diff options
132 files changed, 2545 insertions, 2256 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 0200f4d..6074c02 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -1,157 +1,167 @@ <?xml version="1.0"?> <!-- pfSense default system configuration --> <pfsense> - <version>6.8</version> + <version>7.6</version> <lastchange></lastchange> <theme>pfsense_ng</theme> <sysctl> <item> - <descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr> + <descr><![CDATA[Disable the pf ftp proxy handler.]]></descr> + <tunable>debug.pfftpproxy</tunable> + <value>default</value> + </item> + <item> + <descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr> <tunable>vfs.read_max</tunable> <value>default</value> </item> <item> - <descr>Set the ephemeral port range to be lower.</descr> + <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr> <tunable>net.inet.ip.portrange.first</tunable> <value>default</value> </item> <item> - <descr>Drop packets to closed TCP ports without returning a RST</descr> + <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr> <tunable>net.inet.tcp.blackhole</tunable> <value>default</value> </item> <item> - <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr> + <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr> <tunable>net.inet.udp.blackhole</tunable> <value>default</value> </item> <item> - <descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr> + <descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr> <tunable>net.inet.ip.random_id</tunable> <value>default</value> </item> <item> - <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr> + <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr> <tunable>net.inet.tcp.drop_synfin</tunable> <value>default</value> </item> <item> - <descr>Enable sending IPv4 redirects</descr> + <descr><![CDATA[Enable sending IPv4 redirects]]></descr> <tunable>net.inet.ip.redirect</tunable> <value>default</value> </item> <item> - <descr>Enable sending IPv6 redirects</descr> + <descr><![CDATA[Enable sending IPv6 redirects]]></descr> <tunable>net.inet6.ip6.redirect</tunable> <value>default</value> </item> <item> - <descr>Generate SYN cookies for outbound SYN-ACK packets</descr> + <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr> <tunable>net.inet.tcp.syncookies</tunable> <value>default</value> </item> <item> - <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr> + <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr> <tunable>net.inet.tcp.recvspace</tunable> <value>default</value> </item> <item> - <descr>Maximum incoming/outgoing TCP datagram size (send)</descr> + <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr> <tunable>net.inet.tcp.sendspace</tunable> <value>default</value> </item> <item> - <descr>IP Fastforwarding</descr> + <descr><![CDATA[IP Fastforwarding]]></descr> <tunable>net.inet.ip.fastforwarding</tunable> <value>default</value> </item> <item> - <descr>Do not delay ACK to try and piggyback it onto a data packet</descr> + <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr> <tunable>net.inet.tcp.delayed_ack</tunable> <value>default</value> </item> <item> - <descr>Maximum outgoing UDP datagram size</descr> + <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr> <tunable>net.inet.udp.maxdgram</tunable> <value>default</value> </item> <item> - <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr> + <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr> <tunable>net.link.bridge.pfil_onlyip</tunable> <value>default</value> </item> <item> - <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr> + <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr> <tunable>net.link.bridge.pfil_member</tunable> <value>default</value> </item> <item> - <descr>Set to 1 to enable filtering on the bridge interface</descr> + <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr> <tunable>net.link.bridge.pfil_bridge</tunable> <value>default</value> </item> <item> - <descr>Allow unprivileged access to tap(4) device nodes</descr> + <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr> <tunable>net.link.tap.user_open</tunable> <value>default</value> </item> <item> - <descr>Verbosity of the rndtest driver (0: do not display results on console)</descr> + <descr><![CDATA[Verbosity of the rndtest driver (0: do not display results on console)]]></descr> <tunable>kern.rndtest.verbose</tunable> <value>default</value> </item> <item> - <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr> + <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr> <tunable>kern.randompid</tunable> <value>default</value> </item> <item> - <descr>Maximum size of the IP input queue</descr> + <descr><![CDATA[Maximum size of the IP input queue]]></descr> <tunable>net.inet.ip.intr_queue_maxlen</tunable> <value>default</value> </item> <item> - <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr> + <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr> <tunable>hw.syscons.kbd_reboot</tunable> <value>default</value> </item> <item> - <descr>Enable TCP Inflight mode</descr> + <descr><![CDATA[Enable TCP Inflight mode]]></descr> <tunable>net.inet.tcp.inflight.enable</tunable> <value>default</value> </item> <item> - <descr>Enable TCP extended debugging</descr> + <descr><![CDATA[Enable TCP extended debugging]]></descr> <tunable>net.inet.tcp.log_debug</tunable> <value>default</value> </item> <item> - <descr>Set ICMP Limits</descr> + <descr><![CDATA[Set ICMP Limits]]></descr> <tunable>net.inet.icmp.icmplim</tunable> <value>default</value> </item> <item> - <descr>TCP Offload Engine</descr> + <descr><![CDATA[TCP Offload Engine]]></descr> <tunable>net.inet.tcp.tso</tunable> <value>default</value> </item> + <item> + <descr><![CDATA[Maximum socket buffer size]]></descr> + <tunable>kern.ipc.maxsockbuf</tunable> + <value>default</value> + </item> </sysctl> <system> <optimization>normal</optimization> <hostname>pfSense</hostname> <domain>localdomain</domain> - <dnsserver></dnsserver> + <dnsserver/> <dnsallowoverride/> <group> <name>all</name> - <description>All Users</description> + <description><![CDATA[All Users]]></description> <scope>system</scope> <gid>1998</gid> <member>0</member> </group> <group> <name>admins</name> - <description>System Administrators</description> + <description><![CDATA[System Administrators]]></description> <scope>system</scope> <gid>1999</gid> <member>0</member> @@ -159,7 +169,7 @@ </group> <user> <name>admin</name> - <descr>System Administrator</descr> + <descr><![CDATA[System Administrator]]></descr> <scope>system</scope> <groupname>admins</groupname> <password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password> @@ -294,9 +304,9 @@ </dhcpd> <pptpd> <mode><!-- off *or* server *or* redir --></mode> - <redir></redir> - <localip></localip> - <remoteip></remoteip> + <redir/> + <localip/> + <remoteip/> <!-- <accounting/> --> <!-- <user> @@ -305,51 +315,6 @@ </user> --> </pptpd> - <ovpn> - <!-- - <server> - <enable/> - <ca_cert></ca_cert> - <srv_cert></srv_cert> - <srv_key></srv_key> - <dh_param></dh_param> - <verb></verb> - <tun_iface></tun_iface> - <port></port> - <bind_iface></bind_iface> - <cli2cli/> - <maxcli></maxcli> - <prefix></prefix> - <ipblock></ipblock> - <crypto></crypto> - <dupcn/> - <psh_options> - <redir></redir> - <redir_loc></redir_loc> - <rte_delay></rte_delay> - <ping></ping> - <pingrst></pingrst> - <pingexit></pingexit> - <inact></inact> - </psh_options> - </server> - <client> - <tunnel></tunnel> - <ca_cert></ca_cert> - <cli_cert></cli_cert> - <cli_key></cli_key> - <type></type> - <tunnel> - <if></if> - <proto></proto> - <cport></cport> - <saddr></saddr> - <sport></sport> - <crypto></crypto> - </tunnel> - </client> - --> - </ovpn> <dnsmasq> <enable/> <!-- @@ -363,14 +328,14 @@ </dnsmasq> <snmpd> <!-- <enable/> --> - <syslocation></syslocation> - <syscontact></syscontact> + <syslocation/> + <syscontact/> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <!-- <enable/> --> - <ipaddr></ipaddr> + <ipaddr/> </ipv6nat> </diag> <bridge> @@ -462,7 +427,7 @@ <!-- <tcpidletimeout></tcpidletimeout> --> <rule> <type>pass</type> - <descr>Default allow LAN to any rule</descr> + <descr><![CDATA[Default allow LAN to any rule]]></descr> <interface>lan</interface> <source> <network>lan</network> @@ -693,13 +658,13 @@ <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command> </item> <item> - <minute>*/5</minute> - <hour>*</hour> + <minute>30</minute> + <hour>12</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> - <command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</command> + <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command> </item> </cron> <wol> @@ -718,21 +683,19 @@ <monitor_type> <name>ICMP</name> <type>icmp</type> - <descr>ICMP</descr> - <options> - </options> + <descr><![CDATA[ICMP]]></descr> + <options/> </monitor_type> <monitor_type> <name>TCP</name> <type>tcp</type> - <descr>Generic TCP</descr> - <options> - </options> + <descr><![CDATA[Generic TCP]]></descr> + <options/> </monitor_type> <monitor_type> <name>HTTP</name> <type>http</type> - <descr>Generic HTTP</descr> + <descr><![CDATA[Generic HTTP]]></descr> <options> <path>/</path> <host/> @@ -742,7 +705,7 @@ <monitor_type> <name>HTTPS</name> <type>https</type> - <descr>Generic HTTPS</descr> + <descr><![CDATA[Generic HTTPS]]></descr> <options> <path>/</path> <host/> @@ -752,7 +715,7 @@ <monitor_type> <name>SMTP</name> <type>send</type> - <descr>Generic SMTP</descr> + <descr><![CDATA[Generic SMTP]]></descr> <options> <send>EHLO nosuchhost</send> <expect>250-</expect> @@ -1,28 +1,17 @@ 0.0.0.0/8 -5.0.0.0/8 -14.0.0.0/8 -23.0.0.0/8 -31.0.0.0/8 -36.0.0.0/8 -37.0.0.0/8 39.0.0.0/8 -42.0.0.0/8 -49.0.0.0/8 -100.0.0.0/8 -101.0.0.0/8 102.0.0.0/8 103.0.0.0/8 104.0.0.0/8 -105.0.0.0/8 106.0.0.0/8 127.0.0.0/8 169.254.0.0/16 -176.0.0.0/8 -177.0.0.0/8 179.0.0.0/8 -181.0.0.0/8 185.0.0.0/8 +192.0.0.0/24 192.0.2.0/24 198.18.0.0/15 -223.0.0.0/8 -224.0.0.0/3
\ No newline at end of file +198.51.100.0/24 +203.0.113.0/24 +224.0.0.0/4 +240.0.0.0/4
\ No newline at end of file diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 60912f7..c619004 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -130,6 +130,10 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' break; } } + if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { + // allow SSH port forwarded connections and links from localhost + $found_host = true; + } } } if($found_host == false) { diff --git a/etc/inc/basic_sasl_client.inc b/etc/inc/basic_sasl_client.inc new file mode 100644 index 0000000..b2972b5 --- /dev/null +++ b/etc/inc/basic_sasl_client.inc @@ -0,0 +1,61 @@ +<?php +/* + * basic_sasl_client.php + * + * @(#) $Id: basic_sasl_client.php,v 1.1 2004/11/17 08:01:23 mlemos Exp $ + * + */ + +define("SASL_BASIC_STATE_START", 0); +define("SASL_BASIC_STATE_DONE", 1); + +class basic_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_BASIC_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_BASIC_STATE_START) + { + $client->error="Basic authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array( + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + $message=$this->credentials["user"].":".$this->credentials["password"]; + $this->state=SASL_BASIC_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_BASIC_STATE_DONE: + $client->error="Basic authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid Basic authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index e36a626..84c98b2 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -206,7 +206,7 @@ EOD; function captiveportal_configure() { global $config, $g; - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportal', LOCK_EX); if (isset($config['captiveportal']['enable'])) { @@ -233,13 +233,14 @@ function captiveportal_configure() { captiveportal_init_rules(true); /* stop accounting on all clients */ - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); /* initialize minicron interval value */ $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } + if ((!is_numeric($croninterval)) || ($croninterval < 10)) + $croninterval = 60; /* write portal page */ if ($config['captiveportal']['page']['htmltext']) @@ -414,41 +415,7 @@ EOD; "/etc/rc.prunecaptiveportal"); /* generate radius server database */ - if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || - ($config['captiveportal']['auth_method'] == "radius"))) { - $radiusip = $config['captiveportal']['radiusip']; - $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; - - if ($config['captiveportal']['radiusport']) - $radiusport = $config['captiveportal']['radiusport']; - else - $radiusport = 1812; - - if ($config['captiveportal']['radiusacctport']) - $radiusacctport = $config['captiveportal']['radiusacctport']; - else - $radiusacctport = 1813; - - if ($config['captiveportal']['radiusport2']) - $radiusport2 = $config['captiveportal']['radiusport2']; - else - $radiusport2 = 1812; - - $radiuskey = $config['captiveportal']['radiuskey']; - $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; - - $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); - if (!$fd) { - printf("Error: cannot open radius DB file in captiveportal_configure().\n"); - return 1; - } else if (isset($radiusip2, $radiuskey2)) { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" - . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); - } else { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); - } - fclose($fd); - } + captiveportal_init_radius_servers(); if ($g['booting']) echo "done\n"; @@ -457,7 +424,7 @@ EOD; killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/minicron.pid"); - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); mwexec("/sbin/sysctl net.link.ether.ipfw=0"); @@ -706,32 +673,31 @@ EOD; return $cprules; } -/* remove clients that have been around for longer than the specified amount of time */ -/* db file structure: -timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time */ - -/* (password is in Base64 and only saved when reauthentication is enabled) */ +/* remove clients that have been around for longer than the specified amount of time + * db file structure: + * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time + * (password is in Base64 and only saved when reauthentication is enabled) + */ function captiveportal_prune_old() { - global $g, $config; /* check for expired entries */ - if ($config['captiveportal']['timeout']) - $timeout = $config['captiveportal']['timeout'] * 60; - else + if (empty($config['captiveportal']['timeout']) || + !is_numeric($config['captiveportal']['timeout'])) $timeout = 0; - - if ($config['captiveportal']['idletimeout']) - $idletimeout = $config['captiveportal']['idletimeout'] * 60; else + $timeout = $config['captiveportal']['timeout'] * 60; + + if (empty($config['captiveportal']['idletimeout']) || + !is_numeric($config['captiveportal']['idletimeout'])) $idletimeout = 0; + else + $idletimeout = $config['captiveportal']['idletimeout'] * 60; if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) && - !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) + !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; - $captiveportallck = lock('captiveportal'); - /* read database */ $cpdb = captiveportal_read_db(); @@ -766,19 +732,19 @@ function captiveportal_prune_old() { } /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ - $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; + $uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ - if (!$timedout && $idletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][2]); - /* If the user has logged on but not sent any traffic they will never be logged out. - * We "fix" this by setting lastact to the login timestamp. - */ - $lastact = $lastact ? $lastact : $cpdb[$i][0]; - if ($lastact && ((time() - $lastact) >= $idletimeout)) { - $timedout = true; - $term_cause = 4; // Idle-Timeout - $stop_time = $lastact; // Entry added to comply with WISPr - } + if (!$timedout && $uidletimeout) { + $lastact = captiveportal_get_last_activity($cpdb[$i][2]); + /* If the user has logged on but not sent any traffic they will never be logged out. + * We "fix" this by setting lastact to the login timestamp. + */ + $lastact = $lastact ? $lastact : $cpdb[$i][0]; + if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + $timedout = true; + $term_cause = 4; // Idle-Timeout + $stop_time = $lastact; // Entry added to comply with WISPr + } } /* if vouchers are configured, activate session timeouts */ @@ -804,9 +770,7 @@ function captiveportal_prune_old() { } /* do periodic RADIUS reauthentication? */ - if (!$timedout && isset($config['captiveportal']['reauthenticate']) && - !empty($radiusservers)) { - + if (!$timedout && !empty($radiusservers)) { if (isset($config['captiveportal']['radacct_enable'])) { if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { /* stop and restart accounting */ @@ -840,18 +804,20 @@ function captiveportal_prune_old() { } /* check this user against RADIUS again */ - $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username - base64_decode($cpdb[$i][6]), // password + if (isset($config['captiveportal']['reauthenticate'])) { + $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username + base64_decode($cpdb[$i][6]), // password $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac $cpdb[$i][1]); // ruleno - if ($auth_list['auth_val'] == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers, 17); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[$i] = $i; - } + if ($auth_list['auth_val'] == 3) { + captiveportal_disconnect($cpdb[$i], $radiusservers, 17); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); + $unsetindexes[$i] = $i; + } + } } } /* This is a kludge to overcome some php weirdness */ @@ -860,13 +826,10 @@ function captiveportal_prune_old() { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* remove a single client according to the DB entry */ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { - global $g, $config; $stop_time = (empty($stop_time)) ? time() : $stop_time; @@ -874,15 +837,15 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* this client needs to be deleted - remove ipfw rules */ if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno - $dbent[4], // username - $dbent[5], // sessionid - $dbent[0], // start time - $radiusservers, - $dbent[2], // clientip - $dbent[3], // clientmac - $term_cause, // Acct-Terminate-Cause - false, - $stop_time); + $dbent[4], // username + $dbent[5], // sessionid + $dbent[0], // start time + $radiusservers, + $dbent[2], // clientip + $dbent[3], // clientmac + $term_cause, // Acct-Terminate-Cause + false, + $stop_time); } /* Delete client's ip entry from tables 3 and 4. */ mwexec("/sbin/ipfw table 1 delete {$dbent[2]}"); @@ -908,22 +871,17 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* remove a single client by ipfw rule number */ function captiveportal_disconnect_client($id,$term_cause = 1) { - global $g, $config; - $captiveportallck = lock('captiveportal'); - /* read database */ $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); /* find entry */ - $tmpindex = 0; - $cpdbcount = count($cpdb); - for ($i = 0; $i < $cpdbcount; $i++) { - if ($cpdb[$i][1] == $id) { - captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); + foreach ($cpdb as $i => $cpentry) { + if ($cpentry[1] == $id) { + captiveportal_disconnect($cpentry, $radiusservers, $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); unset($cpdb[$i]); break; } @@ -931,37 +889,29 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all($lock = false) { - global $g, $config; +function captiveportal_radius_stop_all() { + global $config; if (!isset($config['captiveportal']['radacct_enable'])) return; - if (!$lock) - $captiveportallck = lock('captiveportal'); - - $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); if (!empty($radiusservers)) { - for ($i = 0; $i < count($cpdb); $i++) { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - 7); // Admin Reboot + $cpdb = captiveportal_read_db(); + foreach ($cpdb as $cpentry) { + RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid + $cpentry[0], // start time + $radiusservers, + $cpentry[2], // clientip + $cpentry[3], // clientmac + 7); // Admin Reboot } } - if (!$lock) - unlock($captiveportallck); } function captiveportal_passthrumac_configure_entry($macent) { @@ -1123,11 +1073,51 @@ function captiveportal_get_last_activity($ip) { return 0; } +function captiveportal_init_radius_servers() { + global $config, $g; + + /* generate radius server database */ + if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || + ($config['captiveportal']['auth_method'] == "radius"))) { + $radiusip = $config['captiveportal']['radiusip']; + $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; + + if ($config['captiveportal']['radiusport']) + $radiusport = $config['captiveportal']['radiusport']; + else + $radiusport = 1812; + if ($config['captiveportal']['radiusacctport']) + $radiusacctport = $config['captiveportal']['radiusacctport']; + else + $radiusacctport = 1813; + if ($config['captiveportal']['radiusport2']) + $radiusport2 = $config['captiveportal']['radiusport2']; + else + $radiusport2 = 1812; + $radiuskey = $config['captiveportal']['radiuskey']; + $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; + + $cprdsrvlck = lock('captiveportalradius', LOCK_EX); + $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); + if (!$fd) { + captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n"); + unlock($cprdsrvlck); + return 1; + } else if (isset($radiusip2, $radiuskey2)) + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" + . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); + else + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); + fclose($fd); + unlock($cprdsrvlck); + } +} + /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - global $g; + $cprdsrvlck = lock('captiveportalradius'); if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { $radiusservers = array(); $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", @@ -1142,23 +1132,25 @@ function captiveportal_get_radius_servers() { } } + unlock($cprdsrvlck); return $radiusservers; } + unlock($cprdsrvlck); return false; } /* log successful captive portal authentication to syslog */ /* part of this code from php.net */ function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { - $message = trim($message); // Log it if (!$message) $message = "$status: $user, $mac, $ip"; - else + else { + $message = trim($message); $message = "$status: $user, $mac, $ip, $message"; + } captiveportal_syslog($message); - closelog(); } /* log simple messages to syslog */ @@ -1174,9 +1166,6 @@ function captiveportal_syslog($message) { function radius($username,$password,$clientip,$clientmac,$type) { global $g, $config; - /* Start locking from the beginning of an authentication session */ - $captiveportallck = lock('captiveportal'); - $ruleno = captiveportal_get_next_ipfw_ruleno(); /* If the pool is empty, return appropriate message and fail authentication */ @@ -1184,16 +1173,9 @@ function radius($username,$password,$clientip,$clientmac,$type) { $auth_list = array(); $auth_list['auth_val'] = 1; $auth_list['error'] = "System reached maximum login capacity"; - unlock($captiveportallck); return $auth_list; } - /* - * Drop the lock since radius takes some time to finish. - * The implementation is reentrant so we gain speed with this. - */ - unlock($captiveportallck); - $radiusservers = captiveportal_get_radius_servers(); $auth_list = RADIUS_AUTHENTICATION($username, @@ -1203,8 +1185,6 @@ function radius($username,$password,$clientip,$clientmac,$type) { $clientmac, $ruleno); - $captiveportallck = lock('captiveportal'); - if ($auth_list['auth_val'] == 2) { captiveportal_logportalauth($username,$clientmac,$clientip,$type); $sessionid = portal_allow($clientip, @@ -1215,18 +1195,16 @@ function radius($username,$password,$clientip,$clientmac,$type) { $ruleno); } - unlock($captiveportallck); - return $auth_list; - } /* read captive portal DB into array */ function captiveportal_read_db() { - global $g; $cpdb = array(); + + $cpdblck = lock('captiveportaldb'); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); if ($fd) { while (!feof($fd)) { @@ -1237,21 +1215,23 @@ function captiveportal_read_db() { } fclose($fd); } + unlock($cpdblck); return $cpdb; } /* write captive portal DB */ function captiveportal_write_db($cpdb) { - global $g; - + + $cpdblck = lock('captiveportaldb', LOCK_EX); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { + if ($fd) { foreach ($cpdb as $cpent) { fwrite($fd, join(",", $cpent) . "\n"); - } + } fclose($fd); - } + } + unlock($cpdblck); } function captiveportal_write_elements() { @@ -1308,6 +1288,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); $ruleno = 0; if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); @@ -1334,6 +1315,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang $ruleno = 2; } file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); + unlock($cpruleslck); return $ruleno; } @@ -1343,6 +1325,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $rules[$ruleno] = false; @@ -1350,6 +1333,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { $rules[++$ruleno] = false; file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); } + unlock($cpruleslck); } function captiveportal_get_ipfw_passthru_ruleno($value) { @@ -1358,13 +1342,17 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); - if ($rules[$ruleno]) + if ($rules[$ruleno]) { + unlock($cpruleslck); return $ruleno; + } } + unlock($cpruleslck); return NULL; } diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index e82baba..7d19045 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -286,6 +286,7 @@ function csr_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { if (!strlen($subject)) $subject = "{$a}={$v}"; @@ -307,13 +308,15 @@ function cert_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { - if (is_array($v)) + if (is_array($v)) { + ksort($v); foreach ($v as $w) { $asubject = "{$a}={$w}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } - else { + } else { $asubject = "{$a}={$v}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } @@ -561,4 +564,4 @@ function is_crl_internal($crl) { return !(!empty($crl['text']) && empty($crl['cert'])); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 1514926..9005b79 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -319,6 +319,8 @@ EOD; if (in_array($key, array('y', 'Y'))) { if($lanif) { + if (!is_array($config['interfaces']['lan'])) + $config['interfaces']['lan'] = array(); $config['interfaces']['lan']['if'] = $lanif; $config['interfaces']['lan']['enable'] = true; } elseif (!$g['booting'] && !$auto_assign) { @@ -332,7 +334,7 @@ unload the interface now? [y|n]? EODD; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - if($config['interfaces']['lan']['if']) + if(isset($config['interfaces']['lan']) && $config['interfaces']['lan']['if']) mwexec("/sbin/ifconfig " . $config['interfaces']['lan']['if'] . " delete"); } if(isset($config['interfaces']['lan'])) @@ -372,9 +374,12 @@ EODD; (!is_array($config['interfaces']['lan']['wireless']))) $config['interfaces']['lan']['wireless'] = array(); } else { - unset($config['interfaces']['lan']['wireless']); + if (isset($config['interfaces']['lan'])) + unset($config['interfaces']['lan']['wireless']); } + if (!is_array($config['interfaces']['wan'])) + $config['interfaces']['wan'] = array(); $config['interfaces']['wan']['if'] = $wanif; $config['interfaces']['wan']['enable'] = true; if (preg_match($g['wireless_regex'], $wanif)) { @@ -382,7 +387,8 @@ EODD; (!is_array($config['interfaces']['wan']['wireless']))) $config['interfaces']['wan']['wireless'] = array(); } else { - unset($config['interfaces']['wan']['wireless']); + if (isset($config['interfaces']['wan'])) + unset($config['interfaces']['wan']['wireless']); } for ($i = 0; $i < count($optif); $i++) { @@ -420,12 +426,6 @@ EODD; $g['booting'] = false; - /* XXX: ermal - disable it for now this is used during bootup at best so shouldn't be needed. - * For now just comment it out and later remove it completely. - * resync everything - reload_all_sync(); - */ - echo " done!