diff options
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/sbin/vpn-linkdown | 5 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 22 | ||||
-rwxr-xr-x | usr/local/www/index.php | 4 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_monitor_edit.php | 3 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_pool_edit.php | 4 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_relay_action_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_relay_protocol_edit.php | 3 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_virtual_server_edit.php | 3 | ||||
-rw-r--r-- | usr/local/www/system_authservers.php | 5 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 34 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 34 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/openvpn.widget.php | 1 | ||||
-rwxr-xr-x | usr/local/www/wizard.php | 15 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 8 |
15 files changed, 83 insertions, 65 deletions
diff --git a/usr/local/sbin/vpn-linkdown b/usr/local/sbin/vpn-linkdown index 38c64b3..e67a8a0 100755 --- a/usr/local/sbin/vpn-linkdown +++ b/usr/local/sbin/vpn-linkdown @@ -1,6 +1,5 @@ #!/bin/sh # record logout -/usr/bin/logger -p local3.info "logout,$1,,$3" -/sbin/pfctl -b $3 - +/usr/bin/logger -p local3.info "logout,$1,$4,$5" +/sbin/pfctl -b $3 -b $4 diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 6476115..ac31fb6 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -230,9 +230,8 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { ?> <div id="wrapper"> - <div id="header"> - <div id="header-left"><a href="index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></img></a></div> + <div id="header-left"><a href="index.php" id="status-link"><img src="/themes/<?= $g['theme']; ?>/images/transparent.gif" border="0"></a></div> <div id="header-right"> <div class="container"> <div class="left">webConfigurator</div> @@ -408,7 +407,7 @@ function add_to_menu($url, $name) { ?> <div> -<span class="pgtitle"><?=genhtmltitle($pgtitle);?></font></span> +<span class="pgtitle"><a href="<?= $_SERVER['SCRIPT_NAME'] ?>"><?=genhtmltitle($pgtitle);?></a></span> <span style="float:right; margin: 0 0 20px 20px;"> <?php if(! empty($statusurl)): ?> <a href="<?php echo $statusurl; ?>" target="_new" title="Status of items on this page."><img src="/themes/<?php echo $g['theme']; ?>/images/status.png" border="0"></a> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index cc3fdfc..ff92196 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -1080,10 +1080,10 @@ include("head.inc"); <input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>"> <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span> <p> - <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br><?=gettext(" Maximum state entries this rule can create");?><p> - <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br><?=gettext(" Maximum number of unique source hosts");?><p> - <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br><?=gettext(" Maximum number of established connections per host");?><p> - <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br><?=gettext(" Maximum state entries per host");?><p> + <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p> + <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p> + <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br><?=gettext(" Maximum state entries per host");?></p><p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> / <select name="max-src-conn-rates" id="max-src-conn-rates"> <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option> @@ -1093,13 +1093,13 @@ include("head.inc"); } ?> </select><br /> <?=gettext("Maximum new connections / per second(s)");?> - <p> + </p><p> <input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br> <?=gettext("State Timeout in seconds");?> - <p /> + </p> - <p><strong><?=gettext("NOTE: Leave fields blank to disable that feature.");?></strong> + <p><strong><?=gettext("NOTE: Leave fields blank to disable that feature.");?></strong></p> </div> </td> </tr> @@ -1160,10 +1160,10 @@ include("head.inc"); </select><br><?=gettext("HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> <p> <table width="90%"> - <tr><td width="25%"><ul><li><?=gettext("keep state");?></li></td><td><?=gettext("Works with all IP protocols.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></td><td><?=gettext("Works with all IP protocols.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></ul></td></tr> - <tr><td width="25%"><ul><li><?=gettext("none");?></li></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></ul></td></tr> + <tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr> + <tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr> </table> </p> </div> diff --git a/usr/local/www/index.php b/usr/local/www/index.php index fc97c38..ffc3369 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -37,8 +37,8 @@ ##|+PRIV ##|*IDENT=page-system-login/logout -##|*NAME=System: Login / Logout page -##|*DESCR=Allow access to the 'System: Login / Logout' page. +##|*NAME=System: Login / Logout page / Dashboard +##|*DESCR=Allow access to the 'System: Login / Logout' page and Dashboard. ##|*MATCH=index.php* ##|-PRIV diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index 6156c65..7cc9ef3 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -94,6 +94,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['monitor_type'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This monitor name has already been used. Monitor names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + switch($_POST['type']) { case 'icmp': { break; diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php index e37f51c..0e15dc2 100755 --- a/usr/local/www/load_balancer_pool_edit.php +++ b/usr/local/www/load_balancer_pool_edit.php @@ -80,6 +80,10 @@ if ($_POST) { for ($i=0; isset($config['load_balancer']['lbpool'][$i]); $i++) if (($_POST['name'] == $config['load_balancer']['lbpool'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This pool name has already been used. Pool names must be unique."); + + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + if (!is_port($_POST['port'])) $input_errors[] = gettext("The port must be an integer between 1 and 65535."); if (is_array($_POST['servers'])) { diff --git a/usr/local/www/load_balancer_relay_action_edit.php b/usr/local/www/load_balancer_relay_action_edit.php index 667a0af..396cd9b 100755 --- a/usr/local/www/load_balancer_relay_action_edit.php +++ b/usr/local/www/load_balancer_relay_action_edit.php @@ -123,6 +123,8 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['lbactions'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This action name has already been used. Action names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); if (!