diff options
82 files changed, 826 insertions, 688 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 58b2aff..34465a4 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1396,29 +1396,68 @@ function ldap_backed($username, $passwd, $authcfg) { return true; } -function radius_backed($username, $passwd, $authcfg, &$attributes = array()) { +function radius_backed($username, $password, $authcfg, &$attributes = array()) { global $debug, $config; $ret = false; require_once("radius.inc"); + require_once("Crypt/CHAP.php"); - $rauth = new Auth_RADIUS_PAP($username, $passwd); if ($authcfg) { $radiusservers = array(); $radiusservers[0]['ipaddr'] = $authcfg['host']; $radiusservers[0]['port'] = $authcfg['radius_auth_port']; $radiusservers[0]['sharedsecret'] = $authcfg['radius_secret']; $radiusservers[0]['timeout'] = $authcfg['radius_timeout']; + if(isset($authcfg['radius_protocol'])) { + $radius_protocol = $authcfg['radius_protocol']; + } else { + $radius_protocol = 'PAP'; + } } else { return false; } + // Create our instance + $classname = 'Auth_RADIUS_' . $radius_protocol; + $rauth = new $classname($username, $password); + /* Add new servers to our instance */ foreach ($radiusservers as $radsrv) { $timeout = (is_numeric($radsrv['timeout'])) ? $radsrv['timeout'] : 5; $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['sharedsecret'], $timeout); } + // Construct data package + $rauth->username = $username; + switch ($radius_protocol) { + case 'CHAP_MD5': + case 'MSCHAPv1': + $classname = $radius_protocol == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5'; + $crpt = new $classname; + $crpt->username = $username; + $crpt->password = $password; + $rauth->challenge = $crpt->challenge; + $rauth->chapid = $crpt->chapid; + $rauth->response = $crpt->challengeResponse(); + $rauth->flags = 1; + break; + + case 'MSCHAPv2': + $crpt = new Crypt_CHAP_MSv2; + $crpt->username = $username; + $crpt->password = $password; + $rauth->challenge = $crpt->authChallenge; + $rauth->peerChallenge = $crpt->peerChallenge; + $rauth->chapid = $crpt->chapid; + $rauth->response = $crpt->challengeResponse(); + break; + + default: + $rauth->password = $password; + break; + } + if (PEAR::isError($rauth->start())) { $retvalue['auth_val'] = 1; $retvalue['error'] = $rauth->getError(); diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index 449d75c..bc192eb 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -1082,35 +1082,31 @@ function captiveportal_disconnect_all($term_cause = 6, $logoutReason = "DISCONNE global $g, $config, $cpzone, $cpzoneid; /* check if we're pruning old entries and eventually wait */ - $rcprunelock = try_lock("rcprunecaptiveportal{$cpzone}", 60); + $rcprunelock = try_lock("rcprunecaptiveportal{$cpzone}", 15); /* if we still don't have the lock, unlock forcefully and take it */ if (!$rcprunelock) { - log_error("CP zone ${cpzone}: could not obtain the lock for more than 60 seconds, lock taken forcefully to disconnect all users"); + log_error("CP zone ${cpzone}: could not obtain the lock for more than 15 seconds, lock taken forcefully to disconnect all users"); unlock_force("rcprunecaptiveportal{$cpzone}"); $rcprunelock = lock("rcprunecaptiveportal{$cpzone}", LOCK_EX); } - $radiussrvs = captiveportal_get_radius_servers(); - $cpdb = captiveportal_read_db(); + /* take a lock so new users won't be able to log in */ + $cpdblck = lock("captiveportaldb{$cpzone}", LOCK_EX); + + captiveportal_radius_stop_all($term_cause, $logoutReason); - /* remove immediately the active users from the database to avoid races */ + /* remove users from the database */ + $cpdb = captiveportal_read_db(); $unsetindexes = array_column($cpdb,5); if (!empty($unsetindexes)) { captiveportal_remove_entries($unsetindexes); } - foreach ($cpdb as $cpentry) { - if (empty($cpentry[11])) { - $cpentry[11] = 'first'; - } - $radiusservers = $radiussrvs[$cpentry[11]]; - - captiveportal_disconnect($cpentry, $radiusservers, $term_cause); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], $logoutReason); - } - unset($cpdb); + /* reinit ipfw rules */ + captiveportal_init_rules(true); + unlock($cpdblck); unlock($rcprunelock); } diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 1bb734c..ed635c3 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -71,7 +71,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "16.0", + "latest_config" => "16.1", "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "wan_interface_name" => "wan", diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index abef6a8..924b2c3 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -1201,6 +1201,7 @@ function openvpn_restart($mode, $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; $lockhandle = lock("openvpnservice{$mode_id}", LOCK_EX); + openvpn_reconfigure($mode, $settings); /* kill the process if running */ $pfile = $g['varrun_path']."/openvpn_{$mode_id}.pid"; if (file_exists($pfile)) { @@ -1208,6 +1209,7 @@ function openvpn_restart($mode, $settings) { /* read the pid file */ $pid = rtrim(file_get_contents($pfile)); unlink($pfile); + syslog(LOG_INFO, "OpenVPN terminate old pid: {$pid}"); /* send a term signal to the process */ posix_kill($pid, SIGTERM); @@ -1249,8 +1251,22 @@ function openvpn_restart($mode, $settings) { /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; openvpn_clear_route($mode, $settings); - mwexec("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath)); - + $res = mwexec("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath)); + if ($res == 0) { + $i = 0; + $pid = "--"; + while ($i < 3000) { + if (isvalidpid($pfile)) { + $pid = rtrim(file_get_contents($pfile)); + break; + } + usleep(1000); + $i++; + } + syslog(LOG_INFO, "OpenVPN PID written: {$pid}"); + } else { + syslog(LOG_ERR, "OpenVPN failed to start"); + } if (!platform_booting()) { send_event("filter reload"); } @@ -1408,7 +1424,6 @@ function openvpn_delete_csc(& $settings) { // Resync the configuration and restart the VPN function openvpn_resync($mode, $settings) { - openvpn_reconfigure($mode, $settings); openvpn_restart($mode, $settings); } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 9f290bb..de0b998 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2415,13 +2415,12 @@ function process_alias_urltable($name, $type, $url, $freq, $forceupdate=false, $ touch($urltable_filename); } - /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ - if (!isset($config['system']['use_mfs_tmpvar'])) { - unlink_if_exists("{$g['cf_conf_path']}/RAM_Disk_Store{$urltable_filename}.tgz"); - } else { - /* Update the RAM disk store with the new/updated table file. */ - mwexec("cd / && /usr/bin/tar -czf \"{$g['cf_conf_path']}/RAM_Disk_Store{$urltable_filename}.tgz\" -C / \"{$urltable_filename}\""); + /* Remove existing archive and create an up to date archive if RAM disk is enabled. */ + unlink_if_exists("{$g['cf_conf_path']}/RAM_Disk_Store/{$name}.txt.tgz"); + if (isset($config['system']['use_mfs_tmpvar'])) { + mwexec("/usr/bin/tar -czf " . escapeshellarg("{$g['cf_conf_path']}/RAM_Disk_Store/{$name}.txt.tgz") . " -C / " . escapeshellarg($urltable_filename)); } + unlink_if_exists($tmp_urltable_filename); } else { if (!$validateonly) { @@ -3174,38 +3173,6 @@ function pkg_call_plugins($plugin_type, $plugin_params) { return $results; } -function restore_aliastables() { - global $g, $config; - - $dbpath = "{$g['vardb_path']}/aliastables/"; - - /* restore the alias tables, if we have them */ - $files = glob("{$g['cf_conf_path']}/RAM_Disk_Store{$dbpath}*.tgz"); - if (count($files)) { - echo "Restoring alias tables..."; - foreach ($files as $file) { - if (file_exists($file)) { - $aliastablesrestore = ""; - $aliastablesreturn = ""; - exec("cd /;LANG=C /usr/bin/tar -xzf {$file} 2>&1", $aliastablesrestore, $aliastablesreturn); - $aliastablesrestore = implode(" ", $aliastablesrestore); - if ($aliastablesreturn <> 0) { - log_error(sprintf(gettext('Alias table restore failed exited with %1$s, the error is: %2$s %3$s%4$s'), $aliastablesreturn, $aliastablesrestore, $file, "\n")); - } else { - log_error(sprintf(gettext('Alias table restore succeeded exited with %1$s, the result is: %2$s %3$s%4$s'), $aliastablesreturn, $aliastablesrestore, $dbpath.basename($file, ".tgz"), "\n")); - } - } - /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ - if (!isset($config['system']['use_mfs_tmpvar'])) { - unlink_if_exists("{$file}"); - } - } - echo "done.\n"; - return true; - } - return false; -} - // Convert IPv6 addresses to lower case function addrtolower($ip) { if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === false) { diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 18b77e3..ea61beb 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -337,13 +337,11 @@ function get_package_internal_name($package_data) { } // Get information about packages. -function get_pkg_info($pkgs = 'all', $local_only = false, $installed_only = false) { - +function get_pkg_info($pkgs = 'all', $only_local = false) { global $g, $input_errors; $out = ''; $err = ''; - $rc = 0; unset($pkg_filter); if (is_array($pkgs)) { @@ -352,7 +350,7 @@ function get_pkg_info($pkgs = 'all', $local_only = false, $installed_only = fals } if ($pkgs == 'all') { - $pkgs = $g['pkg_prefix'] . '*'; // Allows same prefix to work with both pkg search + pkg info + $pkgs = $g['pkg_prefix']; } if (!function_exists('is_subsystem_dirty')) { @@ -361,39 +359,21 @@ function get_pkg_info($pkgs = 'all', $local_only = false, $installed_only = fals /* Do not run remote operations if pkg has a lock */ if (is_subsystem_dirty('pkg')) { - $local_only = true; + $only_local = true; $lock = false; } else { $lock = true; } $extra_param = ""; - if ($local_only) { + if ($only_local) { $extra_param = "-U "; } if ($lock) { mark_subsystem_dirty('pkg'); } - - if (!