diff options
48 files changed, 646 insertions, 246 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 17093a9..08993ff 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -921,11 +921,16 @@ function session_auth($backing) { } /* If session timeout isn't set, we don't mark sessions stale */ - if (!isset($config['system']['webgui']['session_timeout']) || - $config['system']['webgui']['session_timeout'] == 0 || - $config['system']['webgui']['session_timeout'] == "") - $_SESSION['last_access'] = time(); - else { + if ( $config['system']['webgui']['session_timeout'] == 0 || + $config['system']['webgui']['session_timeout'] == "") { + $_SESSION['last_access'] = time(); + } elseif (!isset($config['system']['webgui']['session_timeout'])) { + /* Default to 4 hour timeout if one is not set */ + if ($_SESSION['last_access'] < (time() - 14400)) { + $_GET['logout'] = true; + $_SESSION['Logout'] = true; + } + } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { $_GET['logout'] = true; @@ -994,4 +999,4 @@ function session_auth($backing) { return true; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 4f990f8..a8e5fe9 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -41,6 +41,8 @@ */ /* include all configuration functions */ +require_once("config.inc"); +require_once("functions.inc"); require_once("radius_authentication.inc"); require_once("radius_accounting.inc"); require_once("radius.inc"); @@ -241,10 +243,14 @@ EOD; if(isset($config['captiveportal']['httpslogin'])) { $cert = base64_decode($config['captiveportal']['certificate']); + if (isset($config['captiveportal']['cacertificate'])) + $cacert = base64_decode($config['captiveportal']['cacertificate']); + else + $cacert = ""; $key = base64_decode($config['captiveportal']['private-key']); /* generate lighttpd configuration */ system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal-SSL.conf", - $cert, $key, "", "lighty-CaptivePortal-ssl.pid", "8001", "/usr/local/captiveportal/", + $cert, $key, $cacert, "lighty-CaptivePortal-ssl.pid", "8001", "/usr/local/captiveportal/", "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); } @@ -325,11 +331,11 @@ EOD; if (!empty($listrealif)) { mwexec("/sbin/ifconfig {$listrealif} -ipfwfilter"); $carpif = link_ip_to_carp_interface(find_interface_ip($listrealif)); - } - if (!empty($carpif)) { - $carpsif = explode(" ", $carpif); - foreach ($carpsif as $cpcarp) - mwexec("/sbin/ifconfig {$cpcarp} -ipfwfilter"); + if (!empty($carpif)) { + $carpsif = explode(" ", $carpif); + foreach ($carpsif as $cpcarp) + mwexec("/sbin/ifconfig {$cpcarp} -ipfwfilter"); + } } } } @@ -380,9 +386,9 @@ EOD; $rulenum++; $cprules .= "add {$rulenum} set 1 pass udp from {$cpip} 67 to any 68 out \n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass icmp from {$cpip} to any out icmptype 8\n"; + $cprules .= "add {$rulenum} set 1 pass icmp from {$cpip} to any out icmptype 0\n"; $rulenum++; - $cprules .= "add {$rulenum} set 1 pass icmp from any to {$cpip} in icmptype 0 \n"; + $cprules .= "add {$rulenum} set 1 pass icmp from any to {$cpip} in icmptype 8 \n"; $rulenum++; //# allow access to our DNS forwarder $cprules .= "add {$rulenum} set 1 pass udp from {$cpip} to any 53 in \n"; diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 5853c49..9ccd22d 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -224,7 +224,7 @@ function csr_generate(& $cert, $keylen, $dn) { $args = array( "digest_alg" => "sha1", - "private_key_bits" => $keylen, + "private_key_bits" => (int)$keylen, "private_key_type" => OPENSSL_KEYTYPE_RSA, "encrypt_key" => false); diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 0bfbb77..e2c1eda 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -88,10 +88,10 @@ $dnsWildcard = 'OFF', $dnsMX = '', $dnsIf = '', $dnsBackMX = '', $dnsServer = '', $dnsPort = '', $dnsUpdateURL = '') { - global $config; + global $config, $g; - $this->_cacheFile = "/cf/conf/dyndns_{$dnsIf}{$dnsService}.cache"; - $this->_debugFile = "/var/etc/dyndns_{$dnsIf}{$dnsService}.debug"; + $this->_cacheFile = "{$g['conf_path']}/dyndns_{$dnsIf}{$dnsService}.cache"; + $this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}.debug"; log_error("DynDns: updatedns() starting"); diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index f07b67c..2b17ed5 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -136,7 +136,6 @@ function easyrule_block_alias_add($host, $int = 'wan') { if (!is_array($config['aliases']['alias'])) $config['aliases']['alias'] = array(); - aliases_sort(); $a_aliases = &$config['aliases']['alias']; /* Try to get the ID if the alias already exists */ @@ -173,6 +172,9 @@ function easyrule_block_alias_add($host, $int = 'wan') { else $a_aliases[] = $alias; + // Sort list + $a_aliases = msort($a_aliases, "name"); + return true; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6bf0674..bb7cbbd 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -413,6 +413,8 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $finallist = ""; $aliasnesting[$name] = $name; foreach ($addresses as $address) { + if (empty($address)) + continue; $linelength = strlen($finallist); $tmpline = ""; if(is_alias($address)) { @@ -2349,7 +2351,7 @@ function filter_generate_ipsec_rules() { } } - if(preg_match("/^carp/i", $ph1ent['interface'])) { + if(preg_match("/^vip/i", $ph1ent['interface'])) { $parentinterface = link_carp_interface_to_parent($ph1ent['interface']); } else { $parentinterface = $ph1ent['interface']; @@ -2434,4 +2436,4 @@ function discover_pkg_rules($ruletype) { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 127ba4c..6f72a65 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -46,8 +46,8 @@ function get_nics_with_capabilities($CAPABILITIES) { $vlan_native_supp = array(); foreach($if_list as $if => $iface) { $iface = trim($iface); - $capable = `ifconfig -m $iface | grep "capabilities=.*{$CAPABILITIES}"`; - if($capable) { + $capable = pfSense_get_interface_addresses($iface); + if(isset($capable['caps'][$CAPABILITIES])) { $interfacenonum = remove_numbers($iface); if(!in_array($interfacenonum, $vlan_native_supp)) $vlan_native_supp[] = $interfacenonum; @@ -79,7 +79,7 @@ $g = array( "product_name" => "pfSense", "product_copyright" => "BSD Perimeter LLC", "product_copyright_url" => "http://www.bsdperimeter.com", - "product_copyright_years" => "2004 - 2009", + "product_copyright_years" => "2004 - 2010", "product_website" => "www.pfsense.org", "product_website_footer" => "http://www.pfsense.org/?gui20", "product_email" => "coreteam@pfsense.org", @@ -106,15 +106,8 @@ $g = array( "help_base_url" => "/help.php" ); -// Loop through and set vlan_native_supp (native vlan tagging) -$vlan_native_supp = get_nics_with_capabilities("HWTAGGING"); -if(count($vlan_native_supp) > 0) - $g['vlan_native_supp'] = $vlan_native_supp; -else - $g['vlan_native_supp'] = array("bce", "bge", "bfe", "cxgb", "dc", "em", "fxp", "gem", "hme", "ixgb", "msk", "nge", "re", "rl", "sis", "ste", "stge", "ti", "tl", "tx", "txp", "vge", "vr", "xl", "lagg"); - // Loop through and set vlan_long_frame VLAN_MTU -$vlan_native_supp = get_nics_with_capabilities("VLAN_MTU"); +$vlan_native_supp = get_nics_with_capabilities("vlanmtu"); if(count($vlan_native_supp) > 0) $g['vlan_long_frame'] = $vlan_native_supp; else @@ -135,7 +128,7 @@ if(file_exists("/etc/platform")) { $g['firmware_update_text']="pfSense-*.img.gz"; } else { - $g['update_url']="http://snapshots.pfsense.org/FreeBSD_RELENG_8_0/{$arch}/pfSense_HEAD/.updaters/"; + $g['update_url']="http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/{$arch}/pfSense_HEAD/.updaters/"; $g['update_manifest']="http://updates.pfSense.com/manifest"; $g['firmware_update_text']="pfSense-*.tgz"; } @@ -143,31 +136,31 @@ if(file_exists("/etc/platform")) { /* Default sysctls */ $sysctls = array("net.inet.ip.portrange.first" => "1024", - "net.inet.tcp.blackhole" => "2", - "net.inet.udp.blackhole" => "1", - "net.inet.ip.random_id" => "1", - "net.inet.tcp.drop_synfin" => "1", - "net.inet.ip.redirect" => "1", - "net.inet6.ip6.redirect" => "1", - "net.inet.tcp.syncookies" => "1", - "net.inet.tcp.recvspace" => "65228", - "net.inet.tcp.sendspace" => "65228", - "net.inet.ip.fastforwarding" => "1", - "net.inet.tcp.delayed_ack" => "0", - "net.inet.udp.maxdgram" => "57344", - "net.link.bridge.pfil_onlyip" => "0", - "net.link.bridge.pfil_member" => "1", - "net.link.bridge.pfil_bridge" => "0", - "net.link.tap.user_open" => "1", - "kern.rndtest.verbose" => "0", - "kern.randompid" => "347", - "net.inet.ip.intr_queue_maxlen" => "1000", - "hw.syscons.kbd_reboot" => "0", - "net.inet.tcp.inflight.enable" => "1", - "net.inet.tcp.log_debug" => "0", - "net.inet.icmp.icmplim" => "750", - "net.inet.tcp.tso" => "0", - "hw.bce.tso_enable" => "0" - ); + "net.inet.tcp.blackhole" => "2", + "net.inet.udp.blackhole" => "1", + "net.inet.ip.random_id" => "1", + "net.inet.tcp.drop_synfin" => "1", + "net.inet.ip.redirect" => "1", + "net.inet6.ip6.redirect" => "1", + "net.inet.tcp.syncookies" => "1", + "net.inet.tcp.recvspace" => "65228", + "net.inet.tcp.sendspace" => "65228", + "net.inet.ip.fastforwarding" => "1", + "net.inet.tcp.delayed_ack" => "0", + "net.inet.udp.maxdgram" => "57344", + "net.link.bridge.pfil_onlyip" => "0", + "net.link.bridge.pfil_member" => "1", + "net.link.bridge.pfil_bridge" => "0", + "net.link.tap.user_open" => "1", + "kern.rndtest.verbose" => "0", + "kern.randompid" => "347", + "net.inet.ip.intr_queue_maxlen" => "1000", + "hw.syscons.kbd_reboot" => "0", + "net.inet.tcp.inflight.enable" => "1", + "net.inet.tcp.log_debug" => "0", + "net.inet.icmp.icmplim" => "750", + "net.inet.tcp.tso" => "0", + "hw.bce.tso_enable" => "0" + ); ?> diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 3cb4727..90949d4 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -303,7 +303,7 @@ function return_gateways_array($disabled = false) { $gateway['attribute'] = "system"; /* Loopback dummy for dynamic interfaces without a IP */ - if(!is_ipaddr(trim($gateway['gateway']))) { + if(!is_ipaddr(trim($gateway['gateway'])) && $gateway['dynamic'] == true) { $gateway['gateway'] = "dynamic"; } @@ -520,7 +520,7 @@ function get_interface_gateway($interface, &$dynamic = false) { $gw = lookup_gateway_ip_by_name($gwcfg['gateway']); // for dynamic interfaces we handle them through the $interface_router file. - if (!is_ipaddr($gw)) { + if (!is_ipaddr($gw) && !is_ipaddr($gwcfg['ipaddr'])) { $realif = get_real_interface($interface); if (file_exists("{$g['tmp_path']}/{$realif}_router")) { $gw = file_get_contents("{$g['tmp_path']}/{$realif}_router"); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index bb0fe97..e5515bf 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -148,13 +148,13 @@ function interface_vlan_configure(&$vlan) { interfaces_bring_up($vlanif); - /* invalidate interface cache */ - get_interface_arr(true); + /* invalidate interface cache */ + get_interface_arr(true); - /* all vlans need to spoof their parent mac address, too. see - * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 - */ - foreach($config['interfaces'] as $interfaces) { + /* all vlans need to spoof their parent mac address, too. see + * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 + */ + foreach($config['interfaces'] as $interfaces) { if($interfaces['if'] == $if && $interfaces['spoofmac']) { mwexec("/sbin/ifconfig " . escapeshellarg($vlanif) . " link " . escapeshellarg($interfaces['spoofmac'])); @@ -1775,6 +1775,8 @@ function interface_configure($interface = "wan", $reloadall = false) { $cmd .= " mediaopt " . escapeshellarg($wancfg['mediaopt']); mwexec($cmd); } + if (!empty($wancfg['mtu'])) + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " mtu {$wancfg['mtu']}"); /* invalidate interface/ip/sn cache */ get_interface_arr(true); @@ -2658,7 +2660,7 @@ function link_interface_to_vlans($int, $action = "") { $real_if = get_real_interface($int); if (is_array($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $vlan) { - if ($real_int == $vlan['if']) { + if ($real_if == $vlan['if']) { if ($action == "update") { foreach ($config['interfaces'] as $ifname => $ifcfg) { if ($ifcfg['if'] == $vlan['vlanif']) diff --git a/etc/inc/openvpn.auth-ldap.php b/etc/inc/openvpn.auth-ldap.php new file mode 100755 index 0000000..7155972 --- /dev/null +++ b/etc/inc/openvpn.auth-ldap.php @@ -0,0 +1,77 @@ +#!/usr/local/bin/php -f +<?php +/* $Id$ */ +/* + openvpn.auth-ldap.php + + Copyright (C) 2010 Ermal Luçi + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: + pfSense_MODULE: openvpn +*/ + +/* setup syslog logging */ +openlog("openvpn", LOG_ODELAY, LOG_AUTH); + +/* read data from environment */ +$username = getenv("username"); +$password = getenv("password"); + +if (empty($username) || empty($password)) { + syslog(LOG_ERR, "invalid user authentication environment"); + exit(-1); +} + +/* Replaced by a sed with propper variables used below(ldap parameters). */ +//<template> + +$usernamedn = $username; +if (!strstr($username, "@") && !strstr($username, "\\")) + $usernamedn .= $ldapbasedn; + +/* Make sure we can connect to LDAP */ +putenv('LDAPTLS_REQCERT=never'); +if (!($ldap = @ldap_connect($ldaphost, $ldapport))) { + syslog(LOG_ERROR, "ERROR! Could not connect to server {$ldaphost}."); + exit(-2); +} + +ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); +ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); + +/* ok, its up. now, lets bind as the bind user so we can search it */ +if (!($res = @ldap_bind($ldap, $username, $password)) && !($res = @ldap_bind($ldap, $usernamedn, $password))) { + syslog(LOG_WARNING, "user {$username} could not authenticate\n"); + ldap_close($ldap); + exit(-3); +} + +syslog(LOG_WARNING, "user {$username} authenticated\n"); +ldap_unbind($ldap); + +exit(0); + +?> diff --git a/etc/inc/openvpn.auth-radius.php b/etc/inc/openvpn.auth-radius.php new file mode 100755 index 0000000..ea750de --- /dev/null +++ b/etc/inc/openvpn.auth-radius.php @@ -0,0 +1,79 @@ +#!/usr/local/bin/php -f +<?php +/* $Id$ */ +/* + openvpn.auth-radius.php + + Copyright (C) 2010 Ermal Luçi + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: + pfSense_MODULE: openvpn +*/ + +require_once("radius.inc"); + +/* setup syslog logging */ +openlog("openvpn", LOG_ODELAY, LOG_AUTH); + +/* read data from environment */ +$username = getenv("username"); +$password = getenv("password"); + +if (empty($username) || empty($password)) { + syslog(LOG_ERR, "invalid user authentication environment"); + exit(-1); +} + +/* Replaced by a sed with propper variables used below(server parameters). */ +//<template> + +$rauth = new Auth_RADIUS_PAP($username, $password); +/* Add server to our instance */ +$rauth->addServer($radsrv, $radport, $radsecret); + +if (!