diff options
Diffstat (limited to 'src/etc')
| -rw-r--r-- | src/etc/inc/auth.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/dyndns.class | 5 | ||||
| -rw-r--r-- | src/etc/inc/filter.inc | 65 | ||||
| -rw-r--r-- | src/etc/inc/globals.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/gwlb.inc | 3 | ||||
| -rw-r--r-- | src/etc/inc/interfaces.inc | 223 | ||||
| -rw-r--r-- | src/etc/inc/pfsense-utils.inc | 23 | ||||
| -rw-r--r-- | src/etc/inc/pkg-utils.inc | 5 | ||||
| -rw-r--r-- | src/etc/inc/service-utils.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/services.inc | 5 | ||||
| -rw-r--r-- | src/etc/inc/upgrade_config.inc | 136 | ||||
| -rw-r--r-- | src/etc/inc/util.inc | 54 | ||||
| -rw-r--r-- | src/etc/inc/vslb.inc | 4 | ||||
| -rw-r--r-- | src/etc/inc/wizardapp.inc | 2 | ||||
| -rw-r--r-- | src/etc/phpshellsessions/gitsync | 4 |
15 files changed, 444 insertions, 91 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 563987b..59114d6 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1583,6 +1583,7 @@ function get_user_settings($username) { $settings['webgui']['dashboardavailablewidgetspanel'] = isset($config['system']['webgui']['dashboardavailablewidgetspanel']); $settings['webgui']['webguifixedmenu'] = isset($config['system']['webgui']['webguifixedmenu']); $settings['webgui']['webguileftcolumnhyper'] = isset($config['system']['webgui']['webguileftcolumnhyper']); + $settings['webgui']['disablealiaspopupdetail'] = isset($config['system']['webgui']['disablealiaspopupdetail']); $settings['webgui']['systemlogsfilterpanel'] = isset($config['system']['webgui']['systemlogsfilterpanel']); $settings['webgui']['systemlogsmanagelogpanel'] = isset($config['system']['webgui']['systemlogsmanagelogpanel']); $settings['webgui']['statusmonitoringsettingspanel'] = isset($config['system']['webgui']['statusmonitoringsettingspanel']); @@ -1606,6 +1607,7 @@ function get_user_settings($username) { $settings['webgui']['dashboardavailablewidgetspanel'] = isset($user['dashboardavailablewidgetspanel']); $settings['webgui']['webguifixedmenu'] = isset($user['webguifixedmenu']); $settings['webgui']['webguileftcolumnhyper'] = isset($user['webguileftcolumnhyper']); + $settings['webgui']['disablealiaspopupdetail'] = isset($user['disablealiaspopupdetail']); $settings['webgui']['systemlogsfilterpanel'] = isset($user['systemlogsfilterpanel']); $settings['webgui']['systemlogsmanagelogpanel'] = isset($user['systemlogsmanagelogpanel']); $settings['webgui']['statusmonitoringsettingspanel'] = isset($user['statusmonitoringsettingspanel']); diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 7772bc7..1ace9e5 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -650,10 +650,9 @@ case 'route53': require_once("r53.class"); $r53 = new Route53($this->_dnsUser, $this->_dnsPass); - list($r53_regionId, $r53_zoneId) = split('/', $this->_dnsZoneID); - $apiurl = $r53->getApiUrl($r53_zoneId); + $apiurl = $r53->getApiUrl($this->_dnsZoneID); $xmlreq = $r53->getRequestBody($this->_dnsHost, $this->_dnsIP, $this->_dnsTTL); - $httphead = $r53->getHttpPostHeaders($r53_zoneId, $r53_regionId, hash("sha256",$xmlreq)); + $httphead = $r53->getHttpPostHeaders($this->_dnsZoneID, "us-east-1", hash("sha256",$xmlreq)); curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead); if($this->_dnsVerboseLog){ log_error(sprintf("Sending reuquest to: %s", $apiurl)); diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index ef46c72..d940442 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -587,7 +587,20 @@ function filter_generate_scrubing() { return $scrubrules; } -function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting, &$use_filterdns = false) { +function filter_generate_nested_alias($name) { + global $aliastable; + + $aliasnesting = array(); + $aliasaddrnesting = array(); + + if (($name == "") || !isset($aliastable[$name])) { + return ""; + } + + return filter_generate_nested_alias_recurse($name, $aliastable[$name], $aliasnesting, $aliasaddrnesting); +} + +function filter_generate_nested_alias_recurse($name, $alias, &$aliasnesting, &$aliasaddrnesting, &$use_filterdns = false) { global $aliastable, $filterdns; $addresses = explode(" ", $alias); @@ -604,7 +617,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $tmpline = ""; if (is_alias($address)) { if (alias_get_type($address) == 'urltable') { - // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias. Just load IPs from the file. + // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias_recurse. Just load IPs from the file. $urltable_nesting = alias_expand_urltable($address); if (!empty($urltable_nesting)) { $urlfile_as_arr = file($urltable_nesting); @@ -620,10 +633,10 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr } /* We already expanded this alias so there is no necessity to do it again. */ else if (!isset($aliasnesting[$address])) { - $tmpline = filter_generate_nested_alias($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $use_filterdns); + $tmpline = filter_generate_nested_alias_recurse($name, $aliastable[$address], $aliasnesting, $aliasaddrnesting, $use_filterdns); } } else if (!isset($aliasaddrnesting[$address])) { - if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && (is_port($address) || is_portrange($address))) && is_hostname($address)) { + if (!is_ipaddr($address) && !is_subnet($address) && !