diff options
48 files changed, 747 insertions, 538 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 43edae1..60912f7 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -420,10 +420,11 @@ function local_user_set(& $user) { $keys = base64_decode($user['authorizedkeys']); file_put_contents("{$user_home}/.ssh/authorized_keys", $keys); chown("{$user_home}/.ssh/authorized_keys", $user_name); - } + } else + unlink_if_exists("{$user_home}/.ssh/authorized_keys"); $un = $lock_account ? "" : "un"; - exec("/usr/sbin/pw {$un}lock -q {$user_name}"); + exec("/usr/sbin/pw {$un}lock {$user_name} -q"); conf_mount_ro(); } @@ -1211,7 +1212,7 @@ function session_auth() { $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); - log_error("Successful webConfigurator login for user '{$_POST['usernamefld']}' host: {$_SERVER['REMOTE_ADDR']}"); + log_auth("Successful webConfigurator login for user '{$_POST['usernamefld']}' from {$_SERVER['REMOTE_ADDR']}"); $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; @@ -1224,8 +1225,7 @@ function session_auth() { } else { /* give the user an error message */ $_SESSION['Login_Error'] = "Username or Password incorrect"; - log_error("webConfigurator authentication error for '{$_POST['usernamefld']}' host: '{$_SERVER['REMOTE_ADDR']}'"); - + log_auth("webConfigurator authentication error for '{$_POST['usernamefld']}' from {$_SERVER['REMOTE_ADDR']}"); if(isAjax()) { echo "showajaxmessage('{$_SESSION['Login_Error']}');"; return; diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 33aac66..e82baba 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -308,10 +308,15 @@ function cert_get_subject($str_crt, $decode = true) { return "unknown"; foreach ($components as $a => $v) { - if (!strlen($subject)) - $subject = "{$a}={$v}"; - else - $subject = "{$a}={$v}, {$subject}"; + if (is_array($v)) + foreach ($v as $w) { + $asubject = "{$a}={$w}"; + $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; + } + else { + $asubject = "{$a}={$v}"; + $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; + } } return $subject; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b513df8..421df12 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -62,31 +62,27 @@ $aliases = ""; function flowtable_configure() { global $config, $g; - return; + + if (empty($config['system']['flowtable'])) { + mwexec("/sbin/sysctl net.inet.flowtable.enable=0", true); + return; + } + // Figure out how many flows we should reserve // sized 2x larger than the number of unique connection destinations. if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) $maxstates = $config['system']['maximumstates']; else - $maxstates = "150000"; + $maxstates = 150000; // nmbflows cpu count * ($maxstates * 2) - $cpus = trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d' ' -f2`); + $cpus = trim(`/sbin/sysctl -n kern.smp.cpus`, " \n"); $nmbflows = ($cpus*($maxstates*2)); - // flowtable is not enabled - /* - if($config['system']['flowtable']) - $flowtable_enable = 1; - else - $flowtable_enable = 0; // Flowtable currently only works on 8.0 if(get_freebsd_version() == "8") { - if($flowtable_enable == 1) { - mwexec("/sbin/sysctl net.inet.flowtable.nmbflows={$config['system']['maximumstates']}"); - mwexec("/sbin/sysctl net.inet.ip.output_flowtable_size={$nmbflows}"); - } - mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); + mwexec("/sbin/sysctl net.inet.flowtable.nmbflows={$nmbflows}"); + mwexec("/sbin/sysctl net.inet.ip.output_flowtable_size={$maxstates}"); + mwexec("/sbin/sysctl net.inet.flowtable.enable=1"); } - */ } function filter_load_ipfw() { @@ -135,11 +131,19 @@ function filter_pflog_start() { /* reload filter async */ function filter_configure() { + global $g; + if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_configure() being called $mt\n"; } - send_event("filter reload"); + + /* + * NOTE: Check here for bootup status since this should not be triggered during bootup. + * The reason is that rc.bootup calls filter_configure_sync directly which does this too. + */ + if (!$g['booting']) + send_event("filter reload"); } function filter_delete_states_for_down_gateways() { @@ -180,8 +184,9 @@ function filter_configure_sync() { global $config, $g, $after_filter_configure_run, $FilterIflist; global $time_based_rules, $filterdns, $aliases; - /* Use config lock to not allow recursion and config changes during this run. */ - $filterlck = lock('config'); + /* Use filter lock to not allow recursion and config lock to prevent changes during this run. */ + $filterlck = lock('filter', LOCK_EX); + $configlck = lock('config'); filter_pflog_start(); @@ -236,6 +241,7 @@ function filter_configure_sync() { update_filter_reload_status("Filter is disabled. Not loading rules."); if($g['booting'] == true) echo "done.\n"; + unlock($configlck); unlock($filterlck); return; } @@ -293,6 +299,7 @@ function filter_configure_sync() { if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) { log_error("WARNING: Could not write new rules!"); + unlock($configlck); unlock($filterlck); return; } @@ -331,6 +338,7 @@ function filter_configure_sync() { file_notice("filter_load", "There were error(s) loading the rules: {$rules_error} {$line_error}", "Filter Reload", ""); log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}"); update_filter_reload_status("There were error(s) loading the rules: {$rules_error} - {$line_error}"); + unlock($configlck); unlock($filterlck); return; } @@ -378,7 +386,7 @@ function filter_configure_sync() { fclose($fda); } - unlock($filterlck); + unlock($configlck); if(file_exists("{$g['tmp_path']}/commands.txt")) { mwexec("sh {$g['tmp_path']}/commands.txt &"); @@ -409,6 +417,7 @@ function filter_configure_sync() { if($g['booting'] == true) echo "done.\n"; + unlock($filterlck); return 0; } diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index bab448d..ba97ba0 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -113,7 +113,7 @@ $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); if(count($vlan_native_supp) > 0) $g['vlan_long_frame'] = $vlan_native_supp; else - $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); + $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); @@ -147,7 +147,7 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.syncookies" => "1", "net.inet.tcp.recvspace" => "65228", "net.inet.tcp.sendspace" => "65228", - "net.inet.ip.fastforwarding" => "1", + "net.inet.ip.fastforwarding" => "0", "net.inet.tcp.delayed_ack" => "0", "net.inet.udp.maxdgram" => "57344", "net.link.bridge.pfil_onlyip" => "0", @@ -167,4 +167,4 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", $config_parsed = false; -?>
\ No newline at end of file +?> diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 0391e44..4ea7c32 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -232,6 +232,7 @@ EOD; /* start a new apinger process */ @unlink("{$g['tmp_path']}/apinger.status"); + sleep(1); mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); return 0; @@ -406,9 +407,11 @@ function return_gateway_groups_array() { $tiers_count = count($tiers); if($tiers_count == 0) { /* Oh dear, we have no members! Engage Plan B */ - $msg = "Gateways status could not be determined, considering all as up/active."; - log_error($msg); - notify_via_growl($msg); + if (!$g['booting']) { + $msg = "Gateways status could not be determined, considering all as up/active."; + log_error($msg); + notify_via_growl($msg); + } $tiers = $backupplan; } /* sort the tiers array by the tier key */ diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index a45ea12..4636c3e 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -35,7 +35,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - pfSense_BUILDER_BINARIES: /usr/sbin/pppd /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp + pfSense_BUILDER_BINARIES: /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/route /usr/sbin/ngctl /usr/sbin/arp /bin/kill /usr/local/sbin/mpd5 pfSense_MODULE: interfaces @@ -609,19 +609,18 @@ function interface_lagg_configure(&$lagg) { function interfaces_gre_configure() { global $config; - $i = 0; if (is_array($config['gres']['gre']) && count($config['gres']['gre'])) { - foreach ($config['gres']['gre'] as $gre) { + foreach ($config['gres']['gre'] as $i => $gre) { if(empty($gre['greif'])) $gre['greif'] = "gre{$i}"; /* XXX: Maybe we should report any errors?! */ interface_gre_configure($gre); - $i++; } } } -function interface_gre_configure(&$gre) { +/* NOTE: $grekey is not used but useful for passing this function to array_walk. */ +function interface_gre_configure(&$gre, $grekey = "") { global $config, $g; if (!is_array($gre)) @@ -664,19 +663,19 @@ function interface_gre_configure(&$gre) { function interfaces_gif_configure() { global $config; - $i = 0; + if (is_array($config['gifs']['gif']) && count($config['gifs']['gif'])) { - foreach ($config['gifs']['gif'] as $gif) { + foreach ($config['gifs']['gif'] as $i => $gif) { if(empty($gif['gifif'])) $gre['gifif'] = "gif{$i}"; /* XXX: Maybe we should report any errors?! */ interface_gif_configure($gif); - $i++; } } } -function interface_gif_configure(&$gif) { +/* NOTE: $gifkey is not used but useful for passing this function to array_walk. */ +function interface_gif_configure(&$gif, $gifkey = "") { global $config, $g; if (!is_array($gif)) @@ -819,9 +818,6 @@ function interfaces_configure() { /* reload captive portal */ captiveportal_init_rules(); - - /* set the reload filter dity flag */ - filter_configure(); } return 0; @@ -1722,7 +1718,6 @@ function interface_carp_configure(&$vip) { // set the vip interface to the vhid $vipif = "vip{$vip['vhid']}"; - $interface = interface_translate_type_to_real($vip['interface']); /* * ensure the interface containing the VIP really exists * prevents a panic if the interface is missing or invalid @@ -1754,7 +1749,7 @@ function interface_carp_configure(&$vip) { get_interface_arr(true); $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); interfaces_bring_up($vipif); @@ -1772,12 +1767,11 @@ function interface_carpdev_configure(&$vip) { if($vip['password'] != "") $password = " pass \"" . $vip_password . "\""; - log_error("Found carpdev interface {$vip['interface']} on top of interface {$interface}"); if (empty($vip['interface'])) return; $vipif = "vip" . $vip['vhid']; - $realif = interface_translate_type_to_real($vip['interface']); + $realif = get_real_interface($vip['interface']); interfaces_bring_up($realif); /* * ensure the interface containing the VIP really exists @@ -1796,7 +1790,7 @@ function interface_carpdev_configure(&$vip) { pfSense_ngctl_name("{$carpdevif}:", $vipif); } - mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} carpdev {$realif} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); interfaces_bring_up($vipif); /* @@ -1896,6 +1890,7 @@ function interface_wireless_clone($realif, $wlcfg) { pfSense_interface_rename($newif, $realif); // FIXME: not sure what ngctl is for. Doesn't work. // mwexec("/usr/sbin/ngctl name {$newif}: {$realif}", false); + file_put_contents("{$g['tmp_path']}/{$realif}_oldmac", get_interface_mac($realif)); } return true; } @@ -2256,7 +2251,26 @@ EOD; fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c {$g['varetc_path']}/wpa_supplicant_{$if}.conf\n"); } if ($wlcfg['mode'] == "hostap") { + /* add line to script to restore old mac to make hostapd happy */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + $if_oldmac = file_get_contents("{$g['tmp_path']}/{$if}_oldmac"); + if (is_macaddr($if_oldmac)) + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_oldmac) . "\n"); + } + fwrite($fd_set, "{$hostapd} -B {$g['varetc_path']}/hostapd_{$if}.conf\n"); + + /* add line to script to restore spoofed mac after running hostapd */ + if (file_exists("{$g['tmp_path']}/{$if}_oldmac")) { + if ($wl['spoofmac']) + $if_curmac = $wl['spoofmac']; + else + $if_curmac = get_interface_mac($if); + if (is_macaddr($if_curmac)) + fwrite($fd_set, "{$ifconfig} " . escapeshellarg($if) . + " link " . escapeshellarg($if_curmac) . "\n"); + } } } @@ -2383,6 +2397,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven $wancfg = $config['interfaces'][$interface]; $realif = get_real_interface($interface); + $realhwif = interface_translate_type_to_real($interface); if (!$g['booting']) { /* remove all IPv4 addresses */ @@ -2406,7 +2421,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); if ($wancfg['spoofmac']) { - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . " link " . escapeshellarg($wancfg['spoofmac'])); /* @@ -2415,20 +2430,20 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven */ if (is_array($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $vlan) { - if ($vlan['if'] == $realif) + if ($vlan['if'] == $realhwif) mwexec("/sbin/ifconfig " . escapeshellarg($vlan['vlanif']) . " link " . escapeshellarg($wancfg['spoofmac'])); } } } else { - $mac = get_interface_mac(get_real_interface($wancfg['if'])); - if($mac == "ff:ff:ff:ff:ff:ff") { + $mac = get_interface_mac($realhwif); + if ($mac == "ff:ff:ff:ff:ff:ff") { /* this is not a valid mac address. generate a * temporary mac address so the machine can get online. */ echo "Generating new MAC address."; $random_mac = generate_random_mac_address(); - mwexec("/sbin/ifconfig " . escapeshellarg(get_real_interface($wancfg['if'])) . + mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) . " link " . escapeshellarg($random_mac)); $wancfg['spoofmac'] = $random_mac; write_config(); @@ -2438,7 +2453,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven /* media */ if ($wancfg['media'] || $wancfg['mediaopt']) { - $cmd = "/sbin/ifconfig " . escapeshellarg(get_real_interface($wancfg['if'])); + $cmd = "/sbin/ifconfig " . escapeshellarg($realhwif); if ($wancfg['media']) $cmd .= " media " . escapeshellarg($wancfg['media']); if ($wancfg['mediaopt']) @@ -2446,9 +2461,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven mwexec($cmd); } if (!empty($wancfg['mtu'])) - pfSense_interface_mtu($realif, $wancfg['mtu']); + pfSense_interface_mtu($realhwif, $wancfg['mtu']); - $options = pfSense_get_interface_addresses($realif); + $options = pfSense_get_interface_addresses($realhwif); if (is_array($options) && isset($options['caps']['polling'])) { if (isset($config['system']['polling'])) pfSense_interface_capabilities($realif, IFCAP_POLLING); @@ -2457,7 +2472,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } /* skip vlans for checksumming and polling */ - if (!stristr($realif, "vlan") && is_array($options)) { + if (!stristr($realhwif, "vlan") && is_array($options)) { $flags = 0; if(isset($config['system']['disablechecksumoffloading'])) { if (isset($options['encaps']['txcsum'])) @@ -2495,7 +2510,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if (!isset($config['system']['polling']) || !isset($options['caps']['polling'])) { $flags |= IFCAP_POLLING; } - pfSense_interface_capabilities($realif, -$flags); + pfSense_interface_capabilities($realhwif, -$flags); } /* invalidate interface/ip/sn cache */ @@ -2541,17 +2556,17 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interfaces_bring_up($wancfg['if']); if (!$g['booting']) { - interface_reload_carps($realif); + link_interface_to_vips($interface, "update"); unset($gre); $gre = link_interface_to_gre($interface); if (!empty($gre)) - interface_gre_configure($gre); + array_walk($gre, 'interface_gre_configure'); unset($gif); $gif = link_interface_to_gif($interface); if (!empty($gif)) - interface_gif_configure($gif); + array_walk($gif, 'interface_gif_configure'); if ($linkupevent == false) { unset($bridgetmp); @@ -2560,11 +2575,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven interface_bridge_add_member($bridgetmp, $realif); } - link_interface_to_vips($interface, "update"); - $grouptmp = link_interface_to_group($interface); if (!empty($grouptmp)) - interface_group_add_member($realif, $grouptmp); + array_walk($grouptmp, 'interface_group_add_member'); if ($interface == "lan") /* make new hosts file */ @@ -2582,16 +2595,10 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven services_dnsmasq_configure(); /* update dyndns */ - services_dyndns_configure($interface); - - /* force DNS update */ - services_dnsupdate_process($interface); + send_event("service reload dyndns {$interface}"); /* reload captive portal */ captiveportal_init_rules(); - - /* set the reload filter dity flag */ - filter_configure(); } } @@ -2706,6 +2713,7 @@ function interface_group_setup(&$groupname /* The parameter is an array */) { } function interface_group_add_member($interface, $groupname) { + $interface = get_real_interface($interface); mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); } @@ -2734,7 +2742,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { $index = intval(substr($interface, 3)); foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { - if ($index == $counter) + if ($index == $vip['vhid']) return $vip['interface']; } } @@ -2763,22 +2771,22 @@ function convert_friendly_interface_to_friendly_descr($interface) { global $config; switch ($interface) { - case "l2tp": - $ifdesc = "L2TP"; - break; - case "pptp": - $ifdesc = "PPTP"; - break; - case "pppoe": - $ifdesc = "PPPoE"; - break; - case "openvpn": - $ifdesc = "OpenVPN"; - break; - case "enc0": - case "ipsec": - $ifdesc = "IPsec"; - break; + case "l2tp": + $ifdesc = "L2TP"; + break; + case "pptp": + $ifdesc = "PPTP"; + break; + case "pppoe": + $ifdesc = "PPPoE"; + break; + case "openvpn": + $ifdesc = "OpenVPN"; + break; + case "enc0": + case "ipsec": + $ifdesc = "IPsec"; + break; default: if (isset($config['interfaces'][$interface])) { if (empty($config['interfaces'][$interface]['descr'])) @@ -2786,13 +2794,23 @@ function convert_friendly_interface_to_friendly_descr($interface) { else $ifdesc = strtoupper($config['interfaces'][$interface]['descr']); break; + } else if (substr($interface, 0, 3) == "vip") { + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $counter => $vip) { + if ($vip['mode'] == "carpdev-dhcp" || $vip['mode'] == "carp") { + if ($interface == "vip{$vip['vhid']}") + return "{$vip['subnet']} - {$vip['descr']}"; + } + } + } + } else { + /* if list */ + $ifdescrs = get_configured_interface_with_descr(false, true); + foreach ($ifdescrs as $if => $ifname) { + if ($if == $interface || $ifname == $interface) + return $ifname; + } } - /* if list */ - $ifdescrs = get_configured_interface_with_descr(false, true); - foreach ($ifdescrs as $if => $ifname) { - if ($if == $interface || $ifname == $interface) - return $ifname; - } break; } @@ -2819,10 +2837,31 @@ function convert_real_interface_to_friendly_descr($interface) { function interface_translate_type_to_real($interface) { global $config; - if ($config['interfaces'][$interface]['if'] <> "") - return $config['interfaces'][$interface]['if']; - else + if (empty($config['interfaces'][$interface])) return $interface; + $tmpif = $config['interfaces'][$interface]; + switch ($tmpif['type']) { + case "ppp": + case "pppoe": + case "pptp": + case "l2tp": + if (is_array($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppidx => $ppp) { + if ($tmpif['if'] == $ppp['if']) { + $interface = $ppp['ports']; + break; + } + } + } + break; + case "dhcp": + case "static": + default: + $interface = $tmpif['if']; + break; + } + + return $interface; } function interface_is_wireless_clone($wlif) { @@ -3078,14 +3117,17 @@ function link_interface_to_vlans($int, $action = "") { function link_interface_to_vips($int, $action = "") { global $config; - if (is_array($config['virtualip']['vip'])) - foreach ($config['virtualip']['vip'] as $vip) - if ($int == $vip['interface']) { - if ($action == "update") + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($int == $vip['interface']) { + if ($action == "update") { + interface_vip_bring_down($vip); interfaces_vips_configure($int); - else - return $vip; + } else + return $vip; } + } + } } /****f* interfaces/link_interface_to_bridge @@ -3110,30 +3152,44 @@ function link_interface_to_bridge($int) { function link_interface_to_group($int) { global $config; + $result = array(); + if (is_array($config['ifgroups']['ifgroupentry'])) { foreach ($config['ifgroups']['ifgroupentry'] as $group) { if (in_array($int, explode(" ", $group['members']))) - return "{$group['ifname']}"; + $result[$group['ifname']] = $int; } } + + return $result; } function link_interface_to_gre($interface) { global $config; - if (is_array($config['gres']['gre'])) + $result = array(); + + if (is_array($config['gres']['gre'])) { foreach ($config['gres']['gre'] as $gre) if($gre['if'] == $interface) - return $gre; + $result[] = $gre; + } + + return $result; } function link_interface_to_gif($interface) { global $config; - if (is_array($config['gifs']['gif'])) + $result = array(); + + if (is_array($config['gifs']['gif'])) { foreach ($config['gifs']['gif'] as $gif) if($gif['if'] == $interface) - return $gif; + $result[] = $gif; + } + + return $result; } /* @@ -3307,7 +3363,7 @@ function is_altq_capable($int) { */ $capable = array("age", "ale", "an", "ath", "aue", "awi", "bce", "bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem", - "hme", "igb", "ipw", "iwi", "jme", "le", "msk", "mxge", "my", "nfe", + "hme", "igb", "ipw", "iwi", "jme", "le", "lem", "msk", "mxge", "my", "nfe", "npe", "nve", "ral", "re", "rl", "rum", "run", "bwn", "sf", "sis", "sk", "ste", "stge", "txp", "udav", "ural", "vge", "vr", "wi", "xl", "ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", @@ -3486,4 +3542,15 @@ EOD; unlink_if_exists($cron_file); } +function get_vip_descr($ipaddress) { + global $config; + + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['subnet'] == $ipaddress) { + return ($vip['descr']); + } + } + return ""; +} + ?> diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index a46e596..332f300 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -123,12 +123,18 @@ function ipsec_ikeid_next() { */ function ipsec_get_phase1_src(& $ph1ent) { - if ($ph1ent['interface']) - $if = $ph1ent['interface']; - else + if ($ph1ent['interface']) { + if (!is_ipaddr($ph1ent['interface'])) { + $if = $ph1ent['interface']; + $interfaceip = get_interface_ip($if); + } else { + $interfaceip=$ph1ent['interface']; + } + } + else { $if = "wan"; - - $interfaceip = get_interface_ip($if); + $interfaceip = get_interface_ip($if); + } return $interfaceip; } diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index bd46227..234f756 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -577,7 +577,9 @@ function openvpn_restart($mode, & $settings) { /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; mwexec_bg("nohup openvpn --config {$fpath}"); - send_event("filter reload"); + + if (!$g['booting']) + send_event("filter reload"); } function openvpn_delete($mode, & $settings) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 3f8d545..8501df1 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -728,13 +728,16 @@ function call_pfsense_method($method, $params, $timeout = 0) { */ function check_firmware_version($tocheck = "all", $return_php = true) { global $g, $config; + $ip = gethostbyname($g['product_website']); if($ip == $g['product_website']) return false; + $rawparams = array("firmware" => array("version" => trim(file_get_contents('/etc/version'))), "kernel" => array("version" => trim(file_get_contents('/etc/version_kernel'))), "base" => array("version" => trim(file_get_contents('/etc/version_base'))), - "platform" => trim(file_get_contents('/etc/platform')) + "platform" => trim(file_get_contents('/etc/platform')), + "config_version" => $config['version'] ); if($tocheck == "all") { $params = $rawparams; @@ -744,22 +747,38 @@ function check_firmware_version($tocheck = "all", $return_php = true) { $params['platform'] = $rawparams['platform']; } } - if($config['system']['firmware']['branch']) { + if($config['system']['firmware']['branch']) $params['branch'] = $config['system']['firmware']['branch']; - } - if(!$versions = call_pfsense_method('pfsense.get_firmware_version', $params)) { + + /* XXX: What is this method? */ + if(!($versions = call_pfsense_method('pfsense.get_firmware_version', $params))) { return false; } else { $versions["current"] = $params; } + return $versions; } +/* + * host_firmware_version(): Return the versions used in this install + */ +function host_firmware_version($tocheck = "") { + global $g, $config; + + return array( + "firmware" => array("version" => trim(file_get_contents('/etc/version', " \n"))), + "kernel" => array("version" => trim(file_get_contents('/etc/version_kernel', " \n"))), + "base" => array("version" => trim(file_get_contents('/etc/version_base', " \n"))), + "platform" => trim(file_get_contents('/etc/platform', " \n")), + "config_version" => $config['version'] + ); +} + function get_disk_info() { $diskout = ""; exec("/bin/df -h | /usr/bin/grep -w '/' | /usr/bin/awk '{ print $2, $3, $4, $5 }'", $diskout); return explode(' ', $diskout[0]); - // $size, $used, $avail, $cap } /****f* pfsense-utils/strncpy @@ -789,13 +808,6 @@ function strncpy(&$dst, $src, $length) { function reload_interfaces_sync() { global $config, $g; - /* XXX: Use locks?! */ - if (file_exists("{$g['tmp_path']}/reloading_all")) { - log_error("WARNING: Recursive call to interfaces sync!"); - return; - } - touch("{$g['tmp_path']}/reloading_all"); - if($g['debug']) log_error("reload_interfaces_sync() is starting."); @@ -812,13 +824,6 @@ function reload_interfaces_sync() { /* set up interfaces */ interfaces_configure(); - - /* remove reloading_all trigger */ - if($g['debug']) - log_error("Removing {$g['tmp_path']}/reloading_all"); - - /* start devd back up */ - mwexec("/bin/rm {$g['tmp_path']}/reload*"); } /****f* pfsense-utils/reload_all @@ -830,7 +835,6 @@ function reload_interfaces_sync() { * none ******/ function reload_all() { - global $g; send_event("service reload all"); } @@ -843,8 +847,7 @@ function reload_all() { * none ******/ function reload_interfaces() { - global $g; - touch("{$g['tmp_path']}/reload_interfaces"); + send_event("interface all reload"); } /****f* pfsense-utils/reload_all_sync @@ -860,13 +863,6 @@ function reload_all_sync() { $g['booting'] = false; - /* XXX: Use locks?! */ - if (file_exists("{$g['tmp_path']}/reloading_all")) { - log_error("WARNING: Recursive call to reload all sync!"); - return; - } - touch("{$g['tmp_path']}/reloading_all"); - /* parse config.xml again */ $config = parse_config(true); @@ -908,8 +904,6 @@ function reload_all_sync() { /* restart webConfigurator if needed */ send_event("service restart webgui"); - - mwexec("/bin/rm {$g['tmp_path']}/reload*"); } function auto_login() { @@ -2118,4 +2112,4 @@ function filter_rules_compare($a, $b) { return compare_interface_friendly_names($a['interface'], $b['interface']); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 0894842..3c8ca98 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -427,9 +427,10 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = substr($base_url, 0, -1); $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Trying to download {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { - $static_output .= " could not download.\n"; + $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; update_output_window($static_output); return false; } else if ($base_url == $priv_url) { @@ -549,7 +550,6 @@ function install_package($package, $pkg_info = "") { update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); - start_service($pkg_info['name']); } } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index f249256..430775e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -306,11 +306,6 @@ function system_routing_configure($interface = "") { echo "system_routing_configure() being called $mt\n"; } - /* Enable fast routing, if enabled */ - /* XXX: More checks need to be done for subsystems that are not compatibel with fast routing. */ - if(isset($config['staticroutes']['enablefastrouting']) && !isset($config['ipsec']['enable'])) - mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1"); - $gatewayip = ""; $interfacegw = ""; $foundgw = false; @@ -521,7 +516,7 @@ news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path local7.none {$log_directive}{$g['varlog_path']}/system.log security.* {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf +auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 *.emerg * EOD; @@ -620,12 +615,12 @@ EOD; fclose($fd); // Are we logging to a least one remote server ? if(strpos($syslogconf, "@") != false) - $retval = system("/usr/sbin/syslogd -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); else - $retval = system("/usr/sbin/syslogd -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); } else { - $retval = mwexec("/usr/sbin/syslogd -c -l /var/dhcpd/var/run/log"); + $retval = mwexec("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log"); } if ($g['booting']) @@ -1477,4 +1472,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?> +?>
