summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/local/www')
-rw-r--r--src/usr/local/www/diag_confbak.php419
-rw-r--r--src/usr/local/www/diag_logs_settings.php121
-rw-r--r--src/usr/local/www/firewall_aliases.php2
-rw-r--r--src/usr/local/www/firewall_nat_edit.php2
-rw-r--r--src/usr/local/www/firewall_rules_edit.php15
-rw-r--r--src/usr/local/www/firewall_virtual_ip_edit.php561
-rwxr-xr-xsrc/usr/local/www/head.inc2
-rw-r--r--src/usr/local/www/jquery/pfSense.js7
-rw-r--r--src/usr/local/www/services_unbound.php10
-rw-r--r--src/usr/local/www/services_unbound_acls.php427
-rw-r--r--src/usr/local/www/services_unbound_domainoverride_edit.php4
-rw-r--r--src/usr/local/www/system_advanced_admin.php6
-rw-r--r--src/usr/local/www/system_advanced_firewall.php10
-rw-r--r--src/usr/local/www/system_advanced_misc.php6
-rw-r--r--src/usr/local/www/system_authservers.php26
-rw-r--r--src/usr/local/www/system_certmanager.php88
-rw-r--r--src/usr/local/www/system_crlmanager.php6
-rw-r--r--src/usr/local/www/system_usermanager.php166
-rw-r--r--src/usr/local/www/vpn_ipsec_phase1.php105
-rw-r--r--src/usr/local/www/widgets/widgets/system_information.widget.php12
20 files changed, 1404 insertions, 591 deletions
diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php
index 7116f2e..b048f5e 100644
--- a/src/usr/local/www/diag_confbak.php
+++ b/src/usr/local/www/diag_confbak.php
@@ -51,24 +51,25 @@ if (isset($_POST['backupcount'])) {
$changedescr = "(platform default)";
}
write_config("Changed backup revision count to {$changedescr}");
-} elseif ($_POST) {
- if (!isset($_POST['confirm']) || ($_POST['confirm'] != gettext("Confirm")) || (!isset($_POST['newver']) && !isset($_POST['rmver']))) {
+} elseif ($_GET) {
+ if (!isset($_GET['newver']) && !isset($_GET['rmver']) && !isset($_GET['getcfg']) && !isset($_GET['diff'])) {
header("Location: diag_confbak.php");
return;
}
conf_mount_rw();
$confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache'));
- if ($_POST['newver'] != "") {
- if (config_restore($g['conf_path'] . '/backup/config-' . $_POST['newver'] . '.xml') == 0) {
- $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['newver']), htmlspecialchars($confvers[$_POST['newver']]['description']));
+
+ if ($_GET['newver'] != "") {
+ if (config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) {
+ $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), htmlspecialchars($confvers[$_GET['newver']]['description']));
} else {
$savemsg = gettext("Unable to revert to the selected configuration.");
}
}
- if ($_POST['rmver'] != "") {
- unlink_if_exists($g['conf_path'] . '/backup/config-' . $_POST['rmver'] . '.xml');
- $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']), htmlspecialchars($confvers[$_POST['rmver']]['description']));
+ if ($_GET['rmver'] != "") {
+ unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml');
+ $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']), htmlspecialchars($confvers[$_GET['rmver']]['description']));
}
conf_mount_ro();
}
@@ -112,256 +113,172 @@ unset($confvers['versions']);
$pgtitle = array(gettext("Diagnostics"), gettext("Configuration History"));
include("head.inc");
-if ($savemsg)
- print_info_box($savemsg);
+if ($savemsg) {
+ print_info_box($savemsg, 'success');
+}
+
+if ($diff) {
?>
- <?php if ($diff):?>
- <h3><?=gettext("Configuration diff from")?><?=date(gettext("n/j/y H:i:s"), $oldtime)?><?=gettext("to")?><?=date(gettext("n/j/y H:i:s"), $newtime)?></h3>
- <pre><?php foreach ($diff as $line) {
- switch (substr($line, 0, 1)) {
- case "+":
- $color = "#caffd3";
- break;
- case "-":
- $color = "#ffe8e8";
- break;
- case "@":
- $color = "#a0a0a0";
- break;
- default:
- $color = "#ffffff";
- }
+<div class="panel panel-default">
+ <div class="panel-heading"><?=gettext("Configuration diff from ")?><?=date(gettext("n/j/y H:i:s"), $oldtime); ?><?=gettext(" to ")?><?=date(gettext("n/j/y H:i:s"), $newtime); ?></div>
+ <div class="panel-body table-responsive">
+ <!-- This table is left un-bootstrapped to maintain the original diff format output -->
+ <table style="padding-top: 4px; padding-bottom: 4px; vertical-align:middle;">
- print '<span style="background-color: '.$color .'">'. htmlentities($line) .'</span><br/>';
- }
- ?></pre>
-<?php endif?>
-<?PHP if ($_GET["newver"] || $_GET["rmver"]):?>
- <h2><?=gettext("Confirm Action")?></h2>
- <form action="diag_confbak.php" method="post">
- <div class="alert alert-danger">
- <p><?=gettext("Please confirm you wish to ")?>
- <?PHP
- if (!empty($_GET["newver"])) {
- echo gettext("restore from Configuration Backup");
- $target_config = $_GET["newver"]?>
- <input type="hidden" name="newver" value="<?PHP echo htmlspecialchars($_GET["newver"])?>" />
- <?PHP
- } elseif (!empty($_GET["rmver"])) {
- echo gettext("remove Configuration Backup");
- $target_config = $_GET["rmver"]?>
- <input type="hidden" name="rmver" value="<?PHP echo htmlspecialchars($_GET["rmver"])?>" />
- <?PHP
- } ?>
- <?PHP echo gettext("revert to configuration from ")?> <?=date(gettext("n/j/y H:i:s"), $target_config)?>
- <br />
- <input type="submit" name="confirm" value="<?PHP echo gettext("Confirm")?>" />
- </p>
- </div>
- </form>
-<?PHP else:?>
<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Config History"), true, "diag_confbak.php");
- $tab_array[1] = array(gettext("Backup/Restore"), false, "diag_backup.php");
- display_top_tabs($tab_array);
+ foreach ($diff as $line) {
+ switch (substr($line, 0, 1)) {
+ case "+":
+ $color = "#caffd3";
+ break;
+ case "-":
+ $color = "#ffe8e8";
+ break;
+ case "@":
+ $color = "#a0a0a0";
+ break;
+ default:
+ $color = "#ffffff";
+ }
+?>
+ <tr>
+ <td valign="middle" bgcolor="<?=$color; ?>" style="white-space: pre-wrap;"><?=htmlentities($line)?></td>
+ </tr>
+<?php
+ }
?>
- <form action="diag_confbak.php" method="post">
- <div class="form-group">
- <label for="backupcount" class="col-sm-2 control-label"><?=gettext("Backup Count")?></label>
- <div class="col-sm-10">
- <input name="backupcount" type="number" class="form-control" size="5" value="<?=htmlspecialchars($config['system']['backupcount'])?>" />
- <?=gettext("Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD.")?>
- </div>
- </div>
+ </table>
+ </div>
+</div>
+<?php
+}
- <div class="form-group">
- <div class="col-sm-offset-2 col-sm-10">
- <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save")?>" />
- <p><?=gettext("Current space used by backups: ")?><?=exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'")?></p>
- </div>
- </div>
- </form>
-<?php if (!is_array($confvers)): ?>
- <?php print_info_box(gettext("No backups found."))?>
-<?php else: ?>
- <form action="diag_confbak.php" method="get">
- <div class="table-responsive">
- <table class="table table-striped table-hover">
- <thead>
- <tr>
- <th><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Diff")?>" /></th>
- <th><?=gettext("Date")?></th>
- <th><?=gettext("Version")?></th>
- <th><?=gettext("Size")?></th>
- <th><?=gettext("Configuration Change")?></th>
- <th></th>
- </tr>
- </thead>
+$tab_array = array();
+$tab_array[] = array(gettext("Config History"), true, "diag_confbak.php");
+$tab_array[] = array(gettext("Backup/Restore"), false, "diag_backup.php");
+display_top_tabs($tab_array);
- <tbody>
- <tr>
- <td>
- <input type="radio" name="oldtime" disabled="disabled" />
- <input type="radio" name="newtime" value="current" <?=($_GET['newtime']==$version['time'] ? ' checked="checked"' : '')?>/>
- </td>
- <td><?=date(gettext("n/j/y H:i:s"), $config['revision']['time'])?></td>
- <td><?=$config['version']?></td>
- <td><?=format_bytes(filesize("/conf/config.xml"))?></td>
- <td><?=$config['revision']['description']?></td>
- <td><i><?=gettext("Current")?></i></td>
- </tr>
- <?php
- foreach ($confvers as $version):
- if ($version['time'] != 0)
- $date = date(gettext("n/j/y H:i:s"), $version['time']);
- else
- $date = gettext("Unknown");
- ?>
- <tr>
- <td>
- <div id="mainarea">
- <form action="diag_confbak.php" method="post">
- <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont">
+require('classes/Form.class.php');
-<?php if ($_GET["newver"] || $_GET["rmver"]): ?>
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Confirm Action"); ?></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">&nbsp;</td>
- <td width="78%" class="vtable">
+$form = new Form(new Form_Button(
+ 'Submit',
+ gettext("Save")
+));
- <strong><?php echo gettext("Please confirm the selected action"); ?></strong>:
- <br />
- <br /><strong><?php echo gettext("Action"); ?>:</strong>
- <?php if (!empty($_GET["newver"])) {
- echo gettext("Restore from Configuration Backup");
- $target_config = $_GET["newver"]; ?>
- <input type="hidden" name="newver" value="<?php echo htmlspecialchars($_GET["newver"]); ?>" />
- <?php } elseif (!empty($_GET["rmver"])) {
- echo gettext("Remove Configuration Backup");
- $target_config = $_GET["rmver"]; ?>
- <input type="hidden" name="rmver" value="<?php echo htmlspecialchars($_GET["rmver"]); ?>" />
- <?php } ?>
- <br /><strong><?php echo gettext("Target Configuration"); ?>:</strong>
- <?php echo sprintf(gettext('Timestamp %1$s'), date(gettext("n/j/y H:i:s"), $target_config)); ?>
- <br /><input type="submit" name="confirm" value="<?php echo gettext("Confirm"); ?>" />
- </td>
- </tr>
-<?php else: ?>
+$section = new Form_Section('Saved Configurations');
- <tr>
- <td width="10%">&nbsp;</td>
- <td width="15%" valign="top"><?=gettext("Backup Count");?></td>
- <td width="10%">
- <input name="backupcount" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($config['system']['backupcount']);?>"/>
- </td>
- <td width="60%">
- <?= gettext("Enter the number of older configurations to keep in the local backup cache. By default this is 30 for a full install or 5 on NanoBSD."); ?>
- </td>
