diff options
| -rw-r--r-- | etc/inc/dyndns.class | 232 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 2 | ||||
| -rw-r--r-- | etc/inc/gwlb.inc | 30 | ||||
| -rw-r--r-- | etc/inc/services.inc | 171 | ||||
| -rw-r--r-- | etc/inc/util.inc | 5 | ||||
| -rw-r--r-- | etc/inc/xmlparse.inc | 2 | ||||
| -rw-r--r-- | etc/inc/xmlreader.inc | 2 | ||||
| -rw-r--r-- | etc/phpshellsessions/gitsync | 107 | ||||
| -rwxr-xr-x | etc/rc.firmware | 3 | ||||
| -rwxr-xr-x | etc/rc.newipsecdns | 2 | ||||
| -rwxr-xr-x | etc/rc.newwanip | 21 | ||||
| -rwxr-xr-x | etc/rc.openvpn | 9 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/services_dhcp.php | 361 | ||||
| -rwxr-xr-x | usr/local/www/status_dhcp_leases.php | 5 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_passwordmg.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pptp.php | 1 |
17 files changed, 676 insertions, 283 deletions
diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 8a6ca3a..843a03c 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -158,12 +158,12 @@ $this->_dnsUpdateURL = $dnsUpdateURL; $this->_dnsResultMatch = $dnsResultMatch; $this->_dnsRequestIf = get_failover_interface($dnsRequestIf); - log_error("running get_failover_interface for {$dnsRequestIf}. found {$this->_dnsRequestIf}"); + log_error("DynDNS ({$this->_dnsHost}): running get_failover_interface for {$dnsRequestIf}. found {$this->_dnsRequestIf}"); $this->_dnsRequestIfIP = get_interface_ip($dnsRequestIf); // Ensure that we where able to lookup the IP if(!is_ipaddr($this->_dnsIP)) { - log_error("There was an error trying to determine the public IP for interface - {$dnsIf}({$this->_if}). Probably interface is not a WAN interface."); + log_error("DynDNS ({$this->_dnsHost}) There was an error trying to determine the public IP for interface - {$dnsIf}({$this->_if}). Probably interface is not a WAN interface."); unlock($dyndnslck); return; } @@ -213,7 +213,7 @@ */ function _update() { - log_error("DynDns: DynDns _update() starting."); + log_error("DynDNS ({$this->_dnsHost}): DynDns _update() starting."); if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53 ') { $ch = curl_init(); @@ -229,7 +229,7 @@ case 'dyndns-static': case 'dyndns-custom': $needsIP = FALSE; - //log_error("DynDns: DynDns _update() starting. Dynamic"); + //log_error("DynDNS ({$this->_dnsHost}) DynDns _update() starting. Dynamic"); if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); @@ -418,7 +418,7 @@ https://dynamicdns.park-your-domain.com/update?host=[host_name]&domain=[domain.com]&password=[domain_password]&ip=[your_ip] */ $needsIP = FALSE; - log_error("Namecheap: DNS update() starting."); + log_error("Namecheap ({$this->_dnsHost}): DNS update() starting."); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $dparts = explode(".", trim($this->_dnsHost)); $domain_part_count = ($dparts[count($dparts)-1] == "uk") ? 3 : 2; @@ -431,7 +431,7 @@ break; case 'he-net': $needsIP = FALSE; - log_error("HE.net: DNS update() starting."); + log_error("HE.net ({$this->_dnsHost}): DNS update() starting."); $server = "https://dyn.dns.he.net/nic/update?"; curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsHost . ':' . $this->_dnsPass); @@ -460,7 +460,7 @@ curl_setopt($ch, CURLOPT_URL, $server .$port . '?system=dyndns&hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP . '&wildcard='.$this->_dnsWildcard . '&mx=' . $this->_dnsMX . '&backmx=NO'); break; case 'route53': - log_error("Route53: DNS update() starting."); + log_error("Route53 ({$this->_dnsHost}): DNS update() starting."); /* Setting Variables */ $hostname = "{$this->_dnsHost}."; @@ -515,7 +515,7 @@ $this->_checkStatus(0, $result); break; case 'custom': - log_error("Custom DDNS: DNS update() starting."); + log_error("Custom DDNS ({$this->_dnsHost}): DNS update() starting."); if (strstr($this->dnsUpdateURL, "%IP%")) {$needsIP = TRUE;} else {$needsIP = FALSE;} if ($this->_dnsUser != '') { curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); @@ -540,8 +540,8 @@ * Retrieve Update Status */ function _checkStatus($ch, $data) { - log_error("DynDns: DynDns _checkStatus() starting."); - log_error("DynDns: Current Service: {$this->_dnsService}"); + log_error("DynDNS ({$this->_dnsHost}): DynDns _checkStatus() starting."); + log_error("DynDNS ({$this->_dnsHost}): Current Service: {$this->_dnsService}"); $successful_update = false; if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53' && @curl_error($ch)) { $status = "Curl error occurred: " . curl_error($ch); @@ -552,74 +552,74 @@ switch ($this->_dnsService) { case 'dnsomatic': if (preg_match('/badauth/i', $data)) { - $status = "DNS-O-Matic: The DNS-O-Matic username or password specified are incorrect. No updates will be distributed to services until this is resolved."; + $status = "DNS-O-Matic ({$this->_dnsHost}): The DNS-O-Matic username or password specified are incorrect. No updates will be distributed to services until this is resolved."; } else if (preg_match('/notfqdn /i', $data)) { - $status = "DNS-O-Matic: The hostname specified is not a fully-qualified domain name. If no hostnames included, notfqdn will be returned once."; + $status = "DNS-O-Matic ({$this->_dnsHost}): The hostname specified is not a fully-qualified domain name. If no hostnames included, notfqdn will be returned once."; } else if (preg_match('/nohost/i', $data)) { - $status = "DNS-O-Matic: The hostname passed could not be matched to any services configured. The service field will be blank in the return code."; + $status = "DNS-O-Matic ({$this->_dnsHost}): The hostname passed could not be matched to any services configured. The service field will be blank in the return code."; } else if (preg_match('/numhost/i', $data)) { - $status = "DNS-O-Matic: You may update up to 20 hosts. numhost is returned if you try to update more than 20 or update a round-robin."; + $status = "DNS-O-Matic ({$this->_dnsHost}): You may update up to 20 hosts. numhost is returned if you try to update more than 20 or update a round-robin."; } else if (preg_match('/abuse/i', $data)) { - $status = "DNS-O-Matic: The hostname is blocked for update abuse."; + $status = "DNS-O-Matic ({$this->_dnsHost}): The hostname is blocked for update abuse."; } else if (preg_match('/good/i', $data)) { - $status = "DNS-O-Matic: (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; + $status = "DNS-O-Matic ({$this->_dnsHost}): (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; $successful_update = true; } else if (preg_match('/dnserr/i', $data)) { - $status = "DNS-O-Matic: DNS error encountered. Stop updating for 30 minutes."; + $status = "DNS-O-Matic ({$this->_dnsHost}): DNS error encountered. Stop updating for 30 minutes."; } else { - $status = "DNS-O-Matic: (Unknown Response)"; - log_error("DNS-O-Matic: PAYLOAD: {$data}"); + $status = "DNS-O-Matic ({$this->_dnsHost}): (Unknown Response)"; + log_error("DNS-O-Matic ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'dyndns': if (preg_match('/notfqdn/i', $data)) { - $status = "phpDynDNS: (Error) Not A FQDN!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Not A FQDN!"; } else if (preg_match('/nochg/i', $data)) { - $status = "phpDynDNS: (Success) No Change In IP Address"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match('/good/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; $successful_update = true; } else if (preg_match('/noauth/i', $data)) { - $status = "phpDynDNS: (Error) User Authorization Failed"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'dyndns-static': if (preg_match('/notfqdn/i', $data)) { - $status = "phpDynDNS: (Error) Not A FQDN!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Not A FQDN!"; } else if (preg_match('/nochg/i', $data)) { - $status = "phpDynDNS: (Success) No Change In IP Address"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match('/good/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully!"; $successful_update = true; } else if (preg_match('/noauth/i', $data)) { - $status = "phpDynDNS: (Error) User Authorization Failed"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'dyndns-custom': if (preg_match('/notfqdn/i', $data)) { - $status = "phpDynDNS: (Error) Not A FQDN!