diff options
-rw-r--r-- | etc/inc/dyndns.class | 49 | ||||
-rw-r--r-- | etc/inc/filter.inc | 91 | ||||
-rw-r--r-- | etc/inc/rrd.inc | 2 | ||||
-rw-r--r-- | etc/inc/services.inc | 4 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 10 | ||||
-rwxr-xr-x | tmp/post_upgrade_command | 10 | ||||
-rwxr-xr-x | tmp/post_upgrade_command.php | 3 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 12 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 3 |
9 files changed, 104 insertions, 80 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 150dedc..01209b9 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -795,12 +795,13 @@ if($successful_update == true) { /* Write WAN IP to cache file */ $wan_ip = $this->_checkIP(); - $currentTime = time(); - log_error("phpDynDNS: updating cache file {$this->_cacheFile}: {$wan_ip}"); conf_mount_rw(); - $file = fopen($this->_cacheFile, 'w'); - fwrite($file, $wan_ip.':'.$currentTime); - fclose($file); + if ($wan_ip > 0) { + $currentTime = time(); + log_error("phpDynDNS: updating cache file {$this->_cacheFile}: {$wan_ip}"); + @file_put_contents($this->_cacheFile, "{$wan_ip}:{$currentTime}"); + } else + @unlink($this->_cacheFile); conf_mount_ro(); } $this->status = $status; @@ -853,32 +854,37 @@ * | work with other systems. pfSense base is FreeBSD. */ function _detectChange() { - - log_error("DynDns: _detectChange() starting."); + global $debug; + + if ($debug) + log_error("DynDns: _detectChange() starting."); $currentTime = time(); $wan_ip = $this->_checkIP(); + if ($wan_ip == 0) { + log_error("DynDns: Current WAN IP could not be determined, skipping update process."); + return false; + } $this->_dnsIP = $wan_ip; - log_error("DynDns: Current WAN IP: {$wan_ip}"); + $log_error = "DynDns: Current WAN IP: {$wan_ip} "; if (file_exists($this->_cacheFile)) { $contents = file_get_contents($this->_cacheFile); list($cacheIP,$cacheTime) = split(':', $contents); $this->_debug($cacheIP.'/'.$cacheTime); $initial = false; - log_error("DynDns: Cached IP: {$cacheIP}"); + $log_error .= "Cached IP: {$cacheIP} "; } else { conf_mount_rw(); - $file = fopen($this->_cacheFile, 'w'); - fwrite($file, '0.0.0.0:'.$currentTime); - fclose($file); - conf_mount_ro(); $cacheIP = '0.0.0.0'; + @file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}"); + conf_mount_ro(); $cacheTime = $currentTime; $initial = true; - log_error("DynDns: No Cached IP found."); + $log_error .= "No Cached IP found."; } + log_error($log_error); /* use 2419200 for dyndns, dhs, easydns, noip, hn * zoneedit, dyns, ods @@ -928,10 +934,14 @@ conf_mount_ro(); } function _checkIP() { + global $debug; - log_error("DynDns: _checkIP() starting."); + if ($debug) + log_error("DynDns: _checkIP() starting."); $ip_address = find_interface_ip($this->_if); + if (!is_ipaddr($ip_address)) + return 0; $this->_ifIP = $ip_address; if (is_private_ip($ip_address)) { $hosttocheck = "checkip.dyndns.org"; @@ -944,7 +954,7 @@ } if ($try >= 3) { log_error("Dyndns debug information: Could not resolve {$hosttocheck} to ip using interface ip {$ip_address}."); - return $ip_address; /* XXX: Might return private ip address! */ + return 0; } $ip_ch = curl_init("http://{$checkip}"); curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1); @@ -957,7 +967,12 @@ $ip_result_decoded = urldecode($ip_result_page); preg_match('/Current IP Address: (.