diff options
| -rw-r--r-- | etc/inc/auth.inc | 4 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 2 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 2 | ||||
| -rw-r--r-- | etc/inc/service-utils.inc | 4 | ||||
| -rw-r--r-- | etc/inc/services.inc | 19 | ||||
| -rw-r--r-- | etc/inc/util.inc | 2 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 5 | ||||
| -rw-r--r-- | usr/local/pkg/miniupnpd.inc | 77 | ||||
| -rwxr-xr-x | usr/local/www/head.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces_bridge_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces_gif_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces_gre_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces_lagg_edit.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/interfaces_vlan_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces_wireless_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 19 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_firewall.php | 22 |
17 files changed, 82 insertions, 88 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 805ea44..159e791 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1216,7 +1216,9 @@ function session_auth() { $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); - log_auth("Successful webConfigurator login for user '{$_POST['usernamefld']}' from {$_SERVER['REMOTE_ADDR']}"); + if(! isset($config['system']['webgui']['quietlogin'])) { + log_auth("Successful webConfigurator login for user '{$_POST['usernamefld']}' from {$_SERVER['REMOTE_ADDR']}"); + } $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; if (isset($_POST['postafterlogin'])) return true; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a51c36e..01cdfc7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -124,7 +124,7 @@ function filter_pflog_start() { } mute_kernel_msgs(); $output = 0; - exec("/bin/pgrep -f 'tcpdump -s 256 -v -l -n -e -ttt -i pflog0'", $output, $retval); + exec("/bin/pgrep -af 'tcpdump -s 256 -v -l -n -e -ttt -i pflog0'", $output, $retval); if($retval != 0) mwexec_bg("/usr/sbin/tcpdump -s 256 -v -l -n -e -ttt -i pflog0 | logger -t pf -p local0.info"); unmute_kernel_msgs(); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index d32423d..be86bac 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2492,7 +2492,7 @@ function kill_wpasupplicant($interface) { function find_dhclient_process($interface) { if ($interface) - $pid = `/bin/pgrep -xf "dhclient: {$interface}"`; + $pid = `/bin/pgrep -axf "dhclient: {$interface}"`; else $pid = 0; diff --git a/etc/inc/service-utils.inc b/etc/inc/service-utils.inc index 3588953..895eb57 100644 --- a/etc/inc/service-utils.inc +++ b/etc/inc/service-utils.inc @@ -34,7 +34,7 @@ */ /* - pfSense_BUILDER_BINARIES: /bin/pkill /bin/pgrep /bin/sh /usr/bin/killall + pfSense_BUILDER_BINARIES: /bin/pgrep /bin/sh /usr/bin/killall pfSense_MODULE: utils */ @@ -207,4 +207,4 @@ function is_service_running($service, $ps = "") { return false; } -?>
\ No newline at end of file +?> diff --git a/etc/inc/services.inc b/etc/inc/services.inc index d40accb..1afc23a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -32,7 +32,7 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy + pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/pgrep /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/sbin/arp /sbin/ifconfig /usr/local/sbin/dnsmasq pfSense_BUILDER_BINARIES: /usr/sbin/bsnmpd /sbin/route /usr/local/sbin/olsrd pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd /usr/sbin/rtadvd @@ -1644,7 +1644,7 @@ function upnp_action ($action) { mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf'); break; case "stop": - while((int)exec("pgrep miniupnpd | wc -l") > 0) + while((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0) mwexec('killall miniupnpd 2>/dev/null', true); mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null'); mwexec('/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null'); @@ -1657,21 +1657,16 @@ function upnp_action ($action) { } function upnp_start() { - global $config, $g; + global $config; if(!isset($config['installedpackages']['miniupnpd']['config'])) return; if($config['installedpackages']['miniupnpd']['config'][0]['enable']) { - if($g['booting']) { - echo "Starting UPnP service... "; - require_once('/usr/local/pkg/miniupnpd.inc'); - sync_package_miniupnpd(); - echo "done.\n"; - } - else { - upnp_action('start'); - } + echo "Starting UPnP service... "; + require_once('/usr/local/pkg/miniupnpd.inc'); + sync_package_miniupnpd(); + echo "done.\n"; } } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 370f891..ced3085 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -50,7 +50,7 @@ function isvalidpid($pid) { function is_process_running($process) { $output = ""; - exec("/bin/pgrep -x {$process}", $output, $retval); + exec("/bin/pgrep -ax {$process}", $output, $retval); return (intval($retval) == 0); } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 624098d..2e72a6d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -164,7 +164,10 @@ function vpn_ipsec_configure($ipchg = false) if (!is_ipaddr($rg)) continue; } - + if(array_search($rg, $rgmap)) { + log_error("The remote gateway {$rg} already exists on another phase 1 entry"); + continue; + } $rgmap[$ph1ent['remote-gateway']] = $rg; /* step through each phase2 entry */ diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 2da8c93..f52214b 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -1,24 +1,25 @@ <?php + require_once("util.inc"); require_once("config.inc"); require_once("functions.inc"); require_once("shaper.inc"); /* MiniUPnPd */ - function upnp_notice ($msg) { syslog(LOG_NOTICE, "miniupnpd: {$msg}"); } - function upnp_warn ($msg) { syslog(LOG_WARNING, "miniupnpd: {$msg}"); } + function upnp_notice ($msg) { log_error("miniupnpd: {$msg}"); } + function upnp_warn ($msg) { log_error("miniupnpd: {$msg}"); } function upnp_running () { - if((int)exec('pgrep miniupnpd | wc -l') > 0) + if((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) return true; return false; - } + } function upnp_write_config($file, $text) { $handle = fopen($file, 'w'); if(!