diff options
44 files changed, 1059 insertions, 190 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index c27eac0..874c99c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -369,7 +369,7 @@ EOD; <HEAD><TITLE>Redirecting...</TITLE></HEAD> <BODY> <SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;"> -<B>Redirecting to <A HREF="{$my_redirurl}">{$my_redirurl}</A>...</B> +<B>Redirecting to <A HREF="<?=\$my_redirurl;?>"><?=\$my_redirurl;?></A>...</B> </SPAN> <SCRIPT LANGUAGE="JavaScript"> <!-- @@ -380,8 +380,8 @@ if (LogoutWin) { LogoutWin.document.write('<BODY BGCOLOR="#435370">'); LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ; LogoutWin.document.write('<B>Click the button below to disconnect</B><P>'); - LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">'); - LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">'); + LogoutWin.document.write('<FORM METHOD="POST" ACTION="<?=\$logouturl;?>">'); + LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="<?=\$sessionid;?>">'); LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">'); LogoutWin.document.write('</FORM>'); LogoutWin.document.write('</DIV></BODY>'); @@ -389,7 +389,7 @@ if (LogoutWin) { LogoutWin.document.close(); } -document.location.href="{$my_redirurl}"; +document.location.href="<?=\$my_redirurl;?>"; --> </SCRIPT> </BODY> diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 9ac7120..0a9e342 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -1,8 +1,9 @@ <?php /* $Id$ */ /* - Copyright (C) 2008 Shrew Soft Inc - All rights reserved. + Copyright (C) 2008 Shrew Soft Inc + Copyright (C) 2010 Jim Pingle <jimp@pfsense.org> + All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -67,6 +68,25 @@ function & lookup_cert($refid) { return false; } +function & lookup_cert_by_name($name) { + global $config; + if (is_array($config['cert'])) + foreach ($config['cert'] as & $cert) + if ($cert['name'] == $name) + return $cert; +} + +function & lookup_crl($refid) { + global $config; + + if (is_array($config['crl'])) + foreach ($config['crl'] as & $crl) + if ($crl['refid'] == $refid) + return $crl; + + return false; +} + function ca_chain_array(& $cert) { if($cert['caref']) { $chain = array(); @@ -145,7 +165,7 @@ function ca_create(& $ca, $keylen, $lifetime, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -201,7 +221,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -231,7 +251,7 @@ function csr_generate(& $cert, $keylen, $dn) { "encrypt_key" => false); // generate a new key pair - $res_key = openssl_pkey_new(); + $res_key = openssl_pkey_new($args); // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); @@ -301,6 +321,10 @@ function cert_get_subject_array($crt) { $str_crt = base64_decode($crt); $inf_crt = openssl_x509_parse($str_crt); $components = $inf_crt['subject']; + + if (!is_array($components)) + return; + $subject_array = array(); foreach($components as $a => $v) @@ -397,4 +421,140 @@ function cert_in_use($certref) { is_ipsec_cert($certref)); } +/* +CRL code is a *WORK IN PROGRESS* do not try to use these functions yet. + +OpenSSL CRL status code constants. +OCSP_REVOKED_STATUS_NOSTATUS +OCSP_REVOKED_STATUS_UNSPECIFIED +OCSP_REVOKED_STATUS_KEYCOMPROMISE +OCSP_REVOKED_STATUS_CACOMPROMISE +OCSP_REVOKED_STATUS_AFFILIATIONCHANGED +OCSP_REVOKED_STATUS_SUPERSEDED +OCSP_REVOKED_STATUS_CESSATIONOFOPERATION +OCSP_REVOKED_STATUS_CERTIFICATEHOLD +OCSP_REVOKED_STATUS_REMOVEFROMCRL +*/ + +$openssl_crl_status = array( + OCSP_REVOKED_STATUS_NOSTATUS => "No Status (default)", + OCSP_REVOKED_STATUS_UNSPECIFIED => "Unspecified", + OCSP_REVOKED_STATUS_KEYCOMPROMISE => "Key Compromise", + OCSP_REVOKED_STATUS_CACOMPROMISE => "CA Compromise", + OCSP_REVOKED_STATUS_AFFILIATIONCHANGED => "Affiliation Changed", + OCSP_REVOKED_STATUS_SUPERSEDED => "Superseded", + OCSP_REVOKED_STATUS_CESSATIONOFOPERATION => "Cessation of Operation", + OCSP_REVOKED_STATUS_CERTIFICATEHOLD => "Certificate Hold", + OCSP_REVOKED_STATUS_REMOVEFROMCRL => "Remove from CRL" +); + +function crl_create(& $crl, $caref, $name, $serial=0, $lifetime=9999) { + global $config; + $ca =& lookup_ca($caref); + if (!$ca) + return false; + $crl['name'] = $name; + $crl['caref'] = $caref; + $crl['serial'] = $serial; + $crl['lifetime'] = $lifetime; + $crl['cert'] = array(); + $crl_res = crl_update($crl); + $config['crl'][] = $crl; + return $crl_res; +} + +function crl_update(& $crl) { + global $config; + $ca =& lookup_ca($crl['caref']); + if (!$ca) + return false; + // If we have text but no certs, it was imported and cannot be updated. + if (!empty($crl['text']) && empty($crl['cert'])) + return false; + $crl['serial']++; + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $crl_res = openssl_crl_new($ca_str_crt, $crl['serial'], $crl['lifetime']); + foreach ($crl['cert'] as $cert) { + openssl_crl_revoke_cert($crl_res, base64_decode($cert["crt"]), $cert["revoke_time"], $cert["reason"]); + } + openssl_crl_export($crl_res, $crl_text, $ca_str_key); + $crl['text'] = base64_encode($crl_text); + return $crl_res; +} + +function cert_revoke($cert, & $crl, $reason=OCSP_REVOKED_STATUS_UNSPECIFIED) { + global $config; + if (is_cert_revoked($cert, $crl['refid'])) + return true; + // If we have text but no certs, it was imported and cannot be updated. + if (!is_crl_internal($crl)) + return false; + $cert["reason"] = $reason; + $cert["revoke_time"] = time(); + $crl["cert"][] = $cert; + crl_update($crl); + return true; +} + +function cert_unrevoke($cert, & $crl) { + global $config; + if (!is_crl_internal($crl)) + return false; + foreach ($crl['cert'] as $id => $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) { + unset($crl['cert'][$id]); + crl_update($crl); + return true; + } + } + return false; +} + +function is_cert_revoked($cert, $crlref = "") { + global $config; + if (!is_array($config['crl'])) + return false; + + if (!empty($crlref)) { + $crl = crl_lookup($crlref); + if (!is_array($crl['cert'])) + return false; + foreach ($crl['cert'] as $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) + return true; + } + } else { + foreach ($config['crl'] as $crl) { + if (!is_array($crl['cert'])) + continue; + foreach ($crl['cert'] as $rcert) { + if (($rcert['refid'] == $cert['refid']) || ($rcert['name'] == $cert['name'])) + return true; + } + } + } + return false; +} + +function is_openvpn_server_crl($crlref) { + global $config; + if (!is_array($config['openvpn']['openvpn-server'])) + return; + foreach ($config['openvpn']['openvpn-server'] as $ovpns) { + if (!empty($ovpns['crlref']) && ($ovpns['crlref'] == $crlref)) + return true; + } + return false; +} + +// Keep this general to allow for future expansion. See cert_in_use() above. +function crl_in_use($crlref) { + return (is_openvpn_server_crl($crlref)); +} + +function is_crl_internal($crl) { + return !(!empty($crl['text']) && empty($crl['cert'])); +} + ?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2b1493c..c9d8b92 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1916,6 +1916,7 @@ function filter_rules_generate() { $pptpdcfg = $config['pptpd']; $pppoecfg = $config['pppoe']; + $ipfrules = ""; //$ipfrules .= discover_pkg_rules("filter"); /* if captive portal is enabled, ensure that access to this port diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 326e972..02d8711 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -149,10 +149,11 @@ EOD; if (!is_ipaddr($gwifip)) continue; //Skip this target - $apingercfg .= "target \"{$gateway['monitor']}\" {\n"; + $apingercfg = "target \"{$gateway['monitor']}\" {\n"; $apingercfg .= " description \"{$name}\"\n"; $apingercfg .= " srcip \"{$gwifip}\"\n"; $alarms = ""; + $alarmscfg = ""; $override = false; if (!empty($gateway['lowloss'])) { $alarmscfg .