diff options
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/captiveportal/index.php | 2 | ||||
-rw-r--r-- | usr/local/captiveportal/radius_accounting.inc | 1 | ||||
-rw-r--r-- | usr/local/captiveportal/radius_authentication.inc | 1 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn-linkdown | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 11 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 2 | ||||
-rwxr-xr-x | usr/local/www/diag_defaults.php | 57 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 9 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 18 | ||||
-rwxr-xr-x | usr/local/www/services_dhcp.php | 5 | ||||
-rw-r--r-- | usr/local/www/services_dhcpv6.php | 4 | ||||
-rwxr-xr-x | usr/local/www/status_queues.php | 4 | ||||
-rw-r--r-- | usr/local/www/vpn_l2tp.php | 3 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 32 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 50 | ||||
-rwxr-xr-x | usr/local/www/vpn_pppoe.php | 4 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 3 | ||||
-rw-r--r-- | usr/local/www/wizards/openvpn_wizard.inc | 2 | ||||
-rwxr-xr-x | usr/local/www/xmlrpc.php | 36 |
19 files changed, 141 insertions, 105 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 7034177..98b26e9 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -170,7 +170,7 @@ EOD; } } else if ($_POST['accept'] && $radius_enable) { - if (($_POST['auth_user'] && $_POST['auth_pass']) || ($_POST['auth_user2'] && $_POST['auth_pass2'])) { + if (($_POST['auth_user'] && isset($_POST['auth_pass'])) || ($_POST['auth_user2'] && isset($_POST['auth_pass2']))) { if (!empty($_POST['auth_user'])) { $user = $_POST['auth_user']; $paswd = $_POST['auth_pass']; diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index 2485f06..4a167e7 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -178,6 +178,7 @@ function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, // close OO RADIUS_ACCOUNTING $racct->close(); + unset($racct); return $retvalue ; diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 92890b8..8727815 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -205,6 +205,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli // close OO RADIUS_AUTHENTICATION $rauth->close(); + unset($rauth); return $retvalue; diff --git a/usr/local/sbin/ovpn-linkdown b/usr/local/sbin/ovpn-linkdown index b300aed..4780b4f 100755 --- a/usr/local/sbin/ovpn-linkdown +++ b/usr/local/sbin/ovpn-linkdown @@ -1,5 +1,5 @@ #!/bin/sh -# /sbin/pfctl -b $4 -b $5 +/sbin/pfctl -i $1 -k 0.0.0.0/0 # delete the node just in case mpd cannot do that /bin/rm -f /var/etc/nameserver_$1 /bin/rm -f /tmp/$1_router diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 87560f7..2ab0b6b 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -16,14 +16,9 @@ if [ "$3" != "" ]; then pfctl -K ${LOCAL_IP} fi -OLD_ROUTER=`/bin/cat /tmp/${1}_router` -if [ "${OLD_ROUTER}" != "" ]; then - echo "Removing states to ${OLD_ROUTER}" | logger -t ppp-linkdown - /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32 - - if [ -f "/tmp/${interface}_defaultgw" ]; then - route delete default ${OLD_ROUTER} - fi +/sbin/pfctl -i $1 -k 0.0.0.0/0 +if [ -f "/tmp/${1}_defaultgw" ]; then + route delete default ${OLD_ROUTER} fi # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index 3a62fbb..50308b1 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -5,7 +5,7 @@ if [ "$2" == "inet" ]; then OLD_ROUTER=`/bin/cat /tmp/${1}_router` if [ "${OLD_ROUTER}" != "" ]; then echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup - /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32 + /sbin/pfctl -i $1 -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 fi # let the configuration system know that the ipv4 has changed. diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php index 86ea6f9..d389e9d 100755 --- a/usr/local/www/diag_defaults.php +++ b/usr/local/www/diag_defaults.php @@ -44,15 +44,9 @@ require("guiconfig.inc"); -if ($_POST) { - if ($_POST['Submit'] != " No ") { - reset_factory_defaults(); - system_reboot(); - $rebootmsg = gettext("The system has been reset to factory defaults and is now rebooting. This may take a few minutes, depending on your hardware."); - } else { - header("Location: index.php"); - exit; - } +if ($_POST['Submit'] == " " . gettext("No") . " ") { + header("Location: index.php"); + exit; } $pgtitle = array(gettext("Diagnostics"),gettext("Factory defaults")); @@ -62,26 +56,33 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php if ($rebootmsg): echo print_info_box($rebootmsg); else: ?