diff options
Diffstat (limited to 'etc/inc')
31 files changed, 1588 insertions, 369 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 60912f7..c619004 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -130,6 +130,10 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' break; } } + if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { + // allow SSH port forwarded connections and links from localhost + $found_host = true; + } } } if($found_host == false) { diff --git a/etc/inc/basic_sasl_client.inc b/etc/inc/basic_sasl_client.inc new file mode 100644 index 0000000..b2972b5 --- /dev/null +++ b/etc/inc/basic_sasl_client.inc @@ -0,0 +1,61 @@ +<?php +/* + * basic_sasl_client.php + * + * @(#) $Id: basic_sasl_client.php,v 1.1 2004/11/17 08:01:23 mlemos Exp $ + * + */ + +define("SASL_BASIC_STATE_START", 0); +define("SASL_BASIC_STATE_DONE", 1); + +class basic_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_BASIC_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_BASIC_STATE_START) + { + $client->error="Basic authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array( + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + $message=$this->credentials["user"].":".$this->credentials["password"]; + $this->state=SASL_BASIC_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_BASIC_STATE_DONE: + $client->error="Basic authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid Basic authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index e36a626..84c98b2 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -206,7 +206,7 @@ EOD; function captiveportal_configure() { global $config, $g; - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportal', LOCK_EX); if (isset($config['captiveportal']['enable'])) { @@ -233,13 +233,14 @@ function captiveportal_configure() { captiveportal_init_rules(true); /* stop accounting on all clients */ - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); /* initialize minicron interval value */ $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } + if ((!is_numeric($croninterval)) || ($croninterval < 10)) + $croninterval = 60; /* write portal page */ if ($config['captiveportal']['page']['htmltext']) @@ -414,41 +415,7 @@ EOD; "/etc/rc.prunecaptiveportal"); /* generate radius server database */ - if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || - ($config['captiveportal']['auth_method'] == "radius"))) { - $radiusip = $config['captiveportal']['radiusip']; - $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; - - if ($config['captiveportal']['radiusport']) - $radiusport = $config['captiveportal']['radiusport']; - else - $radiusport = 1812; - - if ($config['captiveportal']['radiusacctport']) - $radiusacctport = $config['captiveportal']['radiusacctport']; - else - $radiusacctport = 1813; - - if ($config['captiveportal']['radiusport2']) - $radiusport2 = $config['captiveportal']['radiusport2']; - else - $radiusport2 = 1812; - - $radiuskey = $config['captiveportal']['radiuskey']; - $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; - - $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); - if (!$fd) { - printf("Error: cannot open radius DB file in captiveportal_configure().\n"); - return 1; - } else if (isset($radiusip2, $radiuskey2)) { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" - . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); - } else { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); - } - fclose($fd); - } + captiveportal_init_radius_servers(); if ($g['booting']) echo "done\n"; @@ -457,7 +424,7 @@ EOD; killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/minicron.pid"); - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); mwexec("/sbin/sysctl net.link.ether.ipfw=0"); @@ -706,32 +673,31 @@ EOD; return $cprules; } -/* remove clients that have been around for longer than the specified amount of time */ -/* db file structure: -timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time */ - -/* (password is in Base64 and only saved when reauthentication is enabled) */ +/* remove clients that have been around for longer than the specified amount of time + * db file structure: + * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time + * (password is in Base64 and only saved when reauthentication is enabled) + */ function captiveportal_prune_old() { - global $g, $config; /* check for expired entries */ - if ($config['captiveportal']['timeout']) - $timeout = $config['captiveportal']['timeout'] * 60; - else + if (empty($config['captiveportal']['timeout']) || + !is_numeric($config['captiveportal']['timeout'])) $timeout = 0; - - if ($config['captiveportal']['idletimeout']) - $idletimeout = $config['captiveportal']['idletimeout'] * 60; else + $timeout = $config['captiveportal']['timeout'] * 60; + + if (empty($config['captiveportal']['idletimeout']) || + !is_numeric($config['captiveportal']['idletimeout'])) $idletimeout = 0; + else + $idletimeout = $config['captiveportal']['idletimeout'] * 60; if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) && - !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) + !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; - $captiveportallck = lock('captiveportal'); - /* read database */ $cpdb = captiveportal_read_db(); @@ -766,19 +732,19 @@ function captiveportal_prune_old() { } /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ - $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; + $uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ - if (!$timedout && $idletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][2]); - /* If the user has logged on but not sent any traffic they will never be logged out. - * We "fix" this by setting lastact to the login timestamp. - */ - $lastact = $lastact ? $lastact : $cpdb[$i][0]; - if ($lastact && ((time() - $lastact) >= $idletimeout)) { - $timedout = true; - $term_cause = 4; // Idle-Timeout - $stop_time = $lastact; // Entry added to comply with WISPr - } + if (!$timedout && $uidletimeout) { + $lastact = captiveportal_get_last_activity($cpdb[$i][2]); + /* If the user has logged on but not sent any traffic they will never be logged out. + * We "fix" this by setting lastact to the login timestamp. + */ + $lastact = $lastact ? $lastact : $cpdb[$i][0]; + if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + $timedout = true; + $term_cause = 4; // Idle-Timeout + $stop_time = $lastact; // Entry added to comply with WISPr + } } /* if vouchers are configured, activate session timeouts */ @@ -804,9 +770,7 @@ function captiveportal_prune_old() { } /* do periodic RADIUS reauthentication? */ - if (!$timedout && isset($config['captiveportal']['reauthenticate']) && - !empty($radiusservers)) { - + if (!$timedout && !empty($radiusservers)) { if (isset($config['captiveportal']['radacct_enable'])) { if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { /* stop and restart accounting */ @@ -840,18 +804,20 @@ function captiveportal_prune_old() { } /* check this user against RADIUS again */ - $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username - base64_decode($cpdb[$i][6]), // password + if (isset($config['captiveportal']['reauthenticate'])) { + $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username + base64_decode($cpdb[$i][6]), // password $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac $cpdb[$i][1]); // ruleno - if ($auth_list['auth_val'] == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers, 17); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[$i] = $i; - } + if ($auth_list['auth_val'] == 3) { + captiveportal_disconnect($cpdb[$i], $radiusservers, 17); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); + $unsetindexes[$i] = $i; + } + } } } /* This is a kludge to overcome some php weirdness */ @@ -860,13 +826,10 @@ function captiveportal_prune_old() { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* remove a single client according to the DB entry */ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { - global $g, $config; $stop_time = (empty($stop_time)) ? time() : $stop_time; @@ -874,15 +837,15 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* this client needs to be deleted - remove ipfw rules */ if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno - $dbent[4], // username - $dbent[5], // sessionid - $dbent[0], // start time - $radiusservers, - $dbent[2], // clientip - $dbent[3], // clientmac - $term_cause, // Acct-Terminate-Cause - false, - $stop_time); + $dbent[4], // username + $dbent[5], // sessionid + $dbent[0], // start time + $radiusservers, + $dbent[2], // clientip + $dbent[3], // clientmac + $term_cause, // Acct-Terminate-Cause + false, + $stop_time); } /* Delete client's ip entry from tables 3 and 4. */ mwexec("/sbin/ipfw table 1 delete {$dbent[2]}"); @@ -908,22 +871,17 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* remove a single client by ipfw rule number */ function captiveportal_disconnect_client($id,$term_cause = 1) { - global $g, $config; - $captiveportallck = lock('captiveportal'); - /* read database */ $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); /* find entry */ - $tmpindex = 0; - $cpdbcount = count($cpdb); - for ($i = 0; $i < $cpdbcount; $i++) { - if ($cpdb[$i][1] == $id) { - captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); + foreach ($cpdb as $i => $cpentry) { + if ($cpentry[1] == $id) { + captiveportal_disconnect($cpentry, $radiusservers, $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); unset($cpdb[$i]); break; } @@ -931,37 +889,29 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all($lock = false) { - global $g, $config; +function captiveportal_radius_stop_all() { + global $config; if (!isset($config['captiveportal']['radacct_enable'])) return; - if (!$lock) - $captiveportallck = lock('captiveportal'); - - $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); if (!empty($radiusservers)) { - for ($i = 0; $i < count($cpdb); $i++) { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - 7); // Admin Reboot + $cpdb = captiveportal_read_db(); + foreach ($cpdb as $cpentry) { + RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid + $cpentry[0], // start time + $radiusservers, + $cpentry[2], // clientip + $cpentry[3], // clientmac + 7); // Admin Reboot } } - if (!