diff options
| -rw-r--r-- | src/etc/inc/captiveportal.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/vpn.inc | 68 | ||||
| -rw-r--r-- | src/etc/pfSense.obsoletedfiles | 1 | ||||
| -rw-r--r-- | src/usr/local/share/pfSense/pre_upgrade_command | 6 | ||||
| -rw-r--r-- | src/usr/local/www/edit.php | 19 | ||||
| -rw-r--r-- | src/usr/local/www/firewall_rules.php | 38 | ||||
| -rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 4 | ||||
| -rw-r--r-- | src/usr/local/www/pkg_edit.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/services_captiveportal.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/services_dhcp.php | 39 | ||||
| -rw-r--r-- | src/usr/local/www/status_logs_common.inc | 4 | ||||
| -rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 2 | ||||
| -rw-r--r-- | tools/conf/pfPorts/poudriere_bulk | 3 |
13 files changed, 113 insertions, 77 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 032b2f4..78f1eb1 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -674,8 +674,8 @@ function captiveportal_prune_old() { * If something is missed next run will catch it! */ $pruning_time = time(); - $stop_time = $pruning_time; foreach ($cpdb as $cpentry) { + $stop_time = $pruning_time; $timedout = false; $term_cause = 1; diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index b07df83..d3bcb47 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -434,19 +434,7 @@ function vpn_ipsec_configure($restart = false) { $i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes"; } - $unity_enabled = 'yes'; - if (isset($config['ipsec']['unityplugin'])) { - $unity_enabled = 'no'; - if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.so")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.so /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED"); - conf_mount_ro(); - } - } else if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED")) { - conf_mount_rw(); - mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/ipsec/plugins/libstrongswan-unity.so"); - conf_mount_ro(); - } + $unity_enabled = isset($config['ipsec']['unityplugin']) ? 'no' : 'yes'; $makebeforebreak = ''; if (isset($config['ipsec']['makebeforebreak'])) { @@ -469,7 +457,7 @@ function vpn_ipsec_configure($restart = false) { $ipsecloglevels = vpn_logging_cfgtxt(); if (is_array($ipsecloglevels)) { foreach ($ipsecloglevels as $loglevel) { - $strongswanlog .= "\t\t" . $loglevel . "\n"; + $strongswanlog .= "\t\t\t" . $loglevel . "\n"; } } $strongswan = <<<EOD @@ -482,35 +470,43 @@ starter { charon { # number of worker threads in charon -threads = 16 -ikesa_table_size = 32 -ikesa_table_segments = 4 -init_limit_half_open = 1000 -install_routes = no -{$i_dont_care_about_security_and_use_aggressive_mode_psk} -{$accept_unencrypted} -cisco_unity = {$unity_enabled} -{$ifacesuse} -{$makebeforebreak} - -syslog { - identifier = charon - # log everything under daemon since it ends up in the same place regardless with our syslog.conf - daemon { - ike_name = yes + threads = 16 + ikesa_table_size = 32 + ikesa_table_segments = 4 + init_limit_half_open = 1000 + install_routes = no + load_modular = yes + {$i_dont_care_about_security_and_use_aggressive_mode_psk} + {$accept_unencrypted} + cisco_unity = {$unity_enabled} + {$ifacesuse} + {$makebeforebreak} + + syslog { + identifier = charon + # log everything under daemon since it ends up in the same place regardless with our syslog.conf + daemon { + ike_name = yes {$strongswanlog} + } + # disable logging under auth so logs aren't duplicated + auth { + default = -1 + } } - # disable logging under auth so logs aren't duplicated - auth { - default = -1 - } -} plugins { + # Load defaults + include {$g['varetc_path']}/ipsec/strongswan.d/charon/*.conf + stroke { secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets } + unity { + load = {$unity_enabled} + } + EOD; /* Find RADIUS servers designated for Mobile IPsec user auth */ @@ -652,7 +648,7 @@ EOD; } } - $strongswan .= "\t}\n}\n"; + $strongswan .