> -<form action="diag_defaults.php" method="post"> - <p><strong> <?=gettext("If you click") . " "" . gettext("Yes") . "", " . gettext("the firewall will:")?> - - <ul> - <li><?=gettext("Reset to factory defaults");?></li> - <li><?=gettext("LAN IP address will be reset to 192.168.1.1");?></li> - <li><?=gettext("System will be configured as a DHCP server on the default LAN interface");?></li> - <li><?=gettext("Reboot after changes are installed");?></li> - <li><?=gettext("WAN interface will be set to obtain an address automatically from a DHCP server");?></li> - <li><?=gettext("webConfigurator admin username will be reset to 'admin'");?></li> - <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['factory_shipped_password']?>'</li> - </ul> - <?=gettext("Are you sure you want to proceed?");?></strong></p> - <p> - <input name="Submit" type="submit" class="formbtn" value=" <?=gettext("Yes");?> "> - <input name="Submit" type="submit" class="formbtn" value=" <?=gettext("No");?> "> - </p> - </form> +<?php if ($_POST['Submit'] == " " . gettext("Yes") . " "): + print_info_box(gettext("The system has been reset to factory defaults and is now rebooting. This may take a few minutes, depending on your hardware.")); ?> +<pre> +<?php + reset_factory_defaults(); + system_reboot(); +?> +</pre> +<?php else: ?> +<form action="diag_defaults.php" method="post"> + <p><strong> <?=gettext("If you click") . " "" . gettext("Yes") . "", " . gettext("the firewall will:")?> + <ul> + <li><?=gettext("Reset to factory defaults");?></li> + <li><?=gettext("LAN IP address will be reset to 192.168.1.1");?></li> + <li><?=gettext("System will be configured as a DHCP server on the default LAN interface");?></li> + <li><?=gettext("Reboot after changes are installed");?></li> + <li><?=gettext("WAN interface will be set to obtain an address automatically from a DHCP server");?></li> + <li><?=gettext("webConfigurator admin username will be reset to 'admin'");?></li> + <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['factory_shipped_password']?>'</li> + </ul> + <?=gettext("Are you sure you want to proceed?");?></strong></p> + <p> + <input name="Submit" type="submit" class="formbtn" value=" <?=gettext("Yes");?> "> + <input name="Submit" type="submit" class="formbtn" value=" <?=gettext("No");?> "> + </p> +</form> <?php endif; ?> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index ee45bfb..7a1abe1 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -213,7 +213,7 @@ switch($wancfg['ipaddrv6']) { break; case "dhcp6": $pconfig['dhcp6-duid'] = $wancfg['dhcp6-duid']; - if($wancfg['dhcp6-ia-pd-len'] == "") + if(empty($wancfg['dhcp6-ia-pd-len'])) $wancfg['dhcp6-ia-pd-len'] = "none"; $pconfig['dhcp6-ia-pd-len'] = $wancfg['dhcp6-ia-pd-len']; $pconfig['type6'] = "dhcp6"; @@ -355,8 +355,11 @@ if ($_POST['apply']) { if (file_exists("{$g['tmp_path']}/.interfaces.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply")); foreach ($toapplylist as $ifapply => $ifcfgo) { - interface_bring_down($ifapply, false, $ifcfgo); - interface_configure($ifapply); + if (isset($config['interfaces'][$ifapply]['enable'])) { + interface_bring_down($ifapply, false, $ifcfgo); + interface_configure($ifapply); + } else + interface_bring_down($ifapply, true, $ifcfgo); } } /* restart snmp so that it binds to correct address */ diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index d6919f6..c2f154f 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -36,15 +36,6 @@ ##|*MATCH=services_captiveportal_vouchers.php* ##|-PRIV -$cpzone = $_GET['zone']; -if (isset($_POST['zone'])) - $cpzone = $_POST['zone']; - -if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { - header("Location: services_captiveportal_zones.php"); - exit; -} - if ($_POST['postafterlogin']) $nocsrf= true; @@ -55,6 +46,15 @@ require("shaper.inc"); require("captiveportal.inc"); require_once("voucher.inc"); +$cpzone = $_GET['zone']; +if (isset($_POST['zone'])) + $cpzone = $_POST['zone']; + +if (empty($cpzone)) { + header("Location: services_captiveportal_zones.php"); + exit; +} + if($_REQUEST['generatekey']) { exec("/usr/local/bin/openssl genrsa 64 > /tmp/key64.private"); exec("/usr/local/bin/openssl rsa -pubout < /tmp/key64.private > /tmp/key64.public"); diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 37e25be..fa174f4 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -128,6 +128,7 @@ $act = $_GET['act']; if (!empty($_POST['act'])) $act = $_POST['act']; +$a_pools = array(); if (is_array($config['dhcpd'][$if])){ $pool = $_GET['pool']; @@ -1142,6 +1143,10 @@ include("head.inc"); <?php if (!is_numeric($pool) && !