$lock) - unlock($captiveportallck); } function captiveportal_passthrumac_configure_entry($macent) { @@ -1123,11 +1073,51 @@ function captiveportal_get_last_activity($ip) { return 0; } +function captiveportal_init_radius_servers() { + global $config, $g; + + /* generate radius server database */ + if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || + ($config['captiveportal']['auth_method'] == "radius"))) { + $radiusip = $config['captiveportal']['radiusip']; + $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; + + if ($config['captiveportal']['radiusport']) + $radiusport = $config['captiveportal']['radiusport']; + else + $radiusport = 1812; + if ($config['captiveportal']['radiusacctport']) + $radiusacctport = $config['captiveportal']['radiusacctport']; + else + $radiusacctport = 1813; + if ($config['captiveportal']['radiusport2']) + $radiusport2 = $config['captiveportal']['radiusport2']; + else + $radiusport2 = 1812; + $radiuskey = $config['captiveportal']['radiuskey']; + $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; + + $cprdsrvlck = lock('captiveportalradius', LOCK_EX); + $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); + if (!$fd) { + captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n"); + unlock($cprdsrvlck); + return 1; + } else if (isset($radiusip2, $radiuskey2)) + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" + . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); + else + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); + fclose($fd); + unlock($cprdsrvlck); + } +} + /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - global $g; + $cprdsrvlck = lock('captiveportalradius'); if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { $radiusservers = array(); $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", @@ -1142,23 +1132,25 @@ function captiveportal_get_radius_servers() { } } + unlock($cprdsrvlck); return $radiusservers; } + unlock($cprdsrvlck); return false; } /* log successful captive portal authentication to syslog */ /* part of this code from php.net */ function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { - $message = trim($message); // Log it if (!$message) $message = "$status: $user, $mac, $ip"; - else + else { + $message = trim($message); $message = "$status: $user, $mac, $ip, $message"; + } captiveportal_syslog($message); - closelog(); } /* log simple messages to syslog */ @@ -1174,9 +1166,6 @@ function captiveportal_syslog($message) { function radius($username,$password,$clientip,$clientmac,$type) { global $g, $config; - /* Start locking from the beginning of an authentication session */ - $captiveportallck = lock('captiveportal'); - $ruleno = captiveportal_get_next_ipfw_ruleno(); /* If the pool is empty, return appropriate message and fail authentication */ @@ -1184,16 +1173,9 @@ function radius($username,$password,$clientip,$clientmac,$type) { $auth_list = array(); $auth_list['auth_val'] = 1; $auth_list['error'] = "System reached maximum login capacity"; - unlock($captiveportallck); return $auth_list; } - /* - * Drop the lock since radius takes some time to finish. - * The implementation is reentrant so we gain speed with this. - */ - unlock($captiveportallck); - $radiusservers = captiveportal_get_radius_servers(); $auth_list = RADIUS_AUTHENTICATION($username, @@ -1203,8 +1185,6 @@ function radius($username,$password,$clientip,$clientmac,$type) { $clientmac, $ruleno); - $captiveportallck = lock('captiveportal'); - if ($auth_list['auth_val'] == 2) { captiveportal_logportalauth($username,$clientmac,$clientip,$type); $sessionid = portal_allow($clientip, @@ -1215,18 +1195,16 @@ function radius($username,$password,$clientip,$clientmac,$type) { $ruleno); } - unlock($captiveportallck); - return $auth_list; - } /* read captive portal DB into array */ function captiveportal_read_db() { - global $g; $cpdb = array(); + + $cpdblck = lock('captiveportaldb'); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); if ($fd) { while (!feof($fd)) { @@ -1237,21 +1215,23 @@ function captiveportal_read_db() { } fclose($fd); } + unlock($cpdblck); return $cpdb; } /* write captive portal DB */ function captiveportal_write_db($cpdb) { - global $g; - + + $cpdblck = lock('captiveportaldb', LOCK_EX); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { + if ($fd) { foreach ($cpdb as $cpent) { fwrite($fd, join(",", $cpent) . "\n"); - } + } fclose($fd); - } + } + unlock($cpdblck); } function captiveportal_write_elements() { @@ -1308,6 +1288,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); $ruleno = 0; if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); @@ -1334,6 +1315,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang $ruleno = 2; } file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); + unlock($cpruleslck); return $ruleno; } @@ -1343,6 +1325,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $rules[$ruleno] = false; @@ -1350,6 +1333,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { $rules[++$ruleno] = false; file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); } + unlock($cpruleslck); } function captiveportal_get_ipfw_passthru_ruleno($value) { @@ -1358,13 +1342,17 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); - if ($rules[$ruleno]) + if ($rules[$ruleno]) { + unlock($cpruleslck); return $ruleno; + } } + unlock($cpruleslck); return NULL; } diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index e82baba..7d19045 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -286,6 +286,7 @@ function csr_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { if (!strlen($subject)) $subject = "{$a}={$v}"; @@ -307,13 +308,15 @@ function cert_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { - if (is_array($v)) + if (is_array($v)) { + ksort($v); foreach ($v as $w) { $asubject = "{$a}={$w}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } - else { + } else { $asubject = "{$a}={$v}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } @@ -561,4 +564,4 @@ function is_crl_internal($crl) { return !(!empty($crl['text']) && empty($crl['cert'])); } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 1514926..9005b79 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -319,6 +319,8 @@ EOD; if (in_array($key, array('y', 'Y'))) { if($lanif) { + if (!is_array($config['interfaces']['lan'])) + $config['interfaces']['lan'] = array(); $config['interfaces']['lan']['if'] = $lanif; $config['interfaces']['lan']['enable'] = true; } elseif (!$g['booting'] && !$auto_assign) { @@ -332,7 +334,7 @@ unload the interface now? [y|n]? EODD; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - if($config['interfaces']['lan']['if']) + if(isset($config['interfaces']['lan']) && $config['interfaces']['lan']['if']) mwexec("/sbin/ifconfig " . $config['interfaces']['lan']['if'] . " delete"); } if(isset($config['interfaces']['lan'])) @@ -372,9 +374,12 @@ EODD; (!is_array($config['interfaces']['lan']['wireless']))) $config['interfaces']['lan']['wireless'] = array(); } else { - unset($config['interfaces']['lan']['wireless']); + if (isset($config['interfaces']['lan'])) + unset($config['interfaces']['lan']['wireless']); } + if (!is_array($config['interfaces']['wan'])) + $config['interfaces']['wan'] = array(); $config['interfaces']['wan']['if'] = $wanif; $config['interfaces']['wan']['enable'] = true; if (preg_match($g['wireless_regex'], $wanif)) { @@ -382,7 +387,8 @@ EODD; (!is_array($config['interfaces']['wan']['wireless']))) $config['interfaces']['wan']['wireless'] = array(); } else { - unset($config['interfaces']['wan']['wireless']); + if (isset($config['interfaces']['wan'])) + unset($config['interfaces']['wan']['wireless']); } for ($i = 0; $i < count($optif); $i++) { @@ -420,12 +426,6 @@ EODD; $g['booting'] = false; - /* XXX: ermal - disable it for now this is used during bootup at best so shouldn't be needed. - * For now just comment it out and later remove it completely. - * resync everything - reload_all_sync(); - */ - echo " done!\n"; touch("{$g['tmp_path']}/assign_complete"); @@ -535,4 +535,4 @@ EOD; } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index ae7e445..922d01d 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -53,30 +53,33 @@ ******/ function encrypted_configxml() { global $g, $config; - if(file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) { - $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); - if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { - $fp = fopen('php://stdin', 'r'); + + if (!file_exists($g['conf_path'] . "/config.xml")) + return; + + if (!$g['booting']) + return; + + $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); + if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { + $fp = fopen('php://stdin', 'r'); + $data = ""; + echo "\n\n*** Encrypted config.xml detected ***\n"; + while($data == "") { + echo "\nEnter the password to decrypt config.xml: "; + $decrypt_password = chop(fgets($fp)); + $data = decrypt_data($configtxt, $decrypt_password); + if(!strstr($data, "<pfsense>")) $data = ""; - echo "\n\n*** Encrypted config.xml detected ***\n"; - while($data == "") { - echo "\nEnter the password to decrypt config.xml: "; - $decrypt_password = chop(fgets($fp)); - $data = decrypt_data($configtxt, $decrypt_password); - if(!strstr($data, "<pfsense>")) - $data = ""; - if($data) { - $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); - fwrite($fd, $data); - fclose($fd); - exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); - echo "\nConfig.xml unlocked.\n"; - fclose($fp); - } else { - echo "\nInvalid password entered. Please try again.\n"; - } - } + if($data) { + $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); + fwrite($fd, $data); + fclose($fd); + exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); + echo "\nConfig.xml unlocked.\n"; + fclose($fp); + } else { + echo "\nInvalid password entered. Please try again.\n"; } } } @@ -92,9 +95,10 @@ function encrypted_configxml() { ******/ function parse_config($parse = false) { global $g, $config_parsed, $config_extra; - + $lockkey = lock('config'); $config_parsed = false; + if (!file_exists("{$g['conf_path']}/config.xml") || filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { @@ -106,37 +110,25 @@ function parse_config($parse = false) { die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); } } - if($g['booting']) echo "."; + + if($g['booting']) + echo "."; + // Check for encrypted config.xml encrypted_configxml(); + if(!