From b37a2e8c90dd8d28c9a967750a9aee3898a6cdd5 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Sat, 28 Feb 2015 14:25:49 +0545 Subject: Code style for etc inc i to p --- etc/inc/IPv6.inc | 82 ++++++------ etc/inc/PEAR.inc | 8 +- etc/inc/ipsec.attributes.php | 72 ++++++----- etc/inc/ipsec.auth-user.php | 39 +++--- etc/inc/ipsec.inc | 284 +++++++++++++++++++++++------------------ etc/inc/itemid.inc | 67 +++++----- etc/inc/led.inc | 6 +- etc/inc/login_sasl_client.inc | 6 +- etc/inc/meta.inc | 51 +++++--- etc/inc/notices.inc | 195 +++++++++++++++------------- etc/inc/ntlm_sasl_client.inc | 24 ++-- etc/inc/openvpn.attributes.php | 75 ++++++----- etc/inc/openvpn.auth-user.php | 75 ++++++----- etc/inc/openvpn.tls-verify.php | 10 +- etc/inc/plain_sasl_client.inc | 10 +- etc/inc/priv.inc | 141 +++++++++++++------- 16 files changed, 654 insertions(+), 491 deletions(-) diff --git a/etc/inc/IPv6.inc b/etc/inc/IPv6.inc index 519cbcd..faacb8d 100644 --- a/etc/inc/IPv6.inc +++ b/etc/inc/IPv6.inc @@ -12,7 +12,7 @@ * PHP versions 4 and 5 * * LICENSE: This source file is subject to the New BSD license, that is - * available through the world-wide-web at + * available through the world-wide-web at * http://www.opensource.org/licenses/bsd-license.php * If you did not receive a copy of the new BSDlicense and are unable * to obtain it through the world-wide-web, please send a note to @@ -66,7 +66,7 @@ define("NET_IPV6_RESERVED_NSAP", 12); define("NET_IPV6_RESERVED_IPX", 13); /** - * Address Type: Reserved for Geographic-Based Unicast Addresses + * Address Type: Reserved for Geographic-Based Unicast Addresses * (RFC 1884, Section 2.3) * @see getAddressType() */ @@ -148,11 +148,11 @@ class Net_IPv6 * @return Array the first element is the IP, the second the prefix length * @since 1.2.0 * @access public - * @static + * @static */ - static function separate($ip) + static function separate($ip) { - + $addr = $ip; $spec = ''; @@ -203,7 +203,7 @@ class Net_IPv6 * Tests for a prefix length specification in the address * and removes the prefix length, if exists * - * The method is technically identical to removeNetmaskSpec() and + * The method is technically identical to removeNetmaskSpec() and * will be dropped in a future release. * * @param String $ip a valid ipv6 address @@ -240,7 +240,7 @@ class Net_IPv6 * @access public * @static */ - static function getNetmaskSpec($ip) + static function getNetmaskSpec($ip) { $elements = Net_IPv6::separate($ip); @@ -256,7 +256,7 @@ class Net_IPv6 * Tests for a prefix length specification in the address * and returns the prefix length, if exists * - * The method is technically identical to getNetmaskSpec() and + * The method is technically identical to getNetmaskSpec() and * will be dropped in a future release. * * @param String $ip a valid ipv6 address @@ -266,9 +266,9 @@ class Net_IPv6 * @static * @deprecated */ - static function getPrefixLength($ip) + static function getPrefixLength($ip) { - if (preg_match("/^([0-9a-fA-F:]{2,39})\/(\d{1,3})*$/", + if (preg_match("/^([0-9a-fA-F:]{2,39})\/(\d{1,3})*$/", $ip, $matches)) { return $matches[2]; @@ -424,12 +424,12 @@ class Net_IPv6 * @see NET_IPV6_MULTICAST * @see NET_IPV6_LOCAL_LINK * @see NET_IPV6_LOCAL_SITE - * @see NET_IPV6_IPV4MAPPING - * @see NET_IPV6_UNSPECIFIED - * @see NET_IPV6_LOOPBACK + * @see NET_IPV6_IPV4MAPPING + * @see NET_IPV6_UNSPECIFIED + * @see NET_IPV6_LOOPBACK * @see NET_IPV6_UNKNOWN_TYPE */ - static function getAddressType($ip) + static function getAddressType($ip) { $ip = Net_IPv6::removeNetmaskSpec($ip); $binip = Net_IPv6::_ip2Bin($ip); @@ -444,7 +444,7 @@ class Net_IPv6 } else if (0 == strncmp(str_repeat('0', 80).str_repeat('1', 16), $binip, 96)) { // ::ffff/96 - return NET_IPV6_IPV4MAPPING; + return NET_IPV6_IPV4MAPPING; } else if (0 == strncmp('1111111010', $binip, 10)) { @@ -462,7 +462,7 @@ class Net_IPv6 return NET_IPV6_MULTICAST; - } else if (0 == strncmp('00000000', $binip, 8)) { + } else if (0 == strncmp('00000000', $binip, 8)) { return NET_IPV6_RESERVED; @@ -526,10 +526,10 @@ class Net_IPv6 * Example of calling with invalid input: 1::2:3:4:5:6:7:8:9 -> 1:0:2:3:4:5:6:7:8:9 * * @param String $ip a (possibly) valid IPv6-address (hex format) - * @param Boolean $leadingZeros if true, leading zeros are added to each - * block of the address - * (FF01::101 -> - * FF01:0000:0000:0000:0000:0000:0000:0101) + * @param Boolean $leadingZeros if true, leading zeros are added to each + * block of the address + * (FF01::101 -> + * FF01:0000:0000:0000:0000:0000:0000:0101) * * @return String the uncompressed IPv6-address (hex format) * @access public @@ -630,14 +630,14 @@ class Net_IPv6 } if(true == $leadingZeros) { - + $uipT = array(); $uiparts = explode(':', $uip); foreach($uiparts as $p) { $uipT[] = sprintf('%04s', $p); - + } $uip = implode(':', $uipT); @@ -665,14 +665,14 @@ class Net_IPv6 * Example: FF01:0:0:0:0:0:0:101 -> FF01::101 * 0:0:0:0:0:0:0:1 -> ::1 * - * When $ip is an already compressed address and $force is false, the method returns + * When $ip is an already compressed address and $force is false, the method returns * the value as is, even if the address can be compressed further. * * Example: FF01::0:1 -> FF01::0:1 * * To enforce maximum compression, you can set the second argument $force to true. * - * Example: FF01::0:1 -> FF01::1 + * Example: FF01::0:1 -> FF01::1 * * @param String $ip a valid IPv6-address (hex format) * @param boolean $force if true the address will be compressed as best as possible (since 1.2.0) @@ -683,14 +683,14 @@ class Net_IPv6 * @static * @author elfrink at introweb dot nl */ - static function compress($ip, $force = false) + static function compress($ip, $force = false) { - + if(false !== strpos($ip, '::')) { // its already compressed if(true == $force) { - $ip = Net_IPv6::uncompress($ip); + $ip = Net_IPv6::uncompress($ip); } else { @@ -798,20 +798,20 @@ class Net_IPv6 * Checks, if an IPv6 address can be compressed * * @param String $ip a valid IPv6 address - * + * * @return Boolean true, if address can be compressed - * + * * @access public * @since 1.2.0b * @static * @author Manuel Schmitt */ - static function isCompressible($ip) + static function isCompressible($ip) { return (bool)($ip != Net_IPv6::compress($address)); - } + } // }}} // {{{ SplitV64() @@ -826,7 +826,7 @@ class Net_IPv6 * 0:0:0:0:0:FFFF:129.144.52.38 * * @param String $ip a valid IPv6-address (hex format) - * @param Boolean $uncompress if true, the address will be uncompressed + * @param Boolean $uncompress if true, the address will be uncompressed * before processing * * @return Array [0] contains the IPv6 part, @@ -877,14 +877,14 @@ class Net_IPv6 { $elements = Net_IPv6::separate($ip); - + $ip = $elements[0]; if('' != $elements[1] && ( !is_numeric($elements[1]) || 0 > $elements[1] || 128 < $elements[1])) { return false; - } + } $ipPart = Net_IPv6::SplitV64($ip); $count = 0; @@ -901,14 +901,14 @@ class Net_IPv6 for ($i = 0; $i < count($ipv6); $i++) { if(4 < strlen($ipv6[$i])) { - + return false; } $dec = hexdec($ipv6[$i]); $hex = strtoupper(preg_replace("/^[0]{1,3}(.