diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 185 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 4 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 44 | ||||
| -rw-r--r-- | etc/inc/rrd.inc | 3 | ||||
| -rw-r--r-- | etc/inc/services.inc | 2 | ||||
| -rw-r--r-- | etc/inc/system.inc | 20 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 56 | ||||
| -rw-r--r-- | etc/inc/voucher.inc | 13 | ||||
| -rw-r--r-- | etc/inc/vpn.inc | 6 | ||||
| -rwxr-xr-x | etc/rc.filter_synchronize | 410 | ||||
| -rwxr-xr-x | etc/rc.php_ini_setup | 2 |
11 files changed, 482 insertions, 263 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9c78017..37f195c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1,9 +1,12 @@ <?php /* captiveportal.inc - part of m0n0wall (http://m0n0.ch/wall) + part of pfSense (http://www.pfSense.org) - Copyright (C) 2009 Ermal Luçi + originally part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2009 Ermal Luçi <ermal.luci@gmail.com> Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -91,30 +94,77 @@ function captiveportal_configure() { else { /* example/template page */ $htmltext = <<<EOD -<html> -<head> -<title>{$g['product_name']} captive portal</title> -</head> -<body> -<center> -<h2>{$g['product_name']} captive portal</h2> -Welcome to the {$g['product_name']} Captive Portal! -<p> -<form method="post" action="\$PORTAL_ACTION\$"> -<input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> -<table> - <tr><td>Username:</td><td><input name="auth_user" type="text"></td></tr> - <tr><td>Password:</td><td><input name="auth_pass" type="password"></td></tr> - <tr><td> </td></tr> - <tr> - <td colspan="2"> - <center><input name="accept" type="submit" value="Continue"></center> - </td> - </tr> -</table> -</center> -</form> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> @@ -142,18 +192,77 @@ EOD; else { /* example page */ $errtext = <<<EOD -<html> -<head> -<title>Authentication error</title> -</head> -<body> -<font color="#cc0000"><h2>Authentication error</h2></font> -<b> -Username and/or password invalid. -<br><br> -<a href="javascript:history.back(); ">Go back</a> -</b> -</body> +<html> + <body> + <form method="post" action="$PORTAL_ACTION$"> + <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"> + <center> + <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> + <tr height="10" bgcolor="#990000"> + <td style="border-bottom:1px solid #000000"> + <font color='white'> + <b> + {$g['product_name']} captive portal + </b> + </font> + </td> + </tr> + <tr> + <td> + <div id="mainlevel"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="0"> + <tr> + <td> + <center> + <div id="mainarea"> + <center> + <table width="100%" border="0" cellpadding="5" cellspacing="5"> + <tr> + <td> + <div id="maindivarea"> + <center> + <div id='statusbox'> + <font color='red' face='arial' size='+1'> + <b> + $PORTAL_MESSAGE$ + </b> + </font> + </div> + <br/> + <div id='loginbox'> + <table> + <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> + <tr><td> </td></tr> + <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> + <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> + <tr><td> </td></tr> + <tr> + <td colspan="2"> + <center><input name="accept" type="submit" value="Continue"></center> + </td> + </tr> + </table> + </div> + </center> + </div> + </td> + </tr> + </table> + </center> + </div> + </center> + </td> + </tr> + </table> + </center> + </div> + </td> + </tr> + </table> + </center> + </form> + </body> </html> EOD; diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index aa3fff5..ec11bf0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -160,7 +160,7 @@ function filter_delete_states_for_down_gateways() { if (!is_ipaddr($gwip)) $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gateway['srcip']} "; + $cmd = "/sbin/pfctl -b {$gwstatus['srcip']} "; if (is_ipaddr($gwip)) $cmd .= "-b {$gwip}"; mwexec($cmd); @@ -1457,7 +1457,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 44bad2b..18dc18f 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1059,7 +1059,7 @@ function interface_ppps_configure($interface) { if($g['booting']) { $descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface); - echo " configuring {$upper_type} on {$descr} interface...\n"; + echo "starting {$pppif} link..."; // Do not re-configure the interface if we are booting and it's already been started if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) return 0; @@ -1689,7 +1689,7 @@ function interface_carp_configure(&$vip) { /* Ensure CARP IP really exists prior to loading up. */ $ww_subnet_ip = find_interface_ip($realif); $ww_subnet_bits = find_interface_subnet($realif); - if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits)) { + if (!ip_in_subnet($vip['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits) && !ip_in_interface_alias_subnet($vip['interface'], $vip['subnet'])) { file_notice("CARP", sprintf(gettext("Sorry but we could not find a matching real interface subnet for the virtual IP address %s."), $vip['subnet']), "Firewall: Virtual IP", ""); return; } @@ -2489,6 +2489,10 @@ function interface_configure($interface = "wan", $reloadall = false) { link_interface_to_vips($interface, "update"); + $grouptmp = link_interface_to_group($interface); + if (!empty($grouptmp)) + interface_group_add_member($realif, $grouptmp); + if ($interface == "lan") /* make new hosts file */ system_hosts_generate(); @@ -2627,6 +2631,10 @@ function interface_group_setup(&$groupname /* The parameter is an array */) { return; } + +function interface_group_add_member($interface, $groupname) { + mwexec("/sbin/ifconfig {$interface} group {$groupname}", true); +} /* COMPAT Function */ function convert_friendly_interface_to_real_interface_name($interface) { @@ -2667,7 +2675,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if ($config['interfaces'][$if]['if'] == $interface) return $if; - if (get_real_interface($if) == $interface) + if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; $int = interface_translate_type_to_real($if); @@ -3026,6 +3034,17 @@ function link_interface_to_bridge($int) { } } +function link_interface_to_group($int) { + global $config; + + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $group) { + if (in_array($int, explode(" ", $groupname['members']))) + return "{$group['ifname']}"; + } + } +} + function link_interface_to_gre($interface) { global $config; @@ -3081,6 +3100,25 @@ function find_interface_subnet($interface, $flush = false) return $interface_sn_arr_cache[$interface]; } +function ip_in_interface_alias_subnet($interface, $ipalias) { + global $config; + + if (empty($interface) || !is_ipaddr($ipalias)) + return 0; + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + switch ($vip['mode']) { + case "ipalias": + if ($vip['interface'] <> $interface) + continue; + if (ip_in_subnet($ipalias, gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'])) + return 1; + break; + } + } + } +} + function get_interface_ip($interface = "wan") { $realif = get_real_interface($interface); diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index da7f7e4..574c6a6 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -371,6 +371,7 @@ function enable_rrd_graphing() { foreach($config['openvpn']['openvpn-server'] as $server) { if("ovpns{$server['vpnid']}" == $ifname) { $port = $server['local_port']; + $vpnid = $server['vpnid']; } } } @@ -383,7 +384,7 @@ function enable_rrd_graphing() { $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; - $rrdupdatesh .= "`list_current_users | nc localhost {$port} | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n"; + $rrdupdatesh .= "`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; } /* QUEUES, set up the queues databases */ diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4b98634..682472a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -356,6 +356,8 @@ EOD; $dhhostname = str_replace(".", "_", $dhhostname); $dhcpdconf .= " option host-name {$dhhostname};\n"; } + if ($sm['netbootfile']) + $dhcpdconf .= " filename \"{$sm['netbootfile']}\";\n"; $dhcpdconf .= "}\n"; $i++; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index aae2e07..bcc0e0e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -233,20 +233,20 @@ function system_hosts_generate() { } function system_dhcpleases_configure() { - global $configure, $g; - + global $config, $g; + /* Start the monitoring process for dynamic dhcpclients. */ if (isset($config['dnsmasq']['regdhcp'])) { /* Make sure we do not error out */ @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); - if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); - else - mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$syscfg['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); - } else { - sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); - @unlink("{$g['varrun_path']}/dhcpleases.pid"); - } + if (file_exists("{$g['varrun_path']}/dhcpleases.pid")) + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); + else + mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); + } else { + sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); + @unlink("{$g['varrun_path']}/dhcpleases.pid"); + } } function system_hostname_configure() { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index f782b45..cd7d75a 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1415,6 +1415,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $server['vpnid'] = $vpnid++; + if (!empty($server['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $server['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $server['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $server['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpns{$server['vpnid']}"; + break; + } + } + } + } + $config['openvpn']['openvpn-server'][] = $server; } unset($config['installedpackages']['openvpnserver']); @@ -1489,6 +1517,34 @@ function upgrade_051_to_052() { /* allocate vpnid */ $client['vpnid'] = $vpnid++; + if (!empty($client['custom_options'])) { + $cstmopts = array(); + $tmpcstmopts = explode(";", $client['custom_options']); + $assigned = false; + $tmpstr = ""; + foreach ($tmpcstmopts as $tmpcstmopt) { + $tmpstr = str_replace(" ", "", $tmpcstmopt); + if (substr($tmpstr,0 ,6) == "devtun") { + $assigned = true; + continue; + } else if (substr($tmpstr, 0, 5) == "local") { + $localip = substr($tmpstr, 6); + $client['ipaddr'] = str_replace("\n", "", $localip); + } else + $cstmopts[] = $tmpcstmopt; + } + $client['custom_options'] = implode(";", $cstmopts); + if ($assigned == true) { + $realif = substr($tmpstr, 3); + foreach ($config['interfaces'] as $iface => $cfgif) { + if ($cfgif['if'] == $realif) { + $config['interfaces'][$iface]['if'] = "ovpnc{$client['vpnid']}"; + break; + } + } + } + } + if (!empty($client['disable'])) $client['disable'] = true; else diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 29e35c8..6ea0732 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -145,9 +145,16 @@ function voucher_auth($voucher_received, $test = 0) { // All given vouchers were valid and this isn't simply a test. // Write back the used DB's - if (is_array($bitstring)) - foreach ($bitstring as $roll => $used) - voucher_write_used_db($roll, base64_encode($used)); + if (is_array($bitstring)) { + foreach ($bitstring as $roll => $used) { + if(is_array($used)) { + foreach($used as $u) + voucher_write_used_db($roll, base64_encode($u)); + } else { + voucher_write_used_db($roll, base64_encode($used)); + } + } + } // Active DB: we only add the first voucher if multiple given // and give that one all the time credit. This allows the user to logout and diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 922cd5f..ab8d474 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1213,7 +1213,7 @@ EOD; $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); - if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['server']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; } else { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; @@ -1273,9 +1273,9 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - if (isset ($pppoecfg['radius']['enable'])) { + if (isset ($pppoecfg['radius']['server']['enable'])) { $mpdconf .=<<<EOD - set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" set radius retries 3 set radius timeout 10 set auth enable radius-auth diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index ff5156f..7731302 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -48,104 +48,104 @@ require_once("interfaces.inc"); * the configuration section */ function backup_vip_config_section() { - global $config; - $new_section = &$config['virtualip']; - foreach($new_section['vip'] as $section) { - if($section['mode'] == "proxyarp") { - unset($section); - } - if($section['advskew'] <> "") { - $section_val = intval($section['advskew']); - $section_val=$section_val+100; - if($section_val > 255) - $section_val = 255; - $section['advskew'] = $section_val; - } - $temp['vip'][] = $section; - } - return $temp; + global $config; + $new_section = &$config['virtualip']; + foreach($new_section['vip'] as $section) { + if($section['mode'] == "proxyarp") { + unset($section); + } + if($section['advskew'] <> "") { + $section_val = intval($section['advskew']); + $section_val=$section_val+100; + if($section_val > 255) + $section_val = 255; + $section['advskew'] = $section_val; + } + $temp['vip'][] = $section; + } + return $temp; } function remove_special_characters($string) { - $match_array = ""; - preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); - $string = ""; - foreach ($match_array[0] as $ma) { - if ($string <> "") - $string .= " "; - $string .= $ma; - } - return $string; + $match_array = ""; + preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array); + $string = ""; + foreach ($match_array[0] as $ma) { + if ($string <> "") + $string .= " "; + $string .= $ma; + } + return $string; } function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') { - global $config, $g; + global $config, $g; - if(file_exists("{$g['varrun_path']}/booting")) - return; + if(file_exists("{$g['varrun_path']}/booting")) + return; - update_filter_reload_status("Syncing CARP data to {$url}"); + update_filter_reload_status("Syncing CARP data to {$url}"); - /* make a copy of config */ - $config_copy = $config; + /* make a copy of config */ + $config_copy = $config; - /* strip out nosync items */ - if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { - $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); - for ($x = 0; $x < $rulescnt; $x++) { - $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); - } + /* strip out nosync items */ + if (is_array($config_copy['nat']['advancedoutbound']['rule'])) { + $rulescnt = count($config_copy['nat']['advancedoutbound']['rule']); + for ($x = 0; $x < $rulescnt; $x++) { + $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['advancedoutbound']['rule'][$x]); } - if (is_array($config_copy['nat']['rule'])) { + } + if (is_array($config_copy['nat']['rule'])) { $natcnt = count($config_copy['nat']['rule']); - for ($x = 0; $x < $natcnt; $x++) { - $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); - if (isset ($config_copy['nat']['rule'][$x]['nosync'])) - unset ($config_copy['nat']['rule'][$x]); + for ($x = 0; $x < $natcnt; $x++) { + $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']); + if (isset ($config_copy['nat']['rule'][$x]['nosync'])) + unset ($config_copy['nat']['rule'][$x]); } - } - if (is_array($config_copy['filter']['rule'])) { + } + if (is_array($config_copy['filter']['rule'])) { $filtercnt = count($config_copy['filter']['rule']); - for ($x = 0; $x < $filtercnt; $x++) { - $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); - if (isset ($config_copy['filter']['rule'][$x]['nosync'])) - unset ($config_copy['filter']['rule'][$x]); + for ($x = 0; $x < $filtercnt; $x++) { + $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']); + if (isset ($config_copy['filter']['rule'][$x]['nosync'])) + unset ($config_copy['filter']['rule'][$x]); } - } - if (is_array($config_copy['aliases']['alias'])) { + } + if (is_array($config_copy['aliases']['alias'])) { $aliascnt = count($config_copy['aliases']['alias']); - for ($x = 0; $x < $aliascnt; $x++) { - $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); - if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) - unset ($config_copy['aliases']['alias'][$x]); - } + for ($x = 0; $x < $aliascnt; $x++) { + $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']); + if (isset ($config_copy['aliases']['alias'][$x]['nosync'])) + unset ($config_copy['aliases']['alias'][$x]); } - if (is_array($config_copy['dnsmasq']['hosts'])) { + } + if (is_array($config_copy['dnsmasq']['hosts'])) { $dnscnt = count($config_copy['dnsmasq']['hosts']); - for ($x = 0; $x < $dnscnt; $x++) { - $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); - if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) - unset ($config_copy['dnsmasq']['hosts'][$x]); - } + for ($x = 0; $x < $dnscnt; $x++) { + $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']); + if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync'])) + unset ($config_copy['dnsmasq']['hosts'][$x]); } - if (is_array($config_copy['virtualip']['vip'])) { + } + if (is_array($config_copy['virtualip']['vip'])) { $vipcnt = count($config_copy['virtualip']['vip']); - for ($x = 0; $x < $vipcnt; $x++) { - $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); - if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") - unset ($config_copy['virtualip']['vip'][$x]); - } + for ($x = 0; $x < $vipcnt; $x++) { + $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']); + if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp") + unset ($config_copy['virtualip']['vip'][$x]); } - if (is_array($config_copy['ipsec']['tunnel'])) { + } + if (is_array($config_copy['ipsec']['tunnel'])) { $ipseccnt = count($config_copy['ipsec']['tunnel']); - for ($x = 0; $x < $ipseccnt; $x++) { - $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); - if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) - unset ($config_copy['ipsec']['tunnel'][$x]); - } + for ($x = 0; $x < $ipseccnt; $x++) { + $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']); + if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync'])) + unset ($config_copy['ipsec']['tunnel'][$x]); } + } if (is_array($config_copy['dhcpd'])) { foreach($config_copy['dhcpd'] as $dhcpif => $dhcpifconf) { @@ -157,10 +157,10 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens } } - foreach ($sections as $section) { - /* we can't use array_intersect_key() - * due to the vip 'special case' - */ + foreach ($sections as $section) { + /* we can't use array_intersect_key() + * due to the vip 'special case' + */ switch ($section) { case 'virtualip': $xml[$section] = backup_vip_config_section(); @@ -174,49 +174,49 @@ function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsens default: $xml[$section] = $config_copy[$section]; } - } + } - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($xml) + ); - $numberofruns = 0; - while ($numberofruns < 2) { - log_error("Beginning XMLRPC sync to {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $password); - if($numberofruns > 1) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "240"); - if($resp->faultCode()) { - $error = "A communications error occurred while attempting communication with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - return; - } - if(!$resp) { - $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } else { - log_error("XMLRPC sync successfully completed with {$url}:{$port}."); - $numberofruns = 3; - } - $parsed_response = XML_RPC_Decode($resp->value()); - if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { - $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - $numberofruns = 5; - } - $numberofruns++; - } + $numberofruns = 0; + while ($numberofruns < 2) { + log_error("Beginning XMLRPC sync to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if($resp->faultCode()) { + $error = "A communications error occurred while attempting communication with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + return; + } + if(!$resp) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } else { + log_error("XMLRPC sync successfully completed with {$url}:{$port}."); + $numberofruns = 3; + } + $parsed_response = XML_RPC_Decode($resp->value()); + if(!is_array($firewall_info) && trim($firewall_info) == "Authentication failed") { + $error = "A authentication failure occurred while trying to access {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + $numberofruns = 5; + } + $numberofruns++; + } } global $g; @@ -227,89 +227,95 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { update_filter_reload_status("Building CARP sync information"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) { if ($carp['synchronizetoip'] != "" ) { - /* - * XXX: The way we're finding the port right now is really suboptimal - - * we can't assume that the other machine is setup identically. - */ - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $carp['synchronizetoip']; - if ($carp['synchronizerules'] != "" and is_array($config['filter'])) - $sections[] = 'filter'; - if ($carp['synchronizenat'] != "" and is_array($config['nat'])) - $sections[] = 'nat'; - if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) - $sections[] = 