= "\n\t}\n}\n"; @file_put_contents("{$g['varetc_path']}/ipsec/strongswan.conf", $strongswan); unset($strongswan); diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index f389efc..a841060 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -469,6 +469,7 @@ /usr/local/lib/ipsec/plugins/libstrongswan-smp.so /usr/local/lib/ipsec/plugins/libstrongswan-smp.a /usr/local/lib/ipsec/plugins/libstrongswan-smp.la +/usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/libcrypto.a /usr/local/lib/libcrypto.so /usr/local/lib/libcrypto.so.8 diff --git a/src/usr/local/share/pfSense/pre_upgrade_command b/src/usr/local/share/pfSense/pre_upgrade_command index d51637e..8c141a4 100644 --- a/src/usr/local/share/pfSense/pre_upgrade_command +++ b/src/usr/local/share/pfSense/pre_upgrade_command @@ -17,9 +17,6 @@ if which pbi_info >/dev/null 2>&1; then for pbi in $(pbi_info); do echo ">>> Removing PBI ${pbi} and all symlinks" pbi_prefix=$(pbi_info ${pbi} | awk '$1 == "Prefix:" { print $2 }') - if [ ! -d "${pbi_prefix}" ]; then - continue - fi for subdir in bin sbin; do if [ ! -d "${pbi_prefix}/${subdir}" ]; then @@ -41,6 +38,9 @@ if which pbi_info >/dev/null 2>&1; then pbi_delete ${pbi} done + + # Cleanup remaining symbolic links + find / -type l -lname '/usr/pbi/*' -delete fi # Hack to workaround ticket #3749 diff --git a/src/usr/local/www/edit.php b/src/usr/local/www/edit.php index 45fa6c1..a11f472 100644 --- a/src/usr/local/www/edit.php +++ b/src/usr/local/www/edit.php @@ -66,18 +66,21 @@ $pgtitle = array(gettext("Diagnostics"), gettext("Edit file")); require("guiconfig.inc"); if ($_POST['action']) { + $button_html = '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>'; + $alert_danger_html = '<div class="alert alert-danger" role="alert">' . $button_html; + $alert_success_html = '<div class="alert alert-success" role="alert">' . $button_html; switch ($_POST['action']) { case 'load': if (strlen($_POST['file']) < 1) { - print('|5|' . '<div class="alert alert-danger" role="alert">' . gettext("No file name specified") . '</div>' . '|'); + print('|5|' . $alert_danger_html . gettext("No file name specified") . '</div>' . '|'); } elseif (is_dir($_POST['file'])) { - print('|4|' . '<div class="alert alert-danger" role="alert">' . gettext("Loading a directory is not supported") . '</div>' . '|'); + print('|4|' . $alert_danger_html . gettext("Loading a directory is not supported") . '</div>' . '|'); } elseif (!is_file($_POST['file'])) { - print('|3|' . '<div class="alert alert-danger" role="alert">' . gettext("File does not exist or is not a regular file") . '</div>' . '|'); + print('|3|' . $alert_danger_html . gettext("File does not exist or is not a regular file") . '</div>' . '|'); } else { $data = file_get_contents(urldecode($_POST['file'])); if ($data === false) { - print('|1|' . '<div class="alert alert-danger" role="alert">' . gettext("Failed to read file") . '</div>' . '|'); + print('|1|' . $alert_danger_html . gettext("Failed to read file") . '</div>' . '|'); } else { $data = base64_encode($data); print("|0|{$_POST['file']}|{$data}|"); @@ -87,7 +90,7 @@ if ($_POST['action']) { case 'save': if (strlen($_POST['file']) < 1) { - print('|' . '<div class="alert alert-danger" role="alert">' . gettext("No file name specified") . '</div>' . '|'); + print('|' . $alert_danger_html . gettext("No file name specified") . '</div>' . '|'); } else { conf_mount_rw(); $_POST['data'] = str_replace("\r", "", base64_decode($_POST['data'])); @@ -100,11 +103,11 @@ if ($_POST['action']) { disable_security_checks(); } if ($ret === false) { - print('|' . '<div class="alert alert-danger" role="alert">' . gettext("Failed to write file") . '</div>' . '|'); + print('|' . $alert_danger_html . gettext("Failed to write file") . '</div>' . '|'); } elseif ($ret != strlen($_POST['data'])) { - print('|' . '<div class="alert alert-danger" role="alert">' . gettext("Error while writing file") . '</div>' . '|'); + print('|' . $alert_danger_html . gettext("Error while writing file") . '</div>' . '|'); } else { - print('|' . '<div class="alert alert-success" role="alert">' . gettext("File