From 46bc6e545a17e77202aaf01ec0cd8d5a46567525 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 25 Aug 2015 08:08:24 -0300 Subject: Move main pfSense content to src/ --- src/usr/local/www/services_dhcpv6.php | 995 ++++++++++++++++++++++++++++++++++ 1 file changed, 995 insertions(+) create mode 100644 src/usr/local/www/services_dhcpv6.php (limited to 'src/usr/local/www/services_dhcpv6.php') diff --git a/src/usr/local/www/services_dhcpv6.php b/src/usr/local/www/services_dhcpv6.php new file mode 100644 index 0000000..51a6ada --- /dev/null +++ b/src/usr/local/www/services_dhcpv6.php @@ -0,0 +1,995 @@ +. + All rights reserved. + + part of pfSense (https://www.pfsense.org) + Copyright (C) 2010 Seth Mos . + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: /bin/rm + pfSense_MODULE: interfaces +*/ + +##|+PRIV +##|*IDENT=page-services-dhcpv6server +##|*NAME=Services: DHCPv6 server page +##|*DESCR=Allow access to the 'Services: DHCPv6 server' page. +##|*MATCH=services_dhcpv6.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("filter.inc"); + +if (!$g['services_dhcp_server_enable']) { + header("Location: /"); + exit; +} + +/* Fix failover DHCP problem + * http://article.gmane.org/gmane.comp.security.firewalls.pfsense.support/18749 + */ +ini_set("memory_limit", "64M"); + +$if = $_GET['if']; +if ($_POST['if']) { + $if = $_POST['if']; +} + +/* if OLSRD is enabled, allow WAN to house DHCP. */ +if ($config['installedpackages']['olsrd']) { + foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) { + if ($olsrd['enable']) { + $is_olsr_enabled = true; + break; + } + } +} + +$iflist = get_configured_interface_with_descr(); +$iflist = array_merge($iflist, get_configured_pppoe_server_interfaces()); + +/* set the starting interface */ +if (!$if || !isset($iflist[$if])) { + foreach ($iflist as $ifent => $ifname) { + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6'])))) || + (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) { + continue; + } + $if = $ifent; + break; + } +} + +if (is_array($config['dhcpdv6'][$if])) { + /* DHCPv6 */ + if (is_array($config['dhcpdv6'][$if]['range'])) { + $pconfig['range_from'] = $config['dhcpdv6'][$if]['range']['from']; + $pconfig['range_to'] = $config['dhcpdv6'][$if]['range']['to']; + } + if (is_array($config['dhcpdv6'][$if]['prefixrange'])) { + $pconfig['prefixrange_from'] = $config['dhcpdv6'][$if]['prefixrange']['from']; + $pconfig['prefixrange_to'] = $config['dhcpdv6'][$if]['prefixrange']['to']; + $pconfig['prefixrange_length'] = $config['dhcpdv6'][$if]['prefixrange']['prefixlength']; + } + $pconfig['deftime'] = $config['dhcpdv6'][$if]['defaultleasetime']; + $pconfig['maxtime'] = $config['dhcpdv6'][$if]['maxleasetime']; + $pconfig['domain'] = $config['dhcpdv6'][$if]['domain']; + $pconfig['domainsearchlist'] = $config['dhcpdv6'][$if]['domainsearchlist']; + list($pconfig['wins1'], $pconfig['wins2']) = $config['dhcpdv6'][$if]['winsserver']; + list($pconfig['dns1'], $pconfig['dns2'], $pconfig['dns3'], $pconfig['dns4']) = $config['dhcpdv6'][$if]['dnsserver']; + $pconfig['enable'] = isset($config['dhcpdv6'][$if]['enable']); + $pconfig['ddnsdomain'] = $config['dhcpdv6'][$if]['ddnsdomain']; + $pconfig['ddnsdomainprimary'] = $config['dhcpdv6'][$if]['ddnsdomainprimary']; + $pconfig['ddnsdomainkeyname'] = $config['dhcpdv6'][$if]['ddnsdomainkeyname']; + $pconfig['ddnsdomainkey'] = $config