$installed_only) { - // repo catalog search (either remote or local_only) - $rc = pkg_exec("search {$extra_param}-R --raw-format json-compact " . $pkgs, $out, $err); - } - if ($installed_only || ($local_only && $rc != 0)) { - /* use pkg info if (1) installed pkg search or (2) local catalog copy search requested + failed. - * - * The local repo catalog copy may be cleared if a previous call to pkg search couldn't get the - * remote repo catalog. - * - * If the calling code would have accepted local copy info (which isn't assumed up to date) then it - * makes sense to fall back on pkg info to at least return the known info about installed pkgs (pkg - * info should still work), instead of failing and returning no info at all. For example, this - * enables offline view + management of installed pkgs. - */ - - $rc = pkg_exec("info -R --raw-format json-compact " . $pkgs, $out, $err); - } + $rc = pkg_exec("search {$extra_param}-R --raw-format json-compact " . $pkgs, $out, $err); if ($lock) { clear_subsystem_dirty('pkg'); } @@ -473,8 +453,7 @@ function get_pkg_info($pkgs = 'all', $local_only = false, $installed_only = fals function register_all_installed_packages() { global $g, $config, $pkg_interface; - $pkg_info = get_pkg_info('all', true, true); - + $pkg_info = get_pkg_info('all', true); foreach ($pkg_info as $pkg) { if (!isset($pkg['installed'])) { diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 183f84a..cf3a1a9 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -34,54 +34,6 @@ function dump_rrd_to_xml($rrddatabase, $xmldumpfile) { return($dumpret); } -function restore_rrd() { - global $g, $config; - - $rrddbpath = "{$g['vardb_path']}/rrd/"; - $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; - - $rrdrestore = ""; - $rrdreturn = ""; - if (file_exists("{$g['cf_conf_path']}/rrd.tgz") && isset($config['system']['use_mfs_tmpvar'])) { - foreach (glob("{$rrddbpath}/*.xml") as $xml_file) { - @unlink($xml_file); - } - unset($rrdrestore); - $_gb = exec("cd /;LANG=C /usr/bin/tar -tf {$g['cf_conf_path']}/rrd.tgz", $rrdrestore, $rrdreturn); - if ($rrdreturn != 0) { - log_error(sprintf(gettext('RRD restore failed exited with %1$s, the error is: %2$s'), $rrdreturn, $rrdrestore)); - return; - } - foreach ($rrdrestore as $xml_file) { - $rrd_file = '/' . substr($xml_file, 0, -4) . '.rrd'; - if (file_exists("{$rrd_file}")) { - @unlink($rrd_file); - } - file_put_contents("{$g['tmp_path']}/rrd_restore", $xml_file); - $_gb = exec("cd /;LANG=C /usr/bin/tar -xf {$g['cf_conf_path']}/rrd.tgz -T {$g['tmp_path']}/rrd_restore"); - if (!file_exists("/{$xml_file}")) { - log_error(sprintf(gettext("Could not extract %s RRD xml file from archive!"), $xml_file)); - continue; - } - $_gb = exec("$rrdtool restore -f '/{$xml_file}' '{$rrd_file}'", $output, $status); - if ($status) { - log_error(sprintf(gettext("rrdtool restore -f '%1\$s' '%2\$s' failed returning %3\$s."), $xml_file, $rrd_file, $status)); - continue; - } - unset($output); - @unlink("/{$xml_file}"); - } - unset($rrdrestore); - @unlink("{$g['tmp_path']}/rrd_restore"); - /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ - if (!isset($config['system']['use_mfs_tmpvar'])) { - unlink_if_exists("{$g['cf_conf_path']}/rrd.tgz"); - } - return true; - } - return false; -} - function create_new_rrd($rrdcreatecmd) { $rrdcreateoutput = array(); $rrdcreatereturn = 0; @@ -281,10 +233,6 @@ function enable_rrd_graphing() { } chown($rrddbpath, "nobody"); - if (platform_booting()) { - restore_rrd(); - } - /* db update script */ $rrdupdatesh = "#!/bin/sh\n"; $rrdupdatesh .= "\n"; @@ -309,14 +257,6 @@ function enable_rrd_graphing() { } } - if (platform_booting()) { - if (!is_dir($rrddbpath)) { - mkdir($rrddbpath, 0775); - } - - @chown($rrddbpath, "nobody"); - } - /* process all real and pseudo interfaces */ foreach ($ifdescrs as $ifname => $ifdescr) { $temp = get_real_interface($ifname); diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 57c4181..45177d2 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -480,23 +480,6 @@ function services_dhcpdv4_configure() { } } - if (platform_booting()) { - /* restore the leases, if we have them */ - if (file_exists("{$g['cf_conf_path']}/dhcpleases.tgz")) { - $dhcprestore = ""; - $dhcpreturn = ""; - exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/dhcpleases.tgz 2>&1", $dhcprestore, $dhcpreturn); - $dhcprestore = implode(" ", $dhcprestore); - if ($dhcpreturn <> 0) { - log_error(sprintf(gettext('DHCP leases restore failed exited with %1$s, the error is: %2$s%3$s'), $dhcpreturn, $dhcprestore, "\n")); - } - } - /* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */ - if (!isset($config['system']['use_mfs_tmpvar'])) { - unlink_if_exists("{$g['cf_conf_path']}/dhcpleases.tgz"); - } - } - $syscfg = $config['system']; if (!is_array($config['dhcpd'])) { $config['dhcpd'] = array(); @@ -1277,22 +1260,6 @@ function services_dhcpdv6_configure($blacklist = array()) { return 0; } - /* restore the leases, if we have them */ - if (platform_booting() && - isset($config['system']['use_mfs_tmpvar']) && - file_exists("{$g['cf_conf_path']}/dhcp6leases.tgz")) { - $dhcprestore = ""; - $dhcpreturn = ""; - exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/dhcp6leases.tgz 2>&1", - $dhcprestore, $dhcpreturn); - $dhcprestore = implode(" ", $dhcprestore); - if ($dhcpreturn <> 0) { - log_error(sprintf(gettext( - 'DHCP leases v6 restore failed exited with %1$s, the error is: %2$s'), - $dhcpreturn, $dhcprestore)); - } - } - $syscfg = $config['system']; if (!is_array($config['dhcpdv6'])) { $config['dhcpdv6'] = array(); diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 61ecc51..41b4e3a 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -5063,4 +5063,86 @@ function upgrade_159_to_160() { } } } + +/* RAM Disk Management */ +function upgrade_160_to_161() { + global $g, $config; + + if (!isset($config['system']['use_mfs_tmpvar'])) { + return; + } + + // Move existing RRD backup to the RAM Disk Store if it don't already exist there. + // Restore existing RRD XML dump backup. + if (file_exists("{$g['cf_conf_path']}/rrd.tgz") && !file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/rrd.tgz")) { + $rrddbpath = "{$g['vardb_path']}/rrd/"; + $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; + + $rrdrestore = ""; + $rrdreturn = ""; + unlink_if_exists("{$rrddbpath}/*.xml"); + + unset($rrdrestore); + $_gb = exec("LANG=C /usr/bin/tar -tf {$g['cf_conf_path']}/rrd.tgz", $rrdrestore, $rrdreturn); + if ($rrdreturn != 0) { + log_error(sprintf(gettext('RRD restore failed exited with %1$s, the error is: %2$s'), $rrdreturn, $rrdrestore)); + } else { + foreach ($rrdrestore as $xml_file) { + $rrd_file = '/' . substr($xml_file, 0, -4) . '.rrd'; + unlink_if_exists("{$rrd_file}"); + + file_put_contents("{$g['tmp_path']}/rrd_restore", $xml_file); + $_gb = exec("LANG=C /usr/bin/tar -xf {$g['cf_conf_path']}/rrd.tgz -C / -T {$g['tmp_path']}/rrd_restore"); + if (!file_exists("/{$xml_file}")) { + log_error(sprintf(gettext("Could not extract %s RRD xml file from archive!"), $xml_file)); + continue; + } + $_gb = exec("$rrdtool restore -f '/{$xml_file}' '{$rrd_file}'", $output, $status); + if ($status) { + log_error(sprintf(gettext("rrdtool restore -f '%1\$s' '%2\$s' failed returning %3\$s."), $xml_file, $rrd_file, $status)); + continue; + } + unset($output); + @unlink("/{$xml_file}"); + } + unset($rrdrestore); + @unlink("{$g['tmp_path']}/rrd_restore"); + + // Create a new RRD backup to the RAM Disk Store (without RRD XML dump). + exec("/etc/rc.backup_rrd.sh"); + $ramds_updated = true; + + // Rename previous RRD backup so it will not restore again. Don't delete in case needed for recovery. + rename("{$g['cf_conf_path']}/rrd.tgz", "{$g['cf_conf_path']}/rrd.tgz.old"); + } + } + + // Move existing DHCP leases backup to the RAM Disk Store if it don't already exist there. + if (file_exists("{$g['cf_conf_path']}/dhcpleases.tgz") && ! file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/dhcpleases.tgz")) { + rename("{$g['cf_conf_path']}/dhcpleases.tgz", "{$g['cf_conf_path']}/RAM_Disk_Store/dhcpleases.tgz"); + $ramds_updated = true; + } + + // Move existing alias table backups to the RAM Disk Store if they don't already exist there. + $dbpath = "{$g['vardb_path']}/aliastables/"; + $files = glob("{$g['cf_conf_path']}/RAM_Disk_Store{$dbpath}*.tgz"); + if (count($files)) { + foreach ($files as $file) { + if (! file_exists("{$g['cf_conf_path']}/RAM_Disk_Store/".basename($file))) { + rename($file, "{$g['cf_conf_path']}/RAM_Disk_Store/".basename($file)); + $ramds_updated = true; + } + } + // Remove existing alias table backups directory if empty. + @rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/db/aliastables"); + @rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/db/"); + @rmdir("{$g['cf_conf_path']}/RAM_Disk_Store/var/"); + } + + // Restore RAM Disk Store if updated. + if ($ramds_updated) { + exec("/etc/rc.restore_ramdisk_store"); + } +} + ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 4d157d7..2176423 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -485,32 +485,32 @@ function ip_range_to_address_array($startip, $endip, $max_size = 5000) { return $rangeaddresses; } -/* Convert an IPv4 or IPv6 IP range to an array of subnets which can contain the range. - Algorithm and embodying code PD'ed by Stilez - enjoy as you like :-) - - Documented on pfsense dev list 19-20 May 2013. Summary: - - The algorithm looks at patterns of 0's and 1's in the least significant bit(s), whether IPv4 or IPv6. - These are all that needs checking to identify a _guaranteed_ correct, minimal and optimal subnet array. - - As a result, string/binary pattern matching of the binary IP is very efficient. It uses just 2 pattern-matching rules - to chop off increasingly larger subnets at both ends that can't be part of larger subnets, until nothing's left. - - (a) If any range has EITHER low bit 1 (in startip) or 0 (in endip), that end-point is _always guaranteed_ to be optimally - represented by its own 'single IP' CIDR; the remaining range then shrinks by one IP up or down, causing the new end-point's - low bit to change from 1->0 (startip) or 0->1 (endip). Only one edge case needs checking: if a range contains exactly 2 - adjacent IPs of this format, then the two IPs themselves are required to span it, and we're done. - Once this rule is applied, the remaining range is _guaranteed_ to end in 0's and 1's so rule (b) can now be used, and its - low bits can now be ignored. - - (b) If any range has BOTH startip and endip ending in some number of 0's and 1's respectively, these low bits can - *always* be ignored and "bit-shifted" for subnet spanning. So provided we remember the bits we've place-shifted, we can - _always_ right-shift and chop off those bits, leaving a smaller range that has EITHER startip ending in 1 or endip ending - in 0 (ie can now apply (a) again) or the entire range has vanished and we're done. - We then loop to redo (a) again on the remaining (place shifted) range until after a few loops, the remaining (place shifted) - range 'vanishes' by meeting the exit criteria of (a) or (b), and we're done. -*/ - +/* + * Convert an IPv4 or IPv6 IP range to an array of subnets which can contain the range. + * Algorithm and embodying code PD'ed by Stilez - enjoy as you like :-) + * + * Documented on pfsense dev list 19-20 May 2013. Summary: + * + * The algorithm looks at patterns of 0's and 1's in the least significant bit(s), whether IPv4 or IPv6. + * These are all that needs checking to identify a _guaranteed_ correct, minimal and optimal subnet array. + * + * As a result, string/binary pattern matching of the binary IP is very efficient. It uses just 2 pattern-matching rules + * to chop off increasingly larger subnets at both ends that can't be part of larger subnets, until nothing's left. + * + * (a) If any range has EITHER low bit 1 (in startip) or 0 (in endip), that end-point is _always guaranteed_ to be optimally + * represented by its own 'single IP' CIDR; the remaining range then shrinks by one IP up or down, causing the new end-point's + * low bit to change from 1->0 (startip) or 0->1 (endip). Only one edge case needs checking: if a range contains exactly 2 + * adjacent IPs of this format, then the