*)<\/body>/', $ip_result_decoded, $matches); $ip_address = trim($matches[1]); - log_error("DynDns debug information: {$ip_address} extracted from {$hosttocheck}"); + if (is_ipaddr($ip_address)) + log_error("DynDns debug information: {$ip_address} extracted from {$hosttocheck}"); + else { + log_error("DynDns debug information: IP address could not be extracted from {$hosttocheck}"); + return 0; + } } else log_error("DynDns debug information: {$ip_address} extracted from local system."); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1cabd29..78ad19f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -514,8 +514,15 @@ function filter_generate_aliases() { $aliases = "loopback = \"{ lo0 }\"\n"; foreach ($FilterIflist as $if => $ifcfg) { - $aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}"; - $aliases .= " }\"\n"; + if (is_array($ifcfg[0])) { + if ($ifcfg[0]['if'] == 'pppoe') { + $aliases .= "{$ifcfg[0]['descr']} = \"{ {$ifcfg[0]['if']}"; + $aliases .= " }\"\n"; + } + } else { + $aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}"; + $aliases .= " }\"\n"; + } } $aliases .= "\n#SSH Lockout Table\n"; @@ -696,9 +703,15 @@ function filter_get_vpns_list() { } } /* pppoe */ - if($config['pppoe']['remoteip']) { - if(is_subnet($tunnel['remote-subnet'])) { - $vpns_arr[] = $config['pppoe']['remoteip'] ."/". $config['pppoe']['pppoe_subnet']; + if (is_array($config['pppoes']['pppoe'])) { + foreach($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] == "server") { + if(is_ipaddr($pppoe['remoteip'])) { + $pppoesub = gen_subnet($pppoe['remoteip'], $pppoe['pppoe_subnet']); + if (is_subnet($pppoesub)) + $vpns_arr[] = $pppoesub; + } + } } } if(!empty($vpns_arr)) { @@ -789,19 +802,24 @@ function filter_generate_optcfg_array() { $oic['virtual'] = true; $FilterIflist['l2tp'] = $oic; } - if($config['pppoe']['mode'] == "server") { - $oic = array(); - $oic['if'] = 'pppoe'; - $oic['descr'] = 'pppoe'; - $oic['ip'] = $config['pppoe']['localip']; - $oic['sa'] = $config['pppoe']['remoteip']; - $oic['mode'] = $config['pppoe']['mode']; - $oic['virtual'] = true; - if($config['pppoe']['pppoe_subnet'] <> "") - $oic['sn'] = $config['pppoe']['pppoe_subnet']; - else - $oic['sn'] = "32"; - $FilterIflist['pppoe'] = $oic; + if (is_array($config['pppoes']['pppoe'])) { + $FilterIflist['pppoe'] = array(); + foreach($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] == "server") { + $oic = array(); + $oic['if'] = 'pppoe'; + $oic['descr'] = 'pppoe'; + $oic['ip'] = $pppoe['localip']; + $oic['sa'] = $pppoe['remoteip']; + $oic['mode'] = $pppoe['mode']; + $oic['virtual'] = true; + if($pppoe['pppoe_subnet'] <> "") + $oic['sn'] = $pppoe['pppoe_subnet']; + else + $oic['sn'] = "32"; + $FilterIflist['pppoe'][] = $oic; + } + } } /* add ipsec interfaces */ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { @@ -1022,7 +1040,6 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $target = $FilterIflist[$rule['target']]['ip']; else return ""; - $starting_localhost_port_tmp = $starting_localhost_port; $toomanyports = false; /* only install reflection rules for < 19991 items */ @@ -1071,7 +1088,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $toadd_array = array_merge($toadd_array, range($loc_pt[0], $loc_pt[0] + $delta)); if(!empty($toadd_array)) { - $target = explode(" ", trim($target)); + $rtarget = explode(" ", trim($target)); foreach($toadd_array as $tda) { if (empty($tda)) continue; @@ -1083,7 +1100,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $socktype = "stream"; $dash_u = ""; } - foreach ($target as $targip) { + foreach ($rtarget as $targip) { if (empty($targip)) continue; $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; @@ -1327,19 +1344,18 @@ function filter_nat_rules_generate() { } } /* PPTP subnet */ - if(isset($FilterIflist['pptp']) && $FilterIflist['pptp']['mode'] == "server" ) { - $pptp_subnet = $FilterIflist['pptp']['sn']; - if(is_private_ip($FilterIflist['pptp']['sa']) && !empty($pptp_subnet)) { - $numberofnathosts++; - $tonathosts .