saved successfully") . '</div>' . '|'); + print('|' . $alert_success_html . gettext("File saved successfully") . '</div>' . '|'); } } exit; diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index 1d32e65..24483da 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -734,7 +734,7 @@ for ($i = 0; isset($a_filter[$i]); $i++): </form> <div class="infoblock"> - <div class="alert alert-info clearfix" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button><div class="pull-left"> + <div class="alert alert-info clearfix" role="alert"><div class="pull-left"> <dl class="dl-horizontal responsive"> <!-- Legend --> <dt><?=gettext('Legend')?></dt> <dd></dd> @@ -774,6 +774,7 @@ events.push(function() { cursor: 'grabbing', update: function(event, ui) { $('#order-store').removeAttr('disabled'); + dirty = true; } }); @@ -783,6 +784,9 @@ events.push(function() { // Save the separator bar configuration save_separators(); + + // Suppress the "Do you really want to leave the page" message + saving = true; }); // Separator bar stuff ------------------------------------------------------------------------ @@ -790,6 +794,8 @@ events.push(function() { // Globals gColor = 'bg-info'; newSeperator = false; + saving = false; + dirty = false; $("#addsep").prop('type' ,'button'); @@ -816,6 +822,19 @@ events.push(function() { $("#btnnewsep").prop('type' ,'button'); + // Watch escape and enter keys + $('#newsep').keyup(function(e) { + if(e.which == 27) { + $('#btncncsep').trigger('click'); + } + }); + + $('#newsep').keypress(function(e) { + if(e.which == 13) { + $('#btnnewsep').trigger('click'); + } + }); + handle_colors(); // Remove the temporary separator bar and replace it with the final version containing the @@ -830,6 +849,7 @@ events.push(function() { $('#order-store').removeAttr('disabled'); newSeperator = false; + dirty = true; }); // Cancel button @@ -846,10 +866,11 @@ events.push(function() { e.preventDefault(); $(this).parents('tr').remove(); $('#order-store').removeAttr('disabled'); + dirty = true; }); }); - // Compose an inout array containing the row # and text for each separator + // Compose an inout array containing the row #, color and text for each separator function save_separators() { var seprow = 0; var sepinput; @@ -864,7 +885,7 @@ events.push(function() { sepinput = '<input type="hidden" name="separator[' + sepnum + '][row]" value="' + seprow + '"></input>'; $('form').append(sepinput); - sepinput = '<input type="hidden" name="separator[' + sepnum + '][text]" value="' + $(this).find('td').text() + '"></input>'; + sepinput = '<input type="hidden" name="separator[' + sepnum + '][text]" value="' + escapeHtml($(this).find('td').text()) + '"></input>'; $('form').append(sepinput); sepinput = '<input type="hidden" name="separator[' + sepnum + '][color]" value="' + $(this).find('td').prop('class') + '"></input>'; $('form').append(sepinput); @@ -883,7 +904,7 @@ events.push(function() { $('[id^=sepclr]').prop("type", "button"); $('[id^=sepclr]').click(function () { - var color = $(this).attr('value'); + var color = $(this).attr('value'); // Clear all the color classes $(this).parent('td').prop('class', ''); $(this).parent('td').prev('td').prop('class', ''); @@ -895,6 +916,15 @@ events.push(function() { }); } + // provide a warning message if the user tries to change page before saving + $(window).bind('beforeunload', function(){ + if ((!saving && dirty) || newSeperator) { + return ("<?=gettext('You have moved one or more rules but have now yet saved')?>"); + } else { + return undefined; + } + }); + //JS equivalent to PHP htmlspecialchars() function escapeHtml(text) { var map = { diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 8a7a046..c0d2042 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -966,7 +966,7 @@ function build_flag_table() { $flagtable .= "</table>"; $flagtable .= '<input type="checkbox" name="tcpflags_any" id="tcpflags_any" value="on"'; - $flagtable .= $pconfig['tcpflags_any'] ? 'checked':'' . '/>'; + $flagtable .= ($pconfig['tcpflags_any'] ? 