two IPs themselves are required to span it, and we're done. + * Once this rule is applied, the remaining range is _guaranteed_ to end in 0's and 1's so rule (b) can now be used, and its + * low bits can now be ignored. + * + * (b) If any range has BOTH startip and endip ending in some number of 0's and 1's respectively, these low bits can + * *always* be ignored and "bit-shifted" for subnet spanning. So provided we remember the bits we've place-shifted, we can + * _always_ right-shift and chop off those bits, leaving a smaller range that has EITHER startip ending in 1 or endip ending + * in 0 (ie can now apply (a) again) or the entire range has vanished and we're done. + * We then loop to redo (a) again on the remaining (place shifted) range until after a few loops, the remaining (place shifted) + * range 'vanishes' by meeting the exit criteria of (a) or (b), and we're done. + */ function ip_range_to_subnet_array($ip1, $ip2) { if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { @@ -1790,10 +1790,11 @@ function arp_get_mac_by_ip($ip) { /* return a fieldname that is safe for xml usage */ function xml_safe_fieldname($fieldname) { - $replace = array('/', '-', ' ', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', - '_', '+', '=', '{', '}', '[', ']', '|', '/', '<', '>', '?', - ':', ',', '.', '\'', '\\' - ); + $replace = array( + '/', '-', ' ', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', + '_', '+', '=', '{', '}', '[', ']', '|', '/', '<', '>', '?', + ':', ',', '.', '\'', '\\' + ); return strtolower(str_replace($replace, "", $fieldname)); } @@ -2553,7 +2554,32 @@ function validateipaddr(&$addr, $type, $label, &$err_msg, $alias=false) { return false; } -/* returns true if $dhcp6duid is a valid duid entrry */ +/* format a string to look (more) like the expected DUID format: + * 1) Replace any "-" with ":" + * 2) If the user inputs 14 components, then add the expected "0e:00:" to the front. + * This is convenience, because the actual DUID (which is reported in logs) is the last 14 components. + * 3) If any components are input with just a single char (hex digit hopefully), put a "0" in front. + * + * The final result should be closer to: + * + * "0e:00:00:01:00:01:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn" + * + * This function does not validate the input. is_duid() will do validation. +*/ +function format_duid($dhcp6duid) { + $values = explode(":", strtolower(str_replace("-", ":", $dhcp6duid))); + if (count($values) == 14) { + array_unshift($values, "0e", "00"); + } + + array_walk($values, function(&$value) { + $value = str_pad($value, 2, '0', STR_PAD_LEFT); + }); + + return implode(":", $values); +} + +/* returns true if $dhcp6duid is a valid duid entry */ function is_duid($dhcp6duid) { $values = explode(":", $dhcp6duid); if (count($values) != 16 || strlen($dhcp6duid) != 47) { @@ -2572,8 +2598,8 @@ function is_duid($dhcp6duid) { function write_dhcp6_duid($duidstring) { // Create the hex array from the dhcp6duid config entry and write to file global $g; - - if(!is_duid($duidstring)) { + + if(!is_duid($duidstring)) { log_error(gettext("Error: attempting to write DUID file - Invalid DUID detected")); return false; } @@ -2589,16 +2615,16 @@ function write_dhcp6_duid($duidstring) { } /* returns duid string from 'vardb_path']}/dhcp6c_duid' */ -function get_duid_from_file() -{ +function get_duid_from_file() { global $g; - + $duid_ASCII = ""; $count = 0; - - if ($fd = fopen("{$g['vardb_path']}/dhcp6c_duid", "r")) { + + if (file_exists("{$g['vardb_path']}/dhcp6c_duid") && + ($fd = fopen("{$g['vardb_path']}/dhcp6c_duid", "r"))) { if(filesize("{$g['vardb_path']}/dhcp6c_duid")==16) { - $buffer = fread($fd,16); + $buffer = fread($fd,16); while($count < 16) { $duid_ASCII .= bin2hex($buffer[$count]); $count++; @@ -2613,6 +2639,6 @@ function get_duid_from_file() if(!is_duid($duid_ASCII)) { return "--:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--"; } - return($duid_ASCII); + return($duid_ASCII); } ?> diff --git a/src/etc/pfSense-rc b/src/etc/pfSense-rc index 7658bf8..2bc0ab8 100755 --- a/src/etc/pfSense-rc +++ b/src/etc/pfSense-rc @@ -158,6 +158,9 @@ if [ -n "${MOVE_PKG_DATA}" -o "${USE_MFS_TMPVAR}" = "true" ]; then ln -sf ../../root/var/cache/pkg /var/cache/pkg fi +# Restore contents of the RAM disk store +/etc/rc.restore_ramdisk_store + # Make sure /home exists [ -d /home ] \ || mkdir /home diff --git a/src/etc/pfSense-rc.shutdown b/src/etc/pfSense-rc.shutdown index dc6221f..0f7b48c 100755 --- a/src/etc/pfSense-rc.shutdown +++ b/src/etc/pfSense-rc.shutdown @@ -50,4 +50,5 @@ if [ "${USE_MFS_TMPVAR}" = "true" ] || [ "${DISK_TYPE}" = "md" ]; then /etc/rc.backup_aliastables.sh /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh + /etc/rc.backup_logs.sh fi diff --git a/src/etc/rc.backup_aliastables.sh b/src/etc/rc.backup_aliastables.sh index 7999b0a..b25d20c 100755 --- a/src/etc/rc.backup_aliastables.sh +++ b/src/etc/rc.backup_aliastables.sh @@ -3,18 +3,23 @@ : ${DBPATH:=/var/db/aliastables} : ${CF_CONF_PATH:=/cf/conf} -: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store/${DBPATH}} +: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store} # Save the alias tables database to the RAM disk store. if [ -d "${DBPATH}" ]; then + echo -n "Saving Alias Tables to RAM disk store..."; + if [ ! -d "${RAM_Disk_Store}" ]; then mkdir -p "${RAM_Disk_Store}" fi for aliastablefile in "${DBPATH}"/* ; do filename="$(basename ${aliastablefile})" - if [ ! -f "${RAM_Disk_Store}/${filename}.tgz" ]; then - cd / && /usr/bin/tar -czf "${RAM_Disk_Store}/${filename}.tgz" -C / "${DBPATH}/${filename}" + if [ ! -f "${RAM_Disk_Store}/${filename}.tgz" -o "${RAM_Disk_Store}/${filename}.tgz" -ot "${DBPATH#/}/${filename}" ]; then + [ -f "${RAM_Disk_Store}/${filename}.tgz" ] && /bin/rm -f "${RAM_Disk_Store}/${filename}.tgz" + /usr/bin/tar -czf "${RAM_Disk_Store}/${filename}.tgz" -C / "${DBPATH#/}/${filename}" fi done + + echo "done."; fi diff --git a/src/etc/rc.backup_dhcpleases.sh b/src/etc/rc.backup_dhcpleases.sh index 7a8e741..d7c154a 100755 --- a/src/etc/rc.backup_dhcpleases.sh +++ b/src/etc/rc.backup_dhcpleases.sh @@ -1,6 +1,21 @@ #!/bin/sh -# Save the DHCP lease database to the config path. -if [ -d "/var/dhcpd/var/db" ]; then - cd / && tar -czf /cf/conf/dhcpleases.tgz -C / var/dhcpd/var/db/ +: ${DBPATH:=/var/dhcpd/var/db} +: ${CF_CONF_PATH:=/cf/conf} + +: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store} + +# Save the DHCP lease database to the RAM disk store. +if [ -d "${DBPATH}" ]; then + echo -n "Saving DHCP Leases to RAM disk store..."; + + [ -f "${RAM_Disk_Store}/dhcpleases.tgz" ] && /bin/rm -f "${RAM_Disk_Store}/dhcpleases.tgz" + + if [ ! -d "${RAM_Disk_Store}" ]; then + mkdir -p "${RAM_Disk_Store}" + fi + + /usr/bin/tar -czf "${RAM_Disk_Store}/dhcpleases.tgz" -C / "${DBPATH#/}/" + + echo "done."; fi diff --git a/src/etc/rc.backup_logs.sh b/src/etc/rc.backup_logs.sh new file mode 100755 index 0000000..89495e5 --- /dev/null +++ b/src/etc/rc.backup_logs.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# +# rc.backup_logs.sh +# +# part of pfSense (https://www.pfsense.org) +# Copyright (c) 2016 Rubicon Communications, LLC (Netgate) +# All rights reserved. +# +# Based on src/etc/rc.d/savecore from FreeBSD +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +: ${DBPATH:=/var/log} +: ${CF_CONF_PATH:=/cf/conf} + +: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store} + +# Save the logs database to the RAM disk store. +if [ -d "${DBPATH}" ]; then + echo -n "Saving Logs to RAM disk store..."; + + [ -f "${RAM_Disk_Store}/logs.tgz" ] && /bin/rm -f "${RAM_Disk_Store}/logs.tgz" + + if [ ! -d "${RAM_Disk_Store}" ]; then + mkdir -p "${RAM_Disk_Store}" + fi + + /usr/bin/tar -czf "${RAM_Disk_Store}/logs.tgz" -C / "${DBPATH#/}/" + + echo "done."; +fi diff --git a/src/etc/rc.backup_rrd.sh b/src/etc/rc.backup_rrd.sh index 873652f..ca3d67c 100755 --- a/src/etc/rc.backup_rrd.sh +++ b/src/etc/rc.backup_rrd.sh @@ -1,26 +1,21 @@ #!/bin/sh -: ${RRDDBPATH:=/var/db/rrd} +: ${DBPATH:=/var/db/rrd} : ${CF_CONF_PATH:=/cf/conf} -# Save the rrd databases to the config path. -if [ -d "${RRDDBPATH}" ]; then - [ -f "${CF_CONF_PATH}/rrd.tgz" ] && /bin/rm -f "${CF_CONF_PATH}"/rrd.tgz +: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store} - tgzlist="" +# Save the rrd databases to the RAM disk store. +if [ -d "${DBPATH}" ]; then + echo -n "Saving RRD to RAM disk store..."; - for rrdfile in "${RRDDBPATH}"/*.rrd ; do - xmlfile="${rrdfile%.rrd}.xml" - tgzfile="${rrdfile%.rrd}.tgz" - /usr/bin/nice -n20 /usr/local/bin/rrdtool dump "$rrdfile" "$xmlfile" - /usr/bin/tar -czf "${tgzfile}" -C / ${xmlfile#/} - /bin/rm -f ${xmlfile} - tgzlist="${tgzlist} @${tgzfile}" - done + [ -f "${RAM_Disk_Store}/rrd.tgz" ] && /bin/rm -f "${RAM_Disk_Store}/rrd.tgz" - if [ -n "${tgzlist}" ]; then - /usr/bin/tar -czf "${CF_CONF_PATH}/rrd.tgz" -C / ${tgzlist} - /bin/rm -f "${RRDDBPATH}"/*.tgz + if [ ! -d "${RAM_Disk_Store}" ]; then + mkdir -p "${RAM_Disk_Store}" fi -fi + /usr/bin/tar -czf "${RAM_Disk_Store}/rrd.tgz" -C / "${DBPATH#/}/" + + echo "done."; +fi diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index 5629102..8fe9b16 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -176,8 +176,10 @@ interfaces_loopback_configure(); /* start syslogd */ system_syslogd_start(); -/* restore alias tables */ -restore_aliastables(); +/* Log the RAM disk restore messages. */ +if (file_exists("/var/log/restore_ramdisk_store.boot")) { + exec("logger -f /var/log/restore_ramdisk_store.boot"); +} echo "Starting Secure Shell Services..."; send_event("service reload sshd"); diff --git a/src/etc/rc.reboot b/src/etc/rc.reboot index e48f927..c547456 100755 --- a/src/etc/rc.reboot +++ b/src/etc/rc.reboot @@ -44,6 +44,7 @@ if [ "${USE_MFS_TMPVAR}" = "true" ] || [ "${DISK_TYPE}" = "md" ]; then /etc/rc.backup_aliastables.sh /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh + /etc/rc.backup_logs.sh fi sleep 1 diff --git a/src/etc/rc.restore_ramdisk_store b/src/etc/rc.restore_ramdisk_store new file mode 100755 index 0000000..cd33324 --- /dev/null +++ b/src/etc/rc.restore_ramdisk_store @@ -0,0 +1,82 @@ +#!