\n"; touch("{$g['tmp_path']}/assign_complete"); @@ -535,4 +535,4 @@ EOD; } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index ae7e445..922d01d 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -53,30 +53,33 @@ ******/ function encrypted_configxml() { global $g, $config; - if(file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) { - $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); - if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { - $fp = fopen('php://stdin', 'r'); + + if (!file_exists($g['conf_path'] . "/config.xml")) + return; + + if (!$g['booting']) + return; + + $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); + if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { + $fp = fopen('php://stdin', 'r'); + $data = ""; + echo "\n\n*** Encrypted config.xml detected ***\n"; + while($data == "") { + echo "\nEnter the password to decrypt config.xml: "; + $decrypt_password = chop(fgets($fp)); + $data = decrypt_data($configtxt, $decrypt_password); + if(!strstr($data, "<pfsense>")) $data = ""; - echo "\n\n*** Encrypted config.xml detected ***\n"; - while($data == "") { - echo "\nEnter the password to decrypt config.xml: "; - $decrypt_password = chop(fgets($fp)); - $data = decrypt_data($configtxt, $decrypt_password); - if(!strstr($data, "<pfsense>")) - $data = ""; - if($data) { - $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); - fwrite($fd, $data); - fclose($fd); - exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); - echo "\nConfig.xml unlocked.\n"; - fclose($fp); - } else { - echo "\nInvalid password entered. Please try again.\n"; - } - } + if($data) { + $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); + fwrite($fd, $data); + fclose($fd); + exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); + echo "\nConfig.xml unlocked.\n"; + fclose($fp); + } else { + echo "\nInvalid password entered. Please try again.\n"; } } } @@ -92,9 +95,10 @@ function encrypted_configxml() { ******/ function parse_config($parse = false) { global $g, $config_parsed, $config_extra; - + $lockkey = lock('config'); $config_parsed = false; + if (!file_exists("{$g['conf_path']}/config.xml") || filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { @@ -106,37 +110,25 @@ function parse_config($parse = false) { die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); } } - if($g['booting']) echo "."; + + if($g['booting']) + echo "."; + // Check for encrypted config.xml encrypted_configxml(); + if(!$parse) { - if(file_exists($g['tmp_path'] . '/config.cache')) { + if (file_exists($g['tmp_path'] . '/config.cache')) { $config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache')); - if(is_null($config)) { - unlock($lockkey); - parse_config(true); - $lockkey = lock('config'); - } - } else { - if(!file_exists($g['conf_path'] . "/config.xml")) { - log_error("No config.xml found, attempting last known config restore."); - file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); - $last_backup = discover_last_backup(); - if ($last_backup) - restore_backup("/cf/conf/backup/{$last_backup}"); - else { - log_error("Could not restore config.xml."); - unlock($lockkey); - die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); - } - } - unlock($lockkey); - $config = parse_config(true); - $lockkey = lock('config'); - } - } else { + if (is_null($config)) + $parse = true; + } else + $parse = true; + } + if ($parse == true) { if(!file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) echo "."; + if($g['booting']) + echo "."; log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); $last_backup = discover_last_backup(); @@ -149,7 +141,7 @@ function parse_config($parse = false) { } } $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense')); - if($config == "-1") { + if($config == -1) { $last_backup = discover_last_backup(); if ($last_backup) restore_backup("/cf/conf/backup/{$last_backup}"); @@ -161,11 +153,15 @@ function parse_config($parse = false) { } generate_config_cache($config); } - if($g['booting']) echo "."; - alias_make_table($config); + + if($g['booting']) + echo "."; + $config_parsed = true; unlock($lockkey); + alias_make_table($config); + return $config; } @@ -226,7 +222,8 @@ function restore_backup($file) { function parse_config_bootup() { global $config, $g; - if($g['booting']) echo "."; + if($g['booting']) + echo "."; $lockkey = lock('config'); if (!file_exists("{$g['conf_path']}/config.xml")) { @@ -250,6 +247,7 @@ function parse_config_bootup() { } if(!file_exists("{$g['conf_path']}/config.xml")) { echo "XML configuration file not found. {$g['product_name']} cannot continue booting.\n"; + unlock($lockkey); mwexec("/sbin/halt"); exit; } @@ -348,6 +346,9 @@ function conf_mount_ro() { if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; + if($g['booting']) + return; + if (refcount_unreference(1000) > 0) return; @@ -484,6 +485,9 @@ function write_config($desc="Unknown", $backup = true) { if($backup) backup_config(); + if (!is_array($config['revision'])) + $config['revision'] = array(); + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ $config['revision']['time'] = time(); @@ -752,7 +756,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) { foreach($tocache as $version => $versioninfo) { if(!in_array($version, array_keys($newcache))) { unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); - if($g['booting']) print " " . $tocheck . "d"; + //if($g['booting']) print " " . $tocheck . "d"; } } $tocache = $newcache; @@ -837,4 +841,4 @@ function set_device_perms() { } } -?> +?>
\ No newline at end of file diff --git a/etc/inc/cram_md5_sasl_client.inc b/etc/inc/cram_md5_sasl_client.inc new file mode 100644 index 0000000..69bd625 --- /dev/null +++ b/etc/inc/cram_md5_sasl_client.inc @@ -0,0 +1,67 @@ +<?php +/* + * cram_md5_sasl_client.php + * + * @(#) $Id: cram_md5_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_CRAM_MD5_STATE_START", 0); +define("SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE", 1); +define("SASL_CRAM_MD5_STATE_DONE", 2); + +class cram_md5_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_CRAM_MD5_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function HMACMD5($key,$text) + { + $key=(strlen($key)<64 ? str_pad($key,64,"\0") : substr($key,0,64)); + return(md5((str_repeat("\x5c", 64)^$key).pack("H32", md5((str_repeat("\x36", 64)^$key).$text)))); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_CRAM_MD5_STATE_START) + { + $client->error="CRAM-MD5 authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE: + $message=$this->credentials["user"]." ".$this->HMACMD5($this->credentials["password"], $response); + $this->state=SASL_CRAM_MD5_STATE_DONE; + break; + case SASL_CRAM_MD5_STATE_DONE: + $client->error="CRAM-MD5 authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid CRAM-MD5 authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/digest_sasl_client.inc b/etc/inc/digest_sasl_client.inc new file mode 100644 index 0000000..924887d --- /dev/null +++ b/etc/inc/digest_sasl_client.inc @@ -0,0 +1,135 @@ +<?php +/* + * digest_sasl_client.php + * + * @(#) $Id: digest_sasl_client.php,v 1.1 2005/10/27 05:24:15 mlemos Exp $ + * + */ + +define('SASL_DIGEST_STATE_START', 0); +define('SASL_DIGEST_STATE_RESPOND_CHALLENGE', 1); +define('SASL_DIGEST_STATE_DONE', 2); + +class digest_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_DIGEST_STATE_START; + + Function unq($string) + { + return(($string[0]=='"' && $string[strlen($string)-1]=='"') ? substr($string, 1, strlen($string)-2) : $string); + } + + Function H($data) + { + return md5($data); + } + + Function KD($secret, $data) + { + return $this->H($secret.':'.$data); + } + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_DIGEST_STATE_START) + { + $client->error='Digest authentication state is not at the start'; + return(SASL_FAIL); + } + $this->credentials=array( + 'user'=>'', + 'password'=>'', + 'uri'=>'', + 'method'=>'', + 'session'=>'' + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_DIGEST_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_DIGEST_STATE_RESPOND_CHALLENGE: + $values=explode(',',$response); + $parameters=array(); + for($v=0; $v<count($values); $v++) + $parameters[strtok(trim($values[$v]), '=')]=strtok(''); + + $message='username="'.$this->credentials['user'].'"'; + if(!IsSet($parameters[$p='realm']) + && !IsSet($parameters[$p='nonce'])) + { + $client->error='Digest authentication parameter '.$p.' is missing from the server response'; + return(SASL_FAIL); + } + $message.=', realm='.$parameters['realm']; + $message.=', nonce='.$parameters['nonce']; + $message.=', uri="'.$this->credentials['uri'].'"'; + if(IsSet($parameters['algorithm'])) + { + $algorithm=$this->unq($parameters['algorithm']); + $message.=', algorithm='.$parameters['algorithm']; + } + else + $algorithm=''; + + $realm=$this->unq($parameters['realm']); + $nonce=$this->unq($parameters['nonce']); + if(IsSet($parameters['qop'])) + { + switch($qop=$this->unq($parameters['qop'])) + { + case "auth": + $cnonce=$this->credentials['session']; + break; + default: + $client->error='Digest authentication quality of protection '.$qop.' is not yet supported'; + return(SASL_FAIL); + } + } + $nc_value='00000001'; + if(IsSet($parameters['qop']) + && !strcmp($algorithm, 'MD5-sess')) + $A1=$this->H($this->credentials['user'].':'. $realm.':'. $this->credentials['password']).':'.$nonce.':'.$cnonce; + else + $A1=$this->credentials['user'].':'. $realm.':'. $this->credentials['password']; + $A2=$this->credentials['method'].':'.$this->credentials['uri']; + if(IsSet($parameters['qop'])) + $response=$this->KD($this->H($A1), $nonce.':'. $nc_value.':'. $cnonce.':'. $qop.':'. $this->H($A2)); + else + $response=$this->KD($this->H($A1), $nonce.':'. $this->H($A2)); + $message.=', response="'.$response.'"'; + if(IsSet($parameters['opaque'])) + $message.=', opaque='.$parameters['opaque']; + if(IsSet($parameters['qop'])) + $message.=', qop="'.$qop.'"'; + $message.=', nc='.$nc_value; + if(IsSet($parameters['qop'])) + $message.=', cnonce="'.$cnonce.'"'; + $client->encode_response=0; + $this->state=SASL_DIGEST_STATE_DONE; + break; + case SASL_DIGEST_STATE_DONE: + $client->error='Digest authentication was finished without success'; + return(SASL_FAIL); + default: + $client->error='invalid Digest authentication step state'; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 785c902..da8844e 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -827,10 +827,7 @@ log_error("DynDns: Current WAN IP: {$wan_ip}"); if (file_exists($this->_cacheFile)) { - if(file_exists($this->_cacheFile)) - $contents = file_get_contents($this->_cacheFile); - else - $contents = ""; + $contents = file_get_contents($this->_cacheFile); list($cacheIP,$cacheTime) = split(':', $contents); $this->_debug($cacheIP.'/'.$cacheTime); $initial = false; @@ -933,4 +930,4 @@ } -?>
\ No newline at end of file +?> diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 0679060..c62f76b 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -166,7 +166,7 @@ function easyrule_block_alias_add($host, $int = 'wan') { /* Create a new alias with all the proper information */ $alias['name'] = $blockaliasname . strtoupper($int); $alias['type'] = 'network'; - $alias['descr'] = mb_convert_encoding("Hosts blocked from Firewall Log view","HTML-ENTITIES","auto"); + $alias['descr'] = "Hosts blocked from Firewall Log view"; $alias['address'] = $host . '/32'; $alias['detail'] = 'Entry added ' . date('r') . '||'; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6aaaeeb..72435de 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1091,13 +1091,18 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ } /* Generate a 'nat on' or 'no nat on' rule for given interface */ -function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "") { +function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "") { global $config, $FilterIflist; /* XXX: billm - any idea if this code is needed? */ if($src == "/32" || $src{0} == "/") return "# src incorrectly specified\n"; if($natip != "") { - $tgt = "{$natip}/32"; + if (is_subnet($natip)) + $tgt = $natip; + elseif (is_alias($natip)) + $tgt = "\${$natip}"; + else + $tgt = "{$natip}/32"; } else { $natip = get_interface_ip($if); if(is_ipaddr($natip)) @@ -1129,18 +1134,17 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if($dstport != "") $dst .= " port {$dstport}"; /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */ + $staticnatport_txt = ""; if($staticnatport) - $staticnatport_txt = " static-port"; - else - if(!$natport) - $staticnatport_txt = " port 1024:65535"; // set source port range - else - $staticnatport_txt = ""; + $staticnatport_txt = "static-port"; + elseif(!$natport) + $tgt .= " port 1024:65535"; // set source port range /* Allow for negating NAT entries */ if($nonat) { $nat = "no nat"; $target = ""; $staticnatport_txt = ""; + $poolopts = ""; } else { $nat = "nat"; $target = "-> {$tgt}"; @@ -1148,7 +1152,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $if_friendly = $FilterIflist[$if]['descr']; /* Put all the pieces together */ if($if_friendly) - $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; + $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n"; else $natrule .= "# Could not convert {$if} to friendly name(alias)\n"; return $natrule; @@ -1241,6 +1245,9 @@ function filter_nat_rules_generate() { else $natif = $obent['interface']; + $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; + $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; + if (!isset($FilterIflist[$natif])) continue; @@ -1249,11 +1256,12 @@ function filter_nat_rules_generate() { $obent['sourceport'], $dst, $obent['dstport'], - $obent['target'], + $obtarget, $obent['natport'], isset($obent['nonat']), isset($obent['staticnatport']), - $obent['protocol'] + $obent['protocol'], + $poolopts ); } } @@ -1540,7 +1548,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 52)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; @@ -2138,7 +2146,7 @@ EOD; $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); $ipfrules .= "pass in {$log} quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; + $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any to any flags any keep state(sloppy)\n"; } } diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index ba97ba0..c19a849 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -3,7 +3,7 @@ /* globals.inc part of pfSense (www.pfsense.com) - Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich Originally Part of m0n0wall Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. @@ -89,7 +89,7 @@ $g = array( "disablehelpmenu" => false, "disablehelpicon" => false, "debug" => false, - "latest_config" => "7.5", + "latest_config" => "7.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "105", "minimum_ram_warning_text" => "128 MB", @@ -110,10 +110,7 @@ $g = array( // Loop through and set vlan_long_frame VLAN_MTU $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); -if(count($vlan_native_supp) > 0) - $g['vlan_long_frame'] = $vlan_native_supp; -else - $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); +$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), (array)$vlan_native_supp); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); @@ -162,7 +159,9 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.log_debug" => "0", "net.inet.tcp.tso" => "1", "net.inet.icmp.icmplim" => "0", - "vfs.read_max" => "32" + "vfs.read_max" => "32", + "kern.ipc.maxsockbuf" => "4262144", + "debug.pfftpproxy" => "0" ); $config_parsed = false; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 6790d9e..c5afdfe 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -103,23 +103,37 @@ function interface_netgraph_needed($interface = "wan") { break; } } - if ($found == false && !empty($config['interfaces'][$interface])) { - switch ($config['interfaces'][$interface]['ipaddr']) { - case "ppp": - case "pppoe": - case "l2tp": - case "pptp": - $found = true; - break; - default: - $found = false; - break; + if ($found == false) { + if (!empty($config['interfaces'][$interface])) { + switch ($config['interfaces'][$interface]['ipaddr']) { + case "ppp": + case "pppoe": + case "l2tp": + case "pptp": + $found = true; + break; + default: + $found = false; + break; + } + } + } + if ($found == false) { + $realif = get_real_interface($interface); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + $found = true; + break; + } + } } } - $realif = get_real_interface($interface); - if ($found == false) + if ($found == false) { + $realif = get_real_interface($interface); pfSense_ngctl_detach("{$realif}:", $realif); + } /* NOTE: We make sure for this on interface_ppps_configure() * no need to do it here agan. * else @@ -920,13 +934,15 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { - if (file_exists("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid")) { - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(5); + if (isset($ppp['ondemand']) && !$destroy){ + send_event("interface reconfigure {$interface}"); + break; + } + if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) { + killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"); + sleep(2); } unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); - if (isset($ppp['ondemand']) && !$destroy) - send_event("interface reconfigure {$interface}"); break; } } @@ -1808,13 +1824,17 @@ function interface_carp_configure(&$vip) { /* invalidate interface cache */ get_interface_arr(true); + $advbase = ""; + if (!empty($vip['advbase'])) + $advbase = "advbase {$vip['advbase']}"; + if(is_ipaddrv4($vip['subnet'])) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$advbase} {$password}"); } if(is_ipaddrv6($vip['subnet'])) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} prefixlen {$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} prefixlen {$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$advbase} {$password}"); } interfaces_bring_up($vipif); @@ -2476,7 +2496,6 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven case 'l2tp': case 'pptp': case 'ppp': - interface_bring_down($interface, true); break; default: interface_bring_down($interface); diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 332f300..2653297 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -469,4 +469,21 @@ function ipsec_mobilekey_sort() { usort($config['ipsec']['mobilekey'], "mobilekeycmp"); } -?>
\ No newline at end of file +function ipsec_get_number_of_phase2($ikeid) { + global $config; + $a_phase2 = $config['ipsec']['phase2']; + + $nbph2=0; + + if (is_array($a_phase2) && count($a_phase2)) { + foreach ($a_phase2 as $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { + $nbph2++; + } + } + } + + return $nbph2; +} + +?> diff --git a/etc/inc/login_sasl_client.inc b/etc/inc/login_sasl_client.inc new file mode 100644 index 0000000..923d16e --- /dev/null +++ b/etc/inc/login_sasl_client.inc @@ -0,0 +1,69 @@ +<?php +/* + * login_sasl_client.php + * + * @(#) $Id: login_sasl_client.php,v 1.2 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_LOGIN_STATE_START", 0); +define("SASL_LOGIN_STATE_IDENTIFY_USER", 1); +define("SASL_LOGIN_STATE_IDENTIFY_PASSWORD", 2); +define("SASL_LOGIN_STATE_DONE", 3); + +class login_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_LOGIN_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_LOGIN_STATE_START) + { + $client->error="LOGIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"" + ); + $defaults=array( + "realm"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_LOGIN_STATE_IDENTIFY_USER; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_LOGIN_STATE_IDENTIFY_USER: + $message=$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : ""); + $this->state=SASL_LOGIN_STATE_IDENTIFY_PASSWORD; + break; + case SASL_LOGIN_STATE_IDENTIFY_PASSWORD: + $message=$this->credentials["password"]; + $this->state=SASL_LOGIN_STATE_DONE; + break; + case SASL_LOGIN_STATE_DONE: + $client->error="LOGIN authentication was finished without success"; + break; + default: + $client->error="invalid LOGIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index 34cbd82..0cbf5fd 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -283,6 +283,7 @@ function notify_via_smtp($message) { return; } + require_once("sasl.inc"); require_once("smtp.inc"); $smtp = new smtp_class; @@ -306,7 +307,7 @@ function notify_via_smtp($message) { if($config['notifications']['smtp']['username'] && $config['notifications']['smtp']['password']) { $smtp->authentication_mechanism = "PLAIN"; - $smtp->username = $config['notifications']['smtp']['username']; + $smtp->user = $config['notifications']['smtp']['username']; $smtp->password = $config['notifications']['smtp']['password']; } @@ -379,4 +380,4 @@ function register_via_growl() { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/ntlm_sasl_client.inc b/etc/inc/ntlm_sasl_client.inc new file mode 100644 index 0000000..406edf2 --- /dev/null +++ b/etc/inc/ntlm_sasl_client.inc @@ -0,0 +1,180 @@ +<?php +/* + * ntlm_sasl_client.php + * + * @(#) $Id: ntlm_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_NTLM_STATE_START", 0); +define("SASL_NTLM_STATE_IDENTIFY_DOMAIN", 1); +define("SASL_NTLM_STATE_RESPOND_CHALLENGE", 2); +define("SASL_NTLM_STATE_DONE", 3); + +class ntlm_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_NTLM_STATE_START; + + Function Initialize(&$client) + { + if(!function_exists($function="mcrypt_encrypt") + || !function_exists($function="mhash")) + { + $extensions=array( + "mcrypt_encrypt"=>"mcrypt", + "mhash"=>"mhash" + ); + $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; + return(0); + } + return(1); + } + + Function ASCIIToUnicode($ascii) + { + for($unicode="",$a=0;$a<strlen($ascii);$a++) + $unicode.=substr($ascii,$a,1).chr(0); + return($unicode); + } + + Function TypeMsg1($domain,$workstation) + { + $domain_length=strlen($domain); + $workstation_length=strlen($workstation); + $workstation_offset=32; + $domain_offset=$workstation_offset+$workstation_length; + return( + "NTLMSSP\0". + "\x01\x00\x00\x00". + "\x07\x32\x00\x00". + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + $workstation. + $domain + ); + } + + Function NTLMResponse($challenge,$password) + { + $unicode=$this->ASCIIToUnicode($password); + $md4=mhash(MHASH_MD4,$unicode); + $padded=$md4.str_repeat(chr(0),21-strlen($md4)); + $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); + $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); + for($response="",$third=0;$third<21;$third+=7) + { + for($packed="",$p=$third;$p<$third+7;$p++) + $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); + for($key="",$p=0;$p<strlen($packed);$p+=7) + { + $s=substr($packed,$p,7); + $b=$s.((substr_count($s,"1") % 2) ? "0" : "1"); + $key.=chr(bindec($b)); + } + $ciphertext=mcrypt_encrypt(MCRYPT_DES,$key,$challenge,MCRYPT_MODE_ECB,$iv); + $response.=$ciphertext; + } + return $response; + } + + Function TypeMsg3($ntlm_response,$user,$domain,$workstation) + { + $domain_unicode=$this->ASCIIToUnicode($domain); + $domain_length=strlen($domain_unicode); + $domain_offset=64; + $user_unicode=$this->ASCIIToUnicode($user); + $user_length=strlen($user_unicode); + $user_offset=$domain_offset+$domain_length; + $workstation_unicode=$this->ASCIIToUnicode($workstation); + $workstation_length=strlen($workstation_unicode); + $workstation_offset=$user_offset+$user_length; + $lm=""; + $lm_length=strlen($lm); + $lm_offset=$workstation_offset+$workstation_length; + $ntlm=$ntlm_response; + $ntlm_length=strlen($ntlm); + $ntlm_offset=$lm_offset+$lm_length; + $session=""; + $session_length=strlen($session); + $session_offset=$ntlm_offset+$ntlm_length; + return( + "NTLMSSP\0". + "\x03\x00\x00\x00". + pack("v",$lm_length). + pack("v",$lm_length). + pack("V",$lm_offset). + pack("v",$ntlm_length). + pack("v",$ntlm_length). + pack("V",$ntlm_offset). + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$user_length). + pack("v",$user_length). + pack("V",$user_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + pack("v",$session_length). + pack("v",$session_length). + pack("V",$session_offset). + "\x01\x02\x00\x00". + $domain_unicode. + $user_unicode. + $workstation_unicode. + $lm. + $ntlm + ); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_NTLM_STATE_START) + { + $client->error="NTLM authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "workstation"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_NTLM_STATE_IDENTIFY_DOMAIN: + $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE; + break; + case SASL_NTLM_STATE_RESPOND_CHALLENGE: + $ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]); + $message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_DONE; + break; + case SASL_NTLM_STATE_DONE: + $client->error="NTLM authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid NTLM authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 9ca76cf..35d79cd 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -127,4 +127,4 @@ syslog(LOG_WARNING, "user {$username} authenticated\n"); exit(0); -?> +?>
