diff options
36 files changed, 686 insertions, 432 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 3a0bb64..b3cbaf4 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -1,7 +1,7 @@ <?xml version="1.0"?> <!-- pfSense default system configuration --> <pfsense> - <version>7.9</version> + <version>8.0</version> <lastchange></lastchange> <theme>pfsense_ng</theme> <sysctl> diff --git a/etc/ca_countries b/etc/ca_countries new file mode 100644 index 0000000..291711c --- /dev/null +++ b/etc/ca_countries @@ -0,0 +1,245 @@ +US United States of America +CA Canada +AX Aland Islands +AD Andorra +AE United Arab Emirates +AF Afghanistan +AG Antigua and Barbuda +AI Anguilla +AL Albania +AM Armenia +AN Netherlands Antilles +AO Angola +AQ Antarctica +AR Argentina +AS American Samoa +AT Austria +AU Australia +AW Aruba +AZ Azerbaijan +BA Bosnia and Herzegovina +BB Barbados +BD Bangladesh +BE Belgium +BF Burkina Faso +BG Bulgaria +BH Bahrain +BI Burundi +BJ Benin +BM Bermuda +BN Brunei Darussalam +BO Bolivia +BR Brazil +BS Bahamas +BT Bhutan +BV Bouvet Island +BW Botswana +BZ Belize +CA Canada +CC Cocos (Keeling) Islands +CF Central African Republic +CH Switzerland +CI Cote D'Ivoire (Ivory Coast) +CK Cook Islands +CL Chile +CM Cameroon +CN China +CO Colombia +CR Costa Rica +CS Czechoslovakia (former) +CV Cape Verde +CX Christmas Island +CY Cyprus +CZ Czech Republic +DE Germany +DJ Djibouti +DK Denmark +DM Dominica +DO Dominican Republic +DZ Algeria +EC Ecuador +EE Estonia +EG Egypt +EH Western Sahara +ER Eritrea +ES Spain +ET Ethiopia +FI Finland +FJ Fiji +FK Falkland Islands (Malvinas) +FM Micronesia +FO Faroe Islands +FR France +FX France, Metropolitan +GA Gabon +GB Great Britain (UK) +GD Grenada +GE Georgia +GF French Guiana +GG Guernsey +GH Ghana +GI Gibraltar +GL Greenland +GM Gambia +GN Guinea +GP Guadeloupe +GQ Equatorial Guinea +GR Greece +GS S. Georgia and S. Sandwich Isls. +GT Guatemala +GU Guam +GW Guinea-Bissau +GY Guyana +HK Hong Kong +HM Heard and McDonald Islands +HN Honduras +HR Croatia (Hrvatska) +HT Haiti +HU Hungary +ID Indonesia +IE Ireland +IL Israel +IM Isle of Man +IN India +IO British Indian Ocean Territory +IS Iceland +IT Italy +JE Jersey +JM Jamaica +JO Jordan +JP Japan +KE Kenya +KG Kyrgyzstan +KH Cambodia +KI Kiribati +KM Comoros +KN Saint Kitts and Nevis +KR Korea (South) +KW Kuwait +KY Cayman Islands +KZ Kazakhstan +LA Laos +LC Saint Lucia +LI Liechtenstein +LK Sri Lanka +LS Lesotho +LT Lithuania +LU Luxembourg +LV Latvia +LY Libya +MA Morocco +MC Monaco +MD Moldova +ME Montenegro +MG Madagascar +MH Marshall Islands +MK Macedonia +ML Mali +MM Myanmar +MN Mongolia +MO Macau +MP Northern Mariana Islands +MQ Martinique +MR Mauritania +MS Montserrat +MT Malta +MU Mauritius +MV Maldives +MW Malawi +MX Mexico +MY Malaysia +MZ Mozambique +NA Namibia +NC New Caledonia +NE Niger +NF Norfolk Island +NG Nigeria +NI Nicaragua +NL Netherlands +NO Norway +NP Nepal +NR Nauru +NT Neutral Zone +NU Niue +NZ New Zealand (Aotearoa) +OM Oman +PA Panama +PE Peru +PF French Polynesia +PG Papua New Guinea +PH Philippines +PK Pakistan +PL Poland +PM St. Pierre and Miquelon +PN Pitcairn +PR Puerto Rico +PS Palestinian Territory +PT Portugal +PW Palau +PY Paraguay +QA Qatar +RE Reunion +RO Romania +RS Serbia +RU Russian Federation +RW Rwanda +SA Saudi Arabia +SB Solomon Islands +SC Seychelles +SE Sweden +SG Singapore +SH St. Helena +SI Slovenia +SJ Svalbard and Jan Mayen Islands +SK Slovak Republic +SL Sierra Leone +SM San Marino +SN Senegal +SR Suriname +ST Sao Tome and Principe +SU USSR (former) +SV El Salvador +SZ Swaziland +TC Turks and Caicos Islands +TD Chad +TF French Southern Territories +TG Togo +TH Thailand +TJ Tajikistan +TK Tokelau +TM Turkmenistan +TN Tunisia +TO Tonga +TP East Timor +TR Turkey +TT Trinidad and Tobago +TV Tuvalu +TW Taiwan +TZ Tanzania +UA Ukraine +UG Uganda +UM US Minor Outlying Islands +US United States +UY Uruguay +UZ Uzbekistan +VA Vatican City State (Holy See) +VC Saint Vincent and the Grenadines +VE Venezuela +VG Virgin Islands (British) +VI Virgin Islands (U.S.) +VN Viet Nam +VU Vanuatu +WF Wallis and Futuna Islands +WS Samoa +YE Yemen +YT Mayotte +ZA South Africa +ZM Zambia +COM US Commercial +EDU US Educational +GOV US Government +INT International +MIL US Military +NET Network +ORG Non-Profit Organization +ARPA Old style Arpanet diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 5d6074e..a6bdb33 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -652,6 +652,13 @@ function captiveportal_prune_old() { * had a chance to iterate over all accounts. */ $unsetindexes = array(); + $voucher_needs_sync = false; + /* + * Snapshot the time here to use for calculation to speed up the process. + * If something is missed next run will catch it! + */ + $pruning_time = time(); + $stop_time = $pruning_time; foreach ($cpdb as $cpentry) { $timedout = false; @@ -659,7 +666,7 @@ function captiveportal_prune_old() { /* hard timeout? */ if ($timeout) { - if ((time() - $cpentry[0]) >= $timeout) { + if (($pruning_time - $cpentry[0]) >= $timeout) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -667,7 +674,7 @@ function captiveportal_prune_old() { /* Session-Terminate-Time */ if (!$timedout && !empty($cpentry[9])) { - if (time() >= $cpentry[9]) { + if ($pruning_time >= $cpentry[9]) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -682,7 +689,7 @@ function captiveportal_prune_old() { * We "fix" this by setting lastact to the login timestamp. */ $lastact = $lastact ? $lastact : $cpentry[0]; - if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + if ($lastact && (($pruning_time - $lastact) >= $uidletimeout)) { $timedout = true; $term_cause = 4; // Idle-Timeout $stop_time = $lastact; // Entry added to comply with WISPr @@ -691,15 +698,16 @@ function captiveportal_prune_old() { /* if vouchers are configured, activate session timeouts */ if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout + $voucher_needs_sync = true; } } /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) { - if (time() >= ($cpentry[0] + $cpentry[7])) { + if ($pruning_time >= ($cpentry[0] + $cpentry[7])) { $timedout = true; $term_cause = 5; // Session-Timeout } @@ -762,6 +770,10 @@ function captiveportal_prune_old() { } } + if ($voucher_needs_sync == true) + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + /* write database */ if (!empty($unsetindexes)) captiveportal_write_db($cpdb, false, $unsetindexes); @@ -814,7 +826,7 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $syncport = $config['voucher']['vouchersyncport']; $syncpass = $config['voucher']['vouchersyncpass']; $vouchersyncusername = $config['voucher']['vouchersyncusername']; - $remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); + $remote_status = xmlrpc_sync_voucher_disconnect($dbent, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); } } @@ -1195,7 +1207,7 @@ function radius($username,$password,$clientip,$clientmac,$type) { } /* read captive portal DB into array */ -function captiveportal_read_db($locked = false) { +function captiveportal_read_db($locked = false, $index = 5 /* sessionid by default */) { global $g; $cpdb = array(); @@ -1209,7 +1221,7 @@ function captiveportal_read_db($locked = false) { if ($line) { $cpe = explode(",", $line); /* Hash by session id */ - $cpdb[$cpe[5]] = $cpe; + $cpdb[$cpe[$index]] = $cpe; } } fclose($fd); @@ -1229,8 +1241,12 @@ function captiveportal_write_db($cpdb, $locked = false, $remove = false) { if (is_array($remove)) { if (!empty($remove)) { $cpdb = captiveportal_read_db(true); - foreach ($remove as $key) - unset($cpdb[$key]); + foreach ($remove as $key) { + if (is_array($key)) + log_error("Captive portal Array passed as unset index: " . print_r($key, true)); + else + unset($cpdb[$key]); + } } else return; //This makes sure no record removal calls } @@ -1609,6 +1625,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut } } + /* Snaphost the timestamp */ + $allow_time = time(); + foreach ($cpdb as $sid => $cpentry) { /* on the same ip */ if($cpentry[2] == $clientip) { @@ -1619,7 +1638,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { // user logged in with an active voucher. Check for how long and calculate // how much time we can give him (voucher credit - used time) - $remaining_time = $cpentry[0] + $cpentry[7] - time(); + $remaining_time = $cpentry[0] + $cpentry[7] - $allow_time; if ($remaining_time < 0) // just in case. $remaining_time = 0; @@ -1713,7 +1732,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* encode password in Base64 just in case it contains commas */ $bpassword = base64_encode($password); - $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, + $cpdb[] = array($allow_time, $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']); /* rewrite information to database */ diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 7232d14..d5e0f62 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -342,8 +342,10 @@ function conf_mount_rw() { function conf_mount_ro() { global $g; + /* Do not trust $g['platform'] since this can be clobbered during factory reset. */ + $platform = trim(file_get_contents("/etc/platform")); /* do not umount on cdrom or pfSense platforms */ - if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") + if($platform == "cdrom" or $platform == "pfSense") return; if($g['booting']) diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 07fdf95..340fbc1 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -408,7 +408,7 @@ * Private Function (added 12 July 2005) [beta] * Retrieve Update Status */ - function _checkStatus($data) { + function _checkStatus($ch, $data) { log_error("DynDns: DynDns _checkStatus() starting."); log_error("DynDns: Current Service: {$this->_dnsService}"); $successful_update = false; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e5bc59a..3ca5d3d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -505,11 +505,13 @@ function filter_expand_alias($alias_name) } function filter_generate_aliases() { - global $config, $FilterIflist; + global $config, $FilterIflist, $after_filter_configure_run; + if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_generate_aliases() being called $mt\n"; } + $alias = "#System aliases\n "; $aliases = "loopback = \"{ lo0 }\"\n"; @@ -555,9 +557,10 @@ function filter_generate_aliases() { case "network": case "url": $tableaddrs = "{$addrlist}{$extralias}"; - if(empty($tableaddrs)) + if(empty($tableaddrs)) { $aliases .= "table <{$aliased['name']}> persist\n"; - else + $after_filter_configure_run[] = "/sbin/pfctl -T flush -t " . escapeshellarg($aliased['name']); + } else $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 6993148..3bd0de2 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -91,7 +91,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "7.9", + "latest_config" => "8.0", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 1858be4..0fe6bfc 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -84,6 +84,46 @@ function does_interface_exist($interface) { return false; } +/* + * does_vip_exist($vip): return true or false if a vip is + * configured. + */ +function does_vip_exist($vip) { + global $config; + + if(!$vip) + return false; + + + switch ($vip['mode']) { + case "carp": + case "carpdev": + $realif = "vip{$vip['vhid']}"; + if (!does_interface_exist($realif)) { + return false; + } + break; + case "ipalias": + $realif = get_real_interface($vip['interface']); + if (!does_interface_exist($realif)) { + return false; + } + break; + case "proxyarp": + /* XXX: Implement this */ + default: + return false; + } + + $ifacedata = pfSense_getall_interface_addresses($realif); + foreach ($ifacedata as $vipips) { + if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}") + return true; + } + + return false; +} + function interface_netgraph_needed($interface = "wan") { global $config; @@ -3277,8 +3317,12 @@ function link_interface_to_vips($int, $action = "") { foreach ($config['virtualip']['vip'] as $vip) { if ($int == $vip['interface']) { if ($action == "update") { - interface_vip_bring_down($vip); - interfaces_vips_configure($int); + if ($vip['mode'] == "carp" && !does_interface_exist("vip{$vip['vhid']}")) + interfaces_vips_configure($int); + else { + interface_vip_bring_down($vip); + interfaces_vips_configure($int); + } } else return $vip; } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index bf69eda..f427cec 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -86,7 +86,9 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - $resolvconf = "domain {$syscfg['domain']}\n"; + // Do not create blank domain lines, it breaks tools like dig. + if($syscfg['domain']) + $resolvconf = "domain {$syscfg['domain']}\n"; $havedns = false; @@ -739,8 +741,10 @@ function system_webgui_start() { } /* generate lighttpd configuration */ + $max_procs = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf", - $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/"); + $crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/", + "cert.pem", "ca.pem", $max_procs); /* attempt to start lighthttpd */ $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf"); @@ -820,6 +824,7 @@ function system_generate_lighty_config($filename, } // Ramp up captive portal max procs + // Work relative to the default of 2, for values that would be >2. if($captive_portal == true) { if($avail > 65 and $avail < 98) { $max_procs = 1; @@ -828,38 +833,38 @@ function system_generate_lighty_config($filename, $max_procs = 2; } if($avail > 127 and $avail < 256) { - $max_procs = 3; + $max_procs += 1; } if($avail > 255 and $avail < 384) { - $max_procs = 4; + $max_procs += 2; } if($avail > 383) { - $max_procs = 5; + $max_procs += 3; } } if($captive_portal == true) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; } else if ($avail > 0 and $avail < 128) { $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "2", - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "2", + ), EOC; } else $bin_environment = <<<EOC - "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "$max_procs", - "PHP_FCGI_MAX_REQUESTS" => "500" - ), + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "$max_procs", + "PHP_FCGI_MAX_REQUESTS" => "500" + ), EOC; if($fast_cgi_enable == true) { @@ -874,7 +879,7 @@ fastcgi.server = ( ".php" => "socket" => "{$g['tmp_path']}/php-fastcgi.socket", "min-procs" => 0, "max-procs" => {$max_procs}, - {$bin_environment} +{$bin_environment} "bin-path" => "/usr/local/bin/php" ) ) @@ -1171,9 +1176,16 @@ function system_ntp_configure() { $xmlsettings = $config['installedpackages']['openntpd']['config'][0]; if ($xmlsettings['enable'] == 'on') { $ifaces = explode(',', $xmlsettings['interface']); - $ifaces = array_map('get_real_interface', $ifaces); - $ifaces = array_filter($ifaces, 'does_interface_exist'); - $ips = array_map('find_interface_ip', $ifaces); + $ips = array(); + foreach ($ifaces as $if) { + if (is_ipaddr($if)) { + $ips[] = $if; + } else { + $if = get_real_interface($if); + if (does_interface_exist($if)) + $ips[] = find_interface_ip($if); + } + } foreach ($ips as $ip) { if (is_ipaddr($ip)) $ntpcfg .= "listen on $ip\n"; @@ -1494,4 +1506,23 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } +function openntpd_get_listen_ips() { + $interfaces = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + $listenips = array(); + foreach ($carplist as $cif => $carpip) + $interfaces[$cif] = $carpip." (".get_vip_descr($carpip).")"; + $aliaslist = get_configured_ip_aliases_list(); + foreach ($aliaslist as $aliasip => $aliasif) + $interfaces[$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + foreach ($interfaces as $iface => $ifacename) { + $tmp["name"] = $ifacename; + $tmp["value"] = $iface; + $listenips[] = $tmp; + } + $tmp["name"] = "Localhost"; + $tmp["value"] = "lo0"; + $listenips[] = $tmp; + return $listenips; +} ?> diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 714e11d..e7e632a 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2497,4 +2497,15 @@ function upgrade_078_to_079() { unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd"); } +function upgrade_079_to_080() { + global $config; + + /* Upgrade config in 1.2.3 specifying a username other than admin for synching. */ + if (!empty($config['system']['username']) && is_array($config['installedpackages']['carpsettings']) && + is_array($config['installedpackages']['carpsettings']['config'])) { + $config['installedpackages']['carpsettings']['config'][0]['username'] = $config['system']['username']; + unset($config['system']['username']); + } +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index b353004..e27c1b0 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1250,29 +1250,30 @@ function is_interface_vlan_mismatch() { } function is_interface_mismatch() { - global $config, $g; + global $config, $g; - /* XXX: Should we process only enabled interfaces?! */ - $do_assign = false; - $i = 0; + $do_assign = false; + $i = 0; if (is_array($config['interfaces'])) { - foreach ($config['interfaces'] as $ifname => $ifcfg) { - if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { - $i++; - } - else if (does_interface_exist($ifcfg['if']) == false) { + foreach ($config['interfaces'] as $ifname => $ifcfg) { + if (preg_match("/^enc|^cua|^tun|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { + // Do not check these interfaces. + $i++; + continue; + } + else if (does_interface_exist($ifcfg['if']) == false) { $do_assign = true; - } else - $i++; - } + } else + $i++; + } } - if ($g['minimum_nic_count'] > $i) { - $do_assign = true; - } else if (file_exists("{$g['tmp_path']}/assign_complete")) - $do_assign = false; + if ($g['minimum_nic_count'] > $i) { + $do_assign = true; + } else if (file_exists("{$g['tmp_path']}/assign_complete")) + $do_assign = false; - return $do_assign; + return $do_assign; } /* sync carp entries to other firewalls */ diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index dda49d2..d50269f 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -29,7 +29,7 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/local/bin/voucher /usr/local/bin/minicron + pfSense_BUILDER_BINARIES: /usr/local/bin/voucher pfSense_MODULE: captiveportal */ @@ -213,6 +213,9 @@ function voucher_expire($voucher_received) { $a_vouchers_received = split("[\t\n\r ]+",$voucher_received); $active_dirty = false; + $cpdb = captiveportal_read_db(false, 4); /* Indexed by Voucher */ + $unsetindexes[] = array(); + // go through all received vouchers, check their valid and extract // Roll# and Ticket# using the external readvoucher binary foreach ($a_vouchers_received as $voucher) { @@ -242,6 +245,15 @@ function voucher_expire($voucher_received) { if (!(ord($bitstring[$roll][$pos]) & $mask)) $bitstring[$roll][$pos] = chr(ord($bitstring[$roll][$pos]) | $mask); captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire"); + + /* Check if this voucher has any active sessions */ + if (isset($cpdb[$voucher])) { + $cpentry = $cpdb[$voucher]; + captiveportal_disconnect($cpentry,null,13); + captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION"); + unset($cpdb[$voucher]); + $unsetindexes[] = $cpentry[5]; + } } else captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } else @@ -253,6 +265,9 @@ function voucher_expire($voucher_received) { if ($active_dirty == true) { foreach ($active_vouchers as $roll => $active) voucher_write_active_db($roll, $active); + + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); } // Write back the used DB's @@ -269,6 +284,10 @@ function voucher_expire($voucher_received) { unlock($voucherlck); + /* Write database */ + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); + return true; } @@ -424,6 +443,9 @@ function voucher_auth($voucher_received, $test = 0) { $active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes"; voucher_write_active_db($roll, $active_vouchers[$first_voucher_roll]); + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + unlock($voucherlck); return $total_minutes; @@ -432,9 +454,6 @@ function voucher_auth($voucher_received, $test = 0) { function voucher_configure($sync = false) { global $config, $g; - /* kill any running minicron */ - killbypid("{$g['varrun_path']}/vouchercron.pid"); - if (!isset($config['voucher']['enable'])) return 0; @@ -443,15 +462,6 @@ function voucher_configure($sync = false) { if ($sync == true) captiveportal_syslog("Writing voucher db from sync data..."); - // start cron if we're asked to save runtime DB periodically - // to XML config if it changed - $croninterval = $config['voucher']['saveinterval'] * 60; // need