/bin/sh +# +# rc.restore_ramdisk_store +# +# part of pfSense (https://www.pfsense.org) +# Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) +# All rights reserved. +# +# Based on src/etc/rc.d/savecore from FreeBSD +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Wildcard file existence check function +wildcard_file_exists() { + for file in "$1"; do + if [ -f "$file" ]; then + return 0 + fi + done + return 1 +} + +: ${DBPATH:=/var/dhcpd/var/db} +: ${CF_CONF_PATH:=/cf/conf} + +: ${RAM_Disk_Store:=${CF_CONF_PATH}/RAM_Disk_Store} + +# See if there are any backup files (*.tgz) in the RAM disk store. If so, restore them. +if wildcard_file_exists "${RAM_Disk_Store}/"*".tgz"; then + + mesg="Restoring contents of RAM disk store..." + echo -n "$mesg" + + USE_MFS_TMPVAR=$(/usr/local/sbin/read_xml_tag.sh boolean system/use_mfs_tmpvar) + + # Restore the ram disk + for backup_file in "${RAM_Disk_Store}/"*".tgz"; do + if [ -f "$backup_file" ]; then + /usr/bin/tar -xzf "${backup_file}" -C / 2>&1 + exit_code=$? + if [ $exit_code -ne 0 ]; then + mesg="$mesg\nRAM disk restore failed: exit code $exit_code: $backup_file" + error=1; + continue + fi + + mesg="$mesg\nRAM disk restore succeeded: $backup_file" + + #If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. + if [ "${USE_MFS_TMPVAR}" != "true" ]; then + /bin/rm -f "${backup_file}" + fi + fi + done + + if [ $error ]; then + mesg="$mesg\nRAM disk restore failed." + echo " error."; + else + mesg="$mesg\nRAM disk restore succeeded." + echo " done."; + fi + + /bin/mkdir -p /var/log/ + printf "$mesg" > /var/log/restore_ramdisk_store.boot + + # See if there are any backup files (*.tgz) in the RAM disk store. If not, and no error, clean up. + if ! wildcard_file_exists "${RAM_Disk_Store}/"*".tgz" && [ ! $error ]; then + /bin/rmdir "$RAM_Disk_Store" >/dev/null 2>&1 + /bin/rm -f /var/log/restore_ramdisk_store.boot + fi +fi diff --git a/src/usr/local/www/crash_reporter.php b/src/usr/local/www/crash_reporter.php index 9a74c3e..4bb2ad7 100644 --- a/src/usr/local/www/crash_reporter.php +++ b/src/usr/local/www/crash_reporter.php @@ -103,8 +103,10 @@ exec("/bin/cat /tmp/PHP_errors.log", $php_errors); if (count($php_errors) > 0) { $crash_reports .= "\nPHP Errors:\n"; $crash_reports .= implode("\n", $php_errors) . "\n\n"; + } else { + $crash_reports .= "\nNo PHP errors found.\n"; } - if (is_array($crash_files)) { + if (count($crash_files) > 0) { foreach ($crash_files as $cf) { if (filesize($cf) < FILE_SIZE) { $crash_reports .= "\nFilename: {$cf}\n"; @@ -112,7 +114,7 @@ exec("/bin/cat /tmp/PHP_errors.log", $php_errors); } } } else { - echo gettext("Could not locate any crash data."); + $crash_reports .= "\nNo FreeBSD crash data found.\n"; } ?> <div class="panel panel-default"> diff --git a/src/usr/local/www/css/pfSense-BETA.css b/src/usr/local/www/css/pfSense-BETA.css index 4550601..dbf35a4 100644 --- a/src/usr/local/www/css/pfSense-BETA.css +++ b/src/usr/local/www/css/pfSense-BETA.css @@ -86,3 +86,10 @@ a.fa, i.fa { .ui-widget { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; } + +/** This style adds a gray outline around unchecked checkboxes to +make them more visible. Unfortunately the exact alignment of those +outlines varies considerably with browser/OS **/ +input[type="checkbox"]:not(:checked) { + outline: 1px solid #888888; +} diff --git a/src/usr/local/www/css/pfSense.css b/src/usr/local/www/css/pfSense.css index 8622c17..6c43c24 100644 --- a/src/usr/local/www/css/pfSense.css +++ b/src/usr/local/www/css/pfSense.css @@ -977,7 +977,3 @@ svg { .colspanth { background-color: #eeeeee; } - -input[type="checkbox"]{ - outline: 1px solid #888888; -} diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index 55069d8..ec98e15 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -48,15 +48,8 @@ if ($_POST) { $retval = 0; /* reload all components that use aliases */ - $retval = filter_configure(); + $retval |= filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = "success"; - } else { - $savemsg = $retval; - $class = "danger"; - } if ($retval == 0) { clear_subsystem_dirty('aliases'); } @@ -99,8 +92,7 @@ if ($_GET['act'] == "del") { // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if ($is_alias_referenced == true) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s."), htmlspecialchars($referenced_by)); - $class = "danger"; + $delete_error = sprintf(gettext("Cannot delete alias. Currently in use by %s."), htmlspecialchars($referenced_by)); } else { if (preg_match("/urltable/i", $a_aliases[$_GET['id']]['type'])) { // this is a URL table type alias, delete its file as well @@ -173,8 +165,11 @@ $shortcut_section = "aliases"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, $class); +if ($delete_error) { + print_info_box($delete_error, 'danger'); +} +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('aliases')) { diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php index 3fd7c36..681c981 100644 --- a/src/usr/local/www/firewall_nat.php +++ b/src/usr/local/www/firewall_nat.php @@ -86,7 +86,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/apply"); @@ -186,8 +185,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Port Forward")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_1to1.php b/src/usr/local/www/firewall_nat_1to1.php index 5ae075b..87f9169 100644 --- a/src/usr/local/www/firewall_nat_1to1.php +++ b/src/usr/local/www/firewall_nat_1to1.php @@ -68,7 +68,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('natconf'); @@ -122,8 +121,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("1:1")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_npt.php b/src/usr/local/www/firewall_nat_npt.php index b585d99..e2d7856 100644 --- a/src/usr/local/www/firewall_nat_npt.php +++ b/src/usr/local/www/firewall_nat_npt.php @@ -69,7 +69,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('natconf'); @@ -122,8 +121,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("NPt")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_out.php b/src/usr/local/www/firewall_nat_out.php index 6915780..a09988c 100644 --- a/src/usr/local/www/firewall_nat_out.php +++ b/src/usr/local/www/firewall_nat_out.php @@ -82,12 +82,6 @@ if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - } else { - $savemsg = $retval; - } - if ($retval == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); @@ -139,7 +133,7 @@ if ($_POST['save']) { } } } - $savemsg = gettext("Default rules for each interface have been created."); + $default_rules_msg = gettext("Default rules for each interface have been created."); unset($FilterIflist, $GatewaysList); } @@ -206,8 +200,12 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Outbound")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($default_rules_msg) { + print_info_box($default_rules_msg, 'success'); +} + +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_shaper.php b/src/usr/local/www/firewall_shaper.php index 82410cc..ef50e8b 100644 --- a/src/usr/local/www/firewall_shaper.php +++ b/src/usr/local/www/firewall_shaper.php @@ -121,19 +121,11 @@ if ($_GET) { } if (write_config()) { + $changes_applied = true; $retval = 0; $retval |= filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } } else { - $savemsg = gettext("Unable to write config.xml (Access Denied?)."); - $class = 'warning'; + $no_write_config_msg = gettext("Unable to write config.xml (Access Denied?)."); } $dfltmsg = true; @@ -280,17 +272,9 @@ if ($_POST) { } } else if ($_POST['apply']) { write_config(); - + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); /* reset rrd queues */ system("rm -f /var/db/rrd/*queuedrops.rrd"); @@ -369,8 +353,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($no_write_config_msg) { + print_info_box($no_write_config_msg, 'danger'); +} + +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { @@ -452,7 +440,7 @@ if (!$dfltmsg && $sform) { </table> </div> -<?php if (empty(get_interface_list_to_show())): ?> +<?php if (empty(get_interface_list_to_show()) && (!is_array($altq_list_queues) || (count($altq_list_queues) == 0))): ?> <div> <div class="infoblock blockopen"> <?php print_info_box(gettext("This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping."), 'danger', false); ?> diff --git a/src/usr/local/www/firewall_shaper_queues.php b/src/usr/local/www/firewall_shaper_queues.php index 0bdb99e..a25c470 100644 --- a/src/usr/local/www/firewall_shaper_queues.php +++ b/src/usr/local/www/firewall_shaper_queues.php @@ -167,15 +167,7 @@ if ($_POST['apply']) { $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'alert-success'; - } else { - $savemsg = $retval; - $class = 'alert-danger'; - } + $retval |= filter_configure(); /* reset rrd queues */ system("rm -f /var/db/rrd/*queuedrops.rrd"); @@ -198,8 +190,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { @@ -231,7 +223,7 @@ display_top_tabs($tab_array); </div> </form> -<?php if (empty(get_interface_list_to_show())): ?> +<?php if (empty(get_interface_list_to_show()) && (!is_array($altq_list_queues) || (count($altq_list_queues) == 0))): ?> <div> <div class="infoblock blockopen"> <?php print_info_box(gettext("This firewall does not have any interfaces assigned that are capable of using ALTQ traffic shaping."), 'danger', false); ?> diff --git a/src/usr/local/www/firewall_shaper_vinterface.php b/src/usr/local/www/firewall_shaper_vinterface.php index 74526e9..5de573f 100644 --- a/src/usr/local/www/firewall_shaper_vinterface.php +++ b/src/usr/local/www/firewall_shaper_vinterface.php @@ -134,20 +134,11 @@ if ($_GET) { } } if (write_config()) { + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") != true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'danger'; - } - + $retval |= filter_configure(); } else { - $savemsg = gettext("Unable to write config.xml (Access Denied?)."); - $class = 'danger'; + $no_write_config_msg = gettext("Unable to write config.xml (Access Denied?)."); } $dfltmsg = true; @@ -271,16 +262,9 @@ if ($_POST) { } else if ($_POST['apply']) { write_config(); + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") != true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'danger'; - } + $retval |= filter_configure(); /* XXX: TODO Make dummynet pretty graphs */ // enable_rrd_graphing(); @@ -369,8 +353,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($no_write_config_msg) { + print_info_box($no_write_config_msg, 'danger'); +} + +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_shaper_wizards.php b/src/usr/local/www/firewall_shaper_wizards.php index 594ed63..b9d647e 100644 --- a/src/usr/local/www/firewall_shaper_wizards.php +++ b/src/usr/local/www/firewall_shaper_wizards.php @@ -42,14 +42,7 @@ if ($_POST['apply']) { $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); /* reset rrd queues */ unlink_if_exists("/var/db/rrd/*queuedrops.rrd"); @@ -82,8 +75,8 @@ $tab_array[] = array(gettext("Limiters"), false, "firewall_shaper_vinterface.php $tab_array[] = array(gettext("Wizards"), true, "firewall_shaper_wizards.php"); display_top_tabs($tab_array); -if ($savemsg) { - print_info_box($savemsg, $class); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index 33a1f4f..a15a60b 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -79,7 +79,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('vip'); } @@ -240,8 +239,8 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); -} else if ($savemsg) { - print_info_box($savemsg, 'success'); +} else if ($_POST['apply']) { + print_apply_result_box($retval); } else if (is_subsystem_dirty('vip')) { print_apply_box(gettext("The VIP configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); } diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index d4fc383..2d22114 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -158,6 +158,12 @@ $radius_srvcs = array( 'auth' => gettext("Authentication"), 'acct' => gettext("Accounting")); +$radius_protocol = array( + 'PAP' => "PAP", + 'CHAP_MD5' => "MD5-CHAP", + 'MSCHAPv1' => "MS-CHAPv1", + 'MSCHAPv2' => "MS-CHAPv2"); + $netbios_nodetypes = array( '0' => "none", '1' => "b-node", @@ -323,6 +329,27 @@ function print_apply_box($msg) { print_info_box($msg, "warning", "apply", gettext("Apply Changes"), 'fa-check', 'success'); } +// Format and print a box reporting that changes have been applied +// $retval = status value from the functions called to apply the changes +// 0 is good +// non-zero is a problem +// $extra_text = optional extra text to display after the standard message +function print_apply_result_box($retval, $extra_text="") { + $result_msg = get_std_save_message($retval); + if ($retval === 0) { + // 0 is success + $severity = "success"; + } else { + // non-zero means there was some problem + $severity = "warning"; + } + + if (strlen($extra_text) > 0) { + $result_msg .