diff options
38 files changed, 1807 insertions, 853 deletions
@@ -72,7 +72,7 @@ usage() { echo " --update-poudriere-jails [-a ARCH_LIST] - Update poudriere jails using current patch versions" echo " --update-poudriere-ports - Update poudriere ports tree" echo " --update-pkg-repo - Rebuild necessary ports on poudriere and update pkg repo" - echo " --do-not-upload|-U - Do not send updated pkg repo to PKG_RSYNC_HOSTNAME" + echo " --do-not-upload|-u - Do not upload pkgs or snapshots" echo " -V VARNAME - print value of variable VARNAME" exit 1 } @@ -181,7 +181,7 @@ while test "$1" != ""; do --update-pkg-repo) BUILDACTION="update_pkg_repo" ;; - --do-not-upload|-U) + --do-not-upload|-u) export DO_NOT_UPLOAD=1 ;; all|*iso*|*ova*|*memstick*|*memstickserial*|*memstickadi*|*nanobsd*|*nanobsd-vga*|*fullupdate*) @@ -216,7 +216,6 @@ launch case $BUILDACTION in builder_setup) - update_freebsd_sources builder_setup ;; buildkernels) diff --git a/license.txt b/license.txt index 93f2f5f..c29218a 100644 --- a/license.txt +++ b/license.txt @@ -1,48 +1,45 @@ -/* ==================================================================== - * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense® software distribution. (http://www.pfsense.org/). - * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. - * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). - * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ +Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgment: + "This product includes software developed by the pfSense Project + for use in the pfSense® software distribution. (http://www.pfsense.org/). + +4. The names "pfSense" and "pfSense Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + coreteam@pfsense.org. + +5. Products derived from this software may not be called "pfSense" + nor may "pfSense" appear in their names without prior written + permission of the Electric Sheep Fencing, LLC. + +6. Redistributions of any form whatsoever must retain the following + acknowledgment: + +"This product includes software developed by the pfSense Project +for use in the pfSense software distribution (http://www.pfsense.org/). + +THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 2c8f4c8..40e2dae 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -102,7 +102,7 @@ if (!function_exists("get_menu_messages")) { foreach ($notices as $key => $value) { $date = date("m-d-y H:i:s", $key); $noticemsg = ($value['notice'] != "" ? $value['notice'] : $value['id']); - $noticemsg = preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg); + $noticemsg = strip_tags(preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg)); if ((strlen($noticemsg)* 8) > $domtt_width) { $domtt_width=(strlen($noticemsg) *8); } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index be66e8b..2e12d96 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2232,8 +2232,8 @@ function version_compare_string($a, $b) { } } function version_compare_numeric($a, $b) { - $a_arr = explode('.', rtrim($a, '.0')); - $b_arr = explode('.', rtrim($b, '.0')); + $a_arr = explode('.', rtrim($a, '.')); + $b_arr = explode('.', rtrim($b, '.')); foreach ($a_arr as $n => $val) { if (array_key_exists($n, $b_arr)) { diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index 2fa75cf..3a72295 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -344,13 +344,6 @@ function get_services() { $services[] = $pconfig; } - if (isset($config['installedpackages']['routed']) && $config['installedpackages']['routed']['config'][0]['enable']) { - $pconfig = array(); - $pconfig['name'] = "routed"; - $pconfig['description'] = gettext("RIP Daemon"); - $services[] = $pconfig; - } - if (isset($config['ipsec']['enable'])) { $pconfig = array(); $pconfig['name'] = "ipsec"; diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 333261d..d13f44a 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -725,6 +725,14 @@ EOPP; // Setup pool options foreach ($all_pools as $poolconf) { + if (!(ip_in_subnet($poolconf['range']['from'], "{$subnet}/{$ifcfgsn}") && ip_in_subnet($poolconf['range']['to'], "{$subnet}/{$ifcfgsn}"))) { + // If the user has changed the subnet from the interfaces page and applied, + // but has not updated the DHCP range, then the range to/from of the pool can be outside the subnet. + // In that case, ignore the pool and post an error. + $error_msg = sprintf(gettext("Invalid DHCP pool %s - %s for %s subnet %s/%s detected. Please correct the settings in Services, DHCP Server"), $poolconf['range']['from'], $poolconf['range']['to'], convert_real_interface_to_friendly_descr($dhcpif), $subnet, $ifcfgsn); + file_notice("DHCP", $error_msg); + continue; + } $dhcpdconf .= " pool {\n"; /* is failover dns setup? */ if (is_array($poolconf['dnsserver']) && $poolconf['dnsserver'][0] <> "") { @@ -2438,8 +2446,13 @@ function configure_cron() { file_put_contents("/etc/crontab", $crontab_contents); unset($crontab_contents); + /* make sure that cron is running and start it if it got killed somehow */ + if (!is_process_running("cron")) { + exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null"); + } else { /* do a HUP kill to force sync changes */ - sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + } conf_mount_ro(); } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 41e798e..f7987e1 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -2042,6 +2042,7 @@ function system_dmesg_save() { function system_set_harddisk_standby() { global $g, $config; + if (isset($config['system']['developerspew'])) { $mt = microtime(); echo "system_set_harddisk_standby() being called $mt\n"; @@ -2055,11 +2056,17 @@ function system_set_harddisk_standby() { $standby = $config['system']['harddiskstandby']; // Check for a numeric value if (is_numeric($standby)) { - // Sync the disk(s) - pfSense_sync(); - if (set_single_sysctl('hw.ata.standby', (int)$standby)) { - // Reinitialize ATA-drives - mwexec('/usr/local/sbin/atareinit'); + // Get only suitable candidates for standby; using get_smart_drive_list() + // from utils.inc to get the list of drives. + $harddisks = get_smart_drive_list(); + + // Since get_smart_drive_list() only matches ad|da|ada; lets put the check below + // just in case of some weird pfSense platform installs. + if (count($harddisks) > 0) { + // Iterate disks and run the camcontrol command for each + foreach ($harddisks as $harddisk) { + mwexec("/sbin/camcontrol standby {$harddisk} -t {$standby}"); + } if (platform_booting()) { echo gettext("done.") . "\n"; } diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index f5268d2..d68d495 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -258,8 +258,8 @@ function upgrade_014_to_015() { if ($config['interfaces']['wan']['gateway'] <> "") { $config['system']['gateway'] = $config['interfaces']['wan']['gateway']; } + unset($config['interfaces']['wan']['gateway']); } - unset($config['interfaces']['wan']['gateway']); /* Queues are no longer interface specific */ if (isset($config['interfaces']['lan']['schedulertype'])) { @@ -285,9 +285,12 @@ function upgrade_015_to_016() { $config['system']['alt_firmware_url']['enabled'] = ""; $config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl']; $config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename']; - unset($config['system']['firmwareurl'], $config['system']['firmwarename']); - } else { - unset($config['system']['firmwareurl'], $config['system']['firmwarename']); + } + if (isset($config['system']['firmwareurl'])) { + unset($config['system']['firmwareurl']); + } + if (isset($config['system']['firmwarename'])) { + unset($config['system']['firmwarename']); } } @@ -295,12 +298,24 @@ function upgrade_015_to_016() { function upgrade_016_to_017() { global $config; /* wipe previous shaper configuration */ - unset($config['shaper']['queue']); - unset($config['shaper']['rule']); - unset($config['interfaces']['wan']['bandwidth']); - unset($config['interfaces']['wan']['bandwidthtype']); - unset($config['interfaces']['lan']['bandwidth']); - unset($config['interfaces']['lan']['bandwidthtype']); + if (isset($config['shaper']['queue'])) { + unset($config['shaper']['queue']); + } + if (isset($config['shaper']['rule'])) { + unset($config['shaper']['rule']); + } + if (isset($config['interfaces']['wan']['bandwidth'])) { + unset($config['interfaces']['wan']['bandwidth']); + } + if (isset($config['interfaces']['wan']['bandwidthtype'])) { + unset($config['interfaces']['wan']['bandwidthtype']); + } + if (isset($config['interfaces']['lan']['bandwidth'])) { + unset($config['interfaces']['lan']['bandwidth']); + } + if (isset($config['interfaces']['lan']['bandwidthtype'])) { + unset($config['interfaces']['lan']['bandwidthtype']); + } $config['shaper']['enable'] = FALSE; } @@ -350,7 +365,9 @@ function upgrade_017_to_018() { unset($config['installedpackages']['carp']); } /* Server NAT is no longer needed */ - unset($config['nat']['servernat']); + if (isset($config['nat']['servernat'])) { + unset($config['nat']['servernat']); + } /* enable SSH */ if ($config['version'] == "1.8") { @@ -361,7 +378,7 @@ function upgrade_017_to_018() { function upgrade_018_to_019() { global $config; - $config['theme']="metallic"; + $config['theme'] = "metallic"; } @@ -412,7 +429,9 @@ function upgrade_023_to_024() { function upgrade_024_to_025() { global $config; $config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway']; - unset($config['system']['use_rrd_gateway']); + if (isset($config['system']['use_rrd_gateway'])) { + unset($config['system']['use_rrd_gateway']); + } } @@ -587,7 +606,7 @@ function upgrade_039_to_040() { $config['system']['webgui']['auth_method'] = "session"; $config['system']['webgui']['backing_method'] = "htpasswd"; - if (isset ($config['system']['username'])) { + if (isset($config['system']['username'])) { $config['system']['group'] = array(); $config['system']['group'][0]['name'] = "admins"; $config['system']['group'][0]['description'] = gettext("System Administrators"); @@ -627,8 +646,10 @@ function upgrade_039_to_040() { $config['system']['nextgid'] = "111"; /* wipe previous auth configuration */ - unset ($config['system']['username']); - unset ($config['system']['password']); + unset($config['system']['username']); + if (isset($config['system']['password'])) { + unset($config['system']['password']); + } } } @@ -1495,7 +1516,9 @@ function upgrade_050_to_051() { $pconfig['value'] = "0"; $config['sysctl']['item'][] = $pconfig; - unset($config['bridge']); + if (isset($config['bridge'])) { + unset($config['bridge']); + } $convert_bridges = false; foreach ($config['interfaces'] as $intf) { @@ -2025,7 +2048,9 @@ function upgrade_053_to_054() { if (empty($config['load_balancer'])) { unset($config['load_balancer']); } else { - unset($config['load_balancer']['lbpool']); + if (isset($config['load_balancer']['lbpool'])) { + unset($config['load_balancer']['lbpool']); + } } } else { $config['load_balancer']['lbpool'] = $lbpool_srv_arr; @@ -2978,10 +3003,10 @@ function upgrade_083_to_084() { $config['hasync'] = $config['installedpackages']['carpsettings']['config'][0]; unset($config['installedpackages']['carpsettings']); } - if (empty($config['installedpackages']['carpsettings'])) { + if (empty($config['installedpackages']['carpsettings']) && isset($config['installedpackages']['carpsettings'])) { unset($config['installedpackages']['carpsettings']); } - if (empty($config['installedpackages'])) { + if (empty($config['installedpackages']) && isset($config['installedpackages'])) { unset($config['installedpackages']); } } @@ -3393,8 +3418,12 @@ function upgrade_102_to_103() { $config['nat']['outbound'] = $config['nat']['advancedoutbound']; - unset($config['nat']['ipsecpassthru']); - unset($config['nat']['advancedoutbound']); + if (isset($config['nat']['ipsecpassthru'])) { + unset($config['nat']['ipsecpassthru']); + } + if (isset($config['nat']['advancedoutbound'])) { + unset($config['nat']['advancedoutbound']); + } } function upgrade_103_to_104() { @@ -3685,18 +3714,20 @@ function upgrade_111_to_112() { function upgrade_112_to_113() { global $config; - if (isset($config['notifications']['smtp']['ssl']) && - $config['notifications']['smtp']['ssl'] == "checked") { - $config['notifications']['smtp']['ssl'] = true; - } else { - unset($config['notifications']['smtp']['ssl']); + if (isset($config['notifications']['smtp']['ssl'])) { + if ($config['notifications']['smtp']['ssl'] == "checked") { + $config['notifications']['smtp']['ssl'] = true; + } else { + unset($config['notifications']['smtp']['ssl']); + } } - if (isset($config['notifications']['smtp']['tls']) && - $config['notifications']['smtp']['tls'] == "checked") { - $config['notifications']['smtp']['tls'] = true; - } else { - unset($config['notifications']['smtp']['tls']); + if (isset($config['notifications']['smtp']['tls'])) { + if ($config['notifications']['smtp']['tls'] == "checked") { + $config['notifications']['smtp']['tls'] = true; + } else { + unset($config['notifications']['smtp']['tls']); + } } } diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup index 3d53233..6d9e77f 100755 --- a/src/etc/rc.php_ini_setup +++ b/src/etc/rc.php_ini_setup @@ -139,10 +139,6 @@ PHPMODULES="$PHPMODULES filter" PHP_ZEND_MODULES="" -if [ "$LOWMEM" != "TRUE" ]; then - PHP_ZEND_MODULES="$PHP_ZEND_MODULES opcache" -fi - # Modules previously included. # can be turned on by touching # /etc/php_dynamodules/$modulename @@ -242,6 +238,11 @@ opcache.enable_cli="0" opcache.memory_consumption="${OPCACHEMEMSIZE}" EOF +else + /bin/cat >>/usr/local/lib/php.ini <<EOF +; opcache Settings +opcache.enabled="0" +EOF fi /bin/cat >>/usr/local/lib/php.ini <<EOF diff --git a/src/usr/local/bin/mail.php b/src/usr/local/bin/mail.php index 130d9e0..001ee67 100755 --- a/src/usr/local/bin/mail.php +++ b/src/usr/local/bin/mail.php @@ -13,7 +13,7 @@ if ($options['s'] <> "") { $in = file("php://stdin"); -foreach ($in as $line){ +foreach ($in as $line) { $message .