From 26732357f475096b52e87bdde92a19781cb29f27 Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Mon, 13 Dec 2010 16:18:06 -0500 Subject: Ticket #960. Use XMLRPC automatic base64 encoding for strings (XML_RPC_auto_base64) --- etc/inc/xmlrpc_client.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/xmlrpc_client.inc b/etc/inc/xmlrpc_client.inc index bac5e1f..8b8a9a2 100644 --- a/etc/inc/xmlrpc_client.inc +++ b/etc/inc/xmlrpc_client.inc @@ -228,7 +228,7 @@ if (function_exists('mb_ereg')) { * which can cause PHP's SAX-based XML parser to break? * @global boolean $GLOBALS['XML_RPC_auto_base64'] */ -$GLOBALS['XML_RPC_auto_base64'] = false; +$GLOBALS['XML_RPC_auto_base64'] = true; /** @@ -2077,4 +2077,4 @@ function XML_RPC_encode($php_val) * End: */ -?> \ No newline at end of file +?> -- cgit v1.1 From a776c720e6757fc12222643665f749c2e6d05c1c Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 14 Dec 2010 10:42:38 -0500 Subject: Move some lb status parsing functions to a common area so they can be reused by the widget. --- etc/inc/vslb.inc | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index 3985337..82aeb06 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -283,4 +283,70 @@ function relayd_configure() { } +function get_lb_redirects() { +/* +# relayctl show summary +Id Type Name Avlblty Status +1 redirect testvs2 active +5 table test2:80 active (3 hosts up) +11 host 192.168.1.2 91.55% up +10 host 192.168.1.3 100.00% up +9 host 192.168.1.4 88.73% up +3 table test:80 active (1 hosts up) +7 host 192.168.1.2 66.20% down +6 host 192.168.1.3 97.18% up +0 redirect testvs active +3 table test:80 active (1 hosts up) +7 host 192.168.1.2 66.20% down +6 host 192.168.1.3 97.18% up +4 table testvs-sitedown:80 active (1 hosts up) +8 host 192.168.1.4 84.51% up +# relayctl show redirects +Id Type Name Avlblty Status +1 redirect testvs2 active +0 redirect testvs active +# relayctl show redirects +Id Type Name Avlblty Status +1 redirect testvs2 active + total: 2 sessions + last: 2/60s 2/h 2/d sessions + average: 1/60s 0/h 0/d sessions +0 redirect testvs active +*/ + $rdr_a = array(); + exec('/usr/local/sbin/relayctl show redirects 2>&1', $rdr_a); + $vs = array(); + for ($i = 0; isset($rdr_a[$i]); $i++) { + $line = $rdr_a[$i]; + if (preg_match("/^[0-9]+/", $line)) { + $regs = array(); + if($x = preg_match("/^[0-9]+\s+redirect\s+([^\s]+)\s+([^\s]+)/", $line, $regs)) { + $vs[trim($regs[1])] = array(); + $vs[trim($regs[1])]['status'] = trim($regs[2]); + } + } + } + return $vs; +} + +function get_lb_summary() { + $relayctl = array(); + exec('/usr/local/sbin/relayctl show summary 2>&1', $relayctl); + $relay_hosts=Array(); + foreach( (array) $relayctl as $line) { + $t=split("\t", $line); + switch (trim($t[1])) { + case "table": + $curpool=trim($t[2]); + break; + case "host": + $curhost=trim($t[2]); + $relay_hosts[$curpool][$curhost]['avail']=trim($t[3]); + $relay_hosts[$curpool][$curhost]['state']=trim($t[4]); + break; + } + } + return $relay_hosts; +} + ?> \ No newline at end of file -- cgit v1.1 From 74b7361ff912ac715aec51b0f6a64976d4041dcf Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 14 Dec 2010 12:38:20 -0500 Subject: Backend support for the retry parameter. --- etc/inc/vslb.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/vslb.inc b/etc/inc/vslb.inc index 82aeb06..2c3f0ca 100644 --- a/etc/inc/vslb.inc +++ b/etc/inc/vslb.inc @@ -206,7 +206,12 @@ function relayd_configure() { if(is_array($pool_a)) { for ($i = 0; isset($pool_a[$i]); $i++) { if(is_array($pool_a[$i]['servers'])) { - $srvtxt = implode(", ", $pool_a[$i]['servers']); + if (!empty($pool_a[$i]['retry'])) { + $retrytext = " retry {$pool_a[$i]['retry']}"; + $srvtxt = implode("{$retrytext}, ", $pool_a[$i]['servers']) . "{$retrytext}"; + } else { + $srvtxt = implode(", ", $pool_a[$i]['servers']); + } $conf .= "table <{$pool_a[$i]['name']}> { $srvtxt }\n"; /* Index by name for easier fetching when we loop through the virtual servers */ $pools[$pool_a[$i]['name']] = $pool_a[$i]; -- cgit v1.1 From 95ceb35b9124e34ab1d607e2cca489b4fdd6b3a7 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 14 Dec 2010 21:15:04 +0000 Subject: No functional change just simple cleanup. --- etc/inc/filter.inc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 421df12..cc3a6a3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -39,6 +39,7 @@ */ /* DISABLE_PHP_LINT_CHECKING */ +// vim: ts=4 sw=4 noexpandtab /* include all configuration functions */ @@ -2165,7 +2166,6 @@ EOD; pass in on \$loopback all label "pass loopback" pass out on \$loopback all label "pass loopback" - EOD; $ipfrules .= << -- cgit v1.1 From 0d89a2fcac3deea06bdc4a481bbdfae4f18b1ff8 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 14 Dec 2010 17:09:47 -0500 Subject: Add voucher backup, configurable from Diagnostics > NanoBSD. Fixes #1087 --- etc/inc/captiveportal.inc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index e36a626..bc17f95 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -210,8 +210,21 @@ function captiveportal_configure() { if (isset($config['captiveportal']['enable'])) { - if ($g['booting']) + if ($g['booting']) { echo "Starting captive portal... "; + if ($g['platform'] != "pfSense") { + /* restore the vouchers, if we have them */ + if (file_exists("{$g['cf_conf_path']}/vouchers.tgz")) { + $voucherrestore = ""; + $voucherreturn = ""; + exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/vouchers.tgz 2>&1", $voucherrestore, $voucherreturn); + $voucherrestore = implode(" ", $voucherrestore); + if($voucherreturn <> 0) { + log_error("Voucher restore failed exited with $voucherreturn, the error is: $voucherrestore\n"); + } + } + } + } /* kill any running mini_httpd */ killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); -- cgit v1.1 From d12003c99517c25105673c557aebec7e3fa55dcb Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 14 Dec 2010 17:22:17 -0500 Subject: Revert "Add voucher backup, configurable from Diagnostics > NanoBSD. Fixes #1087" - voucher db backup already existed under a different name. Ticket is still fixed, just by different code that was already there. This reverts commit 0d89a2fcac3deea06bdc4a481bbdfae4f18b1ff8. --- etc/inc/captiveportal.inc | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index bc17f95..e36a626 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -210,21 +210,8 @@ function captiveportal_configure() { if (isset($config['captiveportal']['enable'])) { - if ($g['booting']) { + if ($g['booting']) echo "Starting captive portal... "; - if ($g['platform'] != "pfSense") { - /* restore the vouchers, if we have them */ - if (file_exists("{$g['cf_conf_path']}/vouchers.tgz")) { - $voucherrestore = ""; - $voucherreturn = ""; - exec("cd /;LANG=C /usr/bin/tar -xzf {$g['cf_conf_path']}/vouchers.tgz 2>&1", $voucherrestore, $voucherreturn); - $voucherrestore = implode(" ", $voucherrestore); - if($voucherreturn <> 0) { - log_error("Voucher restore failed exited with $voucherreturn, the error is: $voucherrestore\n"); - } - } - } - } /* kill any running mini_httpd */ killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); -- cgit v1.1 From eaca40dffe3f8bd349163e04f4f0489978a40029 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 14 Dec 2010 22:27:32 +0000 Subject: Cleanup of whitespace and use exclusive lock during reconfiguration of vouchers. --- etc/inc/voucher.inc | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 3b8e1ac..98a5340 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -250,15 +250,15 @@ function voucher_auth($voucher_received, $test = 0) { function voucher_configure() { global $config, $g; - - /* kill any running minicron */ - killbypid("{$g['varrun_path']}/vouchercron.pid"); - if (isset($config['voucher']['enable'])) { + /* kill any running minicron */ + killbypid("{$g['varrun_path']}/vouchercron.pid"); - if ($g['booting']) { + if (isset($config['voucher']['enable'])) + return 0; + + if ($g['booting']) echo "Enabling voucher support... "; - } // start cron if we're asked to save runtime DB periodically // to XML config if it changed @@ -269,7 +269,8 @@ function voucher_configure() { "/etc/rc.savevoucher"); } - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher', LOCK_EX); + /* write public key used to verify vouchers */ $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); @@ -323,8 +324,8 @@ function voucher_configure() { unlock($voucherlck); echo "done\n"; } - } - return 0; + + return 0; } /* write bitstring of used vouchers to ramdisk. @@ -483,4 +484,4 @@ function voucher_save_db_to_config() { return; } -?> \ No newline at end of file +?> -- cgit v1.1 From 666bc4d16174a67f72e3487f9b125ea890739fc0 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 14 Dec 2010 22:39:48 +0000 Subject: Ticket #1087. Cleanup whitespace and also do not rely on having the db dirty flag set for backing up the dbs but always do this! --- etc/inc/voucher.inc | 115 ++++++++++++++++++++++------------------------------ 1 file changed, 49 insertions(+), 66 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 98a5340..59f4a98 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -88,21 +88,19 @@ EOF; } /* - *Authenticate a voucher and return the remaining time credit in minutes + * Authenticate a voucher and return the remaining time credit in minutes * if $test is set, don't mark the voucher as used nor add it to the list * of active vouchers + * If $test is set, simply test the voucher. Don't change anything + * but return a more verbose error and result message back */ function voucher_auth($voucher_received, $test = 0) { - global $g, $config; - // if $test is set, simply test the voucher. Don't change anything - // but return a more verbose error and result message back - $voucherlck = lock('voucher'); // XMLRPC Call over to the master Voucher node - $a_voucher = &$config['voucher']; + $a_voucher = &$config['voucher']; if($a_voucher['vouchersyncdbip']) { $syncip = $a_voucher['vouchersyncdbip']; $syncport = $a_voucher['vouchersyncport']; @@ -138,9 +136,9 @@ function voucher_auth($voucher_received, $test = 0) { $result = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher.cfg -k {$g['varetc_path']}/voucher.public -- $v"); list($status, $roll, $nr) = explode(" ", $result); if ($status == "OK") { - if (!$first_voucher) - { - $first_voucher = $voucher; // store first voucher. Thats the one we give the timecredit + if (!$first_voucher) { + // store first voucher. Thats the one we give the timecredit + $first_voucher = $voucher; $first_voucher_roll = $roll; } // check if we have this ticket on a registered roll for this ticket @@ -191,7 +189,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = "Access granted for $total_minutes Minutes in total."; } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -200,7 +198,7 @@ function voucher_auth($voucher_received, $test = 0) { // the user wouldn't know that he used at least one invalid voucher. if ($error) { - unlock($voucherlck); + unlock($voucherlck); if ($total_minutes > 0) // probably not needed, but want to make sure $total_minutes = 0; // we only report -1 (expired) or 0 (no access) return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS @@ -240,9 +238,6 @@ function voucher_auth($voucher_received, $test = 0) { $active_vouchers[$first_voucher_roll][$first_voucher] = "$timestamp,$minutes"; voucher_write_active_db($roll, $active_vouchers[$first_voucher_roll]); - // mark the DB's as dirty. - mark_subsystem_dirty('voucher'); - unlock($voucherlck); return $total_minutes; @@ -275,13 +270,13 @@ function voucher_configure() { $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { - printf("Error: cannot write voucher.public\n"); + log_error("Voucher error: cannot write voucher.public\n"); unlock($voucherlck); return 1; } - chmod("{$g['varetc_path']}/voucher.public", 0600); fwrite($fd, $pubkey); fclose($fd); + @chmod("{$g['varetc_path']}/voucher.public", 0600); /* write config file used by voucher binary to decode vouchers */ $fd = fopen("{$g['varetc_path']}/voucher.cfg", "w"); @@ -290,9 +285,9 @@ function voucher_configure() { unlock($voucherlck); return 1; } - chmod("{$g['varetc_path']}/voucher.cfg", 0600); fwrite($fd, "{$config['voucher']['rollbits']},{$config['voucher']['ticketbits']},{$config['voucher']['checksumbits']},{$config['voucher']['magic']},{$config['voucher']['charset']}\n"); fclose($fd); + @chmod("{$g['varetc_path']}/voucher.cfg", 0600); unlock($voucherlck); if ($g['booting']) { @@ -332,53 +327,48 @@ function voucher_configure() { * Bitstring must already be base64_encoded! */ function voucher_write_used_db($roll, $vdb) { - - global $g; - - $fd = fopen("{$g['vardb_path']}/voucher_used_$roll.db", "w"); - if ($fd) { - fwrite($fd, $vdb . "\n"); - fclose($fd); - } else { - voucher_log(LOG_ERR, "cant write {$g['vardb_path']}/voucher_used_$roll.db"); - } + global $g; + + $fd = fopen("{$g['vardb_path']}/voucher_used_$roll.db", "w"); + if ($fd) { + fwrite($fd, $vdb . "\n"); + fclose($fd); + } else + voucher_log(LOG_ERR, "cant write {$g['vardb_path']}/voucher_used_$roll.db"); } /* return assoc array of active vouchers with activation timestamp * voucher is index. */ function voucher_read_active_db($roll) { - - global $g; - - $active = array(); - $dirty = 0; - $file = "{$g['vardb_path']}/voucher_active_$roll.db"; - if (file_exists($file)) { - $fd = fopen($file, "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - list($voucher,$timestamp,$minutes) = explode(",", $line); // voucher,timestamp - if ((($timestamp + 60*$minutes) - time()) > 0) { - $active[$voucher] = "$timestamp,$minutes"; - } else { - $dirty=1; - } - } - } - fclose($fd); - if ($dirty) // if we found expired entries, lets save our snapshot - voucher_write_active_db($roll, $active); - } - } - return $active; + global $g; + + $active = array(); + $dirty = 0; + $file = "{$g['vardb_path']}/voucher_active_$roll.db"; + if (file_exists($file)) { + $fd = fopen($file, "r"); + if ($fd) { + while (!feof($fd)) { + $line = trim(fgets($fd)); + if ($line) { + list($voucher,$timestamp,$minutes) = explode(",", $line); // voucher,timestamp + if ((($timestamp + 60*$minutes) - time()) > 0) + $active[$voucher] = "$timestamp,$minutes"; + else + $dirty=1; + } + } + fclose($fd); + if ($dirty) // if we found expired entries, lets save our snapshot + voucher_write_active_db($roll, $active); + } + } + return $active; } /* store array of active vouchers back to DB */ function voucher_write_active_db($roll, $active) { - global $g; $fd = fopen("{$g['vardb_path']}/voucher_active_$roll.db", "w"); @@ -391,7 +381,6 @@ function voucher_write_active_db($roll, $active) { /* return how many vouchers are marked used on a roll */ function voucher_used_count($roll) { - global $g; $bitstring = voucher_read_used_db($roll); @@ -408,7 +397,6 @@ function voucher_used_count($roll) { } function voucher_read_used_db($roll) { - global $g; $vdb = ""; @@ -426,10 +414,9 @@ function voucher_read_used_db($roll) { } function voucher_unlink_db($roll) { - global $g; - unlink("{$g['vardb_path']}/voucher_used_$roll.db"); - unlink("{$g['vardb_path']}/voucher_active_$roll.db"); + @unlink("{$g['vardb_path']}/voucher_used_$roll.db"); + @unlink("{$g['vardb_path']}/voucher_active_$roll.db"); } /* we share the log with captiveportal for now */ @@ -446,20 +433,15 @@ function voucher_log($priority, $message) { * Called during reboot -> system_reboot_cleanup() and minicron */ function voucher_save_db_to_config() { - global $config, $g; if (!isset($config['voucher']['enable']) || $config['voucher']['saveinterval'] == 0) return; // no vouchers or don't want to save DB's - if (!is_subsystem_dirty('voucher')) - return; // nothing changed. - - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher', LOCK_EX); // walk all active rolls and save runtime DB's to flash $a_roll = &$config['voucher']['roll']; -// foreach ($a_roll as $rollent) { while (list($key, $value) = each($a_roll)) { $rollent = &$a_roll[$key]; $roll = $rollent['number']; @@ -478,8 +460,9 @@ function voucher_save_db_to_config() { } $rollent['active'] = $db; } - clear_subsystem_dirty('voucher'); + unlock($voucherlck); + write_config(); return; } -- cgit v1.1 From f5c05fcc613728bc5a18898b4799e8e5a8df7529 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 14 Dec 2010 22:48:45 +0000 Subject: Make voucher xmlrpc error checking the same as others. --- etc/inc/voucher.inc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 59f4a98..f7cd1d5 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -63,14 +63,12 @@ EOF; $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, "250"); - if(!$resp) { + if(!is_object($resp)) { $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); return array("timeleft" => "0"); } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Error code received", ""); @@ -84,7 +82,8 @@ EOF; write_config("Captive Portal Voucher database synchronized with {$url}"); voucher_configure(); } - return $toreturn['timeleft']; + + return $toreturn['timeleft']; } /* -- cgit v1.1 From a5e64ca0a23ed39882dff83b6b58907345348139 Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Tue, 14 Dec 2010 21:22:25 -0700 Subject: Remove config lock for filter reload, since no config file reads or writes are happening here. Ticket #1071 --- etc/inc/filter.inc | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cc3a6a3..9e13ccf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -185,9 +185,8 @@ function filter_configure_sync() { global $config, $g, $after_filter_configure_run, $FilterIflist; global $time_based_rules, $filterdns, $aliases; - /* Use filter lock to not allow recursion and config lock to prevent changes during this run. */ + /* Use filter lock to not allow concurrent filter reloads during this run. */ $filterlck = lock('filter', LOCK_EX); - $configlck = lock('config'); filter_pflog_start(); @@ -242,7 +241,6 @@ function filter_configure_sync() { update_filter_reload_status("Filter is disabled. Not loading rules."); if($g['booting'] == true) echo "done.\n"; - unlock($configlck); unlock($filterlck); return; } @@ -300,7 +298,6 @@ function filter_configure_sync() { if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) { log_error("WARNING: Could not write new rules!"); - unlock($configlck); unlock($filterlck); return; } @@ -339,7 +336,6 @@ function filter_configure_sync() { file_notice("filter_load", "There were error(s) loading the rules: {$rules_error} {$line_error}", "Filter Reload", ""); log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}"); update_filter_reload_status("There were error(s) loading the rules: {$rules_error} - {$line_error}"); - unlock($configlck); unlock($filterlck); return; } @@ -387,8 +383,6 @@ function filter_configure_sync() { fclose($fda); } - unlock($configlck); - if(file_exists("{$g['tmp_path']}/commands.txt")) { mwexec("sh {$g['tmp_path']}/commands.txt &"); unlink("{$g['tmp_path']}/commands.txt"); -- cgit v1.1 From 451e4a05edd8f1a65dde0e32f7d6015c3c20cfcb Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Wed, 15 Dec 2010 17:14:52 -0700 Subject: Fix condition that needed to be negated after a recent layout change here and prevent a PHP warning if there are no voucher rolls. Fixes #1106 --- etc/inc/voucher.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index f7cd1d5..ddd8ab4 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -248,7 +248,7 @@ function voucher_configure() { /* kill any running minicron */ killbypid("{$g['varrun_path']}/vouchercron.pid"); - if (isset($config['voucher']['enable'])) + if (!isset($config['voucher']['enable'])) return 0; if ($g['booting']) @@ -295,6 +295,7 @@ function voucher_configure() { $a_roll = &$config['voucher']['roll']; $voucherlck = lock('voucher'); + if (is_array($a_roll)) foreach ($a_roll as $rollent) { $roll = $rollent['number']; -- cgit v1.1 From 979c578374cfaf9deb7be02b7a9db6a92807c360 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 16 Dec 2010 13:56:38 -0500 Subject: Make $rel lowercase, since that's how it is on FreeBSD's package servers. --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 3c8ca98..c753f54 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -419,7 +419,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $osname = php_uname("s"); $arch = php_uname("m"); $rel = php_uname("r"); - $rel = substr($rel, 0, strrpos($rel, "-")); + $rel = strtolower(substr($rel, 0, strrpos($rel, "-"))); $priv_url = "http://ftp2.{$osname}.org/pub/{$osname}/ports/{$arch}/packages-{$rel}/Latest"; if (empty($base_url)) $base_url = $priv_url; -- cgit v1.1 From f444c3965cc13acc02ea028a528dcfff2c24d2ab Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Thu, 16 Dec 2010 17:45:56 -0700 Subject: Prevent division by zero if the file size is zero. --- etc/inc/pfsense-utils.inc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 8501df1..098b3c8 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1460,8 +1460,11 @@ function read_body($ch, $string) { global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; $length = strlen($string); $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; + if($file_size > 0) { + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + } else + $downloadProgress = 0; if($lastseen <> $downloadProgress and $downloadProgress < 101) { if($sendto == "status") { $tostatus = $static_status . $downloadProgress . "%"; -- cgit v1.1 From 3aad955181e66906dba1197fddbb8d218bcc7d1d Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 17 Dec 2010 10:31:41 -0500 Subject: When we supply a version number, it should be under All/ and not Latest/ (which has names but no version numbers) --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index c753f54..2371939 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -420,7 +420,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $arch = php_uname("m"); $rel = php_uname("r"); $rel = strtolower(substr($rel, 0, strrpos($rel, "-"))); - $priv_url = "http://ftp2.{$osname}.org/pub/{$osname}/ports/{$arch}/packages-{$rel}/Latest"; + $priv_url = "http://ftp2.{$osname}.org/pub/{$osname}/ports/{$arch}/packages-{$rel}/All"; if (empty($base_url)) $base_url = $priv_url; if (substr($base_url, -1) == "/") -- cgit v1.1 From f889516190ab1ec29ab533c662d932bb4f02c392 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 17 Dec 2010 13:17:09 -0500 Subject: Add missing - in syslogd command line parameters, fixes #1111 --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 430775e..9b07258 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -615,7 +615,7 @@ EOD; fclose($fd); // Are we logging to a least one remote server ? if(strpos($syslogconf, "@") != false) - $retval = system("/usr/sbin/syslogd -c c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); else $retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); -- cgit v1.1 From ffdc499ab1cfe02660daa881b2cfaeea48bd73d0 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 17 Dec 2010 15:34:22 -0500 Subject: Show when disk is encrypted. Do not uppercase .eli --- etc/inc/services.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 337bc46..166390b 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -72,7 +72,7 @@ function services_dhcpd_configure() { fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/etc\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr/local/sbin\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/db\n"); - fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/run\n"); + fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/run\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/lib\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/run\n"); -- cgit v1.1 From 67b057a99332b33321bc08cd6f2b96d545f40665 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 17 Dec 2010 22:53:40 +0000 Subject: Do not attach ng_etther(4) to every system interface. Instead do a search if netgraph is needed on single/every interface during interface configuration. Also enable netgraph support for interface as needed when enabling pptp/l2tp/pppoe/... . This should prevent the netgraph queue to slow down network performance on fast links. --- etc/inc/interfaces.inc | 42 ++++++++++++++++++++++++++++++++++++++++++ etc/inc/vpn.inc | 15 +++++++++++++++ 2 files changed, 57 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 4636c3e..ebd365f 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -84,6 +84,46 @@ function does_interface_exist($interface) { return false; } +function interface_netgraph_needed($interface = "wan") { + global $config; + + $found = false; + if (!empty($config['pptpd']) && + $config['pptpd']['mode'] == "server") + $found = true; + if ($found == false && !empty($config['l2tp']) && + $config['l2tp']['mode'] == "server") + $found = true; + if ($found == false && is_array($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] != "server") + continue; + if ($pppoe['interface'] == $interface) + $found = true; + break; + } + } + if ($found == false && !empty($config['interfaces'][$interface])) { + switch ($config['interfaces'][$interface]['ipaddr']) { + case "ppp": + case "pppoe": + case "l2tp": + case "pptp": + $found = true; + break; + default: + $found = false; + break; + } + } + + $realif = get_real_interface($interface); + if ($found == true) + pfSense_ngctl_attach(".", $realif); + else + pfSense_ngctl_detach("{$realif}:", $realif); +} + function interfaces_loopback_configure() { if($g['booting']) echo "Configuring loopback interface..."; @@ -2554,6 +2594,8 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven if(does_interface_exist($wancfg['if'])) interfaces_bring_up($wancfg['if']); + + interface_netgraph_needed($interface); if (!$g['booting']) { link_interface_to_vips($interface, "update"); diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 44c934c..ef06f61 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -963,6 +963,15 @@ function vpn_setup() { vpn_l2tp_configure(); } +function vpn_netgraph_support() { + $iflist = get_configured_interface_list(); + foreach ($iflist as $iface) { + $realif = get_real_interface($iface); + /* Get support for netgraph(4) from the nic */ + pfSense_ngctl_attach(".", $realif); + } +} + function vpn_pptpd_configure() { global $config, $g; @@ -1153,6 +1162,8 @@ EOD; fclose($fd); chmod("{$g['varetc_path']}/pptp-vpn/mpd.secret", 0600); + vpn_netgraph_support(); + /* fire up mpd */ mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pptp-vpn -p {$g['varrun_path']}/pptp-vpn.pid -s pptps pptps"); @@ -1356,6 +1367,8 @@ EOD; chmod("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600); } + /* Get support for netgraph(4) from the nic */ + pfSense_ngctl_attach(".", $pppoe_interface); /* fire up mpd */ mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes"); @@ -1537,6 +1550,8 @@ EOD; fclose($fd); chmod("{$g['varetc_path']}/l2tp-vpn/mpd.secret", 0600); + vpn_netgraph_support(); + /* fire up mpd */ mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps"); -- cgit v1.1 From 7afb7ea90030af16cc6da390d8862a65bf11cb04 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 17 Dec 2010 23:28:03 +0000 Subject: Safe belts to avoid errors. --- etc/inc/voucher.inc | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index ddd8ab4..5c1d132 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -108,12 +108,16 @@ function voucher_auth($voucher_received, $test = 0) { $remote_time_used = xmlrpc_sync_used_voucher($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername); } - // read rolls into assoc array with rollid as key and minutes as value - $a_roll = &$config['voucher']['roll']; - foreach ($a_roll as $rollent) { - $tickets_per_roll[$rollent['number']] = $rollent['count']; - $minutes_per_roll[$rollent['number']] = $rollent['minutes']; - } + // read rolls into assoc array with rollid as key and minutes as value + $tickets_per_roll = array(); + $minutes_per_roll = array(); + if (is_array($config['voucher']['roll'])) { + $a_roll = &$config['voucher']['roll']; + foreach ($a_roll as $rollent) { + $tickets_per_roll[$rollent['number']] = $rollent['count']; + $minutes_per_roll[$rollent['number']] = $rollent['minutes']; + } + } // split into an array. Useful for multiple vouchers given $a_vouchers_received = split("[\t\n\r ]+",$voucher_received); @@ -289,13 +293,12 @@ function voucher_configure() { @chmod("{$g['varetc_path']}/voucher.cfg", 0600); unlock($voucherlck); - if ($g['booting']) { + if ($g['booting'] && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; $voucherlck = lock('voucher'); - if (is_array($a_roll)) foreach ($a_roll as $rollent) { $roll = $rollent['number']; -- cgit v1.1 From d64fa7f25478b66da1f17222f0a7fc5da080295b Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 18 Dec 2010 14:42:31 -0500 Subject: Touch log file so it can be created on livecd --- etc/inc/services.