*[0-9a-fA-F])$/", - "\\1", + "\\1", $ipv6[$i])); if ($ipv6[$i] >= 0 && $dec <= 65535 @@ -967,8 +967,8 @@ class Net_IPv6 /** * Returns the lowest and highest IPv6 address * for a given IP and netmask specification - * - * The netmask may be a part of the $ip or + * + * The netmask may be a part of the $ip or * the number of netmask bits is provided via $bits * * The result is an indexed array. The key 'start' @@ -990,7 +990,7 @@ class Net_IPv6 $ip = null; $bitmask = null; - if ( null == $bits ) { + if ( null == $bits ) { $elements = explode('/', $ipToParse); @@ -1033,14 +1033,14 @@ class Net_IPv6 /** * Converts an IPv6 address from Hex into Binary representation. * - * @param String $ip the IP to convert (a:b:c:d:e:f:g:h), + * @param String $ip the IP to convert (a:b:c:d:e:f:g:h), * compressed IPs are allowed * * @return String the binary representation * @access private @ @since 1.1.0 */ - static function _ip2Bin($ip) + static function _ip2Bin($ip) { $binstr = ''; diff --git a/etc/inc/PEAR.inc b/etc/inc/PEAR.inc index 6fb91a3..a280602 100644 --- a/etc/inc/PEAR.inc +++ b/etc/inc/PEAR.inc @@ -178,7 +178,7 @@ class PEAR * but is included for forward compatibility, so subclass * destructors should always call it. * - * See the note in the class desciption about output from + * See the note in the class description about output from * destructors. * * @access public @@ -403,7 +403,7 @@ class PEAR } /** - * This method deletes all occurences of the specified element from + * This method deletes all occurrences of the specified element from * the expected error codes stack. * * @param mixed $error_code error code that should be deleted @@ -698,7 +698,7 @@ class PEAR } /** - * OS independant PHP extension load. Remember to take care + * OS independent PHP extension load. Remember to take care * on the correct extension name for case sensitive OSes. * * @param string $ext The extension name @@ -819,7 +819,7 @@ function _PEAR_call_destructors() /** * Standard PEAR error class for PHP 4 * - * This class is supserseded by {@link PEAR_Exception} in PHP 5 + * This class is superseded by {@link PEAR_Exception} in PHP 5 * * @category pear * @package PEAR diff --git a/etc/inc/ipsec.attributes.php b/etc/inc/ipsec.attributes.php index b8d900a..8a8ed5f 100644 --- a/etc/inc/ipsec.attributes.php +++ b/etc/inc/ipsec.attributes.php @@ -1,7 +1,7 @@ diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 53c6026..0780e2f 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -167,9 +167,11 @@ $p2_pfskeygroups = array( function ipsec_ikeid_used($ikeid) { global $config; - foreach ($config['ipsec']['phase1'] as $ph1ent) - if( $ikeid == $ph1ent['ikeid'] ) + foreach ($config['ipsec']['phase1'] as $ph1ent) { + if ( $ikeid == $ph1ent['ikeid'] ) { return true; + } + } return false; } @@ -177,8 +179,9 @@ function ipsec_ikeid_used($ikeid) { function ipsec_ikeid_next() { $ikeid = 1; - while(ipsec_ikeid_used($ikeid)) + while (ipsec_ikeid_used($ikeid)) { $ikeid++; + } return $ikeid; } @@ -190,7 +193,7 @@ function ipsec_get_phase1_src(& $ph1ent) { if ($ph1ent['interface']) { if (!is_ipaddr($ph1ent['interface'])) { - if ($ph1ent['protocol'] == "inet6") { + if ($ph1ent['protocol'] == "inet6") { $interfaceip = get_interface_ipv6($ph1ent['interface']); } else { $interfaceip = get_interface_ip($ph1ent['interface']); @@ -200,10 +203,11 @@ function ipsec_get_phase1_src(& $ph1ent) { } } else { $if = "wan"; - if ($ph1ent['protocol'] == "inet6") + if ($ph1ent['protocol'] == "inet6") { $interfaceip = get_interface_ipv6($if); - else + } else { $interfaceip = get_interface_ip($if); + } } return $interfaceip; @@ -215,15 +219,18 @@ function ipsec_get_phase1_src(& $ph1ent) { function ipsec_get_phase1_dst(& $ph1ent) { global $g; - if (empty($ph1ent['remote-gateway'])) + if (empty($ph1ent['remote-gateway'])) { return false; + } $rg = $ph1ent['remote-gateway']; if (!is_ipaddr($rg)) { - if(! platform_booting()) + if (! platform_booting()) { return resolve_retry($rg); + } } - if(!is_ipaddr($rg)) + if (!is_ipaddr($rg)) { return false; + } return $rg; } @@ -237,10 +244,11 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") { switch ($idinfo['type']) { case "address": if ($addrbits) { - if ($mode == "tunnel6") + if ($mode == "tunnel6") { return $idinfo['address']."/128"; - else + } else { return $idinfo['address']."/32"; + } } else return $idinfo['address']; break; /* NOTREACHED */ @@ -252,8 +260,9 @@ function ipsec_idinfo_to_cidr(& $idinfo, $addrbits = false, $mode = "") { return '0.0.0.0/0'; break; /* NOTREACHED */ default: - if (empty($mode) && !empty($idinfo['mode'])) + if (empty($mode) && !empty($idinfo['mode'])) { $mode = $idinfo['mode']; + } if ($mode == "tunnel6") { $address = get_interface_ipv6($idinfo['type']); @@ -279,10 +288,11 @@ function ipsec_idinfo_to_subnet(& $idinfo,$addrbits = false) { switch ($idinfo['type']) { case "address": if ($addrbits) { - if ($idinfo['mode'] == "tunnel6") + if ($idinfo['mode'] == "tunnel6") { return $idinfo['address']."/128"; - else + } else { return $idinfo['address']."/255.255.255.255"; + } } else return $idinfo['address']; break; /* NOTREACHED */ @@ -316,24 +326,25 @@ function ipsec_idinfo_to_text(& $idinfo) { global $config; switch ($idinfo['type']) { - case "address": - return $idinfo['address']; - break; /* NOTREACHED */ - case "network": - return $idinfo['address']."/".$idinfo['netbits']; - break; /* NOTREACHED */ - case "mobile": - return gettext("Mobile Client"); - break; /* NOTREACHED */ - case "none": - return gettext("None"); - break; /* NOTREACHED */ - default: - if (!empty($config['interfaces'][$idinfo['type']])) - return convert_friendly_interface_to_friendly_descr($idinfo['type']); - else - return strtoupper($idinfo['type']); - break; /* NOTREACHED */ + case "address": + return $idinfo['address']; + break; /* NOTREACHED */ + case "network": + return $idinfo['address']."