$rauth->start()) { + syslog(LOG_ERROR, "ERROR! . $rauth->getError()); + exit(-2); +} + +/* Send request */ +$result = $rauth->send(); +if (PEAR::isError($result)) { + syslog(LOG_WARNING, "Something went wrong trying to authenticate {$username}. " . $result->getMessage() . " \n"); + exit(-1); +} else if ($result === true) { + syslog(LOG_WARNING, "user {$username} authenticated\n"); +} else { + syslog(LOG_WARNING, "user {$username} could not authenticate. \n"); + exit(-3); +} + +// close OO RADIUS_AUTHENTICATION +$rauth->close(); + +exit(0); + +?> diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index a67d1bb..09f9056 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -379,7 +379,36 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "client-cert-not-required\n"; case 'server_tls_user': $conf .= "username-as-common-name\n"; - $conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; + if ($settings['authmode'] == "local") + $conf .= "auth-user-pass-verify /etc/inc/openvpn.auth-user.php via-env\n"; + else { + $authcfg = system_get_authserver($settings['authmode']); + if ($authcfg) { + switch ($authcfg['type']) { + case 'ldap': + $basednrplc = array("dc=", "DC="); + $ldapbasedn = str_replace($basednrplc, "", $authcfg['ldap_basedn']); + $ldapbasedn = str_replace(",", ".", $ldapbasedn); + $sed = "\$ldapport=\"{$authcfg['ldap_port']}\";"; + if (strstr($authcfg['ldap_urltype'], "Standard")) + $ldapproto = "ldap"; + else + $ldapproto = "ldaps"; + $sed .= "\$ldaphost=\"{$ldapproto}:\/\/{$authcfg['host']}\";"; + $sed .= "\$ldapbasedn=\"@{$ldapbasedn}\";"; + $sed .= "\$ldapver={$authcfg['ldap_protver']};"; + break; + case 'radius': + $sed = "\$radsrv=\"{$authcfg['host']}\";"; + $sed .= "\$radport=\"{$authcfg['radius_auth_port']}\";"; + $sed .= "\$radsecret=\"{$authcfg['radius_secret']}\";"; + break; + } + mwexec("/bin/cat /etc/inc/openvpn.auth-{$authcfg['type']}.php | /usr/bin/sed 's/\/\/<template>/{$sed}/g' > {$g['varetc_path']}/openvpn/{$mode_id}.php"); + mwexec("/bin/chmod a+x {$g['varetc_path']}/openvpn/{$mode_id}.php"); + $conf .= "auth-user-pass-verify {$g['varetc_path']}/openvpn/{$mode_id}.php via-env\n"; + } + } break; } @@ -446,8 +475,16 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "ifconfig $ip2 $ip1\n"; } - if ($settings['proxy_addr']) - $conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}\n"; + if ($settings['proxy_addr']) { + $conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}"; + if ($settings['proxy_authtype'] != "none") { + $conf .= " {$g['varetc_path']}/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}"; + $proxypas = "{$settings['proxy_user']}\n"; + $proxypas .= "{$settings['proxy_passwd']}\n"; + file_put_contents("{$g['varetc_path']}/openvpn/{$mode_id}.pas", $proxypas); + } + $conf .= " \n"; + } } // Add a remote network route if set @@ -475,8 +512,13 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n"; if ($settings['crl']) openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify"); - if ($settings['tls']) - openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $settings['mode'] == "server_tls" ? "0" : "1"); + if ($settings['tls']) { + if ($settings['mode'] == "server_tls" || $settings['mode'] == "server_tls_user") + $tlsopt = 0; + else + $tlsopt = 1; + openvpn_add_keyfile($settings['tls'], $conf, $mode_id, "tls-auth", $tlsopt); + } break; } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 521d07e..0dca970 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1192,26 +1192,24 @@ function get_interface_info($ifdescr) { /* run netstat to determine link info */ unset($linkinfo); - if ($ifinfo['if'] != $ifinfo['hwif']) - $chkif = $ifinfo['hwif']; - else - $chkif = $ifinfo['if']; + $chkif = $ifinfo['if']; exec("/usr/bin/netstat -I {$chkif} -nWb -f link", $linkinfo); - $linkinfo = preg_split("/\s+/", $linkinfo[1]); - if ("{$chkif}*" == $linkinfo[0]) - $ifinfo['status'] = "down"; - else if ($chkif == $linkinfo[0]) - $ifinfo['status'] = "up"; - else - $ifinfo['status'] = "down"; + + $ifinfotmp = pfSense_get_interface_addresses($chkif); + $ifinfo['status'] = $ifinfotmp['status']; + $ifinfo['macaddr'] = $ifinfotmp['macaddr']; + $ifinfo['ipaddr'] = $ifinfotmp['ipaddr']; + $ifinfo['subnet'] = $ifinfotmp['subnet']; + if (isset($ififnotmp['link0'])) + $link0 = "down"; + - if (preg_match("/^enc|^tun|^ppp|^pptp|^ovpn/i", $ifinfo['if'])) { + if (preg_match("/^enc|^tun|^ppp|^pptp|^ovpn/i", $chkif)) { $ifinfo['inpkts'] = $linkinfo[3]; $ifinfo['outpkts'] = $linkinfo[6]; } else { - $ifinfo['macaddr'] = $linkinfo[3]; $ifinfo['inerrs'] = $linkinfo[5]; $ifinfo['outerrs'] = $linkinfo[9]; $ifinfo['collisions'] = $linkinfo[11]; @@ -1219,7 +1217,7 @@ function get_interface_info($ifdescr) { /* Use pfctl for non wrapping 64 bit counters */ /* Pass */ - exec("/sbin/pfctl -vvsI -i {$ifinfo['if']}", $pfctlstats); + exec("/sbin/pfctl -vvsI -i {$chkif}", $pfctlstats); $pf_in4_pass = preg_split("/ +/ ", $pfctlstats[3]); $pf_out4_pass = preg_split("/ +/", $pfctlstats[5]); $in4_pass = $pf_in4_pass[5]; @@ -1249,32 +1247,9 @@ function get_interface_info($ifdescr) { $ifinfo['outpkts'] = $in4_pass_packets + $out4_block_packets; $ifconfiginfo = ""; - unset($ifconfiginfo, $link0); - exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo); - foreach ($ifconfiginfo as $ici) { - if (preg_match("/inet (\S+)/", $ici, $matches)) { - $ifinfo['ipaddr'] = $matches[1]; - } - if (preg_match("/netmask (\S+)/", $ici, $matches)) { - if (preg_match("/^0x/", $matches[1])) { - $ifinfo['subnet'] = long2ip(hexdec($matches[1])); - } - } - if (strpos($ici, 'LINK0') !== false) { - $link0 = "down"; - } - } - - switch ($config['interfaces'][$if]['ipaddr']) { - /* DHCP? -> see if dhclient is up */ + switch ($config['interfaces'][$ifdescr]['ipaddr']) { + /* DHCP? -> see if dhclient is up */ case "dhcp": - /* see if dhclient is up */ - if (find_dhclient_process($ifinfo['if']) <> "") - $ifinfo['dhcplink'] = "up"; - else - $ifinfo['dhcplink'] = "down"; - - break; case "carpdev-dhcp": /* see if dhclient is up */ if (find_dhclient_process($ifinfo['if']) <> "") @@ -1752,4 +1727,4 @@ function safe_write_file($file, $content, $force_binary) { return true; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 8797994..636c75f 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -39,6 +39,7 @@ */ function services_parse_dhcpd_hostnames() { + global $config; $ps = `ps awux | grep isc | grep -v grep | grep parse | awk '{ print $2 }'`; if($ps) exec("kill {$ps}"); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 2c8291d..9a9598c 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -134,7 +134,7 @@ function system_resolvconf_generate($dynupdate = false) { if(is_ipaddr($gatewayip)) { /* dns server array starts at 0 */ $dnscountermo = $dnscounter - 1; - mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}"); + mwexec("route delete -host {$syscfg['dnsserver'][$dnscountermo]}", true); mwexec("route add -host {$syscfg['dnsserver'][$dnscountermo]} {$gatewayip}"); } } @@ -1356,4 +1356,14 @@ function enable_watchdog() { } } +function system_get_authserver($name) { + global $config; + + if (is_array($config['system']['authserver'])) { + foreach ($config['system']['authserver'] as $authcfg) { + if ($authcfg['name'] == $name) + return $authcfg; + } + } +} ?