= "$line"; } diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php index 7116f2e..b048f5e 100644 --- a/src/usr/local/www/diag_confbak.php +++ b/src/usr/local/www/diag_confbak.php @@ -51,24 +51,25 @@ if (isset($_POST['backupcount'])) { $changedescr = "(platform default)"; } write_config("Changed backup revision count to {$changedescr}"); -} elseif ($_POST) { - if (!isset($_POST['confirm']) || ($_POST['confirm'] != gettext("Confirm")) || (!isset($_POST['newver']) && !isset($_POST['rmver']))) { +} elseif ($_GET) { + if (!isset($_GET['newver']) && !isset($_GET['rmver']) && !isset($_GET['getcfg']) && !isset($_GET['diff'])) { header("Location: diag_confbak.php"); return; } conf_mount_rw(); $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); - if ($_POST['newver'] != "") { - if (config_restore($g['conf_path'] . '/backup/config-' . $_POST['newver'] . '.xml') == 0) { - $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['newver']), htmlspecialchars($confvers[$_POST['newver']]['description'])); + + if ($_GET['newver'] != "") { + if (config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) { + $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), htmlspecialchars($confvers[$_GET['newver']]['description'])); } else { $savemsg = gettext("Unable to revert to the selected configuration."); } } - if ($_POST['rmver'] != "") { - unlink_if_exists($g['conf_path'] . '/backup/config-' . $_POST['rmver'] . '.xml'); - $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']), htmlspecialchars($confvers[$_POST['rmver']]['description'])); + if ($_GET['rmver'] != "") { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml'); + $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']), htmlspecialchars($confvers[$_GET['rmver']]['description'])); } conf_mount_ro(); } @@ -112,256 +113,172 @@ unset($confvers['versions']); $pgtitle = array(gettext("Diagnostics"), gettext("Configuration History")); include("head.inc"); -if ($savemsg) - print_info_box($savemsg); +if ($savemsg) { + print_info_box($savemsg, 'success'); +} + +if ($diff) { ?> - <?php if ($diff):?> - <h3><?=gettext("Configuration diff from")?><?=date(gettext("n/j/y H:i:s"), $oldtime)?><?=gettext("to")?><?=date(gettext("n/j/y H:i:s"), $newtime)?></h3> - <pre><?php foreach ($diff as $line) { - switch (substr($line, 0, 1)) { - case "+": - $color = "#caffd3"; - break; - case "-": - $color = "#ffe8e8"; - break; - case "@": - $color = "#a0a0a0"; - break; - default: - $color = "#ffffff"; - } +<div class="panel panel-default"> + <div class="panel-heading"><?=gettext("Configuration diff from ")?><?=date(gettext("n/j/y H:i:s"), $oldtime); ?><?=gettext(" to ")?><?=date(gettext("n/j/y H:i:s"), $newtime); ?></div> + <div class="panel-body table-responsive"> + <!-- This table is left un-bootstrapped to maintain the original diff format output --> + <table style="padding-top: 4px; padding-bottom: 4px; vertical-align:middle;"> - print '<span style="background-color: '.$color .'">'. htmlentities($line) .'</span><br/>'; - } - ?></pre> -<?php endif?> -<?PHP if ($_GET["newver"] || $_GET["rmver"]):?> - <h2><?=gettext("Confirm Action")?></h2> - <form action="diag_confbak.php" method="post"> - <div class="alert alert-danger"> - <p><?=gettext("Please confirm you wish to ")?> - <?PHP - if (!empty($_GET["newver"])) { - echo gettext("restore from Configuration Backup"); - $target_config = $_GET["newver"]?> - <input type="hidden" name="newver" value="<?PHP echo htmlspecialchars($_GET["newver"])?>" /> - <?PHP - } elseif (!empty($_GET["rmver"])) { - echo gettext("remove Configuration Backup"); - $target_config = $_GET["rmver"]?> - <input type="hidden" name="rmver" value="<?PHP echo htmlspecialchars($_GET["rmver"])?>" /> - <?PHP - } ?> - <?PHP echo gettext("revert to configuration from ")?> <?=date(gettext("n/j/y H:i:s"), $target_config)?> - <br /> - <input type="submit" name="confirm" value="<?PHP echo gettext("Confirm")?>" /> - </p> - </div> - </form> -<?PHP else:?> <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Config History"), true, "diag_confbak.php"); - $tab_array[1] = array(gettext("Backup/Restore"), false, "diag_backup.php"); - display_top_tabs($tab_array); + foreach ($diff as $line) { + switch (substr($line, 0, 1)) { + case "+": + $color = "#caffd3"; + break; + case "-": + $color = "#ffe8e8"; + break; + case "@": + $color = "#a0a0a0"; + break; + default: + $color = "#ffffff"; + } +?> + <tr> + <td valign="middle" bgcolor="<?=$color; ?>" style="white-space: pre-wrap;"><?=htmlentities($line)?></td> + </tr> +<?php + } ?> - <form action="diag_confbak.php" method="post"> - <div class="form-group"> - <label for="backupcount" class="col-sm-2 control-label"><?=gettext("Backup Count")?></label> - <div class="col-sm-10"> - <input name="backupcount" type="number" class="form-control" size="5" value="<?=htmlspecialchars($config['system']['backupcount'])?>" /> - <?=gettext("Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD.")?> - </div> - </div> + </table> + </div> +</div> +<?php +} - <div class="form-group"> - <div class="col-sm-offset-2 col-sm-10"> - <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save")?>" /> - <p><?=gettext("Current space used by backups: ")?><?=exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'")?></p> - </div> - </div> - </form> -<?php if (!is_array($confvers)): ?> - <?php print_info_box(gettext("No backups found."))?> -<?php else: ?> - <form action="diag_confbak.php" method="get"> - <div class="table-responsive"> - <table class="table table-striped table-hover"> - <thead> - <tr> - <th><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Diff")?>" /></th> - <th><?=gettext("Date")?></th> - <th><?=gettext("Version")?></th> - <th><?=gettext("Size")?></th> - <th><?=gettext("Configuration Change")?></th> - <th></th> - </tr> - </thead> +$tab_array = array(); +$tab_array[] = array(gettext("Config History"), true, "diag_confbak.php"); +$tab_array[] = array(gettext("Backup/Restore"), false, "diag_backup.php"); +display_top_tabs($tab_array); - <tbody> - <tr> - <td> - <input type="radio" name="oldtime" disabled="disabled" /> - <input type="radio" name="newtime" value="current" <?=($_GET['newtime']==$version['time'] ? ' checked="checked"' : '')?>/> - </td> - <td><?=date(gettext("n/j/y H:i:s"), $config['revision']['time'])?></td> - <td><?=$config['version']?></td> - <td><?=format_bytes(filesize("/conf/config.xml"))?></td> - <td><?=$config['revision']['description']?></td> - <td><i><?=gettext("Current")?></i></td> - </tr> - <?php - foreach ($confvers as $version): - if ($version['time'] != 0) - $date = date(gettext("n/j/y H:i:s"), $version['time']); - else - $date = gettext("Unknown"); - ?> - <tr> - <td> - <div id="mainarea"> - <form action="diag_confbak.php" method="post"> - <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont"> +require('classes/Form.class.php'); -<?php if ($_GET["newver"] || $_GET["rmver"]): ?> - <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Confirm Action"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"> </td> - <td width="78%" class="vtable"> +$form = new Form(new Form_Button( + 'Submit', + gettext("Save") +)); - <strong><?php echo gettext("Please confirm the selected action"); ?></strong>: - <br /> - <br /><strong><?php echo gettext("Action"); ?>:</strong> - <?php if (!empty($_GET["newver"])) { - echo gettext("Restore from Configuration Backup"); - $target_config = $_GET["newver"]; ?> - <input type="hidden" name="newver" value="<?php echo htmlspecialchars($_GET["newver"]); ?>" /> - <?php } elseif (!empty($_GET["rmver"])) { - echo gettext("Remove Configuration Backup"); - $target_config = $_GET["rmver"]; ?> - <input type="hidden" name="rmver" value="<?php echo htmlspecialchars($_GET["rmver"]); ?>" /> - <?php } ?> - <br /><strong><?php echo gettext("Target Configuration"); ?>:</strong> - <?php echo sprintf(gettext('Timestamp %1$s'), date(gettext("n/j/y H:i:s"), $target_config)); ?> - <br /><input type="submit" name="confirm" value="<?php echo gettext("Confirm"); ?>" /> - </td> - </tr> -<?php else: ?> +$section = new Form_Section('Saved Configurations'); - <tr> - <td width="10%"> </td> - <td width="15%" valign="top"><?=gettext("Backup Count");?></td> - <td width="10%"> - <input name="backupcount" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($config['system']['backupcount']);?>"/> - </td> - <td width="60%"> - <?= gettext("Enter the number of older configurations to keep in the local backup cache. By default this is 30 for a full install or 5 on NanoBSD."); ?> - </td> - <td width= "5%"><input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /></td> - </tr> - <tr> - <td class="vncell"> </td> - <td colspan="4" class="vncell"> - <?= gettext("NOTE: Be aware of how much space is consumed by backups before adjusting this value. Current space used by backups: "); ?> <?= exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'") ?> - </td> - </tr> - </table> - </form> - <form action="diag_confbak.php" method="get"> - <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="difference"> - <?php if (is_array($confvers)): ?> - <tr> - <td colspan="7" class="list"> - <?= gettext("To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button."); ?> - <br /><br /> - </td> - </tr> - <tr> - <td width="5%" colspan="2" valign="middle" align="center" class="list nowrap"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td> - <td width="20%" class="listhdrr"><?=gettext("Date");?></td> - <td width="5%" class="listhdrr"><?=gettext("Version");?></td> - <td width="5%" class="listhdrr"><?=gettext("Size");?></td> - <td width="60%" class="listhdrr"><?=gettext("Configuration Change");?></td> - <td width="5%" class="list"> </td> - </tr> - <tr valign="top"> - <td valign="middle" class="list nowrap"></td> - <td class="list"> - <input type="radio" name="newtime" value="current" /> - </td> - <td class="listlr"> <?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td> - <td class="listr"> <?= $config['version'] ?></td> - <td class="listr"> <?= format_bytes(filesize("/conf/config.xml")) ?></td> - <td class="listr"> <?= htmlspecialchars($config['revision']['description']) ?></td> - <td valign="middle" class="list nowrap"><b><?=gettext("Current");?></b></td> - </tr> - <?php - $c = 0; - foreach ($confvers as $version): - if ($version['time'] != 0) { - $date = date(gettext("n/j/y H:i:s"), $version['time']); - } else { - $date = gettext("Unknown"); - } - ?> - <tr valign="top"> - <td class="list"> - <input type="radio" name="oldtime" value="<?php echo $version['time'];?>" /> - </td> - <td class="list"> - <?php if ($c < (count($confvers) - 1)) { ?> - <input type="radio" name="newtime" value="<?php echo $version['time'];?>" /> - <?php } else { ?> - - <?php } - $c++; ?> - </td> - <td class="listlr"> <?= $date ?></td> - <td class="listr"> <?= $version['version'] ?></td> - <td class="listr"> <?= format_bytes($version['filesize']) ?></td> - <td class="listr"> <?= htmlspecialchars($version['description']) ?></td> - <td valign="middle" class="list nowrap"> - <a href="diag_confbak.php?newver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="<?=gettext("Revert to this configuration");?>" title="<?=gettext("Revert to this configuration");?>" /> - </a> - <a href="diag_confbak.php?rmver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("Remove this backup");?>" title="<?=gettext("Remove this backup");?>" /> - </a> - <a href="diag_confbak.php?getcfg=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="<?=gettext("Download this backup");?>" title="<?=gettext("Download this backup");?>" /> - </a> - </td> - </tr> - <?php endforeach; ?> - <tr> - <td colspan="2"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td> - <td colspan="5"></td> - </tr> - <?php else: ?> - <tr> - <td> - <?php print_info_box(gettext("No backups found.")); ?> - </td> - </tr> - <?php endif; ?> -<?php endif; ?> - </table> - </form> - </div> - </td> - </tr> - <?php endforeach?> - </tbody> - <tfoot> - <tr> - <td colspan="6"><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Compare selected")?>" /></td> - </tr> - <?php endif; ?> -<?php endif?> - </table> - </div> +$section->addInput(new Form_Input( + 'backupcount', + 'Backup Count', + 'number', + $config['system']['backupcount'] +))->setHelp('Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD. '); + +$space = exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'"); + +$section->addInput(new Form_StaticText( + 'Current space used by backups', + $space +)); + +$form->add($section); + +print($form); + +if (is_array($confvers)) { + print_info_box(gettext('To view the differences between an older configuration and a newer configuration, ' . + 'select the older configuration using the left column of radio options and select the newer configuration in the right column, ' . + 'then press the "Diff" button.')); +} +?> + +<form action="diag_confbak.php" method="get"> + <div class="table-resposive"> + <table class="table table-striped table-hover table-condensed"> +<?php +if (is_array($confvers)): +?> + <thead> + <tr> + <th colspan="2"> + <input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" /> + </th> + <th><?=gettext("Date")?></th> + <th><?=gettext("Version")?></th> + <th><?=gettext("Size")?></th> + <th><?=gettext("Configuration Change")?></th> + <th><?=gettext("Actions")?></th> + </tr> + </thead> + <tbody> + <!-- First row is the current configuration --> + <tr valign="top"> + <td></td> + <td> + <input type="radio" name="newtime" value="current" /> + </td> + <td><?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td> + <td><?= $config['version'] ?></td> + <td><?= format_bytes(filesize("/conf/config.xml")) ?></td> + <td><?= htmlspecialchars($config['revision']['description']) ?></td> + <td><?=gettext("Current configuration")?></td> + </tr> +<?php + // And now for hte table of prior backups + $c = 0; + foreach ($confvers as $version): + if ($version['time'] != 0) { + $date = date(gettext("n/j/y H:i:s"), $version['time']); + } else { + $date = gettext("Unknown"); + } +?> + <tr> + <td> + <input type="radio" name="oldtime" value="<?=$version['time']?>" /> + </td> + <td> +<?php + if ($c < (count($confvers) - 1)) { +?> + <input type="radio" name="newtime" value="<?=$version['time']?>" /> +<?php + } + $c++; +?> + </td> + <td><?= $date ?></td> + <td><?= $version['version'] ?></td> + <td><?= format_bytes($version['filesize']) ?></td> + <td><?= htmlspecialchars($version['description']) ?></td> + <td> + <a href="diag_confbak.php?newver=<?=$version['time']?>" class="btn btn-xs btn-success" + onclick="return confirm('<?=gettext("Are you sure you want to replace the current configuration with this backup?")?>')"> + <?=gettext("Revert")?> + </a> + <a href="diag_confbak.php?rmver=<?=$version['time']?>" class="btn btn-xs btn-danger"> + <?=gettext("Delete")?> + </a> + <a href="diag_confbak.php?getcfg=<?=$version['time']?>" class="btn btn-xs btn-default"> + <?=gettext("Download")?> + </a> + </td> + </tr> +<?php + endforeach; +?> + <tr> + <td colspan="2"><input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" /></td> + <td colspan="5"></td> + </tr> +<?php +else: + print_info_box(gettext("No backups found."), 'danger'); +endif; +?> + </tbody> + </table> </form> -<?php include("foot.inc")?>