\ No newline at end of file diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 47f96a1..9f7be86 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1078,7 +1078,7 @@ function upgrade_047_to_048() { if (!empty($config['dyndns'])) { $config['dyndnses'] = array(); $config['dyndnses']['dyndns'] = array(); - if(isset($config['dyndns'][0]['enable'])) { + if(isset($config['dyndns'][0]['host'])) { $tempdyn = array(); $tempdyn['enable'] = isset($config['dyndns'][0]['enable']); $tempdyn['type'] = $config['dyndns'][0]['type']; @@ -2282,4 +2282,4 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 6c40c45..3cc88e9 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -790,6 +790,23 @@ function log_error($error) { return; } +/****f* util/log_auth +* NAME +* log_error - Sends a string to syslog as LOG_AUTH facility +* INPUTS +* $error - string containing the syslog message. +* RESULT +* null +******/ +function log_auth($error) { + global $g; + $page = $_SERVER['SCRIPT_NAME']; + syslog(LOG_AUTH, "$page: $error"); + if ($g['debug']) + syslog(LOG_WARNING, var_dump(debug_backtrace())); + return; +} + /****f* util/exec_command * NAME * exec_command - Execute a command and return a string of the result. @@ -1468,4 +1485,4 @@ function array_merge_recursive_unique($array0, $array1) return $result; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 7c045d2..44c934c 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -118,6 +118,7 @@ function vpn_ipsec_configure($ipchg = false) return true; } else { mwexec("/sbin/ifconfig enc0 up"); + mwexec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); if ($g['booting']) echo "Configuring IPsec VPN... "; @@ -635,15 +636,18 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk mobile tunnel */ - if (($localid_type == "none") || ($ph1ent['authentication_method'] == "pre_shared_key") && isset($ph1ent['mobile'])) + /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + if (($localid_type == "none") || + (($ph1ent['authentication_method'] == "xauth_psk_server") || + ($ph1ent['authentication_method'] == "pre_shared_key")) + && isset($ph1ent['mobile'])) $localid_spec = " "; else { - if ($localid_type != "address") { - $localid_type = "subnet"; - } - $localid_spec = $localid_type." ".$localid_data." any"; - } + if ($localid_type != "address") { + $localid_type = "subnet"; + } + $localid_spec = $localid_type." ".$localid_data." any"; + } if (!isset($ph2ent['mobile'])) { $remoteid_type = $ph2ent['remoteid']['type']; @@ -656,16 +660,23 @@ EOD; $remoteid_spec = "anonymous"; } else { - $rgip = $rgmap[$ph1ent['remote-gateway']]; - $localid_data = ipsec_get_phase1_src($ph1ent); - if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } - $localid_spec = "address {$localid_data}"; - - $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; - if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } - $remoteid_spec = "address {$remoteid_data}"; + if ((($ph1ent['authentication_method'] == "xauth_psk_server") || + ($ph1ent['authentication_method'] == "pre_shared_key")) + && isset($ph1ent['mobile'])) + $localid_spec = " "; + else { + $localid_data = ipsec_get_phase1_src($ph1ent); + if($ph2ent['mode'] == 'transport') { $localid_data="$localid_data any"; } + $localid_spec = "address {$localid_data}"; + } + if (!isset($ph2ent['mobile'])) { + $remoteid_data = $rgmap[$ph1ent['remote-gateway']]; + if($ph2ent['mode'] == 'transport') { $remoteid_data="$remoteid_data any"; } + $remoteid_spec = "address {$remoteid_data}"; + } else + $remoteid_spec = "anonymous"; } if($ph2ent['protocol'] == 'esp') { @@ -877,7 +888,6 @@ EOD; sleep("0.1"); mwexec("/usr/local/sbin/setkey -F", false); sleep("0.1"); - exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); /* start racoon */ mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf", false); sleep("0.1"); @@ -1721,4 +1731,4 @@ function vpn_ipsec_configure_preferoldsa() { mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index 61167bf..ef4fc19 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -107,17 +107,36 @@ function php_value_to_xmlrpc($value, $force_array = false) { * the array before returning it. */ function xmlrpc_auth(&$params) { - global $config; + global $config, $_SERVER; + + if (!is_array($config['system']['user'])) { + array_shift($params); + unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); + return false; + } + if (!isset($config['system']['user'][0]['password'])) { + array_shift($params); + unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); + return false; + } + $localpass = $config['system']['user'][0]['password']; if(crypt($params[0], $localpass) == $localpass) { array_shift($params); + unset($params['xmlrpcauth']); return true; - } else if(crypt($params['xmlrpcauth'], $localpass) != $localpass) { + } else if(crypt($params['xmlrpcauth'], $localpass) == $localpass) { + array_shift($params); unset($params['xmlrpcauth']); - return false; + return true; } + + array_shift($params); unset($params['xmlrpcauth']); + log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); return false; } -?>
\ No newline at end of file +?> diff --git a/etc/rc.bootup b/etc/rc.bootup index 2d39df6..fe1faa3 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -249,9 +249,6 @@ echo "Starting PFLOG..."; filter_pflog_start(); echo "done.\n"; -/* start load balancer daemon */ -relayd_configure(); - /* reconfigure our gateway monitor */ echo "Setting up gateway monitors..."; setup_gateways_monitor(); @@ -282,6 +279,9 @@ system_routing_configure(); /* enable routing */ system_routing_enable(); +/* start load balancer daemon */ +relayd_configure(); + /* configure console menu */ system_console_configure(); @@ -293,10 +293,6 @@ echo "done.\n"; /* Launch on bootup and keep trying to sync. Exit once time/date has been sync'd. */ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); -/* static IP address? -> attempt DNS update */ -if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) - services_dnsupdate_process(); - /* start DHCP service */ services_dhcpd_configure(); @@ -306,12 +302,15 @@ services_dnsmasq_configure(); /* start dhcpleases dhpcp hosts leases program */ system_dhcpleases_configure(); -/* start dyndns service */ -send_event("service reload dyndnsall"); - /* start DHCP relay */ services_dhcrelay_configure(); +/* dyndns service updates */ +send_event("service reload dyndnsall"); + +/* Run a filter configure now that most all services have started */ +filter_configure_sync(); + /* setup pppoe and pptp */ vpn_setup(); @@ -336,9 +335,6 @@ system_set_harddisk_standby(); /* lock down console if necessary */ auto_login(); -/* Run a filter configure now that most all services have started */ -filter_configure_sync(); - /* load graphing functions */ enable_rrd_graphing(); @@ -361,16 +357,16 @@ if($config['system']['afterbootupshellcmd'] <> "") { if($avail < $g['minimum_ram_warning']) { require_once("/etc/inc/notices.inc"); file_notice("{$g['product_name']}MemoryRequirements", "{$g['product_name']} requires at least {$g['minimum_ram_warning_text']} of RAM. Expect unusual performance. This platform is not supported.", "Memory", "", 1); - mwexec("sysctl net.inet.tcp.recvspace=4096"); - mwexec("sysctl net.inet.tcp.sendspace=4096"); + mwexec("/sbin/sysctl net.inet.tcp.recvspace=4096"); + mwexec("/sbin/sysctl net.inet.tcp.sendspace=4096"); } /* if we are operating at 1000 then increase timeouts. this was never accounted for after moving to 1000 hz */ -$kern_hz = `sysctl kern.clockrate | awk '{ print $5 }' | cut -d"," -f1`; +$kern_hz = `/sbin/sysctl kern.clockrate | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"," -f1`; $kern_hz = trim($kern_hz, "\r\n"); if($kern_hz == "1000") - mwexec("sysctl net.inet.tcp.rexmit_min=30"); + mwexec("/sbin/sysctl net.inet.tcp.rexmit_min=30"); /* start the igmpproxy daemon */ services_igmpproxy_configure(); @@ -383,7 +379,7 @@ activate_powerd(); /* Remove the old shutdown binary if we kept it. */ if (file_exists("/sbin/shutdown.old")) - unlink("/sbin/shutdown.old"); + @unlink("/sbin/shutdown.old"); /* done */ unset($g['booting']); diff --git a/etc/rc.dyndns.update b/etc/rc.dyndns.update index a84cadd..557113c 100755 --- a/etc/rc.dyndns.update +++ b/etc/rc.dyndns.update @@ -38,9 +38,12 @@ require_once("shaper.inc"); $argument = trim($argv[1], " \n"); -if(empty($argument)) +if(empty($argument)) { services_dyndns_configure(); -else + services_dnsupdate_process(); +} else { services_dyndns_configure($argument); + services_dnsupdate_process($argument); +} ?> diff --git a/etc/rc.filter_configure_xmlrpc b/etc/rc.filter_configure_xmlrpc index 4a42df7..bd1f785 100755 --- a/etc/rc.filter_configure_xmlrpc +++ b/etc/rc.filter_configure_xmlrpc @@ -43,7 +43,6 @@ require_once("shaper.inc"); require_once("xmlrpc.inc"); require_once("interfaces.inc"); -filter_configure(); system_routing_configure(); setup_gateways_monitor(); relayd_configure(); @@ -51,4 +50,4 @@ require_once("openvpn.inc"); openvpn_resync_all(); services_dhcpd_configure(); -?>
\ No newline at end of file +?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index dede6ba..0a8316b 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -64,6 +64,13 @@ function backup_vip_config_section() { $section_val = 255; $section['advskew'] = $section_val; } + if($section['advbase'] <> "") { + $section_val = intval($section['advbase']); + $section_val=$section_val+1; + if($section_val > 255) + $section_val = 255; + $section['advbase'] = $section_val; + } $temp['vip'][] = $section; } return $temp; @@ -81,10 +88,59 @@ function remove_special_characters($string) { return $string; } +function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { + global $config, $g; + + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) + return; + + $params = array( + XML_RPC_encode($password) + ); + + $numberofruns = 0; + while ($numberofruns < 2) { + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if(!is_object($resp)) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } else { + $parsed_response = XML_RPC_decode($resp->value()); + if(!is_array($parsed_response)) { + if (trim($parsed_response) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + exit; + } + } else { + if (!isset($parsed_response['config_version']) || + $parsed_response['config_version'] < $config['version']) + return false; + else + return true; + } + } + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + $numberofruns++; + } + + return false; +} + function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; - if(file_exists("{$g['varrun_path']}/booting")) + if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; update_filter_reload_status("Syncing CARP data to {$url}"); @@ -189,46 +245,48 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); - continue; } elseif($resp->faultCode()) { $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); - continue; } else { - log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + $parsed_response = XML_RPC_decode($resp->value()); + if(!is_array($parsed_response) && trim($parsed_repsonse) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ($method)."