\ No newline at end of file diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 234f756..ca463e8 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -514,7 +514,7 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); } if ($settings['tls']) { - if (stristr($settings['mode'], "server")) + if ($mode == "server") $tlsopt = 0; else $tlsopt = 1; @@ -696,9 +696,9 @@ function openvpn_resync_all($interface = "") { } */ if ($interface <> "") - log_error("Resyncing openvpn instances configurations for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); + log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); else - log_error("Resyncing openvpn instances configurations."); + log_error("Resyncing OpenVPN instances."); if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index c68c3f7..1365f05 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1473,6 +1473,7 @@ function read_header($ch, $string) { function read_body($ch, $string) { global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; + global $pkg_interface; $length = strlen($string); $downloaded += intval($length); if($file_size > 0) { @@ -1482,11 +1483,25 @@ function read_body($ch, $string) { $downloadProgress = 0; if($lastseen <> $downloadProgress and $downloadProgress < 101) { if($sendto == "status") { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { + $tostatus = $static_status . $downloadProgress . "%"; + update_status($tostatus); + } + } else { $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); + update_status($tostatus); + } } else { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { + $tooutput = $static_output . $downloadProgress . "%"; + update_output_window($tooutput); + } + } else { $tooutput = $static_output . $downloadProgress . "%"; update_output_window($tooutput); + } } update_progress_bar($downloadProgress); $lastseen = $downloadProgress; @@ -1504,7 +1519,9 @@ function update_output_window($text) { global $pkg_interface; $log = ereg_replace("\n", "\\n", $text); if($pkg_interface != "console") { - echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>"; + echo "\n<script language=\"JavaScript\">\nthis.document.forms[0].output.value = \"" . $log . "\";\n"; + echo "this.document.forms[0].output.scrollTop = this.document.forms[0].output.scrollHeight;\n"; + echo "</script>"; } /* ensure that contents are written out */ ob_flush(); diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2371939..2563e44 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -98,7 +98,7 @@ conf_mount_ro(); * ******/ function remove_freebsd_package($packagestring) { - exec("/usr/sbin/pkg_delete -x {$packagestring}"); + exec("/usr/sbin/pkg_delete -x {$packagestring} 2>>/tmp/pkg_delete_errors.txt"); } /****f* pkg-utils/is_package_installed @@ -191,28 +191,34 @@ function get_pkg_sizes($pkgs = 'all') { * This function may also print output to the terminal indicating progress. */ function resync_all_package_configs($show_message = false) { - global $config, $pkg_interface; + global $config, $pkg_interface, $bootup; log_error("Resyncing configuration for all packages."); + if (!is_array($config['installedpackages']['package'])) return; + if($show_message == true) echo "Syncing packages:"; conf_mount_rw(); + foreach($config['installedpackages']['package'] as $idx => $package) { if (empty($package['name'])) continue; if($show_message == true) echo " " . $package['name']; get_pkg_depends($package['name'], "all"); - stop_service($package['name']); + if($bootup != true) + stop_service($package['name']); sync_package($idx, true, true); if($pkg_interface == "console") echo "\nSyncing packages:"; } + if($show_message == true) echo " done.\n"; + @unlink("/conf/needs_package_sync"); conf_mount_ro(); } @@ -222,6 +228,8 @@ function resync_all_package_configs($show_message = false) { * package is installed. */ function is_freebsd_pkg_installed($pkg) { + if(!$pkg) + return; $output = ""; exec("/usr/sbin/pkg_info -E \"{$pkg}*\"", $output, $retval); @@ -304,6 +312,14 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu function uninstall_package($pkg_name) { global $config, $static_output; + // Back up /usr/local/lib libraries first + if(!file_exists("/tmp/pkg_libs.tgz")) { + $static_output .= "Backing up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + $static_output .= "\n"; + } + $id = get_pkg_id($pkg_name); if ($id >= 0) { $pkg_depends =& $config['installedpackages']['package'][$id]['depends_on_package']; @@ -315,6 +331,12 @@ function uninstall_package($pkg_name) { } } delete_package_xml($pkg_name); + + // Restore libraries that we backed up + $static_output .= "Cleaning up... "; + update_output_window($static_output); + exec("/usr/bin/tar xzPfU /tmp/pkg_libs.tgz -C /"); + @unlink("/tmp/pkg_libs.tgz"); } function force_remove_package($pkg_name) { @@ -425,9 +447,8 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = $priv_url; if (substr($base_url, -1) == "/") $base_url = substr($base_url, 0, -1); - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Trying to download {$base_url}/{$filename} ... "; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; @@ -438,7 +459,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = update_output_window($static_output); return false; } else { - $static_output .= " downloaded from {$osname} repository instead of provided one.\n"; + $static_output .= " [{$osname} repository]\n"; update_output_window($static_output); } } @@ -459,8 +480,6 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = if (pkg_fetch_recursive($working_depend[1], $depend_filename, $dependlevel + 1, $base_url) == false) return false; } else { - //$dependlevel++; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; pkg_debug($working_depend[1] . "\n"); } } @@ -505,7 +524,7 @@ function install_package($package, $pkg_info = "") { if($pkg_interface == "console") print "\nERROR! Unable to fetch package configuration file. Aborting package installation.\n"; else { - $static_output .= "failed!\n\nInstallation aborted."; + $static_output .= "failed!\n\nInstallation aborted.\n"; update_output_window($static_output); echo "<br>Show <a href=\"pkg_mgr_install.php?showlog=true\">install log</a></center>"; } @@ -528,7 +547,8 @@ function install_package($package, $pkg_info = "") { $changedesc = "Overwrote previous installation of {$pkg_info['name']}."; $to_output = "overwrite!\n"; } - /* XXX: Fix inclusion of config.inc that causes data loss! */ + if(file_exists('/conf/needs_package_sync')) + @unlink('/conf/needs_package_sync'); conf_mount_ro(); write_config(); $static_output .= $to_output; @@ -620,18 +640,18 @@ function install_package_xml($pkg) { } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= "\nLoading package configuration... "; + $static_output .= "Loading package configuration... "; update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= "done.\n"; update_output_window($static_output); - $static_output .= "\tConfiguring package components...\n"; + $static_output .= "Configuring package components...\n"; if (!empty($pkg_config['filter_rules_needed'])) $config['installedpackages']['package'][$pkgid]['filter_rule_function'] = $pkg_config['filter_rules_needed']; update_output_window($static_output); /* modify system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) { if($ms['textneeded']) { @@ -643,7 +663,7 @@ function install_package_xml($pkg) { } /* download additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAdditional files... "; + $static_output .= "Additional files... "; $static_orig = $static_output; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { @@ -661,7 +681,7 @@ function install_package_xml($pkg) { if(!is_dir($prefix)) safe_mkdir($prefix); $static_output .= $filename . " "; - update_output_window($static_output); + update_output_window($static_output); if (download_file_with_progress_bar($afn['item'][0], $prefix . $filename) !== true) { $static_output .= "failed.\n"; update_output_window($static_output); @@ -697,7 +717,7 @@ function install_package_xml($pkg) { require_once($pkg_config['include_file']); else { $missing_include = true; - $static_output .= "\tInclude " . basename($pkg_config['include_file']) . " is missing!\n"; + $static_output .= "Include " . basename($pkg_config['include_file']) . " is missing!\n"; update_output_window($static_output); /* XXX: Should undo the steps before this?! */ return false; @@ -705,7 +725,7 @@ function install_package_xml($pkg) { } /* sidebar items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); foreach($pkg_config['menu'] as $menu) { if(is_array($config['installedpackages']['menu'])) @@ -719,7 +739,7 @@ function install_package_xml($pkg) { } /* integrated tab items */ if(is_array($pkg_config['tabs']['tab'])) { - $static_output .= "\tIntegrated Tab items... "; + $static_output .= "Integrated Tab items... "; update_output_window($static_output); foreach($pkg_config['tabs']['tab'] as $tab) { if(is_array($config['installedpackages']['tab'])) @@ -733,7 +753,7 @@ function install_package_xml($pkg) { } /* services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); foreach($pkg_config['service'] as $service) { if(is_array($config['installedpackages']['service'])) @@ -750,21 +770,21 @@ function install_package_xml($pkg) { update_output_window($static_output); if ($missing_include == false) { if($pkg_config['custom_php_global_functions'] <> "") { - $static_output .= "\tExecuting custom_php_global_functions()..."; + $static_output .= "Executing custom_php_global_functions()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_global_functions']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_install_command']) { - $static_output .= "\tExecuting custom_php_install_command()..."; + $static_output .= "Executing custom_php_install_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_install_command']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_resync_config_command'] <> "") { - $static_output .= "\tExecuting custom_php_resync_config_command()..."; + $static_output .= "Executing custom_php_resync_config_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_resync_config_command']); $static_output .= "done.\n"; @@ -795,36 +815,59 @@ function install_package_xml($pkg) { return true; } +function does_package_depend($pkg) { + // Should not happen, but just in case. + if(!$pkg) + return; + $pkg_var_db_dir = glob("/var/db/pkg/{$pkg}*"); + // If this package has dependency then return true + foreach($pkg_var_db_dir as $pvdd) { + if (file_exists("{$vardb}/{$pvdd}/+REQUIRED_BY") && count(file("{$vardb}/{$pvdd}/+REQUIRED_BY")) > 0) + return true; + } + // Did not find a record of dependencies, so return false. + return false; +} + function delete_package($pkg) { global $config, $g, $static_output, $vardb; - $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); + if(!$pkg) + return; + $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); - if (file_exists("{$vardb}/{$pkg}/+REQUIRED_BY") && count(file("{$vardb}/{$pkg}/+REQUIRED_BY")) > 0) { - $static_output .= "\tSkipping package deletion for {$pkg} because it is required by other packages.\n"; + // If package has dependencies then skip it + if(does_package_depend($pkg)) { + $static_output .= "Skipping package deletion for {$pkg} because it is a dependency.\n"; update_output_window($static_output); - return; + return; } else { if($pkg) - $static_output .= "\tStarting package deletion for {$pkg}..."; - update_output_window($static_output); + $static_output .= "Starting package deletion for {$pkg}..."; + update_output_window($static_output); } + $info = ""; exec("/usr/sbin/pkg_info -qrx {$pkg}", $info); remove_freebsd_package($pkg); $static_output .= "done.\n"; update_output_window($static_output); foreach($info as $line) { - $depend = trim(str_replace("@pkgdep", "", $line), " \n"); - delete_package($depend); + $depend = trim(str_replace("@pkgdep ", "", $line), " \n"); + // If package has dependencies then skip it + if(!does_package_depend($depend)) + delete_package($depend); } + /* Rescan directories for what has been left and avoid fooling other programs. */ + mwexec("/sbin/ldconfig"); + return; } function delete_package_xml($pkg) { - global $g, $config, $static_output, $pkg_interface; + global $g, $config, $static_output, $pkg_interface, $bootup; conf_mount_rw(); @@ -854,7 +897,7 @@ function delete_package_xml($pkg) { $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'], "packagegui"); /* remove tab items */ if(is_array($pkg_config['tabs'])) { - $static_output .= "\tTabs items... "; + $static_output .= "Tabs items... "; update_output_window($static_output); if(is_array($pkg_config['tabs']['tab']) && is_array($tabs)) { foreach($pkg_config['tabs']['tab'] as $tab) { @@ -871,7 +914,7 @@ function delete_package_xml($pkg) { } /* remove menu items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); if (is_array($pkg_config['menu']) && is_array($menus)) { foreach($pkg_config['menu'] as $menu) { @@ -888,13 +931,14 @@ function delete_package_xml($pkg) { } /* remove services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); if (is_array($pkg_config['service']) && is_array($services)) { foreach($pkg_config['service'] as $service) { foreach($services as $key => $instservice) { if($instservice['name'] == $service['name']) { - stop_service($service['name']); + if($bootup != true) + stop_service($service['name']); unset($services[$key]); } } @@ -924,7 +968,7 @@ function delete_package_xml($pkg) { else { $missing_include = true; update_output_window($static_output); - $static_output .= "\tInclude file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; + $static_output .= "Include file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; } } /* ermal @@ -940,7 +984,7 @@ function delete_package_xml($pkg) { } /* system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) if($ms['textneeded']) remove_text_from_file($ms['modifyfilename'], $ms['textneeded']); @@ -950,27 +994,26 @@ function delete_package_xml($pkg) { } /* deinstall commands */ if($pkg_config['custom_php_deinstall_command'] <> "") { - $static_output .= "\tDeinstall commands... "; + $static_output .= "Deinstall commands... "; update_output_window($static_output); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); $static_output .= "done.\n"; } else - $static_output .= "\n\tNot executing custom deinstall hook because an include is missing.\n"; + $static_output .= "\nNot executing custom deinstall hook because an include is missing.\n"; update_output_window($static_output); } if($pkg_config['include_file'] <> "") { - $static_output .= "\tRemoving package instructions..."; - update_output_window($static_output); - pkg_debug("Remove '{$pkg_config['include_file']}'\n"); - unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); + $static_output .= "Removing package instructions..."; + update_output_window($static_output); + pkg_debug("Remove '{$pkg_config['include_file']}'\n"); + unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); $static_output .= "done.\n"; - update_output_window($static_output); - - } + update_output_window($static_output); + } /* remove all additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAuxiliary files... "; + $static_output .= "Auxiliary files... "; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { $filename = get_filename_from_url($afn['item'][0]); @@ -978,14 +1021,13 @@ function delete_package_xml($pkg) { $prefix = $afn['prefix']; else $prefix = "/usr/local/pkg/"; - unlink_if_exists($prefix . $filename); } $static_output .= "done.\n"; update_output_window($static_output); } /* package XML file */ - $static_output .= "\tPackage XML... "; + $static_output .= "Package XML... "; update_output_window($static_output); unlink_if_exists("/usr/local/pkg/" . $packages[$pkgid]['configurationfile']); $static_output .= "done.\n"; @@ -993,7 +1035,7 @@ function delete_package_xml($pkg) { } /* syslog */ if(is_array($pkg_info['logging']) && $pkg_info['logging']['logfile_name'] <> "") { - $static_output .= "\tSyslog entries... "; + $static_output .= "Syslog entries... "; update_output_window($static_output); remove_text_from_file("/etc/syslog.conf", $pkg_info['logging']['facilityname'] . "\t\t\t\t" . $pkg_info['logging']['logfilename']); system_syslogd_start(); @@ -1001,9 +1043,10 @@ function delete_package_xml($pkg) { $static_output .= "done.\n"; update_output_window($static_output); } + conf_mount_ro(); /* remove config.xml entries */ - $static_output .= "\tConfiguration... "; + $static_output .= "Configuration... "; update_output_window($static_output); unset($config['installedpackages']['package'][$pkgid]); $static_output .= "done.\n"; @@ -1081,4 +1124,33 @@ function squash_from_bytes($size, $round = "") { return; } +function pkg_reinstall_all() { + global $g, $config; + $pkg_id = 0; + $todo = array(); + if (is_array($config['installedpackages']['package'])) + foreach($config['installedpackages']['package'] as $package) + $todo[] = array('name' => $package['name'], 'version' => $package['version']); + echo "One moment please, reinstalling packages...\n"; + echo " >>> Trying to fetch package info..."; + $pkg_info = get_pkg_info(); + if ($pkg_info) { + echo " Done.\n"; + } else { + $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n"; + return; + } + if(is_array($todo)) { + foreach($todo as $pkgtodo) { + $static_output = ""; + if($pkgtodo['name']) { + uninstall_package($pkgtodo['name']); + install_package($pkgtodo['name']); + $pkg_id++; + } + } + } +} + ?> diff --git a/etc/inc/plain_sasl_client.inc b/etc/inc/plain_sasl_client.inc new file mode 100644 index 0000000..c7feed0 --- /dev/null +++ b/etc/inc/plain_sasl_client.inc @@ -0,0 +1,99 @@ +<?php +/* + * plain_sasl_client.php + * + * @(#) $Id: plain_sasl_client.php,v 1.2 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_PLAIN_STATE_START", 0); +define("SASL_PLAIN_STATE_IDENTIFY", 1); +define("SASL_PLAIN_STATE_DONE", 2); + +define("SASL_PLAIN_DEFAULT_MODE", 0); +define("SASL_PLAIN_EXIM_MODE", 1); +define("SASL_PLAIN_EXIM_DOCUMENTATION_MODE", 2); + +class plain_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_PLAIN_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_PLAIN_STATE_START) + { + $client->error="PLAIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "mode"=>"" + ); + $defaults=array( + "realm"=>"", + "mode"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + $this->state=SASL_PLAIN_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { +/* + case SASL_PLAIN_STATE_IDENTIFY: + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + var_dump($message); + $this->state=SASL_PLAIN_STATE_DONE; + break; +*/ + case SASL_PLAIN_STATE_DONE: + $client->error="PLAIN authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid PLAIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/sasl.inc b/etc/inc/sasl.inc new file mode 100644 index 0000000..d64442e --- /dev/null +++ b/etc/inc/sasl.inc @@ -0,0 +1,422 @@ +<?php +/* + * sasl.php + * + * @(#) $Id: sasl.php,v 1.11 2005/10/31 18:43:27 mlemos Exp $ + * + */ + +define("SASL_INTERACT", 2); +define("SASL_CONTINUE", 1); +define("SASL_OK", 0); +define("SASL_FAIL", -1); +define("SASL_NOMECH", -4); + +class sasl_interact_class +{ + var $id; + var $challenge; + var $prompt; + var $default_result; + var $result; +}; + +/* +{metadocument}<?xml version="1.0" encoding="ISO-8859-1" ?> +<class> + + <package>net.manuellemos.sasl</package> + + <version>@(#) $Id: sasl.php,v 1.11 2005/10/31 18:43:27 mlemos Exp $</version> + <copyright>Copyright © (C) Manuel Lemos 2004</copyright> + <title>Simple Authentication and Security Layer client</title> + <author>Manuel Lemos</author> + <authoraddress>mlemos-at-acm.org</authoraddress> + + <documentation> + <idiom>en</idiom> + <purpose>Provide a common interface to plug-in driver classes that + implement different mechanisms for authentication used by clients of + standard protocols like SMTP, POP3, IMAP, HTTP, etc.. Currently the + supported authentication mechanisms are: <tt>PLAIN</tt>, + <tt>LOGIN</tt>, <tt>CRAM-MD5</tt>, <tt>Digest</tt> and <tt>NTML</tt> + (Windows or Samba).</purpose> + <usage>.</usage> + </documentation> + +{/metadocument} +*/ + +class sasl_client_class +{ + /* Public variables */ + +/* +{metadocument} + <variable> + <name>error</name> + <type>STRING</type> + <value></value> + <documentation> + <purpose>Store the message that is returned when an error + occurs.</purpose> + <usage>Check this variable to understand what happened when a call to + any of the class functions has failed.<paragraphbreak /> + This class uses cumulative error handling. This means that if one + class functions that may fail is called and this variable was + already set to an error message due to a failure in a previous call + to the same or other function, the function will also fail and does + not do anything.<paragraphbreak /> + This allows programs using this class to safely call several + functions that may fail and only check the failure condition after + the last function call.<paragraphbreak /> + Just set this variable to an empty string to clear the error + condition.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $error=''; + +/* +{metadocument} + <variable> + <name>mechanism</name> + <type>STRING</type> + <value></value> + <documentation> + <purpose>Store the name of the mechanism that was selected during the + call to the <functionlink>Start</functionlink> function.</purpose> + <usage>You can access this variable but do not change it.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $mechanism=''; + +/* +{metadocument} + <variable> + <name>encode_response</name> + <type>BOOLEAN</type> + <value>1</value> + <documentation> + <purpose>Let the drivers inform the applications whether responses + need to be encoded.</purpose> + <usage>Applications should check this variable before sending + authentication responses to the server to determine if the + responses need to be encoded, eventually with base64 algorithm.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $encode_response=1; + + /* Private variables */ + + var $driver; + var $drivers=array( + "Digest" => array("digest_sasl_client_class", "digest_sasl_client.inc" ), + "CRAM-MD5" => array("cram_md5_sasl_client_class", "cram_md5_sasl_client.inc" ), + "LOGIN" => array("login_sasl_client_class", "login_sasl_client.inc" ), + "NTLM" => array("ntlm_sasl_client_class", "ntlm_sasl_client.inc" ), + "PLAIN" => array("plain_sasl_client_class", "plain_sasl_client.inc" ), + "Basic" => array("basic_sasl_client_class", "basic_sasl_client.inc" ) + ); + var $credentials=array(); + + /* Public functions */ + +/* +{metadocument} + <function> + <name>SetCredential</name> + <type>VOID</type> + <documentation> + <purpose>Store the value of a credential that may be used by any of + the supported mechanisms to process the authentication messages and + responses.</purpose> + <usage>Call this function before starting the authentication dialog + to pass all the credential values that be needed to use the type + of authentication that the applications may need.</usage> + <returnvalue>.</returnvalue> + </documentation> + <argument> + <name>key</name> + <type>STRING</type> + <documentation> + <purpose>Specify the name of the credential key.</purpose> + </documentation> + </argument> + <argument> + <name>value</name> + <type>STRING</type> + <documentation> + <purpose>Specify the value for the credential.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function SetCredential($key,$value) + { + $this->credentials[$key]=$value; + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>GetCredentials</name> + <type>INTEGER</type> + <documentation> + <purpose>Retrieve the values of one or more credentials to be used by + the authentication mechanism classes.</purpose> + <usage>This is meant to be used by authentication mechanism driver + classes to retrieve the credentials that may be neede.</usage> + <returnvalue>The function may return <tt>SASL_CONTINUE</tt> if it + succeeded, or <tt>SASL_NOMECH</tt> if it was not possible to + retrieve one of the requested credentials.</returnvalue> + </documentation> + <argument> + <name>credentials</name> + <type>HASH</type> + <documentation> + <purpose>Reference to an associative array variable with all the + credentials that are being requested. The function initializes + this associative array values.</purpose> + </documentation> + </argument> + <argument> + <name>defaults</name> + <type>HASH</type> + <documentation> + <purpose>Associative arrays with default values for credentials + that may have not been defined.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to retrieve credentials that may be obtained + interacting with the user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function GetCredentials(&$credentials,$defaults,&$interactions) + { + Reset($credentials); + $end=(GetType($key=Key($credentials))!="string"); + for(;!$end;) + { + if(!IsSet($this->credentials[$key])) + { + if(IsSet($defaults[$key])) + $credentials[$key]=$defaults[$key]; + else + { + $this->error="the requested credential ".$key." is not defined"; + return(SASL_NOMECH); + } + } + else + $credentials[$key]=$this->credentials[$key]; + Next($credentials); + $end=(GetType($key=Key($credentials))!="string"); + } + return(SASL_CONTINUE); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>Start</name> + <type>INTEGER</type> + <documentation> + <purpose>Process the initial authentication step initializing the + driver class that implements the first of the list of requested + mechanisms that is supported by this SASL client library + implementation.</purpose> + <usage>Call this function specifying a list of mechanisms that the + server supports. If the <argumentlink> + <argument>message</argument> + <function>Start</function> + </argumentlink> argument returns a string, it should be sent to + the server as initial message. Check the + <variablelink>encode_response</variablelink> variable to determine + whether the initial message needs to be encoded, eventually with + base64 algorithm, before it is sent to the server.</usage> + <returnvalue>The function may return <tt>SASL_CONTINUE</tt> if it + could start one of the requested authentication mechanisms. It + may return <tt>SASL_NOMECH</tt> if it was not possible to start + any of the requested mechanisms. It returns <tt>SASL_FAIL</tt> or + other value in case of error.</returnvalue> + </documentation> + <argument> + <name>mechanisms</name> + <type>ARRAY</type> + <inout /> + <documentation> + <purpose>Define the list of names of authentication mechanisms + supported by the that should be tried.</purpose> + </documentation> + </argument> + <argument> + <name>message</name> + <type>STRING</type> + <out /> + <documentation> + <purpose>Return the initial message that should be sent to the + server to start the authentication dialog. If this value is + undefined, no message should be sent to the server.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to interact with the end user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function Start($mechanisms, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + if(IsSet($this->driver)) + return($this->driver->Start($this,$message,$interactions)); + $no_mechanism_error=""; + for($m=0;$m<count($mechanisms);$m++) + { + $mechanism=$mechanisms[$m]; + if(IsSet($this->drivers[$mechanism])) + { + if(!class_exists($this->drivers[$mechanism][0])) + require(dirname(__FILE__)."/".$this->drivers[$mechanism][1]); + $this->driver=new $this->drivers[$mechanism][0]; + if($this->driver->Initialize($this)) + { + $this->encode_response=1; + $status=$this->driver->Start($this,$message,$interactions); + switch($status) + { + case SASL_NOMECH: + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + break; + case SASL_CONTINUE: + $this->mechanism=$mechanism; + return($status); + default: + Unset($this->driver); + $this->error=""; + return($status); + } + } + else + { + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + } + } + } + $this->error=(strlen($no_mechanism_error) ? $no_mechanism_error : "it was not requested any of the authentication mechanisms that are supported"); + return(SASL_NOMECH); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>Step</name> + <type>INTEGER</type> + <documentation> + <purpose>Process the authentication steps after the initial step, + until the authetication iteration dialog is complete.</purpose> + <usage>Call this function iteratively after a successful initial + step calling the <functionlink>Start</functionlink> function.</usage> + <returnvalue>The function returns <tt>SASL_CONTINUE</tt> if step was + processed successfully, or returns <tt>SASL_FAIL</tt> in case of + error.</returnvalue> + </documentation> + <argument> + <name>response</name> + <type>STRING</type> + <in /> + <documentation> + <purpose>Pass the response returned by the server to the previous + step.</purpose> + </documentation> + </argument> + <argument> + <name>message</name> + <type>STRING</type> + <out /> + <documentation> + <purpose>Return the message that should be sent to the server to + continue the authentication dialog. If this value is undefined, + no message should be sent to the server.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to interact with the end user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function Step($response, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + return($this->driver->Step($this,$response,$message,$interactions)); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +}; + +/* + +{metadocument} +</class> +{/metadocument} + +*/ + +?> diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7c61546..692f1a5 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -122,20 +122,20 @@ function get_bandwidthtype_scale($type) { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: $factor = 1; break; } - return floatval($factor); + return intval($factor); } function get_hfsc_bandwidth($object, $bw) @@ -2943,12 +2943,12 @@ class dnpipe_class extends dummynet_class { function build_form() { $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; - $form .= "Enable/Disable"; + $form .= "Enable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> Enable/Disable limiter and its children</span>"; + $form .= " ><span class=\"vexpl\"> Enable limiter and its children</span>"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 06ec9fc..d2eb733 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -86,12 +86,6 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); - if (!$fd) { - printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); - return 1; - } - $resolvconf = "domain {$syscfg['domain']}\n"; $havedns = false; @@ -122,6 +116,12 @@ function system_resolvconf_generate($dynupdate = false) { } } + $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); + if (!