diff options
31 files changed, 223 insertions, 106 deletions
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 610afad..a241485 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -33,6 +33,8 @@ * - DNSimple (dnsimple.com) * - Google Domains (domains.google.com) * - DNS Made Easy (www.dnsmadeeasy.com) + * - SPDNS (spdns.de) + * - SPDNS IPv6 (spdns.de) * +----------------------------------------------------+ * Requirements: * - PHP version 4.0.2 or higher with the CURL Library and the PCRE Library @@ -79,6 +81,8 @@ * DNSimple - Last Tested: 09 February 2015 * Google Domains - Last Tested: 27 April 2015 * DNS Made Easy - Last Tested: 27 April 2015 + * SPDNS - Last Tested: 04 December 2015 + * SPDNS IPv6 - Last Tested: 04 December 2015 * +====================================================+ * * @author E.Kristensen @@ -179,6 +183,7 @@ switch ($dnsService) { case 'he-net-v6': case 'custom-v6': + case 'spdns-v6': $this->_useIPv6 = true; break; default: @@ -254,6 +259,8 @@ case 'dnsimple': case 'googledomains': case 'dnsmadeeasy': + case 'spdns': + case 'spdns-v6': $this->_update(); if ($this->_dnsDummyUpdateDone == true) { // If a dummy update was needed, then sleep a while and do the update again to put the proper address back. @@ -821,6 +828,20 @@ $server = "https://cp.dnsmadeeasy.com/servlet/updateip"; curl_setopt($ch, CURLOPT_URL, $server . '?username=' . $this->_dnsUser . '&password=' . $this->_dnsPass . '&id=' . $this->_dnsHost . '&ip=' . $this->_dnsIP); break; + case 'spdns': + case 'spdns-v6': + $needsIP = FALSE; + if ($this->_dnsVerboseLog) + log_error("SPDNS: ({$this->_dnsHost}) DNS update() starting."); + curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); + $server = "https://update.spdns.de/nic/update"; + $port = ""; + if($this->_dnsServer) + $server = $this->_dnsServer; + if($this->_dnsPort) + $port = ":" . $this->_dnsPort; + curl_setopt($ch, CURLOPT_URL, $server .$port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP); + break; default: break; } @@ -1417,6 +1438,26 @@ break; } break; + case 'spdns': + case 'spdns-v6': + if (preg_match('/notfqdn/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Not A FQDN!"; + } else if (preg_match('/nohost/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) No such host"; + } else if (preg_match('/nochg/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; + $successful_update = true; + } else if (preg_match('/good/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; + $successful_update = true; + } else if (preg_match('/badauth/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; + } else { + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); + $this->_debug($data); + } + break; } if ($successful_update == true) { diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index f236289..5085160 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -430,31 +430,32 @@ function filter_configure_sync($delete_states_if_needed = true) { * then output the contents of the error to the caller */ if ($rules_loading <> 0) { - $saved_line_error = $rules_error[0]; - $line_error = explode(":", $rules_error[0]); - $line_number = $line_error[1]; - $line_split = file("{$g['tmp_path']}/rules.debug"); - if (is_array($line_split)) { - $line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]); - } - unset($line_split); - - /* Brutal ugly hack but required -- PF is stuck, unwedge */ - if (strstr("$rules_error[0]", "busy")) { - exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); - $error_msg = gettext("PF was wedged/busy and has been reset."); - file_notice("pf_busy", $error_msg, "pf_busy", ""); - } else { - $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1"); + foreach($rules_error as $errorline) { + $saved_line_error = $errorline; + $line_error = explode(":", $errorline); + $line_number = $line_error[1]; + $line_split = file("{$g['tmp_path']}/rules.debug"); + if (is_array($line_split)) { + $line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]); + } + unset($line_split); + + /* Brutal ugly hack but required -- PF is stuck, unwedge */ + if (strstr("$rules_error[0]", "busy")) { + exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); + $error_msg = gettext("PF was wedged/busy and has been reset."); + file_notice("pf_busy", $error_msg, "pf_busy", ""); + } else { + $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1"); + } + if ($line_error and $line_number) { + file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error), "Filter Reload", ""); + update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error)); + unlock($filterlck); + return; + } } unset($rules_loading, $rules_error); - - if ($line_error and $line_number) { - file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error), "Filter Reload", ""); - update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error)); - unlock($filterlck); - return; - } } # If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine). diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index f994eb7..d258135 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -117,7 +117,7 @@ if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) { $authenticated = false; -if (($strictusercn === true) && ($common_name != $username)) { +if (($strictusercn === true) && (mb_strtolower($common_name) !