- <td width= "5%"><input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /></td>
- </tr>
- <tr>
- <td class="vncell">&nbsp;</td>
- <td colspan="4" class="vncell">
- <?= gettext("NOTE: Be aware of how much space is consumed by backups before adjusting this value. Current space used by backups: "); ?> <?= exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'") ?>
- </td>
- </tr>
- </table>
- </form>
- <form action="diag_confbak.php" method="get">
- <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="difference">
- <?php if (is_array($confvers)): ?>
- <tr>
- <td colspan="7" class="list">
- <?= gettext("To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button."); ?>
- <br /><br />
- </td>
- </tr>
- <tr>
- <td width="5%" colspan="2" valign="middle" align="center" class="list nowrap"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td>
- <td width="20%" class="listhdrr"><?=gettext("Date");?></td>
- <td width="5%" class="listhdrr"><?=gettext("Version");?></td>
- <td width="5%" class="listhdrr"><?=gettext("Size");?></td>
- <td width="60%" class="listhdrr"><?=gettext("Configuration Change");?></td>
- <td width="5%" class="list">&nbsp;</td>
- </tr>
- <tr valign="top">
- <td valign="middle" class="list nowrap"></td>
- <td class="list">
- <input type="radio" name="newtime" value="current" />
- </td>
- <td class="listlr"> <?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td>
- <td class="listr"> <?= $config['version'] ?></td>
- <td class="listr"> <?= format_bytes(filesize("/conf/config.xml")) ?></td>
- <td class="listr"> <?= htmlspecialchars($config['revision']['description']) ?></td>
- <td valign="middle" class="list nowrap"><b><?=gettext("Current");?></b></td>
- </tr>
- <?php
- $c = 0;
- foreach ($confvers as $version):
- if ($version['time'] != 0) {
- $date = date(gettext("n/j/y H:i:s"), $version['time']);
- } else {
- $date = gettext("Unknown");
- }
- ?>
- <tr valign="top">
- <td class="list">
- <input type="radio" name="oldtime" value="<?php echo $version['time'];?>" />
- </td>
- <td class="list">
- <?php if ($c < (count($confvers) - 1)) { ?>
- <input type="radio" name="newtime" value="<?php echo $version['time'];?>" />
- <?php } else { ?>
- &nbsp;
- <?php }
- $c++; ?>
- </td>
- <td class="listlr"> <?= $date ?></td>
- <td class="listr"> <?= $version['version'] ?></td>
- <td class="listr"> <?= format_bytes($version['filesize']) ?></td>
- <td class="listr"> <?= htmlspecialchars($version['description']) ?></td>
- <td valign="middle" class="list nowrap">
- <a href="diag_confbak.php?newver=<?=$version['time'];?>">
- <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="<?=gettext("Revert to this configuration");?>" title="<?=gettext("Revert to this configuration");?>" />
- </a>
- <a href="diag_confbak.php?rmver=<?=$version['time'];?>">
- <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("Remove this backup");?>" title="<?=gettext("Remove this backup");?>" />
- </a>
- <a href="diag_confbak.php?getcfg=<?=$version['time'];?>">
- <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="<?=gettext("Download this backup");?>" title="<?=gettext("Download this backup");?>" />
- </a>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr>
- <td colspan="2"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td>
- <td colspan="5"></td>
- </tr>
- <?php else: ?>
- <tr>
- <td>
- <?php print_info_box(gettext("No backups found.")); ?>
- </td>
- </tr>
- <?php endif; ?>
-<?php endif; ?>
- </table>
- </form>
- </div>
- </td>
- </tr>
- <?php endforeach?>
- </tbody>
- <tfoot>
- <tr>
- <td colspan="6"><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Compare selected")?>" /></td>
- </tr>
- <?php endif; ?>
-<?php endif?>
- </table>
- </div>
+$section->addInput(new Form_Input(
+ 'backupcount',
+ 'Backup Count',
+ 'number',
+ $config['system']['backupcount']
+))->setHelp('Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD. ');
+
+$space = exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'");
+
+$section->addInput(new Form_StaticText(
+ 'Current space used by backups',
+ $space
+));
+
+$form->add($section);
+
+print($form);
+
+if (is_array($confvers)) {
+ print_info_box(gettext('To view the differences between an older configuration and a newer configuration, ' .
+ 'select the older configuration using the left column of radio options and select the newer configuration in the right column, ' .
+ 'then press the "Diff" button.'));
+}
+?>
+
+<form action="diag_confbak.php" method="get">
+ <div class="table-resposive">
+ <table class="table table-striped table-hover table-condensed">
+<?php
+if (is_array($confvers)):
+?>
+ <thead>
+ <tr>
+ <th colspan="2">
+ <input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" />
+ </th>
+ <th><?=gettext("Date")?></th>
+ <th><?=gettext("Version")?></th>
+ <th><?=gettext("Size")?></th>
+ <th><?=gettext("Configuration Change")?></th>
+ <th><?=gettext("Actions")?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <!-- First row is the current configuration -->
+ <tr valign="top">
+ <td></td>
+ <td>
+ <input type="radio" name="newtime" value="current" />
+ </td>
+ <td><?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td>
+ <td><?= $config['version'] ?></td>
+ <td><?= format_bytes(filesize("/conf/config.xml")) ?></td>
+ <td><?= htmlspecialchars($config['revision']['description']) ?></td>
+ <td><?=gettext("Current configuration")?></td>
+ </tr>
+<?php
+ // And now for hte table of prior backups
+ $c = 0;
+ foreach ($confvers as $version):
+ if ($version['time'] != 0) {
+ $date = date(gettext("n/j/y H:i:s"), $version['time']);
+ } else {
+ $date = gettext("Unknown");
+ }
+?>
+ <tr>
+ <td>
+ <input type="radio" name="oldtime" value="<?=$version['time']?>" />
+ </td>
+ <td>
+<?php
+ if ($c < (count($confvers) - 1)) {
+?>
+ <input type="radio" name="newtime" value="<?=$version['time']?>" />
+<?php
+ }
+ $c++;
+?>
+ </td>
+ <td><?= $date ?></td>
+ <td><?= $version['version'] ?></td>
+ <td><?= format_bytes($version['filesize']) ?></td>
+ <td><?= htmlspecialchars($version['description']) ?></td>
+ <td>
+ <a href="diag_confbak.php?newver=<?=$version['time']?>" class="btn btn-xs btn-success"
+ onclick="return confirm('<?=gettext("Are you sure you want to replace the current configuration with this backup?")?>')">
+ <?=gettext("Revert")?>
+ </a>
+ <a href="diag_confbak.php?rmver=<?=$version['time']?>" class="btn btn-xs btn-danger">
+ <?=gettext("Delete")?>
+ </a>
+ <a href="diag_confbak.php?getcfg=<?=$version['time']?>" class="btn btn-xs btn-default">
+ <?=gettext("Download")?>
+ </a>
+ </td>
+ </tr>
+<?php
+ endforeach;
+?>
+ <tr>
+ <td colspan="2"><input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" /></td>
+ <td colspan="5"></td>
+ </tr>
+<?php
+else:
+ print_info_box(gettext("No backups found."), 'danger');
+endif;
+?>
+ </tbody>
+ </table>
</form>
-<?php include("foot.inc")?> \ No newline at end of file
+</div>
+
+<?php include("foot.inc");
diff --git a/src/usr/local/www/diag_logs_settings.php b/src/usr/local/www/diag_logs_settings.php
index ed2d141..94b1b6b 100644
--- a/src/usr/local/www/diag_logs_settings.php
+++ b/src/usr/local/www/diag_logs_settings.php
@@ -4,54 +4,54 @@
diag_logs_settings.php
*/
/* ====================================================================
- * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
- * Copyright (c) 2004-9 Scott Ullrich
+ * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ * Copyright (c) 2004-9 Scott Ullrich
*
- * Redistribution and use in source and binary forms, with or without modification,
- * are permitted provided that the following conditions are met:
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
*
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
*
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
*
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgment:
- * "This product includes software developed by the pfSense Project
- * for use in the pfSense software distribution. (http://www.pfsense.org/).
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution. (http://www.pfsense.org/).
*
- * 4. The names "pfSense" and "pfSense Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * coreteam@pfsense.org.
+ * 4. The names "pfSense" and "pfSense Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * coreteam@pfsense.org.
*
- * 5. Products derived from this software may not be called "pfSense"
- * nor may "pfSense" appear in their names without prior written
- * permission of the Electric Sheep Fencing, LLC.
+ * 5. Products derived from this software may not be called "pfSense"
+ * nor may "pfSense" appear in their names without prior written
+ * permission of the Electric Sheep Fencing, LLC.
*
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
*
- * "This product includes software developed by the pfSense Project
- * for use in the pfSense software distribution (http://www.pfsense.org/).
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution (http://www.pfsense.org/).
*
- * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * ====================================================================
+ * ====================================================================
*
*/
@@ -104,9 +104,9 @@ if (!$pconfig['nentries']) {
function is_valid_syslog_server($target) {
return (is_ipaddr($target)
- || is_ipaddrwithport($target)
- || is_hostname($target)
- || is_hostnamewithport($target));
+ || is_ipaddrwithport($target)
+ || is_hostname($target)
+ || is_hostnamewithport($target));
}
if ($_POST['resetlogs'] == gettext("Reset Log Files")) {
@@ -212,14 +212,14 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) {
$pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Settings"));
include("head.inc");
-$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") .