$fd) { + printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); + return 1; + } + fwrite($fd, $resolvconf); fclose($fd); @@ -158,11 +158,16 @@ function get_searchdomains() { $master_list = array(); // Read in dhclient nameservers - $search_list = split("\n", `/bin/cat /var/etc/searchdomain_* 2>/dev/null`); + $search_list = glob("/var/etc/searchdomain_*"); if (is_array($search_lists)) { - foreach($search_lists as $dns) { - if(is_hostname($dns)) - $master_list[] = $dns; + foreach($search_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_hostname($dns)) + $master_list[] = $dns; + } } } @@ -174,21 +179,27 @@ function get_nameservers() { $master_list = array(); // Read in dhclient nameservers - $dns_lists = split("\n", `/bin/cat /var/etc/nameserver_* 2>/dev/null`); + $dns_lists = glob("/var/etc/nameserver_*"); if (is_array($dns_lists)) { - foreach($dns_lists as $dns) { - if(is_ipaddr($dns)) - $master_list[] = $dns; + foreach($dns_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_ipaddr($dns)) + $master_list[] = $dns; + } } } // Read in any extra nameservers if(file_exists("/var/etc/nameservers.conf")) { - $dns_lists = split("\n", `/bin/cat /var/etc/nameservers.conf`); - if(is_array($dns_s)) + $dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if(is_array($dns_s)) { foreach($dns_s as $dns) if (is_ipaddr($dns)) $master_list[] = $dns; + } } return $master_list; @@ -391,8 +402,8 @@ function system_routing_configure($interface = "") { if(isset($route_arr['default'])) { $action = "change"; } - log_error("ROUTING: $action IPv4 default route to $gatewayip"); - mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip)); + log_error("ROUTING: $action default route to $gatewayip"); + mwexec("/sbin/route {$action} -inet default " . escapeshellarg($gatewayip)); } } @@ -445,10 +456,17 @@ function system_routing_configure($interface = "") { $inet6 = ""; } if (is_ipaddr($gatewayip)) { +<<<<<<< HEAD mwexec("/sbin/route {$action} {$inet6} " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); } else if (!empty($interfacegw)) { mwexec("/sbin/route {$action} {$inet6} " . escapeshellarg($rtent['network']) . +======= + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . + " " . escapeshellarg($gatewayip)); + } else if (!empty($interfacegw)) { + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . +>>>>>>> upstream/master " -iface " . escapeshellarg($interfacegw)); } } @@ -1154,7 +1172,7 @@ EOD; fwrite($fd, "\n"); fwrite($fd, $key); fclose($fd); - if($ca <> "") { + if(!(empty($ca) || (strlen(trim($ca)) == 0))) { $fd = fopen("{$g['varetc_path']}/{$ca_location}", "w"); if (!$fd) { printf("Error: cannot open ca.pem in system_webgui_start().\n"); @@ -1168,7 +1186,7 @@ EOD; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - if($ca <> "") + if(!(empty($ca) || (strlen(trim($ca)) == 0))) $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; } diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 9f7be86..9be7ae0 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -709,10 +709,14 @@ function upgrade_040_to_041() { $config['sysctl']['item'][19]['descr'] = "Set the ephemeral port range starting port"; $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot "; + $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot"; $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; $config['sysctl']['item'][20]['value'] = "default"; + $config['sysctl']['item'][21]['tunable'] = "kern.ipc.maxsockbuf"; + $config['sysctl']['item'][21]['descr'] = "Maximum socket buffer size"; + $config['sysctl']['item'][21]['value'] = "default"; + } } @@ -817,8 +821,7 @@ function upgrade_044_to_045() { $iflist = get_configured_interface_list(false, true); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $id => $vlan) { - $vlan['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; - $config['vlans']['vlan'][$id] = $vlan; + $config['vlans']['vlan'][$id]['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; /* Make sure to update the interfaces section with the right name */ foreach($iflist as $ifname) { if($config['interfaces'][$ifname]['if'] == "vlan{$id}") { @@ -1083,8 +1086,8 @@ function upgrade_047_to_048() { $tempdyn['enable'] = isset($config['dyndns'][0]['enable']); $tempdyn['type'] = $config['dyndns'][0]['type']; $tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']); - $tempdyn['usernamefld'] = $config['dyndns'][0]['username']; - $tempdyn['passwordfld'] = $config['dyndns'][0]['password']; + $tempdyn['username'] = $config['dyndns'][0]['username']; + $tempdyn['password'] = $config['dyndns'][0]['password']; $tempdyn['host'] = $config['dyndns'][0]['host']; $tempdyn['mx'] = $config['dyndns'][0]['mx']; $tempdyn['interface'] = "wan"; @@ -2282,4 +2285,9 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } +function upgrade_075_to_076() { + require_once("services.inc"); + install_cron_job("/usr/bin/nice -n20 /etc/rc.update_urltables", true, "30", "12"); +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 494f81b..f3cb60b 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1311,6 +1311,19 @@ function start_devd() { sleep(1); } +function is_interface_vlan_mismatch() { + global $config, $g; + + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if (does_interface_exist($vlan['if']) == false) + return true; + } + } + + return false; +} + function is_interface_mismatch() { global $config, $g; diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 5c1d132..febb0f7 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -1,6 +1,8 @@ <?php /* - Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>. + Copyright (C) 2010 Ermal Luci <ermal.luci@gmail.com> + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2007 Marcel Wiget <mwiget@mac.com> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,6 +34,8 @@ */ /* include all configuration functions */ +if(!function_exists('captiveportal_syslog')) + require_once("captiveportal.inc"); function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { global $g, $config; @@ -140,7 +144,7 @@ function voucher_auth($voucher_received, $test = 0) { list($status, $roll, $nr) = explode(" ", $result); if ($status == "OK") { if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit + // store first voucher. Thats the one we give the timecredit $first_voucher = $voucher; $first_voucher_roll = $roll; } @@ -166,6 +170,7 @@ function voucher_auth($voucher_received, $test = 0) { $mask = 1 << ($nr % 8); if (ord($bitstring[$roll][$pos]) & $mask) { $test_result[] = "$voucher ($roll/$nr) already used and expired"; + captiveportal_syslog("$voucher ($roll/$nr) already used and expired"); $total_minutes = -1; // voucher expired $error++; } else { @@ -177,10 +182,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; + captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected $test_result[] = "$voucher invalid: $result !!"; + captiveportal_syslog("$voucher invalid: $result !!"); $error++; } } @@ -192,7 +199,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = "Access granted for $total_minutes Minutes in total."; } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -201,7 +208,7 @@ function voucher_auth($voucher_received, $test = 0) { // the user wouldn't know that he used at least one invalid voucher. if ($error) { - unlock($voucherlck); + unlock($voucherlck); if ($total_minutes > 0) // probably not needed, but want to make sure $total_minutes = 0; // we only report -1 (expired) or 0 (no access) return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS @@ -273,8 +280,8 @@ function voucher_configure() { $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { - log_error("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); + captiveportal_syslog("Voucher error: cannot write voucher.public\n"); + unlock($voucherlck); return 1; } fwrite($fd, $pubkey); @@ -291,13 +298,13 @@ function voucher_configure() { fwrite($fd, "{$config['voucher']['rollbits']},{$config['voucher']['ticketbits']},{$config['voucher']['checksumbits']},{$config['voucher']['magic']},{$config['voucher']['charset']}\n"); fclose($fd); @chmod("{$g['varetc_path']}/voucher.cfg", 0600); - unlock($voucherlck); + unlock($voucherlck); if ($g['booting'] && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher'); foreach ($a_roll as $rollent) { @@ -319,7 +326,7 @@ function voucher_configure() { voucher_write_active_db($roll, $active_vouchers); } - unlock($voucherlck); + unlock($voucherlck); echo "done\n"; } @@ -452,7 +459,7 @@ function voucher_save_db_to_config() { $rollent['used'] = base64_encode($bitmask); $active_vouchers = voucher_read_active_db($roll); $db = array(); - $dbi = 1; + $dbi = 1; foreach($active_vouchers as $voucher => $line) { list($timestamp,$minutes) = explode(",", $line); $activent['voucher'] = $voucher; @@ -470,4 +477,4 @@ function voucher_save_db_to_config() { return; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ef06f61..e4b49ec 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -636,11 +636,12 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ if (($localid_type == "none") || (($ph1ent['authentication_method'] == "xauth_psk_server") || ($ph1ent['authentication_method'] == "pre_shared_key")) - && isset($ph1ent['mobile'])) + && isset($ph1ent['mobile']) + && (ipsec_get_number_of_phase2($ikeid)==1)) $localid_spec = " "; else { if ($localid_type != "address") { @@ -879,7 +880,9 @@ EOD; /* mange racoon process */ if (is_process_running("racoon")) { sleep("0.1"); - mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + /* XXX: This seems to not work in ipsec-tools 0.7.3 but a HUP signal is equivalent. */ + //mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + sigkillbypid("{$g['varrun_path']}/racoon.pid", "HUP"); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { @@ -968,7 +971,9 @@ function vpn_netgraph_support() { foreach ($iflist as $iface) { $realif = get_real_interface($iface); /* Get support for netgraph(4) from the nic */ - pfSense_ngctl_attach(".", $realif); + $ifinfo = pfSense_get_interface_addresses($realif); + if (!empty($ifinfo) && in_array($ifinfo['iftype'], array("ether", "vlan", "bridge"))) + pfSense_ngctl_attach(".", $realif); } } @@ -1300,8 +1305,14 @@ EOD; } if (isset ($pppoecfg['radius']['server']['enable'])) { + $radiusport = ""; + $radiusacctport = ""; + if (isset($pppoecfg['radius']['server']['port'])) + $radiusport = $pppoecfg['radius']['server']['port']; + if (isset($pppoecfg['radius']['server']['acctport'])) + $radiusacctport = $pppoecfg['radius']['server']['acctport']; $mpdconf .=<<<EOD - set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']} {$radiusport} {$radiusacctport}" set radius retries 3 set radius timeout 10 set auth enable radius-auth diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 75871a9..3e32d68 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -229,7 +229,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= str_repeat("\t", $indent); if((is_bool($cval) && $cval == true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; - } else if (substr($ent, 0, 5) == "descr") { + } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; @@ -253,7 +253,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - if (substr($ent, 0, 5) == "descr") + if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; else $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index ef4fc19..ae725e5 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -139,4 +139,4 @@ function xmlrpc_auth(&$params) { return false; } -?> +?>
\ No newline at end of file diff --git a/etc/rc.bootup b/etc/rc.bootup index fe1faa3..6333ab8 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -255,8 +255,7 @@ setup_gateways_monitor(); echo "done.\n"; echo "Synchronizing user settings..."; -if (empty($config['system']['webgui']['backend'])) - local_sync_accounts(); +local_sync_accounts(); echo "done.\n"; if($avail > 0 and $avail < 65) { @@ -381,6 +380,16 @@ activate_powerd(); if (file_exists("/sbin/shutdown.old")) @unlink("/sbin/shutdown.old"); +/* Resync / Reinstall packages if need be */ +if(file_exists('/conf/needs_package_sync')) { + if($config['installedpackages'] <> '' && is_array($config['installedpackages']['package'])) { + require_once("pkg-utils.inc"); + if($g['platform'] == "pfSense" || $g['platform'] == "nanobsd") { + pkg_reinstall_all(); + } + } +} + /* done */ unset($g['booting']); diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 31843af..15dca87 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -94,46 +94,45 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) return; - $params = array( - XML_RPC_encode($password) - ); - - $numberofruns = 0; - while ($numberofruns < 2) { - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $password); - if($numberofruns > 1) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "240"); + $params = array( + XML_RPC_encode($password) + ); + + $numberofruns = 0; + while ($numberofruns < 2) { + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); if(!is_object($resp)) { - $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - } else { - $parsed_response = XML_RPC_decode($resp->value()); - if(!is_array($parsed_response)) { - if (trim($parsed_response) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - exit; + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } else { + $parsed_response = XML_RPC_decode($resp->value()); + if(!is_array($parsed_response)) { + if (trim($parsed_response) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} ({$method})."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + exit; + } + } else { + if (!isset($parsed_response['config_version']) || + $parsed_response['config_version'] < $config['version']) + return false; + else + return true; } - } else { - if (!isset($parsed_response['config_version']) || - $parsed_response['config_version'] < $config['version']) - return false; - else - return true; } + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + $numberofruns++; } - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - $numberofruns++; - } - return false; } diff --git a/etc/rc.firmware b/etc/rc.firmware index b10737e..063e9a3 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -491,7 +491,6 @@ pfSenseupgrade) if [ -f /tmp/no_upgrade_reboot_required ]; then rm /tmp/no_upgrade_reboot_required else - rm -f /var/run/config.lock sh /etc/rc.reboot fi diff --git a/etc/rc.halt b/etc/rc.halt index 4f3d1ef..fd6318b 100755 --- a/etc/rc.halt +++ b/etc/rc.halt @@ -2,8 +2,8 @@ # $Id$ -if [ -f /var/run/config.lock ]; then - echo "Cannot reboot at this moment, a config write operation is in progress." +if ! /usr/bin/lockf -s -t 30 /tmp/config.lock /usr/bin/true; then + echo "Cannot halt at this moment, a config write operation is in progress and 30 seconds have passed." exit -1 fi diff --git a/etc/rc.newwanip b/etc/rc.newwanip index a31cddc..b63996c 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -117,7 +117,8 @@ services_dyndns_configure($interface); vpn_ipsec_force_reload(); /* start OpenVPN server & clients */ -openvpn_resync_all($interface); +if (substr($interface_real, 0, 4) != "ovpn") + openvpn_resync_all($interface); /* reload graphing functions */ enable_rrd_graphing(); diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 6fc7589..67aceaf 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -44,28 +44,28 @@ fi # Calculate APC SHM size according # to detected memory values if [ "$AVAILMEM" -lt "65" ]; then - APCSHMEMSIZE="1" + APCSHMEMSIZE="1M" fi if [ "$AVAILMEM" -lt "96" ]; then - APCSHMEMSIZE="5" + APCSHMEMSIZE="5M" fi if [ "$AVAILMEM" -lt "128" ]; then - APCSHMEMSIZE="10" + APCSHMEMSIZE="10M" fi if [ "$AVAILMEM" -gt "128" ]; then - APCSHMEMSIZE="15" + APCSHMEMSIZE="15M" fi if [ "$AVAILMEM" -gt "256" ]; then - APCSHMEMSIZE="20" + APCSHMEMSIZE="20M" fi if [ "$AVAILMEM" -gt "384" ]; then - APCSHMEMSIZE="25" + APCSHMEMSIZE="25M" fi if [ "$AVAILMEM" -gt "512" ]; then - APCSHMEMSIZE="30" + APCSHMEMSIZE="30M" fi if [ "$AVAILMEM" -gt "784" ]; then - APCSHMEMSIZE="35" + APCSHMEMSIZE="35M" fi # Set upload directory diff --git a/etc/rc.reboot b/etc/rc.reboot index 851f1a8..4bb28a1 100755 --- a/etc/rc.reboot +++ b/etc/rc.reboot @@ -2,9 +2,9 @@ # $Id$ -if [ -f /var/run/config.lock ]; then - echo "Cannot reboot at this moment, a config write operation is in progress." - exit -1 +if ! /usr/bin/lockf -s -t 30 /tmp/config.lock /usr/bin/true; then + echo "Cannot reboot at this moment, a config write operation is in progress, and 30 seconds have passed." + exit 1 fi sleep 1 diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 257a577..9d46ad2 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -1,7 +1,7 @@ #!/bin/sh -if [ -f /var/run/config.lock ]; then - echo "Cannot reboot at this moment, a config write operation is in progress." +if ! /usr/bin/lockf -s -t 30 /tmp/config.lock /usr/bin/true; then + echo "Cannot shutdown at this moment, a config write operation is in progress and 30 seconds have passed." exit -1 fi diff --git a/etc/version b/etc/version index 7c92322..813dcee 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-BETA4 +2.0-BETA5 diff --git a/tmp/post_upgrade_command b/tmp/post_upgrade_command index a2fb94e..ed49d0a 100755 --- a/tmp/post_upgrade_command +++ b/tmp/post_upgrade_command @@ -1,6 +1,5 @@ #!/bin/sh -touch /var/run/config.lock /etc/rc.conf_mount_rw KERNELTYPE=`cat /boot/kernel/pfsense_kernel.txt` diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 6cbe1c0..2d7883c 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -268,20 +268,14 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut global $redirurl, $g, $config, $type, $passthrumac, $_POST; - /* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */ - $captiveshouldunlock = false; - if ($ruleno == null) { - $cplock = lock('captiveportal'); - $captiveshouldunlock = true; + /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */ + if ($ruleno == null) $ruleno = captiveportal_get_next_ipfw_ruleno(); - } /* if the pool is empty, return appropriate message and exit */ if (is_null($ruleno)) { portal_reply_page($redirurl, "error", "System reached maximum login capacity"); log_error("WARNING! Captive portal has reached maximum login capacity"); - if ($captiveshouldunlock == true) - unlock($cplock); exit; } @@ -367,13 +361,10 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } - if ($attributes['voucher'] && $remaining_time <= 0) { - unlock($cplock); + if ($attributes['voucher'] && $remaining_time <= 0) return 0; // voucher already used and no time left - } if (!isset($sessionid)) { - /* generate unique session ID */ $tod = gettimeofday(); $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16); @@ -405,7 +396,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp"); $writecfg = true; } else { - if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { $bw_up_pipeno = $ruleno + 20000; //$bw_up /= 1000; // Scale to Kbit/s @@ -448,7 +438,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { $acct_val = RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac); - if ($acct_val == 1) captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); } @@ -458,9 +447,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } - if ($captiveshouldunlock == true) - unlock($cplock); - if ($writecfg == true) write_config(); @@ -502,13 +488,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* remove a single client by session ID - by Dinesh Nair + * by Dinesh Nair */ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) { - global $g, $config; - $cplock = lock('captiveportal'); /* read database */ $cpdb = captiveportal_read_db(); @@ -527,8 +511,6 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1 /* write database */ captiveportal_write_db($cpdb); - - unlock($cplock); } /* @@ -555,8 +537,6 @@ function portal_consume_passthrough_credit($clientmac) { $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']); - $cplock = lock('captiveportal'); - /* * Read database of used MACs. Lines are a comma-separated list * of the time, MAC, then the count of pass-through credits remaining. @@ -578,7 +558,6 @@ function portal_consume_passthrough_credit($clientmac) { captiveportal_write_usedmacs_db($usedmacs); } - unlock($cplock); return false; } else { $usedmac[2] -= 1; @@ -600,13 +579,13 @@ function portal_consume_passthrough_credit($clientmac) { } captiveportal_write_usedmacs_db($usedmacs); - unlock($cplock); return true; } function captiveportal_read_usedmacs_db() { global $g; + $cpumaclck = lock('captiveusedmacs'); if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) { $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if (!usedmacs) @@ -614,13 +593,16 @@ function captiveportal_read_usedmacs_db() { } else $usedmacs = array(); + unlock($cpumaclck); return $usedmacs; } function captiveportal_write_usedmacs_db($usedmacs) { global $g; - file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); + $cpumaclck = lock('captiveusedmacs', LOCK_EX); + @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs)); + unlock($cpumaclck); } ?> diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index f57757a..67bb523 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -126,7 +126,7 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, // Default attributes $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $racct->putAttribute(RADIUS_NAS_PORT, $nas_port); + $racct->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); // Extra data to identify the client and nas diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 1f7e2b5..142ab0e 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -103,7 +103,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli // Default attributes $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); - $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port); + $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port, 'integer'); // Extra data to identify the client and nas $rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr); diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index 19db7e7..075a919 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -117,7 +117,7 @@ <type>checkbox</type> </field> <field> - <fielddescr>Synchronize nat</fielddescr> + <fielddescr>Synchronize NAT</fielddescr> <fieldname>synchronizenat</fieldname> <description>When this option is enabled, this system will automatically sync the NAT rules over to the other CARP host when changes are made.</description> <type>checkbox</type> diff --git a/usr/local/pkg/routed.inc b/usr/local/pkg/routed.inc index 2d4f6d1..4d1b1d8 100644 --- a/usr/local/pkg/routed.inc +++ b/usr/local/pkg/routed.inc @@ -39,29 +39,20 @@ function setup_routed() { if (isset($config['installedpackages']['routed']['config'][0]['enable']) && $config['installedpackages']['routed']['config'][0]['enable'] == "on") { /* if user selected individual interfaces */ - $ifdescrs = get_configured_interface_with_descr(); $ifarr = explode(",", $config['installedpackages']['routed']['config'][0]['iface_array']); - if (count($ifarr) != 0) { - foreach($ifdescrs as $ifdescr => $ifname) { - if (in_array($ifname, $ifarr)) { - $gw .= setup_etc_gateways($ifdescr, 'enable'); - } else { - $gw .= setup_etc_gateways($ifdescr, 'disable'); - } + if (!empty($ifarr)) { + foreach($ifarr as $ifname) { + $gw .= setup_etc_gateways($ifname, 'enable'); } - } else { + } else /* setup for all interfaces */ $gw = setup_etc_gateways(); - } conf_mount_rw(); - $fd = fopen("/etc/gateways", "w"); - fwrite($fd, $gw); - fclose($fd); + file_put_contents("/etc/gateways", $gw); conf_mount_ro(); restart_routed(); - } else { + } else stop_routed(); - } } function setup_etc_gateways($iface="", $mode="") { @@ -70,7 +61,7 @@ function setup_etc_gateways($iface="", $mode="") { $ret = ""; if ($iface != "") { $realif=convert_friendly_interface_to_real_interface_name($iface); - if ($realif) + if (!empty($realif)) $ret = "if={$realif} "; } @@ -98,12 +89,11 @@ function setup_etc_gateways($iface="", $mode="") { } function start_routed() { - mwexec("/sbin/routed"); + mwexec_bg("/sbin/routed"); } function stop_routed() { - if(isvalidproc("routed")) - mwexec("killall routed"); + killbyname("routed"); } function restart_routed() { diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index 2d5d006..f962ac2 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -7,5 +7,5 @@ /bin/echo $4 > /tmp/$1_router /usr/bin/touch /tmp/$1up # reload filter -/usr/local/sbin/pfSctl -c 'filter reload' +/usr/local/sbin/pfSctl -c "interface newip $1" exit 0 diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index dd156c4..a9c0f32 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -18,5 +18,6 @@ fi /bin/echo $3 > /tmp/$1_ip /usr/bin/touch /tmp/$1up /usr/local/sbin/pfSctl -c 'service reload dns' +/bin/sleep 1 /usr/local/sbin/pfSctl -c "interface newip $1" exit 0 diff --git a/usr/local/www/csrf/csrf-magic.php b/usr/local/www/csrf/csrf-magic.php index 447ecc9..ccb1617 100644 --- a/usr/local/www/csrf/csrf-magic.php +++ b/usr/local/www/csrf/csrf-magic.php @@ -244,7 +244,7 @@ function csrf_get_tokens() { */
function csrf_callback($tokens) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
- echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Please enable cookies.<br />Debug: ".$tokens."</body></html>
+ echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Either your session has expired, this page has been inactive too long, or you need to enable cookies.<br />Debug: ".$tokens."</body></html>
";
}
