summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/inc/dyndns.class49
-rw-r--r--etc/inc/filter.inc91
-rw-r--r--etc/inc/rrd.inc2
-rw-r--r--etc/inc/services.inc4
-rw-r--r--etc/inc/voucher.inc10
-rwxr-xr-xtmp/post_upgrade_command10
-rwxr-xr-xtmp/post_upgrade_command.php3
-rwxr-xr-xusr/local/www/firewall_nat_out.php12
-rw-r--r--usr/local/www/services_captiveportal_vouchers.php3
9 files changed, 104 insertions, 80 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class
index 150dedc..01209b9 100644
--- a/etc/inc/dyndns.class
+++ b/etc/inc/dyndns.class
@@ -795,12 +795,13 @@
if($successful_update == true) {
/* Write WAN IP to cache file */
$wan_ip = $this->_checkIP();
- $currentTime = time();
- log_error("phpDynDNS: updating cache file {$this->_cacheFile}: {$wan_ip}");
conf_mount_rw();
- $file = fopen($this->_cacheFile, 'w');
- fwrite($file, $wan_ip.':'.$currentTime);
- fclose($file);
+ if ($wan_ip > 0) {
+ $currentTime = time();
+ log_error("phpDynDNS: updating cache file {$this->_cacheFile}: {$wan_ip}");
+ @file_put_contents($this->_cacheFile, "{$wan_ip}:{$currentTime}");
+ } else
+ @unlink($this->_cacheFile);
conf_mount_ro();
}
$this->status = $status;
@@ -853,32 +854,37 @@
* | work with other systems. pfSense base is FreeBSD.
*/
function _detectChange() {
-
- log_error("DynDns: _detectChange() starting.");
+ global $debug;
+
+ if ($debug)
+ log_error("DynDns: _detectChange() starting.");
$currentTime = time();
$wan_ip = $this->_checkIP();
+ if ($wan_ip == 0) {
+ log_error("DynDns: Current WAN IP could not be determined, skipping update process.");
+ return false;
+ }
$this->_dnsIP = $wan_ip;
- log_error("DynDns: Current WAN IP: {$wan_ip}");
+ $log_error = "DynDns: Current WAN IP: {$wan_ip} ";
if (file_exists($this->_cacheFile)) {
$contents = file_get_contents($this->_cacheFile);
list($cacheIP,$cacheTime) = split(':', $contents);
$this->_debug($cacheIP.'/'.$cacheTime);
$initial = false;
- log_error("DynDns: Cached IP: {$cacheIP}");
+ $log_error .= "Cached IP: {$cacheIP} ";
} else {
conf_mount_rw();
- $file = fopen($this->_cacheFile, 'w');
- fwrite($file, '0.0.0.0:'.$currentTime);
- fclose($file);
- conf_mount_ro();
$cacheIP = '0.0.0.0';
+ @file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}");
+ conf_mount_ro();
$cacheTime = $currentTime;
$initial = true;
- log_error("DynDns: No Cached IP found.");
+ $log_error .= "No Cached IP found.";
}
+ log_error($log_error);
/* use 2419200 for dyndns, dhs, easydns, noip, hn
* zoneedit, dyns, ods
@@ -928,10 +934,14 @@
conf_mount_ro();
}
function _checkIP() {
+ global $debug;
- log_error("DynDns: _checkIP() starting.");
+ if ($debug)
+ log_error("DynDns: _checkIP() starting.");
$ip_address = find_interface_ip($this->_if);
+ if (!is_ipaddr($ip_address))
+ return 0;
$this->_ifIP = $ip_address;
if (is_private_ip($ip_address)) {
$hosttocheck = "checkip.dyndns.org";
@@ -944,7 +954,7 @@
}
if ($try >= 3) {
log_error("Dyndns debug information: Could not resolve {$hosttocheck} to ip using interface ip {$ip_address}.");
- return $ip_address; /* XXX: Might return private ip address! */
+ return 0;
}
$ip_ch = curl_init("http://{$checkip}");
curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1);
@@ -957,7 +967,12 @@
$ip_result_decoded = urldecode($ip_result_page);
preg_match('/Current IP Address: (.*)<\/body>/', $ip_result_decoded, $matches);
$ip_address = trim($matches[1]);
- log_error("DynDns debug information: {$ip_address} extracted from {$hosttocheck}");
+ if (is_ipaddr($ip_address))
+ log_error("DynDns debug information: {$ip_address} extracted from {$hosttocheck}");
+ else {
+ log_error("DynDns debug information: IP address could not be extracted from {$hosttocheck}");
+ return 0;
+ }
} else
log_error("DynDns debug information: {$ip_address} extracted from local system.");