+$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") .
'<br /><br />' .
gettext("NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, you must first save the options to set the size, then clear all logs using the \"Reset Log Files\" option farther down this page. ") .
gettext("Be aware that increasing this value increases every log file size, so disk usage will increase significantly.") . '<br /><br />' .
gettext("Disk space currently used by log files is: ") . exec("/usr/bin/du -sh /var/log | /usr/bin/awk '{print $1;}'") .
gettext(" Remaining disk space for log files: ") . exec("/bin/df -h /var/log | /usr/bin/awk '{print $4;}'");
-$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") .
+$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") .
gettext("If you pick a single IP, remote syslog severs must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.") .
"<br /><br />" .
gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses.");
@@ -349,7 +349,7 @@ $section->addInput(new Form_Checkbox(
'Enable Remote Logging',
'Send log messages to remote syslog server',
$pconfig['enable']
-))->toggles('.toggle-remote .panel-body .form-group:not(:first-child)');
+));
$section->addInput(new Form_Select(
'sourceip',
@@ -363,10 +363,12 @@ $section->addInput(new Form_Select(
'IP Protocol',
$ipproto,
array('ipv4' => 'IPv4', 'ipv6' => 'IPv6')
-))->setHelp('This option is only used when a non-default address is chosen as the source above. This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.');
+))->setHelp('This option is only used when a non-default address is chosen as the source above. ' .
+ 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.');
// Group collapses/appears based on 'enable' checkbox above
$group = new Form_Group('Remote log servers');
+$group->addClass('remotelogging');
$group->add(new Form_Input(
'remoteserver',
@@ -395,6 +397,8 @@ $group->add(new Form_Input(
$section->add($group);
$group = new Form_MultiCheckboxGroup('Remote Syslog Contents');
+$group->addClass('remotelogging');
+
$group->add(new Form_MultiCheckbox(
'logall',
null,
@@ -478,6 +482,22 @@ print $form;
<script>
//<![CDATA[
events.push(function(){
+
+ function hideSelect(id, hide) {
+ if(hide)
+ $('#' + id).parent('div').parent('div').addClass('hidden');
+ else
+ $('#' + id).parent('div').parent('div').removeClass('hidden');
+ }
+
+ // Hides all elements of the specified class. This will usually be a section
+ function hideClass(s_class, hide) {
+ if(hide)
+ $('.' + s_class).hide();
+ else
+ $('.' + s_class).show();
+ }
+
function hideInput(id, hide) {
if(hide)
$('#' + id).parent().addClass('hidden');
@@ -509,8 +529,19 @@ events.push(function(){
disableEverything();
});
+ $('#enable').click(function () {
+ hideClass('remotelogging', !this.checked);
+ hideSelect('sourceip', !this.checked);
+ hideSelect('ipproto', !this.checked);
+ });
+
+
+
// On page load . .
disableEverything();
+ hideClass('remotelogging', !$('#enable').prop('checked'));
+ hideSelect('sourceip', !$('#enable').prop('checked'));
+ hideSelect('ipproto', !$('#enable').prop('checked'));
});
//]]>
</script>
diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php
index c7be7d9..5ffb7e5 100644
--- a/src/usr/local/www/firewall_aliases.php
+++ b/src/usr/local/www/firewall_aliases.php
@@ -132,7 +132,7 @@ if ($_GET['act'] == "del") {
// Static routes
find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by);
if ($is_alias_referenced == true) {
- $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by);
+ $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by));
} else {
unset($a_aliases[$_GET['id']]);
if (write_config()) {
diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php
index 2b15c80..a75be46 100644
--- a/src/usr/local/www/firewall_nat_edit.php
+++ b/src/usr/local/www/firewall_nat_edit.php
@@ -850,7 +850,7 @@ $group->add(new Form_Input(
'localbeginport_cust',
null,
'number',
- $pconfig['localbeginport_cust'],
+ $pconfig['localbeginport'],
['min' => '1', 'max' => '65536']
))->setHelp('Custom');
diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php
index 8b77041..184cadb 100644
--- a/src/usr/local/www/firewall_rules_edit.php
+++ b/src/usr/local/www/firewall_rules_edit.php
@@ -1193,7 +1193,7 @@ $section->addInput(new Form_Select(
$section->addInput(new Form_Select(
'proto',
'Protocol',
- $pconfig['ipprotocol'],
+ $pconfig['proto'],
array(
'tcp' => 'TCP',
'udp' => 'UDP',
@@ -1211,7 +1211,7 @@ $section->addInput(new Form_Select(
'carp' => 'CARP',
'pfsync' => 'PFSYNC',
)
-))->setHelp('Choose which IP protocol this rule should match. In most cases, you should specify TCP here.');
+))->setHelp('Choose which IP protocol this rule should match.');
$section->addInput(new Form_Select(
'icmptype',
@@ -1294,7 +1294,7 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) {
))->removeClass('btn-primary');
}
- $portValues = ['any' => 'any', '' => '(other)'];
+ $portValues = ['' => '(other)', 'any' => 'any'];
foreach ($wkports as $port => $portName)
$portValues[$port] = $portName.' ('. $port .')';
@@ -1477,18 +1477,11 @@ $section->addInput(new Form_Input(
['min' => 1, 'max' => 3600]
))->setHelp('State Timeout in seconds (TCP only)');
-//$form->add($section);
-//$section = new Form_Section('TCP Flags');
-//$section->addClass('tcpflags');
-
$section->addInput(new Form_StaticText(
'TCP Flags',
build_flag_table()
))->setHelp('Use this to choose TCP flags that must be set or cleared for this rule to match.');
-// $form->add($section);
-// $section = new Form_Section('State Type');
-
$section->addInput(new Form_Checkbox(
'nopfsync',
'No pfSync',
@@ -1976,4 +1969,4 @@ events.push(function(){
</script>
<?php
-include("foot.inc"); \ No newline at end of file
+include("foot.inc");
diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php
new file mode 100644
index 0000000..c92ace9
--- /dev/null
+++ b/src/usr/local/www/firewall_virtual_ip_edit.php
@@ -0,0 +1,561 @@
+<?php
+/* $Id$ */
+/*
+
+ firewall_virtual_ip_edit.php
+*/
+/* ====================================================================
+ * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ * Copyright (c) 2004 Scott Ullrich
+ * Copyright (c) 2005 Bill Marquette <bill.marquette@gmail.com>
+ * Originally part of pfSense (https://www.pfsense.org)
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution. (http://www.pfsense.org/).
+ *
+ * 4. The names "pfSense" and "pfSense Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * coreteam@pfsense.org.
+ *
+ * 5. Products derived from this software may not be called "pfSense"
+ * nor may "pfSense" appear in their names without prior written
+ * permission of the Electric Sheep Fencing, LLC.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ *
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution (http://www.pfsense.org/).
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * ====================================================================
+ *
+ */
+/*
+ pfSense_BUILDER_BINARIES: /sbin/ifconfig
+ pfSense_MODULE: interfaces
+*/
+
+##|+PRIV
+##|*IDENT=page-firewall-virtualipaddress-edit
+##|*NAME=Firewall: Virtual IP Address: Edit page
+##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page.