/".$idinfo['netbits']; + break; /* NOTREACHED */ + case "mobile": + return gettext("Mobile Client"); + break; /* NOTREACHED */ + case "none": + return gettext("None"); + break; /* NOTREACHED */ + default: + if (!empty($config['interfaces'][$idinfo['type']])) { + return convert_friendly_interface_to_friendly_descr($idinfo['type']); + } else { + return strtoupper($idinfo['type']); + } + break; /* NOTREACHED */ } } @@ -343,18 +354,21 @@ function ipsec_idinfo_to_text(& $idinfo) { function ipsec_lookup_phase1(& $ph2ent,& $ph1ent) { global $config; - if (!is_array($config['ipsec'])) + if (!is_array($config['ipsec'])) { return false; - if (!is_array($config['ipsec']['phase1'])) + } + if (!is_array($config['ipsec']['phase1'])) { return false; - if (empty($config['ipsec']['phase1'])) + } + if (empty($config['ipsec']['phase1'])) { return false; + } foreach ($config['ipsec']['phase1'] as $ph1tmp) { - if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) { - $ph1ent = $ph1tmp; - return $ph1ent; - } + if ($ph1tmp['ikeid'] == $ph2ent['ikeid']) { + $ph1ent = $ph1tmp; + return $ph1ent; + } } return false; @@ -367,8 +381,9 @@ function ipsec_phase1_status(&$ipsec_status, $ikeid) { foreach ($ipsec_status as $ike) { if ($ike['id'] == $ikeid) { - if ($ike['status'] == 'established') + if ($ike['status'] == 'established') { return true; + } } } @@ -380,8 +395,9 @@ function ipsec_phase1_status(&$ipsec_status, $ikeid) { */ function ipsec_phase2_status(&$ipsec_status, &$phase2) { - if (ipsec_lookup_phase1($ph2ent,$ph1ent)) + if (ipsec_lookup_phase1($ph2ent,$ph1ent)) { return ipsec_phase1_status($ipsec_status, $ph1ent['ikeid']); + } return false; } @@ -406,8 +422,9 @@ function ipsec_smp_dump_status() { $response = ""; while (!strstr($sread, "")) { $sread = fgets($fd); - if ($sread === false) + if ($sread === false) { break; + } $response .= $sread; } fclose($fd); @@ -438,13 +455,16 @@ function ipsec_dump_spd() if ($fd) { while (!feof($fd)) { $line = chop(fgets($fd)); - if (!$line) + if (!$line) { continue; - if ($line == "No SPD entries.") + } + if ($line == "No SPD entries.") { break; + } if ($line[0] != "\t") { - if (is_array($cursp)) + if (is_array($cursp)) { $spd[] = $cursp; + } $cursp = array(); $linea = explode(" ", $line); $cursp['srcid'] = substr($linea[0], 0, strpos($linea[0], "[")); @@ -453,13 +473,13 @@ function ipsec_dump_spd() } else if (is_array($cursp)) { $line = trim($line, "\t\r\n "); $linea = explode(" ", $line); - switch($i) - { + switch ($i) { case 1: - if ($linea[1] == "none") /* don't show default anti-lockout rule */ + if ($linea[1] == "none") /* don't show default anti-lockout rule */ { unset($cursp); - else + } else { $cursp['dir'] = $linea[0]; + } break; case 2: $upperspec = explode("/", $linea[0]); @@ -471,8 +491,9 @@ function ipsec_dump_spd() } $i++; } - if (is_array($cursp) && count($cursp)) + if (is_array($cursp) && count($cursp)) { $spd[] = $cursp; + } pclose($fd); } @@ -489,29 +510,29 @@ function ipsec_dump_sad() if ($fd) { while (!feof($fd)) { $line = chop(fgets($fd)); - if (!$line || $line[0] == " ") + if (!$line || $line[0] == " ") { continue; - if ($line == "No SAD entries.") + } + if ($line == "No SAD entries.") { break; - if ($line[0] != "\t") - { - if (is_array($cursa)) + } + if ($line[0] != "\t") { + if (is_array($cursa)) { $sad[] = $cursa; + } $cursa = array(); list($cursa['src'],$cursa['dst']) = explode(" ", $line); - } - else - { + } else { $line = trim($line, "\t\n\r "); $linea = explode(" ", $line); foreach ($linea as $idx => $linee) { - if ($linee == 'esp' || $linee == 'ah' || $linee[0] == '#') + if ($linee == 'esp' || $linee == 'ah' || $linee[0] == '#') { $cursa['proto'] = $linee; - else if (substr($linee, 0, 3) == 'spi') + } else if (substr($linee, 0, 3) == 'spi') { $cursa['spi'] = substr($linee, strpos($linee, 'x') + 1, -1); - else if (substr($linee, 0, 5) == 'reqid') + } else if (substr($linee, 0, 5) == 'reqid') { $cursa['reqid'] = substr($linee, strpos($linee, 'x') + 1, -1); - else if (substr($linee, 0, 2) == 'E:') { + } else if (substr($linee, 0, 2) == 'E:') { $cursa['ealgo'] = $linea[$idx + 1]; break; } else if (substr($linee, 0, 2) == 'A:') { @@ -521,12 +542,12 @@ function ipsec_dump_sad() $cursa['data'] = substr($linea[$idx + 1], 0, strpos($linea[$idx + 1], 'bytes') - 1) . ' B'; break; } - } } } - if (is_array($cursa) && count($cursa)) + if (is_array($cursa) && count($cursa)) { $sad[] = $cursa; + } pclose($fd); } @@ -547,8 +568,9 @@ function ipsec_dump_mobile() { } /* This is needed for fixing #4130 */ - if (filesize("{$g['tmp_path']}/strongswan_leases.xml") < 200) + if (filesize("{$g['tmp_path']}/strongswan_leases.xml") < 200) { return array(); + } $custom_listtags = array('lease', 'pool'); $response = parse_xml_config("{$g['tmp_path']}/strongswan_leases.xml", "leases"); @@ -570,13 +592,13 @@ function ipsec_mobilekey_sort() { function ipsec_get_number_of_phase2($ikeid) { global $config; - $a_phase2 = $config['ipsec']['phase2']; + $a_phase2 = $config['ipsec']['phase2']; $nbph2=0; - if (is_array($a_phase2) && count($a_phase2)) { - foreach ($a_phase2 as $ph2tmp) { - if ($ph2tmp['ikeid'] == $ikeid) { + if (is_array($a_phase2) && count($a_phase2)) { + foreach ($a_phase2 as $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { $nbph2++; } } @@ -589,8 +611,9 @@ function ipsec_get_descr($ikeid) { global $config; if (!isset($config['ipsec']['phase1']) || - !is_array($config['ipsec']['phase1'])) + !is_array($config['ipsec']['phase1'])) { return ''; + } foreach ($config['ipsec']['phase1'] as $p1) { if ($p1['ikeid'] == $ikeid) { @@ -602,26 +625,28 @@ function ipsec_get_descr($ikeid) { } function ipsec_get_phase1($ikeid) { - global $config; - - if (!isset($config['ipsec']['phase1']) || - !is_array($config['ipsec']['phase1'])) - return ''; - - $a_phase1 = $config['ipsec']['phase1']; - foreach ($a_phase1 as $p1) { - if ($p1['ikeid'] == $ikeid) { - return $p1; - } - } - unset($a_phase1); + global $config; + + if (!isset($config['ipsec']['phase1']) || + !is_array($config['ipsec']['phase1'])) { + return ''; + } + + $a_phase1 = $config['ipsec']['phase1']; + foreach ($a_phase1 as $p1) { + if ($p1['ikeid'] == $ikeid) { + return $p1; + } + } + unset($a_phase1); } function ipsec_fixup_ip($ipaddr) { - if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) + if (is_ipaddrv6($ipaddr) || is_subnetv6($ipaddr)) { return Net_IPv6::compress(Net_IPv6::uncompress($ipaddr)); - else + } else { return $ipaddr; + } } function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { @@ -630,66 +655,71 @@ function ipsec_find_id(& $ph1ent, $side = "local", $rgmap = array()) { $id_data = $ph1ent['myid_data']; $addr = ipsec_get_phase1_src($ph1ent); - if (!