$parse) { - if(file_exists($g['tmp_path'] . '/config.cache')) { + if (file_exists($g['tmp_path'] . '/config.cache')) { $config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache')); - if(is_null($config)) { - unlock($lockkey); - parse_config(true); - $lockkey = lock('config'); - } - } else { - if(!file_exists($g['conf_path'] . "/config.xml")) { - log_error("No config.xml found, attempting last known config restore."); - file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); - $last_backup = discover_last_backup(); - if ($last_backup) - restore_backup("/cf/conf/backup/{$last_backup}"); - else { - log_error("Could not restore config.xml."); - unlock($lockkey); - die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); - } - } - unlock($lockkey); - $config = parse_config(true); - $lockkey = lock('config'); - } - } else { + if (is_null($config)) + $parse = true; + } else + $parse = true; + } + if ($parse == true) { if(!file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) echo "."; + if($g['booting']) + echo "."; log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); $last_backup = discover_last_backup(); @@ -149,7 +141,7 @@ function parse_config($parse = false) { } } $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense')); - if($config == "-1") { + if($config == -1) { $last_backup = discover_last_backup(); if ($last_backup) restore_backup("/cf/conf/backup/{$last_backup}"); @@ -161,11 +153,15 @@ function parse_config($parse = false) { } generate_config_cache($config); } - if($g['booting']) echo "."; - alias_make_table($config); + + if($g['booting']) + echo "."; + $config_parsed = true; unlock($lockkey); + alias_make_table($config); + return $config; } @@ -226,7 +222,8 @@ function restore_backup($file) { function parse_config_bootup() { global $config, $g; - if($g['booting']) echo "."; + if($g['booting']) + echo "."; $lockkey = lock('config'); if (!file_exists("{$g['conf_path']}/config.xml")) { @@ -250,6 +247,7 @@ function parse_config_bootup() { } if(!file_exists("{$g['conf_path']}/config.xml")) { echo "XML configuration file not found. {$g['product_name']} cannot continue booting.\n"; + unlock($lockkey); mwexec("/sbin/halt"); exit; } @@ -348,6 +346,9 @@ function conf_mount_ro() { if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; + if($g['booting']) + return; + if (refcount_unreference(1000) > 0) return; @@ -484,6 +485,9 @@ function write_config($desc="Unknown", $backup = true) { if($backup) backup_config(); + if (!is_array($config['revision'])) + $config['revision'] = array(); + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ $config['revision']['time'] = time(); @@ -752,7 +756,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) { foreach($tocache as $version => $versioninfo) { if(!in_array($version, array_keys($newcache))) { unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); - if($g['booting']) print " " . $tocheck . "d"; + //if($g['booting']) print " " . $tocheck . "d"; } } $tocache = $newcache; @@ -837,4 +841,4 @@ function set_device_perms() { } } -?> +?>
\ No newline at end of file diff --git a/etc/inc/cram_md5_sasl_client.inc b/etc/inc/cram_md5_sasl_client.inc new file mode 100644 index 0000000..69bd625 --- /dev/null +++ b/etc/inc/cram_md5_sasl_client.inc @@ -0,0 +1,67 @@ +<?php +/* + * cram_md5_sasl_client.php + * + * @(#) $Id: cram_md5_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_CRAM_MD5_STATE_START", 0); +define("SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE", 1); +define("SASL_CRAM_MD5_STATE_DONE", 2); + +class cram_md5_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_CRAM_MD5_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function HMACMD5($key,$text) + { + $key=(strlen($key)<64 ? str_pad($key,64,"\0") : substr($key,0,64)); + return(md5((str_repeat("\x5c", 64)^$key).pack("H32", md5((str_repeat("\x36", 64)^$key).$text)))); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_CRAM_MD5_STATE_START) + { + $client->error="CRAM-MD5 authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE: + $message=$this->credentials["user"]." ".$this->HMACMD5($this->credentials["password"], $response); + $this->state=SASL_CRAM_MD5_STATE_DONE; + break; + case SASL_CRAM_MD5_STATE_DONE: + $client->error="CRAM-MD5 authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid CRAM-MD5 authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/digest_sasl_client.inc b/etc/inc/digest_sasl_client.inc new file mode 100644 index 0000000..924887d --- /dev/null +++ b/etc/inc/digest_sasl_client.inc @@ -0,0 +1,135 @@ +<?php +/* + * digest_sasl_client.php + * + * @(#) $Id: digest_sasl_client.php,v 1.1 2005/10/27 05:24:15 mlemos Exp $ + * + */ + +define('SASL_DIGEST_STATE_START', 0); +define('SASL_DIGEST_STATE_RESPOND_CHALLENGE', 1); +define('SASL_DIGEST_STATE_DONE', 2); + +class digest_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_DIGEST_STATE_START; + + Function unq($string) + { + return(($string[0]=='"' && $string[strlen($string)-1]=='"') ? substr($string, 1, strlen($string)-2) : $string); + } + + Function H($data) + { + return md5($data); + } + + Function KD($secret, $data) + { + return $this->H($secret.':'.$data); + } + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_DIGEST_STATE_START) + { + $client->error='Digest authentication state is not at the start'; + return(SASL_FAIL); + } + $this->credentials=array( + 'user'=>'', + 'password'=>'', + 'uri'=>'', + 'method'=>'', + 'session'=>'' + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_DIGEST_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_DIGEST_STATE_RESPOND_CHALLENGE: + $values=explode(',',$response); + $parameters=array(); + for($v=0; $v<count($values); $v++) + $parameters[strtok(trim($values[$v]), '=')]=strtok(''); + + $message='username="'.$this->credentials['user'].'"'; + if(!IsSet($parameters[$p='realm']) + && !IsSet($parameters[$p='nonce'])) + { + $client->error='Digest authentication parameter '.$p.' is missing from the server response'; + return(SASL_FAIL); + } + $message.=', realm='.$parameters['realm']; + $message.=', nonce='.$parameters['nonce']; + $message.=', uri="'.$this->credentials['uri'].'"'; + if(IsSet($parameters['algorithm'])) + { + $algorithm=$this->unq($parameters['algorithm']); + $message.=', algorithm='.$parameters['algorithm']; + } + else + $algorithm=''; + + $realm=$this->unq($parameters['realm']); + $nonce=$this->unq($parameters['nonce']); + if(IsSet($parameters['qop'])) + { + switch($qop=$this->unq($parameters['qop'])) + { + case "auth": + $cnonce=$this->credentials['session']; + break; + default: + $client->error='Digest authentication quality of protection '.$qop.' is not yet supported'; + return(SASL_FAIL); + } + } + $nc_value='00000001'; + if(IsSet($parameters['qop']) + && !strcmp($algorithm, 'MD5-sess')) + $A1=$this->H($this->credentials['user'].':'. $realm.':'. $this->credentials['password']).':'.$nonce.':'.$cnonce; + else + $A1=$this->credentials['user'].':'. $realm.':'. $this->credentials['password']; + $A2=$this->credentials['method'].':'.$this->credentials['uri']; + if(IsSet($parameters['qop'])) + $response=$this->KD($this->H($A1), $nonce.':'. $nc_value.':'. $cnonce.':'. $qop.':'. $this->H($A2)); + else + $response=$this->KD($this->H($A1), $nonce.':'. $this->H($A2)); + $message.=', response="'.$response.'"'; + if(IsSet($parameters['opaque'])) + $message.=', opaque='.$parameters['opaque']; + if(IsSet($parameters['qop'])) + $message.=', qop="'.$qop.'"'; + $message.=', nc='.$nc_value; + if(IsSet($parameters['qop'])) + $message.=', cnonce="'.$cnonce.'"'; + $client->encode_response=0; + $this->state=SASL_DIGEST_STATE_DONE; + break; + case SASL_DIGEST_STATE_DONE: + $client->error='Digest authentication was finished without success'; + return(SASL_FAIL); + default: + $client->error='invalid Digest authentication step state'; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 785c902..da8844e 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -827,10 +827,7 @@ log_error("DynDns: Current WAN IP: {$wan_ip}"); if (file_exists($this->_cacheFile)) { - if(file_exists($this->_cacheFile)) - $contents = file_get_contents($this->_cacheFile); - else - $contents = ""; + $contents = file_get_contents($this->_cacheFile); list($cacheIP,$cacheTime) = split(':', $contents); $this->_debug($cacheIP.'/'.$cacheTime); $initial = false; @@ -933,4 +930,4 @@ } -?>
\ No newline at end of file +?> diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 0679060..c62f76b 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -166,7 +166,7 @@ function easyrule_block_alias_add($host, $int = 'wan') { /* Create a new alias with all the proper information */ $alias['name'] = $blockaliasname . strtoupper($int); $alias['type'] = 'network'; - $alias['descr'] = mb_convert_encoding("Hosts blocked from Firewall Log view","HTML-ENTITIES","auto"); + $alias['descr'] = "Hosts blocked from Firewall Log view"; $alias['address'] = $host . '/32'; $alias['detail'] = 'Entry added ' . date('r') . '||'; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6aaaeeb..72435de 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1091,13 +1091,18 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ } /* Generate a 'nat on' or 'no nat on' rule for given interface */ -function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "") { +function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "") { global $config, $FilterIflist; /* XXX: billm - any idea if this code is needed? */ if($src == "/32" || $src{0} == "/") return "# src incorrectly specified\n"; if($natip != "") { - $tgt = "{$natip}/32"; + if (is_subnet($natip)) + $tgt = $natip; + elseif (is_alias($natip)) + $tgt = "\${$natip}"; + else + $tgt = "{$natip}/32"; } else { $natip = get_interface_ip($if); if(is_ipaddr($natip)) @@ -1129,18 +1134,17 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if($dstport != "") $dst .= " port {$dstport}"; /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */ + $staticnatport_txt = ""; if($staticnatport) - $staticnatport_txt = " static-port"; - else - if(!$natport) - $staticnatport_txt = " port 1024:65535"; // set source port range - else - $staticnatport_txt = ""; + $staticnatport_txt = "static-port"; + elseif(!$natport) + $tgt .= " port 1024:65535"; // set source port range /* Allow for negating NAT entries */ if($nonat) { $nat = "no nat"; $target = ""; $staticnatport_txt = ""; + $poolopts = ""; } else { $nat = "nat"; $target = "-> {$tgt}"; @@ -1148,7 +1152,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $if_friendly = $FilterIflist[$if]['descr']; /* Put all the pieces together */ if($if_friendly) - $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; + $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n"; else $natrule .= "# Could not convert {$if} to friendly name(alias)\n"; return $natrule; @@ -1241,6 +1245,9 @@ function filter_nat_rules_generate() { else $natif = $obent['interface']; + $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; + $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; + if (!isset($FilterIflist[$natif])) continue; @@ -1249,11 +1256,12 @@ function filter_nat_rules_generate() { $obent['sourceport'], $dst, $obent['dstport'], - $obent['target'], + $obtarget, $obent['natport'], isset($obent['nonat']), isset($obent['staticnatport']), - $obent['protocol'] + $obent['protocol'], + $poolopts ); } } @@ -1540,7 +1548,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 52)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; @@ -2138,7 +2146,7 @@ EOD; $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); $ipfrules .