+##|*MATCH=firewall_virtual_ip_edit.php*
+##|-PRIV
+
+require("guiconfig.inc");
+require_once("filter.inc");
+require("shaper.inc");
+
+if (!is_array($config['virtualip']['vip'])) {
+ $config['virtualip']['vip'] = array();
+}
+
+$a_vip = &$config['virtualip']['vip'];
+
+if (is_numericint($_GET['id'])) {
+ $id = $_GET['id'];
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+ $id = $_POST['id'];
+}
+
+function return_first_two_octets($ip) {
+ $ip_split = explode(".", $ip);
+ return $ip_split[0] . "." . $ip_split[1];
+}
+
+function find_last_used_vhid() {
+ global $config, $g;
+
+ $vhid = 0;
+ foreach ($config['virtualip']['vip'] as $vip) {
+ if ($vip['vhid'] > $vhid) {
+ $vhid = $vip['vhid'];
+ }
+ }
+
+ return $vhid;
+}
+
+if (isset($id) && $a_vip[$id]) {
+ $pconfig['mode'] = $a_vip[$id]['mode'];
+ $pconfig['vhid'] = $a_vip[$id]['vhid'];
+ $pconfig['advskew'] = $a_vip[$id]['advskew'];
+ $pconfig['advbase'] = $a_vip[$id]['advbase'];
+ $pconfig['password'] = $a_vip[$id]['password'];
+ $pconfig['range'] = $a_vip[$id]['range'];
+ $pconfig['subnet'] = $a_vip[$id]['subnet'];
+ $pconfig['subnet_bits'] = $a_vip[$id]['subnet_bits'];
+ $pconfig['noexpand'] = $a_vip[$id]['noexpand'];
+ $pconfig['descr'] = $a_vip[$id]['descr'];
+ $pconfig['type'] = $a_vip[$id]['type'];
+ $pconfig['interface'] = $a_vip[$id]['interface'];
+ $pconfig['uniqid'] = $a_vip[$id]['interface'];
+} else {
+ $lastvhid = find_last_used_vhid();
+ $lastvhid++;
+ $pconfig['vhid'] = $lastvhid;
+ $pconfig['uniqid'] = uniqid();
+}
+
+if ($_POST) {
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "mode");
+ $reqdfieldsn = array(gettext("Type"));
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
+
+ if ($_POST['subnet']) {
+ $_POST['subnet'] = trim($_POST['subnet']);
+ }
+
+ if ($_POST['subnet']) {
+ if (!is_ipaddr($_POST['subnet'])) {
+ $input_errors[] = gettext("A valid IP address must be specified.");
+ } else {
+ if (isset($id) && isset($a_vip[$id])) {
+ $ignore_if = $a_vip[$id]['interface'];
+ $ignore_mode = $a_vip[$id]['mode'];
+ if (isset($a_vip[$id]['vhid'])) {
+ $ignore_vhid = $a_vip[$id]['vhid'];
+ }
+ } else {
+ $ignore_if = $_POST['interface'];
+ $ignore_mode = $_POST['mode'];
+ }
+
+ if (!isset($ignore_vhid)) {
+ $ignore_vhid = $_POST['vhid'];
+ }
+
+ if ($ignore_mode == 'carp') {
+ $ignore_if .= "_vip{$ignore_vhid}";
+ } else {
+ $ignore_if .= "_virtualip{$id}";
+ }
+
+ if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) {
+ $input_errors[] = gettext("This IP address is being used by another interface or VIP.");
+ }
+
+ unset($ignore_if, $ignore_mode);
+ }
+ }
+
+ $natiflist = get_configured_interface_with_descr();
+ foreach ($natiflist as $natif => $natdescr) {
+ if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
+ $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
+ }
+ }
+
+ /* ipalias and carp should not use network or broadcast address */
+ if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {
+ if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") {
+ $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
+ $broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']);
+ } else if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") {
+ $network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']);
+ $broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']);
+ }
+
+ if (isset($network_addr) && $_POST['subnet'] == $network_addr) {
+ $input_errors[] = gettext("You cannot use the network address for this VIP");
+ } else if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) {
+ $input_errors[] = gettext("You cannot use the broadcast address for this VIP");
+ }
+ }
+
+ /* make sure new ip is within the subnet of a valid ip
+ * on one of our interfaces (wan, lan optX)
+ */
+ switch ($_POST['mode']) {
+ case 'carp':
+ /* verify against reusage of vhids */
+ $idtracker = 0;
+ foreach($config['virtualip']['vip'] as $vip) {
+ if($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker != $id)
+ $input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."),$_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface']));
+ $idtracker++;
+ }
+
+ if (empty($_POST['password']))
+ $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members.");
+
+ if ($_POST['interface'] == 'lo0')
+ $input_errors[] = gettext("For this type of vip localhost is not allowed.");
+ else if (strpos($_POST['interface'], '_vip'))
+ $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
+
+ break;
+ case 'ipalias':
+ if (strstr($_POST['interface'], "_vip")) {
+ if (is_ipaddrv4($_POST['subnet'])) {
+ $parent_ip = get_interface_ip($_POST['interface']);
+ $parent_sn = get_interface_subnet($_POST['interface']);
+ $subnet = gen_subnet($parent_ip, $parent_sn);
+ } else if (is_ipaddrv6($_POST['subnet'])) {
+ $parent_ip = get_interface_ipv6($_POST['interface']);
+ $parent_sn = get_interface_subnetv6($_POST['interface']);
+ $subnet = gen_subnetv6($parent_ip, $parent_sn);
+ }
+
+ if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") &&
+ !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
+ $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ;
+ $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find);
+ }
+
+ unset($parent_ip, $parent_sn, $subnet);
+ }
+
+ break;
+ default:
+ if ($_POST['interface'] == 'lo0')
+ $input_errors[] = gettext("For this type of vip localhost is not allowed.");
+ else if (strpos($_POST['interface'], '_vip'))
+ $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
+
+ break;
+ }
+
+ if (!$input_errors) {
+ $vipent = array();
+
+ $vipent['mode'] = $_POST['mode'];
+ $vipent['interface'] = $_POST['interface'];
+
+ /* ProxyARP specific fields */
+ if ($_POST['mode'] === "proxyarp") {
+ if ($_POST['type'] == "range") {
+ $vipent['range']['from'] = $_POST['range_from'];
+ $vipent['range']['to'] = $_POST['range_to'];
+
+ }
+
+ $vipent['noexpand'] = isset($_POST['noexpand']);
+ }
+
+ /* CARP specific fields */
+ if ($_POST['mode'] === "carp") {
+ $vipent['vhid'] = $_POST['vhid'];
+ $vipent['uniqid'] = $_POST['uniqid'];
+ $vipent['advskew'] = $_POST['advskew'];
+ $vipent['advbase'] = $_POST['advbase'];
+ $vipent['password'] = $_POST['password'];
+ }
+
+ /* Common fields */
+ $vipent['descr'] = $_POST['descr'];
+ if (isset($_POST['type'])) {
+ $vipent['type'] = $_POST['type'];
+ } else {
+ $vipent['type'] = "single";
+ }
+
+ if ($vipent['type'] == "single" || $vipent['type'] == "network") {
+ if (!isset($_POST['subnet_bits'])) {
+ $vipent['subnet_bits'] = "32";
+ } else {
+ $vipent['subnet_bits'] = $_POST['subnet_bits'];
+ }
+
+ $vipent['subnet'] = $_POST['subnet'];
+ }
+
+ if (!isset($id)) {
+ $id = count($a_vip);
+ }
+ if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) {
+ $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"));
+ } else {
+ $toapplylist = array();
+ }
+
+ $toapplylist[$id] = $a_vip[$id];
+
+ if (!empty($a_vip[$id])) {
+ /* modify all virtual IP rules with this address */
+ for ($i = 0; isset($config['nat']['rule'][$i]); $i++) {
+ if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) {
+ $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet'];
+ }
+ }
+ }
+
+ $a_vip[$id] = $vipent;
+
+ if (write_config()) {
+ mark_subsystem_dirty('vip');
+ file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist));
+ }
+
+ header("Location: firewall_virtual_ip.php");
+ exit;
+ }
+}
+
+$ipaliashelp = gettext('The mask must be the network\'s subnet mask. It does not specify a CIDR range.');
+$proxyarphelp = gettext('Enter a CIDR block of proxy ARP addresses.');
+
+$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Address"),gettext("Edit"));
+include("head.inc");
+
+function build_if_list() {
+ $list = array();
+
+ $interfaces = get_configured_interface_with_descr(false, true);
+ $carplist = get_configured_carp_interface_list();
+
+ foreach ($carplist as $cif => $carpip)
+ $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')';
+
+ $interfaces['lo0'] = 'Localhost';
+
+ return($interfaces);
+}
+
+if ($input_errors)
+ print_input_errors($input_errors);
+
+require('classes/Form.class.php');
+
+$form = new Form();
+
+$section = new Form_Section('Edit Virtual IP');
+
+$group = new Form_Group('Type');
+
+$group->add(new Form_Checkbox(
+ 'mode',
+ null,
+ 'IP Alias',
+ ($pconfig['mode'] == "ipalias"),
+ 'ipalias'
+))->displayAsRadio();
+
+$group->add(new Form_Checkbox(
+ 'mode',
+ null,
+ 'CARP',
+ ($pconfig['mode'] == "carp"),
+ 'carp'
+))->displayAsRadio();
+
+$group->add(new Form_Checkbox(
+ 'mode',
+ null,
+ 'Proxy ARP',
+ ($pconfig['mode'] == "proxyarp"),
+ 'proxyarp'
+))->displayAsRadio();
+
+$group->add(new Form_Checkbox(
+ 'mode',
+ null,
+ 'Other',
+ ($pconfig['mode'] == "other"),
+ 'other'
+))->displayAsRadio();
+
+$section->add($group);
+
+$section->addInput(new Form_Select(
+ 'interface',
+ 'Interface',
+ $pconfig['interface'],
+ build_if_list()
+));
+
+$section->addInput(new Form_Select(
+ 'type',
+ 'Address type',
+ ((!$pconfig['range'] && $pconfig['subnet_bits'] == 32) || (!isset($pconfig['subnet']))) ? 'single':'network',
+ array(
+ 'single' => 'Single address',
+ 'network' => 'Network'
+ )
+))->addClass('typesel');
+
+$section->addInput(new Form_IpAddress(
+ 'subnet',
+ 'Address(es)',
+ $pconfig['subnet']
+))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp('<span id="address_note"></span>');
+
+$section->addInput(new Form_Checkbox(
+ 'noexpand',
+ 'Expansion',
+ 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ',
+ isset($pconfig['noexpand'])
+));
+
+$section->addInput(new Form_Input(
+ 'password',
+ 'Virtual IP Password',
+ 'password',
+ $pconfig['password']
+))->setHelp('Enter the VHID group password.');
+
+$section->addInput(new Form_Select(
+ 'vhid',
+ 'VHID Group',
+ $pconfig['vhid'],
+ array_combine(range(1, 255, 1), range(1, 255, 1))
+))->setHelp('Enter the VHID group that the machines will share');
+
+$group = new Form_Group('Advertising frequency');
+$group->add(new Form_Select(
+ 'advbase',
+ 'Base',
+ $pconfig['advbase'],
+ array_combine(range(1, 254, 1), range(1, 254, 1))
+))->setHelp('Base');
+
+$group->add(new Form_Select(
+ 'advskew',
+ 'Skew',
+ $pconfig['advskew'],
+ array_combine(range(0, 254, 1), range(0, 254, 1))
+))->setHelp('Skew');
+
+$group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.');
+
+$section->add($group);
+
+$section->addInput(new Form_Input(
+ 'descr',
+ 'Description',
+ 'text',
+ $pconfig['descr']
+))->setHelp('You may enter a description here for your reference (not parsed).');
+
+if (isset($id) && $a_vip[$id]){
+ $section->addInput(new Form_Input(
+ 'id',
+ null,
+ 'hidden',
+ $id
+ ));
+}
+
+$section->addInput(new Form_Input(
+ 'uniqid',
+ null,
+ 'hidden',
+ $pconfig['uniqid']
+));
+
+$form->add($section);
+
+print($form);
+
+print_info_box(gettext("Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these types.") . '<br />' .