\ No newline at end of file +</div> + +<?php include("foot.inc"); diff --git a/src/usr/local/www/diag_logs_settings.php b/src/usr/local/www/diag_logs_settings.php index ed2d141..94b1b6b 100644 --- a/src/usr/local/www/diag_logs_settings.php +++ b/src/usr/local/www/diag_logs_settings.php @@ -4,54 +4,54 @@ diag_logs_settings.php */ /* ==================================================================== - * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * Copyright (c) 2004-9 Scott Ullrich + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004-9 Scott Ullrich * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution. (http://www.pfsense.org/). + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. * - * ==================================================================== + * ==================================================================== * */ @@ -104,9 +104,9 @@ if (!$pconfig['nentries']) { function is_valid_syslog_server($target) { return (is_ipaddr($target) - || is_ipaddrwithport($target) - || is_hostname($target) - || is_hostnamewithport($target)); + || is_ipaddrwithport($target) + || is_hostname($target) + || is_hostnamewithport($target)); } if ($_POST['resetlogs'] == gettext("Reset Log Files")) { @@ -212,14 +212,14 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Settings")); include("head.inc"); -$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") . +$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") . '<br /><br />' . gettext("NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, you must first save the options to set the size, then clear all logs using the \"Reset Log Files\" option farther down this page. ") . gettext("Be aware that increasing this value increases every log file size, so disk usage will increase significantly.") . '<br /><br />' . gettext("Disk space currently used by log files is: ") . exec("/usr/bin/du -sh /var/log | /usr/bin/awk '{print $1;}'") . gettext(" Remaining disk space for log files: ") . exec("/bin/df -h /var/log | /usr/bin/awk '{print $4;}'"); -$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") . +$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") . gettext("If you pick a single IP, remote syslog severs must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.") . "<br /><br />" . gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses."); @@ -349,7 +349,7 @@ $section->addInput(new Form_Checkbox( 'Enable Remote Logging', 'Send log messages to remote syslog server', $pconfig['enable'] -))->toggles('.toggle-remote .panel-body .form-group:not(:first-child)'); +)); $section->addInput(new Form_Select( 'sourceip', @@ -363,10 +363,12 @@ $section->addInput(new Form_Select( 'IP Protocol', $ipproto, array('ipv4' => 'IPv4', 'ipv6' => 'IPv6') -))->setHelp('This option is only used when a non-default address is chosen as the source above. This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.'); +))->setHelp('This option is only used when a non-default address is chosen as the source above. ' . + 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.'); // Group collapses/appears based on 'enable' checkbox above $group = new Form_Group('Remote log servers'); +$group->addClass('remotelogging'); $group->add(new Form_Input( 'remoteserver', @@ -395,6 +397,8 @@ $group->add(new Form_Input( $section->add($group); $group = new Form_MultiCheckboxGroup('Remote Syslog Contents'); +$group->addClass('remotelogging'); + $group->add(new Form_MultiCheckbox( 'logall', null, @@ -478,6 +482,22 @@ print $form; <script> //<![CDATA[ events.push(function(){ + + function hideSelect(id, hide) { + if(hide) + $('#' + id).parent('div').parent('div').addClass('hidden'); + else + $('#' + id).parent('div').parent('div').removeClass('hidden'); + } + + // Hides all elements of the specified class. This will usually be a section + function hideClass(s_class, hide) { + if(hide) + $('.' + s_class).hide(); + else + $('.' + s_class).show(); + } + function hideInput(id, hide) { if(hide) $('#' + id).parent().addClass('hidden'); @@ -509,8 +529,19 @@ events.push(function(){ disableEverything(); }); + $('#enable').click(function () { + hideClass('remotelogging', !this.checked); + hideSelect('sourceip', !this.checked); + hideSelect('ipproto', !this.checked); + }); + + + // On page load . . disableEverything(); + hideClass('remotelogging', !$('#enable').prop('checked')); + hideSelect('sourceip', !$('#enable').prop('checked')); + hideSelect('ipproto', !$('#enable').prop('checked')); }); //]]> </script> diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index c7be7d9..5ffb7e5 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -132,7 +132,7 @@ if ($_GET['act'] == "del") { // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if ($is_alias_referenced == true) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); + $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by)); } else { unset($a_aliases[$_GET['id']]); if (write_config()) { diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 2b15c80..a75be46 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -850,7 +850,7 @@ $group->add(new Form_Input( 'localbeginport_cust', null, 'number', - $pconfig['localbeginport_cust'], + $pconfig['localbeginport'], ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 8b77041..184cadb 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1193,7 +1193,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'proto', 'Protocol', - $pconfig['ipprotocol'], + $pconfig['proto'], array( 'tcp' => 'TCP', 'udp' => 'UDP', @@ -1211,7 +1211,7 @@ $section->addInput(new Form_Select( 'carp' => 'CARP', 'pfsync' => 'PFSYNC', ) -))->setHelp('Choose which IP protocol this rule should match. In most cases, you should specify TCP here.'); +))->setHelp('Choose which IP protocol this rule should match.'); $section->addInput(new Form_Select( 'icmptype', @@ -1294,7 +1294,7 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { ))->removeClass('btn-primary'); } - $portValues = ['any' => 'any', '' => '(other)']; + $portValues = ['' => '(other)', 'any' => 'any']; foreach ($wkports as $port => $portName) $portValues[$port] = $portName.' ('. $port .')'; @@ -1477,18 +1477,11 @@ $section->addInput(new Form_Input( ['min' => 1, 'max' => 3600] ))->setHelp('State Timeout in seconds (TCP only)'); -//$form->add($section); -//$section = new Form_Section('TCP Flags'); -//$section->addClass('tcpflags'); - $section->addInput(new Form_StaticText( 'TCP Flags', build_flag_table() ))->setHelp('Use this to choose TCP flags that must be set or cleared for this rule to match.'); -// $form->add($section); -// $section = new Form_Section('State Type'); - $section->addInput(new Form_Checkbox( 'nopfsync', 'No pfSync', @@ -1976,4 +1969,4 @@ events.push(function(){ </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php new file mode 100644 index 0000000..c92ace9 --- /dev/null +++ b/src/usr/local/www/firewall_virtual_ip_edit.php @@ -0,0 +1,561 @@ +<?php +/* $Id$ */ +/* + + firewall_virtual_ip_edit.php +*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004 Scott Ullrich + * Copyright (c) 2005 Bill Marquette <bill.marquette@gmail.com> + * Originally part of pfSense (https://www.pfsense.org) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ +/* + pfSense_BUILDER_BINARIES: /sbin/ifconfig + pfSense_MODULE: interfaces +*/ + +##|+PRIV +##|*IDENT=page-firewall-virtualipaddress-edit +##|*NAME=Firewall: Virtual IP Address: Edit page +##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page. +##|*MATCH=firewall_virtual_ip_edit.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("filter.inc"); +require("shaper.inc"); + +if (!is_array($config['virtualip']['vip'])) { + $config['virtualip']['vip'] = array(); +} + +$a_vip = &$config['virtualip']['vip']; + +if (is_numericint($_GET['id'])) { + $id = $_GET['id']; +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { + $id = $_POST['id']; +} + +function return_first_two_octets($ip) { + $ip_split = explode(".", $ip); + return $ip_split[0] . "." . $ip_split[1]; +} + +function find_last_used_vhid() { + global $config, $g; + + $vhid = 0; + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['vhid'] > $vhid) { + $vhid = $vip['vhid']; + } + } + + return $vhid; +} + +if (isset($id) && $a_vip[$id]) { + $pconfig['mode'] = $a_vip[$id]['mode']; + $pconfig['vhid'] = $a_vip[$id]['vhid']; + $pconfig['advskew'] = $a_vip[$id]['advskew']; + $pconfig['advbase'] = $a_vip[$id]['advbase']; + $pconfig['password'] = $a_vip[$id]['password']; + $pconfig['range'] = $a_vip[$id]['range']; + $pconfig['subnet'] = $a_vip[$id]['subnet']; + $pconfig['subnet_bits'] = $a_vip[$id]['subnet_bits']; + $pconfig['noexpand'] = $a_vip[$id]['noexpand']; + $pconfig['descr'] = $a_vip[$id]['descr']; + $pconfig['type'] = $a_vip[$id]['type']; + $pconfig['interface'] = $a_vip[$id]['interface']; + $pconfig['uniqid'] = $a_vip[$id]['interface']; +} else { + $lastvhid = find_last_used_vhid(); + $lastvhid++; + $pconfig['vhid'] = $lastvhid; + $pconfig['uniqid'] = uniqid(); +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "mode"); + $reqdfieldsn = array(gettext("Type")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if ($_POST['subnet']) { + $_POST['subnet'] = trim($_POST['subnet']); + } + + if ($_POST['subnet']) { + if (!is_ipaddr($_POST['subnet'])) { + $input_errors[] = gettext("A valid IP address must be specified."); + } else { + if (isset($id) && isset($a_vip[$id])) { + $ignore_if = $a_vip[$id]['interface']; + $ignore_mode = $a_vip[$id]['mode']; + if (isset($a_vip[$id]['vhid'])) { + $ignore_vhid = $a_vip[$id]['vhid']; + } + } else { + $ignore_if = $_POST['interface']; + $ignore_mode = $_POST['mode']; + } + + if (!isset($ignore_vhid)) { + $ignore_vhid = $_POST['vhid']; + } + + if ($ignore_mode == 'carp') { + $ignore_if .= "_vip{$ignore_vhid}"; + } else { + $ignore_if .= "_virtualip{$id}"; + } + + if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) { + $input_errors[] = gettext("This IP address is being used by another interface or VIP."); + } + + unset($ignore_if, $ignore_mode); + } + } + + $natiflist = get_configured_interface_with_descr(); + foreach ($natiflist as $natif => $natdescr) { + if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { + $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); + } + } + + /* ipalias and carp should not use network or broadcast address */ + if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") { + if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") { + $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']); + $broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']); + } else if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") { + $network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']); + $broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']); + } + + if (isset($network_addr) && $_POST['subnet'] == $network_addr) { + $input_errors[] = gettext("You cannot use the network address for this VIP"); + } else if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) { + $input_errors[] = gettext("You cannot use the broadcast address for this VIP"); + } + } + + /* make sure new ip is within the subnet of a valid ip + * on one of our interfaces (wan, lan optX) + */ + switch ($_POST['mode']) { + case 'carp': + /* verify against reusage of vhids */ + $idtracker = 0; + foreach($config['virtualip']['vip'] as $vip) { + if($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker != $id) + $input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."),$_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface'])); + $idtracker++; + } + + if (empty($_POST['password'])) + $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); + + if ($_POST['interface'] == 'lo0') + $input_errors[] = gettext("For this type of vip localhost is not allowed."); + else if (strpos($_POST['interface'], '_vip')) + $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); + + break; + case 'ipalias': + if (strstr($_POST['interface'], "_vip")) { + if (is_ipaddrv4($_POST['subnet'])) { + $parent_ip = get_interface_ip($_POST['interface']); + $parent_sn = get_interface_subnet($_POST['interface']); + $subnet = gen_subnet($parent_ip, $parent_sn); + } else if (is_ipaddrv6($_POST['subnet'])) { + $parent_ip = get_interface_ipv6($_POST['interface']); + $parent_sn = get_interface_subnetv6($_POST['interface']); + $subnet = gen_subnetv6($parent_ip, $parent_sn); + } + + if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && + !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) { + $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; + $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + } + + unset($parent_ip, $parent_sn, $subnet); + } + + break; + default: + if ($_POST['interface'] == 'lo0') + $input_errors[] = gettext("For this type of vip localhost is not allowed."); + else if (strpos($_POST['interface'], '_vip')) + $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); + + break; + } + + if (!