= " " . $extra_text; + } + print_info_box($result_msg, $severity); +} + /* * Print Bootstrap callout * @@ -350,10 +377,16 @@ function print_callout($msg, $class = 'info', $heading = '') { echo $callout; } -function get_std_save_message($ok) { +function get_std_save_message($retval) { $filter_related = false; $filter_pages = array("nat", "filter"); - $to_return = gettext("The changes have been applied successfully."); + if ($retval === 0) { + // 0 is success + $to_return = gettext("The changes have been applied successfully."); + } else { + // non-zero means there was some problem + $to_return = gettext("There was a problem applying the changes. See the <a href=\"status_logs.php\">System Logs</a>."); + } foreach ($filter_pages as $fp) { if (stristr($_SERVER['SCRIPT_FILENAME'], $fp)) { $filter_related = true; @@ -508,7 +541,7 @@ function genhtmltitle($title) { $bc = ""; } - return $heading . $bc; + return $bc; } /* update the changedesc and changecount(er) variables */ diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php index fcb5763..8391461 100755 --- a/src/usr/local/www/interfaces.php +++ b/src/usr/local/www/interfaces.php @@ -407,11 +407,14 @@ if (isset($wancfg['wireless'])) { } +$changes_applied = false; + if ($_POST['apply']) { unset($input_errors); if (!is_subsystem_dirty('interfaces')) { $input_errors[] = gettext("The settings have already been applied!"); } else { + $retval = 0; unlink_if_exists("{$g['tmp_path']}/config.cache"); clear_subsystem_dirty('interfaces'); @@ -440,24 +443,24 @@ if ($_POST['apply']) { } } /* restart snmp so that it binds to correct address */ - services_snmpd_configure(); + $retval |= services_snmpd_configure(); /* sync filter configuration */ setup_gateways_monitor(); clear_subsystem_dirty('interfaces'); - filter_configure(); + $retval |= filter_configure(); enable_rrd_graphing(); + $changes_applied = true; + if (is_subsystem_dirty('staticroutes') && (system_routing_configure() == 0)) { clear_subsystem_dirty('staticroutes'); } } @unlink("{$g['tmp_path']}/.interfaces.apply"); - header("Location: interfaces.php?if={$if}"); - exit; } else if ($_POST) { unset($input_errors); @@ -1695,11 +1698,10 @@ if (is_subsystem_dirty('interfaces')) { gettext("Don't forget to adjust the DHCP Server range if needed after applying.")); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } - $form = new Form(); $section = new Form_Section('General Configuration'); diff --git a/src/usr/local/www/interfaces_assign.php b/src/usr/local/www/interfaces_assign.php index b647fea..26b7a88 100644 --- a/src/usr/local/www/interfaces_assign.php +++ b/src/usr/local/www/interfaces_assign.php @@ -244,7 +244,7 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { write_config(); - $savemsg = gettext("Interface has been added."); + $action_msg = gettext("Interface has been added."); $class = "success"; } @@ -255,15 +255,9 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { } else { write_config(); - $retval = filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = "success"; - } else { - $savemsg = $retval; - $class = "danger"; - } + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); } } else if (isset($_POST['Submit'])) { @@ -438,7 +432,7 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { link_interface_to_vlans($realid, "update"); - $savemsg = gettext("Interface has been deleted."); + $action_msg = gettext("Interface has been deleted."); $class = "success"; } } @@ -464,14 +458,14 @@ include("head.inc"); if (file_exists("/var/run/interface_mismatch_reboot_needed")) { if ($_POST) { if ($rebootingnow) { - $savemsg = gettext("The system is now rebooting. Please wait."); + $action_msg = gettext("The system is now rebooting. Please wait."); $class = "success"; } else { $applymsg = gettext("Reboot is needed. Please apply the settings in order to reboot."); $class = "warning"; } } else { - $savemsg = gettext("Interface mismatch detected. Please resolve the mismatch, save and then click 'Apply Changes'. The firewall will reboot afterwards."); + $action_msg = gettext("Interface mismatch detected. Please resolve the mismatch, save and then click 'Apply Changes'. The firewall will reboot afterwards."); $class = "warning"; } } @@ -482,8 +476,10 @@ if (file_exists("/tmp/reload_interfaces")) { echo "<br /></p>\n"; } elseif ($applymsg) { print_apply_box($applymsg); -} elseif ($savemsg) { - print_info_box($savemsg, $class); +} elseif ($action_msg) { + print_info_box($action_msg, $class); +} elseif ($changes_applied) { + print_apply_result_box($retval); } pfSense_handle_custom_code("/usr/local/pkg/interfaces_assign/pre_input_errors"); diff --git a/src/usr/local/www/load_balancer_monitor.php b/src/usr/local/www/load_balancer_monitor.php index a6875ca..f85f972 100644 --- a/src/usr/local/www/load_balancer_monitor.php +++ b/src/usr/local/www/load_balancer_monitor.php @@ -43,7 +43,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } } @@ -79,8 +78,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_pool.php b/src/usr/local/www/load_balancer_pool.php index d9788cd..48b33ee 100644 --- a/src/usr/local/www/load_balancer_pool.php +++ b/src/usr/local/www/load_balancer_pool.php @@ -47,7 +47,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } } @@ -93,8 +92,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_setting.php b/src/usr/local/www/load_balancer_setting.php index 9ae4a95..a8470c3 100644 --- a/src/usr/local/www/load_balancer_setting.php +++ b/src/usr/local/www/load_balancer_setting.php @@ -46,7 +46,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { unset($input_errors); @@ -92,8 +91,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_virtual_server.php b/src/usr/local/www/load_balancer_virtual_server.php index f07c7ac..8082203 100644 --- a/src/usr/local/www/load_balancer_virtual_server.php +++ b/src/usr/local/www/load_balancer_virtual_server.php @@ -45,7 +45,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); /* Wipe out old relayd anchors no longer in use. */ cleanup_lb_marked(); clear_subsystem_dirty('loadbalancer'); @@ -113,8 +112,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index 8e37a1e..79cfee3 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -76,7 +76,6 @@ if ($_POST) { mwexec("/sbin/ipfw {$g['tmp_path']}/passthrumac_gui"); @unlink("{$g['tmp_path']}/passthrumac_gui"); } - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('passthrumac'); } @@ -152,8 +151,8 @@ if ($_GET['act'] == "del") { include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('passthrumac')) { diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index 426f1c3..db5ce1c 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -610,39 +610,38 @@ if (isset($_POST['save'])) { } if ((isset($_POST['save']) || isset($_POST['apply'])) && (!$input_errors)) { + $changes_applied = true; $retval = 0; $retvaldhcp = 0; $retvaldns = 0; /* dnsmasq_configure calls dhcpd_configure */ /* no need to restart dhcpd twice */ if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - $retvaldns = services_dnsmasq_configure(); + $retvaldns |= services_dnsmasq_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { - $retvaldns = services_unbound_configure(); + $retvaldns |= services_unbound_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('unbound'); clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else { - $retvaldhcp = services_dhcpd_configure(); + $retvaldhcp |= services_dhcpd_configure(); if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); } } if ($dhcpd_enable_changed) { - $retvalfc = filter_configure(); + $retvalfc |= filter_configure(); } if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; } - - $savemsg = get_std_save_message($retval); } if ($act == "delpool") { @@ -733,8 +732,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticmaps')) { diff --git a/src/usr/local/www/services_dhcp_relay.php b/src/usr/local/www/services_dhcp_relay.php index e824b44..fc8e367 100644 --- a/src/usr/local/www/services_dhcp_relay.php +++ b/src/usr/local/www/services_dhcp_relay.php @@ -114,10 +114,10 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_dhcrelay_configure(); - $savemsg = get_std_save_message($retval); - filter_configure(); + $retval |= services_dhcrelay_configure(); + $retval |= filter_configure(); } } @@ -135,8 +135,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form; diff --git a/src/usr/local/www/services_dhcpv6.php b/src/usr/local/www/services_dhcpv6.php index 44afcc4..820f89b 100644 --- a/src/usr/local/www/services_dhcpv6.php +++ b/src/usr/local/www/services_dhcpv6.php @@ -44,30 +44,30 @@ function dhcpv6_apply_changes($dhcpdv6_enable_changed) { /* dnsmasq_configure calls dhcpd_configure */ /* no need to restart dhcpd twice */ if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - $retvaldns = services_dnsmasq_configure(); + $retvaldns |= services_dnsmasq_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { - $retvaldns = services_unbound_configure(); + $retvaldns |= services_unbound_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('unbound'); clear_subsystem_dirty('staticmaps'); } } else { - $retvaldhcp = services_dhcpd_configure(); + $retvaldhcp |= services_dhcpd_configure(); if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); } } if ($dhcpdv6_enable_changed) { - $retvalfc = filter_configure(); + $retvalfc |= filter_configure(); } if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; } - return get_std_save_message($retval); + return $retval; } if (!