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 1cabd29..78ad19f 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -514,8 +514,15 @@ function filter_generate_aliases() {
$aliases = "loopback = \"{ lo0 }\"\n";
foreach ($FilterIflist as $if => $ifcfg) {
- $aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}";
- $aliases .= " }\"\n";
+ if (is_array($ifcfg[0])) {
+ if ($ifcfg[0]['if'] == 'pppoe') {
+ $aliases .= "{$ifcfg[0]['descr']} = \"{ {$ifcfg[0]['if']}";
+ $aliases .= " }\"\n";
+ }
+ } else {
+ $aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}";
+ $aliases .= " }\"\n";
+ }
}
$aliases .= "\n#SSH Lockout Table\n";
@@ -696,9 +703,15 @@ function filter_get_vpns_list() {
}
}
/* pppoe */
- if($config['pppoe']['remoteip']) {
- if(is_subnet($tunnel['remote-subnet'])) {
- $vpns_arr[] = $config['pppoe']['remoteip'] ."/". $config['pppoe']['pppoe_subnet'];
+ if (is_array($config['pppoes']['pppoe'])) {
+ foreach($config['pppoes']['pppoe'] as $pppoe) {
+ if ($pppoe['mode'] == "server") {
+ if(is_ipaddr($pppoe['remoteip'])) {
+ $pppoesub = gen_subnet($pppoe['remoteip'], $pppoe['pppoe_subnet']);
+ if (is_subnet($pppoesub))
+ $vpns_arr[] = $pppoesub;
+ }
+ }
}
}
if(!empty($vpns_arr)) {
@@ -789,19 +802,24 @@ function filter_generate_optcfg_array() {
$oic['virtual'] = true;
$FilterIflist['l2tp'] = $oic;
}
- if($config['pppoe']['mode'] == "server") {
- $oic = array();
- $oic['if'] = 'pppoe';
- $oic['descr'] = 'pppoe';
- $oic['ip'] = $config['pppoe']['localip'];
- $oic['sa'] = $config['pppoe']['remoteip'];
- $oic['mode'] = $config['pppoe']['mode'];
- $oic['virtual'] = true;
- if($config['pppoe']['pppoe_subnet'] <> "")
- $oic['sn'] = $config['pppoe']['pppoe_subnet'];
- else
- $oic['sn'] = "32";
- $FilterIflist['pppoe'] = $oic;
+ if (is_array($config['pppoes']['pppoe'])) {
+ $FilterIflist['pppoe'] = array();
+ foreach($config['pppoes']['pppoe'] as $pppoe) {
+ if ($pppoe['mode'] == "server") {
+ $oic = array();
+ $oic['if'] = 'pppoe';
+ $oic['descr'] = 'pppoe';
+ $oic['ip'] = $pppoe['localip'];
+ $oic['sa'] = $pppoe['remoteip'];
+ $oic['mode'] = $pppoe['mode'];
+ $oic['virtual'] = true;
+ if($pppoe['pppoe_subnet'] <> "")
+ $oic['sn'] = $pppoe['pppoe_subnet'];
+ else
+ $oic['sn'] = "32";
+ $FilterIflist['pppoe'][] = $oic;
+ }
+ }
}
/* add ipsec interfaces */
if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
@@ -1022,7 +1040,6 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
$target = $FilterIflist[$rule['target']]['ip'];
else
return "";
-
$starting_localhost_port_tmp = $starting_localhost_port;
$toomanyports = false;
/* only install reflection rules for < 19991 items */
@@ -1071,7 +1088,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
$toadd_array = array_merge($toadd_array, range($loc_pt[0], $loc_pt[0] + $delta));
if(!empty($toadd_array)) {
- $target = explode(" ", trim($target));
+ $rtarget = explode(" ", trim($target));
foreach($toadd_array as $tda) {
if (empty($tda))
continue;
@@ -1083,7 +1100,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
$socktype = "stream";
$dash_u = "";
}
- foreach ($target as $targip) {
+ foreach ($rtarget as $targip) {
if (empty($targip))
continue;
$reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n";
@@ -1327,19 +1344,18 @@ function filter_nat_rules_generate() {
}
}
/* PPTP subnet */
- if(isset($FilterIflist['pptp']) && $FilterIflist['pptp']['mode'] == "server" ) {
- $pptp_subnet = $FilterIflist['pptp']['sn'];
- if(is_private_ip($FilterIflist['pptp']['sa']) && !empty($pptp_subnet)) {
- $numberofnathosts++;
- $tonathosts .= "{$FilterIflist['pptp']['sa']}/{$pptp_subnet} ";
- }
+ if(($config['pptpd']['mode'] == "server" ) && is_private_ip($config['pptpd']['remoteip'])) {
+ $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units']));