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'etc/inc') diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 166390b..ba52ee9 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -73,6 +73,7 @@ function services_dhcpd_configure() { fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr/local/sbin\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/db\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/run\n"); + fwrite($fd, "touch {$g['dhcpd_chroot_path']}/var/run/log\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/lib\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/run\n"); -- cgit v1.1 From 42ee8bde8b3eaf041a8c3303c4bc71f612e25a53 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 18 Dec 2010 14:57:42 -0500 Subject: Ensure log directory exists before invoking syslogd --- etc/inc/services.inc | 1 - etc/inc/system.inc | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/services.inc b/etc/inc/services.inc index ba52ee9..166390b 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -73,7 +73,6 @@ function services_dhcpd_configure() { fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr/local/sbin\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/db\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/var/run\n"); - fwrite($fd, "touch {$g['dhcpd_chroot_path']}/var/run/log\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/usr\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/lib\n"); fwrite($fd, "mkdir -p {$g['dhcpd_chroot_path']}/run\n"); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 9b07258..638cd6c 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -613,6 +613,11 @@ EOD; } fwrite($fd, $syslogconf); fclose($fd); + + // Ensure that the log directory exists + if(!isdir("{$g['dhcpd_chroot_path']}/var/run")) + exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run"); + // Are we logging to a least one remote server ? if(strpos($syslogconf, "@") != false) $retval = system("/usr/sbin/syslogd -c -c -l /var/dhcpd/var/run/log -f {$g['varetc_path']}/syslog.conf"); -- cgit v1.1 From 8186807217a03326555e07cfa33ef107278538ba Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 18 Dec 2010 15:12:17 -0500 Subject: use is_dir(). Sometimes php lack of uniform function names can be annoying. --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 638cd6c..92d6301 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -615,7 +615,7 @@ EOD; fclose($fd); // Ensure that the log directory exists - if(!isdir("{$g['dhcpd_chroot_path']}/var/run")) + if(!is_dir("{$g['dhcpd_chroot_path']}/var/run")) exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run"); // Are we logging to a least one remote server ? -- cgit v1.1 From 77a842ef4e15e11f728760156e2f21653fb4f07c Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 18 Dec 2010 15:22:03 -0500 Subject: No need to output 'Loading new configuration'. We already have a line written out telling the user what we are doing --- etc/inc/config.lib.inc | 3 --- 1 file changed, 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index d456064..ae7e445 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -412,9 +412,6 @@ function convert_config() { if ($prev_version != $config['version']) write_config("Upgraded config version level from {$prev_version} to {$config['version']}"); - - if($g['booting']) - echo "Loading new configuration..."; } /****f* config/safe_write_file -- cgit v1.1 From e9954aef051fc73855d995466bbabae38e1046bc Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 18 Dec 2010 15:32:33 -0500 Subject: Do not spam console, spam log --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 92d6301..d95875d 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -694,7 +694,7 @@ function system_webgui_start() { if (!is_array($config['cert'])) $config['cert'] = array(); $a_cert =& $config['cert']; - echo "Creating SSL Certificate... "; + log_error("Creating SSL Certificate for this host"); $cert = array(); $cert['refid'] = uniqid(); $cert['descr'] = "webConfigurator default"; -- cgit v1.1 From 92a1c8e6caca910ae1f8c54751bffebd45d87682 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 20 Dec 2010 16:43:26 +0000 Subject: Unbreak pppoe clients. Pointy-hat: myself --- etc/inc/interfaces.inc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index ebd365f..8687635 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -118,10 +118,13 @@ function interface_netgraph_needed($interface = "wan") { } $realif = get_real_interface($interface); - if ($found == true) - pfSense_ngctl_attach(".", $realif); - else + if ($found == false) pfSense_ngctl_detach("{$realif}:", $realif); + /* NOTE: We make sure for this on interface_ppps_configure() + * no need to do it here agan. + * else + * pfSense_ngctl_attach(".", $realif); + */ } function interfaces_loopback_configure() { @@ -1153,6 +1156,7 @@ function interface_ppps_configure($interface) { to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs */ foreach($ports as $pid => $port){ + pfSense_ngctl_attach(".", $port); switch ($ppp['type']) { case "pppoe": /* Bring the parent interface up */ @@ -1482,7 +1486,7 @@ EOD; conf_mount_ro(); } } - + /* fire up mpd */ mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/{$ppp['type']}_{$interface}.pid -s ppp {$ppp['type']}client"); -- cgit v1.1 From 3d04de612edaab4a8ec8d9756a2f6b9129106872 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 20 Dec 2010 16:47:00 +0000 Subject: attach to ng_ether(4) only on pppoe/l2tp/pptp links no others. --- etc/inc/interfaces.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 8687635..db20f56 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1156,11 +1156,11 @@ function interface_ppps_configure($interface) { to obtain an address first so we can write it in the mpd .conf file for PPTP and L2TP configs */ foreach($ports as $pid => $port){ - pfSense_ngctl_attach(".", $port); switch ($ppp['type']) { case "pppoe": /* Bring the parent interface up */ interfaces_bring_up($port); + pfSense_ngctl_attach(".", $port); break; case "pptp": case "l2tp": @@ -1191,6 +1191,7 @@ function interface_ppps_configure($interface) { log_error("Could not get a PPTP/L2TP Remote IP address from {$dhcp_gateway} for {$gway} in interfaces_ppps_configure."); return 0; } + pfSense_ngctl_attach(".", $port); break; case "ppp": if (!file_exists("{$port}")) { -- cgit v1.1 From 4cc233748fa7e79ac743364404152b7685c81288 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 20 Dec 2010 19:38:02 +0000 Subject: Well now that CP has the proper conditions and fastforwarding is disabled by default its needed to untighten a bit the rule of CP with direction out on pf(4). --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 9e13ccf..b07d992 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1998,7 +1998,7 @@ function filter_rules_generate() { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; + $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; } } /* relayd */ -- cgit v1.1 From 49659e1cc6f78af1287590fca7b64791fd6da6f1 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 20 Dec 2010 19:41:43 +0000 Subject: Move the CP rule below webConfigurator abusal rule to allow adding the same protection to CP. --- etc/inc/filter.inc | 73 +++++++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 36 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b07d992..486cd12 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1965,42 +1965,6 @@ function filter_rules_generate() { $ipfrules = ""; //$ipfrules .= discover_pkg_rules("filter"); - /* if captive portal is enabled, ensure that access to this port - * is allowed on a locked down interface - */ - if(isset($config['captiveportal']['enable'])) { - $cpinterfaces = explode(",", $config['captiveportal']['interface']); - $cpiflist = array(); - $cpiplist = array(); - foreach ($cpinterfaces as $cpifgrp) { - if(!isset($FilterIflist[$cpifgrp])) - continue; - $tmpif = get_real_interface($cpifgrp); - if(!empty($tmpif)) { - $cpiflist[] = "{$tmpif}"; - $cpipm = get_interface_ip($cpifgrp); - if(is_ipaddr($cpipm)) { - $carpif = link_ip_to_carp_interface($cpipm); - if (!empty($carpif)) { - $cpiflist[] = $carpif; - $carpsif = explode(" ", $carpif); - foreach ($carpsif as $cpcarp) { - $carpip = find_interface_ip($cpcarp); - if (is_ipaddr($carpip)) - $cpiplist[] = $carpip; - } - } - $cpiplist[] = $cpipm; - } - } - } - if (count($cpiplist) > 0 && count($cpiflist) > 0) { - $cpinterface = implode(" ", $cpiflist); - $cpaddresses = implode(" ", $cpiplist); - $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; - } - } /* relayd */ $ipfrules .= "anchor \"relayd/*\"\n"; # BEGIN OF firewall rules @@ -2071,6 +2035,43 @@ EOD; */ $ipfrules .= "block in quick from to any label \"virusprot overload table\"\n"; + /* if captive portal is enabled, ensure that access to this port + * is allowed on a locked down interface + */ + if(isset($config['captiveportal']['enable'])) { + $cpinterfaces = explode(",", $config['captiveportal']['interface']); + $cpiflist = array(); + $cpiplist = array(); + foreach ($cpinterfaces as $cpifgrp) { + if(!isset($FilterIflist[$cpifgrp])) + continue; + $tmpif = get_real_interface($cpifgrp); + if(!empty($tmpif)) { + $cpiflist[] = "{$tmpif}"; + $cpipm = get_interface_ip($cpifgrp); + if(is_ipaddr($cpipm)) { + $carpif = link_ip_to_carp_interface($cpipm); + if (!empty($carpif)) { + $cpiflist[] = $carpif; + $carpsif = explode(" ", $carpif); + foreach ($carpsif as $cpcarp) { + $carpip = find_interface_ip($cpcarp); + if (is_ipaddr($carpip)) + $cpiplist[] = $carpip; + } + } + $cpiplist[] = $cpipm; + } + } + } + if (count($cpiplist) > 0 && count($cpiflist) > 0) { + $cpinterface = implode(" ", $cpiflist); + $cpaddresses = implode(" ", $cpiplist); + $ipfrules .= "pass in {$log} quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; + $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; + } + } + $bogontableinstalled = 0; foreach ($FilterIflist as $on => $oc) { /* block bogon networks */ -- cgit v1.1 From 90b4cc7d64fa7f2e6d1644e002c9dc526ae9ae21 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Mon, 20 Dec 2010 16:48:40 -0500 Subject: This checkbox enables, remove confusing enable/disable. --- etc/inc/shaper.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7c61546..0bebd6b 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2943,12 +2943,12 @@ class dnpipe_class extends dummynet_class { function build_form() { $form = "
"; - $form .= "Enable/Disable"; + $form .= "Enable"; $form .= ""; $form .= " GetEnabled() == "on") $form .= " CHECKED"; - $form .= " > Enable/Disable limiter and its children"; + $form .= " > Enable limiter and its children"; $form .= ""; $form .= "
Name"; $form .= ""; -- cgit v1.1 From 31eee4a6a04332251d25693234547316a4d1523c Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 21 Dec 2010 23:16:17 +0000 Subject: Do not do useless work. --- etc/inc/interfaces.inc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index db20f56..2262144 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -117,9 +117,10 @@ function interface_netgraph_needed($interface = "wan") { } } - $realif = get_real_interface($interface); - if ($found == false) + if ($found == false) { + $realif = get_real_interface($interface); pfSense_ngctl_detach("{$realif}:", $realif); + } /* NOTE: We make sure for this on interface_ppps_configure() * no need to do it here agan. * else -- cgit v1.1 From 7513352b9ce5ea89ee8cdc17bc7f71464a39cfc3 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 21 Dec 2010 23:44:48 +0000 Subject: merge the dynamic obtained result with the static maintained list to not avoid strange problems as in Ticket #1123. --- etc/inc/globals.inc | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index ba97ba0..70df451 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -110,10 +110,7 @@ $g = array( // Loop through and set vlan_long_frame VLAN_MTU $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); -if(count($vlan_native_supp) > 0) - $g['vlan_long_frame'] = $vlan_native_supp; -else - $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); +$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), $vlan_native_support); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); -- cgit v1.1 From eb7aa2638725216a75421e2df8424decc72068f8 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 22 Dec 2010 00:23:58 +0000 Subject: * Use exclusive locking for parts of config involving CP db. * Use more strict checking against empty/not set values for timeout and idletimeout * Do not overwrite idletimeout value with the per user idletimeout value during processing * Make distinction between radius accounting and re-authentication with radius to allow the code to be executed correctly. Ticket #1013 --- etc/inc/captiveportal.inc | 78 ++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 38 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index e36a626..5e0da27 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -239,7 +239,8 @@ function captiveportal_configure() { $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; /* double check if the $croninterval is numeric and at least 10 seconds. If not we set it to 60 to avoid problems */ - if ((!is_numeric($croninterval)) || ($croninterval < 10)) { $croninterval = 60; } + if ((!is_numeric($croninterval)) || ($croninterval < 10)) + $croninterval = 60; /* write portal page */ if ($config['captiveportal']['page']['htmltext']) @@ -706,31 +707,32 @@ EOD; return $cprules; } -/* remove clients that have been around for longer than the specified amount of time */ -/* db file structure: -timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time */ - -/* (password is in Base64 and only saved when reauthentication is enabled) */ +/* remove clients that have been around for longer than the specified amount of time + * db file structure: + * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time + * (password is in Base64 and only saved when reauthentication is enabled) + */ function captiveportal_prune_old() { - global $g, $config; /* check for expired entries */ - if ($config['captiveportal']['timeout']) - $timeout = $config['captiveportal']['timeout'] * 60; - else + if (empty($config['captiveportal']['timeout']) || + !is_numeric($config['captiveportal']['timeout'])) $timeout = 0; - - if ($config['captiveportal']['idletimeout']) - $idletimeout = $config['captiveportal']['idletimeout'] * 60; else + $timeout = $config['captiveportal']['timeout'] * 60; + + if (empty($config['captiveportal']['idletimeout']) || + !is_numeric($config['captiveportal']['idletimeout'])) $idletimeout = 0; + else + $idletimeout = $config['captiveportal']['idletimeout'] * 60; if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) && - !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) + !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportal', LOCK_EX); /* read database */ $cpdb = captiveportal_read_db(); @@ -766,19 +768,19 @@ function captiveportal_prune_old() { } /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ - $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; + $uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ - if (!$timedout && $idletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][2]); - /* If the user has logged on but not sent any traffic they will never be logged out. - * We "fix" this by setting lastact to the login timestamp. - */ - $lastact = $lastact ? $lastact : $cpdb[$i][0]; - if ($lastact && ((time() - $lastact) >= $idletimeout)) { - $timedout = true; - $term_cause = 4; // Idle-Timeout - $stop_time = $lastact; // Entry added to comply with WISPr - } + if (!$timedout && $uidletimeout) { + $lastact = captiveportal_get_last_activity($cpdb[$i][2]); + /* If the user has logged on but not sent any traffic they will never be logged out. + * We "fix" this by setting lastact to the login timestamp. + */ + $lastact = $lastact ? $lastact : $cpdb[$i][0]; + if ($lastact && ((time() - $lastact) >= $uidletimeout)) { + $timedout = true; + $term_cause = 4; // Idle-Timeout + $stop_time = $lastact; // Entry added to comply with WISPr + } } /* if vouchers are configured, activate session timeouts */ @@ -804,9 +806,7 @@ function captiveportal_prune_old() { } /* do periodic RADIUS reauthentication? */ - if (!$timedout && isset($config['captiveportal']['reauthenticate']) && - !empty($radiusservers)) { - + if (!$timedout && !empty($radiusservers)) { if (isset($config['captiveportal']['radacct_enable'])) { if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { /* stop and restart accounting */ @@ -840,18 +840,20 @@ function captiveportal_prune_old() { } /* check this user against RADIUS again */ - $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username - base64_decode($cpdb[$i][6]), // password + if (isset($config['captiveportal']['reauthenticate'])) { + $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username + base64_decode($cpdb[$i][6]), // password $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac $cpdb[$i][1]); // ruleno - if ($auth_list['auth_val'] == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers, 17); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - $unsetindexes[$i] = $i; - } + if ($auth_list['auth_val'] == 3) { + captiveportal_disconnect($cpdb[$i], $radiusservers, 17); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); + $unsetindexes[$i] = $i; + } + } } } /* This is a kludge to overcome some php weirdness */ @@ -911,7 +913,7 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { global $g, $config; - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportal', LOCK_EX); /* read database */ $cpdb = captiveportal_read_db(); -- cgit v1.1 From d31bc32ad6e46712d6347a7ae7e7a9bedce01a3f Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 22 Dec 2010 01:10:27 +0000 Subject: Make the CP locking more granular and make use correctly of exclusive/shared locks where appripriate. This speeds up CP login process. --- etc/inc/captiveportal.inc | 200 +++++++++++++++++++++------------------------- etc/inc/system.inc | 2 +- 2 files changed, 94 insertions(+), 108 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 5e0da27..e7bb71e 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -206,7 +206,7 @@ EOD; function captiveportal_configure() { global $config, $g; - $captiveportallck = lock('captiveportal'); + $captiveportallck = lock('captiveportal', LOCK_EX); if (isset($config['captiveportal']['enable'])) { @@ -233,7 +233,7 @@ function captiveportal_configure() { captiveportal_init_rules(true); /* stop accounting on all clients */ - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); /* initialize minicron interval value */ $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; @@ -415,41 +415,7 @@ EOD; "/etc/rc.prunecaptiveportal"); /* generate radius server database */ - if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || - ($config['captiveportal']['auth_method'] == "radius"))) { - $radiusip = $config['captiveportal']['radiusip']; - $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; - - if ($config['captiveportal']['radiusport']) - $radiusport = $config['captiveportal']['radiusport']; - else - $radiusport = 1812; - - if ($config['captiveportal']['radiusacctport']) - $radiusacctport = $config['captiveportal']['radiusacctport']; - else - $radiusacctport = 1813; - - if ($config['captiveportal']['radiusport2']) - $radiusport2 = $config['captiveportal']['radiusport2']; - else - $radiusport2 = 1812; - - $radiuskey = $config['captiveportal']['radiuskey']; - $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; - - $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); - if (!$fd) { - printf("Error: cannot open radius DB file in captiveportal_configure().\n"); - return 1; - } else if (isset($radiusip2, $radiuskey2)) { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" - . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); - } else { - fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); - } - fclose($fd); - } + captiveportal_init_radius_servers(); if ($g['booting']) echo "done\n"; @@ -458,7 +424,7 @@ EOD; killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/minicron.pid"); - captiveportal_radius_stop_all(true); + captiveportal_radius_stop_all(); mwexec("/sbin/sysctl net.link.ether.ipfw=0"); @@ -732,8 +698,6 @@ function captiveportal_prune_old() { !isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) return; - $captiveportallck = lock('captiveportal', LOCK_EX); - /* read database */ $cpdb = captiveportal_read_db(); @@ -862,13 +826,10 @@ function captiveportal_prune_old() { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* remove a single client according to the DB entry */ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { - global $g, $config; $stop_time = (empty($stop_time)) ? time() : $stop_time; @@ -876,15 +837,15 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* this client needs to be deleted - remove ipfw rules */ if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno - $dbent[4], // username - $dbent[5], // sessionid - $dbent[0], // start time - $radiusservers, - $dbent[2], // clientip - $dbent[3], // clientmac - $term_cause, // Acct-Terminate-Cause - false, - $stop_time); + $dbent[4], // username + $dbent[5], // sessionid + $dbent[0], // start time + $radiusservers, + $dbent[2], // clientip + $dbent[3], // clientmac + $term_cause, // Acct-Terminate-Cause + false, + $stop_time); } /* Delete client's ip entry from tables 3 and 4. */ mwexec("/sbin/ipfw table 1 delete {$dbent[2]}"); @@ -910,22 +871,17 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* remove a single client by ipfw rule number */ function captiveportal_disconnect_client($id,$term_cause = 1) { - global $g, $config; - $captiveportallck = lock('captiveportal', LOCK_EX); - /* read database */ $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); /* find entry */ - $tmpindex = 0; - $cpdbcount = count($cpdb); - for ($i = 0; $i < $cpdbcount; $i++) { - if ($cpdb[$i][1] == $id) { - captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); + foreach ($cpdb as $i => $cpentry) { + if ($cpentry[1] == $id) { + captiveportal_disconnect($cpentry, $radiusservers, $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); unset($cpdb[$i]); break; } @@ -933,37 +889,29 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { /* write database */ captiveportal_write_db($cpdb); - - unlock($captiveportallck); } /* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all($lock = false) { - global $g, $config; +function captiveportal_radius_stop_all() { + global $config; if (!isset($config['captiveportal']['radacct_enable'])) return; - if (!$lock) - $captiveportallck = lock('captiveportal'); - - $cpdb = captiveportal_read_db(); - $radiusservers = captiveportal_get_radius_servers(); if (!empty($radiusservers)) { - for ($i = 0; $i < count($cpdb); $i++) { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - 7); // Admin Reboot + $cpdb = captiveportal_read_db(); + foreach ($cpdb as $cpentry) { + RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno + $cpentry[4], // username + $cpentry[5], // sessionid + $cpentry[0], // start time + $radiusservers, + $cpentry[2], // clientip + $cpentry[3], // clientmac + 7); // Admin Reboot } } - if (!$lock) - unlock($captiveportallck); } function captiveportal_passthrumac_configure_entry($macent) { @@ -1125,11 +1073,51 @@ function captiveportal_get_last_activity($ip) { return 0; } +function captiveportal_init_radius_servers() { + global $config, $g; + + /* generate radius server database */ + if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || + ($config['captiveportal']['auth_method'] == "radius"))) { + $radiusip = $config['captiveportal']['radiusip']; + $radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; + + if ($config['captiveportal']['radiusport']) + $radiusport = $config['captiveportal']['radiusport']; + else + $radiusport = 1812; + if ($config['captiveportal']['radiusacctport']) + $radiusacctport = $config['captiveportal']['radiusacctport']; + else + $radiusacctport = 1813; + if ($config['captiveportal']['radiusport2']) + $radiusport2 = $config['captiveportal']['radiusport2']; + else + $radiusport2 = 1812; + $radiuskey = $config['captiveportal']['radiuskey']; + $radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null; + + $cprdsrvlck = lock('captiveportalradius', LOCK_EX); + $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w"); + if (!$fd) { + captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n"); + unlock($cprdsrvlck); + return 1; + } else if (isset($radiusip2, $radiuskey2)) + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n" + . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2); + else + fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey); + fclose($fd); + unlock($cprdsrvlck); + } +} + /* read RADIUS servers into array */ function captiveportal_get_radius_servers() { - global $g; + $cprdsrvlck = lock('captiveportalradius'); if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) { $radiusservers = array(); $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db", @@ -1144,23 +1132,25 @@ function captiveportal_get_radius_servers() { } } + unlock('captiveportalradius'); return $radiusservers; } + unlock('captiveportalradius'); return false; } /* log successful captive portal authentication to syslog */ /* part of this code from php.net */ function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { - $message = trim($message); // Log it if (!$message) $message = "$status: $user, $mac, $ip"; - else + else { + $message = trim($message); $message = "$status: $user, $mac, $ip, $message"; + } captiveportal_syslog($message); - closelog(); } /* log simple messages to syslog */ @@ -1176,9 +1166,6 @@ function captiveportal_syslog($message) { function radius($username,$password,$clientip,$clientmac,$type) { global $g, $config; - /* Start locking from the beginning of an authentication session */ - $captiveportallck = lock('captiveportal'); - $ruleno = captiveportal_get_next_ipfw_ruleno(); /* If the pool is empty, return appropriate message and fail authentication */ @@ -1186,16 +1173,9 @@ function radius($username,$password,$clientip,$clientmac,$type) { $auth_list = array(); $auth_list['auth_val'] = 1; $auth_list['error'] = "System reached maximum login capacity"; - unlock($captiveportallck); return $auth_list; } - /* - * Drop the lock since radius takes some time to finish. - * The implementation is reentrant so we gain speed with this. - */ - unlock($captiveportallck); - $radiusservers = captiveportal_get_radius_servers(); $auth_list = RADIUS_AUTHENTICATION($username, @@ -1205,8 +1185,6 @@ function radius($username,$password,$clientip,$clientmac,$type) { $clientmac, $ruleno); - $captiveportallck = lock('captiveportal'); - if ($auth_list['auth_val'] == 2) { captiveportal_logportalauth($username,$clientmac,$clientip,$type); $sessionid = portal_allow($clientip, @@ -1217,18 +1195,16 @@ function radius($username,$password,$clientip,$clientmac,$type) { $ruleno); } - unlock($captiveportallck); - return $auth_list; - } /* read captive portal DB into array */ function captiveportal_read_db() { - global $g; $cpdb = array(); + + $cpdblck = lock('captiveportaldb'); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); if ($fd) { while (!feof($fd)) { @@ -1239,21 +1215,23 @@ function captiveportal_read_db() { } fclose($fd); } + unlock($cpdblck); return $cpdb; } /* write captive portal DB */ function captiveportal_write_db($cpdb) { - global $g; - + + $cpdblck = lock('captiveportaldb', LOCK_EX); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); - if ($fd) { + if ($fd) { foreach ($cpdb as $cpent) { fwrite($fd, join(",", $cpent) . "\n"); - } + } fclose($fd); - } + } + unlock($cpdblck); } function captiveportal_write_elements() { @@ -1310,6 +1288,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); $ruleno = 0; if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); @@ -1336,6 +1315,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_rang $ruleno = 2; } file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); + unlock($cpruleslck); return $ruleno; } @@ -1345,6 +1325,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $rules[$ruleno] = false; @@ -1352,6 +1333,7 @@ function captiveportal_free_ipfw_ruleno($ruleno, $usedbw = false) { $rules[++$ruleno] = false; file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules)); } + unlock($cpruleslck); } function captiveportal_get_ipfw_passthru_ruleno($value) { @@ -1360,13 +1342,17 @@ function captiveportal_get_ipfw_passthru_ruleno($value) { if(!isset($config['captiveportal']['enable'])) return NULL; + $cpruleslck = lock('captiveportalrules', LOCK_EX); if (file_exists("{$g['vardb_path']}/captiveportal.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules")); $ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`); - if ($rules[$ruleno]) + if ($rules[$ruleno]) { + unlock($cpruleslck); return $ruleno; + } } + unlock($cpruleslck); return NULL; } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index d95875d..e55c68f 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1477,4 +1477,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?> \ No newline at end of file +?> -- cgit v1.1 From d526314b97fbabb2fb4fe65d4986b4d3977041bb Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 22 Dec 2010 13:48:33 +0000 Subject: Be consistent on having 1K == 1024 --- etc/inc/shaper.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 0bebd6b..37fb8d0 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -122,20 +122,20 @@ function get_bandwidthtype_scale($type) { switch ($type) { case "Gb": - $factor = 1000 * 1000 * 1000; + $factor = 1024 * 1024 * 1024; break; case "Mb": - $factor = 1000 * 1000; + $factor = 1024 * 1024; break; case "Kb": - $factor = 1000; + $factor = 1024; break; case "b": default: $factor = 1; break; } - return floatval($factor); + return intval($factor); } function get_hfsc_bandwidth($object, $bw) @@ -4004,4 +4004,4 @@ $dn_default_shaper_msg .= "buttons at the bottom represent queue actions and are $dn_default_shaper_msg .= "

