diff options
Diffstat (limited to 'src')
28 files changed, 1771 insertions, 913 deletions
diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 2c8f4c8..40e2dae 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -102,7 +102,7 @@ if (!function_exists("get_menu_messages")) { foreach ($notices as $key => $value) { $date = date("m-d-y H:i:s", $key); $noticemsg = ($value['notice'] != "" ? $value['notice'] : $value['id']); - $noticemsg = preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg); + $noticemsg = strip_tags(preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg)); if ((strlen($noticemsg)* 8) > $domtt_width) { $domtt_width=(strlen($noticemsg) *8); } diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index dc44036..e782228 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -2232,8 +2232,8 @@ function version_compare_string($a, $b) { } } function version_compare_numeric($a, $b) { - $a_arr = explode('.', rtrim($a, '.0')); - $b_arr = explode('.', rtrim($b, '.0')); + $a_arr = explode('.', rtrim($a, '.')); + $b_arr = explode('.', rtrim($b, '.')); foreach ($a_arr as $n => $val) { if (array_key_exists($n, $b_arr)) { diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index 2fa75cf..3a72295 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -344,13 +344,6 @@ function get_services() { $services[] = $pconfig; } - if (isset($config['installedpackages']['routed']) && $config['installedpackages']['routed']['config'][0]['enable']) { - $pconfig = array(); - $pconfig['name'] = "routed"; - $pconfig['description'] = gettext("RIP Daemon"); - $services[] = $pconfig; - } - if (isset($config['ipsec']['enable'])) { $pconfig = array(); $pconfig['name'] = "ipsec"; diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 10f0451..7dd1739 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -725,6 +725,14 @@ EOPP; // Setup pool options foreach ($all_pools as $poolconf) { + if (!(ip_in_subnet($poolconf['range']['from'], "{$subnet}/{$ifcfgsn}") && ip_in_subnet($poolconf['range']['to'], "{$subnet}/{$ifcfgsn}"))) { + // If the user has changed the subnet from the interfaces page and applied, + // but has not updated the DHCP range, then the range to/from of the pool can be outside the subnet. + // In that case, ignore the pool and post an error. + $error_msg = sprintf(gettext("Invalid DHCP pool %s - %s for %s subnet %s/%s detected. Please correct the settings in Services, DHCP Server"), $poolconf['range']['from'], $poolconf['range']['to'], convert_real_interface_to_friendly_descr($dhcpif), $subnet, $ifcfgsn); + file_notice("DHCP", $error_msg); + continue; + } $dhcpdconf .= " pool {\n"; /* is failover dns setup? */ if (is_array($poolconf['dnsserver']) && $poolconf['dnsserver'][0] <> "") { @@ -2438,8 +2446,13 @@ function configure_cron() { file_put_contents("/etc/crontab", $crontab_contents); unset($crontab_contents); + /* make sure that cron is running and start it if it got killed somehow */ + if (!is_process_running("cron")) { + exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null"); + } else { /* do a HUP kill to force sync changes */ - sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP"); + } conf_mount_ro(); } diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 41e798e..f7987e1 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -2042,6 +2042,7 @@ function system_dmesg_save() { function system_set_harddisk_standby() { global $g, $config; + if (isset($config['system']['developerspew'])) { $mt = microtime(); echo "system_set_harddisk_standby() being called $mt\n"; @@ -2055,11 +2056,17 @@ function system_set_harddisk_standby() { $standby = $config['system']['harddiskstandby']; // Check for a numeric value if (is_numeric($standby)) { - // Sync the disk(s) - pfSense_sync(); - if (set_single_sysctl('hw.ata.standby', (int)$standby)) { - // Reinitialize ATA-drives - mwexec('/usr/local/sbin/atareinit'); + // Get only suitable candidates for standby; using get_smart_drive_list() + // from utils.inc to get the list of drives. + $harddisks = get_smart_drive_list(); + + // Since get_smart_drive_list() only matches ad|da|ada; lets put the check below + // just in case of some weird pfSense platform installs. + if (count($harddisks) > 0) { + // Iterate disks and run the camcontrol command for each + foreach ($harddisks as $harddisk) { + mwexec("/sbin/camcontrol standby {$harddisk} -t {$standby}"); + } if (platform_booting()) { echo gettext("done.") . "\n"; } diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index b91905c..ab5cb3e 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -258,8 +258,8 @@ function upgrade_014_to_015() { if ($config['interfaces']['wan']['gateway'] <> "") { $config['system']['gateway'] = $config['interfaces']['wan']['gateway']; } + unset($config['interfaces']['wan']['gateway']); } - unset($config['interfaces']['wan']['gateway']); /* Queues are no longer interface specific */ if (isset($config['interfaces']['lan']['schedulertype'])) { @@ -285,9 +285,12 @@ function upgrade_015_to_016() { $config['system']['alt_firmware_url']['enabled'] = ""; $config['system']['alt_firmware_url']['firmware_base_url'] = $config['system']['firmwareurl']; $config['system']['alt_firmware_url']['firmware_filename'] = $config['system']['firmwarename']; - unset($config['system']['firmwareurl'], $config['system']['firmwarename']); - } else { - unset($config['system']['firmwareurl'], $config['system']['firmwarename']); + } + if (isset($config['system']['firmwareurl'])) { + unset($config['system']['firmwareurl']); + } + if (isset($config['system']['firmwarename'])) { + unset($config['system']['firmwarename']); } } @@ -295,12 +298,24 @@ function upgrade_015_to_016() { function upgrade_016_to_017() { global $config; /* wipe previous shaper configuration */ - unset($config['shaper']['queue']); - unset($config['shaper']['rule']); - unset($config['interfaces']['wan']['bandwidth']); - unset($config['interfaces']['wan']['bandwidthtype']); - unset($config['interfaces']['lan']['bandwidth']); - unset($config['interfaces']['lan']['bandwidthtype']); + if (isset($config['shaper']['queue'])) { + unset($config['shaper']['queue']); + } + if (isset($config['shaper']['rule'])) { + unset($config['shaper']['rule']); + } + if (isset($config['interfaces']['wan']['bandwidth'])) { + unset($config['interfaces']['wan']['bandwidth']); + } + if (isset($config['interfaces']['wan']['bandwidthtype'])) { + unset($config['interfaces']['wan']['bandwidthtype']); + } + if (isset($config['interfaces']['lan']['bandwidth'])) { + unset($config['interfaces']['lan']['bandwidth']); + } + if (isset($config['interfaces']['lan']['bandwidthtype'])) { + unset($config['interfaces']['lan']['bandwidthtype']); + } $config['shaper']['enable'] = FALSE; } @@ -350,7 +365,9 @@ function upgrade_017_to_018() { unset($config['installedpackages']['carp']); } /* Server NAT is no longer needed */ - unset($config['nat']['servernat']); + if (isset($config['nat']['servernat'])) { + unset($config['nat']['servernat']); + } /* enable SSH */ if ($config['version'] == "1.8") { @@ -361,7 +378,7 @@ function upgrade_017_to_018() { function upgrade_018_to_019() { global $config; - $config['theme']="metallic"; + $config['theme'] = "metallic"; } @@ -412,7 +429,9 @@ function upgrade_023_to_024() { function upgrade_024_to_025() { global $config; $config['interfaces']['wan']['use_rrd_gateway'] = $config['system']['use_rrd_gateway']; - unset($config['system']['use_rrd_gateway']); + if (isset($config['system']['use_rrd_gateway'])) { + unset($config['system']['use_rrd_gateway']); + } } @@ -587,7 +606,7 @@ function upgrade_039_to_040() { $config['system']['webgui']['auth_method'] = "session"; $config['system']['webgui']['backing_method'] = "htpasswd"; - if (isset ($config['system']['username'])) { + if (isset($config['system']['username'])) { $config['system']['group'] = array(); $config['system']['group'][0]['name'] = "admins"; $config['system']['group'][0]['description'] = gettext("System Administrators"); @@ -627,8 +646,10 @@ function upgrade_039_to_040() { $config['system']['nextgid'] = "111"; /* wipe previous auth configuration */ - unset ($config['system']['username']); - unset ($config['system']['password']); + unset($config['system']['username']); + if (isset($config['system']['password'])) { + unset($config['system']['password']); + } } } @@ -1495,7 +1516,9 @@ function upgrade_050_to_051() { $pconfig['value'] = "0"; $config['sysctl']['item'][] = $pconfig; - unset($config['bridge']); + if (isset($config['bridge'])) { + unset($config['bridge']); + } $convert_bridges = false; foreach ($config['interfaces'] as $intf) { @@ -2025,7 +2048,9 @@ function upgrade_053_to_054() { if (empty($config['load_balancer'])) { unset($config['load_balancer']); } else { - unset($config['load_balancer']['lbpool']); + if (isset($config['load_balancer']['lbpool'])) { + unset($config['load_balancer']['lbpool']); + } } } else { $config['load_balancer']['lbpool'] = $lbpool_srv_arr; @@ -2978,10 +3003,10 @@ function upgrade_083_to_084() { $config['hasync'] = $config['installedpackages']['carpsettings']['config'][0]; unset($config['installedpackages']['carpsettings']); } - if (empty($config['installedpackages']['carpsettings'])) { + if (empty($config['installedpackages']['carpsettings']) && isset($config['installedpackages']['carpsettings'])) { unset($config['installedpackages']['carpsettings']); } - if (empty($config['installedpackages'])) { + if (empty($config['installedpackages']) && isset($config['installedpackages'])) { unset($config['installedpackages']); } } @@ -3393,8 +3418,12 @@ function upgrade_102_to_103() { $config['nat']['outbound'] = $config['nat']['advancedoutbound']; - unset($config['nat']['ipsecpassthru']); - unset($config['nat']['advancedoutbound']); + if (isset($config['nat']['ipsecpassthru'])) { + unset($config['nat']['ipsecpassthru']); + } + if (isset($config['nat']['advancedoutbound'])) { + unset($config['nat']['advancedoutbound']); + } } function upgrade_103_to_104() { @@ -3685,18 +3714,20 @@ function upgrade_111_to_112() { function upgrade_112_to_113() { global $config; - if (isset($config['notifications']['smtp']['ssl']) && - $config['notifications']['smtp']['ssl'] == "checked") { - $config['notifications']['smtp']['ssl'] = true; - } else { - unset($config['notifications']['smtp']['ssl']); + if (isset($config['notifications']['smtp']['ssl'])) { + if ($config['notifications']['smtp']['ssl'] == "checked") { + $config['notifications']['smtp']['ssl'] = true; + } else { + unset($config['notifications']['smtp']['ssl']); + } } - if (isset($config['notifications']['smtp']['tls']) && - $config['notifications']['smtp']['tls'] == "checked") { - $config['notifications']['smtp']['tls'] = true; - } else { - unset($config['notifications']['smtp']['tls']); + if (isset($config['notifications']['smtp']['tls'])) { + if ($config['notifications']['smtp']['tls'] == "checked") { + $config['notifications']['smtp']['tls'] = true; + } else { + unset($config['notifications']['smtp']['tls']); + } } } diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup index 3d53233..6d9e77f 100755 --- a/src/etc/rc.php_ini_setup +++ b/src/etc/rc.php_ini_setup @@ -139,10 +139,6 @@ PHPMODULES="$PHPMODULES filter" PHP_ZEND_MODULES="" -if [ "$LOWMEM" != "TRUE" ]; then - PHP_ZEND_MODULES="$PHP_ZEND_MODULES opcache" -fi - # Modules previously included. # can be turned on by touching # /etc/php_dynamodules/$modulename @@ -242,6 +238,11 @@ opcache.enable_cli="0" opcache.memory_consumption="${OPCACHEMEMSIZE}" EOF +else + /bin/cat >>/usr/local/lib/php.ini <<EOF +; opcache Settings +opcache.enabled="0" +EOF fi /bin/cat >>/usr/local/lib/php.ini <<EOF diff --git a/src/usr/local/bin/mail.php b/src/usr/local/bin/mail.php index 130d9e0..001ee67 100755 --- a/src/usr/local/bin/mail.php +++ b/src/usr/local/bin/mail.php @@ -13,7 +13,7 @@ if ($options['s'] <> "") { $in = file("php://stdin"); -foreach ($in as $line){ +foreach ($in as $line) { $message .