seconds. Config has minutes - if ($croninterval) { - /* start pruning process (interval defaults to 60 seconds) */ - mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/vouchercron.pid " . - "/etc/rc.savevoucher"); - } - $voucherlck = lock('voucher', LOCK_EX); /* write public key used to verify vouchers */ @@ -548,8 +558,12 @@ function voucher_read_active_db($roll) { } } fclose($fd); - if ($dirty) // if we found expired entries, lets save our snapshot + if ($dirty) { // if we found expired entries, lets save our snapshot voucher_write_active_db($roll, $active); + + /* Triger a sync of the vouchers on config */ + send_event("service sync vouchers"); + } } } return $active; @@ -620,12 +634,12 @@ function voucher_log($priority, $message) { } /* Save active and used voucher DB into XML config and write it to flash - * Called during reboot -> system_reboot_cleanup() and minicron + * Called during reboot -> system_reboot_cleanup() and every active voucher change */ function voucher_save_db_to_config() { global $config, $g; - if (!isset($config['voucher']['enable']) || $config['voucher']['saveinterval'] == 0) + if (!isset($config['voucher']['enable'])) return; // no vouchers or don't want to save DB's $voucherlck = lock('voucher', LOCK_EX); @@ -653,7 +667,7 @@ function voucher_save_db_to_config() { unlock($voucherlck); - write_config(); + write_config("Synching vouchers"); return; } diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index a5857ce..d2ce3c1 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -46,6 +46,7 @@ /usr/local/www/fred.png /usr/local/www/index.html /usr/local/www/system_usermanager_addcert.php +/usr/local/www/filter_log.inc /usr/local/pkg/routed/routed.inc /usr/local/pkg/routed/routed.xml -/usr/local/www/filter_log.inc
\ No newline at end of file +/usr/local/pkg/carp.xml diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index af0e5cc..fe8a30f 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -87,7 +87,7 @@ function remove_special_characters($string) { return $string; } -function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host_firmware_version') { +function carp_check_version($url, $username, $password, $port = 80, $method = 'pfsense.host_firmware_version') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -101,10 +101,8 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host while ($numberofruns < 2) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -138,7 +136,7 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host return false; } -function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { +function carp_sync_xml($url, $username, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { global $config, $g; if(file_exists("{$g['varrun_path']}/booting") || $g['booting']) @@ -151,11 +149,11 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens /* strip out nosync items */ if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } } if (is_array($config_copy['nat']['rule'])) { @@ -218,8 +216,12 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens $xml[$section] = backup_vip_config_section(); break; case 'user': + $xml['system'][$section] = $config_copy['system'][$section]; + $xml['system']['nextuid'] = $config_copy['system']['nextuid']; + break; case 'group': $xml['system'][$section] = $config_copy['system'][$section]; + $xml['system']['nextgid'] = $config_copy['system']['nextgid']; break; default: $xml[$section] = $config_copy[$section]; @@ -236,10 +238,8 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error("Beginning XMLRPC sync to {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - /* XXX: Configurable from the GUI?! */ - $username = "admin"; $cli->setCredentials($username, $password); - if($numberofruns > 1) + if($numberofruns > 0) $cli->setDebug(1); /* send our XMLRPC message and timeout after 240 seconds */ $resp = $cli->send($msg, "240"); @@ -258,8 +258,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens log_error($error); file_notice("sync_settings", $error, "Settings Sync", ""); exit; - } else + } else { log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + update_filter_reload_status("XMLRPC sync successfully completed with {$url}:{$port}."); + } $numberofruns = 3; } $numberofruns++; @@ -369,8 +371,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { $sections[] = 'crl'; } if ($carp['synchronizeusers'] != "") { - $mergesections[] = 'user'; - $mergesections[] = 'group'; + $sections[] = 'user'; + $sections[] = 'group'; } if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) $sections[] = 'dnsmasq'; @@ -384,21 +386,21 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { - if (!carp_check_version($synchronizetoip, $carp['password'], $port)) + if (empty($carp['username'])) + $username = "admin"; + else + $username = $carp['username']; + if (!carp_check_version($synchronizetoip, $username, $carp['password'], $port)) break; update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); - if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.restore_config_section'); + carp_sync_xml($synchronizetoip, $username, $carp['password'], $sections, $port); $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); $params = array( XML_RPC_encode($carp['password']) ); $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - /* XXX: Configurable from the GUI */ - $username = "admin"; $cli->setCredentials($username, $carp['password']); $resp = $cli->send($msg, "900"); diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index e95acd4..fd60d6a 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -217,7 +217,7 @@ } $upperifname = strtoupper($interface); - echo "\nPlease wait, saving and activating your changes to {$upperifname}..."; + echo "\nPlease wait while the changes are saved to {$upperifname}..."; write_config(gettext("{$interface} IP configuration from console menu")); interface_reconfigure(strtolower($upperifname)); echo " Reloading filter..."; diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 93eb089..a4fbde8 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -51,7 +51,7 @@ function restart_packages() { /* restart packages */ system_ntp_configure(); log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); - send_event("reload packages"); + send_event("service reload packages"); } /* Interface IP address has changed */ diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 5a138ed..99efc39 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -116,6 +116,8 @@ PHPMODULES="$PHPMODULES zmq" PHPMODULES="$PHPMODULES ssh2" # pfSense extensions PHPMODULES="$PHPMODULES pfSense" +# ion cube +PHPMODULES="$PHPMODULES ioncube_loader" # Modules previously included. # can be turned on by touching diff --git a/etc/version b/etc/version index 3f0e26d..f197044 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-RC2 +2.0-RC3 diff --git a/usr/local/pkg/carp.xml b/usr/local/pkg/carp.xml deleted file mode 100644 index 36f9fbe..0000000 --- a/usr/local/pkg/carp.xml +++ /dev/null @@ -1,234 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<packagegui> - <name>carp</name> - <version>0.1.0</version> - <xmlver>$Revision$</xmlver> - <title>Services: CARP (failover)</title> - <!