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 410fb0b..6ff65fe 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -451,6 +451,13 @@ if ($_POST) { header("Location: interfaces_assign.php"); exit; } + if (is_interface_vlan_mismatch() == true) { + touch("/var/run/interface_mismatch_reboot_needed"); + clear_subsystem_dirty("restore"); + convert_config(); + header("Location: interfaces_assign.php"); + exit; + } } else { $input_errors[] = gettext("The configuration could not be restored."); } diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index 025a7a3..5fb94cf 100755 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -155,13 +155,13 @@ include("head.inc"); $dststr = $filterent['dstip'] . get_port_with_service($filterent['dstport'], $proto); ?> <td class="listr" nowrap> - <a href="diag_dns.php?host=<?php echo $filterent['srcip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/nervecenter/images/icons/icon_log.gif"></a> - <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/nervecenter/images/icons/icon_block_add.gif"></a> + <a href="diag_dns.php?host=<?php echo $filterent['srcip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a> + <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif"></a> <?php echo $srcstr;?> </td> <td class="listr" nowrap> - <a href="diag_dns.php?host=<?php echo $filterent['dstip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/nervecenter/images/icons/icon_log.gif"></a> - <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/nervecenter/images/icons/icon_pass_add.gif"></a> + <a href="diag_dns.php?host=<?php echo $filterent['dstip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a> + <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif"></a> <?php echo $dststr;?> </td> <?php diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 516956c..736b362 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -284,7 +284,7 @@ if ($_POST) { if (!$input_errors) { $alias['address'] = is_array($address) ? implode(" ", $address) : $address; - $alias['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $alias['descr'] = $_POST['descr']; $alias['type'] = $_POST['type']; $alias['detail'] = implode("||", $final_address_details); @@ -333,7 +333,6 @@ if ($_POST) { $a_aliases = msort($a_aliases, "name"); write_config(); - filter_configure(); header("Location: firewall_aliases.php"); exit; @@ -342,7 +341,7 @@ if ($_POST) { else { $pconfig['name'] = $_POST['name']; - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['descr'] = $_POST['descr']; $pconfig['address'] = implode(" ", $address); $pconfig['type'] = $_POST['type']; $pconfig['detail'] = implode("||", $final_address_details); @@ -583,7 +582,7 @@ EOD; <option value="host" <?php if ($pconfig['type'] == "host") echo "selected"; ?>><?=gettext("Host(s)"); ?></option> <option value="network" <?php if ($pconfig['type'] == "network") echo "selected"; ?>><?=gettext("Network(s)"); ?></option> <option value="port" <?php if ($pconfig['type'] == "port") echo "selected"; ?>><?=gettext("Port(s)"); ?></option> - <option value="openvpn" <?php if ($pconfig['type'] == "openvpn") echo "selected"; ?>><?=gettext("OpenVPN Users"); ?></option> +<!-- <option value="openvpn" <?php if ($pconfig['type'] == "openvpn") echo "selected"; ?>><?=gettext("OpenVPN Users"); ?></option> --> <option value="url" <?php if ($pconfig['type'] == "url") echo "selected"; ?>><?=gettext("URL");?></option> <option value="urltable" <?php if ($pconfig['type'] == "urltable") echo "selected"; ?>><?=gettext("URL Table"); ?></option> </select> diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index e768334..06da39d 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -191,12 +191,12 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td width="3%" class="list"> </td> <td width="5%" class="listhdrr"><?=gettext("If");?></td> <td width="5%" class="listhdrr"><?=gettext("Proto");?></td> - <td width="11%" class="listhdrr"><?=gettext("Src. addr");?></td> - <td width="11%" class="listhdrr"><?=gettext("Src. ports");?></td> - <td width="11%" class="listhdrr"><?=gettext("Dest. addr");?></td> - <td width="11%" class="listhdrr"><?=gettext("Dest. ports");?></td> - <td width="11%" class="listhdrr"><?=gettext("NAT IP");?></td> - <td width="11%" class="listhdrr"><?=gettext("NAT Ports");?></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("Src. addr");?></nobr></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("Src. ports");?></nobr></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("Dest. addr");?></nobr></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("Dest. ports");?></nobr></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("NAT IP");?></nobr></td> + <td width="11%" class="listhdrr"><nobr><?=gettext("NAT Ports");?></nobr></td> <td width="11%" class="listhdr"><?=gettext("Description");?></td> <td width="5%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 306c811..60f1189 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -102,7 +102,7 @@ include("head.inc"); <tr> <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> <td width="20%" class="listhdrr"><?=gettext("External IP"); ?></td> - <td width="15%" class="listhdrr"><?=gettext("Source IP"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Internal IP"); ?></td> <td width="15%" class="listhdrr"><?=gettext("Destination IP"); ?></td> <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> <td width="10%" class="list"> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 199adef..b6a307a 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -131,22 +131,25 @@ if ($_POST) { $_POST['dsttype'] = "single"; } - if (($_POST['external'] && !is_ipaddroralias($_POST['external']))) + /* For external, user can enter only ip's */ + if (($_POST['external'] && !is_ipaddr($_POST['external']))) $input_errors[] = gettext("A valid external subnet must be specified."); - /* if user enters an alias and selects "network" then disallow. */ - if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) - || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) + /* For dst, if user enters an alias and selects "network" then disallow. */ + if ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) $input_errors[] = gettext("You must specify single host or alias for alias entries."); + /* For src, user can enter only ip's or networks */ if (!is_specialnet($_POST['srctype'])) { - if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { - $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); + if (($_POST['src'] && !is_ipaddr($_POST['src']))) { + $input_errors[] = sprintf(gettext("%s is not a valid internal IP address."), $_POST['src']); } if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { - $input_errors[] = gettext("A valid source bit count must be specified."); + $input_errors[] = gettext("A valid internal bit count must be specified."); } } + + /* For dst, user can enter ip's, networks or aliases */ if (!is_specialnet($_POST['dsttype'])) { if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); @@ -309,12 +312,12 @@ function typesel_change() { <td width="78%" class="vtable"> <input name="external" type="text" class="formfldalias" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>"> <br/> - <span class="vexpl"><?=gettext("Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. The subnet mask from the source address below will be applied to this IP address."); ?><br> + <span class="vexpl"><?=gettext("Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. The subnet mask from the internal address below will be applied to this IP address."); ?><br> <?=gettext("Hint: this is generally an address owned by the router itself on the selected interface."); ?></span> </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IP"); ?></td> <td width="78%" class="vtable"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> <strong><?=gettext("not"); ?></strong> @@ -330,7 +333,7 @@ function typesel_change() { <?php $sel = is_specialnet($pconfig['src']); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option> - <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host"); ?></option> + <option value="single" <?php if ((($pconfig['srcmask'] == 32) || !isset($pconfig['srcmask'])) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host"); ?></option> <option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option> <?php if(have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option> @@ -481,9 +484,7 @@ if($config['aliases']['alias'] <> "") <!-- var addressarray=new Array(<?php echo $aliasesaddr; ?>); - var oTextbox1 = new AutoSuggestControl(document.getElementById("external"), new StateSuggestions(addressarray)); - var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); - var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); + var oTextbox1 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index bf72f2c..e27d55e 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -392,6 +392,8 @@ include("head.inc"); <?php if (!$natent['target']) echo "*"; + elseif ($natent['target'] == "other-subnet") + echo $natent['targetip'] . '/' . $natent['targetip_subnet']; else echo $natent['target']; ?> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index e00994b..f03bded 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -54,6 +54,10 @@ if (!is_array($config['nat']['advancedoutbound']['rule'])) { $a_out = &$config['nat']['advancedoutbound']['rule']; +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = &$config['aliases']['alias']; + $id = $_GET['id']; if (isset($_POST['id'])) { $id = $_POST['id']; @@ -75,6 +79,9 @@ if (isset($id) && $a_out[$id]) { $pconfig['dstport'] = $a_out[$id]['dstport']; $pconfig['natport'] = $a_out[$id]['natport']; $pconfig['target'] = $a_out[$id]['target']; + $pconfig['targetip'] = $a_out[$id]['targetip']; + $pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet']; + $pconfig['poolopts'] = $a_out[$id]['poolopts']; $pconfig['interface'] = $a_out[$id]['interface']; if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; @@ -149,10 +156,32 @@ if ($_POST) { } } - if ($_POST['target'] && !is_ipaddr($_POST['target']) && !isset($_POST['nonat'])) { + if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) { $input_errors[] = gettext("A valid target IP address must be specified."); } + if ($_POST['target'] == "other-subnet") { + if (!is_ipaddr($_POST['targetip'])) { + $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type."); + } + if (!is_numericint($_POST['targetip_subnet'])) { + $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type."); + } + } + + /* Verify Pool Options */ + $poolopts = ""; + if ($_POST['poolopts']) { + if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) + $poolopts = $_POST['poolopts']; + elseif (is_alias($_POST['target'])) { + if (substr($_POST['poolopts'], 0, 11) == "round-robin") + $poolopts = $_POST['poolopts']; + else + $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); + } + } + /* if user has selected any as source, set it here */ if($_POST['source_type'] == "any") { $osn = "any"; @@ -183,7 +212,10 @@ if ($_POST) { $natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : ""; $natent['descr'] = $_POST['descr']; $natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : ""; + $natent['targetip'] = (!isset($_POST['nonat'])) ? $_POST['targetip'] : ""; + $natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : ""; $natent['interface'] = $_POST['interface']; + $natent['poolopts'] = $poolopts; /* static-port */ if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { @@ -320,6 +352,24 @@ function proto_change() { document.getElementById("tportstatic_tr").style.display = 'none'; } } +function poolopts_change() { + if ($('target').options[$('target').selectedIndex].text.substring(0,4) == "Host") { + $('poolopts_tr').style.display = ''; + $('target_network').style.display = 'none'; + } else if ($('target').options[$('target').selectedIndex].text.substring(0,6) == "Subnet") { + $('poolopts_tr').style.display = ''; + $('target_network').style.display = 'none'; + } else if ($('target').options[$('target').selectedIndex].text.substring(0,5) == "Other") { + $('poolopts_tr').style.display = ''; + $('target_network').style.display = ''; + } else { + $('poolopts').selectedIndex = 0; + $('poolopts_tr').style.display = 'none'; + $('target_network').style.display = 'none'; + $('targetip').value = ''; + $('targetip_subnet').value = '0'; + } +} //--> </script> </head> @@ -467,7 +517,7 @@ any)");?></td> <table border="0" cellspacing="1" cellpadding="1"> <tr> <td><?=gettext("Address:");?> </td> - <td><select name="target" class="formselect"> + <td><select name="target" class="formselect" id="target" onChange="poolopts_change();"> <option value=""<?php if (!$pconfig['target']) echo " selected"; ?>><?=gettext("Interface address");?></option> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): @@ -476,9 +526,9 @@ any)");?></td> if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); - $len = $end - $start; - - for ($i = 0; $i <= $len; $i++): + $len = $end - $start; ?> + <option value="<?=$sn['subnet'].'/'.$sn['subnet_bits'];?>" <?php if ($sn['subnet'].'/'.$sn['subnet_bits'] == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");?></option> + <?php for ($i = 0; $i <= $len; $i++): $snip = long2ip32($start+$i); ?> <option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> @@ -487,18 +537,57 @@ any)");?></td> <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> <?php endif; endforeach; endif; -?> + foreach ($a_aliases as $alias): + if ($alias['type'] != "host") + continue; ?> + <option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?></option> +<?php endforeach; ?> + <option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected"; ?>><?=gettext("Other Subnet (Enter Below)");?></option> <option value=""<?php if($pconfig['target'] == "any") echo " selected"; ?>><?=gettext("any");?></option> </select> </td> </tr> + + <tr id="target_network"> + <td><?=gettext("Other Subnet:");?> </td> + <td> + <input name="targetip" type="text" class="formfld unknown" id="targetip" size="20" value="<?=htmlspecialchars($pconfig['targetip']);?>">/<select name="targetip_subnet" class="formfld" id="targetip_subnet"> +<?php for ($i = 32; $i >= 0; $i--): ?> + <option value="<?=$i;?>"<?php if ($i == $pconfig['targetip_subnet']) echo " selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + <tr><td> </td><td> <span class="vexpl"><?=gettext("Packets matching this rule will be mapped to the IP address given here.");?><br> <?=gettext("If you want this rule to apply to another IP address than the IP address of the interface chosen above, ". "select it here (you need to define");?> <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP");?></a> <?=gettext("addresses on the first).");?> <?=gettext("Also note that if you are trying to redirect connections on the LAN select the \"any\" option.");?> - </span> + </span><br/> </td></tr> + <tr id="poolopts_tr"> + <td valign="top">Pool Options</td> + <td> + <select name="poolopts" id="poolopts"> + <option value="" <?php if ($pconfig['poolopts'] == "" ) echo "selected"; ?>><?=htmlspecialchars("Default" );?></option> + <option value="round-robin" <?php if ($pconfig['poolopts'] == "round-robin" ) echo "selected"; ?>><?=htmlspecialchars("Round Robin" );?></option> + <option value="round-robin sticky-address" <?php if ($pconfig['poolopts'] == "round-robin sticky-address") echo "selected"; ?>><?=htmlspecialchars("Round Robin with Sticky Address");?></option> + <option value="random" <?php if ($pconfig['poolopts'] == "random" ) echo "selected"; ?>><?=htmlspecialchars("Random" );?></option> + <option value="random sticky-address" <?php if ($pconfig['poolopts'] == "random sticky-address" ) echo "selected"; ?>><?=htmlspecialchars("Random with Sticky Address" );?></option> + <option value="source-hash" <?php if ($pconfig['poolopts'] == "source-hash" ) echo "selected"; ?>><?=htmlspecialchars("Source Hash" );?></option> + <option value="bitmask" <?php if ($pconfig['poolopts'] == "bitmask" ) echo "selected"; ?>><?=htmlspecialchars("Bitmask" );?></option> + </select><br/> + <span class="vexpl"> + <?=gettext("Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.");?><br/> + * <?=gettext("Round Robin: Loops through the translation addresses.");?><br/> + * <?=gettext("Random: Selects an address from the translation address pool at random.");?><br/> + * <?=gettext("Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.");?><br/> + * <?=gettext("Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> x.x.x.50.");?><br/> + * <?=gettext("Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.");?><br/> + </span><br/> + </td> + </tr> <tr name="tport_tr" id="tport_tr"> <td><?=gettext("Port:");?> </td> <td><input name="natport" type="text" class="formfld unknown" id="natport" size="5" value="<?=htmlspecialchars($pconfig['natport']);?>"></td> @@ -545,6 +634,7 @@ typesel_change(); staticportchange(); nonat_change(); proto_change(); +poolopts_change(); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 1c625c6..83b444c 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -750,7 +750,7 @@ include("head.inc"); <td width="78%" class="vtable"> <select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()"> <?php - $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync"); + $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync"); foreach ($protocols as $proto): ?> <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option> <?php endforeach; ?> @@ -1261,7 +1261,7 @@ include("head.inc"); } ?> </select> - <p><strong><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></strong></p> + <p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p> </div> </td> </tr> diff --git a/usr/local/www/help.php b/usr/local/www/help.php index f7df5c9..59cc905 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -302,6 +302,7 @@ $helppages = array( 'siproxdusers.xml' => 'http://doc.pfsense.org/index.php/Siproxd_package', 'open-vm-tools.xml' => 'http://doc.pfsense.org/index.php/Open_VM_Tools_package', 'arping.xml' => 'http://doc.pfsense.org/index.php/Arping_package', + 'unbound.xml' => 'http://doc.pfsense.org/index.php/Unbound_package', ); diff --git a/usr/local/www/index.php b/usr/local/www/index.php index 3bb68cf..c1fdc26 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -42,6 +42,9 @@ ##|*MATCH=index.php* ##|-PRIV +// Turn off csrf for the dashboard +$nocsrf = true; + // Turn on buffering to speed up rendering ini_set('output_buffering','true'); @@ -107,14 +110,15 @@ if (!is_array($config['widgets'])) { ## User recently restored his config. ## If packages are installed lets resync if(file_exists('/conf/needs_package_sync')) { - if($config['installedpackages'] <> '') { - conf_mount_rw(); - @unlink('/conf/needs_package_sync'); - conf_mount_ro(); + if($config['installedpackages'] <> '' && is_array($config['installedpackages']['package'])) { if($g['platform'] == "pfSense" || $g['platform'] == "nanobsd") { header('Location: pkg_mgr_install.php?mode=reinstallall'); exit; } + } else { + conf_mount_rw(); + @unlink('/conf/needs_package_sync'); + conf_mount_ro(); } } diff --git a/usr/local/www/installer/installer.php b/usr/local/www/installer/installer.php index 508a1dc..fdb682a 100644 --- a/usr/local/www/installer/installer.php +++ b/usr/local/www/installer/installer.php @@ -1,6 +1,6 @@ <?php /* - installer.php (pfSense installer) + installer.php (pfSense webInstaller) part of pfSense (http://www.pfsense.com/) Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. @@ -54,18 +54,58 @@ switch ($_REQUEST['state']) { case "verify_before_install": verify_before_install(); exit; + case "easy_install_ufs": + easy_install("UFS+S"); + exit; + case "easy_install_ufs": + easy_install("ZFS"); + exit; + default: installer_main(); } +function easy_install($fstype = "UFS+S") { + // Calculate swap and disk sizes + $disks = installer_find_all_disks(); + $memory = get_memory(); + $swap_size = $memory[0] * 2; + $first_disk = trim(installer_find_first_disk()); + $disk_info = pcsysinstall_get_disk_info($first_disk); + $size = $disk_info['size']; + $first_disk_size = $size - $swap_size; + $disk_setup = array(); + $tmp_array = array(); + // Build the disk layout for / + $tmp_array['disk'] = $first_disk; + $tmp_array['size'] = $first_disk_size; + $tmp_array['mountpoint'] = "/"; + $tmp_array['fstype'] = $fstype; + $disk_setup[] = $tmp_array; + unset($tmp_array); + $tmp_array = array(); + // Build the disk layout for SWAP + $tmp_array['disk'] = $first_disk; + $tmp_array['size'] = $swap_size; + $tmp_array['mountpoint'] = "none"; + $tmp_array['fstype'] = "SWAP"; + $disk_setup[] = $tmp_array; + unset($tmp_array); + $bootmanager = "bsd"; + file_put_contents("/tmp/webInstaller_disk_layout.txt", serialize($disk_setup)); + file_put_contents("/tmp/webInstaller_disk_bootmanager.txt", serialize($bootmanager)); + Header("Location: installer.php?state=verify_before_install"); + exit; +} + function write_out_pc_sysinstaller_config($disks, $bootmanager = "bsd") { $diskareas = ""; $fd = fopen("/usr/sbin/pc-sysinstall/examples/pfSense-install.cfg", "w"); - if(!$fd) { + if(!$fd) return true; - } if($bootmanager == "") $bootmanager = "none"; + // Yes, -1. We ++ early in loop. $numdisks = -1; $lastdisk = ""; $diskdefs = ""; @@ -78,7 +118,11 @@ function write_out_pc_sysinstaller_config($disks, $bootmanager = "bsd") { if($disk <> $lastdisk) { $lastdisk = $disk; $numdisks++; + $diskdefs .= "# disk {$disk}\n"; $diskdefs .= "disk{$numdisks}={$disk}\n"; + $diskdefs .= "partition=all\n"; + $diskdefs .= "bootManager={$bootmanager}\n"; + $diskdefs .= "commitDiskPart\n\n"; } $diskareas .= "disk{$numdisks}-part={$fstype} {$size} {$mountpoint} \n"; if($encpass) @@ -96,9 +140,6 @@ installMedium=LiveCD # Set the disk parameters {$diskdefs} -partition=all -bootManager={$bootmanager} -commitDiskPart # Setup the disk label # All sizes are expressed in MB @@ -177,6 +218,7 @@ function pcsysinstall_get_disk_info($diskname) { if($di_s[0]) $tmp_array[$di_s[0]] = $di_s[1]; } + $tmp_array['size']--; $tmp_array['disk'] = trim($disks_info[0]); $tmp_array['desc'] = trim(htmlentities($disks_info[1])); return $tmp_array; @@ -200,6 +242,7 @@ function installer_find_all_disks() { if($di_s[0]) $tmp_array[$di_s[0]] = $di_s[1]; } + $tmp_array['size']--; $tmp_array['disk'] = trim($disks_info[0]); $tmp_array['desc'] = trim(htmlentities($disks_info[1])); $disks_array[] = $tmp_array; @@ -306,7 +349,7 @@ function update_installer_status_win($status) { global $g, $fstype, $savemsg; echo "<script type=\"text/javascript\">\n"; echo " \$('installeroutput').value = '" . str_replace(htmlentities($status), "\n", "") . "';\n"; - echo "</script>"; + echo "</script>\n"; } function begin_install() { @@ -449,13 +492,14 @@ function verify_before_install() { $bootmanager = unserialize(file_get_contents("/tmp/webInstaller_disk_bootmanager.txt")); $restored_layout_from_file = true; $restored_layout_txt = "The previous disk layout was restored from disk"; + } else { + $disks = array(); } if(!$bootmanager) $bootmanager = $_REQUEST['bootmanager']; echo "\n<!--" . print_r($_REQUEST, true) . " -->\n"; $disk = pcsysinstall_get_disk_info(htmlspecialchars($_REQUEST['disk'])); $disksize = format_bytes($disk['size'] * 1048576); - $disks = array(); // Loop through posted items and create an array for($x=0; $x<99; $x++) { // XXX: Make this more optimal if(!$_REQUEST['fstype' . $x]) @@ -588,6 +632,7 @@ EOFAMBASDF; page_table_end(); end_html(); write_out_pc_sysinstaller_config($disks, $bootmanager); + // Serialize layout to disk so it can be read in later. file_put_contents("/tmp/webInstaller_disk_layout.txt", serialize($disks)); file_put_contents("/tmp/webInstaller_disk_bootmanager.txt", serialize($bootmanager)); } @@ -705,16 +750,32 @@ function installer_custom() { global $select_txt, $custom_disks; if(file_exists("/tmp/.pc-sysinstall/pc-sysinstall.log")) unlink("/tmp/.pc-sysinstall/pc-sysinstall.log"); + $disks = installer_find_all_disks(); + // Pass size of disks down to javascript. + $disk_sizes_js_txt = "var disk_sizes = new Array();\n"; + foreach($disks as $disk) + $disk_sizes_js_txt .= "disk_sizes['{$disk['disk']}'] = '{$disk['size']}';\n"; head_html(); body_html(); page_table_start($g['product_name'] . " installer - Customize disk(s) layout"); echo <<<EOF <script type="text/javascript"> + Array.prototype.in_array = function(p_val) { + for(var i = 0, l = this.length; i < l; i++) { + if(this[i] == p_val) { + return true; + } + } + return false; + } function row_helper_dynamic_custom() { var totalsize = 0; + {$disk_sizes_js_txt} // Run through all rows and process data for(var x = 0; x<99; x++) { //optimize me better if(\$('fstype' + x)) { + if(\$('size' + x).value == '') + \$('size' + x).value = disk_sizes[\$('disk' + x).value]; var fstype = \$F('fstype' + x); if(fstype.substring(fstype.length - 4) == ".eli") { \$('encpass' + x).disabled = 0; @@ -741,6 +802,52 @@ function installer_custom() { } \$('totalsize').disabled = 1; } + if(\$('disktotals')) { + var disks_seen = new Array(); + var tmp_sizedisks = 0; + var disksseen = 0; + for(var xx = 0; xx<99; xx++) { + if(\$('disk' + xx)) { + if(!disks_seen.in_array(\$('disk' + xx).value)) { + tmp_sizedisks += parseInt(disk_sizes[\$('disk' + xx).value]); + disks_seen[disksseen] = \$('disk' + xx).value; + disksseen++; + } + } + \$('disktotals').value = tmp_sizedisks; + \$('disktotals').disabled = 1; + \$('disktotals').setStyle({color:'#000000'}); + var remaining = parseInt(\$('disktotals').value) - parseInt(\$('totalsize').value); + if(remaining == 0) { + if(\$('totalsize')) + \$('totalsize').setStyle({ + background:'#00FF00', + color:'#000000' + }); + } else { + if(\$('totalsize')) + \$('totalsize').setStyle({ + background:'#FFFFFF', + color:'#000000' + }); + } + if(parseInt(\$('totalsize').value) > parseInt(\$('disktotals').value)) { + if(\$('totalsize')) + \$('totalsize').setStyle({ + background:'#FF0000', + color:'#000000' + }); + } + if(\$('availalloc')) { + \$('availalloc').disabled = 1; + \$('availalloc').value = remaining; + \$('availalloc').setStyle({ + background:'#FFFFFF', + color:'#000000' + }); + } + } + } } </script> <script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script> @@ -765,8 +872,9 @@ function installer_custom() { rows = 1; totalrows = 1; loaded = 1; - rowhelper_onChange = " onChange='javascript:row_helper_dynamic_custom()' "; - rowhelper_onAdd = 'row_helper_dynamic_custom();'; + rowhelper_onChange = " onChange='javascript:row_helper_dynamic_custom()' "; + rowhelper_onDelete = "row_helper_dynamic_custom(); "; + rowhelper_onAdd = "row_helper_dynamic_custom();"; </script> <form action="installer.php" method="post"> <input type="hidden" name="state" value="verify_before_install"> @@ -797,14 +905,13 @@ function installer_custom() { </div> EOF; ob_flush(); - $disks = installer_find_all_disks(); + // Read bootmanager setting from disk if found if(file_exists("/tmp/webInstaller_disk_bootmanager.txt")) $bootmanager = unserialize(file_get_contents("/tmp/webInstaller_disk_bootmanager.txt")); if($bootmanager == "none") $noneselected = " SELECTED"; if($bootmanager == "bsd") $bsdeselected = " SELECTED"; - if(!$disks) { $custom_txt = gettext("ERROR: Could not find any suitable disks for installation."); } else { @@ -861,8 +968,6 @@ EOF; $disk_info = pcsysinstall_get_disk_info($first_disk); $size = $disk_info['size']; $first_disk_size = $size - $swap_size; - // Decreate by 1 megabyte as some disks will fail - $first_disk_size--; // Debugging echo "\n\n<!-- $first_disk - " . print_r($disk_info, true) . " - $size - $first_disk_size -->\n\n"; @@ -883,14 +988,26 @@ EOF; } } else { // Construct the default rows that outline the disks configuration. - $custom_txt .= return_rowhelper_row("0", "/", "UFS", $first_disk, "{$first_disk_size}", ""); + $custom_txt .= return_rowhelper_row("0", "/", "UFS+S", $first_disk, "{$first_disk_size}", ""); $custom_txt .= return_rowhelper_row("1", "none", "SWAP", $first_disk, "$swap_size", ""); } // tfoot and tbody are used by rowhelper $custom_txt .= "</tr>"; $custom_txt .= "<tfoot></tfoot></tbody>"; - $custom_txt .= "<tr><td></td><td></td><td align='right'>Total allocated:</td><td><input size=\"8\" id='totalsize' name='totalsize'></td></tr>"; + // Total allocation box + $custom_txt .= "<tr><td></td><td></td><td align='right'>Total allocated:</td><td><input style='border:0px; background-color: #FFFFFF;' size='8' id='totalsize' name='totalsize'></td>"; + // Add row button + $custom_txt .= "</td><td> </td><td>"; + $custom_txt .= "<div id=\"addrowbutton\">"; + $custom_txt .= "<a onclick=\"javascript:addRowTo('maintable', 'formfldalias'); return false;\" href=\"#\">"; + $custom_txt .= "<img border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" alt=\"\" title=\"add another entry\" /></a>"; + $custom_txt .= "</div>"; + $custom_txt .= "</td></tr>"; + // Disk capacity box + $custom_txt .= "<tr><td></td><td></td><td align='right'>Disk(s) capacity total:</td><td><input style='border:0px; background-color: #FFFFFF;' size='8' id='disktotals' name='disktotals'></td></tr>"; + // Remaining allocation box + $custom_txt .= "<tr><td></td><td></td><td align='right'>Available space for allocation:</td><td><input style='border:0px; background-color: #FFFFFF;' size='8' id='availalloc' name='availalloc'></td></tr>"; $custom_txt .= "</table>"; $custom_txt .= "<script type=\"text/javascript\">row_helper_dynamic_custom();</script>"; } @@ -928,9 +1045,7 @@ EOF; </strong> </span> <br/>* Sizes are in megabytes. - <br/>* Encryption password field should only be used if a encrypted filesystem (.eli) was chosen <br/>* Mount points named /conf are not allowed. Use /cf if you want to make a configuration slice/mount. - <br/>* Leave at least one megabyte unallocated to avoid errors {$restored_layout_txt} </span> </strong> @@ -961,8 +1076,8 @@ function installer_main() { body_html(); $disk = installer_find_first_disk(); // Only enable ZFS if this exists. The install will fail otherwise. - // if(file_exists("/boot/gptzfsboot")) - // $zfs_enabled = "<tr bgcolor=\"#9A9A9A\"><td align=\"center\"><a href=\"installer.php?state=verify_before_install&fstype0=ZFS&size=200M\">Easy installation of {$g['product_name']} using the ZFS filesystem on disk {$disk}</a></td></tr>"; + if(file_exists("/boot/gptzfsboot")) + $zfs_enabled = "<tr bgcolor=\"#9A9A9A\"><td align=\"center\"><a href=\"installer.php?state=easy_install_zfs\">Easy installation of {$g['product_name']} using the ZFS filesystem on disk {$disk}</a></td></tr>"; page_table_start(); echo <<<EOF <form action="installer.php" method="post" state="step1_post"> @@ -995,9 +1110,7 @@ EOF; <table cellspacing="5" cellpadding="5" style="border: 1px dashed;"> <tr bgcolor="#CECECE"><td align="center"> -<!-- - <a href="installer.php?state=verify_before_install&disk={$disk}&fstype=UFS&swapsize=200M">Easy installation of {$g['product_name']} using the UFS filesystem on disk {$disk}</a> ---> + <a href="installer.php?state=easy_install_ufs">Easy installation of {$g['product_name']} using the UFS filesystem on disk {$disk}</a> </td></tr> {$zfs_enabled} <tr bgcolor="#AAAAAA"><td align="center"> @@ -1089,14 +1202,8 @@ function return_rowhelper_row($rownum, $mountpoint, $fstype, $disk, $size, $encp $custom_txt .= "</td>"; // Add Rowhelper + button - if($rownum == 1) { - $custom_txt .= "<td>"; - $custom_txt .= "<div id=\"addrowbutton\">"; - $custom_txt .= "<a onclick=\"javascript:addRowTo('maintable', 'formfldalias'); return false;\" href=\"#\">"; - $custom_txt .= "<img border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" alt=\"\" title=\"add another entry\" /></a>"; - $custom_txt .= "</div>"; - $custom_txt .= "</td>"; - } + if($rownum > 0) + $custom_txt .= "<td><a onclick=\"removeRow(this); return false;\" href=\"#\"><img border=\"0\" src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" alt=\"\" title=\"remove this entry\"/></a></td>"; $custom_txt .