((($alias_type == 'port') || ($alias_type == 'url_ports')) && is_port_or_range($address)) && is_hostname($address)) { if (!isset($filterdns["{$address}{$name}"])) { $use_filterdns = true; $filterdns["{$address}{$name}"] = "pf {$address} {$name}\n"; @@ -664,9 +677,7 @@ function filter_expand_alias($alias_name) { if (isset($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $aliased) { if ($aliased['name'] == $alias_name) { - $aliasnesting = array(); - $aliasaddrnesting = array(); - return filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + return filter_generate_nested_alias($aliased['name']); } } } @@ -750,14 +761,12 @@ function filter_generate_aliases() { /* Setup pf groups */ if (isset($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $aliased) { - $aliasnesting = array(); - $aliasaddrnesting = array(); if (is_numericint($aliased['name'])) { // skip aliases with numeric-only names. redmine #4289 file_notice("Filter_Reload", sprintf(gettext("Aliases with numeric-only names are not valid. Skipping alias %s"), $aliased['name'])); continue; } - $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); + $addrlist = filter_generate_nested_alias($aliased['name']); switch ($aliased['type']) { case "host": case "network": @@ -2700,6 +2709,38 @@ function filter_generate_user_rule($rule) { file_notice("Filter_Reload", $error_text); return "# {$error_text}"; } + if ($rule['source']['port'] + && !is_port_or_range(str_replace("-", ":", $rule['source']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['source']['port'])) { + $error_text = sprintf(gettext("Unresolvable source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['source']['port'])) == "") { + $error_text = sprintf(gettext("Empty source port alias '%1\$s' for rule '%2\$s'"), $rule['source']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } + } + if ($rule['destination']['port'] + && !is_port_or_range(str_replace("-", ":", $rule['destination']['port']))) { + $error_text = ""; + + // It is not a literal port or port range, so alias should exist, and expand to something non-empty + if (!alias_expand($rule['destination']['port'])) { + $error_text = sprintf(gettext("Unresolvable destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } else if (trim(filter_generate_nested_alias($rule['destination']['port'])) == "") { + $error_text = sprintf(gettext("Empty destination port alias '%1\$s' for rule '%2\$s'"), $rule['destination']['port'], $rule['descr']); + } + + if ($error_text) { + file_notice("Filter_Reload", $error_text); + return "# {$error_text}"; + } + } update_filter_reload_status(gettext("Setting up pass/block rules")); $type = $rule['type']; if ($type != "pass" && $type != "block" && $type != "reject" && $type != "match") { @@ -2793,7 +2834,9 @@ function filter_generate_user_rule($rule) { if ($rule['protocol'] == "icmp" && $rule['icmptype'] && ($rule['icmptype'] != 'any')) { $icmptype_key = ($rule['ipprotocol'] == 'inet6' ? 'icmp6-type' : 'icmp-type'); - $icmptype_text = (strpos($rule['icmptype'], ",") === false ? $rule['icmptype'] : '{ ' . $rule['icmptype'] . ' }'); + // XXX: Bug #7372 + $icmptype_text = replace_element_in_list($rule['icmptype'], ',', 'skip', '39'); + $icmptype_text = (strpos($icmptype_text, ",") === false ? $icmptype_text : '{ ' . $icmptype_text . ' }'); $aline[$icmptype_key] = "{$icmptype_key} {$icmptype_text} "; } diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 3a55902..061de9c 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -70,7 +70,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "16.2", + "latest_config" => "16.4", "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "wan_interface_name" => "wan", diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index f3e7904..d7cecc0 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -630,6 +630,9 @@ function return_gateways_array($disabled = false, $localhost = false, $inactive } } unset($gateway); + + //Sort the array by GW name before moving on. + ksort($gateways_arr, SORT_STRING | SORT_FLAG_CASE); /* Loop through all interfaces with a gateway and add it to a array */ if ($disabled == false) { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 155da45..40e5c27 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1300,7 +1300,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = switch ($ifcfg['ipaddrv6']) { case "slaac": case "dhcp6": - kill_dhcp6client_process($realif, isset($ifcfg['dhcp6norelease'])); + kill_dhcp6client_process($realif, $destroy, false); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf"); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh"); unlink_if_exists("{$g['varetc_path']}/rtsold_{$realifv6}_script.sh"); @@ -3039,36 +3039,72 @@ function find_dhcp6c_process($interface) { return intval($pid); } -function kill_dhcp6client_process($interface, $norelease) { +function kill_dhcp6client_process($interface, $force, $release = false) { global $g; + $i = 0; + + /* + Beware of the following: Reason, the interface may be down, but + dhcp6c may still be running, it just complains it cannot send + and carries on. Commented out as will stop the call to kill. + if (empty($interface) || !does_interface_exist($interface)) { return; } + */ - if (($pid = find_dhcp6c_process($interface)) != 0) { - /* - * Kill -9 caused the pid to get left behind, also if we need a - * relase sent then it needs to be -15, this then allows dhcp6c - * to send the release, it will also clean up after itself - */ - $sig = (isset($norelease) ? SIGKILL : SIGTERM); - posix_kill($pid, $sig); - if(!isset($norelease)) { - /* - * Allow dhcp6c to send release and exit gracefully if - * needed. - */ - sleep(2); - } + /*********** Notes on signals for dhcp6c and this function ************* + + If we have Taken the WAN interface down, then dhcp6c sits there sending + a release and waiting for the response that never comes. + So we need to tell it that the interface is down and to just die quickly + otherwise a new client may launch and we have duplicate proceses. + In this case use SIGUSR1. + + If we want to exit normally obeying the no release flag then use SIGTERM. + If we want to exit with a release overiding the no release flag then + use SIGUSR2. + + If $Force is true it will use SIGUSR1, thus forcing dhcp6c to + exit quickly without sending release signals. + + If $Force is set to false and $release is also set to false dhcp6c will + follow the no-release flag. + + If $Force is set to false and $release is true then dhcp6c will send a + release regardless of the no-release flag. + ***********************************************************************/ + + if ($force == true) { + $psig=SIGUSR1; + } else if ($release == false) { + $psig=SIGTERM; + } else { + $psig=SIGUSR2; } - /* Clear the RTSOLD script created lock & tidy up */ + + while ((($pid = find_dhcp6c_process($interface)) != 0) && ($i < 3)) { + /* 3rd time make it die for sure */ + $sig = ($i == 2 ? SIGKILL : $psig); + posix_kill($pid, $sig); + sleep(1); + $i++; + } + /* Clear the RTSOLD script created lock & tidy up */ unlink_if_exists("/tmp/dhcp6c_{$interface}_lock"); - /* just in case! */ - unlink_if_exists("{$g['varrun_path']}/dhcp6c_{$interface}.pid"); + unlink_if_exists("{$g['varrun_path']}/dhcp6c_{$interface}.pid"); // just in case! +} +function reset_dhcp6client_process($interface) { + + $pid = find_dhcp6c_process($interface); + + if($pid != 0) { + posix_kill($pid, SIGHUP); + } } -function run_dhcp6client_process($interface, $wancfg) { +function run_dhcp6client_process($interface, $interface_name, $wancfg) { global $g; $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; @@ -3082,20 +3118,19 @@ function run_dhcp6client_process($interface, $wancfg) { * It should not happen as the process should have been killed and the * lock deleted. */ + if (!file_exists("/tmp/dhcp6c_{$interface}_lock")) { - kill_dhcp6client_process($interface, - isset($wancfg['dhcp6norelease'])); - + kill_dhcp6client_process($interface, true); /* Lock it to avoid multiple runs */ touch("/tmp/dhcp6c_{$interface}_lock"); mwexec("/usr/local/sbin/dhcp6c {$debugOption} " . "{$noreleaseOption} " . - "-c {$g['varetc_path']}/dhcp6c_wan.conf " . + "-c {$g['varetc_path']}/dhcp6c_{$interface_name}.conf " . "-p {$g['varrun_path']}/dhcp6c_{$interface}.pid " . $interface); log_error(sprintf(gettext( "Starting dhcp6 client for interface wan %s in DHCP6 without RA mode"), - $wanif)); + $interface)); } } @@ -3265,8 +3300,10 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if ($g['debug']) { log_error(sprintf(gettext("Deny router advertisements for interface %s"), $interface)); } - mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -accept_rtadv", true); - + if (isset($wancfg['dhcp6usev4iface']) || $wancfg['ipaddr']==='ppp') + { + mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " inet6 -accept_rtadv", true); + } /* wireless configuration? */ if (is_array($wancfg['wireless'])) { interface_wireless_configure($realif, $wancfg, $wancfg['wireless']); @@ -3945,6 +3982,13 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { log_error(gettext("Failed to write