$input_errors) { + $vipent = array(); + + $vipent['mode'] = $_POST['mode']; + $vipent['interface'] = $_POST['interface']; + + /* ProxyARP specific fields */ + if ($_POST['mode'] === "proxyarp") { + if ($_POST['type'] == "range") { + $vipent['range']['from'] = $_POST['range_from']; + $vipent['range']['to'] = $_POST['range_to']; + + } + + $vipent['noexpand'] = isset($_POST['noexpand']); + } + + /* CARP specific fields */ + if ($_POST['mode'] === "carp") { + $vipent['vhid'] = $_POST['vhid']; + $vipent['uniqid'] = $_POST['uniqid']; + $vipent['advskew'] = $_POST['advskew']; + $vipent['advbase'] = $_POST['advbase']; + $vipent['password'] = $_POST['password']; + } + + /* Common fields */ + $vipent['descr'] = $_POST['descr']; + if (isset($_POST['type'])) { + $vipent['type'] = $_POST['type']; + } else { + $vipent['type'] = "single"; + } + + if ($vipent['type'] == "single" || $vipent['type'] == "network") { + if (!isset($_POST['subnet_bits'])) { + $vipent['subnet_bits'] = "32"; + } else { + $vipent['subnet_bits'] = $_POST['subnet_bits']; + } + + $vipent['subnet'] = $_POST['subnet']; + } + + if (!isset($id)) { + $id = count($a_vip); + } + if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) { + $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply")); + } else { + $toapplylist = array(); + } + + $toapplylist[$id] = $a_vip[$id]; + + if (!empty($a_vip[$id])) { + /* modify all virtual IP rules with this address */ + for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { + if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) { + $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; + } + } + } + + $a_vip[$id] = $vipent; + + if (write_config()) { + mark_subsystem_dirty('vip'); + file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist)); + } + + header("Location: firewall_virtual_ip.php"); + exit; + } +} + +$ipaliashelp = gettext('The mask must be the network\'s subnet mask. It does not specify a CIDR range.'); +$proxyarphelp = gettext('Enter a CIDR block of proxy ARP addresses.'); + +$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Address"),gettext("Edit")); +include("head.inc"); + +function build_if_list() { + $list = array(); + + $interfaces = get_configured_interface_with_descr(false, true); + $carplist = get_configured_carp_interface_list(); + + foreach ($carplist as $cif => $carpip) + $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + + $interfaces['lo0'] = 'Localhost'; + + return($interfaces); +} + +if ($input_errors) + print_input_errors($input_errors); + +require('classes/Form.class.php'); + +$form = new Form(); + +$section = new Form_Section('Edit Virtual IP'); + +$group = new Form_Group('Type'); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'IP Alias', + ($pconfig['mode'] == "ipalias"), + 'ipalias' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'CARP', + ($pconfig['mode'] == "carp"), + 'carp' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'Proxy ARP', + ($pconfig['mode'] == "proxyarp"), + 'proxyarp' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'Other', + ($pconfig['mode'] == "other"), + 'other' +))->displayAsRadio(); + +$section->add($group); + +$section->addInput(new Form_Select( + 'interface', + 'Interface', + $pconfig['interface'], + build_if_list() +)); + +$section->addInput(new Form_Select( + 'type', + 'Address type', + ((!$pconfig['range'] && $pconfig['subnet_bits'] == 32) || (!isset($pconfig['subnet']))) ? 'single':'network', + array( + 'single' => 'Single address', + 'network' => 'Network' + ) +))->addClass('typesel'); + +$section->addInput(new Form_IpAddress( + 'subnet', + 'Address(es)', + $pconfig['subnet'] +))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp('<span id="address_note"></span>'); + +$section->addInput(new Form_Checkbox( + 'noexpand', + 'Expansion', + 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ', + isset($pconfig['noexpand']) +)); + +$section->addInput(new Form_Input( + 'password', + 'Virtual IP Password', + 'password', + $pconfig['password'] +))->setHelp('Enter the VHID group password.'); + +$section->addInput(new Form_Select( + 'vhid', + 'VHID Group', + $pconfig['vhid'], + array_combine(range(1, 255, 1), range(1, 255, 1)) +))->setHelp('Enter the VHID group that the machines will share'); + +$group = new Form_Group('Advertising frequency'); +$group->add(new Form_Select( + 'advbase', + 'Base', + $pconfig['advbase'], + array_combine(range(1, 254, 1), range(1, 254, 1)) +))->setHelp('Base'); + +$group->add(new Form_Select( + 'advskew', + 'Skew', + $pconfig['advskew'], + array_combine(range(0, 254, 1), range(0, 254, 1)) +))->setHelp('Skew'); + +$group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.'); + +$section->add($group); + +$section->addInput(new Form_Input( + 'descr', + 'Description', + 'text', + $pconfig['descr'] +))->setHelp('You may enter a description here for your reference (not parsed).'); + +if (isset($id) && $a_vip[$id]){ + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); +} + +$section->addInput(new Form_Input( + 'uniqid', + null, + 'hidden', + $pconfig['uniqid'] +)); + +$form->add($section); + +print($form); + +print_info_box(gettext("Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these types.") . '<br />' . + sprintf(gettext("For more information on CARP and the above values, visit the OpenBSD %s"), '<a href="http://www.openbsd.org/faq/pf/carp.html">CARP FAQ"</a>')); +?> + +<script> +//<![CDATA[ +events.push(function(){ + + // Hides the <div> in which the specified checkbox lives so that the checkbox, its label and help text are hidden + function hideCheckbox(id, hide) { + if(hide) + $('#' + id).parent().parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent().parent('div').removeClass('hidden'); + } + + // Disables the specified input element + function disableInput(id, disable) { + $('#' + id).prop("disabled", disable); + } + + // Hide/show input elements depending on the 'mode' radio button setting + function check_mode() { + var mode = $("input[name=mode]:checked").val(); + + disableInput('vhid', true); + disableInput('advbase', true); + disableInput('advskew', true); + disableInput('subnet_bits', true); + disableInput('type', true); + disableInput('password', true); + hideCheckbox('noexpand', true); + + if(mode == 'ipalias') { + $('#address_note').html("<?=$ipaliashelp?>"); + disableInput('subnet_bits', false); + $('#type').val('single'); + + } + else if(mode == 'carp') { + $('#address_note').html("<?=$ipaliashelp?>"); + disableInput('vhid', false); + disableInput('advbase', false); + disableInput('advskew', false); + disableInput('subnet_bits', false); + disableInput('password', false); + $('#type').val('single'); + } + else if(mode == 'proxyarp') { + $('#address_note').html("<?=$proxyarphelp?>"); + disableInput('type', false); + disableInput('subnet_bits', $('#type').val() == 'single'); + } + else { + $('#address_note').html(''); + disableInput('type', false); + } + } + + // When radio buttons are clicked . . + $('input:radio[name=mode]').click(function() { + check_mode(); + }); + + // On clicking the address type selector + $('#type').on('change', function() { + check_mode(); + hideCheckbox('noexpand', (this.value == 'single')); + }); + + // On initial page load + check_mode(); +}); +//]]> +</script> + +<?php + +include("foot.inc"); diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index 5316ee2..d3309d9 100755 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -323,7 +323,7 @@ if(! $g['disablehelpmenu']) { <ul class="dropdown-menu" role="menu"><?=output_menu($item['menu'], $item['href'])?></ul> </li> <?php endforeach?> - <?php if(are_notices_pending()):?> + <?php if(false ): ?> // are_notices_pending()):?> <?php $notices = get_notices()?> <li class="dropdown"> <a href="#" data-toggle="modal" data-target="#notices" role="button" aria-expanded="false"><?=gettext("Notices")?> diff --git a/src/usr/local/www/jquery/pfSense.js b/src/usr/local/www/jquery/pfSense.js index e342d3f..ffd56dc 100644 --- a/src/usr/local/www/jquery/pfSense.js +++ b/src/usr/local/www/jquery/pfSense.js @@ -52,6 +52,7 @@ $(function() { var clone = group.clone(true); clone.find('*').val(''); //removeAttr('value'); +// clone.find('*').removeAttr('value'); clone.appendTo(group.parent()); }); @@ -80,7 +81,8 @@ $(function() { var group = $(this).parents('div.form-group'); var clone = group.clone(true); - clone.find('*').val(''); //removeAttr('value'); + clone.find('*').removeAttr('value'); +// clone.find('*').val(''); clone.appendTo(group.parent()); }); @@ -93,7 +95,6 @@ $(function() { }); })(); - // Find all ipaddress masks and make dynamic based on address family of input $('span.pfIpMask + select').each(function (idx, select){ var input = $(select).prevAll('input[type=text]'); @@ -118,7 +119,7 @@ $(function() { // Fire immediately input.change(); }); - + // Add confirm to all btn-danger buttons $('.btn-danger').on('click', function(e){ var q = 'Are you sure you wish to '+ $.trim(this.textContent) +'?'; diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index 323adf4..f1846a1 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -436,8 +436,8 @@ foreach ($a_hosts as $hostent): <?=htmlspecialchars($hostent['descr'])?> </td> <td> - <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> - <a href="services_dnsmasq.php?type=host&act=del&id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a> + <a href="services_unbound.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> + <a href="services_unbound.php?type=host&act=del&id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a> </td> </tr> @@ -459,7 +459,7 @@ foreach ($a_hosts as $hostent): <?=htmlspecialchars($alias['description'])?> </td> <td> - <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> + <a href="services_unbound_host_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> </td> </tr> <?php @@ -474,7 +474,7 @@ endforeach; </div> <nav class="action-buttons"> - <a href="services_dnsmasq_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> + <a href="services_unbound_host_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> </nav> <div class="panel panel-default"> @@ -522,4 +522,4 @@ endforeach; <nav class="action-buttons"> <a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> </nav> -<?php include("foot.inc");
\ No newline at end of file +<?php include("foot.inc"); diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php index 94e0b71..82fd30e 100644 --- a/src/usr/local/www/services_unbound_acls.php +++ b/src/usr/local/www/services_unbound_acls.php @@ -77,28 +77,28 @@ if ($act == "edit") { $networkacl = $a_acls[$id]['row']; } } - + if(!is_array($networkacl)) $networkacl = array(); - + // Add a row to the networks table if($act == 'new') - $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => '')); - + $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => '')); + if ($_POST) { unset($input_errors); $pconfig = $_POST; - $deleting = false; - - // Delete a row from the networks table - for($idx = 0; $idx<50; $idx++) { - if($pconfig['dlt' . $idx] == 'Delete') { - unset($networkacl[$idx]); - $deleting = true; - break; - } - } - + $deleting = false; + + // Delete a row from the networks table + for($idx = 0; $idx<50; $idx++) { + if($pconfig['dlt' . $idx] == 'Delete') { + unset($networkacl[$idx]); + $deleting = true; + break; + } + } + if ($_POST['apply']) { $retval = services_unbound_configure(); $savemsg = get_std_save_message($retval); @@ -136,7 +136,7 @@ if ($_POST) { } if (!$input_errors) { - if ($pconfig['Submit'] == gettext("Save")) { + if (strtolower($pconfig['save']) == gettext("save")) { $acl_entry = array(); $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['aclname'] = $pconfig['aclname']; @@ -144,6 +144,7 @@ if ($_POST) { $acl_entry['description'] = $pconfig['description']; $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['row'] = array(); + foreach ($networkacl as $acl) { $acl_entry['row'][] = $acl; } @@ -164,19 +165,26 @@ if ($_POST) { } } +$actionHelp = + '<strong><font color="green">Deny:</font></strong> Stops queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Refuse:</font></strong> Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . + '<strong><font color="green">Allow:</font></strong> Allow queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Allow Snoop:</font></strong> Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.'; + + $closehead = false; $pgtitle = "Services: DNS Resolver: Access Lists"; $shortcut_section = "resolver"; include("head.inc"); if ($input_errors) - print_input_errors($input_errors); - + print_input_errors($input_errors); + if ($savemsg) - print_info_box($savemsg, 'success'); - + print_info_box($savemsg, 'success'); + if (is_subsystem_dirty('unbound')) - print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); + print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); $tab_array = array(); $tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php"); @@ -187,104 +195,112 @@ display_top_tabs($tab_array, true); require('classes/Form.class.php'); if($act=="new" || $act=="edit") { - - $form = new Form(); - - $section = new Form_Section('New Access List'); - - $section->addInput(new Form_Input( - 'aclid', - null, - 'hidden', - $id - )); - - $section->addInput(new Form_Input( - 'act', - null, - 'hidden', - $act - )); - - $section->addInput(new Form_Input( - 'aclname', - 'Access LIst name', - 'text', - $pconfig['aclname'] - ))->setHelp('Provide an Access List name.'); - - $section->addInput(new Form_Select( - 'action', + + $form = new Form(); + + $section = new Form_Section('New Access List'); + + $section->addInput(new Form_Input( + 'aclid', + null, + 'hidden', + $id + )); + + $section->addInput(new Form_Input( + 'act', + null, + 'hidden', + $act + )); + + $section->addInput(new Form_Input( + 'aclname', + 'Access LIst name', + 'text', + $pconfig['aclname'] + ))->setHelp('Provide an Access List name.'); + + $section->addInput(new Form_Select( + 'aclaction', 'Action', strtolower($pconfig['aclaction']), array('allow' => 'Allow','deny' => 'Deny','refuse' => 'Refuse','allow snoop' => 'Allow Snoop') - ))->setHelp('Choose what to do with DNS requests that match the criteria specified below.' . '<br />' . - 'Deny: Stops queries from hosts within the netblock defined below.' . '<br />' . - 'Refuse: Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . - 'Allow: Allow queries from hosts within the netblock defined below.' . '<br />' . - 'Allow Snoop: Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.'); - - $section->addInput(new Form_Input( - 'descr', - 'Description', - 'text', - $pconfig['descr'] - ))->setHelp('You may enter a description here for your reference.'); - - $counter = 0; - $numrows = count($networkacl) - 1; - - foreach($networkacl as $item) { - $network = $item['acl_network']; - $cidr = $item['mask']; - $description = $item['description']; - - $group = new Form_Group('Networks'); - - $group->add(new Form_IpAddress( - 'acl_network' . $counter, - null, - $network - ))->addMask('mask' . $counter, $cidr)->setHelp(($counter == $numrows) ? 