= "pass in {$log} quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; + $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any to any flags any keep state(sloppy)\n"; } } diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index ba97ba0..c19a849 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -3,7 +3,7 @@ /* globals.inc part of pfSense (www.pfsense.com) - Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich Originally Part of m0n0wall Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. @@ -89,7 +89,7 @@ $g = array( "disablehelpmenu" => false, "disablehelpicon" => false, "debug" => false, - "latest_config" => "7.5", + "latest_config" => "7.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "105", "minimum_ram_warning_text" => "128 MB", @@ -110,10 +110,7 @@ $g = array( // Loop through and set vlan_long_frame VLAN_MTU $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); -if(count($vlan_native_supp) > 0) - $g['vlan_long_frame'] = $vlan_native_supp; -else - $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); +$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), (array)$vlan_native_supp); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); @@ -162,7 +159,9 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.log_debug" => "0", "net.inet.tcp.tso" => "1", "net.inet.icmp.icmplim" => "0", - "vfs.read_max" => "32" + "vfs.read_max" => "32", + "kern.ipc.maxsockbuf" => "4262144", + "debug.pfftpproxy" => "0" ); $config_parsed = false; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 6790d9e..c5afdfe 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -103,23 +103,37 @@ function interface_netgraph_needed($interface = "wan") { break; } } - if ($found == false && !empty($config['interfaces'][$interface])) { - switch ($config['interfaces'][$interface]['ipaddr']) { - case "ppp": - case "pppoe": - case "l2tp": - case "pptp": - $found = true; - break; - default: - $found = false; - break; + if ($found == false) { + if (!empty($config['interfaces'][$interface])) { + switch ($config['interfaces'][$interface]['ipaddr']) { + case "ppp": + case "pppoe": + case "l2tp": + case "pptp": + $found = true; + break; + default: + $found = false; + break; + } + } + } + if ($found == false) { + $realif = get_real_interface($interface); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + $found = true; + break; + } + } } } - $realif = get_real_interface($interface); - if ($found == false) + if ($found == false) { + $realif = get_real_interface($interface); pfSense_ngctl_detach("{$realif}:", $realif); + } /* NOTE: We make sure for this on interface_ppps_configure() * no need to do it here agan. * else @@ -920,13 +934,15 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { - if (file_exists("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid")) { - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); - sleep(5); + if (isset($ppp['ondemand']) && !$destroy){ + send_event("interface reconfigure {$interface}"); + break; + } + if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) { + killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"); + sleep(2); } unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); - if (isset($ppp['ondemand']) && !$destroy) - send_event("interface reconfigure {$interface}"); break; } } @@ -1808,13 +1824,17 @@ function interface_carp_configure(&$vip) { /* invalidate interface cache */ get_interface_arr(true); + $advbase = ""; + if (!empty($vip['advbase'])) + $advbase = "advbase {$vip['advbase']}"; + if(is_ipaddrv4($vip['subnet'])) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$advbase} {$password}"); } if(is_ipaddrv6($vip['subnet'])) { $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} prefixlen {$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); + mwexec("/sbin/ifconfig {$vipif} inet6 {$vip['subnet']} prefixlen {$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$advbase} {$password}"); } interfaces_bring_up($vipif); @@ -2476,7 +2496,6 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven case 'l2tp': case 'pptp': case 'ppp': - interface_bring_down($interface, true); break; default: interface_bring_down($interface); diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 332f300..2653297 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -469,4 +469,21 @@ function ipsec_mobilekey_sort() { usort($config['ipsec']['mobilekey'], "mobilekeycmp"); } -?>
\ No newline at end of file +function ipsec_get_number_of_phase2($ikeid) { + global $config; + $a_phase2 = $config['ipsec']['phase2']; + + $nbph2=0; + + if (is_array($a_phase2) && count($a_phase2)) { + foreach ($a_phase2 as $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { + $nbph2++; + } + } + } + + return $nbph2; +} + +?> diff --git a/etc/inc/login_sasl_client.inc b/etc/inc/login_sasl_client.inc new file mode 100644 index 0000000..923d16e --- /dev/null +++ b/etc/inc/login_sasl_client.inc @@ -0,0 +1,69 @@ +<?php +/* + * login_sasl_client.php + * + * @(#) $Id: login_sasl_client.php,v 1.2 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_LOGIN_STATE_START", 0); +define("SASL_LOGIN_STATE_IDENTIFY_USER", 1); +define("SASL_LOGIN_STATE_IDENTIFY_PASSWORD", 2); +define("SASL_LOGIN_STATE_DONE", 3); + +class login_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_LOGIN_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_LOGIN_STATE_START) + { + $client->error="LOGIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"" + ); + $defaults=array( + "realm"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_LOGIN_STATE_IDENTIFY_USER; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_LOGIN_STATE_IDENTIFY_USER: + $message=$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : ""); + $this->state=SASL_LOGIN_STATE_IDENTIFY_PASSWORD; + break; + case SASL_LOGIN_STATE_IDENTIFY_PASSWORD: + $message=$this->credentials["password"]; + $this->state=SASL_LOGIN_STATE_DONE; + break; + case SASL_LOGIN_STATE_DONE: + $client->error="LOGIN authentication was finished without success"; + break; + default: + $client->error="invalid LOGIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index 34cbd82..0cbf5fd 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -283,6 +283,7 @@ function notify_via_smtp($message) { return; } + require_once("sasl.inc"); require_once("smtp.inc"); $smtp = new smtp_class; @@ -306,7 +307,7 @@ function notify_via_smtp($message) { if($config['notifications']['smtp']['username'] && $config['notifications']['smtp']['password']) { $smtp->authentication_mechanism = "PLAIN"; - $smtp->username = $config['notifications']['smtp']['username']; + $smtp->user = $config['notifications']['smtp']['username']; $smtp->password = $config['notifications']['smtp']['password']; } @@ -379,4 +380,4 @@ function register_via_growl() { } } -?>
\ No newline at end of file +?> diff --git a/etc/inc/ntlm_sasl_client.inc b/etc/inc/ntlm_sasl_client.inc new file mode 100644 index 0000000..406edf2 --- /dev/null +++ b/etc/inc/ntlm_sasl_client.inc @@ -0,0 +1,180 @@ +<?php +/* + * ntlm_sasl_client.php + * + * @(#) $Id: ntlm_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_NTLM_STATE_START", 0); +define("SASL_NTLM_STATE_IDENTIFY_DOMAIN", 1); +define("SASL_NTLM_STATE_RESPOND_CHALLENGE", 2); +define("SASL_NTLM_STATE_DONE", 3); + +class ntlm_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_NTLM_STATE_START; + + Function Initialize(&$client) + { + if(!function_exists($function="mcrypt_encrypt") + || !function_exists($function="mhash")) + { + $extensions=array( + "mcrypt_encrypt"=>"mcrypt", + "mhash"=>"mhash" + ); + $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; + return(0); + } + return(1); + } + + Function ASCIIToUnicode($ascii) + { + for($unicode="",$a=0;$a<strlen($ascii);$a++) + $unicode.=substr($ascii,$a,1).chr(0); + return($unicode); + } + + Function TypeMsg1($domain,$workstation) + { + $domain_length=strlen($domain); + $workstation_length=strlen($workstation); + $workstation_offset=32; + $domain_offset=$workstation_offset+$workstation_length; + return( + "NTLMSSP\0". + "\x01\x00\x00\x00". + "\x07\x32\x00\x00". + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + $workstation. + $domain + ); + } + + Function NTLMResponse($challenge,$password) + { + $unicode=$this->ASCIIToUnicode($password); + $md4=mhash(MHASH_MD4,$unicode); + $padded=$md4.str_repeat(chr(0),21-strlen($md4)); + $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); + $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); + for($response="",$third=0;$third<21;$third+=7) + { + for($packed="",$p=$third;$p<$third+7;$p++) + $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); + for($key="",$p=0;$p<strlen($packed);$p+=7) + { + $s=substr($packed,$p,7); + $b=$s.((substr_count($s,"1") % 2) ? "0" : "1"); + $key.=chr(bindec($b)); + } + $ciphertext=mcrypt_encrypt(MCRYPT_DES,$key,$challenge,MCRYPT_MODE_ECB,$iv); + $response.=$ciphertext; + } + return $response; + } + + Function TypeMsg3($ntlm_response,$user,$domain,$workstation) + { + $domain_unicode=$this->ASCIIToUnicode($domain); + $domain_length=strlen($domain_unicode); + $domain_offset=64; + $user_unicode=$this->ASCIIToUnicode($user); + $user_length=strlen($user_unicode); + $user_offset=$domain_offset+$domain_length; + $workstation_unicode=$this->ASCIIToUnicode($workstation); + $workstation_length=strlen($workstation_unicode); + $workstation_offset=$user_offset+$user_length; + $lm=""; + $lm_length=strlen($lm); + $lm_offset=$workstation_offset+$workstation_length; + $ntlm=$ntlm_response; + $ntlm_length=strlen($ntlm); + $ntlm_offset=$lm_offset+$lm_length; + $session=""; + $session_length=strlen($session); + $session_offset=$ntlm_offset+$ntlm_length; + return( + "NTLMSSP\0". + "\x03\x00\x00\x00". + pack("v",$lm_length). + pack("v",$lm_length). + pack("V",$lm_offset). + pack("v",$ntlm_length). + pack("v",$ntlm_length). + pack("V",$ntlm_offset). + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$user_length). + pack("v",$user_length). + pack("V",$user_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + pack("v",$session_length). + pack("v",$session_length). + pack("V",$session_offset). + "\x01\x02\x00\x00". + $domain_unicode. + $user_unicode. + $workstation_unicode. + $lm. + $ntlm + ); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_NTLM_STATE_START) + { + $client->error="NTLM authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "workstation"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_NTLM_STATE_IDENTIFY_DOMAIN: + $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE; + break; + case SASL_NTLM_STATE_RESPOND_CHALLENGE: + $ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]); + $message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_DONE; + break; + case SASL_NTLM_STATE_DONE: + $client->error="NTLM authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid NTLM authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 9ca76cf..35d79cd 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -127,4 +127,4 @@ syslog(LOG_WARNING, "user {$username} authenticated\n"); exit(0); -?> +?>