$addr) + if (!$addr) { return array(); + } } elseif ($side = "peer") { $id_type = $ph1ent['peerid_type']; $id_data = $ph1ent['peerid_data']; - if (isset($ph1ent['mobile'])) + if (isset($ph1ent['mobile'])) { $addr = "%any"; - else + } else { $addr = $ph1ent['remote-gateway']; - } else + } + } else { return array(); + } $thisid_type = $id_type; switch ($thisid_type) { - case 'myaddress': - $thisid_type = 'address'; - $thisid_data = $addr; - break; - case 'dyn_dns': - $thisid_type = 'dns'; - $thisid_data = $id_data; - break; - case 'peeraddress': - $thisid_type = 'address'; - $thisid_data = $rgmap[$ph1ent['remote-gateway']]; - break; - case 'address': - $thisid_data = $id_data; - break; - case 'fqdn': - $thisid_data = "{$id_data}"; - break; - case 'keyid tag': - $thisid_type = 'keyid'; - $thisid_data = "{$thisid_data}"; - break; - case 'user_fqdn': - $thisid_type = 'userfqdn'; - $thisid_data = "{$id_data}"; - break; - case 'asn1dn': - $thisid_data = $id_data; - if ($thisid_data && $thisid_data[0] != '"') - $thisid_data = "\"{$id_data}\""; - break; + case 'myaddress': + $thisid_type = 'address'; + $thisid_data = $addr; + break; + case 'dyn_dns': + $thisid_type = 'dns'; + $thisid_data = $id_data; + break; + case 'peeraddress': + $thisid_type = 'address'; + $thisid_data = $rgmap[$ph1ent['remote-gateway']]; + break; + case 'address': + $thisid_data = $id_data; + break; + case 'fqdn': + $thisid_data = "{$id_data}"; + break; + case 'keyid tag': + $thisid_type = 'keyid'; + $thisid_data = "{$thisid_data}"; + break; + case 'user_fqdn': + $thisid_type = 'userfqdn'; + $thisid_data = "{$id_data}"; + break; + case 'asn1dn': + $thisid_data = $id_data; + if ($thisid_data && $thisid_data[0] != '"') { + $thisid_data = "\"{$id_data}\""; + } + break; } return array($thisid_type, $thisid_data); } function ipsec_fixup_network($network) { - if (substr($network, -3) == '|/0') + if (substr($network, -3) == '|/0') { $result = substr($network, 0, -3); - else { + } else { $tmp = explode('|', $network); - if (isset($tmp[1])) + if (isset($tmp[1])) { $result = $tmp[1]; - else + } else { $result = $tmp[0]; + } unset($tmp); } @@ -699,14 +729,16 @@ function ipsec_fixup_network($network) { function ipsec_new_reqid() { global $config; - if (!is_array($config['ipsec']) || !is_array($config['ipsec']['phase2'])) + if (!is_array($config['ipsec']) || !is_array($config['ipsec']['phase2'])) { return; + } $ipsecreqid = lock('ipsecreqids', LOCK_EX); $keyids = array(); $keyid = 1; - foreach ($config['ipsec']['phase2'] as $ph2) + foreach ($config['ipsec']['phase2'] as $ph2) { $keyids[$ph2['reqid']] = $ph2['reqid']; + } for ($i = 1; $i < 16000; $i++) { if (!isset($keyids[$i])) { diff --git a/etc/inc/itemid.inc b/etc/inc/itemid.inc index 2e228c3..dff4a8b 100644 --- a/etc/inc/itemid.inc +++ b/etc/inc/itemid.inc @@ -5,29 +5,29 @@ */ /* - Copyright (C) 2009 Janne Enberg - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + Copyright (C) 2009 Janne Enberg + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ @@ -40,24 +40,25 @@ * RESULT * boolean - true if item was found and deleted ******/ -function delete_id($id, &$array){ +function delete_id($id, &$array) { // Index to delete $delete_index = NULL; - if (!is_array($array)) + if (!is_array($array)) { return false; + } // Search for the item in the array - foreach ($array as $key => $item){ + foreach ($array as $key => $item) { // If this item is the one we want to delete - if(isset($item['associated-rule-id']) && $item['associated-rule-id']==$id ){ + if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$id ) { $delete_index = $key; break; } } // If we found the item, unset it - if( $delete_index!==NULL ){ + if ($delete_index!==NULL) { unset($array[$delete_index]); return true; } else { @@ -78,14 +79,16 @@ function delete_id($id, &$array){ function get_id($id, &$array) { // Use $foo = &get_id('id', array('id'=>'value')); - if (!is_array($array)) + if (!is_array($array)) { return false; + } // Search for the item in the array - foreach ($array as $key => $item){ + foreach ($array as $key => $item) { // If this item is the one we want to delete - if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$id) + if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$id) { return $key; + } } return false; @@ -97,7 +100,7 @@ function get_id($id, &$array) { * RESULT * string - unique id ******/ -function get_unique_id(){ +function get_unique_id() { return uniqid("nat_", true); } diff --git a/etc/inc/led.inc b/etc/inc/led.inc index 9d06059..1661950 100644 --- a/etc/inc/led.inc +++ b/etc/inc/led.inc @@ -84,8 +84,9 @@ function led_digit($led, $digitstring) { $dstring = "d"; while ($i < strlen($digitstring)) { $thisdigit = substr($digitstring, $i++, 1); - if (is_numeric($thisdigit)) + if (is_numeric($thisdigit)) { $dstring .= $thisdigit; + } } led_ctl($led, $dstring); } @@ -123,8 +124,9 @@ function led_count() { */ function led_exists($led) { global $led_root; - if (!is_numeric($led)) + if (!is_numeric($led)) { return false; + } return file_exists("{$led_root}{$led}"); } diff --git a/etc/inc/login_sasl_client.inc b/etc/inc/login_sasl_client.inc index 923d16e..f5cc050 100644 --- a/etc/inc/login_sasl_client.inc +++ b/etc/inc/login_sasl_client.inc @@ -23,7 +23,7 @@ class login_sasl_client_class Function Start(&$client, &$message, &$interactions) { - if($this->state!=SASL_LOGIN_STATE_START) + if ($this->state!