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + exit; + } else + log_error("XMLRPC sync successfully completed with {$url}:{$port}."); $numberofruns = 3; } - $parsed_response = XML_RPC_Decode($resp->value()); - if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - $numberofruns = 5; - } $numberofruns++; } } global $g; -if (file_exists("{$g['varrun_path']}/booting")) +if (file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { - if ($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if ($config['system']['webgui']['protocol'] != "") { + if (empty($carp['synchronizetoip'])) { + log_error("CARP sync not being done because of missing sync ip!"); + break; + } + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if (!empty($config['system']['webgui']['protocol'])) { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } /* if port is empty lets rely on the protocol selection */ $port = $config['system']['webgui']['port']; - if ($port == "") { + if (empty($port)) { if ($config['system']['webgui']['protocol'] == "http") $port = "80"; else @@ -323,6 +381,12 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { + if (!carp_check_version($synchronizetoip, $carp['password'], $port)) { + update_filter_reload_status("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + log_error("The other member is on older version of {$g['product']}. Sync will not be done to prevent problems!"); + break; + } + update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); if (is_array($mergesections)) @@ -351,7 +415,6 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { } } break; - } } } diff --git a/etc/rc.initial b/etc/rc.initial index 13fcbba..4d88bda 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -3,7 +3,7 @@ # $Id$ # /etc/rc.initial # part of pfSense by Scott Ullrich -# Copyright (C) 2004 Scott Ullrich, All rights reserved. +# Copyright (C) 2004-2010 Scott Ullrich, All rights reserved. # originally based on m0n0wall (http://neon1.net/m0n0wall) # Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. # All rights reserved. @@ -43,45 +43,38 @@ fi product=`grep product_name /etc/inc/globals.inc | cut -d'"' -f4` hidebanner=`grep hidebanner /etc/inc/globals.inc | cut -d'"' -f4` -# display a cheap menu -echo -echo -echo " ${product} console setup " -echo "***************************" -echo " 0) Logout (SSH only)" -echo " 1) Assign Interfaces" -echo " 2) Set interface(s) IP address" -echo " 3) Reset webConfigurator password" -echo " 4) Reset to factory defaults" -echo " 5) Reboot system" -echo " 6) Halt system" -echo " 7) Ping host" -echo " 8) Shell" -echo " 9) PFtop" -echo "10) Filter Logs" -echo "11) Restart webConfigurator" -echo "12) ${product} Developer Shell" -echo "13) Upgrade from console" +# Check to see if SSH is listening. SSHD=`/usr/bin/sockstat -4l | grep "*.22" | wc -l` if [ "$SSHD" -gt 0 ]; then - echo "14) Disable Secure Shell (sshd)"; + sshd_option="14) Disable Secure Shell (sshd)"; else - echo "14) Enable Secure Shell (sshd)"; + sshd_option="14) Enable Secure Shell (sshd)"; fi for i in /var/db/pfi/capable_*; do if [ -f $i -a ! -L /cf/conf ]; then - echo "98) Move configuration file to removable device" + option98="98) Move configuration file to removable device" break fi done if [ "$PLATFORM" = "cdrom" ]; then - echo "99) Install ${product} to a hard drive/memory drive, etc." - echo + option99="99) Install ${product} to a hard drive, etc." fi -echo +# display a cheap menu +echo "" +echo "" +echo " 0) Logout (SSH only) 8) Shell" +echo " 1) Assign Interfaces 9) pfTop" +echo " 2) Set interface(s) IP address 10) Filter Logs" +echo " 3) Reset webConfigurator password 11) Restart webConfigurator" +echo " 4) Reset to factory defaults 12) ${product} Developer Shell" +echo " 5) Reboot system 13) Upgrade from console" +echo " 6) Halt system ${sshd_option}" +echo " 7) Ping host ${option98}" +/bin/echo "${option99}" + read -p "Enter an option: " opmode echo diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 347ccd0..4735994 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -41,6 +41,10 @@ require_once("ipsec.inc"); require_once("vpn.inc"); require_once("openvpn.inc"); +// Do not process while booting +if($g['booting']) + exit; + /* Interface IP address has changed */ $argument = str_replace("\n", "", $argv[1]); @@ -71,6 +75,10 @@ $oldip = "0.0.0.0"; if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); +$grouptmp = link_interface_to_group($interface); +if (!empty($grouptmp)) + array_walk($grouptmp, 'interface_group_add_member'); + /* regenerate resolv.conf if DNS overrides are allowed */ system_resolvconf_generate(true); @@ -84,6 +92,9 @@ system_routing_configure($interface); /* reconfigure our gateway monitor */ setup_gateways_monitor(); +/* signal filter reload */ +filter_configure(); + if (is_ipaddr($oldip) && $curwanip == $oldip) exit; @@ -99,10 +110,6 @@ vpn_ipsec_force_reload(); /* start OpenVPN server & clients */ openvpn_resync_all($interface); -/* signal filter reload */ -unlink_if_exists("/tmp/config.cache"); -filter_configure(); - /* reload graphing functions */ enable_rrd_graphing(); @@ -111,5 +118,4 @@ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); mwexec_bg("/etc/rc.start_packages"); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); -return 0; ?> diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 01dfc78..ee98fa0 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -59,7 +59,7 @@ arp_flush() { } delete_old_address() { - rm -f /var/db/${interface}_ip + /bin/rm -f /var/db/${interface}_ip $IFCONFIG $interface inet -alias $old_ip_address $medium } @@ -82,8 +82,6 @@ add_new_address() { echo $new_routers > /tmp/${interface}_router echo $new_ip_address > /var/db/${interface}_ip - /usr/local/sbin/pfSctl -c "interface newip $interface" - } delete_old_alias() { @@ -185,6 +183,7 @@ add_new_routes() { return fi + ADDED_ROUTE=no # Only allow the default route to be overridden if it's on our own interface if [ -f "/tmp/${interface}_defaultgw" ]; then $ROUTE delete default @@ -193,13 +192,12 @@ add_new_routes() { $ROUTE add default -iface $interface echo $ROUTE add default -iface $interface | $LOGGER echo $router > /tmp/${interface}_router - echo $router > /tmp/${interface}_defaultgw else $ROUTE add default $router echo $ROUTE add default $router | $LOGGER echo $router > /tmp/${interface}_router - echo $router > /tmp/${interface}_defaultgw fi + ADDED_ROUTE=yes # 2nd and subsequent default routers error out, so explicitly # stop processing the list after the first one. break @@ -211,8 +209,10 @@ add_new_routes() { set $new_static_routes while [ $# -gt 1 ]; do $ROUTE add $1 $2 + if [ "$ADDED_ROUTE" = "no" ]; then + echo $2 > /tmp/${interface}_router + fi shift; shift - echo $new_routers > /tmp/${interface}_router done fi } @@ -226,7 +226,7 @@ add_new_resolv_conf() { done fi if [ -n "$new_domain_name_servers" ]; then - rm -f /var/etc/nameserver_$interface + /bin/rm -f /var/etc/nameserver_$interface for nameserver in $new_domain_name_servers; do # Add a route to the nameserver out the correct interface # so that mulitple wans work correctly with multiple dns @@ -235,7 +235,6 @@ add_new_resolv_conf() { $ROUTE add $nameserver -iface $interface done echo $new_domain_name >/var/etc/searchdomain_$interface - /usr/local/sbin/pfSctl -c 'service reload dns' fi return 0 @@ -243,6 +242,7 @@ add_new_resolv_conf() { # Notify rc.newwanip of changes to an interface notify_rc_newwanip() { + /usr/local/sbin/pfSctl -c "interface newip $interface" } # @@ -261,12 +261,12 @@ if [ -f /etc/dhclient-enter-hooks ]; then fi fi -if [ -x $ROUTE ]; then - if_defaultroute=`$ROUTE get default | $GREP interface | $AWK '{print $2}'` -else - $LOGGER "if_defaultroute" - if_defaultroute="x" -fi +#if [ -x $ROUTE ]; then +# if_defaultroute=`$ROUTE -n get -inet default | $GREP interface | $AWK '{print $2}'` +#else +# $LOGGER "if_defaultroute" +# if_defaultroute="x" +#fi $LOGGER $reason case $reason in @@ -287,17 +287,17 @@ ARPCHECK|ARPSEND) BOUND|RENEW|REBIND|REBOOT) check_hostname - changes=no + changes="no" if [ -n "$old_ip_address" ]; then if [ -n "$alias_ip_address" ] && \ [ "$old_ip_address" != "$alias_ip_address" ]; then delete_old_alias - changes=yes + changes="yes" fi if [ "$old_ip_address" != "$new_ip_address" ]; then delete_old_address delete_old_routes - changes=yes + changes="yes" fi fi if [ "$reason" = BOUND ] || \ @@ -306,12 +306,12 @@ BOUND|RENEW|REBIND|REBOOT) [ "$old_ip_address" != "$new_ip_address" ]; then add_new_address add_new_routes - changes=yes + changes="yes" fi if [ -n "$alias_ip_address" ] && \ [ "$new_ip_address" != "$alias_ip_address" ]; then add_new_alias - changes=yes + changes="yes" fi add_new_resolv_conf if [ "$changes" = "yes" ] ; then @@ -334,7 +334,7 @@ TIMEOUT) if [ -n "$new_routers" ]; then $LOGGER "New Routers ($interface): $new_routers" set "$new_routers" - if /sbin/ping -q -c 1 -w 1 "$1"; then + if /sbin/ping -q -c 1 -t 1 "$1"; then if [ "$new_ip_address" != "$alias_ip_address" ]; then add_new_alias fi diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 139358d..187736b 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -154,6 +154,7 @@ include("head.inc"); $netmask = $carp['subnet_bits']; $vhid = $carp['vhid']; $advskew = $carp['advskew']; + $advbase = $carp['advbase']; $carp_int = "vip{$vhid}"; $status = get_carp_interface_status($carp_int); echo "<tr>"; diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index c124cdb..45a14a2 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -170,9 +170,9 @@ $ifentries = get_configured_interface_with_descr(); foreach ($ifentries as $ent => $entdesc) { if (is_array($config['interfaces'][$ent]['wireless']) && preg_match($g['wireless_regex'], $config['interfaces'][$ent]['if'])) - $ifdescrs[$ent] = $entdesc; + $wifdescrs[$ent] = $entdesc; } -if (count($ifdescrs) > 0) +if (count($wifdescrs) > 0) $status_menu[] = array(gettext("Wireless"), "/status_wireless.php"); $status_menu = msort(array_merge($status_menu, return_ext_menu("Status")),0); diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 94132f2..306c811 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -114,27 +114,43 @@ include("head.inc"); </table> </td> </tr> - <?php $i = 0; foreach ($a_1to1 as $natent): ?