-- Menu is where this packages menu will appear --> - <menu> - <name>CARP (failover)</name> - <tooltiptext>CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them.</tooltiptext> - <section>Services</section> - <url>carp_status.php</url> - </menu> - <tabs> - <!--<tab> - <text>CARP Virtual IPs</text> - <url>/pkg_edit.php?xml=carp.xml</url> - <active/> - </tab>--> - <tab> - <text>CARP Status</text> - <url>carp_status.php</url> - </tab> - <tab> - <text>CARP Settings</text> - <url>pkg_edit.php?xml=carp_settings.xml&id=0</url> - </tab> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_settings.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/pf/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_sync_client.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>a+rx</chmod> - <nosync/> - <item>http://www.pfsense.com/packages/config/carp_sync_server.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>a+rx</chmod> - <item>http://www.pfsense.com/packages/config/carp_status.php</item> - </additional_files_needed> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> - <configpath>['installedpackages']['carp']['config']</configpath> - <adddeleteeditpagefields> - <columnitem> - <fielddescr>VHID Group</fielddescr> - <fieldname>vhid</fieldname> - </columnitem> - <columnitem> - <fielddescr>Virtual IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - </columnitem> - <columnitem> - <fielddescr>Advertising Frequency</fielddescr> - <fieldname>advskew</fieldname> - </columnitem> - <columnitem> - <fielddescr>Netmask</fielddescr> - <fieldname>netmask</fieldname> - </columnitem> - </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> - <fields> - <field> - <fielddescr>Virtual IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>Enter the IP Address that you would like to share on both machines</description> - <type>input</type> - </field> -<!-- - <field> - <fielddescr>Bind Virtual IP to interface</fielddescr> - <fieldname>interface</fieldname> - <description>Select the interface that this IP should bind to (carpdev). Leave this set to AUTO for the system to automatically determine where to setup the IP.</description> - <add_to_interfaces_selection>AUTO</add_to_interfaces_selection> - <size>3</size> - <value>AUTO</value> - <type>interfaces_selection</type> - </field> ---> - <field> - <fielddescr>Virtual IP Netmask</fielddescr> - <fieldname>netmask</fieldname> - <description>Enter the IP Address's netmask that you would like to share on both machines</description> - <type>select</type> - <value>24</value> - <options> - <option><value>1</value><name>1</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - <option><value>31</value><name>31</name></option> - <option><value>32</value><name>32</name></option> - </options> - </field> - <field> - <fielddescr>Virtual IP Password</fielddescr> - <fieldname>password</fieldname> - <description>Enter the VHID group password.</description> - <type>password</type> - </field> - <field> - <fielddescr>VHID Group</fielddescr> - <fieldname>vhid</fieldname> - <description>Enter the VHID group that the machines will share</description> - <type>select</type> - <value>1</value> - <options> - <option><value>1</value><name>1 (DEFAULT)</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - </options> - </field> - <field> - <fielddescr>Advertising Frequency</fielddescr> - <fieldname>advskew</fieldname> - <description>The frequency that this machine will advertise. 0 = master. Anything above 0 designates a backup.</description> - <type>select</type> - <value>0</value> - <options> - <option><value>0</value><name>0 (DEFAULT)</name></option> - <option><value>1</value><name>1</name></option> - <option><value>2</value><name>2</name></option> - <option><value>3</value><name>3</name></option> - <option><value>4</value><name>4</name></option> - <option><value>5</value><name>5</name></option> - <option><value>6</value><name>6</name></option> - <option><value>7</value><name>7</name></option> - <option><value>8</value><name>8</name></option> - <option><value>9</value><name>9</name></option> - <option><value>10</value><name>10</name></option> - <option><value>11</value><name>11</name></option> - <option><value>12</value><name>12</name></option> - <option><value>13</value><name>13</name></option> - <option><value>14</value><name>14</name></option> - <option><value>15</value><name>15</name></option> - <option><value>16</value><name>16</name></option> - <option><value>17</value><name>17</name></option> - <option><value>18</value><name>18</name></option> - <option><value>19</value><name>19</name></option> - <option><value>20</value><name>20</name></option> - <option><value>21</value><name>21</name></option> - <option><value>22</value><name>22</name></option> - <option><value>23</value><name>23</name></option> - <option><value>24</value><name>24</name></option> - <option><value>25</value><name>25</name></option> - <option><value>26</value><name>26</name></option> - <option><value>27</value><name>27</name></option> - <option><value>28</value><name>28</name></option> - <option><value>29</value><name>29</name></option> - <option><value>30</value><name>30</name></option> - </options> - </field> - </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_add_php_command_late> - interfaces_carp_setup(); - </custom_add_php_command_late> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_delete_php_command> - interfaces_carp_setup(); - </custom_delete_php_command> - <custom_php_deinstall_command> - unlink_if_exists("/usr/local/pkg/carp*"); - unlink_if_exists("/usr/local/pkg/pf/carp*"); - unlink_if_exists("/usr/local/etc/rc.d/carp*"); - unlink_if_exists("/usr/local/pkg/pf/carp*"); - </custom_php_deinstall_command> -</packagegui> diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index f335236..32a9b8c 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -86,6 +86,14 @@ <type>input</type> </field> <field> + <fielddescr>Remote System Username</fielddescr> + <fieldname>username</fieldname> + <default_value>admin</default_value> + <description>Enter the webConfigurator username of the system entered above for synchronizing your configuration. + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and username option on backup cluster members!