=SASL_LOGIN_STATE_START) { $client->error="LOGIN authentication state is not at the start"; return(SASL_FAIL); @@ -37,7 +37,7 @@ class login_sasl_client_class "realm"=>"" ); $status=$client->GetCredentials($this->credentials,$defaults,$interactions); - if($status==SASL_CONTINUE) + if ($status==SASL_CONTINUE) $this->state=SASL_LOGIN_STATE_IDENTIFY_USER; Unset($message); return($status); @@ -45,7 +45,7 @@ class login_sasl_client_class Function Step(&$client, $response, &$message, &$interactions) { - switch($this->state) + switch ($this->state) { case SASL_LOGIN_STATE_IDENTIFY_USER: $message=$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : ""); diff --git a/etc/inc/meta.inc b/etc/inc/meta.inc index 11295f5..520e622 100644 --- a/etc/inc/meta.inc +++ b/etc/inc/meta.inc @@ -33,7 +33,7 @@ * followed by the appropriate value or value pair. All markers * are prefixed with a ##| sequence. The + suffix is used to * denote the beginning of a tag block followed by the tag name. - * A - suffix is used to denote the end of a tag blaock. Values + * A - suffix is used to denote the end of a tag block. Values * are denoted using the * suffix and can optionally be expressed * as a key value pair. An example of a metadata tag block ... * @@ -48,7 +48,7 @@ * metadata['']['INFO']['BLAH'][0] == true * metadata['']['INFO']['TEXT'][0] == "SOME TEXT" * - * NOTE: All statements must be at the begining of a line and + * NOTE: All statements must be at the beginning of a line and * contiguous for a tag. The example shown above would not be * processed due to the extra ' * ' comment chars. * @@ -60,8 +60,9 @@ function list_phpfiles($path, & $found) { - if (!is_array($found)) + if (!is_array($found)) { $found = array(); + } $dir = opendir($path); if (!$dir) { @@ -69,11 +70,13 @@ function list_phpfiles($path, & $found) { return; } - while($fname = readdir($dir)) { - if($fname == "." || $fname == ".." || $fname[0] == '.') + while ($fname = readdir($dir)) { + if ($fname == "." || $fname == ".." || $fname[0] == '.') { continue; - if (fnmatch('*.php', $fname)) + } + if (fnmatch('*.php', $fname)) { $found[] = $fname; + } } } @@ -83,16 +86,19 @@ function list_phpfiles($path, & $found) { function read_file_metadata($fpath, & $metadata, $taglist = false) { - if (!is_array($metadata)) + if (!is_array($metadata)) { $metadata = array(); + } - if ($taglist) + if ($taglist) { $taglist = explode(",", $taglist); + } $fname = $fpath; $slash = strrpos($fname,"/"); - if ($slash) + if ($slash) { $fname = substr($fname,$slash + 1); + } $fdata = @file_get_contents($fpath); if (!$fdata) { @@ -107,20 +113,24 @@ function read_file_metadata($fpath, & $metadata, $taglist = false) { while (true) { $tagbeg_off = stripos($fdata, "##|+", $offset); - if ($tagbeg_off === false) + if ($tagbeg_off === false) { break; + } $tagbeg_trm = stripos($fdata, "\n", $tagbeg_off); - if ($tagbeg_trm === false) + if ($tagbeg_trm === false) { break; + } $tagend_off = stripos($fdata, "##|-", $tagbeg_trm); - if ($tagend_off === false) + if ($tagend_off === false) { break; + } $tagend_trm = stripos($fdata, "\n", $tagend_off); - if ($tagend_trm === false) + if ($tagend_trm === false) { break; + } $tagbeg_len = $tagbeg_trm - $tagbeg_off; $tagend_len = $tagend_trm - $tagend_off; @@ -146,17 +156,20 @@ function read_file_metadata($fpath, & $metadata, $taglist = false) { $offset = $tagend_trm + 1; - if (is_array($taglist)) - if (!in_array($tagbeg,$taglist)) + if (is_array($taglist)) { + if (!in_array($tagbeg,$taglist)) { continue; + } + } $vals = array(); $lines = explode("\n",$mdata); foreach ($lines as $line) { - if (!strlen($line)) + if (!strlen($line)) { continue; + } $valtag = stripos($line, "##|*"); if ($valtag === false || $valtag) { @@ -189,12 +202,14 @@ function read_file_metadata($fpath, & $metadata, $taglist = false) { $vals[$vname][] = $vdata; } - if (count($vals)) + if (count($vals)) { $tags[$tagbeg] = $vals; + } } - if (count($tags)) + if (count($tags)) { $metadata[$fname] = $tags; + } } ?> diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index bad3a32..4b9655b 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -1,37 +1,35 @@ $id, @@ -82,7 +82,7 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = ); $queue[$queuekey] = $toqueue; $queueout = fopen($notice_path, "w"); - if(!$queueout) { + if (!$queueout) { log_error(printf(gettext("Could not open %s for writing"), $notice_path)); return; } @@ -90,8 +90,9 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = fclose($queueout); log_error("New alert found: $notice"); /* soekris */ - if(file_exists("/dev/led/error")) + if (file_exists("/dev/led/error")) { exec("/bin/echo 1 > /dev/led/error"); + } /* wrap & alix */ led_normalize(); led_morse(1, 'sos'); @@ -111,13 +112,16 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = function get_notices($category = "all") { global $g; - if(file_exists("{$g['tmp_path']}/notices")) { + if (file_exists("{$g['tmp_path']}/notices")) { $queue = unserialize(file_get_contents("{$g['tmp_path']}/notices")); - if(!$queue) return false; - if($category != 'all') { - foreach($queue as $time => $notice) { - if(strtolower($notice['category']) == strtolower($category)) + if (!$queue) { + return false; + } + if ($category != 'all') { + foreach ($queue as $time => $notice) { + if (strtolower($notice['category']) == strtolower($category)) { $toreturn[$time] = $notice; + } } return $toreturn; } else { @@ -140,35 +144,38 @@ function close_notice($id) { global $notice_path; require_once("util.inc"); /* soekris */ - if(file_exists("/dev/led/error")) + if (file_exists("/dev/led/error")) { exec("/bin/echo 0 > /dev/led/error"); + } /* wrap & alix */ led_normalize(); $ids = array(); - if(!$notices = get_notices()) return; - if($id == "all") { + if (!$notices = get_notices()) { + return; + } + if ($id == "all") { unlink_if_exists($notice_path); return; } - foreach(array_keys($notices) as $time) { - if($id == $time) { + foreach (array_keys($notices) as $time) { + if ($id == $time) { unset($notices[$id]); break; } } - foreach($notices as $key => $notice) { + foreach ($notices as $key => $notice) { $ids[$key] = $notice['id']; } - foreach($ids as $time => $tocheck) { - if($id == $tocheck) { + foreach ($ids as $time => $tocheck) { + if ($id == $tocheck) { unset($notices[$time]); break; } } - if(count($notices) != 0) { + if (count($notices) != 0) { $queueout = fopen($notice_path, "w"); - fwrite($queueout, serialize($notices)); - fclose($queueout); + fwrite($queueout, serialize($notices)); + fclose($queueout); } else { unlink_if_exists($notice_path); } @@ -185,14 +192,17 @@ function close_notice($id) { * Outputs notices in XML formatted text ******/ function dump_xml_notices() { - if(file_exists("/cf/conf/use_xmlreader")) + if (file_exists("/cf/conf/use_xmlreader")) { require_once("xmlreader.inc"); - else + } else { require_once("xmlparse.inc"); + } global $notice_path, $listtags; $listtags[] = 'notice'; - if(!$notices = get_notices()) return; - foreach($notices as $time => $notice) { + if (!$notices = get_notices()) { + return; + } + foreach ($notices as $time => $notice) { $notice['time'] = $time; $toput['notice'][] = $notice; } @@ -209,21 +219,23 @@ function dump_xml_notices() { * prints notices to the GUI ******/ function print_notices($notices, $category = "all") { - foreach($notices as $notice) { - if($category != "all") { - if(in_array($notice['category'], $category)) $categories[] = $notice['category']; + foreach ($notices as $notice) { + if ($category != "all") { + if (in_array($notice['category'], $category)) { + $categories[] = $notice['category']; + } } else { $categories[] = $notice['category']; } } $categories = array_unique($categories); sort($categories); - foreach($categories as $category) { + foreach ($categories as $category) { $toreturn .= "