"; $dn_default_shaper_msg .= ""; -?> \ No newline at end of file +?> -- cgit v1.1 From 40eb0394c83836bff2b315e51434724a9f34fa61 Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Wed, 22 Dec 2010 07:08:27 -0700 Subject: Fix incorrect variable name. --- etc/inc/globals.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 70df451..f345a34 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -110,7 +110,7 @@ $g = array( // Loop through and set vlan_long_frame VLAN_MTU $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); -$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), $vlan_native_support); +$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), $vlan_native_supp); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); -- cgit v1.1 From 4ac251b8634a52fb5879a37af123e824b6fc8a24 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 10:29:52 -0500 Subject: Log voucher errors. Fix whitespace. Remove trailing c/r --- etc/inc/voucher.inc | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 5c1d132..ab6fac1 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -166,6 +166,7 @@ function voucher_auth($voucher_received, $test = 0) { $mask = 1 << ($nr % 8); if (ord($bitstring[$roll][$pos]) & $mask) { $test_result[] = "$voucher ($roll/$nr) already used and expired"; + log_error("$voucher ($roll/$nr) already used and expired"); $total_minutes = -1; // voucher expired $error++; } else { @@ -177,10 +178,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; + log_error("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected $test_result[] = "$voucher invalid: $result !!"; + log_error("$voucher invalid: $result !!"); $error++; } } @@ -192,7 +195,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = "Access granted for $total_minutes Minutes in total."; } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -201,7 +204,7 @@ function voucher_auth($voucher_received, $test = 0) { // the user wouldn't know that he used at least one invalid voucher. if ($error) { - unlock($voucherlck); + unlock($voucherlck); if ($total_minutes > 0) // probably not needed, but want to make sure $total_minutes = 0; // we only report -1 (expired) or 0 (no access) return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS @@ -274,7 +277,7 @@ function voucher_configure() { $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { log_error("Voucher error: cannot write voucher.public\n"); - unlock($voucherlck); + unlock($voucherlck); return 1; } fwrite($fd, $pubkey); @@ -291,13 +294,13 @@ function voucher_configure() { fwrite($fd, "{$config['voucher']['rollbits']},{$config['voucher']['ticketbits']},{$config['voucher']['checksumbits']},{$config['voucher']['magic']},{$config['voucher']['charset']}\n"); fclose($fd); @chmod("{$g['varetc_path']}/voucher.cfg", 0600); - unlock($voucherlck); + unlock($voucherlck); if ($g['booting'] && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; - $voucherlck = lock('voucher'); + $voucherlck = lock('voucher'); foreach ($a_roll as $rollent) { @@ -319,7 +322,7 @@ function voucher_configure() { voucher_write_active_db($roll, $active_vouchers); } - unlock($voucherlck); + unlock($voucherlck); echo "done\n"; } @@ -470,4 +473,4 @@ function voucher_save_db_to_config() { return; } -?> +?> \ No newline at end of file -- cgit v1.1 From 4d5bbdfbc372f7a766837a71214c56daadfb44ce Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 10:32:56 -0500 Subject: White space fixes and (C) for both Ermal and myself --- etc/inc/voucher.inc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index ab6fac1..5e8884e 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -1,6 +1,8 @@ . + Copyright (C) 2010 Ermal Luci + Copyright (C) 2010 Scott Ullrich + Copyright (C) 2007 Marcel Wiget All rights reserved. Redistribution and use in source and binary forms, with or without @@ -140,7 +142,7 @@ function voucher_auth($voucher_received, $test = 0) { list($status, $roll, $nr) = explode(" ", $result); if ($status == "OK") { if (!$first_voucher) { - // store first voucher. Thats the one we give the timecredit + // store first voucher. Thats the one we give the timecredit $first_voucher = $voucher; $first_voucher_roll = $roll; } @@ -455,7 +457,7 @@ function voucher_save_db_to_config() { $rollent['used'] = base64_encode($bitmask); $active_vouchers = voucher_read_active_db($roll); $db = array(); - $dbi = 1; + $dbi = 1; foreach($active_vouchers as $voucher => $line) { list($timestamp,$minutes) = explode(",", $line); $activent['voucher'] = $voucher; -- cgit v1.1 From 2d7bbd65b990a106f8d6f484af44863ddac0137b Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 10:36:32 -0500 Subject: Nuke trailing carriage returns --- etc/inc/captiveportal.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index e7bb71e..79f0707 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1460,4 +1460,4 @@ function portal_ip_from_client_ip($cliip) { return false; } -?> +?> \ No newline at end of file -- cgit v1.1 From 673e8095015198040e4319d70d86432205cf89ed Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 10:39:12 -0500 Subject: nuke trailing carriage returns --- etc/inc/config.lib.inc | 2 +- etc/inc/filter.inc | 2 +- etc/inc/globals.inc | 2 +- etc/inc/gwlb.inc | 2 +- etc/inc/interfaces.inc | 2 +- etc/inc/openvpn.auth-user.php | 2 +- etc/inc/openvpn.inc | 2 +- etc/inc/pfsense-utils.inc | 2 +- etc/inc/pkg-utils.inc | 2 +- etc/inc/shaper.inc | 2 +- etc/inc/system.inc | 2 +- etc/inc/upgrade_config.inc | 2 +- etc/inc/vpn.inc | 2 +- etc/inc/xmlrpc.inc | 2 +- etc/inc/xmlrpc_client.inc | 2 +- 15 files changed, 15 insertions(+), 15 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index ae7e445..fedb943 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -837,4 +837,4 @@ function set_device_perms() { } } -?> +?> \ No newline at end of file diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 486cd12..f8c3065 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2759,4 +2759,4 @@ function discover_pkg_rules($ruletype) { return $rules; } -?> +?> \ No newline at end of file diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index f345a34..905f56f 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -164,4 +164,4 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", $config_parsed = false; -?> +?> \ No newline at end of file diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 4ea7c32..a192bd3 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -532,4 +532,4 @@ function get_interface_gateway($interface, &$dynamic = false) { return ($gw); } -?> +?> \ No newline at end of file diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 2262144..4608951 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3601,4 +3601,4 @@ function get_vip_descr($ipaddress) { return ""; } -?> +?> \ No newline at end of file diff --git a/etc/inc/openvpn.auth-user.php b/etc/inc/openvpn.auth-user.php index 9ca76cf..35d79cd 100755 --- a/etc/inc/openvpn.auth-user.php +++ b/etc/inc/openvpn.auth-user.php @@ -127,4 +127,4 @@ syslog(LOG_WARNING, "user {$username} authenticated\n"); exit(0); -?> +?> \ No newline at end of file diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 234f756..2142f57 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -938,4 +938,4 @@ function openvpn_refresh_crls() { } } -?> +?> \ No newline at end of file diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 098b3c8..cd640b7 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2115,4 +2115,4 @@ function filter_rules_compare($a, $b) { return compare_interface_friendly_names($a['interface'], $b['interface']); } -?> +?> \ No newline at end of file diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2371939..487b1bb 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1081,4 +1081,4 @@ function squash_from_bytes($size, $round = "") { return; } -?> +?> \ No newline at end of file diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 37fb8d0..692f1a5 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -4004,4 +4004,4 @@ $dn_default_shaper_msg .= "buttons at the bottom represent queue actions and are $dn_default_shaper_msg .= "

"; $dn_default_shaper_msg .= ""; -?> +?> \ No newline at end of file diff --git a/etc/inc/system.inc b/etc/inc/system.inc index e55c68f..d95875d 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1477,4 +1477,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?> +?> \ No newline at end of file diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 9f7be86..58e5ca2 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2282,4 +2282,4 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } -?> +?> \ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ef06f61..713e72d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1746,4 +1746,4 @@ function vpn_ipsec_configure_preferoldsa() { mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); } -?> +?> \ No newline at end of file diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index ef4fc19..ae725e5 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -139,4 +139,4 @@ function xmlrpc_auth(&$params) { return false; } -?> +?> \ No newline at end of file diff --git a/etc/inc/xmlrpc_client.inc b/etc/inc/xmlrpc_client.inc index 8b8a9a2..a3b9cad 100644 --- a/etc/inc/xmlrpc_client.inc +++ b/etc/inc/xmlrpc_client.inc @@ -2077,4 +2077,4 @@ function XML_RPC_encode($php_val) * End: */ -?> +?> \ No newline at end of file -- cgit v1.1 From f6d4854b25e3fc0f8ba7053ccb616e2b33dbbe3a Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 22 Dec 2010 13:57:05 -0200 Subject: Typecast second param for array_merge to silent a warning that is breaking build since we check output of test_php.php looking for a string 'FCGI-PASSED PASSED' --- etc/inc/globals.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 905f56f..8afab4a 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -110,7 +110,7 @@ $g = array( // Loop through and set vlan_long_frame VLAN_MTU $vlan_native_supp = get_nics_with_capabilities("vlanmtu"); -$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), $vlan_native_supp); +$g['vlan_long_frame'] = array_merge(array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "lem", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"), (array)$vlan_native_supp); /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); @@ -164,4 +164,4 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", $config_parsed = false; -?> \ No newline at end of file +?> -- cgit v1.1 From 34507786be2695aa7942a95bba8869abf23420a8 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 11:41:07 -0500 Subject: Use captiveportal_syslog() --- etc/inc/voucher.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 5e8884e..f17fe28 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -168,7 +168,7 @@ function voucher_auth($voucher_received, $test = 0) { $mask = 1 << ($nr % 8); if (ord($bitstring[$roll][$pos]) & $mask) { $test_result[] = "$voucher ($roll/$nr) already used and expired"; - log_error("$voucher ($roll/$nr) already used and expired"); + captiveportal_syslog("$voucher ($roll/$nr) already used and expired"); $total_minutes = -1; // voucher expired $error++; } else { @@ -180,12 +180,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = "$voucher ($roll/$nr): not found on any registererd Roll"; - log_error("$voucher ($roll/$nr): not found on any registererd Roll"); + captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected $test_result[] = "$voucher invalid: $result !!"; - log_error("$voucher invalid: $result !!"); + captiveportal_syslog("$voucher invalid: $result !!"); $error++; } } @@ -278,7 +278,7 @@ function voucher_configure() { $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { - log_error("Voucher error: cannot write voucher.public\n"); + captiveportal_syslog("Voucher error: cannot write voucher.public\n"); unlock($voucherlck); return 1; } -- cgit v1.1 From 4e8d55ddc814fd8a329f6b96e4d58b3522f5a18d Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 22 Dec 2010 11:42:20 -0500 Subject: Include captiveportal.inc if captiveportal_syslog() is not defined. --- etc/inc/voucher.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index f17fe28..febb0f7 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -34,6 +34,8 @@ */ /* include all configuration functions */ +if(!function_exists('captiveportal_syslog')) + require_once("captiveportal.inc"); function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { global $g, $config; -- cgit v1.1 From a8d6ac1aecae077589dff92ce09cf468b859b41b Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 22 Dec 2010 19:51:12 +0000 Subject: Ticket #757. Use correct pidfile. --- etc/inc/interfaces.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 4608951..91630c5 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -917,8 +917,8 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { - if (file_exists("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid")) { - killbypid("{$g['varrun_path']}/{$ifcfg['ipaddr']}_{$interface}.pid"); + if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) { + killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"); sleep(5); } unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); @@ -3601,4 +3601,4 @@ function get_vip_descr($ipaddress) { return ""; } -?> \ No newline at end of file +?> -- cgit v1.1 From c513c30900f98d47dfa77dcf03d42382fae34cd7 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 22 Dec 2010 22:32:50 +0000 Subject: Prevent other types of interface for being added to ng_ether(4). It might be the cause of panics reported here http://forum.pfsense.org/index.php/topic,31404.0.html --- etc/inc/vpn.inc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 713e72d..a3b681a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -968,7 +968,9 @@ function vpn_netgraph_support() { foreach ($iflist as $iface) { $realif = get_real_interface($iface); /* Get support for netgraph(4) from the nic */ - pfSense_ngctl_attach(".", $realif); + $ifinfo = pfSense_get_interface_addresses($realif); + if (!empty($ifinfo) && in_array($ifinfo['iftype'], array("ether", "vlan", "bridge"))) + pfSense_ngctl_attach(".", $realif); } } @@ -1746,4 +1748,4 @@ function vpn_ipsec_configure_preferoldsa() { mwexec("/sbin/sysctl net.key.preferred_oldsa=0"); } -?> \ No newline at end of file +?> -- cgit v1.1 From 100b72197c0bace7b2bcf5a80e14f7c3755160f0 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 23 Dec 2010 13:58:03 +0000 Subject: Hanlde the case when advbase is not present especially on previous 2.0 setups. --- etc/inc/interfaces.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 91630c5..0a5e00a 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1795,7 +1795,10 @@ function interface_carp_configure(&$vip) { get_interface_arr(true); $broadcast_address = gen_subnet_max($vip['subnet'], $vip['subnet_bits']); - mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} advbase {$vip['advbase']} {$password}"); + $advbase = ""; + if (!empty($vip['advbase'])) + $advbase = "advbase {$vip['advbase']}"; + mwexec("/sbin/ifconfig {$vipif} {$vip['subnet']}/{$vip['subnet_bits']} vhid {$vip['vhid']} advskew {$vip['advskew']} {$advbase} {$password}"); interfaces_bring_up($vipif); -- cgit v1.1 From 60b66b602e4cae1d9baf7f608841ae15aaa2d5e1 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 23 Dec 2010 18:39:41 +0000 Subject: Ticket #1128. Ooops pass the right parameter to unlock. --- etc/inc/captiveportal.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 79f0707..84c98b2 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1132,11 +1132,11 @@ function captiveportal_get_radius_servers() { } } - unlock('captiveportalradius'); + unlock($cprdsrvlck); return $radiusservers; } - unlock('captiveportalradius'); + unlock($cprdsrvlck); return false; } @@ -1460,4 +1460,4 @@ function portal_ip_from_client_ip($cliip) { return false; } -?> \ No newline at end of file +?> -- cgit v1.1 From e503c44a755a52648da77585517ced6d506258e6 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 23 Dec 2010 20:06:24 +0000 Subject: Add some more safe belts and remove code that is commented from long time now. Reported on http://forum.pfsense.org/index.php/topic,28202.15.html --- etc/inc/config.console.inc | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.console.inc b/etc/inc/config.console.inc index 1514926..9005b79 100644 --- a/etc/inc/config.console.inc +++ b/etc/inc/config.console.inc @@ -319,6 +319,8 @@ EOD; if (in_array($key, array('y', 'Y'))) { if($lanif) { + if (!is_array($config['interfaces']['lan'])) + $config['interfaces']['lan'] = array(); $config['interfaces']['lan']['if'] = $lanif; $config['interfaces']['lan']['enable'] = true; } elseif (!$g['booting'] && !$auto_assign) { @@ -332,7 +334,7 @@ unload the interface now? [y|n]? EODD; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - if($config['interfaces']['lan']['if']) + if(isset($config['interfaces']['lan']) && $config['interfaces']['lan']['if']) mwexec("/sbin/ifconfig " . $config['interfaces']['lan']['if'] . " delete"); } if(isset($config['interfaces']['lan'])) @@ -372,9 +374,12 @@ EODD; (!is_array($config['interfaces']['lan']['wireless']))) $config['interfaces']['lan']['wireless'] = array(); } else { - unset($config['interfaces']['lan']['wireless']); + if (isset($config['interfaces']['lan'])) + unset($config['interfaces']['lan']['wireless']); } + if (!is_array($config['interfaces']['wan'])) + $config['interfaces']['wan'] = array(); $config['interfaces']['wan']['if'] = $wanif; $config['interfaces']['wan']['enable'] = true; if (preg_match($g['wireless_regex'], $wanif)) { @@ -382,7 +387,8 @@ EODD; (!is_array($config['interfaces']['wan']['wireless']))) $config['interfaces']['wan']['wireless'] = array(); } else { - unset($config['interfaces']['wan']['wireless']); + if (isset($config['interfaces']['wan'])) + unset($config['interfaces']['wan']['wireless']); } for ($i = 0; $i < count($optif); $i++) { @@ -420,12 +426,6 @@ EODD; $g['booting'] = false; - /* XXX: ermal - disable it for now this is used during bootup at best so shouldn't be needed. - * For now just comment it out and later remove it completely. - * resync everything - reload_all_sync(); - */ - echo " done!\n"; touch("{$g['tmp_path']}/assign_complete"); @@ -535,4 +535,4 @@ EOD; } } -?> \ No newline at end of file +?> -- cgit v1.1 From 5af3a589353d9b1cbdb8097e03c75a842043f3d0 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 23 Dec 2010 20:07:59 +0000 Subject: Add some more safe belts and remove code that is commented from long time now. Reported on http://forum.pfsense.org/index.php/topic,28202.15.html --- etc/inc/config.lib.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index fedb943..dbd8650 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -484,6 +484,9 @@ function write_config($desc="Unknown", $backup = true) { if($backup) backup_config(); + if (!is_array($config['revision'])) + $config['revision'] = array(); + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ $config['revision']['time'] = time(); @@ -837,4 +840,4 @@ function set_device_perms() { } } -?> \ No newline at end of file +?> -- cgit v1.1 From 1916d34a1bba91760b1e80b41ad166bbebe99466 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 23 Dec 2010 20:11:19 +0000 Subject: Instead of replacing the whole array just add the new vlanif member to the config. Should fix issues reported in http://forum.pfsense.org/index.php/topic,28202.15.html --- etc/inc/upgrade_config.inc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 58e5ca2..58b613b 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -817,8 +817,7 @@ function upgrade_044_to_045() { $iflist = get_configured_interface_list(false, true); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $id => $vlan) { - $vlan['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; - $config['vlans']['vlan'][$id] = $vlan; + $config['vlans']['vlan'][$id]['vlanif'] = "{$vlan['if']}_vlan{$vlan['tag']}"; /* Make sure to update the interfaces section with the right name */ foreach($iflist as $ifname) { if($config['interfaces'][$ifname]['if'] == "vlan{$id}") { @@ -2282,4 +2281,4 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } -?> \ No newline at end of file +?> -- cgit v1.1 From e9c7a334fd746b04b05ee25f4890cf77c136ccfe Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 12:20:03 -0500 Subject: Backup system libraries and restore during pkg deinstall. --- etc/inc/pkg-utils.inc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 487b1bb..8b9d6a6 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -828,6 +828,11 @@ function delete_package_xml($pkg) { conf_mount_rw(); + // Back up /usr/local/lib libraries first + $static_output .= "Backing up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + $pkgid = get_pkg_id($pkg); if ($pkgid == -1) { $static_output .= "The {$pkg} package is not installed.\n\nDeletion aborted."; @@ -1001,6 +1006,13 @@ function delete_package_xml($pkg) { $static_output .= "done.\n"; update_output_window($static_output); } + + // Restore libraries that we backed up + $static_output .= "\tCleaning up... "; + update_output_window($static_output); + exec("/usr/bin/tar xzPf /tmp/pkg_libs.tgz -C /"); + @unlink("/tmp/pkg_libs.tgz"); + conf_mount_ro(); /* remove config.xml entries */ $static_output .= "\tConfiguration... "; -- cgit v1.1 From 76a6d6ae79e078a388f78a43544b9d2e583f36f2 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 12:51:27 -0500 Subject: s/Trying to download/Downloading --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 8b9d6a6..8b13412 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -427,7 +427,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = substr($base_url, 0, -1); $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Trying to download {$base_url}/{$filename} ... "; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; -- cgit v1.1 From d96623efb76259a00005effa4834f4b233e5976a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 12:52:36 -0500 Subject: Add newline after installation aborted --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 8b13412..668c746 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -505,7 +505,7 @@ function install_package($package, $pkg_info = "") { if($pkg_interface == "console") print "\nERROR! Unable to fetch package configuration file. Aborting package installation.\n"; else { - $static_output .= "failed!\n\nInstallation aborted."; + $static_output .= "failed!\n\nInstallation aborted.\n"; update_output_window($static_output); echo "