</b></description> + <type>input</type> + </field> + <field> <fielddescr>Remote System Password</fielddescr> <fieldname>password</fieldname> <description>Enter the webConfigurator password of the system entered above for synchronizing your configuration. diff --git a/usr/local/pkg/openntpd.xml b/usr/local/pkg/openntpd.xml index 907c6fb..cefb76d 100644 --- a/usr/local/pkg/openntpd.xml +++ b/usr/local/pkg/openntpd.xml @@ -15,8 +15,12 @@ <fielddescr>Interface</fielddescr> <description>Select the interface(s) the NTP server will listen on.</description> <default_value>lan</default_value> - <type>interfaces_selection</type> <multiple/> + <type>select_source</type> + <source><![CDATA[openntpd_get_listen_ips()]]></source> + <source_name>name</source_name> + <source_value>value</source_value> + </field> </fields> <custom_php_resync_config_command> diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 12b8be9..e893dad 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -71,8 +71,6 @@ if($_POST['disablecarp'] <> "") { $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter); } else { $savemsg = gettext("CARP has been enabled."); - mwexec("/sbin/sysctl net.inet.carp.allow=1"); - interfaces_carp_setup(); if(is_array($config['virtualip']['vip'])) { $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { @@ -85,9 +83,15 @@ if($_POST['disablecarp'] <> "") { interface_carpdev_configure($vip); sleep(1); break; + case "ipalias": + if (substr($vip['interface'], 0, 3) == "vip") + interface_ipalias_configure($vip); + break; } } } + interfaces_carp_setup(); + mwexec("/sbin/sysctl net.inet.carp.allow=1"); } } diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index 4665a44..9dc12a5 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -248,10 +248,14 @@ function _getHostName($mac,$ip) { return $dhcpmac[$mac]; else if ($dhcpip[$ip]) return $dhcpip[$ip]; - else if(gethostbyaddr($ip) <> "" and gethostbyaddr($ip) <> $ip) - return gethostbyaddr($ip); - else - return ""; + else{ + exec("host -W 1 $ip", $output); + if (preg_match('/.*pointer ([A-Za-z0-9.-]+)\..*/',$output[0],$matches)) { + if ($matches[1] <> $ip) + return $matches[1]; + } + } + return ""; } $pgtitle = array(gettext("Diagnostics"),gettext("ARP Table")); @@ -277,8 +281,18 @@ ob_implicit_flush(1); // Resolve hostnames and replace Z_ with "". The intention // is to sort the list by hostnames, alpha and then the non // resolvable addresses will appear last in the list. +$dnsavailable=1; +$dns = trim(_getHostName("", "8.8.8.8")); +if ($dns == ""){ + $dns = trim(_getHostName("", "8.8.4.4")); + if ($dns == "") $dnsavailable =0; +} + foreach ($data as &$entry) { - $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + if ($dnsavailable){ + $dns = trim(_getHostName($entry['mac'], $entry['ip'])); + }else + $dns=""; if(trim($dns)) $entry['dnsresolve'] = "$dns"; else diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 63d0f7e..ae3a1f7 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -118,9 +118,9 @@ if ($_GET['act'] == "del") { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; } } else if ($a_vip[$_GET['id']]['mode'] == "carp") { - $vipiface = $a_vip[$_GET['id']]['interface']; + $vipiface = "vip{$a_vip[$_GET['id']]['vhid']}"; foreach ($a_vip as $vip) { - if ($vipiface == "vip{$vip['vhid']}" && $vip['mode'] == "ipalias") + if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias") $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by ip alias entry") . " {$vip['descr']}."; } } diff --git a/usr/local/www/help.php b/usr/local/www/help.php index a89a551..0391505 100644 --- a/usr/local/www/help.php +++ b/usr/local/www/help.php @@ -222,7 +222,6 @@ $helppages = array( /* Below here are pages that may need some cleanup or have not been fully looked at yet */ 'carp_status.php' => 'http://doc.pfsense.org/index.php/Category:CARP', - 'carp.xml' => 'http://doc.pfsense.org/index.php/Category:CARP', 'carp_settings.xml' => 'http://doc.pfsense.org/index.php/Category:CARP', 'load_balancer_monitor.php' => 'http://doc.pfsense.org/index.php/Category:Load_balancing', diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 714feb4..3e35b0e 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -143,6 +143,16 @@ if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { } } +$ovpn_descrs = array(); +if (is_array($config['openvpn'])) { + if (is_array($config['openvpn']['openvpn-server'])) + foreach ($config['openvpn']['openvpn-server'] as $s) + $ovpn_descrs[$s['vpnid']] = $s['description']; + if (is_array($config['openvpn']['openvpn-client'])) + foreach ($config['openvpn']['openvpn-client'] as $c) + $ovpn_descrs[$c['vpnid']] = $c['description']; +} + if ($_POST['apply']) { if (file_exists("/var/run/interface_mismatch_reboot_needed")) system_reboot(); @@ -452,6 +462,8 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) echo htmlspecialchars($descr); } elseif ($portinfo['isqinq']) { echo htmlspecialchars($portinfo['descr']); + } elseif (substr($portname, 0, 4) == 'ovpn') { + echo htmlspecialchars($portname . " (" . $ovpn_descrs[substr($portname, 5, 1)] . ")"); } else echo htmlspecialchars($portname . " (" . $portinfo['mac'] . ")"); ?></option> diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index b3485f0..0a119d9 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -146,6 +146,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -170,8 +172,8 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); echo '</td></tr>'; } } diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 5361b51..9f883cd 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -366,6 +366,8 @@ if ($pkg['tabs'] <> "") { } else { $active = false; } + if(isset($tab['no_drop_down'])) + $no_drop_down = true; $urltmp = ""; if($tab['url'] <> "") $urltmp = $tab['url']; if($tab['xml'] <> "") $urltmp = "pkg_edit.php?xml=" . $tab['xml']; @@ -390,9 +392,9 @@ if ($pkg['tabs'] <> "") { ksort($tab_array); foreach($tab_array as $tab) { - echo '<tr><td>'; - display_top_tabs($tab); - echo '</td></tr>'; + echo '<tr><td>'; + display_top_tabs($tab, $no_drop_down); + echo '</td></tr>'; } } ?> @@ -462,7 +464,7 @@ if ($pkg['tabs'] <> "") { $value = $_POST[$fieldname]; if (is_array($value)) $value = implode(',', $value); } else { - if (isset($id) && $a_pkg[$id]) + if (isset($id) && $a_pkg[$id] && $a_pkg[$id][$fieldname]) $value = $a_pkg[$id][$fieldname]; else $value = $pkga['default_value']; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 4526028..3d1bd51 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -300,10 +300,10 @@ function enable_change(enable_change) { document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change; - var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change; - document.iform.reauthenticateacct[0].