\ No newline at end of file diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 234f756..ca463e8 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -514,7 +514,7 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); } if ($settings['tls']) { - if (stristr($settings['mode'], "server")) + if ($mode == "server") $tlsopt = 0; else $tlsopt = 1; @@ -696,9 +696,9 @@ function openvpn_resync_all($interface = "") { } */ if ($interface <> "") - log_error("Resyncing openvpn instances configurations for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); + log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); else - log_error("Resyncing openvpn instances configurations."); + log_error("Resyncing OpenVPN instances."); if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index c68c3f7..1365f05 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1473,6 +1473,7 @@ function read_header($ch, $string) { function read_body($ch, $string) { global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; + global $pkg_interface; $length = strlen($string); $downloaded += intval($length); if($file_size > 0) { @@ -1482,11 +1483,25 @@ function read_body($ch, $string) { $downloadProgress = 0; if($lastseen <> $downloadProgress and $downloadProgress < 101) { if($sendto == "status") { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { + $tostatus = $static_status . $downloadProgress . "%"; + update_status($tostatus); + } + } else { $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); + update_status($tostatus); + } } else { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { + $tooutput = $static_output . $downloadProgress . "%"; + update_output_window($tooutput); + } + } else { $tooutput = $static_output . $downloadProgress . "%"; update_output_window($tooutput); + } } update_progress_bar($downloadProgress); $lastseen = $downloadProgress; @@ -1504,7 +1519,9 @@ function update_output_window($text) { global $pkg_interface; $log = ereg_replace("\n", "\\n", $text); if($pkg_interface != "console") { - echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>"; + echo "\n<script language=\"JavaScript\">\nthis.document.forms[0].output.value = \"" . $log . "\";\n"; + echo "this.document.forms[0].output.scrollTop = this.document.forms[0].output.scrollHeight;\n"; + echo "</script>"; } /* ensure that contents are written out */ ob_flush(); diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2371939..2563e44 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -98,7 +98,7 @@ conf_mount_ro(); * ******/ function remove_freebsd_package($packagestring) { - exec("/usr/sbin/pkg_delete -x {$packagestring}"); + exec("/usr/sbin/pkg_delete -x {$packagestring} 2>>/tmp/pkg_delete_errors.txt"); } /****f* pkg-utils/is_package_installed @@ -191,28 +191,34 @@ function get_pkg_sizes($pkgs = 'all') { * This function may also print output to the terminal indicating progress. */ function resync_all_package_configs($show_message = false) { - global $config, $pkg_interface; + global $config, $pkg_interface, $bootup; log_error("Resyncing configuration for all packages."); + if (!is_array($config['installedpackages']['package'])) return; + if($show_message == true) echo "Syncing packages:"; conf_mount_rw(); + foreach($config['installedpackages']['package'] as $idx => $package) { if (empty($package['name'])) continue; if($show_message == true) echo " " . $package['name']; get_pkg_depends($package['name'], "all"); - stop_service($package['name']); + if($bootup != true) + stop_service($package['name']); sync_package($idx, true, true); if($pkg_interface == "console") echo "\nSyncing packages:"; } + if($show_message == true) echo " done.\n"; + @unlink("/conf/needs_package_sync"); conf_mount_ro(); } @@ -222,6 +228,8 @@ function resync_all_package_configs($show_message = false) { * package is installed. */ function is_freebsd_pkg_installed($pkg) { + if(!$pkg) + return; $output = ""; exec("/usr/sbin/pkg_info -E \"{$pkg}*\"", $output, $retval); @@ -304,6 +312,14 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu function uninstall_package($pkg_name) { global $config, $static_output; + // Back up /usr/local/lib libraries first + if(!file_exists("/tmp/pkg_libs.tgz")) { + $static_output .= "Backing up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + $static_output .= "\n"; + } + $id = get_pkg_id($pkg_name); if ($id >= 0) { $pkg_depends =& $config['installedpackages']['package'][$id]['depends_on_package']; @@ -315,6 +331,12 @@ function uninstall_package($pkg_name) { } } delete_package_xml($pkg_name); + + // Restore libraries that we backed up + $static_output .= "Cleaning up... "; + update_output_window($static_output); + exec("/usr/bin/tar xzPfU /tmp/pkg_libs.tgz -C /"); + @unlink("/tmp/pkg_libs.tgz"); } function force_remove_package($pkg_name) { @@ -425,9 +447,8 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = $priv_url; if (substr($base_url, -1) == "/") $base_url = substr($base_url, 0, -1); - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Trying to download {$base_url}/{$filename} ... "; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; @@ -438,7 +459,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = update_output_window($static_output); return false; } else { - $static_output .= " downloaded from {$osname} repository instead of provided one.\n"; + $static_output .= " [{$osname} repository]\n"; update_output_window($static_output); } } @@ -459,8 +480,6 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = if (pkg_fetch_recursive($working_depend[1], $depend_filename, $dependlevel + 1, $base_url) == false) return false; } else { - //$dependlevel++; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; pkg_debug($working_depend[1] . "\n"); } } @@ -505,7 +524,7 @@ function install_package($package, $pkg_info = "") { if($pkg_interface == "console") print "\nERROR! Unable to fetch package configuration file. Aborting package installation.\n"; else { - $static_output .= "failed!\n\nInstallation aborted."; + $static_output .= "failed!\n\nInstallation aborted.\n"; update_output_window($static_output); echo "<br>Show <a href=\"pkg_mgr_install.php?showlog=true\">install log</a></center>"; } @@ -528,7 +547,8 @@ function install_package($package, $pkg_info = "") { $changedesc = "Overwrote previous installation of {$pkg_info['name']}."; $to_output = "overwrite!\n"; } - /* XXX: Fix inclusion of config.inc that causes data loss! */ + if(file_exists('/conf/needs_package_sync')) + @unlink('/conf/needs_package_sync'); conf_mount_ro(); write_config(); $static_output .= $to_output; @@ -620,18 +640,18 @@ function install_package_xml($pkg) { } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= "\nLoading package configuration... "; + $static_output .= "Loading package configuration... "; update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= "done.\n"; update_output_window($static_output); - $static_output .= "\tConfiguring package components...\n"; + $static_output .= "Configuring package components...\n"; if (!empty($pkg_config['filter_rules_needed'])) $config['installedpackages']['package'][$pkgid]['filter_rule_function'] = $pkg_config['filter_rules_needed']; update_output_window($static_output); /* modify system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) { if($ms['textneeded']) { @@ -643,7 +663,7 @@ function install_package_xml($pkg) { } /* download additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAdditional files... "; + $static_output .= "Additional files... "; $static_orig = $static_output; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { @@ -661,7 +681,7 @@ function install_package_xml($pkg) { if(!is_dir($prefix)) safe_mkdir($prefix); $static_output .= $filename . " "; - update_output_window($static_output); + update_output_window($static_output); if (download_file_with_progress_bar($afn['item'][0], $prefix . $filename) !== true) { $static_output .= "failed.\n"; update_output_window($static_output); @@ -697,7 +717,7 @@ function install_package_xml($pkg) { require_once($pkg_config['include_file']); else { $missing_include = true; - $static_output .= "\tInclude " . basename($pkg_config['include_file']) . " is missing!\n"; + $static_output .= "Include " . basename($pkg_config['include_file']) . " is missing!\n"; update_output_window($static_output); /* XXX: Should undo the steps before this?! */ return false; @@ -705,7 +725,7 @@ function install_package_xml($pkg) { } /* sidebar items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); foreach($pkg_config['menu'] as $menu) { if(is_array($config['installedpackages']['menu'])) @@ -719,7 +739,7 @@ function install_package_xml($pkg) { } /* integrated tab items */ if(is_array($pkg_config['tabs']['tab'])) { - $static_output .= "\tIntegrated Tab items... "; + $static_output .= "Integrated Tab items... "; update_output_window($static_output); foreach($pkg_config['tabs']['tab'] as $tab) { if(is_array($config['installedpackages']['tab'])) @@ -733,7 +753,7 @@ function install_package_xml($pkg) { } /* services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); foreach($pkg_config['service'] as $service) { if(is_array($config['installedpackages']['service'])) @@ -750,21 +770,21 @@ function install_package_xml($pkg) { update_output_window($static_output); if ($missing_include == false) { if($pkg_config['custom_php_global_functions'] <> "") { - $static_output .= "\tExecuting custom_php_global_functions()..."; + $static_output .= "Executing custom_php_global_functions()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_global_functions']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_install_command']) { - $static_output .= "\tExecuting custom_php_install_command()..."; + $static_output .= "Executing custom_php_install_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_install_command']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_resync_config_command'] <> "") { - $static_output .= "\tExecuting custom_php_resync_config_command()..."; + $static_output .= "Executing custom_php_resync_config_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_resync_config_command']); $static_output .= "done.\n"; @@ -795,36 +815,59 @@ function install_package_xml($pkg) { return true; } +function does_package_depend($pkg) { + // Should not happen, but just in case. + if(!