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Not A FQDN!"; } else if (preg_match('/nochg/i', $data)) { $status = "phpDynDNS: (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match('/good/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully!"; $successful_update = true; } else if (preg_match('/noauth/i', $data)) { - $status = "phpDynDNS: (Error) User Authorization Failed"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; @@ -629,81 +629,81 @@ list($ip,$code) = explode(":",$data); switch ($code) { case 0: - $status = "phpDynDNS: (Success) IP address is current, no update performed."; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP address is current, no update performed."; $successful_update = true; break; case 1: - $status = "phpDynDNS: (Success) DNS hostname update successful."; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) DNS hostname update successful."; $successful_update = true; break; case 2: - $status = "phpDynDNS: (Error) Hostname supplied does not exist."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Hostname supplied does not exist."; break; case 3: - $status = "phpDynDNS: (Error) Invalid Username."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Invalid Username."; break; case 4: - $status = "phpDynDNS: (Error) Invalid Password."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Invalid Password."; break; case 5: - $status = "phpDynDNS: (Error) To many updates sent."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) To many updates sent."; break; case 6: - $status = "phpDynDNS: (Error) Account disabled due to violation of No-IP terms of service."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Account disabled due to violation of No-IP terms of service."; break; case 7: - $status = "phpDynDNS: (Error) Invalid IP. IP Address submitted is improperly formatted or is a private IP address or is on a blacklist."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Invalid IP. IP Address submitted is improperly formatted or is a private IP address or is on a blacklist."; break; case 8: - $status = "phpDynDNS: (Error) Disabled / Locked Hostname."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Disabled / Locked Hostname."; break; case 9: - $status = "phpDynDNS: (Error) Host updated is configured as a web redirect and no update was performed."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Host updated is configured as a web redirect and no update was performed."; break; case 10: - $status = "phpDynDNS: (Error) Group supplied does not exist."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Group supplied does not exist."; break; case 11: - $status = "phpDynDNS: (Success) DNS group update is successful."; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) DNS group update is successful."; $successful_update = true; break; case 12: - $status = "phpDynDNS: (Success) DNS group is current, no update performed."; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) DNS group is current, no update performed."; $successful_update = true; break; case 13: - $status = "phpDynDNS: (Error) Update client support not available for supplied hostname or group."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Update client support not available for supplied hostname or group."; break; case 14: - $status = "phpDynDNS: (Error) Hostname supplied does not have offline settings configured."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Hostname supplied does not have offline settings configured."; break; case 99: - $status = "phpDynDNS: (Error) Client disabled. Client should exit and not perform any more updates without user intervention."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Client disabled. Client should exit and not perform any more updates without user intervention."; break; case 100: - $status = "phpDynDNS: (Error) Client disabled. Client should exit and not perform any more updates without user intervention."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Client disabled. Client should exit and not perform any more updates without user intervention."; break; default: - $status = "phpDynDNS: (Unknown Response)"; + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; $this->_debug("Unknown Response: ".$data); break; } break; case 'easydns': if (preg_match('/NOACCESS/i', $data)) { - $status = "phpDynDNS: (Error) Authentication Failed: Username and/or Password was Incorrect."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Authentication Failed: Username and/or Password was Incorrect."; } else if (preg_match('/NOSERVICE/i', $data)) { - $status = "phpDynDNS: (Error) No Service: Dynamic DNS Service has been disabled for this domain."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) No Service: Dynamic DNS Service has been disabled for this domain."; } else if (preg_match('/ILLEGAL INPUT/i', $data)) { - $status = "phpDynDNS: (Error) Illegal Input: Self-Explantory"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Illegal Input: Self-Explantory"; } else if (preg_match('/TOOSOON/i', $data)) { - $status = "phpDynDNS: (Error) Too Soon: Not Enough Time Has Elapsed Since Last Update"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Too Soon: Not Enough Time Has Elapsed Since Last Update"; } else if (preg_match('/NOERROR/i', $data)) { - $status = "phpDynDNS: (Success) IP Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Updated Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; @@ -712,130 +712,130 @@ break; case 'zoneedit': if (preg_match('/799/i', $data)) { - $status = "phpDynDNS: (Error 799) Update Failed!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error 799) Update Failed!"; } else if (preg_match('/700/i', $data)) { - $status = "phpDynDNS: (Error 700) Update Failed!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error 700) Update Failed!"; } else if (preg_match('/200/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Updated Successfully!"; $successful_update = true; } else if (preg_match('/201/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Updated Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'dyns': if (preg_match("/400/i", $data)) { - $status = "phpDynDNS: (Error) Bad Request - The URL was malformed. Required parameters were not provided."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Bad Request - The URL was malformed. Required parameters were not provided."; } else if (preg_match('/402/i', $data)) { - $status = "phpDynDNS: (Error) Update Too Soon - You have tried updating to quickly since last change."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Update Too Soon - You have tried updating to quickly since last change."; } else if (preg_match('/403/i', $data)) { - $status = "phpDynDNS: (Error) Database Error - There was a server-sided database error."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Database Error - There was a server-sided database error."; } else if (preg_match('/405/i', $data)) { - $status = "phpDynDNS: (Error) Hostname Error - The hostname (".$this->_dnsHost.") doesn't belong to you."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Hostname Error - The hostname (".