= "alarm loss \"{$name}loss\" {\n"; @@ -270,16 +271,9 @@ function return_gateways_array($disabled = false) { $gateways_arr = array(); - /* Loop through all interfaces with a gateway and add it to a array */ - if ($disabled == false) { - $iflist = get_configured_interface_with_descr(); - } else { - $iflist = get_configured_interface_with_descr(false, true); - } - $i = 0; /* Process/add all the configured gateways. */ - if(is_array($config['gateways']['gateway_item'])) { + if (is_array($config['gateways']['gateway_item'])) { foreach($config['gateways']['gateway_item'] as $gateway) { if($gateway['gateway'] == "dynamic") { $gateway['gateway'] = get_interface_gateway($gateway['interface']); @@ -293,6 +287,13 @@ function return_gateways_array($disabled = false) { $gateway['friendlyiface'] = $gateway['interface']; $gateway['interface'] = get_real_interface($gateway['interface']); + /* Some interface like wan might be default but have no info recorded + * the config. + */ + if ($gateway['friendlyiface'] == "wan" && !isset($gateway['defaultgw'])) { + if (file_exists("{$g['tmp_path']}/{$gateway['interface']}_defaultgw")) + $gateway['defaultgw'] = true; + } /* include the gateway index as the attribute */ $gateway['attribute'] = $i; @@ -301,6 +302,12 @@ function return_gateways_array($disabled = false) { } } + /* Loop through all interfaces with a gateway and add it to a array */ + if ($disabled == false) + $iflist = get_configured_interface_with_descr(); + else + $iflist = get_configured_interface_with_descr(false, true); + /* Process/add dynamic gateways. */ foreach($iflist as $ifname => $friendly ) { if(! interface_has_gateway($ifname)) @@ -311,12 +318,16 @@ function return_gateways_array($disabled = false) { $gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']); $gateway['interface'] = get_real_interface($ifname); $gateway['friendlyiface'] = $ifname; - $gateway['name'] = "{$friendly}"; + $gateway['name'] = $friendly; $gateway['attribute'] = "system"; + if ($gateway['dynamic'] == "default") { + $gateway['defaultgw'] = true; + $gateway['dynamic'] = true; + } /* Loopback dummy for dynamic interfaces without a IP */ - if(!is_ipaddr($gateway['gateway']) && $gateway['dynamic'] == true) - $gateway['gateway'] = "dynamic"; + if (!is_ipaddr($gateway['gateway']) && $gateway['dynamic'] == true) + $gateway['gateway'] = "dynamic"; /* automatically skip known static and dynamic gateways we have a array entry for */ foreach($gateways_arr as $gateway_item) { @@ -506,7 +517,10 @@ function get_interface_gateway($interface, &$dynamic = false) { $realif = get_real_interface($interface); if (file_exists("{$g['tmp_path']}/{$realif}_router")) { $gw = trim(file_get_contents("{$g['tmp_path']}/{$realif}_router"), " \n"); - $dynamic = true; + if (file_exists("{$g['tmp_path']}/{$realif}_defaultgw")) + $dynamic = "default"; + else + $dynamic = true; } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 74efd96..f4d224e 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -886,6 +886,8 @@ function interface_bring_down($interface = "wan", $destroy = false) { unlink_if_exists("{$g['tmp_path']}/{$realif}up"); unlink_if_exists("{$g['vardb_path']}/{$interface}ip"); unlink_if_exists("{$g['tmp_path']}/{$realif}_router"); + unlink_if_exists("{$g['varetc_path']}/nameserver_{$realif}"); + unlink_if_exists("{$g['varetc_path']}/searchdomain_{$realif}"); /* hostapd and wpa_supplicant do not need to be running when the interface is down. * They will also use 100% CPU if running after the wireless clone gets deleted. */ @@ -2544,15 +2546,15 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* reload ipsec tunnels */ vpn_ipsec_configure(); + /* restart dnsmasq */ + services_dnsmasq_configure(); + /* update dyndns */ services_dyndns_configure($interface); /* force DNS update */ services_dnsupdate_process($interface); - /* restart dnsmasq */ - services_dnsmasq_configure(); - /* reload captive portal */ captiveportal_init_rules(); diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index d150dd5..1e7e9b8 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -506,8 +506,10 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key"); if ($mode == 'server') $conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; - if ($settings['crl']) - openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); + if (!empty($settings['crlref'])) { + $crl = lookup_crl($settings['crlref']); + openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); + } if ($settings['tls']) { if (stristr($settings['mode'], "server")) $tlsopt = 0; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 7efdd86..8e0233e 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1700,8 +1700,10 @@ function version_get_string_value($a) { 2 => "ALPHA", 3 => "BETA", 4 => "B", - 5 => "RC", - 6 => "RELEASE" + 5 => "C", + 6 => "D", + 7 => "RC", + 8 => "RELEASE" ); $major = 0; $minor = 0; diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 281da52..925ff4f 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -41,9 +41,14 @@ $rcfileprefix = "/usr/local/etc/rc.d/"; function write_rcfile($params) { global $g; + global $rcfileprefix; + + if (!file_exists("{$rcfileprefix}{$params['file']}") && !touch("{$rcfileprefix}{$params['file']}")) + return false; if (!is_writable("{$rcfileprefix}{$params['file']}") || empty($params['start'])) return false; + $towrite = "#!/bin/sh\n"; $towrite .= "# This file was automatically generated\n# by the {$g['product_website']} service handler.\n\n"; @@ -75,6 +80,7 @@ function write_rcfile($params) { function start_service($name) { global $config; + global $rcfileprefix; /* make sure service is stopped before starting */ stop_service($name); @@ -106,6 +112,7 @@ function start_service($name) { function stop_service($name) { global $config; + global $rcfileprefix; if ($config['installedpackages']['service']) { foreach($config['installedpackages']['service'] as $service) { diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 879741f..b784108 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -621,9 +621,6 @@ function services_dyndns_configure($int = "") { services_dyndns_configure_client($dyndns); sleep(1); - - if (!empty($int)) - break; } if ($g['booting']) @@ -1283,7 +1280,7 @@ function configure_cron() { file_put_contents("/etc/crontab", $crontab_contents); /* do a HUP kill to force sync changes */ - exec('/usr/bin/killall -HUP cron'); + exec('/bin/pkill -HUP cron'); conf_mount_ro(); } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 0e725c9..422ae77 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -99,6 +99,13 @@ function system_resolvconf_generate($dynupdate = false) { if (isset($syscfg['dnsallowoverride'])) { /* get dynamically assigned DNS servers (if any) */ + $ns = array_unique(get_searchdomains()); + foreach($ns as $searchserver) { + if($searchserver) { + $resolvconf .= "search {$searchserver}\n"; + $havedns = true; + } + } $ns = array_unique(get_nameservers()); foreach($ns as $nameserver) { if($nameserver) { @@ -146,6 +153,23 @@ function system_resolvconf_generate($dynupdate = false) { return 0; } +function get_searchdomains() { + global $config, $g; + + $master_list = array(); + + // Read in dhclient nameservers + $search_list = split("\n", `/bin/cat /var/etc/searchdomain_* 2>/dev/null`); + if (is_array($search_lists)) { + foreach($search_lists as $dns) { + if(is_hostname($dns)) + $master_list[] = $dns; + } + } + + return $master_list; +} + function get_nameservers() { global $config, $g; $master_list = array(); @@ -359,6 +383,8 @@ function system_routing_configure($interface = "") { if (isset($gateways_arr[$rtent['gateway']])) { $gatewayip = $gateways_arr[$rtent['gateway']]['gateway']; $interfacegw = $gateways_arr[$rtent['gateway']]['interface']; + if ($interface == $gateways_arr[$rtent['gateway']]['friendlyiface']) + continue; } else if (is_ipaddr($rtent['gateway'])) { $gatewayip = $rtent['gateway']; } else { diff --git a/etc/inc/util.inc b/etc/inc/util.inc index a1a8762..a46fae3 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -140,13 +140,19 @@ function unlock($cfglckkey = 0) { function send_event($cmd) { global $g; - $fd = fsockopen($g['event_address']); - if ($fd) { - fwrite($fd, $cmd); - $resp = fread($fd, 4096); - if ($resp != "OK\n") - log_error("send_event: sent {$cmd} got {$resp}"); - fclose($fd); + $try = 0; + while ($try < 3) { + $fd = @fsockopen($g['event_address']); + if ($fd) { + fwrite($fd, $cmd); + $resp = fread($fd, 4096); + if ($resp != "OK\n") + log_error("send_event: sent {$cmd} got {$resp}"); + fclose($fd); + $try = 3; + } else + mwexec_bg("/usr/bin/nice -n20 /usr/local/sbin/check_reload_status"); + $try++; } } @@ -1043,7 +1049,7 @@ function safe_mkdir($path, $mode=0755) { global $g; if (!is_file($path) && !is_dir($path)) { - return @mkdir($path, $mode); + return @mkdir($path, $mode, true); } else { return false; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index d3ec496..c5802fc 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -86,10 +86,7 @@ function vpn_ipsec_configure($ipchg = false) unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); - if(isset($config['ipsec']['preferoldsa'])) - mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); - else - mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); + vpn_ipsec_configure_preferoldsa(); $syscfg = $config['system']; $ipseccfg = $config['ipsec']; @@ -159,7 +156,7 @@ function vpn_ipsec_configure($ipchg = false) $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - $dnswatch_list[] = "{$rg} = value"; + $dnswatch_list[] = "{$rg}=value"; add_hostname_to_watch($rg); $rg = resolve_retry($rg); if (!$rg) @@ -1711,4 +1708,11 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { return true; } +function vpn_ipsec_configure_preferoldsa() { + global $config; + if(isset($config['ipsec']['preferoldsa'])) + mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30"); + else + mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); +} ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 5efa4d7..6f7a53f 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -284,10 +284,6 @@ function post_cvssync_commands() { echo "===> Upgrading configuration (if needed)...\n"; convert_config(); - echo "===> Restarting check_reload_status...