'checked':'') . '/>'; $flagtable .= '<strong>' . gettext(" Any flags.") . '</strong>'; return($flagtable); @@ -1505,7 +1505,7 @@ $section->addInput(new Form_Checkbox( $section->addInput(new Form_Select( 'statetype', 'State type', - (isset($pconfig['statetype'])) ? "keep state":$pconfig['statetype'], + (isset($pconfig['statetype'])) ? $pconfig['statetype'] : "keep state", array( 'keep state' => gettext('Keep'), 'sloppy state' => gettext('Sloppy'), diff --git a/src/usr/local/www/pkg_edit.php b/src/usr/local/www/pkg_edit.php index 5dac18f..e43cb43 100644 --- a/src/usr/local/www/pkg_edit.php +++ b/src/usr/local/www/pkg_edit.php @@ -624,7 +624,7 @@ if ($pkg['savetext'] != "") { $savevalue = $pkg['savetext']; } -$savehelp = gettext(""); +$savehelp = ""; if ($pkg['savehelp'] != "") { $savehelp = $pkg['savehelp']; } diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index 663e7c6..70b1d63 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -1122,7 +1122,7 @@ if ($pconfig['page']['errtext']) { $section->addInput(new Form_Button( 'btnview', 'View current page', - '?zone=' . $cpzone . '&act=viewerrhtml' + '?zone=' . $cpzone . '&act=viewerrhtml' ))->removeClass('btn-primary')->addClass('btn btn-default btn-xs'); $section->addInput(new Form_Button( diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index b643a52..b7075ae 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -374,25 +374,26 @@ if (isset($_POST['submit'])) { if (is_array($pconfig['numberoptions']['item'])) { foreach ($pconfig['numberoptions']['item'] as $numberoption) { - if ($numberoption['type'] == 'text' && strstr($numberoption['value'], '"')) { + $numberoption_value = base64_decode($numberoption['value']); + if ($numberoption['type'] == 'text' && strstr($numberoption_value, '"')) { $input_errors[] = gettext("Text type cannot include quotation marks."); - } else if ($numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption['value']) && !preg_match('/^[0-9a-f]{2}(?:\:[0-9a-f]{2})*$/i', $numberoption['value'])) { + } else if ($numberoption['type'] == 'string' && !preg_match('/^"[^"]*"$/', $numberoption_value) && !preg_match('/^[0-9a-f]{2}(?:\:[0-9a-f]{2})*$/i', $numberoption_value)) { $input_errors[] = gettext("String type must be enclosed in quotes like \"this\" or must be a series of octets specified in hexadecimal, separated by colons, like 01:23:45:67:89:ab:cd:ef"); - } else if ($numberoption['type'] == 'boolean' && $numberoption['value'] != 'true' && $numberoption['value'] != 'false' && $numberoption['value'] != 'on' && $numberoption['value'] != 'off') { + } else if ($numberoption['type'] == 'boolean' && $numberoption_value != 'true' && $numberoption_value != 'false' && $numberoption_value != 'on' && $numberoption_value != 'off') { $input_errors[] = gettext("Boolean type must be true, false, on, or off."); - } else if ($numberoption['type'] == 'unsigned integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 255)) { + } else if ($numberoption['type'] == 'unsigned integer 8' && (!is_numeric($numberoption_value) || $numberoption_value < 0 || $numberoption_value > 255)) { $input_errors[] = gettext("Unsigned 8-bit integer type must be a number in the range 0 to 255."); - } else if ($numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 65535)) { + } else if ($numberoption['type'] == 'unsigned integer 16' && (!is_numeric($numberoption_value) || $numberoption_value < 0 || $numberoption_value > 65535)) { $input_errors[] = gettext("Unsigned 16-bit integer type must be a number in the range 0 to 65535."); - } else if ($numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < 0 || $numberoption['value'] > 4294967295)) { + } else if ($numberoption['type'] == 'unsigned integer 32' && (!is_numeric($numberoption_value) || $numberoption_value < 0 || $numberoption_value > 4294967295)) { $input_errors[] = gettext("Unsigned 32-bit integer type must be a number in the range 0 to 4294967295."); - } else if ($numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -128 || $numberoption['value'] > 