Show install log"; } -- cgit v1.1 From 7102210a078b3865f701054a3de5a8cf2a0ce8dd Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:03:24 -0500 Subject: Add tab --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 668c746..bffe016 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -829,7 +829,7 @@ function delete_package_xml($pkg) { conf_mount_rw(); // Back up /usr/local/lib libraries first - $static_output .= "Backing up libraries... "; + $static_output .= "\tBacking up libraries... "; update_output_window($static_output); exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); -- cgit v1.1 From b2dd7ab44d6520d9bc32f580d9744b5a3dc2f6f3 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:04:28 -0500 Subject: Only backup libraries at the beginning of the deinstall cycle. --- etc/inc/pkg-utils.inc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index bffe016..b7f4d6d 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -828,10 +828,12 @@ function delete_package_xml($pkg) { conf_mount_rw(); - // Back up /usr/local/lib libraries first - $static_output .= "\tBacking up libraries... "; - update_output_window($static_output); - exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + if(!file_exists("/tmp/pkg_libs.tgz")) { + // Back up /usr/local/lib libraries first + $static_output .= "\tBacking up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + } $pkgid = get_pkg_id($pkg); if ($pkgid == -1) { -- cgit v1.1 From 2b216e519932db68a12d70e731138021995944a1 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:38:23 -0500 Subject: misc text formatting fixes (tabs) --- etc/inc/pkg-utils.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index b7f4d6d..6b5f3a3 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -427,7 +427,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = substr($base_url, 0, -1); $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; + $static_output .= "\n\t" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; @@ -620,7 +620,7 @@ function install_package_xml($pkg) { } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= "\nLoading package configuration... "; + $static_output .= "\n\tLoading package configuration... "; update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= "done.\n"; @@ -690,7 +690,7 @@ function install_package_xml($pkg) { */ $missing_include = false; if($pkg_config['include_file'] <> "") { - $static_output .= "Loading package instructions...\n"; + $static_output .= "\tLoading package instructions...\n"; update_output_window($static_output); pkg_debug("require_once('{$pkg_config['include_file']}')\n"); if (file_exists($pkg_config['include_file'])) @@ -772,7 +772,7 @@ function install_package_xml($pkg) { } } } else { - $static_output .= "Loading package configuration... failed!\n\nInstallation aborted."; + $static_output .= "\tLoading package configuration... failed!\n\nInstallation aborted."; update_output_window($static_output); pkg_debug("Unable to load package configuration. Installation aborted.\n"); if($pkg_interface <> "console") { @@ -923,7 +923,7 @@ function delete_package_xml($pkg) { */ $missing_include = false; if($pkg_config['include_file'] <> "") { - $static_output .= "Loading package instructions...\n"; + $static_output .= "\tLoading package instructions...\n"; update_output_window($static_output); pkg_debug("require_once(\"{$pkg_config['include_file']}\")\n"); if (file_exists($pkg_config['include_file'])) -- cgit v1.1 From 4c6a49d7f8b2ebf3ac7518514eedfa330efb2eb9 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:40:13 -0500 Subject: backup and restore libs in correct location --- etc/inc/pkg-utils.inc | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 6b5f3a3..ede82a0 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -304,6 +304,13 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu function uninstall_package($pkg_name) { global $config, $static_output; + // Back up /usr/local/lib libraries first + if(!file_exists("/tmp/pkg_libs.tgz")) { + $static_output .= "\tBacking up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + } + $id = get_pkg_id($pkg_name); if ($id >= 0) { $pkg_depends =& $config['installedpackages']['package'][$id]['depends_on_package']; @@ -315,6 +322,12 @@ function uninstall_package($pkg_name) { } } delete_package_xml($pkg_name); + + // Restore libraries that we backed up + $static_output .= "\tCleaning up... "; + update_output_window($static_output); + exec("/usr/bin/tar xzPf /tmp/pkg_libs.tgz -C /"); + @unlink("/tmp/pkg_libs.tgz"); } function force_remove_package($pkg_name) { @@ -828,13 +841,6 @@ function delete_package_xml($pkg) { conf_mount_rw(); - if(!file_exists("/tmp/pkg_libs.tgz")) { - // Back up /usr/local/lib libraries first - $static_output .= "\tBacking up libraries... "; - update_output_window($static_output); - exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); - } - $pkgid = get_pkg_id($pkg); if ($pkgid == -1) { $static_output .= "The {$pkg} package is not installed.\n\nDeletion aborted."; @@ -1008,12 +1014,6 @@ function delete_package_xml($pkg) { $static_output .= "done.\n"; update_output_window($static_output); } - - // Restore libraries that we backed up - $static_output .= "\tCleaning up... "; - update_output_window($static_output); - exec("/usr/bin/tar xzPf /tmp/pkg_libs.tgz -C /"); - @unlink("/tmp/pkg_libs.tgz"); conf_mount_ro(); /* remove config.xml entries */ -- cgit v1.1 From 73e52b99e739c1ca3d99ffdd5ba27fd51a8e90c2 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:45:13 -0500 Subject: Add newline after restoring libs --- etc/inc/pkg-utils.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index ede82a0..2e385cb 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -309,6 +309,7 @@ function uninstall_package($pkg_name) { $static_output .= "\tBacking up libraries... "; update_output_window($static_output); exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + $static_output .= "\n"; } $id = get_pkg_id($pkg_name); -- cgit v1.1 From f169e2742af3136b7cbb56b154d453381c13893e Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:50:04 -0500 Subject: More misc pkg install txt fixups --- etc/inc/pkg-utils.inc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2e385cb..7dfb19f 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -306,7 +306,7 @@ function uninstall_package($pkg_name) { // Back up /usr/local/lib libraries first if(!file_exists("/tmp/pkg_libs.tgz")) { - $static_output .= "\tBacking up libraries... "; + $static_output .= "Backing up libraries... "; update_output_window($static_output); exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); $static_output .= "\n"; @@ -439,7 +439,6 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $base_url = $priv_url; if (substr($base_url, -1) == "/") $base_url = substr($base_url, 0, -1); - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $pkgname . " "; $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; $static_output .= "\n\t" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { @@ -856,7 +855,7 @@ function delete_package_xml($pkg) { return; } pkg_debug("Removing {$pkg} package... "); - $static_output .= "Removing {$pkg} components...\n"; + $static_output .= "\tRemoving {$pkg} components...\n"; update_output_window($static_output); /* parse package configuration */ $packages = &$config['installedpackages']['package']; -- cgit v1.1 From 7dbbaecd114be1b42f54950ea58fb29b06479b60 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 25 Dec 2010 13:51:51 -0500 Subject: More misc pkg install txt fixups --- etc/inc/pkg-utils.inc | 62 +++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 7dfb19f..4a498d7 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -325,7 +325,7 @@ function uninstall_package($pkg_name) { delete_package_xml($pkg_name); // Restore libraries that we backed up - $static_output .= "\tCleaning up... "; + $static_output .= "Cleaning up... "; update_output_window($static_output); exec("/usr/bin/tar xzPf /tmp/pkg_libs.tgz -C /"); @unlink("/tmp/pkg_libs.tgz"); @@ -440,7 +440,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = if (substr($base_url, -1) == "/") $base_url = substr($base_url, 0, -1); $fetchto = "{$g['tmp_path']}/apkg_{$filename}"; - $static_output .= "\n\t" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; + $static_output .= "\n" . str_repeat(" ", $dependlevel * 2 + 1) . "Downloading {$base_url}/{$filename} ... "; if (download_file_with_progress_bar("{$base_url}/{$filename}", $fetchto) !== true) { if ($base_url != $priv_url && download_file_with_progress_bar("{$priv_url}/{$filename}", $fetchto) !== true) { $static_output .= " could not download from there or {$priv_url}/{$filename}.\n"; @@ -633,18 +633,18 @@ function install_package_xml($pkg) { } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= "\n\tLoading package configuration... "; + $static_output .= "\nLoading package configuration... "; update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= "done.\n"; update_output_window($static_output); - $static_output .= "\tConfiguring package components...\n"; + $static_output .= "Configuring package components...\n"; if (!empty($pkg_config['filter_rules_needed'])) $config['installedpackages']['package'][$pkgid]['filter_rule_function'] = $pkg_config['filter_rules_needed']; update_output_window($static_output); /* modify system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) { if($ms['textneeded']) { @@ -656,7 +656,7 @@ function install_package_xml($pkg) { } /* download additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAdditional files... "; + $static_output .= "Additional files... "; $static_orig = $static_output; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { @@ -703,14 +703,14 @@ function install_package_xml($pkg) { */ $missing_include = false; if($pkg_config['include_file'] <> "") { - $static_output .= "\tLoading package instructions...\n"; + $static_output .= "Loading package instructions...\n"; update_output_window($static_output); pkg_debug("require_once('{$pkg_config['include_file']}')\n"); if (file_exists($pkg_config['include_file'])) require_once($pkg_config['include_file']); else { $missing_include = true; - $static_output .= "\tInclude " . basename($pkg_config['include_file']) . " is missing!\n"; + $static_output .= "Include " . basename($pkg_config['include_file']) . " is missing!\n"; update_output_window($static_output); /* XXX: Should undo the steps before this?! */ return false; @@ -718,7 +718,7 @@ function install_package_xml($pkg) { } /* sidebar items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); foreach($pkg_config['menu'] as $menu) { if(is_array($config['installedpackages']['menu'])) @@ -732,7 +732,7 @@ function install_package_xml($pkg) { } /* integrated tab items */ if(is_array($pkg_config['tabs']['tab'])) { - $static_output .= "\tIntegrated Tab items... "; + $static_output .= "Integrated Tab items... "; update_output_window($static_output); foreach($pkg_config['tabs']['tab'] as $tab) { if(is_array($config['installedpackages']['tab'])) @@ -746,7 +746,7 @@ function install_package_xml($pkg) { } /* services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); foreach($pkg_config['service'] as $service) { if(is_array($config['installedpackages']['service'])) @@ -763,21 +763,21 @@ function install_package_xml($pkg) { update_output_window($static_output); if ($missing_include == false) { if($pkg_config['custom_php_global_functions'] <> "") { - $static_output .= "\tExecuting custom_php_global_functions()..."; + $static_output .= "Executing custom_php_global_functions()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_global_functions']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_install_command']) { - $static_output .= "\tExecuting custom_php_install_command()..."; + $static_output .= "Executing custom_php_install_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_install_command']); $static_output .= "done.\n"; update_output_window($static_output); } if($pkg_config['custom_php_resync_config_command'] <> "") { - $static_output .= "\tExecuting custom_php_resync_config_command()..."; + $static_output .= "Executing custom_php_resync_config_command()..."; update_output_window($static_output); eval_once($pkg_config['custom_php_resync_config_command']); $static_output .= "done.\n"; @@ -785,7 +785,7 @@ function install_package_xml($pkg) { } } } else { - $static_output .= "\tLoading package configuration... failed!\n\nInstallation aborted."; + $static_output .= "Loading package configuration... failed!\n\nInstallation aborted."; update_output_window($static_output); pkg_debug("Unable to load package configuration. Installation aborted.\n"); if($pkg_interface <> "console") { @@ -815,12 +815,12 @@ function delete_package($pkg) { if (file_exists("{$vardb}/{$pkg}/+REQUIRED_BY") && count(file("{$vardb}/{$pkg}/+REQUIRED_BY")) > 0) { - $static_output .= "\tSkipping package deletion for {$pkg} because it is required by other packages.\n"; + $static_output .= "Skipping package deletion for {$pkg} because it is required by other packages.\n"; update_output_window($static_output); return; } else { if($pkg) - $static_output .= "\tStarting package deletion for {$pkg}..."; + $static_output .= "Starting package deletion for {$pkg}..."; update_output_window($static_output); } $info = ""; @@ -855,7 +855,7 @@ function delete_package_xml($pkg) { return; } pkg_debug("Removing {$pkg} package... "); - $static_output .= "\tRemoving {$pkg} components...\n"; + $static_output .= "Removing {$pkg} components...\n"; update_output_window($static_output); /* parse package configuration */ $packages = &$config['installedpackages']['package']; @@ -867,7 +867,7 @@ function delete_package_xml($pkg) { $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'], "packagegui"); /* remove tab items */ if(is_array($pkg_config['tabs'])) { - $static_output .= "\tTabs items... "; + $static_output .= "Tabs items... "; update_output_window($static_output); if(is_array($pkg_config['tabs']['tab']) && is_array($tabs)) { foreach($pkg_config['tabs']['tab'] as $tab) { @@ -884,7 +884,7 @@ function delete_package_xml($pkg) { } /* remove menu items */ if(is_array($pkg_config['menu'])) { - $static_output .= "\tMenu items... "; + $static_output .= "Menu items... "; update_output_window($static_output); if (is_array($pkg_config['menu']) && is_array($menus)) { foreach($pkg_config['menu'] as $menu) { @@ -901,7 +901,7 @@ function delete_package_xml($pkg) { } /* remove services */ if(is_array($pkg_config['service'])) { - $static_output .= "\tServices... "; + $static_output .= "Services... "; update_output_window($static_output); if (is_array($pkg_config['service']) && is_array($services)) { foreach($pkg_config['service'] as $service) { @@ -929,7 +929,7 @@ function delete_package_xml($pkg) { */ $missing_include = false; if($pkg_config['include_file'] <> "") { - $static_output .= "\tLoading package instructions...\n"; + $static_output .= "Loading package instructions...\n"; update_output_window($static_output); pkg_debug("require_once(\"{$pkg_config['include_file']}\")\n"); if (file_exists($pkg_config['include_file'])) @@ -937,7 +937,7 @@ function delete_package_xml($pkg) { else { $missing_include = true; update_output_window($static_output); - $static_output .= "\tInclude file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; + $static_output .= "Include file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; } } /* ermal @@ -953,7 +953,7 @@ function delete_package_xml($pkg) { } /* system files */ if(is_array($pkg_config['modify_system']) && is_array($pkg_config['modify_system']['item'])) { - $static_output .= "\tSystem files... "; + $static_output .= "System files... "; update_output_window($static_output); foreach($pkg_config['modify_system']['item'] as $ms) if($ms['textneeded']) remove_text_from_file($ms['modifyfilename'], $ms['textneeded']); @@ -963,17 +963,17 @@ function delete_package_xml($pkg) { } /* deinstall commands */ if($pkg_config['custom_php_deinstall_command'] <> "") { - $static_output .= "\tDeinstall commands... "; + $static_output .= "Deinstall commands... "; update_output_window($static_output); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); $static_output .= "done.\n"; } else - $static_output .= "\n\tNot executing custom deinstall hook because an include is missing.\n"; + $static_output .= "\nNot executing custom deinstall hook because an include is missing.\n"; update_output_window($static_output); } if($pkg_config['include_file'] <> "") { - $static_output .= "\tRemoving package instructions..."; + $static_output .= "Removing package instructions..."; update_output_window($static_output); pkg_debug("Remove '{$pkg_config['include_file']}'\n"); unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); @@ -983,7 +983,7 @@ function delete_package_xml($pkg) { } /* remove all additional files */ if(is_array($pkg_config['additional_files_needed'])) { - $static_output .= "\tAuxiliary files... "; + $static_output .= "Auxiliary files... "; update_output_window($static_output); foreach($pkg_config['additional_files_needed'] as $afn) { $filename = get_filename_from_url($afn['item'][0]); @@ -998,7 +998,7 @@ function delete_package_xml($pkg) { update_output_window($static_output); } /* package XML file */ - $static_output .= "\tPackage XML... "; + $static_output .= "Package XML... "; update_output_window($static_output); unlink_if_exists("/usr/local/pkg/" . $packages[$pkgid]['configurationfile']); $static_output .= "done.\n"; @@ -1006,7 +1006,7 @@ function delete_package_xml($pkg) { } /* syslog */ if(is_array($pkg_info['logging']) && $pkg_info['logging']['logfile_name'] <> "") { - $static_output .= "\tSyslog entries... "; + $static_output .= "Syslog entries... "; update_output_window($static_output); remove_text_from_file("/etc/syslog.conf", $pkg_info['logging']['facilityname'] . "\t\t\t\t" . $pkg_info['logging']['logfilename']); system_syslogd_start(); @@ -1017,7 +1017,7 @@ function delete_package_xml($pkg) { conf_mount_ro(); /* remove config.xml entries */ - $static_output .= "\tConfiguration... "; + $static_output .= "Configuration... "; update_output_window($static_output); unset($config['installedpackages']['package'][$pkgid]); $static_output .= "done.\n"; -- cgit v1.1 From 6622e126ed73f45979b0f96ccfd8b696cd7a066b Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Mon, 27 Dec 2010 13:40:49 -0500 Subject: Unlink needs_package_sync after one pkg has installed OK which means that our internet connection is up. --- etc/inc/pkg-utils.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 4a498d7..f9af6a6 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -541,7 +541,8 @@ function install_package($package, $pkg_info = "") { $changedesc = "Overwrote previous installation of {$pkg_info['name']}."; $to_output = "overwrite!\n"; } - /* XXX: Fix inclusion of config.inc that causes data loss! */ + if(file_exists('/conf/needs_package_sync')) + @unlink('/conf/needs_package_sync'); conf_mount_ro(); write_config(); $static_output .= $to_output; -- cgit v1.1 From e240969e055e8519eba2cc3ffc0a0bcd4f8ebf4d Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 28 Dec 2010 00:36:41 +0000 Subject: Allow any port to go out for CP. This should unbreak traffic of CP rdr! --- etc/inc/filter.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f8c3065..7564a23 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2068,7 +2068,7 @@ EOD; $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); $ipfrules .= "pass in {$log} quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; + $ipfrules .= "pass out {$log} quick on { {$cpinterface} } proto tcp from any to any flags any keep state(sloppy)\n"; } } @@ -2759,4 +2759,4 @@ function discover_pkg_rules($ruletype) { return $rules; } -?> \ No newline at end of file +?> -- cgit v1.1 From a82e6d3733052de04496fe9d18506ac58dee0392 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Tue, 28 Dec 2010 00:09:43 -0500 Subject: fix text --- etc/inc/openvpn.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 2142f57..4f5396a 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -696,9 +696,9 @@ function openvpn_resync_all($interface = "") { } */ if ($interface <> "") - log_error("Resyncing openvpn instances configurations for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); + log_error("Resyncing OpenVPN instances for interface " . convert_friendly_interface_to_friendly_descr($interface) . "."); else - log_error("Resyncing openvpn instances configurations."); + log_error("Resyncing OpenVPN instances."); if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as & $settings) { -- cgit v1.1 From 8f5c3d8d8af906fab96a81a97bcd62d908bc5761 Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Tue, 28 Dec 2010 16:23:36 -0500 Subject: Ticket #1116: anonymous sainfo may be used only for single phase2 ipsec VPN's --- etc/inc/ipsec.inc | 19 ++++++++++++++++++- etc/inc/vpn.inc | 5 +++-- 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 332f300..2653297 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -469,4 +469,21 @@ function ipsec_mobilekey_sort() { usort($config['ipsec']['mobilekey'], "mobilekeycmp"); } -?> \ No newline at end of file +function ipsec_get_number_of_phase2($ikeid) { + global $config; + $a_phase2 = $config['ipsec']['phase2']; + + $nbph2=0; + + if (is_array($a_phase2) && count($a_phase2)) { + foreach ($a_phase2 as $ph2tmp) { + if ($ph2tmp['ikeid'] == $ikeid) { + $nbph2++; + } + } + } + + return $nbph2; +} + +?> diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index a3b681a..0e172cc 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -636,11 +636,12 @@ EOD; $localid_type = $ph2ent['localid']['type']; $localid_data = ipsec_idinfo_to_cidr($ph2ent['localid']); - /* Do not print localid in some cases, such as a pure-psk or psk/xauth mobile tunnel */ + /* Do not print localid in some cases, such as a pure-psk or psk/xauth single phase2 mobile tunnel */ if (($localid_type == "none") || (($ph1ent['authentication_method'] == "xauth_psk_server") || ($ph1ent['authentication_method'] == "pre_shared_key")) - && isset($ph1ent['mobile'])) + && isset($ph1ent['mobile']) + && (ipsec_get_number_of_phase2($ikeid)==1)) $localid_spec = " "; else { if ($localid_type != "address") { -- cgit v1.1 From c3583058a0c2cd89ceacbbbcceb68a976e07a890 Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 28 Dec 2010 22:08:42 +0000 Subject: Add radius port and radius accounting port to config if supplied. --- etc/inc/vpn.inc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0e172cc..3022e60 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1303,8 +1303,14 @@ EOD; } if (isset ($pppoecfg['radius']['server']['enable'])) { + $radiusport = ""; + $radiusacctport = ""; + if (isset($pppoecfg['radius']['server']['port'])) + $radiusport = $pppoecfg['radius']['server']['port']; + if (isset($pppoecfg['radius']['server']['acctport'])) + $radiusacctport = $pppoecfg['radius']['server']['acctport']; $mpdconf .=<< Date: Tue, 28 Dec 2010 22:39:51 +0000 Subject: Ticket #802. During a config restore detect if the vlan interfaces need reassignment too. This might be problematic for other type of interfaces on 2.0! --- etc/inc/util.inc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 3cc88e9..2dbf3ef 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1237,6 +1237,19 @@ function start_devd() { sleep(1); } +function is_interface_vlan_mismatch() { + global $config, $g; + + if (is_array($config['vlans']['vlan'])) { + foreach ($config['vlans']['vlan'] as $vlan) { + if (does_interface_exist($vlan['if']) == false) + return true; + } + } + + return false; +} + function is_interface_mismatch() { global $config, $g; @@ -1485,4 +1498,4 @@ function array_merge_recursive_unique($array0, $array1) return $result; } -?> \ No newline at end of file +?> -- cgit v1.1 From 09315582d74add9e42a45e1f2b2a80c8e802423f Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 29 Dec 2010 14:01:40 -0500 Subject: Add address pool support to outbound NAT. Allow specifying a subnet for outbound NAT rules (via a subnet of proxy arp VIPs) or a host-type alias for outbound NAT rules, and give the user a choice of pool options for address selection from within the pool. --- etc/inc/filter.inc | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7564a23..ee63e43 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1087,13 +1087,18 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ } /* Generate a 'nat on' or 'no nat on' rule for given interface */ -function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "") { +function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "") { global $config, $FilterIflist; /* XXX: billm - any idea if this code is needed? */ if($src == "/32" || $src{0} == "/") return "# src incorrectly specified\n"; if($natip != "") { - $tgt = "{$natip}/32"; + if (is_subnet($natip)) + $tgt = $natip; + elseif (is_alias($natip)) + $tgt = "\${$natip}"; + else + $tgt = "{$natip}/32"; } else { $natip = get_interface_ip($if); if(is_ipaddr($natip)) @@ -1125,18 +1130,17 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if($dstport != "") $dst .= " port {$dstport}"; /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */ + $staticnatport_txt = ""; if($staticnatport) - $staticnatport_txt = " static-port"; - else - if(!$natport) - $staticnatport_txt = " port 1024:65535"; // set source port range - else - $staticnatport_txt = ""; + $staticnatport_txt = "static-port"; + elseif(!$natport) + $tgt .= " port 1024:65535"; // set source port range /* Allow for negating NAT entries */ if($nonat) { $nat = "no nat"; $target = ""; $staticnatport_txt = ""; + $poolopts = ""; } else { $nat = "nat"; $target = "-> {$tgt}"; @@ -1144,7 +1148,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $if_friendly = $FilterIflist[$if]['descr']; /* Put all the pieces together */ if($if_friendly) - $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; + $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n"; else $natrule .= "# Could not convert {$if} to friendly name(alias)\n"; return $natrule; @@ -1237,6 +1241,8 @@ function filter_nat_rules_generate() { else $natif = $obent['interface']; + $poolopts = (is_subnet($obent['target']) || is_alias($obent['target'])) ? $obent['poolopts'] : ""; + if (!isset($FilterIflist[$natif])) continue; @@ -1249,7 +1255,8 @@ function filter_nat_rules_generate() { $obent['natport'], isset($obent['nonat']), isset($obent['staticnatport']), - $obent['protocol'] + $obent['protocol'], + $poolopts ); } } -- cgit v1.1 From 2388a97db35014dd1ae91bf381d3da629464b91c Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 29 Dec 2010 15:48:57 -0500 Subject: Nuke newline --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index f9af6a6..708b897 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -634,7 +634,7 @@ function install_package_xml($pkg) { } $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); if(file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= "\nLoading package configuration... "; + $static_output .= "Loading package configuration... "; update_output_window($static_output); $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); $static_output .= "done.\n"; -- cgit v1.1 From f2141df0da5e2fbd712f407e54fcfa0f18d72fb6 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 29 Dec 2010 16:10:49 -0500 Subject: Allow entering an arbitrary subnet for outbound NAT translations. --- etc/inc/filter.inc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ee63e43..07cc80f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1241,7 +1241,8 @@ function filter_nat_rules_generate() { else $natif = $obent['interface']; - $poolopts = (is_subnet($obent['target']) || is_alias($obent['target'])) ? $obent['poolopts'] : ""; + $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; + $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; if (!isset($FilterIflist[$natif])) continue; @@ -1251,7 +1252,7 @@ function filter_nat_rules_generate() { $obent['sourceport'], $dst, $obent['dstport'], - $obent['target'], + $obtarget, $obent['natport'], isset($obent['nonat']), isset($obent['staticnatport']), -- cgit v1.1 From 02e9880edd5db8168f0df90339c67af62d278dfe Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 30 Dec 2010 19:44:37 +0000 Subject: Improve parse_config to not be recursive for no reason. This fixes some strange cases of config lock being left held and blocking GUI. --- etc/inc/config.lib.inc | 106 ++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 54 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index dbd8650..5424d96 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -53,30 +53,33 @@ ******/ function encrypted_configxml() { global $g, $config; - if(file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) { - $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); - if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { - $fp = fopen('php://stdin', 'r'); + + if (!file_exists($g['conf_path'] . "/config.xml")) + return; + + if (!$g['booting']) + return; + + $configtxt = file_get_contents($g['conf_path'] . "/config.xml"); + if(tagfile_deformat($configtxt, $configtxt, "config.xml")) { + $fp = fopen('php://stdin', 'r'); + $data = ""; + echo "\n\n*** Encrypted config.xml detected ***\n"; + while($data == "") { + echo "\nEnter the password to decrypt config.xml: "; + $decrypt_password = chop(fgets($fp)); + $data = decrypt_data($configtxt, $decrypt_password); + if(!strstr($data, "")) $data = ""; - echo "\n\n*** Encrypted config.xml detected ***\n"; - while($data == "") { - echo "\nEnter the password to decrypt config.xml: "; - $decrypt_password = chop(fgets($fp)); - $data = decrypt_data($configtxt, $decrypt_password); - if(!strstr($data, "")) - $data = ""; - if($data) { - $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); - fwrite($fd, $data); - fclose($fd); - exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); - echo "\nConfig.xml unlocked.