\n"; - exec("killall check_reload_status"); - mwexec_bg("nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status"); - echo "===> Configuring filter..."; exec("/etc/rc.filter_configure_sync"); exec("pfctl -f /tmp/rules.debug"); @@ -308,7 +304,7 @@ function post_cvssync_commands() { fwrite($fd, "#!/bin/sh\n"); fwrite($fd, "sleep 5\n"); fwrite($fd, "killall php\n"); - fwrite($fd, "touch /tmp/restart_webgui\n"); + fwrite($fd, "/usr/local/sbin/pfSctl -c 'service restart webgui'\n"); fclose($fd); mwexec_bg("sh /tmp/restart_lighty"); echo "\n"; @@ -4,7 +4,7 @@ # /etc/rc - master bootup script, invokes php setup # part of pfSense by Scott Ullrich -# Copyright (C) 2004 Scott Ullrich, All rights reserved. +# Copyright (C) 2004-2010 Scott Ullrich, All rights reserved. # originally based on m0n0wall (http://neon1.net/m0n0wall) # Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. # All rights reserved. @@ -328,12 +328,19 @@ fi echo "done." +# Ensure gettytab is of a sane size +if [ `/bin/ls -la /etc/gettytab | /usr/bin/awk '{ print $5'}` -lt 512 ]; then + echo ">>> Restoring /etc/gettytab due to unusal size" + echo ">>> Restoring /etc/gettytab due to unusal size" | /usr/bin/logger + cp /etc/gettytab.bak /etc/gettytab +fi + # Recreate capabilities DB cap_mkdb /etc/login.conf # Run the php.ini setup file and populate # /usr/local/etc/php.ini and /usr/local/lib/php.ini -. /etc/rc.php_ini_setup +/etc/rc.php_ini_setup nohup /usr/bin/nice -n20 /usr/local/sbin/check_reload_status diff --git a/etc/rc.bootup b/etc/rc.bootup index 3e5647b..d6574ee 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -263,7 +263,7 @@ echo "done.\n"; if($avail > 0 and $avail < 65) { echo "System has less than 65 megabytes of ram {$avail}. Delaying webConfigurator startup.\n"; /* start webConfigurator up on final pass */ - touch("/tmp/restart_webgui"); + mwexec("/usr/local/sbin/pfSctl -c 'service restart webgui'"); } else { /* start web server */ system_webgui_start(); diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index b8ab26a..5182f30 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -134,7 +134,9 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $vipcnt = count($config_copy['virtualip']['vip']); for ($x = 0; $x < $vipcnt; $x++) { $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); - if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") + if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or + $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp" or + $config_copy['virtualip']['vip'][$x]['mode'] == "ipalias") unset ($config_copy['virtualip']['vip'][$x]); } } @@ -322,4 +324,4 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } -?>
\ No newline at end of file +?> diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 57c48bd..9d3d484 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -63,7 +63,7 @@ log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) ( if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); - interface_configure($interface); + send_event("interface reconfigure {$interface}"); exit; } @@ -81,6 +81,9 @@ file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); if (is_ipaddr($oldip) && $curwanip == $oldip) exit; +/* reconfigure static routes (kernel may have deleted them) */ +system_routing_configure($interface); + /* reconfigure our gateway monitor */ setup_gateways_monitor(); diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 6ea4136..d9d55bb 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -166,7 +166,7 @@ add_new_resolv_conf() { $ROUTE delete $nameserver done fi - if [ -n "$new_domain_name_server" ]; then + if [ -n "$new_domain_name_servers" ]; then rm -f /var/etc/nameserver_$interface for nameserver in $new_domain_name_servers; do # Add a route to the nameserver out the correct interface @@ -175,7 +175,7 @@ add_new_resolv_conf() { echo $nameserver >>/var/etc/nameserver_$interface $ROUTE add $nameserver -iface $interface done - #echo $new_domain_name >/var/etc/defaultdomain.conf + echo $new_domain_name >/var/etc/searchdomain_$interface /usr/local/sbin/pfSctl -c 'service reload dns' fi diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 70188f6..1839f0a 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -79,6 +79,8 @@ if ($orig_host != $ourhostname) { } if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) $redirurl = urldecode($matches[1]); +if ($_POST['redirurl']) + $redirurl = $_POST['redirurl']; if (!empty($config['captiveportal']['redirurl'])) $redirurl = $config['captiveportal']['redirurl']; @@ -125,6 +127,11 @@ exit; /* radius functions handle everything so we exit here since we're done */ exit; +} else if (portal_consume_passthrough_credit($clientmac)) { + /* allow the client through if it had a pass-through credit for its MAC */ + captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT"); + portal_allow($clientip, $clientmac, "unauthenticated"); + } else if ($_POST['accept'] && $_POST['auth_voucher']) { $voucher = trim($_POST['auth_voucher']); @@ -523,4 +530,96 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1 unlock($cplock); } +/* + * Used for when pass-through credits are enabled. + * Returns true when there was at least one free login to deduct for the MAC. + * Expired entries are removed as they are seen. + * Active entries are updated according to the configuration. + */ +function portal_consume_passthrough_credit($clientmac) { + global $config; + + if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count'])) + $freeloginscount = $config['captiveportal']['freelogins_count']; + else + return false; + + if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout'])) + $resettimeout = $config['captiveportal']['freelogins_resettimeout']; + else + return false; + + if ($freeloginscount < 1 || $resettimeout <= 0 || !clientmac) + return false; + + $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']); + + $cplock = lock('captiveportal'); + + /* + * Read database of used MACs. Lines are a comma-separated list + * of the time, MAC, then the count of pass-through credits remaining. + */ + $usedmacs = captiveportal_read_usedmacs_db(); + + $currenttime = time(); + $found = false; + foreach ($usedmacs as $key => $usedmac) { + $usedmac = explode(",", $usedmac); + + if ($usedmac[1] == $clientmac) { + if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) { + if ($usedmac[2] < 1) { + if ($updatetimeouts) { + $usedmac[0] = $currenttime; + unset($usedmacs[$key]); + $usedmacs[] = implode(",", $usedmac); + captiveportal_write_usedmacs_db($usedmacs); + } + + unlock($cplock); + return false; + } else { + $usedmac[2] -= 1; + $usedmacs[$key] = implode(",", $usedmac); + } + + $found = true; + } else + unset($usedmacs[$key]); + + break; + } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime) + unset($usedmacs[$key]); + } + + if (!$found) { + $usedmac = array($currenttime, $clientmac, $freeloginscount - 1); + $usedmacs[] = implode(",", $usedmac); + } + + captiveportal_write_usedmacs_db($usedmacs); + unlock($cplock); + return true; +} + +function captiveportal_read_usedmacs_db() { + global $g; + + if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) { + $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!usedmacs) + $usedmacs = array(); + } else + $usedmacs = array(); + + return $usedmacs; +} + +function captiveportal_write_usedmacs_db($usedmacs) { + global $g; + + file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); +} + ?> diff --git a/usr/local/www/includes/functions.inc.php b/usr/local/www/includes/functions.inc.php index 8eff06a..b013cc8 100644 --- a/usr/local/www/includes/functions.inc.php +++ b/usr/local/www/includes/functions.inc.php @@ -49,11 +49,11 @@ function get_gatewaystats() { $bgcolor = "lightcoral"; break; case "delay": - $online = "Warning, Latency"; + $online = "Warning: Latency"; $bgcolor = "khaki"; break; case "loss": - $online = "Warning, Packetloss"; + $online = "Warning: Packetloss"; $bgcolor = "khaki"; break; default: @@ -61,7 +61,7 @@ function get_gatewaystats() { break; } } else { - $online = "Unknown"; + $online = "Gathering data"; $bgcolor = "lightgray"; } $data .= "<table><tr><td bgcolor=\"$bgcolor\" > $online </td></td></tr></table>"; diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 52e6fe3..e77f38a 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -319,10 +319,14 @@ if ($pkg['tabs'] <> "") { echo "<tr valign=\"top\">\n"; if($pkg['adddeleteeditpagefields']['columnitem'] <> "") foreach ($pkg['adddeleteeditpagefields']['columnitem'] as $column) { + if ($column['fieldname'] == "description") + $class = "listbg"; + else + $class = "listlr"; ?> - <td class="listlr" ondblclick="document.location='pkg_edit.php?xml=<?=$xml?>&act=edit&id=<?=$i;?>';"> + <td class="<?=$class;?>" ondblclick="document.location='pkg_edit.php?xml=<?=$xml?>&act=edit&id=<?=$i;?