diff options
26 files changed, 226 insertions, 118 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 0097e10..13ca678 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -81,7 +81,7 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $found_host = true; if($found_host == false) { - display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding"); + display_error_form("501", "Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding<br/>Try accessing the router by IP address instead of by hostname."); exit; } } @@ -936,7 +936,7 @@ function ldap_backed($username, $passwd, $authcfg) { else $ldapfunc = "ldap_search"; /* Support legacy auth container specification. */ - if (stristr($ldac_split, "DC=")) + if (stristr($ldac_split, "DC=") || empty($ldapbasedn)) $search = @$ldapfunc($ldap,$ldac_split,$ldapfilter); else $search = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter); diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index a5799d9..a07a793 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -124,7 +124,7 @@ $this->_ifIP = get_interface_ip($dnsIf); // Ensure that we where able to lookup the IP - if(!$this->_ifIP) { + if(!is_ipaddr($this->_ifIP)) { log_error("There was an error trying to determine the IP for interface - {$dnsIf}({$this->_if}). Probably interface has no ip or is down. Dyndns update not possible for {$dnsService}."); return; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e94720a..7448ac4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1514,34 +1514,35 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { if(strstr($rule[$target]['network'], "opt")) { $optmatch = ""; $matches = ""; + if($rule['ipprotocol'] == "inet6") { - if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { - $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ipv6']; - if(!is_ipaddr($opt_ip)) - return ""; - $src = $opt_ip . "/" . - $FilterIflist["opt{$optmatch[1]}"]['snv6']; /* check for opt$NUMip here */ - } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { + if (preg_match("/opt([0-9]*)ip/", $rule[$target]['networkv6'], $matches)) { $src = $FilterIflist["opt{$matches[1]}"]['ipv6']; - if(!is_ipaddr($src)) + if(!is_ipaddrv6($src)) return ""; - } + } else if (preg_match("/opt([0-9]*)$/", $rule[$target]['networkv6'], $optmatch)) { + $opt_ipv6 = $FilterIflist["opt{$optmatch[1]}"]['ipv6']; + if(!is_ipaddr($opt_ipv6)) + return ""; + $src = $opt_ipv6 . "/" . + $FilterIflist["opt{$optmatch[1]}"]['snv6']; + if(isset($rule[$target]['not'])) $src = " !{$src}"; } else { - if(preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { + /* check for opt$NUMip here */ + if (preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { + $src = $FilterIflist["opt{$matches[1]}"]['ip']; + if(!is_ipaddr($src)) + return ""; + } else if (preg_match("/opt([0-9]*)$/", $rule[$target]['network'], $optmatch)) { $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; if(!is_ipaddr($opt_ip)) return ""; $src = $opt_ip . "/" . $FilterIflist["opt{$optmatch[1]}"]['sn']; - /* check for opt$NUMip here */ - } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { - $src = $FilterIflist["opt{$matches[1]}"]['ip']; - if(!is_ipaddr($src)) - return ""; - } + if(isset($rule[$target]['not'])) $src = " !{$src}"; } @@ -1595,7 +1596,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = "{$pppoesa}/{$pppoesn}"; break; } - if(isset($rule[$target]['not'])) $src = "!{$src}"; + if(isset($rule[$target]['not'])) + $src = "!{$src}"; } } } else if($rule[$target]['address']) { diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc index d991316..7025a95 100644 --- a/etc/inc/priv.defs.inc +++ b/etc/inc/priv.defs.inc @@ -361,8 +361,8 @@ $priv_list['page-xmlrpcinterfacestats']['match'] = array(); $priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*"; $priv_list['page-system-login/logout'] = array(); -$priv_list['page-system-login/logout']['name'] = "WebCfg - System: Login / Logout page"; -$priv_list['page-system-login/logout']['descr'] = "Allow access to the 'System: Login / Logout' page."; +$priv_list['page-system-login/logout']['name'] = "WebCfg - System: Login / Logout page / Dashboard"; +$priv_list['page-system-login/logout']['descr'] = "Allow access to the 'System: Login / Logout' page and Dashboard."; $priv_list['page-system-login/logout']['match'] = array(); $priv_list['page-system-login/logout']['match'][] = "index.php*"; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 65e50ff..2718fd2 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -869,7 +869,6 @@ function services_dyndns_configure_client($conf) { $dnsWilcard = $conf['wildcard'], $dnsMX = $conf['mx'], $dnsIf = "{$conf['interface']}"); - } function services_dyndns_configure($int = "") { diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7d95f82..201534c 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -902,6 +902,7 @@ class priq_queue { } function &get_queue_list(&$qlist) { + $qlist[$this->GetQname()] = & $this; if (is_array($this->subqueues)) { foreach ($this->subqueues as $queue) @@ -3126,6 +3127,8 @@ class dnqueue_class extends dummynet_class { } function &get_queue_list(&$qlist) { + if ($this->GetEnabled() == "") + return; $qlist[$this->GetQname()] = "?" .