\n"; - fclose($fp); - } else { - echo "\nInvalid password entered. Please try again.\n"; - } - } + if($data) { + $fd = fopen($g['conf_path'] . "/config.xml.tmp", "w"); + fwrite($fd, $data); + fclose($fd); + exec("/bin/mv {$g['conf_path']}/config.xml.tmp {$g['conf_path']}/config.xml"); + echo "\nConfig.xml unlocked.\n"; + fclose($fp); + } else { + echo "\nInvalid password entered. Please try again.\n"; } } } @@ -92,9 +95,10 @@ function encrypted_configxml() { ******/ function parse_config($parse = false) { global $g, $config_parsed, $config_extra; - + $lockkey = lock('config'); $config_parsed = false; + if (!file_exists("{$g['conf_path']}/config.xml") || filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { @@ -106,37 +110,25 @@ function parse_config($parse = false) { die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); } } - if($g['booting']) echo "."; + + if($g['booting']) + echo "."; + // Check for encrypted config.xml encrypted_configxml(); + if(!$parse) { - if(file_exists($g['tmp_path'] . '/config.cache')) { + if (file_exists($g['tmp_path'] . '/config.cache')) { $config = unserialize(file_get_contents($g['tmp_path'] . '/config.cache')); - if(is_null($config)) { - unlock($lockkey); - parse_config(true); - $lockkey = lock('config'); - } - } else { - if(!file_exists($g['conf_path'] . "/config.xml")) { - log_error("No config.xml found, attempting last known config restore."); - file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); - $last_backup = discover_last_backup(); - if ($last_backup) - restore_backup("/cf/conf/backup/{$last_backup}"); - else { - log_error("Could not restore config.xml."); - unlock($lockkey); - die("Config.xml is corrupted and is 0 bytes. Could not restore a previous backup."); - } - } - unlock($lockkey); - $config = parse_config(true); - $lockkey = lock('config'); - } - } else { + if (is_null($config)) + $parse = true; + } else + $parse = true; + } + if ($parse == true) { if(!file_exists($g['conf_path'] . "/config.xml")) { - if($g['booting']) echo "."; + if($g['booting']) + echo "."; log_error("No config.xml found, attempting last known config restore."); file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); $last_backup = discover_last_backup(); @@ -149,7 +141,7 @@ function parse_config($parse = false) { } } $config = parse_xml_config($g['conf_path'] . '/config.xml', array($g['xml_rootobj'], 'pfsense')); - if($config == "-1") { + if($config == -1) { $last_backup = discover_last_backup(); if ($last_backup) restore_backup("/cf/conf/backup/{$last_backup}"); @@ -161,11 +153,15 @@ function parse_config($parse = false) { } generate_config_cache($config); } - if($g['booting']) echo "."; - alias_make_table($config); + + if($g['booting']) + echo "."; + $config_parsed = true; unlock($lockkey); + alias_make_table($config); + return $config; } @@ -226,7 +222,8 @@ function restore_backup($file) { function parse_config_bootup() { global $config, $g; - if($g['booting']) echo "."; + if($g['booting']) + echo "."; $lockkey = lock('config'); if (!file_exists("{$g['conf_path']}/config.xml")) { @@ -250,6 +247,7 @@ function parse_config_bootup() { } if(!file_exists("{$g['conf_path']}/config.xml")) { echo "XML configuration file not found. {$g['product_name']} cannot continue booting.\n"; + unlock($lockkey); mwexec("/sbin/halt"); exit; } -- cgit v1.1 From 2cd8d942d64d090e5672dd963eb75012a8242330 Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Sun, 2 Jan 2011 15:30:44 -0500 Subject: Ticket #1141. Add necessary stuff for smtp auth using sasl --- etc/inc/basic_sasl_client.inc | 61 +++++++++++++ etc/inc/cram_md5_sasl_client.inc | 67 +++++++++++++++ etc/inc/digest_sasl_client.inc | 135 +++++++++++++++++++++++++++++ etc/inc/login_sasl_client.inc | 69 +++++++++++++++ etc/inc/notices.inc | 3 +- etc/inc/ntlm_sasl_client.inc | 180 +++++++++++++++++++++++++++++++++++++++ etc/inc/plain_sasl_client.inc | 99 +++++++++++++++++++++ 7 files changed, 613 insertions(+), 1 deletion(-) create mode 100644 etc/inc/basic_sasl_client.inc create mode 100644 etc/inc/cram_md5_sasl_client.inc create mode 100644 etc/inc/digest_sasl_client.inc create mode 100644 etc/inc/login_sasl_client.inc create mode 100644 etc/inc/ntlm_sasl_client.inc create mode 100644 etc/inc/plain_sasl_client.inc (limited to 'etc/inc') diff --git a/etc/inc/basic_sasl_client.inc b/etc/inc/basic_sasl_client.inc new file mode 100644 index 0000000..b2972b5 --- /dev/null +++ b/etc/inc/basic_sasl_client.inc @@ -0,0 +1,61 @@ +state!=SASL_BASIC_STATE_START) + { + $client->error="Basic authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array( + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + $message=$this->credentials["user"].":".$this->credentials["password"]; + $this->state=SASL_BASIC_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_BASIC_STATE_DONE: + $client->error="Basic authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid Basic authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file diff --git a/etc/inc/cram_md5_sasl_client.inc b/etc/inc/cram_md5_sasl_client.inc new file mode 100644 index 0000000..69bd625 --- /dev/null +++ b/etc/inc/cram_md5_sasl_client.inc @@ -0,0 +1,67 @@ +state!=SASL_CRAM_MD5_STATE_START) + { + $client->error="CRAM-MD5 authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_CRAM_MD5_STATE_RESPOND_CHALLENGE: + $message=$this->credentials["user"]." ".$this->HMACMD5($this->credentials["password"], $response); + $this->state=SASL_CRAM_MD5_STATE_DONE; + break; + case SASL_CRAM_MD5_STATE_DONE: + $client->error="CRAM-MD5 authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid CRAM-MD5 authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file diff --git a/etc/inc/digest_sasl_client.inc b/etc/inc/digest_sasl_client.inc new file mode 100644 index 0000000..924887d --- /dev/null +++ b/etc/inc/digest_sasl_client.inc @@ -0,0 +1,135 @@ +H($secret.':'.$data); + } + + Function Initialize(&$client) + { + return(1); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_DIGEST_STATE_START) + { + $client->error='Digest authentication state is not at the start'; + return(SASL_FAIL); + } + $this->credentials=array( + 'user'=>'', + 'password'=>'', + 'uri'=>'', + 'method'=>'', + 'session'=>'' + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_DIGEST_STATE_RESPOND_CHALLENGE; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_DIGEST_STATE_RESPOND_CHALLENGE: + $values=explode(',',$response); + $parameters=array(); + for($v=0; $vcredentials['user'].'"'; + if(!IsSet($parameters[$p='realm']) + && !IsSet($parameters[$p='nonce'])) + { + $client->error='Digest authentication parameter '.$p.' is missing from the server response'; + return(SASL_FAIL); + } + $message.=', realm='.$parameters['realm']; + $message.=', nonce='.$parameters['nonce']; + $message.=', uri="'.$this->credentials['uri'].'"'; + if(IsSet($parameters['algorithm'])) + { + $algorithm=$this->unq($parameters['algorithm']); + $message.=', algorithm='.$parameters['algorithm']; + } + else + $algorithm=''; + + $realm=$this->unq($parameters['realm']); + $nonce=$this->unq($parameters['nonce']); + if(IsSet($parameters['qop'])) + { + switch($qop=$this->unq($parameters['qop'])) + { + case "auth": + $cnonce=$this->credentials['session']; + break; + default: + $client->error='Digest authentication quality of protection '.$qop.' is not yet supported'; + return(SASL_FAIL); + } + } + $nc_value='00000001'; + if(IsSet($parameters['qop']) + && !strcmp($algorithm, 'MD5-sess')) + $A1=$this->H($this->credentials['user'].':'. $realm.':'. $this->credentials['password']).':'.$nonce.':'.$cnonce; + else + $A1=$this->credentials['user'].':'. $realm.':'. $this->credentials['password']; + $A2=$this->credentials['method'].':'.$this->credentials['uri']; + if(IsSet($parameters['qop'])) + $response=$this->KD($this->H($A1), $nonce.':'. $nc_value.':'. $cnonce.':'. $qop.':'. $this->H($A2)); + else + $response=$this->KD($this->H($A1), $nonce.':'. $this->H($A2)); + $message.=', response="'.$response.'"'; + if(IsSet($parameters['opaque'])) + $message.=', opaque='.$parameters['opaque']; + if(IsSet($parameters['qop'])) + $message.=', qop="'.$qop.'"'; + $message.=', nc='.$nc_value; + if(IsSet($parameters['qop'])) + $message.=', cnonce="'.$cnonce.'"'; + $client->encode_response=0; + $this->state=SASL_DIGEST_STATE_DONE; + break; + case SASL_DIGEST_STATE_DONE: + $client->error='Digest authentication was finished without success'; + return(SASL_FAIL); + default: + $client->error='invalid Digest authentication step state'; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file diff --git a/etc/inc/login_sasl_client.inc b/etc/inc/login_sasl_client.inc new file mode 100644 index 0000000..923d16e --- /dev/null +++ b/etc/inc/login_sasl_client.inc @@ -0,0 +1,69 @@ +state!=SASL_LOGIN_STATE_START) + { + $client->error="LOGIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"" + ); + $defaults=array( + "realm"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_LOGIN_STATE_IDENTIFY_USER; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_LOGIN_STATE_IDENTIFY_USER: + $message=$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : ""); + $this->state=SASL_LOGIN_STATE_IDENTIFY_PASSWORD; + break; + case SASL_LOGIN_STATE_IDENTIFY_PASSWORD: + $message=$this->credentials["password"]; + $this->state=SASL_LOGIN_STATE_DONE; + break; + case SASL_LOGIN_STATE_DONE: + $client->error="LOGIN authentication was finished without success"; + break; + default: + $client->error="invalid LOGIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index 34cbd82..aa3a33e 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -283,6 +283,7 @@ function notify_via_smtp($message) { return; } + require_once("sasl.inc"); require_once("smtp.inc"); $smtp = new smtp_class; @@ -379,4 +380,4 @@ function register_via_growl() { } } -?> \ No newline at end of file +?> diff --git a/etc/inc/ntlm_sasl_client.inc b/etc/inc/ntlm_sasl_client.inc new file mode 100644 index 0000000..406edf2 --- /dev/null +++ b/etc/inc/ntlm_sasl_client.inc @@ -0,0 +1,180 @@ +"mcrypt", + "mhash"=>"mhash" + ); + $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; + return(0); + } + return(1); + } + + Function ASCIIToUnicode($ascii) + { + for($unicode="",$a=0;$aASCIIToUnicode($password); + $md4=mhash(MHASH_MD4,$unicode); + $padded=$md4.str_repeat(chr(0),21-strlen($md4)); + $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); + $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); + for($response="",$third=0;$third<21;$third+=7) + { + for($packed="",$p=$third;$p<$third+7;$p++) + $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); + for($key="",$p=0;$pASCIIToUnicode($domain); + $domain_length=strlen($domain_unicode); + $domain_offset=64; + $user_unicode=$this->ASCIIToUnicode($user); + $user_length=strlen($user_unicode); + $user_offset=$domain_offset+$domain_length; + $workstation_unicode=$this->ASCIIToUnicode($workstation); + $workstation_length=strlen($workstation_unicode); + $workstation_offset=$user_offset+$user_length; + $lm=""; + $lm_length=strlen($lm); + $lm_offset=$workstation_offset+$workstation_length; + $ntlm=$ntlm_response; + $ntlm_length=strlen($ntlm); + $ntlm_offset=$lm_offset+$lm_length; + $session=""; + $session_length=strlen($session); + $session_offset=$ntlm_offset+$ntlm_length; + return( + "NTLMSSP\0". + "\x03\x00\x00\x00". + pack("v",$lm_length). + pack("v",$lm_length). + pack("V",$lm_offset). + pack("v",$ntlm_length). + pack("v",$ntlm_length). + pack("V",$ntlm_offset). + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$user_length). + pack("v",$user_length). + pack("V",$user_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + pack("v",$session_length). + pack("v",$session_length). + pack("V",$session_offset). + "\x01\x02\x00\x00". + $domain_unicode. + $user_unicode. + $workstation_unicode. + $lm. + $ntlm + ); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_NTLM_STATE_START) + { + $client->error="NTLM authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "workstation"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_NTLM_STATE_IDENTIFY_DOMAIN: + $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE; + break; + case SASL_NTLM_STATE_RESPOND_CHALLENGE: + $ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]); + $message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_DONE; + break; + case SASL_NTLM_STATE_DONE: + $client->error="NTLM authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid NTLM authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file diff --git a/etc/inc/plain_sasl_client.inc b/etc/inc/plain_sasl_client.inc new file mode 100644 index 0000000..c7feed0 --- /dev/null +++ b/etc/inc/plain_sasl_client.inc @@ -0,0 +1,99 @@ +state!=SASL_PLAIN_STATE_START) + { + $client->error="PLAIN authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "mode"=>"" + ); + $defaults=array( + "realm"=>"", + "mode"=>"" + ); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + { + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + $this->state=SASL_PLAIN_STATE_DONE; + } + else + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { +/* + case SASL_PLAIN_STATE_IDENTIFY: + switch($this->credentials["mode"]) + { + case SASL_PLAIN_EXIM_MODE: + $message=$this->credentials["user"]."\0".$this->credentials["password"]."\0"; + break; + case SASL_PLAIN_EXIM_DOCUMENTATION_MODE: + $message="\0".$this->credentials["user"]."\0".$this->credentials["password"]; + break; + default: + $message=$this->credentials["user"]."\0".$this->credentials["user"].(strlen($this->credentials["realm"]) ? "@".$this->credentials["realm"] : "")."\0".$this->credentials["password"]; + break; + } + var_dump($message); + $this->state=SASL_PLAIN_STATE_DONE; + break; +*/ + case SASL_PLAIN_STATE_DONE: + $client->error="PLAIN authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid PLAIN authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> \ No newline at end of file -- cgit v1.1 From 1edfb2de94a09dc0d56f4e4453553f06c948a84a Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Sun, 2 Jan 2011 15:34:45 -0500 Subject: Ticket #1141. Typo error, use ->user to enable auth --- etc/inc/notices.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index aa3a33e..0cbf5fd 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -307,7 +307,7 @@ function notify_via_smtp($message) { if($config['notifications']['smtp']['username'] && $config['notifications']['smtp']['password']) { $smtp->authentication_mechanism = "PLAIN"; - $smtp->username = $config['notifications']['smtp']['username']; + $smtp->user = $config['notifications']['smtp']['username']; $smtp->password = $config['notifications']['smtp']['password']; } -- cgit v1.1 From c8d23069345a11029fe0a2dac897449b9e07f100 Mon Sep 17 00:00:00 2001 From: gnhb Date: Mon, 3 Jan 2011 20:18:24 +0700 Subject: Reshuffle code a bit. Prevent potential race condition between one mpd instance shutting down and the second one starting. There's no need to kill mpd before restarting it since we always start it with the "-k" flag which means "wait for existing mpd process to exit gracefully before starting." --- etc/inc/interfaces.inc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 0a5e00a..d0ff066 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -917,13 +917,15 @@ function interface_bring_down($interface = "wan", $destroy = false) { if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { + if (isset($ppp['ondemand']) && !$destroy){ + send_event("interface reconfigure {$interface}"); + break; + } if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) { killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"); - sleep(5); + sleep(2); } unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf"); - if (isset($ppp['ondemand']) && !$destroy) - send_event("interface reconfigure {$interface}"); break; } } -- cgit v1.1 From 5e1f9bb4f10094a1b12c59706429d48d62434db0 Mon Sep 17 00:00:00 2001 From: gnhb Date: Mon, 3 Jan 2011 20:21:31 +0700 Subject: Remove uncessesary function call. This function call is extraneous. mpd will automatically shut down existing mpd processes gracefully because we call it with the "-k" command line switch. In addition, this call causes mpd to be started twice in rapid succession when users have "dial on demand" enabled. This can lead to problems with orphaned netgraph nodes which can only be cleaned up via reboot. --- etc/inc/interfaces.inc | 1 - 1 file changed, 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index d0ff066..de95433 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2459,7 +2459,6 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven case 'l2tp': case 'pptp': case 'ppp': - interface_bring_down($interface, true); break; default: interface_bring_down($interface); -- cgit v1.1 From 3dfc2d1a82e68f81856427316973f3fe480d603b Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 3 Jan 2011 19:45:16 +0000 Subject: When the parent interface of a pppoe is assigned do not remove the interface from ng_ether since this will break ppp clients of netgraph with this interface as parent. This solves http://forum.pfsense.org/index.php/topic,31247.75.html --- etc/inc/interfaces.inc | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index de95433..2d16927 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -103,18 +103,30 @@ function interface_netgraph_needed($interface = "wan") { break; } } - if ($found == false && !empty($config['interfaces'][$interface])) { - switch ($config['interfaces'][$interface]['ipaddr']) { - case "ppp": - case "pppoe": - case "l2tp": - case "pptp": - $found = true; - break; - default: - $found = false; - break; - } + if ($found == false) { + if (!empty($config['interfaces'][$interface])) { + switch ($config['interfaces'][$interface]['ipaddr']) { + case "ppp": + case "pppoe": + case "l2tp": + case "pptp": + $found = true; + break; + default: + $found = false; + break; + } + } else { + $realif = get_real_interface($interface); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + $found = true; + break; + } + } + } + } } if ($found == false) { -- cgit v1.1 From e1daff07b2f35197abb977437cbb317097423f6f Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 3 Jan 2011 21:49:24 +0000 Subject: Use glob instead of forking cat with glob patterns. Also use file() instead of forking cat just for reading a file. This might help with the issue reported on Ticket #943 which seems like a timing issue even though the dns events happen before newip events. --- etc/inc/system.inc | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index d95875d..7b6bfe7 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -86,12 +86,6 @@ function system_resolvconf_generate($dynupdate = false) { $syscfg = $config['system']; - $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); - if (!$fd) { - printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); - return 1; - } - $resolvconf = "domain {$syscfg['domain']}\n"; $havedns = false; @@ -122,6 +116,12 @@ function system_resolvconf_generate($dynupdate = false) { } } + $fd = fopen("{$g['varetc_path']}/resolv.conf", "w"); + if (!$fd) { + printf("Error: cannot open resolv.conf in system_resolvconf_generate().\n"); + return 1; + } + fwrite($fd, $resolvconf); fclose($fd); @@ -158,7 +158,7 @@ function get_searchdomains() { $master_list = array(); // Read in dhclient nameservers - $search_list = split("\n", `/bin/cat /var/etc/searchdomain_* 2>/dev/null`); + $search_list = glob("/var/etc/searchdomain_*"); if (is_array($search_lists)) { foreach($search_lists as $dns) { if(is_hostname($dns)) @@ -174,7 +174,7 @@ function get_nameservers() { $master_list = array(); // Read in dhclient nameservers - $dns_lists = split("\n", `/bin/cat /var/etc/nameserver_* 2>/dev/null`); + $dns_lists = glob("/var/etc/nameserver_*"); if (is_array($dns_lists)) { foreach($dns_lists as $dns) { if(is_ipaddr($dns)) @@ -185,10 +185,12 @@ function get_nameservers() { // Read in any extra nameservers if(file_exists("/var/etc/nameservers.conf")) { $dns_lists = split("\n", `/bin/cat /var/etc/nameservers.conf`); - if(is_array($dns_s)) + $dns_lists = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if(is_array($dns_s)) { foreach($dns_s as $dns) if (is_ipaddr($dns)) $master_list[] = $dns; + } } return $master_list; @@ -1477,4 +1479,4 @@ function system_get_dmesg_boot() { return file_get_contents("{$g['varlog_path']}/dmesg.boot"); } -?> \ No newline at end of file +?> -- cgit v1.1 From 33818198764b936e47409940adde511f58b56f43 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 3 Jan 2011 21:51:47 +0000 Subject: Oops remove forgotten line and correct variable name error that seems to have existed from long time. Even though the file read is not used in pfSense this days! --- etc/inc/system.inc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 7b6bfe7..ad7a9ef 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -184,8 +184,7 @@ function get_nameservers() { // Read in any extra nameservers if(file_exists("/var/etc/nameservers.conf")) { - $dns_lists = split("\n", `/bin/cat /var/etc/nameservers.conf`); - $dns_lists = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + $dns_s = file("/var/etc/nameservers.conf", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if(is_array($dns_s)) { foreach($dns_s as $dns) if (is_ipaddr($dns)) -- cgit v1.1 From e7c9af97eaf93d74284e1fb5cbfba79171138acd Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Mon, 3 Jan 2011 17:47:08 -0500 Subject: Ticket #1141. Add missing sasl.inc --- etc/inc/sasl.inc | 422 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 422 insertions(+) create mode 100644 etc/inc/sasl.inc (limited to 'etc/inc') diff --git a/etc/inc/sasl.inc b/etc/inc/sasl.inc new file mode 100644 index 0000000..d64442e --- /dev/null +++ b/etc/inc/sasl.inc @@ -0,0 +1,422 @@ + + + + net.manuellemos.sasl + + @(#) $Id: sasl.php,v 1.11 2005/10/31 18:43:27 mlemos Exp $ + Copyright © (C) Manuel Lemos 2004 + Simple Authentication and Security Layer client + Manuel Lemos + mlemos-at-acm.org + + + en + Provide a common interface to plug-in driver classes that + implement different mechanisms for authentication used by clients of + standard protocols like SMTP, POP3, IMAP, HTTP, etc.. Currently the + supported authentication mechanisms are: PLAIN, + LOGIN, CRAM-MD5, Digest and NTML + (Windows or Samba). + . + + +{/metadocument} +*/ + +class sasl_client_class +{ + /* Public variables */ + +/* +{metadocument} + + error + STRING + + + Store the message that is returned when an error + occurs. + Check this variable to understand what happened when a call to + any of the class functions has failed. + This class uses cumulative error handling. This means that if one + class functions that may fail is called and this variable was + already set to an error message due to a failure in a previous call + to the same or other function, the function will also fail and does + not do anything. + This allows programs using this class to safely call several + functions that may fail and only check the failure condition after + the last function call. + Just set this variable to an empty string to clear the error + condition. + + +{/metadocument} +*/ + var $error=''; + +/* +{metadocument} + + mechanism + STRING + + + Store the name of the mechanism that was selected during the + call to the Start function. + You can access this variable but do not change it. + + +{/metadocument} +*/ + var $mechanism=''; + +/* +{metadocument} + + encode_response + BOOLEAN + 1 + + Let the drivers inform the applications whether responses + need to be encoded. + Applications should check this variable before sending + authentication responses to the server to determine if the + responses need to be encoded, eventually with base64 algorithm. + + +{/metadocument} +*/ + var $encode_response=1; + + /* Private variables */ + + var $driver; + var $drivers=array( + "Digest" => array("digest_sasl_client_class", "digest_sasl_client.inc" ), + "CRAM-MD5" => array("cram_md5_sasl_client_class", "cram_md5_sasl_client.inc" ), + "LOGIN" => array("login_sasl_client_class", "login_sasl_client.inc" ), + "NTLM" => array("ntlm_sasl_client_class", "ntlm_sasl_client.inc" ), + "PLAIN" => array("plain_sasl_client_class", "plain_sasl_client.inc" ), + "Basic" => array("basic_sasl_client_class", "basic_sasl_client.inc" ) + ); + var $credentials=array(); + + /* Public functions */ + +/* +{metadocument} + + SetCredential + VOID + + Store the value of a credential that may be used by any of + the supported mechanisms to process the authentication messages and + responses. + Call this function before starting the authentication dialog + to pass all the credential values that be needed to use the type + of authentication that the applications may need. + . + + + key + STRING + + Specify the name of the credential key. + + + + value + STRING + + Specify the value for the credential. + + + +{/metadocument} +*/ + Function SetCredential($key,$value) + { + $this->credentials[$key]=$value; + } +/* +{metadocument} + + +{/metadocument} +*/ + +/* +{metadocument} + + GetCredentials + INTEGER + + Retrieve the values of one or more credentials to be used by + the authentication mechanism classes. + This is meant to be used by authentication mechanism driver + classes to retrieve the credentials that may be neede. + The function may return SASL_CONTINUE if it + succeeded, or SASL_NOMECH if it was not possible to + retrieve one of the requested credentials. + + + credentials + HASH + + Reference to an associative array variable with all the + credentials that are being requested. The function initializes + this associative array values. + + + + defaults + HASH + + Associative arrays with default values for credentials + that may have not been defined. + + + + interactions + ARRAY + + Not yet in use. It is meant to provide context + information to retrieve credentials that may be obtained + interacting with the user. + + + +{/metadocument} +*/ + Function GetCredentials(&$credentials,$defaults,&$interactions) + { + Reset($credentials); + $end=(GetType($key=Key($credentials))!="string"); + for(;!$end;) + { + if(!IsSet($this->credentials[$key])) + { + if(IsSet($defaults[$key])) + $credentials[$key]=$defaults[$key]; + else + { + $this->error="the requested credential ".$key." is not defined"; + return(SASL_NOMECH); + } + } + else + $credentials[$key]=$this->credentials[$key]; + Next($credentials); + $end=(GetType($key=Key($credentials))!="string"); + } + return(SASL_CONTINUE); + } +/* +{metadocument} + + +{/metadocument} +*/ + +/* +{metadocument} + + Start + INTEGER + + Process the initial authentication step initializing the + driver class that implements the first of the list of requested + mechanisms that is supported by this SASL client library + implementation. + Call this function specifying a list of mechanisms that the + server supports. If the + message + Start + argument returns a string, it should be sent to + the server as initial message. Check the + encode_response variable to determine + whether the initial message needs to be encoded, eventually with + base64 algorithm, before it is sent to the server. + The function may return SASL_CONTINUE if it + could start one of the requested authentication mechanisms. It + may return SASL_NOMECH if it was not possible to start + any of the requested mechanisms. It returns SASL_FAIL or + other value in case of error. + + + mechanisms + ARRAY + + + Define the list of names of authentication mechanisms + supported by the that should be tried. + + + + message + STRING + + + Return the initial message that should be sent to the + server to start the authentication dialog. If this value is + undefined, no message should be sent to the server. + + + + interactions + ARRAY + + Not yet in use. It is meant to provide context + information to interact with the end user. + + + +{/metadocument} +*/ + Function Start($mechanisms, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + if(IsSet($this->driver)) + return($this->driver->Start($this,$message,$interactions)); + $no_mechanism_error=""; + for($m=0;$mdrivers[$mechanism])) + { + if(!class_exists($this->drivers[$mechanism][0])) + require(dirname(__FILE__)."