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 96e214a..f099f93 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -119,7 +119,6 @@ function vpn_ipsec_configure($ipchg = false) $a_phase1 = $config['ipsec']['phase1']; $a_phase2 = $config['ipsec']['phase2']; $a_client = $config['ipsec']['client']; - $lancfg = $config['interfaces']['lan']; $lanip = get_interface_ip("lan"); $lansn = get_interface_subnet("lan"); $lansa = gen_subnet($lanip, $lansn); @@ -314,7 +313,7 @@ function vpn_ipsec_configure($ipchg = false) if (count($ipmap)) { $racoonconf .= "\nlisten\n"; $racoonconf .= "{\n"; - $racoonconf .= " adminsock \"/var/run/racoon.sock\" \"root\" \"wheel\" 0660;\n"; + $racoonconf .= " adminsock \"/var/db/racoon/racoon.sock\" \"root\" \"wheel\" 0660;\n"; foreach ($ipmap as $addr) { $racoonconf .= "\tisakmp {$addr} [500];\n"; $racoonconf .= "\tisakmp_natt {$addr} [4500];\n"; @@ -743,11 +742,11 @@ EOD; $spdconf = ""; - /* What are these SPD entries for? - * -mgrooms 07/10/2008 - */ - $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; - $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + /* Try to prevent people from locking themselves out of webgui. Just in case. */ + if ($config['interfaces']['lan']) { + $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n"; + $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n"; + } foreach ($a_phase2 as $ph2ent) { @@ -783,7 +782,8 @@ EOD; } } mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $rgip); - mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); + if ($config['interfaces']['lan']) + mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32"); } if($ph2ent['mode'] == "tunnel") { @@ -846,12 +846,10 @@ EOD; if (!is_dir("/var/db/racoon")) mkdir("/var/db/racoon/"); - exec("/bin/mkdir -p /var/db/racoon"); - /* mange racoon process */ if (is_process_running("racoon")) { sleep("0.1"); - mwexec("/usr/local/sbin/racoonctl -s /var/run/racoon.sock reload-config", false); + mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { @@ -1551,9 +1549,9 @@ function vpn_ipsec_refresh_policies() { continue; } foreach ($a_phase2 as $phase2) { - //if($phase2['ikeid'] == $phase1['ikeid']) { - reload_tunnel_spd_policy ($phase1, $phase2, $oldphase1, $oldphase2); - //} + if($phase2['ikeid'] == $phase1['ikeid']) { + reload_tunnel_spd_policy ($phase1, $phase2, $oldphase1, $oldphase2); + } } } } @@ -1565,7 +1563,7 @@ function vpn_ipsec_refresh_policies() { $tmpfiles = array(); $dh = opendir($g['tmp_path']); while (false !== ($filename = readdir($dh))) { - if(preg_match("/^spd.conf.reload./", $tmpfile)) { + if(preg_match("/^spd.conf.reload./", $filename)) { $tmpfiles[] = $filename; } } diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 23ae588..c9720c0 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -215,6 +215,10 @@ function dump_xml_config_sub($arr, $indent) { } } } + } else if (empty($val)) { + $xmlconfig .= str_repeat("\t", $indent); + $xmlconfig .= "<$ent/>\n"; + $xmlconfig .= str_repeat("\t", $indent); } else { /* it's an array */ $xmlconfig .= str_repeat("\t", $indent); diff --git a/etc/rc.create_full_backup b/etc/rc.create_full_backup index 143e652..143e652 100644..100755 --- a/etc/rc.create_full_backup +++ b/etc/rc.create_full_backup diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 2a37169..c332d88 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -187,8 +187,10 @@ $good = true; } while (!$good); - if ($yn == "y") + if ($yn == "y") { $config['system']['webgui']['protocol'] = "http"; + $restart_webgui = true; + } } if (isset($config['system']['webgui']['noantilockout'])) { @@ -222,6 +224,10 @@ echo " DHCPD..."; services_dhcpd_configure(); } + if($restart_webgui) { + echo " restarting webConfigurator... "; + mwexec("/etc/rc.restart_webgui"); + } if ($intip != '') { if (is_ipaddr($intip)) { diff --git a/etc/rc.parse-isc-dhcpd b/etc/rc.parse-isc-dhcpd index 4770f87..d7e465f 100755 --- a/etc/rc.parse-isc-dhcpd +++ b/etc/rc.parse-isc-dhcpd @@ -3,13 +3,14 @@ # This script will monitor dhcpd.leases and parse # out active leases and ensure they are present # in /var/etc/hosts +SEARCH_DOMAIN=`grep ^domain /etc/resolv.conf | cut -f 2 -d ' '` update_hosts_file() { # $1 = host # $2 = ip cat /var/etc/hosts | grep -v "$1" > /tmp/hosts.tmp if [ "$3" != "" ]; then - echo "$2 $1 # dynamic entry created by rc.parse-isc-dhcpd" >> /tmp/hosts.tmp + echo "$2 $1.$SEARCH_DOMAIN $1 # dynamic entry created by rc.parse-isc-dhcpd" >> /tmp/hosts.tmp fi mv /tmp/hosts.tmp /var/etc/hosts killall -HUP dnsmasq @@ -20,7 +21,7 @@ cat /var/dhcpd/var/db/dhcpd.leases | grep "lease" -A8 | while read LINE do HOSTNAMEA=`echo "$LINE" | grep client-hostname | awk '{ print $2 }' | cut -d'"' -f2` ACTIVEA=`echo "$LINE" | grep active` - IPADDRA=`echo "$LINE" | grep lease | awk '{ print $2 }'` + IPADDRA=`echo "$LINE" | grep "^lease" | awk '{ print $2 }'` if [ "$HOSTNAMEA" != "" ]; then HOSTNAME="$HOSTNAMEA" fi @@ -45,7 +46,7 @@ tail -F /var/dhcpd/var/db/dhcpd.leases | grep "lease" -A8 | while read LINE do HOSTNAMEA=`echo "$LINE" | grep client-hostname | awk '{ print $2 }' | cut -d'"' -f2` ACTIVEA=`echo "$LINE" | grep active` - IPADDRA=`echo "$LINE" | grep lease | awk '{ print $2 }'` + IPADDRA=`echo "$LINE" | grep "^lease" | awk '{ print $2 }'` if [ "$HOSTNAMEA" != "" ]; then HOSTNAME="$HOSTNAMEA" fi diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 43c8804..cac39ab 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -73,7 +73,7 @@ <fieldname>pfsyncpeerip</fieldname> <type>input</type> <description> - Setting this option will force pfsync to synchronize its stable table to this IP address. The default is directed multicast. + Setting this option will force pfsync to synchronize its state table to this IP address. The default is directed multicast. </description> </field> <field> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 246be18..64273fc 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -121,7 +121,10 @@ function spit_out_select_items($area, $showall) { "wol" => "Wake on LAN" ); - $select = "<select name=\"{$area}\">\n"; + $select = "<select name=\"{$area}\" id=\"{$aread}\" "; + if ($area == "backuparea") + $select .= " onChange=backuparea_change(this)"; + $select .= " >\n"; $select .= "<option VALUE=\"\">ALL</option>"; if($showall == true) @@ -489,6 +492,13 @@ function decrypt_change() { document.getElementById("decrypt_opts").style.display=""; } +function backuparea_change(obj) { + + if (obj.value == "") + document.getElementById("dotnotbackuprrd").checked = false; + else + document.getElementById("dotnotbackuprrd").checked = true; +} //--> </script> @@ -652,4 +662,4 @@ decrypt_change(); if (is_subsystem_dirty('restore')) exec("/etc/rc.reboot"); -?>