>';"> <?php - $fieldname = $ip[xml_safe_fieldname($column['fieldname'])]; + $fieldname = $ip[xml_safe_fieldname($column['fieldname'])]; if($column['type'] == "checkbox") { if($fieldname == "") { echo gettext("No"); diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 015c6fb..f9cac9d 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -556,7 +556,7 @@ if ($pkg['tabs'] <> "") { } else { $source_value = $opt[$pkga['value']]; } - if (in_array($opt['value'], $items)) $selected = 'selected="selected"'; + if (in_array($source_value, $items)) $selected = 'selected="selected"'; if(isset($pkga['advancedfield']) && $adv_enabled) $advanced .= "\t<option name=\"{$source_name}\" value=\"{$source_value}\" $selected>{$source_name}</option>\n"; else diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 6d55638..b82ed26 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -102,11 +102,10 @@ include("head.inc"); <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="10%" class="listhdrr"><?=gettext("Package Name"); ?></td> - <td width="20%" class="listhdrr"><?=gettext("Category"); ?></td> + <td width="25%" class="listhdrr"><?=gettext("Category"); ?></td> <!-- <td width="10%" class="listhdrr">Size</td> --> <td width="5%" class="listhdrr"><?=gettext("Status"); ?></td> <td width="5%" class="listhdrr"><?=gettext("Package Info"); ?></td> - <td width="5%" class="listhdrr"><?=gettext("Supported by BSD Perimeter"); ?></td> <td width="50%" class="listhdr"><?=gettext("Description"); ?></td> </tr> <?php @@ -200,15 +199,6 @@ include("head.inc"); } ?> </td> - <td class="listr" style="overflow: hidden;"> - <?php - if($index['supportedbybsdperimeter']) - echo $index['supportedbybsdperimeter']; - else - echo "NO"; - - ?> - </td> <td class="listbg" class="listbg" style="overflow: hidden;"> <?= $index['descr'] ?> </td> diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 374b79b..2708c78 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -74,9 +74,8 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="10%" class="listhdrr"><?=gettext("Package Name"); ?></td> - <td width="15%" class="listhdrr"><?=gettext("Category"); ?></td> + <td width="20%" class="listhdrr"><?=gettext("Category"); ?></td> <td width="10%" class="listhdrr"><?=gettext("Package Info"); ?></td> - <td width="5%" class="listhdrr"><?=gettext("Supported by BSD Perimter"); ?></td> <td width="15%" class="listhdrr"><?=gettext("Package Version"); ?></td> <td width="45%" class="listhdr"><?=gettext("Description"); ?></td> </tr> @@ -139,14 +138,6 @@ include("head.inc"); } ?> </td> - <td class="listr"> - <?php - if($pkg['supportedbybsdperimeter']) - echo $pkg['supportedbybsdperimeter']; - else - echo "NO"; - ?> - </td> <td class="<?=$tdclass;?>"> <?=$pkgver;?> </td> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 53094bc..13ac985 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -71,6 +71,9 @@ $pconfig['maxproc'] = $config['captiveportal']['maxproc']; $pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip']; $pconfig['timeout'] = $config['captiveportal']['timeout']; $pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; +$pconfig['freelogins_count'] = $config['captiveportal']['freelogins_count']; +$pconfig['freelogins_resettimeout'] = $config['captiveportal']['freelogins_resettimeout']; +$pconfig['freelogins_updatetimeouts'] = isset($config['captiveportal']['freelogins_updatetimeouts']); $pconfig['enable'] = isset($config['captiveportal']['enable']); $pconfig['auth_method'] = $config['captiveportal']['auth_method']; $pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); @@ -146,6 +149,13 @@ if ($_POST) { if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { $input_errors[] = gettext("The idle timeout must be at least 1 minute."); } + if ($_POST['freelogins_count'] && (!is_numeric($_POST['freelogins_count']))) { + $input_errors[] = gettext("The pass-through credit count must be a number or left blank."); + } else if ($_POST['freelogins_count'] && is_numeric($_POST['freelogins_count']) && ($_POST['freelogins_count'] >= 1)) { + if (empty($_POST['freelogins_resettimeout']) || !is_numeric($_POST['freelogins_resettimeout']) || ($_POST['freelogins_resettimeout'] <= 0)) { + $input_errors[] = gettext("The waiting period to restore pass-through credits must be above 0 hours."); + } + } if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { $input_errors[] = sprintf(gettext("A valid IP address must be specified. [%s]"), $_POST['radiusip']); } @@ -176,6 +186,9 @@ if ($_POST) { $config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; $config['captiveportal']['timeout'] = $_POST['timeout']; $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; + $config['captiveportal']['freelogins_count'] = $_POST['freelogins_count']; + $config['captiveportal']['freelogins_resettimeout'] = $_POST['freelogins_resettimeout']; + $config['captiveportal']['freelogins_updatetimeouts'] = $_POST['freelogins_updatetimeouts'] ? true : false; $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; $config['captiveportal']['auth_method'] = $_POST['auth_method']; $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; @@ -242,6 +255,9 @@ function enable_change(enable_change) { //document.iform.maxproc.disabled = endis; document.iform.maxprocperip.disabled = endis; document.iform.idletimeout.disabled = endis; + document.iform.freelogins_count.disabled = endis; + document.iform.freelogins_resettimeout.disabled = endis; + document.iform.freelogins_updatetimeouts.disabled = endis; document.iform.timeout.disabled = endis; document.iform.redirurl.disabled = endis; document.iform.radiusip.disabled = radius_endis; @@ -351,6 +367,27 @@ value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> <?=gettext("per client <?=gettext("Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set)."); ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Pass-through credits allowed per MAC address"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_count" type="text" class="formfld unknown" id="freelogins_count" size="6" value="<?=htmlspecialchars($pconfig['freelogins_count']);?>"> + <?=gettext("per client MAC address (0 or blank = none)"); ?><br> + <?=gettext("This setting allows passing through the captive portal without authentication a limited number of times per MAC address. Once used up, the client can only log in with valid credentials until the waiting period specified below has expired. Recommended to set a hard timeout and/or idle timeout when using this for it to be effective."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Waiting period to restore pass-through credits"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_resettimeout" type="text" class="formfld unknown" id="freelogins_resettimeout" size="6" value="<?=htmlspecialchars($pconfig['freelogins_resettimeout']);?>"> + <?=gettext("hours"); ?><br> + <?=gettext("Clients will have their available pass-through credits restored to the original count after this amount of time since using the first one. This must be above 0 hours if pass-through credits are enabled."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Reset waiting period on attempted access"); ?></td> + <td width="78%" class="vtable"> + <input name="freelogins_updatetimeouts" type="checkbox" class="formfld" id="freelogins_updatetimeouts" value="yes" <?php if($pconfig['freelogins_updatetimeouts']) echo "checked"; ?>> + <strong><?=gettext("Enable waiting period reset on attempted access"); ?></strong><br> + <?=gettext("If enabled, the waiting period is reset to the original duration if access is attempted when all pass-through credits have already been exhausted."); ?></td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Logout popup window"); ?></td> <td width="78%" class="vtable"> <input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>> @@ -716,8 +753,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> <br> <br> <?php endif; ?> -<?=gettext("The contents of the HTML/PHP file that you upload here are displayed when logout event occurs. " . -"You may include"); ?> "$PORTAL_MESSAGE$", <?=gettext("which will be replaced by the error or reply messages from the RADIUS server, if any."); ?></td> +<?=gettext("The contents of the HTML/PHP file that you upload here are displayed on authentication success when the logout popup is enabled."); ?></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/status_gateway_groups.php b/usr/local/www/status_gateway_groups.php index f8d29de..6789919 100755 --- a/usr/local/www/status_gateway_groups.php +++ b/usr/local/www/status_gateway_groups.php @@ -132,7 +132,7 @@ include("head.inc"); $online = gettext("Online"); $bgcolor = "lightgreen"; } else { - $online = gettext("Unknown"); + $online = gettext("Gathering data"); $bgcolor = "lightblue"; } echo "<td bgcolor='$bgcolor'>". htmlspecialchars($member) .", $online</td>"; diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php index 4faef8f..7e0ffc2 100755 --- a/usr/local/www/status_gateways.php +++ b/usr/local/www/status_gateways.php @@ -110,7 +110,7 @@ include("head.inc"); $bgcolor = "lightgreen"; } } else { - $online = gettext("Unknown"); + $online = gettext("Gathering data"); $bgcolor = "lightgray"; } echo "<tr><td bgcolor=\"$bgcolor\" > $online </td><td>"; diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index cfeb959..97aa1ce 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -227,15 +227,14 @@ include("fbegin.inc"); <div id="boxarea"> <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <thead> <tr> - <td class="listhdrr"><b><center><?