+ sprintf(gettext("For more information on CARP and the above values, visit the OpenBSD %s"), '<a href="http://www.openbsd.org/faq/pf/carp.html">CARP FAQ"</a>'));
+?>
+
+<script>
+//<![CDATA[
+events.push(function(){
+
+ // Hides the <div> in which the specified checkbox lives so that the checkbox, its label and help text are hidden
+ function hideCheckbox(id, hide) {
+ if(hide)
+ $('#' + id).parent().parent().parent('div').addClass('hidden');
+ else
+ $('#' + id).parent().parent().parent('div').removeClass('hidden');
+ }
+
+ // Disables the specified input element
+ function disableInput(id, disable) {
+ $('#' + id).prop("disabled", disable);
+ }
+
+ // Hide/show input elements depending on the 'mode' radio button setting
+ function check_mode() {
+ var mode = $("input[name=mode]:checked").val();
+
+ disableInput('vhid', true);
+ disableInput('advbase', true);
+ disableInput('advskew', true);
+ disableInput('subnet_bits', true);
+ disableInput('type', true);
+ disableInput('password', true);
+ hideCheckbox('noexpand', true);
+
+ if(mode == 'ipalias') {
+ $('#address_note').html("<?=$ipaliashelp?>");
+ disableInput('subnet_bits', false);
+ $('#type').val('single');
+
+ }
+ else if(mode == 'carp') {
+ $('#address_note').html("<?=$ipaliashelp?>");
+ disableInput('vhid', false);
+ disableInput('advbase', false);
+ disableInput('advskew', false);
+ disableInput('subnet_bits', false);
+ disableInput('password', false);
+ $('#type').val('single');
+ }
+ else if(mode == 'proxyarp') {
+ $('#address_note').html("<?=$proxyarphelp?>");
+ disableInput('type', false);
+ disableInput('subnet_bits', $('#type').val() == 'single');
+ }
+ else {
+ $('#address_note').html('');
+ disableInput('type', false);
+ }
+ }
+
+ // When radio buttons are clicked . .
+ $('input:radio[name=mode]').click(function() {
+ check_mode();
+ });
+
+ // On clicking the address type selector
+ $('#type').on('change', function() {
+ check_mode();
+ hideCheckbox('noexpand', (this.value == 'single'));
+ });
+
+ // On initial page load
+ check_mode();
+});
+//]]>
+</script>
+
+<?php
+
+include("foot.inc");
diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc
index 5316ee2..d3309d9 100755
--- a/src/usr/local/www/head.inc
+++ b/src/usr/local/www/head.inc
@@ -323,7 +323,7 @@ if(! $g['disablehelpmenu']) {
<ul class="dropdown-menu" role="menu"><?=output_menu($item['menu'], $item['href'])?></ul>
</li>
<?php endforeach?>
- <?php if(are_notices_pending()):?>
+ <?php if(false ): ?> // are_notices_pending()):?>
<?php $notices = get_notices()?>
<li class="dropdown">
<a href="#" data-toggle="modal" data-target="#notices" role="button" aria-expanded="false"><?=gettext("Notices")?>
diff --git a/src/usr/local/www/jquery/pfSense.js b/src/usr/local/www/jquery/pfSense.js
index e342d3f..ffd56dc 100644
--- a/src/usr/local/www/jquery/pfSense.js
+++ b/src/usr/local/www/jquery/pfSense.js
@@ -52,6 +52,7 @@ $(function() {
var clone = group.clone(true);
clone.find('*').val(''); //removeAttr('value');
+// clone.find('*').removeAttr('value');
clone.appendTo(group.parent());
});
@@ -80,7 +81,8 @@ $(function() {
var group = $(this).parents('div.form-group');
var clone = group.clone(true);
- clone.find('*').val(''); //removeAttr('value');
+ clone.find('*').removeAttr('value');
+// clone.find('*').val('');
clone.appendTo(group.parent());
});
@@ -93,7 +95,6 @@ $(function() {
});
})();
- // Find all ipaddress masks and make dynamic based on address family of input
$('span.pfIpMask + select').each(function (idx, select){
var input = $(select).prevAll('input[type=text]');
@@ -118,7 +119,7 @@ $(function() {
// Fire immediately
input.change();
});
-
+
// Add confirm to all btn-danger buttons
$('.btn-danger').on('click', function(e){
var q = 'Are you sure you wish to '+ $.trim(this.textContent) +'?';
diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php
index 323adf4..f1846a1 100644
--- a/src/usr/local/www/services_unbound.php
+++ b/src/usr/local/www/services_unbound.php
@@ -436,8 +436,8 @@ foreach ($a_hosts as $hostent):
<?=htmlspecialchars($hostent['descr'])?>
</td>
<td>
- <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>
- <a href="services_dnsmasq.php?type=host&amp;act=del&amp;id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a>
+ <a href="services_unbound.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>
+ <a href="services_unbound.php?type=host&amp;act=del&amp;id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a>
</td>
</tr>
@@ -459,7 +459,7 @@ foreach ($a_hosts as $hostent):
<?=htmlspecialchars($alias['description'])?>
</td>
<td>
- <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>
+ <a href="services_unbound_host_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a>
</td>
</tr>
<?php
@@ -474,7 +474,7 @@ endforeach;
</div>
<nav class="action-buttons">
- <a href="services_dnsmasq_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a>
+ <a href="services_unbound_host_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a>
</nav>
<div class="panel panel-default">
@@ -522,4 +522,4 @@ endforeach;
<nav class="action-buttons">
<a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a>
</nav>
-<?php include("foot.inc"); \ No newline at end of file
+<?php include("foot.inc");
diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php
index 94e0b71..82fd30e 100644
--- a/src/usr/local/www/services_unbound_acls.php
+++ b/src/usr/local/www/services_unbound_acls.php
@@ -77,28 +77,28 @@ if ($act == "edit") {
$networkacl = $a_acls[$id]['row'];
}
}
-
+
if(!is_array($networkacl))
$networkacl = array();
-
+
// Add a row to the networks table
if($act == 'new')
- $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => ''));
-
+ $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => ''));
+
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- $deleting = false;
-
- // Delete a row from the networks table
- for($idx = 0; $idx<50; $idx++) {
- if($pconfig['dlt' . $idx] == 'Delete') {
- unset($networkacl[$idx]);
- $deleting = true;
- break;
- }
- }
-
+ $deleting = false;
+
+ // Delete a row from the networks table
+ for($idx = 0; $idx<50; $idx++) {
+ if($pconfig['dlt' . $idx] == 'Delete') {
+ unset($networkacl[$idx]);
+ $deleting = true;
+ break;
+ }
+ }
+
if ($_POST['apply']) {
$retval = services_unbound_configure();
$savemsg = get_std_save_message($retval);
@@ -136,7 +136,7 @@ if ($_POST) {
}
if (!$input_errors) {
- if ($pconfig['Submit'] == gettext("Save")) {
+ if (strtolower($pconfig['save']) == gettext("save")) {
$acl_entry = array();
$acl_entry['aclid'] = $pconfig['aclid'];
$acl_entry['aclname'] = $pconfig['aclname'];
@@ -144,6 +144,7 @@ if ($_POST) {
$acl_entry['description'] = $pconfig['description'];
$acl_entry['aclid'] = $pconfig['aclid'];
$acl_entry['row'] = array();
+
foreach ($networkacl as $acl) {
$acl_entry['row'][] = $acl;
}
@@ -164,19 +165,26 @@ if ($_POST) {
}
}
+$actionHelp =
+ '<strong><font color="green">Deny:</font></strong> Stops queries from hosts within the netblock defined below.' . '<br />' .
+ '<strong><font color="green">Refuse:</font></strong> Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' .
+ '<strong><font color="green">Allow:</font></strong> Allow queries from hosts within the netblock defined below.' . '<br />' .
+ '<strong><font color="green">Allow Snoop:</font></strong> Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.';
+
+
$closehead = false;
$pgtitle = "Services: DNS Resolver: Access Lists";
$shortcut_section = "resolver";
include("head.inc");
if ($input_errors)
- print_input_errors($input_errors);
-
+ print_input_errors($input_errors);
+
if ($savemsg)
- print_info_box($savemsg, 'success');
-
+ print_info_box($savemsg, 'success');
+
if (is_subsystem_dirty('unbound'))
- print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
+ print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));
$tab_array = array();
$tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php");
@@ -187,104 +195,112 @@ display_top_tabs($tab_array, true);
require('classes/Form.class.php');
if($act=="new" || $act=="edit") {
-
- $form = new Form();
-
- $section = new Form_Section('New Access List');
-
- $section->addInput(new Form_Input(
- 'aclid',
- null,
- 'hidden',
- $id
- ));
-
- $section->addInput(new Form_Input(
- 'act',
- null,
- 'hidden',
- $act
- ));
-
- $section->addInput(new Form_Input(
- 'aclname',
- 'Access LIst name',
- 'text',
- $pconfig['aclname']
- ))->setHelp('Provide an Access List name.');
-
- $section->addInput(new Form_Select(
- 'action',
+
+ $form = new Form();
+
+ $section = new Form_Section('New Access List');
+
+ $section->addInput(new Form_Input(
+ 'aclid',
+ null,
+ 'hidden',
+ $id
+ ));
+
+ $section->addInput(new Form_Input(
+ 'act',
+ null,
+ 'hidden',
+ $act
+ ));
+
+ $section->addInput(new Form_Input(
+ 'aclname',
+ 'Access LIst name',
+ 'text',
+ $pconfig['aclname']
+ ))->setHelp('Provide an Access List name.');
+
+ $section->addInput(new Form_Select(
+ 'aclaction',
'Action',
strtolower($pconfig['aclaction']),
array('allow' => 'Allow','deny' => 'Deny','refuse' => 'Refuse','allow snoop' => 'Allow Snoop')
- ))->setHelp('Choose what to do with DNS requests that match the criteria specified below.' . '<br />' .
- 'Deny: Stops queries from hosts within the netblock defined below.' . '<br />' .
- 'Refuse: Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' .
- 'Allow: Allow queries from hosts within the netblock defined below.' . '<br />' .