'Network':null); - - $group->add(new Form_Input( - 'description' . $counter, - 'something', - 'text', - $description - )); //->setHelp(($counter == $numrows) ? 'Description':null); - - $group->enableDuplication(); - $section->add($group); - } - - $form->add($section); - print($form); + ))->setHelp($actionHelp); + + $section->addInput(new Form_Input( + 'description', + 'Description', + 'text', + $pconfig['description'] + ))->setHelp('You may enter a description here for your reference.'); + + $numrows = count($networkacl) - 1; + $counter = 0; + + foreach($networkacl as $item) { + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + + $group = new Form_Group($counter == 0 ? 'Networks':''); + + $group->add(new Form_IpAddress( + 'acl_network'.$counter, + null, + $network + ))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp(($counter == $numrows) ? 'Network/mask':null); + + $group->add(new Form_Input( + 'description' . $counter, + null, + 'text', + $description + ))->setHelp(($counter == $numrows) ? 'Description':null); + + $group->add(new Form_Button( + 'deleterow' . $counter, + 'Delete' + ))->removeClass('btn-primary')->addClass('btn-warning'); + + $group->addClass('repeatable'); + $section->add($group); + + $counter++; + } + + $section->addInput(new Form_Button( + 'addrow', + 'Add network' + ))->removeClass('btn-primary')->addClass('btn-success'); + + $form->add($section); + print($form); } else // NOT 'edit' or 'add' { ?> <div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div> - <div class="panel-body"> - <div class="table-responsive"> - <table class="table table-striped table-hover table-condensed"> - <thead> - <tr> - <th><?=gettext("Access List Name"); ?></th> - <th><?=gettext("Action"); ?></th> - <th><?=gettext("Description"); ?></th> - <th> </th> - </tr> - </thead> - <tbody> -<?php - $i = 0; - foreach($a_acls as $acl): + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> + <tr> + <th><?=gettext("Access List Name"); ?></th> + <th><?=gettext("Action"); ?></th> + <th><?=gettext("Description"); ?></th> + <th> </th> + </tr> + </thead> + <tbody> +<?php + $i = 0; + foreach($a_acls as $acl): ?> - <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i?>'"> + <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i?>'"> <td> - <?=htmlspecialchars($acl['aclname'])?> + <?=htmlspecialchars($acl['aclname'])?> </td> <td> <?=htmlspecialchars($acl['aclaction'])?> @@ -298,18 +314,191 @@ else // NOT 'edit' or 'add' </td> </tr> <?php - $i++; + $i++; endforeach; -?> - </tbody> - </table> - </div> - <nav class="action-buttons"> - <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a> - </nav> - </div> +?> + </tbody> + </table> + </div> + <nav class="action-buttons"> + <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a> + </nav> + </div> </div> -<?php +<?php } +?> +<script> +//<![CDATA[ +// Most of this needs to live in a common include file. It will be moved before production release. +events.push(function(){ + + function setMasks() { + // Find all ipaddress masks and make dynamic based on address family of input + $('span.pfIpMask + select').each(function (idx, select){ + var input = $(select).prevAll('input[type=text]'); + + input.on('change', function(e){ + var isV6 = (input.val().indexOf(':') != -1), min = 0, max = 128; + if (!isV6) + max = 32; + + if (input.val() == "") + return; + + while (select.options.length > max) + select.remove(0); + + if (select.options.length < max) + { + for (var i=select.options.length; i<=max; i++) + select.options.add(new Option(i, i), 0); + } + }); + + // Fire immediately + input.change(); + }); + } + + // Complicated function to move all help text associated with this input id to the same id + // on the row above. That way if you delete the last row, you don't lose the help + function moveHelpText(id) { + $('#' + id).parent('div').parent('div').find('input').each(function() { // For each <span></span> + var fromId = this.id; + var toId = decrStringInt(fromId); + var helpSpan; + + if(!$(this).hasClass('pfIpMask') && !$(this).hasClass('btn')) { + + helpSpan = $('#' + fromId).parent('div').parent('div').find('span:last').clone(); + if($(helpSpan).hasClass('help-block')) { + if($('#' + decrStringInt(fromId)).parent('div').hasClass('input-group')) + $('#' + decrStringInt(fromId)).parent('div').after(helpSpan); + else + $('#' + decrStringInt(fromId)).after(helpSpan); + } + } + }); + } + + // Increment the number at the end of the string + function bumpStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) + 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Decrement the number at the end of the string + function decrStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) - 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Called after a delete so that there are no gaps in the numbering. Most of the time the config system doesn't care about + // gaps, but I do :) + function renumber() { + var idx = 0; + + $('.repeatable').each(function() { + + $(this).find('input').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('select').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('label').attr('for', $(this).find('label').attr('for').replace(/\d+$/, "") + idx); + + idx++; + }); + } + + + function delete_row(row) { + $('#' + row).parent('div').parent('div').remove(); + renumber(); + } + + function add_row() { + // Find the lst repeatable group + var lastRepeatableGroup = $('.repeatable:last'); + + // Clone it + var newGroup = lastRepeatableGroup.clone(true); + + // Increment the suffix number for each input elemnt in the new group + $(newGroup).find('input').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + if(!$(this).is('[id^=delete]')) + $(this).val(''); + }); + + // Do the same for selectors + $(newGroup).find('select').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + // If this selector lists mask bits, we need it to be reset to all 128 options + // and no items selected, so that automatic v4/v6 selection still works + if($(this).is('[id^=mask]')) { + $(this).empty(); + for(idx=128; idx>0; idx--) { + $(this).append($('<option>', { + value: idx, + text: idx + })); + } + } + }); + + // And for "for" tags + $(newGroup).find('label').attr('for', bumpStringInt($(newGroup).find('label').attr('for'))); + $(newGroup).find('label').text(""); // Clear the label. We only want it on the very first row + + // Insert the updated/cloned row + $(lastRepeatableGroup).after(newGroup); + + // Delete any help text from the group we have cloned + $(lastRepeatableGroup).find('.help-block').each(function() { + $(this).remove(); + }); + + setMasks(); + } + + // These are action buttons, not submit buttons + $('[id^=addrow]').prop('type','button'); + $('[id^=delete]').prop('type','button'); + + // on click . . + $('[id^=addrow]').click(function() { + add_row(); + }); + + $('[id^=delete]').click(function(event) { + if($('.repeatable').length > 1) { + moveHelpText(event.target.id); + delete_row(event.target.id); + } + else + alert('<?php echo gettext("You may not delet the last one!")?>'); + }); +}); +//]]> +</script> + +<?php include("foot.inc");
\ No newline at end of file diff --git a/src/usr/local/www/services_unbound_domainoverride_edit.php b/src/usr/local/www/services_unbound_domainoverride_edit.php index 2f8533c..5862b15 100644 --- a/src/usr/local/www/services_unbound_domainoverride_edit.php +++ b/src/usr/local/www/services_unbound_domainoverride_edit.php @@ -143,7 +143,7 @@ $section->addInput(new Form_IpAddress( $section->addInput(new Form_Input( 'descr', - 'GUI Log Entries', + 'Description', 'text', $pconfig['descr'] ))->setHelp('You may enter a description here for your reference (not parsed).'); @@ -161,4 +161,4 @@ $form->add($section); print $form; -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php index 4b38b49..db0bb44 100644 --- a/src/usr/local/www/system_advanced_admin.php +++ b/src/usr/local/www/system_advanced_admin.php @@ -410,7 +410,7 @@ $section->addInput(new Form_Checkbox( 'DNS Rebind Check', 'Disable DNS Rebinding Checks', $pconfig['nodnsrebindcheck'] -))->setHelp('When this is unchecked, your system is protected against<a '. +))->setHelp('When this is unchecked, your system is protected against <a '. 'href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. '. 'This blocks private IP responses from your configured DNS servers. Check this '. 'box to disable this protection if it interferes with webConfigurator access or '. @@ -461,8 +461,8 @@ $section->addInput(new Form_Checkbox( 'Authentication Method', 'Disable password login for Secure Shell (RSA/DSA key only)', $pconfig['sshdkeyonly'] -))->setHelp('When enabled, authorized keys need to be configured for each<a '. - 'href="system_usermanager.php">user</a>that has been granted secure shell '. +))->setHelp('When enabled, authorized keys need to be configured for each <a '. + 'href="system_usermanager.php">user</a> that has been granted secure shell '. 'access.'); $section->addInput(new Form_Input( diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php index 677c2e0..098b52a 100644 --- a/src/usr/local/www/system_advanced_firewall.php +++ b/src/usr/local/www/system_advanced_firewall.php @@ -441,7 +441,7 @@ $section->addInput(new Form_Checkbox( ))->setHelp('Note: This converts %s into a routing only platform!<br/>'. 'Note: This will also turn off NAT! If you only want to disable NAT, '. 'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound '. - 'NAT</a>page.', [$g["product_name"]]); + 'NAT</a> page.', [$g["product_name"]]); $section->addInput(new Form_Checkbox( 'disablescrub', @@ -484,7 +484,7 @@ $section->addInput(new Form_Input( 'number', $pconfig['maximumstates'], ['min' => 1, 'placeholder' => pfsense_default_state_size()] -))->setHelp('Maximum number of connections to hold in the firewall state table.. '. +))->setHelp('Maximum number of connections to hold in the firewall state table. '. '<br/>Note: Leave this blank for the default. On your system the default '. 'size is: %d', [pfsense_default_state_size()]); @@ -495,7 +495,7 @@ $section->addInput(new Form_Input( $pconfig['maximumtableentries'], ['placeholder' => pfsense_default_table_entries_size()] ))->setHelp('Maximum number of table entries for systems such as aliases, '. - 'sshlockout, snort, etc, combined..<br/>Note: Leave this blank for the '. + 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the '. 'default. On your system the default size is: %d', [pfsense_default_table_entries_size()]); @@ -641,7 +641,7 @@ if (count($config['interfaces']) > 1) 'Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.', isset($config['system']['enablenatreflectionhelper']) ))->setHelp('Required for full functionality of the pure NAT mode of NAT '. - 'Reflection for port forwards or NAT Reflection for 1:1 NAT.Note: This only works '. + 'Reflection for port forwards or NAT Reflection for 1:1 NAT. Note: This only works '. 'for assigned interfaces. Other interfaces require manually creating the '. 'outbound NAT rules that direct the reply packets back through the router.'); @@ -755,4 +755,4 @@ events.push(function(){ //]]> </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 2dba952..5e87227 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -368,7 +368,7 @@ $group->add(new Form_Input( 'Source tracking timeout', 'number', $pconfig['srctrack'], - ['placeholder' => 1400] + ['placeholder' => 0] ))->setHelp('Set the source tracking timeout for sticky connections. By default '. 'this is 0, so source tracking is removed as soon as the state expires. '. 'Setting this timeout higher will cause the source/destination relationship '. @@ -382,7 +382,7 @@ $section->addInput(new Form_Checkbox( 'Enable default gateway switching', $pconfig['gw_switch_default'] ))->setHelp('If the default gateway goes down, switch the default gateway to '. - 'another available one. This is not enabled by default, as it"s unnecessary in '. + 'another available one. This is not enabled by default, as it\'s unnecessary in '. 'most all scenarios, which instead use gateway groups.'); $form->add($section); @@ -571,4 +571,4 @@ $section->addInput(new Form_Checkbox( $form->add($section); print $form; -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index f888ac6..52d57cc 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -229,13 +229,13 @@ if ($_POST) { if ($pconfig['radisu_srvcs'] == "both" || $pconfig['radisu_srvcs'] == "auth") { $reqdfields[] = "radius_auth_port"; - $reqdfieldsn[] = gettext("Authentication port value"); + $reqdfieldsn[] = gettext("Authentication port"); } if ($pconfig['radisu_srvcs'] == "both" || $pconfig['radisu_srvcs'] == "acct") { $reqdfields[] = "radius_acct_port"; - $reqdfieldsn[] = gettext("Accounting port value"); + $reqdfieldsn[] = gettext("Accounting port"); } if (!isset($id)) { @@ -452,7 +452,7 @@ $section->addInput(new Form_Input( 'text', $pconfig['ldap_host'] ))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '. - '(CN) of the LDAP server"s SSL Certificate.'); + '(CN) of the LDAP server\'s SSL Certificate.'); $section->addInput(new Form_Input( 'ldap_port', @@ -497,18 +497,26 @@ $section->addInput(new Form_Select( array_combine($ldap_protvers, $ldap_protvers) )); -$section->addInput(new Form_Select( +$group = new Form_Group('Search scope'); + +$SSF = new Form_Select( 'ldap_scope', - 'Search scope: Level', + 'Level', $pconfig['ldap_scope'], $ldap_scopes -)); +); -$section->addInput(new Form_Input( +$SSB = new Form_Input( 'ldap_basedn', 'Base DN', 'text', $pconfig['ldap_basedn'] +); + + +$section->addInput(new Form_StaticText( + 'Search scope', + 'Level ' . $SSF . '<br />' . 