/".$this->drivers[$mechanism][1]); + $this->driver=new $this->drivers[$mechanism][0]; + if($this->driver->Initialize($this)) + { + $this->encode_response=1; + $status=$this->driver->Start($this,$message,$interactions); + switch($status) + { + case SASL_NOMECH: + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + break; + case SASL_CONTINUE: + $this->mechanism=$mechanism; + return($status); + default: + Unset($this->driver); + $this->error=""; + return($status); + } + } + else + { + Unset($this->driver); + if(strlen($no_mechanism_error)==0) + $no_mechanism_error=$this->error; + $this->error=""; + } + } + } + $this->error=(strlen($no_mechanism_error) ? $no_mechanism_error : "it was not requested any of the authentication mechanisms that are supported"); + return(SASL_NOMECH); + } +/* +{metadocument} + + +{/metadocument} +*/ + +/* +{metadocument} + + Step + INTEGER + + Process the authentication steps after the initial step, + until the authetication iteration dialog is complete. + Call this function iteratively after a successful initial + step calling the Start function. + The function returns SASL_CONTINUE if step was + processed successfully, or returns SASL_FAIL in case of + error. + + + response + STRING + + + Pass the response returned by the server to the previous + step. + + + + message + STRING + + + Return the message that should be sent to the server to + continue the authentication dialog. If this value is undefined, + no message should be sent to the server. + + + + interactions + ARRAY + + Not yet in use. It is meant to provide context + information to interact with the end user. + + + +{/metadocument} +*/ + Function Step($response, &$message, &$interactions) + { + if(strlen($this->error)) + return(SASL_FAIL); + return($this->driver->Step($this,$response,$message,$interactions)); + } +/* +{metadocument} + + +{/metadocument} +*/ + +}; + +/* + +{metadocument} + +{/metadocument} + +*/ + +?> -- cgit v1.1 From aa7c49b9d7628858f1510c184f8409f2eeeb08ad Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 3 Jan 2011 22:48:55 +0000 Subject: Ticket #943. Sleep 1 second to give dns time to reload. --- etc/inc/dyndns.class | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/dyndns.class b/etc/inc/dyndns.class index 785c902..da8844e 100644 --- a/etc/inc/dyndns.class +++ b/etc/inc/dyndns.class @@ -827,10 +827,7 @@ log_error("DynDns: Current WAN IP: {$wan_ip}"); if (file_exists($this->_cacheFile)) { - if(file_exists($this->_cacheFile)) - $contents = file_get_contents($this->_cacheFile); - else - $contents = ""; + $contents = file_get_contents($this->_cacheFile); list($cacheIP,$cacheTime) = split(':', $contents); $this->_debug($cacheIP.'/'.$cacheTime); $initial = false; @@ -933,4 +930,4 @@ } -?> \ No newline at end of file +?> -- cgit v1.1 From abe7607f691caeb40518c63eb8c9cc8a847af424 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 4 Jan 2011 12:27:23 -0500 Subject: Add sysctl for maximum socket buffer sizing. Set to 42621444. This is needed for some heavily loaded servers running unbound, squid, etc --- etc/inc/globals.inc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 8afab4a..bf01a11 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -3,7 +3,7 @@ /* globals.inc part of pfSense (www.pfsense.com) - Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich Originally Part of m0n0wall Copyright (C) 2003-2004 Manuel Kasper . @@ -159,9 +159,10 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.log_debug" => "0", "net.inet.tcp.tso" => "1", "net.inet.icmp.icmplim" => "0", - "vfs.read_max" => "32" + "vfs.read_max" => "32", + "kern.ipc.maxsockbuf" => "4262144" ); $config_parsed = false; -?> +?> \ No newline at end of file -- cgit v1.1 From 807fd6cd358c71dd48fb7766e49f05f86b93d3fb Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 4 Jan 2011 18:32:52 +0000 Subject: Unbreak dns server colletion. Pointyhat: myself --- etc/inc/system.inc | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index ad7a9ef..bdd8157 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -160,9 +160,14 @@ function get_searchdomains() { // Read in dhclient nameservers $search_list = glob("/var/etc/searchdomain_*"); if (is_array($search_lists)) { - foreach($search_lists as $dns) { - if(is_hostname($dns)) - $master_list[] = $dns; + foreach($search_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_hostname($dns)) + $master_list[] = $dns; + } } } @@ -176,9 +181,14 @@ function get_nameservers() { // Read in dhclient nameservers $dns_lists = glob("/var/etc/nameserver_*"); if (is_array($dns_lists)) { - foreach($dns_lists as $dns) { - if(is_ipaddr($dns)) - $master_list[] = $dns; + foreach($dns_lists as $fdns) { + $contents = file($fdns, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (!is_array($contents)) + continue; + foreach ($contents as $dns) { + if(is_ipaddr($dns)) + $master_list[] = $dns; + } } } -- cgit v1.1 From 64c8631376075d3a01da3d0d388c82f927578943 Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Tue, 4 Jan 2011 21:15:00 +0200 Subject: Add kern.ipc.maxsockbuf to upgrade config and remove extra whitespace. --- etc/inc/upgrade_config.inc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 58b613b..cdcc0cc 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -709,10 +709,14 @@ function upgrade_040_to_041() { $config['sysctl']['item'][19]['descr'] = "Set the ephemeral port range starting port"; $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot "; + $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot"; $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; $config['sysctl']['item'][20]['value'] = "default"; + $config['sysctl']['item'][20]['tunable'] = "kern.ipc.maxsockbuf"; + $config['sysctl']['item'][20]['descr'] = "Maximum socket buffer size"; + $config['sysctl']['item'][20]['value'] = "default"; + } } -- cgit v1.1 From 99fbc94a86254119a9c3bc01cc376495daf73e9e Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Tue, 4 Jan 2011 21:16:14 +0200 Subject: Forgot to up the array count. --- etc/inc/upgrade_config.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index cdcc0cc..a48c2b2 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -713,9 +713,9 @@ function upgrade_040_to_041() { $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; $config['sysctl']['item'][20]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "kern.ipc.maxsockbuf"; - $config['sysctl']['item'][20]['descr'] = "Maximum socket buffer size"; - $config['sysctl']['item'][20]['value'] = "default"; + $config['sysctl']['item'][21]['tunable'] = "kern.ipc.maxsockbuf"; + $config['sysctl']['item'][21]['descr'] = "Maximum socket buffer size"; + $config['sysctl']['item'][21]['value'] = "default"; } } -- cgit v1.1 From e7af9a80c63c9c8837c53b77b024cc4da75d4b38 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 5 Jan 2011 20:41:12 +0000 Subject: Send a HUP to racoon which is equivalent to the reload-config racoonctl command which seems to not work in 0.7.3 of ipsec-tools. --- etc/inc/vpn.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 3022e60..88fee3d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -880,7 +880,9 @@ EOD; /* mange racoon process */ if (is_process_running("racoon")) { sleep("0.1"); - mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + /* XXX: This seems to not work in ipsec-tools 0.7.3 but a HUP signal is equivalent. */ + //mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); + mwexec("/bin/pkill -HUP -x racoon"); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { -- cgit v1.1 From 6ae19856e03a55a90192b1ba3d7acae98ff478bb Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 5 Jan 2011 20:43:45 +0000 Subject: Actually use sigkillbypid. --- etc/inc/vpn.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 88fee3d..e4b49ec 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -882,7 +882,7 @@ EOD; sleep("0.1"); /* XXX: This seems to not work in ipsec-tools 0.7.3 but a HUP signal is equivalent. */ //mwexec("/usr/local/sbin/racoonctl -s /var/db/racoon/racoon.sock reload-config", false); - mwexec("/bin/pkill -HUP -x racoon"); + sigkillbypid("{$g['varrun_path']}/racoon.pid", "HUP"); /* load SPD without flushing to be safe on config additions or changes. */ mwexec("/usr/local/sbin/setkey -f {$g['varetc_path']}/spd.conf", false); } else { -- cgit v1.1 From 7d62c4c873a03ea2458f1b06a8318bd7943c6e8f Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 5 Jan 2011 21:10:48 +0000 Subject: Ticket #491. Correct username/password name fields so upgrade works correctly. --- etc/inc/upgrade_config.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index a48c2b2..c25cce8 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1086,8 +1086,8 @@ function upgrade_047_to_048() { $tempdyn['enable'] = isset($config['dyndns'][0]['enable']); $tempdyn['type'] = $config['dyndns'][0]['type']; $tempdyn['wildcard'] = isset($config['dyndns'][0]['wildcard']); - $tempdyn['usernamefld'] = $config['dyndns'][0]['username']; - $tempdyn['passwordfld'] = $config['dyndns'][0]['password']; + $tempdyn['username'] = $config['dyndns'][0]['username']; + $tempdyn['password'] = $config['dyndns'][0]['password']; $tempdyn['host'] = $config['dyndns'][0]['host']; $tempdyn['mx'] = $config['dyndns'][0]['mx']; $tempdyn['interface'] = "wan"; -- cgit v1.1 From 9b1936193f0adfda87b060a5fb19270232f169a5 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 5 Jan 2011 16:44:30 -0500 Subject: Reinstall packages on bootup during console. Ticket #1156 --- etc/inc/pkg-utils.inc | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 708b897..8dc8ae4 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1096,4 +1096,26 @@ function squash_from_bytes($size, $round = "") { return; } +function pkg_reinstall_all() { + global $g, $config; + $pkg_id = 0; + $todo = array(); + if ($config['installedpackages']['package']) + exec("rm -rf /var/db/pkg/*"); + if (is_array($config['installedpackages']['package'])) + foreach($config['installedpackages']['package'] as $package) + $todo[] = array('name' => $package['name'], 'version' => $package['version']); + echo "One moment please, reinstalling packages...\n"; + if(is_array($todo)) { + foreach($todo as $pkgtodo) { + $static_output = ""; + if($pkgtodo['name']) { + uninstall_package($pkgtodo['name']); + install_package($pkgtodo['name']); + $pkg_id++; + } + } + } +} + ?> \ No newline at end of file -- cgit v1.1 From 9d308f58dadc5ba1a33a2ac7cb12cc898e7e70e1 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Wed, 5 Jan 2011 16:50:08 -0500 Subject: Do not nuke /var/db/pkg now that 2.0 has better handling --- etc/inc/pkg-utils.inc | 2 -- 1 file changed, 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 8dc8ae4..5e0f281 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1100,8 +1100,6 @@ function pkg_reinstall_all() { global $g, $config; $pkg_id = 0; $todo = array(); - if ($config['installedpackages']['package']) - exec("rm -rf /var/db/pkg/*"); if (is_array($config['installedpackages']['package'])) foreach($config['installedpackages']['package'] as $package) $todo[] = array('name' => $package['name'], 'version' => $package['version']); -- cgit v1.1 From d865241eddda66e39cea4e1408171f83d593b3d2 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 6 Jan 2011 13:46:13 -0500 Subject: Don't run mb_convert_encoding on descr field, it's cdata protected in the config now and this just causes some characters to be lost on input. Ticket #1168 --- etc/inc/easyrule.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 0679060..c62f76b 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -166,7 +166,7 @@ function easyrule_block_alias_add($host, $int = 'wan') { /* Create a new alias with all the proper information */ $alias['name'] = $blockaliasname . strtoupper($int); $alias['type'] = 'network'; - $alias['descr'] = mb_convert_encoding("Hosts blocked from Firewall Log view","HTML-ENTITIES","auto"); + $alias['descr'] = "Hosts blocked from Firewall Log view"; $alias['address'] = $host . '/32'; $alias['detail'] = 'Entry added ' . date('r') . '||'; -- cgit v1.1 From 72b7aa4a8ebb397c21f923cc43a2fa6071a907e6 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 6 Jan 2011 13:53:38 -0500 Subject: Also CDATA protect the detail field. Fixes #1168 --- etc/inc/xmlparse.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 75871a9..3e32d68 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -229,7 +229,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= str_repeat("\t", $indent); if((is_bool($cval) && $cval == true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; - } else if (substr($ent, 0, 5) == "descr") { + } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) { $xmlconfig .= "<$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($cval) . "\n"; @@ -253,7 +253,7 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - if (substr($ent, 0, 5) == "descr") + if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) $xmlconfig .= "<$ent>\n"; else $xmlconfig .= "<$ent>" . htmlentities($val) . "\n"; -- cgit v1.1 From ca99d6a642f55d0aa2627dd4994056cbd743db2c Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 15:55:59 -0500 Subject: Do not show already installed messages which fill up the textarea too many times --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 5e0f281..d7aa27e 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -473,7 +473,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = return false; } else { //$dependlevel++; - $static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; + //$static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; pkg_debug($working_depend[1] . "\n"); } } -- cgit v1.1 From 608b154df2d6fc15d3359261ee6ca8617e128436 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 15:58:37 -0500 Subject: Shorten repo download message --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index d7aa27e..0f3e2e5 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -451,7 +451,7 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = update_output_window($static_output); return false; } else { - $static_output .= " downloaded from {$osname} repository instead of provided one.\n"; + $static_output .= " [{$osname} repository]\n"; update_output_window($static_output); } } -- cgit v1.1 From 550fea7a19a8bba289e7a221389da534f5df4c5d Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 16:39:12 -0500 Subject: Do not unlink file, it's handled by behind the scenes pkg-utils.inc code --- etc/inc/pkg-utils.inc | 1 - 1 file changed, 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 0f3e2e5..b36dd59 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -814,7 +814,6 @@ function delete_package($pkg) { $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); - if (file_exists("{$vardb}/{$pkg}/+REQUIRED_BY") && count(file("{$vardb}/{$pkg}/+REQUIRED_BY")) > 0) { $static_output .= "Skipping package deletion for {$pkg} because it is required by other packages.\n"; update_output_window($static_output); -- cgit v1.1 From 28ed552d3d62789d08fb4422c7b8457d1aaf4248 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 16:53:32 -0500 Subject: Strip off the space between @depend and the package name. Otherwise it will return a space in front of the pkgname --- etc/inc/pkg-utils.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index b36dd59..3f44d21 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -829,7 +829,7 @@ function delete_package($pkg) { $static_output .= "done.\n"; update_output_window($static_output); foreach($info as $line) { - $depend = trim(str_replace("@pkgdep", "", $line), " \n"); + $depend = trim(str_replace("@pkgdep ", "", $line), " \n"); delete_package($depend); } -- cgit v1.1 From 64974db724dd0e6eeb4de63c63b56450a43903be Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 17:37:49 -0500 Subject: Fix package dependency check code now that we no longer nuke /var/db/pkg/ before operating on packages --- etc/inc/pkg-utils.inc | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 3f44d21..f2ee955 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -809,20 +809,36 @@ function install_package_xml($pkg) { return true; } +function does_package_depend($pkg) { + // Should not happen, but just in case. + if(!$pkg) + return; + $pkg_var_db_dir = glob("/var/db/pkg/{$pkg}*"); + // If this package has dependency then return true + foreach($pkg_var_db_dir as $pvdd) { + if (file_exists("{$vardb}/{$pvdd}/+REQUIRED_BY") && count(file("{$vardb}/{$pvdd}/+REQUIRED_BY")) > 0) + return true; + } + // Did not find a record of dependencies, so return false. + return false; +} + function delete_package($pkg) { global $config, $g, $static_output, $vardb; $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); - if (file_exists("{$vardb}/{$pkg}/+REQUIRED_BY") && count(file("{$vardb}/{$pkg}/+REQUIRED_BY")) > 0) { + // If package has dependencies then skip it + if(does_package_depend($pkg)) { $static_output .= "Skipping package deletion for {$pkg} because it is required by other packages.\n"; update_output_window($static_output); - return; + return; } else { if($pkg) $static_output .= "Starting package deletion for {$pkg}..."; - update_output_window($static_output); + update_output_window($static_output); } + $info = ""; exec("/usr/sbin/pkg_info -qrx {$pkg}", $info); remove_freebsd_package($pkg); @@ -830,7 +846,9 @@ function delete_package($pkg) { update_output_window($static_output); foreach($info as $line) { $depend = trim(str_replace("@pkgdep ", "", $line), " \n"); - delete_package($depend); + // If package has dependencies then skip it + if(!does_package_depend($depend)) + delete_package($depend); } return; -- cgit v1.1 From 86af45ecbed9fc0dddfd840c6384e015fe8a597f Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 17:48:33 -0500 Subject: Ensure $pkg is defined. Send pkg_delete errors to /tmp/pkg-delete_errors.txt --- etc/inc/pkg-utils.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index f2ee955..ea8c7d7 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -98,7 +98,7 @@ conf_mount_ro(); * ******/ function remove_freebsd_package($packagestring) { - exec("/usr/sbin/pkg_delete -x {$packagestring}"); + exec("/usr/sbin/pkg_delete -x {$packagestring} 2>>/tmp/pkg_delete_errors.txt"); } /****f* pkg-utils/is_package_installed @@ -222,6 +222,8 @@ function resync_all_package_configs($show_message = false) { * package is installed. */ function is_freebsd_pkg_installed($pkg) { + if(!$pkg) + return; $output = ""; exec("/usr/sbin/pkg_info -E \"{$pkg}*\"", $output, $retval); @@ -826,6 +828,9 @@ function does_package_depend($pkg) { function delete_package($pkg) { global $config, $g, $static_output, $vardb; + if(!$pkg) + return; + $pkg = substr(reverse_strrchr($pkg, "."), 0, -1); // If package has dependencies then skip it -- cgit v1.1 From a0e157e99484b74130a0a0b729208ca4b43b5229 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 18:02:47 -0500 Subject: When installing packages on console (downloading) only show every 10% meaning 10% 20% 30% instead of 1% 2% 3% 4% 5%, etc --- etc/inc/pfsense-utils.inc | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index cd640b7..feb32f0 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1458,6 +1458,7 @@ function read_header($ch, $string) { function read_body($ch, $string) { global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; + global $pkg_interface; $length = strlen($string); $downloaded += intval($length); if($file_size > 0) { @@ -1467,11 +1468,25 @@ function read_body($ch, $string) { $downloadProgress = 0; if($lastseen <> $downloadProgress and $downloadProgress < 101) { if($sendto == "status") { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0") { + $tostatus = $static_status . $downloadProgress . "%"; + update_status($tostatus); + } + } else { $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); + update_status($tostatus); + } } else { + if($pkg_interface == "console") { + if(substr($downloadProgress,2,1) == "0") { + $tooutput = $static_output . $downloadProgress . "%"; + update_output_window($tooutput); + } + } else { $tooutput = $static_output . $downloadProgress . "%"; update_output_window($tooutput); + } } update_progress_bar($downloadProgress); $lastseen = $downloadProgress; -- cgit v1.1 From 61f0a115ad3abaa2daefd0a22d30ee05a1dbca2f Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 18:09:14 -0500 Subject: Take into account< 10 too --- etc/inc/pfsense-utils.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index feb32f0..9a3f41d 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1469,7 +1469,7 @@ function read_body($ch, $string) { if($lastseen <> $downloadProgress and $downloadProgress < 101) { if($sendto == "status") { if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { $tostatus = $static_status . $downloadProgress . "%"; update_status($tostatus); } @@ -1479,7 +1479,7 @@ function read_body($ch, $string) { } } else { if($pkg_interface == "console") { - if(substr($downloadProgress,2,1) == "0") { + if(substr($downloadProgress,2,1) == "0" || count($downloadProgress) < 2) { $tooutput = $static_output . $downloadProgress . "%"; update_output_window($tooutput); } -- cgit v1.1 From c2272d6dfeadd2f2df7b403aa9b2bc2c019ec544 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 18:30:58 -0500 Subject: Scroll the textarea to bottom on each update --- etc/inc/pfsense-utils.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 9a3f41d..5d948de 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1504,7 +1504,9 @@ function update_output_window($text) { global $pkg_interface; $log = ereg_replace("\n", "\\n", $text); if($pkg_interface != "console") { - echo "\n"; + echo "\n"; } /* ensure that contents are written out */ ob_flush(); -- cgit v1.1 From 06e57df8b3322b9f82df70e6f226077657a583a1 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 6 Jan 2011 18:56:38 -0500 Subject: Shorten english --- etc/inc/pkg-utils.inc | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index ea8c7d7..ba46469 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -191,28 +191,34 @@ function get_pkg_sizes($pkgs = 'all') { * This function may also print output to the terminal indicating progress. */ function resync_all_package_configs($show_message = false) { - global $config, $pkg_interface; + global $config, $pkg_interface, $bootup; log_error("Resyncing configuration for all packages."); + if (!is_array($config['installedpackages']['package'])) return; + if($show_message == true) echo "Syncing packages:"; conf_mount_rw(); + foreach($config['installedpackages']['package'] as $idx => $package) { if (empty($package['name'])) continue; if($show_message == true) echo " " . $package['name']; get_pkg_depends($package['name'], "all"); - stop_service($package['name']); + if($bootup != true) + stop_service($package['name']); sync_package($idx, true, true); if($pkg_interface == "console") echo "\nSyncing packages:"; } + if($show_message == true) echo " done.\n"; + @unlink("/conf/needs_package_sync"); conf_mount_ro(); } @@ -835,7 +841,7 @@ function delete_package($pkg) { // If package has dependencies then skip it if(does_package_depend($pkg)) { - $static_output .= "Skipping package deletion for {$pkg} because it is required by other packages.\n"; + $static_output .= "Skipping package deletion for {$pkg} because it is a dependency.\n"; update_output_window($static_output); return; } else { @@ -860,7 +866,7 @@ function delete_package($pkg) { } function delete_package_xml($pkg) { - global $g, $config, $static_output, $pkg_interface; + global $g, $config, $static_output, $pkg_interface, $bootup; conf_mount_rw(); @@ -930,7 +936,8 @@ function delete_package_xml($pkg) { foreach($pkg_config['service'] as $service) { foreach($services as $key => $instservice) { if($instservice['name'] == $service['name']) { - stop_service($service['name']); + if($bootup != true) + stop_service($service['name']); unset($services[$key]); } } -- cgit v1.1 From b2b155434f2b3c87d3138fc98ac712d4e7904db3 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 7 Jan 2011 10:53:40 -0500 Subject: Need to use Unlink in tar --- etc/inc/pkg-utils.inc | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index ba46469..c789afe 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -335,7 +335,7 @@ function uninstall_package($pkg_name) { // Restore libraries that we backed up $static_output .= "Cleaning up... "; update_output_window($static_output); - exec("/usr/bin/tar xzPf /tmp/pkg_libs.tgz -C /"); + exec("/usr/bin/tar xzPfU /tmp/pkg_libs.tgz -C /"); @unlink("/tmp/pkg_libs.tgz"); } @@ -480,8 +480,6 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = if (pkg_fetch_recursive($working_depend[1], $depend_filename, $dependlevel + 1, $base_url) == false) return false; } else { - //$dependlevel++; - //$static_output .= "\n" . str_repeat(" ", $dependlevel * 2) . $working_depend[1] . " already installed."; pkg_debug($working_depend[1] . "\n"); } } @@ -683,7 +681,7 @@ function install_package_xml($pkg) { if(!is_dir($prefix)) safe_mkdir($prefix); $static_output .= $filename . " "; - update_output_window($static_output); + update_output_window($static_output); if (download_file_with_progress_bar($afn['item'][0], $prefix . $filename) !== true) { $static_output .= "failed.\n"; update_output_window($static_output); @@ -1003,14 +1001,13 @@ function delete_package_xml($pkg) { update_output_window($static_output); } if($pkg_config['include_file'] <> "") { - $static_output .= "Removing package instructions..."; - update_output_window($static_output); - pkg_debug("Remove '{$pkg_config['include_file']}'\n"); - unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); + $static_output .= "Removing package instructions..."; + update_output_window($static_output); + pkg_debug("Remove '{$pkg_config['include_file']}'\n"); + unlink_if_exists("/usr/local/pkg/" . $pkg_config['include_file']); $static_output .= "done.\n"; - update_output_window($static_output); - - } + update_output_window($static_output); + } /* remove all additional files */ if(is_array($pkg_config['additional_files_needed'])) { $static_output .= "Auxiliary files... "; @@ -1021,7 +1018,6 @@ function delete_package_xml($pkg) { $prefix = $afn['prefix']; else $prefix = "/usr/local/pkg/"; - unlink_if_exists($prefix . $filename); } $static_output .= "done.\n"; -- cgit v1.1 From b89c34aacfcde984b0395ffc0b0fbf8e3361cb03 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 7 Jan 2011 21:37:20 +0000 Subject: Ticket #621. sort the contents of array used for generating subject by keys so whenever we do subject comparison we will not have problem just because of the array keys ordering. --- etc/inc/certs.inc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index e82baba..03371fd 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -307,13 +307,15 @@ function cert_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { - if (is_array($v)) + if (is_array($v)) { + ksort($v); foreach ($v as $w) { $asubject = "{$a}={$w}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } - else { + } else { $asubject = "{$a}={$v}"; $subject = (strlen($subject)) ? "{$asubject}, {$subject}" : $asubject; } @@ -561,4 +563,4 @@ function is_crl_internal($crl) { return !