  • {$category}
      "; - foreach($notices as $notice) { - if(strtolower($notice['category']) == strtolower($category)) { - if($notice['id'] != "") { - if($notice['url'] != "") { + foreach ($notices as $notice) { + if (strtolower($notice['category']) == strtolower($category)) { + if ($notice['id'] != "") { + if ($notice['url'] != "") { $toreturn .= "
    • {$notice['id']} - {$notice['notice']}
      • "; } else { $toreturn .= "
    • {$notice['id']} - {$notice['notice']}
      • "; @@ -246,7 +258,9 @@ function print_notices($notices, $category = "all") { ******/ function print_notice_box($category = "all") { $notices = get_notices(); - if(!$notices) return; + if (!$notices) { + return; + } print_info_box_np(print_notices($notices, $category)); return; } @@ -261,7 +275,7 @@ function print_notice_box($category = "all") { ******/ function are_notices_pending($category = "all") { global $notice_path; - if(file_exists($notice_path)) { + if (file_exists($notice_path)) { return true; } return false; @@ -277,17 +291,20 @@ function are_notices_pending($category = "all") { ******/ function notify_via_smtp($message, $force = false) { global $config, $g; - if(platform_booting()) + if (platform_booting()) { return; + } - if(isset($config['notifications']['smtp']['disable']) && !$force) + if (isset($config['notifications']['smtp']['disable']) && !$force) { return; + } /* Do NOT send the same message twice */ - if(file_exists("/var/db/notices_lastmsg.txt")) { + if (file_exists("/var/db/notices_lastmsg.txt")) { $lastmsg = trim(file_get_contents("/var/db/notices_lastmsg.txt")); - if($lastmsg == $message) + if ($lastmsg == $message) { return; + } } /* Store last message sent to avoid spamming */ @@ -304,14 +321,17 @@ function send_smtp_message($message, $subject = "(no subject)", $force = false) require_once("sasl.inc"); require_once("smtp.inc"); - if(isset($config['notifications']['smtp']['disable']) && !$force) + if (isset($config['notifications']['smtp']['disable']) && !$force) { return; + } - if(!$config['notifications']['smtp']['ipaddress']) + if (!$config['notifications']['smtp']['ipaddress']) { return; + } - if(!$config['notifications']['smtp']['notifyemailaddress']) + if (!$config['notifications']['smtp']['notifyemailaddress']) { return; + } $smtp = new smtp_class; @@ -327,13 +347,14 @@ function send_smtp_message($message, $subject = "(no subject)", $force = false) $smtp->debug = 0; $smtp->html_debug = 0; $smtp->localhost=$config['system']['hostname'].".".$config['system']['domain']; - - if($config['notifications']['smtp']['fromaddress']) + + if ($config['notifications']['smtp']['fromaddress']) { $from = $config['notifications']['smtp']['fromaddress']; - + } + // Use SMTP Auth if fields are filled out - if($config['notifications']['smtp']['username'] && - $config['notifications']['smtp']['password']) { + if ($config['notifications']['smtp']['username'] && + $config['notifications']['smtp']['password']) { if (isset($config['notifications']['smtp']['authentication_mechanism'])) { $smtp->authentication_mechanism = $config['notifications']['smtp']['authentication_mechanism']; } else { @@ -350,7 +371,7 @@ function send_smtp_message($message, $subject = "(no subject)", $force = false) "Date: ".date("r") ); - if($smtp->SendMessage($from, preg_split('/\s*,\s*/', trim($to)), $headers, $message)) { + if ($smtp->SendMessage($from, preg_split('/\s*,\s*/', trim($to)), $headers, $message)) { log_error(sprintf(gettext("Message sent to %s OK"), $to)); return; } else { @@ -371,14 +392,16 @@ function notify_via_growl($message, $force=false) { require_once("growl.class"); global $config,$g; - if (isset($config['notifications']['growl']['disable']) && !$force) + if (isset($config['notifications']['growl']['disable']) && !$force) { return; + } /* Do NOT send the same message twice */ - if(file_exists("/var/db/growlnotices_lastmsg.txt")) { + if (file_exists("/var/db/growlnotices_lastmsg.txt")) { $lastmsg = trim(file_get_contents("/var/db/growlnotices_lastmsg.txt")); - if($lastmsg == $message) + if ($lastmsg == $message) { return; + } } $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; @@ -386,8 +409,8 @@ function notify_via_growl($message, $force=false) { $growl_password = $config['notifications']['growl']['password']; $growl_name = $config['notifications']['growl']['name']; $growl_notification = $config['notifications']['growl']['notification_name']; - - if(!empty($growl_ip)) { + + if (!empty($growl_ip)) { $growl = new Growl($growl_ip, $growl_password, $growl_name); $growl->notify("{$growl_notification}", gettext(sprintf("%s (%s) - Notification", $g['product_name'], $hostname)), "{$message}"); } @@ -413,9 +436,9 @@ function register_via_growl() { $growl_password = $config['notifications']['growl']['password']; $growl_name = $config['notifications']['growl']['name']; $growl_notification = $config['notifications']['growl']['notification_name']; - - if($growl_ip) { - $growl = new Growl($growl_ip, $growl_password, $growl_name); + + if ($growl_ip) { + $growl = new Growl($growl_ip, $growl_password, $growl_name); $growl->addNotification($growl_notification); $growl->register(); } diff --git a/etc/inc/ntlm_sasl_client.inc b/etc/inc/ntlm_sasl_client.inc index f21fcb5..18e5658 100644 --- a/etc/inc/ntlm_sasl_client.inc +++ b/etc/inc/ntlm_sasl_client.inc @@ -18,12 +18,12 @@ class ntlm_sasl_client_class Function Initialize(&$client) { - if(!function_exists($function="mcrypt_encrypt") - || !function_exists($function="hash")) + if (!function_exists($function="mcrypt_encrypt") || + !function_exists($function="hash")) { $extensions=array( "mcrypt_encrypt"=>"mcrypt", - "hash"=>"hash" + "hash"=>"hash" ); $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; return(0); @@ -33,7 +33,7 @@ class ntlm_sasl_client_class Function ASCIIToUnicode($ascii) { - for($unicode="",$a=0;$aASCIIToUnicode($password); - $md4=hash("md4", $unicode); + $md4=hash("md4", $unicode); $padded=$md4.str_repeat(chr(0),21-strlen($md4)); $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); - for($response="",$third=0;$third<21;$third+=7) + for ($response="",$third=0;$third<21;$third+=7) { - for($packed="",$p=$third;$p<$third+7;$p++) - $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); - for($key="",$p=0;$pstate!