'Base DN' . $SSB )); $group = new Form_Group('Authentication containers'); @@ -647,7 +655,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Input( 'radius_auth_port', - 'Authentication port value', + 'Authentication port', 'number', $pconfig['radius_auth_port'] )); @@ -715,4 +723,4 @@ events.push(function(){ //]]> </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index f9f2702..6ee5fbb 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -1,32 +1,59 @@ <?php /* system_certmanager.php - - Copyright (C) 2008 Shrew Soft Inc. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2008 Shrew Soft Inc. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_MODULE: certificate_manager */ @@ -962,10 +989,12 @@ $section = new Form_Section('Choose an Existing Certificate'); $section->addClass('toggle-existing collapse'); $existCerts = array(); -foreach ($config['cert'] as $cert) -{ - if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; + +foreach ($config['cert'] as $cert) { + if(is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA! + if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) + continue; + } $ca = lookup_ca($cert['caref']); if ($ca) @@ -979,6 +1008,7 @@ foreach ($config['cert'] as $cert) $existCerts[ $cert['refid'] ] = $cert['descr']; } + $section->addInput(new Form_Select( 'certref', 'Existing Certificates', diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index 128c761..44e6190 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -637,12 +637,12 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <?php if ($cainternal == "YES"): ?> <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success"> - <?=gettext("Add or Import CRLl")?> + <?=gettext("Add or Import CRL")?> </a> <?php else: ?> <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success"> - <?=gettext("Add or Import CRLl")?> + <?=gettext("Add or Import CRL")?> </a> <?php endif; ?> @@ -662,7 +662,7 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <td><?=($inuse) ? "YES" : "NO"; ?></td> <td> <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success"> - <?=gettext("Export CRL")?>" + <?=gettext("Export CRL")?> </a> <?php if ($internal): ?> diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index dc84a7a..4493ff2 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -2,42 +2,61 @@ /* $Id$ */ /* system_usermanager.php - part of m0n0wall (http://m0n0.ch/wall) - - part of pfSense - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Copyright (C) 2008 Shrew Soft Inc. - All rights reserved. - - Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net> + * Copyright (c) 2008 Shrew Soft Inc. + * Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com> + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_BUILDER_BINARIES: pfSense_MODULE: auth @@ -134,6 +153,21 @@ if (isset($_POST['dellall_x'])) { } } +if ($_POST['act'] == "delcert") { + + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; + } + + $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$_POST['certid']]); + write_config(); + $_POST['act'] = "edit"; + $savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />"; +} + if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -240,15 +274,8 @@ if ($_POST['save']) { if ($a_user[$id] && !empty($_POST['privid'])) { foreach ($_POST['privid'] as $i) unset($a_user[$id]['priv'][$i]); - local_user_set($a_user[$id]); - write_config(); - } - - // This used to be a separate act=delcert - if ($a_user[$id] && !empty($_POST['certid'])) { - foreach ($_POST['certid'] as $i) - unset($a_user[$id]['cert'][$i]); + local_user_set($a_user[$id]); write_config(); } @@ -347,9 +374,11 @@ function build_priv_table() { $privhtml = '<div class="table-responsive">'; $privhtml .= '<table class="table table-striped table-hover table-condensed">'; $privhtml .= '<thead>'; - $privhtml .= '<th>' . gettext('Inherited from') . '</th>'; - $privhtml .= '<th>' . gettext('Name') . '</th>'; - $privhtml .= '<th>' . gettext('Description') . '</th>'; + $privhtml .= '<tr>'; + $privhtml .= '<th>' . gettext('Inherited from') . '</th>'; + $privhtml .= '<th>' . gettext('Name') . '</th>'; + $privhtml .= '<th>' . gettext('Description') . '</th>'; + $privhtml .= '</tr>'; $privhtml .= '</thead>'; $privhtml .= '<tbody>'; @@ -378,8 +407,11 @@ function build_cert_table() { $certhtml = '<div class="table-responsive">'; $certhtml .= '<table class="table table-striped table-hover table-condensed">'; $certhtml .= '<thead>'; - $certhtml .= '<th>' . gettext('Name') . '</th>'; - $certhtml .= '<th>' . gettext('CA') . '</th>'; + $certhtml .= '<tr>'; + $certhtml .= '<th>' . gettext('Name') . '</th>'; + $certhtml .= '<th>' . gettext('CA') . '</th>'; + $certhtml .= '<th></th>'; + $certhtml .= '</tr>'; $certhtml .= '</thead>'; $certhtml .= '<tbody>'; @@ -387,11 +419,21 @@ function build_cert_table() { if (is_array($a_cert)) { $i = 0; foreach ($a_cert as $certref) { + $cert = lookup_cert($certref); + $ca = lookup_ca($cert['caref']); + $revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':''; + $certhtml .= '<tr>'; - $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . is_cert_revoked($cert) ? '<b> Revoked</b>':'' . '</td>'; + $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>'; $certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>'; + $certhtml .= '<td>'; + $certhtml .= '<a id="delcert' . $i .'" class="btn btn-xs btn-warning" title="'; + $certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>'; + $certhtml .= '</td>'; $certhtml .= '</tr>'; + $i++; } + } $certhtml .= '</tbody>'; @@ -410,8 +452,9 @@ include("head.inc"); if ($input_errors) print_input_errors($input_errors); + if ($savemsg) - print_info_box($savemsg); + print_info_box($savemsg, 'success'); $tab_array = array(); $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); @@ -490,7 +533,6 @@ $form = new Form; if ($act == "new" || $act == "edit" || $input_errors): - $form->addGlobal(new Form_Input( 'act', null, @@ -597,7 +639,7 @@ if ($act == "new" || $act == "edit" || $input_errors): // ==== Group membership ================================================== $group = new Form_Group('Group membership'); - // Make a list of all the groups configured on the system, and a list of + // Make a list of all the groups configured on the system, and a list of // those which this user is a member of $systemGroups = array(); $usersGroups = array(); @@ -605,10 +647,12 @@ if ($act == "new" || $act == "edit" || $input_errors): $usergid = [$pconfig['usernamefld']]; foreach ($config['system']['group'] as $Ggroup) { - if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) - $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list - else - $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list + if($Ggroup['name'] != "all") { + if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) + $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list + else + $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list + } } $group->add(new Form_Select( @@ -833,7 +877,6 @@ events.push(function(){ $("#movetodisabled").prop('type','button'); $("#movetoenabled").prop('type','button'); - // On click . . $("#movetodisabled").click(function() { moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]')); @@ -851,6 +894,15 @@ events.push(function(){ hideInput('authorizedkeys', !this.checked); }); + $('[id^=delcert]').click(function(event) { + if(confirm(event.target.title)) { + $('#certid').val(event.target.id.match(/\d+$/)[0]); + $('#userid').val('<?=$id;?>'); + $('#act').val('delcert'); + $('form').submit(); + } + }); + // On page load . . hideClass('cert-options', true); hideInput('authorizedkeys', true); diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 588b4dd..dfc5159 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -1,35 +1,60 @@ <?php /* vpn_ipsec_phase1.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2008 Shrew Soft Inc - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2014 Ermal Luçi - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2008 Shrew Soft Inc + * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>. + * Copyright (c) 2014 Ermal Luçi + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ ##|+PRIV ##|*IDENT=page-vpn-ipsec-editphase1 @@ -108,7 +133,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; if (($pconfig['authentication_method'] == "pre_shared_key") || - ($pconfig['authentication_method'] == "xauth_psk_server")) { + ($pconfig['authentication_method'] == "xauth_psk_server")) { $pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key']; } else { $pconfig['certref'] = $a_phase1[$p1index]['certref']; @@ -198,7 +223,7 @@ if ($_POST) { break; case "pre_shared_key": // If this is a mobile PSK tunnel the user PSKs go on - // the PSK tab, not here, so skip the check. + // the PSK tab, not here, so skip the check. if ($pconfig['mobile']) { break; } @@ -555,7 +580,7 @@ function build_cert_list() { foreach ($config['cert'] as $cert) $list[$cert['refid']] = $cert['descr']; } - + return($list); } @@ -568,7 +593,7 @@ function build_ca_list() { foreach ($config['ca'] as $ca) $list[$ca['refid']] = $ca['descr']; } - + return($list); } @@ -581,7 +606,7 @@ function build_eal_list() { foreach ($p1_ealgos as $algo => $algodata) $list[$algo] = htmlspecialchars($algodata['name']); } - + return($list); } @@ -636,12 +661,14 @@ $section->addInput(new Form_Select( build_interface_list() ))->setHelp('Select the interface for the local endpoint of this phase1 entry.'); -$section->addInput(new Form_Input( - 'remotegw', - 'Remote Gateway', - 'text', - $pconfig['remotegw'] -))->setHelp('Enter the public IP address or host name of the remote gateway'); +if (!$pconfig['mobile']) { + $section->addInput(new Form_Input( + 'remotegw', + 'Remote Gateway', + 'text', + $pconfig['remotegw'] + ))->setHelp('Enter the public IP address or host name of the remote gateway'); +} $section->addInput(new Form_Input( 'descr', diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php index d00b127..21aaf92 100644 --- a/src/usr/local/www/widgets/widgets/system_information.widget.php +++ b/src/usr/local/www/widgets/widgets/system_information.widget.php @@ -73,14 +73,18 @@ if ($_REQUEST['getupdatestatus']) { } else { $needs_system_upgrade = false; - if (pfs_version_compare($current_installed_buildtime, $current_installed_version, $remote_version) == -1) { + $version_compare = pfs_version_compare($current_installed_buildtime, $g['product_version'], $remote_version); + if ($version_compare == -1) { ?> <div class="alert alert-warning" role="alert"> Version <?=$remote_version?> is available. <a href="/system_firmware_check.php" class="alert-link">Click Here to view.</a> </div> <?php - } else - echo "You are on the latest version."; + } elseif ($version_compare == 1) { + echo "You are on a later version than the official release."; + } else { + echo "You are on the latest version."; + } } } exit; @@ -308,4 +312,4 @@ function systemStatusGetUpdateStatus() { events.push(function(){ setTimeout('systemStatusGetUpdateStatus()', 4000); }); -</script>
\ No newline at end of file +</script> diff --git a/tools/build_snapshots.sh b/tools/build_snapshots.sh index 2d053f5..fc16794 100755 --- a/tools/build_snapshots.sh +++ b/tools/build_snapshots.sh @@ -165,8 +165,8 @@ dobuilds() { copy_to_staging_nanobsd() { for NANOTYPE in nanobsd nanobsd-vga; do for FILESIZE in ${1}; do - FILENAMEFULL="${PRODUCT_NAME}-${PRODUCT_VERSION}-${FILESIZE}-${TARGET}-${NANOTYPE}-${DATESTRING}.img.gz" - FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${FILESIZE}-${TARGET}-${NANOTYPE}-upgrade-${DATESTRING}.img.gz" + FILENAMEFULL="${PRODUCT_NAME}-${PRODUCT_VERSION}-${FILESIZE}-${TARGET}-${NANOTYPE}${TIMESTAMP_SUFFIX}.img.gz" + FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${FILESIZE}-${TARGET}-${NANOTYPE}-upgrade${TIMESTAMP_SUFFIX}.img.gz" mkdir -p $STAGINGAREA/nanobsd mkdir -p $STAGINGAREA/nanobsdupdates @@ -218,7 +218,9 @@ copy_to_staging_iso_updates() { cp ${UPDATES_TARBALL_FILENAME}* $STAGINGAREA/ 2>/dev/null # NOTE: Updates need a file with output similar to date output # Use the file generated at start of dobuilds() to be consistent on times - cp $BUILTDATESTRINGFILE $STAGINGAREA/version 2>/dev/null + if [ -z "${_IS_RELEASE}" ]; then + cp $BUILTDATESTRINGFILE $STAGINGAREA/version 2>/dev/null + fi } scp_files() { @@ -275,13 +277,13 @@ scp_files() { ssh ${RSYNCUSER}@${RSYNCIP} "rm -f ${RSYNCPATH}/.updaters/latest-nanobsd-vga-${i}.img.gz" ssh ${RSYNCUSER}@${RSYNCIP} "rm -f ${RSYNCPATH}/.updaters/latest-nanobsd-vga-${i}.img.gz.sha256" - FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${i}-${TARGET}-nanobsd-upgrade-${DATESTRING}.img.gz" + FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${i}-${TARGET}-nanobsd-upgrade${TIMESTAMP_SUFFIX}.img.gz" ssh ${RSYNCUSER}@${RSYNCIP} "ln -s ${RSYNCPATH}/updates/${FILENAMEUPGRADE} \ ${RSYNCPATH}/.updaters/latest-nanobsd-${i}.img.gz" ssh ${RSYNCUSER}@${RSYNCIP} "ln -s ${RSYNCPATH}/updates/${FILENAMEUPGRADE}.sha256 \ ${RSYNCPATH}/.updaters/latest-nanobsd-${i}.img.gz.sha256" - FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${i}-${TARGET}-nanobsd-vga-upgrade-${DATESTRING}.img.gz" + FILENAMEUPGRADE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${i}-${TARGET}-nanobsd-vga-upgrade${TIMESTAMP_SUFFIX}.img.gz" ssh ${RSYNCUSER}@${RSYNCIP} "ln -s ${RSYNCPATH}/updates/${FILENAMEUPGRADE} \ ${RSYNCPATH}/.updaters/latest-nanobsd-vga-${i}.img.gz" ssh ${RSYNCUSER}@${RSYNCIP} "ln -s ${RSYNCPATH}/updates/${FILENAMEUPGRADE}.sha256 \ @@ -371,6 +373,7 @@ else # Override it here to have continuous builds with proper labels rm -f $DATESTRINGFILE rm -f $BUILTDATESTRINGFILE + unset TIMESTAMP_SUFFIX unset DATESTRING unset BUILTDATESTRING unset ISOPATH diff --git a/tools/builder_common.sh b/tools/builder_common.sh index 1f4fc4d..f8d7b5d 100644 --- a/tools/builder_common.sh +++ b/tools/builder_common.sh @@ -380,9 +380,9 @@ print_flags() { printf " BUILD_KERNELS: %s\n" $BUILD_KERNELS printf " Git Branch or Tag: %s\n" $GIT_REPO_BRANCH_OR_TAG printf " MODULES_OVERRIDE: %s\n" $MODULES_OVERRIDE - printf " OVADISKSIZE: %s\n" $OVADISKSIZE - printf " OVA_FIRST_PART_SIZE: %s\n" $OVA_FIRST_PART_SIZE - printf " OVA_SWAP_PART_SIZE: %s\n" $OVA_SWAP_PART_SIZE + printf " VMDK_DISK_CAPACITY_IN_GB: %s\n" $VMDK_DISK_CAPACITY_IN_GB + printf " OVA_FIRST_PART_SIZE_IN_GB: %s\n" $OVA_FIRST_PART_SIZE_IN_GB + printf " OVA_SWAP_PART_SIZE_IN_GB: %s\n" $OVA_SWAP_PART_SIZE_IN_GB printf " OVFTEMPLATE: %s\n" $OVFTEMPLATE printf " OVFVMDK: %s\n" $OVFVMDK printf " SRC_CONF: %s\n" $SRC_CONF @@ -549,8 +549,8 @@ create_nanobsd_diskimage () { echo ">>> building NanoBSD(${1}) disk image with size ${_NANO_MEDIASIZE} for platform (${TARGET})..." | tee -a ${LOGFILE} echo "" > $BUILDER_LOGS/nanobsd_cmds.sh - IMG="${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${_NANO_MEDIASIZE}-${TARGET}-${1}-${DATESTRING}.img" - IMGUPDATE="${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${_NANO_MEDIASIZE}-${TARGET}-${1}-upgrade-${DATESTRING}.img" + IMG="${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${_NANO_MEDIASIZE}-${TARGET}-${1}${TIMESTAMP_SUFFIX}.img" + IMGUPDATE="${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${_NANO_MEDIASIZE}-${TARGET}-${1}-upgrade${TIMESTAMP_SUFFIX}.img" nanobsd_set_flash_details ${_NANO_MEDIASIZE} @@ -794,14 +794,15 @@ create_ova_image() { # Fill fstab echo ">>> Installing platform specific items..." | tee -a ${LOGFILE} - echo "/dev/label/${PRODUCT_NAME} / ufs rw 0 0" > ${FINAL_CHROOT_DIR}/etc/fstab - echo "/dev/label/swap0 none swap sw 0 0" >> ${FINAL_CHROOT_DIR}/etc/fstab + echo "/dev/gpt/${PRODUCT_NAME} / ufs rw 0 0" > ${FINAL_CHROOT_DIR}/etc/fstab + echo "/dev/gpt/swap0 none swap sw 0 0" >> ${FINAL_CHROOT_DIR}/etc/fstab # Create / partition + echo -n ">>> Creating / partition... " | tee -a ${LOGFILE} makefs \ -B little \ -o label=${PRODUCT_NAME} \ - -s ${OVA_FIRST_PART_SIZE} \ + -s ${OVA_FIRST_PART_SIZE_IN_GB}g \ ${OVA_TMP}/${OVFUFS} \ ${FINAL_CHROOT_DIR} 2>&1 >> ${LOGFILE} @@ -809,95 +810,109 @@ create_ova_image() { if [ -f ${OVA_TMP}/${OVFUFS} ]; then rm -f ${OVA_TMP}/${OVFUFS} fi + echo "Failed!" | tee -a ${LOGFILE} echo ">>> ERROR: Error creating vmdk / partition. STOPPING!" | tee -a ${LOGFILE} print_error_pfS fi + echo "Done!" | tee -a ${LOGFILE} - # Create vmdk file + # Create raw disk + echo -n ">>> Creating raw disk... " | tee -a ${LOGFILE} mkimg \ -s gpt \ - -f vmdk \ + -f raw \ -b /boot/pmbr \ -p freebsd-boot:=/boot/gptboot \ -p freebsd-ufs/${PRODUCT_NAME}:=${OVA_TMP}/${OVFUFS} \ -p freebsd-swap/swap0::${OVA_SWAP_PART_SIZE} \ - -o ${OVA_TMP}/${OVFVMDK} 2>&1 >> ${LOGFILE} + -o ${OVA_TMP}/${OVFRAW} 2>&1 >> ${LOGFILE} - if [ $? -ne 0 -o ! -f ${OVA_TMP}/${OVFVMDK} ]; then + if [ $? -ne 0 -o ! -f ${OVA_TMP}/${OVFRAW} ]; then if [ -f ${OVA_TMP}/${OVFUFS} ]; then rm -f ${OVA_TMP}/${OVFUFS} fi + if [ -f ${OVA_TMP}/${OVFRAW} ]; then + rm -f ${OVA_TMP}/${OVFRAW} + fi + echo "Failed!" | tee -a ${LOGFILE} + echo ">>> ERROR: Error creating temporary vmdk image. STOPPING!" | tee -a ${LOGFILE} + print_error_pfS + fi + echo "Done!" | tee -a ${LOGFILE} + + # We don't need it anymore + rm -f ${OVA_TMP}/${OVFUFS} >/dev/null 2>&1 + + # Convert raw to vmdk + echo -n ">>> Creating vmdk disk... " | tee -a ${LOGFILE} + vmdktool -z9 -v ${OVA_TMP}/${OVFVMDK} ${OVA_TMP}/${OVFRAW} + + if [ $? -ne 0 -o ! -f ${OVA_TMP}/${OVFVMDK} ]; then + if [ -f ${OVA_TMP}/${OVFRAW} ]; then + rm -f ${OVA_TMP}/${OVFRAW} + fi if [ -f ${OVA_TMP}/${OVFVMDK} ]; then rm -f ${OVA_TMP}/${OVFVMDK} fi + echo "Failed!" | tee -a ${LOGFILE} echo ">>> ERROR: Error creating vmdk image. STOPPING!" | tee -a ${LOGFILE} print_error_pfS fi + echo "Done!" | tee -a ${LOGFILE} - # We don't need it anymore - rm -f ${OVA_TMP}/${OVFUFS} >/dev/null 2>&1 + rm -f ${OVA_TMP}/i${OVFRAW} ova_setup_ovf_template - # We repack the file with a more universal xml file that - # works in both virtual box and esx server + echo -n ">>> Writing final ova image... " | tee -a ${LOGFILE} + # Create OVA file for vmware gtar -C ${OVA_TMP} -cpf ${OVAPATH} ${PRODUCT_NAME}.ovf ${OVFVMDK} + echo "Done!" | tee -a ${LOGFILE} rm -f ${OVA_TMP}/${OVFVMDK} >/dev/null 2>&1 - gzip -qf ${OVAPATH} & - echo ">>> OVA created: $(LC_ALL=C date)" | tee -a ${LOGFILE} } # called from create_ova_image ova_setup_ovf_template() { - if [ -f ${OVFTEMPLATE} ]; then - cp ${OVFTEMPLATE} ${OVA_TMP}/${PRODUCT_NAME}.ovf - else + if [ ! -f ${OVFTEMPLATE} ]; then echo ">>> ERROR: OVF template file (${OVFTEMPLATE}) not found." print_error_pfS fi - file_search_replace PRODUCT_VERSION $PRODUCT_VERSION ${OVA_TMP}/${PRODUCT_NAME}.ovf - file_search_replace PRODUCT_URL $PRODUCT_URL ${OVA_TMP}/${PRODUCT_NAME}.ovf - - local BUILDPLATFORM=$(uname -p) - local POPULATEDSIZE=$(du -d0 -m $FINAL_CHROOT_DIR | cut -f1) - local POPULATEDSIZEBYTES=$((${POPULATEDSIZE}*1024^2)) - local REFERENCESSIZE=$(stat -f "%z" ${OVA_TMP}/${OVFVMDK}) - echo ">>> Setting REFERENCESSIZE to ${REFERENCESSIZE}..." | tee -a ${LOGFILE} - file_search_replace REFERENCESSIZE ${REFERENCESSIZE} ${OVA_TMP}/${PRODUCT_NAME}.ovf - echo ">>> Setting POPULATEDSIZEBYTES to ${POPULATEDSIZEBYTES}..." | tee -a ${LOGFILE} # OperatingSystemSection (${PRODUCT_NAME}.ovf) # 42 FreeBSD 32-Bit # 78 FreeBSD 64-Bit - if [ "$BUILDPLATFORM" = "i386" ]; then - file_search_replace '"101"' '"42"' ${OVA_TMP}/${PRODUCT_NAME}.ovf - file_search_replace 'FreeBSD XX-Bit' 'FreeBSD' ${OVA_TMP}/${PRODUCT_NAME}.ovf - fi - if [ "$BUILDPLATFORM" = "amd64" ]; then - file_search_replace '"101"' '"78"' ${OVA_TMP}/${PRODUCT_NAME}.ovf - file_search_replace 'FreeBSD XX-Bit' 'FreeBSD 64-Bit' ${OVA_TMP}/${PRODUCT_NAME}.ovf - fi - file_search_replace DISKSECTIONPOPULATEDSIZE $POPULATEDSIZEBYTES ${OVA_TMP}/${PRODUCT_NAME}.ovf - # 10737254400 = 10240MB = virtual box vmdk file size XXX grab this value from vbox creation - # 10737418240 = 10GB - echo ">>> Setting DISKSECTIONALLOCATIONUNITS to 10737254400..." | tee -a ${LOGFILE} - file_search_replace DISKSECTIONALLOCATIONUNITS $OVA_DISKSECTIONALLOCATIONUNITS ${OVA_TMP}/${PRODUCT_NAME}.ovf - echo ">>> Setting DISKSECTIONCAPACITY to 10737418240..." | tee -a ${LOGFILE} - file_search_replace DISKSECTIONCAPACITY $OVADISKSIZE ${OVA_TMP}/${PRODUCT_NAME}.ovf -} + if [ "${TARGET}" = "amd64" ]; then + local _os_id="78" + local _os_type="freebsd64Guest" + local _os_descr="FreeBSD 64-Bit" + elif [ "${TARGET}" = "i386" ]; then + local _os_id="42" + local _os_type="freebsdGuest" + local _os_descr="FreeBSD" + else + echo ">>> ERROR: Platform not supported for OVA (${TARGET})" + print_error_pfS + fi -# called from create_ova_image -# This routine will replace a string in a file -file_search_replace() { - local SEARCH="$1" - local REPLACE="$2" - local FILENAME="$3" + local POPULATED_SIZE=$(du -d0 -k $FINAL_CHROOT_DIR | cut -f1) + local POPULATED_SIZE_IN_BYTES=$((${POPULATED_SIZE}*1024)) + local VMDK_FILE_SIZE=$(stat -f "%z" ${OVA_TMP}/${OVFVMDK}) - if [ -f "${FILENAME}" ]; then - sed -i '' -e "s/${SEARCH}/${REPLACE}/g" ${FILENAME} - fi + sed \ + -e "s,%%VMDK_FILE_SIZE%%,${VMDK_FILE_SIZE},g" \ + -e "s,%%VMDK_DISK_CAPACITY_IN_GB%%,${VMDK_DISK_CAPACITY_IN_GB},g" \ + -e "s,%%POPULATED_SIZE_IN_BYTES%%,${POPULATED_SIZE_IN_BYTES},g" \ + -e "s,%%OS_ID%%,${_os_id},g" \ + -e "s,%%OS_TYPE%%,${_os_type},g" \ + -e "s,%%OS_DESCR%%,${_os_descr},g" \ + -e "s,%%PRODUCT_NAME%%,${PRODUCT_NAME},g" \ + -e "s,%%PRODUCT_VERSION%%,${PRODUCT_VERSION},g" \ + -e "s,%%PRODUCT_URL%%,${PRODUCT_URL},g" \ + -e "/^%%PRODUCT_LICENSE%%/r ${BUILDER_ROOT}/license.txt" \ + -e "/^%%PRODUCT_LICENSE%%/d" \ + ${OVFTEMPLATE} > ${OVA_TMP}/${PRODUCT_NAME}.ovf } # Cleans up previous builds @@ -1022,6 +1037,14 @@ clone_to_staging_area() { core_pkg_create default-config "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} local DEFAULTCONF=${STAGE_CHROOT_DIR}/conf.default/config.xml + + # Change default interface names to match vmware driver + sed -i '' -e 's,em0,vmx0,' -e 's,em1,vmx1,' ${DEFAULTCONF} + core_pkg_create default-config-vmware "" ${CORE_PKG_VERSION} ${STAGE_CHROOT_DIR} + + # Restore default values to be used by serial package + sed -i '' -e 's,vmx0,em0,' -e 's,vmx1,em1,' ${DEFAULTCONF} + # Activate serial console in config.xml # If it was there before, clear the setting to be sure we don't add it twice. sed -i "" -e "/ <enableserial\/>/d" ${DEFAULTCONF} @@ -1083,6 +1106,8 @@ customize_stagearea_for_image() { "${1}" = "memstickserial" -o \ "${1}" = "memstickadi" ]; then pkg_chroot_add ${FINAL_CHROOT_DIR} default-config-serial + elif [ "${1}" = "ova" ]; then + pkg_chroot_add ${FINAL_CHROOT_DIR} default-config-vmware else pkg_chroot_add ${FINAL_CHROOT_DIR} default-config fi diff --git a/tools/builder_defaults.sh b/tools/builder_defaults.sh index 2d3d26f..e876e25 100644 --- a/tools/builder_defaults.sh +++ b/tools/builder_defaults.sh @@ -105,7 +105,7 @@ fi # Product details export PRODUCT_NAME=${PRODUCT_NAME:-"nonSense"} -export PRODUCT_URL=${PRODUCT_VERSION:-""} +export PRODUCT_URL=${PRODUCT_URL:-""} export PRODUCT_SRC=${PRODUCT_SRC:-"${BUILDER_ROOT}/src"} if [ "${PRODUCT_NAME}" = "pfSense" -a "${BUILD_AUTHORIZED_BY_ELECTRIC_SHEEP_FENCING}" != "yes" ]; then @@ -155,6 +155,9 @@ export EXTRA_TOOLS=${EXTRA_TOOLS:-"uuencode uudecode ex"} # Path to kernel files being built export KERNEL_BUILD_PATH=${KERNEL_BUILD_PATH:-"${SCRATCHDIR}/kernels"} +# Do not touch builder /usr/obj +export MAKEOBJDIRPREFIX=${MAKEOBJDIRPREFIX:-"${SCRATCHDIR}/obj"} + # Controls how many concurrent make processes are run for each stage _CPUS="" if [ -z "${NO_MAKEJ}" ]; then @@ -196,17 +199,18 @@ export MEMORYDISK_SIZE=${MEMORYDISK_SIZE:-"768M"} export OVFTEMPLATE=${OVFTEMPLATE:-"${BUILDER_TOOLS}/templates/ovf/${PRODUCT_NAME}.ovf"} # / partition to be used by mkimg export OVFUFS=${OVFUFS:-"${PRODUCT_NAME}-disk1.ufs"} +# Raw disk to be converted to vmdk +export OVFRAW=${OVFRAW:-"${PRODUCT_NAME}-disk1.raw"} # On disk name of VMDK file included in OVA export OVFVMDK=${OVFVMDK:-"${PRODUCT_NAME}-disk1.vmdk"} -# 10 gigabyte on disk VMDK size -export OVADISKSIZE=${OVADISKSIZE:-"10737418240"} -# first partition size (freebsd-ufs) GPT -export OVA_FIRST_PART_SIZE=${OVA_FIRST_PART_SIZE:-"$((8*1024*1024*1024))"} -# swap partition size (freebsd-swap) GPT - -# remaining space of 10G-8G - 128 block beginning/loader -export OVA_SWAP_PART_SIZE=${OVA_SWAP_PART_SIZE:-"4193725"} -# 10737254400 = 10240MB = virtual box vmdk file size XXX grab this value from vbox creation -export OVA_DISKSECTIONALLOCATIONUNITS=${OVA_DISKSECTIONALLOCATIONUNITS:-"10737254400"} +# 8 gigabyte on disk VMDK size +export VMDK_DISK_CAPACITY_IN_GB=${VMDK_DISK_CAPACITY_IN_GB:-"8"} +# first partition size (freebsd-ufs) +export OVA_FIRST_PART_SIZE_IN_GB=${OVA_FIRST_PART_SIZE_IN_GB:-"6"} +# swap partition size (freebsd-swap) +export OVA_SWAP_PART_SIZE_IN_GB=${OVA_SWAP_PART_SIZE_IN_GB:-"2"} +# Calculate real swap size, removing 128 blocks (65536 bytes) beggining/loader +export OVA_SWAP_PART_SIZE=$((${OVA_SWAP_PART_SIZE_IN_GB}*1024*1024*1024-65536)) # Temporary place to save files export OVA_TMP=${OVA_TMP:-"${SCRATCHDIR}/ova_tmp"} # end of OVF @@ -232,42 +236,27 @@ export NANO_BOOT0CFG="-o packet -s 1 -m 3" # NOTE: Date string is used for creating file names of images # The file is used for sharing the same value with build_snapshots.sh -_BUILDER_EPOCH=$(date +"%s") export DATESTRINGFILE=${DATESTRINGFILE:-"$SCRATCHDIR/version.snapshots"} -if [ "${DATESTRING}" = "" ]; then - if [ -f $DATESTRINGFILE ]; then - # If the file is more than 30 minutes old regenerate it - TMPDATESTRINGFILE=$(($_BUILDER_EPOCH - `stat -f %m $DATESTRINGFILE`)) - if [ -z "${_USE_OLD_DATESTRING}" -a $TMPDATESTRINGFILE -gt 1800 ]; then - export DATESTRING=`date "+%Y%m%d-%H%M"` - else - export DATESTRING=`cat $DATESTRINGFILE` - fi - unset TMPDATESTRINGFILE +if [ -z "${DATESTRING}" ]; then + if [ -f "${DATESTRINGFILE}" -a -n "${_USE_OLD_DATESTRING}" ]; then + export DATESTRING=$(cat $DATESTRINGFILE) else - export DATESTRING=`date "+%Y%m%d-%H%M"` + export DATESTRING=$(date "+%Y%m%d-%H%M") fi - echo "$DATESTRING" > $DATESTRINGFILE fi +echo "$DATESTRING" > $DATESTRINGFILE # NOTE: Date string is placed on the final image etc folder to help detect new updates # The file is used for sharing the same value with build_snapshots.sh export BUILTDATESTRINGFILE=${BUILTDATESTRINGFILE:-"$SCRATCHDIR/version.buildtime"} -if [ "${BUILTDATESTRING}" = "" ]; then - if [ -f $BUILTDATESTRINGFILE ]; then - # If the file is more than 30 minutes old regenerate it - TMPBUILTDATESTRINGFILE=$(($_BUILDER_EPOCH - `stat -f %m $BUILTDATESTRINGFILE`)) - if [ $TMPBUILTDATESTRINGFILE -gt 1800 ]; then - export BUILTDATESTRING=`date "+%a %b %d %T %Z %Y"` - else - export BUILTDATESTRING=`cat $BUILTDATESTRINGFILE` - fi - unset TMPBUILTDATESTRINGFILE +if [ -z "${BUILTDATESTRING}" ]; then + if [ -f "${BUILTDATESTRINGFILE}" -a -n "${_USE_OLD_DATESTRING}" ]; then + export BUILTDATESTRING=$(cat $BUILTDATESTRINGFILE) else - export BUILTDATESTRING=`date "+%a %b %d %T %Z %Y"` + export BUILTDATESTRING=$(date "+%a %b %d %T %Z %Y") fi - echo "$BUILTDATESTRING" > $BUILTDATESTRINGFILE fi +echo "$BUILTDATESTRING" > $BUILTDATESTRINGFILE # Poudriere export ZFS_TANK=${ZFS_TANK:-"tank"} @@ -285,9 +274,15 @@ export PKG_RSYNC_DESTDIR=${PKG_RSYNC_DESTDIR:-"/usr/local/www/beta/packages"} export PKG_REPO_SERVER=${PKG_REPO_SERVER:-"pkg+http://beta.pfsense.org/packages"} export PKG_REPO_CONF_BRANCH=${PKG_REPO_CONF_BRANCH:-"${GIT_REPO_BRANCH_OR_TAG}"} +if echo "${PRODUCT_VERSION}" | grep -q -- '-RELEASE'; then + export _IS_RELEASE=yes +else + unset _IS_RELEASE +fi + # Define base package version, based on date for snaps CORE_PKG_VERSION=${PRODUCT_VERSION%%-*} -if echo "${PRODUCT_VERSION}" | grep -qv -- '-RELEASE'; then +if [ -n "${_IS_RELEASE}" ]; then CORE_PKG_VERSION="${CORE_PKG_VERSION}.