($act == "newpool")): ?> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> + <td colspan="5" valign="top" class="listtopic"><?=gettext("DHCP Static Mappings for this interface.");?></td> + <td> </td> + </tr> + <tr> <td width="7%" class="listhdrr"><?=gettext("Static ARP");?></td> <td width="18%" class="listhdrr"><?=gettext("MAC address");?></td> <td width="15%" class="listhdrr"><?=gettext("IP address");?></td> diff --git a/usr/local/www/services_dhcpv6.php b/usr/local/www/services_dhcpv6.php index 0465edf..4c49fd5 100644 --- a/usr/local/www/services_dhcpv6.php +++ b/usr/local/www/services_dhcpv6.php @@ -843,6 +843,10 @@ display_top_tabs($tab_array); </table> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> + <td colspan="4" valign="top" class="listtopic"><?=gettext("DHCPv6 Static Mappings for this interface.");?></td> + <td> </td> + </tr> + <tr> <td width="25%" class="listhdrr"><?=gettext("DUID");?></td> <td width="15%" class="listhdrr"><?=gettext("IPv6 address");?></td> <td width="20%" class="listhdrr"><?=gettext("Hostname");?></td> diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php index 8dedf7d..388bf51 100755 --- a/usr/local/www/status_queues.php +++ b/usr/local/www/status_queues.php @@ -85,7 +85,7 @@ if ($_REQUEST['getactivity']) { /* calculate the bigger amount of packets being moved through all queues. */ foreach($statistics as $q) { if ($bigger_packets < $q->pps) - {$bigger_packets = $q->pps;} + $bigger_packets = $q->pps; } $finscript = ""; foreach($statistics as $q) { @@ -99,6 +99,7 @@ if ($_REQUEST['getactivity']) { $finscript .= "jQuery('#queue{$q->queuename}suspends').val('{$q->suspends}');"; $finscript .= "jQuery('#queue{$q->queuename}drops').val('{$q->drops}');"; } + unset($statistics, $altqstats); header("Content-type: text/javascript"); echo $finscript; exit; @@ -211,6 +212,7 @@ function processQueues($altqstats, $level){ } function statsQueues($xml){ global $statistics; + $current = new QueueStats(); $child = new QueueStats(); $current->queuename = $xml['name'] . $xml['interface']; diff --git a/usr/local/www/vpn_l2tp.php b/usr/local/www/vpn_l2tp.php index 699e468..cedcef5 100644 --- a/usr/local/www/vpn_l2tp.php +++ b/usr/local/www/vpn_l2tp.php @@ -84,6 +84,9 @@ if ($_POST) { if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = gettext("A valid server address must be specified."); } + if (is_ipaddr_configured($_POST['localip'])) { + $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); + } if (($_POST['l2tp_subnet'] && !is_ipaddr($_POST['remoteip']))) { $input_errors[] = gettext("A valid remote start address must be specified."); } diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 4a1cd5d..6452895 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -177,7 +177,7 @@ if ($_POST) { if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) $input_errors[] = $result; - $portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']); + $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); if (($portused != $vpnid) && ($portused != 0)) $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); } @@ -815,30 +815,30 @@ if ($savemsg) </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>"> + <input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>"> <br> - <?=gettext("This is a network that will be routed through " . + <?=gettext("These are the IPv4 networks that will be routed through " . "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the " . - "routing tables. Expressed as a CIDR range. If " . - "this is a site-to-site VPN, enter the " . - "remote LAN here. You may leave this blank to " . + "established without manually changing the routing tables. " . + "Expressed as a comma-separated list of one or more CIDR ranges. " . + "If this is a site-to-site VPN, enter the " . + "remote LAN/s here. You may leave this blank to " . "only communicate with other clients"); ?>. </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="remote_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>"> + <input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>"> <br> - <?=gettext("This is an IPv6 network that will be routed through " . + <?