= "$line"; } diff --git a/src/usr/local/www/diag_confbak.php b/src/usr/local/www/diag_confbak.php index bc9cc51..08c273a 100644 --- a/src/usr/local/www/diag_confbak.php +++ b/src/usr/local/www/diag_confbak.php @@ -51,24 +51,25 @@ if (isset($_POST['backupcount'])) { $changedescr = "(platform default)"; } write_config("Changed backup revision count to {$changedescr}"); -} elseif ($_POST) { - if (!isset($_POST['confirm']) || ($_POST['confirm'] != gettext("Confirm")) || (!isset($_POST['newver']) && !isset($_POST['rmver']))) { +} elseif ($_GET) { + if (!isset($_GET['newver']) && !isset($_GET['rmver']) && !isset($_GET['getcfg']) && !isset($_GET['diff'])) { header("Location: diag_confbak.php"); return; } conf_mount_rw(); $confvers = unserialize(file_get_contents($g['cf_conf_path'] . '/backup/backup.cache')); - if ($_POST['newver'] != "") { - if (config_restore($g['conf_path'] . '/backup/config-' . $_POST['newver'] . '.xml') == 0) { - $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['newver']), htmlspecialchars($confvers[$_POST['newver']]['description'])); + + if ($_GET['newver'] != "") { + if (config_restore($g['conf_path'] . '/backup/config-' . $_GET['newver'] . '.xml') == 0) { + $savemsg = sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['newver']), htmlspecialchars($confvers[$_GET['newver']]['description'])); } else { $savemsg = gettext("Unable to revert to the selected configuration."); } } - if ($_POST['rmver'] != "") { - unlink_if_exists($g['conf_path'] . '/backup/config-' . $_POST['rmver'] . '.xml'); - $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']), htmlspecialchars($confvers[$_POST['rmver']]['description'])); + if ($_GET['rmver'] != "") { + unlink_if_exists($g['conf_path'] . '/backup/config-' . $_GET['rmver'] . '.xml'); + $savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_GET['rmver']), htmlspecialchars($confvers[$_GET['rmver']]['description'])); } conf_mount_ro(); } @@ -88,7 +89,7 @@ if ($_GET['getcfg'] != "") { } if (($_GET['diff'] == 'Diff') && isset($_GET['oldtime']) && isset($_GET['newtime']) && - (is_numeric($_GET['oldtime'])) && + (is_numeric($_GET['oldtime'])) && (is_numeric($_GET['newtime']) || ($_GET['newtime'] == 'current'))) { $diff = ""; $oldfile = $g['conf_path'] . '/backup/config-' . $_GET['oldtime'] . '.xml'; @@ -112,256 +113,172 @@ unset($confvers['versions']); $pgtitle = array(gettext("Diagnostics"), gettext("Configuration History")); include("head.inc"); -if($savemsg) - print_info_box($savemsg); +if ($savemsg) { + print_info_box($savemsg, 'success'); +} + +if ($diff) { ?> - <?php if ($diff):?> - <h3><?=gettext("Configuration diff from")?><?=date(gettext("n/j/y H:i:s"), $oldtime)?><?=gettext("to")?><?=date(gettext("n/j/y H:i:s"), $newtime)?></h3> - <pre><?php foreach ($diff as $line) { - switch (substr($line, 0, 1)) { - case "+": - $color = "#caffd3"; - break; - case "-": - $color = "#ffe8e8"; - break; - case "@": - $color = "#a0a0a0"; - break; - default: - $color = "#ffffff"; - } +<div class="panel panel-default"> + <div class="panel-heading"><?=gettext("Configuration diff from ")?><?=date(gettext("n/j/y H:i:s"), $oldtime); ?><?=gettext(" to ")?><?=date(gettext("n/j/y H:i:s"), $newtime); ?></div> + <div class="panel-body table-responsive"> + <!-- This table is left un-bootstrapped to maintain the original diff format output --> + <table style="padding-top: 4px; padding-bottom: 4px; vertical-align:middle;"> - print '<span style="background-color: '.$color .'">'. htmlentities($line) .'</span><br/>'; - } - ?></pre> -<?php endif?> -<?PHP if ($_GET["newver"] || $_GET["rmver"]):?> - <h2><?=gettext("Confirm Action")?></h2> - <form action="diag_confbak.php" method="post"> - <div class="alert alert-danger"> - <p><?=gettext("Please confirm you wish to ")?> - <?PHP - if (!empty($_GET["newver"])) { - echo gettext("restore from Configuration Backup"); - $target_config = $_GET["newver"]?> - <input type="hidden" name="newver" value="<?PHP echo htmlspecialchars($_GET["newver"])?>" /> - <?PHP - } elseif (!empty($_GET["rmver"])) { - echo gettext("remove Configuration Backup"); - $target_config = $_GET["rmver"]?> - <input type="hidden" name="rmver" value="<?PHP echo htmlspecialchars($_GET["rmver"])?>" /> - <?PHP - } ?> - <?PHP echo gettext("revert to configuration from ")?> <?=date(gettext("n/j/y H:i:s"), $target_config)?> - <br /> - <input type="submit" name="confirm" value="<?PHP echo gettext("Confirm")?>" /> - </p> - </div> - </form> -<?PHP else:?> <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Config History"), true, "diag_confbak.php"); - $tab_array[1] = array(gettext("Backup/Restore"), false, "diag_backup.php"); - display_top_tabs($tab_array); + foreach ($diff as $line) { + switch (substr($line, 0, 1)) { + case "+": + $color = "#caffd3"; + break; + case "-": + $color = "#ffe8e8"; + break; + case "@": + $color = "#a0a0a0"; + break; + default: + $color = "#ffffff"; + } +?> + <tr> + <td valign="middle" bgcolor="<?=$color; ?>" style="white-space: pre-wrap;"><?=htmlentities($line)?></td> + </tr> +<?php + } ?> - <form action="diag_confbak.php" method="post"> - <div class="form-group"> - <label for="backupcount" class="col-sm-2 control-label"><?=gettext("Backup Count")?></label> - <div class="col-sm-10"> - <input name="backupcount" type="number" class="form-control" size="5" value="<?=htmlspecialchars($config['system']['backupcount'])?>" /> - <?=gettext("Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD.")?> - </div> - </div> + </table> + </div> +</div> +<?php +} - <div class="form-group"> - <div class="col-sm-offset-2 col-sm-10"> - <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save")?>" /> - <p><?=gettext("Current space used by backups: ")?><?=exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'")?></p> - </div> - </div> - </form> -<?php if (!is_array($confvers)): ?> - <?php print_info_box(gettext("No backups found."))?> -<?php else: ?> - <form action="diag_confbak.php" method="get"> - <div class="table-responsive"> - <table class="table table-striped table-hover"> - <thead> - <tr> - <th><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Diff")?>" /></th> - <th><?=gettext("Date")?></th> - <th><?=gettext("Version")?></th> - <th><?=gettext("Size")?></th> - <th><?=gettext("Configuration Change")?></th> - <th></th> - </tr> - </thead> +$tab_array = array(); +$tab_array[] = array(gettext("Config History"), true, "diag_confbak.php"); +$tab_array[] = array(gettext("Backup/Restore"), false, "diag_backup.php"); +display_top_tabs($tab_array); - <tbody> - <tr> - <td> - <input type="radio" name="oldtime" disabled="disabled" /> - <input type="radio" name="newtime" value="current" <?=($_GET['newtime']==$version['time'] ? ' checked="checked"' : '')?>/> - </td> - <td><?=date(gettext("n/j/y H:i:s"), $config['revision']['time'])?></td> - <td><?=$config['version']?></td> - <td><?=format_bytes(filesize("/conf/config.xml"))?></td> - <td><?=$config['revision']['description']?></td> - <td><i><?=gettext("Current")?></i></td> - </tr> - <?php - foreach($confvers as $version): - if($version['time'] != 0) - $date = date(gettext("n/j/y H:i:s"), $version['time']); - else - $date = gettext("Unknown"); - ?> - <tr> - <td> - <div id="mainarea"> - <form action="diag_confbak.php" method="post"> - <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="tabcont"> +require('classes/Form.class.php'); -<?php if ($_GET["newver"] || $_GET["rmver"]): ?> - <tr> - <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Confirm Action"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"> </td> - <td width="78%" class="vtable"> +$form = new Form(new Form_Button( + 'Submit', + gettext("Save") +)); - <strong><?php echo gettext("Please confirm the selected action"); ?></strong>: - <br /> - <br /><strong><?php echo gettext("Action"); ?>:</strong> - <?php if (!empty($_GET["newver"])) { - echo gettext("Restore from Configuration Backup"); - $target_config = $_GET["newver"]; ?> - <input type="hidden" name="newver" value="<?php echo htmlspecialchars($_GET["newver"]); ?>" /> - <?php } elseif (!empty($_GET["rmver"])) { - echo gettext("Remove Configuration Backup"); - $target_config = $_GET["rmver"]; ?> - <input type="hidden" name="rmver" value="<?php echo htmlspecialchars($_GET["rmver"]); ?>" /> - <?php } ?> - <br /><strong><?php echo gettext("Target Configuration"); ?>:</strong> - <?php echo sprintf(gettext('Timestamp %1$s'), date(gettext("n/j/y H:i:s"), $target_config)); ?> - <br /><input type="submit" name="confirm" value="<?php echo gettext("Confirm"); ?>" /> - </td> - </tr> -<?php else: ?> +$section = new Form_Section('Saved Configurations'); - <tr> - <td width="10%"> </td> - <td width="15%" valign="top"><?=gettext("Backup Count");?></td> - <td width="10%"> - <input name="backupcount" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($config['system']['backupcount']);?>"/> - </td> - <td width="60%"> - <?= gettext("Enter the number of older configurations to keep in the local backup cache. By default this is 30 for a full install or 5 on NanoBSD."); ?> - </td> - <td width= "5%"><input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /></td> - </tr> - <tr> - <td class="vncell"> </td> - <td colspan="4" class="vncell"> - <?= gettext("NOTE: Be aware of how much space is consumed by backups before adjusting this value. Current space used by backups: "); ?> <?= exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'") ?> - </td> - </tr> - </table> - </form> - <form action="diag_confbak.php" method="get"> - <table class="tabcont" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="difference"> - <?php if (is_array($confvers)): ?> - <tr> - <td colspan="7" class="list"> - <?= gettext("To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button."); ?> - <br /><br /> - </td> - </tr> - <tr> - <td width="5%" colspan="2" valign="middle" align="center" class="list nowrap"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td> - <td width="20%" class="listhdrr"><?=gettext("Date");?></td> - <td width="5%" class="listhdrr"><?=gettext("Version");?></td> - <td width="5%" class="listhdrr"><?=gettext("Size");?></td> - <td width="60%" class="listhdrr"><?=gettext("Configuration Change");?></td> - <td width="5%" class="list"> </td> - </tr> - <tr valign="top"> - <td valign="middle" class="list nowrap"></td> - <td class="list"> - <input type="radio" name="newtime" value="current" /> - </td> - <td class="listlr"> <?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td> - <td class="listr"> <?= $config['version'] ?></td> - <td class="listr"> <?= format_bytes(filesize("/conf/config.xml")) ?></td> - <td class="listr"> <?= htmlspecialchars($config['revision']['description']) ?></td> - <td valign="middle" class="list nowrap"><b><?=gettext("Current");?></b></td> - </tr> - <?php - $c = 0; - foreach ($confvers as $version): - if ($version['time'] != 0) { - $date = date(gettext("n/j/y H:i:s"), $version['time']); - } else { - $date = gettext("Unknown"); - } - ?> - <tr valign="top"> - <td class="list"> - <input type="radio" name="oldtime" value="<?php echo $version['time'];?>" /> - </td> - <td class="list"> - <?php if ($c < (count($confvers) - 1)) { ?> - <input type="radio" name="newtime" value="<?php echo $version['time'];?>" /> - <?php } else { ?> - - <?php } - $c++; ?> - </td> - <td class="listlr"> <?= $date ?></td> - <td class="listr"> <?= $version['version'] ?></td> - <td class="listr"> <?= format_bytes($version['filesize']) ?></td> - <td class="listr"> <?= htmlspecialchars($version['description']) ?></td> - <td valign="middle" class="list nowrap"> - <a href="diag_confbak.php?newver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="<?=gettext("Revert to this configuration");?>" title="<?=gettext("Revert to this configuration");?>" /> - </a> - <a href="diag_confbak.php?rmver=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("Remove this backup");?>" title="<?=gettext("Remove this backup");?>" /> - </a> - <a href="diag_confbak.php?getcfg=<?=$version['time'];?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_down.gif" width="17" height="17" border="0" alt="<?=gettext("Download this backup");?>" title="<?=gettext("Download this backup");?>" /> - </a> - </td> - </tr> - <?php endforeach; ?> - <tr> - <td colspan="2"><input type="submit" name="diff" value="<?=gettext("Diff"); ?>" /></td> - <td colspan="5"></td> - </tr> - <?php else: ?> - <tr> - <td> - <?php print_info_box(gettext("No backups found.")); ?> - </td> - </tr> - <?php endif; ?> -<?php endif; ?> - </table> - </form> - </div> - </td> - </tr> - <?php endforeach?> - </tbody> - <tfoot> - <tr> - <td colspan="6"><input type="submit" name="diff" class="btn btn-default" value="<?=gettext("Compare selected")?>" /></td> - </tr> - <?php endif; ?> -<?php endif?> - </table> - </div> +$section->addInput(new Form_Input( + 'backupcount', + 'Backup Count', + 'number', + $config['system']['backupcount'] +))->setHelp('Maximum number of old configurations to keep. By default this is 30 for a full install or 5 on NanoBSD. '); + +$space = exec("/usr/bin/du -sh /conf/backup | /usr/bin/awk '{print $1;}'"); + +$section->addInput(new Form_StaticText( + 'Current space used by backups', + $space +)); + +$form->add($section); + +print($form); + +if (is_array($confvers)) { + print_info_box(gettext('To view the differences between an older configuration and a newer configuration, ' . + 'select the older configuration using the left column of radio options and select the newer configuration in the right column, ' . + 'then press the "Diff" button.')); +} +?