['dhcpdv6'][$if]['ddnsdomainkey']; + $pconfig['ddnsupdate'] = isset($config['dhcpdv6'][$if]['ddnsupdate']); + list($pconfig['ntp1'], $pconfig['ntp2']) = $config['dhcpdv6'][$if]['ntpserver']; + $pconfig['tftp'] = $config['dhcpdv6'][$if]['tftp']; + $pconfig['ldap'] = $config['dhcpdv6'][$if]['ldap']; + $pconfig['netboot'] = isset($config['dhcpdv6'][$if]['netboot']); + $pconfig['bootfile_url'] = $config['dhcpdv6'][$if]['bootfile_url']; + $pconfig['netmask'] = $config['dhcpdv6'][$if]['netmask']; + $pconfig['numberoptions'] = $config['dhcpdv6'][$if]['numberoptions']; + $pconfig['dhcpv6leaseinlocaltime'] = $config['dhcpdv6'][$if]['dhcpv6leaseinlocaltime']; + if (!is_array($config['dhcpdv6'][$if]['staticmap'])) { + $config['dhcpdv6'][$if]['staticmap'] = array(); + } + $a_maps = &$config['dhcpdv6'][$if]['staticmap']; +} + +$ifcfgip = get_interface_ipv6($if); +$ifcfgsn = get_interface_subnetv6($if); + +/* set the enabled flag which will tell us if DHCP relay is enabled + * on any interface. We will use this to disable DHCP server since + * the two are not compatible with each other. + */ + +$dhcrelay_enabled = false; +$dhcrelaycfg = $config['dhcrelay6']; + +if (is_array($dhcrelaycfg)) { + foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) { + if (isset($dhcrelayifconf['enable']) && isset($iflist[$dhcrelayif]) && + (!link_interface_to_bridge($dhcrelayif))) { + $dhcrelay_enabled = true; + } + } +} + +if ($_POST) { + + unset($input_errors); + + $old_dhcpdv6_enable = ($pconfig['enable'] == true); + $new_dhcpdv6_enable = ($_POST['enable'] ? true : false); + $dhcpdv6_enable_changed = ($old_dhcpdv6_enable != $new_dhcpdv6_enable); + + $pconfig = $_POST; + + $numberoptions = array(); + for ($x = 0; $x < 99; $x++) { + if (isset($_POST["number{$x}"]) && ctype_digit($_POST["number{$x}"])) { + $numbervalue = array(); + $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); + $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); + $numberoptions['item'][] = $numbervalue; + } + } + // Reload the new pconfig variable that the forum uses. + $pconfig['numberoptions'] = $numberoptions; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "range_from range_to"); + $reqdfieldsn = array(gettext("Range begin"), gettext("Range end")); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (($_POST['prefixrange_from'] && !is_ipaddrv6($_POST['prefixrange_from']))) { + $input_errors[] = gettext("A valid range must be specified."); + } + if (($_POST['prefixrange_to'] && !is_ipaddrv6($_POST['prefixrange_to']))) { + $input_errors[] = gettext("A valid prefix range must be specified."); + } + if (($_POST['range_from'] && !is_ipaddrv6($_POST['range_from']))) { + $input_errors[] = gettext("A valid range must be specified."); + } + if (($_POST['range_to'] && !is_ipaddrv6($_POST['range_to']))) { + $input_errors[] = gettext("A valid range must be specified."); + } + if (($_POST['gateway'] && !is_ipaddrv6($_POST['gateway']))) { + $input_errors[] = gettext("A valid IPv6 address must be specified for the gateway."); + } + if (($_POST['dns1'] && !is_ipaddrv6($_POST['dns1'])) || + ($_POST['dns2'] && !is_ipaddrv6($_POST['dns2'])) || + ($_POST['dns3'] && !is_ipaddrv6($_POST['dns3'])) || + ($_POST['dns4'] && !is_ipaddrv6($_POST['dns4']))) { + $input_errors[] = gettext("A valid IPv6 address must be specified for each of the DNS