(!empty($crl['text']) && empty($crl['cert'])); } -?> \ No newline at end of file +?> -- cgit v1.1 From 52f4c092b14cca36bcc430717baf907273b66532 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 7 Jan 2011 17:28:27 -0500 Subject: Add back booting check that existed prior to refcount code. We will improve upon this next week. --- etc/inc/config.lib.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 5424d96..0e4d754 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -346,6 +346,9 @@ function conf_mount_ro() { if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; + if($g['booting']) + return; + if (refcount_unreference(1000) > 0) return; @@ -838,4 +841,4 @@ function set_device_perms() { } } -?> +?> \ No newline at end of file -- cgit v1.1 From 1c42331b093fb03b6c150b80626979add7b40605 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 7 Jan 2011 17:39:03 -0500 Subject: Stop spewing backup info on bootup --- etc/inc/config.lib.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 0e4d754..922d01d 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -756,7 +756,7 @@ function cleanup_backupcache($revisions = 30, $lock = false) { foreach($tocache as $version => $versioninfo) { if(!in_array($version, array_keys($newcache))) { unlink_if_exists($g['conf_path'] . '/backup/config-' . $version . '.xml'); - if($g['booting']) print " " . $tocheck . "d"; + //if($g['booting']) print " " . $tocheck . "d"; } } $tocache = $newcache; -- cgit v1.1 From 17dd7ff3d767c3de7684153f084b3431dcd38240 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Sun, 9 Jan 2011 22:45:21 -0500 Subject: allow 127.0.0.1 and localhost for HTTP_REFERER checks --- etc/inc/auth.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 60912f7..c619004 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -130,6 +130,10 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' break; } } + if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { + // allow SSH port forwarded connections and links from localhost + $found_host = true; + } } } if($found_host == false) { -- cgit v1.1 From b7ff3186fd9f455abe75806e9633146b9b039a04 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 10 Jan 2011 21:06:52 +0000 Subject: Ticket #875. While ldconfig should be called by pkg code itself do it explicitly to have the cache file rebuilt with correct list. --- etc/inc/pkg-utils.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index c789afe..411ff7d 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -860,6 +860,9 @@ function delete_package($pkg) { delete_package($depend); } + /* Rescan directories for what has been left and avoid fooling other programs. */ + mwexec("/sbin/ldconfig"); + return; } @@ -1141,4 +1144,4 @@ function pkg_reinstall_all() { } } -?> \ No newline at end of file +?> -- cgit v1.1 From d0dc2fd1ab660c05422bf8001ce7a02cc25bb041 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 10 Jan 2011 16:10:11 -0500 Subject: Bump config version, add upgrade code to setup cron job for URL table update script. --- etc/inc/globals.inc | 2 +- etc/inc/upgrade_config.inc | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index bf01a11..2d4300a 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -89,7 +89,7 @@ $g = array( "disablehelpmenu" => false, "disablehelpicon" => false, "debug" => false, - "latest_config" => "7.5", + "latest_config" => "7.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "105", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index c25cce8..9be7ae0 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2285,4 +2285,9 @@ function upgrade_074_to_075() { rename_field($config['crl'], 'name', 'descr'); } +function upgrade_075_to_076() { + require_once("services.inc"); + install_cron_job("/usr/bin/nice -n20 /etc/rc.update_urltables", true, "30", "12"); +} + ?> -- cgit v1.1 From 3b83b51ad2dd7d1ed3ecb0faab251813b3678a8e Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 12 Jan 2011 13:04:41 -0500 Subject: Only copy 52 chars of a user descr to the pf rule. When added to the "USER_RULE: " prefix (11 chars) we hit the 63 char limit. Fixes #1187 --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 07cc80f..e268a64 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1544,7 +1544,7 @@ function filter_generate_user_rule_arr($rule) { $ret['rule'] = $line; $ret['interface'] = $rule['interface']; if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 63)) . "\""; + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', substr($rule['descr'], 0, 52)) . "\""; else $ret['descr'] = "label \"USER_RULE\""; -- cgit v1.1 From 311f93cd141d69536eb4fafa4e0068f6343252e3 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 12 Jan 2011 19:19:35 +0000 Subject: Ticket #621. Sort even csr subject to have the matching go ok during import of externally signed cers. --- etc/inc/certs.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'etc/inc') diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 03371fd..7d19045 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -286,6 +286,7 @@ function csr_get_subject($str_crt, $decode = true) { if (!is_array($components)) return "unknown"; + ksort($components); foreach ($components as $a => $v) { if (!strlen($subject)) $subject = "{$a}={$v}"; -- cgit v1.1 From ad0d6389a2fd619a4188b98c1058dbb16191e3ce Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 12 Jan 2011 16:39:17 -0500 Subject: Bail on reinstalling all packages if we can't contact the package repo. --- etc/inc/pkg-utils.inc | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 411ff7d..2563e44 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -1132,6 +1132,15 @@ function pkg_reinstall_all() { foreach($config['installedpackages']['package'] as $package) $todo[] = array('name' => $package['name'], 'version' => $package['version']); echo "One moment please, reinstalling packages...\n"; + echo " >>> Trying to fetch package info..."; + $pkg_info = get_pkg_info(); + if ($pkg_info) { + echo " Done.\n"; + } else { + $xmlrpc_base_url = isset($config['system']['altpkgrepo']['enable']) ? $config['system']['altpkgrepo']['xmlrpcbaseurl'] : $g['xmlrpcbaseurl']; + echo "\n" . sprintf(gettext(' >>> Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity.'), $xmlrpc_base_url, $g['product_name']) . "\n"; + return; + } if(is_array($todo)) { foreach($todo as $pkgtodo) { $static_output = ""; -- cgit v1.1 From 546f30caee9165f253d9ed3d84e23f03e82626d8 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 14 Jan 2011 12:20:16 -0500 Subject: Better test for an empty CA to avoid writing out an empty CA file (some on the forum are seeing this.) --- etc/inc/system.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index bdd8157..296c4f2 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1070,7 +1070,7 @@ EOD; fwrite($fd, "\n"); fwrite($fd, $key); fclose($fd); - if($ca <> "") { + if(!(empty($ca) || (strlen(trim($ca)) == 0))) { $fd = fopen("{$g['varetc_path']}/{$ca_location}", "w"); if (!$fd) { printf("Error: cannot open ca.pem in system_webgui_start().\n"); @@ -1084,7 +1084,7 @@ EOD; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - if($ca <> "") + if(!(empty($ca) || (strlen(trim($ca)) == 0))) { $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; } -- cgit v1.1 From 75e9ed89a98710a0bc7ccfe08a353823c9e0cadf Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 14 Jan 2011 14:14:58 -0500 Subject: Remove extra brace --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 296c4f2..0bf9007 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1084,7 +1084,7 @@ EOD; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; - if(!(empty($ca) || (strlen(trim($ca)) == 0))) { + if(!(empty($ca) || (strlen(trim($ca)) == 0))) $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; } -- cgit v1.1 From 756720e24ce18514f69311a01dc035d78ac32bf3 Mon Sep 17 00:00:00 2001 From: Pierre POMES Date: Sat, 15 Jan 2011 10:03:40 -0500 Subject: Ticket #1198. Fix code when checking client or server --- etc/inc/openvpn.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 4f5396a..ca463e8 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -514,7 +514,7 @@ function openvpn_reconfigure($mode,& $settings) { openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify"); } if ($settings['tls']) { - if (stristr($settings['mode'], "server")) + if ($mode == "server") $tlsopt = 0; else $tlsopt = 1; @@ -938,4 +938,4 @@ function openvpn_refresh_crls() { } } -?> \ No newline at end of file +?> -- cgit v1.1 From 9d7d238816b6b3f087af1c5246e59dec8629a228 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 17 Jan 2011 20:08:09 +0000 Subject: Really do not deactivate netgraph if the underlying interface is needed by it! --- etc/inc/interfaces.inc | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 2d16927..97b59d8 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -116,17 +116,18 @@ function interface_netgraph_needed($interface = "wan") { $found = false; break; } - } else { - $realif = get_real_interface($interface); - if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { - foreach ($config['ppps']['ppp'] as $pppid => $ppp) { - if ($realif == $ppp['if']) { - $found = true; - break; - } + } + } + if ($found == false) { + $realif = get_real_interface($interface); + if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { + foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + if ($realif == $ppp['if']) { + $found = true; + break; } - } - } + } + } } if ($found == false) { -- cgit v1.1 From 2b7ca9b2d908cb04433477c3be52bd20d47acf75 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 17 Jan 2011 21:29:04 +0000 Subject: Add the default value for the new tunable debug.pfftpproxy to 0. It allows to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway. --- etc/inc/globals.inc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 2d4300a..c19a849 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -160,9 +160,10 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.tso" => "1", "net.inet.icmp.icmplim" => "0", "vfs.read_max" => "32", - "kern.ipc.maxsockbuf" => "4262144" + "kern.ipc.maxsockbuf" => "4262144", + "debug.pfftpproxy" => "0" ); $config_parsed = false; -?> \ No newline at end of file +?> -- cgit v1.1 From 96e889fc1e938187dd18238d80e3163e1aca3006 Mon Sep 17 00:00:00 2001 From: smos Date: Mon, 17 Jan 2011 23:10:55 +0100 Subject: Specify the -inet family so that accidental IPv6 addresses here don't break the system routing. --- etc/inc/system.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 0bf9007..0cdd5b4 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -376,7 +376,7 @@ function system_routing_configure($interface = "") { $action = "change"; } log_error("ROUTING: $action default route to $gatewayip"); - mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip)); + mwexec("/sbin/route {$action} -inet default " . escapeshellarg($gatewayip)); } } @@ -399,10 +399,10 @@ function system_routing_configure($interface = "") { $action = "change"; if (is_ipaddr($gatewayip)) { - mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); } else if (!empty($interfacegw)) { - mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . + mwexec("/sbin/route {$action} -inet " . escapeshellarg($rtent['network']) . " -iface " . escapeshellarg($interfacegw)); } } -- cgit v1.1 From 7d9b3d5ef1c3ef8dd48ab4e0e1b44c795108b7a2 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 09:57:14 -0500 Subject: Add the cron job a different way. There have been a couple reports of losing CAs during the config upgrade and this was the only added function at the time. --- etc/inc/upgrade_config.inc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 9be7ae0..0454475 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2286,8 +2286,16 @@ function upgrade_074_to_075() { } function upgrade_075_to_076() { - require_once("services.inc"); - install_cron_job("/usr/bin/nice -n20 /etc/rc.update_urltables", true, "30", "12"); + global $config; + $cron_item = array(); + $cron_item['minute'] = "30"; + $cron_item['hour'] = "12"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /etc/rc.update_urltables"; + $config['cron']['item'][] = $cron_item; } ?> -- cgit v1.1 From 1bbbd3dd19b6dbf60e3df8dcd496a0ccf1fb34dc Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 11:00:33 -0500 Subject: No need to set this here, we already set it in config.inc (and it takes precedence) --- etc/inc/config.gui.inc | 5 ----- 1 file changed, 5 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.gui.inc b/etc/inc/config.gui.inc index cd38049..1a7e397 100644 --- a/etc/inc/config.gui.inc +++ b/etc/inc/config.gui.inc @@ -54,11 +54,6 @@ if($config_parsed == true) else $config_parsed = true; -// Set the memory limit to 128M. When someone has something like 500+ tunnels -// the parser needs quite a bit of ram. Do not remove this line unless you -// know what you are doing. If in doubt, check with dev@ _/FIRST/_! -ini_set("memory_limit","128M"); - /* include globals from notices.inc /utility/XML parser files */ require_once('config.lib.inc'); require_once("notices.inc"); -- cgit v1.1 From f9c8e64c6331f45caa8d9cdc1973f2d9742576a0 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 15:28:25 -0500 Subject: Add a description to this write_config() so it's a little more obvious what it's doing in the logs. --- etc/inc/pkg-utils.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2563e44..dd9dd7f 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -550,7 +550,7 @@ function install_package($package, $pkg_info = "") { if(file_exists('/conf/needs_package_sync')) @unlink('/conf/needs_package_sync'); conf_mount_ro(); - write_config(); + write_config("Intermediate config write during package install for {$pkg_info['name']}."); $static_output .= $to_output; update_output_window($static_output); /* install other package components */ @@ -951,7 +951,7 @@ function delete_package_xml($pkg) { * XXX: Otherwise inclusion of config.inc again invalidates actions taken. * Same is done during installation. */ - write_config(); + write_config("Intermediate config write during package removal for {$pkg}."); /* * If a require exists, include it. this will -- cgit v1.1 From b1224cdc1e3fcf5af23c3bd365db4c72032642d9 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 15:29:06 -0500 Subject: Fix references to what was apparently supposed to be $g['booting'] and not $bootup. --- etc/inc/pkg-utils.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index dd9dd7f..b34054a 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -191,7 +191,7 @@ function get_pkg_sizes($pkgs = 'all') { * This function may also print output to the terminal indicating progress. */ function resync_all_package_configs($show_message = false) { - global $config, $pkg_interface, $bootup; + global $config, $pkg_interface, $g; log_error("Resyncing configuration for all packages."); @@ -209,7 +209,7 @@ function resync_all_package_configs($show_message = false) { if($show_message == true) echo " " . $package['name']; get_pkg_depends($package['name'], "all"); - if($bootup != true) + if($g['booting'] != true) stop_service($package['name']); sync_package($idx, true, true); if($pkg_interface == "console") @@ -867,7 +867,7 @@ function delete_package($pkg) { } function delete_package_xml($pkg) { - global $g, $config, $static_output, $pkg_interface, $bootup; + global $g, $config, $static_output, $pkg_interface; conf_mount_rw(); @@ -937,7 +937,7 @@ function delete_package_xml($pkg) { foreach($pkg_config['service'] as $service) { foreach($services as $key => $instservice) { if($instservice['name'] == $service['name']) { - if($bootup != true) + if($g['booting'] != true) stop_service($service['name']); unset($services[$key]); } -- cgit v1.1 From fa09d1b83678658ac791438fddbf8efeeb4005ef Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 15:29:53 -0500 Subject: Fix variable name reference --- etc/inc/config.lib.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 922d01d..32f4f14 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -479,7 +479,7 @@ function write_config($desc="Unknown", $backup = true) { * for now, since it was preventing config saving. */ // $config = parse_config(true, false, false); - if($g['bootup']) + if($g['booting']) log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); if($backup) -- cgit v1.1 From ba4f6e1df684ab22d280fef9d71aa3ffca9c988a Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 18 Jan 2011 15:37:35 -0500 Subject: Better way to determine the username for config descrs --- etc/inc/config.lib.inc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 32f4f14..1e584f2 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -482,6 +482,8 @@ function write_config($desc="Unknown", $backup = true) { if($g['booting']) log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); + $username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username']; + if($backup) backup_config(); @@ -495,8 +497,8 @@ function write_config($desc="Unknown", $backup = true) { if ($desc == "Unknown") $desc = "{$_SERVER['SCRIPT_NAME']} made unknown change"; - $config['revision']['description'] = "{$_SESSION['Username']}: " . $desc; - $config['revision']['username'] = $_SESSION["Username"]; + $config['revision']['description'] = "{$username}: " . $desc; + $config['revision']['username'] = $username; conf_mount_rw(); $lockkey = lock('config', LOCK_EX); -- cgit v1.1 From 85e3f445b0587d50504e2526208936981476a38f Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 18 Jan 2011 21:13:30 +0000 Subject: Do not put a config entry for dhcpd if we cannot determine the subnet address. Reported-by: http://forum.pfsense.org/index.php/topic,32303.0.html --- etc/inc/services.inc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 166390b..74c923c 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -228,6 +228,9 @@ EOPP; $subnet = gen_subnet($ifcfgip, $ifcfgsn); $subnetmask = gen_subnet_mask($ifcfgsn); + if (!is_ipaddr($subnet)) + continue; + if($is_olsr_enabled == true) if($dhcpifconf['netmask']) $subnetmask = gen_subnet_mask($dhcpifconf['netmask']); @@ -257,7 +260,7 @@ EOPP; $dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";"; } - $dhcpdconf .= "subnet $subnet netmask $subnetmask {\n"; + $dhcpdconf .= "subnet {$subnet} netmask {$subnetmask} {\n"; $dhcpdconf .= " pool {\n"; /* is failover dns setup? */ @@ -1378,4 +1381,4 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont configure_cron(); } -?> \ No newline at end of file +?> -- cgit v1.1 From 911a262f1821ec6e0148d240d7e9574489a9baac Mon Sep 17 00:00:00 2001 From: smos Date: Wed, 19 Jan 2011 08:30:05 +0100 Subject: Prevent a IPv6 address from breaking system routing. This is a hack because we don't have the proper ip validation in 2.0 mainline --- etc/inc/system.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 0cdd5b4..ef5e2bc 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -325,6 +325,8 @@ function system_routing_configure($interface = "") { mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true); foreach ($config['gateways']['gateway_item'] as $gateway) { if (isset($gateway['defaultgw'])) { + if(strstr($gateway['gateway'], ":")) + break; if ($gateway['gateway'] == "dynamic") $gateway['gateway'] = get_interface_gateway($gateway['interface']); $gatewayip = $gateway['gateway']; -- cgit v1.1 From bcfe4ae5add1ca60e35151e225fa207f6160efd7 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 19 Jan 2011 18:25:26 +0000 Subject: Ticket #259 trim the \n from the command output and return only the numeric part of it. --- etc/inc/interfaces.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 97b59d8..a414bd7 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -952,7 +952,7 @@ function interface_bring_down($interface = "wan", $destroy = false) { case "dhcp": $pid = find_dhclient_process($realif); if($pid) - mwexec("kill {$pid}"); + mwexec("/bin/kill {$pid}"); sleep(1); unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf"); if(does_interface_exist("$realif")) { @@ -2451,7 +2451,7 @@ function find_dhclient_process($interface) { else $pid = 0; - return $pid; + return intval($pid); } function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) { -- cgit v1.1 From 38bdc48def49d9edc617baebd243e03c71c79496 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 19 Jan 2011 18:56:47 +0000 Subject: This logic was reversed fix it. Reported-by: Seth --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index ef5e2bc..a80cf88 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -392,7 +392,7 @@ function system_routing_configure($interface = "") { continue; } $gateway = $gateways_arr[$rtent['gateway']]; - if ($interface == $gateway['friendlyiface']) + if ($interface != $gateway['friendlyiface']) continue; $gatewayip = $gateway['gateway']; $interfacegw = $gateway['interface']; -- cgit v1.1 From f5bafe95a1fb4372288816debaa21b4f943a32e8 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 19 Jan 2011 20:56:23 +0000 Subject: Resolves 1209. Correctly calculate the necessary data to return from an 'pfsense' format encrypted file. --- etc/inc/crypt.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/crypt.inc b/etc/inc/crypt.inc index dc40eb9..582a84c 100644 --- a/etc/inc/crypt.inc +++ b/etc/inc/crypt.inc @@ -85,12 +85,12 @@ $body_pos = $btag_pos + $btag_len; $body_len = strlen($in); - $body_len -= strlen($btag_len); - $body_len -= strlen($etag_len); + $body_len -= $btag_len; + $body_len -= $etag_len + 1; $out = substr($in, $body_pos, $body_len); return true; } -?> \ No newline at end of file +?> -- cgit v1.1 From c2461a56d45b678213488ea1ced099a38ead267e Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 19 Jan 2011 21:20:50 +0000 Subject: If no value is posted means we have no value to save in config and should unset any pervious set ones. --- etc/inc/shaper.inc | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 692f1a5..5e7a454 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -2867,16 +2867,28 @@ class dnpipe_class extends dummynet_class { } if (isset($q['qlimit']) && $q['qlimit'] <> "") $this->SetQlimit($q['qlimit']); + else + $this->SetQlimit(""); if (isset($q['mask']) && $q['mask'] <> "") $this->SetMask($q['mask']); + else + $this->SetMask(""); if (isset($q['buckets']) && $q['buckets'] <> "") $this->SetBuckets($q['buckets']); + else + $this->SetBuckets(""); if (isset($q['plr']) && $q['plr'] <> "") $this->SetPlr($q['plr']); + else + $this->SetPlr(""); if (isset($q['delay']) && $q['delay'] <> "") $this->SetDelay($q['delay']); + else + $this->SetDelay(0); if (isset($q['description']) && $q['description'] <> "") $this->SetDescription($q['description']); + else + $this->SetDescription(""); $this->SetEnabled($q['enabled']); } @@ -4004,4 +4016,4 @@ $dn_default_shaper_msg .= "buttons at the bottom represent queue actions and are $dn_default_shaper_msg .= "

"; $dn_default_shaper_msg .= ""; -?> \ No newline at end of file +?> -- cgit v1.1 From daacb81809e8022fdc9e393eaa3b594ecea4d518 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 19 Jan 2011 21:23:27 +0000 Subject: Ticket #1210. Also here unset any previous value if none posted. --- etc/inc/shaper.inc | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 5e7a454..6ae5ab6 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3149,12 +3149,20 @@ class dnqueue_class extends dummynet_class { $this->SetNumber($q['number']); if (isset($q['qlimit']) && $q['qlimit'] <> "") $this->SetQlimit($q['qlimit']); + else + $this->SetQlimit(""); if (isset($q['mask']) && $q['mask'] <> "") $this->SetMask($q['mask']); + else + $this->SetMask(""); if (isset($q['weight']) && $q['weight'] <> "") $this->SetWeight($q['weight']); + else + $this->SetWeight(""); if (isset($q['description']) && $q['description'] <> "") $this->SetDescription($q['description']); + else + $this->SetDescription(""); $this->SetEnabled($q['enabled']); } -- cgit v1.1 From f0695975e8c20c15dcbcaf5cae598e4b7d3b1b23 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 20 Jan 2011 11:30:01 -0500 Subject: Adding $builder_package_install variable. When set to true ignore library fixups and sync_package() directives. --- etc/inc/pkg-utils.inc | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index b34054a..7ca5ed3 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -311,13 +311,16 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu function uninstall_package($pkg_name) { global $config, $static_output; + global $builder_package_install; // Back up /usr/local/lib libraries first - if(!file_exists("/tmp/pkg_libs.tgz")) { - $static_output .= "Backing up libraries... "; - update_output_window($static_output); - exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); - $static_output .= "\n"; + if(!$builder_package_install) { + if(!file_exists("/tmp/pkg_libs.tgz")) { + $static_output .= "Backing up libraries... "; + update_output_window($static_output); + exec("/usr/bin/tar czPf /tmp/pkg_libs.tgz `/bin/cat /etc/pfSense_md5.txt | /usr/bin/grep 'local/lib' | /usr/bin/awk '{ print $2 }' | /usr/bin/cut -d'(' -f2 | /usr/bin/cut -d')' -f1`"); + $static_output .= "\n"; + } } $id = get_pkg_id($pkg_name); @@ -333,10 +336,12 @@ function uninstall_package($pkg_name) { delete_package_xml($pkg_name); // Restore libraries that we backed up - $static_output .= "Cleaning up... "; - update_output_window($static_output); - exec("/usr/bin/tar xzPfU /tmp/pkg_libs.tgz -C /"); - @unlink("/tmp/pkg_libs.tgz"); + if(!$builder_package_install) { + $static_output .= "Cleaning up... "; + update_output_window($static_output); + exec("/usr/bin/tar xzPfU /tmp/pkg_libs.tgz -C /"); + @unlink("/tmp/pkg_libs.tgz"); + } } function force_remove_package($pkg_name) { @@ -348,6 +353,10 @@ function force_remove_package($pkg_name) { */ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { global $config, $config_parsed; + global $builder_package_install; + + if($builder_package_install) + return; if(empty($config['installedpackages']['package'])) return; -- cgit v1.1 From 09e11b69471b81bb92f72b060fb2e0e8f9d24f78 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 20 Jan 2011 11:33:37 -0500 Subject: Comment what this variable does --- etc/inc/pkg-utils.inc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 7ca5ed3..1560442 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -313,7 +313,8 @@ function uninstall_package($pkg_name) { global $config, $static_output; global $builder_package_install; - // Back up /usr/local/lib libraries first + // Back up /usr/local/lib libraries first if + // not running from the builder code. if(!$builder_package_install) { if(!file_exists("/tmp/pkg_libs.tgz")) { $static_output .= "Backing up libraries... "; @@ -335,7 +336,8 @@ function uninstall_package($pkg_name) { } delete_package_xml($pkg_name); - // Restore libraries that we backed up + // Restore libraries that we backed up if not + // running from the builder code. if(!$builder_package_install) { $static_output .= "Cleaning up... "; update_output_window($static_output); @@ -355,6 +357,8 @@ function sync_package($pkg_name, $sync_depends = true, $show_message = false) { global $config, $config_parsed; global $builder_package_install; + // If this code is being called by pfspkg_installer + // which the builder system uses then return (ignore). if($builder_package_install) return; -- cgit v1.1 From bca35cff4671b178584f677d4031ed40bbbd021a Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 20 Jan 2011 12:33:39 -0500 Subject: Add a checkbox for duplicate-cn on OpenVPN servers. --- etc/inc/openvpn.