$this->_dnsHost.") doesn't belong to you."; } else if (preg_match('/200/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Updated Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'ods': if (preg_match("/299/i", $data)) { - $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Updated Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'freedns': if (preg_match("/has not changed./i", $data)) { - $status = "phpDynDNS: (Success) No Change In IP Address"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match("/Updated/i", $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'dnsexit': if (preg_match("/is the same/i", $data)) { - $status = "phpDynDns: (Success) No Change In IP Address"; + $status = "phpDynDns ({$this->_dnsHost}): (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match("/Success/i", $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'loopia': if (preg_match("/nochg/i", $data)) { - $status = "phpDynDNS: (Success) No Change In IP Address"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; $successful_update = true; } else if (preg_match("/good/i", $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully!"; $successful_update = true; } else if (preg_match('/badauth/i', $data)) { - $status = "phpDynDNS: (Error) User Authorization Failed"; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'opendns': if (preg_match('/badauth/i', $data)) { - $status = "phpDynDNS: (Error) Not a valid username or password!"; + $status = "phpDynDNS({$this->_dnsHost}): (Error) Not a valid username or password!"; } else if (preg_match('/nohost/i', $data)) { - $status = "phpDynDNS: (Error) Hostname you are trying to update does not exist."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Hostname you are trying to update does not exist."; $successful_update = true; } else if (preg_match('/good/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; $successful_update = true; } else if (preg_match('/yours/i', $data)) { - $status = "phpDynDNS: (Error) hostname specified exists, but not under the username specified."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) hostname specified exists, but not under the username specified."; } else if (preg_match('/abuse/i', $data)) { - $status = "phpDynDns: (Error) Updating too frequently, considered abuse."; + $status = "phpDynDns ({$this->_dnsHost}): (Error) Updating too frequently, considered abuse."; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; case 'staticcling': if (preg_match("/invalid ip/i", $data)) { - $status = "phpDynDNS: (Error) Bad Request - The IP provided was invalid."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Bad Request - The IP provided was invalid."; } else if (preg_match('/required info missing/i', $data)) { - $status = "phpDynDNS: (Error) Bad Request - Required parameters were not provided."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Bad Request - Required parameters were not provided."; } else if (preg_match('/invalid characters/i', $data)) { - $status = "phpDynDNS: (Error) Bad Request - Illegal characters in either the username or the password."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Bad Request - Illegal characters in either the username or the password."; } else if (preg_match('/bad password/i', $data)) { - $status = "phpDynDNS: (Error) Invalid password."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Invalid password."; } else if (preg_match('/account locked/i', $data)) { - $status = "phpDynDNS: (Error) This account has been administratively locked."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) This account has been administratively locked."; } else if (preg_match('/update too frequent/i', $data)) { - $status = "phpDynDNS: (Error) Updating too frequently."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Updating too frequently."; } else if (preg_match('/DB error/i', $data)) { - $status = "phpDynDNS: (Error) Server side error."; + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Server side error."; } else if (preg_match('/success/i', $data)) { - $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Updated Successfully!"; $successful_update = true; } else { - $status = "phpDynDNS: (Unknown Response)"; - log_error("phpDynDNS: PAYLOAD: {$data}"); + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); $this->_debug($data); } break; @@ -1018,16 +1018,16 @@ global $debug; if ($debug) - log_error("DynDns: _detectChange() starting."); + log_error("DynDns ({$this->_dnsHost}): _detectChange() starting."); $currentTime = time(); $wan_ip = $this->_checkIP(); if ($wan_ip == 0) { - log_error("DynDns: Current WAN IP could not be determined, skipping update process."); + log_error("DynDns ({$this->_dnsHost}): Current WAN IP could not be determined, skipping update process."); return false; } - $log_error = "DynDns: Current WAN IP: {$wan_ip} "; + $log_error = "DynDns ({$this->_dnsHost}): Current WAN IP: {$wan_ip} "; if (file_exists($this->_cacheFile)) { $contents = file_get_contents($this->_cacheFile); @@ -1072,7 +1072,7 @@ * new cache value and return true */ if ($needs_updating == true) { - log_error("DynDns debug information: {$update_reason}"); + log_error("DynDns debug information ({$this->_dnsHost}): {$update_reason}"); return true; } @@ -1097,7 +1097,7 @@ global $debug; if ($debug) - log_error("DynDns: _checkIP() starting."); + log_error("DynDns ({$this->_dnsHost}): _checkIP() starting."); $ip_address = find_interface_ip($this->_if); if (!is_ipaddr($ip_address)) @@ -1112,7 +1112,7 @@ $try++; } if ($try >= 3) { - log_error("Dyndns debug information: Could not resolve {$hosttocheck} to ip using interface ip {$ip_address}."); + log_error("Dyndns debug information ({$this->_dnsHost}): Could not resolve {$hosttocheck} to ip using interface ip {$ip_address}."); return 0; } $ip_ch = curl_init("http://{$checkip}"); @@ -1127,13 +1127,13 @@ preg_match('/Current IP Address: (.*)<\/body>/', $ip_result_decoded, $matches); $ip_address = trim($matches[1]); if (is_ipaddr($ip_address)) - log_error("DynDns debug information: {$ip_address} extracted from {$hosttocheck}"); + log_error("DynDns debug information ({$this->_dnsHost}): {$ip_address} extracted from {$hosttocheck}"); else { - log_error("DynDns debug information: IP address could not be extracted from {$hosttocheck}"); + log_error("DynDns debug information ({$this->_dnsHost}): IP address could not be extracted from {$hosttocheck}"); return 0; } } else - log_error("DynDns debug information: {$ip_address} extracted from local system."); + log_error("DynDns debug information ({$this->_dnsHost}): {$ip_address} extracted from local system."); $this->_dnsIP = $ip_address; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a3cb67a..d777b31 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -3237,6 +3237,8 @@ function filter_generate_ipsec_rules() { } else { $parentinterface = $ph1ent['interface']; } + if (empty($FilterIflist[$parentinterface]['descr'])) + return "# Could not locate interface for IPsec: {descr}\n"; /* add endpoint routes to correct gateway on interface */ if(interface_has_gateway($parentinterface)) { diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 9023451..20149b4 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -91,8 +91,8 @@ rrd interval 60s; ## These parameters can be overridden in a specific alarm configuration alarm default { - command on "/usr/local/sbin/pfSctl -c 'service reload dyndnsall' -c 'service reload ipsecdns' -c 'filter reload' -c 'service reload openvpn'" - command off "/usr/local/sbin/pfSctl -c 'service reload dyndnsall' -c 'service reload ipsecdns' -c 'filter reload' -c 'service reload openvpn'" + command on "/usr/local/sbin/pfSctl -c 'service reload dyndnsall' -c 'service reload ipsecdns' -c 'service reload openvpn' -c 'filter reload' " + command off "/usr/local/sbin/pfSctl -c 'service reload dyndnsall' -c 'service reload ipsecdns' -c 'service reload openvpn' -c 'filter reload' " combine 10s } @@ -860,7 +860,7 @@ function lookup_gateway_interface_by_name($name) { $gateways_arr = return_gateways_array(false, true); if (!empty($gateways_arr[$name])) { - $interfacegw = $gateway['interface']; + $interfacegw = $gateways_arr[$name]['interface']; return ($interfacegw); } @@ -975,5 +975,27 @@ function validate_address_family($ipaddr, $gwname) { return false; } +/* check if a interface is part of a gateway group */ +function interface_gateway_group_member($interface) { + global $config; + $realif = get_real_interface($interface); + if(is_array($config['gateways']['gateway_group'])) + $groups = $config['gateways']['gateway_group']; + else + return false; + + foreach($groups as $group) { + if(is_array($group['item'])) { + foreach($group['item'] as $item) { + $elements = explode("|", $item); + $gwname = $elements[0]; + $gwif = get_real_interface(lookup_gateway_interface_by_name($gwname)); + if($gwif == $realif) + return true; + } + } + } + return false; +} -?>
\ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4843fdd..e713ebf 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -510,6 +510,12 @@ EOPP; if($dhcpifconf['netmask']) $subnetmask = gen_subnet_mask($dhcpifconf['netmask']); + $all_pools = array(); + $all_pools[] = $dhcpifconf; + if (is_array($dhcpifconf['pool'])) { + $all_pools = array_merge($all_pools, $dhcpifconf['pool']); + } + $dnscfg = ""; if ($dhcpifconf['domain']) { @@ -535,22 +541,132 @@ EOPP; $dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";"; } + /* Create classes - These all contain comma separated lists. Join them into one + big comma separated string then split them all up. */ + $all_mac_strings = array(); + if (is_array($dhcpifconf['pool'])) { + foreach($all_pools as $poolconf) { + $all_mac_strings[] = $poolconf['mac_allow']; + $all_mac_strings[] = $poolconf['mac_deny']; + } + } + $all_mac_strings[] = $dhcpifconf['mac_allow']; + $all_mac_strings[] = $dhcpifconf['mac_deny']; + $all_mac_list = array_unique(explode(',', implode(',', $all_mac_strings))); + foreach ($all_mac_list as $mac) { + if (empty($mac)) + continue; + $dhcpdconf .= 'class "' . str_replace(':', '', $mac) . '" {' . "\n"; + // Skip the first octet of the MAC address - for media type, typically Ethernet ("01") and match the rest. + $dhcpdconf .= ' match if substring (hardware, 1, ' . (substr_count($mac, ':') + 1) . ') = ' . $mac . ';' . "\n"; + $dhcpdconf .= '}' . "\n"; + } + $dhcpdconf .= "subnet {$subnet} netmask {$subnetmask} {\n"; - $dhcpdconf .= " pool {\n"; - /* is failover dns setup? */ - if (is_array($dhcpifconf['dnsserver']) && $dhcpifconf['dnsserver'][0] <> "") { - $dhcpdconf .= " option domain-name-servers {$dhcpifconf['dnsserver'][0]}"; - if($dhcpifconf['dnsserver'][1] <> "") - $dhcpdconf .= ",{$dhcpifconf['dnsserver'][1]}"; - $dhcpdconf .= ";\n"; - } +// Setup pool options + foreach($all_pools as $poolconf) { + $dhcpdconf .= " pool {\n"; + /* is failover dns setup? */ + if (is_array($poolconf['dnsserver']) && $poolconf['dnsserver'][0] <> "") { + $dhcpdconf .= " option domain-name-servers {$poolconf['dnsserver'][0]}"; + if($poolconf['dnsserver'][1] <> "") + $dhcpdconf .= ",{$poolconf['dnsserver'][1]}"; + $dhcpdconf .= ";\n"; + } + + /* allow/deny MACs */ + $mac_allow_list = array_unique(explode(',', $poolconf['mac_allow'])); + foreach ($mac_allow_list as $mac) { + if (empty($mac)) + continue; + $dhcpdconf .= " allow members of \"" . str_replace(':', '', $mac) . "\";\n"; + } + $mac_deny_list = array_unique(explode(',', $poolconf['mac_deny'])); + foreach ($mac_deny_list as $mac) { + if (empty($mac)) + continue; + $dhcpdconf .= " deny members of \"" . str_replace(':', '', $mac) . "\";\n"; + } + + if($poolconf['failover_peerip'] <> "") + $dhcpdconf .= " deny dynamic bootp clients;\n"; + + if (isset($poolconf['denyunknown'])) + $dhcpdconf .= " deny unknown-clients;\n"; + + if ($poolconf['gateway'] && ($poolconf['gateway'] != $dhcpifconf['gateway'])) + $dhcpdconf .= " option routers {$routers};\n"; + + if($dhcpifconf['failover_peerip'] <> "") { + $dhcpdconf .= " failover peer \"dhcp{$dhcpnum}\";\n"; + $dhcpnum++; + } + + $pdnscfg = ""; + + if ($poolconf['domain'] && ($poolconf['domain'] != $dhcpifconf['domain'])) { + $pdnscfg .= " option domain-name \"{$poolconf['domain']}\";\n"; + } + + if(!empty($poolconf['domainsearchlist']) && ($poolconf['domainsearchlist'] != $dhcpifconf['domainsearchlist'])) { + $pdnscfg .= " option domain-search \"" . join("\",\"", preg_split("/[ ;]+/", $poolconf['domainsearchlist'])) . "\";\n"; + } + + if (isset($poolconf['ddnsupdate']) && ($poolconf['domainsearchlist'] != $dhcpifconf['domainsearchlist'])) { + if($poolconf['ddnsdomain'] <> "") { + $pdnscfg .= " ddns-domainname \"{$poolconf['ddnsdomain']}\";\n"; + } + $pdnscfg .= " ddns-update-style interim;\n"; + } + + if (is_array($poolconf['dnsserver']) && ($poolconf['dnsserver'][0]) && ($poolconf['dnsserver'][0] != $poolconf['dnsserver'][0])) { + $pdnscfg .= " option domain-name-servers " . join(",", $poolconf['dnsserver']) . ";\n"; + } + $dhcpdconf .= "{$pdnscfg}"; + + // default-lease-time + if ($poolconf['defaultleasetime'] && ($poolconf['defaultleasetime'] != $dhcpifconf['defaultleasetime'])) + $dhcpdconf .= " default-lease-time {$poolconf['defaultleasetime']};\n"; - if($dhcpifconf['failover_peerip'] <> "") - $dhcpdconf .= " deny dynamic bootp clients;\n"; + // max-lease-time + if ($poolconf['maxleasetime'] && ($poolconf['maxleasetime'] != $dhcpifconf['maxleasetime'])) + $dhcpdconf .= " max-lease-time {$poolconf['maxleasetime']};\n"; - if (isset($dhcpifconf['denyunknown'])) - $dhcpdconf .= " deny unknown-clients;\n"; + // netbios-name* + if (is_array($poolconf['winsserver']) && $poolconf['winsserver'][0] && ($poolconf['winsserver'][0] != $poolconf['winsserver'][0])) { + $dhcpdconf .= " option netbios-name-servers " . join(",", $poolconf['winsserver']) . ";\n"; + $dhcpdconf .= " option netbios-node-type 8;\n"; + } + + // ntp-servers + if (is_array($poolconf['ntpserver']) && $poolconf['ntpserver'][0] && ($poolconf['ntpserver'][0] != $poolconf['ntpserver'][0])) + $dhcpdconf .= " option ntp-servers " . join(",", $poolconf['ntpserver']) . ";\n"; + + // tftp-server-name + if (!empty($poolconf['tftp']) && ($poolconf['tftp'] != $dhcpifconf['tftp'])) + $dhcpdconf .= " option tftp-server-name \"{$poolconf['tftp']}\";\n"; + + // ldap-server + if (!empty($poolconf['ldap']) && ($poolconf['ldap'] != $dhcpifconf['ldap'])) + $dhcpdconf .= " option ldap-server \"{$poolconf['ldap']}\";\n"; + + // net boot information + if(isset($poolconf['netboot'])) { + if (!empty($poolconf['nextserver']) && ($poolconf['nextserver'] != $dhcpifconf['nextserver'])) { + $dhcpdconf .= " next-server {$poolconf['nextserver']};\n"; + } + if (!empty($poolconf['filename']) && ($poolconf['filename'] != $dhcpifconf['filename'])) { + $dhcpdconf .= " filename \"{$poolconf['filename']}\";\n"; + } + if (!empty($poolconf['rootpath']) && ($poolconf['rootpath'] != $dhcpifconf['rootpath'])) { + $dhcpdconf .= " option root-path \"{$poolconf['rootpath']}\";\n"; + } + } + $dhcpdconf .= " range {$poolconf['range']['from']} {$poolconf['range']['to']};\n"; + $dhcpdconf .= " }\n\n"; + } +// End of settings inside pools if ($dhcpifconf['gateway']) { $routers = $dhcpifconf['gateway']; @@ -558,20 +674,9 @@ EOPP; } else { $routers = $ifcfgip; } - - if($dhcpifconf['failover_peerip'] <> "") { - $dhcpdconf .= " failover peer \"dhcp{$dhcpnum}\";\n"; - $dhcpnum++; - } - - $dhcpdconf .= <<<EOD - range {$dhcpifconf['range']['from']} {$dhcpifconf['range']['to']}; - } - -EOD; - if($add_routers) $dhcpdconf .= " option routers {$routers};\n"; + $dhcpdconf .= <<<EOD $dnscfg @@ -623,7 +728,7 @@ EOD; } if ($dhcpifconf['rootpath'] <> "") { $dhcpdconf .= " option root-path \"{$dhcpifconf['rootpath']}\";\n"; - } + } } $dhcpdconf .