diff options
-rw-r--r-- | etc/inc/gwlb.inc | 5 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 8 | ||||
-rwxr-xr-x | etc/rc.php_ini_setup | 114 | ||||
-rwxr-xr-x | sbin/dhclient-script | 28 | ||||
-rwxr-xr-x | usr/local/captiveportal/index.php | 11 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn-linkup | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 4 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 4 | ||||
-rwxr-xr-x | usr/local/www/pkg_edit.php | 20 | ||||
-rwxr-xr-x | usr/local/www/system_gateways_edit.php | 14 |
10 files changed, 99 insertions, 111 deletions
diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index eb00826..66014ff 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -75,7 +75,7 @@ status { file "{$g['tmp_path']}/apinger.status" ## Interval between file updates ## when 0 or not set, file is written only when SIGUSR1 is received - interval 10s + interval 5s } ######################################## @@ -286,7 +286,6 @@ function return_gateways_array($disabled = false) { /* no IP address found, set to dynamic */ if(! is_ipaddr($gateway['gateway'])) $gateway['gateway'] = "dynamic"; - $gateway['dynamic'] = true; } if(empty($gateway['monitor'])) @@ -366,7 +365,7 @@ function return_gateway_groups_array() { $gwname = $itemsplit[0]; /* Do it here rather than reiterating again the group in case no member is up. */ - $backupplan[$tier] = $gwname; + $backupplan[$tier][] = $gwname; /* check if the gateway is available before adding it to the array */ if (!empty($gateway_status[$gwname])) { diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 1fcb77a..a71a9ba 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -688,10 +688,14 @@ function openvpn_resync_all($interface = "") { file_put_contents($path_ovdh, $dh_parameters); } */ + if ($interface <> "") + log_error("Resyncing openvpn instances configurations for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); + else + log_error("Resyncing openvpn instances configurations."); if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { - if (!empty($interface) && $interface != $settings['interface']) + if ($interface <> "" && $interface != $settings['interface']) continue; openvpn_resync('server', $settings); } @@ -699,7 +703,7 @@ function openvpn_resync_all($interface = "") { if (is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as & $settings) { - if (!empty($interface) && $interface != $settings['interface']) + if ($interface <> "" && $interface != $settings['interface']) continue; openvpn_resync('client', $settings); } diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 34d89cf..b2b6320 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -25,13 +25,6 @@ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. -if [ -f /usr/local/etc/php.ini ]; then - rm /usr/local/etc/php.ini -fi -if [ -f /usr/local/lib/php.ini ]; then - rm /usr/local/lib/php.ini -fi - # Set our operating platform PLATFORM=`cat /etc/platform` EXTENSIONSDIR="/usr/local/lib/php/20060613/" @@ -84,48 +77,43 @@ fi # Define php modules. Do not add .so, it will # be done automatically by the script below. -PHPMODULES="apc \ +PHPMODULES="apc" +PHPMODULES="$PHPMODULES standard" # Downloading via HTTP/FTP (pkg mgr, etc) - curl \ - date \ +PHPMODULES="$PHPMODULES curl date" # Internationalization - gettext \ +PHPMODULES="$PHPMODULES gettext" # User manager - ldap \ - openssl \ - pcntl \ +PHPMODULES="$PHPMODULES ldap openssl pcntl" +PHPMODULES="$PHPMODULES mhash" # Regexs, PERL style! - pcre \ +PHPMODULES="$PHPMODULES pcre" # The mighty posix! - posix \ - readline \ +PHPMODULES="$PHPMODULES posix" +PHPMODULES="$PHPMODULES readline" # Login sessions - session \ - standard \ +PHPMODULES="$PHPMODULES session" # Extra sanity seatbelts - suhosin \ - pfSense \ +PHPMODULES="$PHPMODULES suhosin" # Firewall rules edit - ctype \ +PHPMODULES="$PHPMODULES ctype" # Config read/write - xml \ - xmlreader \ - xmlwriter \ - libxml \ -# user manager - mhash \ +PHPMODULES="$PHPMODULES xml xmlreader xmlwriter libxml" +PHPMODULES="$PHPMODULES simplexml" # firewall_rules_edit.php - mbstring \ - shmop \ +PHPMODULES="$PHPMODULES mbstring" +# Synchronization primitives +PHPMODULES="$PHPMODULES shmop" # Page compression - zlib \ -# SQLlite - simplexml \ - spl \ - pdo \ - sqlite \ +PHPMODULES="$PHPMODULES zlib" +# SQLlite & Database +PHPMODULES="$PHPMODULES spl" +PHPMODULES="$PHPMODULES pdo" +PHPMODULES="$PHPMODULES sqlite" # ZeroMQ - zmq" +PHPMODULES="$PHPMODULES zmq" +# pfSense extensions +PHPMODULES="$PHPMODULES pfSense" # Modules previously included. # can be turned on by touching @@ -142,15 +130,16 @@ PHPMODULES="apc \ # bz2 \ # json \ -# Get a loaded module list in the stock php +# Clear the .ini file to make sure we are clean if [ -f /usr/local/etc/php.ini ]; then rm /usr/local/etc/php.ini fi if [ -f /usr/local/lib/php.ini ]; then rm /usr/local/lib/php.ini fi -LOADED_MODULES=`php -m | grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php -m | grep -v "\["` +# Get a loaded module list in the stock php # Populate a dummy php.ini to avoid # the file being clobbered and the firewall # not being able to boot back up. @@ -178,6 +167,9 @@ extension_dir=${EXTENSIONSDIR} EOF +# Copy php.ini file to etc/ too (cli) +cp /usr/local/lib/php.ini /usr/local/etc/php.ini + # Ensure directory exists if [ ! -d /etc/php_dynamodules ]; then mkdir /etc/php_dynamodules @@ -211,27 +203,6 @@ done RAM=`sysctl hw.realmem | awk '{print $2/1000000}' | awk -F '.' '{print $1}'` export RAM export LOWMEM -if [ "$RAM" -lt "97" ]; then - LOWMEM="TRUE" - cat >>/usr/local/lib/php.ini <<EOF - -[suhosin] -suhosin.get.max_array_depth = 5000 -suhosin.get.max_array_index_length = 256 -suhosin.get.max_vars = 5000 -suhosin.get.max_value_length = 500000 -suhosin.post.max_array_depth = 5000 -suhosin.post.max_array_index_length = 256 -suhosin.post.max_vars = 5000 -suhosin.post.max_value_length = 500000 -suhosin.request.max_array_depth = 5000 -suhosin.request.max_array_index_length = 256 -suhosin.request.max_vars = 5000 -suhosin.request.max_value_length = 500000 - -EOF - -fi if [ "$RAM" -gt 96 ]; then cat >>/usr/local/lib/php.ini <<EOF @@ -241,6 +212,16 @@ apc.enabled="1" apc.enable_cli="0" apc.shm_size="${APCSHMEMSIZE}" +EOF + +else + LOWMEM="TRUE" + echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." + echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." | logger -p daemon.info -i -t rc.php_ini_setup +fi + + cat >>/usr/local/lib/php.ini <<EOF + [suhosin] suhosin.get.max_array_depth = 5000 suhosin.get.max_array_index_length = 256 @@ -257,12 +238,6 @@ suhosin.request.max_value_length = 500000 EOF -else - - echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." - echo ">>> WARNING! under 128 megabytes of ram detected. Not enabling APC." | logger -p daemon.info -i -t rc.php_ini_setup - -fi # Copy php.ini file to etc/ too (cli) cp /usr/local/lib/php.ini /usr/local/etc/php.ini @@ -277,7 +252,7 @@ for EXT in $PHPMODULES; do done # Check loaded modules and remove anything that did not load correctly -LOADED_MODULES=`php -m | tr '[:upper:]' '[:lower:]' 2>/dev/null | grep -v "\["` +LOADED_MODULES=`/usr/local/bin/php -m | tr '[:upper:]' '[:lower:]' 2>/dev/null | grep -v "\["` for EXT in $PHPMODULESLC; do SHOULDREMOVE="true" for LM in $LOADED_MODULES; do @@ -298,6 +273,7 @@ for EXT in $PHPMODULESLC; do if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt cat /usr/local/lib/php.ini | grep -v $EXT > /tmp/php.ini + rm -f /usr/local/lib/php.ini mv /tmp/php.ini /usr/local/lib/php.ini fi fi @@ -305,7 +281,3 @@ done # Copy php.ini file to etc/ too (cli) cp /usr/local/lib/php.ini /usr/local/etc/php.ini - - - - diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 7f1862e..6ea4136 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -59,6 +59,7 @@ arp_flush() { } delete_old_address() { + rm -f /var/db/${interface}_ip $IFCONFIG $interface inet -alias $old_ip_address $medium } @@ -80,8 +81,8 @@ add_new_address() { $LOGGER "New Routers ($interface): $new_routers" echo $new_routers > /tmp/${interface}_router - cp /var/db/${interface}_ip /tmp/rc.newwanip_oldip 2>/dev/null - /usr/local/sbin/pfSctl -c "'interface reload $interface'" + echo $new_ip_address > /var/db/${interface}_ip + /usr/local/sbin/pfSctl -c "interface newip $interface" } @@ -102,15 +103,11 @@ add_new_alias() { delete_old_routes() { $LOGGER "Deleting old routes" - $ROUTE delete "$old_ip_address" $LOCALHOST >/dev/null 2>&1 # Only allow the default route to be overridden if it's on our own interface - DEFAULTROUTE_IFACE=`/sbin/route get default | grep interface | awk '{print $2};'` - if [ -z "${DEFAULTROUTE_IFACE}" -o "{$interface}" = "${DEFAULTROUTE_IFACE}" ]; then + if [ -f "/tmp/${interface}_defaultgw" ]; then for router in $old_routers; do - if [ $if_defaultroute = x -o $if_defaultroute = $interface ]; then - $ROUTE delete default $route >/dev/null 2>&1 - /bin/rm -f /tmp/${interface}_router - fi + $ROUTE delete default $router >/dev/null 2>&1 + /bin/rm -f /tmp/${interface}_router done fi @@ -163,15 +160,13 @@ add_new_routes() { add_new_resolv_conf() { $LOGGER "Creating resolv.conf" - if [ ! -f "/var/etc/nameserver_$interface" ]; then - # Make sure file exists to avoid errors - touch /var/etc/nameserver_$interface - fi - if [ -n "$new_domain_name_servers" ]; then + if [ -f "/var/etc/nameserver_$interface" ]; then # Remove old entries for nameserver in `cat /var/etc/nameserver_$interface`; do $ROUTE delete $nameserver done + fi + if [ -n "$new_domain_name_server" ]; then rm -f /var/etc/nameserver_$interface for nameserver in $new_domain_name_servers; do # Add a route to the nameserver out the correct interface @@ -180,11 +175,10 @@ add_new_resolv_conf() { echo $nameserver >>/var/etc/nameserver_$interface $ROUTE add $nameserver -iface $interface done - echo $new_domain_name >/var/etc/defaultdomain.conf + #echo $new_domain_name >/var/etc/defaultdomain.conf + /usr/local/sbin/pfSctl -c 'service reload dns' fi - /usr/local/sbin/pfSctl -c "'interface reload $interface'" - return 0 } diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 79a9fa6..70188f6 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -49,10 +49,11 @@ $orig_request = $_REQUEST['redirurl']; $clientip = $_SERVER['REMOTE_ADDR']; if (!$clientip) { - /* not good - bail out */ - echo "An error occurred. Please check the system logs for more information."; - log_error("Captive portal could not determine client's IP address."); - exit; + /* not good - bail out */ + log_error("Captive portal could not determine client's IP address."); + $error_message = "An error occurred. Please check the system logs for more information."; + portal_reply_page($redirurl, "error", $errormsg); + exit; } if (isset($config['captiveportal']['httpslogin'])) @@ -78,8 +79,6 @@ if ($orig_host != $ourhostname) { } if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) $redirurl = urldecode($matches[1]); -if ($_POST['redirurl']) - $redirurl = $_POST['redirurl']; if (!empty($config['captiveportal']['redirurl'])) $redirurl = $config['captiveportal']['redirurl']; diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index 