$handle) { upnp_warn("Could not open {$file} for writing."); - exit; + return; } fwrite($handle, $text); fclose($handle); @@ -26,7 +27,7 @@ function upnp_uuid() { /* md5 hash of wan mac */ - $uuid = md5(exec('arp -an -i '.get_real_interface().' | /usr/bin/cut -d " " -f4')); + $uuid = md5(get_interface_mac(get_real_interface("wan"))); /* put uuid in correct format 8-4-4-4-12 */ return substr($uuid,0,8).'-'.substr($uuid,9,4).'-'.substr($uuid,13,4).'-'.substr($uuid,17,4).'-'.substr($uuid,21,12); } @@ -42,7 +43,8 @@ } function upnp_validate_ip($ip, $check_cdir) { - /* validate cdir */ + /* validate cidr */ + $ip_array = array(); if($check_cdir) { $ip_array = explode('/', $ip); if(count($ip_array) == 2) { @@ -55,11 +57,8 @@ $ip_array[] = $ip; /* validate ip */ - if(!eregi('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', $ip_array[0])) + if (!is_ipaddr($ip_array[0])) return false; - foreach(explode('.', $ip_array[0]) as $sub) - if($sub < 0 || $sub > 256) - return false; return true; } @@ -73,15 +72,6 @@ function before_form_miniupnpd($pkg) { global $config; - /* if shaper connection speed defined hide fields */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $i=0; - foreach ($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'download' || $field['fieldname'] == 'upload') - unset($pkg['fields']['field'][$i]); - $i++; - } - } } function validate_form_miniupnpd($post, $input_errors) { @@ -138,49 +128,38 @@ $ifaces_active = ''; /* since config is written before this file invoked we don't need to read post data */ - if($upnp_config['enable'] && $upnp_config['iface_array']) + if($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { $iface_array = explode(',', $upnp_config['iface_array']); - if($iface_array) { foreach($iface_array as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ if($if!=$iface) { $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on miniupnpd settings page */ /* check that the interface has an ip address before adding parameters */ - if($addr) { + if (is_ipaddr($addr)) { $config_text .= "listening_ip={$addr}\n"; if(!$ifaces_active) { $webgui_ip = $addr; $ifaces_active = $iface; - } else { + } else $ifaces_active .= ", {$iface}"; - } - } else { + } else upnp_warn("Interface {$iface} has no ip address, ignoring"); - } - } else { + } else upnp_warn("Could not resolve real interface for {$iface}"); - } } - if($ifaces_active) { + if (!empty($ifaces_active)) { /* override wan ip address, common for carp, etc */ if($upnp_config['overridewanip']) $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; - /* if shaper connection speed defined use those values */ - if($config['ezshaper']['step2']['download'] && $config['ezshaper']['step2']['upload']) { - $download = $config['ezshaper']['step2']['download']*1000; - $upload = $config['ezshaper']['step2']['upload']*1000; - } else { - $download = $upnp_config['download']*1000; - $upload = $upnp_config['upload']*1000; - } + $download = $upnp_config['download']*1000; + $upload = $upnp_config['upload']*1000; /* set upload and download bitrates */ - if($download && $upload) { + if(!empty($download) && !empty($upload)) { $config_text .= "bitrate_down={$download}\n"; $config_text .= "bitrate_up={$upload}\n"; } @@ -194,9 +173,9 @@ $config_text .= "system_uptime=yes\n"; /* set webgui url */ - if($config['system']['webgui']['protocol']) { + if(!empty($config['system']['webgui']['protocol'])) { $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; - if($config['system']['webgui']['port']) + if(!empty($config['system']['webgui']['port'])) $config_text .= ":{$config['system']['webgui']['port']}"; $config_text .= "/\n"; } @@ -206,7 +185,7 @@ $config_text .= "serial=".strtoupper(substr(upnp_uuid(),0,8))."\n"; /* set model number */ - $config_text .= "model_number=".exec("/bin/cat /etc/version")."\n"; + $config_text .= "model_number=".file_get_contents("/etc/version")."\n"; /* upnp access restrictions */ for($i=1; $i<=4; $i++) { @@ -238,25 +217,23 @@ upnp_action('start'); } /* or restart miniupnpd if settings were changed */ - elseif($_POST['iface_array']) { + else { upnp_notice("Restarting service on interface: {$ifaces_active}"); upnp_action('restart'); } } - } - - if(!$iface_array || !$ifaces_active) { - /* no parameters user does not want miniupnpd running */ + } else { + /* user does not want miniupnpd running */ /* lets stop the service and remove the rc file */ - if(file_exists($config_file)) { + if (file_exists($config_file)) { if(!