$pkg) + return; + $pkg_var_db_dir = glob("/var/db/pkg/{$pkg}*"); + // If this package has dependency then return true + foreach($pkg_var_db_dir as $pvdd) { + if (file_exists("{$vardb}/{$pvdd}/+REQUIRED_BY") && count(file("{$vardb}/{$pvdd}/+REQUIRED_BY")) > 0) + return true; + } + // Did not find a record of dependencies, so return false. + return false; +} + function delete_package($pkg) { global $config, $g, $static_output, $vardb; - $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); + if(!$pkg) + return; + $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); - if (file_exists("{$vardb}/{$pkg}/+REQUIRED_BY") && count(file("{$vardb}/{$pkg}/+REQUIRED_BY")) > 0) { - $static_output .= "\tSkipping package deletion for {$pkg} because it is required by other packages.\n"; + // If package has dependencies then skip it + if(does_package_depend($pkg)) { + $static_output .= "Skipping package deletion for {$pkg} because it is a dependency.\n"; update_output_window($static_output); - return; + return; } else { if($pkg) - $static_output .= "\tStarting package deletion for {$pkg}..."; - update_output_window($static_output); + $static_output .= "Starting package deletion for {$pkg}..."; + update_output_window($static_output); } + $info = ""; exec("/usr/sbin/pkg_info -qrx {$pkg}", $info); remove_freebsd_package($pkg); $static_output .= "done.\n"; update_output_window($static_output); foreach($info as $line) { - $depend = trim(str_replace("@pkgdep", "", $line), " \n"); - delete_package($depend); + $depend = trim(str_replace("@pkgdep ", "", $line), " \n"); + // If package has dependencies then skip it + if(!does_package_depend($depend)) + delete_package($depend); } + /* Rescan directories for what has been left and avoid fooling other programs. */ + mwexec("/sbin/ldconfig"); + return; } function delete_package_xml($pkg) { - global $g, $config, $static_output, $pkg_interface; + global $g, $config, $static_output, $pkg_interface, $bootup; conf_mount_rw(); @@ -854,7 +897,7 @@ function delete_package_xml($pkg) { $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'], "packagegui"); /* remove tab items */ if(is_array($pkg_config['tabs'])) { - $static_output .= "\tTabs items... "; + $static_output .= "Tabs items... "; update_output_window($static_output); if(is_array($pkg_config['tabs']['tab']) && is_array($tabs)) { foreach($pkg_config['tabs']['tab'] as $tab) { @@ -871,7 +914,7 @@ function delete_package_xml($pkg) { } /* remove menu items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); if (is_array($pkg_config['menu']) && is_array($menus)) { foreach($pkg_config['menu'] as $menu) { @@ -888,13 +931,14 @@ function delete_package_xml($pkg) { } /* remove services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); if (is_array($pkg_config['service']) && is_array($services)) { foreach($pkg_config['service'] as $service) { foreach($services as $key => $instservice) { if($instservice['name'] == $service['name']) { - stop_service($service['name']); + if($bootup != true) + stop_service($service['name']); unset($services[$key]); } } @@ -924,7 +968,7 @@ function delete_package_xml($pkg) { else { $missing_include = true; update_output_window($static_output); - $static_output .= "\tInclude file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; + $static_output .= "Include file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; } } /* ermal @@ -940,7 +984,7 @@ function delete_package_xml($pkg) { } /* system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) if($ms['textneeded']) remove_text_from_file($ms['modifyfilename'], $ms['textneeded']); @@ -950,27 +994,26 @@ function delete_package_xml($pkg) { } /* deinstall commands */ if($pkg_config['custom_php_deinstall_command'] <> "") { - $static_output .= "\tDeinstall commands... "; + $static_output .= "Deinstall commands... "; update_output_window($static_output); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); $static_output .= "done.\n"; } else - $static_output .= "\n\tNot executing custom deinstall hook because an include is missing.\n"; + $static_output .= "\nNot executing custom deinstall hook because an include is missing.\n"; update_output_window($static_output); } if($pkg_config['include_file'] <> "") { - $static_output .= "\tRemoving package instructions..."; - update_output_window($static_output); - pkg_debug("Remove '{$pkg_config['include_file']}'\n"); - unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); + $static_output .= "Removing package instructions..."; + update_output_window($static_output); + pkg_debug("Remove '{$pkg_config['include_file']}'\n"); + unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); $static_output .= "done.\n"; - update_output_window($static_output); - - } + update_output_window($static_output); + } /* remove all additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAuxiliary files... "; + $static_output .= "Auxiliary files... "; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { $filename = get_filename_from_url($afn['item'][0]); @@ -978,14 +1021,13 @@ function delete_package_xml($pkg) { $prefix = $afn['prefix']; else $prefix = "/usr/local/pkg/"; - unlink_if_exists($prefix . $filename); } $static_output .= "done.\n"; update_output_window($static_output); } /* package XML file */ - $static_output .= "\tPackage XML... "; + $static_output .= "Package XML... "; update_output_window($static_output); unlink_if_exists("/usr/local/pkg/" . $packages[$pkgid]['configurationfile']); $static_output .= "done.\n"; @@ -993,7 +1035,7 @@ function delete_package_xml($pkg) { } /* syslog */ if(is_array($pkg_info['logging']) && $pkg_info['logging']['logfile_name'] <> "") { - $static_output .= "\tSyslog entries... "; + $static_output .= "Syslog entries... "; update_output_window($static_output); remove_text_from_file("/etc/syslog.conf", $pkg_info['logging']['facilityname'] . "\t\t\t\t" . $pkg_info['logging']['logfilename']); system_syslogd_start(); @@ -1001,9 +1043,10 @@ function delete_package_xml($pkg) { $static_output .= "done.\n"; update_output_window($static_output); } + conf_mount_ro(); /* remove config.xml entries */ - $static_output .= "\tConfiguration... "; + $static_output .= "Configuration... "; update_output_window($static_output); unset($config['installedpackages']['package'][$pkgid]); $static_output .= "done.\n"; @@ -1081,4 +1124,33 @@ function squash_from_bytes($size, $round = "") { return; } +function pkg_reinstall_all() { + global $g, $config; + $pkg_id = 0; + $todo = array(); + if (is_array($config['installedpackages']['package'])) + foreach($config['installedpackages']['package'] as $package) + $todo[] = array('name' => $package['name'], 'version' => $package['version']); + echo "One moment please, reinstalling packages...\n"; + echo " >>> Trying to fetch package info..."; + $pkg_info = get_pkg_info(); + if ($pkg_info) { + echo " Done.\n"; + } else { + $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n"; + return; + } + if(is_array($todo)) { + foreach($todo as $pkgtodo) { + $static_output = ""; + if($pkgtodo['name']) { + uninstall_package($pkgtodo['name']); + install_package($pkgtodo['name']); + $pkg_id++; + } + } + } +} + ?> diff --git a/etc/inc/plain_sasl_client.inc b/etc/inc/plain_sasl_client.inc new file mode 100644 index 0000000..c7feed0 --- /dev/null +++ b/etc/inc/plain_sasl_client.inc @@ -0,0 +1,99 @@ +<?php +/* + * plain_sasl_client.php + * + * @(#) $Id: plain_sasl_client.php,v 1.2 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_PLAIN_STATE_START", 0); +define("SASL_PLAIN_STATE_IDENTIFY", 1); +define("SASL_PLAIN_STATE_DONE", 2); + +define("SASL_PLAIN_DEFAULT_MODE", 0); +define("SASL_PLAIN_EXIM_MODE", 1); +define("SASL_PLAIN_EXIM_DOCUMENTATION_MODE", 2); + +class plain_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_PLAIN_STATE_START; + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_PLAIN_STATE_START) + { + $client->error="PLAIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "mode"=>"" + ); + $defaults=array( + "realm"=>"", + "mode"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + $this->state=SASL_PLAIN_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { +/* + case SASL_PLAIN_STATE_IDENTIFY: + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + var_dump($message); + $this->state=SASL_PLAIN_STATE_DONE; + break; +*/ + case SASL_PLAIN_STATE_DONE: + $client->error="PLAIN authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid PLAIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file diff --git a/etc/inc/sasl.inc b/etc/inc/sasl.inc new file mode 100644 index 0000000..d64442e --- /dev/null +++ b/etc/inc/sasl.inc @@ -0,0 +1,422 @@ +<?php +/* + * sasl.php + * + * @(#) $Id: sasl.php,v 1.11 2005/10/31 18:43:27 mlemos Exp $ + * + */ + +define("SASL_INTERACT", 2); +define("SASL_CONTINUE", 1); +define("SASL_OK", 0); +define("SASL_FAIL", -1); +define("SASL_NOMECH", -4); + +class sasl_interact_class +{ + var $id; + var $challenge; + var $prompt; + var $default_result; + var $result; +}; + +/* +{metadocument}<?xml version="1.0" encoding="ISO-8859-1" ?> +<class> + + <package>net.manuellemos.sasl</package> + + <version>@(#) $Id: sasl.php,v 1.11 2005/10/31 18:43:27 mlemos Exp $</version> + <copyright>Copyright © (C) Manuel Lemos 2004</copyright> + <title>Simple Authentication and Security Layer client</title> + <author>Manuel Lemos</author> + <authoraddress>mlemos-at-acm.org</authoraddress> + + <documentation> + <idiom>en</idiom> + <purpose>Provide a common interface to plug-in driver classes that + implement different mechanisms for authentication used by clients of + standard protocols like SMTP, POP3, IMAP, HTTP, etc.. Currently the + supported authentication mechanisms are: <tt>PLAIN</tt>, + <tt>LOGIN</tt>, <tt>CRAM-MD5</tt>, <tt>Digest</tt> and <tt>NTML</tt> + (Windows or Samba).</purpose> + <usage>.</usage> + </documentation> + +{/metadocument} +*/ + +class sasl_client_class +{ + /* Public variables */ + +/* +{metadocument} + <variable> + <name>error</name> + <type>STRING</type> + <value></value> + <documentation> + <purpose>Store the message that is returned when an error + occurs.</purpose> + <usage>Check this variable to understand what happened when a call to + any of the class functions has failed.<paragraphbreak /> + This class uses cumulative error handling. This means that if one + class functions that may fail is called and this variable was + already set to an error message due to a failure in a previous call + to the same or other function, the function will also fail and does + not do anything.<paragraphbreak /> + This allows programs using this class to safely call several + functions that may fail and only check the failure condition after + the last function call.<paragraphbreak /> + Just set this variable to an empty string to clear the error + condition.