- 'Allow Snoop: Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.');
-
- $section->addInput(new Form_Input(
- 'descr',
- 'Description',
- 'text',
- $pconfig['descr']
- ))->setHelp('You may enter a description here for your reference.');
-
- $counter = 0;
- $numrows = count($networkacl) - 1;
-
- foreach($networkacl as $item) {
- $network = $item['acl_network'];
- $cidr = $item['mask'];
- $description = $item['description'];
-
- $group = new Form_Group('Networks');
-
- $group->add(new Form_IpAddress(
- 'acl_network' . $counter,
- null,
- $network
- ))->addMask('mask' . $counter, $cidr)->setHelp(($counter == $numrows) ? 'Network':null);
-
- $group->add(new Form_Input(
- 'description' . $counter,
- 'something',
- 'text',
- $description
- )); //->setHelp(($counter == $numrows) ? 'Description':null);
-
- $group->enableDuplication();
- $section->add($group);
- }
-
- $form->add($section);
- print($form);
+ ))->setHelp($actionHelp);
+
+ $section->addInput(new Form_Input(
+ 'description',
+ 'Description',
+ 'text',
+ $pconfig['description']
+ ))->setHelp('You may enter a description here for your reference.');
+
+ $numrows = count($networkacl) - 1;
+ $counter = 0;
+
+ foreach($networkacl as $item) {
+ $network = $item['acl_network'];
+ $cidr = $item['mask'];
+ $description = $item['description'];
+
+ $group = new Form_Group($counter == 0 ? 'Networks':'');
+
+ $group->add(new Form_IpAddress(
+ 'acl_network'.$counter,
+ null,
+ $network
+ ))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp(($counter == $numrows) ? 'Network/mask':null);
+
+ $group->add(new Form_Input(
+ 'description' . $counter,
+ null,
+ 'text',
+ $description
+ ))->setHelp(($counter == $numrows) ? 'Description':null);
+
+ $group->add(new Form_Button(
+ 'deleterow' . $counter,
+ 'Delete'
+ ))->removeClass('btn-primary')->addClass('btn-warning');
+
+ $group->addClass('repeatable');
+ $section->add($group);
+
+ $counter++;
+ }
+
+ $section->addInput(new Form_Button(
+ 'addrow',
+ 'Add network'
+ ))->removeClass('btn-primary')->addClass('btn-success');
+
+ $form->add($section);
+ print($form);
}
else // NOT 'edit' or 'add'
{
?>
<div class="panel panel-default">
- <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div>
- <div class="panel-body">
- <div class="table-responsive">
- <table class="table table-striped table-hover table-condensed">
- <thead>
- <tr>
- <th><?=gettext("Access List Name"); ?></th>
- <th><?=gettext("Action"); ?></th>
- <th><?=gettext("Description"); ?></th>
- <th>&nbsp;</th>
- </tr>
- </thead>
- <tbody>
-<?php
- $i = 0;
- foreach($a_acls as $acl):
+ <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div>
+ <div class="panel-body">
+ <div class="table-responsive">
+ <table class="table table-striped table-hover table-condensed">
+ <thead>
+ <tr>
+ <th><?=gettext("Access List Name"); ?></th>
+ <th><?=gettext("Action"); ?></th>
+ <th><?=gettext("Description"); ?></th>
+ <th>&nbsp;</th>
+ </tr>
+ </thead>
+ <tbody>
+<?php
+ $i = 0;
+ foreach($a_acls as $acl):
?>
- <tr ondblclick="document.location='services_unbound_acls.php?act=edit&amp;id=<?=$i?>'">
+ <tr ondblclick="document.location='services_unbound_acls.php?act=edit&amp;id=<?=$i?>'">
<td>
- <?=htmlspecialchars($acl['aclname'])?>
+ <?=htmlspecialchars($acl['aclname'])?>
</td>
<td>
<?=htmlspecialchars($acl['aclaction'])?>
@@ -298,18 +314,191 @@ else // NOT 'edit' or 'add'
</td>
</tr>
<?php
- $i++;
+ $i++;
endforeach;
-?>
- </tbody>
- </table>
- </div>
- <nav class="action-buttons">
- <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a>
- </nav>
- </div>
+?>
+ </tbody>
+ </table>
+ </div>
+ <nav class="action-buttons">
+ <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a>
+ </nav>
+ </div>
</div>
-<?php
+<?php
}
+?>
+<script>
+//<![CDATA[
+// Most of this needs to live in a common include file. It will be moved before production release.
+events.push(function(){
+
+ function setMasks() {
+ // Find all ipaddress masks and make dynamic based on address family of input
+ $('span.pfIpMask + select').each(function (idx, select){
+ var input = $(select).prevAll('input[type=text]');
+
+ input.on('change', function(e){
+ var isV6 = (input.val().indexOf(':') != -1), min = 0, max = 128;
+ if (!isV6)
+ max = 32;
+
+ if (input.val() == "")
+ return;
+
+ while (select.options.length > max)
+ select.remove(0);
+
+ if (select.options.length < max)
+ {
+ for (var i=select.options.length; i<=max; i++)
+ select.options.add(new Option(i, i), 0);
+ }
+ });
+
+ // Fire immediately
+ input.change();
+ });
+ }
+
+ // Complicated function to move all help text associated with this input id to the same id
+ // on the row above. That way if you delete the last row, you don't lose the help
+ function moveHelpText(id) {
+ $('#' + id).parent('div').parent('div').find('input').each(function() { // For each <span></span>
+ var fromId = this.id;
+ var toId = decrStringInt(fromId);
+ var helpSpan;
+
+ if(!$(this).hasClass('pfIpMask') && !$(this).hasClass('btn')) {
+
+ helpSpan = $('#' + fromId).parent('div').parent('div').find('span:last').clone();
+ if($(helpSpan).hasClass('help-block')) {
+ if($('#' + decrStringInt(fromId)).parent('div').hasClass('input-group'))
+ $('#' + decrStringInt(fromId)).parent('div').after(helpSpan);
+ else
+ $('#' + decrStringInt(fromId)).after(helpSpan);
+ }
+ }
+ });
+ }
+
+ // Increment the number at the end of the string
+ function bumpStringInt( str ) {
+ var data = str.match(/(\D*)(\d+)(\D*)/), newStr = "";
+
+ if( data )
+ newStr = data[ 1 ] + ( Number( data[ 2 ] ) + 1 ) + data[ 3 ];
+
+ return newStr || str;
+ }
+
+ // Decrement the number at the end of the string
+ function decrStringInt( str ) {
+ var data = str.match(/(\D*)(\d+)(\D*)/), newStr = "";
+
+ if( data )
+ newStr = data[ 1 ] + ( Number( data[ 2 ] ) - 1 ) + data[ 3 ];
+
+ return newStr || str;
+ }
+
+ // Called after a delete so that there are no gaps in the numbering. Most of the time the config system doesn't care about
+ // gaps, but I do :)
+ function renumber() {
+ var idx = 0;
+
+ $('.repeatable').each(function() {
+
+ $(this).find('input').each(function() {
+ $(this).prop("id", this.id.replace(/\d+$/, "") + idx);
+ $(this).prop("name", this.name.replace(/\d+$/, "") + idx);
+ });
+
+ $(this).find('select').each(function() {
+ $(this).prop("id", this.id.replace(/\d+$/, "") + idx);
+ $(this).prop("name", this.name.replace(/\d+$/, "") + idx);
+ });
+
+ $(this).find('label').attr('for', $(this).find('label').attr('for').replace(/\d+$/, "") + idx);
+
+ idx++;
+ });
+ }
+
+
+ function delete_row(row) {
+ $('#' + row).parent('div').parent('div').remove();
+ renumber();
+ }
+
+ function add_row() {
+ // Find the lst repeatable group
+ var lastRepeatableGroup = $('.repeatable:last');
+
+ // Clone it
+ var newGroup = lastRepeatableGroup.clone(true);
+
+ // Increment the suffix number for each input elemnt in the new group
+ $(newGroup).find('input').each(function() {
+ $(this).prop("id", bumpStringInt(this.id));
+ $(this).prop("name", bumpStringInt(this.name));
+ if(!$(this).is('[id^=delete]'))
+ $(this).val('');
+ });
+
+ // Do the same for selectors
+ $(newGroup).find('select').each(function() {
+ $(this).prop("id", bumpStringInt(this.id));
+ $(this).prop("name", bumpStringInt(this.name));
+ // If this selector lists mask bits, we need it to be reset to all 128 options
+ // and no items selected, so that automatic v4/v6 selection still works
+ if($(this).is('[id^=mask]')) {
+ $(this).empty();
+ for(idx=128; idx>0; idx--) {
+ $(this).append($('<option>', {
+ value: idx,
+ text: idx
+ }));
+ }
+ }
+ });
+
+ // And for "for" tags
+ $(newGroup).find('label').attr('for', bumpStringInt($(newGroup).find('label').attr('for')));
+ $(newGroup).find('label').text(""); // Clear the label. We only want it on the very first row
+
+ // Insert the updated/cloned row
+ $(lastRepeatableGroup).after(newGroup);
+
+ // Delete any help text from the group we have cloned
+ $(lastRepeatableGroup).find('.help-block').each(function() {
+ $(this).remove();
+ });
+
+ setMasks();
+ }
+
+ // These are action buttons, not submit buttons
+ $('[id^=addrow]').prop('type','button');
+ $('[id^=delete]').prop('type','button');
+
+ // on click . .
+ $('[id^=addrow]').click(function() {
+ add_row();
+ });
+
+ $('[id^=delete]').click(function(event) {
+ if($('.repeatable').length > 1) {
+ moveHelpText(event.target.id);
+ delete_row(event.target.id);
+ }
+ else
+ alert('<?php echo gettext("You may not delet the last one!")?>');
+ });
+});
+//]]>
+</script>
+
+<?php
include("foot.inc"); \ No newline at end of file
diff --git a/src/usr/local/www/services_unbound_domainoverride_edit.php b/src/usr/local/www/services_unbound_domainoverride_edit.php
index 2f8533c..5862b15 100644
--- a/src/usr/local/www/services_unbound_domainoverride_edit.php
+++ b/src/usr/local/www/services_unbound_domainoverride_edit.php
@@ -143,7 +143,7 @@ $section->addInput(new Form_IpAddress(
$section->addInput(new Form_Input(
'descr',
- 'GUI Log Entries',
+ 'Description',
'text',
$pconfig['descr']
))->setHelp('You may enter a description here for your reference (not parsed).');
@@ -161,4 +161,4 @@ $form->add($section);
print $form;
-include("foot.inc"); \ No newline at end of file
+include("foot.inc");
diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php
index 4b38b49..db0bb44 100644
--- a/src/usr/local/www/system_advanced_admin.php
+++ b/src/usr/local/www/system_advanced_admin.php
@@ -410,7 +410,7 @@ $section->addInput(new Form_Checkbox(
'DNS Rebind Check',
'Disable DNS Rebinding Checks',
$pconfig['nodnsrebindcheck']
-))->setHelp('When this is unchecked, your system is protected against<a '.