$this->GetNumber(); } @@ -3782,9 +3785,13 @@ function &get_unique_queue_list() { $qlist = array(); if (is_array($altq_list_queues)) { foreach ($altq_list_queues as $altq) { + if ($altq->GetEnabled()) + continue; $tmplist =& $altq->get_queue_list(); - foreach ($tmplist as $qname => $link) - $qlist[$qname] = $link; + foreach ($tmplist as $qname => $link) { + if ($link->GetEnabled() <> "") + $qlist[$qname] = $link; + } } } return $qlist; @@ -3796,9 +3803,12 @@ function &get_unique_dnqueue_list() { $qlist = array(); if (is_array($dummynet_pipe_list)) { foreach ($dummynet_pipe_list as $dn) { + if ($dn->GetEnabled() == "") + continue; $tmplist =& $dn->get_queue_list(); - foreach ($tmplist as $qname => $link) + foreach ($tmplist as $qname => $link) { $qlist[$qname] = $link; + } } } return $qlist; @@ -3835,11 +3845,11 @@ function read_altq_config() { return; foreach ($a_int as $key => $conf) { - $int = $conf['interface']; - $root =& new altq_root_queue(); - $root->SetInterface($int); - $altq_list_queues[$root->GetInterface()] = &$root; - $root->ReadConfig($conf); + $int = $conf['interface']; + $root =& new altq_root_queue(); + $root->SetInterface($int); + $altq_list_queues[$root->GetInterface()] = &$root; + $root->ReadConfig($conf); array_push($path, $key); $root->SetLink($path); if (is_array($conf['queue'])) { @@ -3852,7 +3862,7 @@ function read_altq_config() { $root->add_queue($root->GetInterface(), $q, &$path, $input_errors); array_pop($path); } - } + } array_pop($path); } } diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 4fea0f0..2bffa83 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1322,6 +1322,8 @@ function upgrade_051_to_052() { $crl['descr'] = "Imported OpenVPN CRL #{$index}"; $crl['caref'] = $ca['refid']; $crl['text'] = $server['crl']; + if(!is_array($config['crl'])) + $config['crl'] = array(); $config['crl'][] = $crl; $server['crlref'] = $crl['refid']; } @@ -2236,16 +2238,24 @@ function rename_field(& $section, $oldname, $newname) { function upgrade_071_to_072() { global $config; - rename_field($config['sysctl']['item'], 'desc', 'descr'); + if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) + rename_field($config['sysctl']['item'], 'desc', 'descr'); } function upgrade_072_to_073() { global $config; - rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr'); - rename_field($config['load_balancer']['lbpool'], 'desc', 'descr'); - rename_field($config['load_balancer']['lbaction'], 'desc', 'descr'); - rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr'); - rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr'); + if (!is_array($config['load_balancer'])) + return; + if (is_array($config['load_balancer']['monitor_type'])) + rename_field($config['load_balancer']['monitor_type'], 'desc', 'descr'); + if (is_array($config['load_balancer']['lbpool'])) + rename_field($config['load_balancer']['lbpool'], 'desc', 'descr'); + if (is_array($config['load_balancer']['lbaction'])) + rename_field($config['load_balancer']['lbaction'], 'desc', 'descr'); + if (is_array($config['load_balancer']['lbprotocol'])) + rename_field($config['load_balancer']['lbprotocol'], 'desc', 'descr'); + if (is_array($config['load_balancer']['virtual_server'])) + rename_field($config['load_balancer']['virtual_server'], 'desc', 'descr'); } function upgrade_073_to_074() { @@ -2255,8 +2265,11 @@ function upgrade_073_to_074() { function upgrade_074_to_075() { global $config; - rename_field($config['ca'], 'name', 'descr'); - rename_field($config['cert'], 'name', 'descr'); - rename_field($config['crl'], 'name', 'descr'); + if (is_array($config['ca'])) + rename_field($config['ca'], 'name', 'descr'); + if (is_array($config['cert'])) + rename_field($config['cert'], 'name', 'descr'); + if (is_array($config['crl'])) + rename_field($config['crl'], 'name', 'descr'); } ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 7bea489..ed6e77e 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -42,11 +42,10 @@ function killbypid($pidfile) { } function isvalidpid($pid) { - $running = `ps -p $pid | wc -l`; - if(intval($running) > 1) - return true; - else - return false; + $output = ""; + exec("/bin/pgrep -F {$pid}", $output, $retval); + + return (intval($retval) == 0); } function is_process_running($process) { diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 8b6529d..5531392 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -49,11 +49,14 @@ require_once("interfaces.inc"); */ function backup_vip_config_section() { global $config; - $new_section = &$config['virtualip']; - foreach($new_section['vip'] as $section) { - if($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") { - unset($section); - } + + if (!is_array($config['virtualip']['vip'])) + return; + $temp = array(); + $temp['vip'] = array(); + foreach($config['virtualip']['vip'] as $section) { + if($section['mode'] == "proxyarp" || $section['mode'] == "ipalias") + continue; if($section['advskew'] <> "") { $section_val = intval($section['advskew']); $section_val=$section_val+100; @@ -240,14 +243,19 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $sections[] = 'filter'; if ($carp['synchronizenat'] != "" and is_array($config['nat'])) $sections[] = 'nat'; - if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) + if ($carp['synchronizealiases'] != "") { + if (!is_array($config['aliases'])) + $config['aliases'] = array(); $sections[] = 'aliases'; + } if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) $sections[] = 'dhcpd'; if ($carp['synchronizewol'] != "" and is_array($config['wol'])) $sections[] = 'wol'; if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) $sections[] = 'shaper'; + if ($carp['synchronizetrafficshaper'] != "" and is_array($config['l7shaper'])) + $sections[] = 'l7shaper'; if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) { $sections[] = 'staticroutes'; $sections[] = 'gateways'; diff --git a/etc/rc.newwanip b/etc/rc.newwanip index c018cb0..347ccd0 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -91,7 +91,7 @@ if (is_ipaddr($oldip) && $curwanip == $oldip) services_dnsupdate_process($interface); /* signal dyndns update */ -send_event("service reload dyndns {$interface}"); +services_dyndns_configure($interface); /* reconfigure IPsec tunnels */ vpn_ipsec_force_reload(); diff --git a/sbin/dhclient-script b/sbin/dhclient-script index d9d55bb..01dfc78 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -101,8 +101,44 @@ add_new_alias() { fi } +fill_classless_routes() { + set $1 + while [ $# -ge 5 ]; do + if [ $1 -eq 0 ]; then + route="default" + elif [ $1 -le 8 ]; then + route="$2.0.0.0/$1" + shift + elif [ $1 -le 16 ]; then + route="$2.$3.0.0/$1" + shift; shift + elif [ $1 -le 24 ]; then + route="$2.$3.$4.0/$1" + shift; shift; shift + else + route="$2.$3.$4.$5/$1" + shift; shift; shift; shift + fi + shift + router="$1.$2.$3.$4" + classless_routes="$classless_routes $route $router" + shift; shift; shift; shift + done +} + delete_old_routes() { $LOGGER "Deleting old routes" + + if [ -n "$old_classless_routes" ]; then + fill_classless_routes "$old_classless_routes" + set $classless_routes + while [ $# -gt 1 ]; do + route delete "$1" "$2" + shift; shift + done + return 0; + fi + # Only allow the default route to be overridden if it's on our own interface if [ -f "/tmp/${interface}_defaultgw" ]; then for router in $old_routers; do @@ -126,6 +162,29 @@ delete_old_routes() { add_new_routes() { $LOGGER "Adding new routes to interface: $interface" + # RFC 3442: If the DHCP server returns both a Classless Static + # Routes option and a Router option, the DHCP client MUST ignore + # the Router option. + # + # DHCP clients that support this option (Classless Static Routes) + # MUST NOT install the routes specified in the Static Routes + # option (option code 33) if both a Static Routes option and the + # Classless Static Routes option are provided. + if [ -n "$new_classless_routes" ]; then + fill_classless_routes "$new_classless_routes" + $LOGGER "New Classless Static Routes ($interface): $classless_routes" + set $classless_routes + while [ $# -gt 1 ]; do + if [ "0.0.0.0" = "$2" ]; then + route add "$1" -iface "$interface" + else + route add "$1" "$2" + fi + shift; shift + done + return + fi + # Only allow the default route to be overridden if it's on our own interface if [ -f "/tmp/${interface}_defaultgw" ]; then $ROUTE delete default diff --git a/usr/local/sbin/vpn-linkdown b/usr/local/sbin/vpn-linkdown index 38c64b3..e67a8a0 100755 --- a/usr/local/sbin/vpn-linkdown +++ b/usr/local/sbin/vpn-linkdown @@ -1,6 +1,5 @@ #!/bin/sh # record logout -/usr/bin/logger -p local3.info "logout,$1,,$3" -/sbin/pfctl -b $3 - +/usr/bin/logger -p local3.info "logout,$1,$4,$5" +/sbin/pfctl -b $3 -b $4 diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 6476115..ac31fb6 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -230,9 +230,8 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { ?> <div id="wrapper"> - <div id="header"> - <div id="header-left"><a href="index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></img></a></div> + <div id="header-left"><a href="index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></a></div> <div id="header-right"> <div class="container"> <div class="left">webConfigurator</div> @@ -408,7 +407,7 @@ function add_to_menu($url, $name) { ?> <div> -<span class="pgtitle"><?=genhtmltitle($pgtitle);?></font></span> +<span class="pgtitle"><a href="<?= $_SERVER['SCRIPT_NAME'] ?>"><?=genhtmltitle($pgtitle);?></a></span> <span style="float:right; margin: 0 0 20px 20px;"> <?php if(! empty($statusurl)): ?> <a href="<?php echo $statusurl; ?