= "</tr>"; return $custom_txt; diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index b09690a..da729ae 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -836,15 +836,15 @@ function handle_wireless_post() { $config['wireless']['interfaces'][$wlanbaseif] = array(); } else if (isset($config['wireless']['interfaces'][$wlanbaseif])) unset($config['wireless']['interfaces'][$wlanbaseif]); - if (isset($_POST['diversity']) && $_POST['diversity'] != "") + if (isset($_POST['diversity']) && is_numeric($_POST['diversity'])) $wancfg['wireless']['diversity'] = $_POST['diversity']; else if (isset($wancfg['wireless']['diversity'])) unset($wancfg['wireless']['diversity']); - if (isset($_POST['txantenna']) && $_POST['txantenna'] != "") + if (isset($_POST['txantenna']) && is_numeric($_POST['txantenna'])) $wancfg['wireless']['txantenna'] = $_POST['txantenna']; else if (isset($wancfg['wireless']['txantenna'])) unset($wancfg['wireless']['txantenna']); - if (isset($_POST['rxantenna']) && $_POST['rxantenna'] != "") + if (isset($_POST['rxantenna']) && is_numeric($_POST['rxantenna'])) $wancfg['wireless']['rxantenna'] = $_POST['rxantenna']; else if (isset($wancfg['wireless']['rxantenna'])) unset($wancfg['wireless']['rxantenna']); @@ -1866,9 +1866,9 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <td> <?=gettext("Diversity"); ?><br/> <select name="diversity" class="formselect" id="diversity"> - <option <?php if (empty($pconfig['diversity'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> - <option <?php if ($pconfig['diversity'] == '0') echo "selected"; ?> value="0"><?=gettext("Off"); ?></option> - <option <?php if ($pconfig['diversity'] == '1') echo "selected"; ?> value="1"><?=gettext("On"); ?></option> + <option <?php if (!isset($pconfig['diversity'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> + <option <?php if ($pconfig['diversity'] === '0') echo "selected"; ?> value="0"><?=gettext("Off"); ?></option> + <option <?php if ($pconfig['diversity'] === '1') echo "selected"; ?> value="1"><?=gettext("On"); ?></option> </select> </td> <td>  </td> @@ -1877,10 +1877,10 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <td> <?=gettext("Transmit antenna"); ?><br/> <select name="txantenna" class="formselect" id="txantenna"> - <option <?php if (empty($pconfig['txantenna'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> - <option <?php if ($pconfig['txantenna'] == '0') echo "selected"; ?> value="0"><?=gettext("Auto"); ?></option> - <option <?php if ($pconfig['txantenna'] == '1') echo "selected"; ?> value="1"><?=gettext("#1"); ?></option> - <option <?php if ($pconfig['txantenna'] == '2') echo "selected"; ?> value="2"><?=gettext("#2"); ?></option> + <option <?php if (!isset($pconfig['txantenna'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> + <option <?php if ($pconfig['txantenna'] === '0') echo "selected"; ?> value="0"><?=gettext("Auto"); ?></option> + <option <?php if ($pconfig['txantenna'] === '1') echo "selected"; ?> value="1"><?=gettext("#1"); ?></option> + <option <?php if ($pconfig['txantenna'] === '2') echo "selected"; ?> value="2"><?=gettext("#2"); ?></option> </select> </td> <td>  </td> @@ -1889,10 +1889,10 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <td> <?=gettext("Receive antenna"); ?><br/> <select name="rxantenna" class="formselect" id="rxantenna"> - <option <?php if (empty($pconfig['rxantenna'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> - <option <?php if ($pconfig['rxantenna'] == '0') echo "selected"; ?> value="0"><?=gettext("Auto"); ?></option> - <option <?php if ($pconfig['rxantenna'] == '1') echo "selected"; ?> value="1"><?=gettext("#1"); ?></option> - <option <?php if ($pconfig['rxantenna'] == '2') echo "selected"; ?> value="2"><?=gettext("#2"); ?></option> + <option <?php if (!isset($pconfig['rxantenna'])) echo "selected"; ?> value=""><?=gettext("Default"); ?></option> + <option <?php if ($pconfig['rxantenna'] === '0') echo "selected"; ?> value="0"><?=gettext("Auto"); ?></option> + <option <?php if ($pconfig['rxantenna'] === '1') echo "selected"; ?> value="1"><?=gettext("#1"); ?></option> + <option <?php if ($pconfig['rxantenna'] === '2') echo "selected"; ?> value="2"><?=gettext("#2"); ?></option> </select> </td> <?php endif; ?> @@ -2176,7 +2176,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <td class="vtable"> <input name="ieee8021x" type="checkbox" value="yes" class="formfld" id="ieee8021x" <?php if ($pconfig['ieee8021x']) echo "checked";?>> <br/><?=gettext("Setting this option will enable 802.1x authentication."); ?> - <br/><span class="red"><strong><?=gettext("NOTE"); ?>:</strong</span> <?=gettext("this option requires checking the \"Enable WPA box\"."); ?> + <br/><span class="red"><strong><?=gettext("NOTE"); ?>:</strong></span> <?=gettext("this option requires checking the \"Enable WPA box\"."); ?> </td> </tr> <tr> diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 340ee78..3d2cec0 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -191,6 +191,12 @@ if ($_POST['apply']) { } } + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if (does_interface_exist($vlan['if']) == false) + $input_errors[] = "Vlan parent interface {$vlan['if']} does not exist anymore so vlan id {$vlan['tag']} cannot be created please fix the issue before continuing."; + } + } if (!$input_errors) { /* No errors detected, so update the config */ diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index 06d5b94..ec48bc9 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -46,6 +46,10 @@ if (!is_array($config['bridges']['bridged'])) $a_bridges = &$config['bridges']['bridged']; $ifacelist = get_configured_interface_with_descr(); +foreach ($ifacelist as $bif => $bdescr) { + if (substr(get_real_interface($bif), 0, 3) == "gre") + unset($ifacelist[$bif]); +} $id = $_GET['id']; if (isset($_POST['id'])) diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index ee9157a..73cd456 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -111,6 +111,10 @@ if ($_POST) { write_config(); + $confif = convert_real_interface_to_friendly_interface_name($gif['gifif']); + if ($confif <> "") + interface_configure($confif); + header("Location: interfaces_gif.php"); exit; } diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php index c9fa525..d9e19c2 100644 --- a/usr/local/www/interfaces_gre.php +++ b/usr/local/www/interfaces_gre.php @@ -110,7 +110,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_gres as $gre): ?> - <tr ondblclick="document.location='interfaces_vlan_gre.php?id=<?=$i;?>'"> + <tr ondblclick="document.location='interfaces_gre_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($gre['if']));?> </td> diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index ce9f324..ca95369 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -114,6 +114,10 @@ if ($_POST) { write_config(); + $confif = convert_real_interface_to_friendly_interface_name($gre['greif']); + if ($confif <> "") + interface_configure($confif); + header("Location: interfaces_gre.php"); exit; } diff --git a/usr/local/www/interfaces_groups_edit.php b/usr/local/www/interfaces_groups_edit.php index 253be67..2c193f6 100755 --- a/usr/local/www/interfaces_groups_edit.php +++ b/usr/local/www/interfaces_groups_edit.php @@ -93,7 +93,7 @@ if ($_POST) { if (!$input_errors) { $ifgroupentry = array(); $ifgroupentry['members'] = $members; - $ifgroupentry['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $ifgroupentry['descr'] = $_POST['descr']; if (isset($id) && $a_ifgroups[$id] && $_POST['ifname'] != $a_ifgroups[$id]['ifname']) { if (!empty($config['filter']) && is_array($config['filter']['rule'])) { @@ -156,7 +156,7 @@ if ($_POST) { header("Location: interfaces_groups.php"); exit; } else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['descr'] = $_POST['descr']; $pconfig['members'] = $members; } } diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index b30853b..09dbf51 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -69,6 +69,9 @@ if (isset($_POST['id'])) if (isset($id) && $a_laggs[$id]) { $pconfig['laggif'] = $a_laggs[$id]['laggif']; $pconfig['members'] = $a_laggs[$id]['members']; + $laggiflist = explode(",", $a_laggs[$id]['members']); + foreach ($laggiflist as $tmpif) + unset($realifchecklist[get_real_interface($tmpif)]); $pconfig['proto'] = $a_laggs[$id]['proto']; $pconfig['descr'] = $a_laggs[$id]['descr']; } diff --git a/usr/local/www/interfaces_ppps_edit.php b/usr/local/www/interfaces_ppps_edit.php index 46fb414..140b998 100644 --- a/usr/local/www/interfaces_ppps_edit.php +++ b/usr/local/www/interfaces_ppps_edit.php @@ -683,7 +683,7 @@ $types = array("select" => gettext("Select"), "ppp" => "PPP", "pppoe" => "PPPoE" <td valign="top" class="vncell"><?= gettext("Dial On Demand"); ?></td> <td class="vtable"> <input type="checkbox" value="on" id="ondemand" name="ondemand" <?php if (isset($pconfig['ondemand'])) echo "checked"; ?>> <?= gettext("Enable Dial-on-Demand mode"); ?> - <br/> <span class="vexpl"><?= gettext("This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. " . + <br/> <span class="vexpl"><?= gettext("This option causes the interface to operate in dial-on-demand mode. Do NOT enable if you want your link to be always up. " . "The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected."); ?> </span> </td> </tr> @@ -779,7 +779,7 @@ $types = array("select" => gettext("Select"), "ppp" => "PPP", "pppoe" => "PPPoE" <br> <span class="vexpl"><?=gettext("Set ONLY for MLPPP connections.");?> MRRU <?=gettext("will be auto-negotiated by default.");?></span> </td> </tr> - </table + </table> </td> </tr><?php endfor; ?> <tr> diff --git a/usr/local/www/interfaces_qinq_edit.php b/usr/local/www/interfaces_qinq_edit.php index e8b698e..2ffbac9 100755 --- a/usr/local/www/interfaces_qinq_edit.php +++ b/usr/local/www/interfaces_qinq_edit.php @@ -142,7 +142,7 @@ if ($_POST) { if (!$input_errors) { $qinqentry['members'] = $members; - $qinqentry['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $qinqentry['descr'] = $_POST['descr']; $qinqentry['vlanif'] = "{$_POST['if']}_{$_POST['tag']}"; $nmembers = explode(" ", $members); @@ -200,7 +200,7 @@ if ($_POST) { header("Location: interfaces_qinq.php"); exit; } else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['descr'] = $_POST['descr']; $pconfig['tag'] = $_POST['tag']; $pconfig['members'] = $members; } diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index 447722a..ea43508 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -96,6 +96,11 @@ if ($_POST) { } if (!$input_errors) { + if (isset($id) && $a_vlans[$id]) { + if ($a_vlans[$id]['if'] != $_POST['if']) + // Destroy previous vlan + pfSense_interface_destroy($a_vlans[$id]['if']); + } $vlan = array(); $vlan['if'] = $_POST['if']; $vlan['tag'] = $_POST['tag']; diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index b82ed26..3c1ba89 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -80,15 +80,11 @@ include("head.inc"); <tr> <td> <?php - $version = file_get_contents("/etc/version"); - $dash = strpos($version, "."); - $hyphen = strpos($version, "-"); - $major = substr($version, 0, $dash); - $minor = substr($version, $dash + 1, $hyphen - $dash - 1); - $testing_version = substr($version, $hyphen + 1, strlen($version) - $hyphen); + $version = rtrim(file_get_contents("/etc/version")); $tab_array = array(); - $tab_array[] = array($version . gettext("packages"), $requested_version <> "" ? false : true, "pkg_mgr.php"); + $tab_array[] = array(gettext("Available Packages"), $requested_version <> "" ? false : true, "pkg_mgr.php"); +// $tab_array[] = array($version . gettext("packages"), $requested_version <> "" ? false : true, "pkg_mgr.php"); // $tab_array[] = array("Packages for any platform", $requested_version == "none" ? true : false, "pkg_mgr.php?ver=none"); // $tab_array[] = array("Packages with a different version", $requested_version == "other" ? true : false, "pkg_mgr.php?ver=other"); $tab_array[] = array(gettext("Installed Packages"), false, "pkg_mgr_installed.php"); @@ -112,9 +108,6 @@ include("head.inc"); if(!$pkg_info) { echo "<tr><td colspan=\"5\"><center>" . gettext("There are currently no packages available for installation.") . "</td></tr>"; } else { - $installed_pfsense_version = rtrim(file_get_contents("/etc/version")); - $dash = strpos($installed_pfsense_version, "-"); - $installed_pfsense_version = substr($installed_pfsense_version, 0, $dash); $pkgs = array(); $instpkgs = array(); if($config['installedpackages']['package'] != "") @@ -133,30 +126,28 @@ include("head.inc"); if($g['platform'] == "nanobsd") if($index['noembedded']) continue; - $dash = strpos($index['required_version'], "-"); - $index['major_version'] = substr($index['required_version'], 0, $dash); + /* If we are on not on HEAD, and the package wants it, skip */ if ($version <> "HEAD" && $index['required_version'] == "HEAD" && $requested_version <> "other") continue; + /* If there is no required version, and the requested package + version is not 'none', then skip */ if (empty($index['required_version']) && $requested_version <> "none") continue; - if($index['major_version'] > $major && - $requested_version <> "other") - continue; - if(isset($index['major_version']) && - $requested_version == "none") + /* If the requested version is not 'other', and the required version is newer than what we have, skip. */ + if($requested_version <> "other" && + (pfs_version_compare("", $version, $index['required_version']) < 0)) continue; - if($index['major_version'] == $major && - $requested_version == "other") + /* If the requestion version is 'other' and we are on the version requested, skip. */ + if($requested_version == "other" && + (pfs_version_compare("", $version, $index['required_version']) == 0)) continue; - /* Package is for a newer version, lets skip */ - if($installed_pfsense_version < $index['required_version']) + /* Package is only for an older version, lets skip */ + if($index['maximum_version'] && + (pfs_version_compare("", $version, $index['maximum_version']) > 0)) continue; - if($index['maximum_version']) - if($installed_pfsense_version > $index['maximum_version']) - continue; ?> <tr valign="top"> <td class="listlr"> diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 3424621..1abcae6 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -98,9 +98,9 @@ include("head.inc"); </table> <br> <!-- status box --> - <textarea cols="60" rows="1" name="status" id="status" wrap="hard"><?=gettext("Beginning package installation.");?></textarea> + <textarea cols="80" rows="1" name="status" id="status" wrap="hard"><?=gettext("Beginning package installation.");?></textarea> <!-- command output box --> - <textarea cols="60" rows="25" name="output" id="output" wrap="hard"></textarea> + <textarea cols="80" rows="35" name="output" id="output" wrap="hard"></textarea> </center> </td> </tr> @@ -153,7 +153,7 @@ switch($_GET['mode']) { update_output_window($static_output); filter_configure(); } - file_put_contents("/tmp{$_GET['pkg']}.info", $static_output); + file_put_contents("/tmp/{$_GET['pkg']}.info", $static_output); echo "<script type='text/javascript'>document.location=\"pkg_mgr_install.php?mode=installedinfo&pkg={$_GET['pkg']}\";</script>"; break; case "installedinfo": @@ -166,8 +166,6 @@ switch($_GET['mode']) { update_output_window(sprintf(gettext("Could not find %s."), $_GET['pkg'])); break; case "reinstallall": - if ($config['installedpackages']['package']) - exec("rm -rf /var/db/pkg/*"); if (is_array($config['installedpackages']['package'])) foreach($config['installedpackages']['package'] as $package) $todo[] = array('name' => $package['name'], 'version' => $package['version']); diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 2708c78..48c9677 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -60,10 +60,11 @@ include("head.inc"); <?php $version = file_get_contents("/etc/version"); $tab_array = array(); - $tab_array[] = array("{$version} " . gettext("packages"), false, "pkg_mgr.php"); + $tab_array[] = array(gettext("Available Packages"), false, "pkg_mgr.php"); +// $tab_array[] = array("{$version} " . gettext("packages"), false, "pkg_mgr.php"); // $tab_array[] = array("Packages for any platform", false, "pkg_mgr.php?ver=none"); // $tab_array[] = array("Packages for a different platform", $requested_version == "other" ? true : false, "pkg_mgr.php?ver=other"); - $tab_array[] = array(gettext("Installed packages"), true, "pkg_mgr_installed.php"); + $tab_array[] = array(gettext("Installed Packages"), true, "pkg_mgr_installed.php"); display_top_tabs($tab_array); ?> </td> @@ -86,7 +87,7 @@ include("head.inc"); foreach($config['installedpackages']['package'] as $instpkg) { $instpkgs[] = $instpkg['name']; } - asort($instpkgs); + natcasesort($instpkgs); foreach ($instpkgs as $index => $pkgname): diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 13ac985..baa5610 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -239,6 +239,8 @@ if ($_POST) { if (is_array($_POST['cinterface'])) $pconfig['cinterface'] = implode(",", $_POST['cinterface']); + + filter_configure(); } } include("head.inc"); diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 3f922d4..754a87f 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -824,7 +824,7 @@ include("head.inc"); ?> <tr> <td> - <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld unknown" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> </td> <td> <select name="itemtype<?php echo $counter; ?>" class="formselect" id="itemtype<?php echo $counter; ?>"> @@ -838,7 +838,7 @@ include("head.inc"); </select> </td> <td> - <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="40" value="<?=htmlspecialchars($value);?>" /> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld unknown" id="value<?php echo $counter; ?>" size="40" value="<?=htmlspecialchars($value);?>" /> </td> <td> <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" /></a> diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php index 948ecb0..ae1a0d5 100755 --- a/usr/local/www/services_dnsmasq_domainoverride_edit.php +++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php @@ -69,8 +69,8 @@ if ($_POST) { if (($_POST['domain'] && !is_domain($_POST['domain']))) { $input_errors[] = gettext("A valid domain must be specified."); } - if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { - $input_errors[] = gettext("A valid IP address must be specified."); + if ($_POST['ip'] && !is_ipaddr($_POST['ip']) && ($_POST['ip'] != '#')) { + $input_errors[] = gettext("A valid IP address must be specified, or # for an exclusion."); } if (!$input_errors) { @@ -115,7 +115,7 @@ include("head.inc"); <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="ip" type="text" class="formfld unknown" id="ip" size="40" value="<?=htmlspecialchars($pconfig['ip']);?>"> <br> <span class="vexpl"><?=gettext("IP address of the authoritative DNS server for this domain"); ?><br> - <?=gettext("e.g."); ?> <em>192.168.100.100</em></span></td> + <?=gettext("e.g."); ?> <em>192.168.100.100</em><br/><?=gettext("Or enter # for an exclusion to pass through this host/subdomain to standard nameservers instead of a previous override."); ?></span></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 63cb10e..8d02173 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -98,7 +98,7 @@ if ($_POST) { if (!$input_errors) { $igmpentry['address'] = $address; - $igmpentry['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $igmpentry['descr'] = $_POST['descr']; if (isset($id) && $a_igmpproxy[$id]) $a_igmpproxy[$id] = $igmpentry; @@ -114,7 +114,7 @@ if ($_POST) { //we received input errors, copy data to prevent retype else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['descr'] = $_POST['descr']; $pconfig['address'] = $address; $pconfig['type'] = $_POST['type']; } diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index 128fc3f..e3c5b7d 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -171,11 +171,7 @@ include("head.inc"); <?php $i = 0; foreach ($a_wol as $wolent): ?> <tr> <td class="listlr" ondblclick="document.location='services_wol_edit.php?id=<?=$i;?>';"> - <?php if ($wolent['interface'] == "lan") - echo "LAN"; - else - echo $config['interfaces'][$wolent['interface']]['descr']; - ?> + <?=convert_friendly_interface_to_friendly_descr($wolent['interface']);?> </td> <td class="listr" ondblclick="document.location='services_wol_edit.php?id=<?=$i;?>';"> <a href="?mac=<?=$wolent['mac'];?>&if=<?=$wolent['interface'];?>"><?=strtolower($wolent['mac']);?></a> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 3625e40..9560041 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -71,7 +71,7 @@ function clientcmp($a, $b) { $cpdb = array(); if (file_exists("{$g['vardb_path']}/captiveportal.db")) { - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportaldb'); $cpcontents = file("/var/db/captiveportal.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); unlock($captiveportallck); } else diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php index 896b1af..ed474de 100755 --- a/usr/local/www/status_dhcp_leases.php +++ b/usr/local/www/status_dhcp_leases.php @@ -354,7 +354,7 @@ foreach ($leases as $data) { echo "<tr>\n"; echo "<td class=\"listlr\">{$fspans}{$data['ip']}{$fspane} </td>\n"; if ($data['online'] != "online") { - echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\">{$data['mac']}</a>{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}<a href=\"services_wol.php?if={$data['if']}&mac={$data['mac']}\" title=\"" . gettext("send Wake on LAN packet to this MAC address") ."\" onclick=\"return confirm('" . gettext("Send Wake on LAN packet to this MAC address?") . "')\">{$data['mac']}</a>{$fspane} </td>\n"; } else { echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; } diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index 48f5734..28b1b4c 100755 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -66,7 +66,11 @@ if ($_GET['cat']) { if ($_GET['period']) { $curperiod = $_GET['period']; } else { - $curperiod = "current"; + if(! empty($config['rrd']['period'])) { + $curperiod = $config['rrd']['period']; + } else { + $curperiod = "absolute"; + } } if ($_GET['option']) { @@ -128,11 +132,11 @@ $now = time(); if($curcat == "custom") { if (is_numeric($_GET['start'])) { if($start < ($now - (3600 * 24 * 365 * 5))) { - $start = $now - (4 * 3600); + $start = $now - (8 * 3600); } $start = $_GET['start']; } else { - $start = $now - (4 * 3600); + $start = $now - (8 * 3600); } } @@ -144,6 +148,7 @@ if (is_numeric($_GET['end'])) { /* this should never happen */ if($end < $start) { + log_error("start $start is smaller than end $end"); $end = $now; } @@ -198,81 +203,103 @@ $custom_databases = array_merge($dbheader_custom, $databases); $styles = array('inverse' => gettext('Inverse'), 'absolute' => gettext('Absolute')); -$graphs = array("day", "week", "month", "quarter", "year", "4year"); -$periods = array("current" => gettext("Current Period"), "previous" => gettext("Previous Period")); +$graphs = array("8hour", "day", "week", "month", "quarter", "year", "4year"); +$periods = array("absolute" => gettext("Absolute Timespans"), "current" => gettext("Current Period"), "previous" => gettext("Previous Period")); +$graph_length = array( + "8hour" => 28800, + "day" => 86400, + "week" => 604800, + "month" => 2764800, + "quarter" => 8035200, + "year" => 31622400, + "4year" => 126489600); $pgtitle = array(gettext("Status"),gettext("RRD Graphs")); include("head.inc"); function get_dates($curperiod, $graph) { + global $graph_length; $now = time(); $end = $now; - $curyear = date('Y', $now); - $curmonth = date('m', $now); - $curweek = date('W', $now); - $curweekday = date('N', $now) - 1; // We want to start on monday - $curday = date('d', $now); - - switch($curperiod) { - case "previous": - $offset = -1; - break; - default: - $offset = 0; - } - switch($graph) { - case "12hour": - switch($offset) { - case 0; - $houroffset = 0; - break; - default: - $houroffset = ($offset * 12) - 12; - break; - } - $start = mktime((8 + $houroffset), 0, 0, $curmonth, $curday, $curyear); - if(($offset != 0) || (($end - ($start + (12 * 3600)) ) > 0) ) { - $end = mktime((8 + $houroffset) + 12, 0, 0, $curmonth, $curday, $curyear); - } - break; - case "day": - $start = mktime(0, 0, 0, $curmonth, ($curday + $offset), $curyear); - if($offset != 0) - $end = mktime(0, 0, 0, $curmonth, (($curday + $offset) + 1), $curyear); - break; - case "week": - switch($offset) { - case 0; - $weekoffset = 0; - break; - default: - $weekoffset = ($offset * 7) - 7; - break; - } - $start = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset), $curyear); - if($offset != 0) - $end = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset + 7), $curyear); - break; - case "month": - $start = mktime(0, 0, 0, ($curmonth + $offset), 0, $curyear); - if($offset != 0) - $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); - break; - case "quarter": - $start = mktime(0, 0, 0, (($curmonth - 2) + $offset), 0, $curyear); - if($offset != 0) - $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); - break; - case "year": - $start = mktime(0, 0, 0, 1, 0, ($curyear + $offset)); - if($offset != 0) - $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); - break; - case "4year": - $start = mktime(0, 0, 0, 1, 0, (($curyear - 3) + $offset)); - if($offset != 0) - $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); - break; + + if($curperiod == "absolute") { + $start = $end - $graph_length[$graph]; + } else { + $curyear = date('Y', $now); + $curmonth = date('m', $now); + $curweek = date('W', $now); + $curweekday = date('N', $now) - 1; // We want to start on monday + $curday = date('d', $now); + $curhour = date('G', $now); + + switch($curperiod) { + case "previous": + $offset = -1; + break; + default: + $offset = 0; + } + switch($graph) { + case "8hour": + if($curhour < 24) + $starthour = 16; + if($curhour < 16) + $starthour = 8; + if($curhour < 8) + $starthour = 0; + + switch($offset) { + case 0: + $houroffset = $starthour; + break; + default: + $houroffset = $starthour + ($offset * 8); + break; + } + $start = mktime($houroffset, 0, 0, $curmonth, $curday, $curyear); + if($offset != 0) { + $end = mktime(($houroffset + 8), 0, 0, $curmonth, $curday, $curyear); + } + break; + case "day": + $start = mktime(0, 0, 0, $curmonth, ($curday + $offset), $curyear); + if($offset != 0) + $end = mktime(0, 0, 0, $curmonth, (($curday + $offset) + 1), $curyear); + break; + case "week": + switch($offset) { + case 0: + $weekoffset = 0; + break; + default: + $weekoffset = ($offset * 7) - 7; + break; + } + $start = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset), $curyear); + if($offset != 0) + $end = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $weekoffset + 7), $curyear); + break; + case "month": + $start = mktime(0, 0, 0, ($curmonth + $offset), 0, $curyear); + if($offset != 0) + $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); + break; + case "quarter": + $start = mktime(0, 0, 0, (($curmonth - 2) + $offset), 0, $curyear); + if($offset != 0) + $end = mktime(0, 0, 0, (($curmonth + $offset) + 1), 0, $curyear); + break; + case "year": + $start = mktime(0, 0, 0, 1, 0, ($curyear + $offset)); + if($offset != 0) + $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); + break; + case "4year": + $start = mktime(0, 0, 0, 1, 0, (($curyear - 3) + $offset)); + if($offset != 0) + $end = mktime(0, 0, 0, 1, 0, (($curyear + $offset) +1)); + break; + } } // echo "start $start ". date('l jS \of F Y h:i:s A', $start) .", end $end ". date('l jS \of F Y h:i:s A', $end) ."<br>"; $dates = array(); diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index c57e322..4610233 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -63,11 +63,11 @@ $now = time(); if (is_numeric($_GET['start'])) { if($start < ($now - (3600 * 24 * 365 * 5))) { - $start = $now - (4 * 3600); + $start = $now - (8 * 3600); } $start = $_GET['start']; } else { - $start = $now - (4 * 3600); + $start = $now - (8 * 3600); } if (is_numeric($_GET['end'])) { @@ -78,6 +78,7 @@ if (is_numeric($_GET['end'])) { /* this should never happen */ if($end < $start) { + log_error("start $start is smaller than end $end"); $end = $now; } diff --git a/usr/local/www/status_rrd_graph_settings.php b/usr/local/www/status_rrd_graph_settings.php index 6fb943a..7accd25 100755 --- a/usr/local/www/status_rrd_graph_settings.php +++ b/usr/local/www/status_rrd_graph_settings.php @@ -47,6 +47,7 @@ require_once("rrd.inc"); $pconfig['enable'] = isset($config['rrd']['enable']); $pconfig['category'] = $config['rrd']['category']; $pconfig['style'] = $config['rrd']['style']; +$pconfig['period'] = $config['rrd']['period']; $curcat = "settings"; $categories = array('system' => gettext("System"), @@ -56,6 +57,9 @@ $categories = array('system' => gettext("System"), 'queues' => gettext("Queues")); $styles = array('inverse' => gettext("Inverse"), 'absolute' => gettext("Absolute")); +$periods = array("absolute" => gettext("Absolute Timespans"), + "current" => gettext("Current Period"), + "previous" => gettext("Previous Period")); if ($_POST) { @@ -69,6 +73,7 @@ if ($_POST) { $config['rrd']['enable'] = $_POST['enable'] ? true : false; $config['rrd']['category'] = $_POST['category']; $config['rrd']['style'] = $_POST['style']; + $config['rrd']['period'] = $_POST['period']; write_config(); $retval = 0; @@ -189,6 +194,21 @@ include("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vtable"><?