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index ca463e8..fe8a4f5 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -431,6 +431,8 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "client-to-client\n"; break; } + if (isset($settings['duplicate_cn'])) + $conf .= "duplicate-cn\n"; } // client specific settings -- cgit v1.1 From 1801c22373d998409261841cbff03a0a1f7e7077 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 20 Jan 2011 17:52:38 +0000 Subject: Add the empty check otherwise all static routes are skipped. Reported-by: Seth --- etc/inc/system.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/system.inc b/etc/inc/system.inc index a80cf88..a21c61f 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -392,7 +392,7 @@ function system_routing_configure($interface = "") { continue; } $gateway = $gateways_arr[$rtent['gateway']]; - if ($interface != $gateway['friendlyiface']) + if (!empty($interface) && $interface != $gateway['friendlyiface']) continue; $gatewayip = $gateway['gateway']; $interfacegw = $gateway['interface']; -- cgit v1.1 From 582c58ae1ea2fd56a18a31ba011f28921b38d8b6 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 20 Jan 2011 17:18:07 -0500 Subject: Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers. --- etc/inc/openvpn.inc | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index fe8a4f5..ce1e9fd 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -172,6 +172,23 @@ function openvpn_get_cipherlist() { return $ciphers; } +function openvpn_get_engines() { + $openssl_engines = array('none' => 'No Hardware Crypto Acceleration'); + exec("/usr/bin/openssl engine", $openssl_engine_output); + foreach ($openssl_engine_output as $oeo) { + $linematch = array(); + preg_match("/\((.*)\)\s(.*)/", $oeo, $linematch); + if ($linematch[1] != "dynamic") + $openssl_engines[$linematch[1]] = $linematch[2]; + } + return $openssl_engines; +} + +function openvpn_validate_engine($engine) { + $engines = openvpn_get_engines(); + return array_key_exists($engine, $engines); +} + function openvpn_validate_host($value, $name) { $value = trim($value); if (empty($value) || (!is_domain($value) && !is_ipaddr($value))) @@ -343,6 +360,9 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "local {$iface_ip}\n"; } + if (openvpn_validate_engine($settings['engine']) && ($settings['engine'] != "none")) + $conf .= "engine {$settings['engine']}\n"; + // server specific settings if ($mode == 'server') { -- cgit v1.1 From 81e54daba5d5577b33ff482d3b609e45e8ee9525 Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 21 Jan 2011 12:09:07 -0500 Subject: Use a better method to determine the FTP URL for FreeBSD based on the version being used. The old method worked with 8.1-RELEASE-p2 but failed with just 8.1-RELEASE. --- etc/inc/pkg-utils.inc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 1560442..3a2984a 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -453,8 +453,9 @@ function pkg_fetch_recursive($pkgname, $filename, $dependlevel = 0, $base_url = $osname = php_uname("s"); $arch = php_uname("m"); - $rel = php_uname("r"); - $rel = strtolower(substr($rel, 0, strrpos($rel, "-"))); + $rel = strtolower(php_uname("r")); + if (substr_count($rel, '-') > 1) + $rel = substr($rel, 0, strrpos($rel, "-")); $priv_url = "http://ftp2.{$osname}.org/pub/{$osname}/ports/{$arch}/packages-{$rel}/All"; if (empty($base_url)) $base_url = $priv_url; -- cgit v1.1 From 3eb00b491f82d048837bb93a5558e2edf6062e2e Mon Sep 17 00:00:00 2001 From: gnhb Date: Sun, 23 Jan 2011 09:49:51 +0700 Subject: We don't want to detach netgraph nodes from interfaces that are used by any PPPoE/PPTP/L2TP configurations. --- etc/inc/interfaces.inc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index a414bd7..59f74c2 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -126,6 +126,13 @@ function interface_netgraph_needed($interface = "wan") { $found = true; break; } + $ports = explode(',',$ppp['ports']); + foreach($ports as $pid => $port){ + if ($realif == $port) { + $found = true; + break; + } + } } } } -- cgit v1.1 From 1f17c623feecce59b024a19920d7903456dfb525 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Sun, 23 Jan 2011 00:36:20 -0500 Subject: it's 2011 --- etc/inc/globals.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index c19a849..6f64478 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -80,7 +80,7 @@ $g = array( "product_name" => "pfSense", "product_copyright" => "BSD Perimeter LLC", "product_copyright_url" => "http://www.bsdperimeter.com", - "product_copyright_years" => "2004 - 2010", + "product_copyright_years" => "2004 - 2011", "product_website" => "www.pfsense.org", "product_website_footer" => "http://www.pfsense.org/?gui20", "product_email" => "coreteam@pfsense.org", -- cgit v1.1 From 71f88d75b97608986cb912e00972b309748b6a96 Mon Sep 17 00:00:00 2001 From: smos Date: Mon, 24 Jan 2011 08:34:16 +0100 Subject: Add the npt tag which is used by the IPv6 tree to the 2.0 mainline tree. This prevents a config blowup when a ipv6 config loads on 2.0. --- etc/inc/xmlparse.inc | 4 ++-- etc/inc/xmlreader.inc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index 3e32d68..1304c4e 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -47,7 +47,7 @@ function listtags() { "option package passthrumac phase1 phase2 ppp pppoe priv proxyarpnet qinqentry queue ". "pages pipe roll route row rrddatafile rule schedule service servernat servers ". "serversdisabled earlyshellcmd shellcmd staticmap subqueue timerange ". - "tunnel user vip virtual_server vlan winsserver wolentry widget" + "tunnel user vip virtual_server vlan winsserver wolentry widget npt" ); return $ret; } @@ -298,4 +298,4 @@ function dump_xml_config_raw($arr, $rootobj) { return $xmlconfig; } -?> \ No newline at end of file +?> diff --git a/etc/inc/xmlreader.inc b/etc/inc/xmlreader.inc index 0beeb74..ce0289b 100644 --- a/etc/inc/xmlreader.inc +++ b/etc/inc/xmlreader.inc @@ -51,7 +51,7 @@ function listtags() { "option package passthrumac phase1 phase2 ppp pppoe priv proxyarpnet qinqentry queue ". "pages pipe roll route row rrddatafile rule schedule service servernat servers ". "serversdisabled earlyshellcmd shellcmd staticmap subqueue timerange ". - "tunnel user vip virtual_server vlan winsserver wolentry widget" + "tunnel user vip virtual_server vlan winsserver wolentry widget npt" ); return array_flip($ret); } @@ -217,4 +217,4 @@ function dump_xml_config_raw($arr, $rootobj) { return $xmlconfig; } -?> \ No newline at end of file +?> -- cgit v1.1 From 00ca3fb14f00e7ddae90d3424641d4d1d7a9104a Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 24 Jan 2011 17:04:14 +0000 Subject: Log the errors we know for not allowing a queue to be added. --- etc/inc/shaper.inc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 6ae5ab6..11aac9b 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -418,6 +418,7 @@ class altq_root_queue { $q->ReadConfig($queue); $q->validate_input($queue, $input_errors); if (count($input_errors)) { + log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true)); return $q; } @@ -1335,6 +1336,7 @@ class hfsc_queue extends priq_queue { $q->ReadConfig($qname); $q->validate_input($qname, $input_errors); if (count($input_errors)) { + log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true)); return $q; } @@ -2038,6 +2040,7 @@ class cbq_queue extends priq_queue { $q->ReadConfig($qname); $q->validate_input($qname, $input_errors); if (count($input_errors)) { + log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true)); return $q; } switch ($q->GetBwscale()) { @@ -2813,8 +2816,10 @@ class dnpipe_class extends dummynet_class { $q->SetParent(&$this); $q->ReadConfig($queue); $q->validate_input($queue, $input_errors); - if (count($input_errors)) + if (count($input_errors)) { + log_error("SHAPER: could not create queue " . $q->GetQname() . " on interface {$interface} because: " . print_r($input_errors, true)); return $q; + } $this->subqueues[$q->GetQname()] = &$q; return $q; -- cgit v1.1 From ef8fca71ea298db49c5f15307bfcd84e37479911 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 24 Jan 2011 17:18:46 +0000 Subject: Do not put the queue config on the rules if there is no default queue, just log it. This prevents errors in rules loading which is worse than having no shaper. --- etc/inc/shaper.inc | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 11aac9b..3dac2ce 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -515,8 +515,9 @@ class altq_root_queue { * foreach ($queues as $qkey => $queue) * this->queues[$qkey]->build_rule(); */ - function build_rules() { + function build_rules($default = false) { if (count($this->queues) > 0 && $this->GetEnabled() == "on") { + $default = false; $rules = " altq on " . get_real_interface($this->GetInterface()); if ($this->GetScheduler()) $rules .= " ".strtolower($this->GetScheduler()); @@ -539,9 +540,14 @@ class altq_root_queue { } $rules .= " } \n"; foreach ($this->queues as $q) { - $rules .= $q->build_rules(); + $rules .= $q->build_rules(&$default); } } + if ($default == false) { + log_error("SHAPER: no default queue specified for interface ". $this->GetInterface() . ". The interface queue will be enforced as default."); + return "\n"; + } + $frule .= $rules; } $rules .= " \n"; return $rules; @@ -1025,7 +1031,7 @@ class priq_queue { /* Should return something like: * queue $qname on $qinterface bandwidth .... */ - function build_rules() { + function build_rules($default = false) { $pfq_rule = " queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); @@ -1061,6 +1067,7 @@ class priq_queue { if ($comma) $pfq_rule .= " ,"; $pfq_rule .= " default "; + $default = true; } $pfq_rule .= " ) "; } @@ -1674,7 +1681,7 @@ class hfsc_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules() { + function build_rules($default = false) { $pfq_rule = " queue ". $this->qname; if ($this->GetInterface()) @@ -1713,6 +1720,7 @@ class hfsc_queue extends priq_queue { $pfq_rule .= " ,"; $comma = 1; $pfq_rule .= " default "; + $default = true; } if ($this->GetRealtime() <> "") { @@ -2215,7 +2223,7 @@ class cbq_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules() { + function build_rules($default = false) { $pfq_rule = "queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); @@ -2254,6 +2262,7 @@ class cbq_queue extends priq_queue { $pfq_rule .= " ,"; $comma = 1; $pfq_rule .= " default "; + $default = true; } $tmpvalue = trim($this->GetBorrow()); if (!empty($tmpvalue)) { @@ -2275,7 +2284,7 @@ class cbq_queue extends priq_queue { } $pfq_rule .= " } \n"; foreach ($this->subqueues as $q) - $pfq_rule .= $q->build_rules(); + $pfq_rule .= $q->build_rules(&$default); } $pfq_rule .= " \n"; @@ -2489,7 +2498,7 @@ class fairq_queue extends priq_queue { } /* Even this should take children into consideration */ - function build_rules() { + function build_rules($default = false) { $pfq_rule = "queue ". $this->qname; if ($this->GetInterface()) $pfq_rule .= " on ".get_real_interface($this->GetInterface()); @@ -2529,6 +2538,7 @@ class fairq_queue extends priq_queue { $pfq_rule .= " ,"; $comma = 1; $pfq_rule .= " default "; + $default = true; } $tmpvalue = trim($this->GetBuckets()); if (!empty($tmpvalue)) { -- cgit v1.1 From 8633930d113a513c87f3ed63ae3623b54255ff46 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 24 Jan 2011 17:24:28 +0000 Subject: Actually send a notice even if no default queue could not be found. This might be serious in some cases. --- etc/inc/shaper.inc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 3dac2ce..bea2c04 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -31,6 +31,8 @@ /* XXX: needs some reducing on include. */ /* include all configuration functions. */ require_once("functions.inc"); +require_once("util.inc"); +require_once("notices.inc"); /* * I admit :) this is derived from xmplparse.inc StartElement() @@ -544,7 +546,9 @@ class altq_root_queue { } } if ($default == false) { - log_error("SHAPER: no default queue specified for interface ". $this->GetInterface() . ". The interface queue will be enforced as default."); + $error = "SHAPER: no default queue specified for interface ". $this->GetInterface() . ". The interface queue will be enforced as default."; + file_notice("Shaper", $error, "Error occurred", ""); + unset($error); return "\n"; } $frule .= $rules; -- cgit v1.1 From a1d52f81879fc1f2253eeef5189adfa2e6396c11 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 24 Jan 2011 22:48:04 +0000 Subject: Resolves #1216. Do not create nat entries on ovpn interfaces. --- etc/inc/filter.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e268a64..c640edc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1347,6 +1347,8 @@ function filter_nat_rules_generate() { } if($numberofnathosts > 0): foreach ($FilterIflist as $if => $ifcfg) { + if (substr($ifcfg['if'], 0, 4) == "ovpn") + continue; update_filter_reload_status("Creating outbound rules {$if} - ({$ifcfg['descr']})"); if(interface_has_gateway($if)) { $target = $ifcfg['ip']; -- cgit v1.1 From d5dfcb52bc72bdd1685da5e36fc1910ab16f7f5f Mon Sep 17 00:00:00 2001 From: gnhb Date: Tue, 25 Jan 2011 11:16:05 +0700 Subject: Change name of function "interface_translate_type_to_real" to match what it's doing (or should be doing.) Next commits will change functionality of this function because before now it's identical to "get_real_interface" function (because of bug mentioned below.) Also, replace interface_translate_type_to_real with get_real_interface in two places for wireless functionality. I don't think they expect the result produced by interface_translate_type_to_real. Change from "type" it "ipaddr" in switch statement. "type" isn't a valid field in $config['interfaces'] --- etc/inc/interfaces.inc | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 59f74c2..1e75ab4 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2468,7 +2468,7 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven $wancfg = $config['interfaces'][$interface]; $realif = get_real_interface($interface); - $realhwif = interface_translate_type_to_real($interface); + $realhwif = get_parent_interface($interface); if (!$g['booting']) { /* remove all IPv4 addresses */ @@ -2831,7 +2831,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; - $int = interface_translate_type_to_real($if); + $int = get_parent_interface($if); if ($int == $interface) return $ifname; } @@ -2903,16 +2903,18 @@ function convert_real_interface_to_friendly_descr($interface) { } /* - * interface_translate_type_to_real($interface): - * returns the real hardware interface name for a friendly interface. ie: wan + * get_parent_interface($interface): + * returns the real parent interface for a given interface description (i.e. wan) + * or a virtual interface (i.e. vlan1 or pppoe0 etc.) */ -function interface_translate_type_to_real($interface) { - global $config; +function get_parent_interface($interface) { + global $config; if (empty($config['interfaces'][$interface])) return $interface; + $tmpif = $config['interfaces'][$interface]; - switch ($tmpif['type']) { + switch ($tmpif['ipaddr']) { case "ppp": case "pppoe": case "pptp": @@ -3478,7 +3480,7 @@ function get_wireless_modes($interface) { /* return wireless modes and channels */ $wireless_modes = array(); - $wlif = interface_translate_type_to_real($interface); + $wlif = get_real_interface($interface); if(is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); @@ -3524,7 +3526,7 @@ function get_wireless_modes($interface) { function get_wireless_channel_info($interface) { $wireless_channels = array(); - $wlif = interface_translate_type_to_real($interface); + $wlif = get_real_interface($interface); if(is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); -- cgit v1.1 From 54ac5d9080c2ea6669af07aa49a5ce660f2ede76 Mon Sep 17 00:00:00 2001 From: gnhb Date: Tue, 25 Jan 2011 11:27:40 +0700 Subject: I think this is supposed to be get_real_interface too, not get_parent. Revert if I mis-understood. --- etc/inc/interfaces.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 1e75ab4..2f2ddba 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2831,7 +2831,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; - $int = get_parent_interface($if); + $int = get_real_interface($if); if ($int == $interface) return $ifname; } -- cgit v1.1 From a3af81460c0b65d695f8b5d3626b4cac05f8c759 Mon Sep 17 00:00:00 2001 From: gnhb Date: Tue, 25 Jan 2011 11:36:28 +0700 Subject: Add NULL check to wireless functions. The old interface_translate_type_to_real function used previously would return OPTX if it was passed "OPTX" and OPTX existed but was unassigned, whereas get_real_interface returns NULL, so now we check for NULL. --- etc/inc/interfaces.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 2f2ddba..614d27b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2912,7 +2912,7 @@ function get_parent_interface($interface) { if (empty($config['interfaces'][$interface])) return $interface; - + $tmpif = $config['interfaces'][$interface]; switch ($tmpif['ipaddr']) { case "ppp": @@ -3482,7 +3482,7 @@ function get_wireless_modes($interface) { $wlif = get_real_interface($interface); - if(is_interface_wireless($wlif)) { + if($wlif != NULL && is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); $chan_list = "/sbin/ifconfig {$cloned_interface} list chan"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; @@ -3528,7 +3528,7 @@ function get_wireless_channel_info($interface) { $wlif = get_real_interface($interface); - if(is_interface_wireless($wlif)) { + if($wlif != NULL && is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); $chan_list = "/sbin/ifconfig {$cloned_interface} list txpower"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; -- cgit v1.1 From 20cb9803c2e10e38d35d1987b64cd2bb45034724 Mon Sep 17 00:00:00 2001 From: gnhb Date: Tue, 25 Jan 2011 14:16:11 +0700 Subject: Make get_parent_interface return an array to handle MLPPP and make it find vlan parents too. Also, update interface_netgraph_needed to handle MLPPP on vlans. --- etc/inc/interfaces.inc | 97 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 28 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 614d27b..6e3089c 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -122,21 +122,36 @@ function interface_netgraph_needed($interface = "wan") { $realif = get_real_interface($interface); if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { + +/* This if block doesn't do anything. It can be deleted. +PPP interfaces are found above in the previous if ($found == false) block. +This block of code is only entered for OPTx interfaces that are configured for PPPoE modem access, so $realif != $ppp['if'] + if ($realif == $ppp['if']) { $found = true; break; } +*/ $ports = explode(',',$ppp['ports']); foreach($ports as $pid => $port){ + $port = get_real_interface($port); if ($realif == $port) { $found = true; break; } + /* Find the parent interfaces of the vlans in the MLPPP configs + * there should be only one element in the array here + * -- this could be better . . . */ + $parent_if = get_parent_interface($port); + if ($realif == $parent_if[0]) { + $found = true; + break; + } } } } } - + if ($found == false) { $realif = get_real_interface($interface); pfSense_ngctl_detach("{$realif}:", $realif); @@ -2468,7 +2483,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven $wancfg = $config['interfaces'][$interface]; $realif = get_real_interface($interface); - $realhwif = get_parent_interface($interface); + $realhwif_array = get_parent_interface($interface); + // Need code to handle MLPPP if we ever use $realhwif for MLPPP handling + $realhwif = $realhwif_array[0]; if (!$g['booting']) { /* remove all IPv4 addresses */ @@ -2904,38 +2921,62 @@ function convert_real_interface_to_friendly_descr($interface) { /* * get_parent_interface($interface): - * returns the real parent interface for a given interface description (i.e. wan) - * or a virtual interface (i.e. vlan1 or pppoe0 etc.) + * --returns the (real or virtual) parent interface(s) array for a given interface friendly name (i.e. wan) + * or virtual interface (i.e. vlan) + * (We need array because MLPPP and bridge interfaces have more than one parent.) + * -- returns $interface passed in if $interface parent is not found + * -- returns empty array if an invalid interface is passed + * (Only handles ppps and vlans now.) */ function get_parent_interface($interface) { global $config; - if (empty($config['interfaces'][$interface])) - return $interface; - - $tmpif = $config['interfaces'][$interface]; - switch ($tmpif['ipaddr']) { - case "ppp": - case "pppoe": - case "pptp": - case "l2tp": - if (is_array($config['ppps']['ppp'])) { - foreach ($config['ppps']['ppp'] as $pppidx => $ppp) { - if ($tmpif['if'] == $ppp['if']) { - $interface = $ppp['ports']; - break; - } - } + $parents = array(); + //Check that we got a valid interface passed + $realif = get_real_interface($interface); + if ($realif == NULL) + return $parents; + + // If we got a real interface, find it's friendly assigned name + $interface = convert_real_interface_to_friendly_interface_name($interface); + + if (!empty($interface) && isset($config['interfaces'][$interface])) { + $ifcfg = $config['interfaces'][$interface]; + switch ($ifcfg['ipaddr']) { + case "ppp": + case "pppoe": + case "pptp": + case "l2tp": + if (empty($parents)) + if (is_array($config['ppps']['ppp'])) + foreach ($config['ppps']['ppp'] as $pppidx => $ppp) { + if ($ppp_if == $ppp['if']) { + $ports = explode(',', $ppp['ports']); + foreach ($ports as $pid => $parent_if) + $parents[$pid] = get_real_interface($parent_if); + break; + } + } + break; + case "dhcp": + case "static": + default: + // Handle _vlans + if (strstr($realif,"_vlan")) + if (is_array($config['vlans']['vlan'])) + foreach ($config['vlans']['vlan'] as $vlanidx => $vlan) + if ($ifcfg['if'] == $vlan['vlanif']){ + $parents[0] = $vlan['if']; + break; + } + break; } - break; - case "dhcp": - case "static": - default: - $interface = $tmpif['if']; - break; } - - return $interface; + + if (empty($parents)) + $parents[0] = $realif; + + return $parents; } function interface_is_wireless_clone($wlif) { -- cgit v1.1 From a1476a942bbb39ca6ebf91f541c0ce9072c7aeac Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Tue, 25 Jan 2011 00:45:58 -0700 Subject: Revert "I think this is supposed to be get_real_interface too, not get_parent." - This function should not call get_real_interface here to avoid slowdown from recursion. This reverts commit 54ac5d9080c2ea6669af07aa49a5ce660f2ede76. --- etc/inc/interfaces.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 6e3089c..454ea33 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2848,7 +2848,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; - $int = get_real_interface($if); + $int = get_parent_interface($if); if ($int == $interface) return $ifname; } -- cgit v1.1 From 5691915776174b9ffeb6d87c616dc0a0dab2fe27 Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Tue, 25 Jan 2011 01:03:49 -0700 Subject: Use the first element of the array instead of the array itself for the comparison. --- etc/inc/interfaces.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 454ea33..3bdfb15 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2849,7 +2849,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { return $if; $int = get_parent_interface($if); - if ($int == $interface) + if ($int[0] == $interface) return $ifname; } return NULL; -- cgit v1.1 From 5357f386829278a7b88765727013f912f99baa1a Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Tue, 25 Jan 2011 01:34:37 -0700 Subject: Remove extra call to get_real_interface. --- etc/inc/interfaces.inc | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 3bdfb15..e3af3c4 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3521,10 +3521,9 @@ function get_wireless_modes($interface) { /* return wireless modes and channels */ $wireless_modes = array(); - $wlif = get_real_interface($interface); + $cloned_interface = get_real_interface($interface); - if($wlif != NULL && is_interface_wireless($wlif)) { - $cloned_interface = get_real_interface($interface); + if($cloned_interface && is_interface_wireless($cloned_interface)) { $chan_list = "/sbin/ifconfig {$cloned_interface} list chan"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; $format_list = "/usr/bin/awk '{print \$5 \" \" \$6 \",\" \$1}'"; @@ -3567,10 +3566,9 @@ function get_wireless_modes($interface) { function get_wireless_channel_info($interface) { $wireless_channels = array(); - $wlif = get_real_interface($interface); + $cloned_interface = get_real_interface($interface); - if($wlif != NULL && is_interface_wireless($wlif)) { - $cloned_interface = get_real_interface($interface); + if($cloned_interface && is_interface_wireless($cloned_interface)) { $chan_list = "/sbin/ifconfig {$cloned_interface} list txpower"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; $format_list = "/usr/bin/awk '{print \$1 \",\" \$3 \" \" \$4 \",\" \$5 \",\" \$7}'"; -- cgit v1.1 From d11e01f4ee0a6ed21d72d6f4f68ed9e7fe032f71 Mon Sep 17 00:00:00 2001 From: Erik Fonnesbeck Date: Tue, 25 Jan 2011 02:08:49 -0700 Subject: Comment out this code since it currently segfaults and get_real_interface could cause major slowdown here for some configurations. --- etc/inc/interfaces.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc/inc') diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index e3af3c4..3a309eb 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2848,9 +2848,13 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan") { if (stristr($interface, "_wlan0") && $config['interfaces'][$if]['if'] == interface_get_wireless_base($interface)) return $if; + // XXX: This case doesn't work anymore (segfaults - recursion?) - should be replaced with something else or just removed. + // Not to be replaced with get_real_interface - causes slow interface listings here because of recursion! + /* $int = get_parent_interface($if); if ($int[0] == $interface) return $ifname; + */ } return NULL; } -- cgit v1.1 From 5060dea773473ee68064db96f24666251fcfb66e Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 25 Jan 2011 10:32:54 -0500 Subject: Reformat file. VIM needs to die a flaming death. --- etc/inc/captiveportal.inc | 743 +++++++++++++++++++++++----------------------- 1 file changed, 370 insertions(+), 373 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 84c98b2..70073e7 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -2,12 +2,11 @@ /* captiveportal.inc part of pfSense (http://www.pfSense.org) - - originally part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2010 Scott Ullrich + Copyright (C) 2004-2011 Scott Ullrich Copyright (C) 2009 Ermal Luçi Copyright (C) 2003-2006 Manuel Kasper . + + originally part of m0n0wall (http://m0n0.ch/wall) All rights reserved. Redistribution and use in source and binary forms, with or without @@ -38,9 +37,9 @@ These changes are (c) 2004 Keycom PLC. pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload - pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl - pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp - pfSense_MODULE: captiveportal + pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl + pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp + pfSense_MODULE: captiveportal */ /* include all configuration functions */ @@ -74,8 +73,8 @@ function get_default_captive_portal_html() {
- - + +
+
@@ -100,7 +99,7 @@ function get_default_captive_portal_html() {
-
@@ -145,14 +144,14 @@ EOD;
- - + +
+
- - +
+
@@ -171,15 +170,15 @@ EOD;
Password:
 
+
-
-
@@ -290,14 +289,14 @@ function captiveportal_configure() {
- - + +
+
- - +
+
@@ -316,15 +315,15 @@ function captiveportal_configure() {
Password:
 
+
-
-
@@ -376,18 +375,18 @@ EOD;