$input_errors) { $actent = array(); diff --git a/usr/local/www/load_balancer_relay_protocol_edit.php b/usr/local/www/load_balancer_relay_protocol_edit.php index ecd8ce4..1c0daa8 100755 --- a/usr/local/www/load_balancer_relay_protocol_edit.php +++ b/usr/local/www/load_balancer_relay_protocol_edit.php @@ -85,6 +85,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['lbprotocol'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This protocol name has already been used. Protocol names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + switch($_POST['type']) { case 'tcp': case 'http': diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index 4cbf0e2..e93f0d6 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -85,6 +85,9 @@ if ($_POST) { if (($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name']) && ($i != $id)) $input_errors[] = gettext("This virtual server name has already been used. Virtual server names must be unique."); + if (strpos($_POST['name'], " ") !== false) + $input_errors[] = gettext("You cannot use spaces in the 'name' field."); + if (!is_port($_POST['port'])) $input_errors[] = gettext("The port must be an integer between 1 and 65535."); diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index fc7cef0..8a18ed6 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -147,7 +147,7 @@ if ($_POST) { if ($pconfig['type'] == "ldap") { $reqdfields = explode(" ", "name type ldap_host ldap_port ". - "ldap_urltype ldap_protver ldap_scope ldap_basedn ". + "ldap_urltype ldap_protver ldap_scope ". "ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers"); $reqdfieldsn = array( gettext("Descriptive name"), @@ -157,7 +157,6 @@ if ($_POST) { gettext("Transport"), gettext("Protocol version"), gettext("Search level"), - gettext("Search Base DN"), gettext("User naming Attribute"), gettext("Group naming Attribute"), gettext("Group member attribute"), @@ -507,7 +506,7 @@ function select_clicked() { </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Search scope");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="2"> <tr> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 3678138..4b23c95 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -225,7 +225,7 @@ if ($_POST) { $client['proxy_passwd'] = $pconfig['proxy_passwd']; $client['description'] = $pconfig['description']; $client['mode'] = $pconfig['mode']; - $client['custom_options'] = $pconfig['custom_options']; + $client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { $client['caref'] = $pconfig['caref']; @@ -625,22 +625,22 @@ function autotls_change() { <td width="78%" class="vtable"> <select name='certref' class="formselect"> <?php - foreach ($config['cert'] as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - if (in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + foreach ($config['cert'] as $cert): + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + if (is_user_cert($cert['refid'])) + continue; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 7b85514..ca6c261 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -285,7 +285,7 @@ if ($_POST) { list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; - $server['custom_options'] = $pconfig['custom_options']; + $server['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']); if ($tls_mode) { if ($pconfig['tlsauth_enable']) { @@ -749,22 +749,22 @@ function netbios_change() { <td width="78%" class="vtable"> <select name='certref' class="formselect"> <?php - foreach ($config['cert'] as $cert): - $selected = ""; - $caname = ""; - $inuse = ""; - $revoked = ""; - if (in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) - continue; - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) - $selected = "selected"; - if (cert_in_use($cert['refid'])) - $inuse = " *In Use"; - if (is_cert_revoked($cert)) - $revoked = " *Revoked"; + foreach ($config['cert'] as $cert): + $selected = ""; + $caname = ""; + $inuse = ""; + $revoked = ""; + if (is_user_cert($cert['refid'])) + continue; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['descr']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + if (is_cert_revoked($cert)) + $revoked = " *Revoked"; ?> <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> <?php endforeach; ?> diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php index c17c144..25454c8 100644 --- a/usr/local/www/widgets/widgets/openvpn.widget.php +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -48,7 +48,6 @@ $clients = openvpn_get_active_clients(); <script src="/javascript/sorttable.js" type="text/javascript"></script> <br/> -<form action="status_openvpn.php" method="get" name="iform"> <script type="text/javascript"> function killClient(mport, remipp) { var busy = function(icon) { diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 14a1802..9dc4d80 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -457,11 +457,11 @@ function showchange() { else $interfaces = get_configured_interface_with_descr(); foreach ($interfaces as $ifname => $iface) { - if (is_array($iface)) { - if ($iface['mac']) - $iface = $ifname. " ({$iface['mac']})"; - } else - $iface = $ifname; + if ($field['type'] == "interface_select") { + $iface = $ifname; + if ($iface['mac']) + $iface .= " ({$iface['mac']})"; + } $SELECTED = ""; if ($value == $ifname) $SELECTED = " SELECTED"; $to_echo = "<option value='" . $ifname . "'" . $SELECTED . ">" . $iface . "</option>\n"; @@ -470,13 +470,12 @@ function showchange() { if($field['interface_filter'] <> "") { if(stristr($ifname, $field['interface_filter']) == true) $canecho = 1; - } else { + } else $canecho = 1; - } if($canecho == 1) echo $to_echo; } - echo "</select>\n"; + echo "</select>\n"; if($field['description'] <> "") { echo "<br /> " . $field['description']; diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 3f4de03..375ad46 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -157,13 +157,21 @@ function restore_config_section_xmlrpc($raw_params) { $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; + $vipbackup = array(); if (isset($params[0]['virtualip'])) { if(is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) interface_vip_bring_down($vip); } + $vipbackup = $config['virtualip']['vip']; } + // For vip section, first keep items sent from the master $config = array_merge($config, $params[0]); + // Then add ipalias and proxyarp types already defined on the backup + foreach ($vipbackup as $vip) { + if (($vip['mode'] == 'ipalias') || ($vip['mode'] == 'proxyarp')) + $config['virtualip']['vip'][]=$vip ; + } $mergedkeys = implode(",", array_keys($params[0])); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys)); interfaces_vips_configure(); |