servers."); + } + + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { + $input_errors[] = gettext("The default lease time must be at least 60 seconds."); + } + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { + $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); + } + if (($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain']))) { + $input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration."); + } + if (($_POST['ddnsdomain'] && !is_ipaddrv4($_POST['ddnsdomainprimary']))) { + $input_errors[] = gettext("A valid primary domain name server IPv4 address must be specified for the dynamic domain name."); + } + if (($_POST['ddnsdomainkey'] && !$_POST['ddnsdomainkeyname']) || + ($_POST['ddnsdomainkeyname'] && !$_POST['ddnsdomainkey'])) { + $input_errors[] = gettext("You must specify both a valid domain key and key name."); + } + if ($_POST['domainsearchlist']) { + $domain_array=preg_split("/[ ;]+/", $_POST['domainsearchlist']); + foreach ($domain_array as $curdomain) { + if (!is_domain($curdomain)) { + $input_errors[] = gettext("A valid domain search list must be specified."); + break; + } + } + } + + if (($_POST['ntp1'] && !is_ipaddrv6($_POST['ntp1'])) || ($_POST['ntp2'] && !is_ipaddrv6($_POST['ntp2']))) { + $input_errors[] = gettext("A valid IPv6 address must be specified for the primary/secondary NTP servers."); + } + if (($_POST['domain'] && !is_domain($_POST['domain']))) { + $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); + } + if ($_POST['tftp'] && !is_ipaddr($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { + $input_errors[] = gettext("A valid IPv6 address or hostname must be specified for the TFTP server."); + } + if (($_POST['bootfile_url'] && !is_URL($_POST['bootfile_url']))) { + $input_errors[] = gettext("A valid URL must be specified for the network bootfile."); + } + + // Disallow a range that includes the virtualip + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($vip['interface'] == $if) { + if ($vip['subnetv6'] && is_inrange_v6($vip['subnetv6'], $_POST['range_from'], $_POST['range_to'])) { + $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IPv6 address %s."), $vip['subnetv6']); + } + } + } + } + + $noip = false; + if (is_array($a_maps)) { + foreach ($a_maps as $map) { + if (empty($map['ipaddrv6'])) { + $noip = true; + } + } + } + if (!$input_errors) { + /* make sure the range lies within the current subnet */ + $subnet_start = gen_subnetv6($ifcfgip, $ifcfgsn); + $subnet_end = gen_subnetv6_max($ifcfgip, $ifcfgsn); + + if (is_ipaddrv6($ifcfgip)) { + if ((!is_inrange_v6($_POST['range_from'], $subnet_start, $subnet_end)) || + (!is_inrange_v6($_POST['range_to'], $subnet_start, $subnet_end))) { + $input_errors[] = gettext("The specified range lies outside of the current subnet."); + } + } + /* "from" cannot be higher than "to" */ + if (inet_pton($_POST['range_from']) > inet_pton($_POST['range_to'])) { + $input_errors[] = gettext("The range is invalid (first element higher than second element)."); + } + + /* make sure that the DHCP Relay isn't enabled on this interface */ + if (isset($config['dhcrelay'][$if]['enable'])) { + $input_errors[] = sprintf(gettext("You must disable the DHCP relay on the %s interface before enabling the DHCP server."), $iflist[$if]); + } + + + /* Verify static mappings do not overlap: + - available DHCP range + - prefix delegation range (FIXME: still need to be completed) */ + $dynsubnet_start = inet_pton($_POST['range_from']); + $dynsubnet_end = inet_pton($_POST['range_to']); + + if (is_array($a_maps)) { + foreach ($a_maps as $map) { + if (empty($map['ipaddrv6'])) { + continue; + } + if ((inet_pton($map['ipaddrv6']) > $dynsubnet_start) && + (inet_pton($map['ipaddrv6']) < $dynsubnet_end)) { + $input_errors[] = sprintf(gettext("The DHCP range cannot overlap any static DHCP mappings.")); + break; + } + } + } + } + } + + if (!