=gettext("Service");?></center></b></td> - <td class="listhdrr"><b><center><?=gettext("Description");?></center></b></td> - <td class="listhdrr"><b><center><?=gettext("Status");?></center></b></td> + <td class="listhdrr" align="center"><?=gettext("Service");?></td> + <td class="listhdrr" align="center"><?=gettext("Description");?></td> + <td class="listhdrr" align="center"><?=gettext("Status");?></td> </tr> - + </thead> + <tbody> <?php if (is_array($config['installedpackages']['service'])) @@ -343,8 +342,8 @@ if (count($services) > 0) { continue; if (empty($service['description'])) $service['description'] = get_pkg_descr($service['name']); - echo '<tr><td class="listlr">' . $service['name'] . '</td>'; - echo '<td class="listr">' . $service['description'] . '</td>'; + echo '<tr><td class="listlr">' . $service['name'] . '</td>' . "\n"; + echo '<td class="listr">' . $service['description'] . '</td>' . "\n"; if ($service['name'] == "openvpn") $running = is_pid_running("{$g['varrun_path']}/openvpn_{$service['mode']}{$service['vpnid']}.pid"); else if ($service['name'] == "captiveportal") @@ -352,11 +351,11 @@ if (count($services) > 0) { else $running = is_service_running($service['name']); if($running) { - echo '<td class="listr"><center>'; - echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\"> " . gettext("Running") . "</td>"; + echo '<td class="listr"><center>' . "\n"; + echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\"> " . gettext("Running") . "</td>\n"; } else { - echo '<td class="listbg"><center>'; - echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\"> <font color=\"white\">" . gettext("Stopped") . "</td>"; + echo '<td class="listbg"><center>' . "\n"; + echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\"> <font color=\"white\">" . gettext("Stopped") . "</td>\n"; } echo '<td valign="middle" class="list" nowrap>'; if($running) { @@ -365,13 +364,13 @@ if (count($services) > 0) { } else { echo "<a href='status_services.php?mode=restartservice&service={$service['name']}'>"; } - echo "<img title='" . gettext("Restart Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_restart.gif'></a> "; + echo "<img title='" . gettext("Restart Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_restart.gif'></a>\n"; if ($service['name'] == "openvpn") { echo "<a href='status_services.php?mode=stopservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; } else { - echo "<a href='status_services.php?mode=stopservice&service={$service['name']}'> "; + echo "<a href='status_services.php?mode=stopservice&service={$service['name']}'>"; } - echo "<img title='" . gettext("Stop Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_stop.gif'> "; + echo "<img title='" . gettext("Stop Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_stop.gif'>"; echo "</a>"; } else { if ($service['name'] == "openvpn") { @@ -380,20 +379,17 @@ if (count($services) > 0) { echo "<a href='status_services.php?mode=startservice&service={$service['name']}'> "; } - echo "<img title='" . gettext("Start Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'></a> "; + echo "<img title='" . gettext("Start Service") . "' border='0' src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'></a>\n"; } - echo '</td>'; - echo '</tr>'; + echo "</td></tr>\n"; } } else { - echo "<tr><td colspan=\"3\"><center>" . gettext("No services found") . ".</td></tr>"; + echo "<tr><td colspan=\"3\"><center>" . gettext("No services found") . ".</td></tr>\n"; } ?> +</tbody> </table> - -</td> -</tr></table> </div> </p> </form> diff --git a/usr/local/www/system.php b/usr/local/www/system.php index 9a319b3..0074548 100755 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -213,9 +213,8 @@ if ($_POST) { $retval |= system_timezone_configure(); $retval |= system_ntp_configure(); - /* XXX: ermal -- What is this supposed to do?! */ if ($olddnsallowoverride != $config['system']['dnsallowoverride']) - $retval |= interface_configure(); + $retval |= send_event("service reload dns"); // Reload the filter - plugins might need to be run. $retval |= filter_configure(); diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index e7c217b..c3ea1a0 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -468,7 +468,7 @@ if ($restart_webgui) { ob_flush(); flush(); log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - touch("{$g['tmp_path']}/restart_webgui"); + send_event("service restart webgui"); } ?> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index e17f775..8ca3884 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -47,6 +47,7 @@ require("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); +require_once("vpn.inc"); $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); @@ -79,9 +80,9 @@ if ($_POST) { unset($config['system']['lb_use_sticky']); if($_POST['preferoldsa_enable'] == "yes") - $config['system']['preferoldsa'] = true; - else - unset($config['system']['preferoldsa']); + $config['ipsec']['preferoldsa'] = true; + else + unset($config['ipsec']['preferoldsa']); if($_POST['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; @@ -117,6 +118,7 @@ if ($_POST) { activate_powerd(); load_glxsb(); + vpn_ipsec_configure_preferoldsa(); } } @@ -242,7 +244,7 @@ function maxmss_checked(obj) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Security Assocications"); ?></td> <td width="78%" class="vtable"> - <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if (isset($pconfig['preferoldsa_enable'])) echo "checked"; ?> /> + <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> /> <strong><?=gettext("Prefer older IPsec SAs"); ?></strong> <br /> <?=gettext("By default, if several SAs match, the newest one is " . diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 17f7bd8..815802f 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -239,6 +239,7 @@ function method_change() { $tab_array = array(); $tab_array[] = array(gettext("CAs"), true, "system_camanager.php"); $tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php"); + $tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 2f953f6..9a5038e 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -404,6 +404,7 @@ function internalca_change() { $tab_array = array(); $tab_array[] = array(gettext("CAs"), false, "system_camanager.php"); $tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php"); + $tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php new file mode 100644 index 0000000..f1e30f1 --- /dev/null +++ b/usr/local/www/system_crlmanager.php @@ -0,0 +1,432 @@ +<?php +/* + system_crlmanager.php + + Copyright (C) 2010 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: certificate_managaer +*/ + +##|+PRIV +##|*IDENT=page-system-crlmanager +##|*NAME=System: CRL Manager +##|*DESCR=Allow access to the 'System: CRL Manager' page. +##|*MATCH=system_crlmanager.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("certs.inc"); + +$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager")); + +$crl_methods = array( + "internal" => gettext("Create an internal Certificate Revocation List"), + "existing" => gettext("Import an existing Certificate Revocation List")); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (!is_array($config['ca'])) + $config['ca'] = array(); + +$a_ca =& $config['ca']; + +if (!is_array($config['cert'])) + $config['cert'] = array(); + +$a_cert =& $config['cert']; + +if (!is_array($config['crl'])) + $config['crl'] = array(); + +$a_crl =& $config['crl']; + +$act = $_GET['act']; +if ($_POST['act']) + $act = $_POST['act']; + +if ($act == "del") { + + if (!$a_crl[$id]) { + pfSenseHeader("system_crlmanager.php"); + exit; + } + if (crl_in_use($a_crl[$id]['refid'])) { + $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br/>"; + } else { + $name = $a_crl[$id]['name']; + unset($a_crl[$id]); + write_config(); + $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br/>"; + } +} + +if ($act == "new") { + $pconfig['method'] = $_GET['method']; + $pconfig['caref'] = $_GET['caref']; + $pconfig['lifetime'] = "9999"; + $pconfig['serial'] = "0"; +} + +if ($act == "exp") { + + if (!$a_crl[$id]) { + pfSenseHeader("system_crlmanager.php"); + exit; + } + + $exp_name = urlencode("{$a_crl[$id]['name']}.crl"); + $exp_data = base64_decode($a_crl[$id]['text']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($pconfig['method'] == "existing") { + $reqdfields = explode(" ", "name crltext"); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Certificate Revocation List data")); + } + if ($pconfig['method'] == "internal") { + $reqdfields = explode(" ", + "name caref"); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Certificate Authority")); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } + + /* save modifications */ + if (!