$upnp_config['enable']) upnp_notice('Stopping service: miniupnpd disabled'); else upnp_notice('Stopping service: no interfaces selected'); upnp_action('stop'); - unlink($config_file); + @unlink($config_file); } } } diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index e4a7a95..97c7111 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -62,7 +62,7 @@ $pagetitle = gentitle( $pgtitle ); * Coded by: Erik Kristensen */ - $dir = trim(basename($_SERVER["SCRIPT_FILENAME"]), '.php'); + $dir = trim(basename($_SERVER["SCRIPT_FILENAME"], '.php')); $path = "{$g['www_path']}/javascript/" . $dir . "/"; if (is_dir($path)) { if ($dh = opendir($path)) { diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index ec48bc9..91085a8 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -223,7 +223,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Bridge"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Bridge"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index 958b5c0..21496fe 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -121,7 +121,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GIF"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GIF"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index ca95369..08cd350 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -124,7 +124,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("GRE"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("GRE"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 09dbf51..dc886e3 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -115,7 +115,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("LAGG"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("LAGG"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index ea43508..145fe0a 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -128,7 +128,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("VLAN"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("VLAN"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/interfaces_wireless_edit.php b/usr/local/www/interfaces_wireless_edit.php index 686345d..ae56add 100644 --- a/usr/local/www/interfaces_wireless_edit.php +++ b/usr/local/www/interfaces_wireless_edit.php @@ -142,7 +142,7 @@ if ($_POST) { } } -$pgtitle = array(gettext("Firewall"),gettext("Wireless"),gettext("Edit")); +$pgtitle = array(gettext("Interfaces"),gettext("Wireless"),gettext("Edit")); include("head.inc"); ?> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 7b4b8e3..e23ceb0 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -62,6 +62,7 @@ $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; $pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']); +$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']); $a_cert =& $config['cert']; @@ -117,6 +118,11 @@ if ($_POST) { unset($config['system']['webgui']['disablehttpredirect']); $restart_webgui = true; } + if ($_POST['quietlogin'] == "yes") { + $config['system']['webgui']['quietlogin'] = true; + } else { + unset($config['system']['webgui']['quietlogin']); + } if($_POST['disableconsolemenu'] == "yes") { $config['system']['disableconsolemenu'] = true; @@ -315,13 +321,24 @@ function prot_change() { <input name="disablehttpredirect" type="checkbox" id="disablehttpredirect" value="yes" <?php if ($pconfig['disablehttpredirect']) echo "checked"; ?> /> <strong><?=gettext("Disable webConfigurator redirect rule"); ?></strong> <br/> - <?php gettext("When this is unchecked, access to the webConfigurator " . + <?php echo gettext("When this is unchecked, access to the webConfigurator " . "is always permitted even on port 80, regardless of the listening port configured." . "Check this box to disable this automatically added redirect rule. "); ?> </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("WebGUI login messages"); ?></td> + <td width="78%" class="vtable"> + <input name="quietlogin" type="checkbox" id="quietlogin" value="yes" <?php if ($pconfig['quietlogin']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator successful logins"); ?></strong> + <br/> + <?php echo gettext("When this is checked, successful logins to the webConfigurator " . + "will not be logged."); + ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Anti-lockout"); ?></td> <td width="78%" class="vtable"> <?php diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 34bf11d..8165922 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -331,6 +331,17 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Disable reply-to</td> + <td width="78%" class="vtable"> + <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> + <strong><?=gettext("Disable reply-to on WAN rules");?></strong> + <br /> + <?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " . + "When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?> + <br /> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <?php if(count($config['interfaces']) > 1): ?> @@ -367,17 +378,6 @@ function update_description(itemnum) { <?=gettext("Currently only applies to 1:1 NAT rules. Required for full functionality of NAT Reflection for 1:1 NAT.");?> </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell">Disable reply-to</td> - <td width="78%" class="vtable"> - <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> - <strong><?=gettext("Disable reply-to on WAN rules");?></strong> - <br /> - <?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default." . - "When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?> - <br /> - </td> - </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td> <td width="78%" class="vtable"> |