+ $numberofnathosts += count($pptp_subnets);
+ $tonathosts .= implode(" ", $pptp_subnets) . " ";
}
/* PPPoE subnet */
- if(isset($FilterIflist['pppoe']) && $FilterIflist['pppoe']['mode'] == "server") {
- $pppoe_subnet = $FilterIflist['pppoe']['sn'];
- if(is_private_ip($FilterIflist['pppoe']['sa']) && !empty($pppoe_subnet)) {
- $numberofnathosts++;
- $tonathosts .= "{$FilterIflist['pppoe']['sa']}/{$pppoe_subnet} ";
+ if (is_array($FilterIflist['pppoe'])) {
+ foreach ($FilterIflist['pppoe'] as $pppoe) {
+ if(is_private_ip($pppoe['ip'])) {
+ $numberofnathosts++;
+ $tonathosts .= "{$pppoe['sa']}/{$pppoe['sn']} ";
+ }
}
}
/* L2TP subnet */
@@ -1643,9 +1659,12 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
$src = "{$pptpsa}/{$pptpsn}";
break;
case 'pppoe':
- $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']);
- $pppoesn = $FilterIflist['pppoe']['sn'];
- $src = "{$pppoesa}/{$pppoesn}";
+ /* XXX: This needs to be fixed somehow! */
+ if (is_array($FilterIflist['pppoe'])) {
+ $pppoesa = gen_subnet($FilterIflist['pppoe'][0]['ip'], $FilterIflist['pppoe'][0]['sn']);
+ $pppoesn = $FilterIflist['pppoe'][0]['sn'];
+ $src = "{$pppoesa}/{$pppoesn}";
+ }
break;
}
if(isset($rule[$target]['not']))
@@ -1704,7 +1723,6 @@ function filter_generate_user_rule($rule) {
}
update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
$pptpdcfg = $config['pptpd'];
- $pppoecfg = $config['pppoe'];
$int = "";
$aline = array();
@@ -2014,7 +2032,6 @@ function filter_rules_generate() {
}
$pptpdcfg = $config['pptpd'];
- $pppoecfg = $config['pppoe'];
$ipfrules = "";
//$ipfrules .= discover_pkg_rules("filter");
diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc
index cb6f321..17ab2ab 100644
--- a/etc/inc/rrd.inc
+++ b/etc/inc/rrd.inc
@@ -394,7 +394,7 @@ function enable_rrd_graphing() {
$rrdupdatesh .= " sleep 0.2\n";
$rrdupdatesh .= " echo \"quit\"\n";
$rrdupdatesh .= "}\n";
- $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n";
+ $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n";
$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n";
}
diff --git a/etc/inc/services.inc b/etc/inc/services.inc
index df0914c..3f3225c 100644
--- a/etc/inc/services.inc
+++ b/etc/inc/services.inc
@@ -275,7 +275,7 @@ EOPP;
$dhcpdconf .= " deny dynamic bootp clients;\n";
if (isset($dhcpifconf['denyunknown']))
- $dhcpdconf .= " deny unknown clients;\n";
+ $dhcpdconf .= " deny unknown-clients;\n";
if ($dhcpifconf['gateway'])
$routers = $dhcpifconf['gateway'];
@@ -606,8 +606,6 @@ function services_dyndns_configure_client($conf) {
/* load up the dyndns.class */
require_once("dyndns.class");
- log_error("DynDns: Running updatedns()");
-
$dns = new updatedns($dnsService = $conf['type'],
$dnsHost = $conf['host'],
$dnsUser = $conf['username'],
diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc
index 3b9f1ba..f7f5b01 100644
--- a/etc/inc/voucher.inc
+++ b/etc/inc/voucher.inc
@@ -164,8 +164,7 @@ function voucher_auth($voucher_received, $test = 0) {
$tickets_per_roll = array();
$minutes_per_roll = array();
if (is_array($config['voucher']['roll'])) {
- $a_roll = &$config['voucher']['roll'];
- foreach ($a_roll as $rollent) {
+ foreach ($config['voucher']['roll'] as $rollent) {
$tickets_per_roll[$rollent['number']] = $rollent['count'];
$minutes_per_roll[$rollent['number']] = $rollent['minutes'];
}
@@ -192,7 +191,7 @@ function voucher_auth($voucher_received, $test = 0) {
list($status, $roll, $nr) = explode(" ", $result);
if ($status == "OK") {
if (!$first_voucher) {
- // store first voucher. Thats the one we give the timecredit
+ // store first voucher. Thats the one we give the timecredit
$first_voucher = $voucher;
$first_voucher_roll = $roll;
}
@@ -352,11 +351,10 @@ function voucher_configure($sync = false) {