${DATESTRING}" fi export CORE_PKG_PATH=${CORE_PKG_PATH:-"${SCRATCHDIR}/core_pkg"} @@ -303,15 +298,21 @@ export CORE_PKG_TMP=${CORE_PKG_TMP:-"${SCRATCHDIR}/core_pkg_tmp"} #export custom_package_list="" # General builder output filenames +if [ -n "${_IS_RELEASE}" ]; then + export TIMESTAMP_SUFFIX="" +else + export TIMESTAMP_SUFFIX="-${DATESTRING}" +fi + export UPDATESDIR=${UPDATESDIR:-"${IMAGES_FINAL_DIR}/updates"} -export ISOPATH=${ISOPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-LiveCD-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.iso"} -export MEMSTICKPATH=${MEMSTICKPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.img"} -export MEMSTICKSERIALPATH=${MEMSTICKSERIALPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-serial-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.img"} -export MEMSTICKADIPATH=${MEMSTICKADIPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-ADI-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.img"} -export OVAPATH=${OVAPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.ova"} +export ISOPATH=${ISOPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-LiveCD-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.iso"} +export MEMSTICKPATH=${MEMSTICKPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.img"} +export MEMSTICKSERIALPATH=${MEMSTICKSERIALPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-serial-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.img"} +export MEMSTICKADIPATH=${MEMSTICKADIPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-memstick-ADI-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.img"} +export OVAPATH=${OVAPATH:-"${IMAGES_FINAL_DIR}/${PRODUCT_NAME}-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.ova"} # set full-update update filename -export UPDATES_TARBALL_FILENAME=${UPDATES_TARBALL_FILENAME:-"${UPDATESDIR}/${PRODUCT_NAME}-Full-Update-${PRODUCT_VERSION}-${TARGET}-${DATESTRING}.tgz"} +export UPDATES_TARBALL_FILENAME=${UPDATES_TARBALL_FILENAME:-"${UPDATESDIR}/${PRODUCT_NAME}-Full-Update-${PRODUCT_VERSION}-${TARGET}${TIMESTAMP_SUFFIX}.tgz"} # Rsync data to send snapshots export RSYNCUSER=${RSYNCUSER:-"snapshots"} diff --git a/tools/templates/core_pkg/default-config-vmware/metadir/+DESC b/tools/templates/core_pkg/default-config-vmware/metadir/+DESC new file mode 100644 index 0000000..d732511 --- /dev/null +++ b/tools/templates/core_pkg/default-config-vmware/metadir/+DESC @@ -0,0 +1,3 @@ +%%PRODUCT_NAME%% default config (vmware) + +WWW: %%PRODUCT_URL%% diff --git a/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL b/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL new file mode 100644 index 0000000..11c69cd --- /dev/null +++ b/tools/templates/core_pkg/default-config-vmware/metadir/+INSTALL @@ -0,0 +1,15 @@ +#!/bin/sh + +if [ "${2}" != "POST-INSTALL" ]; then + exit 0 +fi + +if [ ! -f /cf/conf/config.xml ]; then + cp /conf.default/config.xml /cf/conf/config.xml +fi + +if [ ! -L /conf ]; then + ln -sf /cf/conf /conf +fi + +exit 0 diff --git a/tools/templates/core_pkg/default-config-vmware/metadir/+MANIFEST b/tools/templates/core_pkg/default-config-vmware/metadir/+MANIFEST new file mode 100644 index 0000000..cd1e098 --- /dev/null +++ b/tools/templates/core_pkg/default-config-vmware/metadir/+MANIFEST @@ -0,0 +1,15 @@ +name: "%%PRODUCT_NAME%%-default-config-vmware" +version: "%%VERSION%%" +origin: "security/%%PRODUCT_NAME%%-default-config" +comment: <<EOD +%%PRODUCT_NAME%% default config (vmware) +EOD +maintainer: development@pfsense.org +prefix: / +deps: { + +} +categories [ security, ] +licenselogic: single +licenses: [ BSD2CLAUSE, ] +options: { } diff --git a/tools/templates/core_pkg/default-config-vmware/pkg-plist b/tools/templates/core_pkg/default-config-vmware/pkg-plist new file mode 100644 index 0000000..b6fe8df --- /dev/null +++ b/tools/templates/core_pkg/default-config-vmware/pkg-plist @@ -0,0 +1 @@ +/conf.default/config.xml diff --git a/tools/templates/ovf/pfSense.ovf b/tools/templates/ovf/pfSense.ovf index ed9b2cf..1e8b9b7 100644 --- a/tools/templates/ovf/pfSense.ovf +++ b/tools/templates/ovf/pfSense.ovf @@ -1,24 +1,28 @@ <?xml version="1.0" encoding="UTF-8"?> -<Envelope vmw:buildId="build-171294" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:cim="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vmw="http://www.vmware.com/schema/ovf" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> +<!--Generated by VMware VirtualCenter Server, User: root, UTC time: 2015-07-28T05:27:27.755385Z--> +<Envelope vmw:buildId="build-2646482" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:cim="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vmw="http://www.vmware.com/schema/ovf" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <References> - <File ovf:href="pfSense-disk1.vmdk" ovf:id="file1" ovf:size="REFERENCESSIZE"/> + <File ovf:href="pfSense-disk1.vmdk" ovf:id="file1" ovf:size="%%VMDK_FILE_SIZE%%" /> </References> <DiskSection> - <Info>List of the virtual disks used in the package</Info> - <Disk ovf:capacityAllocationUnits="byte" ovf:allocationUnits="DISKSECTIONALLOCATIONUNITS" ovf:capacity="DISKSECTIONCAPACITY" ovf:diskId="vmdisk1" ovf:fileRef="file1" ovf:format="http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized" populatedSize="DISKSECTIONPOPULATEDSIZE"/> + <Info>Virtual disk information</Info> + <Disk ovf:capacity="%%VMDK_DISK_CAPACITY_IN_GB%%" ovf:capacityAllocationUnits="byte * 2^30" ovf:diskId="vmdisk1" ovf:fileRef="file1" ovf:format="http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized" ovf:populatedSize="%%POPULATED_SIZE_IN_BYTES%%" /> </DiskSection> <NetworkSection> <Info>The list of logical networks</Info> - <Network ovf:name="VM Network"> - <Description>The VM Network network</Description> + <Network ovf:name="WAN Network"> + <Description>The WAN network</Description> + </Network> + <Network ovf:name="LAN Network"> + <Description>The LAN network</Description> </Network> </NetworkSection> <VirtualSystem ovf:id="pfSense"> - <Info>pfSense virtual machine</Info> + <Info>A virtual machine</Info> <Name>pfSense</Name> - <OperatingSystemSection ovf:id="101" vmw:osType="FreeBSD XX-Bit"> - <Info>FreeBSD XX-Bit</Info> - <Description>FreeBSD XX-Bit (pfSense)</Description> + <OperatingSystemSection ovf:id="%%OS_ID%%" vmw:osType="%%OS_TYPE%%"> + <Info>The kind of installed guest operating system</Info> + <Description>%%OS_DESCR%%</Description> </OperatingSystemSection> <VirtualHardwareSection> <Info>Virtual hardware requirements</Info> @@ -26,110 +30,143 @@ <vssd:ElementName>Virtual Hardware Family</vssd:ElementName> <vssd:InstanceID>0</vssd:InstanceID> <vssd:VirtualSystemIdentifier>pfSense</vssd:VirtualSystemIdentifier> - <vssd:VirtualSystemType>vmx-07</vssd:VirtualSystemType> + <vssd:VirtualSystemType>vmx-08</vssd:VirtualSystemType> </System> <Item> <rasd:AllocationUnits>hertz * 10^6</rasd:AllocationUnits> <rasd:Description>Number of Virtual CPUs</rasd:Description> - <rasd:ElementName>1 virtual CPU(s)</rasd:ElementName> + <rasd:ElementName>2 virtual CPU(s)</rasd:ElementName> <rasd:InstanceID>1</rasd:InstanceID> <rasd:ResourceType>3</rasd:ResourceType> - <rasd:VirtualQuantity>1</rasd:VirtualQuantity> + <rasd:VirtualQuantity>2</rasd:VirtualQuantity> </Item> <Item> <rasd:AllocationUnits>byte * 2^20</rasd:AllocationUnits> <rasd:Description>Memory Size</rasd:Description> - <rasd:ElementName>1024MB of memory</rasd:ElementName> + <rasd:ElementName>512MB of memory</rasd:ElementName> <rasd:InstanceID>2</rasd:InstanceID> <rasd:ResourceType>4</rasd:ResourceType> - <rasd:VirtualQuantity>1024</rasd:VirtualQuantity> + <rasd:VirtualQuantity>512</rasd:VirtualQuantity> </Item> <Item> <rasd:Address>0</rasd:Address> <rasd:Description>SCSI Controller</rasd:Description> - <rasd:ElementName>scsi0</rasd:ElementName> + <rasd:ElementName>SCSI controller 0</rasd:ElementName> <rasd:InstanceID>3</rasd:InstanceID> <rasd:ResourceSubType>lsilogic</rasd:ResourceSubType> <rasd:ResourceType>6</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="slotInfo.pciSlotNumber" vmw:value="16" /> </Item> <Item> <rasd:Address>1</rasd:Address> <rasd:Description>IDE Controller</rasd:Description> - <rasd:ElementName>VirtualIDEController 1</rasd:ElementName> + <rasd:ElementName>IDE 1</rasd:ElementName> <rasd:InstanceID>4</rasd:InstanceID> <rasd:ResourceType>5</rasd:ResourceType> </Item> <Item> <rasd:Address>0</rasd:Address> <rasd:Description>IDE Controller</rasd:Description> - <rasd:ElementName>VirtualIDEController 0</rasd:ElementName> + <rasd:ElementName>IDE 0</rasd:ElementName> <rasd:InstanceID>5</rasd:InstanceID> <rasd:ResourceType>5</rasd:ResourceType> </Item> + <Item ovf:required="false"> + <rasd:AutomaticAllocation>false</rasd:AutomaticAllocation> + <rasd:ElementName>Video card</rasd:ElementName> + <rasd:InstanceID>6</rasd:InstanceID> + <rasd:ResourceType>24</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="enable3DSupport" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="use3dRenderer" vmw:value="automatic" /> + <vmw:Config ovf:required="false" vmw:key="useAutoDetect" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="videoRamSizeInKB" vmw:value="4096" /> + </Item> + <Item ovf:required="false"> + <rasd:AutomaticAllocation>false</rasd:AutomaticAllocation> + <rasd:ElementName>VMCI device</rasd:ElementName> + <rasd:InstanceID>7</rasd:InstanceID> + <rasd:ResourceSubType>vmware.vmci</rasd:ResourceSubType> + <rasd:ResourceType>1</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="allowUnrestrictedCommunication" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="slotInfo.pciSlotNumber" vmw:value="32" /> + </Item> + <Item ovf:required="false"> + <rasd:AddressOnParent>0</rasd:AddressOnParent> + <rasd:AutomaticAllocation>false</rasd:AutomaticAllocation> + <rasd:ElementName>CD/DVD drive 1</rasd:ElementName> + <rasd:InstanceID>8</rasd:InstanceID> + <rasd:Parent>4</rasd:Parent> + <rasd:ResourceSubType>vmware.cdrom.remotepassthrough</rasd:ResourceSubType> + <rasd:ResourceType>15</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="backing.exclusive" vmw:value="false" /> + </Item> <Item> <rasd:AddressOnParent>7</rasd:AddressOnParent> <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation> - <rasd:Connection>VM Network</rasd:Connection> - <rasd:Description>vmxnet3 ethernet adapter on "VM Network"</rasd:Description> - <rasd:ElementName>ethernet0</rasd:ElementName> - <rasd:InstanceID>6</rasd:InstanceID> - <rasd:ResourceSubType>vmxnet3</rasd:ResourceSubType> + <rasd:Connection>WAN Network</rasd:Connection> + <rasd:Description>VmxNet3 ethernet adapter on "WAN Network"</rasd:Description> + <rasd:ElementName>Network adapter 1</rasd:ElementName> + <rasd:InstanceID>9</rasd:InstanceID> + <rasd:ResourceSubType>VmxNet3</rasd:ResourceSubType> <rasd:ResourceType>10</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="slotInfo.pciSlotNumber" vmw:value="160" /> + <vmw:Config ovf:required="false" vmw:key="wakeOnLanEnabled" vmw:value="true" /> </Item> <Item> <rasd:AddressOnParent>8</rasd:AddressOnParent> <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation> - <rasd:Connection>VM Network</rasd:Connection> - <rasd:Description>vmxnet3 ethernet adapter on "VM Network"</rasd:Description> - <rasd:ElementName>ethernet0</rasd:ElementName> - <rasd:InstanceID>7</rasd:InstanceID> - <rasd:ResourceSubType>vmxnet3</rasd:ResourceSubType> + <rasd:Connection>LAN Network</rasd:Connection> + <rasd:Description>VmxNet3 ethernet adapter on "LAN Network"</rasd:Description> + <rasd:ElementName>Network adapter 2</rasd:ElementName> + <rasd:InstanceID>10</rasd:InstanceID> + <rasd:ResourceSubType>VmxNet3</rasd:ResourceSubType> <rasd:ResourceType>10</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="slotInfo.pciSlotNumber" vmw:value="192" /> + <vmw:Config ovf:required="false" vmw:key="wakeOnLanEnabled" vmw:value="true" /> </Item> <Item> <rasd:AddressOnParent>0</rasd:AddressOnParent> - <rasd:ElementName>scsi0:0</rasd:ElementName> + <rasd:ElementName>Hard disk 1</rasd:ElementName> <rasd:HostResource>ovf:/disk/vmdisk1</rasd:HostResource> - <rasd:InstanceID>8</rasd:InstanceID> + <rasd:InstanceID>11</rasd:InstanceID> <rasd:Parent>3</rasd:Parent> <rasd:ResourceType>17</rasd:ResourceType> + <vmw:Config ovf:required="false" vmw:key="backing.writeThrough" vmw:value="false" /> </Item> + <vmw:Config ovf:required="false" vmw:key="cpuHotAddEnabled" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="cpuHotRemoveEnabled" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="firmware" vmw:value="bios" /> + <vmw:Config ovf:required="false" vmw:key="virtualICH7MPresent" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="virtualSMCPresent" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="memoryHotAddEnabled" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="nestedHVEnabled" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="powerOpInfo.powerOffType" vmw:value="soft" /> + <vmw:Config ovf:required="false" vmw:key="powerOpInfo.resetType" vmw:value="soft" /> + <vmw:Config ovf:required="false" vmw:key="powerOpInfo.standbyAction" vmw:value="powerOnSuspend" /> + <vmw:Config ovf:required="false" vmw:key="powerOpInfo.suspendType" vmw:value="hard" /> + <vmw:Config ovf:required="false" vmw:key="tools.afterPowerOn" vmw:value="true" /> + <vmw:Config ovf:required="false" vmw:key="tools.afterResume" vmw:value="true" /> + <vmw:Config ovf:required="false" vmw:key="tools.beforeGuestShutdown" vmw:value="true" /> + <vmw:Config ovf:required="false" vmw:key="tools.beforeGuestStandby" vmw:value="true" /> + <vmw:Config ovf:required="false" vmw:key="tools.syncTimeWithHost" vmw:value="false" /> + <vmw:Config ovf:required="false" vmw:key="tools.toolsUpgradePolicy" vmw:value="manual" /> </VirtualHardwareSection> <ProductSection xsi:type="ovf:ProductSection_Type"> <Info>Describes product information for the service</Info> <Product>pfSense</Product> <Vendor>Electric Sheep Fencing, LLC</Vendor> - <Version>PRODUCT_VERSION</Version> - <ProductUrl>PRODUCT_URL</ProductUrl> - <VendorUrl>PRODUCT_URL</VendorUrl> + <Version>%%PRODUCT_VERSION%%</Version> + <ProductUrl>%%PRODUCT_URL%%</ProductUrl> + <VendorUrl>%%PRODUCT_URL%%</VendorUrl> </ProductSection> - <AnnotationSection xsi:type="ovf:AnnotationSection_Type"> - <Info>An annotation</Info> + <AnnotationSection ovf:required="false"> + <Info>A human-readable annotation</Info> <Annotation>pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.</Annotation> </AnnotationSection> <EulaSection> <Info>The End User License Agreement</Info> <License> -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. +%%PRODUCT_LICENSE%% </License> </EulaSection> </VirtualSystem> |