> + +<form action="diag_confbak.php" method="get"> + <div class="table-resposive"> + <table class="table table-striped table-hover table-condensed"> +<?php +if (is_array($confvers)): +?> + <thead> + <tr> + <th colspan="2"> + <input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" /> + </th> + <th><?=gettext("Date")?></th> + <th><?=gettext("Version")?></th> + <th><?=gettext("Size")?></th> + <th><?=gettext("Configuration Change")?></th> + <th><?=gettext("Actions")?></th> + </tr> + </thead> + <tbody> + <!-- First row is the current configuration --> + <tr valign="top"> + <td></td> + <td> + <input type="radio" name="newtime" value="current" /> + </td> + <td><?= date(gettext("n/j/y H:i:s"), $config['revision']['time']) ?></td> + <td><?= $config['version'] ?></td> + <td><?= format_bytes(filesize("/conf/config.xml")) ?></td> + <td><?= htmlspecialchars($config['revision']['description']) ?></td> + <td><?=gettext("Current configuration")?></td> + </tr> +<?php + // And now for hte table of prior backups + $c = 0; + foreach ($confvers as $version): + if ($version['time'] != 0) { + $date = date(gettext("n/j/y H:i:s"), $version['time']); + } else { + $date = gettext("Unknown"); + } +?> + <tr> + <td> + <input type="radio" name="oldtime" value="<?=$version['time']?>" /> + </td> + <td> +<?php + if ($c < (count($confvers) - 1)) { +?> + <input type="radio" name="newtime" value="<?=$version['time']?>" /> +<?php + } + $c++; +?> + </td> + <td><?= $date ?></td> + <td><?= $version['version'] ?></td> + <td><?= format_bytes($version['filesize']) ?></td> + <td><?= htmlspecialchars($version['description']) ?></td> + <td> + <a href="diag_confbak.php?newver=<?=$version['time']?>" class="btn btn-xs btn-success" + onclick="return confirm('<?=gettext("Are you sure you want to replace the current configuration with this backup?")?>')"> + <?=gettext("Revert")?> + </a> + <a href="diag_confbak.php?rmver=<?=$version['time']?>" class="btn btn-xs btn-danger"> + <?=gettext("Delete")?> + </a> + <a href="diag_confbak.php?getcfg=<?=$version['time']?>" class="btn btn-xs btn-default"> + <?=gettext("Download")?> + </a> + </td> + </tr> +<?php + endforeach; +?> + <tr> + <td colspan="2"><input type="submit" name="diff" class="btn btn-info btn-xs" value="<?=gettext("Diff"); ?>" /></td> + <td colspan="5"></td> + </tr> +<?php +else: + print_info_box(gettext("No backups found."), 'danger'); +endif; +?> + </tbody> + </table> </form> -<?php include("foot.inc")?>
\ No newline at end of file +</div> + +<?php include("foot.inc");
\ No newline at end of file diff --git a/src/usr/local/www/diag_logs_settings.php b/src/usr/local/www/diag_logs_settings.php index fedb34a..1508576 100644 --- a/src/usr/local/www/diag_logs_settings.php +++ b/src/usr/local/www/diag_logs_settings.php @@ -1,62 +1,62 @@ <?php /* $Id$ */ /* - diag_logs_settings.php + diag_logs_settings.php */ /* ==================================================================== - * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * Copyright (c) 2004-9 Scott Ullrich + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004-9 Scott Ullrich * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution. (http://www.pfsense.org/). + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. * - * ==================================================================== + * ==================================================================== * */ /* - pfSense_MODULE: system + pfSense_MODULE: system */ ##|+PRIV @@ -99,134 +99,134 @@ $pconfig['disablelocallogging'] = isset($config['syslog']['disablelocallogging'] $pconfig['logfilesize'] = $config['syslog']['logfilesize']; if (!$pconfig['nentries']) { - $pconfig['nentries'] = 50; + $pconfig['nentries'] = 50; } function is_valid_syslog_server($target) { - return (is_ipaddr($target) - || is_ipaddrwithport($target) - || is_hostname($target) - || is_hostnamewithport($target)); + return (is_ipaddr($target) + || is_ipaddrwithport($target) + || is_hostname($target) + || is_hostnamewithport($target)); } if ($_POST['resetlogs'] == gettext("Reset Log Files")) { - clear_all_log_files(); - $savemsg .= gettext("The log files have been reset."); + clear_all_log_files(); + $savemsg .= gettext("The log files have been reset."); } elseif ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable'] && !is_valid_syslog_server($_POST['remoteserver'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #1."); - } - if ($_POST['enable'] && $_POST['remoteserver2'] && !is_valid_syslog_server($_POST['remoteserver2'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #2."); - } - if ($_POST['enable'] && $_POST['remoteserver3'] && !is_valid_syslog_server($_POST['remoteserver3'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #3."); - } - - if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 2000)) { - $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); - } - - if (isset($_POST['logfilesize']) && (strlen($_POST['logfilesize']) > 0)) { - if (!is_numeric($_POST['logfilesize']) || ($_POST['logfilesize'] < 100000)) { - $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); - } - } - if (!$input_errors) { - $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; - $config['syslog']['nentries'] = (int)$_POST['nentries']; - $pconfig['nentries'] = $config['syslog']['nentries']; - if (isset($_POST['logfilesize']) && (strlen($_POST['logfilesize']) > 0)) { - $config['syslog']['logfilesize'] = (int)$_POST['logfilesize']; - $pconfig['logfilesize'] = $config['syslog']['logfilesize']; - } else { - unset($config['syslog']['logfilesize']); - } - $config['syslog']['remoteserver'] = $_POST['remoteserver']; - $config['syslog']['remoteserver2'] = $_POST['remoteserver2']; - $config['syslog']['remoteserver3'] = $_POST['remoteserver3']; - $config['syslog']['sourceip'] = $_POST['sourceip']; - $config['syslog']['ipproto'] = $_POST['ipproto']; - $config['syslog']['filter'] = $_POST['filter'] ? true : false; - $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; - $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; - $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; - $config['syslog']['apinger'] = $_POST['apinger'] ? true : false; - $config['syslog']['relayd'] = $_POST['relayd'] ? true : false; - $config['syslog']['hostapd'] = $_POST['hostapd'] ? true : false; - $config['syslog']['logall'] = $_POST['logall'] ? true : false; - $config['syslog']['system'] = $_POST['system'] ? true : false; - $config['syslog']['disablelocallogging'] = $_POST['disablelocallogging'] ? true : false; - $config['syslog']['enable'] = $_POST['enable'] ? true : false; - $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); - $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); - $oldnologbogons = isset($config['syslog']['nologbogons']); - $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); - $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); - $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; - $config['syslog']['nologdefaultpass'] = $_POST['logdefaultpass'] ? true : false; - $config['syslog']['nologbogons'] = $_POST['logbogons'] ? false : true; - $config['syslog']['nologprivatenets'] = $_POST['logprivatenets'] ? false : true; - $config['syslog']['nologlighttpd'] = $_POST['loglighttpd'] ? false : true; - $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; - if (is_numeric($_POST['filterdescriptions']) && $_POST['filterdescriptions'] > 0) { - $config['syslog']['filterdescriptions'] = $_POST['filterdescriptions']; - } else { - unset($config['syslog']['filterdescriptions']); - } - if ($config['syslog']['enable'] == false) { - unset($config['syslog']['remoteserver']); - unset($config['syslog']['remoteserver2']); - unset($config['syslog']['remoteserver3']); - } - - write_config(); - - $retval = 0; - $retval = system_syslogd_start(); - if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || - ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || - ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || - ($oldnologprivatenets !== isset($config['syslog']['nologprivatenets']))) { - $retval |= filter_configure(); - } - - $savemsg = get_std_save_message($retval); - - if ($oldnologlighttpd !== isset($config['syslog']['nologlighttpd'])) { - ob_flush(); - flush(); - log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - send_event("service restart webgui"); - $savemsg .= "<br />" . gettext("WebGUI process is restarting."); - } - - filter_pflog_start(true); - } + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable'] && !is_valid_syslog_server($_POST['remoteserver'])) { + $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #1."); + } + if ($_POST['enable'] && $_POST['remoteserver2'] && !is_valid_syslog_server($_POST['remoteserver2'])) { + $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #2."); + } + if ($_POST['enable'] && $_POST['remoteserver3'] && !is_valid_syslog_server($_POST['remoteserver3'])) { + $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #3."); + } + + if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 2000)) { + $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); + } + + if (isset($_POST['logfilesize']) && (strlen($_POST['logfilesize']) > 0)) { + if (!is_numeric($_POST['logfilesize']) || ($_POST['logfilesize'] < 100000)) { + $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); + } + } + if (!$input_errors) { + $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; + $config['syslog']['nentries'] = (int)$_POST['nentries']; + $pconfig['nentries'] = $config['syslog']['nentries']; + if (isset($_POST['logfilesize']) && (strlen($_POST['logfilesize']) > 0)) { + $config['syslog']['logfilesize'] = (int)$_POST['logfilesize']; + $pconfig['logfilesize'] = $config['syslog']['logfilesize']; + } else { + unset($config['syslog']['logfilesize']); + } + $config['syslog']['remoteserver'] = $_POST['remoteserver']; + $config['syslog']['remoteserver2'] = $_POST['remoteserver2']; + $config['syslog']['remoteserver3'] = $_POST['remoteserver3']; + $config['syslog']['sourceip'] = $_POST['sourceip']; + $config['syslog']['ipproto'] = $_POST['ipproto']; + $config['syslog']['filter'] = $_POST['filter'] ? true : false; + $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; + $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; + $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; + $config['syslog']['apinger'] = $_POST['apinger'] ? true : false; + $config['syslog']['relayd'] = $_POST['relayd'] ? true : false; + $config['syslog']['hostapd'] = $_POST['hostapd'] ? true : false; + $config['syslog']['logall'] = $_POST['logall'] ? true : false; + $config['syslog']['system'] = $_POST['system'] ? true : false; + $config['syslog']['disablelocallogging'] = $_POST['disablelocallogging'] ? true : false; + $config['syslog']['enable'] = $_POST['enable'] ? true : false; + $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); + $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); + $oldnologbogons = isset($config['syslog']['nologbogons']); + $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); + $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); + $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; + $config['syslog']['nologdefaultpass'] = $_POST['logdefaultpass'] ? true : false; + $config['syslog']['nologbogons'] = $_POST['logbogons'] ? false : true; + $config['syslog']['nologprivatenets'] = $_POST['logprivatenets'] ? false : true; + $config['syslog']['nologlighttpd'] = $_POST['loglighttpd'] ? false : true; + $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; + if (is_numeric($_POST['filterdescriptions']) && $_POST['filterdescriptions'] > 0) { + $config['syslog']['filterdescriptions'] = $_POST['filterdescriptions']; + } else { + unset($config['syslog']['filterdescriptions']); + } + if ($config['syslog']['enable'] == false) { + unset($config['syslog']['remoteserver']); + unset($config['syslog']['remoteserver2']); + unset($config['syslog']['remoteserver3']); + } + + write_config(); + + $retval = 0; + $retval = system_syslogd_start(); + if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || + ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || + ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || + ($oldnologprivatenets !== isset($config['syslog']['nologprivatenets']))) { + $retval |= filter_configure(); + } + + $savemsg = get_std_save_message($retval); + + if ($oldnologlighttpd !== isset($config['syslog']['nologlighttpd'])) { + ob_flush(); + flush(); + log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); + send_event("service restart webgui"); + $savemsg .