=gettext("Default period");?></td> + <td width="78%" class="vtable"> + <select name="period" class="formselect" style="z-index: -10;" > + <?php + foreach ($periods as $period => $periodd) { + echo "<option value=\"$period\""; + if ($period == $pconfig['period']) echo " selected"; + echo ">" . htmlspecialchars($periodd) . "</option>\n"; + } + ?> + </select> + <b><?=gettext("This selects the default period.");?></b> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)"> diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 779e396..d463f3a 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -334,9 +334,15 @@ foreach (array('server', 'client') as $mode) { } } } - - + +function service_name_compare($a, $b) { + if (strtolower($a['name']) == strtolower($b['name'])) + return 0; + return (strtolower($a['name']) < strtolower($b['name'])) ? -1 : 1; +} + if (count($services) > 0) { + uasort($services, "service_name_compare"); foreach($services as $service) { if (empty($service['name'])) continue; diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 2bdf7e2..591ab8e 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -374,7 +374,7 @@ function prot_change() { <?php echo gettext("When this is unchecked, access to the webConfigurator " . "is protected against HTTP_REFERER redirection attempts. " . "Check this box to disable this protection if you find that it interferes with " . - "webConfigurator access in certain corner cases such as using 3rd party scripts to interact with pfSense. More information on HTTP_REFERER is available from <a target='_new' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?> + "webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from <a target='_new' href='http://en.wikipedia.org/wiki/HTTP_referrer'>Wikipedia</a>."); ?> </td> </tr> <tr> @@ -422,7 +422,7 @@ function prot_change() { <input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> /> <strong><?=gettext("This will enable the first serial port with 9600/8/N/1"); ?></strong> <br> - <span class="vexpl"><?=gettext("Note: This will disable the internal video card/keyboard"); ?></span> + <span class="vexpl"><?=gettext("Note: This will redirect the console output and messages to the serial port. You can still access the console menu from the internal video card/keyboard. A <b>null modem</b> serial cable or adapter is required to use the serial console."); ?></span> </td> </tr> <tr> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 2662775..6eddd39 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -138,6 +138,8 @@ if ($_POST) { $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate data")); + if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) + $input_errors[] = gettext("This certificate does not appear to be valid."); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 36a11bb..0113461 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -162,6 +162,8 @@ if ($_POST) { gettext("Descriptive name"), gettext("Certificate data"), gettext("Key data")); + if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) + $input_errors[] = gettext("This certificate does not appear to be valid."); } if ($pconfig['method'] == "internal") { diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php index 93b6997..1b2648b 100755 --- a/usr/local/www/system_firmware.php +++ b/usr/local/www/system_firmware.php @@ -43,6 +43,8 @@ ##|-PRIV $d_isfwfile = 1; +$nocsrf = true; + require_once("globals.inc"); require_once("guiconfig.inc"); @@ -101,7 +103,7 @@ if(is_subsystem_dirty('firmwarelock')) { echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n"; include("fbegin.inc"); echo "<div>\n"; - print_info_box(gettext("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.") . "<p><center><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif'>"); + print_info_box(gettext("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.") . "<p><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif'>"); echo "</div>\n"; include("fend.inc"); echo "</body>"; diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index 4f655fe..06a9eb1 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -42,6 +42,8 @@ ##|*MATCH=system_firmware_auto.php* ##|-PRIV +$nocsrf = true; + require("guiconfig.inc"); require_once("pfsense-utils.inc"); @@ -105,9 +107,9 @@ include("head.inc"); </table> <br> <!-- status box --> - <textarea cols="60" rows="1" name="status" id="status" wrap="hard"><?=gettext("Beginning firmware upgrade"); ?>.</textarea> + <textarea cols="90" rows="1" name="status" id="status" wrap="hard"><?=gettext("Beginning firmware upgrade"); ?>.</textarea> <!-- command output box --> - <textarea cols="60" rows="25" name="output" id="output" wrap="hard"></textarea> + <textarea cols="90" rows="25" name="output" id="output" wrap="hard"></textarea> </center> </td> </tr> @@ -203,11 +205,13 @@ if ($sigchk == 1) { if ($exitstatus) { update_status($sig_warning); - update_output_window(gettext("Update cannot continue")); - require("fend.inc"); + update_output_window(gettext("Update cannot continue. You can disable this check on the Updater Settings tab.")); + require("fend.inc"); exit; -} else if ($sigchk == 2) - update_output_window("\n" . gettext("Image has no signature but the system configured to allow unsigned images.") . "\n"); +} else if ($sigchk == 2) { + update_status("Upgrade in progress..."); + update_output_window("\n" . gettext("Upgrade Image does not contain a signature but the system has been configured to allow unsigned images. One moment please...") . "\n"); +} if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) { update_status(gettext("The image file is corrupt.")); diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index a4975fe..8db8764 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -140,7 +140,7 @@ if ($_POST) { foreach ($a_gateways as $gateway) { if (isset($id) && ($a_gateways[$id]) && ($a_gateways[$id] === $gateway)) { if ($gateway['name'] != $_POST['name']) - $input_errors[] = gettext("Changing name on a gateway is not allowed because it can leave stale gateways around."); + $input_errors[] = gettext("Changing name on a gateway is not allowed."); continue; } if($_POST['name'] <> "") { diff --git a/usr/local/www/themes/_corporate/images/icons/icon_block_add.gif b/usr/local/www/themes/_corporate/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/_corporate/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/_corporate/images/icons/icon_pass_add.gif b/usr/local/www/themes/_corporate/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/_corporate/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/code-red/images/icons/icon_block_add.gif b/usr/local/www/themes/code-red/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/code-red/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/code-red/images/icons/icon_pass_add.gif b/usr/local/www/themes/code-red/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/code-red/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/metallic/images/icons/icon_block_add.gif b/usr/local/www/themes/metallic/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/metallic/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/metallic/images/icons/icon_pass_add.gif b/usr/local/www/themes/metallic/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/metallic/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/pfsense-dropdown/images/icons/icon_block_add.gif b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/pfsense-dropdown/images/icons/icon_pass_add.gif b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/pfsense/images/icons/icon_block_add.gif b/usr/local/www/themes/pfsense/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/pfsense/images/icons/icon_pass_add.gif b/usr/local/www/themes/pfsense/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/pfsense_ng/images/icons/icon_block_add.gif b/usr/local/www/themes/pfsense_ng/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/pfsense_ng/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/pfsense_ng/images/icons/icon_pass_add.gif b/usr/local/www/themes/pfsense_ng/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/pfsense_ng/images/icons/icon_pass_add.gif diff --git a/usr/local/www/themes/the_wall/images/icons/icon_block_add.gif b/usr/local/www/themes/the_wall/images/icons/icon_block_add.gif Binary files differnew file mode 100644 index 0000000..eb726d6 --- /dev/null +++ b/usr/local/www/themes/the_wall/images/icons/icon_block_add.gif diff --git a/usr/local/www/themes/the_wall/images/icons/icon_pass_add.gif b/usr/local/www/themes/the_wall/images/icons/icon_pass_add.gif Binary files differnew file mode 100644 index 0000000..f7f4c20 --- /dev/null +++ b/usr/local/www/themes/the_wall/images/icons/icon_pass_add.gif diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 8052466..52fd334 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -99,7 +99,7 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="15%" class="listhdrr"><?=gettext("Interface");?></td> - <td width="10%" class="listhdrr"><?=gettext("Local ip");?></td> + <td width="10%" class="listhdrr"><?=gettext("Local IP");?></td> <td width="25%" class="listhdrr"><?=gettext("Number of users");?></td> <td width="25%" class="listhdr"><?=gettext("Description");?></td> <td width="5%" class="list"> diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index 73ba7cc..1cd0075 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -84,7 +84,7 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) $input_errors[] = gettext("The username contains invalid characters."); - if (preg_match("/[[:cntrl:]\"]/", $_POST['password'])) + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['passwordfld'])) $input_errors[] = gettext("The password contains invalid characters."); if (preg_match("/^!/", $_POST['password'])) diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index 1ca7007..d240d69 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -32,10 +32,13 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("globals.inc"); require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); +require_once("captiveportal.inc"); ?> @@ -55,7 +58,7 @@ function clientcmp($a, $b) { $cpdb = array(); if (file_exists("{$g['vardb_path']}/captiveportal.db")) { - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportaldb'); $cpcontents = file("{$g['vardb_path']}/captiveportal.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); unlock($captiveportallck); } else diff --git a/usr/local/www/widgets/widgets/carp_status.widget.php b/usr/local/www/widgets/widgets/carp_status.widget.php index 6399579..a671308 100644 --- a/usr/local/www/widgets/widgets/carp_status.widget.php +++ b/usr/local/www/widgets/widgets/carp_status.widget.php @@ -27,10 +27,13 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); require_once("/usr/local/www/widgets/include/carp_status.inc"); + ?> <table bgcolor="#990000" width="100%" border="0" cellspacing="0" cellpadding="0"> <?php diff --git a/usr/local/www/widgets/widgets/gateways.widget.php b/usr/local/www/widgets/widgets/gateways.widget.php index db6a83a..4abe524 100644 --- a/usr/local/www/widgets/widgets/gateways.widget.php +++ b/usr/local/www/widgets/widgets/gateways.widget.php @@ -26,6 +26,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/gmirror_status.widget.php b/usr/local/www/widgets/widgets/gmirror_status.widget.php index cd73a0f..cbbead2 100644 --- a/usr/local/www/widgets/widgets/gmirror_status.widget.php +++ b/usr/local/www/widgets/widgets/gmirror_status.widget.php @@ -25,6 +25,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("/usr/local/www/widgets/include/gmirror_status.inc"); if ($_GET['textonly'] == "true") { diff --git a/usr/local/www/widgets/widgets/installed_packages.widget.php b/usr/local/www/widgets/widgets/installed_packages.widget.php index 6795d36..3ecb0ec 100644 --- a/usr/local/www/widgets/widgets/installed_packages.widget.php +++ b/usr/local/www/widgets/widgets/installed_packages.widget.php @@ -1,36 +1,38 @@ <?php /* - $Id$ - Copyright 2007 Scott Dale - Part of pfSense widgets (www.pfsense.com) - originally based on m0n0wall (http://m0n0.ch/wall) + $Id$ + Copyright 2007 Scott Dale + Part of pfSense widgets (www.pfsense.com) + originally based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> - and Jonathan Watt <jwatt@jwatt.org>. - All rights reserved. + Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net> + and Jonathan Watt <jwatt@jwatt.org>. + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); @@ -48,76 +50,69 @@ $updateavailable = false; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="15%" class="listhdrr">Package Name</td> - <td width="15%" class="listhdrr">Category</td> - <td width="30%" class="listhdrr">Package Version</td> - </tr> - <?php - if($config['installedpackages']['package'] != "") { - $instpkgs = array(); - foreach($config['installedpackages']['package'] as $instpkg) $instpkgs[] = $instpkg['name']; - asort($instpkgs); - $y=1; - foreach ($instpkgs as $index => $pkgname){ - + <tr> + <td width="15%" class="listhdrr">Package Name</td> + <td width="15%" class="listhdrr">Category</td> + <td width="30%" class="listhdrr">Package Version</td> + </tr> + <?php + if($config['installedpackages']['package'] != "") { + $instpkgs = array(); + foreach($config['installedpackages']['package'] as $instpkg) + $instpkgs[] = $instpkg['name']; + natcasesort($instpkgs); + $y=1; + foreach ($instpkgs as $index => $pkgname){ + $pkg = $config['installedpackages']['package'][$index]; - if($pkg['name'] <> "") { - ?> - <tr valign="top"> - <td class="listlr"> - <?= $pkg['name'] ?> - </td> - <td class="listlr"> - <?= $pkg['category'] ?> - </td> - <td class="listlr"> - <?php - $latest_package = $currentvers[$pkg['name']]['version']; - if($latest_package == false) - { - // We can't determine this package's version status. - echo "Current: Unknown.<br>Installed: " . $pkg['version']; - } - elseif(strcmp($pkg['version'], $latest_package) > 0) - { - /* we're running a newer version of the package */ - echo "Current: {$latest_package}"; - echo "<br>Installed: {$pkg['version']}"; - } - elseif(strcmp($pkg['version'], $latest_package) < 0) - { - /* our package is out of date */ - $updateavailable = true; - ?> - <div id="updatediv-<?php echo $y; ?>" style="color:red"> - <b>Update Available!</b></div><div style="float:left"> - Current: <?php echo $latest_package; ?><br/> - Installed: <?php echo $pkg['version']; ?></div><div style="float:right"> - <a href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?= $pkg['name']; ?>"><img title="Update this package." src="./themes/<?= $g['theme']; ?>/images/icons/icon_reinstall_pkg.gif" width="17" height="17" border="0"</a> - </div> - <?php $y++; - } - else - { - echo $pkg['version']; - } - ?></td> - </tr> - <?php - } - } - } else { - echo "<tr><td colspan=\"5\"><center>There are no packages currently installed.</td></tr>"; - } - ?> - </table> - + if($pkg['name'] <> "") { ?> + <tr valign="top"> + <td class="listlr"> + <?= $pkg['name'] ?> + </td> + <td class="listlr"> + <?= $pkg['category'] ?> + </td> + <td class="listlr"> + <?php + $latest_package = $currentvers[$pkg['name']]['version']; + if($latest_package == false) { + // We can't determine this package's version status. + echo "Current: Unknown.<br>Installed: " . $pkg['version']; + } elseif(strcmp($pkg['version'], $latest_package) > 0) { + /* we're running a newer version of the package */ + echo "Current: {$latest_package}"; + echo "<br>Installed: {$pkg['version']}"; + } elseif(strcmp($pkg['version'], $latest_package) < 0) { + /* our package is out of date */ + $updateavailable = true; + ?> + <div id="updatediv-<?php echo $y; ?>" style="color:red"> + <b>Update Available!</b></div><div style="float:left"> + Current: <?php echo $latest_package; ?><br/> + Installed: <?php echo $pkg['version']; ?></div><div style="float:right"> + <a href="pkg_mgr_install.php?mode=reinstallpkg&pkg=<?= $pkg['name']; ?>"><img title="Update this package." src="./themes/<?= $g['theme']; ?>/images/icons/icon_reinstall_pkg.gif" width="17" height="17" border="0"/></a> + </div> + <?php + $y++; + } else { + echo $pkg['version']; + } ?> + </td> + </tr> + <?php } + } + } else { + echo "<tr><td colspan=\"5\"><center>There are no packages currently installed.</td></tr>"; + } + ?> +</table> + <?php if ($updateavailable): ?> <script language="javascript" type="text/javascript"> window.onload = function(in_event) - { - for (y=1; y<=<?php echo $y;?>; y++){ + { + for (y=1; y<=<?php echo $y;?>; y++){ textID = "updatediv-" + y; Effect.Pulsate(textID,{from:0.1}); } diff --git a/usr/local/www/widgets/widgets/interface_statistics.widget.php b/usr/local/www/widgets/widgets/interface_statistics.widget.php index 3fcf8a6..7dca538 100644 --- a/usr/local/www/widgets/widgets/interface_statistics.widget.php +++ b/usr/local/www/widgets/widgets/interface_statistics.widget.php @@ -31,6 +31,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/interfaces.widget.php b/usr/local/www/widgets/widgets/interfaces.widget.php index d74f690..626e067 100644 --- a/usr/local/www/widgets/widgets/interfaces.widget.php +++ b/usr/local/www/widgets/widgets/interfaces.widget.php @@ -30,6 +30,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php index 4966dd7..dd0c10e 100644 --- a/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/usr/local/www/widgets/widgets/ipsec.widget.php @@ -31,6 +31,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("functions.inc"); require_once("ipsec.inc"); diff --git a/usr/local/www/widgets/widgets/load_balancer_status.widget.php b/usr/local/www/widgets/widgets/load_balancer_status.widget.php index 5993b67..63f8bc4 100644 --- a/usr/local/www/widgets/widgets/load_balancer_status.widget.php +++ b/usr/local/www/widgets/widgets/load_balancer_status.widget.php @@ -34,6 +34,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/log.widget.php b/usr/local/www/widgets/widgets/log.widget.php index c46a6ab..84f6585 100644 --- a/usr/local/www/widgets/widgets/log.widget.php +++ b/usr/local/www/widgets/widgets/log.widget.php @@ -30,6 +30,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index 25454c8..fdf2e3c 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -1,4 +1,7 @@ <?php + +$nocsrf = true; + require_once("openvpn.inc"); /* Handle AJAX */ diff --git a/usr/local/www/widgets/widgets/picture.widget.php b/usr/local/www/widgets/widgets/picture.widget.php index 7f25af4..90bf288 100644 --- a/usr/local/www/widgets/widgets/picture.widget.php +++ b/usr/local/www/widgets/widgets/picture.widget.php @@ -26,6 +26,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); diff --git a/usr/local/www/widgets/widgets/rss.widget.php b/usr/local/www/widgets/widgets/rss.widget.php index d81fa4d..0843684 100644 --- a/usr/local/www/widgets/widgets/rss.widget.php +++ b/usr/local/www/widgets/widgets/rss.widget.php @@ -26,6 +26,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index 862a069..f41e7f5 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -29,6 +29,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("captiveportal.inc"); require_once("service-utils.inc"); @@ -175,7 +177,14 @@ if(isset($_POST['servicestatusfilter'])) { <?php $skipservices = explode(",", str_replace(" ", "", $config['widgets']['servicestatusfilter'])); +function service_name_compare($a, $b) { + if (strtolower($a['name']) == strtolower($b['name'])) + return 0; + return (strtolower($a['name']) < strtolower($b['name'])) ? -1 : 1; +} + if (count($services) > 0) { + uasort($services, "service_name_compare"); foreach($services as $service) { if((!$service['name']) || (in_array($service['name'], $skipservices))) continue; diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index 9604461..1b9683a 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -31,11 +31,12 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("functions.inc"); require_once("guiconfig.inc"); require_once('notices.inc'); - if($_REQUEST['getupdatestatus']) { if(isset($curcfg['alturl']['enable'])) $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; diff --git a/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/usr/local/www/widgets/widgets/traffic_graphs.widget.php index 9d1e76c..4686d0b 100644 --- a/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -31,6 +31,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); diff --git a/usr/local/www/widgets/widgets/wake_on_lan.widget.php b/usr/local/www/widgets/widgets/wake_on_lan.widget.php index bb253d0..598dc1f 100644 --- a/usr/local/www/widgets/widgets/wake_on_lan.widget.php +++ b/usr/local/www/widgets/widgets/wake_on_lan.widget.php @@ -25,6 +25,8 @@ POSSIBILITY OF SUCH DAMAGE. */ +$nocsrf = true; + require_once("/usr/local/www/widgets/include/wake_on_lan.inc"); if (is_array($config['wol']['wolentry'])) @@ -47,11 +49,7 @@ else if (count($wolcomputers) > 0) { foreach($wolcomputers as $wolent) { echo '<tr><td class="listlr">' . $wolent['descr'] . '<br />' . $wolent['mac'] . '</td>' . "\n"; - $wolifname = $config['interfaces'][$wolent['interface']]['descr']; - if ( empty( $wolifname ) ){ - $wolifname = ucase($wolent['interface']); - } - echo '<td class="listr">' . $wolifname . '</td>' . "\n"; + echo '<td class="listr">' . convert_friendly_interface_to_friendly_descr($wolent['interface']) . '</td>' . "\n"; $is_active = exec("/usr/sbin/arp -an |/usr/bin/grep {$wolent['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print $1;}'"); if($is_active == 1) { diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index c7c561e..e60aa6e 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -820,6 +820,7 @@ <name>nbtenable</name> <type>checkbox</type> <displayname>NetBIOS Options</displayname> + <bindstofield>ovpnserver->step10->nbtenable</bindstofield> <description>Enable NetBIOS over TCP/IP. <br/>If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. </description> </field> <field> diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index 2fa3f1b..31da91a 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -623,45 +623,42 @@ function apply_all_choosen_items() { $upbw = floatval($config['ezshaper']['step2']["conn{$i}upload"]) * $upfactor; if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = floatval($config['ezshaper']['step3']["conn{$i}upload"]); - $voipbwunit = $config['ezshaper']['step3']["conn{$i}uploadspeed"]; - if ($sched != "HFSC") { - if ($voipbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += $voipbw * $factor; - } else - $remainbw += 32000; /* 32Kbit/s forHFSC linksharing */ + $voip = true; + $voipbw = floatval($config['ezshaper']['step3']["conn{$i}upload"]); + $voipbwunit = $config['ezshaper']['step3']["conn{$i}uploadspeed"]; + if ($voipbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($voipbwunit); + $remainbw += $voipbw * $factor; } if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += $penaltybw * $factor; + $penalty = true; + $penaltybw = $config['ezshaper']['step4']['bandwidth']; + $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; + if ($penaltybwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($penaltybwunit); + $remainbw += $penaltybw * $factor; } else { - $penalty = false; - $penaltybw = 0; + $penalty = false; + $penaltybw = 0; } if ($config['ezshaper']['step5']['enable']) { $p2p = true; if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += $p2pcatchbw * $factor; + $p2pcatchall = true; + $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; + $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; + if ($p2pcatchbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); + $remainbw += $p2pcatchbw * $factor; } else { - $p2pcatchall = false; - $p2pcatchbw = 0; + $p2pcatchall = false; + $p2pcatchbw = 0; } } else { $p2p = false; @@ -943,392 +940,6 @@ function apply_all_choosen_items() { array_pop($tmppath); } -/* LAN bandwidth ----------------------------------------------------------------------------------------- */ - - $tmppath = array(); - $altq =& new altq_root_queue(); - - $altq->SetInterface('lan'); - $altq->SetScheduler($config['ezshaper']['step2']["downloadscheduler"]); - $altq->SetBandwidth($lanbw/1000); - $altq->SetBwscale("Kb"); - $altq->SetEnabled("on"); - $altq_list_queues[$altq->GetQname()] =& $altq; - array_push($tmppath, 'lan'); - $altq->SetLink($tmppath); - //var_dump($input_errors); - $altq->wconfig(); - - $sched = $config['ezshaper']['step2']["downloadscheduler"]; - $voipbw =0; - $voipbwunit = "%"; - $voip = false; - $penalty = false; - $penaltybw = 0; - $penaltybwunit = "%"; - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - $games = false; - $otherpriority = false; - $remainbw = 0; - - - if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = $config['ezshaper']['step3']["download"]; - $voipbwunit = $config['ezshaper']['step3']["downloadspeed"]; - if ($sched != "HFSC") { - if ($voipbwunit == "%") - $factor = $lanbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += $voipbw * $factor; - } else - $remainbw += 32000; /* 32Kbit/s forHFSC linksharing */ - } - if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $lanbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += $penaltybw * $factor; - } else { - $penalty = false; - $penaltybw = 0; - } - if ($config['ezshaper']['step5']['enable']) { - $p2p = true; - if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $lanbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += $p2pcatchbw * $factor; - } else { - $p2pcatchall = false; - $p2pcatchbw = 0; - } - } else { - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - } - if ($config['ezshaper']['step6']['enable']) { - $games = true; - } else { - $games = false; - } - - if ($config['ezshaper']['step7']['enable']) { - $otherpriority = true; - } else { - $otherpriority = false; - } - $remainbw = round($remainbw / $lanbw * 100, 2); - - if ($remainbw > 0 && $remainbw > 30) { - $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard.xml&stepid=2&message={$savemsg}"); - exit; - } else { - $remainbw = 100 - $remainbw; - } - - if ($sched != "PRIQ") { - if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qInternet"; - //$tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['bandwidth'] = $lanbw/1000; - $tmpcf['bandwidthtype'] = "Kb"; - } - else if ($sched == "HFSC") { - $tmpcf['linkshare3'] = $lanbw/1000 ."Kb"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = $lanbw/1000 ."Kb"; - $tmpcf['linkshare'] = "on"; - $tmpcf['bandwidth'] = $lanbw/1000; - $tmpcf['bandwidthtype'] = "Kb"; - } - array_push($tmppath, "qInternet"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - //array_pop($tmppath); - //echo "qInternet <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - $altq =& $qtmp; - } - - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qACK"; - $tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; - $tmpcf['bandwidthtype'] = "%"; - } - else if ($sched == "HFSC") { - $lkbw = 0.20 * $remainbw; - $tmpcf['linkshare3'] = "{$lkbw}%"; - $tmpcf['linkshare'] = "on"; - $tmpcf['bandwidth'] = $lkbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qACK"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qACK <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - if ($p2pcatchall) - $tmpcf['name'] = "qOthersDefault"; - else - $tmpcf['name'] = "qDefault"; - $tmpcf['priority'] = 3; - $tmpcf['enabled'] = "on"; - if (!