127)) { + } else if ($numberoption['type'] == 'signed integer 8' && (!is_numeric($numberoption_value) || $numberoption_value < -128 || $numberoption_value > 127)) { $input_errors[] = gettext("Signed 8-bit integer type must be a number in the range -128 to 127."); - } else if ($numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -32768 || $numberoption['value'] > 32767)) { + } else if ($numberoption['type'] == 'signed integer 16' && (!is_numeric($numberoption_value) || $numberoption_value < -32768 || $numberoption_value > 32767)) { $input_errors[] = gettext("Signed 16-bit integer type must be a number in the range -32768 to 32767."); - } else if ($numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption['value']) || $numberoption['value'] < -2147483648 || $numberoption['value'] > 2147483647)) { + } else if ($numberoption['type'] == 'signed integer 32' && (!is_numeric($numberoption_value) || $numberoption_value < -2147483648 || $numberoption_value > 2147483647)) { $input_errors[] = gettext("Signed 32-bit integer type must be a number in the range -2147483648 to 2147483647."); - } else if ($numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption['value']) && !is_hostname($numberoption['value'])) { + } else if ($numberoption['type'] == 'ip-address' && !is_ipaddrv4($numberoption_value) && !is_hostname($numberoption_value)) { $input_errors[] = gettext("IP address or host type must be an IP address or host name."); } } @@ -1048,21 +1049,21 @@ $btnadv = new Form_Button( $btnadv->removeClass('btn-primary')->addClass('btn-info btn-sm'); $section->addInput(new Form_StaticText( - 'NTP servers', + 'NTP', $btnadv )); $section->addInput(new Form_IpAddress( 'ntp1', - null, + 'NTP Server 1', $pconfig['ntp1'] -))->setAttribute('placeholder', 'NTP Server 1'); +)); $section->addInput(new Form_IpAddress( 'ntp2', - null, + 'NTP Server 2', $pconfig['ntp2'] -))->setAttribute('placeholder', 'NTP Server 2'); +)); // Advanced TFTP $btnadv = new Form_Button( @@ -1073,13 +1074,13 @@ $btnadv = new Form_Button( $btnadv->removeClass('btn-primary')->addClass('btn-info btn-sm'); $section->addInput(new Form_StaticText( - 'TFTP server', + 'TFTP', $btnadv )); $section->addInput(new Form_IpAddress( 'tftp', - 'Host or IP', + 'TFTP Server', $pconfig['tftp'] ))->setHelp('Leave blank to disable. Enter a full hostname or IP for the TFTP server')->setPattern('[.a-zA-Z0-9_]+'); @@ -1092,13 +1093,13 @@ $btnadv = new Form_Button( $btnadv->removeClass('btn-primary')->addClass('btn-info btn-sm'); $section->addInput(new Form_StaticText( - 'LDAP URI', + 'LDAP', $btnadv )); $section->addInput(new Form_Input( 'ldap', - null, + 'LDAP Server URI', 'text', $pconfig['ldap'] ))->setHelp('Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com '); diff --git a/src/usr/local/www/status_logs_common.inc b/src/usr/local/www/status_logs_common.inc index 71fd3dd..1e4a930 100644 --- a/src/usr/local/www/status_logs_common.inc +++ b/src/usr/local/www/status_logs_common.inc @@ -147,7 +147,9 @@ function tab_array_logs_common() { (($logfile == 'l2tps') && ($vpntype == "l2tp")), "/status_logs_vpn.php?logfile=l2tps&vpntype=l2tp"); } - display_top_tabs($tab_array, false, 'nav nav-tabs'); + if ($tab_array) { + display_top_tabs($tab_array, false, 'tabs'); + } } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index b7814cf..db033ff 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -831,7 +831,7 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Checkbox( 'strictusercn', 'Strict User-CN Matching', - null, + 'Enforce match', $pconfig['strictusercn'] ))->setHelp('When authenticating users, enforce a match between the common name of the client certificate and the username given at login.'); diff --git a/tools/conf/pfPorts/poudriere_bulk b/tools/conf/pfPorts/poudriere_bulk index be397d6..2ef4305 100644 --- a/tools/conf/pfPorts/poudriere_bulk +++ b/tools/conf/pfPorts/poudriere_bulk @@ -1,3 +1,6 @@ +databases/php56-mysql +databases/php56-mysqli +databases/php56-pdo_mysql databases/rrdtool databases/pecl-rrd benchmarks/iperf |