= "<br />" . gettext("WebGUI process is restarting."); + } + + filter_pflog_start(true); + } } $pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Settings")); include("head.inc"); -$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") . - '<br /><br />' . - gettext("NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, you must first save the options to set the size, then clear all logs using the \"Reset Log Files\" option farther down this page. ") . - gettext("Be aware that increasing this value increases every log file size, so disk usage will increase significantly.") . '<br /><br />' . - gettext("Disk space currently used by log files is: ") . exec("/usr/bin/du -sh /var/log | /usr/bin/awk '{print $1;}'") . - gettext(" Remaining disk space for log files: ") . exec("/bin/df -h /var/log | /usr/bin/awk '{print $4;}'"); - -$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") . - gettext("If you pick a single IP, remote syslog severs must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.") . - "<br /><br />" . - gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses."); +$logfilesizeHelp = gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") . + '<br /><br />' . + gettext("NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, you must first save the options to set the size, then clear all logs using the \"Reset Log Files\" option farther down this page. ") . + gettext("Be aware that increasing this value increases every log file size, so disk usage will increase significantly.") . '<br /><br />' . + gettext("Disk space currently used by log files is: ") . exec("/usr/bin/du -sh /var/log | /usr/bin/awk '{print $1;}'") . + gettext(" Remaining disk space for log files: ") . exec("/bin/df -h /var/log | /usr/bin/awk '{print $4;}'"); + +$remoteloghelp = gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses.") . + gettext("If you pick a single IP, remote syslog severs must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces.") . + "<br /><br />" . + gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses."); if ($input_errors) - print_input_errors($input_errors); + print_input_errors($input_errors); else if ($savemsg) - print_info_box($savemsg); + print_info_box($savemsg); $tab_array = array(); $tab_array[] = array(gettext("System"), false, "diag_logs.php"); @@ -245,99 +245,99 @@ display_top_tabs($tab_array); require('classes/Form.class.php'); $form = new Form(new Form_Button( - 'Submit', - gettext("Save") + 'Submit', + gettext("Save") )); $section = new Form_Section('General Logging Options'); $section->addInput(new Form_Checkbox( - 'reverse', - 'Forward/Reverse Display', - 'Show log entries in reverse order (newest entries on top)', - $pconfig['reverse'] + 'reverse', + 'Forward/Reverse Display', + 'Show log entries in reverse order (newest entries on top)', + $pconfig['reverse'] )); $section->addInput(new Form_Input( - 'nentries', - 'GUI Log Entries', - 'text', - $pconfig['nentries'], - ['placeholder' => ''] + 'nentries', + 'GUI Log Entries', + 'text', + $pconfig['nentries'], + ['placeholder' => ''] ))->setHelp('This is only the number of log entries displayed in the GUI. It does not affect how many entries are contained in the actual log files.'); $section->addInput(new Form_Input( - 'logfilesize', - 'Log file size (Bytes)', - 'text', - $pconfig['logfilesize'], - ['placeholder' => 'Bytes'] + 'logfilesize', + 'Log file size (Bytes)', + 'text', + $pconfig['logfilesize'], + ['placeholder' => 'Bytes'] ))->setHelp($logfilesizeHelp); $section->addInput(new Form_Checkbox( - 'logdefaultblock', - 'Log firewall default blocks', - 'Log packets matched from the default block rules in the ruleset', - $pconfig['logdefaultblock'] + 'logdefaultblock', + 'Log firewall default blocks', + 'Log packets matched from the default block rules in the ruleset', + $pconfig['logdefaultblock'] ))->setHelp('Packets that are blocked by the implicit default block rule will not be logged if you uncheck this option. Per-rule logging options are still respected.'); $section->addInput(new Form_Checkbox( - 'logdefaultpass', - null, - 'Log packets matched from the default pass rules put in the ruleset', - $pconfig['logdefaultpass'] + 'logdefaultpass', + null, + 'Log packets matched from the default pass rules put in the ruleset', + $pconfig['logdefaultpass'] ))->setHelp('Packets that are allowed by the implicit default pass rule will be logged if you check this option. Per-rule logging options are still respected. '); $section->addInput(new Form_Checkbox( - 'logbogons', - null, - 'Log packets blocked by \'Block Bogon Networks\' rules', - $pconfig['logbogons'] + 'logbogons', + null, + 'Log packets blocked by \'Block Bogon Networks\' rules', + $pconfig['logbogons'] )); $section->addInput(new Form_Checkbox( - 'logprivatenets', - null, - 'Log packets blocked by \'Block Private Networks\' rules', - $pconfig['logprivatenets'] + 'logprivatenets', + null, + 'Log packets blocked by \'Block Private Networks\' rules', + $pconfig['logprivatenets'] )); $section->addInput(new Form_Checkbox( - 'loglighttpd', - 'Web Server Log', - 'Log errors from the web server process', - $pconfig['loglighttpd'] + 'loglighttpd', + 'Web Server Log', + 'Log errors from the web server process', + $pconfig['loglighttpd'] ))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the main system log'); $section->addInput(new Form_Checkbox( - 'rawfilter', - 'Raw Logs', - 'Show raw filter logs)', - $pconfig['rawfilter'] + 'rawfilter', + 'Raw Logs', + 'Show raw filter logs)', + $pconfig['rawfilter'] ))->setHelp(gettext('If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information, but it is more difficult to read')); $section->addInput(new Form_Select( - 'filterdescriptions', - 'Where to show rule descriptions', - !isset($pconfig['filterdescriptions']) ? '0':$pconfig['filterdescriptions'], - array( - '0' => 'Dont load descriptions', - '1' => 'Display as column', - '2' => 'Display as second row' - ) + 'filterdescriptions', + 'Where to show rule descriptions', + !isset($pconfig['filterdescriptions']) ? '0':$pconfig['filterdescriptions'], + array( + '0' => 'Dont load descriptions', + '1' => 'Display as column', + '2' => 'Display as second row' + ) ))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . - 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets'); + 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets'); $section->addInput(new Form_Checkbox( - 'disablelocallogging', - 'Local Logging', - $g['platform'] == 'pfSense' ? "Disable writing log files to the local disk" : "Disable writing log files to the local RAM disk", - $pconfig['disablelocallogging'] + 'disablelocallogging', + 'Local Logging', + $g['platform'] == 'pfSense' ? "Disable writing log files to the local disk" : "Disable writing log files to the local RAM disk", + $pconfig['disablelocallogging'] )); $section->addInput(new Form_Button( - 'resetlogs', - 'Reset Log Files' + 'resetlogs', + 'Reset Log Files' ))->addClass('btn-danger btn-xs')->setHelp('Clears all local log files and reinitializes them as empty logs. This also restarts the DHCP daemon. Use the Save button first if you have made any setting changes.'); $form->add($section); @@ -345,130 +345,134 @@ $section = new Form_Section('Remote Logging Options'); $section->addClass('toggle-remote'); $section->addInput(new Form_Checkbox( - 'enable', - 'Enable Remote Logging', - 'Send log messages to remote syslog server', - $pconfig['enable'] -))->toggles('.toggle-remote .panel-body .form-group:not(:first-child)'); + 'enable', + 'Enable Remote Logging', + 'Send log messages to remote syslog server', + $pconfig['enable'] +)); $section->addInput(new Form_Select( - 'sourceip', - 'Source Address', - link_interface_to_bridge($pconfig['sourceip']) ? null : $pconfig['sourceip'], - ["" => gettext("Default (any)")] + get_possible_traffic_source_addresses(false) + 'sourceip', + 'Source Address', + link_interface_to_bridge($pconfig['sourceip']) ? null : $pconfig['sourceip'], + ["" => gettext("Default (any)")] + get_possible_traffic_source_addresses(false) ))->setHelp($remoteloghelp); $section->addInput(new Form_Select( - 'ipproto', - 'IP Protocol', - $ipproto, - array('ipv4' => 'IPv4', 'ipv6' => 'IPv6') -))->setHelp('This option is only used when a non-default address is chosen as the source above. This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.'); + 'ipproto', + 'IP Protocol', + $ipproto, + array('ipv4' => 'IPv4', 'ipv6' => 'IPv6') +))->setHelp('This option is only used when a non-default address is chosen as the source above. ' . + 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.'); // Group colapses/appears based on 'enable' checkbox above $group = new Form_Group('Remote log servers'); +$group->addClass('remotelogging'); $group->add(new Form_Input( - 'remoteserver', - 'Server 1', - 'text', - $pconfig['remoteserver'], - ['placeholder' => 'IP[:port]'] + 'remoteserver', + 'Server 1', + 'text', + $pconfig['remoteserver'], + ['placeholder' => 'IP[:port]'] )); $group->add(new Form_Input( - 'remoteserver2', - 'Server 2', - 'text', - $pconfig['remoteserver2'], - ['placeholder' => 'IP[:port]'] + 'remoteserver2', + 'Server 2', + 'text', + $pconfig['remoteserver2'], + ['placeholder' => 'IP[:port]'] )); $group->add(new Form_Input( - 'remoteserver3', - 'Server 3', - 'text', - $pconfig['remoteserver3'], - ['placeholder' => 'IP[:port]'] + 'remoteserver3', + 'Server 3', + 'text', + $pconfig['remoteserver3'], + ['placeholder' => 'IP[:port]'] )); $section->add($group); $group = new Form_MultiCheckboxGroup('Remote Syslog Contents'); +$group->addClass('remotelogging'); + $group->add(new Form_MultiCheckbox( - 'logall', - null, - 'Everything', - $pconfig['logall'] + 'logall', + null, + 'Everything', + $pconfig['logall'] )); $group->add(new Form_MultiCheckbox( - 'system', - null, - 'System Events', - $pconfig['system'] + 'system', + null, + 'System Events', + $pconfig['system'] )); $group->add(new Form_MultiCheckbox( - 'filter', - null, - 'Firewall Events', - $pconfig['filter'] + 'filter', + null, + 'Firewall Events', + $pconfig['filter'] )); $group->add(new Form_MultiCheckbox( - 'dhcp', - null, - 'DHCP service events', - $pconfig['dhcp'] + 'dhcp', + null, + 'DHCP service events', + $pconfig['dhcp'] )); $group->add(new Form_MultiCheckbox( - 'portalauth', - null, - 'Portal Auth events', - $pconfig['portalauth'] + 'portalauth', + null, + 'Portal Auth events', + $pconfig['portalauth'] )); $group->add(new Form_MultiCheckbox( - 'vpn', - null, - 'VPN (PPTP, IPsec, OpenVPN) events', - $pconfig['vpn'] + 'vpn', + null, + 'VPN (PPTP, IPsec, OpenVPN) events', + $pconfig['vpn'] )); $group->add(new Form_MultiCheckbox( - 'apinger', - null, - 'Gateway Monitor events', - $pconfig['apinger'] + 'apinger', + null, + 'Gateway Monitor events', + $pconfig['apinger'] )); $group->add(new Form_MultiCheckbox( - 'relayd', - null, - 'Server Load Balancer events', - $pconfig['relayd'] + 'relayd', + null, + 'Server Load Balancer events', + $pconfig['relayd'] )); $group->add(new Form_MultiCheckbox( - 'hostapd', - null, - 'Wireless events', - $pconfig['hostapd'] + 'hostapd', + null, + 'Wireless events', + $pconfig['hostapd'] )); // Ugly hack to prevent the "Toggle all" button from being automatically $group->add(new Form_MultiCheckbox( - 'notoggleall', - null, - 'No toggle all', - $pconfig['hostapd'] + 'notoggleall', + null, + 'No toggle all', + $pconfig['hostapd'] ))->displayAsRadio(); $group->setHelp('Syslog sends UDP datagrams to port 514 on the specified remote '. - 'syslog server, unless another port is specified. Be sure to set syslogd on '. - 'the remote server to accept syslog messages from pfSense.'); + 'syslog server, unless another port is specified. Be sure to set syslogd on '. + 'the remote server to accept syslog messages from pfSense.'); $section->add($group); @@ -478,39 +482,66 @@ print $form; <script> //<![CDATA[ events.push(function(){ - function hideInput(id, hide) { - if(hide) - $('#' + id).parent().addClass('hidden'); - else - $('#' + id).parent().removeClass('hidden'); - } - - function disableInput(id, disable) { - $('#' + id).prop("disabled", disable); - } - - hideInput('notoggleall', true); - - function disableEverything() { - var hide = $('#logall').prop('checked'); - - disableInput('system', hide); - disableInput('filter', hide); - disableInput('dhcp', hide); - disableInput('portalauth', hide); - disableInput('vpn', hide); - disableInput('apinger', hide); - disableInput('relayd', hide); - disableInput('hostapd', hide); - } - - // On click . . - $('#logall').click(function () { - disableEverything(); - }); - - // On page load . . - disableEverything(); + + function hideSelect(id, hide) { + if(hide) + $('#' + id).parent('div').parent('div').addClass('hidden'); + else + $('#' + id).parent('div').parent('div').removeClass('hidden'); + } + + // Hides all elements of the specified class. This will usually be a section + function hideClass(s_class, hide) { + if(hide) + $('.' + s_class).hide(); + else + $('.' + s_class).show(); + } + + function hideInput(id, hide) { + if(hide) + $('#' + id).parent().addClass('hidden'); + else + $('#' + id).parent().removeClass('hidden'); + } + + function disableInput(id, disable) { + $('#' + id).prop("disabled", disable); + } + + hideInput('notoggleall', true); + + function disableEverything() { + var hide = $('#logall').prop('checked'); + + disableInput('system', hide); + disableInput('filter', hide); + disableInput('dhcp', hide); + disableInput('portalauth', hide); + disableInput('vpn', hide); + disableInput('apinger', hide); + disableInput('relayd', hide); + disableInput('hostapd', hide); + } + + // On click . . + $('#logall').click(function () { + disableEverything(); + }); + + $('#enable').click(function () { + hideClass('remotelogging', !this.checked); + hideSelect('sourceip', !this.checked); + hideSelect('ipproto', !this.checked); + }); + + + + // On page load . . + disableEverything(); + hideClass('remotelogging', !