=gettext("These are the IPv6 networks that will be routed through " . "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the " . - "routing tables. Expressed as an IP/PREFIX. If " . - "this is a site-to-site VPN, enter the " . - "remote LAN here. You may leave this blank to " . + "established without manually changing the routing tables. " . + "Expressed as a comma-separated list of one or more IP/PREFIX. " . + "If this is a site-to-site VPN, enter the " . + "remote LAN/s here. You may leave this blank to " . "only communicate with other clients"); ?>. </td> </tr> @@ -906,7 +906,7 @@ if ($savemsg) <td> <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/> <?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/> - <?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?> + <?=gettext("EXAMPLE:"); ?> <strong>remote server.mysite.com 1194;</strong> or <strong>remote 1.2.3.4 1194;</strong> </td> </tr> </table> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index b9e3efd..10d6511 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -249,7 +249,7 @@ if ($_POST) { if ($result = openvpn_validate_cidr($pconfig['local_networkv6'], 'IPv6 Local Network', true, "ipv6")) $input_errors[] = $result; - $portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']); + $portused = openvpn_port_used($pconfig['protocol'], $pconfig['interface'], $pconfig['local_port'], $vpnid); if (($portused != $vpnid) && ($portused != 0)) $input_errors[] = gettext("The specified 'Local port' is in use. Please select another value"); @@ -1222,56 +1222,56 @@ if ($savemsg) </td> </tr> <tr id="local_optsv4"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Local Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="local_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_network']);?>"> + <input name="local_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_network']);?>"> <br> - <?=gettext("This is the network that will be accessible " . - "from the remote endpoint. Expressed as a CIDR " . - "range. You may leave this blank if you don't " . + <?=gettext("These are the IPv4 networks that will be accessible " . + "from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. " . + "You may leave this blank if you don't " . "want to add a route to the local network " . "through this tunnel on the remote machine. " . "This is generally set to your LAN network"); ?>. </td> </tr> <tr id="local_optsv6"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Local Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="local_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>"> + <input name="local_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['local_networkv6']);?>"> <br> - <?=gettext("This is the IPv6 network that will be accessible " . - "from the remote endpoint. Expressed as a CIDR " . - "range. You may leave this blank if you don't " . + <?=gettext("These are the IPv6 networks that will be accessible " . + "from the remote endpoint. Expressed as a comma-separated list of one or more IP/PREFIX. " . + "You may leave this blank if you don't " . "want to add a route to the local network " . "through this tunnel on the remote machine. " . "This is generally set to your LAN network"); ?>. </td> </tr> <tr id="remote_optsv4"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv4 Remote Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>"> + <input name="remote_network" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_network']);?>"> <br> - <?=gettext("This is a network that will be routed through " . + <?=gettext("These are the IPv4 networks that will be routed through " . "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the " . - "routing tables. Expressed as a CIDR range. If " . - "this is a site-to-site VPN, enter the " . - "remote LAN here. You may leave this blank if " . + "established without manually changing the routing tables. " . + "Expressed as a comma-separated list of one or more CIDR ranges. " . + "If this is a site-to-site VPN, enter the " . + "remote LAN/s here. You may leave this blank if " . "you don't want a site-to-site VPN"); ?>. </td> </tr> <tr id="remote_optsv6"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network"); ?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("IPv6 Remote Network/s"); ?></td> <td width="78%" class="vtable"> - <input name="remote_networkv6" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>"> + <input name="remote_networkv6" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['remote_networkv6']);?>"> <br> - <?=gettext("This is an IPv6 network that will be routed through " . + <?