= <<<EOD @@ -1382,18 +1487,22 @@ function services_dyndns_configure($int = "") { } $dyndnscfg = $config['dyndnses']['dyndns']; - + $gwgroups = return_gateway_groups_array(); if (is_array($dyndnscfg)) { if ($g['booting']) echo gettext("Starting DynDNS clients..."); foreach ($dyndnscfg as $dyndns) { - if (!empty($int) && $int != $dyndns['interface']) + $failovergroup = interface_gateway_group_member($int); + if (!empty($int) && $int == $dyndns['interface']) { + services_dyndns_configure_client($dyndns); + sleep(1); + } elseif (is_array($gwgroups[$dyndns['interface']])){ + services_dyndns_configure_client($dyndns); + sleep(1); + } else { continue; - - services_dyndns_configure_client($dyndns); - - sleep(1); + } } if ($g['booting']) diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 881537f..e7a0734 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -604,8 +604,9 @@ function is_domain($domain) { } /* returns true if $macaddr is a valid MAC address */ -function is_macaddr($macaddr) { - return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; +function is_macaddr($macaddr, $partial=false) { + $repeat = ($partial) ? '1,5' : '5'; + return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){'.$repeat.'}$/i', $macaddr) == 1 ? true : false; } /* returns true if $name is a valid name for an alias */ diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index ce7f4cd..d7ccc29 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -47,7 +47,7 @@ function listtags() { "option package passthrumac phase1 phase2 ppp pppoe priv proxyarpnet qinqentry queue ". "pages pipe radnsserver roll route row rrddatafile rule schedule service servernat servers ". "serversdisabled earlyshellcmd shellcmd staticmap subqueue timerange ". - "tunnel user vip virtual_server vlan winsserver wolentry widget npt" + "tunnel user vip virtual_server vlan winsserver wolentry widget npt pool" ); return $ret; } diff --git a/etc/inc/xmlreader.inc b/etc/inc/xmlreader.inc index 96353d2..1678843 100644 --- a/etc/inc/xmlreader.inc +++ b/etc/inc/xmlreader.inc @@ -51,7 +51,7 @@ function listtags() { "option package passthrumac phase1 phase2 ppp pppoe priv proxyarpnet qinqentry queue ". "pages pipe roll route row rrddatafile rule schedule service servernat servers ". "serversdisabled earlyshellcmd shellcmd staticmap subqueue timerange ". - "tunnel user vip virtual_server vlan winsserver wolentry widget npt" + "tunnel user vip virtual_server vlan winsserver wolentry widget npt pool" ); return array_flip($ret); } diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 6bc07e1..b0bc9b0 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -1,7 +1,7 @@ /* cvs_sync * Written by Scott Ullrich * (C)2005-2007 Scott Ullrich - * (C)2010 Erik Fonnesbeck + * (C)2010-2012 Erik Fonnesbeck * Part of the pfSense project pfSsh.php subsystem */ @@ -11,8 +11,6 @@ require_once("shaper.inc"); require_once("rrd.inc"); require_once("pfsense-utils.inc"); -conf_mount_rw(); - $GIT_PKG = "git"; // Either "git" or the full package URL $GIT_REPO = "git://github.com/bsdperimeter/pfsense.git"; $DEFAULT_BRANCH = "master"; @@ -31,11 +29,46 @@ global $g; global $argv; global $command_split; -// If this parameter is set, all interactive functions are disabled -// and neither PHP nor the web gui will be killed or restarted. -$upgrading = in_array("--upgrading", $argv); +if(is_array($command_split)) + $temp_args = array_slice($command_split, 2); +else + $temp_args = array_slice($argv, 3); + +$valid_args = array( + "--minimal" => "\tPerform a minimal copy of only the updated files.\n" . + "\tNot recommended if the system has files modified by any method other\n" . + "\tthan gitsync.\n", + "--help" => "\tDisplay this help list.\n" + ); +$args = array(); +$arg_count = 0; +while(!empty($temp_args)) { + $arg = array_shift($temp_args); + if($arg[0] == '-') { + switch($arg) { + case "--help": + echo "Usage: playback gitsync [options] [[repository] <branch>]\nOptions:\n"; + foreach($valid_args as $arg_name => $arg_desc) + echo $arg_name . "\n" . $arg_desc; + exit; + case "--upgrading": + // Disables all interactive functions and neither PHP + // nor the web GUI will be killed or restarted. + $upgrading = true; + case (isset($valid_args[$arg])): + $args[$arg] = true; + break; + default: + echo "Invalid option: {$arg}\nUse --help for usage information.\n"; + exit; + } + } else { + $args[$arg_count++] = $arg; + } +} unlink_if_exists("/tmp/config.cache"); +conf_mount_rw(); if(!file_exists("/usr/local/bin/git")) { echo "Cannot find git, fetching..."; @@ -74,24 +107,20 @@ if(is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { unset($output_str); } -if($command_split[2]) { - $branch = $command_split[2]; -} else { - if(!$argv[3] && !$upgrading) { - echo "\nCurrent repository is $GIT_REPO\n"; - echo "\nPlease select which branch you would like to sync against:\n\n"; - foreach($branches as $branchname => $branchdesc) { - echo "{$branchname} \t {$branchdesc}\n"; - } - echo "\nOr alternatively you may enter a custom RCS branch URL (Git or HTTP).\n\n"; - $branch = readline("> "); - echo "\n"; - } else { - $branch = $argv[3]; +if(!$args[0] && !$upgrading) { + echo "\nCurrent repository is $GIT_REPO\n"; + echo "\nPlease select which branch you would like to sync against:\n\n"; + foreach($branches as $branchname => $branchdesc) { + echo "{$branchname} \t {$branchdesc}\n"; } + echo "\nOr alternatively you may enter a custom RCS branch URL (Git or HTTP).\n\n"; + $branch = readline("> "); + echo "\n"; +} else { + $branch = $args[0]; } -if($argv[4] == "NOBACKUP") +if($args[1] == "NOBACKUP") $nobackup = true; else $nobackup = false; @@ -115,14 +144,9 @@ foreach($branches as $branchname => $branchdesc) { } if(!$found) { if(isURL($branch) && !$upgrading) { - if($command_split[3]) { + if($args[1]) { $GIT_REPO = $branch; - $branch = $command_split[3]; - $found = true; - } - else if($argv[4]) { - $GIT_REPO = $branch; - $branch = $argv[4]; + $branch = $args[1]; $found = true; } else { @@ -170,7 +194,7 @@ if(file_exists($GITSYNC_MERGE)) { } } } -if(!$command_split[2] && !$argv[3] && !$upgrading) { +if(!$args[0] && !$upgrading) { do { echo "\nAdd a custom RCS branch URL (Git or HTTP) to merge in or press enter if done.\n\n"; $merge_repo = readline("> "); @@ -215,7 +239,7 @@ if($branch == "build_commit") { $git_cmd = array( "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git branch " . escapeshellarg($branch) . " 2>/dev/null", "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git checkout -f " . escapeshellarg($branch) . " 2>/dev/null", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset --hard " . escapeshellarg(file_get_contents("/etc/version.lastcommit")) + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset --hard " . escapeshellarg(trim(file_get_contents("/etc/version.lastcommit"))) ); } else { $git_cmd = array( @@ -255,6 +279,18 @@ foreach($merge_repos as $merge_repo) { } } +if(isset($args["--minimal"])) { + if(file_exists("/etc/version.gitsync")) + $old_revision = trim(file_get_contents("/etc/version.gitsync")); + else if(file_exists("/etc/version.lastcommit")) + $old_revision = trim(file_get_contents("/etc/version.lastcommit")); + $files_to_copy = strtr(shell_exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git diff --name-only " . escapeshellarg($old_revision)), "\n", " "); +} else + $files_to_copy = '--exclude .git .'; + +// Save new commit ID for later minimal file copies +exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git rev-parse -q --verify HEAD > /etc/version.gitsync"); + exec("mkdir -p /tmp/lighttpd/cache/compress/"); // Nuke CVS and pfSense tarballs @@ -283,10 +319,15 @@ exec("rm -f ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/etc/syslog.conf 2>/dev/null") echo "===> Installing new files...\n"; if($g['platform'] == "pfSense") - $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - --exclude .git . | (cd / ; tar -Uxpf -)"; + $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - {$files_to_copy} | (cd / ; tar -Uxpf -)"; else - $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - --exclude .git . | (cd / ; tar -xpf -) 2>/dev/null"; -exec($command); + $command = "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO ; tar -cpf - {$files_to_copy} | (cd / ; tar -xpf -) 2>/dev/null"; +if(!empty($files_to_copy)) + exec($command); +else { + echo "Already up-to-date.