$('#enable').prop('checked')); + hideSelect('sourceip', !$('#enable').prop('checked')); + hideSelect('ipproto', !$('#enable').prop('checked')); }); //]]> </script> diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index c7be7d9..5ffb7e5 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -132,7 +132,7 @@ if ($_GET['act'] == "del") { // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if ($is_alias_referenced == true) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); + $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by)); } else { unset($a_aliases[$_GET['id']]); if (write_config()) { diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 2b15c80..a75be46 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -850,7 +850,7 @@ $group->add(new Form_Input( 'localbeginport_cust', null, 'number', - $pconfig['localbeginport_cust'], + $pconfig['localbeginport'], ['min' => '1', 'max' => '65536'] ))->setHelp('Custom'); diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 8b77041..184cadb 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1193,7 +1193,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Select( 'proto', 'Protocol', - $pconfig['ipprotocol'], + $pconfig['proto'], array( 'tcp' => 'TCP', 'udp' => 'UDP', @@ -1211,7 +1211,7 @@ $section->addInput(new Form_Select( 'carp' => 'CARP', 'pfsync' => 'PFSYNC', ) -))->setHelp('Choose which IP protocol this rule should match. In most cases, you should specify TCP here.'); +))->setHelp('Choose which IP protocol this rule should match.'); $section->addInput(new Form_Select( 'icmptype', @@ -1294,7 +1294,7 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { ))->removeClass('btn-primary'); } - $portValues = ['any' => 'any', '' => '(other)']; + $portValues = ['' => '(other)', 'any' => 'any']; foreach ($wkports as $port => $portName) $portValues[$port] = $portName.' ('. $port .')'; @@ -1477,18 +1477,11 @@ $section->addInput(new Form_Input( ['min' => 1, 'max' => 3600] ))->setHelp('State Timeout in seconds (TCP only)'); -//$form->add($section); -//$section = new Form_Section('TCP Flags'); -//$section->addClass('tcpflags'); - $section->addInput(new Form_StaticText( 'TCP Flags', build_flag_table() ))->setHelp('Use this to choose TCP flags that must be set or cleared for this rule to match.'); -// $form->add($section); -// $section = new Form_Section('State Type'); - $section->addInput(new Form_Checkbox( 'nopfsync', 'No pfSync', @@ -1976,4 +1969,4 @@ events.push(function(){ </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php new file mode 100644 index 0000000..c92ace9 --- /dev/null +++ b/src/usr/local/www/firewall_virtual_ip_edit.php @@ -0,0 +1,561 @@ +<?php +/* $Id$ */ +/* + + firewall_virtual_ip_edit.php +*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004 Scott Ullrich + * Copyright (c) 2005 Bill Marquette <bill.marquette@gmail.com> + * Originally part of pfSense (https://www.pfsense.org) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ +/* + pfSense_BUILDER_BINARIES: /sbin/ifconfig + pfSense_MODULE: interfaces +*/ + +##|+PRIV +##|*IDENT=page-firewall-virtualipaddress-edit +##|*NAME=Firewall: Virtual IP Address: Edit page +##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page. +##|*MATCH=firewall_virtual_ip_edit.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("filter.inc"); +require("shaper.inc"); + +if (!is_array($config['virtualip']['vip'])) { + $config['virtualip']['vip'] = array(); +} + +$a_vip = &$config['virtualip']['vip']; + +if (is_numericint($_GET['id'])) { + $id = $_GET['id']; +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { + $id = $_POST['id']; +} + +function return_first_two_octets($ip) { + $ip_split = explode(".", $ip); + return $ip_split[0] . "." . $ip_split[1]; +} + +function find_last_used_vhid() { + global $config, $g; + + $vhid = 0; + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['vhid'] > $vhid) { + $vhid = $vip['vhid']; + } + } + + return $vhid; +} + +if (isset($id) && $a_vip[$id]) { + $pconfig['mode'] = $a_vip[$id]['mode']; + $pconfig['vhid'] = $a_vip[$id]['vhid']; + $pconfig['advskew'] = $a_vip[$id]['advskew']; + $pconfig['advbase'] = $a_vip[$id]['advbase']; + $pconfig['password'] = $a_vip[$id]['password']; + $pconfig['range'] = $a_vip[$id]['range']; + $pconfig['subnet'] = $a_vip[$id]['subnet']; + $pconfig['subnet_bits'] = $a_vip[$id]['subnet_bits']; + $pconfig['noexpand'] = $a_vip[$id]['noexpand']; + $pconfig['descr'] = $a_vip[$id]['descr']; + $pconfig['type'] = $a_vip[$id]['type']; + $pconfig['interface'] = $a_vip[$id]['interface']; + $pconfig['uniqid'] = $a_vip[$id]['interface']; +} else { + $lastvhid = find_last_used_vhid(); + $lastvhid++; + $pconfig['vhid'] = $lastvhid; + $pconfig['uniqid'] = uniqid(); +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "mode"); + $reqdfieldsn = array(gettext("Type")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if ($_POST['subnet']) { + $_POST['subnet'] = trim($_POST['subnet']); + } + + if ($_POST['subnet']) { + if (!is_ipaddr($_POST['subnet'])) { + $input_errors[] = gettext("A valid IP address must be specified."); + } else { + if (isset($id) && isset($a_vip[$id])) { + $ignore_if = $a_vip[$id]['interface']; + $ignore_mode = $a_vip[$id]['mode']; + if (isset($a_vip[$id]['vhid'])) { + $ignore_vhid = $a_vip[$id]['vhid']; + } + } else { + $ignore_if = $_POST['interface']; + $ignore_mode = $_POST['mode']; + } + + if (!isset($ignore_vhid)) { + $ignore_vhid = $_POST['vhid']; + } + + if ($ignore_mode == 'carp') { + $ignore_if .= "_vip{$ignore_vhid}"; + } else { + $ignore_if .= "_virtualip{$id}"; + } + + if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) { + $input_errors[] = gettext("This IP address is being used by another interface or VIP."); + } + + unset($ignore_if, $ignore_mode); + } + } + + $natiflist = get_configured_interface_with_descr(); + foreach ($natiflist as $natif => $natdescr) { + if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { + $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); + } + } + + /* ipalias and carp should not use network or broadcast address */ + if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") { + if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") { + $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']); + $broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']); + } else if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") { + $network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']); + $broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']); + } + + if (isset($network_addr) && $_POST['subnet'] == $network_addr) { + $input_errors[] = gettext("You cannot use the network address for this VIP"); + } else if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) { + $input_errors[] = gettext("You cannot use the broadcast address for this VIP"); + } + } + + /* make sure new ip is within the subnet of a valid ip + * on one of our interfaces (wan, lan optX) + */ + switch ($_POST['mode']) { + case 'carp': + /* verify against reusage of vhids */ + $idtracker = 0; + foreach($config['virtualip']['vip'] as $vip) { + if($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker != $id) + $input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."),$_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface'])); + $idtracker++; + } + + if (empty($_POST['password'])) + $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); + + if ($_POST['interface'] == 'lo0') + $input_errors[] = gettext("For this type of vip localhost is not allowed."); + else if (strpos($_POST['interface'], '_vip')) + $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); + + break; + case 'ipalias': + if (strstr($_POST['interface'], "_vip")) { + if (is_ipaddrv4($_POST['subnet'])) { + $parent_ip = get_interface_ip($_POST['interface']); + $parent_sn = get_interface_subnet($_POST['interface']); + $subnet = gen_subnet($parent_ip, $parent_sn); + } else if (is_ipaddrv6($_POST['subnet'])) { + $parent_ip = get_interface_ipv6($_POST['interface']); + $parent_sn = get_interface_subnetv6($_POST['interface']); + $subnet = gen_subnetv6($parent_ip, $parent_sn); + } + + if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && + !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) { + $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; + $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + } + + unset($parent_ip, $parent_sn, $subnet); + } + + break; + default: + if ($_POST['interface'] == 'lo0') + $input_errors[] = gettext("For this type of vip localhost is not allowed."); + else if (strpos($_POST['interface'], '_vip')) + $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); + + break; + } + + if (!$input_errors) { + $vipent = array(); + + $vipent['mode'] = $_POST['mode']; + $vipent['interface'] = $_POST['interface']; + + /* ProxyARP specific fields */ + if ($_POST['mode'] === "proxyarp") { + if ($_POST['type'] == "range") { + $vipent['range']['from'] = $_POST['range_from']; + $vipent['range']['to'] = $_POST['range_to']; + + } + + $vipent['noexpand'] = isset($_POST['noexpand']); + } + + /* CARP specific fields */ + if ($_POST['mode'] === "carp") { + $vipent['vhid'] = $_POST['vhid']; + $vipent['uniqid'] = $_POST['uniqid']; + $vipent['advskew'] = $_POST['advskew']; + $vipent['advbase'] = $_POST['advbase']; + $vipent['password'] = $_POST['password']; + } + + /* Common fields */ + $vipent['descr'] = $_POST['descr']; + if (isset($_POST['type'])) { + $vipent['type'] = $_POST['type']; + } else { + $vipent['type'] = "single"; + } + + if ($vipent['type'] == "single" || $vipent['type'] == "network") { + if (!isset($_POST['subnet_bits'])) { + $vipent['subnet_bits'] = "32"; + } else { + $vipent['subnet_bits'] = $_POST['subnet_bits']; + } + + $vipent['subnet'] = $_POST['subnet']; + } + + if (!isset($id)) { + $id = count($a_vip); + } + if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) { + $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply")); + } else { + $toapplylist = array(); + } + + $toapplylist[$id] = $a_vip[$id]; + + if (!empty($a_vip[$id])) { + /* modify all virtual IP rules with this address */ + for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { + if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) { + $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; + } + } + } + + $a_vip[$id] = $vipent; + + if (write_config()) { + mark_subsystem_dirty('vip'); + file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist)); + } + + header("Location: firewall_virtual_ip.php"); + exit; + } +} + +$ipaliashelp = gettext('The mask must be the network\'s subnet mask. It does not specify a CIDR range.'); +$proxyarphelp = gettext('Enter a CIDR block of proxy ARP addresses.'); + +$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Address"),gettext("Edit")); +include("head.inc"); + +function build_if_list() { + $list = array(); + + $interfaces = get_configured_interface_with_descr(false, true); + $carplist = get_configured_carp_interface_list(); + + foreach ($carplist as $cif => $carpip) + $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + + $interfaces['lo0'] = 'Localhost'; + + return($interfaces); +} + +if ($input_errors) + print_input_errors($input_errors); + +require('classes/Form.class.php'); + +$form = new Form(); + +$section = new Form_Section('Edit Virtual IP'); + +$group = new Form_Group('Type'); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'IP Alias', + ($pconfig['mode'] == "ipalias"), + 'ipalias' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'CARP', + ($pconfig['mode'] == "carp"), + 'carp' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'Proxy ARP', + ($pconfig['mode'] == "proxyarp"), + 'proxyarp' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'mode', + null, + 'Other', + ($pconfig['mode'] == "other"), + 'other' +))->displayAsRadio(); + +$section->add($group); + +$section->addInput(new Form_Select( + 'interface', + 'Interface', + $pconfig['interface'], + build_if_list() +)); + +$section->addInput(new Form_Select( + 'type', + 'Address type', + ((!