\ No newline at end of file +?> diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index fc0871e..304714f 100755 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -58,6 +58,20 @@ if($_GET['rmver'] != "") { conf_mount_ro(); } +if($_GET['getcfg'] != "") { + $file = $g['conf_path'] . '/backup/config-' . $_GET['getcfg'] . '.xml'; + + $exp_name = urlencode("config-{$config['system']['hostname']}.{$config['system']['domain']}-{$_GET['getcfg']}.xml"); + $exp_data = file_get_contents($file); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} + cleanup_backupcache(); $confvers = get_backups(); unset($confvers['versions']); @@ -110,13 +124,18 @@ include("head.inc"); <td class="listlr"> <?= $date ?></td> <td class="listr"> <?= $desc ?></td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?newver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"> + <a href="diag_confbak.php?newver=<?=$version['time'];?>" onclick="return confirm('Revert to this configuration?')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="Revert to this configuration" title="Revert to this configuration"> + </a> + </td> + <td valign="middle" class="list" nowrap> + <a href="diag_confbak.php?rmver=<?=$version['time'];?>" onclick="return confirm('Delete this configuration backup?')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="Remove this backup" title="Remove this backup"> </a> </td> <td valign="middle" class="list" nowrap> - <a href="diag_confbak.php?rmver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"> + <a href="diag_confbak.php?getcfg=<?=$version['time'];?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="Download this backup" title="Download this backup"> </a> </td> </tr> diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index bec5e10..efd8486 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -110,7 +110,7 @@ if ($_POST) { $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) - if ($_POST['ipaddr'] == get_interface_ip($natif)) + if ($_POST['subnet'] == get_interface_ip($natif)) $input_errors[] = "The {$natdescr} IP address may not be used in a virtual entry."; if($_POST['subnet_bits'] == "32" and $_POST['type'] == "carp") @@ -130,7 +130,7 @@ if ($_POST) { /* check for overlaps with 1:1 NAT */ if (is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['ipaddr'], 32, $natent['external'], $natent['subnet'])) { + if (check_subnets_overlap($_POST['subnet'], 32, $natent['external'], $natent['subnet'])) { $input_errors[] = "A 1:1 NAT mapping overlaps with the specified IP address."; break; } diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 53875fe..6dc2ff3 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -196,9 +196,11 @@ if ($_POST['apply']) { if (!is_array($ifport)) { $reloadif = false; - if (!empty($config['interfaces'][$ifname]['if']) && $config['interfaces'][$ifname]['if'] <> $ifport) + if (!empty($config['interfaces'][$ifname]['if']) && $config['interfaces'][$ifname]['if'] <> $ifport) { + interface_bring_down($ifname); /* Mark this to be reconfigured in any case. */ $reloadif = true; + } $config['interfaces'][$ifname]['if'] = $ifport; if (preg_match('/^ppp_(.+)$/', $ifport, $matches)) { $config['interfaces'][$ifname]['pointtopoint'] = true; diff --git a/usr/local/www/interfaces_bridge.php b/usr/local/www/interfaces_bridge.php index d58771e..05c69e2 100644 --- a/usr/local/www/interfaces_bridge.php +++ b/usr/local/www/interfaces_bridge.php @@ -47,7 +47,7 @@ if (!is_array($config['bridges']['bridged'])) $a_bridges = &$config['bridges']['bridged'] ; function bridge_inuse($num) { - global $config; + global $config, $a_bridges; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -111,7 +111,7 @@ include("head.inc"); </tr> <?php $i = 0; $ifdescrs = get_configured_interface_with_descr(); foreach ($a_bridges as $bridge): ?> - <tr> + <tr ondblclick="document.location='interfaces_bridge_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars(strtoupper($bridge['bridgeif']));?> </td> diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index f3eefbe..aa1ee03 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -266,7 +266,7 @@ function show_source_port_range() { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">Description</td> + <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> <input type="text" name="descr" id="descr" class="formfld unknown" size="50" value="<?=$pconfig['descr'];?>"> </td> diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php index 7704e92..cd214e7 100644 --- a/usr/local/www/interfaces_gif.php +++ b/usr/local/www/interfaces_gif.php @@ -47,7 +47,7 @@ if (!is_array($config['gifs']['gif'])) $a_gifs = &$config['gifs']['gif'] ; function gif_inuse($num) { - global $config; + global $config, $a_gifs; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -109,7 +109,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_gifs as $gif): ?> - <tr> + <tr ondblclick="document.location='interfaces_gif_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($gif['if']);?> </td> diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php index 333ce35..5ad7026 100644 --- a/usr/local/www/interfaces_gre.php +++ b/usr/local/www/interfaces_gre.php @@ -47,7 +47,7 @@ if (!is_array($config['gres']['gre'])) $a_gres = &$config['gres']['gre'] ; function gre_inuse($num) { - global $config; + global $config, $a_gres; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -109,7 +109,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_gres as $gre): ?> - <tr> + <tr ondblclick="document.location='interfaces_vlan_gre.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($gre['if']);?> </td> diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 0414d9b..51feffd 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -69,7 +69,7 @@ if ($_POST) { $input_errors[] = "Group name already exists!"; } if (preg_match("/([^a-zA-Z])+/", $_POST['ifname'], $match)) - $input_errors[] = "Only characters in a-z A-Z are allowed as interface name."; + $input_errors[] = "Only letters A-Z are allowed as the group name."; $ifgroupentry = array(); $ifgroupentry['ifname'] = $_POST['ifname']; @@ -203,7 +203,7 @@ function removeRow(el) { <td colspan="2" valign="top" class="listtopic">Interface Groups Edit</td> </tr> <tr> - <td valign="top" class="vncellreq">Interface</td> + <td valign="top" class="vncellreq">Group Name</td> <td class="vtable"> <input class="formfld unknown" name="ifname" id="ifname" value="<?=$pconfig['ifname'];?>" /> <br /> diff --git a/usr/local/www/interfaces_lagg.php b/usr/local/www/interfaces_lagg.php index e5ac41a..0beac77 100644 --- a/usr/local/www/interfaces_lagg.php +++ b/usr/local/www/interfaces_lagg.php @@ -115,7 +115,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_laggs as $lagg): ?> - <tr> + <tr ondblclick="document.location='interfaces_lagg_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars(strtoupper($lagg['laggif']));?> </td> diff --git a/usr/local/www/interfaces_ppp.php b/usr/local/www/interfaces_ppp.php index 8e200d1..3eb93ba 100644 --- a/usr/local/www/interfaces_ppp.php +++ b/usr/local/www/interfaces_ppp.php @@ -108,7 +108,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_ppps as $id => $ppp): ?> - <tr> + <tr ondblclick="document.location='interfaces_ppp_edit.php?id=<?=$i;?>'"> <td class="listr"> <?=htmlspecialchars($ppp['port']);?