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $error=''; + +/* +{metadocument} + <variable> + <name>mechanism</name> + <type>STRING</type> + <value></value> + <documentation> + <purpose>Store the name of the mechanism that was selected during the + call to the <functionlink>Start</functionlink> function.</purpose> + <usage>You can access this variable but do not change it.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $mechanism=''; + +/* +{metadocument} + <variable> + <name>encode_response</name> + <type>BOOLEAN</type> + <value>1</value> + <documentation> + <purpose>Let the drivers inform the applications whether responses + need to be encoded.</purpose> + <usage>Applications should check this variable before sending + authentication responses to the server to determine if the + responses need to be encoded, eventually with base64 algorithm.</usage> + </documentation> + </variable> +{/metadocument} +*/ + var $encode_response=1; + + /* Private variables */ + + var $driver; + var $drivers=array( + "Digest" => array("digest_sasl_client_class", "digest_sasl_client.inc" ), + "CRAM-MD5" => array("cram_md5_sasl_client_class", "cram_md5_sasl_client.inc" ), + "LOGIN" => array("login_sasl_client_class", "login_sasl_client.inc" ), + "NTLM" => array("ntlm_sasl_client_class", "ntlm_sasl_client.inc" ), + "PLAIN" => array("plain_sasl_client_class", "plain_sasl_client.inc" ), + "Basic" => array("basic_sasl_client_class", "basic_sasl_client.inc" ) + ); + var $credentials=array(); + + /* Public functions */ + +/* +{metadocument} + <function> + <name>SetCredential</name> + <type>VOID</type> + <documentation> + <purpose>Store the value of a credential that may be used by any of + the supported mechanisms to process the authentication messages and + responses.</purpose> + <usage>Call this function before starting the authentication dialog + to pass all the credential values that be needed to use the type + of authentication that the applications may need.</usage> + <returnvalue>.</returnvalue> + </documentation> + <argument> + <name>key</name> + <type>STRING</type> + <documentation> + <purpose>Specify the name of the credential key.</purpose> + </documentation> + </argument> + <argument> + <name>value</name> + <type>STRING</type> + <documentation> + <purpose>Specify the value for the credential.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function SetCredential($key,$value) + { + $this->credentials[$key]=$value; + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>GetCredentials</name> + <type>INTEGER</type> + <documentation> + <purpose>Retrieve the values of one or more credentials to be used by + the authentication mechanism classes.</purpose> + <usage>This is meant to be used by authentication mechanism driver + classes to retrieve the credentials that may be neede.</usage> + <returnvalue>The function may return <tt>SASL_CONTINUE</tt> if it + succeeded, or <tt>SASL_NOMECH</tt> if it was not possible to + retrieve one of the requested credentials.</returnvalue> + </documentation> + <argument> + <name>credentials</name> + <type>HASH</type> + <documentation> + <purpose>Reference to an associative array variable with all the + credentials that are being requested. The function initializes + this associative array values.</purpose> + </documentation> + </argument> + <argument> + <name>defaults</name> + <type>HASH</type> + <documentation> + <purpose>Associative arrays with default values for credentials + that may have not been defined.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to retrieve credentials that may be obtained + interacting with the user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function GetCredentials(&$credentials,$defaults,&$interactions) + { + Reset($credentials); + $end=(GetType($key=Key($credentials))!="string"); + for(;!$end;) + { + if(!IsSet($this->credentials[$key])) + { + if(IsSet($defaults[$key])) + $credentials[$key]=$defaults[$key]; + else + { + $this->error="the requested credential ".$key." is not defined"; + return(SASL_NOMECH); + } + } + else + $credentials[$key]=$this->credentials[$key]; + Next($credentials); + $end=(GetType($key=Key($credentials))!="string"); + } + return(SASL_CONTINUE); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>Start</name> + <type>INTEGER</type> + <documentation> + <purpose>Process the initial authentication step initializing the + driver class that implements the first of the list of requested + mechanisms that is supported by this SASL client library + implementation.</purpose> + <usage>Call this function specifying a list of mechanisms that the + server supports. If the <argumentlink> + <argument>message</argument> + <function>Start</function> + </argumentlink> argument returns a string, it should be sent to + the server as initial message. Check the + <variablelink>encode_response</variablelink> variable to determine + whether the initial message needs to be encoded, eventually with + base64 algorithm, before it is sent to the server.</usage> + <returnvalue>The function may return <tt>SASL_CONTINUE</tt> if it + could start one of the requested authentication mechanisms. It + may return <tt>SASL_NOMECH</tt> if it was not possible to start + any of the requested mechanisms. It returns <tt>SASL_FAIL</tt> or + other value in case of error.</returnvalue> + </documentation> + <argument> + <name>mechanisms</name> + <type>ARRAY</type> + <inout /> + <documentation> + <purpose>Define the list of names of authentication mechanisms + supported by the that should be tried.</purpose> + </documentation> + </argument> + <argument> + <name>message</name> + <type>STRING</type> + <out /> + <documentation> + <purpose>Return the initial message that should be sent to the + server to start the authentication dialog. If this value is + undefined, no message should be sent to the server.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to interact with the end user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function Start($mechanisms, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + if(IsSet($this->driver)) + return($this->driver->Start($this,$message,$interactions)); + $no_mechanism_error=""; + for($m=0;$m<count($mechanisms);$m++) + { + $mechanism=$mechanisms[$m]; + if(IsSet($this->drivers[$mechanism])) + { + if(!class_exists($this->drivers[$mechanism][0])) + require(dirname(__FILE__)."/".$this->drivers[$mechanism][1]); + $this->driver=new $this->drivers[$mechanism][0]; + if($this->driver->Initialize($this)) + { + $this->encode_response=1; + $status=$this->driver->Start($this,$message,$interactions); + switch($status) + { + case SASL_NOMECH: + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + break; + case SASL_CONTINUE: + $this->mechanism=$mechanism; + return($status); + default: + Unset($this->driver); + $this->error=""; + return($status); + } + } + else + { + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + } + } + } + $this->error=(strlen($no_mechanism_error) ? $no_mechanism_error : "it was not requested any of the authentication mechanisms that are supported"); + return(SASL_NOMECH); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +/* +{metadocument} + <function> + <name>Step</name> + <type>INTEGER</type> + <documentation> + <purpose>Process the authentication steps after the initial step, + until the authetication iteration dialog is complete.</purpose> + <usage>Call this function iteratively after a successful initial + step calling the <functionlink>Start</functionlink> function.</usage> + <returnvalue>The function returns <tt>SASL_CONTINUE</tt> if step was + processed successfully, or returns <tt>SASL_FAIL</tt> in case of + error.</returnvalue> + </documentation> + <argument> + <name>response</name> + <type>STRING</type> + <in /> + <documentation> + <purpose>Pass the response returned by the server to the previous + step.</purpose> + </documentation> + </argument> + <argument> + <name>message</name> + <type>STRING</type> + <out /> + <documentation> + <purpose>Return the message that should be sent to the server to + continue the authentication dialog. If this value is undefined, + no message should be sent to the server.</purpose> + </documentation> + </argument> + <argument> + <name>interactions</name> + <type>ARRAY</type> + <documentation> + <purpose>Not yet in use. It is meant to provide context + information to interact with the end user.</purpose> + </documentation> + </argument> + <do> +{/metadocument} +*/ + Function Step($response, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + return($this->driver->Step($this,$response,$message,$interactions)); + } +/* +{metadocument} + </do> + </function> +{/metadocument} +*/ + +}; + +/* + +{metadocument} +</class> +{/metadocument} + +*/ + +?> diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7c61546..692f1a5 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -122,20 +122,20 @@ function get_bandwidthtype_scale($type) { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: $factor = 1; break; } - return floatval($factor); + return intval($factor); } function get_hfsc_bandwidth($object, $bw) @@ -2943,12 +2943,12 @@ class dnpipe_class extends dummynet_class { function build_form() { $form = "<tr><td valign=\"center\" class=\"vncellreq\"><br>"; - $form .= "Enable/Disable"; + $form .= "Enable"; $form .= "</td><td class=\"vncellreq\">"; $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> Enable/Disable limiter and its children</span>"; + $form .= " ><span class=\"vexpl\"> Enable limiter and its children</span>"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 06ec9fc..d2eb733 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -86,12 +86,6 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); - if (!$fd) { - printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); - return 1; - } - $resolvconf = "domain {$syscfg['domain']}\n"; $havedns = false; @@ -122,6 +116,12 @@ function system_resolvconf_generate($dynupdate = false) { } } + $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); + if (!