$pconfig['range'] && $pconfig['subnet_bits'] == 32) || (!isset($pconfig['subnet']))) ? 'single':'network', + array( + 'single' => 'Single address', + 'network' => 'Network' + ) +))->addClass('typesel'); + +$section->addInput(new Form_IpAddress( + 'subnet', + 'Address(es)', + $pconfig['subnet'] +))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp('<span id="address_note"></span>'); + +$section->addInput(new Form_Checkbox( + 'noexpand', + 'Expansion', + 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ', + isset($pconfig['noexpand']) +)); + +$section->addInput(new Form_Input( + 'password', + 'Virtual IP Password', + 'password', + $pconfig['password'] +))->setHelp('Enter the VHID group password.'); + +$section->addInput(new Form_Select( + 'vhid', + 'VHID Group', + $pconfig['vhid'], + array_combine(range(1, 255, 1), range(1, 255, 1)) +))->setHelp('Enter the VHID group that the machines will share'); + +$group = new Form_Group('Advertising frequency'); +$group->add(new Form_Select( + 'advbase', + 'Base', + $pconfig['advbase'], + array_combine(range(1, 254, 1), range(1, 254, 1)) +))->setHelp('Base'); + +$group->add(new Form_Select( + 'advskew', + 'Skew', + $pconfig['advskew'], + array_combine(range(0, 254, 1), range(0, 254, 1)) +))->setHelp('Skew'); + +$group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.'); + +$section->add($group); + +$section->addInput(new Form_Input( + 'descr', + 'Description', + 'text', + $pconfig['descr'] +))->setHelp('You may enter a description here for your reference (not parsed).'); + +if (isset($id) && $a_vip[$id]){ + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); +} + +$section->addInput(new Form_Input( + 'uniqid', + null, + 'hidden', + $pconfig['uniqid'] +)); + +$form->add($section); + +print($form); + +print_info_box(gettext("Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these types.") . '<br />' . + sprintf(gettext("For more information on CARP and the above values, visit the OpenBSD %s"), '<a href="http://www.openbsd.org/faq/pf/carp.html">CARP FAQ"</a>')); +?> + +<script> +//<![CDATA[ +events.push(function(){ + + // Hides the <div> in which the specified checkbox lives so that the checkbox, its label and help text are hidden + function hideCheckbox(id, hide) { + if(hide) + $('#' + id).parent().parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent().parent('div').removeClass('hidden'); + } + + // Disables the specified input element + function disableInput(id, disable) { + $('#' + id).prop("disabled", disable); + } + + // Hide/show input elements depending on the 'mode' radio button setting + function check_mode() { + var mode = $("input[name=mode]:checked").val(); + + disableInput('vhid', true); + disableInput('advbase', true); + disableInput('advskew', true); + disableInput('subnet_bits', true); + disableInput('type', true); + disableInput('password', true); + hideCheckbox('noexpand', true); + + if(mode == 'ipalias') { + $('#address_note').html("<?=$ipaliashelp?>"); + disableInput('subnet_bits', false); + $('#type').val('single'); + + } + else if(mode == 'carp') { + $('#address_note').html("<?=$ipaliashelp?>"); + disableInput('vhid', false); + disableInput('advbase', false); + disableInput('advskew', false); + disableInput('subnet_bits', false); + disableInput('password', false); + $('#type').val('single'); + } + else if(mode == 'proxyarp') { + $('#address_note').html("<?=$proxyarphelp?>"); + disableInput('type', false); + disableInput('subnet_bits', $('#type').val() == 'single'); + } + else { + $('#address_note').html(''); + disableInput('type', false); + } + } + + // When radio buttons are clicked . . + $('input:radio[name=mode]').click(function() { + check_mode(); + }); + + // On clicking the address type selector + $('#type').on('change', function() { + check_mode(); + hideCheckbox('noexpand', (this.value == 'single')); + }); + + // On initial page load + check_mode(); +}); +//]]> +</script> + +<?php + +include("foot.inc"); diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index 5316ee2..d3309d9 100755 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -323,7 +323,7 @@ if(! $g['disablehelpmenu']) { <ul class="dropdown-menu" role="menu"><?=output_menu($item['menu'], $item['href'])?></ul> </li> <?php endforeach?> - <?php if(are_notices_pending()):?> + <?php if(false ): ?> // are_notices_pending()):?> <?php $notices = get_notices()?> <li class="dropdown"> <a href="#" data-toggle="modal" data-target="#notices" role="button" aria-expanded="false"><?=gettext("Notices")?> diff --git a/src/usr/local/www/jquery/pfSense.js b/src/usr/local/www/jquery/pfSense.js index e342d3f..ffd56dc 100644 --- a/src/usr/local/www/jquery/pfSense.js +++ b/src/usr/local/www/jquery/pfSense.js @@ -52,6 +52,7 @@ $(function() { var clone = group.clone(true); clone.find('*').val(''); //removeAttr('value'); +// clone.find('*').removeAttr('value'); clone.appendTo(group.parent()); }); @@ -80,7 +81,8 @@ $(function() { var group = $(this).parents('div.form-group'); var clone = group.clone(true); - clone.find('*').val(''); //removeAttr('value'); + clone.find('*').removeAttr('value'); +// clone.find('*').val(''); clone.appendTo(group.parent()); }); @@ -93,7 +95,6 @@ $(function() { }); })(); - // Find all ipaddress masks and make dynamic based on address family of input $('span.pfIpMask + select').each(function (idx, select){ var input = $(select).prevAll('input[type=text]'); @@ -118,7 +119,7 @@ $(function() { // Fire immediately input.change(); }); - + // Add confirm to all btn-danger buttons $('.btn-danger').on('click', function(e){ var q = 'Are you sure you wish to '+ $.trim(this.textContent) +'?'; diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index 323adf4..f1846a1 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -436,8 +436,8 @@ foreach ($a_hosts as $hostent): <?=htmlspecialchars($hostent['descr'])?> </td> <td> - <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> - <a href="services_dnsmasq.php?type=host&act=del&id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a> + <a href="services_unbound.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> + <a href="services_unbound.php?type=host&act=del&id=<?=$i?>" class="btn btn-xs btn-danger"><?=gettext('Delete')?></a> </td> </tr> @@ -459,7 +459,7 @@ foreach ($a_hosts as $hostent): <?=htmlspecialchars($alias['description'])?> </td> <td> - <a href="services_dnsmasq_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> + <a href="services_unbound_host_edit.php?id=<?=$i?>" class="btn btn-xs btn-info"><?=gettext('Edit')?></a> </td> </tr> <?php @@ -474,7 +474,7 @@ endforeach; </div> <nav class="action-buttons"> - <a href="services_dnsmasq_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> + <a href="services_unbound_host_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> </nav> <div class="panel panel-default"> @@ -522,4 +522,4 @@ endforeach; <nav class="action-buttons"> <a href="services_unbound_domainoverride_edit.php" class="btn btn-sm btn-success"><?=gettext('Add')?></a> </nav> -<?php include("foot.inc");
\ No newline at end of file +<?php include("foot.inc"); diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php index 94e0b71..82fd30e 100644 --- a/src/usr/local/www/services_unbound_acls.php +++ b/src/usr/local/www/services_unbound_acls.php @@ -77,28 +77,28 @@ if ($act == "edit") { $networkacl = $a_acls[$id]['row']; } } - + if(!is_array($networkacl)) $networkacl = array(); - + // Add a row to the networks table if($act == 'new') - $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => '')); - + $networkacl = array('0' => array('acl_network' => '', 'mask' => '', 'description' => '')); + if ($_POST) { unset($input_errors); $pconfig = $_POST; - $deleting = false; - - // Delete a row from the networks table - for($idx = 0; $idx<50; $idx++) { - if($pconfig['dlt' . $idx] == 'Delete') { - unset($networkacl[$idx]); - $deleting = true; - break; - } - } - + $deleting = false; + + // Delete a row from the networks table + for($idx = 0; $idx<50; $idx++) { + if($pconfig['dlt' . $idx] == 'Delete') { + unset($networkacl[$idx]); + $deleting = true; + break; + } + } + if ($_POST['apply']) { $retval = services_unbound_configure(); $savemsg = get_std_save_message($retval); @@ -136,7 +136,7 @@ if ($_POST) { } if (!$input_errors) { - if ($pconfig['Submit'] == gettext("Save")) { + if (strtolower($pconfig['save']) == gettext("save")) { $acl_entry = array(); $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['aclname'] = $pconfig['aclname']; @@ -144,6 +144,7 @@ if ($_POST) { $acl_entry['description'] = $pconfig['description']; $acl_entry['aclid'] = $pconfig['aclid']; $acl_entry['row'] = array(); + foreach ($networkacl as $acl) { $acl_entry['row'][] = $acl; } @@ -164,19 +165,26 @@ if ($_POST) { } } +$actionHelp = + '<strong><font color="green">Deny:</font></strong> Stops queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Refuse:</font></strong> Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . + '<strong><font color="green">Allow:</font></strong> Allow queries from hosts within the netblock defined below.' . '<br />' . + '<strong><font color="green">Allow Snoop:</font></strong> Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.'; + + $closehead = false; $pgtitle = "Services: DNS Resolver: Access Lists"; $shortcut_section = "resolver"; include("head.inc"); if ($input_errors) - print_input_errors($input_errors); - + print_input_errors($input_errors); + if ($savemsg) - print_info_box($savemsg, 'success'); - + print_info_box($savemsg, 'success'); + if (is_subsystem_dirty('unbound')) - print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); + print_info_box_np(gettext("The configuration of the DNS Resolver, has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect.")); $tab_array = array(); $tab_array[] = array(gettext("General Settings"), false, "/services_unbound.php"); @@ -187,104 +195,112 @@ display_top_tabs($tab_array, true); require('classes/Form.class.php'); if($act=="new" || $act=="edit") { - - $form = new Form(); - - $section = new Form_Section('New Access List'); - - $section->addInput(new Form_Input( - 'aclid', - null, - 'hidden', - $id - )); - - $section->addInput(new Form_Input( - 'act', - null, - 'hidden', - $act - )); - - $section->addInput(new Form_Input( - 'aclname', - 'Access LIst name', - 'text', - $pconfig['aclname'] - ))->setHelp('Provide an Access List name.'); - - $section->addInput(new Form_Select( - 'action', + + $form = new Form(); + + $section = new Form_Section('New Access List'); + + $section->addInput(new Form_Input( + 'aclid', + null, + 'hidden', + $id + )); + + $section->addInput(new Form_Input( + 'act', + null, + 'hidden', + $act + )); + + $section->addInput(new Form_Input( + 'aclname', + 'Access LIst name', + 'text', + $pconfig['aclname'] + ))->setHelp('Provide an Access List name.'); + + $section->addInput(new Form_Select( + 'aclaction', 'Action', strtolower($pconfig['aclaction']), array('allow' => 'Allow','deny' => 'Deny','refuse' => 'Refuse','allow snoop' => 'Allow Snoop') - ))->setHelp('Choose what to do with DNS requests that match the criteria specified below.' . '<br />' . - 'Deny: Stops queries from hosts within the netblock defined below.' . '<br />' . - 'Refuse: Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . - 'Allow: Allow queries from hosts within the netblock defined below.' . '<br />' . - 'Allow Snoop: Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.'); - - $section->addInput(new Form_Input( - 'descr', - 'Description', - 'text', - $pconfig['descr'] - ))->setHelp('You may enter a description here for your reference.'); - - $counter = 0; - $numrows = count($networkacl) - 1; - - foreach($networkacl as $item) { - $network = $item['acl_network']; - $cidr = $item['mask']; - $description = $item['description']; - - $group = new Form_Group('Networks'); - - $group->add(new Form_IpAddress( - 'acl_network' . $counter, - null, - $network - ))->addMask('mask' . $counter, $cidr)->setHelp(($counter == $numrows) ? 