> </td> diff --git a/usr/local/www/interfaces_ppp_edit.php b/usr/local/www/interfaces_ppp_edit.php index 1b86ea4..ca5fc6c 100644 --- a/usr/local/www/interfaces_ppp_edit.php +++ b/usr/local/www/interfaces_ppp_edit.php @@ -1,6 +1,6 @@ <?php /* - interfaces_lan.php + interfaces_ppp_edit.php part of pfSense(http://pfsense.org) Originally written by Adam Lebsack <adam at holonyx dot com> diff --git a/usr/local/www/interfaces_qinq.php b/usr/local/www/interfaces_qinq.php index fc88eab..604d778 100755 --- a/usr/local/www/interfaces_qinq.php +++ b/usr/local/www/interfaces_qinq.php @@ -46,7 +46,7 @@ if (!is_array($config['qinqs']['qinqentry'])) $a_qinqs = &$config['qinqs']['qinqentry']; function qinq_inuse($num) { - global $config, $g; + global $config, $a_qinqs; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -118,7 +118,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_qinqs as $qinq): ?> - <tr> + <tr ondblclick="document.location='interfaces_qinq_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($qinq['if']);?> </td> diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php index b2322e9..0adfa7d 100755 --- a/usr/local/www/interfaces_vlan.php +++ b/usr/local/www/interfaces_vlan.php @@ -48,7 +48,7 @@ if (!is_array($config['vlans']['vlan'])) $a_vlans = &$config['vlans']['vlan'] ; function vlan_inuse($num) { - global $config, $g; + global $config, $a_vlans; $iflist = get_configured_interface_list(false, true); foreach ($iflist as $if) { @@ -111,7 +111,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_vlans as $vlan): ?> - <tr> + <tr ondblclick="document.location='interfaces_vlan_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars($vlan['if']);?> </td> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 545132c..b79a5ac 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -74,6 +74,7 @@ $pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; $pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); $pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']); $pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); +$pconfig['cacert'] = base64_decode($config['captiveportal']['cacertificate']); $pconfig['key'] = base64_decode($config['captiveportal']['private-key']); $pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); $pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']); @@ -116,6 +117,8 @@ if ($_POST) { } else { if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['cacert'], "BEGIN CERTIFICATE") || !strstr($_POST['cacert'], "END CERTIFICATE")) + $input_errors[] = "This intermmediate certificate does not appear to be valid."; if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) $input_errors[] = "This key does not appear to be valid."; } @@ -174,6 +177,7 @@ if ($_POST) { $config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn']; $config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup']; $config['captiveportal']['certificate'] = base64_encode($_POST['cert']); + $config['captiveportal']['cacertificate'] = base64_encode($_POST['cacert']); $config['captiveportal']['private-key'] = base64_encode($_POST['key']); $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; @@ -569,6 +573,13 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> <br> Paste an RSA private key in PEM format here.</td> </tr> + <tr> + <td valign="top" class="vncell">HTTPS intermmediate certificate</td> + <td class="vtable"> + <textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea> + <br> + Paste a certificate in X.509 PEM format here.</td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Portal page contents</td> <td width="78%" class="vtable"> diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index b7fa1b7..f177dbb 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -113,7 +113,7 @@ if($config['installedpackages']['olsrd']) { } if (!$_GET['if']) - $savemsg = "<b>The DHCP Server can only be enabled on interfaces configured with static IP addresses.<p> The interfaces not configured with a static IP will not be shown.</p></b>"; + $savemsg = "<b>The DHCP Server can only be enabled on interfaces configured with static IP addresses.<p> Only interfaces configured with a static IP will be shown.</p></b>"; $iflist = get_configured_interface_with_descr(); diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php index d17393c..c68227e 100755 --- a/usr/local/www/services_dyndns.php +++ b/usr/local/www/services_dyndns.php @@ -53,6 +53,26 @@ if ($_GET['act'] == "del") { exit; } +function dyndnsCheckIP($int) { + + $ip_address = get_interface_ip($int); + if (is_private_ip($ip_address)) { + $hosttocheck = "checkip.dyndns.org"; + $checkip = gethostbyname($hosttocheck); + $ip_ch = curl_init("http://{$checkip}"); + curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE); + curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address); + $ip_result_page = curl_exec($ip_ch); + curl_close($ip_ch); + $ip_result_decoded = urldecode($ip_result_page); + preg_match('=Current IP Address: (.*)</body>=siU', $ip_result_decoded, $matches); + $ip_address = trim($matches[1]); + } + + return $ip_address; +} + $pgtitle = array("Services", "Dynamic DNS clients"); include("head.inc"); @@ -76,22 +96,22 @@ include("head.inc"); <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td width="5%" class="listhdrr"></td> - <td width="15%" class="listhdrr">Service</td> + <td width="5%" class="listhdrr"></td> + <td width="15%" class="listhdrr">Service</td> <td width="20%" class="listhdrr">Hostname</td> <td width="20%" class="listhdrr">Cached IP</td> <td width="50%" class="listhdr">Description</td> <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_dyndns as $dyndns): ?> - <tr> - <td class="listlr"> - <?php $iflist = get_configured_interface_with_descr(); - foreach ($iflist as $if => $ifdesc): - if ($dyndns['interface'] == $if): ?> - <?=$ifdesc; break;?> - <?php endif; endforeach; ?> - </td> + </tr> + <?php $i = 0; foreach ($a_dyndns as $dyndns): ?> + <tr ondblclick="document.location='services_dyndns_edit.php?id=<?=$i;?>'"> + <td class="listlr"> + <?php $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $if => $ifdesc): + if ($dyndns['interface'] == $if): ?> + <?=$ifdesc; break;?> + <?php endif; endforeach; ?> + </td> <td class="listlr"> <?php $types = explode(",", "DNS-O-Matic, DynDNS (dynamic),DynDNS (static),DynDNS (custom),DHS,DyNS,easyDNS,No-IP,ODS.org,ZoneEdit,Loopia,freeDNS, DNSexit, OpenDNS"); @@ -107,26 +127,23 @@ include("head.inc"); <?=htmlspecialchars($dyndns['host']);?> </td> <td class="listlr"> - <?php - $int = strtolower($if); - $real_int = get_real_interface($if); - $filename = "{$g['conf_path']}/dyndns_{$int}dyndns.cache"; - if(file_exists($filename)) { - $dns_resolv = str_replace("\n", "", `/usr/bin/host {$dyndns['host']} | awk '{ print $4 }'`); - $cached_ip_s = split(":", file_get_contents($filename)); - $cached_ip = $cached_ip_s[0]; - $int_ip = find_interface_ip($real_int); - if($int_ip <> $cached_ip or $dns_resolv <> $int_ip) - echo "<font color='red'>"; - else - echo "<font color='green'>"; - echo htmlspecialchars($cached_ip); - echo "</font>"; - } else { - echo "N/A"; - } - ?> - </td> + <?php + $filename = "{$g['conf_path']}/dyndns_{$if}{$dyndns['type']}.cache"; + $ipaddr = dyndnsCheckIP($if); + if(file_exists($filename)) { + $cached_ip_s = split(":", file_get_contents($filename)); + $cached_ip = $cached_ip_s[0]; + if($ipaddr <> $cached_ip) + echo "<font color='red'>"; + else + echo "<font color='green'>"; + echo htmlspecialchars($cached_ip); + echo "</font>"; + } else { + echo "N/A"; + } + ?> + </td> <td class="listbg"> <?=htmlspecialchars($dyndns['descr']);?