+))->setHelp('When this is unchecked, your system is protected against <a '.
'href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. '.
'This blocks private IP responses from your configured DNS servers. Check this '.
'box to disable this protection if it interferes with webConfigurator access or '.
@@ -461,8 +461,8 @@ $section->addInput(new Form_Checkbox(
'Authentication Method',
'Disable password login for Secure Shell (RSA/DSA key only)',
$pconfig['sshdkeyonly']
-))->setHelp('When enabled, authorized keys need to be configured for each<a '.
- 'href="system_usermanager.php">user</a>that has been granted secure shell '.
+))->setHelp('When enabled, authorized keys need to be configured for each <a '.
+ 'href="system_usermanager.php">user</a> that has been granted secure shell '.
'access.');
$section->addInput(new Form_Input(
diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php
index 677c2e0..098b52a 100644
--- a/src/usr/local/www/system_advanced_firewall.php
+++ b/src/usr/local/www/system_advanced_firewall.php
@@ -441,7 +441,7 @@ $section->addInput(new Form_Checkbox(
))->setHelp('Note: This converts %s into a routing only platform!<br/>'.
'Note: This will also turn off NAT! If you only want to disable NAT, '.
'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound '.
- 'NAT</a>page.', [$g["product_name"]]);
+ 'NAT</a> page.', [$g["product_name"]]);
$section->addInput(new Form_Checkbox(
'disablescrub',
@@ -484,7 +484,7 @@ $section->addInput(new Form_Input(
'number',
$pconfig['maximumstates'],
['min' => 1, 'placeholder' => pfsense_default_state_size()]
-))->setHelp('Maximum number of connections to hold in the firewall state table.. '.
+))->setHelp('Maximum number of connections to hold in the firewall state table. '.
'<br/>Note: Leave this blank for the default. On your system the default '.
'size is: %d', [pfsense_default_state_size()]);
@@ -495,7 +495,7 @@ $section->addInput(new Form_Input(
$pconfig['maximumtableentries'],
['placeholder' => pfsense_default_table_entries_size()]
))->setHelp('Maximum number of table entries for systems such as aliases, '.
- 'sshlockout, snort, etc, combined..<br/>Note: Leave this blank for the '.
+ 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the '.
'default. On your system the default size is: %d',
[pfsense_default_table_entries_size()]);
@@ -641,7 +641,7 @@ if (count($config['interfaces']) > 1)
'Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.',
isset($config['system']['enablenatreflectionhelper'])
))->setHelp('Required for full functionality of the pure NAT mode of NAT '.
- 'Reflection for port forwards or NAT Reflection for 1:1 NAT.Note: This only works '.
+ 'Reflection for port forwards or NAT Reflection for 1:1 NAT. Note: This only works '.
'for assigned interfaces. Other interfaces require manually creating the '.
'outbound NAT rules that direct the reply packets back through the router.');
@@ -755,4 +755,4 @@ events.push(function(){
//]]>
</script>
<?php
-include("foot.inc"); \ No newline at end of file
+include("foot.inc");
diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php
index 2dba952..5e87227 100644
--- a/src/usr/local/www/system_advanced_misc.php
+++ b/src/usr/local/www/system_advanced_misc.php
@@ -368,7 +368,7 @@ $group->add(new Form_Input(
'Source tracking timeout',
'number',
$pconfig['srctrack'],
- ['placeholder' => 1400]
+ ['placeholder' => 0]
))->setHelp('Set the source tracking timeout for sticky connections. By default '.
'this is 0, so source tracking is removed as soon as the state expires. '.
'Setting this timeout higher will cause the source/destination relationship '.
@@ -382,7 +382,7 @@ $section->addInput(new Form_Checkbox(
'Enable default gateway switching',
$pconfig['gw_switch_default']
))->setHelp('If the default gateway goes down, switch the default gateway to '.
- 'another available one. This is not enabled by default, as it"s unnecessary in '.
+ 'another available one. This is not enabled by default, as it\'s unnecessary in '.
'most all scenarios, which instead use gateway groups.');
$form->add($section);
@@ -571,4 +571,4 @@ $section->addInput(new Form_Checkbox(
$form->add($section);
print $form;
-include("foot.inc"); \ No newline at end of file
+include("foot.inc");
diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php
index f888ac6..52d57cc 100644
--- a/src/usr/local/www/system_authservers.php
+++ b/src/usr/local/www/system_authservers.php
@@ -229,13 +229,13 @@ if ($_POST) {
if ($pconfig['radisu_srvcs'] == "both" ||
$pconfig['radisu_srvcs'] == "auth") {
$reqdfields[] = "radius_auth_port";
- $reqdfieldsn[] = gettext("Authentication port value");
+ $reqdfieldsn[] = gettext("Authentication port");
}
if ($pconfig['radisu_srvcs'] == "both" ||
$pconfig['radisu_srvcs'] == "acct") {
$reqdfields[] = "radius_acct_port";
- $reqdfieldsn[] = gettext("Accounting port value");
+ $reqdfieldsn[] = gettext("Accounting port");
}
if (!isset($id)) {
@@ -452,7 +452,7 @@ $section->addInput(new Form_Input(
'text',
$pconfig['ldap_host']
))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
- '(CN) of the LDAP server"s SSL Certificate.');
+ '(CN) of the LDAP server\'s SSL Certificate.');
$section->addInput(new Form_Input(
'ldap_port',
@@ -497,18 +497,26 @@ $section->addInput(new Form_Select(
array_combine($ldap_protvers, $ldap_protvers)
));
-$section->addInput(new Form_Select(
+$group = new Form_Group('Search scope');
+
+$SSF = new Form_Select(
'ldap_scope',
- 'Search scope: Level',
+ 'Level',
$pconfig['ldap_scope'],
$ldap_scopes
-));
+);
-$section->addInput(new Form_Input(
+$SSB = new Form_Input(
'ldap_basedn',
'Base DN',
'text',
$pconfig['ldap_basedn']
+);
+
+
+$section->addInput(new Form_StaticText(
+ 'Search scope',
+ 'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
));
$group = new Form_Group('Authentication containers');
@@ -647,7 +655,7 @@ $section->addInput(new Form_Select(
$section->addInput(new Form_Input(
'radius_auth_port',
- 'Authentication port value',
+ 'Authentication port',
'number',
$pconfig['radius_auth_port']
));
@@ -715,4 +723,4 @@ events.push(function(){
//]]>
</script>
<?php
-include("foot.inc"); \ No newline at end of file
+include("foot.inc");
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php
index f9f2702..6ee5fbb 100644
--- a/src/usr/local/www/system_certmanager.php
+++ b/src/usr/local/www/system_certmanager.php
@@ -1,32 +1,59 @@
<?php
/*
system_certmanager.php
-
- Copyright (C) 2008 Shrew Soft Inc.
- Copyright (C) 2013-2015 Electric Sheep Fencing, LP
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
*/
+/* ====================================================================
+ * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ * Copyright (c) 2004, 2005 Scott Ullrich
+ * Copyright (c) 2008 Shrew Soft Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution. (http://www.pfsense.org/).
+ *
+ * 4. The names "pfSense" and "pfSense Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * coreteam@pfsense.org.
+ *
+ * 5. Products derived from this software may not be called "pfSense"
+ * nor may "pfSense" appear in their names without prior written
+ * permission of the Electric Sheep Fencing, LLC.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ *
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution (http://www.pfsense.org/).
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * ====================================================================
+ *
+ */
/*
pfSense_MODULE: certificate_manager
*/
@@ -962,10 +989,12 @@ $section = new Form_Section('Choose an Existing Certificate');
$section->addClass('toggle-existing collapse');
$existCerts = array();
-foreach ($config['cert'] as $cert)
-{
- if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
- continue;
+
+foreach ($config['cert'] as $cert) {
+ if(is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA!
+ if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
+ continue;
+ }
$ca = lookup_ca($cert['caref']);
if ($ca)
@@ -979,6 +1008,7 @@ foreach ($config['cert'] as $cert)
$existCerts[ $cert['refid'] ] = $cert['descr'];
}
+
$section->addInput(new Form_Select(
'certref',
'Existing Certificates',
diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php
index 128c761..44e6190 100644
--- a/src/usr/local/www/system_crlmanager.php
+++ b/src/usr/local/www/system_crlmanager.php
@@ -637,12 +637,12 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) {
<?php
if ($cainternal == "YES"): ?>
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
- <?=gettext("Add or Import CRLl")?>
+ <?=gettext("Add or Import CRL")?>
</a>
<?php
else: ?>
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>&amp;importonly=yes" class="btn btn-xs btn-success">
- <?=gettext("Add or Import CRLl")?>
+ <?=gettext("Add or Import CRL")?>
</a>
<?php
endif; ?>
@@ -662,7 +662,7 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) {
<td><?=($inuse) ? "YES" : "NO"; ?></td>
<td>
<a href="system_crlmanager.php?act=exp&amp;id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success">
- <?=gettext("Export CRL")?>"
+ <?=gettext("Export CRL")?>
</a>
<?php
if ($internal): ?>
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index dc84a7a..4493ff2 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -2,42 +2,61 @@
/* $Id$ */
/*
system_usermanager.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- part of pfSense
- Copyright (C) 2013-2015 Electric Sheep Fencing, LP
- All rights reserved.
-
- Copyright (C) 2008 Shrew Soft Inc.
- All rights reserved.
-
- Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
- All rights reserved.
-
- Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
*/
+/* ====================================================================
+ * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ * Copyright (c) 2004, 2005 Scott Ullrich
+ * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>
+ * Copyright (c) 2008 Shrew Soft Inc.
+ * Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution. (http://www.pfsense.org/).
+ *
+ * 4. The names "pfSense" and "pfSense Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * coreteam@pfsense.org.