== mb_strtolower($username))) { syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); if (isset($_GET['username'])) { echo "FAILED"; diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index d69bfbf..202d6bd 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -192,7 +192,7 @@ function openvpn_build_crl_list() { return($list); } -function openvpn_build_cert_list($include_none = false) { +function openvpn_build_cert_list($include_none = false, $prioritize_server_certs = false) { global $a_cert; if ($include_none) { @@ -201,25 +201,50 @@ function openvpn_build_cert_list($include_none = false) { $list = array(); } + if ($prioritize_server_certs) { + $list[' '] = "===== Server Certificates ====="; + $non_server_list = array(); + $non_server_list[' '] = "===== Non-Server Certificates ====="; + } + foreach ($a_cert as $cert) { - $caname = ""; - $inuse = ""; - $revoked = ""; + $properties = array(); + $propstr = ""; $ca = lookup_ca($cert['caref']); + $purpose = cert_get_purpose($cert['crt'], true); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; + if ($purpose['server'] == "Yes") { + $properties[] = "Server: Yes"; + } elseif ($prioritize_server_certs) { + $properties[] = "Server: NO"; + } + if ($ca) { + $properties[] = "CA: {$ca['descr']}"; + } + if (cert_in_use($cert['refid'])) { + $properties[] = "In Use"; + } + if (is_cert_revoked($cert)) { + $properties[] = "Revoked"; + } - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; + if (!empty($properties)) { + $propstr = " (" . implode(", ", $properties) . ")"; + } - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + if ($prioritize_server_certs) { + if ($purpose['server'] == "Yes") { + $list[$cert['refid']] = $cert['descr'] . $propstr; + } else { + $non_server_list[$cert['refid']] = $cert['descr'] . $propstr; + } + } else { + $list[$cert['refid']] = $cert['descr'] . $propstr; + } + } - $list[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked; + if ($prioritize_server_certs) { + $list = array_merge($list, $non_server_list); } return($list); diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index d76afbc..81f5b02 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -702,10 +702,9 @@ function install_package_xml($package_name) { return false; } - $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); - if (file_exists("/usr/local/pkg/" . $configfile)) { + if (file_exists("/usr/local/pkg/" . $pkg_info['configurationfile'])) { update_status(gettext("Loading package configuration... ")); - $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); + $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $pkg_info['configurationfile'], "packagegui"); update_status(gettext("done.") . "\n"); update_status(gettext("Configuring package components...") . "\n"); if (!empty($pkg_config['filter_rules_needed'])) { diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 2b4cd4a..da9a28e 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -38,8 +38,8 @@ pfSense_MODULE: utils */ -define('DYNDNS_PROVIDER_VALUES', 'citynetwork cloudflare custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost zoneedit'); -define('DYNDNS_PROVIDER_DESCRIPTIONS', 'City Network,CloudFlare,Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,ZoneEdit'); +define('DYNDNS_PROVIDER_VALUES', 'citynetwork cloudflare custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdns spdns-v6 zoneedit'); +define('DYNDNS_PROVIDER_DESCRIPTIONS', 'City Network,CloudFlare,Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDNS,SPDNS (v6),ZoneEdit'); /* implement ipv6 route advertising daemon */ function services_radvd_configure($blacklist = array()) { diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index ce58b10..645f48d 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -788,7 +788,7 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { // Rather than repeatedly use the same code, use this function to build a list of remote servers. $facility .= " ". $remote_servers = ""; - $pad_to = 56; + $pad_to = max(strlen($facility), 56); $padding = ceil(($pad_to - strlen($facility))/8)+1; if ($syslogcfg['remoteserver']) { $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n"; @@ -947,11 +947,7 @@ function system_syslogd_start() { local3.* {$log_directive}{$g['varlog_path']}/vpn.log local4.* {$log_directive}{$g['varlog_path']}/portalauth.log local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log -*.notice;kern.debug;lpr.info;mail.crit;daemon.none; {$log_directive}{$g['varlog_path']}/system.log -news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log -local7.none {$log_directive}{$g['varlog_path']}/system.log -security.* {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log +*.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 *.emerg * @@ -967,11 +963,7 @@ EOD; $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*"); } if (isset($syslogcfg['system'])) { - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none;security.