$g['services_dhcp_server_enable']) { @@ -184,7 +184,8 @@ if (is_array($dhcrelaycfg) && isset($dhcrelaycfg['enable']) && isset($dhcrelaycf } if (isset($_POST['apply'])) { - $savemsg = dhcpv6_apply_changes(false); + $changes_applied = true; + $retval = dhcpv6_apply_changes(false); } elseif (isset($_POST['save'])) { unset($input_errors); @@ -459,7 +460,8 @@ if (isset($_POST['apply'])) { write_config(); - $savemsg = dhcpv6_apply_changes($dhcpdv6_enable_changed); + $changes_applied = true; + $retval = dhcpv6_apply_changes($dhcpdv6_enable_changed); } } @@ -492,8 +494,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticmaps')) { diff --git a/src/usr/local/www/services_dhcpv6_relay.php b/src/usr/local/www/services_dhcpv6_relay.php index b6f1964..8f4135b 100644 --- a/src/usr/local/www/services_dhcpv6_relay.php +++ b/src/usr/local/www/services_dhcpv6_relay.php @@ -115,9 +115,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_dhcrelay6_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_dhcrelay6_configure(); } } @@ -135,8 +135,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form; diff --git a/src/usr/local/www/services_dnsmasq.php b/src/usr/local/www/services_dnsmasq.php index fb74e7b..2885edd 100644 --- a/src/usr/local/www/services_dnsmasq.php +++ b/src/usr/local/www/services_dnsmasq.php @@ -113,8 +113,7 @@ domains_sort(); if ($_POST) { if ($_POST['apply']) { $retval = 0; - $retval = services_dnsmasq_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_dnsmasq_configure(); // Reload filter (we might need to sync to CARP hosts) filter_configure(); @@ -232,8 +231,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('hosts')) { diff --git a/src/usr/local/www/services_igmpproxy.php b/src/usr/local/www/services_igmpproxy.php index f3b8775..5de6aa1 100644 --- a/src/usr/local/www/services_igmpproxy.php +++ b/src/usr/local/www/services_igmpproxy.php @@ -42,15 +42,10 @@ $a_igmpproxy = &$config['igmpproxy']['igmpentry']; if ($_POST) { $pconfig = $_POST; + $changes_applied = true; $retval = 0; /* reload all components that use igmpproxy */ - $retval = services_igmpproxy_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - } else { - $savemsg = $retval; - } + $retval |= services_igmpproxy_configure(); clear_subsystem_dirty('igmpproxy'); } @@ -68,8 +63,8 @@ if ($_GET['act'] == "del") { $pgtitle = array(gettext("Services"), gettext("IGMP Proxy")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('igmpproxy')) { diff --git a/src/usr/local/www/services_ntpd.php b/src/usr/local/www/services_ntpd.php index 808d432..47804c5 100644 --- a/src/usr/local/www/services_ntpd.php +++ b/src/usr/local/www/services_ntpd.php @@ -151,9 +151,9 @@ if ($_POST) { write_config("Updated NTP Server Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -192,8 +192,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_ntpd_acls.php b/src/usr/local/www/services_ntpd_acls.php index 19c057d..ea80ea4 100644 --- a/src/usr/local/www/services_ntpd_acls.php +++ b/src/usr/local/www/services_ntpd_acls.php @@ -150,9 +150,9 @@ if ($_POST) { write_config("Updated NTP ACL Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -165,8 +165,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_ntpd_gps.php b/src/usr/local/www/services_ntpd_gps.php index 971d57e..f06e03e 100644 --- a/src/usr/local/www/services_ntpd_gps.php +++ b/src/usr/local/www/services_ntpd_gps.php @@ -154,8 +154,9 @@ if ($_POST) { write_config(gettext("Updated NTP GPS Settings")); - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= system_ntp_configure(); } else { /* set defaults if they do not already exist */ if (!is_array($config['ntpd']) || !is_array($config['ntpd']['gps']) || empty($config['ntpd']['gps']['type'])) { @@ -192,6 +193,10 @@ $pgtitle = array(gettext("Services"), gettext("NTP"), gettext("Serial GPS")); $shortcut_section = "ntp"; include("head.inc"); +if ($changes_applied) { + print_apply_result_box($retval); +} + $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "services_ntpd.php"); $tab_array[] = array(gettext("ACLs"), false, "services_ntpd_acls.php"); diff --git a/src/usr/local/www/services_ntpd_pps.php b/src/usr/local/www/services_ntpd_pps.php index da987f7..c3d70df 100644 --- a/src/usr/local/www/services_ntpd_pps.php +++ b/src/usr/local/www/services_ntpd_pps.php @@ -91,9 +91,9 @@ if ($_POST) { write_config("Updated NTP PPS Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -107,8 +107,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_pppoe.php b/src/usr/local/www/services_pppoe.php index a8b0f03..85b3531 100644 --- a/src/usr/local/www/services_pppoe.php +++ b/src/usr/local/www/services_pppoe.php @@ -59,7 +59,6 @@ if ($_POST) { } $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('vpnpppoe'); } } @@ -83,8 +82,8 @@ $pgtitle = array(gettext("Services"), gettext("PPPoE Server")); $shortcut_section = "pppoes"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('vpnpppoe')) { diff --git a/src/usr/local/www/services_router_advertisements.php b/src/usr/local/www/services_router_advertisements.php index e369d37..367aedb 100644 --- a/src/usr/local/www/services_router_advertisements.php +++ b/src/usr/local/www/services_router_advertisements.php @@ -54,7 +54,7 @@ if ($config['installedpackages']['olsrd']) { } if (!$_GET['if']) { - $savemsg = gettext("The DHCPv6 Server can only be enabled on interfaces configured with static, non unique local IP addresses.") . "<br />" . + $info_msg = gettext("The DHCPv6 Server can only be enabled on interfaces configured with static, non unique local IP addresses.") . "<br />" . gettext("Only interfaces configured with a static IP will be shown."); } @@ -243,8 +243,9 @@ if ($_POST) { } write_config(); - $retval = services_radvd_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= services_radvd_configure(); } } @@ -261,8 +262,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); +} + +if ($info_msg) { + print_info_box($info_msg, 'success'); } /* active tabs */ diff --git a/src/usr/local/www/services_snmp.php b/src/usr/local/www/services_snmp.php index e138300..0811cc9 100644 --- a/src/usr/local/www/services_snmp.php +++ b/src/usr/local/www/services_snmp.php @@ -163,9 +163,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_snmpd_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_snmpd_configure(); } } @@ -202,8 +202,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form(); diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index 6067941..c2ba2b7 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -88,8 +88,8 @@ if (empty($a_unboundcfg['system_domain_local_zone_type'])) { if ($_POST) { if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -244,8 +244,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php index 1174202..31e2180 100644 --- a/src/usr/local/www/services_unbound_acls.php +++ b/src/usr/local/www/services_unbound_acls.php @@ -99,8 +99,8 @@ if ($_POST) { } if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -185,8 +185,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php index 14bb376..1f869de 100644 --- a/src/usr/local/www/services_unbound_advanced.php +++ b/src/usr/local/www/services_unbound_advanced.php @@ -77,8 +77,8 @@ if (isset($config['unbound']['use_caps'])) { if ($_POST) { if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -192,8 +192,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/status_lb_pool.php b/src/usr/local/www/status_lb_pool.php index 911e891..7d22242 100644 --- a/src/usr/local/www/status_lb_pool.php +++ b/src/usr/local/www/status_lb_pool.php @@ -68,7 +68,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { /* Keep a list of servers we find in POST variables */ @@ -110,6 +109,10 @@ if (is_subsystem_dirty('loadbalancer')) { print_apply_box(gettext("The load balancer configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); } +if ($_POST['apply']) { + print_apply_result_box($retval); +} + /* active tabs */ $tab_array = array(); $tab_array[] = array(gettext("Pools"), true, "status_lb_pool.php"); diff --git a/src/usr/local/www/status_logs.php b/src/usr/local/www/status_logs.php index 7435974..74f94a9 100644 --- a/src/usr/local/www/status_logs.php +++ b/src/usr/local/www/status_logs.php @@ -99,8 +99,8 @@ if (in_array($logfile, array('system', 'gateways', 'routing', 'resolver', 'wirel } include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } diff --git a/src/usr/local/www/status_logs_common.inc b/src/usr/local/www/status_logs_common.inc index f35b9a2..be05902 100644 --- a/src/usr/local/www/status_logs_common.inc +++ b/src/usr/local/www/status_logs_common.inc @@ -584,8 +584,10 @@ function manage_log_code() { return; } - global $logfile, $specific_log, $config, $pconfig, $save_settings, $input_errors, $savemsg; + global $logfile, $specific_log, $config, $pconfig, $save_settings, $input_errors, $extra_save_msg, $retval, $changes_applied; + $changes_applied = false; + $extra_save_msg = ""; $specific_log = basename($logfile) . '_settings'; // Common to All Logs @@ -711,28 +713,27 @@ function manage_log_code() { } } + $retval = 0; + $changes_applied = true; // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). - if ($logging_changed) { - write_config($desc = gettext("Log Display Settings Saved: ") . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); - $retval = 0; - $retval = system_syslogd_start(); - $savemsg = gettext("The changes have been applied successfully."); - } else { - write_config($desc = gettext("Log Display Settings Saved (no backup, no sync): ") . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); - $savemsg = ''; - } + if ($logging_changed) { + write_config($desc = gettext("Log Display Settings Saved: ") . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); + system_syslogd_start(); + } else { + write_config($desc = gettext("Log Display Settings Saved (no backup, no sync): ") . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); + } // Specific to System General (main) Log - if ($logfile == 'system') { - if ($nginx_logging_changed) { - ob_flush(); - flush(); - log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - send_event("service restart webgui"); - $savemsg .= "<br />" . gettext("WebGUI process is restarting."); + if ($logfile == 'system') { + if ($nginx_logging_changed) { + ob_flush(); + flush(); + log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); + send_event("service restart webgui"); + $extra_save_msg = gettext("WebGUI process is restarting."); + } } - } // Specific to Firewall Log if ($logfile == 'filter') { @@ -740,8 +741,6 @@ function manage_log_code() { require_once("filter.inc"); $retval |= filter_configure(); filter_pflog_start(true); - - $savemsg = get_std_save_message($retval); } } } diff --git a/src/usr/local/www/status_logs_filter.php b/src/usr/local/www/status_logs_filter.php index 4c37c91..2f1b86e 100644 --- a/src/usr/local/www/status_logs_filter.php +++ b/src/usr/local/www/status_logs_filter.php @@ -102,12 +102,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_filter_dynamic.php b/src/usr/local/www/status_logs_filter_dynamic.php index 4ea4d4a..04d70c2 100644 --- a/src/usr/local/www/status_logs_filter_dynamic.php +++ b/src/usr/local/www/status_logs_filter_dynamic.php @@ -82,12 +82,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_filter_summary.php b/src/usr/local/www/status_logs_filter_summary.php index 124d190..333c97e 100644 --- a/src/usr/local/www/status_logs_filter_summary.php +++ b/src/usr/local/www/status_logs_filter_summary.php @@ -67,12 +67,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_settings.php b/src/usr/local/www/status_logs_settings.php index 33881ed..add7a80 100644 --- a/src/usr/local/www/status_logs_settings.php +++ b/src/usr/local/www/status_logs_settings.php @@ -80,7 +80,7 @@ function is_valid_syslog_server($target) { if ($_POST['resetlogs'] == gettext("Reset Log Files")) { clear_all_log_files(true); - $savemsg .