> </td> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index c0ed3dd..edf2e0a 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -95,6 +95,7 @@ if ($act == "edit") { $pconfig['radius_host'] = $a_server[$id]['host']; $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port']; $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port']; + $pconfig['radius_secret'] = $a_server[$id]['radius_secret']; if ($pconfig['radius_auth_port'] && $pconfig['radius_acct_port'] ) { diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 97722c7..eb3ac65 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -668,7 +668,7 @@ function internalca_change() { <td width="78%" class="vtable"> <textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=$pconfig['csr'];?></textarea> <br> - Copy the certificate signing data from here and forward it to your certificate authority for singing.</td> + Copy the certificate signing data from here and forward it to your certificate authority for signing.</td> </td> </tr> <tr> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 7dfb6aa..b562579 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -192,7 +192,7 @@ if ($_POST) { $a_gateway_item[] = $gateway; } } - + system_resolvconf_generate(); mark_subsystem_dirty('staticroutes'); write_config(); diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index a0426c0..4ef01f5 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -72,18 +72,12 @@ if ($_POST) { if($_POST['session_timeout']) {
$timeout = intval($_POST['session_timeout']);
if ($timeout != "" && !is_numeric($timeout))
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
-
- if ($timeout < 1)
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
-
- if ($timeout > 999)
- $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater.");
+ $input_errors[] = gettext("Session timeout must be an integer value.");
}
if (!$input_errors) {
- if($_POST['session_timeout'] && $_POST['session_timeout'] != "0")
+ if($_POST['session_timeout'])
$pconfig['session_timeout'] = intval($_POST['session_timeout']);
else
unset($config['system']['webgui']['session_timeout']);
@@ -200,7 +194,7 @@ include("head.inc"); document.iform.ldapserver.disabled = 0;
document.iform.ldapbindun.disabled = 0;
document.iform.ldapbindpw.disabled = 0;
- document.iform.ldapfilter.value = "(samaccountname=$username)";
+ document.iform.ldapfilter.value = "(samaccountname=*)";
document.iform.ldapnameattribute.value = "samaccountname";
document.iform.ldapgroupattribute.value = "memberOf";
break;
@@ -214,7 +208,7 @@ include("head.inc"); document.iform.ldapserver.disabled = 0;
document.iform.ldapbindun.disabled = 0;
document.iform.ldapbindpw.disabled = 0;
- document.iform.ldapfilter.value = "(cn=$username)";
+ document.iform.ldapfilter.value = "(cn=*)";
document.iform.ldapnameattribute.value = "CN";
document.iform.ldapgroupattribute.value = "groupMembership";
break;
@@ -249,7 +243,7 @@ if(!$pconfig['backend']) <td width="78%" class="vtable">
<input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" />
<br />
- <?=gettext("Time in minutes to expire idle management sessions.");?><br />
+ <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br />
</td>
</tr>
<tr>
@@ -260,7 +254,7 @@ if(!$pconfig['backend']) <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Active Directory)</option>
<option value="ldapother"<?php if ($pconfig['backend'] == "ldapother") echo " SELECTED";?>>LDAP OTHER (eDir, etc)</option>
</select>
- <br/>NOTE: login failures or server not available issues will fall back to pfSense internal users/group authentication.
+ <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> internal users/group authentication.
</td>
</tr>
<tr>
@@ -366,4 +360,4 @@ if(!$pconfig['backend']) return true;
}
}
-</script>
\ No newline at end of file +</script>
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index f2899e6..a1eb068 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -223,7 +223,7 @@ function change_mode() { function typesel_change_local(bits) { - if (!bits) + if (typeof(bits)=="undefined") bits = 24; switch (document.iform.localid_type.selectedIndex) { @@ -258,7 +258,7 @@ function typesel_change_remote(bits) { function typesel_change_remote(bits) { - if (!bits) + if (typeof(bits)=="undefined") bits = 24; switch (document.iform.remoteid_type.selectedIndex) { diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index f1f48fd..0083fd2 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -90,6 +90,9 @@ if($_GET['act']=="edit"){ $pconfig['resolve_retry'] = $a_client[$id]['resolve_retry']; $pconfig['proxy_addr'] = $a_client[$id]['proxy_addr']; $pconfig['proxy_port'] = $a_client[$id]['proxy_port']; + $pconfig['proxy_user'] = $a_client[$id]['proxy_user']; + $pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd']; + $pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype']; $pconfig['description'] = $a_client[$id]['description']; $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; @@ -156,6 +159,11 @@ if ($_POST) { if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port')) $input_errors[] = $result; + + if ($pconfig['proxy_authtype'] != "none") { + if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd'])) + $input_errors[] = "User name and password are required for proxy with authentication."; + } } if($pconfig['tunnel_network']) @@ -207,6 +215,9 @@ if ($_POST) { $client['resolve_retry'] = $pconfig['resolve_retry']; $client['proxy_addr'] = $pconfig['proxy_addr']; $client['proxy_port'] = $pconfig['proxy_port']; + $client['proxy_authtype'] = $pconfig['proxy_authtype']; + $client['proxy_user'] = $pconfig['proxy_user']; + $client['proxy_passwd'] = $pconfig['proxy_passwd']; $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; $client['custom_options'] = $pconfig['custom_options']; @@ -277,6 +288,15 @@ function autokey_change() { document.getElementById("autokey_opts").style.display=""; } +function useproxy_changed() { + + if ($('proxy_authtype').value != 'none') { + $('proxy_authtype_opts').show(); + } else { + $('proxy_authtype_opts').hide(); + } +} + function tlsauth_change() { <?php if (!$pconfig['tls']): ?> @@ -459,6 +479,50 @@ function autotls_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Authentication method : + </span> + </td> + <td> + <select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()"> + <option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>>none</option> + <option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>>basic</option> + <option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>>ntlm</option> + </select> + </td> + </tr> + </table> + <br /> + <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none"> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Username : + </span> + </td> + <td> + <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" /> + </td> + </tr> + <tr> + <td align="right" width="25%"> + <span class="vexpl"> + Password : + </span> + </td> + <td> + <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" /> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Server host name resolution</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> @@ -797,6 +861,7 @@ function autotls_change() { mode_change(); autokey_change(); tlsauth_change(); +useproxy_changed(); //--> </script> </body> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4617e5c..c58942f 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -44,6 +44,10 @@ if (!is_array($config['openvpn']['openvpn-server'])) $a_server = &$config['openvpn']['openvpn-server']; +if (!is_array($config['system']['authserver'])) + $config['system']['authserver'] = array(); +$auth_servers =& $config['system']['authserver']; + $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -82,6 +86,7 @@ if($_GET['act']=="edit"){ $pconfig['disable'] = isset($a_server[$id]['disable']); $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; + $pconfig['authmode'] = $a_server[$id]['authmode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; @@ -238,7 +243,7 @@ if ($_POST) { if (!