> + <?php + $textse = "</span>"; + + $i = 0; foreach ($a_1to1 as $natent): + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; ?> <tr> <td class="listlr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> <?php + echo $textss; if (!$natent['interface']) echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); else echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + echo $textse; ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo $natent['external']; ?> + <?php + $source_net = pprint_address($natent['source']); + $source_cidr = strstr($source_net, '/'); + echo $textss . $natent['external'] . $source_cidr . $textse; + ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo pprint_address($natent['source']); ?> + <?php echo $textss . $source_net . $textse; ?> </td> <td class="listr" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> - <?php echo pprint_address($natent['destination']); ?> + <?php echo $textss . pprint_address($natent['destination']) . $textse; ?> </td> <td class="listbg" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> + <?=$textss;?> <?=htmlspecialchars($natent['descr']);?> + <?=$textse;?> </td> <td class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 8ef211b..1c6c3f0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -362,8 +362,10 @@ if ($_POST) { else if ($_POST['ackqueue'] == $_POST['defaultqueue']) $input_errors[] = gettext("Acknowledge queue and Queue cannot be the same."); } - if (isset($_POST['floating']) && $_POST['pdnpipe'] && (empty($_POST['direction']) || $_POST['direction'] == "any")) + if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) || $_POST['direction'] == "any")) $input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction."); + if (isset($_POST['floating']) && $_POST['gateway'] != "default" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + $input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction."); if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") { if ($_POST['dnpipe'] == "none" ) $input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too."); diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 20da793..edcde6c 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -82,6 +82,7 @@ if (isset($id) && $a_vip[$id]) { $pconfig['mode'] = $a_vip[$id]['mode']; $pconfig['vhid'] = $a_vip[$id]['vhid']; $pconfig['advskew'] = $a_vip[$id]['advskew']; + $pconfig['advbase'] = $a_vip[$id]['advbase']; $pconfig['password'] = $a_vip[$id]['password']; $pconfig['range'] = $a_vip[$id]['range']; $pconfig['subnet'] = $a_vip[$id]['subnet']; @@ -185,6 +186,7 @@ if ($_POST) { if ($_POST['mode'] === "carp" or $_POST['mode'] == "carpdev-dhcp") { $vipent['vhid'] = $_POST['vhid']; $vipent['advskew'] = $_POST['advskew']; + $vipent['advbase'] = $_POST['advbase']; $vipent['password'] = $_POST['password']; } @@ -262,28 +264,30 @@ function enable_change(enable_over) { document.iform.vhid.disabled = 0; document.iform.password.disabled = 0; document.iform.advskew.disabled = 0; + document.iform.advbase.disabled = 0; document.iform.type.disabled = 1; document.iform.subnet_bits.disabled = 0; - document.iform.subnet.disabled = 0; - if (note.firstChild == null) { - note.appendChild(carpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(carpnote); - } + document.iform.subnet.disabled = 0; + if (note.firstChild == null) { + note.appendChild(carpnote); + } else { + note.removeChild(note.firstChild); + note.appendChild(carpnote); + } } else { document.iform.vhid.disabled = 1; document.iform.password.disabled = 1; document.iform.advskew.disabled = 1; + document.iform.advbase.disabled = 1; document.iform.type.disabled = 0; document.iform.subnet_bits.disabled = 1; - document.iform.subnet.disabled = 0; - if (note.firstChild == null) { - note.appendChild(proxyarpnote); - } else { - note.removeChild(note.firstChild); - note.appendChild(proxyarpnote); - } + document.iform.subnet.disabled = 0; + if (note.firstChild == null) { + note.appendChild(proxyarpnote); + } else { + note.removeChild(note.firstChild); + note.appendChild(proxyarpnote); + } } if (get_radio_value(document.iform.mode) == "other") { document.iform.type.disabled = 1; @@ -307,9 +311,10 @@ function enable_change(enable_over) { document.iform.subnet.disabled = 1; document.iform.subnet.value = ''; document.iform.subnet_bits.value = ''; - document.iform.vhid.disabled = 0; - document.iform.password.disabled = 0; - document.iform.advskew.disabled = 0; + document.iform.vhid.disabled = 0; + document.iform.password.disabled = 0; + document.iform.advskew.disabled = 0; + document.iform.advbase.disabled = 0; } } function typesel_change() { @@ -431,7 +436,7 @@ function typesel_change() { <tr valign="top"> <td width="22%" class="vncellreq"><?=gettext("VHID Group");?></td> <td class="vtable"><select id='vhid' name='vhid'> - <?php for ($i = 1; $i <= 65535; $i++): ?> + <?php for ($i = 1; $i <= 65536; $i++): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['vhid']) echo "selected"; ?>> <?=$i;?> </option> @@ -442,14 +447,23 @@ function typesel_change() { </tr> <tr valign="top"> <td width="22%" class="vncellreq"><?=gettext("Advertising Frequency");?></td> - <td class="vtable"><select id='advskew' name='advskew'> + <td class="vtable"> + Base: <select id='advbase' name='advbase'> + <?php for ($i = 1; $i <= 254; $i++): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['advbase']) echo "selected"; ?>> + <?=$i;?> + </option> + <?php endfor; ?> + </select> + Skew: <select id='advskew' name='advskew'> <?php for ($i = 0; $i <= 254; $i++): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['advskew']) echo "selected"; ?>> + <option value="<?=$i;?>" <?php if ($i == $pconfig['advskew']) echo "selected"; ?>> <?=$i;?> - </option> + </option> <?php endfor; ?> - </select> - <br><?=gettext("The frequency that this machine will advertise. 0 = master. Anything above 0 designates a backup.");?> + </select> + <br/><br/> + <?=gettext("The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster detrmines the master.");?> </td> </tr> <tr> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index bd02087..2d821ab 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -159,7 +159,7 @@ if ($wancfg['if'] == $a_ppps[$pppid]['if']) { } }// End force pppoe reset at specific time }// End if type == pppoe - if ($a_ppps[$pppid]['type'] == "pptp"){ + else if ($a_ppps[$pppid]['type'] == "pptp"){ $pconfig['pptp_username'] = $a_ppps[$pppid]['username']; $pconfig['pptp_password'] = base64_decode($a_ppps[$pppid]['password']); $pconfig['pptp_local'] = explode(",",$a_ppps[$pppid]['localip']); @@ -375,7 +375,7 @@ if ($_POST['apply']) { if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable']) && $_POST['type'] != "static") $input_errors[] = gettext("The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration."); - switch($_POST['type']) { + switch(strtolower($_POST['type'])) { case "static": $reqdfields = explode(" ", "ipaddr subnet gateway"); $reqdfieldsn = array(gettext("IP address"),gettext("Subnet bit count"),gettext("Gateway")); @@ -389,15 +389,13 @@ if ($_POST['apply']) { } } case "dhcp": - if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) - $input_errors[] = gettext("You have to reassign the interface to be able to configure as {$_POST['type']}."); break; case "ppp": $reqdfields = explode(" ", "port phone"); $reqdfieldsn = array(gettext("Modem Port"),gettext("Phone Number")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; - case "PPPoE": + case "pppoe": if ($_POST['pppoe_dialondemand']) { $reqdfields = explode(" ", "pppoe_username pppoe_password pppoe_dialondemand pppoe_idletimeout"); $reqdfieldsn = array(gettext("PPPoE username"),gettext("PPPoE password"),gettext("Dial on demand"),gettext("Idle timeout value")); @@ -407,7 +405,7 @@ if ($_POST['apply']) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; - case "PPTP": + case "pptp": if ($_POST['pptp_dialondemand']) { $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote pptp_dialondemand pptp_idletimeout"); $reqdfieldsn = array(gettext("PPTP username"),gettext("PPTP password"),gettext("PPTP local IP address"),gettext("PPTP subnet"),gettext("PPTP remote IP address"),gettext("Dial on demand"),gettext("Idle timeout value")); @@ -515,6 +513,12 @@ if ($_POST['apply']) { } } if (!$input_errors) { + if ($wancfg['type'] != $_POST['type']) { + if (in_array($wancfg['ipaddr'], array("ppp", "pppoe", "pptp", "l2tp"))) { + $wancfg['if'] = $a_ppps[$pppid]['ports']; + unset($a_ppps[$pppid]); + } + } $ppp = array(); if ($wancfg['ipaddr'] != "ppp") unset($wancfg['ipaddr']); diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index efbf036..59bad8f 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -136,6 +136,9 @@ include("head.inc"); <select name="if" class="formselect"> <?php $portlist = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $cif => $carpip) + $portlist[$cif] = $carpip." (".get_vip_descr($carpip).")"; foreach ($portlist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; if ($ifn == $pconfig['if']) diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index f0f0a84..ce9f324 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -139,6 +139,9 @@ include("head.inc"); <select name="if" class="formselect"> <?php $portlist = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + foreach ($carplist as $cif => $carpip) + $portlist[$cif] = $carpip." (".get_vip_descr($carpip).")"; foreach ($portlist as $ifn => $ifinfo) { echo "<option value=\"{$ifn}\""; if ($ifn == $pconfig['if']) diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 367b604..b30853b 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -80,7 +80,7 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "members proto"); - $reqdfieldsn = array(",", gettext("Member interfaces"), gettext("Lagg protocol")); + $reqdfieldsn = array(gettext("Member interfaces"), gettext("Lagg protocol")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 52bc31a..8b71837 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -84,17 +84,16 @@ $id = $_GET['id']; if (isset($_POST['id'])) $id = htmlspecialchars($_POST['id']); -if(!is_numeric($id)) { - Header("Location: /"); - exit; -} - - // Not posting? Then user is editing a record. There must be a valid id // when editing a record. if(!