'Network':null); - - $group->add(new Form_Input( - 'description' . $counter, - 'something', - 'text', - $description - )); //->setHelp(($counter == $numrows) ? 'Description':null); - - $group->enableDuplication(); - $section->add($group); - } - - $form->add($section); - print($form); + ))->setHelp($actionHelp); + + $section->addInput(new Form_Input( + 'description', + 'Description', + 'text', + $pconfig['description'] + ))->setHelp('You may enter a description here for your reference.'); + + $numrows = count($networkacl) - 1; + $counter = 0; + + foreach($networkacl as $item) { + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + + $group = new Form_Group($counter == 0 ? 'Networks':''); + + $group->add(new Form_IpAddress( + 'acl_network'.$counter, + null, + $network + ))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp(($counter == $numrows) ? 'Network/mask':null); + + $group->add(new Form_Input( + 'description' . $counter, + null, + 'text', + $description + ))->setHelp(($counter == $numrows) ? 'Description':null); + + $group->add(new Form_Button( + 'deleterow' . $counter, + 'Delete' + ))->removeClass('btn-primary')->addClass('btn-warning'); + + $group->addClass('repeatable'); + $section->add($group); + + $counter++; + } + + $section->addInput(new Form_Button( + 'addrow', + 'Add network' + ))->removeClass('btn-primary')->addClass('btn-success'); + + $form->add($section); + print($form); } else // NOT 'edit' or 'add' { ?> <div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div> - <div class="panel-body"> - <div class="table-responsive"> - <table class="table table-striped table-hover table-condensed"> - <thead> - <tr> - <th><?=gettext("Access List Name"); ?></th> - <th><?=gettext("Action"); ?></th> - <th><?=gettext("Description"); ?></th> - <th> </th> - </tr> - </thead> - <tbody> -<?php - $i = 0; - foreach($a_acls as $acl): + <div class="panel-heading"><h2 class="panel-title"><?=gettext('Access Lists to control access to the DNS Resolver')?></h2></div> + <div class="panel-body"> + <div class="table-responsive"> + <table class="table table-striped table-hover table-condensed"> + <thead> + <tr> + <th><?=gettext("Access List Name"); ?></th> + <th><?=gettext("Action"); ?></th> + <th><?=gettext("Description"); ?></th> + <th> </th> + </tr> + </thead> + <tbody> +<?php + $i = 0; + foreach($a_acls as $acl): ?> - <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i?>'"> + <tr ondblclick="document.location='services_unbound_acls.php?act=edit&id=<?=$i?>'"> <td> - <?=htmlspecialchars($acl['aclname'])?> + <?=htmlspecialchars($acl['aclname'])?> </td> <td> <?=htmlspecialchars($acl['aclaction'])?> @@ -298,18 +314,191 @@ else // NOT 'edit' or 'add' </td> </tr> <?php - $i++; + $i++; endforeach; -?> - </tbody> - </table> - </div> - <nav class="action-buttons"> - <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a> - </nav> - </div> +?> + </tbody> + </table> + </div> + <nav class="action-buttons"> + <a href="services_unbound_acls.php?act=new" class="btn btn-sm btn-success">Add</a> + </nav> + </div> </div> -<?php +<?php } +?> +<script> +//<![CDATA[ +// Most of this needs to live in a common include file. It will be moved before production release. +events.push(function(){ + + function setMasks() { + // Find all ipaddress masks and make dynamic based on address family of input + $('span.pfIpMask + select').each(function (idx, select){ + var input = $(select).prevAll('input[type=text]'); + + input.on('change', function(e){ + var isV6 = (input.val().indexOf(':') != -1), min = 0, max = 128; + if (!isV6) + max = 32; + + if (input.val() == "") + return; + + while (select.options.length > max) + select.remove(0); + + if (select.options.length < max) + { + for (var i=select.options.length; i<=max; i++) + select.options.add(new Option(i, i), 0); + } + }); + + // Fire immediately + input.change(); + }); + } + + // Complicated function to move all help text associated with this input id to the same id + // on the row above. That way if you delete the last row, you don't lose the help + function moveHelpText(id) { + $('#' + id).parent('div').parent('div').find('input').each(function() { // For each <span></span> + var fromId = this.id; + var toId = decrStringInt(fromId); + var helpSpan; + + if(!$(this).hasClass('pfIpMask') && !$(this).hasClass('btn')) { + + helpSpan = $('#' + fromId).parent('div').parent('div').find('span:last').clone(); + if($(helpSpan).hasClass('help-block')) { + if($('#' + decrStringInt(fromId)).parent('div').hasClass('input-group')) + $('#' + decrStringInt(fromId)).parent('div').after(helpSpan); + else + $('#' + decrStringInt(fromId)).after(helpSpan); + } + } + }); + } + + // Increment the number at the end of the string + function bumpStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) + 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Decrement the number at the end of the string + function decrStringInt( str ) { + var data = str.match(/(\D*)(\d+)(\D*)/), newStr = ""; + + if( data ) + newStr = data[ 1 ] + ( Number( data[ 2 ] ) - 1 ) + data[ 3 ]; + + return newStr || str; + } + + // Called after a delete so that there are no gaps in the numbering. Most of the time the config system doesn't care about + // gaps, but I do :) + function renumber() { + var idx = 0; + + $('.repeatable').each(function() { + + $(this).find('input').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('select').each(function() { + $(this).prop("id", this.id.replace(/\d+$/, "") + idx); + $(this).prop("name", this.name.replace(/\d+$/, "") + idx); + }); + + $(this).find('label').attr('for', $(this).find('label').attr('for').replace(/\d+$/, "") + idx); + + idx++; + }); + } + + + function delete_row(row) { + $('#' + row).parent('div').parent('div').remove(); + renumber(); + } + + function add_row() { + // Find the lst repeatable group + var lastRepeatableGroup = $('.repeatable:last'); + + // Clone it + var newGroup = lastRepeatableGroup.clone(true); + + // Increment the suffix number for each input elemnt in the new group + $(newGroup).find('input').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + if(!$(this).is('[id^=delete]')) + $(this).val(''); + }); + + // Do the same for selectors + $(newGroup).find('select').each(function() { + $(this).prop("id", bumpStringInt(this.id)); + $(this).prop("name", bumpStringInt(this.name)); + // If this selector lists mask bits, we need it to be reset to all 128 options + // and no items selected, so that automatic v4/v6 selection still works + if($(this).is('[id^=mask]')) { + $(this).empty(); + for(idx=128; idx>0; idx--) { + $(this).append($('<option>', { + value: idx, + text: idx + })); + } + } + }); + + // And for "for" tags + $(newGroup).find('label').attr('for', bumpStringInt($(newGroup).find('label').attr('for'))); + $(newGroup).find('label').text(""); // Clear the label. We only want it on the very first row + + // Insert the updated/cloned row + $(lastRepeatableGroup).after(newGroup); + + // Delete any help text from the group we have cloned + $(lastRepeatableGroup).find('.help-block').each(function() { + $(this).remove(); + }); + + setMasks(); + } + + // These are action buttons, not submit buttons + $('[id^=addrow]').prop('type','button'); + $('[id^=delete]').prop('type','button'); + + // on click . . + $('[id^=addrow]').click(function() { + add_row(); + }); + + $('[id^=delete]').click(function(event) { + if($('.repeatable').length > 1) { + moveHelpText(event.target.id); + delete_row(event.target.id); + } + else + alert('<?php echo gettext("You may not delet the last one!")?>'); + }); +}); +//]]> +</script> + +<?php include("foot.inc");
\ No newline at end of file diff --git a/src/usr/local/www/services_unbound_domainoverride_edit.php b/src/usr/local/www/services_unbound_domainoverride_edit.php index 2f8533c..5862b15 100644 --- a/src/usr/local/www/services_unbound_domainoverride_edit.php +++ b/src/usr/local/www/services_unbound_domainoverride_edit.php @@ -143,7 +143,7 @@ $section->addInput(new Form_IpAddress( $section->addInput(new Form_Input( 'descr', - 'GUI Log Entries', + 'Description', 'text', $pconfig['descr'] ))->setHelp('You may enter a description here for your reference (not parsed).'); @@ -161,4 +161,4 @@ $form->add($section); print $form; -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php index 4b38b49..db0bb44 100644 --- a/src/usr/local/www/system_advanced_admin.php +++ b/src/usr/local/www/system_advanced_admin.php @@ -410,7 +410,7 @@ $section->addInput(new Form_Checkbox( 'DNS Rebind Check', 'Disable DNS Rebinding Checks', $pconfig['nodnsrebindcheck'] -))->setHelp('When this is unchecked, your system is protected against<a '. +))->setHelp('When this is unchecked, your system is protected against <a '. 'href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. '. 'This blocks private IP responses from your configured DNS servers. Check this '. 'box to disable this protection if it interferes with webConfigurator access or '. @@ -461,8 +461,8 @@ $section->addInput(new Form_Checkbox( 'Authentication Method', 'Disable password login for Secure Shell (RSA/DSA key only)', $pconfig['sshdkeyonly'] -))->setHelp('When enabled, authorized keys need to be configured for each<a '. - 'href="system_usermanager.php">user</a>that has been granted secure shell '. +))->setHelp('When enabled, authorized keys need to be configured for each <a '. + 'href="system_usermanager.php">user</a> that has been granted secure shell '. 'access.'); $section->addInput(new Form_Input( diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php index 677c2e0..098b52a 100644 --- a/src/usr/local/www/system_advanced_firewall.php +++ b/src/usr/local/www/system_advanced_firewall.php @@ -441,7 +441,7 @@ $section->addInput(new Form_Checkbox( ))->setHelp('Note: This converts %s into a routing only platform!<br/>'. 'Note: This will also turn off NAT! If you only want to disable NAT, '. 'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound '. - 'NAT</a>page.', [$g["product_name"]]); + 'NAT</a> page.', [$g["product_name"]]); $section->addInput(new Form_Checkbox( 'disablescrub', @@ -484,7 +484,7 @@ $section->addInput(new Form_Input( 'number', $pconfig['maximumstates'], ['min' => 1, 'placeholder' => pfsense_default_state_size()] -))->setHelp('Maximum number of connections to hold in the firewall state table.. '. +))->setHelp('Maximum number of connections to hold in the firewall state table. '. '<br/>Note: Leave this blank for the default. On your system the default '. 'size is: %d', [pfsense_default_state_size()]); @@ -495,7 +495,7 @@ $section->addInput(new Form_Input( $pconfig['maximumtableentries'], ['placeholder' => pfsense_default_table_entries_size()] ))->setHelp('Maximum number of table entries for systems such as aliases, '. - 'sshlockout, snort, etc, combined..<br/>Note: Leave this blank for the '. + 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the '. 'default. On your system the default size is: %d', [pfsense_default_table_entries_size()]); @@ -641,7 +641,7 @@ if (count($config['interfaces']) > 1) 'Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.', isset($config['system']['enablenatreflectionhelper']) ))->setHelp('Required for full functionality of the pure NAT mode of NAT '. - 'Reflection for port forwards or NAT Reflection for 1:1 NAT.Note: This only works '. + 'Reflection for port forwards or NAT Reflection for 1:1 NAT. Note: This only works '. 'for assigned interfaces. Other interfaces require manually creating the '. 'outbound NAT rules that direct the reply packets back through the router.'); @@ -755,4 +755,4 @@ events.push(function(){ //]]> </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 2dba952..5e87227 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -368,7 +368,7 @@ $group->add(new Form_Input( 'Source tracking timeout', 'number', $pconfig['srctrack'], - ['placeholder' => 1400] + ['placeholder' => 0] ))->setHelp('Set the source tracking timeout for sticky connections. By default '. 'this is 0, so source tracking is removed as soon as the state expires. '. 'Setting this timeout higher will cause the source/destination relationship '. @@ -382,7 +382,7 @@ $section->addInput(new Form_Checkbox( 'Enable default gateway switching', $pconfig['gw_switch_default'] ))->setHelp('If the default gateway goes down, switch the default gateway to '. - 'another available one. This is not enabled by default, as it"s unnecessary in '. + 'another available one. This is not enabled by default, as it\'s unnecessary in '. 'most all scenarios, which instead use gateway groups.'); $form->add($section); @@ -571,4 +571,4 @@ $section->addInput(new Form_Checkbox( $form->add($section); print $form; -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index f888ac6..52d57cc 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -229,13 +229,13 @@ if ($_POST) { if ($pconfig['radisu_srvcs'] == "both" || $pconfig['radisu_srvcs'] == "auth") { $reqdfields[] = "radius_auth_port"; - $reqdfieldsn[] = gettext("Authentication port value"); + $reqdfieldsn[] = gettext("Authentication port"); } if ($pconfig['radisu_srvcs'] == "both" || $pconfig['radisu_srvcs'] == "acct") { $reqdfields[] = "radius_acct_port"; - $reqdfieldsn[] = gettext("Accounting port value"); + $reqdfieldsn[] = gettext("Accounting port"); } if (!isset($id)) { @@ -452,7 +452,7 @@ $section->addInput(new Form_Input( 'text', $pconfig['ldap_host'] ))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '. - '(CN) of the LDAP server"s SSL Certificate.'); + '(CN) of the LDAP server\'s SSL Certificate.'); $section->addInput(new Form_Input( 'ldap_port', @@ -497,18 +497,26 @@ $section->addInput(new Form_Select( array_combine($ldap_protvers, $ldap_protvers) )); -$section->addInput(new Form_Select( +$group = new Form_Group('Search scope'); + +$SSF = new Form_Select( 'ldap_scope', - 'Search scope: Level', + 'Level', $pconfig['ldap_scope'], $ldap_scopes -)); +); -$section->addInput(new Form_Input( +$SSB = new Form_Input( 'ldap_basedn', 'Base DN', 'text', $pconfig['ldap_basedn'] +); + + +$section->addInput(new Form_StaticText( + 'Search scope', + 'Level ' . $SSF . '<br />' . 'Base DN' . $SSB )); $group = new Form_Group('Authentication containers'); @@ -647,7 +655,7 @@ $section->addInput(new Form_Select( $section->addInput(new Form_Input( 'radius_auth_port', - 'Authentication port value', + 'Authentication port', 'number', $pconfig['radius_auth_port'] )); @@ -715,4 +723,4 @@ events.push(function(){ //]]> </script> <?php -include("foot.inc");