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[1].disabled = reauthenticate_dis; - document.iform.reauthenticateacct[2].disabled = reauthenticate_dis; + var radacct_dis = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change; + document.iform.reauthenticateacct[0].disabled = radacct_dis; + document.iform.reauthenticateacct[1].disabled = radacct_dis; + document.iform.reauthenticateacct[2].disabled = radacct_dis; } //--> </script> diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index f5af953..f4f4b89 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -78,8 +78,6 @@ if (!isset($config['voucher']['rollbits'])) $config['voucher']['rollbits'] = 16; if (!isset($config['voucher']['ticketbits'])) $config['voucher']['ticketbits'] = 10; -if (!isset($config['voucher']['saveinterval'])) - $config['voucher']['saveinterval'] = 5; if (!isset($config['voucher']['checksumbits'])) $config['voucher']['checksumbits'] = 5; if (!isset($config['voucher']['magic'])) @@ -150,7 +148,6 @@ $pconfig['enable'] = isset($config['voucher']['enable']); $pconfig['charset'] = $config['voucher']['charset']; $pconfig['rollbits'] = $config['voucher']['rollbits']; $pconfig['ticketbits'] = $config['voucher']['ticketbits']; -$pconfig['saveinterval'] = $config['voucher']['saveinterval']; $pconfig['checksumbits'] = $config['voucher']['checksumbits']; $pconfig['magic'] = $config['voucher']['magic']; $pconfig['publickey'] = base64_decode($config['voucher']['publickey']); @@ -176,8 +173,8 @@ if ($_POST) { /* input validation */ if ($_POST['enable'] == "yes") { if (!$_POST['vouchersyncusername']) { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic"); + $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic")); } else { $reqdfields = explode(" ", "vouchersyncdbip vouchersyncport vouchersyncpass vouchersyncusername"); $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"),gettext("Sync port"),gettext("Sync password"),gettext("Sync username")); @@ -200,8 +197,6 @@ if ($_POST) { $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) - $input_errors[] = gettext("Save interval in minutes cant be negative."); if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) $input_errors[] = gettext("This doesn't look like an RSA Public key."); if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) @@ -221,7 +216,6 @@ if ($_POST) { $config['voucher']['ticketbits'] = $_POST['ticketbits']; $config['voucher']['checksumbits'] = $_POST['checksumbits']; $config['voucher']['magic'] = $_POST['magic']; - $config['voucher']['saveinterval'] = $_POST['saveinterval']; $config['voucher']['publickey'] = base64_encode($_POST['publickey']); $config['voucher']['privatekey'] = base64_encode($_POST['privatekey']); $config['voucher']['msgnoaccess'] = $_POST['msgnoaccess']; @@ -287,8 +281,6 @@ EOF; $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; if($toreturn['voucher']['ticketbits']) $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; - if($toreturn['voucher']['saveinterval']) - $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; if($toreturn['voucher']['checksumbits']) $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; if($toreturn['voucher']['magic']) @@ -336,7 +328,6 @@ function before_save() { document.iform.charset.disabled = false; document.iform.rollbits.disabled = false; document.iform.ticketbits.disabled = false; - document.iform.saveinterval.disabled = false; document.iform.checksumbits.disabled = false; document.iform.magic.disabled = false; document.iform.publickey.disabled = false; @@ -353,7 +344,6 @@ function enable_change(enable_change) { document.iform.charset.disabled = endis; document.iform.rollbits.disabled = endis; document.iform.ticketbits.disabled = endis; - document.iform.saveinterval.disabled = endis; document.iform.checksumbits.disabled = endis; document.iform.magic.disabled = endis; document.iform.publickey.disabled = endis; @@ -368,7 +358,6 @@ function enable_change(enable_change) { document.iform.charset.disabled = true; document.iform.rollbits.disabled = true; document.iform.ticketbits.disabled = true; - document.iform.saveinterval.disabled = true; document.iform.checksumbits.disabled = true; document.iform.magic.disabled = true; document.iform.publickey.disabled = true; @@ -534,14 +523,6 @@ function enable_change(enable_change) { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Save Interval"); ?></td> - <td width="78%" class="vtable"> - <input name="saveinterval" type="text" class="formfld" id="saveinterval" size="4" value="<?=htmlspecialchars($pconfig['saveinterval']);?>"> - <?=gettext("Minutes"); ?><br> - <?=gettext("The list of active and used vouchers can be stored in the system's configuration file once every x minutes to survive power outages. No save is done if no new vouchers have been activated. Enter 0 to never write runtime state to XML config."); ?> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Invalid Voucher Message"); ?></td> <td width="78%" class="vtable"> <input name="msgnoaccess" type="text" class="formfld" id="msgnoaccess" size="80" value="<?=htmlspecialchars($pconfig['msgnoaccess']);?>"> diff --git a/usr/local/www/services_rfc2136_edit.php b/usr/local/www/services_rfc2136_edit.php index 7c5f114..e5b36d6 100644 --- a/usr/local/www/services_rfc2136_edit.php +++ b/usr/local/www/services_rfc2136_edit.php @@ -146,6 +146,7 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname");?></td> <td width="78%" class="vtable"> <input name="host" type="text" class="formfld unknown" id="host" size="30" value="<?=htmlspecialchars($pconfig['host']);?>"> + <br/><span>Fully qualified hostname of the host to be updated</span> </td> </tr> <tr> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 601bb8e..4965fb9 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -51,6 +51,7 @@ require_once("shaper.inc"); $pconfig['webguiproto'] = $config['system']['webgui']['protocol']; $pconfig['webguiport'] = $config['system']['webgui']['port']; +$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); @@ -84,6 +85,10 @@ if ($_POST) { if(!is_port($_POST['webguiport'])) $input_errors[] = gettext("You must specify a valid webConfigurator port number"); + if ($_POST['max_procs']) + if(!is_numeric($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) + $input_errors[] = gettext("Max Processes must be a number 1 or greater"); + if ($_POST['althostnames']) { $althosts = explode(" ", $_POST['althostnames']); foreach ($althosts as $ah) @@ -111,6 +116,8 @@ if ($_POST) { $restart_webgui = true; if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref'])) $restart_webgui = true; + if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs'])) + $restart_webgui = true; if ($_POST['disablehttpredirect'] == "yes") { $config['system']['webgui']['disablehttpredirect'] = true; @@ -322,6 +329,18 @@ function prot_change() { </td> </tr> <tr> + <td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td> + <td class="vtable"> + <input name="max_procs" type="text" class="formfld unknown" id="max_procs" "size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>"> + <br> + <span class="vexpl"> + <?=gettext("Enter the number of webConfigurator processes you " . + "want to run. This defaults to 2. Increasing this will allow more " . + "users/browsers to access the GUI concurrently."); ?