$p2pcatchall) - $tmpcf['default'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, $tmpcf['name']); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qDefault <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($p2p) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qP2P"; - $tmpcf['priority'] = 1; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($p2pcatchall) { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } - $tmpcf['default'] = "on"; - - } else { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpbw = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$tmpbw}%"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$tmpbw}%"; - $tmpcf['bandwidth'] = $tmpbw; - $tmpcf['bandwidthtype'] = "%"; - } - } - array_push($tmppath, "qP2P"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qP2P <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($voip) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qVoIP"; - $tmpcf['priority'] = 7; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($voipbw > 0) { - $tmpcf['bandwidth'] = $voipbw; - $tmpcf['bandwidthtype'] = $voipbwunit; - } else { - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - } else if ($sched == "HFSC") { - if ($voipbw > 0) { - $tmpcf['realtime3'] = "{$voipbw}{$voipbwunit}"; - } else { - $voipbw = $remainbw * 0.20; /* 20% bandwidth */ - $tmpcf['realtime3'] = "{$voipbw}%"; - } - $tmpcf['realtime'] = "on"; - $tmpcf['bandwidth'] = 32; - $tmpcf['bandwidthtype'] = "Kb"; - } - array_push($tmppath, "qVoIP"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qVoIP <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($games) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qGames"; - $tmpcf['priority'] = 5; - $tmpcf['enabled'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $gamesbw = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$gamesbw}%"; - $tmpcf['bandwidth'] = "{$gamesbw}"; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qGames"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qGames <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($otherpriority) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersHigh"; - $tmpcf['priority'] = 4; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $otherbw = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['linkshare3'] = "{$otherbw}%"; - $tmpcf['bandwidth'] = $otherbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qOthersHigh"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qHigh <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($penalty) - $tmpcf['bandwidth'] = $penaltybw; - else - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - if ($penalty) { - $tmpcf['linkshare3'] = "{$penaltybw}{$penaltybwunit}"; - $tmpcf['bandwidth'] = $penaltybw; - $tmpcf['bandwidthtype'] = $penaltybwunit; - } else { - $lsbw = $remainbw * 0.05; - $tmpcf['linkshare3'] = "{$lsbw}%"; /* 5% bandwidth */ - $tmpcf['bandwidth'] = $lsbw; - $tmpcf['bandwidthtype'] = "%"; - } - $tmpcf['linkshare'] = "on"; - } - array_push($tmppath, "qOthersLow"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qLow <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - array_pop($tmppath); - -/* End LAN bandwidth ------------------------------------------------------------------------------------- */ - - if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array(); @@ -1507,13 +1118,13 @@ function apply_all_choosen_items() { function wizard_get_bandwidthtype_scale($type = "b") { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index 66b4716..fa15609 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -645,48 +645,42 @@ function apply_all_choosen_items() { $upbw = floatval($config['ezshaper']['step2']["conn{$i}upload"]) * $upfactor; if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = $config['ezshaper']['step3']["conn{$i}upload"]; - $voipbwunit = $config['ezshaper']['step3']["conn{$i}uploadspeed"]; - if ($sched != "HFSC") { - if ($voipbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += $voipbw * $factor; - } else - $remainbw += 32000; /* 32Kbit/s forHFSC linksharing */ - //echo "<br/>" .$remainbw . " : hmmm " .intval($config['ezshaper']['step3']["conn{$i}upload"]) ."/". $factor; + $voip = true; + $voipbw = $config['ezshaper']['step3']["conn{$i}upload"]; + $voipbwunit = $config['ezshaper']['step3']["conn{$i}uploadspeed"]; + if ($voipbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($voipbwunit); + $remainbw += $voipbw * $factor; } if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += $penaltybw * $factor; - //echo "<br/>".$remainbw . " : hmmm " . ($config['ezshaper']['step4']['bandwidth']) . " / " .$factor; + $penalty = true; + $penaltybw = $config['ezshaper']['step4']['bandwidth']; + $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; + if ($penaltybwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($penaltybwunit); + $remainbw += $penaltybw * $factor; } else { - $penalty = false; - $penaltybw = 0; + $penalty = false; + $penaltybw = 0; } if ($config['ezshaper']['step5']['enable']) { $p2p = true; if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += $p2pcatchbw * $factor; - //echo "<br/>".$remainbw . " : hmmm " . floatval($config['ezshaper']['step5']['bandwidth']) ."/".$factor; + $p2pcatchall = true; + $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; + $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; + if ($p2pcatchbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); + $remainbw += $p2pcatchbw * $factor; } else { - $p2pcatchall = false; - $p2pcatchbw = 0; + $p2pcatchall = false; + $p2pcatchbw = 0; } } else { $p2p = false; @@ -704,7 +698,6 @@ function apply_all_choosen_items() { } else { $otherpriority = false; } - //echo "<br/>" .$remainbw . " <br/>"; $remainbw = round($remainbw / $upbw * 100, 2); if (intval($remainbw) > 0 && intval($remainbw) > 30) { @@ -1002,389 +995,6 @@ function apply_all_choosen_items() { } array_pop($tmppath); - $downfactor = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $downbw = floatval($config['ezshaper']['step2']["conn{$i}download"]) * $downfactor; - - $tmppath = array(); - $altq =& new altq_root_queue(); - - $altq->SetInterface($config['ezshaper']['step2']["local{$i}interface"]); - $altq->SetScheduler($config['ezshaper']['step2']["local{$i}downloadscheduler"]); - $altq->SetBandwidth($config['ezshaper']['step2']["conn{$i}download"]); - $altq->SetBwscale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $altq->SetEnabled("on"); - $altq_list_queues[$altq->GetQname()] =& $altq; - array_push($tmppath, $config['ezshaper']['step2']["local{$i}interface"]); - $altq->SetLink($tmppath); - //var_dump($input_errors); - $altq->wconfig(); - - $sched = $config['ezshaper']['step2']["local{$i}downloadscheduler"]; - $voipbw =0; - $voipbwunit = "%"; - $voip = false; - $penalty = false; - $penaltybw = 0; - $penaltybwunit = "%"; - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - $games = false; - $otherpriority = false; - $remainbw = 0; - - - if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = $config['ezshaper']['step3']["local{$i}download"]; - $voipbwunit = $config['ezshaper']['step3']["local{$i}downloadspeed"]; - if ($sched != HFSC) { - if ($penaltybwunit == "%") - $factor = $downbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += floatval($voipbw) * $factor; - } else - $remainbw += 32000; /* 32Kbit/s reserved for HFSC linksharing */ - } - if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $downbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += floatval($penaltybw) * $factor; - } else { - $penalty = false; - $penaltybw = 0; - } - if ($config['ezshaper']['step5']['enable']) { - $p2p = true; - if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $downbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += floatval($p2pcatchbw) * $factor; - } else { - $p2pcatchall = false; - $p2pcatchbw = 0; - } - } else { - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - } - if ($config['ezshaper']['step6']['enable']) { - $games = true; - } else { - $games = false; - } - - if ($config['ezshaper']['step7']['enable']) { - $otherpriority = true; - } else { - $otherpriority = false; - } - $remainbw = round($remainbw / $downbw * 100, 2); - if (intval($remainbw) > 0 && intval($remainbw) > 40) { - $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_dedicated.xml&stepid=2&message={$savemsg}"); - exit; - } else { - $remainbw = 100 - $remainbw; - } - - if ($sched != "PRIQ") { - if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qInternet"; - //$tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['bandwidth'] = floatval($config['ezshaper']['step2']["conn{$i}download"]); - $tmpcf['bandwidthtype'] = $config['ezshaper']['step2']["conn{$i}downloadspeed"]; - } - else if ($sched == "HFSC") { - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = floatval($config['ezshaper']['step2']["conn{$i}download"]) . $config['ezshaper']['step2']["conn{$i}downloadspeed"]; - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = floatval($config['ezshaper']['step2']["conn{$i}download"]) . $config['ezshaper']['step2']["conn{$i}downloadspeed"]; - $tmpcf['bandwidth'] = floatval($config['ezshaper']['step2']["conn{$i}download"]); - $tmpcf['bandwidthtype'] = $config['ezshaper']['step2']["conn{$i}downloadspeed"]; - } - array_push($tmppath, "qInternet"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - //array_pop($tmppath); - //echo "qInternet <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - $altq =& $qtmp; - } - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qACK"; - $tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; - $tmpcf['bandwidthtype'] = "%"; - } - else if ($sched == "HFSC") { - $lkbw = 0.20 * $remainbw; - $tmpcf['linkshare3'] = "{$lkbw}%"; - $tmpcf['linkshare'] = "on"; - $tmpcf['bandwidth'] = $lkbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qACK"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qACK $remainbw <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - if ($p2pcatchall) - $tmpcf['name'] = "qOthersDefault"; - else - $tmpcf['name'] = "qDefault"; - $tmpcf['priority'] = 3; - $tmpcf['enabled'] = "on"; - if (!$p2pcatchall) - $tmpcf['default'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, $tmpcf['name']); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qDefault <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($p2p) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qP2P"; - $tmpcf['priority'] = 1; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($p2pcatchall) { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } - $tmpcf['default'] = "on"; - - } else { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpbw = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$tmpbw}%"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$tmpbw}%"; - $tmpcf['bandwidth'] = $tmpbw; - $tmpcf['bandwidthtype'] = "%"; - } - } - array_push($tmppath, "qP2P"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qP2P <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($voip) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qVoIP"; - $tmpcf['priority'] = 7; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($voipbw > 0) { - $tmpcf['bandwidth'] = $voipbw; - $tmpcf['bandwidthtype'] = $voipbwunit; - } else { - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - } else if ($sched == "HFSC") { - if ($voipbw > 0) { - $tmpcf['realtime3'] = "{$voipbw}{$voipbwunit}"; - } else { - $voipbw = $remainbw * 0.20; /* 20% bandwidth */ - $tmpcf['realtime3'] = "{$voipbw}%"; - } - $tmpcf['realtime'] = "on"; - $tmpcf['bandwidth'] = 32; - $tmpcf['bandwidthtype'] = "Kb"; - } - array_push($tmppath, "qVoIP"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qVoIP <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($games) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qGames"; - $tmpcf['priority'] = 5; - $tmpcf['enabled'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $gamesbw = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$gamesbw}%"; - $tmpcf['bandwidth'] = "{$gamesbw}"; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qGames"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qGames <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($otherpriority) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersHigh"; - $tmpcf['priority'] = 4; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $otherbw = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['linkshare3'] = "{$otherbw}%"; - $tmpcf['bandwidth'] = $otherbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qOthersHigh"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qHigh <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($penalty) { - $tmpcf['bandwidth'] = $penaltybw; - $tmpcf['bandwidthtype'] = $penaltybwunit; - } else { - $tmpcf['bandwidthtype'] = "%"; - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - } - } else if ($sched == "HFSC") { - if ($penalty) { - $tmpcf['linkshare3'] = "{$penaltybw}{$penaltybwunit}"; - $tmpcf['bandwidth'] = $penaltybw; - $tmpcf['bandwidthtype'] = $penaltybwunit; - } else { - $lsbw = $remainbw * 0.05; - $tmpcf['linkshare3'] = "{$lsbw}%"; /* 5% bandwidth */ - $tmpcf['bandwidth'] = $lsbw; - $tmpcf['bandwidthtype'] = "%"; - } - $tmpcf['linkshare'] = "on"; - } - array_push($tmppath, "qOthersLow"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qLow <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - array_pop($tmppath); } @@ -1567,13 +1177,13 @@ function apply_all_choosen_items() { function wizard_get_bandwidthtype_scale($type = "b") { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index 6568dc1..7c13c6c 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -681,75 +681,69 @@ function apply_all_choosen_items() { $voip = true; $voipbw = $config['ezshaper']['step3']["conn{$i}upload"]; $voipbwunit = $config['ezshaper']['step3']["conn{$i}uploadspeed"]; - if ($sched != "HFSC") { - if ($voipbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += $voipbw * $factor; - } else - $remainbw += 32000; /* 32Kbit/s forHFSC linksharing */ - //echo "<br/>" .$remainbw . " : hmmm " .intval($config['ezshaper']['step3']["conn{$i}upload"]) ."/". $factor; - } - if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") + if ($voipbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($voipbwunit); + $remainbw += $voipbw * $factor; + } + if ($config['ezshaper']['step4']['enable']) { + $penalty = true; + $penaltybw = $config['ezshaper']['step4']['bandwidth']; + $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; + if ($penaltybwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($penaltybwunit); + $remainbw += $penaltybw * $factor; + } else { + $penalty = false; + $penaltybw = 0; + } + if ($config['ezshaper']['step5']['enable']) { + $p2p = true; + if ($config['ezshaper']['step5']['p2pcatchall']) { + $p2pcatchall = true; + $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; + $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; + if ($p2pcatchbwunit == "%") $factor = $upbw/100; else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += $penaltybw * $factor; - //echo "<br/>".$remainbw . " : hmmm " . ($config['ezshaper']['step4']['bandwidth']) . " / " .$factor; + $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); + $remainbw += $p2pcatchbw * $factor; } else { - $penalty = false; - $penaltybw = 0; - } - if ($config['ezshaper']['step5']['enable']) { - $p2p = true; - if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += $p2pcatchbw * $factor; - //echo "<br/>".$remainbw . " : hmmm " . floatval($config['ezshaper']['step5']['bandwidth']) ."/".$factor; - } else { - $p2pcatchall = false; - $p2pcatchbw = 0; - } - } else { - $p2p = false; $p2pcatchall = false; $p2pcatchbw = 0; } - if ($config['ezshaper']['step6']['enable']) { - $games = true; - } else { - $games = false; - } + } else { + $p2p = false; + $p2pcatchall = false; + $p2pcatchbw = 0; + } + if ($config['ezshaper']['step6']['enable']) { + $games = true; + } else { + $games = false; + } - if ($config['ezshaper']['step7']['enable']) { - $otherpriority = true; - } else { - $otherpriority = false; - } + if ($config['ezshaper']['step7']['enable']) { + $otherpriority = true; + } else { + $otherpriority = false; + } - $remainbw = round($remainbw / $upbw * 100, 2); + $remainbw = round($remainbw / $upbw * 100, 2); - if (intval($remainbw) > 0 && intval($remainbw) > 30) { - $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); - exit; - } else { - $remainbw = 100 - $remainbw; - } + if (intval($remainbw) > 0 && intval($remainbw) > 30) { + $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); + header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); + exit; + } else { + $remainbw = 100 - $remainbw; + } - if ($sched != "PRIQ") { - if ($sched == "CBQ") + if ($sched != "PRIQ") { + if ($sched == "CBQ") $q =& new cbq_queue(); else if ($sched == "HFSC") $q =& new hfsc_queue(); @@ -1039,404 +1033,6 @@ function apply_all_choosen_items() { array_pop($tmppath); } -/* LAN bandwidth ----------------------------------------------------------------------------------------- */ - $localint = intval($config['ezshaper']['step1']['numberoflocalinterfaces']); - $lanbw = 0; - for ($i = 0; $i < $steps; $i++) { - $down = wizard_get_bandwidthtype_scale($config['ezshaper']['step2']["conn{$i}downloadspeed"]); - $input_bw = floatval($config['ezshaper']['step2']["conn{$i}download"]) * $down; - $lanbw += $input_bw; - } - - for ($i = 0; $i < $localint; $i++) { - - $tmppath = array(); - $altq =& new altq_root_queue(); - - $altq->SetInterface($config['ezshaper']['step2']["local{$i}interface"]); - $altq->SetScheduler($config['ezshaper']['step2']["local{$i}downloadscheduler"]); - $altq->SetBandwidth($lanbw/1000); - $altq->SetBwscale("Kb"); - $altq->SetEnabled("on"); - $altq_list_queues[$altq->GetQname()] =& $altq; - array_push($tmppath, $config['ezshaper']['step2']["local{$i}interface"]); - $altq->SetLink($tmppath); - //var_dump($input_errors); - $altq->wconfig(); - - $sched = $config['ezshaper']['step2']["local{$i}downloadscheduler"]; - $voipbw =0; - $voipbwunit = "%"; - $voip = false; - $penalty = false; - $penaltybw = 0; - $penaltybwunit = "%"; - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - $games = false; - $otherpriority = false; - $remainbw = 0; - - - if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = $config['ezshaper']['step3']["local{$i}download"]; - $voipbwunit = $config['ezshaper']['step3']["local{$i}downloadspeed"]; - if ($sched != HFSC) { - if ($penaltybwunit == "%") - $factor = $lanbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += floatval($voipbw) * $factor; - } else - $remainbw += 32000; /* 32Kbit/s reserved for HFSC linksharing */ - } - if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $lanbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += floatval($penaltybw) * $factor; - } else { - $penalty = false; - $penaltybw = 0; - } - if ($config['ezshaper']['step5']['enable']) { - $p2p = true; - if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += floatval($p2pcatchbw) * $factor; - } else { - $p2pcatchall = false; - $p2pcatchbw = 0; - } - } else { - $p2p = false; - $p2pcatchall = false; - $p2pcatchbw = 0; - } - if ($config['ezshaper']['step6']['enable']) { - $games = true; - } else { - $games = false; - } - - if ($config['ezshaper']['step7']['enable']) { - $otherpriority = true; - } else { - $otherpriority = false; - } - $remainbw = round($remainbw / $lanbw * 100, 2); - - if (intval($remainbw) > 0 && intval($remainbw) > 40) { - $savemsg=gettext("Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."); - header("Location: wizard.php?xml=traffic_shaper_wizard_multi_all.xml&stepid=2&message={$savemsg}"); - exit; - } else { - $remainbw = 100 - $remainbw; - } - - if ($sched != "PRIQ") { - if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qInternet"; - //$tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['bandwidth'] = $lanbw/1000; - $tmpcf['bandwidthtype'] = "Kb"; - } - else if ($sched == "HFSC") { - $tmpcf['linkshare3'] = $lanbw/1000 . "Kb"; - $tmpcf['upperlimit3'] = $lanbw/1000 . "Kb"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['linkshare'] = "on"; - $tmpcf['bandwidth'] = $lanbw/1000; - $tmpcf['bandwidthtype'] = "Kb"; - } - array_push($tmppath, "qInternet"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - //array_pop($tmppath); - //echo "qInternet <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - $altq =& $qtmp; - } - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qACK"; - $tmpcf['priority'] = 6; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - If ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; - $tmpcf['bandwidthtype'] = "%"; - } - else if ($sched == "HFSC") { - $lkbw = 0.20 * $remainbw; - $tmpcf['linkshare3'] = "{$lkbw}%"; - $tmpcf['linkshare'] = "on"; - $tmpcf['bandwidth'] = $lkbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qACK"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qACK <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - if ($p2pcatchall) - $tmpcf['name'] = "qOthersDefault"; - else - $tmpcf['name'] = "qDefault"; - $tmpcf['priority'] = 3; - $tmpcf['enabled'] = "on"; - if (!$p2pcatchall) - $tmpcf['default'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, $tmpcf['name']); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qDefault <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - if ($p2p) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qP2P"; - $tmpcf['priority'] = 1; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($p2pcatchall) { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$p2pcatchbw}{$p2pcatchbwunit}"; - $tmpcf['bandwidth'] = $p2pcatchbw; - $tmpcf['bandwidthtype'] = $p2pcatchbwunit; - } - $tmpcf['default'] = "on"; - - } else { - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpbw = $remainbw * 0.05; /* 5% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$tmpbw}%"; - $tmpcf['upperlimit'] = "on"; - $tmpcf['upperlimit3'] = "{$tmpbw}%"; - $tmpcf['bandwidth'] = $tmpbw; - $tmpcf['bandwidthtype'] = "%"; - } - } - array_push($tmppath, "qP2P"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qP2P <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($voip) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qVoIP"; - $tmpcf['priority'] = 7; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($voipbw > 0) { - $tmpcf['bandwidth'] = $voipbw; - $tmpcf['bandwidthtype'] = $voipbwunit; - } else { - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } - } else if ($sched == "HFSC") { - if ($voipbw > 0) { - $tmpcf['realtime3'] = "{$voipbw}{$voipbwunit}"; - } else { - $voipbw = $remainbw * 0.20; /* 20% bandwidth */ - $tmpcf['realtime3'] = "{$voipbw}%"; - } - $tmpcf['realtime'] = "on"; - $tmpcf['bandwidth'] = 32; - $tmpcf['bandwidthtype'] = "Kb"; - } - array_push($tmppath, "qVoIP"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qVoIP <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($games) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qGames"; - $tmpcf['priority'] = 5; - $tmpcf['enabled'] = "on"; - $tmpcf['ecn'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $gamesbw = $remainbw * 0.2; /* 20% bandwidth */ - $tmpcf['linkshare'] = "on"; - $tmpcf['linkshare3'] = "{$gamesbw}%"; - $tmpcf['bandwidth'] = "{$gamesbw}"; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qGames"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qGames <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - - if ($otherpriority) { - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersHigh"; - $tmpcf['priority'] = 4; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - $tmpcf['bandwidth'] = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['bandwidthtype'] = "%"; - } else if ($sched == "HFSC") { - $tmpcf['linkshare'] = "on"; - $otherbw = $remainbw * 0.1; /* 10% bandwidth */ - $tmpcf['linkshare3'] = "{$otherbw}%"; - $tmpcf['bandwidth'] = $otherbw; - $tmpcf['bandwidthtype'] = "%"; - } - array_push($tmppath, "qOthersHigh"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qHigh <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - - - if ($sched == "PRIQ") - $q =& new priq_queue(); - else if ($sched == "CBQ") - $q =& new cbq_queue(); - else if ($sched == "HFSC") - $q =& new hfsc_queue(); - $tmpcf = array(); - $tmpcf['name'] = "qOthersLow"; - $tmpcf['priority'] = 2; - $tmpcf['ecn'] = "on"; - $tmpcf['enabled'] = "on"; - if ($sched == "CBQ") { - $tmpcf['borrow'] = "on"; - if ($penalty) { - $tmpcf['bandwidth'] = $penaltybw; - $tmpcf['bandwidthtype'] = $penaltybwunit; - } else { - $tmpcf['bandwidthtype'] = "%"; - $tmpcf['bandwidth'] = $remainbw * 0.05; /* 5% bandwidth */ - } - } else if ($sched == "HFSC") { - if ($penalty) { - $tmpcf['linkshare3'] = "{$penaltybw}{$penaltybwunit}"; - $tmpcf['bandwidth'] = $penaltybw; - $tmpcf['bandwidthtype'] = $penaltybwunit; - } else { - $lsbw = $remainbw * 0.05; - $tmpcf['linkshare3'] = "{$lsbw}%"; /* 5% bandwidth */ - $tmpcf['bandwidth'] = $lsbw; - $tmpcf['bandwidthtype'] = "%"; - } - $tmpcf['linkshare'] = "on"; - } - array_push($tmppath, "qOthersLow"); - $qtmp =& $altq->add_queue($q, &$tmpcf, &$tmppath, $input_errors); - array_pop($tmppath); - //echo "qLow <br />"; - //var_dump($input_errors); - $qtmp->wconfig(); - } - array_pop($tmppath); - } - -/* End LAN bandwidth ------------------------------------------------------------------------------------- */ - - - if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array(); @@ -1614,13 +1210,13 @@ function apply_all_choosen_items() { function wizard_get_bandwidthtype_scale($type = "b") { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index 99f5c35..44d5314 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -458,45 +458,42 @@ function apply_all_choosen_items() { $upbw = floatval($config['ezshaper']['step2']["conndownload"]) * $upfactor; if ($config['ezshaper']['step3']['enable']) { - $voip = true; - $voipbw = $config['ezshaper']['step3']["conndownload"]; - $voipbwunit = $config['ezshaper']['step3']["conndownloadspeed"]; - if ($sched != "HFSC") { - if ($voipbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($voipbwunit); - $remainbw += $voipbw * $factor; - } else - $remainbw += 32000; /* 32Kbit/s forHFSC linksharing */ + $voip = true; + $voipbw = $config['ezshaper']['step3']["conndownload"]; + $voipbwunit = $config['ezshaper']['step3']["conndownloadspeed"]; + if ($voipbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($voipbwunit); + $remainbw += $voipbw * $factor; } if ($config['ezshaper']['step4']['enable']) { - $penalty = true; - $penaltybw = $config['ezshaper']['step4']['bandwidth']; - $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; - if ($penaltybwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($penaltybwunit); - $remainbw += $penaltybw * $factor; + $penalty = true; + $penaltybw = $config['ezshaper']['step4']['bandwidth']; + $penaltybwunit = $config['ezshaper']['step4']['bandwidthunit']; + if ($penaltybwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($penaltybwunit); + $remainbw += $penaltybw * $factor; } else { - $penalty = false; - $penaltybw = 0; + $penalty = false; + $penaltybw = 0; } if ($config['ezshaper']['step5']['enable']) { $p2p = true; if ($config['ezshaper']['step5']['p2pcatchall']) { - $p2pcatchall = true; - $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; - $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; - if ($p2pcatchbwunit == "%") - $factor = $upbw/100; - else - $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); - $remainbw += $p2pcatchbw * $factor; + $p2pcatchall = true; + $p2pcatchbw = $config['ezshaper']['step5']['bandwidth']; + $p2pcatchbwunit = $config['ezshaper']['step5']['bandwidthunit']; + if ($p2pcatchbwunit == "%") + $factor = $upbw/100; + else + $factor = wizard_get_bandwidthtype_scale($p2pcatchbwunit); + $remainbw += $p2pcatchbw * $factor; } else { - $p2pcatchall = false; - $p2pcatchbw = 0; + $p2pcatchall = false; + $p2pcatchbw = 0; } } else { $p2p = false; @@ -1350,19 +1347,19 @@ function apply_all_choosen_items() { function wizard_get_bandwidthtype_scale($type = "b") { switch ($type) { - case "Gb": - $factor = 1000 * 1000 * 1000; - break; - case "Mb": - $factor = 1000 * 1000; - break; - case "Kb": - $factor = 1000; - break; - case "b": - default: + case "Gb": + $factor = 1024 * 1024 * 1024; + break; + case "Mb": + $factor = 1024 * 1024; + break; + case "Kb": + $factor = 1024; + break; + case "b": + default: $factor = 1; - break; + break; } return intval($factor); } |