\ No newline at end of file +include("foot.inc"); diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index f9f2702..6ee5fbb 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -1,32 +1,59 @@ <?php /* system_certmanager.php - - Copyright (C) 2008 Shrew Soft Inc. - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2008 Shrew Soft Inc. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_MODULE: certificate_manager */ @@ -962,10 +989,12 @@ $section = new Form_Section('Choose an Existing Certificate'); $section->addClass('toggle-existing collapse'); $existCerts = array(); -foreach ($config['cert'] as $cert) -{ - if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; + +foreach ($config['cert'] as $cert) { + if(is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA! + if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) + continue; + } $ca = lookup_ca($cert['caref']); if ($ca) @@ -979,6 +1008,7 @@ foreach ($config['cert'] as $cert) $existCerts[ $cert['refid'] ] = $cert['descr']; } + $section->addInput(new Form_Select( 'certref', 'Existing Certificates', diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index 128c761..44e6190 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -637,12 +637,12 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <?php if ($cainternal == "YES"): ?> <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success"> - <?=gettext("Add or Import CRLl")?> + <?=gettext("Add or Import CRL")?> </a> <?php else: ?> <a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success"> - <?=gettext("Add or Import CRLl")?> + <?=gettext("Add or Import CRL")?> </a> <?php endif; ?> @@ -662,7 +662,7 @@ if ($act == "new" || $act == gettext("Save") || $input_errors) { <td><?=($inuse) ? "YES" : "NO"; ?></td> <td> <a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success"> - <?=gettext("Export CRL")?>" + <?=gettext("Export CRL")?> </a> <?php if ($internal): ?> diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index dc84a7a..4493ff2 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -2,42 +2,61 @@ /* $Id$ */ /* system_usermanager.php - part of m0n0wall (http://m0n0.ch/wall) - - part of pfSense - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Copyright (C) 2008 Shrew Soft Inc. - All rights reserved. - - Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net> + * Copyright (c) 2008 Shrew Soft Inc. + * Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com> + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_BUILDER_BINARIES: pfSense_MODULE: auth @@ -134,6 +153,21 @@ if (isset($_POST['dellall_x'])) { } } +if ($_POST['act'] == "delcert") { + + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; + } + + $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$_POST['certid']]); + write_config(); + $_POST['act'] = "edit"; + $savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />"; +} + if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -240,15 +274,8 @@ if ($_POST['save']) { if ($a_user[$id] && !empty($_POST['privid'])) { foreach ($_POST['privid'] as $i) unset($a_user[$id]['priv'][$i]); - local_user_set($a_user[$id]); - write_config(); - } - - // This used to be a separate act=delcert - if ($a_user[$id] && !empty($_POST['certid'])) { - foreach ($_POST['certid'] as $i) - unset($a_user[$id]['cert'][$i]); + local_user_set($a_user[$id]); write_config(); } @@ -347,9 +374,11 @@ function build_priv_table() { $privhtml = '<div class="table-responsive">'; $privhtml .= '<table class="table table-striped table-hover table-condensed">'; $privhtml .= '<thead>'; - $privhtml .= '<th>' . gettext('Inherited from') . '</th>'; - $privhtml .= '<th>' . gettext('Name') . '</th>'; - $privhtml .= '<th>' . gettext('Description') . '</th>'; + $privhtml .= '<tr>'; + $privhtml .= '<th>' . gettext('Inherited from') . '</th>'; + $privhtml .= '<th>' . gettext('Name') . '</th>'; + $privhtml .= '<th>' . gettext('Description') . '</th>'; + $privhtml .= '</tr>'; $privhtml .= '</thead>'; $privhtml .= '<tbody>'; @@ -378,8 +407,11 @@ function build_cert_table() { $certhtml = '<div class="table-responsive">'; $certhtml .= '<table class="table table-striped table-hover table-condensed">'; $certhtml .= '<thead>'; - $certhtml .= '<th>' . gettext('Name') . '</th>'; - $certhtml .= '<th>' . gettext('CA') . '</th>'; + $certhtml .= '<tr>'; + $certhtml .= '<th>' . gettext('Name') . '</th>'; + $certhtml .= '<th>' . gettext('CA') . '</th>'; + $certhtml .= '<th></th>'; + $certhtml .= '</tr>'; $certhtml .= '</thead>'; $certhtml .= '<tbody>'; @@ -387,11 +419,21 @@ function build_cert_table() { if (is_array($a_cert)) { $i = 0; foreach ($a_cert as $certref) { + $cert = lookup_cert($certref); + $ca = lookup_ca($cert['caref']); + $revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':''; + $certhtml .= '<tr>'; - $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . is_cert_revoked($cert) ? '<b> Revoked</b>':'' . '</td>'; + $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>'; $certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>'; + $certhtml .= '<td>'; + $certhtml .= '<a id="delcert' . $i .'" class="btn btn-xs btn-warning" title="'; + $certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>'; + $certhtml .= '</td>'; $certhtml .= '</tr>'; + $i++; } + } $certhtml .= '</tbody>'; @@ -410,8 +452,9 @@ include("head.inc"); if ($input_errors) print_input_errors($input_errors); + if ($savemsg) - print_info_box($savemsg); + print_info_box($savemsg, 'success'); $tab_array = array(); $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); @@ -490,7 +533,6 @@ $form = new Form; if ($act == "new" || $act == "edit" || $input_errors): - $form->addGlobal(new Form_Input( 'act', null, @@ -597,7 +639,7 @@ if ($act == "new" || $act == "edit" || $input_errors): // ==== Group membership ================================================== $group = new Form_Group('Group membership'); - // Make a list of all the groups configured on the system, and a list of + // Make a list of all the groups configured on the system, and a list of // those which this user is a member of $systemGroups = array(); $usersGroups = array(); @@ -605,10 +647,12 @@ if ($act == "new" || $act == "edit" || $input_errors): $usergid = [$pconfig['usernamefld']]; foreach ($config['system']['group'] as $Ggroup) { - if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) - $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list - else - $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list + if($Ggroup['name'] != "all") { + if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) + $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list + else + $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list + } } $group->add(new Form_Select( @@ -833,7 +877,6 @@ events.push(function(){ $("#movetodisabled").prop('type','button'); $("#movetoenabled").prop('type','button'); - // On click . . $("#movetodisabled").click(function() { moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]')); @@ -851,6 +894,15 @@ events.push(function(){ hideInput('authorizedkeys', !this.checked); }); + $('[id^=delcert]').click(function(event) { + if(confirm(event.target.title)) { + $('#certid').val(event.target.id.match(/\d+$/)[0]); + $('#userid').val('<?=$id;?>'); + $('#act').val('delcert'); + $('form').submit(); + } + }); + // On page load . . hideClass('cert-options', true); hideInput('authorizedkeys', true); diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 588b4dd..dfc5159 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -1,35 +1,60 @@ <?php /* vpn_ipsec_phase1.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2008 Shrew Soft Inc - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2014 Ermal Luçi - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2008 Shrew Soft Inc + * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>. + * Copyright (c) 2014 Ermal Luçi + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ ##|+PRIV ##|*IDENT=page-vpn-ipsec-editphase1 @@ -108,7 +133,7 @@ if (isset($p1index) && $a_phase1[$p1index]) { $pconfig['authentication_method'] = $a_phase1[$p1index]['authentication_method']; if (($pconfig['authentication_method'] == "pre_shared_key") || - ($pconfig['authentication_method'] == "xauth_psk_server")) { + ($pconfig['authentication_method'] == "xauth_psk_server")) { $pconfig['pskey'] = $a_phase1[$p1index]['pre-shared-key']; } else { $pconfig['certref'] = $a_phase1[$p1index]['certref']; @@ -198,7 +223,7 @@ if ($_POST) { break; case "pre_shared_key": // If this is a mobile PSK tunnel the user PSKs go on - // the PSK tab, not here, so skip the check. + // the PSK tab, not here, so skip the check. if ($pconfig['mobile']) { break; } @@ -555,7 +580,7 @@ function build_cert_list() { foreach ($config['cert'] as $cert) $list[$cert['refid']] = $cert['descr']; } - + return($list); } @@ -568,7 +593,7 @@ function build_ca_list() { foreach ($config['ca'] as $ca) $list[$ca['refid']] = $ca['descr']; } - + return($list); } @@ -581,7 +606,7 @@ function build_eal_list() { foreach ($p1_ealgos as $algo => $algodata) $list[$algo] = htmlspecialchars($algodata['name']); } - + return($list); } @@ -636,12 +661,14 @@ $section->addInput(new Form_Select( build_interface_list() ))->setHelp('Select the interface for the local endpoint of this phase1 entry.'); -$section->addInput(new Form_Input( - 'remotegw', - 'Remote Gateway', - 'text', - $pconfig['remotegw'] -))->setHelp('Enter the public IP address or host name of the remote gateway'); +if (!$pconfig['mobile']) { + $section->addInput(new Form_Input( + 'remotegw', + 'Remote Gateway', + 'text', + $pconfig['remotegw'] + ))->setHelp('Enter the public IP address or host name of the remote gateway'); +} $section->addInput(new Form_Input( 'descr', diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php index d00b127..21aaf92 100644 --- a/src/usr/local/www/widgets/widgets/system_information.widget.php +++ b/src/usr/local/www/widgets/widgets/system_information.widget.php @@ -73,14 +73,18 @@ if ($_REQUEST['getupdatestatus']) { } else { $needs_system_upgrade = false; - if (pfs_version_compare($current_installed_buildtime, $current_installed_version, $remote_version) == -1) { + $version_compare = pfs_version_compare($current_installed_buildtime, $g['product_version'], $remote_version); + if ($version_compare == -1) { ?> <div class="alert alert-warning" role="alert"> Version <?=$remote_version?> is available. <a href="/system_firmware_check.php" class="alert-link">Click Here to view.</a> </div> <?php - } else - echo "You are on the latest version."; + } elseif ($version_compare == 1) { + echo "You are on a later version than the official release."; + } else { + echo "You are on the latest version."; + } } } exit; @@ -308,4 +312,4 @@ function systemStatusGetUpdateStatus() { events.push(function(){ setTimeout('systemStatusGetUpdateStatus()', 4000); }); -</script>
\ No newline at end of file +</script> |