*;auth.info;authpriv.info;daemon.info"); } if (isset($syslogcfg['logall'])) { // Make everything mean everything, including facilities excluded above. diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 88d48fa..8bf41da 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1494,13 +1494,13 @@ function mwexec_bg($command, $clearsigmask = false) { return mwexec($command, false, $clearsigmask, true); } -/* unlink a file, if it exists */ +/* unlink a file, or pattern-match of a file, if it exists + if the file/path contains glob() compatible wildcards, all matching files will be unlinked + if no matches, no error occurs */ function unlink_if_exists($fn) { $to_do = glob($fn); - if (is_array($to_do)) { - foreach ($to_do as $filename) { - @unlink($filename); - } + if (is_array($to_do) && count($to_do) > 0) { + array_map("unlink", $to_do); } else { @unlink($fn); } diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 478e3f5..78f9a39 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -132,6 +132,12 @@ if (file_exists("/root/firmware.tgz")) { unlink("/root/firmware.tgz"); } +/* Reinstall of packages after reboot has been requested */ +if (file_exists('/conf/needs_package_sync_after_reboot')) { + touch('/conf/needs_package_sync'); + @unlink('/conf/needs_package_sync_after_reboot'); +} + /* start devd (dhclient now uses it) */ echo "Starting device manager (devd)..."; mute_kernel_msgs(); diff --git a/src/usr/local/share/pfSense/post_upgrade_command b/src/usr/local/share/pfSense/post_upgrade_command index 4a63a31..1a3e968 100755 --- a/src/usr/local/share/pfSense/post_upgrade_command +++ b/src/usr/local/share/pfSense/post_upgrade_command @@ -5,7 +5,7 @@ PFSENSETYPE=`cat /etc/platform` if [ "${PFSENSETYPE}" = "pfSense" -o "${PFSENSETYPE}" = "nanobsd" ]; then - touch /conf/needs_package_sync + touch /conf/needs_package_sync_after_reboot fi if [ "${PFSENSETYPE}" = "nanobsd" ]; then diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php index 7e75e7e..c236ac3 100644 --- a/src/usr/local/www/diag_backup.php +++ b/src/usr/local/www/diag_backup.php @@ -372,7 +372,7 @@ if ($_POST) { /* this will be picked up by /index.php */ conf_mount_rw(); mark_subsystem_dirty("restore"); - touch("/conf/needs_package_sync"); + touch("/conf/needs_package_sync_after_reboot"); /* remove cache, we will force a config reboot */ if (file_exists("{$g['tmp_path']}/config.cache")) { unlink("{$g['tmp_path']}/config.cache"); diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php index c67c3cc..e89e934 100644 --- a/src/usr/local/www/firewall_nat.php +++ b/src/usr/local/www/firewall_nat.php @@ -353,7 +353,7 @@ foreach ($a_nat as $natent): <td> <a class="fa fa-pencil" title="<?=gettext("Edit rule"); ?>" href="firewall_nat_edit.php?id=<?=$i?>"></a> <a class="fa fa-clone" title="<?=gettext("Add a new NAT based on this one")?>" href="firewall_nat_edit.php?dup=<?=$i?>"></a> - <a class="fa fa-trash" title="<?=gettext("Delete rule")?>" href="firewall_nat.php?act=del&id=<?=$i?>" onclick="return confirm('<?=gettext("Are you sure you want to delete this rule?")?>')"></a> + <a class="fa fa-trash" title="<?=gettext("Delete rule")?>" href="firewall_nat.php?act=del&id=<?=$i?>"></a> </td> </tr> <?php diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index f0aea90..0c09a59 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -531,7 +531,7 @@ if ($_POST) { } function build_srctype_list() { - global $pconfig, $ifdisp; + global $pconfig, $ifdisp, $config; $list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network'); @@ -553,6 +553,26 @@ function build_srctype_list() { return($list); } +function srctype_selected() { + global $pconfig, $config; + + $selected = ""; + + $sel = is_specialnet($pconfig['src']); + if (!$sel) { + if ($pconfig['srcmask'] == 32) { + $selected = 'single'; + } else { + $selected = 'network'; + } + } else { + $selected = $pconfig['src']; + } + + + return($selected); +} + function build_dsttype_list() { global $pconfig, $config, $ifdisp; @@ -599,33 +619,26 @@ function build_dsttype_list() { } function dsttype_selected() { - global $pconfig; - - $sel = is_specialnet($pconfig['dst']); - - if (!$sel) { - if ($pconfig['dstmask'] == 32) - return('single'); - - return('network'); - } + global $pconfig, $config; - return($pconfig['dst']); -} - -function srctype_selected() { - global $pconfig; - - $sel = is_specialnet($pconfig['src']); + $selected = ""; - if (!$sel) { - if ($pconfig['srcmask'] == 32) - return('single'); - - return('network'); + if (is_array($config['virtualip']['vip'])) { + $selected = $pconfig['dst']; + } else { + $sel = is_specialnet($pconfig['dst']); + if (!