= gettext("The log files have been reset."); + $reset_msg = gettext("The log files have been reset."); } elseif ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -162,8 +162,9 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { write_config(); + $changes_applied = true; $retval = 0; - $retval = system_syslogd_start(); + system_syslogd_start(); if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || @@ -171,14 +172,12 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $retval |= filter_configure(); } - $savemsg = get_std_save_message($retval); - if ($oldnolognginx !== isset($config['syslog']['nolognginx'])) { ob_flush(); flush(); log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); send_event("service restart webgui"); - $savemsg .= "<br />" . gettext("WebGUI process is restarting."); + $extra_save_msg = gettext("WebGUI process is restarting."); } filter_pflog_start(true); @@ -204,8 +203,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($reset_msg) { + print_info_box($reset_msg, 'success'); +} + +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); } $tab_array = array(); diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index 07afc46..858ca00 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -349,8 +349,9 @@ if ($_POST) { write_config($changedesc); } + $changes_applied = true; $retval = 0; - $retval = system_hostname_configure(); + $retval |= system_hostname_configure(); $retval |= system_hosts_generate(); $retval |= system_resolvconf_generate(); if (isset($config['dnsmasq']['enable'])) { @@ -367,8 +368,6 @@ if ($_POST) { // Reload the filter - plugins might need to be run. $retval |= filter_configure(); - - $savemsg = get_std_save_message($retval); } unset($ignore_posted_dnsgw); @@ -381,8 +380,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } ?> <div id="container"> diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php index b7207c4..d0da2a3 100644 --- a/src/usr/local/www/system_advanced_admin.php +++ b/src/usr/local/www/system_advanced_admin.php @@ -263,11 +263,12 @@ if ($_POST) { write_config(); - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); if ($restart_webgui) { - $savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."), $url); + $extra_save_msg = sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."), $url); } setup_serial_port(); @@ -287,8 +288,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php index 1d0e811..e74d8f5 100644 --- a/src/usr/local/www/system_advanced_firewall.php +++ b/src/usr/local/www/system_advanced_firewall.php @@ -356,15 +356,9 @@ if ($_POST) { killbypid("{$g['varrun_path']}/filterdns.pid"); } + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); } } @@ -374,8 +368,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 796a32b..3d1268b 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -251,6 +251,13 @@ if ($_POST) { unset($config['system']['dhcpbackup']); } } + if (isset($_POST['logsbackup'])) { + if (($_POST['logsbackup'] > 0) && ($_POST['logsbackup'] <= 24)) { + $config['system']['logsbackup'] = intval($_POST['logsbackup']); + } else { + unset($config['system']['logsbackup']); + } + } // Add/Remove RAM disk periodic backup cron jobs according to settings and installation type. // Remove the cron jobs on full install if not using RAM disk. @@ -258,21 +265,19 @@ if ($_POST) { if (!isset($config['system']['use_mfs_tmpvar'])) { install_cron_job("/etc/rc.backup_rrd.sh", false); install_cron_job("/etc/rc.backup_dhcpleases.sh", false); + install_cron_job("/etc/rc.backup_logs.sh", false); } else { install_cron_job("/etc/rc.backup_rrd.sh", ($config['system']['rrdbackup'] > 0), $minute="0", "*/{$config['system']['rrdbackup']}"); install_cron_job("/etc/rc.backup_dhcpleases.sh", ($config['system']['dhcpbackup'] > 0), $minute="0", "*/{$config['system']['dhcpbackup']}"); + install_cron_job("/etc/rc.backup_logs.sh", ($config['system']['logsbackup'] > 0), $minute="0", "*/{$config['system']['logsbackup']}"); } write_config(); + $changes_applied = true; $retval = 0; system_resolvconf_generate(true); - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - } else { - $savemsg = gettext($retval); - } + $retval |= filter_configure(); activate_powerd(); load_crypto(); @@ -291,8 +296,8 @@ if ($input_errors) { unset($pconfig['doreboot']); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); @@ -541,6 +546,16 @@ $section->addInput(new Form_Input( 'it can be restored automatically on the next boot. Keep in mind that the more '. 'frequent the backup, the more writes will happen to the media.'); +$section->addInput(new Form_Input( + 'logsbackup', + 'Periodic Logs Backup', + 'number', + $config['system']['logsbackup'], + ['min' => 0, 'max' => 24, 'placeholder' => 'Period between 1 and 24 hours'] +))->setHelp('This will periodically backup the log directory so '. + 'it can be restored automatically on the next boot. Keep in mind that the more '. + 'frequent the backup, the more writes will happen to the media.'); + $form->add($section); $section = new Form_Section('Hardware Settings'); diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index b99dad8..f90240f 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -56,6 +56,14 @@ if ($_POST) { $input_errors[] = gettext("An IP address to NAT IPv6 packets must be specified."); } + if (!empty($_POST['global-v6duid'])) { + $_POST['global-v6duid'] = format_duid($_POST['global-v6duid']); + $pconfig['global-v6duid'] = $_POST['global-v6duid']; + if (!is_duid($_POST['global-v6duid'])) { + $input_errors[] = gettext("A valid DUID must be specified"); + } + } + ob_flush(); flush(); if (!$input_errors) { @@ -85,12 +93,7 @@ if ($_POST) { } if (!empty($_POST['global-v6duid'])) { - $_POST['global-v6duid'] = strtolower(str_replace("-", ":", $_POST['global-v6duid'])); - if (!is_duid($_POST['global-v6duid'])) { - $input_errors[] = gettext("A valid DUID must be specified"); - } else { - $config['system']['global-v6duid'] = $_POST['global-v6duid']; - } + $config['system']['global-v6duid'] = $_POST['global-v6duid']; } else { unset($config['system']['global-v6duid']); } @@ -129,14 +132,9 @@ if ($_POST) { // Set preferred protocol prefer_ipv4_or_ipv6(); - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - $class = 'success'; - } else { - $savemsg = gettext($retval); - $class = 'warning'; - } + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); } } @@ -146,8 +144,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); @@ -171,23 +170,27 @@ $section->addInput(new Form_Checkbox( ))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only '. 'blocks traffic.'); -$group = new Form_Group('IPv6 over IPv4 Tunneling'); + +$group = new Form_Group('IPv6 over IPv4'); + $group->add(new Form_Checkbox( 'ipv6nat_enable', 'IPv6 over IPv4 Tunneling', - 'Enable IPv4 NAT encapsulation of IPv6 packets', + 'Enable IPv6 over IPv4 tunneling', $pconfig['ipv6nat_enable'] )); $group->add(new Form_Input( 'ipv6nat_ipaddr', - 'IP address', + 'IPv4 address of Tunnel Peer', 'text', $pconfig['ipv6nat_ipaddr'] -))->setHelp('Enable IPv4 NAT encapsulation of IPv6 packets. <br/>This provides an '. - 'RFC 2893 compatibility mechanism that can be used to tunneling IPv6 packets over '. - 'IPv4 routing infrastructures. If enabled, don\'t forget to add a firewall rule to '. - 'permit IPv6 packets.'); +)); + +$group->setHelp('These options create an RFC 2893 compatible mechanism for IPv4 NAT encapsulation of IPv6 packets, ' . + 'that can be used to tunnel IPv6 packets over IPv4 routing infrastructures. ' . + 'IPv6 firewall rules are <a href="firewall_rules.php">also required</a>, to control and pass encapsulated traffic.'); + $section->add($group); diff --git a/src/usr/local/www/system_advanced_sysctl.php b/src/usr/local/www/system_advanced_sysctl.php index 3ab51fd..a8556b9 100644 --- a/src/usr/local/www/system_advanced_sysctl.php +++ b/src/usr/local/www/system_advanced_sysctl.php @@ -87,7 +87,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; system_setup_sysctl(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('sysctl'); } @@ -129,8 +128,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('sysctl') && ($act != "edit" )) { diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 7b65c46..93f0c11 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -178,6 +178,7 @@ if ($act == "edit") { } if ($pconfig['type'] == "radius") { + $pconfig['radius_protocol'] = $a_server[$id]['radius_protocol']; $pconfig['radius_host'] = $a_server[$id]['host']; $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port']; $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port']; @@ -208,6 +209,7 @@ if ($act == "edit") { if ($act == "new") { $pconfig['ldap_protver'] = 3; $pconfig['ldap_anon'] = true; + $pconfig['radius_protocol'] = "MSCHAPv2"; $pconfig['radius_srvcs'] = "both"; $pconfig['radius_auth_port'] = "1812"; $pconfig['radius_acct_port'] = "1813"; @@ -247,10 +249,11 @@ if ($_POST) { } if ($pconfig['type'] == "radius") { - $reqdfields = explode(" ", "name type radius_host radius_srvcs"); + $reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Type"), + gettext("Radius Protocol"), gettext("Hostname or IP"), gettext("Services")); @@ -353,6 +356,7 @@ if ($_POST) { if ($server['type'] == "radius") { + $server['radius_protocol'] = $pconfig['radius_protocol']; $server['host'] = $pconfig['radius_host']; if ($pconfig['radius_secret']) { @@ -724,6 +728,13 @@ $form->add($section); $section = new Form_Section('RADIUS Server Settings'); $section->addClass('toggle-radius collapse'); +$section->addInput(new Form_Select( + 'radius_protocol', + 'Protocol', + $pconfig['radius_protocol'], + $radius_protocol +)); + $section->addInput(new Form_Input( 'radius_host', 'Hostname or IP address', diff --git a/src/usr/local/www/system_gateway_groups.php b/src/usr/local/www/system_gateway_groups.php index c8f956d..436faec 100644 --- a/src/usr/local/www/system_gateway_groups.php +++ b/src/usr/local/www/system_gateway_groups.php @@ -49,13 +49,12 @@ if ($_POST) { $retval = 0; - $retval = system_routing_configure(); + $retval |= system_routing_configure(); send_multiple_events(array("service reload dyndnsall", "service reload ipsecdns", "filter reload")); /* reconfigure our gateway monitor */ setup_gateways_monitor(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -106,8 +105,8 @@ $shortcut_section = "gateway-groups"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { diff --git a/src/usr/local/www/system_gateways.php b/src/usr/local/www/system_gateways.php index 9eb95de..2927f0f 100644 --- a/src/usr/local/www/system_gateways.php +++ b/src/usr/local/www/system_gateways.php @@ -53,7 +53,7 @@ if ($_POST) { $retval = 0; - $retval = system_routing_configure(); + $retval |= system_routing_configure(); $retval |= system_resolvconf_generate(); $retval |= filter_configure(); /* reconfigure our gateway monitor */ @@ -61,7 +61,6 @@ if ($_POST) { /* Dynamic DNS on gw groups may have changed */ send_event("service reload dyndnsall"); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -230,8 +229,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index ad07c1c..5c25e59 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -88,19 +88,13 @@ if ($_POST) { } } - $retval = write_config(); - $savemsg = get_std_save_message($retval); + write_config(); pfSenseHeader("system_groupmanager.php?act=edit&groupid={$groupid}"); exit; } } -/* if ajax is calling, give them an update message */ -if (isAjax()) { - print_info_box($savemsg, 'success'); -} - function build_priv_list() { global $spriv_list, $a_group; @@ -123,10 +117,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php"); diff --git a/src/usr/local/www/system_routes.php b/src/usr/local/www/system_routes.php index cac6cce..48925c1 100644 --- a/src/usr/local/www/system_routes.php +++ b/src/usr/local/www/system_routes.php @@ -61,12 +61,11 @@ if ($_POST) { @unlink("{$g['tmp_path']}/.system_routes.apply"); } - $retval = system_routing_configure(); + $retval |= system_routing_configure(); $retval |= filter_configure(); /* reconfigure our gateway monitor */ setup_gateways_monitor(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -218,8 +217,8 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { print_apply_box(gettext("The static route configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php index ee6d416..3b2ec2e 100644 --- a/src/usr/local/www/system_usermanager_addprivs.php +++ b/src/usr/local/www/system_usermanager_addprivs.php @@ -84,8 +84,7 @@ if ($_POST) { $a_user['priv'] = sort_user_privs($a_user['priv']); local_user_set($a_user); - $retval = write_config(); - $savemsg = get_std_save_message($retval); + write_config(); post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); @@ -110,21 +109,12 @@ function build_priv_list() { return($list); } -/* if ajax is calling, give them an update message */ -if (isAjax()) { - print_info_box($savemsg, 'success'); -} - include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php index 64b628d..4a69ad4 100644 --- a/src/usr/local/www/vpn_ipsec.php +++ b/src/usr/local/www/vpn_ipsec.php @@ -50,11 +50,11 @@ $a_phase2 = &$config['ipsec']['phase2']; if ($_POST) { if ($_POST['apply']) { - $retval = vpn_ipsec_configure(); + $ipsec_dynamic_hosts = vpn_ipsec_configure(); /* reload the filter in the background */ - filter_configure(); - $savemsg = get_std_save_message($retval); - if ($retval >= 0) { + $retval = 0; + $retval |= filter_configure(); + if ($ipsec_dynamic_hosts >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -228,13 +228,13 @@ $tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); $tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); - if ($savemsg) { - print_info_box($savemsg, 'success'); - } +if ($_POST['apply']) { + print_apply_result_box($retval); +} - if (is_subsystem_dirty('ipsec')) { - print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); - } +if (is_subsystem_dirty('ipsec')) { + print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); +} ?> <form name="mainform" method="post"> diff --git a/src/usr/local/www/vpn_ipsec_keys.php b/src/usr/local/www/vpn_ipsec_keys.php index 46b2e7a..25acd38 100644 --- a/src/usr/local/www/vpn_ipsec_keys.php +++ b/src/usr/local/www/vpn_ipsec_keys.php @@ -50,10 +50,10 @@ foreach ($config['system']['user'] as $id => $user) { } if (isset($_POST['apply'])) { - $retval = vpn_ipsec_configure(); + vpn_ipsec_configure(); /* reload the filter in the background */ - filter_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= filter_configure(); if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -74,8 +74,8 @@ $shortcut_section = "ipsec"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('ipsec')) { diff --git a/src/usr/local/www/vpn_ipsec_mobile.php b/src/usr/local/www/vpn_ipsec_mobile.php index 05df61d..f9c0dde 100644 --- a/src/usr/local/www/vpn_ipsec_mobile.php +++ b/src/usr/local/www/vpn_ipsec_mobile.php @@ -129,9 +129,8 @@ if ($_POST['create']) { if ($_POST['apply']) { $retval = 0; /* NOTE: #4353 Always restart ipsec when mobile clients settings change */ - $retval = vpn_ipsec_configure(true); - $savemsg = get_std_save_message($retval); - if ($retval >= 0) { + $ipsec_dynamic_hosts = vpn_ipsec_configure(true); + if ($ipsec_dynamic_hosts >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -400,8 +399,8 @@ include("head.inc"); </script> <?php -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('ipsec')) { print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect.")); diff --git a/src/usr/local/www/vpn_ipsec_settings.php b/src/usr/local/www/vpn_ipsec_settings.php index 8d140c3..9e21937 100644 --- a/src/usr/local/www/vpn_ipsec_settings.php +++ b/src/usr/local/www/vpn_ipsec_settings.php @@ -165,20 +165,11 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - $class = 'success'; - } else { - $savemsg = gettext($retval); - $class = 'warning'; - } + $retval |= filter_configure(); vpn_ipsec_configure($needsrestart); - - header("Location: vpn_ipsec_settings.php"); - return; } // The logic value sent by $POST for autoexcludelanaddress is opposite to @@ -213,8 +204,8 @@ function maxmss_checked(obj) { </script> <?php -if ($savemsg) { - print_info_box($savemsg, $class); +if ($changes_applied) { + print_apply_result_box($retval); } if ($input_errors) { diff --git a/src/usr/local/www/vpn_l2tp.php b/src/usr/local/www/vpn_l2tp.php index 1adf21b..29cddc1 100644 --- a/src/usr/local/www/vpn_l2tp.php +++ b/src/usr/local/www/vpn_l2tp.php @@ -159,14 +159,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = vpn_l2tp_configure(); - $savemsg = get_std_save_message($retval); - - /* if ajax is calling, give them an update message */ - if (isAjax()) { - print_info_box($savemsg, 'success'); - } + $retval |= vpn_l2tp_configure(); } } @@ -178,8 +173,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/vpn_l2tp_users.php b/src/usr/local/www/vpn_l2tp_users.php index 3bfaec1..4c31eb8 100644 --- a/src/usr/local/www/vpn_l2tp_users.php +++ b/src/usr/local/www/vpn_l2tp_users.php @@ -44,9 +44,8 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; if (!is_subsystem_dirty('rebootreq')) { - $retval = vpn_l2tp_configure(); + $retval |= vpn_l2tp_configure(); } - $savemsg = get_std_save_message($retval); if ($retval == 0) { if (is_subsystem_dirty('l2tpusers')) { clear_subsystem_dirty('l2tpusers'); @@ -67,8 +66,8 @@ if ($_GET['act'] == "del") { include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (isset($config['l2tp']['radius']['enable'])) { diff --git a/src/usr/local/www/widgets/widgets/services_status.widget.php b/src/usr/local/www/widgets/widgets/services_status.widget.php index 1ef5b5b..864432e 100644 --- a/src/usr/local/www/widgets/widgets/services_status.widget.php +++ b/src/usr/local/www/widgets/widgets/services_status.widget.php @@ -56,8 +56,8 @@ if ($_POST) { array_push($validNames, $service['dispname']); } - if (isset($_POST['servicestatusfilter'])) { - $user_settings['widgets']['servicestatusfilter'] = implode(',', array_intersect($validNames, $_POST['servicestatusfilter'])); + if (is_array($_POST['show'])) { + $user_settings['widgets']['servicestatusfilter'] = implode(',', array_diff($validNames, $_POST['show'])); } else { $user_settings['widgets']['servicestatusfilter'] = ""; } @@ -67,16 +67,17 @@ if ($_POST) { } ?> -<table class="table table-striped table-hover"> -<thead> - <tr> - <th></th> - <th><?=gettext('Service')?></th> - <th><?=gettext('Description')?></th> - <th><?=gettext('Action')?></th> - </tr> -</thead> -<tbody> +<div class="table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> + <tr> + <th></th> + <th><?=gettext('Service')?></th> + <th><?=gettext('Description')?></th> + <th><?=gettext('Action')?></th> + </tr> + </thead> + <tbody> <?php $skipservices = explode(",", $user_settings['widgets']['servicestatusfilter']); @@ -94,67 +95,74 @@ if (count($services) > 0) { $service_desc = explode(".",$service['description']); ?> - <tr> - <td><?=get_service_status_icon($service, false, true, false, "state")?></td> - <td><?=$service['dispname']?></td> - <td><?=$service_desc[0]?></td> - <td><?=get_service_control_links($service)?></td> - </tr> + <tr> + <td><?=get_service_status_icon($service, false, true, false, "state")?></td> + <td><?=$service['dispname']?></td> + <td><?=$service_desc[0]?></td> + <td><?=get_service_control_links($service)?></td> + </tr> <?php } } else { echo "<tr><td colspan=\"3\" class=\"text-center\">" . gettext("No services found") . ". </td></tr>\n"; } ?> -</tbody> -</table> - + </tbody> + </table> +</div> <!-- close the body we're wrapped in and add a configuration-panel --> </div><div id="widget-<?=$widgetname?>_panel-footer" class="panel-footer collapse"> <form action="/widgets/widgets/services_status.widget.php" method="post" class="form-horizontal"> - <div class="form-group"> - <label class="col-sm-3 control-label"><?=gettext('Hidden services')?></label> - <div class="col-sm-6"> - <select multiple id="servicestatusfilter" name="servicestatusfilter[]" class="form-control"> - <?php + <div class="panel panel-default col-sm-10"> + <div class="panel-body"> + <div class="table responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> + <tr> + <th><?=gettext("Service")?></th> + <th><?=gettext("Show")?></th> + </tr> + </thead> + <tbody> +<?php + $skipservices = explode(",", $user_settings['widgets']['servicestatusfilter']); + $idx = 0; + foreach ($services as $service): if (!empty(trim($service['dispname'])) || is_numeric($service['dispname'])) { - ?> - <option <?=(in_array($service['dispname'], $skipservices)?'selected':'')?>><?=$service['dispname']?></option> - <?php +?> + <tr> + <td><?=$service['dispname']?></td> + <td class="col-sm-2"><input id="show[]" name ="show[]" value="<?=$service['dispname']?>" type="checkbox" <?=(!in_array($service['dispname'], $skipservices) ? 'checked':'')?>></td> + </tr> +<?php } endforeach; - ?> - </select> +?> + </tbody> + </table> + </div> </div> </div> <div class="form-group"> <div class="col-sm-offset-3 col-sm-6"> <button type="submit" class="btn btn-primary"><i class="fa fa-save icon-embed-btn"></i><?=gettext('Save')?></button> - <button id="clearall" type="button" class="btn btn-info"><i class="fa fa-undo icon-embed-btn"></i><?=gettext('Clear')?></button> + <button id="showallservices" type="button" class="btn btn-info"><i class="fa fa-undo icon-embed-btn"></i><?=gettext('All')?></button> </div> </div> </form> <script> //<![CDATA[ -events.push(function(){ - $("select[multiple] option").mousedown(function(){ - var $self = $(this); + events.push(function(){ + $("#showallservices").click(function() { + $("[id^=show]").each(function() { + $(this).prop("checked", true); + }); + }); - if ($self.prop("selected")) - $self.prop("selected", false); - else - $self.prop("selected", true); - - return false; }); - - $("#clearall").click(function() { - $('select#servicestatusfilter option').removeAttr("selected"); - }); -}); //]]> </script> |