$fd) { + printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); + return 1; + } + fwrite($fd, $resolvconf); fclose($fd); @@ -158,11 +158,16 @@ function get_searchdomains() { $master_list = array(); // Read in dhclient nameservers - $search_list = split("\n", `/bin/cat /var/etc/searchdomain_* 2>/dev/null`); + $search_list = glob("/var/etc/searchdomain_*"); if (is_array($search_lists)) { - foreach($search_lists as $dns) { - if(is_hostname($dns)) - $master_list[] = $dns; + foreach($search_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_hostname($dns)) + $master_list[] = $dns; + } } } @@ -174,21 +179,27 @@ function get_nameservers() { $master_list = array(); // Read in dhclient nameservers - $dns_lists = split("\n", `/bin/cat /var/etc/nameserver_* 2>/dev/null`); + $dns_lists = glob("/var/etc/nameserver_*"); if (is_array($dns_lists)) { - foreach($dns_lists as $dns) { - if(is_ipaddr($dns)) - $master_list[] = $dns; + foreach($dns_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_ipaddr($dns)) + $master_list[] = $dns; + } } } // Read in any extra nameservers if(file_exists("/var/etc/nameservers.conf")) { - $dns_lists = split("\n", `/bin/cat /var/etc/nameservers.conf`); - if(is_array($dns_s)) + $dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if(is_array($dns_s)) { foreach($dns_s as $dns) if (is_ipaddr($dns)) $master_list[] = $dns; + } } return $master_list; @@ -391,8 +402,8 @@ function system_routing_configure($interface = "") { if(isset($route_arr['default'])) { $action = "change"; } - log_error("ROUTING: $action IPv4 default route to $gatewayip"); - mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip)); + log_error("ROUTING: $action default route to $gatewayip"); + mwexec("/sbin/route {$action} -inet default " . escapeshellarg($gatewayip)); } } @@ -445,10 +456,17 @@ function system_routing_configure($interface = "") { $inet6 = ""; } if (is_ipaddr($gatewayip)) { +<<<<<<< HEAD mwexec("/sbin/route {$action} {$inet6} " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); } else if (!empty($interfacegw)) { mwexec("/sbin/route {$action} {$inet6} " . escapeshellarg($rtent['network']) . +======= + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . + " " . escapeshellarg($gatewayip)); + } else if (!empty($interfacegw)) { + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . +>>>>>>> upstream/master " -iface " . escapeshellarg($interfacegw)); } } @@ -1154,7 +1172,7 @@ EOD; fwrite($fd, "\n"); fwrite($fd, $key); fclose($fd); - if($ca <> "") { + if(!(empty($ca) || (strlen(trim($ca)) == 0))) { $fd = fopen("{$g['varetc_path']}/{$ca_location}", "w"); if (!$fd) { printf("Error: cannot open ca.pem in system_webgui_start().\n"); @@ -1168,7 +1186,7 @@ EOD; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - if($ca <> "") + if(!(empty($ca) || (strlen(trim($ca)) == 0))) $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; } diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 9f7be86..9be7ae0 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -709,10 +709,14 @@ function upgrade_040_to_041() { $config['sysctl']['item'][19]['descr'] = "Set the ephemeral port range starting port"; $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot "; + $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot"; $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; $config['sysctl']['item'][20]['value'] = "default"; + $config['sysctl']['item'][21]['tunable'] = "kern.ipc.maxsockbuf"; + $config['sysctl']['item'][21]['descr'] = "Maximum socket buffer size"; + $config['sysctl']['item'][21]['value'] = "default"; + } } @@ -817,8 +821,7 @@ function upgrade_044_to_045() { $iflist = get_configured_interface_list(false, true); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $id => $vlan) { - $vlan['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; - $config['vlans']['vlan'][$id] = $vlan; + $config['vlans']['vlan'][$id]['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; /* Make sure to update the interfaces section with the right name */ foreach($iflist as $ifname) { if($config['interfaces'][$ifname]['if'] == "vlan{$id}") { @@ -1083,8 +1086,8 @@ function upgrade_047_to_048() { $tempdyn['enable'] = isset($config['dyndns'][0]['enable']); $tempdyn['type'] = $config['dyndns'][0]['type']; $tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']); - $tempdyn['usernamefld'] = $config['dyndns'][0]['username']; - $tempdyn['passwordfld'] = $config['dyndns'][0]['password']; + $tempdyn['username'] = $config['dyndns'][0]['username']; + $tempdyn['password'] = $config['dyndns'][0]['password']; $tempdyn['host'] = $config['dyndns'][0]['host']; $tempdyn['mx'] = $config['dyndns'][0]['mx']; $tempdyn['interface'] = "wan"; @@ -2282,4 +2285,9 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } +function upgrade_075_to_076() { + require_once("services.inc"); + install_cron_job("/usr/bin/nice -n20 /etc/rc.update_urltables", true, "30", "12"); +} + ?> diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 494f81b..f3cb60b 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1311,6 +1311,19 @@ function start_devd() { sleep(1); } +function is_interface_vlan_mismatch() { + global $config, $g; + + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if (does_interface_exist($vlan['if']) == false) + return true; + } + } + + return false; +} + function is_interface_mismatch() { global $config, $g; diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 5c1d132..febb0f7 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -1,6 +1,8 @@ <?php /* - Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>. + Copyright (C) 2010 Ermal Luci <ermal.luci@gmail.com> + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2007 Marcel Wiget <mwiget@mac.com> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,6 +34,8 @@ */ /* include all configuration functions */ +if(!function_exists('captiveportal_syslog')) + require_once("captiveportal.inc"); function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { global $g, $config; @@ -140,7 +144,7 @@ function voucher_auth($voucher_received, $test = 0) { list($status, $roll, $nr) = explode(" ", $result); if ($status == "OK") { if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit + // store first voucher. Thats the one we give the timecredit $first_voucher = $voucher; $first_voucher_roll = $roll; } @@ -166,6 +170,7 @@ function voucher_auth($voucher_received, $test = 0) { $mask = 1 << ($nr % 8); if (ord($bitstring[$roll][$pos]) & $mask) { $test_result[] = "$voucher ($roll/$nr) already used and expired"; + captiveportal_syslog("$voucher ($roll/$nr) already used and expired"); $total_minutes = -1; // voucher expired $error++; } else { @@ -177,10 +182,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; + captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected $test_result[] = "$voucher invalid: $result !!"; + captiveportal_syslog("$voucher invalid: $result !!"); $error++; } } @@ -192,7 +199,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = "Access granted for $total_minutes Minutes in total."; } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -201,7 +208,7 @@ function voucher_auth($voucher_received, $test = 0) { // the user wouldn't know that he used at least one invalid voucher. if ($error) { - unlock($voucherlck); + unlock($voucherlck); if ($total_minutes > 0) // probably not needed, but want to make sure $total_minutes = 0; // we only report -1 (expired) or 0 (no access) return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS @@ -273,8 +280,8 @@ function voucher_configure() { $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { - log_error("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); + captiveportal_syslog("Voucher error: cannot write voucher.public\n"); + unlock($voucherlck); return 1; } fwrite($fd, $pubkey); @@ -291,13 +298,13 @@ function voucher_configure() { fwrite($fd, "{$config['voucher']['rollbits']},{$config['voucher']['ticketbits']},{$config['voucher']['checksumbits']},{$config['voucher']['magic']},{$config['voucher']['charset']}\n"); fclose($fd); @chmod("{$g['varetc_path']}/voucher.cfg", 0600); - unlock($voucherlck); + unlock($voucherlck); if ($g['booting'] && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher'); foreach ($a_roll as $rollent) { @@ -319,7 +326,7 @@ function voucher_configure() { voucher_write_active_db($roll, $active_vouchers); } - unlock($voucherlck); + unlock($voucherlck); echo "done\n"; } @@ -452,7 +459,7 @@ function voucher_save_db_to_config() { $rollent['used'] = base64_encode($bitmask); $active_vouchers = voucher_read_active_db($roll); $db = array(); - $dbi = 1; + $dbi = 1; foreach($active_vouchers as $voucher => $line) { list($timestamp,$minutes) = explode(",", $line); $activent['voucher'] = $voucher; @@ -470,4 +477,4 @@ function voucher_save_db_to_config() { return; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ef06f61..e4b49ec 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -636,11 +636,12 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ if (($localid_type == "none") || (($ph1ent['authentication_method'] == "xauth_psk_server") || ($ph1ent['authentication_method'] == "pre_shared_key")) - && isset($ph1ent['mobile'])) + && isset($ph1ent['mobile']) + && (ipsec_get_number_of_phase2($ikeid)==1)) $localid_spec = " "; else { if ($localid_type != "address") { @@ -879,7 +880,9 @@ EOD; /* mange racoon process */ if (is_process_running("racoon")) { sleep("0.1"); - mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + /* XXX: This seems to not work in ipsec-tools 0.7.3 but a HUP signal is equivalent. */ + //mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + sigkillbypid("{$g['varrun_path']}/racoon.pid", "HUP"); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { @@ -968,7 +971,9 @@ function vpn_netgraph_support() { foreach ($iflist as $iface) { $realif = get_real_interface($iface); /* Get support for netgraph(4) from the nic */ - pfSense_ngctl_attach(".", $realif); + $ifinfo = pfSense_get_interface_addresses($realif); + if (!empty($ifinfo) && in_array($ifinfo['iftype'], array("ether", "vlan", "bridge"))) + pfSense_ngctl_attach(".", $realif); } } @@ -1300,8 +1305,14 @@ EOD; } if (isset ($pppoecfg['radius']['server']['enable'])) { + $radiusport = ""; + $radiusacctport = ""; + if (isset($pppoecfg['radius']['server']['port'])) + $radiusport = $pppoecfg['radius']['server']['port']; + if (isset($pppoecfg['radius']['server']['acctport'])) + $radiusacctport = $pppoecfg['radius']['server']['acctport']; $mpdconf .=<<<EOD - set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']} {$radiusport} {$radiusacctport}" set radius retries 3 set radius timeout 10 set auth enable radius-auth diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 75871a9..3e32d68 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -229,7 +229,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= str_repeat("\t", $indent); if((is_bool($cval) && $cval == true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; - } else if (substr($ent, 0, 5) == "descr") { + } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; @@ -253,7 +253,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - if (substr($ent, 0, 5) == "descr") + if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; else $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index ef4fc19..ae725e5 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -139,4 +139,4 @@ function xmlrpc_auth(&$params) { return false; } -?> +?>
\ No newline at end of file |