$input_errors) { + $result = false; + + $crl = array(); + $crl['refid'] = uniqid(); + if (isset($id) && $a_crl[$id]) + $crl = $a_crl[$id]; + + $crl['name'] = $pconfig['name']; + $crl['caref'] = $pconfig['caref']; + + if ($pconfig['method'] == "existing") { + $crl['text'] == base64_encode($pconfig['crltext']); + } + + if ($pconfig['method'] == "internal") { + $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial']; + $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime']; + $crl['cert'] = array(); + } + + if (isset($id) && $a_crl[$id]) + $a_crl[$id] = $crl; + else + $a_crl[] = $crl; + + write_config(); + + pfSenseHeader("system_crlmanager.php"); + } +} + +include("head.inc"); +?> + +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php include("fbegin.inc"); ?> +<script type="text/javascript"> +<!-- + +function method_change() { + + method = document.iform.method.selectedIndex; + + switch (method) { + case 0: + document.getElementById("existing").style.display="none"; + document.getElementById("internal").style.display=""; + break; + case 1: + document.getElementById("existing").style.display=""; + document.getElementById("internal").style.display="none"; + break; + } +} + +//--> +</script> +<?php + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); +?> +NOTE: This page is still a work in progress and is not yet fully functional. +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("CAs"), false, "system_camanager.php"); + $tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php"); + $tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td id="mainarea"> + <div class="tabcont"> + + <?php if ($act == "new" || $act == gettext("Save") || $input_errors): ?> + + <form action="system_crlmanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php if (!isset($id)): ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> + <td width="78%" class="vtable"> + <select name='method' id='method' class="formselect" onchange='method_change()'> + <?php + foreach($crl_methods as $method => $desc): + $selected = ""; + if ($pconfig['method'] == $method) + $selected = "selected"; + ?> + <option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> + <td width="78%" class="vtable"> + <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td> + <td width="78%" class="vtable"> + <select name='caref' id='caref' class="formselect"> + <?php + foreach($a_ca as $ca): + $selected = ""; + if ($pconfig['caref'] == $ca['refid']) + $selected = "selected"; + ?> + <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing"> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td> + <td width="78%" class="vtable"> + <textarea name="cert" id="cert" cols="65" rows="7" class="formfld_crl"><?=$pconfig['crltext'];?></textarea> + <br> + <?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal"> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td> + <td width="78%" class="vtable"> + <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/> + <?=gettext("days");?><br/> + <?=gettext("Default: 9999");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td> + <td width="78%" class="vtable"> + <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/> + <br/> + <?=gettext("Default: 0");?> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <?php if (isset($id) && $a_crl[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif;?> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> + <tr> + <td width="35%" class="listhdrr"><?=gettext("Name");?></td> + <td width="10%" class="listhdrr"><?=gettext("Internal");?></td> + <td width="35%" class="listhdrr"><?=gettext("Certificates");?></td> + <td width="10%" class="listhdrr"><?=gettext("In Use");?></td> + <td width="10%" class="list"></td> + </tr> + </thead> + <tbody> + <?php + // Map CRLs to GWs in one pass + $ca_crl_map = array(); + foreach($a_crl as $crl) + $ca_crl_map[$crl['caref']][] = $crl['refid']; + + $i = 0; + foreach($a_ca as $ca): + $name = htmlspecialchars($ca['name']); + + if($ca['prv']) { + $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; + $internal = "YES"; + } else + continue; + ?> + <tr> + <td class="listlr" colspan="4"> + <table border="0" cellpadding="0" cellspacing="0"> + <tr> + <td align="left" valign="center"> + <img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" /> + </td> + <td align="left" valign="middle"> + <?=$name;?> + </td> + </tr> + </table> + </td> + <td class="list"> + <a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add or Import CRL for ") . $ca['name'];?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> + </a> + </td> + </tr> + + <?php + if (is_array($ca_crl_map[$ca['refid']])): + foreach($ca_crl_map[$ca['refid']] as $crl): + $tmpcrl = lookup_crl($crl); + $internal = is_crl_internal($tmpcrl); + $inuse = crl_in_use($tmpcrl['refid']); + ?> + <tr> + <td class="listlr"><?php echo $tmpcrl['name']; ?></td> + <td class="listr"><?php echo ($internal) ? "YES" : "NO"; ?></td> + <td class="listr"><?php echo ($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td> + <td class="listr"><?php echo ($inuse) ? "YES" : "NO"; ?></td> + <td valign="middle" nowrap class="list"> + <a href="system_crlmanager.php?act=exp&id=<?=$i;?>")"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['name']);?>" alt="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['name']);?>" width="17" height="17" border="0" /> + </a> + <?php if (!$inuse): ?> + <a href="system_crlmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['name']) . ')';?>')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['name']);?>" alt="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['name']); ?>" width="17" height="17" border="0" /> + </a> + <?php endif; ?> + </td> + </tr> + <?php + $i++; + endforeach; + endif; + ?> + <tr><td colspan="5"> </td></tr> + <?php + $i++; + endforeach; + ?> + </tbody> + <tfoot> + <tr> + <td colspan="5"> + <p> + <?=gettext("Additional Certificate Revocation Lists can be added here.");?> + </p> + </td> + </tr> + </tfoot> + </table> + + <?php endif; ?> + + </div> + </td> + </tr> +</table> +<?php include("fend.inc");?> +<script type="text/javascript"> +<!-- + +method_change(); + +//--> +</script> + +</body> diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index f767aff..de03928 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -115,6 +115,7 @@ include("head.inc"); <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> <tr> <td width="15%" class="listhdrr"><?=gettext("Group Name");?></td> <td width="15%" class="listhdrr"><?=gettext("Gateways");?></td> @@ -129,13 +130,14 @@ include("head.inc"); </table> </td> </tr> + </thead> + <tbody> <?php $i = 0; foreach ($a_gateway_groups as $gateway_group): ?> <tr> <td class="listlr" ondblclick="document.location='system_gateway_groups_edit.php?id=<?=$i;?>';"> <?php echo $gateway_group['name']; - ?> - + ?> </td> <td class="listr" ondblclick="document.location='system_gateway_groups_edit.php?id=<?=$i;?>';"> <?php @@ -154,7 +156,7 @@ include("head.inc"); ?> </td> <td class="listbg" ondblclick="document.location='system_gateway_groups_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($gateway_group['descr']);?> + <?=htmlspecialchars($gateway_group['descr']);?> </td> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> @@ -171,6 +173,8 @@ include("head.inc"); </tr> <?php $i++; endforeach; ?> <tr> + </tbody> + <tfoot> <td class="list" colspan="4"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> @@ -185,8 +189,10 @@ include("head.inc"); </div> </td> </tr> + </tfoot> </table> </form> + <p><b><?=gettext("Note:");?></b> <?=gettext("Remember to use these Gateway Groups in firewall rules in order to enable load balancing, failover, or policy-based routing. Without rules directing traffic into the Gateway Groups, they will not be used.");?></p> <?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 268a5da..f0e5619 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -115,9 +115,8 @@ if ($_POST) { $input_errors[] = sprintf(gettext('A gateway group cannot have the same name with a gateway "%s" please choose another name.'), $_POST['name']); } - if(count($pconfig['item']) == 0) { + if(count($pconfig['item']) == 0) $input_errors[] = gettext("No gateway(s) have been selected to be used in this group"); - } if (!$input_errors) { $gateway_group = array(); @@ -152,9 +151,9 @@ include("head.inc"); <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="system_gateway_groups_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit gateway entry"); ?></td> - </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit gateway entry"); ?></td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Group Name"); ?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index 0e3bc43..bfc1700 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -166,33 +166,31 @@ include("head.inc"); <?php $i = 0; foreach ($a_gateways as $gateway): ?> <tr> <td class="listlr" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> - <?php + <?php echo $gateway['name']; - if(isset($gateway['defaultgw'])) { + if(isset($gateway['defaultgw'])) echo " <strong>(default)<strong>"; - } - ?> - + ?