if (($g['booting'] || $sync == true) && is_array($config['voucher']['roll'])) {
- // create active and used DB per roll on ramdisk from config
- $a_roll = &$config['voucher']['roll'];
$voucherlck = lock('voucher', LOCK_EX);
- foreach ($a_roll as $rollent) {
+ // create active and used DB per roll on ramdisk from config
+ foreach ($config['voucher']['roll'] as $rollent) {
$roll = $rollent['number'];
voucher_write_used_db($roll, $rollent['used']);
diff --git a/tmp/post_upgrade_command b/tmp/post_upgrade_command
index 99285e4..8603a53 100755
--- a/tmp/post_upgrade_command
+++ b/tmp/post_upgrade_command
@@ -2,7 +2,9 @@
/etc/rc.conf_mount_rw
+PFSENSETYPE=`cat /etc/platform`
KERNELTYPE=`cat /boot/kernel/pfsense_kernel.txt`
+
if [ $KERNELTYPE = "wrap" ]; then
if [ -f /kernels/kernel_wrap.gz ]; then
tar xzpf /kernels/kernel_wrap.gz --exclude loader.conf -C /boot/
@@ -26,6 +28,10 @@ if [ $KERNELTYPE = "UP" ]; then
fi
fi
+if [ $PFSENSETYPE = "pfSense" ] || [ $PFSENSETYPE = "nanobsd" ]; then
+ touch /conf/needs_package_sync
+fi
+
# Detect interactive logins and display the shell
echo "if [ \`env | grep SSH_TTY | wc -l\` -gt 0 ] || [ \`env | grep cons25 | wc -l\` -gt 0 ]; then" > $CVS_CO_DIR/root/.shrc
echo " /etc/rc.initial" >> $CVS_CO_DIR/root/.shrc
@@ -37,7 +43,7 @@ echo " exit" >> $CVS_CO_DIR/root/.profile
echo "fi" >> $CVS_CO_DIR/root/.profile
# Now turn on or off serial console as needed
-php -f /tmp/post_upgrade_command.php
+/tmp/post_upgrade_command.php
# Remove any previous MD5 sum files
rm -f /root/*.md5
@@ -45,7 +51,6 @@ rm -f /root/*.md5
# File moved to pfSense php shell (pfSsh.php)
rm -rf /usr/local/sbin/cvs_sync.sh
-PFSENSETYPE=`cat /etc/platform`
if [ $PFSENSETYPE = "embedded" ]; then
cp /etc/ttys_wrap /etc/ttys
fi
@@ -53,4 +58,3 @@ fi
if [ -f /usr/local/sbin/php ]; then
rm /usr/local/sbin/php
fi
-
diff --git a/tmp/post_upgrade_command.php b/tmp/post_upgrade_command.php
index dfe9342..a188710 100755
--- a/tmp/post_upgrade_command.php
+++ b/tmp/post_upgrade_command.php
@@ -20,9 +20,6 @@
setup_serial_port();
- if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd")
- touch("/conf/needs_package_sync");
-
$files_to_process = split("\n", file_get_contents("/etc/pfSense.obsoletedfiles"));
foreach($files_to_process as $filename)
if(file_exists($filename))
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index 4649795..e6b5900 100755
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -126,15 +126,11 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
$a_out[] = $natent;
/* PPTP subnet */
- if($config['pptpd']['mode'] == "server") {
- if (is_ipaddr($config['pptpd']['localip'])) {
- if($config['pptpd']['pptp_subnet'] <> "")
- $ossubnet = $config['pptpd']['pptp_subnet'];
- else
- $ossubnet = "32";
- $osn = gen_subnet($config['pptpd']['localip'], $ossubnet);
+ if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) {
+ $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units']));
+ foreach ($pptp_subnets as $pptpsn) {
$natent = array();
- $natent['source']['network'] = "{$osn}/{$ossubnet}";
+ $natent['source']['network'] = $pptpsn;
$natent['sourceport'] = "";
$natent['descr'] = gettext("Auto created rule for PPTP server");
$natent['target'] = "";
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php
index 203906a..19171f4 100644
--- a/usr/local/www/services_captiveportal_vouchers.php
+++ b/usr/local/www/services_captiveportal_vouchers.php
@@ -116,9 +116,8 @@ if ($_GET['act'] == "del") {
exit;
}
}
-
/* print all vouchers of the selected roll */
-if ($_GET['act'] == "csv") {
+else if ($_GET['act'] == "csv") {
$privkey = base64_decode($config['voucher']['privatekey']);
if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) {
$fd = fopen("{$g['varetc_path']}/voucher.private","w");
OpenPOWER on IntegriCloud