$input_errors) { + if (!is_array($config['dhcpdv6'][$if])) { + $config['dhcpdv6'][$if] = array(); + } + if (!is_array($config['dhcpdv6'][$if]['range'])) { + $config['dhcpdv6'][$if]['range'] = array(); + } + if (!is_array($config['dhcpdv6'][$if]['prefixrange'])) { + $config['dhcpdv6'][$if]['prefixrange'] = array(); + } + + $config['dhcpdv6'][$if]['range']['from'] = $_POST['range_from']; + $config['dhcpdv6'][$if]['range']['to'] = $_POST['range_to']; + $config['dhcpdv6'][$if]['prefixrange']['from'] = $_POST['prefixrange_from']; + $config['dhcpdv6'][$if]['prefixrange']['to'] = $_POST['prefixrange_to']; + $config['dhcpdv6'][$if]['prefixrange']['prefixlength'] = $_POST['prefixrange_length']; + $config['dhcpdv6'][$if]['defaultleasetime'] = $_POST['deftime']; + $config['dhcpdv6'][$if]['maxleasetime'] = $_POST['maxtime']; + $config['dhcpdv6'][$if]['netmask'] = $_POST['netmask']; + + unset($config['dhcpdv6'][$if]['winsserver']); + + unset($config['dhcpdv6'][$if]['dnsserver']); + if ($_POST['dns1']) { + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns1']; + } + if ($_POST['dns2']) { + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns2']; + } + if ($_POST['dns3']) { + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns3']; + } + if ($_POST['dns4']) { + $config['dhcpdv6'][$if]['dnsserver'][] = $_POST['dns4']; + } + + $config['dhcpdv6'][$if]['domain'] = $_POST['domain']; + $config['dhcpdv6'][$if]['domainsearchlist'] = $_POST['domainsearchlist']; + $config['dhcpdv6'][$if]['enable'] = ($_POST['enable']) ? true : false; + $config['dhcpdv6'][$if]['ddnsdomain'] = $_POST['ddnsdomain']; + $config['dhcpdv6'][$if]['ddnsdomainprimary'] = $_POST['ddnsdomainprimary']; + $config['dhcpdv6'][$if]['ddnsdomainkeyname'] = $_POST['ddnsdomainkeyname']; + $config['dhcpdv6'][$if]['ddnsdomainkey'] = $_POST['ddnsdomainkey']; + $config['dhcpdv6'][$if]['ddnsupdate'] = ($_POST['ddnsupdate']) ? true : false; + + unset($config['dhcpdv6'][$if]['ntpserver']); + if ($_POST['ntp1']) { + $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp1']; + } + if ($_POST['ntp2']) { + $config['dhcpdv6'][$if]['ntpserver'][] = $_POST['ntp2']; + } + + $config['dhcpdv6'][$if]['tftp'] = $_POST['tftp']; + $config['dhcpdv6'][$if]['ldap'] = $_POST['ldap']; + $config['dhcpdv6'][$if]['netboot'] = ($_POST['netboot']) ? true : false; + $config['dhcpdv6'][$if]['bootfile_url'] = $_POST['bootfile_url']; + $config['dhcpdv6'][$if]['dhcpv6leaseinlocaltime'] = $_POST['dhcpv6leaseinlocaltime']; + + // Handle the custom options rowhelper + if (isset($config['dhcpdv6'][$if]['numberoptions']['item'])) { + unset($config['dhcpdv6'][$if]['numberoptions']['item']); + } + + $config['dhcpdv6'][$if]['numberoptions'] = $numberoptions; + + write_config(); + + $retval = 0; + $retvaldhcp = 0; + $retvaldns = 0; + /* Stop DHCPv6 so we can cleanup leases */ + killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid"); + // dhcp_clean_leases(); + /* dnsmasq_configure calls dhcpd_configure */ + /* no need to restart dhcpd twice */ + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { + $retvaldns = services_dnsmasq_configure(); + if ($retvaldns == 0) { + clear_subsystem_dirty('hosts'); + clear_subsystem_dirty('staticmaps'); + } + } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { + $retvaldns = services_unbound_configure(); + if ($retvaldns == 0) { + clear_subsystem_dirty('unbound'); + clear_subsystem_dirty('staticmaps'); + } + } else { + $retvaldhcp = services_dhcpd_configure(); + if ($retvaldhcp == 0) { + clear_subsystem_dirty('staticmaps'); + } + } + if ($dhcpdv6_enable_changed) { + $retvalfc = filter_configure(); + } + if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { + $retval = 1; + } + $savemsg = get_std_save_message($retval); + } +} + +if ($_GET['act'] == "del") { + if ($a_maps[$_GET['id']]) { + unset($a_maps[$_GET['id']]); + write_config(); + if (isset($config['dhcpdv6'][$if]['enable'])) { + mark_subsystem_dirty('staticmapsv6'); + if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstaticv6'])) { + mark_subsystem_dirty('hosts'); + } + } + header("Location: services_dhcpv6.php?if={$if}"); + exit; + } +} + +$closehead = false; +$pgtitle = array(gettext("Services"), gettext("DHCPv6 server")); +$shortcut_section = "dhcp6"; + +include("head.inc"); + +?> + + + + + + + + + + +
+ + +"; + echo ""; + exit; + } +?> +

+" . gettext("You must apply the changes in order for them to take effect."));?>
+ + + +
+ $ifname) { + $oc = $config['interfaces'][$ifent]; + if ((is_array($config['dhcpdv6'][$ifent]) && !isset($config['dhcpdv6'][$ifent]['enable']) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6'])))) || + (!is_array($config['dhcpdv6'][$ifent]) && !(is_ipaddrv6($oc['ipaddrv6']) && (!is_linklocal($oc['ipaddrv6']))))) { + continue; + } + if ($ifent == $if) { + $active = true; + } else { + $active = false; + } + $tab_array[] = array($ifname, $active, "services_dhcpv6.php?if={$ifent}"); + $tabscounter++; + } + /* tack on PPPoE or PPtP servers here */ + /* pppoe server */ + if (is_array($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] == "server") { + $ifent = "poes". $pppoe['pppoeid']; + $ifname = strtoupper($ifent); + if ($ifent == $if) { + $active = true; + } else { + $active = false; + } + $tab_array[] = array($ifname, $active, "services_dhcpv6.php?if={$ifent}"); + $tabscounter++; + } + } + } + if ($tabscounter == 0) { + echo "" . gettext("The DHCPv6 Server can only be enabled on interfaces configured with a static IPv6 address. This system has none.") . "

"; + echo "

"; + include("fend.inc"); + echo ""; + echo ""; + exit; + } + display_top_tabs($tab_array); +?> + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ onclick="enable_change(false);" /> + +
+ +
+ bits +
+ + - + +
+ +
+ +    +
+ +    +  
:  +
+ +
+
+
+
+
+ +
+
+ +
+
+ +
+ +
+
+ +
+ +
+
+ +
+ + + + + + + + + +
+ /> + + + + +
  + + + + +
+
+
+ " /> - +
+ +
+
+ " /> - +
+ +
+
+ " /> - +
+ +
+
+ " /> - +
+ +
+
+ " /> - +
+ +
  + + " onclick="enable_change(true)" /> +
  +

+ + + +
+ + + \ + , + + +
+
+
+ +

+
+ + + + + + + + + + + + + "" or $mapent['ipaddrv6'] <> ""): +?> + + + + + + + + + + + + +
 
+ + + + + +
+ add +
+
+ + +   + +   + +   + + + + + + +
edit')">delete
+
+ + + + + +
add
+
+
+ + + + + + + + -- cgit v1.1