\n"; + $upgrading = true; +} // Reset the repository to restore the deleted files exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset --hard >/dev/null 2>/dev/null"); diff --git a/etc/rc.firmware b/etc/rc.firmware index 54a115c..7af6b6a 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -467,6 +467,9 @@ pfSenseupgrade) sh /etc/init_bootloader.sh >> /conf/upgrade_log.txt 2>&1 fi + # Remove saved commit ID for gitsync + rm -f /etc/version.gitsync + # If /tmp/post_upgrade_command exists after update # then execute the command. if [ -f /tmp/post_upgrade_command ]; then diff --git a/etc/rc.newipsecdns b/etc/rc.newipsecdns index ba46568..db1d237 100755 --- a/etc/rc.newipsecdns +++ b/etc/rc.newipsecdns @@ -56,7 +56,5 @@ vpn_ipsec_configure(); - filter_configure(); - unlock($ipseclck); ?> diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 480f5a2..2812d4b 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -162,14 +162,21 @@ setup_gateways_monitor(); filter_configure(); if (is_ipaddr($oldip) && $curwanip == $oldip) { - // Still need to sync VPNs on PPPoE and such, as even with the same IP the VPN software is unhappy with the IP disappearing. - if (in_array($config['interfaces'][$interface]['ipaddr'], array('pppoe', 'pptp', 'ppp'))) { - /* reconfigure IPsec tunnels */ - vpn_ipsec_force_reload(); + /* We need to force sync VPNs on such even when the IP is the same. Even with + * the same IP the VPN software is unhappy with the IP disappearing, and we + * could be failing back in which case we need to switch IPs back anyhow. */ - /* start OpenVPN server & clients */ - openvpn_resync_all($interface); - } + /* reconfigure IPsec tunnels */ + vpn_ipsec_force_reload(); + + /* start OpenVPN server & clients */ + openvpn_resync_all($interface); + + /* perform RFC 2136 DNS update */ + services_dnsupdate_process($interface); + + /* signal dyndns update */ + services_dyndns_configure($interface); exit; } diff --git a/etc/rc.openvpn b/etc/rc.openvpn index 159912b..8d27534 100755 --- a/etc/rc.openvpn +++ b/etc/rc.openvpn @@ -45,8 +45,13 @@ if(isset($config['openvpn']['enable'])) log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading."); - - openvpn_resync_all(); + + $gwgroups = return_gateway_groups_array(); + foreach($config['openvpn']['openvpn-server'] as &$server) { + if(is_array($gwgroups[$server['interface']])) { + openvpn_resync('server', $server); + } + } unlock($openvpnlck); ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index b04a0f6..7655d56 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -206,9 +206,6 @@ if ($_POST) { $_POST['icmptype'] = $pconfig['icmptype']; } - if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp") - $input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP."); - if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none") $input_errors[] = gettext("Queue type rules only work with queues."); diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index ba95897..0d968b5 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -94,7 +94,7 @@ function dhcp_clean_leases() { } $if = $_GET['if']; -if ($_POST['if']) +if (!empty($_POST['if'])) $if = $_POST['if']; /* if OLSRD is enabled, allow WAN to house DHCP. */ @@ -124,37 +124,73 @@ if (!$if || !isset($iflist[$if])) { } } +$act = $_GET['act']; +if (!empty($_POST['act'])) + $act = $_POST['act']; + + if (is_array($config['dhcpd'][$if])){ - if (is_array($config['dhcpd'][$if]['range'])) { - $pconfig['range_from'] = $config['dhcpd'][$if]['range']['from']; - $pconfig['range_to'] = $config['dhcpd'][$if]['range']['to']; + $pool = $_GET['pool']; + if (is_numeric($_POST['pool'])) + $pool = $_POST['pool']; + + // If we have a pool but no interface name, that's not valid. Redirect away. + if (is_numeric($pool) && empty($if)) { + header("Location: services_dhcp.php"); + exit; } - $pconfig['deftime'] = $config['dhcpd'][$if]['defaultleasetime']; - $pconfig['maxtime'] = $config['dhcpd'][$if]['maxleasetime']; - $pconfig['gateway'] = $config['dhcpd'][$if]['gateway']; - $pconfig['domain'] = $config['dhcpd'][$if]['domain']; - $pconfig['domainsearchlist'] = $config['dhcpd'][$if]['domainsearchlist']; - list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpd'][$if]['winsserver']; - list($pconfig['dns1'],$pconfig['dns2']) = $config['dhcpd'][$if]['dnsserver']; - $pconfig['enable'] = isset($config['dhcpd'][$if]['enable']); - $pconfig['denyunknown'] = isset($config['dhcpd'][$if]['denyunknown']); - $pconfig['staticarp'] = isset($config['dhcpd'][$if]['staticarp']); - $pconfig['ddnsdomain'] = $config['dhcpd'][$if]['ddnsdomain']; - $pconfig['ddnsupdate'] = isset($config['dhcpd'][$if]['ddnsupdate']); - list($pconfig['ntp1'],$pconfig['ntp2']) = $config['dhcpd'][$if]['ntpserver']; - $pconfig['tftp'] = $config['dhcpd'][$if]['tftp']; - $pconfig['ldap'] = $config['dhcpd'][$if]['ldap']; - $pconfig['netboot'] = isset($config['dhcpd'][$if]['netboot']); - $pconfig['nextserver'] = $config['dhcpd'][$if]['nextserver']; - $pconfig['filename'] = $config['dhcpd'][$if]['filename']; - $pconfig['rootpath'] = $config['dhcpd'][$if]['rootpath']; - $pconfig['failover_peerip'] = $config['dhcpd'][$if]['failover_peerip']; - $pconfig['netmask'] = $config['dhcpd'][$if]['netmask']; - $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; - $pconfig['dhcpleaseinlocaltime'] = $config['dhcpd'][$if]['dhcpleaseinlocaltime']; - if (!is_array($config['dhcpd'][$if]['staticmap'])) - $config['dhcpd'][$if]['staticmap'] = array(); - $a_maps = &$config['dhcpd'][$if]['staticmap']; + + if (!is_array($config['dhcpd'][$if]['pool'])) + $config['dhcpd'][$if]['pool'] = array(); + $a_pools = &$config['dhcpd'][$if]['pool']; + + if (is_numeric($pool) && $a_pools[$pool]) + $dhcpdconf = &$a_pools[$pool]; + elseif ($act == "newpool") + $dhcpdconf = array(); + else + $dhcpdconf = &$config['dhcpd'][$if]; +} +if (is_array($dhcpdconf)) { + // Global Options + if (!is_numeric($pool) && !($act == "newpool")) { + $pconfig['enable'] = isset($dhcpdconf['enable']); + $pconfig['staticarp'] = isset($dhcpdconf['staticarp']); + // No reason to specify this per-pool, per the dhcpd.conf man page it needs to be in every + // pool and should be specified in every pool both nodes share, so we'll treat it as global + $pconfig['failover_peerip'] = $dhcpdconf['failover_peerip']; + $pconfig['dhcpleaseinlocaltime'] = $dhcpdconf['dhcpleaseinlocaltime']; + if (!is_array($dhcpdconf['staticmap'])) + $dhcpdconf['staticmap'] = array(); + $a_maps = &$dhcpdconf['staticmap']; + } + + // Options that can be global or per-pool. + if (is_array($dhcpdconf['range'])) { + $pconfig['range_from'] = $dhcpdconf['range']['from']; + $pconfig['range_to'] = $dhcpdconf['range']['to']; + } + $pconfig['deftime'] = $dhcpdconf['defaultleasetime']; + $pconfig['maxtime'] = $dhcpdconf['maxleasetime']; + $pconfig['gateway'] = $dhcpdconf['gateway']; + $pconfig['domain'] = $dhcpdconf['domain']; + $pconfig['domainsearchlist'] = $dhcpdconf['domainsearchlist']; + list($pconfig['wins1'],$pconfig['wins2']) = $dhcpdconf['winsserver']; + list($pconfig['dns1'],$pconfig['dns2']) = $dhcpdconf['dnsserver']; + $pconfig['denyunknown'] = isset($dhcpdconf['denyunknown']); + $pconfig['ddnsdomain'] = $dhcpdconf['ddnsdomain']; + $pconfig['ddnsupdate'] = isset($dhcpdconf['ddnsupdate']); + $pconfig['mac_allow'] = $dhcpdconf['mac_allow']; + $pconfig['mac_deny'] = $dhcpdconf['mac_deny']; + list($pconfig['ntp1'],$pconfig['ntp2']) = $dhcpdconf['ntpserver']; + $pconfig['tftp'] = $dhcpdconf['tftp']; + $pconfig['ldap'] = $dhcpdconf['ldap']; + $pconfig['netboot'] = isset($dhcpdconf['netboot']); + $pconfig['nextserver'] = $dhcpdconf['nextserver']; + $pconfig['filename'] = $dhcpdconf['filename']; + $pconfig['rootpath'] = $dhcpdconf['rootpath']; + $pconfig['netmask'] = $dhcpdconf['netmask']; + $pconfig['numberoptions'] = $dhcpdconf['numberoptions']; } $ifcfgip = $config['interfaces'][$if]['ipaddr']; @@ -183,6 +219,16 @@ function is_inrange($test, $start, $end) { return