>" target="_new" title="Status of items on this page."><img src="/themes/<?php echo $g['theme']; ?>/images/status.png" border="0"></a> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index cc3fdfc..ff92196 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -1080,10 +1080,10 @@ include("head.inc"); <input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>"> <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span> <p> - <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br><?=gettext(" Maximum state entries this rule can create");?><p> - <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br><?=gettext(" Maximum number of unique source hosts");?><p> - <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br><?=gettext(" Maximum number of established connections per host");?><p> - <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br><?=gettext(" Maximum state entries per host");?><p> + <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p> + <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p> + <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br><?=gettext(" Maximum state entries per host");?></p><p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> / <select name="max-src-conn-rates" id="max-src-conn-rates"> <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option> @@ -1093,13 +1093,13 @@ include("head.inc"); } ?> </select><br /> <?=gettext("Maximum new connections / per second(s)");?> - <p> + </p><p> <input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br> <?=gettext("State Timeout in seconds");?> - <p /> + </p> - <p><strong><?=gettext("NOTE: Leave fields blank to disable that feature.");?></strong> + <p><strong><?=gettext("NOTE: Leave fields blank to disable that feature.");?></strong></p> </div> </td> </tr> @@ -1160,10 +1160,10 @@ include("head.inc"); </select><br><?=gettext("HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> <p> <table width="90%"> - <tr><td width="25%"><ul><li><?=gettext("keep state");?></li></td><td><?=gettext("Works with all IP protocols.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></td><td><?=gettext("Works with all IP protocols.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("none");?></li></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></ul></td></tr> + <tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr> </table> </p> </div> diff --git a/usr/local/www/index.php b/usr/local/www/index.php index fc97c38..ffc3369 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -37,8 +37,8 @@ ##|+PRIV ##|*IDENT=page-system-login/logout -##|*NAME=System: Login / Logout page -##|*DESCR=Allow access to the 'System: Login / Logout' page. +##|*NAME=System: Login / Logout page / Dashboard +##|*DESCR=Allow access to the 'System: Login / Logout' page and Dashboard. ##|*MATCH=index.php* ##|-PRIV diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 6156c65..7cc9ef3 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -94,6 +94,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['monitor_type'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This monitor name has already been used. Monitor names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + switch($_POST['type']) { case 'icmp': { break; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index e37f51c..0e15dc2 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -80,6 +80,10 @@ if ($_POST) { for ($i=0; isset($config['load_balancer']['lbpool'][$i]); $i++) if (($_POST['name'] == $config['load_balancer']['lbpool'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This pool name has already been used. Pool names must be unique."); + + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + if (!is_port($_POST['port'])) $input_errors[] = gettext("The port must be an integer between 1 and 65535."); if (is_array($_POST['servers'])) { diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index 667a0af..396cd9b 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -123,6 +123,8 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['lbactions'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This action name has already been used. Action names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); if (!