipif) && does_interface_exist("vip{$oldvipif}")) pfSense_interface_destroy("vip{$oldvipif}"); } if ($carp_setuped == true) |