+ *
+ * 5. Products derived from this software may not be called "pfSense"
+ * nor may "pfSense" appear in their names without prior written
+ * permission of the Electric Sheep Fencing, LLC.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ *
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution (http://www.pfsense.org/).
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * ====================================================================
+ *
+ */
/*
pfSense_BUILDER_BINARIES:
pfSense_MODULE: auth
@@ -134,6 +153,21 @@ if (isset($_POST['dellall_x'])) {
}
}
+if ($_POST['act'] == "delcert") {
+
+ if (!$a_user[$id]) {
+ pfSenseHeader("system_usermanager.php");
+ exit;
+ }
+
+ $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
+ $certdeleted = $certdeleted['descr'];
+ unset($a_user[$id]['cert'][$_POST['certid']]);
+ write_config();
+ $_POST['act'] = "edit";
+ $savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />";
+}
+
if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -240,15 +274,8 @@ if ($_POST['save']) {
if ($a_user[$id] && !empty($_POST['privid'])) {
foreach ($_POST['privid'] as $i)
unset($a_user[$id]['priv'][$i]);
- local_user_set($a_user[$id]);
- write_config();
- }
-
- // This used to be a separate act=delcert
- if ($a_user[$id] && !empty($_POST['certid'])) {
- foreach ($_POST['certid'] as $i)
- unset($a_user[$id]['cert'][$i]);
+ local_user_set($a_user[$id]);
write_config();
}
@@ -347,9 +374,11 @@ function build_priv_table() {
$privhtml = '<div class="table-responsive">';
$privhtml .= '<table class="table table-striped table-hover table-condensed">';
$privhtml .= '<thead>';
- $privhtml .= '<th>' . gettext('Inherited from') . '</th>';
- $privhtml .= '<th>' . gettext('Name') . '</th>';
- $privhtml .= '<th>' . gettext('Description') . '</th>';
+ $privhtml .= '<tr>';
+ $privhtml .= '<th>' . gettext('Inherited from') . '</th>';
+ $privhtml .= '<th>' . gettext('Name') . '</th>';
+ $privhtml .= '<th>' . gettext('Description') . '</th>';
+ $privhtml .= '</tr>';
$privhtml .= '</thead>';
$privhtml .= '<tbody>';
@@ -378,8 +407,11 @@ function build_cert_table() {
$certhtml = '<div class="table-responsive">';
$certhtml .= '<table class="table table-striped table-hover table-condensed">';
$certhtml .= '<thead>';
- $certhtml .= '<th>' . gettext('Name') . '</th>';
- $certhtml .= '<th>' . gettext('CA') . '</th>';
+ $certhtml .= '<tr>';
+ $certhtml .= '<th>' . gettext('Name') . '</th>';
+ $certhtml .= '<th>' . gettext('CA') . '</th>';
+ $certhtml .= '<th></th>';
+ $certhtml .= '</tr>';
$certhtml .= '</thead>';
$certhtml .= '<tbody>';
@@ -387,11 +419,21 @@ function build_cert_table() {
if (is_array($a_cert)) {
$i = 0;
foreach ($a_cert as $certref) {
+ $cert = lookup_cert($certref);
+ $ca = lookup_ca($cert['caref']);
+ $revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
+
$certhtml .= '<tr>';
- $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . is_cert_revoked($cert) ? '<b> Revoked</b>':'' . '</td>';
+ $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
+ $certhtml .= '<td>';
+ $certhtml .= '<a id="delcert' . $i .'" class="btn btn-xs btn-warning" title="';
+ $certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>';
+ $certhtml .= '</td>';
$certhtml .= '</tr>';
+ $i++;
}
+
}
$certhtml .= '</tbody>';
@@ -410,8 +452,9 @@ include("head.inc");
if ($input_errors)
print_input_errors($input_errors);
+
if ($savemsg)
- print_info_box($savemsg);
+ print_info_box($savemsg, 'success');
$tab_array = array();
$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
@@ -490,7 +533,6 @@ $form = new Form;
if ($act == "new" || $act == "edit" || $input_errors):
-
$form->addGlobal(new Form_Input(
'act',
null,
@@ -597,7 +639,7 @@ if ($act == "new" || $act == "edit" || $input_errors):
// ==== Group membership ==================================================
$group = new Form_Group('Group membership');
- // Make a list of all the groups configured on the system, and a list of
+ // Make a list of all the groups configured on the system, and a list of
// those which this user is a member of
$systemGroups = array();
$usersGroups = array();
@@ -605,10 +647,12 @@ if ($act == "new" || $act == "edit" || $input_errors):
$usergid = [$pconfig['usernamefld']];
foreach ($config['system']['group'] as $Ggroup) {
- if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member']))
- $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
- else
- $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
+ if($Ggroup['name'] != "all") {
+ if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member']))
+ $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
+ else
+ $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
+ }
}
$group->add(new Form_Select(
@@ -833,7 +877,6 @@ events.push(function(){
$("#movetodisabled").prop('type','button');
$("#movetoenabled").prop('type','button');
-
// On click . .
$("#movetodisabled").click(function() {
moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
@@ -851,6 +894,15 @@ events.push(function(){
hideInput('authorizedkeys', !this.checked);
});
+ $('[id^=delcert]').click(function(event) {
+ if(confirm(event.target.title)) {
+ $('#certid').val(event.target.id.match(/\d+$/)[0]);
+ $('#userid').val('<?=$id;?>');
+ $('#act').val('delcert');
+ $('form').submit();
+ }
+ });
+
// On page load . .
hideClass('cert-options', true);
hideInput('authorizedkeys', true);
diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php
index 588b4dd..dfc5159 100644
--- a/src/usr/local/www/vpn_ipsec_phase1.php
+++ b/src/usr/local/www/vpn_ipsec_phase1.php
@@ -1,35 +1,60 @@
<?php
/*
vpn_ipsec_phase1.php
- part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2008 Shrew Soft Inc
- Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2014 Ermal Luçi
- Copyright (C) 2013-2015 Electric Sheep Fencing, LP
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
*/
+/* ====================================================================
+ * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
+ * Copyright (c) 2004, 2005 Scott Ullrich
+ * Copyright (c) 2008 Shrew Soft Inc
+ * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>.
+ * Copyright (c) 2014 Ermal Luçi
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution. (http://www.pfsense.org/).
+ *
+ * 4. The names "pfSense" and "pfSense Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * coreteam@pfsense.org.
+ *
+ * 5. Products derived from this software may not be called "pfSense"
+ * nor may "pfSense" appear in their names without prior written
+ * permission of the Electric Sheep Fencing, LLC.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ *
+ * "This product includes software developed by the pfSense Project
+ * for use in the pfSense software distribution (http://www.pfsense.org/).
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * ====================================================================
+ *
+ */
##|+PRIV
##|*IDENT=page-vpn-ipsec-editphase1
@@ -108,7 +133,7 @@ if (isset($p1index) && $a_phase1[$p1index]) {
$pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method'];
if (($pconfig['authentication_method'] == "pre_shared_key") ||
- ($pconfig['authentication_method'] == "xauth_psk_server")) {
+ ($pconfig['authentication_method'] == "xauth_psk_server")) {
$pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key'];
} else {
$pconfig['certref'] = $a_phase1[$p1index]['certref'];
@@ -198,7 +223,7 @@ if ($_POST) {
break;
case "pre_shared_key":
// If this is a mobile PSK tunnel the user PSKs go on
- // the PSK tab, not here, so skip the check.
+ // the PSK tab, not here, so skip the check.
if ($pconfig['mobile']) {
break;
}
@@ -555,7 +580,7 @@ function build_cert_list() {
foreach ($config['cert'] as $cert)
$list[$cert['refid']] = $cert['descr'];
}
-
+
return($list);
}
@@ -568,7 +593,7 @@ function build_ca_list() {
foreach ($config['ca'] as $ca)
$list[$ca['refid']] = $ca['descr'];
}
-
+
return($list);
}
@@ -581,7 +606,7 @@ function build_eal_list() {
foreach ($p1_ealgos as $algo => $algodata)
$list[$algo] = htmlspecialchars($algodata['name']);
}
-
+
return($list);
}
@@ -636,12 +661,14 @@ $section->addInput(new Form_Select(
build_interface_list()
))->setHelp('Select the interface for the local endpoint of this phase1 entry.');
-$section->addInput(new Form_Input(
- 'remotegw',
- 'Remote Gateway',
- 'text',
- $pconfig['remotegw']
-))->setHelp('Enter the public IP address or host name of the remote gateway');
+if (!$pconfig['mobile']) {
+ $section->addInput(new Form_Input(
+ 'remotegw',
+ 'Remote Gateway',
+ 'text',
+ $pconfig['remotegw']
+ ))->setHelp('Enter the public IP address or host name of the remote gateway');
+}
$section->addInput(new Form_Input(
'descr',
diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php
index d00b127..21aaf92 100644
--- a/src/usr/local/www/widgets/widgets/system_information.widget.php
+++ b/src/usr/local/www/widgets/widgets/system_information.widget.php
@@ -73,14 +73,18 @@ if ($_REQUEST['getupdatestatus']) {
}
else {
$needs_system_upgrade = false;
- if (pfs_version_compare($current_installed_buildtime, $current_installed_version, $remote_version) == -1) {
+ $version_compare = pfs_version_compare($current_installed_buildtime, $g['product_version'], $remote_version);
+ if ($version_compare == -1) {
?>
<div class="alert alert-warning" role="alert">
Version <?=$remote_version?> is available. <a href="/system_firmware_check.php" class="alert-link">Click Here to view.</a>
</div>
<?php
- } else
- echo "You are on the latest version.";
+ } elseif ($version_compare == 1) {
+ echo "You are on a later version than the official release.";
+ } else {
+ echo "You are on the latest version.";
+ }
}
}
exit;
@@ -308,4 +312,4 @@ function systemStatusGetUpdateStatus() {
events.push(function(){
setTimeout('systemStatusGetUpdateStatus()', 4000);
});
-</script> \ No newline at end of file
+</script>
OpenPOWER on IntegriCloud