$input_errors) { $actent = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index ecd8ce4..1c0daa8 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -85,6 +85,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['lbprotocol'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This protocol name has already been used. Protocol names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + switch($_POST['type']) { case 'tcp': case 'http': diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 4cbf0e2..e93f0d6 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -85,6 +85,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This virtual server name has already been used. Virtual server names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + if (!is_port($_POST['port'])) $input_errors[] = gettext("The port must be an integer between 1 and 65535."); diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index fc7cef0..8a18ed6 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -147,7 +147,7 @@ if ($_POST) { if ($pconfig['type'] == "ldap") { $reqdfields = explode(" ", "name type ldap_host ldap_port ". - "ldap_urltype ldap_protver ldap_scope ldap_basedn ". + "ldap_urltype ldap_protver ldap_scope ". "ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers"); $reqdfieldsn = array( gettext("Descriptive name"), @@ -157,7 +157,6 @@ if ($_POST) { gettext("Transport"), gettext("Protocol version"), gettext("Search level"), - gettext("Search Base DN"), gettext("User naming Attribute"), gettext("Group naming Attribute"), gettext("Group member attribute"), @@ -507,7 +506,7 @@ function select_clicked() { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Search scope");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="2"> <tr> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 3678138..4b23c95 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -225,7 +225,7 @@ if ($_POST) { $client['proxy_passwd'] = $pconfig['proxy_passwd']; $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; - $client['custom_options'] = $pconfig['custom_options']; + $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { $client['caref'] = $pconfig['caref']; @@ -625,22 +625,22 @@ function autotls_change() { <td width="78%" class="vtable"> <select name='certref' class="formselect"> <?php - foreach ($config['cert'] as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - if (in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + foreach ($config['cert'] as $cert): + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + if (is_user_cert($cert['refid'])) + continue; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 7b85514..ca6c261 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -285,7 +285,7 @@ if ($_POST) { list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; - $server['custom_options'] = $pconfig['custom_options']; + $server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { if ($pconfig['tlsauth_enable']) { @@ -749,22 +749,22 @@ function netbios_change() { <td width="78%" class="vtable"> <select name='certref' class="formselect"> <?php - foreach ($config['cert'] as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - if (in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + foreach ($config['cert'] as $cert): + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + if (is_user_cert($cert['refid'])) + continue; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index c17c144..25454c8 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -48,7 +48,6 @@ $clients = openvpn_get_active_clients(); <script src="/javascript/sorttable.js" type="text/javascript"></script> <br/> -<form action="status_openvpn.php" method="get" name="iform"> <script type="text/javascript"> function killClient(mport, remipp) { var busy = function(icon) { diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 14a1802..9dc4d80 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -457,11 +457,11 @@ function showchange() { else $interfaces = get_configured_interface_with_descr(); foreach ($interfaces as $ifname => $iface) { - if (is_array($iface)) { - if ($iface['mac']) - $iface = $ifname. " ({$iface['mac']})"; - } else - $iface = $ifname; + if ($field['type'] == "interface_select") { + $iface = $ifname; + if ($iface['mac']) + $iface .= " ({$iface['mac']})"; + } $SELECTED = ""; if ($value == $ifname) $SELECTED = " SELECTED"; $to_echo = "<option value='" . $ifname . "'" . $SELECTED . ">" . $iface . "</option>\n"; @@ -470,13 +470,12 @@ function showchange() { if($field['interface_filter'] <> "") { if(stristr($ifname, $field['interface_filter']) == true) $canecho = 1; - } else { + } else $canecho = 1; - } if($canecho == 1) echo $to_echo; } - echo "</select>\n"; + echo "</select>\n"; if($field['description'] <> "") { echo "<br /> " . $field['description']; diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 3f4de03..375ad46 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -157,13 +157,21 @@ function restore_config_section_xmlrpc($raw_params) { $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + $vipbackup = array(); if (isset($params[0]['virtualip'])) { if(is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) interface_vip_bring_down($vip); } + $vipbackup = $config['virtualip']['vip']; } + // For vip section, first keep items sent from the master $config = array_merge($config, $params[0]); + // Then add ipalias and proxyarp types already defined on the backup + foreach ($vipbackup as $vip) { + if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + $config['virtualip']['vip'][]=$vip ; + } $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); interfaces_vips_configure(); |