false; } +function validate_partial_mac_list($maclist) { + $macs = explode(',', $maclist); + + // Loop through and look for invalid MACs. + foreach ($macs as $mac) + if (!is_macaddr($mac, true)) + return false; + return true; +} + if ($_POST) { unset($input_errors); @@ -203,7 +249,7 @@ if ($_POST) { $pconfig['numberoptions'] = $numberoptions; /* input validation */ - if ($_POST['enable']) { + if ($_POST['enable'] || is_numeric($pool) || $act == "newpool") { $reqdfields = explode(" ", "range_from range_to"); $reqdfieldsn = array(gettext("Range begin"),gettext("Range end")); @@ -241,7 +287,13 @@ if ($_POST) { } } } - + + // Validate MACs + if (!empty($_POST['mac_allow']) && !validate_partial_mac_list($_POST['mac_allow'])) + $input_errors[] = gettext("If you specify a mac allow list, it must contain only valid partial MAC addresses."); + if (!empty($_POST['mac_deny']) && !validate_partial_mac_list($_POST['mac_deny'])) + $input_errors[] = gettext("If you specify a mac deny list, it must contain only valid partial MAC addresses."); + if (($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2']))) $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); if (($_POST['domain'] && !is_domain($_POST['domain']))) @@ -311,6 +363,10 @@ if ($_POST) { if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to'])) $input_errors[] = gettext("The range is invalid (first element higher than second element)."); + // TODO: Ensure range and pools do not overlap! + // If we're editing the main range, check pools + // If we're editing a pool, locate parent range and other pools. + /* make sure that the DHCP Relay isn't enabled on this interface */ if (isset($config['dhcrelay'][$if]['enable'])) $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."),$iflist[$if]); @@ -332,62 +388,91 @@ if ($_POST) { } if (!$input_errors) { - if (!is_array($config['dhcpd'][$if])) - $config['dhcpd'][$if] = array(); - if (!is_array($config['dhcpd'][$if]['range'])) - $config['dhcpd'][$if]['range'] = array(); - - $config['dhcpd'][$if]['range']['from'] = $_POST['range_from']; - $config['dhcpd'][$if]['range']['to'] = $_POST['range_to']; - $config['dhcpd'][$if]['defaultleasetime'] = $_POST['deftime']; - $config['dhcpd'][$if]['maxleasetime'] = $_POST['maxtime']; - $config['dhcpd'][$if]['netmask'] = $_POST['netmask']; - $previous = $config['dhcpd'][$if]['failover_peerip']; - if($previous <> $_POST['failover_peerip']) - mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); - - $config['dhcpd'][$if]['failover_peerip'] = $_POST['failover_peerip']; - - unset($config['dhcpd'][$if]['winsserver']); + if (!is_numeric($pool)) { + if ($act == "newpool") { + $dhcpdconf = array(); + } else { + if (!is_array($config['dhcpd'][$if])) + $config['dhcpd'][$if] = array(); + $dhcpdconf = $config['dhcpd'][$if]; + } + } else { + if (is_array($a_pools[$pool])) { + $dhcpdconf = $a_pools[$pool]; + } else { + // Someone specified a pool but it doesn't exist. Punt. + header("Location: services_dhcp.php"); + exit; + } + } + if (!is_array($dhcpdconf['range'])) + $dhcpdconf['range'] = array(); + + // Global Options + if (!is_numeric($pool) && !($act == "newpool")) { + $dhcpdconf['enable'] = ($_POST['enable']) ? true : false; + $dhcpdconf['staticarp'] = ($_POST['staticarp']) ? true : false; + $previous = $dhcpdconf['failover_peerip']; + if($previous <> $_POST['failover_peerip']) + mwexec("/bin/rm -rf /var/dhcpd/var/db/*"); + $dhcpdconf['failover_peerip'] = $_POST['failover_peerip']; + $dhcpdconf['dhcpleaseinlocaltime'] = $_POST['dhcpleaseinlocaltime']; + } + + // Options that can be global or per-pool. + $dhcpdconf['range']['from'] = $_POST['range_from']; + $dhcpdconf['range']['to'] = $_POST['range_to']; + $dhcpdconf['defaultleasetime'] = $_POST['deftime']; + $dhcpdconf['maxleasetime'] = $_POST['maxtime']; + $dhcpdconf['netmask'] = $_POST['netmask']; + + unset($dhcpdconf['winsserver']); if ($_POST['wins1']) - $config['dhcpd'][$if]['winsserver'][] = $_POST['wins1']; + $dhcpdconf['winsserver'][] = $_POST['wins1']; if ($_POST['wins2']) - $config['dhcpd'][$if]['winsserver'][] = $_POST['wins2']; + $dhcpdconf['winsserver'][] = $_POST['wins2']; - unset($config['dhcpd'][$if]['dnsserver']); + unset($dhcpdconf['dnsserver']); if ($_POST['dns1']) - $config['dhcpd'][$if]['dnsserver'][] = $_POST['dns1']; + $dhcpdconf['dnsserver'][] = $_POST['dns1']; if ($_POST['dns2']) - $config['dhcpd'][$if]['dnsserver'][] = $_POST['dns2']; - - $config['dhcpd'][$if]['gateway'] = $_POST['gateway']; - $config['dhcpd'][$if]['domain'] = $_POST['domain']; - $config['dhcpd'][$if]['domainsearchlist'] = $_POST['domainsearchlist']; - $config['dhcpd'][$if]['denyunknown'] = ($_POST['denyunknown']) ? true : false; - $config['dhcpd'][$if]['enable'] = ($_POST['enable']) ? true : false; - $config['dhcpd'][$if]['staticarp'] = ($_POST['staticarp']) ? true : false; - $config['dhcpd'][$if]['ddnsdomain'] = $_POST['ddnsdomain']; - $config['dhcpd'][$if]['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; - - unset($config['dhcpd'][$if]['ntpserver']); + $dhcpdconf['dnsserver'][] = $_POST['dns2']; + + $dhcpdconf['gateway'] = $_POST['gateway']; + $dhcpdconf['domain'] = $_POST['domain']; + $dhcpdconf['domainsearchlist'] = $_POST['domainsearchlist']; + $dhcpdconf['denyunknown'] = ($_POST['denyunknown']) ? true : false; + $dhcpdconf['ddnsdomain'] = $_POST['ddnsdomain']; + $dhcpdconf['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; + $dhcpdconf['mac_allow'] = $_POST['mac_allow']; + $dhcpdconf['mac_deny'] = $_POST['mac_deny']; + + unset($dhcpdconf['ntpserver']); if ($_POST['ntp1']) - $config['dhcpd'][$if]['ntpserver'][] = $_POST['ntp1']; + $dhcpdconf['ntpserver'][] = $_POST['ntp1']; if ($_POST['ntp2']) - $config['dhcpd'][$if]['ntpserver'][] = $_POST['ntp2']; + $dhcpdconf['ntpserver'][] = $_POST['ntp2']; - $config['dhcpd'][$if]['tftp'] = $_POST['tftp']; - $config['dhcpd'][$if]['ldap'] = $_POST['ldap']; - $config['dhcpd'][$if]['netboot'] = ($_POST['netboot']) ? true : false; - $config['dhcpd'][$if]['nextserver'] = $_POST['nextserver']; - $config['dhcpd'][$if]['filename'] = $_POST['filename']; - $config['dhcpd'][$if]['rootpath'] = $_POST['rootpath']; - $config['dhcpd'][$if]['dhcpleaseinlocaltime'] = $_POST['dhcpleaseinlocaltime']; + $dhcpdconf['tftp'] = $_POST['tftp']; + $dhcpdconf['ldap'] = $_POST['ldap']; + $dhcpdconf['netboot'] = ($_POST['netboot']) ? true : false; + $dhcpdconf['nextserver'] = $_POST['nextserver']; + $dhcpdconf['filename'] = $_POST['filename']; + $dhcpdconf['rootpath'] = $_POST['rootpath']; // Handle the custom options rowhelper - if(isset($config['dhcpd'][$if]['numberoptions']['item'])) - unset($config['dhcpd'][$if]['numberoptions']['item']); + if(isset($dhcpdconf['numberoptions']['item'])) + unset($dhcpdconf['numberoptions']['item']); - $config['dhcpd'][$if]['numberoptions'] = $numberoptions; + $dhcpdconf['numberoptions'] = $numberoptions; + + if (is_numeric($pool) && is_array($a_pools[$pool])) { + $a_pools[$pool] = $dhcpdconf; + } elseif ($act == "newpool") { + $a_pools[] = $dhcpdconf; + } else { + $config['dhcpd'][$if] = $dhcpdconf; + } write_config(); @@ -416,7 +501,16 @@ if ($_POST) { } } -if ($_GET['act'] == "del") { +if ($act == "delpool") { + if ($a_pools[$_GET['id']]) { + unset($a_pools[$_GET['id']]); + write_config(); + header("Location: services_dhcp.php?if={$if}"); + exit; + } +} + +if ($act == "del") { if ($a_maps[$_GET['id']]) { unset($a_maps[$_GET['id']]); write_config(); @@ -465,6 +559,9 @@ include("head.inc"); <script type="text/javascript" language="JavaScript"> function enable_change(enable_over) { var endis; + <?php if (is_numeric($pool) || ($act == "newpool")): ?> + enable_over = true; + <?php endif; ?> endis = !