$id && !$_POST) $id = "0"; - + +if(!is_numeric($id)) { + Header("Location: /"); + exit; +} + if($pkg['custom_php_global_functions'] <> "") eval($pkg['custom_php_global_functions']); diff --git a/usr/local/www/status_lb_vs.php b/usr/local/www/status_lb_vs.php index bab9976..43510c8 100755 --- a/usr/local/www/status_lb_vs.php +++ b/usr/local/www/status_lb_vs.php @@ -94,7 +94,7 @@ function parse_redirects($rdr_a) { $line = $rdr_a[$i]; if (preg_match("/^[0-9]+/", $line)) { $regs = array(); - if($x = preg_match("/^[0-9]+\s+redirect\s+([0-9a-zA-Z\s]+)\s+([a-z]+)/", $line, $regs)) { + if($x = preg_match("/^[0-9]+\s+redirect\s+([0-9a-zA-Z\.]+)\s+([a-z]+)/", $line, $regs)) { $vs[trim($regs[1])] = array(); $vs[trim($regs[1])]['status'] = trim($regs[2]); } diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index d7e3e1a..d9017c4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -62,10 +62,13 @@ if ($_POST) { } if (!$input_errors) { - if ($_POST['savetest'] && $_POST['authmode'] == "ldap") - $save_and_test = true; - else - $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + if ($_POST['authmode'] != "local") { + $authsrv = auth_get_authserver($_POST['authmode']); + if ($_POST['savetest'] && $authsrv['type'] == "ldap") + $save_and_test = true; + else + $savemsg = gettext("The test was not performed becuase it is supported only for ldap based backends."); + } if(isset($_POST['session_timeout']) && $_POST['session_timeout'] != "") diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index f9d374d..40879f6 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -191,7 +191,10 @@ include("head.inc"); $iflabels = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $iflabels[$cif] = strtoupper($cif) . " ({$carpip})"; + $iflabels[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $iflabels[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $if = htmlspecialchars($iflabels[$ph1ent['interface']]); } else diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index c498858..6240a63 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -509,7 +509,10 @@ function dpdchkbox_change() { $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index e92d82e..96f67bf 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -457,10 +457,10 @@ if ($savemsg) $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) - $interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})"; + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index bfb2076..9d7c00d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -663,10 +663,10 @@ if ($savemsg) $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) - $interfaces[$cif.'|'.$carpip] = strtoupper($cif) . " ({$carpip})"; + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) - $interfaces[$aliasif.'|'.$aliasip] = strtoupper($aliasif) . " ({$aliasip})"; + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; $interfaces['any'] = "any"; foreach ($interfaces as $iface => $ifacename): $selected = ""; diff --git a/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/usr/local/www/widgets/widgets/traffic_graphs.widget.php index bcc2298..9d1e76c 100644 --- a/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -68,7 +68,7 @@ Refresh Interval: <option value="8" <?php if ($refreshInterval == "8") echo "SELECTED";?>>8</option> <option value="9" <?php if ($refreshInterval == "9") echo "SELECTED";?>>9</option> <option value="10" <?php if ($refreshInterval == "10") echo "SELECTED";?>>10</option> - </select> Seconds<br> <b>Note:</b> changing this settings can affect CPU Performance on the pfSense Box<br><br> + </select> Seconds<br> <b>Note:</b> changing this setting will increase CPU utilization<br><br> <input id="submit" name="submit" type="submit" onclick="return updatePref();" class="formbtn" value="Save Settings" /> </div> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index 5a39e90..05c3671 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -555,10 +555,7 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); exit; } @@ -686,7 +683,7 @@ function apply_all_choosen_items() { if ($remainbw > 0 && $remainbw > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1038,7 +1035,7 @@ function apply_all_choosen_items() { if ($remainbw > 0 && $remainbw > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard.xml b/usr/local/www/wizards/traffic_shaper_wizard.xml index ce2b04c..4c2f2a3 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard.xml @@ -1215,16 +1215,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index 4811181..50fa627 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -582,11 +582,7 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); exit; } @@ -713,7 +709,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1098,7 +1094,7 @@ function apply_all_choosen_items() { $remainbw = round($remainbw / $downbw * 100, 2); if (intval($remainbw) > 0 && intval($remainbw) > 40) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml index 5d83553..ecdb508 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.xml @@ -1220,16 +1220,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index d1a1122..83c3e49 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -615,11 +615,7 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); exit; } @@ -746,7 +742,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 30) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -1144,7 +1140,7 @@ function apply_all_choosen_items() { if (intval($remainbw) > 0 && intval($remainbw) > 40) { $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$message}"); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml index 9fca078..050f493 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.xml @@ -1228,16 +1228,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index 5186aa3..b5f8d63 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -397,11 +397,7 @@ function step8_stepsubmitphpaction() { clear_subsystem_dirty('shaper'); update_filter_reload_status("Initializing"); -} - -function step9_stepsubmitphpaction() { - global $g, $config; - header("status_filter_reload.php"); + header("Location: status_filter_reload.php"); exit; } @@ -521,8 +517,8 @@ function apply_all_choosen_items() { $remainbw = round($remainbw / $upbw * 100, 2); if ($remainbw > 0 && $remainbw > 30) { - $message=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$message}"); + $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; @@ -911,8 +907,8 @@ function apply_all_choosen_items() { } $remainbw = round($remainbw / $lanbw * 100, 2); if ($remainbw > 0 && $remainbw > 30) { - $message=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$message}"); + $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_lan.xml&stepid=2&message={$savemsg}"); exit; } else { $remainbw = 100 - $remainbw; diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml index 9ed7c44..ae5a139 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml @@ -1277,16 +1277,4 @@ <stepsubmitphpaction>step8_stepsubmitphpaction();</stepsubmitphpaction> <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc</includefile> </step> - <step> - <id>9</id> - <title>pfSense Traffic Shaper Wizard</title> - <fields> - <field> - <name>Finish</name> - <type>submit</type> - </field> - </fields> - <includefile>/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc</includefile> - <stepsubmitphpaction>step9_stepsubmitphpaction();</stepsubmitphpaction> - </step> </pfsensewizard> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 375ad46..ea0166b 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -61,12 +61,12 @@ if($synchronizetoip) { } $xmlrpc_g = array( - "return" => array( - "true" => new XML_RPC_Response(new XML_RPC_Value(true, $XML_RPC_Boolean)), - "false" => new XML_RPC_Response(new XML_RPC_Value(false, $XML_RPC_Boolean)), - "authfail" => new XML_RPC_Response(new XML_RPC_Value(gettext("Authentication failed"), $XML_RPC_String)) - ) - ); + "return" => array( + "true" => new XML_RPC_Response(new XML_RPC_Value(true, $XML_RPC_Boolean)), + "false" => new XML_RPC_Response(new XML_RPC_Value(false, $XML_RPC_Boolean)), + "authfail" => new XML_RPC_Response(new XML_RPC_Value(gettext("Authentication failed"), $XML_RPC_String)) + ) +); /* * pfSense XMLRPC errors @@ -75,20 +75,21 @@ $xmlrpc_g = array( $XML_RPC_erruser = 200; /* EXPOSED FUNCTIONS */ - $exec_php_doc = gettext("XMLRPC wrapper for eval(). This method must be called with two parameters: a string containing the local system\'s password followed by the PHP code to evaluate."); $exec_php_sig = array( - array( - $XML_RPC_Boolean, // First signature element is return value. - $XML_RPC_String, // password - $XML_RPC_String, // shell code to exec - ) - ); + array( + $XML_RPC_Boolean, // First signature element is return value. + $XML_RPC_String, // password + $XML_RPC_String, // shell code to exec + ) +); function exec_php_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $exec_php = $params[0]; eval($exec_php); if($toreturn) { @@ -99,61 +100,61 @@ function exec_php_xmlrpc($raw_params) { } /*****************************/ - $exec_shell_doc = gettext("XMLRPC wrapper for mwexec(). This method must be called with two parameters: a string containing the local system\'s password followed by an shell command to execute."); $exec_shell_sig = array( - array( - $XML_RPC_Boolean, // First signature element is return value. - $XML_RPC_String, // password - $XML_RPC_String, // shell code to exec - ) - ); - + array( + $XML_RPC_Boolean, // First signature element is return value. + $XML_RPC_String, // password + $XML_RPC_String, // shell code to exec + ) +); function exec_shell_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $shell_cmd = $params[0]; mwexec($shell_cmd); + return $xmlrpc_g['return']['true']; } - - /*****************************/ - - $backup_config_section_doc = gettext("XMLRPC wrapper for backup_config_section. This method must be called with two parameters: a string containing the local system\'s password followed by an array containing the keys to be backed up."); $backup_config_section_sig = array( - array( - $XML_RPC_Struct, // First signature element is return value. - $XML_RPC_String, - $XML_RPC_Array - ) - ); + array( + $XML_RPC_Struct, // First signature element is return value. + $XML_RPC_String, + $XML_RPC_Array + ) +); function backup_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $val = array_intersect_key($config, array_flip($params[0])); + return new XML_RPC_Response(XML_RPC_encode($val)); } /*****************************/ - $restore_config_section_doc = gettext("XMLRPC wrapper for restore_config_section. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $restore_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; @@ -168,54 +169,55 @@ function restore_config_section_xmlrpc($raw_params) { // For vip section, first keep items sent from the master $config = array_merge($config, $params[0]); // Then add ipalias and proxyarp types already defined on the backup - foreach ($vipbackup as $vip) { - if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) - $config['virtualip']['vip'][]=$vip ; + if (is_array($vipbackup)) { + foreach ($vipbackup as $vip) { + if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + array_unshift($config['virtualip']['vip'], $vip); + } } $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } - /*****************************/ - - $merge_config_section_doc = gettext("XMLRPC wrapper for merging package sections. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $merge_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function merge_installedpackages_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; $config['installedpackages'] = array_merge($config['installedpackages'], $params[0]); $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); + return $xmlrpc_g['return']['true']; } - /*****************************/ - - $merge_config_section_doc = gettext("XMLRPC wrapper for merge_config_section. This method must be called with two parameters: a string containing the local system\'s password and an array to merge into the system\'s config. This function returns true upon completion."); $merge_config_section_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String, - $XML_RPC_Struct - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String, + $XML_RPC_Struct + ) +); function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; @@ -229,23 +231,25 @@ function merge_config_section_xmlrpc($raw_params) { $mergedkeys = implode(",", array_keys($params[0])); write_config("Merged in config ({$mergedkeys} sections) from XMLRPC client."); interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $filter_configure_doc = gettext("Basic XMLRPC wrapper for filter_configure. This method must be called with one paramater: a string containing the local system\'s password. This function returns true upon completion."); $filter_configure_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String + ) +); function filter_configure_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; filter_configure(); system_routing_configure(); setup_gateways_monitor(); @@ -255,71 +259,98 @@ function filter_configure_xmlrpc($raw_params) { services_dhcpd_configure(); services_dnsmasq_configure(); local_sync_accounts(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $carp_configure_doc = gettext("Basic XMLRPC wrapper for configuring CARP interfaces."); $carp_configure_sig = array( - array( - $XML_RPC_Boolean, - $XML_RPC_String - ) - ); + array( + $XML_RPC_Boolean, + $XML_RPC_String + ) +); function interfaces_carp_configure_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; interfaces_vips_configure(); + return $xmlrpc_g['return']['true']; } /*****************************/ - $check_firmware_version_doc = gettext("Basic XMLRPC wrapper for check_firmware_version. This function will return the output of check_firmware_version upon completion."); + $check_firmware_version_sig = array( - array( - $XML_RPC_String, - $XML_RPC_String - ) - ); + array( + $XML_RPC_String, + $XML_RPC_String + ) +); function check_firmware_version_xmlrpc($raw_params) { global $xmlrpc_g, $XML_RPC_String; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + return new XML_RPC_Response(new XML_RPC_Value(check_firmware_version(false), $XML_RPC_String)); } /*****************************/ +$pfsense_firmware_version_doc = gettext("Basic XMLRPC wrapper for check_firmware_version. This function will return the output of check_firmware_version upon completion."); + +$pfsense_firmware_version_sig = array ( + array ( + $XML_RPC_Struct, + $XML_RPC_String + ) +); + +function pfsense_firmware_version_xmlrpc($raw_params) { + global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; + + return new XML_RPC_Response(XML_RPC_encode(host_firmware_version())); +} + +/*****************************/ $reboot_doc = gettext("Basic XMLRPC wrapper for rc.reboot."); $reboot_sig = array(array($XML_RPC_Boolean, $XML_RPC_String)); - function reboot_xmlrpc($raw_params) { global $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); - if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + if(!xmlrpc_auth($params)) + return $xmlrpc_g['return']['authfail']; mwexec_bg("/etc/rc.reboot"); + return $xmlrpc_g['return']['true']; } /*****************************/ - $get_notices_sig = array( - array( - $XML_RPC_Array, - $XML_RPC_String - ), - array( - $XML_RPC_Array - ) - ); + array( + $XML_RPC_Array, + $XML_RPC_String + ), + array( + $XML_RPC_Array + ) +); function get_notices_xmlrpc($raw_params) { global $g, $xmlrpc_g; + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; require("notices.inc"); @@ -329,44 +360,47 @@ function get_notices_xmlrpc($raw_params) { $toreturn = get_notices($params); } $response = new XML_RPC_Response(XML_RPC_encode($toreturn)); + return $response; } /*****************************/ - $server = new XML_RPC_Server( array( - 'pfsense.exec_shell' => array('function' => 'exec_shell_xmlrpc', - 'signature' => $exec_shell_sig, - 'docstring' => $exec_shell_doc), - 'pfsense.exec_php' => array('function' => 'exec_php_xmlrpc', - 'signature' => $exec_php_sig, - 'docstring' => $exec_php_doc), - 'pfsense.filter_configure' => array('function' => 'filter_configure_xmlrpc', - 'signature' => $filter_configure_sig, - 'docstring' => $filter_configure_doc), - 'pfsense.interfaces_carp_configure' => array('function' => 'interfaces_carp_configure_xmlrpc', - 'docstring' => $carp_configure_sig), - 'pfsense.backup_config_section' => array('function' => 'backup_config_section_xmlrpc', - 'signature' => $backup_config_section_sig, - 'docstring' => $backup_config_section_doc), - 'pfsense.restore_config_section' => array('function' => 'restore_config_section_xmlrpc', - 'signature' => $restore_config_section_sig, - 'docstring' => $restore_config_section_doc), - 'pfsense.merge_config_section' => array('function' => 'merge_config_section_xmlrpc', - 'signature' => $merge_config_section_sig, - 'docstring' => $merge_config_section_doc), - 'pfsense.merge_installedpackages_section_xmlrpc' => array('function' => 'merge_installedpackages_section_xmlrpc', - 'signature' => $merge_config_section_sig, - 'docstring' => $merge_config_section_doc), - 'pfsense.check_firmware_version' => array('function' => 'check_firmware_version_xmlrpc', - 'signature' => $check_firmware_version_sig, - 'docstring' => $check_firmware_version_doc), - 'pfsense.reboot' => array('function' => 'reboot_xmlrpc', - 'signature' => $reboot_sig, - 'docstring' => $reboot_doc), - 'pfsense.get_notices' => array('function' => 'get_notices_xmlrpc', - 'signature' => $get_notices_sig) + 'pfsense.exec_shell' => array('function' => 'exec_shell_xmlrpc', + 'signature' => $exec_shell_sig, + 'docstring' => $exec_shell_doc), + 'pfsense.exec_php' => array('function' => 'exec_php_xmlrpc', + 'signature' => $exec_php_sig, + 'docstring' => $exec_php_doc), + 'pfsense.filter_configure' => array('function' => 'filter_configure_xmlrpc', + 'signature' => $filter_configure_sig, + 'docstring' => $filter_configure_doc), + 'pfsense.interfaces_carp_configure' => array('function' => 'interfaces_carp_configure_xmlrpc', + 'docstring' => $carp_configure_sig), + 'pfsense.backup_config_section' => array('function' => 'backup_config_section_xmlrpc', + 'signature' => $backup_config_section_sig, + 'docstring' => $backup_config_section_doc), + 'pfsense.restore_config_section' => array('function' => 'restore_config_section_xmlrpc', + 'signature' => $restore_config_section_sig, + 'docstring' => $restore_config_section_doc), + 'pfsense.merge_config_section' => array('function' => 'merge_config_section_xmlrpc', + 'signature' => $merge_config_section_sig, + 'docstring' => $merge_config_section_doc), + 'pfsense.merge_installedpackages_section_xmlrpc' => array('function' => 'merge_installedpackages_section_xmlrpc', + 'signature' => $merge_config_section_sig, + 'docstring' => $merge_config_section_doc), + 'pfsense.check_firmware_version' => array('function' => 'check_firmware_version_xmlrpc', + 'signature' => $check_firmware_version_sig, + 'docstring' => $check_firmware_version_doc), + 'pfsense.host_firmware_version' => array('function' => 'pfsense_firmware_version_xmlrpc', + 'signature' => $pfsense_firmware_version_sig, + 'docstring' => $host_firmware_version_doc), + 'pfsense.reboot' => array('function' => 'reboot_xmlrpc', + 'signature' => $reboot_sig, + 'docstring' => $reboot_doc), + 'pfsense.get_notices' => array('function' => 'get_notices_xmlrpc', + 'signature' => $get_notices_sig) ) ); |