$sel) { + if ($pconfig['dstmask'] == 32) { + $selected = 'single'; + } else { + $selected = 'network'; + } + } else { + $selected = $pconfig['dst']; + } } - return($pconfig['src']); + return($selected); } $closehead = false; @@ -693,7 +706,20 @@ $section->addInput(new Form_Select( array_combine(explode(" ", strtolower($protocols)), explode(" ", $protocols)) ))->setHelp('Choose which protocol this rule should match. In most cases "TCP" is specified.'); +$btnsrcadv = new Form_Button( + 'srcadv', + 'Advanced' +); + +$btnsrcadv->removeClass('btn-primary')->addClass('btn-default'); + +$section->addInput(new Form_StaticText( + 'Source', + $btnsrcadv +)); + $group = new Form_Group('Source'); +$group->addClass('srcadv'); $group->add(new Form_Checkbox( 'srcnot', @@ -1172,6 +1198,12 @@ events.push(function(){ } } + function hideSource(hide) { + hideClass('srcadv', hide); + hideClass('srcportrange', hide || !portsenabled); + hideInput('srcadv', !hide); + } + // ---------- "onclick" functions --------------------------------------------------------------------------------- $('#srcbeginport').on('change', function() { src_rep_change(); @@ -1219,14 +1251,19 @@ events.push(function(){ typesel_change(); }); + $("#srcadv").click(function() { + hideSource(false); + }); // ---------- On initial page load -------------------------------------------------------------------------------- + $("#srcadv").prop('type' ,'button'); ext_change(); dst_change($('#interface').val(),'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>'); iface_old = $('#interface').val(); typesel_change(); proto_change(); nordr_change(); + hideSource(true); // --------- Autocomplete ----------------------------------------------------------------------------------------- var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>; diff --git a/src/usr/local/www/firewall_shaper.php b/src/usr/local/www/firewall_shaper.php index e439aed..9783808 100644 --- a/src/usr/local/www/firewall_shaper.php +++ b/src/usr/local/www/firewall_shaper.php @@ -76,7 +76,7 @@ if ($_GET['reset'] != "") { exit; } -$pgtitle = array(gettext("Firewall"), gettext("Traffic Shaper")); +$pgtitle = array(gettext("Firewall"), gettext("Traffic Shaper"), gettext("Interfaces")); $shortcut_section = "trafficshaper"; $shaperIFlist = get_configured_interface_with_descr(); diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index 8e8a0cc..927600c 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -251,7 +251,7 @@ function build_if_list($selectedifs) { } $closehead = false; -$pgtitle = array(gettext("Services"), gettext("DNS Resolver")); +$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("General")); $shortcut_section = "resolver"; include_once("head.inc"); diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php index a4c4c62..03d2f0d 100644 --- a/src/usr/local/www/system_advanced_admin.php +++ b/src/usr/local/www/system_advanced_admin.php @@ -317,7 +317,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: Admin Access")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Admin Access")); include("head.inc"); if ($input_errors) diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php index edce9f6..ab3d7d8 100644 --- a/src/usr/local/www/system_advanced_firewall.php +++ b/src/usr/local/www/system_advanced_firewall.php @@ -402,7 +402,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: Firewall and NAT")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Firewall and NAT")); include("head.inc"); if ($input_errors) diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 24ed18c..b462849 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -315,7 +315,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: Miscellaneous")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Miscellaneous")); include("head.inc"); if ($input_errors) diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 80ea22f..6a3f3f5 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -171,7 +171,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: Networking")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Networking")); include("head.inc"); if ($input_errors) diff --git a/src/usr/local/www/system_advanced_notifications.php b/src/usr/local/www/system_advanced_notifications.php index dadfb8a..bdc6034 100644 --- a/src/usr/local/www/system_advanced_notifications.php +++ b/src/usr/local/www/system_advanced_notifications.php @@ -199,7 +199,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: Notifications")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Notifications")); include("head.inc"); if ($input_errors) @@ -358,7 +358,7 @@ $section->addInput(new Form_Input( 'submit', 'Test SMTP settings' ))->addClass('btn-info')->setHelp('A test notification will be sent even if the service is '. - 'marked as disabled.'); + 'marked as disabled. The last SAVED values will be used, not necessarily the values entered here.'); $form->add($section); diff --git a/src/usr/local/www/system_advanced_sysctl.php b/src/usr/local/www/system_advanced_sysctl.php index 423ed74..8d1e0b0 100644 --- a/src/usr/local/www/system_advanced_sysctl.php +++ b/src/usr/local/www/system_advanced_sysctl.php @@ -166,7 +166,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("System"), gettext("Advanced: System Tunables")); +$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("System Tunables")); include("head.inc"); if ($input_errors) diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 7f10912..821fc68 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -67,7 +67,7 @@ require("guiconfig.inc"); require_once("auth.inc"); -$pgtitle = array(gettext("System"), gettext("Authentication Servers")); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers")); $shortcut_section = "authentication"; if (is_numericint($_GET['id'])) { diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index 6e5459a..59c1f8e 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -75,7 +75,7 @@ $ca_methods = array( $ca_keylens = array("512", "1024", "2048", "4096"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); -$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); +$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs")); if (is_numericint($_GET['id'])) { $id = $_GET['id']; diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index d179667..32d5fad 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -82,7 +82,7 @@ $cert_types = array( $altname_types = array("DNS", "IP", "email", "URI"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); -$pgtitle = array(gettext("System"), gettext("Certificate Manager")); +$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificates")); if (is_numericint($_GET['userid'])) { $userid = $_GET['userid']; diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index b84de92..98a9b68 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -70,7 +70,7 @@ require_once("vpn.inc"); global $openssl_crl_status; -$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager")); +$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation Lists")); $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), diff --git a/src/usr/local/www/system_groupmanager.php b/src/usr/local/www/system_groupmanager.php index dfeb12f..bd2eb5c 100644 --- a/src/usr/local/www/system_groupmanager.php +++ b/src/usr/local/www/system_groupmanager.php @@ -70,7 +70,7 @@ require("guiconfig.inc"); -$pgtitle = array(gettext("System"), gettext("Group Manager")); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups")); if (!is_array($config['system']['group'])) { $config['system']['group'] = array(); diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index e238228..1e97e59 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -83,7 +83,7 @@ function admin_groups_sort() { require("guiconfig.inc"); -$pgtitle = array(gettext("System"), gettext("Group manager"), gettext("Add privileges")); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Groups"), gettext("Add Privileges")); if (is_numericint($_GET['groupid'])) { $groupid = $_GET['groupid']; diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index 8b3175f..67fbbe1 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -73,7 +73,7 @@ require("certs.inc"); require("guiconfig.inc"); // start admin user code -$pgtitle = array(gettext("System"), gettext("User Manager")); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users")); if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { $id = $_POST['userid']; diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php index 98a209c..1086a65 100644 --- a/src/usr/local/www/system_usermanager_addprivs.php +++ b/src/usr/local/www/system_usermanager_addprivs.php @@ -70,7 +70,7 @@ function admusercmp($a, $b) { require("guiconfig.inc"); -$pgtitle = array("System", "User manager", "Add privileges"); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"), gettext("Add Privileges")); if (is_numericint($_GET['userid'])) { $userid = $_GET['userid']; diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 6585112..09029ed 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -76,7 +76,7 @@ else { $pconfig['backend'] = &$config['system']['webgui']['backend']; // Page title for main admin -$pgtitle = array(gettext("System"), gettext("User manager settings")); +$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Settings")); $save_and_test = false; diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 7a94bec..0bbafb3 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -419,6 +419,9 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { + if (empty(trim($pconfig['certref']))) { + $input_errors[] = gettext("The selected certificate is not valid"); + } $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); } elseif (!$pconfig['autokey_enable']) { @@ -744,12 +747,25 @@ if($act=="new" || $act=="edit") : )); } + $certhelp = ""; + if (count($a_cert)) { + if (!empty(trim($pconfig['certref']))) { + $thiscert = lookup_cert($pconfig['certref']); + $purpose = cert_get_purpose($thiscert['crt'], true); + if ($purpose['server'] != "Yes") { + $certhelp = gettext("Warning: The previously saved server was not created as an SSL Server certificate and may not work properly."); + } + } + } else { + $certhelp = sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>'); + } + $section->addInput(new Form_Select( 'certref', 'Server certificate', $pconfig['certref'], - openvpn_build_cert_list() - ))->setHelp(count($a_cert) ? '':sprintf('No Certificates defined. You may create one here: %s', '<a href="system_camanager.php">System > Cert Manager</a>')); + openvpn_build_cert_list(false, true) + ))->setHelp($certhelp); $section->addInput(new Form_Select( 'dh_length', |