354623e..2d5d006 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -3,7 +3,7 @@ # write nameservers to file needs dns fidnings?! # let the configuration system know that the ip has changed. -#/usr/local/sbin/pfSctl -c "'interface reload $interface'" +#/usr/local/sbin/pfSctl -c "interface newip $interface" /bin/echo $4 > /tmp/$1_router /usr/bin/touch /tmp/$1up # reload filter diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 8b09846..4d4db42 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -3,6 +3,9 @@ if [ -f /tmp/$1up ] && [ -f /conf/$1.log ]; then seconds=$((`date -j +%s` - `/usr/bin/stat -f %m /tmp/$1up`)) /usr/local/sbin/ppp-log-uptime.sh $seconds $1 & fi +if [ -f "/tmp/${interface}_defaultgw" ]; then + route delete default $4 +fi /sbin/pfctl -b $3 -b $4 # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: @@ -10,4 +13,5 @@ fi # Do not remove gateway used during filter reload. /bin/rm -f /tmp/$1_router /bin/rm -f /tmp/$1up +/bin/rm -f /tmp/$1_ip /usr/local/sbin/pfSctl -c 'service reload dns' diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index f1d7018..dd156c4 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -15,6 +15,8 @@ fi # let the configuration system know that the ip has changed. /bin/echo $4 > /tmp/$1_router +/bin/echo $3 > /tmp/$1_ip /usr/bin/touch /tmp/$1up -/usr/local/sbin/pfSctl -c "'interface reload $1'" +/usr/local/sbin/pfSctl -c 'service reload dns' +/usr/local/sbin/pfSctl -c "interface newip $1" exit 0 diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index c7a444b..015c6fb 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -261,10 +261,28 @@ if ($pkg['custom_php_after_head_command']) ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onLoad="enablechange();"> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php if($pkg['fields']['field'] <> "") { ?> <script language="JavaScript"> <!-- + + window.onDomReady = DomReady; + function DomReady(fn) { + if(document.addEventListener) { //W3C + document.addEventListener("DOMContentLoaded", fn, false); + } else { // IE + document.onreadystatechange = function(){readyState(fn)} + } + } + function readyState(fn) { + //dom is ready for interaction + if(document.readyState == "complete") { + fn(); + } + } + + window.onDomReady(enablechange); + function enablechange() { <?php foreach ($pkg['fields']['field'] as $field) { diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index e679b90..3901d84 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -194,8 +194,9 @@ if ($_POST) { if (!$input_errors) { $reloadif = false; $save = false; - if ($_POST['weight'] > 1 || $_POST['latencylow'] || $_POST['latencyhigh'] || $_POST['losslow'] || $_POST['losshigh'] || $_POST['down'] || - $_POST['defaultgw']) + if (($_POST['weight'] && $_POST['weight'] > 1) || + $_POST['latencylow'] || $_POST['latencyhigh'] || $_POST['losslow'] || $_POST['losshigh'] || $_POST['down'] || + $_POST['defaultgw'] || ($_POST['gateway'] && $_POST['gateway'] != "dynamic")) $save = true; /* if we are processing a system gateway only save the monitorip */ if (!$save && empty($_POST['interface']) && empty($_POST['gateway'])) { @@ -216,13 +217,8 @@ if ($_POST) { /* rebuild the array with the manual entries only */ $gateway = array(); - if ($_POST['attribute'] == "system") { - $gateway['interface'] = $pconfig['friendlyiface']; - $gateway['gateway'] = "dynamic"; - } else { - $gateway['interface'] = $_POST['interface']; - $gateway['gateway'] = $_POST['gateway']; - } + $gateway['interface'] = $_POST['interface']; + $gateway['gateway'] = $_POST['gateway']; $gateway['name'] = $_POST['name']; $gateway['weight'] = $_POST['weight']; $gateway['descr'] = $_POST['descr']; |