(document.iform.enable.checked || enable_over); document.iform.range_from.disabled = endis; document.iform.range_to.disabled = endis; @@ -482,6 +579,8 @@ include("head.inc"); document.iform.dhcpleaseinlocaltime.disabled = endis; document.iform.ddnsdomain.disabled = endis; document.iform.ddnsupdate.disabled = endis; + document.iform.mac_allow.disabled = endis; + document.iform.mac_deny.disabled = endis; document.iform.ntp1.disabled = endis; document.iform.ntp2.disabled = endis; document.iform.tftp.disabled = endis; @@ -505,6 +604,12 @@ include("head.inc"); aodiv.style.display = "block"; } + function show_maccontrol_config() { + document.getElementById("showmaccontrolbox").innerHTML=''; + aodiv = document.getElementById('showmaccontrol'); + aodiv.style.display = "block"; + } + function show_ntp_config() { document.getElementById("showntpbox").innerHTML=''; aodiv = document.getElementById('showntp'); @@ -580,6 +685,7 @@ include("head.inc"); <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> @@ -588,6 +694,11 @@ include("head.inc"); "%s " . "interface"),htmlspecialchars($iflist[$if]));?></strong></td> </tr> + <?php else: ?> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Editing Pool-Specific Options. To return to the Interface, click its tab above."); ?></td> + </tr> + <?php endif; ?> <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> @@ -621,6 +732,17 @@ include("head.inc"); $range_to--; echo long2ip32($range_to); ?> + <?php if (is_numeric($pool) || ($act == "newpool")): ?> + <br/>In-use DHCP Pool Ranges: + <?php if (is_array($config['dhcpd'][$if]['range'])): ?> + <br/><?php echo $config['dhcpd'][$if]['range']['from']; ?>-<?php echo $config['dhcpd'][$if]['range']['to']; ?> + <?php endif; ?> + <?php foreach ($a_pools as $p): ?> + <?php if (is_array($p['range'])): ?> + <br/><?php echo $p['range']['from']; ?>-<?php echo $p['range']['to']; ?> + <?php endif; ?> + <?php endforeach; ?> + <?php endif; ?> </td> </tr> <?php if($is_olsr_enabled): ?> @@ -648,6 +770,61 @@ include("head.inc"); <?=gettext("to"); ?> <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>"> </td> </tr> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Additional Pools");?></td> + <td width="78%" class="vtable"> + <?php echo gettext("If you need additional pools of addresses inside of this subnet outside the above Range, they may be specified here."); ?> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="45%" class="listhdrr"><?=gettext("Pool Start");?></td> + <td width="45%" class="listhdrr"><?=gettext("Pool End");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php if(is_array($a_pools)): ?> + <?php $i = 0; foreach ($a_pools as $poolent): ?> + <?php if(!empty($poolent['range']['from']) && !empty($poolent['range']['to'])): ?> + <tr> + <td class="listlr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> + <?=htmlspecialchars($poolent['range']['from']);?> + </td> + <td class="listr" ondblclick="document.location='services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>';"> + <?=htmlspecialchars($poolent['range']['to']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&pool=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=delpool&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this pool?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + <?php endif; ?> + <?php $i++; endforeach; ?> + <?php endif; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=newpool"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> + <?php endif; ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WINS servers");?></td> <td width="78%" class="vtable"> @@ -704,6 +881,7 @@ include("head.inc"); <?=gettext("The default is 86400 seconds.");?> </td> </tr> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Failover peer IP:");?></td> <td width="78%" class="vtable"> @@ -711,6 +889,8 @@ include("head.inc"); <?=gettext("Leave blank to disable. Enter the interface IP address of the other machine. Machines must be using CARP.");?> </td> </tr> + <?php endif; ?> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Static ARP");?></td> <td width="78%" class="vtable"> @@ -730,6 +910,8 @@ include("head.inc"); </table> </td> </tr> + <?php endif; ?> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Time format change"); ?></td> <td width="78%" class="vtable"> @@ -755,6 +937,7 @@ include("head.inc"); </table> </td> </tr> + <?php endif; ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Dynamic DNS");?></td> <td width="78%" class="vtable"> @@ -772,6 +955,20 @@ include("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("MAC Address Control");?></td> + <td width="78%" class="vtable"> + <div id="showmaccontrolbox"> + <input type="button" onClick="show_maccontrol_config()" value="<?=gettext("Advanced");?>"></input> - <?=gettext("Show MAC Address Control");?></a> + </div> + <div id="showmaccontrol" style="display:none"> + <input name="mac_allow" type="text" class="formfld unknown" id="mac_allow" size="20" value="<?=htmlspecialchars($pconfig['mac_allow']);?>"><br /> + <?=gettext("Enter a list of partial MAC addresses to allow, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF + <input name="mac_deny" type="text" class="formfld unknown" id="mac_deny" size="20" value="<?=htmlspecialchars($pconfig['mac_deny']);?>"><br /> + <?=gettext("Enter a list of partial MAC addresses to deny access, comma separated, no spaces, such as ");?>00:00:00,01:E5:FF + </div> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("NTP servers");?></td> <td width="78%" class="vtable"> <div id="showntpbox"> @@ -829,6 +1026,7 @@ include("head.inc"); </div> </td> </tr> + <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Additional BOOTP/DHCP Options");?></td> <td width="78%" class="vtable"> @@ -901,9 +1099,16 @@ include("head.inc"); </td> </tr> + <?php endif; ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> + <?php if ($act == "newpool"): ?> + <input type="hidden" name="act" value="newpool"> + <?php endif; ?> + <?php if (is_numeric($pool)): ?> + <input type="hidden" name="pool" value="<?php echo $pool; ?>"> + <?php endif; ?> <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)"> </td> diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php index c7a0c2d..45687b8 100755 --- a/usr/local/www/status_dhcp_leases.php +++ b/usr/local/www/status_dhcp_leases.php @@ -56,16 +56,17 @@ if (($_GET['deleteip']) && (is_ipaddr($_GET['deleteip']))) { killbyname("dhcpd"); /* Read existing leases */ + /* $leases_contents has the lines of the file, including the newline char at the end of each line. */ $leases_contents = file($leasesfile); $newleases_contents = array(); $i=0; while ($i < count($leases_contents)) { /* Find the lease(s) we want to delete */ - if ($leases_contents[$i] == "lease {$_GET['deleteip']} {") { + if ($leases_contents[$i] == "lease {$_GET['deleteip']} {\n") { /* Skip to the end of the lease declaration */ do { $i++; - } while ($leases_contents[$i] != "}"); + } while ($leases_contents[$i] != "}\n"); } else { /* It's a line we want to keep, copy it over. */ $newleases_contents[] = $leases_contents[$i]; diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php index b8b3f76..0d64599 100644 --- a/usr/local/www/system_usermanager_passwordmg.php +++ b/usr/local/www/system_usermanager_passwordmg.php @@ -70,11 +70,12 @@ foreach($config['system']['user'] as $user) if($user['name'] == $_SESSION['Username']) $islocal = true; +include("head.inc"); + ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> <?php -include("head.inc"); include("fbegin.inc"); if ($input_errors) diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 81395ed..59404c1 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -294,6 +294,7 @@ function enable_change(enable_over) { <form action="vpn_pptp.php" method="post" name="iform" id="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> +<?php print_info_box(gettext("PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.<br/><br/><a href=\"https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807\">Read More</a>")); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php |