'aliases'; - if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) - $sections[] = 'dhcpd'; - if ($carp['synchronizewol'] != "" and is_array($config['wol'])) - $sections[] = 'wol'; - if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) - $sections[] = 'shaper'; - if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) { - $sections[] = 'staticroutes'; - $sections[] = 'gateways'; - } - if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) - $sections[] = 'virtualip'; - if ($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) - $sections[] = 'load_balancer'; - if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) - $sections[] = 'ipsec'; - if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) { - $sections[] = 'openvpn'; - $mergesections[] = 'cert'; - $mergesections[] = 'ca'; - } - if ($carp['synchronizeusers'] != "") { - $mergesections[] = 'user'; - $mergesections[] = 'group'; - } - if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) - $sections[] = 'dnsmasq'; - if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) - $sections[] = 'schedules'; - if (count($sections) > 0) { - update_filter_reload_status("Signaling CARP reload signal..."); - carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); - if (is_array($mergesections)) - carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); - $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); - $params = array( - XML_RPC_encode($carp['password']) - ); + /* + * XXX: The way we're finding the port right now is really suboptimal - + * we can't assume that the other machine is setup identically. + */ + if ($config['system']['webgui']['protocol'] != "") { + $synchronizetoip = $config['system']['webgui']['protocol']; + $synchronizetoip .= "://"; + } - $msg = new XML_RPC_Message('pfsense.filter_configure', $params); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $carp['password']); - $resp = $cli->send($msg, "900"); + /* if port is empty lets rely on the protocol selection */ + $port = $config['system']['webgui']['port']; + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") + $port = "80"; + else + $port = "443"; + } - if(!$resp) { - $error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Settings Sync", ""); - } else { - log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}."); - $numberofruns = 3; - } - } - break; - } - } + $synchronizetoip .= $carp['synchronizetoip']; + if ($carp['synchronizerules'] != "" and is_array($config['filter'])) + $sections[] = 'filter'; + if ($carp['synchronizenat'] != "" and is_array($config['nat'])) + $sections[] = 'nat'; + if ($carp['synchronizealiases'] != "" and is_array($config['aliases'])) + $sections[] = 'aliases'; + if ($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) + $sections[] = 'dhcpd'; + if ($carp['synchronizewol'] != "" and is_array($config['wol'])) + $sections[] = 'wol'; + if ($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) + $sections[] = 'shaper'; + if ($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) { + $sections[] = 'staticroutes'; + $sections[] = 'gateways'; + } + if ($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) + $sections[] = 'virtualip'; + if ($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) + $sections[] = 'load_balancer'; + if ($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) + $sections[] = 'ipsec'; + if ($carp['synchronizeopenvpn'] != "" and is_array($config['openvpn'])) { + $sections[] = 'openvpn'; + $mergesections[] = 'cert'; + $mergesections[] = 'ca'; + } + if ($carp['synchronizeusers'] != "") { + $mergesections[] = 'user'; + $mergesections[] = 'group'; + } + if ($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) + $sections[] = 'dnsmasq'; + if ($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) + $sections[] = 'schedules'; + if ($carp['synchronizecaptiveportal'] != "" and is_array($config['captiveportal'])) + $sections[] = 'captiveportal'; + if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) + $sections[] = 'vouchers'; + if (count($sections) > 0) { + update_filter_reload_status("Signaling CARP reload signal..."); + carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); + if (is_array($mergesections)) + carp_sync_xml($synchronizetoip, $carp['password'], $mergesections, $port, 'pfsense.merge_config_section'); + $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port); + $params = array( + XML_RPC_encode($carp['password']) + ); + + $msg = new XML_RPC_Message('pfsense.filter_configure', $params); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $carp['password']); + $resp = $cli->send($msg, "900"); + + if(!$resp) { + $error = "A communications error occured while attempting Filter sync with username {$username} {$synchronizetoip}:{$port}."; + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Filter sync with username {$username} {$synchronizetoip}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Settings Sync", ""); + } else { + log_error("Filter sync successfully completed with {$synchronizetoip}:{$port}."); + $numberofruns = 3; + } + } + break; + } + } } -?> +?>
\ No newline at end of file diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 5479eed..ee26d95 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -228,7 +228,7 @@ if [ $RAM -gt 96 ]; then ; APC Settings apc.enabled="1" -apc.enable_cli="1" +apc.enable_cli="0" apc.shm_size="${APCSHMEMSIZE}" [suhosin] |