= "{$FilterIflist['pptp']['sa']}/{$pptp_subnet} "; - } + if(($config['pptpd']['mode'] == "server" ) && is_private_ip($config['pptpd']['remoteip'])) { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units'])); + $numberofnathosts += count($pptp_subnets); + $tonathosts .= implode(" ", $pptp_subnets) . " "; } /* PPPoE subnet */ - if(isset($FilterIflist['pppoe']) && $FilterIflist['pppoe']['mode'] == "server") { - $pppoe_subnet = $FilterIflist['pppoe']['sn']; - if(is_private_ip($FilterIflist['pppoe']['sa']) && !empty($pppoe_subnet)) { - $numberofnathosts++; - $tonathosts .= "{$FilterIflist['pppoe']['sa']}/{$pppoe_subnet} "; + if (is_array($FilterIflist['pppoe'])) { + foreach ($FilterIflist['pppoe'] as $pppoe) { + if(is_private_ip($pppoe['ip'])) { + $numberofnathosts++; + $tonathosts .= "{$pppoe['sa']}/{$pppoe['sn']} "; + } } } /* L2TP subnet */ @@ -1643,9 +1659,12 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = "{$pptpsa}/{$pptpsn}"; break; case 'pppoe': - $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); - $pppoesn = $FilterIflist['pppoe']['sn']; - $src = "{$pppoesa}/{$pppoesn}"; + /* XXX: This needs to be fixed somehow! */ + if (is_array($FilterIflist['pppoe'])) { + $pppoesa = gen_subnet($FilterIflist['pppoe'][0]['ip'], $FilterIflist['pppoe'][0]['sn']); + $pppoesn = $FilterIflist['pppoe'][0]['sn']; + $src = "{$pppoesa}/{$pppoesn}"; + } break; } if(isset($rule[$target]['not'])) @@ -1704,7 +1723,6 @@ function filter_generate_user_rule($rule) { } update_filter_reload_status("Creating filter rules {$rule['descr']} ..."); $pptpdcfg = $config['pptpd']; - $pppoecfg = $config['pppoe']; $int = ""; $aline = array(); @@ -2014,7 +2032,6 @@ function filter_rules_generate() { } $pptpdcfg = $config['pptpd']; - $pppoecfg = $config['pppoe']; $ipfrules = ""; //$ipfrules .= discover_pkg_rules("filter"); diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index cb6f321..17ab2ab 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -394,7 +394,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= " sleep 0.2\n"; $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; - $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; + $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n"; } diff --git a/etc/inc/services.inc b/etc/inc/services.inc index df0914c..3f3225c 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -275,7 +275,7 @@ EOPP; $dhcpdconf .= " deny dynamic bootp clients;\n"; if (isset($dhcpifconf['denyunknown'])) - $dhcpdconf .= " deny unknown clients;\n"; + $dhcpdconf .= " deny unknown-clients;\n"; if ($dhcpifconf['gateway']) $routers = $dhcpifconf['gateway']; @@ -606,8 +606,6 @@ function services_dyndns_configure_client($conf) { /* load up the dyndns.class */ require_once("dyndns.class"); - log_error("DynDns: Running updatedns()"); - $dns = new updatedns($dnsService = $conf['type'], $dnsHost = $conf['host'], $dnsUser = $conf['username'], diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 3b9f1ba..f7f5b01 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -164,8 +164,7 @@ function voucher_auth($voucher_received, $test = 0) { $tickets_per_roll = array(); $minutes_per_roll = array(); if (is_array($config['voucher']['roll'])) { - $a_roll = &$config['voucher']['roll']; - foreach ($a_roll as $rollent) { + foreach ($config['voucher']['roll'] as $rollent) { $tickets_per_roll[$rollent['number']] = $rollent['count']; $minutes_per_roll[$rollent['number']] = $rollent['minutes']; } @@ -192,7 +191,7 @@ function voucher_auth($voucher_received, $test = 0) { list($status, $roll, $nr) = explode(" ", $result); if ($status == "OK") { if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit + // store first voucher. Thats the one we give the timecredit $first_voucher = $voucher; $first_voucher_roll = $roll; } @@ -352,11 +351,10 @@ function voucher_configure($sync = false) { if (($g['booting'] || $sync == true) && is_array($config['voucher']['roll'])) { - // create active and used DB per roll on ramdisk from config - $a_roll = &$config['voucher']['roll']; $voucherlck = lock('voucher', LOCK_EX); - foreach ($a_roll as $rollent) { + // create active and used DB per roll on ramdisk from config + foreach ($config['voucher']['roll'] as $rollent) { $roll = $rollent['number']; voucher_write_used_db($roll, $rollent['used']); diff --git a/tmp/post_upgrade_command b/tmp/post_upgrade_command index 99285e4..8603a53 100755 --- a/tmp/post_upgrade_command +++ b/tmp/post_upgrade_command @@ -2,7 +2,9 @@ /etc/rc.conf_mount_rw +PFSENSETYPE=`cat /etc/platform` KERNELTYPE=`cat /boot/kernel/pfsense_kernel.txt` + if [ $KERNELTYPE = "wrap" ]; then if [ -f /kernels/kernel_wrap.gz ]; then tar xzpf /kernels/kernel_wrap.gz --exclude loader.conf -C /boot/ @@ -26,6 +28,10 @@ if [ $KERNELTYPE = "UP" ]; then fi fi +if [ $PFSENSETYPE = "pfSense" ] || [ $PFSENSETYPE = "nanobsd" ]; then + touch /conf/needs_package_sync +fi + # Detect interactive logins and display the shell echo "if [ \`env | grep SSH_TTY | wc -l\` -gt 0 ] || [ \`env | grep cons25 | wc -l\` -gt 0 ]; then" > $CVS_CO_DIR/root/.shrc echo " /etc/rc.initial" >> $CVS_CO_DIR/root/.shrc @@ -37,7 +43,7 @@ echo " exit" >> $CVS_CO_DIR/root/.profile echo "fi" >> $CVS_CO_DIR/root/.profile # Now turn on or off serial console as needed -php -f /tmp/post_upgrade_command.php +/tmp/post_upgrade_command.php # Remove any previous MD5 sum files rm -f /root/*.md5 @@ -45,7 +51,6 @@ rm -f /root/*.md5 # File moved to pfSense php shell (pfSsh.php) rm -rf /usr/local/sbin/cvs_sync.sh -PFSENSETYPE=`cat /etc/platform` if [ $PFSENSETYPE = "embedded" ]; then cp /etc/ttys_wrap /etc/ttys fi @@ -53,4 +58,3 @@ fi if [ -f /usr/local/sbin/php ]; then rm /usr/local/sbin/php fi - diff --git a/tmp/post_upgrade_command.php b/tmp/post_upgrade_command.php index dfe9342..a188710 100755 --- a/tmp/post_upgrade_command.php +++ b/tmp/post_upgrade_command.php @@ -20,9 +20,6 @@ setup_serial_port(); - if($g['platform'] == "pfSense" or $g['platform'] == "nanobsd") - touch("/conf/needs_package_sync"); - $files_to_process = split("\n", file_get_contents("/etc/pfSense.obsoletedfiles")); foreach($files_to_process as $filename) if(file_exists($filename)) diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 4649795..e6b5900 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -126,15 +126,11 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $a_out[] = $natent; /* PPTP subnet */ - if($config['pptpd']['mode'] == "server") { - if (is_ipaddr($config['pptpd']['localip'])) { - if($config['pptpd']['pptp_subnet'] <> "") - $ossubnet = $config['pptpd']['pptp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pptpd']['localip'], $ossubnet); + if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$config['pptpd']['n_pptp_units'])); + foreach ($pptp_subnets as $pptpsn) { $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['source']['network'] = $pptpsn; $natent['sourceport'] = ""; $natent['descr'] = gettext("Auto created rule for PPTP server"); $natent['target'] = ""; diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 203906a..19171f4 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -116,9 +116,8 @@ if ($_GET['act'] == "del") { exit; } } - /* print all vouchers of the selected roll */ -if ($_GET['act'] == "csv") { +else if ($_GET['act'] == "csv") { $privkey = base64_decode($config['voucher']['privatekey']); if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) { $fd = fopen("{$g['varetc_path']}/voucher.private","w"); |