$tls_mode && !$pconfig['autokey_enable']) { $reqdfields = array('shared_key'); $reqdfieldsn = array('Shared key'); - } else { + } else { $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = explode(",", "Certificate Authority,Certificate");; } @@ -260,6 +265,7 @@ if ($_POST) { if ($_POST['disable'] == "yes") $server['disable'] = true; $server['mode'] = $pconfig['mode']; + $server['authmode'] = $pconfig['authmode']; $server['protocol'] = $pconfig['protocol']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; @@ -370,7 +376,12 @@ function mode_change() { case "p2p_shared_key": document.getElementById("client_opts").style.display="none"; document.getElementById("remote_opts").style.display=""; + document.getElementById("authmodetr").style.display="none"; break; + case "server_user": + case "server_tls_user": + document.getElementById("authmodetr").style.display=""; + /* FALL THROUGH */ default: document.getElementById("client_opts").style.display=""; document.getElementById("remote_opts").style.display="none"; @@ -531,6 +542,22 @@ function netbios_change() { </select> </td> </tr> + <tr id="authmodetr" style="display:none"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> + <td width="78%" class="vtable"> + <select name='authmode' id='authmode' class="formselect"> + <option value="local" <?php if ($pconfig['authmode'] == "local") echo "selected";?>>Local authentication database</option> + <?php + foreach ($auth_servers as $auth_server): + $selected = ""; + if ($pconfig['authmode'] == $auth_server['name']) + $selected = "selected"; + ?> + <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td> <td width="78%" class="vtable"> diff --git a/usr/local/www/widgets/include/gmirror_status.inc b/usr/local/www/widgets/include/gmirror_status.inc index 677be85..414c394 100644 --- a/usr/local/www/widgets/include/gmirror_status.inc +++ b/usr/local/www/widgets/include/gmirror_status.inc @@ -1,5 +1,31 @@ <?php -function get_gmirror_status() { +/* + gmirror_status.widget.php + Copyright (C) 2009-2010 Jim Pingle + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function gmirror_get_status() { $status = ""; exec("/sbin/gmirror status", $status); $mirrors = array(); @@ -28,4 +54,37 @@ function get_gmirror_status() { } /* Return an hash of mirrors and components */ return $mirrors; -} ?>
\ No newline at end of file +} + +function gmirror_html_status() { + $mirrors = gmirror_get_status(); + $output = ""; + if (count($mirrors) > 0) { + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Name</td>\n"; + $output .= "<td width=\"40%\" class=\"vncellt\">Status</td>\n"; + $output .= "<td width=\"20%\" class=\"vncellt\">Component</td>\n"; + $output .= "</tr>\n"; + foreach ($mirrors as $mirror => $name) { + $components = count($name["components"]); + $output .= "<tr>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['name']}</td>\n"; + $output .= "<td width=\"40%\" rowspan=\"{$components}\" class=\"listr\">{$name['status']}</td>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$name['components'][0]}</td>\n"; + $output .= "</tr>\n"; + if (count($name["components"]) > 1) { + $morecomponents = array_slice($name["components"], 1); + foreach ($morecomponents as $component) { + $output .= "<tr>\n"; + $output .= "<td width=\"20%\" class=\"listr\">{$component}</td>\n"; + $output .= "</tr>\n"; + } + } + } + } else { + $output .= "<tr><td colspan=\"3\" class=\"listr\">No Mirrors Found</td></tr>\n"; + } + // $output .= "<tr><td colspan=\"3\" class=\"listr\">Updated at " . date("F j, Y, g:i:s a") . "</td></tr>\n"; + return $output; +} +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/gmirror_status.widget.php b/usr/local/www/widgets/widgets/gmirror_status.widget.php index dcbcbc4..cd73a0f 100644 --- a/usr/local/www/widgets/widgets/gmirror_status.widget.php +++ b/usr/local/www/widgets/widgets/gmirror_status.widget.php @@ -1,7 +1,7 @@ <?php /* gmirror_status.widget.php - Copyright (C) 2009 Jim Pingle + Copyright (C) 2009-2010 Jim Pingle Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -27,35 +27,21 @@ require_once("/usr/local/www/widgets/include/gmirror_status.inc"); -$mirrors = get_gmirror_status(); - +if ($_GET['textonly'] == "true") { + header("Cache-Control: no-cache"); + echo gmirror_html_status(); + exit; +} ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> - <tbody> -<?php if (count($mirrors) > 0) { ?> - <tr> - <td width="40%" class="vncellt">Name</td> - <td width="40%" class="vncellt">Status</td> - <td width="20%" class="vncellt">Component</td> - </tr> - <?php foreach ($mirrors as $mirror => $name) { ?> - <tr> - <td width="40%" rowspan="<?= count($name["components"]) ?>" class="listr"><?= $name["name"] ?></td> - <td width="40%" rowspan="<?= count($name["components"]) ?>" class="listr"><?= $name["status"] ?></td> - <td width="20%" class="listr"><?= $name["components"][0] ?></td> - </tr> - <?php - if (count($name["components"]) > 1) { - $morecomponents = array_slice($name["components"], 1); - foreach ($morecomponents as $component) { ?> - <tr> - <td width="20%" class="listr"><?= $component ?></td> - </tr> - <?php } - } ?> - <?php } ?> -<?php } else { ?> - <tr><td colspan="3" class="listr">No Mirrors Found</td></tr> -<?php } ?> + <tbody id="gmirror_status_table"> + <?php echo gmirror_html_status(); ?> </tbody> </table> + +<script type="text/javascript" language="javascript"> + // <![CDATA[ + var gmirrorupdater = new Ajax.PeriodicalUpdater('gmirror_status_table', '/widgets/widgets/gmirror_status.widget.php?textonly=true', + { method: 'get', frequency: 5 } ); + // ]]> +</script> diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 45302b3..f50d469 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -654,13 +654,19 @@ function fixup_string($string) { } } $myurl = $proto . "://" . $_SERVER['HTTP_HOST'] . $urlport . "/"; - $newstring = str_replace("\$myurl", $myurl, $newstring); + + if (strstr($newstring, "\$myurl")) + $newstring = str_replace("\$myurl", $myurl, $newstring); // fixup #2: $wanip - $curwanip = get_interface_ip(); - $newstring = str_replace("\$wanip", $curwanip, $newstring); + if (strstr($newstring, "\$wanip")) { + $curwanip = get_interface_ip(); + $newstring = str_replace("\$wanip", $curwanip, $newstring); + } // fixup #3: $lanip - $lanip = get_interface_ip("lan"); - $newstring = str_replace("\$lanip", $lanip, $newstring); + if (strstr($newstring, "\$lanip")) { + $lanip = get_interface_ip("lan"); + $newstring = str_replace("\$lanip", $lanip, $newstring); + } // fixup #4: fix'r'up here. return $newstring; } |