user DUID file!")); } } + + /* accept router advertisements for this interface */ + /* Moved to early in the function as sometimes interface not ready */ + /* RTSOLD fails as interface does not accept ..... */ + + log_error("Accept router advertisements on interface {$wanif} "); + mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); if ($wancfg['adv_dhcp6_config_file_override']) { // DHCP6 Config File Override @@ -4022,6 +4066,9 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { } } + $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; + $noreleaseOption = isset($wancfg['dhcp6norelease']) ? "-n" : ""; + /* wide-dhcp6c works for now. */ if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}.conf", $dhcp6cconf)) { printf("Error: cannot open dhcp6c_{$interface}.conf in interface_dhcpv6_configure() for writing.\n"); @@ -4030,20 +4077,55 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { } unset($dhcp6cconf); - /* - * Script create for dhcp6withoutRA mode. - * dhcp6c will launch rtsold. rtsold will then run the wan ipv6 - * configure - */ - $dhcp6cscriptwithoutra = "#!/bin/sh\n"; + /*************** Script Debug Logging *************************** + Both dhcp6 scripts now have a logging message built in. + These logging messages ONLY appear if dhcp6c debug logging is set. + The logging messages appear in the dhcp section of the logs, + not in system. + + These scripts now also take advantage of the REASON= env vars + supplied by dhcp6c. + ****************************************************************/ + + /* Script create for dhcp6withoutRA mode */ + /* dhcp6c will launch rtsold. rtsold will then run the wan ipv6 configure */ + $dhcp6cscriptwithoutra = "#!/bin/sh\n"; $dhcp6cscriptwithoutra .= "# This shell script launches rtsold.\n"; $dhcp6cscriptwithoutra .= "dmips=\${new_domain_name_servers}\n"; $dhcp6cscriptwithoutra .= "dmnames=\${new_domain_name}\n"; + $dhcp6cscriptwithoutra .= "dreason=\${REASON}\n"; // Need to pass params to the final script $dhcp6cscriptwithoutra .= "echo \$dmips > /tmp/{$wanif}_domain_name_servers\n"; $dhcp6cscriptwithoutra .= "echo \$dmnames > /tmp/{$wanif}_new_domain_name\n"; + $dhcp6cscriptwithoutra .= "echo \$dreason > /tmp/{$wanif}_reason\n"; + $dhcp6cscriptwithoutra .= "case \$REASON in\n"; + $dhcp6cscriptwithoutra .= "REQUEST)\n"; + $dhcp6cscriptwithoutra .= "/bin/sleep 2\n"; $dhcp6cscriptwithoutra .= "/usr/sbin/rtsold -1 -p {$g['varrun_path']}/rtsold_{$wanif}.pid -O {$g['varetc_path']}/rtsold_{$wanif}_script.sh {$wanif}\n"; - + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c REQUEST on {$wanif} - running rc.newwanipv6\"\n"; + } + $dhcp6cscriptwithoutra .= ";;\n"; + $dhcp6cscriptwithoutra .= "REBIND)\n"; + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c rebind on {$wanif}\"\n"; + } + $dhcp6cscriptwithoutra .= ";;\n"; + if (isset($wancfg['dhcp6norelease'])) { + $dhcp6cscriptwithoutra .= "EXIT)\n"; + } else { + $dhcp6cscriptwithoutra .= "RELEASE)\n"; + } + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c EXIT or RELEASE on {$wanif} running rc.newwanipv6\"\n"; + } + $dhcp6cscriptwithoutra .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + $dhcp6cscriptwithoutra .= ";;\n"; + $dhcp6cscriptwithoutra .= "RENEW|INFO)\n"; + if ($debugOption == '-D') { + $dhcp6cscriptwithoutra .= "/usr/bin/logger -t dhcp6c \"dhcp6c renew, no change - bypassing update on {$wanif}\"\n"; + } + $dhcp6cscriptwithoutra .= "esac\n"; if (!@file_put_contents( "{$g['varetc_path']}/dhcp6c_{$interface}_dhcp6withoutra_script.sh", $dhcp6cscriptwithoutra)) { @@ -4053,6 +4135,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($dhcp6cscriptwithoutra); return 1; } + unset($dhcp6cscriptwithoutra); @chmod( "{$g['varetc_path']}/dhcp6c_{$interface}_dhcp6withoutra_script.sh", @@ -4067,12 +4150,41 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { if (!isset($wancfg['dhcp6withoutra'])) { $dhcp6cscript .= "dmips=\${new_domain_name_servers}\n"; $dhcp6cscript .= "dmnames=\${new_domain_name}\n"; + $dhcp6cscript .= "case \$REASON in\n"; + $dhcp6cscript .= "REQUEST)\n"; + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c REQUEST on {$wanif} - running rc.newwanipv6\"\n"; + } + $dhcp6cscript .= ";;\n"; + $dhcp6cscript .= "REBIND)\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c rebind on {$wanif}\"\n"; + } + $dhcp6cscript .= ";;\n"; + if (isset($wancfg['dhcp6norelease'])) { + $dhcp6cscript .= "EXIT)\n"; + } else { + $dhcp6cscript .= "RELEASE)\n"; + } + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c EXIT or RELEASE on {$wanif} running rc.newwanipv6\"\n"; + } + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + $dhcp6cscript .= ";;\n"; + $dhcp6cscript .= "RENEW|INFO)\n"; + if ($debugOption == '-D') { + $dhcp6cscript .= "/usr/bin/logger -t dhcp6c \"dhcp6c renew, no change - bypassing update on {$wanif}\"\n"; + } + $dhcp6cscript .