=SASL_NTLM_STATE_START) + if ($this->state!=SASL_NTLM_STATE_START) { $client->error="NTLM authentication state is not at the start"; return(SASL_FAIL); @@ -147,7 +147,7 @@ class ntlm_sasl_client_class ); $defaults=array(); $status=$client->GetCredentials($this->credentials,$defaults,$interactions); - if($status==SASL_CONTINUE) + if ($status==SASL_CONTINUE) $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; Unset($message); return($status); @@ -155,7 +155,7 @@ class ntlm_sasl_client_class Function Step(&$client, $response, &$message, &$interactions) { - switch($this->state) + switch ($this->state) { case SASL_NTLM_STATE_IDENTIFY_DOMAIN: $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); diff --git a/etc/inc/openvpn.attributes.php b/etc/inc/openvpn.attributes.php index 8a04ca4..467d691 100644 --- a/etc/inc/openvpn.attributes.php +++ b/etc/inc/openvpn.attributes.php @@ -1,7 +1,7 @@ if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) { @@ -145,12 +147,14 @@ if (!is_array($authmodes)) { $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); - if (!$authcfg && $authmode != "local") + if (!$authcfg && $authmode != "local") { continue; + } $authenticated = authenticate_user($username, $password, $authcfg, $attributes); - if ($authenticated == true) + if ($authenticated == true) { break; + } } if ($authenticated == false) { @@ -165,42 +169,47 @@ if ($authenticated == false) { } } -if (file_exists("/etc/inc/openvpn.attributes.php")) - include_once("/etc/inc/openvpn.attributes.php"); - +if (file_exists("/etc/inc/openvpn.attributes.php")) { + include_once("/etc/inc/openvpn.attributes.php"); +} + $content = ""; if (is_array($attributes['dns-servers'])) { - foreach ($attributes['dns-servers'] as $dnssrv) { - if (is_ipaddr($dnssrv)) - $content .= "push \"dhcp-option DNS {$dnssrv}\"\n"; - } + foreach ($attributes['dns-servers'] as $dnssrv) { + if (is_ipaddr($dnssrv)) { + $content .= "push \"dhcp-option DNS {$dnssrv}\"\n"; + } + } } if (is_array($attributes['routes'])) { - foreach ($attributes['routes'] as $route) + foreach ($attributes['routes'] as $route) { $content .= "push \"route {$route} vpn_gateway\"\n"; + } } if (isset($attributes['framed_ip'])) { /* XXX: only use when TAP windows driver >= 8.2.x */ -/* if (isset($attributes['framed_mask'])) { - $content .= "topology subnet\n"; - $content .= "ifconfig-push {$attributes['framed_ip']} {$attributes['framed_mask']}"; - } else { +/* if (isset($attributes['framed_mask'])) { + $content .= "topology subnet\n"; + $content .= "ifconfig-push {$attributes['framed_ip']} {$attributes['framed_mask']}"; + } else { */ - $content .= "topology net30\n"; - $content .= "ifconfig-push {$attributes['framed_ip']} ". long2ip((ip2long($attributes['framed_ip']) + 1)); -// } + $content .= "topology net30\n"; + $content .= "ifconfig-push {$attributes['framed_ip']} ". long2ip((ip2long($attributes['framed_ip']) + 1)); +// } +} + +if (!empty($content)) { + @file_put_contents("{$g['tmp_path']}/{$username}", $content); } - -if (!empty($content)) - @file_put_contents("{$g['tmp_path']}/{$username}", $content); syslog(LOG_NOTICE, "user '{$username}' authenticated\n"); closelog(); -if (isset($_GET['username'])) +if (isset($_GET['username'])) { echo "OK"; -else +} else { return (0); +} ?> diff --git a/etc/inc/openvpn.tls-verify.php b/etc/inc/openvpn.tls-verify.php index 9fd896b..023ec19 100644 --- a/etc/inc/openvpn.tls-verify.php +++ b/etc/inc/openvpn.tls-verify.php @@ -31,7 +31,7 @@ */ /* - pfSense_BUILDER_BINARIES: + pfSense_BUILDER_BINARIES: pfSense_MODULE: openvpn */ /* @@ -63,8 +63,9 @@ if (isset($_GET['certdepth'])) { $subj = explode("/", $cert_subject); foreach ($subj at $s) { list($n, $v) = explode("=", $s); - if ($n == "CN") + if ($n == "CN") { $common_name = $v; + } } */ @@ -87,9 +88,10 @@ if (isset($allowed_depth) && ($cert_depth > $allowed_depth)) { //syslog(LOG_WARNING, "Found certificate {$argv[2]} with depth {$cert_depth}\n"); closelog(); -if (isset($_GET['certdepth'])) +if (isset($_GET['certdepth'])) { echo "OK"; -else +} else { exit(0); +} ?> diff --git a/etc/inc/plain_sasl_client.inc b/etc/inc/plain_sasl_client.inc index c7feed0..691580c 100644 --- a/etc/inc/plain_sasl_client.inc +++ b/etc/inc/plain_sasl_client.inc @@ -26,7 +26,7 @@ class plain_sasl_client_class Function Start(&$client, &$message, &$interactions) { - if($this->state!=SASL_PLAIN_STATE_START) + if ($this->state!=SASL_PLAIN_STATE_START) { $client->error="PLAIN authentication state is not at the start"; return(SASL_FAIL); @@ -42,9 +42,9 @@ class plain_sasl_client_class "mode"=>"" ); $status=$client->GetCredentials($this->credentials,$defaults,$interactions); - if($status==SASL_CONTINUE) + if ($status==SASL_CONTINUE) { - switch($this->credentials["mode"]) + switch ($this->credentials["mode"]) { case SASL_PLAIN_EXIM_MODE: $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; @@ -65,11 +65,11 @@ class plain_sasl_client_class Function Step(&$client, $response, &$message, &$interactions) { - switch($this->state) + switch ($this->state) { /* case SASL_PLAIN_STATE_IDENTIFY: - switch($this->credentials["mode"]) + switch ($this->credentials["mode"]) { case SASL_PLAIN_EXIM_MODE: $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index 8d1a736..ee6e876 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -49,46 +49,57 @@ require_once("priv.defs.inc"); /* Load and process custom privs. */ function get_priv_files($directory) { $dir_array = array(); - if(!is_dir($directory)) + if (!is_dir($directory)) { return; + } if ($dh = opendir($directory)) { while (($file = readdir($dh)) !