> </td> <td class="listr" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> - <?php - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($gateway['friendlyiface'])); - ?> + <?php + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($gateway['friendlyiface'])); + ?> </td> <td class="listr" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> - <?php - echo $gateway['gateway'] . " "; - ?> + <?php + echo $gateway['gateway'] . " "; + ?> </td> <td class="listr" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> - <?php - echo htmlspecialchars($gateway['monitor']) . " "; - ?> + <?php + echo htmlspecialchars($gateway['monitor']) . " "; + ?> </td> - <?php if($gateway['attribute'] == "system") : ?> - <td class="listbgns" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> - <?php else : ?> + <?php if (is_numeric($gateway['attribute'])) : ?> <td class="listbg" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> + <?php else : ?> + <td class="listbgns" ondblclick="document.location='system_gateways_edit.php?id=<?=$i;?>';"> <?php endif; ?> <?=htmlspecialchars($gateway['descr']);?> </td> @@ -202,7 +200,7 @@ include("head.inc"); <tr> <td><a href="system_gateways_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a> <?php - if ($gateway['attribute'] != "system") : ?> + if (is_numeric($gateway['attribute'])) : ?> <td> <a href="system_gateways.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this gateway?"); ?>')"> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"> @@ -219,7 +217,7 @@ include("head.inc"); </table> </tr> - <?php $i++; endforeach; ?> + <?php $i++; endforeach; ?> <tr> <td class="list" colspan="5"></td> <td class="list"> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 3901d84..b9ea2fe 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -42,7 +42,7 @@ require("guiconfig.inc"); require("pkg-utils.inc"); -$a_gateways = return_gateways_array(); +$a_gateways = return_gateways_array(true); $a_gateways_arr = array(); foreach($a_gateways as $gw) { $a_gateways_arr[] = $gw; @@ -76,11 +76,7 @@ if (isset($id) && $a_gateways[$id]) { $pconfig['down'] = $a_gateway_item[$id]['down']; if (isset($a_gateways[$id]['dynamic'])) $pconfig['dynamic'] = true; - if(($a_gateways[$id]['monitor'] <> "") && ($a_gateways[$id]['attribute'] != "system") && ($a_gateways[$id]['gateway'] != "dynamic")) { - $pconfig['monitor'] = $a_gateways[$id]['monitor']; - } else { - $pconfig['monitor'] == ""; - } + $pconfig['monitor'] = $a_gateways[$id]['monitor']; $pconfig['descr'] = $a_gateways[$id]['descr']; $pconfig['attribute'] = $a_gateways[$id]['attribute']; } @@ -196,10 +192,10 @@ if ($_POST) { $save = false; if (($_POST['weight'] && $_POST['weight'] > 1) || $_POST['latencylow'] || $_POST['latencyhigh'] || $_POST['losslow'] || $_POST['losshigh'] || $_POST['down'] || - $_POST['defaultgw'] || ($_POST['gateway'] && $_POST['gateway'] != "dynamic")) + $_POST['defaultgw'] || ($_POST['gateway'] && $_POST['gateway'] != "dynamic") || $_POST['monitor']) $save = true; /* if we are processing a system gateway only save the monitorip */ - if (!$save && empty($_POST['interface']) && empty($_POST['gateway'])) { + if (!$save && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) { if (is_ipaddr($_POST['monitor'])) { if (empty($_POST['interface'])) $interface = $pconfig['friendlyiface']; @@ -208,9 +204,8 @@ if ($_POST) { $config['interfaces'][$interface]['monitorip'] = $_POST['monitor']; } /* when dynamic gateway is not anymore a default the entry is no more needed. */ - if (isset($id) && $a_gateway_item[$id]) { + if (isset($id) && $a_gateway_item[$id]) unset($a_gateway_item[$id]); - } } else { /* Manual gateways are handled differently */ @@ -218,16 +213,19 @@ if ($_POST) { $gateway = array(); $gateway['interface'] = $_POST['interface']; - $gateway['gateway'] = $_POST['gateway']; + if (is_ipaddr($_POST['gateway'])) + $gateway['gateway'] = $_POST['gateway']; + else + $gateway['gateway'] = "dynamic"; $gateway['name'] = $_POST['name']; $gateway['weight'] = $_POST['weight']; $gateway['descr'] = $_POST['descr']; - if(is_ipaddr($_POST['monitor'])) { + if (is_ipaddr($_POST['monitor'])) $gateway['monitor'] = $_POST['monitor']; - } else { + else unset($gateway['monitor']); - } - if ($_POST['defaultgw'] == "yes" or $_POST['defaultgw'] == "on") { + + if ($_POST['defaultgw'] == "yes" || $_POST['defaultgw'] == "on") { $i = 0; foreach($a_gateway_item as $gw) { unset($config['gateways']['gateway_item'][$i]['defaultgw']); @@ -235,9 +233,8 @@ if ($_POST) { } $gateway['defaultgw'] = true; $reloadif = true; - } else { + } else unset($gateway['defaultgw']); - } if ($_POST['latencylow']) $gateway['latencylow'] = $_POST['latencylow']; @@ -251,13 +248,11 @@ if ($_POST) { $gateway['down'] = $_POST['down']; /* when saving the manual gateway we use the attribute which has the corresponding id */ - if (isset($id) && $a_gateway_item[$id]) { + if (isset($id) && $a_gateway_item[$id]) $a_gateway_item[$id] = $gateway; - } else { + else $a_gateway_item[] = $gateway; - } } - system_resolvconf_generate(); mark_subsystem_dirty('staticroutes'); write_config(); @@ -266,11 +261,11 @@ if ($_POST) { echo $_POST['name']; exit; } else if ($reloadif == true) - interface_configure($_POST['interface']); + send_event("interface reconfigure {$_POST['interface']}"); header("Location: system_gateways.php"); exit; - } else { + } else { $pconfig = $_POST; if (empty($_POST['friendlyiface'])) $pconfig['friendlyiface'] = $_POST['interface']; diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 422e3c3..d957f86 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -798,7 +798,8 @@ function autotls_change() { <?php else: ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> <tr> <td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td> <td width="10%" class="listhdrr"><?=gettext("Protocol"); ?></td> @@ -806,6 +807,8 @@ function autotls_change() { <td width="40%" class="listhdrr"><?=gettext("Description"); ?></td> <td width="10%" class="list"></td> </tr> + </thead> + <tbody> <?php $i = 0; foreach($a_client as $client): @@ -841,6 +844,8 @@ function autotls_change() { $i++; endforeach; ?> + </tbody> + <tfoot> <tr> <td class="list" colspan="4"></td> <td class="list"> @@ -855,6 +860,7 @@ function autotls_change() { </p> </td> </tr> + </tfoot> </table> <?php endif; ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4eec76d..d05522d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -99,6 +99,7 @@ if($_GET['act']=="edit"){ $pconfig['tls'] = base64_decode($a_server[$id]['tls']); } $pconfig['caref'] = $a_server[$id]['caref']; + $pconfig['crlref'] = $a_server[$id]['crlref']; $pconfig['certref'] = $a_server[$id]['certref']; $pconfig['dh_length'] = $a_server[$id]['dh_length']; } else @@ -291,6 +292,7 @@ if ($_POST) { $server['tls'] = base64_encode($pconfig['tls']); } $server['caref'] = $pconfig['caref']; + $server['crlref'] = $pconfig['crlref']; $server['certref'] = $pconfig['certref']; $server['dh_length'] = $pconfig['dh_length']; } else { @@ -374,6 +376,7 @@ function mode_change() { case "server_tls_user": document.getElementById("tls").style.display=""; document.getElementById("tls_ca").style.display=""; + document.getElementById("tls_crl").style.display=""; document.getElementById("tls_cert").style.display=""; document.getElementById("tls_dh").style.display=""; document.getElementById("psk").style.display="none"; @@ -381,6 +384,7 @@ function mode_change() { case "p2p_shared_key": document.getElementById("tls").style.display="none"; document.getElementById("tls_ca").style.display="none"; + document.getElementById("tls_crl").style.display="none"; document.getElementById("tls_cert").style.display="none"; document.getElementById("tls_dh").style.display="none"; document.getElementById("psk").style.display=""; @@ -708,6 +712,24 @@ function netbios_change() { </select> </td> </tr> + <tr id="tls_crl"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Revocation List"); ?></td> + <td width="78%" class="vtable"> + <select name='crlref' class="formselect"> + <option value="">None</option> + <?php + foreach ($config['crl'] as $crl): + if (is_crl_internal($crl) && (count($crl['cert']) <= 0)) + continue; + $selected = ""; + if ($pconfig['crlref'] == $crl['refid']) + $selected = "selected"; + ?> + <option value="<?=$crl['refid'];?>" <?=$selected;?>><?=$crl['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr id="tls_cert"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Server Certificate"); ?></td> <td width="78%" class="vtable"> @@ -1215,6 +1237,7 @@ function netbios_change() { <?php else: ?> <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> <tr> <td width="10%" class="listhdrr"><?=gettext("Disabled"); ?></td> <td width="10%" class="listhdrr"><?=gettext("Protocol / Port"); ?></td> @@ -1222,6 +1245,8 @@ function netbios_change() { <td width="40%" class="listhdrr"><?=gettext("Description"); ?></td> <td width="10%" class="list"></td> </tr> + </thead> + <tbody> <?php $i = 0; foreach($a_server as $server): @@ -1256,6 +1281,8 @@ function netbios_change() { $i++; endforeach; ?