= "esac\n"; } else { // Need to get the paramaters from the dhcp6cwithoutRA run $dhcp6cscript .= "dmips=\$(cat \"/tmp/{$wanif}_domain_name_servers\")\n"; $dhcp6cscript .= "dmnames=\$(cat \"/tmp/{$wanif}_new_domain_name\")\n"; + $dhcp6cscript .= "/bin/sleep 1\n"; + $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; } - $dhcp6cscript .= "/usr/local/sbin/fcgicli -f /etc/rc.newwanipv6 -d \"interface={$wanif}&dmnames=\${dmnames}&dmips=\${dmips}\"\n"; + /* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */ if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) { printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n"); @@ -4082,9 +4194,6 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($dhcp6cscript); @chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755); - $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; - $noreleaseOption = isset($wancfg['dhcp6norelease']) ? "-n" : ""; - $rtsoldscript = "#!/bin/sh\n"; $rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n"; $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n"; @@ -4102,22 +4211,24 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * of dhcp6c being launched */ $rtsoldscript .= "if [ ! -f /tmp/dhcp6c_{$wanif}_lock ]; then\n"; - $rtsoldscript .= "\tif [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; - $rtsoldscript .= "\t\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; - $rtsoldscript .= "\t\t/bin/rm -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; - $rtsoldscript .= "\t\t/bin/sleep 1\n"; - $rtsoldscript .= "\tfi\n"; /* * Create the lock file, trying to prevent multiple instances * of dhcp6c being launched */ $rtsoldscript .= "\t/usr/bin/touch /tmp/dhcp6c_{$wanif}_lock\n"; + $rtsoldscript .= "\tif [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; + $rtsoldscript .= "\t\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "\t\t/bin/rm -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; + $rtsoldscript .= "\t\t/bin/sleep 1\n"; + $rtsoldscript .= "\tfi\n"; $rtsoldscript .= "\t/usr/local/sbin/dhcp6c {$debugOption} " . "{$noreleaseOption} -c {$g['varetc_path']}/dhcp6c_{$interface}.conf " . "-p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n"; $rtsoldscript .= "else\n"; - $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"RTSOLD Lock in place\"\n"; + $rtsoldscript .= "\t/usr/bin/logger -t rtsold \"RTSOLD Lock in place - sending SIGHUP to dhcp6c\"\n"; + $rtsoldscript .= "\tdhcp6c_pid=\$(cat \"{$g['varrun_path']}/dhcp6c_{$wanif}.pid\")\n"; + $rtsoldscript .= "\t/bin/kill -1 \${dhcp6c_pid}\n"; $rtsoldscript .= "fi\n"; } else { /* @@ -4137,12 +4248,9 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { unset($rtsoldscript); @chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755); - /* accept router advertisements for this interface */ - log_error("Accept router advertisements on interface {$wanif} "); - mwexec("/sbin/ifconfig {$wanif} inet6 accept_rtadv"); - if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) { killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid"); + log_error("Killing running rtsold process"); sleep(2); } @@ -4167,7 +4275,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * Otherwise it is not ready to accept and will fail. */ sleep(3); - run_dhcp6client_process($wanif,$wancfg); + run_dhcp6client_process($wanif,$interface,$wancfg); } } else { /* @@ -4175,6 +4283,8 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { * ( it does not background, it exits! ) It will launch dhcp6c * if dhcpwihtoutra is not set */ + log_error("Starting rtsold process"); + sleep(2); mwexec("/usr/sbin/rtsold -1 " . "-p {$g['varrun_path']}/rtsold_{$wanif}.pid " . "-O {$g['varetc_path']}/rtsold_{$wanif}_script.sh " . @@ -5850,12 +5960,13 @@ function is_altq_capable($int) { * 20150328 - removed wireless drivers - ath, awi, bwn, iwi, ipw, ral, rum, run, wi - for now. redmine #4406 */ $capable = array("ae", "age", "alc", "ale", "an", "aue", "axe", "bce", - "bfe", "bge", "bridge", "cas", "cpsw", "cxl", "dc", "de", "ed", "em", "ep", "epair", "et", "fxp", "gem", - "hme", "hn", "igb", "ix", "jme", "le", "lem", "msk", "mxge", "my", "nfe", - "nge", "npe", "nve", "re", "rl", "sf", "sge", "sis", "sk", - "ste", "stge", "ti", "txp", "udav", "ural", "vge", "vmx", "vr", "vte", "xl", - "ndis", "tun", "ovpns", "ovpnc", "vlan", "pppoe", "pptp", "ng", - "l2tp", "ppp", "vtnet"); + "bfe", "bge", "bridge", "cas", "cpsw", "cxl", "dc", "de", + "ed", "em", "ep", "epair", "et", "fxp", "gem", "hme", "hn", + "igb", "ix", "jme", "l2tp", "le", "lem", "msk", "mxge", "my", + "ndis", "nfe", "ng", "nge", "npe", "nve", "ovpnc", "ovpns", + "ppp", "pppoe", "pptp", "re", "rl", "sf", "sge", "sis", "sk", + "ste", "stge", "ti", "tun", "txp", "udav", "ural", "vge", + "vlan", "vmx", "vr", "vte", "vtnet", "xl"); $int_family = remove_ifindex($int); diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 60507e8..81a2ea3 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -320,6 +320,25 @@ function gen_webguileftcolumnhyper_field(&$section, $value) { ))->setHelp('If selected, clicking a label in the left column will select/toggle the first item of the group.'); } +/****f* pfsense-utils/gen_disablealiaspopupdetail_field + * NAME + * gen_disablealiaspopupdetail_field + * INPUTS + * Pointer to section object + * Initial value for the field + * RESULT + * no return value, section object is updated + ******/ +function gen_disablealiaspopupdetail_field(&$section, $value) { + + $section->addInput(new Form_Checkbox( + 'disablealiaspopupdetail', + 'Alias Popups', + 'Disable details in alias popups', + $value + ))->setHelp('If selected, the details in alias popups will not be shown, just the alias description (e.g. in Firewall Rules).'); +} + /****f* pfsense-utils/gen_pagenamefirst_field * NAME * gen_pagenamefirst_field @@ -363,6 +382,7 @@ function gen_user_settings_fields(&$section, $pconfig) { $pconfig['systemlogsmanagelogpanel'], $pconfig['statusmonitoringsettingspanel']); gen_webguileftcolumnhyper_field($section, $pconfig['webguileftcolumnhyper']); + gen_disablealiaspopupdetail_field($section, $pconfig['disablealiaspopupdetail']); gen_pagenamefirst_field($section, $pconfig['pagenamefirst']); } @@ -2133,7 +2153,7 @@ function parse_aliases_file($filename, $type = "url", $max_items = -1, $kflc = f $tmp = $tmp_str; } $valid = (($type == "url" || $type == "urltable") && (is_ipaddr($tmp) || is_subnet($tmp))) || - (($type == "url_ports" || $type == "urltable_ports") && (is_port($tmp) || is_portrange($tmp))); + (($type == "url_ports" || $type == "urltable_ports") && is_port_or_range($tmp)); if ($valid) { $items[] = $tmp; if (count($items) == $max_items) { @@ -3011,6 +3031,7 @@ function huawei_service_to_string($state) { $modes[2] = gettext("Valid Service"); $modes[3] = gettext("Restricted Regional Service"); $modes[4] = gettext("Powersaving Service"); + $modes[255] = gettext("Unknown Service"); $string = $modes[$state]; return $string; } diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index 199021a..e576241 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -812,6 +812,9 @@ function install_package_xml($package_name) { } update_status(gettext("done.") . "\n"); } + if (is_array($pkg_config['tabs'])) { + $config['installedpackages']['package'][$pkgid]['tabs'] = $pkg_config['tabs']; + } } else { pkg_debug("Unable to find config file\n"); update_status(gettext("Loading package configuration... failed!") . "\n\n" . gettext("Installation aborted.")); @@ -938,7 +941,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { } } /* deinstall commands */ - if ($when == "post-deinstall" && $pkg_config['custom_php_deinstall_command'] <> "") { + if ($when == "deinstall" && $pkg_config['custom_php_deinstall_command'] <> "") { update_status(gettext("Deinstall commands... ")); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index a4d2559..677036c 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -618,6 +618,7 @@ function service_control_start($name, $extras) { break; case 'relayd': relayd_configure(); + filter_configure(); break; default: start_service($name); @@ -757,6 +758,7 @@ function service_control_restart($name, $extras) { break; case 'relayd': relayd_configure(true); + filter_configure(); break; default: restart_service($name); diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index a37a9a3..a14b245 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -2524,8 +2524,10 @@ function services_dnsupdate_process($int = "", $updatehost = "", $forced = false if (isset($dnsupdate['usepublicip'])) { $wanip = dyndnsCheckIP($if); + $bindip = get_interface_ip($if); } else { $wanip = get_interface_ip($if); + $bindip = $wanip; } $wanipv6 = get_interface_ipv6($if); @@ -2620,6 +2622,7 @@ EOD; "{$dnsupdate['host']}. A\n"; $upinst .= "update add {$dnsupdate['host']}. " . "{$dnsupdate['ttl']} A {$wanip}\n"; + $upinst .= "local {$bindip}\n"; $need_update = true; } else { log_error(sprintf(gettext( @@ -2867,6 +2870,8 @@ function install_cron_job($command, $active = false, $minute = "0", $hour = "*", if ($is_installed == true) { unset($config['cron']['item'][$x]); $change_message = "Removed cron job for %s"; + } else { + $cron_changed = false; } } diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index b350497..bbd6552 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -5157,4 +5157,140 @@ function upgrade_161_to_162() { $config['system']['crypto_hardware'] = "cryptodev"; } } + +/* Traffic graphs widget settings are now stored in a layout similar + * to other widgets. Migrate any old settings. + */ +function upgrade_162_to_163() { + require_once("ipsec.inc"); + global $config; + + foreach (array('refreshinterval', 'invert', 'size', 'backgroundupdate') as $setting) { + if (isset($config['widgets']['trafficgraphs'][$setting])) { + $config['widgets']['traffic_graphs'][$setting] = $config['widgets']['trafficgraphs'][$setting]; + unset($config['widgets']['trafficgraphs'][$setting]); + } + } + + if (isset($config['widgets']['trafficgraphs']['shown'])) { + if (is_array($config['widgets']['trafficgraphs']['shown']['item'])) { + $ifdescrs = get_configured_interface_with_descr(); + + if (ipsec_enabled()) { + $ifdescrs['enc0'] = "IPsec"; + } + + $validNames = array(); + + foreach ($ifdescrs as $ifdescr => $ifname) { + array_push($validNames, $ifdescr); + } + + $config['widgets']['traffic_graphs']['filter'] = implode(',', array_diff($validNames, $config['widgets']['trafficgraphs']['shown']['item'])); + } + + unset($config['widgets']['trafficgraphs']['shown']); + } +} + +/* Dashboard widget settings config format has changed to support having possibly multiple + * of a widget on the dashboard. Migrate any old settings. + */ +function convert_widget_164($oldname, $newname, $settings_keys) { + global $config; + + if ($newname == '') { + $newname = $oldname . '-0'; + } + + if ($oldname == '') { + // These settings were stored directly in $config['widgets'] + // Move them down under their new key. + // e.g. $config['widgets']['filterlogentries'] + // becomes $config['widgets']['log-0']['filterlogentries'] + foreach ($settings_keys as $oldkey => $newkey) { + if ($newkey == '') { + $newkey = $oldkey; + } + + // Modify the system-wide entry + if (isset($config['widgets'][$oldkey])) { + $config['widgets'][$newname][$newkey] = $config['widgets'][$oldkey]; + unset($config['widgets'][$oldkey]); + } + + // Modify any user-specific entries + foreach ($config['system']['user'] as & $user) { + if (isset($user['widgets'][$oldkey])) { + $user['widgets'][$newname][$newkey] = $user['widgets'][$oldkey]; + unset($user['widgets'][$oldkey]); + } + } + } + } else { + // These settings were stored in some key under 'widgets', + // e.g. $config['widgets']['gateways_widget']['display_type'] + // becomes $config['widgets']['gateways-0']['display_type'] + foreach ($settings_keys as $oldkey => $newkey) { + if ($newkey == '') { + $newkey = $oldkey; + } + + // Modify the system-wide entry + if (isset($config['widgets'][$oldname][$oldkey])) { + $config['widgets'][$newname][$newkey] = $config['widgets'][$oldname][$oldkey]; + unset($config['widgets'][$oldname][$oldkey]); + } + + // Modify any user-specific entries + foreach ($config['system']['user'] as & $user) { + if (isset($user['widgets'][$oldname][$oldkey])) { + $user['widgets'][$newname][$newkey] = $user['widgets'][$oldname][$oldkey]; + unset($user['widgets'][$oldname][$oldkey]); + } + + if (isset($user['widgets'][$oldname])) { + unset($user['widgets'][$oldname]); + } + } + } + + if (isset($config['widgets'][$oldname])) { + unset($config['widgets'][$oldname]); + } + } +} + +function upgrade_163_to_164() { + global $config; + + convert_widget_164('dyn_dns_status', '', array('filter' => '')); + convert_widget_164('gateways_widget', 'gateways-0', array('display_type' => '', 'gatewaysfilter' => '')); + convert_widget_164('interface_statistics', '', array('iffilter' => '')); + convert_widget_164('interfaces', '', array('iffilter' => '')); + convert_widget_164('', 'log-0', + array( + 'filterlogentries' => '', + 'filterlogentriesacts' => '', + 'filterlogentriesinterfaces' => '', + 'filterlogentriesinterval' => '')); + convert_widget_164('openvpn', '', array('filter' => '')); + convert_widget_164('', 'picture-0', array('picturewidget' => '', 'picturewidget_filename' => '')); + convert_widget_164('', 'rss-0', array('rssfeed' => '', 'rssmaxitems' => '', 'rsswidgetheight' => '', 'rsswidgettextlength' => '')); + convert_widget_164('', 'services_status-0', array('servicestatusfilter' => 'filter')); + convert_widget_164('smart_status', '', array('filter' => '')); + convert_widget_164('system_information', '', array('filter' => '')); + convert_widget_164('thermal_sensors_widget', 'thermal_sensors-0', + array( + 'thermal_sensors_widget_zone_warning_threshold' => '', + 'thermal_sensors_widget_zone_critical_threshold' => '', + 'thermal_sensors_widget_core_warning_threshold' => '', + 'thermal_sensors_widget_core_critical_threshold' => '', + 'thermal_sensors_widget_show_raw_output' => '', + 'thermal_sensors_widget_show_full_sensor_name' => '', + 'thermal_sensors_widget_pulsate_warning' => '', + 'thermal_sensors_widget_pulsate_critical' => '' + )); + convert_widget_164('wol', 'wake_on_lan-0', array('filter' => '')); +} ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 604c557..4e3af5d 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -105,13 +105,6 @@ function clear_subsystem_dirty($subsystem = "") { @unlink("{$g['varrun_path']}/{$subsystem}.dirty"); } -function config_lock() { - return; -} -function config_unlock() { - return; -} - /* lock configuration file */ function lock($lock, $op = LOCK_SH) { global $g; @@ -1124,8 +1117,13 @@ function is_portrange($portrange) { return (count($ports) == 2 && is_port($ports[0]) && is_port($ports[1])); } -/* returns true if $port is a valid port number or an alias thereof */ -function is_portoralias($port) { +/* returns true if $port is a valid TCP/UDP port number or range ("<port>:<port>") */ +function is_port_or_range($port) { + return (is_port($port) || is_portrange($port)); +} + +/* returns true if $port is an alias that is a port type */ +function is_portalias($port) { global $config; if (is_alias($port)) { @@ -1136,10 +1134,18 @@ function is_portoralias($port) { } } } - return false; - } else { - return is_port($port); } + return false; +} + +/* returns true if $port is a valid port number or an alias thereof */ +function is_port_or_alias($port) { + return (is_port($port) || is_portalias($port)); +} + +/* returns true if $port is a valid TCP/UDP port number or range ("<port>:<port>") or an alias thereof */ +function is_port_or_range_or_alias($port) { + return (is_port($port) || is_portrange($port) || is_portalias($port)); } /* create ranges of sequential port numbers (200:215) and remove duplicates */ @@ -1420,7 +1426,8 @@ function get_configured_interface_with_descr($only_opt = false, $withdisabled = } } } - + + asort($iflist); return $iflist; } @@ -1780,7 +1787,7 @@ function alias_expand($name) { } } return "\${$name}"; - } else if (is_ipaddr($name) || is_subnet($name) || is_port($name) || is_portrange($name)) { + } else if (is_ipaddr($name) || is_subnet($name) || is_port_or_range($name)) { return "{$name}"; } else { return null; @@ -2152,7 +2159,7 @@ function is_interface_mismatch() { $missing_interfaces = array(); if (is_array($config['interfaces'])) { foreach ($config['interfaces'] as $ifname => $ifcfg) { - if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan/i", $ifcfg['if'])) { + if (preg_match("/^enc|^cua|^tun|^tap|^l2tp|^pptp|^ppp|^ovpn|^gif|^gre|^lagg|^bridge|vlan|_wlan|_\d{0,4}_\d{0,4}$/i", $ifcfg['if'])) { // Do not check these interfaces. $i++; continue; @@ -2368,6 +2375,23 @@ function explode_assoc($delimiter, $string) { return $result; } +/* + * Given a string of text with some delimiter, look for occurrences + * of some string and replace all of those. + * $text - the text string (e.g. "abc,defg,x123,ipv4,xyz") + * $delimiter - the delimiter (e.g. ",") + * $element - the element to match (e.g. "defg") + * $replacement - the string to replace it with (e.g. "42") + * Returns the resulting delimited string (e.g. "abc,42,x123,ipv4,xyz") + */ +function replace_element_in_list($text, $delimiter, $element, $replacement) { + $textArray = explode($delimiter, $text); + while (($entry = array_search($element, $textArray)) !== false) { + $textArray[$entry] = $replacement; + } + return implode(',', $textArray); +} + /* Try to change a static route, if it doesn't exist, add it */ function route_add_or_change($args) { global $config; diff --git a/src/etc/inc/vslb.inc b/src/etc/inc/vslb.inc index 7d59cb1..7c759de 100644 --- a/src/etc/inc/vslb.inc +++ b/src/etc/inc/vslb.inc @@ -485,6 +485,10 @@ function get_lb_anchors() { function cleanup_lb_anchor($anchorname = "*") { $lbanchors = get_lb_anchors(); foreach ($lbanchors as $lba) { + /* Skip empty/blank results */ + if (empty($lba)) { + continue; + } if (($anchorname == "*") || ($lba == "relayd/{$anchorname}")) { /* Flush both the NAT and the Table for the anchor, so it will be completely removed by pf. */ mwexec("/sbin/pfctl -a " . escapeshellarg($lba) . " -F nat"); diff --git a/src/etc/inc/wizardapp.inc b/src/etc/inc/wizardapp.inc index 88143b5..7aabc57 100644 --- a/src/etc/inc/wizardapp.inc +++ b/src/etc/inc/wizardapp.inc @@ -644,7 +644,7 @@ $othersplist = array(); $othersplist['smb'] = array(); /* Microsoft SMB and friends */ $othersplist['smb'][] = array('SMB1', 'tcp', '445', '445', 'both'); - $othersplist['smb'][] = array('SMB2', 'tcp', '137-139', '137-139', 'both'); + $othersplist['smb'][] = array('SMB2', 'tcp', '137', '139', 'both'); $othersplist['snmp'] = array(); /* Simple network management protocol */ diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index 26874c7..0ac9479 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -512,8 +512,8 @@ if (!$upgrading) { echo "===> Checkout complete.\n"; echo "\n"; if (!$upgrading) { - echo "Your system is now sync'd and PHP and nginx will be restarted in 5 seconds.\n\n"; + echo "The system is now sync'd and PHP and nginx will be restarted in 5 seconds.\n\n"; } else { - echo "Your system is now sync'd.\n\n"; + echo "The system is now sync'd.\n\n"; } |