=gettext("These are the IPv6 networks that will be routed through " . "the tunnel, so that a site-to-site VPN can be " . - "established without manually changing the " . - "routing tables. Expressed as an IP/PREFIX. If " . - "this is a site-to-site VPN, enter the " . - "remote LAN here. You may leave this blank if " . + "established without manually changing the routing tables. " . + "Expressed as a comma-separated list of one or more IP/PREFIX. " . + "If this is a site-to-site VPN, enter the " . + "remote LAN/s here. You may leave this blank if " . "you don't want a site-to-site VPN"); ?>. </td> </tr> diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 1b67ef2..b91e6d2 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -1,6 +1,6 @@ <?php /* - Copyright (C) 2010 Ermal Luçi + Copyright (C) 2010 Ermal Luci All rights reserved. Redistribution and use in source and binary forms, with or without @@ -75,7 +75,7 @@ if ($_GET['act'] == "del") { if ($a_pppoes[$_GET['id']]) { if ("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid") killbypid("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid"); - if (is_dir({$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'])) + if (is_dir("{$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'])) mwexec("/bin/rm -r {$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']); unset($a_pppoes[$_GET['id']]); write_config(); diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 59404c1..a5da316 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -92,6 +92,9 @@ if ($_POST) { if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = gettext("A valid server address must be specified."); } + if (is_ipaddr_configured($_POST['localip'])) { + $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); + } if (!is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 006ee32..86dec52 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -366,7 +366,7 @@ function step10_submitphpaction() { if ($result = openvpn_validate_cidr($_POST['localnet'], 'Local Network', true, "ipv4")) $input_errors[] = $result; - $portused = openvpn_port_used($_POST['protocol'], $_POST['localport']); + $portused = openvpn_port_used($_POST['protocol'], $_POST['interface'], $_POST['localport']); if ($portused != 0) $input_errors[] = "The specified 'Local port' is in use. Please select another value"; diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php index 1dda1ad..af58f67 100755 --- a/usr/local/www/xmlrpc.php +++ b/usr/local/www/xmlrpc.php @@ -44,16 +44,18 @@ require("xmlrpc_server.inc"); require("xmlrpc.inc"); require("array_intersect_key.inc"); -/* grab sync to ip if enabled */ -if ($config['hasync']) { - $synchronizetoip = $hasync['synchronizetoip']; -} - -if($synchronizetoip) { - if($synchronizetoip == $_SERVER['REMOTE_ADDR']) { - log_error(gettext("Disallowing CARP sync loop.")); - die; +function xmlrpc_loop_detect() { + global $config; + + /* grab sync to ip if enabled */ + if ($config['hasync']) + $synchronizetoip = $config['hasync']['synchronizetoip']; + if($synchronizetoip) { + if($synchronizetoip == $_SERVER['REMOTE_ADDR']) + return true; } + + return false; } $xmlrpc_g = array( @@ -138,6 +140,9 @@ $backup_config_section_sig = array( function backup_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + if (xmlrpc_loop_detect()) + log_error("Disallowing CARP sync loop"); + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) { xmlrpc_authfail(); @@ -161,6 +166,9 @@ $restore_config_section_sig = array( function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + if (xmlrpc_loop_detect()) + log_error("Disallowing CARP sync loop"); + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) { xmlrpc_authfail(); @@ -278,6 +286,9 @@ $merge_config_section_sig = array( function merge_installedpackages_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + if (xmlrpc_loop_detect()) + log_error("Disallowing CARP sync loop"); + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) { xmlrpc_authfail(); @@ -302,6 +313,10 @@ $merge_config_section_sig = array( function merge_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; + + if (xmlrpc_loop_detect()) + log_error("Disallowing CARP sync loop"); + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) { xmlrpc_authfail(); @@ -356,6 +371,9 @@ $carp_configure_sig = array( function interfaces_carp_configure_xmlrpc($raw_params) { global $xmlrpc_g; + if (xmlrpc_loop_detect()) + log_error("Disallowing CARP sync loop"); + $params = xmlrpc_params_to_php($raw_params); if(!xmlrpc_auth($params)) { xmlrpc_authfail(); |