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI redirect"); ?></td> <td width="78%" class="vtable"> <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 5541f83..a4b60af 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -154,7 +154,7 @@ if ($act == "expkey") { if ($_POST) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -185,6 +185,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "existing") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if ($reqdfields[$i] == 'dn_email'){ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if ($reqdfields[$i] == 'dn_commonname'){ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -271,6 +283,15 @@ function method_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -394,12 +415,15 @@ function method_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("US");?> - <em><?=gettext("( two letters )");?></em> + <select name='dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 470f0cd..87b8d91 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -153,7 +153,7 @@ if ($act == "csr") { if ($_POST) { if ($_POST['save'] == gettext("Save")) { - unset($input_errors); + $input_errors = array(); $pconfig = $_POST; /* input validation */ @@ -206,6 +206,18 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if ($pconfig['method'] != "import") + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); + }else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); + }else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { @@ -413,6 +425,15 @@ function internalca_change() { print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); + + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> @@ -639,13 +660,15 @@ function internalca_change() { <tr> <td align="right"><?=gettext("Country Code");?> : </td> <td align="left"> - <input name="csr_dn_country" type="text" class="formfld unknown" size="2" value="<?=htmlspecialchars($pconfig['csr_dn_country']);?>" /> - - <em>ex:</em> - - US - - <em><?=gettext("( two letters )");?></em> + <select name='csr_dn_country' class="formselect"> + <?php + foreach( $dn_cc as $cc){ + $selected = ""; + if ($pconfig['csr_dn_country'] == $cc) $selected = "selected"; + print "<option value=\"$cc\" $selected>$cc</option>"; + } + ?> + </select> </td> </tr> <tr> diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 500700a..2fbf5e3 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -166,7 +166,9 @@ function restore_config_section_xmlrpc($raw_params) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") $oldvips[$vip['vhid']] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; - else if ((($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) && substr($vip['interface'], 0, 3) != "vip") + else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip") + $oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; + else if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && substr($vip['interface'], 0, 3) != "vip") $vipbackup[] = $vip; } } @@ -193,16 +195,26 @@ function restore_config_section_xmlrpc($raw_params) { * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ - if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { + if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { - if (isset($oldvips[$vip['vhid']])) { + if ($vip['mode'] == "carp" && isset($oldvips[$vip['vhid']])) { if ($oldvips[$vip['vhid']] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { - if (does_interface_exist("vip{$vip['vhid']}")) - continue; // Skip reconfiguring this vips since nothing has changed. - } else - unset($oldvips['vhid']); + if (does_vip_exist($vip)) { + unset($oldvips[$vip['vhid']]); + continue; // Skip reconfiguring this vips since nothing has changed. + } + } + unset($oldvips[$vip['vhid']]); + } else if ($vip['mode'] == "ipalias" && substr($vip['interface'], 0, 3) == "vip" && isset($oldvips[$vip['subnet']])) { + if ($oldvips[$vip['subnet']] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { + if (does_vip_exist($vip)) { + unset($oldvips[$vip['subnet']]); + continue; // Skip reconfiguring this vips since nothing has changed. + } + } + unset($oldvips[$vip['subnet']]); } switch ($vip['mode']) { @@ -224,7 +236,7 @@ function restore_config_section_xmlrpc($raw_params) { } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipif => $oldvippar) { - if (does_interface_exist("vip{$oldvipif}")) + if (!is_ipaddr($oldvipif) && does_interface_exist("vip{$oldvipif}")) pfSense_interface_destroy("vip{$oldvipif}"); } if ($carp_setuped == true) diff --git a/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh b/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh index aeb585f..76cb247 100755 --- a/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh +++ b/usr/sbin/pc-sysinstall/backend/functions-extractimage.sh @@ -404,45 +404,53 @@ init_extraction() # Lets start by figuring out what medium we are using case ${INSTALLMEDIUM} in - LiveCD) - get_value_from_cfg cpdupPaths - if [ ! -z "${VAL}" ] - then - INSFILE="${VAL}" ; export INSFILE - fi - oIFS=$IFS - IFS="," - for FILE in $INSFILE; do - echo_log "pc-sysinstall: Running cpdup -vvv -I -o /${FILE} /mnt/${FILE}" - /usr/local/bin/cpdup -vvv -I -o /${FILE} /mnt/${FILE} >&1 2>&1 - if [ "$?" != "0" ] - then - echo "CPDUP failure occured:" >>${LOGOUT} - exit_err "ERROR: Error occurred during cpdup" - fi - done - oIFS=$IFS - IFS=" -" - return + LiveCD) # Copies files using cpdup. Ideal for pre-staged fs + if [ ! -f /usr/local/bin/cpdup ] + then + echo "Could not locate cpdup binary" >>${LOGOUT} + exit_err "Could not locate cpdup binary (pkg_add -r cpdup)?" + fi + get_value_from_cfg cpdupPathsPrefix + if [ ! -z "${VAL}" ] + CPDUPPATHPREFIX="" + then + CPDUPPATHPREFIX="${VAL}" ; export CPDUPPATHPREFIX + fi + get_value_from_cfg cpdupPaths + if [ ! -z "${VAL}" ] + then + CPDUPDIR="${VAL}" ; export CPDUPDIR + fi + oIFS=$IFS + IFS="," + for FILE in $CPDUPDIR; do + echo_log "pc-sysinstall: Running cpdup -o ${CPDUPPATHPREFIX}/${FILE} /mnt/${FILE}" + /usr/local/bin/cpdup -o ${CPDUPPATHPREFIX}/${FILE} /mnt/${FILE} >&1 2>&1 + if [ "$?" != "0" ] + then + echo "cpdup failure occurred:" >>${LOGOUT} + exit_err "ERROR: Error occurred during cpdup" + fi + done + IFS=$oIFS + return ;; dvd|usb) # Lets start by mounting the disk opt_mount - if [ ! -z "${INSDIR}" ] - then - INSDIR="${CDMNT}/${INSDIR}" ; export INSDIR - start_extract_split - - else - INSFILE="${CDMNT}/${INSFILE}" ; export INSFILE - start_extract_uzip_tar - fi + if [ ! -z "${INSDIR}" ] + then + INSDIR="${CDMNT}/${INSDIR}" ; export INSDIR + start_extract_split + else + INSFILE="${CDMNT}/${INSFILE}" ; export INSFILE + start_extract_uzip_tar + fi ;; ftp) fetch_install_file start_extract_uzip_tar ;; rsync) start_rsync_copy - ;; + ;; *) exit_err "ERROR: Unknown install medium" ;; esac |