> + </tbody> + <tfoot> <tr> <td class="list" colspan="4"></td> <td class="list"> @@ -1263,6 +1290,7 @@ function netbios_change() { </a> </td> </tr> + </tfoot> </table> <?=gettext("Additional OpenVPN servers can be added here.");?> diff --git a/usr/local/www/widgets/widgets/gateways.widget.php b/usr/local/www/widgets/widgets/gateways.widget.php index bd643fb..db6a83a 100644 --- a/usr/local/www/widgets/widgets/gateways.widget.php +++ b/usr/local/www/widgets/widgets/gateways.widget.php @@ -63,7 +63,7 @@ $counter = 1; <?php if ($gateways_status[$gname]) echo $gateways_status[$gname]['delay']; else - echo "Unknown"; + echo gettext("Gathering data"); ?> <?php $counter++; ?> </td> @@ -71,7 +71,7 @@ $counter = 1; <?php if ($gateways_status[$gname]) echo $gateways_status[$gname]['loss']; else - echo "Unknown"; + echo gettext("Gathering data"); ?> <?php $counter++; ?> </td> @@ -92,7 +92,7 @@ $counter = 1; $bgcolor = "lightgreen"; } } else { - $online = "Unknown"; + $online = gettext("Gathering data"); $bgcolor = "lightgray"; } echo "<tr><td bgcolor=\"$bgcolor\" > $online </td>"; diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index d255725..3ccf662 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -145,7 +145,7 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type if($field_type == "interfaces_selection") { $var = "\$config{$field_conv}"; $text = "if (isset({$var})) unset({$var});"; - $text = "\$config" . $field_conv . " = \"" . $updatetext . "\";"; + $text .= "\$config" . $field_conv . " = \"" . $updatetext . "\";"; eval($text); return; } @@ -430,6 +430,7 @@ function showchange() { } break; case "interfaces_selection": + case "interface_select": $size = ""; $multiple = ""; $name = strtolower($name); @@ -448,8 +449,16 @@ function showchange() { if($field['add_to_interfaces_selection'] == $value) $SELECTED = " SELECTED"; echo "<option value='" . $field['add_to_interfaces_selection'] . "'" . $SELECTED . ">" . $field['add_to_interfaces_selection'] . "</option>\n"; } - $interfaces = get_configured_interface_with_descr(); + if($field['type'] == "interface_select") + $interfaces = get_interface_list(); + else + $interfaces = get_configured_interface_with_descr(); foreach ($interfaces as $ifname => $iface) { + if (is_array($iface)) { + if ($iface['mac']) + $iface = $ifname. " ({$iface['mac']})"; + } else + $iface = $ifname; $SELECTED = ""; if ($value == $ifname) $SELECTED = " SELECTED"; $to_echo = "<option value='" . $ifname . "'" . $SELECTED . ">" . $iface . "</option>\n"; diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index 5e95b8b..5e1ab47 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -44,7 +44,7 @@ <type>select</type> <displayname>Type of Server</displayname> <name>authtype</name> - <description><br/><b>NOTE:</b> If you are unsure, leave this set to "Local User Aceess."</description> + <description><br/><b>NOTE:</b> If you are unsure, leave this set to "Local User Access."</description> <bindstofield>ovpnserver->step1->type</bindstofield> <options> <option> diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index d0ef4b3..aad3a59 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -162,14 +162,13 @@ if(document.forms[0].ipaddress.value == 'dhcp') { selectedItem = 1; document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'PPPoE') { + } else if(document.forms[0].ipaddress.value == 'pppoe') { selectedItem = 2; document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'PPTP') { + } else if(document.forms[0].ipaddress.value == 'pptp') { selectedItem = 3; document.forms[0].ipaddress.value = ''; - } else if(document.forms[0].ipaddress.value == 'BigPond') { - selectedItem = 4; + } else if(document.forms[0].ipaddress.value == 'ppp' || document.forms[0].ipaddress.value == 'l2tp') { document.forms[0].ipaddress.value = ''; } else { selectedItem = 0; @@ -211,6 +210,13 @@ <type>listtopic</type> </field> <field> + <name>interface</name> + <type>interface_select</type> + <donotdisable>true</donotdisable> + <displayname>Interface</displayname> + <bindstofield>interfaces->wan->if</bindstofield> + </field> + <field> <donotdisable>true</donotdisable> <name>MAC Address</name> <bindstofield>interfaces->wan->spoofmac</bindstofield> @@ -271,28 +277,31 @@ <field> <name>PPPoE Username</name> <type>input</type> - <bindstofield>interfaces->wan->pppoe_username</bindstofield> + <bindstofield>interfaces->tmp->username</bindstofield> </field> <field> <name>PPPoE Password</name> <type>input</type> - <bindstofield>interfaces->wan->pppoe_password</bindstofield> + <bindstofield>interfaces->tmp->password</bindstofield> </field> <field> <name>PPPoE Service name</name> <type>input</type> <description>Hint: this field can usually be left empty</description> + <bindstofield>interfaces->tmp->provider</bindstofield> </field> <field> <name>PPPoE Dial on demand</name> <typehint>Enable Dial-On-Demand mode</typehint> <type>checkbox</type> <description>This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</description> + <bindstofield>interfaces->tmp->ondemand</bindstofield> </field> <field> <name>PPPoE Idle timeout</name> <type>input</type> <description>If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</description> + <bindstofield>interfaces->tmp->idletimeout</bindstofield> </field> <field> <name>PPTP configuration</name> @@ -301,19 +310,19 @@ <field> <name>PPTP Username</name> <type>input</type> - <bindstofield>interfaces->wan->pptp_username</bindstofield> + <bindstofield>interfaces->tmp->pptpusername</bindstofield> </field> <field> <name>PPTP Password</name> <type>input</type> - <bindstofield>interfaces->wan->pptp_password</bindstofield> + <bindstofield>interfaces->tmp->pptppassword</bindstofield> </field> <field> <combinefieldsbegin>true</combinefieldsbegin> <name>PPTP Local IP Address</name> <type>input</type> <typehint> / </typehint> - <bindstofield>pptp->local</bindstofield> + <bindstofield>interfaces->tmp->localip</bindstofield> <validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate> <message>PPTP Local IP Address field is invalid</message> </field> @@ -322,12 +331,12 @@ <dontdisplayname>true</dontdisplayname> <dontcombinecells>true</dontcombinecells> <name>pptplocalsubnet</name> - <bindstofield>pptp->subnet</bindstofield> + <bindstofield>interfaces->tmp->subnet</bindstofield> <type>subnet_select</type> </field> <field> <name>PPTP Remote IP Address</name> - <bindstofield>pptp->remote</bindstofield> + <bindstofield>interfaces->tmp->gateway</bindstofield> <type>input</type> <validate>^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$</validate> <message>PPTP Remote IP Address field is invalid</message> @@ -336,13 +345,13 @@ <name>PPTP Dial on demand</name> <typehint>Enable Dial-On-Demand mode</typehint> <type>checkbox</type> - <bindstofield>pptp->ondemand</bindstofield> + <bindstofield>interfaces->tmp->pptpondemand</bindstofield> <description>This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</description> </field> <field> <name>PPTP Idle timeout</name> <type>input</type> - <bindstofield>pptp->timeout</bindstofield> + <bindstofield>interfaces->tmp->pptpidletimeout</bindstofield> <description>If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</description> </field> <field> @@ -374,6 +383,11 @@ <type>submit</type> </field> </fields> + <stepbeforeformdisplay> + <![CDATA[ + $config['interfaces']['tmp'] = array(); + ]]> + </stepbeforeformdisplay> <stepsubmitphpaction> <![CDATA[ if(!empty($_POST['mtu']) && ($_POST['mtu'] < 576)) { @@ -400,6 +414,40 @@ print_info_box_np("Invalid PPTP Remopte IP Address. Please press back in your browser window and correct."); die; } + $type = $_POST['selectedtype']; + if ($type == "pppoe" || $type == "pptp") { + if (!is_array($config['ppps']['ppp'])) + $config['ppps']['ppp'] = array(); + if (count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($ppp['ptpid'] == "0") { + unset($config['ppps']['ppp'][$pppid]); + // break; + } + + } + } + if ($type == "pptp") { + $config['interfaces']['tmp']['username'] = $config['interfaces']['tmp']['pptpusername']; + $config['interfaces']['tmp']['password'] = $config['interfaces']['tmp']['pptppassword']; + $config['interfaces']['tmp']['ondemand'] = $config['interfaces']['tmp']['pptpondemand']; + $config['interfaces']['tmp']['idletimeout'] = $config['interfaces']['tmp']['pptpidletimeout']; + unset($config['interfaces']['tmp']['pptpusername']); + unset($config['interfaces']['tmp']['pptppassword']); + unset($config['interfaces']['tmp']['pptpondemand']); + unset($config['interfaces']['tmp']['pptpidletimeout']); + } + $config['interfaces']['tmp']['password'] = base64_encode($config['interfaces']['tmp']['password']); + $tmp = array(); + $tmp['ptpid'] = "0"; + $tmp['type'] = $type; + $tmp['if'] = $type . "0"; + $tmp['ports'] = $config['interfaces']['wan']['if']; + $config['ppps']['ppp'][] = array_merge($tmp, $config['interfaces']['tmp']); + unset($tmp); + $config['interfaces']['wan']['if'] = $type."0"; + } + unset($config['interfaces']['tmp']); ]]> </stepsubmitphpaction> <stepsubmitbeforesave> |