== false) { $canadd = 0; - if($file == ".") + if ($file == ".") { $canadd = 1; - if($file == "..") + } + if ($file == "..") { $canadd = 1; - if($canadd == 0) + } + if ($canadd == 0) { array_push($dir_array, $file); + } } closedir($dh); } - if(!is_array($dir_array)) + if (!is_array($dir_array)) { return; + } return $dir_array; } // Load and sort privs $dir_array = get_priv_files("/etc/inc/priv"); -foreach ($dir_array as $file) - if (!is_dir("/etc/inc/priv/{$file}") && stristr($file,".inc")) +foreach ($dir_array as $file) { + if (!is_dir("/etc/inc/priv/{$file}") && stristr($file,".inc")) { include("/etc/inc/priv/{$file}"); -if(is_dir("/usr/local/pkg/priv")) { + } +} +if (is_dir("/usr/local/pkg/priv")) { $dir_array = get_priv_files("/usr/local/pkg/priv"); - foreach ($dir_array as $file) - if (!is_dir("/usr/local/pkg/priv/{$file}") && stristr($file,".inc")) + foreach ($dir_array as $file) { + if (!is_dir("/usr/local/pkg/priv/{$file}") && stristr($file,".inc")) { include("/usr/local/pkg/priv/{$file}"); + } + } } -if(is_array($priv_list)) +if (is_array($priv_list)) { sort_privs($priv_list); +} function cmp_privkeys($a, $b) { /* user privs at the top */ $auser = strncmp("user-", $a, 5); $buser = strncmp("user-", $b, 5); - if($auser != $buser) + if ($auser != $buser) { return $auser - $buser; + } /* name compare others */ return strcasecmp($a, $b); @@ -103,27 +114,31 @@ function cmp_page_matches($page, & $matches, $fullwc = true) { // $dbg_matches = implode(",", $matches); // log_error("debug: checking page {$page} match with {$dbg_matches}"); - if (!is_array($matches)) + if (!is_array($matches)) { return false; + } /* skip any leading fwdslash */ $test = strpos($page, "/"); - if ($test !== false && $test == 0) + if ($test !== false && $test == 0) { $page = substr($page, 1); + } /* look for a match */ foreach ($matches as $match) { /* possibly ignore full wildcard match */ - if (!$fullwc && !strcmp($match ,"*")) + if (!$fullwc && !strcmp($match ,"*")) { continue; + } /* compare exact or wildcard match */ $match = str_replace(array(".", "*","?"), array("\.", ".*","\?"), $match); $result = preg_match("@^/{$match}$@", "/{$page}"); - - if ($result) + + if ($result) { return true; + } } return false; @@ -133,13 +148,16 @@ function map_page_privname($page) { global $priv_list; foreach ($priv_list as $pname => $pdata) { - if (strncmp($pname, "page-", 5)) + if (strncmp($pname, "page-", 5)) { continue; + } $fullwc = false; - if (!strcasecmp($page,"any")||!strcmp($page,"*")) + if (!strcasecmp($page,"any")||!strcmp($page,"*")) { $fullwc = true; - if (cmp_page_matches($page, $pdata['match'], $fullwc)) + } + if (cmp_page_matches($page, $pdata['match'], $fullwc)) { return $pname; + } } return false; @@ -151,30 +169,36 @@ function get_user_privdesc(& $user) { $privs = array(); $user_privs = $user['priv']; - if (!is_array($user_privs)) + if (!is_array($user_privs)) { $user_privs = array(); + } $names = local_user_get_groups($user, true); foreach ($names as $name) { $group = getGroupEntry($name); $group_privs = $group['priv']; - if (!is_array($group_privs)) + if (!is_array($group_privs)) { continue; + } foreach ($group_privs as $pname) { - if (in_array($pname,$user_privs)) + if (in_array($pname,$user_privs)) { continue; - if (!$priv_list[$pname]) + } + if (!$priv_list[$pname]) { continue; + } $priv = $priv_list[$pname]; $priv['group'] = $group['name']; $privs[] = $priv; } } - foreach ($user_privs as $pname) - if($priv_list[$pname]) + foreach ($user_privs as $pname) { + if ($priv_list[$pname]) { $privs[] = $priv_list[$pname]; + } + } return $privs; } @@ -182,19 +206,24 @@ function get_user_privdesc(& $user) { function isAllowed($username, $page) { global $_SESSION; - if (!isset($username)) + if (!isset($username)) { return false; + } /* admin/root access check */ $user = getUserEntry($username); - if (isset($user)) - if (isset($user['uid'])) - if ($user['uid']==0) + if (isset($user)) { + if (isset($user['uid'])) { + if ($user['uid']==0) { return true; + } + } + } /* user privilege access check */ - if (cmp_page_matches($page, $_SESSION['page-match'])) + if (cmp_page_matches($page, $_SESSION['page-match'])) { return true; + } return false; } @@ -206,15 +235,19 @@ function isAllowedPage($page) { $username = $_SESSION['Username']; - if (!isset($username)) + if (!isset($username)) { return false; + } /* admin/root access check */ $user = getUserEntry($username); - if (isset($user)) - if (isset($user['uid'])) - if ($user['uid']==0) + if (isset($user)) { + if (isset($user['uid'])) { + if ($user['uid']==0) { return true; + } + } + } /* user privilege access check */ return cmp_page_matches($page, $_SESSION['page-match']); @@ -223,51 +256,61 @@ function isAllowedPage($page) { function getPrivPages(& $entry, & $allowed_pages) { global $priv_list; - if (!is_array($entry['priv'])) + if (!is_array($entry['priv'])) { return; + } foreach ($entry['priv'] as $pname) { - if (strncmp($pname, "page-", 5)) + if (strncmp($pname, "page-", 5)) { continue; + } $priv = &$priv_list[$pname]; - if (!is_array($priv)) + if (!is_array($priv)) { continue; + } $matches = &$priv['match']; - if (!is_array($matches)) + if (!is_array($matches)) { continue; - foreach ($matches as $match) + } + foreach ($matches as $match) { $allowed_pages[] = $match; + } } } function getAllowedPages($username) { global $config, $_SESSION; - if (!function_exists("ldap_connect")) + if (!function_exists("ldap_connect")) { return; - + } + $allowed_pages = array(); $allowed_groups = array(); - + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); // obtain ldap groups if we are in ldap mode - if ($authcfg['type'] == "ldap") + if ($authcfg['type'] == "ldap") { $allowed_groups = @ldap_get_groups($username, $authcfg); - else { + } else { // search for a local user by name $local_user = getUserEntry($username); getPrivPages($local_user, $allowed_pages); // obtain local groups if we have a local user - if ($local_user) + if ($local_user) { $allowed_groups = local_user_get_groups($local_user); + } } // build a list of allowed pages - if (is_array($config['system']['group']) && is_array($allowed_groups)) - foreach ($config['system']['group'] as $group) - if (in_array($group['name'], $allowed_groups)) + if (is_array($config['system']['group']) && is_array($allowed_groups)) { + foreach ($config['system']['group'] as $group) { + if (in_array($group['name'], $allowed_groups)) { getPrivPages($group, $allowed_pages); + } + } + } // $dbg_pages = implode(",", $allowed_pages); // $dbg_groups = implode(",", $allowed_groups); -- cgit v1.1